BITS 32 ;SECTION .data ;templogfile dd 0 ;pTempLogAttrib db 'wt', 0x0 ;pTempLogName db 'ffetemp.log', 0x0 ;pTempLogString db 'D8820: %x', 0xa, 0x0 ;pTempLogString2 db 'NameRand: %x', 0xa, 0x0 ;pTempLogString3 db 'NameRand2: %x', 0xa, 0x0 ;SECTION .text ; TEST ; cmp dword [templogfile], 0 ; jnz .endopen ; push dword pTempLogAttrib ; push dword pTempLogName ; call _fopen ; add esp,byte +0x8 ; mov [templogfile], eax ;.endopen: GLOBAL FUNC_000020 GLOBAL FUNC_000021 GLOBAL FUNC_000022 GLOBAL FUNC_000023 GLOBAL FUNC_000024 GLOBAL FUNC_000025 GLOBAL FUNC_000026 GLOBAL FUNC_000027 GLOBAL FUNC_000028 GLOBAL FUNC_000029 GLOBAL FUNC_000030 GLOBAL FUNC_000031 GLOBAL FUNC_000032 GLOBAL FUNC_000033 GLOBAL FUNC_000034 GLOBAL FUNC_000035 GLOBAL FUNC_000036 GLOBAL FUNC_000037 GLOBAL FUNC_000038 GLOBAL FUNC_000039 GLOBAL FUNC_000040 GLOBAL FUNC_000041 GLOBAL FUNC_000042 GLOBAL FUNC_000043 GLOBAL FUNC_000044 GLOBAL FUNC_000045 GLOBAL FUNC_000046 GLOBAL FUNC_000047 GLOBAL FUNC_000048 GLOBAL FUNC_000049 GLOBAL FUNC_000050 GLOBAL FUNC_000051 GLOBAL FUNC_000052 GLOBAL FUNC_000053 GLOBAL FUNC_000054 GLOBAL FUNC_000055 GLOBAL FUNC_000056 GLOBAL FUNC_000057 GLOBAL FUNC_000058 GLOBAL FUNC_000059 GLOBAL FUNC_000060 GLOBAL FUNC_000061 GLOBAL FUNC_000062 GLOBAL FUNC_000063 GLOBAL FUNC_000064 GLOBAL FUNC_000065 GLOBAL FUNC_000066 GLOBAL FUNC_000067 GLOBAL FUNC_000068 GLOBAL FUNC_000069 GLOBAL FUNC_000070 GLOBAL FUNC_000071 GLOBAL FUNC_000072 GLOBAL FUNC_000073 GLOBAL FUNC_000074 GLOBAL FUNC_000075 GLOBAL FUNC_000076 GLOBAL FUNC_000077_ExpandBracketCodes GLOBAL FUNC_000078 GLOBAL FUNC_000079 GLOBAL FUNC_000080 GLOBAL FUNC_000081 GLOBAL FUNC_000082 GLOBAL FUNC_000083 GLOBAL FUNC_000084 GLOBAL FUNC_000085 GLOBAL FUNC_000086 GLOBAL FUNC_000087 GLOBAL FUNC_000088 GLOBAL FUNC_000089 GLOBAL FUNC_000090 GLOBAL FUNC_000091 GLOBAL FUNC_000092 GLOBAL FUNC_000093 GLOBAL FUNC_000094 GLOBAL FUNC_000095 GLOBAL FUNC_000096 GLOBAL FUNC_000097 GLOBAL FUNC_000098 GLOBAL FUNC_000099 GLOBAL FUNC_000100 GLOBAL FUNC_000101 GLOBAL FUNC_000102 GLOBAL FUNC_000103 GLOBAL FUNC_000104 GLOBAL FUNC_000105 GLOBAL FUNC_000106 GLOBAL FUNC_000107 GLOBAL FUNC_000108 GLOBAL FUNC_000109 GLOBAL FUNC_000110 GLOBAL FUNC_000111 GLOBAL FUNC_000112 GLOBAL FUNC_000113 GLOBAL FUNC_000114 GLOBAL FUNC_000115 GLOBAL FUNC_000116 GLOBAL FUNC_000117 GLOBAL FUNC_000118 GLOBAL FUNC_000119 GLOBAL FUNC_000120 GLOBAL FUNC_000121 GLOBAL FUNC_000122 GLOBAL FUNC_000123 GLOBAL FUNC_000124 GLOBAL FUNC_000125 GLOBAL FUNC_000126 GLOBAL FUNC_000127 GLOBAL FUNC_000128 GLOBAL FUNC_000129 GLOBAL FUNC_000130 GLOBAL FUNC_000131 GLOBAL FUNC_000132 GLOBAL FUNC_000133 GLOBAL FUNC_000134 GLOBAL FUNC_000135 GLOBAL FUNC_000136 GLOBAL FUNC_000137 GLOBAL FUNC_000138 GLOBAL FUNC_000139 GLOBAL FUNC_000140 GLOBAL FUNC_000141 GLOBAL FUNC_000142 GLOBAL FUNC_000143 GLOBAL FUNC_000144 GLOBAL FUNC_000145 GLOBAL FUNC_000146 GLOBAL FUNC_000147 GLOBAL FUNC_000148 GLOBAL FUNC_000149 GLOBAL FUNC_000150 GLOBAL FUNC_000151 GLOBAL FUNC_000152 GLOBAL FUNC_000153 GLOBAL FUNC_000154 GLOBAL FUNC_000165_CdrFileStrChrNon GLOBAL FUNC_000166_CdrFileExpandZeros GLOBAL FUNC_000167_CdrFileCompressZeros GLOBAL FUNC_000168_CdrFileScramble GLOBAL FUNC_000169_CdrFileUnscramble GLOBAL FUNC_000170_CdrFileMangleData GLOBAL FUNC_000171_CdrFileUnmangleData GLOBAL FUNC_000172_CdrFileConfirmYN GLOBAL FUNC_000173_CdrFileDeleteInternal GLOBAL FUNC_000174_CdrFileSaveInternal GLOBAL FUNC_000175_CdrFileSaveInternal2 GLOBAL FUNC_000176_CdrFileLoadInternal GLOBAL FUNC_000177_CdrFileLoadInternal2 GLOBAL FUNC_000178_CdrFileSetLastLoaded GLOBAL FUNC_000179_SysMenuWriteDialogString GLOBAL FUNC_000180_CdrFileDispErrorNotCmmdr GLOBAL FUNC_000181_CdrFileDispErrorInternal GLOBAL FUNC_000182_CdrFileDispErrorCode GLOBAL FUNC_000183_CdrFileDispErrorDirect GLOBAL FUNC_000184_CdrFileIncFileExtension GLOBAL FUNC_000185_SysMenuLoadCdrFile GLOBAL FUNC_000186_SysMenuUpdateSaveName GLOBAL FUNC_000187_SysMenuDeleteFile GLOBAL FUNC_000190_SysMenuChangeDir GLOBAL FUNC_000191_SysMenuDrawFileDialog GLOBAL FUNC_000192_SysMenuSelectLoadDialog GLOBAL FUNC_000193_SysMenuDrawLoadDialog GLOBAL FUNC_000194_SysMenuSelectSaveDialog GLOBAL FUNC_000195_SysMenuDrawSaveDialog GLOBAL FUNC_000196_SysMenuSelectDeleteDialog GLOBAL FUNC_000197_SysMenuDrawDeleteDialog GLOBAL FUNC_000198_SysMenuDrawFiles GLOBAL FUNC_000199_SysMenuAddFile GLOBAL FUNC_000201_SysMenuReadDirectoryInternal GLOBAL FUNC_000203_SysMenuReadDirectory GLOBAL FUNC_000204_SysMenuProcessFileDialogAction GLOBAL FUNC_000205_SysMenuProcessFileSelect GLOBAL FUNC_000206_SysMenuProcessIfOn GLOBAL FUNC_000207_SysMenuUpdateAccel GLOBAL FUNC_000208_SysMenuProcessAccel GLOBAL FUNC_000209_SysMenuProcessBackground_Event3 GLOBAL FUNC_000210_SysMenuSaveCdrFile GLOBAL FUNC_000211_SysMenuUpdateCmmdrName GLOBAL FUNC_000212_SysMenuFileNameEntry GLOBAL FUNC_000213_SysMenuCmmdrNameEntry GLOBAL FUNC_000214_SysMenuZeroUnusedObjects GLOBAL FUNC_000215_SysMenuDisableSong GLOBAL FUNC_000216_SysMenuProcessAction_Event4 GLOBAL FUNC_000217_SysMenuPlayTime GLOBAL FUNC_000218_SysMenuReset_Event0 GLOBAL FUNC_000219_SysMenuInit GLOBAL FUNC_000220_SysMenuStopTime GLOBAL FUNC_000221_SysMenuLoadLastHotkey GLOBAL FUNC_000222_SysMenuLoadDialogHotkey GLOBAL FUNC_000223_SysMenuSignalModule3Esc GLOBAL FUNC_000224_SysMenuProcessEsc_Event1 GLOBAL FUNC_000225_SysMenuDisplayNonFile GLOBAL FUNC_000226_SysMenuExpandString GLOBAL FUNC_000227_SysMenuSwitchOff_Event8 GLOBAL FUNC_000228_SysMenuUpdateGfxDetail GLOBAL FUNC_000229_SysMenuSwitchOn GLOBAL FUNC_000230_SysMenuNewGame GLOBAL FUNC_000232_SysMenuUpdateSong_Event10 GLOBAL FUNC_000233 GLOBAL FUNC_000234 GLOBAL FUNC_000235 GLOBAL FUNC_000236 GLOBAL FUNC_000237 GLOBAL FUNC_000238 GLOBAL FUNC_000239 GLOBAL FUNC_000240 GLOBAL FUNC_000241 GLOBAL FUNC_000242 GLOBAL FUNC_000243 GLOBAL FUNC_000244 GLOBAL FUNC_000245 GLOBAL FUNC_000246 GLOBAL FUNC_000247 GLOBAL FUNC_000248 GLOBAL FUNC_000249 GLOBAL FUNC_000250 GLOBAL FUNC_000251 GLOBAL FUNC_000252 GLOBAL FUNC_000253 GLOBAL FUNC_000254 GLOBAL FUNC_000255 GLOBAL FUNC_000256 GLOBAL FUNC_000257 GLOBAL FUNC_000258 GLOBAL FUNC_000259 GLOBAL FUNC_000260 GLOBAL FUNC_000261_ConsoleDrawButtons GLOBAL FUNC_000262_ConsoleSetButtonImage GLOBAL FUNC_000263_ConsoleShowButton GLOBAL FUNC_000264_ConsoleHideButton GLOBAL FUNC_000265 GLOBAL FUNC_000266 GLOBAL FUNC_000267 GLOBAL FUNC_000268 GLOBAL FUNC_000269 GLOBAL FUNC_000270 GLOBAL FUNC_000271 GLOBAL FUNC_000272 GLOBAL FUNC_000273 GLOBAL FUNC_000274 GLOBAL FUNC_000275 GLOBAL FUNC_000276 GLOBAL FUNC_000277 GLOBAL FUNC_000278 GLOBAL FUNC_000279 GLOBAL FUNC_000280 GLOBAL FUNC_000281 GLOBAL FUNC_000282 GLOBAL FUNC_000283 GLOBAL FUNC_000284 GLOBAL FUNC_000285 GLOBAL FUNC_000286 GLOBAL FUNC_000287 GLOBAL FUNC_000288 GLOBAL FUNC_000289 GLOBAL FUNC_000290 GLOBAL FUNC_000291 GLOBAL FUNC_000292 GLOBAL FUNC_000293 GLOBAL FUNC_000294 GLOBAL FUNC_000295 GLOBAL FUNC_000296 GLOBAL FUNC_000297 GLOBAL FUNC_000298 GLOBAL FUNC_000299 GLOBAL FUNC_000300 GLOBAL FUNC_000301 GLOBAL FUNC_000302 GLOBAL FUNC_000303 GLOBAL FUNC_000304 GLOBAL FUNC_000305 GLOBAL FUNC_000306 GLOBAL FUNC_000307 GLOBAL FUNC_000308 GLOBAL FUNC_000309 GLOBAL FUNC_000310 GLOBAL FUNC_000311 GLOBAL FUNC_000312 GLOBAL FUNC_000313 GLOBAL FUNC_000314 GLOBAL FUNC_000315 GLOBAL FUNC_000316 GLOBAL FUNC_000317 GLOBAL FUNC_000318 GLOBAL FUNC_000319 GLOBAL FUNC_000320 GLOBAL FUNC_000321 GLOBAL FUNC_000322 GLOBAL FUNC_000323 GLOBAL FUNC_000324 GLOBAL FUNC_000325 GLOBAL FUNC_000326 GLOBAL FUNC_000327 GLOBAL FUNC_000328 GLOBAL FUNC_000329 GLOBAL FUNC_000330 GLOBAL FUNC_000331 GLOBAL FUNC_000332 GLOBAL FUNC_000333 GLOBAL FUNC_000334 GLOBAL FUNC_000335 GLOBAL FUNC_000336 GLOBAL FUNC_000337 GLOBAL FUNC_000338 GLOBAL FUNC_000339 GLOBAL FUNC_000340 GLOBAL FUNC_000341 GLOBAL FUNC_000342 GLOBAL FUNC_000343 GLOBAL FUNC_000344 GLOBAL FUNC_000345 GLOBAL FUNC_000346 GLOBAL FUNC_000347 GLOBAL FUNC_000348 GLOBAL FUNC_000349 GLOBAL FUNC_000350 GLOBAL FUNC_000351 GLOBAL FUNC_000352 GLOBAL FUNC_000353 GLOBAL FUNC_000354 GLOBAL FUNC_000355 GLOBAL FUNC_000356 GLOBAL FUNC_000357 GLOBAL FUNC_000358 GLOBAL FUNC_000359 GLOBAL FUNC_000360 GLOBAL FUNC_000361 GLOBAL FUNC_000362 GLOBAL FUNC_000363 GLOBAL FUNC_000364 GLOBAL FUNC_000365 GLOBAL FUNC_000366 GLOBAL FUNC_000367 GLOBAL FUNC_000368 GLOBAL FUNC_000369 GLOBAL FUNC_000370 GLOBAL FUNC_000371 GLOBAL FUNC_000372 GLOBAL FUNC_000373 GLOBAL FUNC_000374 GLOBAL FUNC_000375 GLOBAL FUNC_000376 GLOBAL FUNC_000377 GLOBAL FUNC_000378 GLOBAL FUNC_000379 GLOBAL FUNC_000380 GLOBAL FUNC_000381 GLOBAL FUNC_000382 GLOBAL FUNC_000383 GLOBAL FUNC_000384 GLOBAL FUNC_000385 GLOBAL FUNC_000386 GLOBAL FUNC_000387 GLOBAL FUNC_000388 GLOBAL FUNC_000389 GLOBAL FUNC_000390 GLOBAL FUNC_000391 GLOBAL FUNC_000392 GLOBAL FUNC_000393 GLOBAL FUNC_000394 GLOBAL FUNC_000395 GLOBAL FUNC_000396 GLOBAL FUNC_000397 GLOBAL FUNC_000398 GLOBAL FUNC_000399 GLOBAL FUNC_000400 GLOBAL FUNC_000401 GLOBAL FUNC_000402 GLOBAL FUNC_000403 GLOBAL FUNC_000404 GLOBAL FUNC_000405 GLOBAL FUNC_000406 GLOBAL FUNC_000407 GLOBAL FUNC_000408 GLOBAL FUNC_000409 GLOBAL FUNC_000410 GLOBAL FUNC_000411 GLOBAL FUNC_000412 GLOBAL FUNC_000413 GLOBAL FUNC_000414 GLOBAL FUNC_000415 GLOBAL FUNC_000416 GLOBAL FUNC_000417 GLOBAL FUNC_000418 GLOBAL FUNC_000419 GLOBAL FUNC_000420 GLOBAL FUNC_000421 GLOBAL FUNC_000422 GLOBAL FUNC_000423 GLOBAL FUNC_000424 GLOBAL FUNC_000425 GLOBAL FUNC_000426 GLOBAL FUNC_000427 GLOBAL FUNC_000428 GLOBAL FUNC_000429 GLOBAL FUNC_000430 GLOBAL FUNC_000431 GLOBAL FUNC_000432 GLOBAL FUNC_000433 GLOBAL FUNC_000434 GLOBAL FUNC_000435 GLOBAL FUNC_000436 GLOBAL FUNC_000437 GLOBAL FUNC_000438 GLOBAL FUNC_000439 GLOBAL FUNC_000440 GLOBAL FUNC_000441 GLOBAL FUNC_000442 GLOBAL FUNC_000443 GLOBAL FUNC_000444 GLOBAL FUNC_000445 GLOBAL FUNC_000446 GLOBAL FUNC_000447 GLOBAL FUNC_000448 GLOBAL FUNC_000449 GLOBAL FUNC_000450 GLOBAL FUNC_000451 GLOBAL FUNC_000452 GLOBAL FUNC_000453 GLOBAL FUNC_000454 GLOBAL FUNC_000455 GLOBAL FUNC_000456 GLOBAL FUNC_000457 GLOBAL FUNC_000458 GLOBAL FUNC_000459 GLOBAL FUNC_000460 GLOBAL FUNC_000461 GLOBAL FUNC_000462 GLOBAL FUNC_000463 GLOBAL FUNC_000464 GLOBAL FUNC_000465 GLOBAL FUNC_000466 GLOBAL FUNC_000467 GLOBAL FUNC_000468 GLOBAL FUNC_000469 GLOBAL FUNC_000470 GLOBAL FUNC_000471 GLOBAL FUNC_000472 GLOBAL FUNC_000473 GLOBAL FUNC_000474 GLOBAL FUNC_000475 GLOBAL FUNC_000476 GLOBAL FUNC_000477 GLOBAL FUNC_000478 GLOBAL FUNC_000479 GLOBAL FUNC_000480 GLOBAL FUNC_000481 GLOBAL FUNC_000482 GLOBAL FUNC_000483 GLOBAL FUNC_000484 GLOBAL FUNC_000485 GLOBAL FUNC_000486 GLOBAL FUNC_000487 GLOBAL FUNC_000488 GLOBAL FUNC_000489 GLOBAL FUNC_000490 GLOBAL FUNC_000491 GLOBAL FUNC_000492 GLOBAL FUNC_000493 GLOBAL FUNC_000494 GLOBAL FUNC_000495 GLOBAL FUNC_000496 GLOBAL FUNC_000497 GLOBAL FUNC_000498 GLOBAL FUNC_000499 GLOBAL FUNC_000500 GLOBAL FUNC_000501 GLOBAL FUNC_000502 GLOBAL FUNC_000503 GLOBAL FUNC_000504 GLOBAL FUNC_000505 GLOBAL FUNC_000506 GLOBAL FUNC_000507 GLOBAL FUNC_000508 GLOBAL FUNC_000509 GLOBAL FUNC_000510 GLOBAL FUNC_000511 GLOBAL FUNC_000512 GLOBAL FUNC_000513 GLOBAL FUNC_000514 GLOBAL FUNC_000515 GLOBAL FUNC_000516 GLOBAL FUNC_000517 GLOBAL FUNC_000518 GLOBAL FUNC_000519 GLOBAL FUNC_000520 GLOBAL FUNC_000521 GLOBAL FUNC_000522 GLOBAL FUNC_000523 GLOBAL FUNC_000524 GLOBAL FUNC_000525 GLOBAL FUNC_000526 GLOBAL FUNC_000527 GLOBAL FUNC_000528 GLOBAL FUNC_000529 GLOBAL FUNC_000530 GLOBAL FUNC_000531 GLOBAL FUNC_000532 GLOBAL FUNC_000533 GLOBAL FUNC_000534 GLOBAL FUNC_000535 GLOBAL FUNC_000536 GLOBAL FUNC_000537 GLOBAL FUNC_000538 GLOBAL FUNC_000539 GLOBAL FUNC_000540 GLOBAL FUNC_000541 GLOBAL FUNC_000542 GLOBAL FUNC_000543 GLOBAL FUNC_000544 GLOBAL FUNC_000545 GLOBAL FUNC_000546 GLOBAL FUNC_000547 GLOBAL FUNC_000548 GLOBAL FUNC_000549 GLOBAL FUNC_000550 GLOBAL FUNC_000551 GLOBAL FUNC_000552 GLOBAL FUNC_000553 GLOBAL FUNC_000554 GLOBAL FUNC_000555 GLOBAL FUNC_000556 GLOBAL FUNC_000557 GLOBAL FUNC_000558 GLOBAL FUNC_000559 GLOBAL FUNC_000560 GLOBAL FUNC_000561 GLOBAL FUNC_000562 GLOBAL FUNC_000563 GLOBAL FUNC_000564 GLOBAL FUNC_000565 GLOBAL FUNC_000566 GLOBAL FUNC_000567 GLOBAL FUNC_000568 GLOBAL FUNC_000569 GLOBAL FUNC_000570 GLOBAL FUNC_000571 GLOBAL FUNC_000572 GLOBAL FUNC_000573 GLOBAL FUNC_000574 GLOBAL FUNC_000575 GLOBAL FUNC_000576 GLOBAL FUNC_000577 GLOBAL FUNC_000578 GLOBAL FUNC_000579 GLOBAL FUNC_000580 GLOBAL FUNC_000581 GLOBAL FUNC_000582 GLOBAL FUNC_000583 GLOBAL FUNC_000584 GLOBAL FUNC_000585 GLOBAL FUNC_000586 GLOBAL FUNC_000587 GLOBAL FUNC_000588 GLOBAL FUNC_000589 GLOBAL FUNC_000590 GLOBAL FUNC_000591 GLOBAL FUNC_000592 GLOBAL FUNC_000593 GLOBAL FUNC_000594 GLOBAL FUNC_000595 GLOBAL FUNC_000596 GLOBAL FUNC_000597 GLOBAL FUNC_000598 GLOBAL FUNC_000599 GLOBAL FUNC_000600 GLOBAL FUNC_000601 GLOBAL FUNC_000602 GLOBAL FUNC_000603 GLOBAL FUNC_000604 GLOBAL FUNC_000605 GLOBAL FUNC_000606 GLOBAL FUNC_000607 GLOBAL FUNC_000608 GLOBAL FUNC_000609 GLOBAL FUNC_000610 GLOBAL FUNC_000611 GLOBAL FUNC_000612 GLOBAL FUNC_000613 GLOBAL FUNC_000614 GLOBAL FUNC_000615 GLOBAL FUNC_000616 GLOBAL FUNC_000617 GLOBAL FUNC_000618 GLOBAL FUNC_000619 GLOBAL FUNC_000620 GLOBAL FUNC_000621 GLOBAL FUNC_000622 GLOBAL FUNC_000623 GLOBAL FUNC_000624 GLOBAL FUNC_000625 GLOBAL FUNC_000626 GLOBAL FUNC_000627 GLOBAL FUNC_000628 GLOBAL FUNC_000629 GLOBAL FUNC_000630 GLOBAL FUNC_000631 GLOBAL FUNC_000632 GLOBAL FUNC_000633 GLOBAL FUNC_000634 GLOBAL FUNC_000635 GLOBAL FUNC_000636 GLOBAL FUNC_000637 GLOBAL FUNC_000638 GLOBAL FUNC_000639 GLOBAL FUNC_000640 GLOBAL FUNC_000641 GLOBAL FUNC_000642 GLOBAL FUNC_000643 GLOBAL FUNC_000644 GLOBAL FUNC_000645 GLOBAL FUNC_000646 GLOBAL FUNC_000647 GLOBAL FUNC_000648 GLOBAL FUNC_000649 GLOBAL FUNC_000650 GLOBAL FUNC_000651 GLOBAL FUNC_000652 GLOBAL FUNC_000653 GLOBAL FUNC_000654 GLOBAL FUNC_000655 GLOBAL FUNC_000656 GLOBAL FUNC_000657 GLOBAL FUNC_000658 GLOBAL FUNC_000659 GLOBAL FUNC_000660 GLOBAL FUNC_000661 GLOBAL FUNC_000662 GLOBAL FUNC_000663 GLOBAL FUNC_000664 GLOBAL FUNC_000665 GLOBAL FUNC_000666 GLOBAL FUNC_000667 GLOBAL FUNC_000668 GLOBAL FUNC_000669 GLOBAL FUNC_000670 GLOBAL FUNC_000671 GLOBAL FUNC_000672 GLOBAL FUNC_000673 GLOBAL FUNC_000674 GLOBAL FUNC_000675 GLOBAL FUNC_000676 GLOBAL FUNC_000677 GLOBAL FUNC_000678 GLOBAL FUNC_000679 GLOBAL FUNC_000680 GLOBAL FUNC_000681 GLOBAL FUNC_000682 GLOBAL FUNC_000683 GLOBAL FUNC_000684 GLOBAL FUNC_000685 GLOBAL FUNC_000686 GLOBAL FUNC_000687 GLOBAL FUNC_000688 GLOBAL FUNC_000689 GLOBAL FUNC_000690 GLOBAL FUNC_000691 GLOBAL FUNC_000692 GLOBAL FUNC_000693 GLOBAL FUNC_000694 GLOBAL FUNC_000695 GLOBAL FUNC_000696 GLOBAL FUNC_000697 GLOBAL FUNC_000698 GLOBAL FUNC_000699 GLOBAL FUNC_000700 GLOBAL FUNC_000701 GLOBAL FUNC_000702 GLOBAL FUNC_000703 GLOBAL FUNC_000704 GLOBAL FUNC_000705 GLOBAL FUNC_000706 GLOBAL FUNC_000707 GLOBAL FUNC_000708 GLOBAL FUNC_000709 GLOBAL FUNC_000710 GLOBAL FUNC_000711 GLOBAL FUNC_000712 GLOBAL FUNC_000713 GLOBAL FUNC_000714 GLOBAL FUNC_000715 GLOBAL FUNC_000716 GLOBAL FUNC_000717 GLOBAL FUNC_000718 GLOBAL FUNC_000719 GLOBAL FUNC_000720 GLOBAL FUNC_000721 GLOBAL FUNC_000722 GLOBAL FUNC_000723 GLOBAL FUNC_000724 GLOBAL FUNC_000725 GLOBAL FUNC_000726 GLOBAL FUNC_000727 GLOBAL FUNC_000728 GLOBAL FUNC_000729 GLOBAL FUNC_000730 GLOBAL FUNC_000731 GLOBAL FUNC_000732 GLOBAL FUNC_000733 GLOBAL FUNC_000734 GLOBAL FUNC_000735 GLOBAL FUNC_000736 GLOBAL FUNC_000737 GLOBAL FUNC_000738 GLOBAL FUNC_000739 GLOBAL FUNC_000740 GLOBAL FUNC_000741 GLOBAL FUNC_000742 GLOBAL FUNC_000743 GLOBAL FUNC_000744 GLOBAL FUNC_000745 GLOBAL FUNC_000746 GLOBAL FUNC_000747 GLOBAL FUNC_000748 GLOBAL FUNC_000749 GLOBAL FUNC_000750 GLOBAL FUNC_000751 GLOBAL FUNC_000752 GLOBAL FUNC_000753 GLOBAL FUNC_000754 GLOBAL FUNC_000755 GLOBAL FUNC_000756 GLOBAL FUNC_000757 GLOBAL FUNC_000758 GLOBAL FUNC_000759 GLOBAL FUNC_000760 GLOBAL FUNC_000761 GLOBAL FUNC_000762 GLOBAL FUNC_000763 GLOBAL FUNC_000764 GLOBAL FUNC_000765 GLOBAL FUNC_000766 GLOBAL FUNC_000767 GLOBAL FUNC_000768 GLOBAL FUNC_000769 GLOBAL FUNC_000770 GLOBAL FUNC_000771 GLOBAL FUNC_000772 GLOBAL FUNC_000773 GLOBAL FUNC_000774 GLOBAL FUNC_000775 GLOBAL FUNC_000776 GLOBAL FUNC_000777 GLOBAL FUNC_000778 GLOBAL FUNC_000779 GLOBAL FUNC_000780 GLOBAL FUNC_000781 GLOBAL FUNC_000782 GLOBAL FUNC_000783 GLOBAL FUNC_000784 GLOBAL FUNC_000785 GLOBAL FUNC_000786 GLOBAL FUNC_000787 GLOBAL FUNC_000788 GLOBAL FUNC_000789 GLOBAL FUNC_000790 GLOBAL FUNC_000791 GLOBAL FUNC_000792 GLOBAL FUNC_000793 GLOBAL FUNC_000794 GLOBAL FUNC_000795 GLOBAL FUNC_000796 GLOBAL FUNC_000797 GLOBAL FUNC_000798 GLOBAL FUNC_000799 GLOBAL FUNC_000800 GLOBAL FUNC_000801 GLOBAL FUNC_000802 GLOBAL FUNC_000803 GLOBAL FUNC_000804 GLOBAL FUNC_000805 GLOBAL FUNC_000806 GLOBAL FUNC_000807 GLOBAL FUNC_000808 GLOBAL FUNC_000809 GLOBAL FUNC_000810 GLOBAL FUNC_000811 GLOBAL FUNC_000812 GLOBAL FUNC_000813 GLOBAL FUNC_000814 GLOBAL FUNC_000815 GLOBAL FUNC_000816 GLOBAL FUNC_000817 GLOBAL FUNC_000818 GLOBAL FUNC_000819 GLOBAL FUNC_000820 GLOBAL FUNC_000821 GLOBAL FUNC_000822 GLOBAL FUNC_000823 GLOBAL FUNC_000824 GLOBAL FUNC_000825 GLOBAL FUNC_000826 GLOBAL FUNC_000827 GLOBAL FUNC_000828 GLOBAL FUNC_000829 GLOBAL FUNC_000830 GLOBAL FUNC_000831 GLOBAL FUNC_000832 GLOBAL FUNC_000833 GLOBAL FUNC_000834 GLOBAL FUNC_000835 GLOBAL FUNC_000836 GLOBAL FUNC_000837 GLOBAL FUNC_000838 GLOBAL FUNC_000839 GLOBAL FUNC_000840 GLOBAL FUNC_000841 GLOBAL FUNC_000842 GLOBAL FUNC_000843 GLOBAL FUNC_000844 GLOBAL FUNC_000845 GLOBAL FUNC_000846 GLOBAL FUNC_000847 GLOBAL FUNC_000848 GLOBAL FUNC_000849 GLOBAL FUNC_000850 GLOBAL FUNC_000851 GLOBAL FUNC_000852 GLOBAL FUNC_000853 GLOBAL FUNC_000854 GLOBAL FUNC_000855 GLOBAL FUNC_000856 GLOBAL FUNC_000857 GLOBAL FUNC_000858 GLOBAL FUNC_000859 GLOBAL FUNC_000860 GLOBAL FUNC_000861 GLOBAL FUNC_000862 GLOBAL FUNC_000863 GLOBAL FUNC_000864 GLOBAL FUNC_000865 GLOBAL FUNC_000866 GLOBAL FUNC_000867 GLOBAL FUNC_000868 GLOBAL FUNC_000869 GLOBAL FUNC_000870 GLOBAL FUNC_000871 GLOBAL FUNC_000872 GLOBAL FUNC_000873 GLOBAL FUNC_000874 GLOBAL FUNC_000875 GLOBAL FUNC_000876 GLOBAL FUNC_000877 GLOBAL FUNC_000878 GLOBAL FUNC_000879 GLOBAL FUNC_000880 GLOBAL FUNC_000881 GLOBAL FUNC_000882 GLOBAL FUNC_000883 GLOBAL FUNC_000884 GLOBAL FUNC_000885 GLOBAL FUNC_000886 GLOBAL FUNC_000887 GLOBAL FUNC_000888 GLOBAL FUNC_000889 GLOBAL FUNC_000890 GLOBAL FUNC_000891 GLOBAL FUNC_000892 GLOBAL FUNC_000893 GLOBAL FUNC_000894 GLOBAL FUNC_000895 GLOBAL FUNC_000896 GLOBAL FUNC_000897 GLOBAL FUNC_000898 GLOBAL FUNC_000899 GLOBAL FUNC_000900 GLOBAL FUNC_000901 GLOBAL FUNC_000902 GLOBAL FUNC_000903 GLOBAL FUNC_000904 GLOBAL FUNC_000905 GLOBAL FUNC_000906 GLOBAL FUNC_000907 GLOBAL FUNC_000908 GLOBAL FUNC_000909 GLOBAL FUNC_000910 GLOBAL FUNC_000911 GLOBAL FUNC_000912 GLOBAL FUNC_000913 GLOBAL FUNC_000914 GLOBAL FUNC_000915 GLOBAL FUNC_000916 GLOBAL FUNC_000917 GLOBAL FUNC_000918 GLOBAL FUNC_000919 GLOBAL FUNC_000921 GLOBAL FUNC_000922 GLOBAL FUNC_000923 GLOBAL FUNC_000924 GLOBAL FUNC_000925 GLOBAL FUNC_000926 GLOBAL FUNC_000927 GLOBAL FUNC_000928 GLOBAL FUNC_000929 GLOBAL FUNC_000930 GLOBAL FUNC_000931 GLOBAL FUNC_000932 GLOBAL FUNC_000933 GLOBAL FUNC_000934 GLOBAL FUNC_000935 GLOBAL FUNC_000936 GLOBAL FUNC_000937 GLOBAL FUNC_000938 GLOBAL FUNC_000939 GLOBAL FUNC_000940 GLOBAL FUNC_000941 GLOBAL FUNC_000942 GLOBAL FUNC_000943 GLOBAL FUNC_000944 GLOBAL FUNC_000945 GLOBAL FUNC_000946 GLOBAL FUNC_000947 GLOBAL FUNC_000948 GLOBAL FUNC_000949 GLOBAL FUNC_000950 GLOBAL FUNC_000951 GLOBAL FUNC_000952 GLOBAL FUNC_000953 GLOBAL FUNC_000954 GLOBAL FUNC_000955 GLOBAL FUNC_000956 GLOBAL FUNC_000957 GLOBAL FUNC_000958 GLOBAL FUNC_000959 GLOBAL FUNC_000960 GLOBAL FUNC_000961 GLOBAL FUNC_000962 GLOBAL FUNC_000963 GLOBAL FUNC_000964 GLOBAL FUNC_000965 GLOBAL FUNC_000966 GLOBAL FUNC_000967 GLOBAL FUNC_000968 GLOBAL FUNC_000969 GLOBAL FUNC_000970 GLOBAL FUNC_000971 GLOBAL FUNC_000972 GLOBAL FUNC_000973 GLOBAL FUNC_000974 GLOBAL FUNC_000975 GLOBAL FUNC_000976 GLOBAL FUNC_000977 GLOBAL FUNC_000978 GLOBAL FUNC_000979 GLOBAL FUNC_000980 GLOBAL FUNC_000981 GLOBAL FUNC_000982 GLOBAL FUNC_000983 GLOBAL FUNC_000984 GLOBAL FUNC_000985 GLOBAL FUNC_000986 GLOBAL FUNC_000987_nothing GLOBAL FUNC_000988 GLOBAL FUNC_000989 GLOBAL FUNC_000990 GLOBAL FUNC_000991 GLOBAL FUNC_000992 GLOBAL FUNC_000993 GLOBAL FUNC_000994 GLOBAL FUNC_000995 GLOBAL FUNC_000996 GLOBAL FUNC_000997 GLOBAL FUNC_000998 GLOBAL FUNC_000999 GLOBAL FUNC_001000 GLOBAL FUNC_001001 GLOBAL FUNC_001002 GLOBAL FUNC_001003 GLOBAL FUNC_001004 GLOBAL FUNC_001005 GLOBAL FUNC_001006 GLOBAL FUNC_001007 GLOBAL FUNC_001008 GLOBAL FUNC_001009 GLOBAL FUNC_001010 GLOBAL FUNC_001011 GLOBAL FUNC_001012 GLOBAL FUNC_001013 GLOBAL FUNC_001014 GLOBAL FUNC_001015 GLOBAL FUNC_001016 GLOBAL FUNC_001017 GLOBAL FUNC_001018 GLOBAL FUNC_001019 GLOBAL FUNC_001020 GLOBAL FUNC_001021 GLOBAL FUNC_001022 GLOBAL FUNC_001023 GLOBAL FUNC_001024 GLOBAL FUNC_001025 GLOBAL FUNC_001026 GLOBAL FUNC_001027 GLOBAL FUNC_001028 GLOBAL FUNC_001029 GLOBAL FUNC_001030 GLOBAL FUNC_001031 GLOBAL FUNC_001032 GLOBAL FUNC_001033 GLOBAL FUNC_001034 GLOBAL FUNC_001035 GLOBAL FUNC_001036 GLOBAL FUNC_001037 GLOBAL FUNC_001038 GLOBAL FUNC_001039 GLOBAL FUNC_001040 GLOBAL FUNC_001041 GLOBAL FUNC_001042 GLOBAL FUNC_001043 GLOBAL FUNC_001044 GLOBAL FUNC_001045 GLOBAL FUNC_001046 GLOBAL FUNC_001047 GLOBAL FUNC_001048 GLOBAL FUNC_001049 GLOBAL FUNC_001050 GLOBAL FUNC_001051 GLOBAL FUNC_001052 GLOBAL FUNC_001053 GLOBAL FUNC_001054 GLOBAL FUNC_001055 GLOBAL FUNC_001056 GLOBAL FUNC_001057 GLOBAL FUNC_001058 GLOBAL FUNC_001059 GLOBAL FUNC_001060 GLOBAL FUNC_001061 GLOBAL FUNC_001062 GLOBAL FUNC_001063 GLOBAL FUNC_001064 GLOBAL FUNC_001065 GLOBAL FUNC_001066 GLOBAL FUNC_001067 GLOBAL FUNC_001068 GLOBAL FUNC_001069 GLOBAL FUNC_001070 GLOBAL FUNC_001071 GLOBAL FUNC_001072 GLOBAL FUNC_001073 GLOBAL FUNC_001074 GLOBAL FUNC_001075 GLOBAL FUNC_001076 GLOBAL FUNC_001077 GLOBAL FUNC_001078 GLOBAL FUNC_001079 GLOBAL FUNC_001080 GLOBAL FUNC_001081 GLOBAL FUNC_001082 GLOBAL FUNC_001083 GLOBAL FUNC_001084 GLOBAL FUNC_001085 GLOBAL FUNC_001086 GLOBAL FUNC_001087 GLOBAL FUNC_001088 GLOBAL FUNC_001089 GLOBAL FUNC_001090 GLOBAL FUNC_001091 GLOBAL FUNC_001092 GLOBAL FUNC_001093 GLOBAL FUNC_001094 GLOBAL FUNC_001095 GLOBAL FUNC_001096 GLOBAL FUNC_001097 GLOBAL FUNC_001098 GLOBAL FUNC_001099 GLOBAL FUNC_001100 GLOBAL FUNC_001101 GLOBAL FUNC_001102 GLOBAL FUNC_001103 GLOBAL FUNC_001104 GLOBAL FUNC_001105 GLOBAL FUNC_001106 GLOBAL FUNC_001107 GLOBAL FUNC_001108 GLOBAL FUNC_001109 GLOBAL FUNC_001110 GLOBAL FUNC_001111 GLOBAL FUNC_001112 GLOBAL FUNC_001113 GLOBAL FUNC_001114 GLOBAL FUNC_001115 GLOBAL FUNC_001116 GLOBAL FUNC_001117 GLOBAL FUNC_001118 GLOBAL FUNC_001119 GLOBAL FUNC_001120 GLOBAL FUNC_001121 GLOBAL FUNC_001122 GLOBAL FUNC_001123 GLOBAL FUNC_001124 GLOBAL FUNC_001125 GLOBAL FUNC_001326_DPal32to16 GLOBAL FUNC_001327_DPal16toPal GLOBAL FUNC_001328_DPalClear GLOBAL FUNC_001329 GLOBAL FUNC_001330_DPalBuild GLOBAL FUNC_001331_DPalSet GLOBAL FUNC_001332_Int64Abs GLOBAL FUNC_001333_Int64Add64 GLOBAL FUNC_001334_Int64Add32 GLOBAL FUNC_001335_Int64Sub64 GLOBAL FUNC_001336_Int64Sub32 GLOBAL FUNC_001337_Int64Mul64 GLOBAL FUNC_001338_Int64Mul32 GLOBAL FUNC_001339_Int64MulCreate GLOBAL FUNC_001340_Int64LogicShift GLOBAL FUNC_001341_Int64ArithShift GLOBAL FUNC_001342_FF80Null GLOBAL FUNC_001343_StringExpandFFCodeInternal GLOBAL FUNC_001344_StringExpandFFCode GLOBAL FUNC_001345_StringExpandFF40Code GLOBAL FUNC_001346_StringExpandFF80Code GLOBAL FUNC_001347_StringExpandArrayIndex GLOBAL FUNC_001348_StringExpand GLOBAL FUNC_001349_FF30Null GLOBAL FUNC_001350_FF30WriteDateV1 GLOBAL FUNC_001351_FF30WriteDateV2 GLOBAL FUNC_001352_FF30WriteDateV3 GLOBAL FUNC_001353_FF30WriteDateYearV1 GLOBAL FUNC_001354_FF30WriteDateYearV2 GLOBAL FUNC_001355_FF30WriteDateYearV3 GLOBAL FUNC_001356_FF30WriteDateYearD8807 GLOBAL FUNC_001357_StringConvertDateNum GLOBAL FUNC_001358_StringConvertDate GLOBAL FUNC_001359_StringConvertMonth GLOBAL FUNC_001360_FF30WriteTimeV3 GLOBAL FUNC_001361_FF30WriteTimeV2 GLOBAL FUNC_001362_FF30WriteTimeV1 GLOBAL FUNC_001363_StringConvertTime GLOBAL FUNC_001364_FF30WriteStringV4 GLOBAL FUNC_001365_FF30WriteStringV5 GLOBAL FUNC_001366_FF30WriteHexIntV3 GLOBAL FUNC_001367_FF30WriteHexIntV2 GLOBAL FUNC_001368_FF30WriteHexIntV1 GLOBAL FUNC_001369_FF30WriteTonsV3 GLOBAL FUNC_001370_FF30WriteTonsV2 GLOBAL FUNC_001371_FF30WriteTonsV1 GLOBAL FUNC_001372_FF30WriteIntV4 GLOBAL FUNC_001373_FF30WriteIntV5 GLOBAL FUNC_001374_FF30WriteIntV3 GLOBAL FUNC_001375_FF30WriteIntV2 GLOBAL FUNC_001376_FF30WriteIntV1 GLOBAL FUNC_001377_StringConvertFraction GLOBAL FUNC_001378_FF30Write1dpFracV1 GLOBAL FUNC_001379_FF30Write1dpFracV2 GLOBAL FUNC_001380_FF30Write1dpFracV3 GLOBAL FUNC_001381_FF30Write2dpFracV1 GLOBAL FUNC_001382_FF30Write2dpFracV2 GLOBAL FUNC_001383_FF30Write2dpFracV3 GLOBAL FUNC_001384_FF30Write3dpFracV1 GLOBAL FUNC_001385_FF30Write3dpFracV2 GLOBAL FUNC_001386_FF30Write3dpFracV3 GLOBAL FUNC_001387_FF30WriteFFCodeV5 GLOBAL FUNC_001388_FF30WriteFFCodeV4 GLOBAL FUNC_001389_FF30WriteFFCodeV3 GLOBAL FUNC_001390_FF30WriteFFCodeV2 GLOBAL FUNC_001391_FF30WriteFFCodeV1 GLOBAL FUNC_001392_FF30WriteWrapStringV4 GLOBAL FUNC_001393_StringConvertSpeed GLOBAL FUNC_001394_FF30WriteSpeedV3 GLOBAL FUNC_001395_FF30WriteSpeedV2 GLOBAL FUNC_001396_FF30WriteSpeedV1 GLOBAL FUNC_001397_StringExpandWrapFFCode GLOBAL FUNC_001398_StringWrap GLOBAL FUNC_001399_StringDrawWrapShadow GLOBAL FUNC_001400_StringDrawWrapNoVars GLOBAL FUNC_001401_StringDrawWrap GLOBAL FUNC_001402_StringDrawWrapPersist GLOBAL FUNC_001403_SetIntVec GLOBAL FUNC_001404_InstallIntHandler GLOBAL FUNC_001405_GetIntVec GLOBAL FUNC_001406_KeybGetKeyState GLOBAL FUNC_001407_KeybInit GLOBAL FUNC_001408_KeybCleanup GLOBAL FUNC_001409_GuiGetLastActionInternal GLOBAL FUNC_001410_GuiSetLastActionInternal GLOBAL FUNC_001411_nothing GLOBAL FUNC_001412_KeybIntHandler GLOBAL FUNC_001413_nothing GLOBAL FUNC_001414_GuiGetLastAction GLOBAL FUNC_001415_GuiSetLastAction GLOBAL FUNC_001416_TimerInit GLOBAL FUNC_001417_TimerCleanup GLOBAL FUNC_001418_nothing GLOBAL FUNC_001419_Timer200HzHandler GLOBAL FUNC_001420_nothing GLOBAL FUNC_001421_nothing GLOBAL FUNC_001422_TimerKeyAccum GLOBAL FUNC_001423_nothing GLOBAL FUNC_001424_nothing GLOBAL FUNC_001425_Timer50HzHandler GLOBAL FUNC_001426_nothing GLOBAL FUNC_001427_MouseInit GLOBAL FUNC_001428_MouseGetMickeys GLOBAL FUNC_001429_GuiReadAllInput GLOBAL FUNC_001430 GLOBAL FUNC_001431 GLOBAL FUNC_001432_GuiProcessInput GLOBAL FUNC_001433_JoyPollAxes GLOBAL FUNC_001434_JoyUpdate GLOBAL FUNC_001435_JoyConvPollVal GLOBAL FUNC_001436_JoyCalibrate GLOBAL FUNC_001437_JoyGetVals GLOBAL FUNC_001438_GuiClearHotAreas GLOBAL FUNC_001439_GuiSetConsoleHotAreas GLOBAL FUNC_001440_GuiAddHotAreas GLOBAL FUNC_001441_GuiAddHotRect GLOBAL FUNC_001442_GuiAddHotSquare GLOBAL FUNC_001443_GuiRemoveHotArea GLOBAL FUNC_001444_GuiSetXYAccum GLOBAL FUNC_001445_GuiGetXYAccum GLOBAL FUNC_001446_ScrnShotSave GLOBAL FUNC_001447_ScrnshotWriteHeader GLOBAL FUNC_001448_ScrnShotWritePalette GLOBAL FUNC_001449_ScrnshotWriteData GLOBAL FUNC_001450_FileBuildName GLOBAL FUNC_001451_FileBuildInfoBlk GLOBAL FUNC_001452_FileFindFirst GLOBAL FUNC_001453_FileFindNext GLOBAL FUNC_001454 GLOBAL FUNC_001455_FileIsDir GLOBAL FUNC_001456_FileDelete GLOBAL FUNC_001459_FileGetNumDrives GLOBAL FUNC_001460_FileWriteDrivesString GLOBAL FUNC_001461_GuiAddHotRect2 GLOBAL FUNC_001462_ExtractDriveDir GLOBAL FUNC_001463 GLOBAL FUNC_001464 GLOBAL FUNC_001465 GLOBAL FUNC_001466 GLOBAL FUNC_001467 GLOBAL FUNC_001468 GLOBAL FUNC_001469 GLOBAL FUNC_001470 GLOBAL FUNC_001471 GLOBAL FUNC_001472 GLOBAL FUNC_001473 GLOBAL FUNC_001474 GLOBAL FUNC_001475 GLOBAL FUNC_001476 GLOBAL FUNC_001477 GLOBAL FUNC_001478 GLOBAL FUNC_001479 GLOBAL FUNC_001480 GLOBAL FUNC_001481 GLOBAL FUNC_001482 GLOBAL FUNC_001483 GLOBAL FUNC_001484 GLOBAL FUNC_001485 GLOBAL FUNC_001486 GLOBAL FUNC_001487 GLOBAL FUNC_001488 GLOBAL FUNC_001489 GLOBAL FUNC_001490 GLOBAL FUNC_001491 GLOBAL FUNC_001492 GLOBAL FUNC_001493 GLOBAL FUNC_001494 GLOBAL FUNC_001495 GLOBAL FUNC_001496 GLOBAL FUNC_001497 GLOBAL FUNC_001498 GLOBAL FUNC_001499 GLOBAL FUNC_001500 GLOBAL FUNC_001501 GLOBAL FUNC_001502 GLOBAL FUNC_001503 GLOBAL FUNC_001504 GLOBAL FUNC_001505 GLOBAL FUNC_001506 GLOBAL FUNC_001507 GLOBAL FUNC_001508 GLOBAL FUNC_001509 GLOBAL FUNC_001510 GLOBAL FUNC_001511 GLOBAL FUNC_001512 GLOBAL FUNC_001513 GLOBAL FUNC_001514 GLOBAL FUNC_001515 GLOBAL FUNC_001516 GLOBAL FUNC_001517 GLOBAL FUNC_001518 GLOBAL FUNC_001519 GLOBAL FUNC_001520 GLOBAL FUNC_001521 GLOBAL FUNC_001522 GLOBAL FUNC_001523 GLOBAL FUNC_001524_TogglePtr GLOBAL FUNC_001525_nothing GLOBAL FUNC_001526_nothing GLOBAL FUNC_001527_SysInit GLOBAL FUNC_001528_SysCleanup GLOBAL FUNC_001529_SysExit GLOBAL FUNC_001530 GLOBAL FUNC_001531 GLOBAL FUNC_001532 GLOBAL FUNC_001533 GLOBAL FUNC_001534 GLOBAL FUNC_001535 GLOBAL FUNC_001536 GLOBAL FUNC_001537 GLOBAL FUNC_001538 GLOBAL FUNC_001539 GLOBAL FUNC_001540_InitDrivesStringW GLOBAL FUNC_001541 GLOBAL FUNC_001542 GLOBAL FUNC_001543 GLOBAL FUNC_001544 GLOBAL FUNC_001545 GLOBAL FUNC_001546 GLOBAL FUNC_001547 GLOBAL FUNC_001548 GLOBAL FUNC_001549 GLOBAL FUNC_001550 GLOBAL FUNC_001551 GLOBAL FUNC_001552 GLOBAL FUNC_001553 GLOBAL FUNC_001554 GLOBAL FUNC_001555 GLOBAL FUNC_001556 GLOBAL FUNC_001557 GLOBAL FUNC_001558 GLOBAL FUNC_001559 GLOBAL FUNC_001560 GLOBAL FUNC_001561 GLOBAL FUNC_001562 GLOBAL FUNC_001563 GLOBAL FUNC_001564 GLOBAL FUNC_001565 GLOBAL FUNC_001566 GLOBAL FUNC_001567 GLOBAL FUNC_001568 GLOBAL FUNC_001569_DrawScannerStalk GLOBAL FUNC_001570_DrawUpStalk GLOBAL FUNC_001571_DrawDownStalk GLOBAL FUNC_001572 GLOBAL FUNC_001573 GLOBAL FUNC_001574 GLOBAL FUNC_001575 GLOBAL FUNC_001576 GLOBAL FUNC_001577_ClearBuf GLOBAL FUNC_001578 GLOBAL FUNC_001579 GLOBAL FUNC_001580_PersistBlit GLOBAL FUNC_001581_PersistTextWrite GLOBAL FUNC_001582_TextWriteStringOnly GLOBAL FUNC_001583_TextWriteDefaultColor GLOBAL FUNC_001584_TextWriteDefaultClip GLOBAL FUNC_001585_TextWriteDefaultHeight GLOBAL FUNC_001586_TextWriteDetailed GLOBAL FUNC_001587_TextWriteInternal GLOBAL FUNC_001588_DrawShadowedChar GLOBAL FUNC_001589_WriteStringShadowed GLOBAL FUNC_001590 GLOBAL FUNC_001591 GLOBAL FUNC_001592 GLOBAL FUNC_001593 GLOBAL FUNC_001594 GLOBAL FUNC_001595 GLOBAL FUNC_001596_DisplayInit GLOBAL FUNC_001597_CharAdvanceWidth GLOBAL FUNC_001598_DrawChar GLOBAL FUNC_001599_DrawHLineConClip GLOBAL FUNC_001600_DrawHLineClip GLOBAL FUNC_001601_DrawHLine GLOBAL FUNC_001602_DrawPolySegment GLOBAL FUNC_001603_CalcLineGrad GLOBAL FUNC_001604_DrawTriangle GLOBAL FUNC_001605 GLOBAL FUNC_001606_DrawQuadVClip GLOBAL FUNC_001607_DrawQuad GLOBAL FUNC_001608_DrawQuadInternal GLOBAL FUNC_001609_DrawSprite GLOBAL FUNC_001610_DrawParticleClipped GLOBAL FUNC_001611_DrawParticle GLOBAL FUNC_001612_DrawCircle GLOBAL FUNC_001613_DrawSpans GLOBAL FUNC_001614 GLOBAL FUNC_001615 GLOBAL FUNC_001616_DrawLine GLOBAL FUNC_001617_BlitVidToBuf GLOBAL FUNC_001618_ClearUpperBuf GLOBAL FUNC_001619_ZeroUpperBuf GLOBAL FUNC_001620_BmpIndexToPtr GLOBAL FUNC_001621_BlitIndexToBuf GLOBAL FUNC_001622_BlitClipIndexToBuf GLOBAL FUNC_001623_BlitIndex GLOBAL FUNC_001624_BlitClipIndex GLOBAL FUNC_001625_BlitClipInternal GLOBAL FUNC_001626_BlitInternal GLOBAL FUNC_001627_DrawBoxToBuf GLOBAL FUNC_001628_DrawBoxToBufMasked GLOBAL FUNC_001629_DrawPixelToBuf GLOBAL FUNC_001630_EnablePtr GLOBAL FUNC_001631_DisablePtr GLOBAL FUNC_001632_UpdatePtr GLOBAL FUNC_001633_BlitPtr GLOBAL FUNC_001634_ReadPtrRect GLOBAL FUNC_001635_WritePtrRect GLOBAL FUNC_001636_SetPtrImage GLOBAL FUNC_001637_FlipScreen GLOBAL FUNC_001638_VideoInit GLOBAL FUNC_001639_SetHighPalette GLOBAL FUNC_001640_SetPalette GLOBAL FUNC_001641_SetWholePalette GLOBAL FUNC_001642_GenerateTexSteps GLOBAL FUNC_001643_SelectTexFunc GLOBAL FUNC_001644_DrawTexTriangle GLOBAL FUNC_001645_DrawTexTriangleDet GLOBAL FUNC_001646_DrawTexTriangleInternal GLOBAL FUNC_001647_DrawTexQuad GLOBAL FUNC_001648_DrawTexQuadDet GLOBAL FUNC_001649_DrawTexQuadInternal GLOBAL FUNC_001650_Tex64NonTrans GLOBAL FUNC_001651_Tex64Trans GLOBAL FUNC_001652_Tex128NonTrans GLOBAL FUNC_001653_Tex128Trans GLOBAL FUNC_001654 GLOBAL FUNC_001655_setupkeyhandler GLOBAL FUNC_001656_FindMSB GLOBAL FUNC_001657_Vec64FindMSB GLOBAL FUNC_001658_Vec64Truncate GLOBAL FUNC_001659 GLOBAL FUNC_001660_Vec64Shift GLOBAL FUNC_001661_Vec64Add GLOBAL FUNC_001662_Vec64Sub GLOBAL FUNC_001663_Vec64NegAssign GLOBAL FUNC_001664_Vec64Abs GLOBAL FUNC_001665_MatAssign GLOBAL FUNC_001666_SpecialDiv GLOBAL FUNC_001667 GLOBAL FUNC_001668 GLOBAL FUNC_001669_VecMatMul GLOBAL FUNC_001670_VecMatTMul GLOBAL FUNC_001671_SpecialVecMatMul GLOBAL FUNC_001672_MatMatMul GLOBAL FUNC_001673_MatMatTMul GLOBAL FUNC_001674_MatBuildOdd GLOBAL FUNC_001675_MatBuildYZT GLOBAL FUNC_001676_MatBuildYZ GLOBAL FUNC_001677 GLOBAL FUNC_001678 GLOBAL FUNC_001679 GLOBAL FUNC_001680 GLOBAL FUNC_001681 GLOBAL FUNC_001682 GLOBAL FUNC_001683 GLOBAL FUNC_001684 GLOBAL FUNC_001685 GLOBAL FUNC_001686 GLOBAL FUNC_001687 GLOBAL FUNC_001688 GLOBAL FUNC_001689 GLOBAL FUNC_001690 GLOBAL FUNC_001691 GLOBAL FUNC_001692 GLOBAL FUNC_001693 GLOBAL FUNC_001694 GLOBAL FUNC_001695 GLOBAL FUNC_001696 GLOBAL FUNC_001697 GLOBAL FUNC_001698 GLOBAL FUNC_001699 GLOBAL FUNC_001700 GLOBAL FUNC_001701 GLOBAL FUNC_001702 GLOBAL FUNC_001703 GLOBAL FUNC_001704 GLOBAL FUNC_001705 GLOBAL FUNC_001706 GLOBAL FUNC_001707 GLOBAL FUNC_001708 GLOBAL FUNC_001709 GLOBAL FUNC_001710 GLOBAL FUNC_001711 GLOBAL FUNC_001712 GLOBAL FUNC_001713 GLOBAL FUNC_001714 GLOBAL FUNC_001715 GLOBAL FUNC_001716 GLOBAL FUNC_001717 GLOBAL FUNC_001718 GLOBAL FUNC_001719 GLOBAL FUNC_001720 GLOBAL FUNC_001721 GLOBAL FUNC_001722 GLOBAL FUNC_001723 GLOBAL FUNC_001724 GLOBAL FUNC_001725 GLOBAL FUNC_001726 GLOBAL FUNC_001727 GLOBAL FUNC_001728 GLOBAL FUNC_001729 GLOBAL FUNC_001730 GLOBAL FUNC_001731 GLOBAL FUNC_001732 GLOBAL FUNC_001733 GLOBAL FUNC_001734 GLOBAL FUNC_001735 GLOBAL FUNC_001736 GLOBAL FUNC_001737 GLOBAL FUNC_001738 GLOBAL FUNC_001739 GLOBAL FUNC_001740 GLOBAL FUNC_001741 GLOBAL FUNC_001742 GLOBAL FUNC_001743 GLOBAL FUNC_001744 GLOBAL FUNC_001745 GLOBAL FUNC_001746 GLOBAL FUNC_001747 GLOBAL FUNC_001748 GLOBAL FUNC_001749 GLOBAL FUNC_001750 GLOBAL FUNC_001751 GLOBAL FUNC_001752 GLOBAL FUNC_001753 GLOBAL FUNC_001754 GLOBAL FUNC_001755 GLOBAL FUNC_001756 GLOBAL FUNC_001757 GLOBAL FUNC_001758 GLOBAL FUNC_001759 GLOBAL FUNC_001760 GLOBAL FUNC_001761 GLOBAL FUNC_001762 GLOBAL FUNC_001763 GLOBAL FUNC_001764 GLOBAL FUNC_001765 GLOBAL FUNC_001766 GLOBAL FUNC_001767 GLOBAL FUNC_001768 GLOBAL FUNC_001769 GLOBAL FUNC_001770 GLOBAL FUNC_001771 GLOBAL FUNC_001772 GLOBAL FUNC_001773 GLOBAL FUNC_001774 GLOBAL FUNC_001775 GLOBAL FUNC_001776 GLOBAL FUNC_001777 GLOBAL FUNC_001778 GLOBAL FUNC_001779 GLOBAL FUNC_001780 GLOBAL FUNC_001781 GLOBAL FUNC_001782 GLOBAL FUNC_001783 GLOBAL FUNC_001784 GLOBAL FUNC_001785 GLOBAL FUNC_001786 GLOBAL FUNC_001787 GLOBAL FUNC_001788 GLOBAL FUNC_001789 GLOBAL FUNC_001790 GLOBAL FUNC_001791 GLOBAL FUNC_001792 GLOBAL FUNC_001793 GLOBAL FUNC_001794 GLOBAL FUNC_001795 GLOBAL FUNC_001796 GLOBAL FUNC_001797 GLOBAL FUNC_001798 GLOBAL FUNC_001799 GLOBAL FUNC_001800 GLOBAL FUNC_001801 GLOBAL FUNC_001802 GLOBAL FUNC_001803 GLOBAL FUNC_001804 GLOBAL FUNC_001805 GLOBAL FUNC_001806 GLOBAL FUNC_001807 GLOBAL FUNC_001808 GLOBAL FUNC_001809 GLOBAL FUNC_001810 GLOBAL FUNC_001811 GLOBAL FUNC_001812 GLOBAL FUNC_001813 GLOBAL FUNC_001814 GLOBAL FUNC_001815 GLOBAL FUNC_001816 GLOBAL FUNC_001817 GLOBAL FUNC_001818 GLOBAL FUNC_001819 GLOBAL FUNC_001820 GLOBAL FUNC_001821 GLOBAL FUNC_001822 GLOBAL FUNC_001823 GLOBAL FUNC_001824 GLOBAL FUNC_001825 GLOBAL FUNC_001826 GLOBAL FUNC_001827 GLOBAL FUNC_001828 GLOBAL FUNC_001829 GLOBAL FUNC_001830 GLOBAL FUNC_001831 GLOBAL FUNC_001832 GLOBAL FUNC_001833 GLOBAL FUNC_001834 GLOBAL FUNC_001835 GLOBAL FUNC_001836 GLOBAL FUNC_001837 GLOBAL FUNC_001838 GLOBAL FUNC_001839 GLOBAL FUNC_001840 GLOBAL FUNC_001841 GLOBAL FUNC_001842 GLOBAL FUNC_001843 GLOBAL FUNC_001844 GLOBAL FUNC_001845 GLOBAL FUNC_001846 GLOBAL FUNC_001847 GLOBAL FUNC_001848 GLOBAL FUNC_001849 GLOBAL FUNC_001850 GLOBAL FUNC_001851 GLOBAL FUNC_001852 GLOBAL FUNC_001853 GLOBAL FUNC_001854 GLOBAL FUNC_001855 GLOBAL FUNC_001856 GLOBAL FUNC_001857 GLOBAL FUNC_001858 GLOBAL FUNC_001859 GLOBAL FUNC_001860 GLOBAL FUNC_001861 GLOBAL FUNC_001862 GLOBAL FUNC_001863 GLOBAL FUNC_001864 GLOBAL FUNC_001865 GLOBAL FUNC_001866 GLOBAL FUNC_001867 GLOBAL FUNC_001868 GLOBAL FUNC_001869 GLOBAL FUNC_001870 GLOBAL FUNC_001871 GLOBAL FUNC_001872 GLOBAL FUNC_001873 GLOBAL FUNC_001874 GLOBAL FUNC_001875 GLOBAL FUNC_001876 GLOBAL FUNC_001877 GLOBAL FUNC_001878 GLOBAL FUNC_001879 GLOBAL FUNC_001880_VideoInit GLOBAL FUNC_001881_VideoBlitBuffer GLOBAL FUNC_001882_FlipScreenLow GLOBAL FUNC_001883_VideoCleanup GLOBAL FUNC_001913_Sin16 GLOBAL FUNC_001914_Sin32 GLOBAL _BufferBlit GLOBAL _BufferMaskedBlit GLOBAL _BufferReverseBlit GLOBAL _asmmain GLOBAL DATA_008804 ; ANSI, POSIX funcs EXTERN _remove EXTERN _fclose EXTERN _fflush EXTERN _fgetpos EXTERN _fopen EXTERN _fprintf EXTERN _fread EXTERN _fscanf EXTERN _fseek EXTERN _ftell EXTERN _fwrite EXTERN _fputc EXTERN _printf EXTERN _sprintf EXTERN _vfprintf EXTERN _memcpy EXTERN _memmove EXTERN _memset EXTERN _strcat EXTERN _strcmp EXTERN _strcpy EXTERN _strlen EXTERN _strncat EXTERN _strrchr EXTERN _tolower EXTERN _toupper EXTERN _sqrt EXTERN _atoi EXTERN _abs EXTERN _free EXTERN _malloc EXTERN _atexit EXTERN _exit EXTERN _signal EXTERN _system ;EXTERN _errno ; Bitmap array pointers EXTERN DATA_001697 EXTERN DATA_004681 EXTERN DATA_007975 EXTERN DATA_008240 EXTERN DATA_008241 ; API funcs EXTERN _SystemInit EXTERN _SystemCleanup EXTERN _VideoBlit EXTERN _VideoMaskedBlit EXTERN _VideoReverseBlit EXTERN _VideoGetPalValue EXTERN _VideoSetPalValue EXTERN _VideoPointerExclusive EXTERN _VideoPointerEnable EXTERN _VideoPointerDisable EXTERN _InputJoyReadPos EXTERN _InputJoyReadButtons EXTERN _InputMouseReadButtons EXTERN _InputMouseReadMickeys EXTERN _InputMouseReadPos EXTERN _InputKeybReadStates EXTERN _InputKeybGetLastKey EXTERN _InputKeybSetLastKey EXTERN _TimerGetTimeStamp EXTERN _TimerSleep EXTERN _TimerFrameUpdate EXTERN _DirMakeAVIName EXTERN _DirMakeCmmdrName EXTERN _DirGetCmmdrPath EXTERN _DirResetCmmdrPath EXTERN _DirNavigateTree EXTERN _DirFindFirst EXTERN _DirFindNext EXTERN _SoundCheckInit EXTERN _SoundPlaySong EXTERN _SoundStopSong EXTERN _SoundSongDone EXTERN _SoundStopAllSamples EXTERN _SoundPlaySample EXTERN _SoundStreamGetUsedBlocks EXTERN _SoundStreamReset EXTERN _SoundStreamAddBlock EXTERN _SoundStreamStart EXTERN _SoundStreamWait EXTERN _SoundStreamStop EXTERN _CfgOpen EXTERN _CfgClose EXTERN _CfgFindSection EXTERN _CfgGetKeyVal EXTERN _BlitClipWrapper %include "ffedat.asm" SECTION .text FUNC_000020: ; Pos = 11464 push ebp mov ebp,esp push ebx mov edx,[ebp+0x8] mov eax,[edx] xor ecx,ecx mov cl,[eax] xor ebx,ebx mov bl,[eax+0x1] shl ebx,0x8 add ecx,ebx xor ebx,ebx mov bl,[eax+0x2] shl ebx,0x10 add ecx,ebx xor ebx,ebx mov bl,[eax+0x3] shl ebx,0x18 add ecx,ebx add eax,byte +0x4 mov [edx],eax mov eax,ecx pop ebx pop ebp ret FUNC_000021: ; Pos = 1149c push ebp mov ebp,esp xor eax,eax mov edx,[ebp+0x8] cmp edx,byte +0x14 ja near JUMP_000196 jmp near [edx*4+DATA_000000] SECTION .data DATA_000000: ; Pos = 114b4 dd JUMP_000181 dd JUMP_000182 dd JUMP_000183 dd JUMP_000184 dd JUMP_000185 dd JUMP_000186 dd JUMP_000186 dd JUMP_000186 dd JUMP_000186 dd JUMP_000186 dd JUMP_000186 dd JUMP_000186 dd JUMP_000187 dd JUMP_000188 dd JUMP_000189 dd JUMP_000190 dd JUMP_000191 dd JUMP_000192 dd JUMP_000193 dd JUMP_000194 dd JUMP_000195 SECTION .text JUMP_000181: ; Pos = 11508 mov eax,[DATA_008861] movzx eax,byte [eax+0x86] jmp JUMP_000196 JUMP_000182: ; Pos = 11519 mov eax,[DATA_008911] jmp JUMP_000196 JUMP_000183: ; Pos = 11523 mov eax,[DATA_008888] jmp JUMP_000196 JUMP_000184: ; Pos = 1152d mov eax,[DATA_008922] jmp JUMP_000196 JUMP_000185: ; Pos = 11534 mov eax,[DATA_008885] jmp JUMP_000196 JUMP_000186: ; Pos = 1153b mov eax,[DATA_008804] mov ecx,0xc22e xor edx,edx div ecx mov edx,[DATA_008807] sub edx,0x121cf7 shl edx,0x7 lea edx,[edx+edx*2] lea edx,[edx+edx*4] lea edx,[edx+edx*4] lea edx,[edx+edx*8] add eax,edx ; cmp eax, 0 ; jnl JUMP_000196 ; mov eax, 0x7fffffff jmp short JUMP_000196 JUMP_000187: ; Pos = 11568 movsx eax,byte [DATA_008874] jmp short JUMP_000196 JUMP_000188: ; Pos = 11571 mov eax,[DATA_008862] movzx eax,byte [eax+0x86] jmp short JUMP_000196 JUMP_000189: ; Pos = 1157f movsx eax,byte [DATA_008870] jmp short JUMP_000196 JUMP_000190: ; Pos = 11588 mov eax,[DATA_008890] jmp short JUMP_000196 JUMP_000191: ; Pos = 1158f mov eax,[DATA_008892] jmp short JUMP_000196 JUMP_000192: ; Pos = 11596 mov eax,[DATA_008923] jmp short JUMP_000196 JUMP_000193: ; Pos = 1159d mov eax,[DATA_008924] jmp short JUMP_000196 JUMP_000194: ; Pos = 115a4 mov eax,[DATA_008925] jmp short JUMP_000196 JUMP_000195: ; Pos = 115ab mov eax,[DATA_008926] JUMP_000196: ; Pos = 115b0 pop ebp ret FUNC_000022: ; Pos = 115b4 push ebp mov ebp,esp push ecx push ebx mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov edx,ebx cmp edx,byte +0x14 ja near JUMP_000209 jmp near [edx*4+DATA_000001] SECTION .data DATA_000001: ; Pos = 115d1 dd JUMP_000209 dd JUMP_000197 dd JUMP_000200 dd JUMP_000201 dd JUMP_000202 dd JUMP_000209 dd JUMP_000209 dd JUMP_000209 dd JUMP_000209 dd JUMP_000209 dd JUMP_000209 dd JUMP_000209 dd JUMP_000203 dd JUMP_000209 dd JUMP_000209 dd JUMP_000209 dd JUMP_000204 dd JUMP_000205 dd JUMP_000206 dd JUMP_000207 dd JUMP_000208 SECTION .text JUMP_000197: ; Pos = 11625 test eax,eax jnl JUMP_000198 xor eax,eax JUMP_000198: ; Pos = 1162b cmp eax,0xfffffff jng JUMP_000199 mov eax,0xfffffff JUMP_000199: ; Pos = 11637 mov [DATA_008911],eax jmp short JUMP_000209 JUMP_000200: ; Pos = 1163e mov [DATA_008888],eax jmp short JUMP_000209 JUMP_000201: ; Pos = 11645 mov [DATA_008922],eax jmp short JUMP_000209 JUMP_000202: ; Pos = 1164c mov [ebp-0x4],eax push byte +0x0 mov eax,[ebp-0x4] push eax call FUNC_000909 add esp,byte +0x8 jmp short JUMP_000209 JUMP_000203: ; Pos = 1165f mov [DATA_008874],al jmp short JUMP_000209 JUMP_000204: ; Pos = 11666 mov [DATA_008892],eax jmp short JUMP_000209 JUMP_000205: ; Pos = 1166d mov [DATA_008923],eax jmp short JUMP_000209 JUMP_000206: ; Pos = 11674 mov [DATA_008924],eax jmp short JUMP_000209 JUMP_000207: ; Pos = 1167b mov [DATA_008925],eax jmp short JUMP_000209 JUMP_000208: ; Pos = 11682 mov [DATA_008926],eax JUMP_000209: ; Pos = 11687 push ebx push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc pop ebx pop ecx pop ebp ret FUNC_000023: ; Pos = 11698 push ebp mov ebp,esp mov eax,[ebp+0x8] mov ecx,0x15180 xor edx,edx div ecx add eax,0x121cf7 pop ebp ret FUNC_000024: ; Pos = 116b0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov ecx,0x15180 xor edx,edx div ecx imul eax,edx,0xc22e pop ebp ret FUNC_000025: ; Pos = 116c8 push ebp mov ebp,esp push ebx push esi push edi xor edi,edi xor esi,esi mov eax,[ebp+0x8] mov ebx,eax jmp short JUMP_000211 JUMP_000210: ; Pos = 116d9 mov eax,esi shl eax,0x4 add eax,esi shl eax,0x2 add eax,[ebp+0x8] push eax call near [ebp+0xc] pop ecx add edi,eax inc esi add ebx,byte +0x44 JUMP_000211: ; Pos = 116f1 cmp dword [ebx],byte +0x0 jnz JUMP_000210 mov eax,edi pop edi pop esi pop ebx pop ebp ret FUNC_000026: ; Pos = 11700 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x8] xor ebx,ebx mov esi,edi jmp short JUMP_000214 JUMP_000212: ; Pos = 1170f mov eax,ebx shl eax,0x4 add eax,ebx shl eax,0x2 add eax,edi push eax call near [ebp+0xc] pop ecx test eax,eax jz JUMP_000213 mov eax,[ebp+0x10] add dword [ebp+0x10],byte -0x1 test eax,eax jz JUMP_000215 JUMP_000213: ; Pos = 1172f inc ebx add esi,byte +0x44 JUMP_000214: ; Pos = 11733 cmp dword [esi],byte +0x0 jnz JUMP_000212 JUMP_000215: ; Pos = 11738 mov eax,ebx shl eax,0x4 add eax,ebx mov eax,[edi+eax*4+0x4] pop edi pop esi pop ebx pop ebp ret FUNC_000027: ; Pos = 11748 push ebp mov ebp,esp push ebx push esi push edi mov ebx,0x72 mov eax,[ebp+0x8] lea edi,[eax+0x9798] mov eax,[ebp+0x8] lea esi,[eax+0x72] JUMP_000216: ; Pos = 11762 cmp byte [esi],0x0 jz JUMP_000217 lea eax,[ebx+ebx*4] lea eax,[ebx+eax*4] lea eax,[ebx+eax*8] add eax,eax add eax,[ebp+0x8] add eax,byte +0x74 push eax call near [ebp+0xc] pop ecx test eax,eax jz JUMP_000217 mov eax,[edi] cmp eax,[ebp+0x10] jz JUMP_000218 JUMP_000217: ; Pos = 11788 dec ebx add edi,0xfffffeae dec esi test ebx,ebx jg JUMP_000216 JUMP_000218: ; Pos = 11794 mov eax,ebx pop edi pop esi pop ebx pop ebp ret FUNC_000028: ; Pos = 1179c push ebp mov ebp,esp mov eax,[ebp+0x8] test byte [eax+0x14c],0x10 setnz al and eax,byte +0x1 pop ebp ret FUNC_000029: ; Pos = 117c8 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x82] cmp edx,byte +0x76 jc JUMP_000219 cmp edx,0x85 jna JUMP_000220 JUMP_000219: ; Pos = 117e1 xor eax,eax jmp short JUMP_000221 JUMP_000220: ; Pos = 117e5 mov eax,0x1 JUMP_000221: ; Pos = 117ea pop ebp ret FUNC_000030: ; Pos = 117ec push ebp mov ebp,esp mov eax,[ebp+0x8] mov dx,[eax+0xc] cmp dx,byte +0x76 jc JUMP_000222 cmp dx,0x85 jna JUMP_000223 JUMP_000222: ; Pos = 11803 xor eax,eax jmp short JUMP_000224 JUMP_000223: ; Pos = 11807 mov eax,0x1 JUMP_000224: ; Pos = 1180c pop ebp ret nop nop FUNC_000031: ; Pos = 11810 push ebp mov ebp,esp push eax mov eax,0x2 JUMP_000225: ; Pos = 11819 add esp,0xfffff004 push eax dec eax jnz JUMP_000225 mov eax,[ebp-0x4] push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[ebx] inc dword [ebx] movzx eax,byte [eax] cmp eax,byte +0x43 ja near JUMP_000309 jmp near [eax*4+DATA_000002] SECTION .data DATA_000002: ; Pos = 11846 dd JUMP_000309 dd JUMP_000309 dd JUMP_000226 dd JUMP_000227 dd JUMP_000228 dd JUMP_000229 dd JUMP_000230 dd JUMP_000231 dd JUMP_000232 dd JUMP_000233 dd JUMP_000234 dd JUMP_000235 dd JUMP_000236 dd JUMP_000237 dd JUMP_000238 dd JUMP_000239 dd JUMP_000240 dd JUMP_000241 dd JUMP_000242 dd JUMP_000243 dd JUMP_000244 dd JUMP_000245 dd JUMP_000246 dd JUMP_000247 dd JUMP_000248 dd JUMP_000249 dd JUMP_000250 dd JUMP_000254 dd JUMP_000257 dd JUMP_000258 dd JUMP_000259 dd JUMP_000260 dd JUMP_000262 dd JUMP_000263 dd JUMP_000264 dd JUMP_000267 dd JUMP_000269 dd JUMP_000270 dd JUMP_000273 dd JUMP_000274 dd JUMP_000275 dd JUMP_000276 dd JUMP_000277 dd JUMP_000278 dd JUMP_000279 dd JUMP_000280 dd JUMP_000281 dd JUMP_000282 dd JUMP_000283 dd JUMP_000285 dd JUMP_000286 dd JUMP_000287 dd JUMP_000288 dd JUMP_000289 dd JUMP_000290 dd JUMP_000291 dd JUMP_000292 dd JUMP_000293 dd JUMP_000294 dd JUMP_000298 dd JUMP_000299 dd JUMP_000300 dd JUMP_000301 dd JUMP_000302 dd JUMP_000304 dd JUMP_000305 dd JUMP_000306 dd JUMP_000308 SECTION .text JUMP_000226: ; Pos = 11956 push ebx call FUNC_000020 pop ecx mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000227: ; Pos = 11965 push ebx call FUNC_000020 pop ecx push eax call FUNC_000021 pop ecx mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000228: ; Pos = 1197b push ebx call FUNC_000020 pop ecx mov eax,[eax*4+DATA_008548] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000229: ; Pos = 11991 push ebx call FUNC_000020 pop ecx mov edx,[esi+0x1c] mov edx,[edx+0x14] mov eax,[edx+eax*4] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000230: ; Pos = 119a9 push ebx call FUNC_000020 pop ecx mov edi,eax mov eax,[esi+0x20] mov eax,[eax+edi*4] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000231: ; Pos = 119c0 push esi push ebx call FUNC_000031 add esp,byte +0x8 neg eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000232: ; Pos = 119d4 push esi push ebx call FUNC_000031 add esp,byte +0x8 not eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000233: ; Pos = 119e8 push esi push ebx call FUNC_000031 add esp,byte +0x8 cmp eax,byte +0x1 sbb eax,eax neg eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000234: ; Pos = 11a01 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax imul edi,[ebp-0xc] mov [ebp-0x8],edi jmp JUMP_000309 JUMP_000235: ; Pos = 11a26 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax mov eax,edi cdq idiv dword [ebp-0xc] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000236: ; Pos = 11a4d push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax mov eax,edi cdq idiv dword [ebp-0xc] mov [ebp-0x8],edx jmp JUMP_000309 JUMP_000237: ; Pos = 11a74 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax add edi,[ebp-0xc] mov [ebp-0x8],edi jmp JUMP_000309 JUMP_000238: ; Pos = 11a98 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax sub edi,[ebp-0xc] mov [ebp-0x8],edi jmp JUMP_000309 JUMP_000239: ; Pos = 11abc push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax mov ecx,[ebp-0xc] shl edi,cl mov [ebp-0x8],edi jmp JUMP_000309 JUMP_000240: ; Pos = 11ae2 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax mov ecx,[ebp-0xc] sar edi,cl mov [ebp-0x8],edi jmp JUMP_000309 JUMP_000241: ; Pos = 11b08 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax cmp edi,[ebp-0xc] setl al and eax,byte +0x1 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000242: ; Pos = 11b32 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax cmp edi,[ebp-0xc] setng al and eax,byte +0x1 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000243: ; Pos = 11b5c push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax cmp edi,[ebp-0xc] setg al and eax,byte +0x1 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000244: ; Pos = 11b86 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax cmp edi,[ebp-0xc] setnl al and eax,byte +0x1 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000245: ; Pos = 11bb0 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax cmp edi,[ebp-0xc] setz al and eax,byte +0x1 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000246: ; Pos = 11bda push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax cmp edi,[ebp-0xc] setnz al and eax,byte +0x1 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000247: ; Pos = 11c04 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax and edi,[ebp-0xc] mov [ebp-0x8],edi jmp JUMP_000309 JUMP_000248: ; Pos = 11c28 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax xor edi,[ebp-0xc] mov [ebp-0x8],edi jmp JUMP_000309 JUMP_000249: ; Pos = 11c4c push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax or edi,[ebp-0xc] mov [ebp-0x8],edi jmp JUMP_000309 JUMP_000250: ; Pos = 11c70 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax test edi,edi jz JUMP_000251 cmp dword [ebp-0xc],byte +0x0 jnz JUMP_000252 JUMP_000251: ; Pos = 11c93 xor eax,eax jmp short JUMP_000253 JUMP_000252: ; Pos = 11c97 mov eax,0x1 JUMP_000253: ; Pos = 11c9c mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000254: ; Pos = 11ca4 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax test edi,edi jnz JUMP_000255 cmp dword [ebp-0xc],byte +0x0 jnz JUMP_000255 xor eax,eax jmp short JUMP_000256 JUMP_000255: ; Pos = 11ccb mov eax,0x1 JUMP_000256: ; Pos = 11cd0 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000257: ; Pos = 11cd8 push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000258: ; Pos = 11ce7 push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000259: ; Pos = 11cf6 push esi push ebx call FUNC_000031 add esp,byte +0x8 push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000260: ; Pos = 11d0f push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax test edi,edi jl JUMP_000261 cmp edi,byte +0x6 jnl JUMP_000261 mov eax,[edi*4+DATA_009093] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000261: ; Pos = 11d33 xor eax,eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000262: ; Pos = 11d3d push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax mov eax,[ebp-0xc] push eax push edi call FUNC_000085 add esp,byte +0x8 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000263: ; Pos = 11d6b push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000264: ; Pos = 11d7a push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax cmp edi,byte +0x1 jnz JUMP_000265 mov eax,[DATA_008913] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000265: ; Pos = 11d98 cmp edi,byte +0x2 jnz JUMP_000266 mov eax,[DATA_008912] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000266: ; Pos = 11daa xor eax,eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000267: ; Pos = 11db4 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax test edi,edi jl JUMP_000268 cmp edi,byte +0x6 jnl JUMP_000268 mov eax,[edi*4+DATA_009095] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000268: ; Pos = 11dd8 xor eax,eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000269: ; Pos = 11de2 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax mov eax,[DATA_009133] push eax push edi call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov eax,[eax+0x82] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000270: ; Pos = 11e0c push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax cmp dword [ebp-0xc],0x3e8 jnl JUMP_000271 sub dword [ebp-0xc],byte +0x64 mov eax,[ebp-0xc] push eax mov eax,[DATA_009133] push eax push edi call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 push eax call FUNC_000392 add esp,byte +0x8 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000271: ; Pos = 11e57 sub dword [ebp-0xc],0x3e8 mov eax,[DATA_008861] movzx eax,byte [eax+0x86] cmp edi,eax jnz JUMP_000272 cmp dword [ebp-0xc],byte +0x26 jnl JUMP_000272 mov eax,[ebp-0xc] movzx eax,word [eax*2+DATA_008896] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000272: ; Pos = 11e87 xor eax,eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000273: ; Pos = 11e91 push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000274: ; Pos = 11ea0 push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000275: ; Pos = 11eaf push esi push ebx call FUNC_000031 add esp,byte +0x8 push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000276: ; Pos = 11ec8 push esi push ebx call FUNC_000031 add esp,byte +0x8 push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000277: ; Pos = 11ee1 push esi push ebx call FUNC_000031 add esp,byte +0x8 push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000278: ; Pos = 11efa push esi push ebx call FUNC_000031 add esp,byte +0x8 push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000279: ; Pos = 11f13 push esi push ebx call FUNC_000031 add esp,byte +0x8 push esi push ebx call FUNC_000031 add esp,byte +0x8 jmp JUMP_000309 JUMP_000280: ; Pos = 11f2c push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call FUNC_000106 pop ecx mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000281: ; Pos = 11f45 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov ebx,eax push ebx mov eax,[ebp-0xc] push eax push edi call FUNC_000096 add esp,byte +0xc mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000282: ; Pos = 11f80 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax mov [ebp-0x4],edi mov ax,[ebp-0x4] and eax,0x1fff shl eax,0x10 shr edi,0xd and edi,0x1fff and edi,0xffff or eax,edi mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000283: ; Pos = 11fb4 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax test edi,edi jl JUMP_000284 cmp edi,byte +0x6 jnl JUMP_000284 mov eax,[edi*4+DATA_008908] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000284: ; Pos = 11fd8 xor eax,eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000285: ; Pos = 11fe2 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x4],eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0x10] push eax mov eax,[ebp-0x4] push eax call FUNC_000871 add esp,byte +0x1c jmp JUMP_000309 JUMP_000286: ; Pos = 12018 call FUNC_001476 push eax push esi push ebx call FUNC_000031 add esp,byte +0x8 pop edx xchg eax,edx mov ecx,edx xor edx,edx div ecx mov [ebp-0x8],edx jmp JUMP_000309 JUMP_000287: ; Pos = 12038 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push edi push dword FUNC_000028 mov eax,[DATA_009133] push eax call FUNC_000027 add esp,byte +0xc mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000288: ; Pos = 12060 push esi push ebx call FUNC_000031 add esp,byte +0x8 cmp eax,[DATA_008560] setz al and eax,byte +0x1 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000289: ; Pos = 1207e push esi push ebx call FUNC_000031 add esp,byte +0x8 mov ebx,eax lea eax,[ebp-0x12] push eax push ebx call FUNC_000658 add esp,byte +0x8 mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000290: ; Pos = 1209f push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call FUNC_000023 pop ecx mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000291: ; Pos = 120b8 push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call FUNC_000024 pop ecx mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000292: ; Pos = 120d1 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax mov eax,[DATA_009133] push eax push edi call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov eax,[eax+0xa0] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000293: ; Pos = 120fb push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x4],eax push byte +0x3 call near [DATA_007217] ; FUNC_000922 pop ecx push eax mov eax,[ebp-0x4] push eax call FUNC_000857 add esp,byte +0x8 mov [ebp-0x4],eax mov eax,[ebp-0x4] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000294: ; Pos = 1212c mov edi,0x1 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xffffefec] push eax call FUNC_000461 add esp,byte +0x8 test eax,eax jnz JUMP_000295 lea eax,[ebp+0xffffefec] push eax call FUNC_000462 pop ecx mov edi,eax test edi,edi jnz JUMP_000296 JUMP_000295: ; Pos = 12168 xor eax,eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000296: ; Pos = 12172 push edi call near [DATA_007217] ; FUNC_000922 pop ecx push eax lea eax,[ebp+0xffffefec] push eax call FUNC_000463 add esp,byte +0x8 test eax,eax jnz JUMP_000297 xor eax,eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000297: ; Pos = 12198 mov eax,[eax+0x4] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000298: ; Pos = 121a3 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0xc],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov ebx,eax add edi,0x1718 mov eax,[ebp-0xc] add eax,0x1524 shl eax,0xd or edi,eax shl ebx,0x1a or edi,ebx mov [ebp-0x8],edi jmp JUMP_000309 JUMP_000299: ; Pos = 121e8 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push edi push dword FUNC_000029 mov eax,[DATA_009133] push eax call FUNC_000027 add esp,byte +0xc mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000300: ; Pos = 12210 mov eax,[DATA_009133] push eax push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov eax,[eax+0x82] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000301: ; Pos = 12238 mov eax,[DATA_009133] push eax push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 movzx eax,byte [eax+0xff] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000302: ; Pos = 12261 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xffffdffc] push eax call FUNC_000461 add esp,byte +0x8 test eax,eax jz JUMP_000303 xor eax,eax mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000303: ; Pos = 1228f push dword FUNC_000030 lea eax,[ebp+0xffffdffc] push eax call FUNC_000025 add esp,byte +0x8 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz near JUMP_000309 mov eax,[ebp-0x8] push eax call near [DATA_007217] ; FUNC_000922 pop ecx push eax push dword FUNC_000030 lea eax,[ebp+0xffffdffc] push eax call FUNC_000026 add esp,byte +0xc mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000304: ; Pos = 122d8 mov eax,[DATA_009133] push eax push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 movsx eax,byte [eax+0x88] mov [ebp-0x8],eax jmp JUMP_000309 JUMP_000305: ; Pos = 12301 mov eax,[DATA_009133] push eax push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 movzx eax,byte [eax+0xfe] mov [ebp-0x8],eax jmp short JUMP_000309 JUMP_000306: ; Pos = 12327 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edi,eax push esi push ebx call FUNC_000031 add esp,byte +0x8 add eax,0xfffffc18 mov [ebp-0xc],eax push edi call FUNC_000649 pop ecx test eax,eax jz JUMP_000307 cmp dword [ebp-0xc],byte +0x0 jl JUMP_000307 cmp dword [ebp-0xc],byte +0x26 jnl JUMP_000307 mov edx,[ebp-0xc] mov eax,[eax+edx*8+0x4] mov [ebp-0x8],eax jmp short JUMP_000309 JUMP_000307: ; Pos = 12368 xor eax,eax mov [ebp-0x8],eax jmp short JUMP_000309 JUMP_000308: ; Pos = 1236f push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x4],eax lea eax,[ebp-0x24] push eax lea eax,[ebp-0x20] push eax lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x18] push eax mov eax,[ebp-0x4] push eax call FUNC_000870 add esp,byte +0x14 mov eax,[ebp-0x1c] mov [ebp-0x8],eax JUMP_000309: ; Pos = 1239e mov eax,[ebp-0x8] pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000032: ; Pos = 123a8 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0x8] mov eax,[esi] inc dword [esi] mov bl,[eax] xor eax,eax mov al,bl shl eax,0x4 cmp dword [eax+DATA_001702],byte +0x0 jng near JUMP_000319 mov edi,[esi] mov eax,[eax+DATA_001703] sub eax,byte +0x1 jc JUMP_000310 jz JUMP_000311 dec eax jz JUMP_000312 dec eax jz JUMP_000313 jmp short JUMP_000314 JUMP_000310: ; Pos = 123e5 xor eax,eax mov [ebp-0x4],eax jmp short JUMP_000314 JUMP_000311: ; Pos = 123ec mov eax,[ebp+0xc] mov eax,[eax+0x1c] mov [ebp-0x4],eax jmp short JUMP_000314 JUMP_000312: ; Pos = 123f7 mov eax,[ebp+0xc] mov [ebp-0x4],eax jmp short JUMP_000314 JUMP_000313: ; Pos = 123ff mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov [ebp-0x4],eax JUMP_000314: ; Pos = 1240f xor eax,eax mov al,bl shl eax,0x4 mov eax,[eax+DATA_001704] sub eax,byte +0x1 jc JUMP_000315 jz JUMP_000316 dec eax jz JUMP_000317 jmp short JUMP_000318 JUMP_000315: ; Pos = 12428 xor eax,eax mov [ebp-0x8],eax jmp short JUMP_000318 JUMP_000316: ; Pos = 1242f push esi call FUNC_000020 pop ecx mov [ebp-0x8],eax jmp short JUMP_000318 JUMP_000317: ; Pos = 1243b mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov [ebp-0x8],eax JUMP_000318: ; Pos = 1244b mov eax,[ebp+0x14] push eax mov eax,[ebp+0xc] push eax push dword FUNC_000047 mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] push eax xor eax,eax mov al,bl shl eax,0x4 mov eax,[eax+DATA_001702] push eax call near [ebp+0x10] add esp,byte +0x18 mov [esi],edi JUMP_000319: ; Pos = 12476 xor eax,eax mov al,bl shl eax,0x4 cmp dword [eax+DATA_001701],byte +0x0 jng JUMP_000322 xor edi,edi xor eax,eax mov al,bl add eax,eax lea eax,[eax*8+DATA_001701] mov ebx,eax jmp short JUMP_000321 JUMP_000320: ; Pos = 12499 mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push esi call FUNC_000032 add esp,byte +0x10 inc edi JUMP_000321: ; Pos = 124af cmp edi,[ebx] jl JUMP_000320 jmp short JUMP_000323 JUMP_000322: ; Pos = 124b5 add dword [esi],byte +0x4 JUMP_000323: ; Pos = 124b8 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000033: ; Pos = 124c0 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,[ebp+0xc] mov esi,[ebp+0x8] xor ebx,ebx jmp short JUMP_000325 JUMP_000324: ; Pos = 124d1 mov eax,[eax+ebx*4+0x8] mov [ebp-0x4],eax push ebx push edi push esi lea eax,[ebp-0x4] push eax call FUNC_000032 add esp,byte +0x10 inc ebx JUMP_000325: ; Pos = 124e8 mov eax,[esi+0x8] cmp ebx,[eax+0x4] jl JUMP_000324 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000034: ; Pos = 124f8 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[ebp+0xc] mov [eax*4+DATA_008548],edx push eax push byte +0x0 push byte +0x2 call FUNC_000048 add esp,byte +0xc pop ebp ret FUNC_000035: ; Pos = 12518 push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax*4+DATA_008548] pop ebp ret FUNC_000036: ; Pos = 12528 push ebp mov ebp,esp push ecx push ebx push esi mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov [ebx+0x82],eax push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov esi,eax mov ax,[esi+0x2c] mov [ebp-0x4],ax mov ax,[esi+0x14] add ax,[esi+0x18] add ax,byte +0x7 mov [ebp-0x2],ax mov eax,[ebp-0x4] push eax lea eax,[ebx+0x138] push eax call near [DATA_007734] ; FUNC_001495 add esp,byte +0x8 mov ax,[esi+0x30] mov [ebp-0x4],ax mov ax,[esi+0x14] add ax,[esi+0x18] add ax,byte +0x7 mov [ebp-0x2],ax mov eax,[ebp-0x4] push eax lea eax,[ebx+0x140] push eax call near [DATA_007734] ; FUNC_001495 add esp,byte +0x8 xor edx,edx mov dl,[esi+0x24] sar edx,0x4 and dl,0x7 mov eax,[esi+0x34] test eax,eax jz JUMP_000326 cmp byte [eax],0x0 jz JUMP_000326 mov al,0x80 jmp short JUMP_000327 JUMP_000326: ; Pos = 125b7 xor eax,eax JUMP_000327: ; Pos = 125b9 or dl,al mov [ebx+0x14c],dl mov eax,[esi+0x38] test eax,eax jz near JUMP_000332 mov ax,[eax] mov [ebx+0xc4],ax mov eax,[esi+0x38] mov ax,[eax+0x2] mov [ebx+0xc6],ax mov [ebx+0xc2],ax mov [ebx+0xbe],ax neg ax mov [ebx+0xc0],ax mov edx,eax mov [ebx+0xbc],dx cmp dx,0x1329 jl JUMP_000328 mov byte [ebx+0x101],0x2 jmp short JUMP_000330 JUMP_000328: ; Pos = 12615 cmp word [ebx+0xbc],0xaa5 jl JUMP_000329 mov byte [ebx+0x101],0x1 jmp short JUMP_000330 JUMP_000329: ; Pos = 12629 mov byte [ebx+0x101],0x0 JUMP_000330: ; Pos = 12630 mov eax,[esi+0x38] mov al,[eax+0x4] mov [ebx+0xd1],al mov eax,[esi+0x38] mov ax,[eax+0x6] shl eax,0x2 mov [ebx+0xe4],ax mov edx,[esi+0x38] movsx eax,word [edx+0x8] mov si,[edx+0x14] test si,si jnl JUMP_000331 mov edx,esi mov [ebx+0xd0],dl movsx edx,dl sub eax,[edx*4+DATA_007210] JUMP_000331: ; Pos = 1266f mov [ebx+0x116],ax JUMP_000332: ; Pos = 12676 pop esi pop ebx pop ecx pop ebp ret FUNC_000037: ; Pos = 1267c push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x8] mov eax,[esi] inc dword [esi] movzx eax,byte [eax] cmp eax,byte +0x42 ja near JUMP_000353 mov al,[eax+DATA_000003] jmp near [eax*4+DATA_000004] SECTION .data DATA_000003: ; Pos = 126a2 db 0x0, 0x0, 0x0, 0x11, 0x10, 0xf, 0xe, 0x0 db 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 db 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 db 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd db 0x0, 0x0, 0xc, 0xb, 0xa, 0x9, 0x0, 0x0 db 0x8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 db 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 db 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, 0x0 db 0x0, 0x2, 0x1 DATA_000004: ; Pos = 126e5 dd JUMP_000353 dd JUMP_000352 dd JUMP_000351 dd JUMP_000350 dd JUMP_000349 dd JUMP_000348 dd JUMP_000347 dd JUMP_000353 dd JUMP_000353 dd JUMP_000340 dd JUMP_000339 dd JUMP_000338 dd JUMP_000353 dd JUMP_000337 dd JUMP_000336 dd JUMP_000335 dd JUMP_000334 dd JUMP_000333 SECTION .text JUMP_000333: ; Pos = 1272d mov eax,[ebp+0x10] push eax push esi call FUNC_000020 pop ecx push eax call FUNC_000022 add esp,byte +0x8 jmp JUMP_000353 JUMP_000334: ; Pos = 12746 push esi call FUNC_000020 pop ecx mov ebx,eax mov eax,[ebp+0x10] push eax push ebx call FUNC_000034 add esp,byte +0x8 jmp JUMP_000353 JUMP_000335: ; Pos = 12761 push esi call FUNC_000020 pop ecx mov ebx,eax mov eax,[ebp+0xc] mov eax,[eax+0x1c] mov eax,[eax+0x14] mov edx,[ebp+0x10] mov [eax+ebx*4],edx push ebx mov eax,[ebp+0xc] mov eax,[eax+0x1c] push eax push byte +0x3 call FUNC_000048 add esp,byte +0xc jmp JUMP_000353 JUMP_000336: ; Pos = 12790 push esi call FUNC_000020 pop ecx mov ebx,eax mov eax,[ebp+0xc] mov eax,[eax+0x20] mov edx,[ebp+0x10] mov [eax+ebx*4],edx push ebx mov eax,[ebp+0xc] push eax push byte +0x4 call FUNC_000048 add esp,byte +0xc jmp JUMP_000353 JUMP_000337: ; Pos = 127b9 mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov ebx,eax test ebx,ebx jl near JUMP_000353 cmp ebx,byte +0x6 jnl near JUMP_000353 mov eax,[ebp+0x10] mov [ebx*4+DATA_009093],eax push ebx push byte +0x0 push byte +0x15 call FUNC_000048 add esp,byte +0xc jmp JUMP_000353 JUMP_000338: ; Pos = 127f5 mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov ebx,eax test ebx,ebx jl near JUMP_000353 cmp ebx,byte +0x6 jnl near JUMP_000353 mov eax,[ebp+0x10] mov [ebx*4+DATA_009095],eax push ebx push byte +0x0 push byte +0xa call FUNC_000048 add esp,byte +0xc jmp JUMP_000353 JUMP_000339: ; Pos = 12831 mov eax,[DATA_009133] push eax mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edi,eax mov eax,[edi+0xa0] push eax mov eax,[ebp+0x10] push eax push edi call FUNC_000441 add esp,byte +0xc jmp JUMP_000353 JUMP_000340: ; Pos = 12869 mov eax,[DATA_009133] push eax mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edi,eax mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov ebx,eax cmp ebx,0x3e8 jnl JUMP_000344 sub ebx,byte +0x64 push ebx push edi call FUNC_000392 add esp,byte +0x8 mov esi,[ebp+0x10] sub esi,eax test esi,esi jng JUMP_000342 test esi,esi jng near JUMP_000353 JUMP_000341: ; Pos = 128bd push ebx push edi call FUNC_000390 add esp,byte +0x8 test eax,eax jnz near JUMP_000353 dec esi test esi,esi jg JUMP_000341 jmp JUMP_000353 JUMP_000342: ; Pos = 128d9 test esi,esi jnl near JUMP_000353 JUMP_000343: ; Pos = 128e1 push ebx push edi call FUNC_000391 add esp,byte +0x8 test eax,eax jnz near JUMP_000353 inc esi test esi,esi jl JUMP_000343 jmp JUMP_000353 JUMP_000344: ; Pos = 128fd sub ebx,0x3e8 cmp edi,[DATA_008861] jnz near JUMP_000353 cmp ebx,byte +0x26 jnl near JUMP_000353 movzx eax,word [ebx*2+DATA_008896] mov esi,[ebp+0x10] sub esi,eax test esi,esi jng JUMP_000345 mov edx,[DATA_008891] mov ecx,edx add ecx,esi mov eax,[DATA_008889] cmp ecx,eax jng JUMP_000346 mov esi,eax sub esi,edx jmp short JUMP_000346 JUMP_000345: ; Pos = 12942 cmp dword [ebp+0x10],byte +0x0 jnl JUMP_000346 mov esi,eax neg esi JUMP_000346: ; Pos = 1294c add [DATA_008891],esi add [ebx*2+DATA_008896],si jmp JUMP_000353 JUMP_000347: ; Pos = 1295f mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov ebx,eax test ebx,ebx jl near JUMP_000353 cmp ebx,byte +0x6 jnl near JUMP_000353 mov eax,[ebp+0x10] mov [ebx*4+DATA_008908],eax push ebx push byte +0x0 push byte +0x11 call FUNC_000048 add esp,byte +0xc jmp JUMP_000353 JUMP_000348: ; Pos = 1299b mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov ebx,eax mov eax,[DATA_009133] push eax push ebx call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edx,[ebp+0x10] mov [eax+0xa0],edx jmp JUMP_000353 JUMP_000349: ; Pos = 129c8 mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov ebx,eax mov eax,[ebp+0x10] push eax mov eax,[DATA_009133] push eax push ebx call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 push eax call FUNC_000036 add esp,byte +0x8 jmp JUMP_000353 JUMP_000350: ; Pos = 129f9 mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov ebx,eax mov eax,[DATA_009133] push eax push ebx call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edi,eax mov eax,[edi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx cmp dword [eax+0x38],byte +0x0 jz near JUMP_000353 mov al,[ebp+0x10] mov [edi+0xff],al push ebx push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc jmp short JUMP_000353 JUMP_000351: ; Pos = 12a4a mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov ebx,eax mov eax,[DATA_009133] push eax push ebx call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov dl,[ebp+0x10] mov [eax+0xfe],dl jmp short JUMP_000353 JUMP_000352: ; Pos = 12a74 mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 mov ebx,eax mov eax,[ebp+0xc] push eax push esi call FUNC_000031 add esp,byte +0x8 add eax,0xfffffc18 mov esi,eax push ebx call FUNC_000649 pop ecx test eax,eax jz JUMP_000353 test esi,esi jl JUMP_000353 cmp esi,byte +0x26 jnl JUMP_000353 mov edx,[ebp+0x10] mov [eax+esi*8+0x4],edx add esi,0x3e8 push esi push ebx push byte +0x18 call FUNC_000048 add esp,byte +0xc JUMP_000353: ; Pos = 12ac4 pop edi pop esi pop ebx pop ebp ret FUNC_000038: ; Pos = 12acc push ebp mov ebp,esp push ebx mov eax,[ebp+0x8] mov edx,eax and edx,0xffff mov ebx,edx shl ebx,0x2 lea ebx,[ebx+ebx*8] add ebx,DATA_008561 cmp eax,[ebx+0x4] jnz JUMP_000356 cmp dword [ebx],byte +0x0 jng JUMP_000356 cmp dword [ebx],byte +0x5 jnl JUMP_000356 cmp dword [ebx+0x8],byte +0x0 jz JUMP_000354 push dword FUNC_000045 push ebx call FUNC_000033 add esp,byte +0x8 xor eax,eax mov [ebx+0x8],eax mov dword [ebx+0xc],0xffffffff JUMP_000354: ; Pos = 12b18 mov eax,[ebx+0x1c] cmp dword [eax+0xc],byte +0x0 jl JUMP_000355 mov dword [ebx],0x5 pop ebx pop ebp ret JUMP_000355: ; Pos = 12b2a inc word [ebx+0x6] mov dword [ebx],0x6 JUMP_000356: ; Pos = 12b34 pop ebx pop ebp ret FUNC_000039: ; Pos = 12b38 push ebp mov ebp,esp mov eax,[ebp+0x8] pop ebp ret FUNC_000040: ; Pos = 12b40 push ebp mov ebp,esp push ecx push ebx push esi mov esi,[ebp+0xc] lea eax,[ebp-0x4] push eax mov eax,[ebp+0x8] push eax push byte +0x1d mov ebx,[DATA_009133] push ebx push esi call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 push eax push ebx call near [DATA_007198] ; FUNC_000927 add esp,byte +0x14 mov ebx,eax test ebx,ebx jnz JUMP_000357 mov eax,ebx jmp JUMP_000358 JUMP_000357: ; Pos = 12b7c mov eax,[ebp+0x10] mov [ebx+0xa0],eax mov eax,esi mov [ebx+0x56],al mov word [ebx+0xda],0xfffc mov eax,[DATA_008804] mov [ebx+0xa8],eax mov eax,[DATA_008807] mov [ebx+0xac],eax mov eax,[ebp+0x1c] mov [ebx+0xc2],eax mov edx,[DATA_008807] push edx mov edx,[DATA_008804] push edx push byte +0x0 push byte +0x0 push eax lea eax,[ebx+0xba] push eax call near [DATA_007743] ; FUNC_001510 add esp,byte +0x18 mov eax,[ebp+0x18] shl eax,0x10 add [ebx+0xbe],eax xor eax,eax mov [ebx+0xa4],eax mov ax,[ebp+0x20] mov [ebx+0xc6],ax mov byte [ebx+0x87],0x1 mov eax,[ebp+0x14] mov [ebx+0xb0],eax mov eax,[ebx+0xbe] push eax movsx eax,word [ebx+0xc6] push eax mov eax,[ebx+0xb0] push eax push ebx call near [DATA_007741] ; FUNC_001507 add esp,byte +0x10 mov ax,[ebp+0x28] mov [ebx+0xcc],ax mov al,[ebp+0x24] mov [ebx+0xc8],al movsx edx,word [ebx+0xcc] push edx mov ecx,eax mov eax,[ebx+0xa8] shl eax,cl push eax push ebx call FUNC_001675_MatBuildYZT add esp,byte +0xc mov eax,ebx JUMP_000358: ; Pos = 12c56 pop esi pop ebx pop ecx pop ebp ret FUNC_000041: ; Pos = 12c5c push ebp mov ebp,esp add esp,0xffffff64 push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] xor edi,edi jmp JUMP_000450 JUMP_000359: ; Pos = 12c75 mov eax,[ebx] inc dword [ebx] movzx eax,byte [eax] cmp eax,byte +0x3c ja near JUMP_000450 jmp near [eax*4+DATA_000005] SECTION .data DATA_000005: ; Pos = 12c8c dd JUMP_000360 dd JUMP_000361 dd JUMP_000362 dd JUMP_000364 dd JUMP_000365 dd JUMP_000368 dd JUMP_000369 dd JUMP_000370 dd JUMP_000371 dd JUMP_000372 dd JUMP_000373 dd JUMP_000374 dd JUMP_000375 dd JUMP_000376 dd JUMP_000377 dd JUMP_000378 dd JUMP_000379 dd JUMP_000380 dd JUMP_000381 dd JUMP_000382 dd JUMP_000385 dd JUMP_000386 dd JUMP_000387 dd JUMP_000388 dd JUMP_000389 dd JUMP_000390 dd JUMP_000391 dd JUMP_000392 dd JUMP_000393 dd JUMP_000394 dd JUMP_000395 dd JUMP_000396 dd JUMP_000397 dd JUMP_000398 dd JUMP_000399 dd JUMP_000400 dd JUMP_000401 dd JUMP_000402 dd JUMP_000403 dd JUMP_000404 dd JUMP_000407 dd JUMP_000408 dd JUMP_000411 dd JUMP_000414 dd JUMP_000417 dd JUMP_000418 dd JUMP_000419 dd JUMP_000420 dd JUMP_000421 dd JUMP_000424 dd JUMP_000425 dd JUMP_000428 dd JUMP_000429 dd JUMP_000434 dd JUMP_000436 dd JUMP_000439 dd JUMP_000440 dd JUMP_000441 dd JUMP_000442 dd JUMP_000448 dd JUMP_000449 SECTION .text JUMP_000360: ; Pos = 12d80 mov edi,0x1 jmp JUMP_000450 JUMP_000361: ; Pos = 12d8a push ebx call FUNC_000020 pop ecx mov [ebp-0x14],eax mov eax,[esi+0x4] push eax mov eax,[ebp-0x14] push eax push esi push ebx call FUNC_000052 add esp,byte +0x10 mov [ebp-0x14],eax mov eax,[ebp-0x14] push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000362: ; Pos = 12dbc push esi push ebx call FUNC_000031 add esp,byte +0x8 test eax,eax jz JUMP_000363 add dword [ebx],byte +0x4 jmp JUMP_000450 JUMP_000363: ; Pos = 12dd2 push ebx call FUNC_000020 pop ecx mov [ebp-0x14],eax mov eax,[ebp-0x14] add eax,byte -0x4 add [ebx],eax jmp JUMP_000450 JUMP_000364: ; Pos = 12de9 push ebx call FUNC_000020 pop ecx mov [ebp-0x14],eax mov eax,[ebp-0x14] add eax,byte -0x4 add [ebx],eax jmp JUMP_000450 JUMP_000365: ; Pos = 12e00 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x20],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x24],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x28],eax mov eax,[ebp-0x1c] mov [ebp+0xffffff78],eax mov eax,[ebp-0x28] push eax mov eax,[ebp-0x24] push eax mov eax,[ebp-0x20] push eax cmp dword [ebp-0x1c],byte +0x0 jz JUMP_000366 lea eax,[ebp+0xffffff78] jmp short JUMP_000367 JUMP_000366: ; Pos = 12e71 xor eax,eax JUMP_000367: ; Pos = 12e73 push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000331 add esp,byte +0x18 jmp JUMP_000450 JUMP_000368: ; Pos = 12e89 call FUNC_000342 jmp JUMP_000450 JUMP_000369: ; Pos = 12e93 call FUNC_000326 jmp JUMP_000450 JUMP_000370: ; Pos = 12e9d push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax mov eax,[ebp-0x14] push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000371: ; Pos = 12ebd push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax mov eax,[ebp-0x14] push eax call FUNC_000038 pop ecx mov eax,[ebp-0x14] cmp eax,[esi+0x4] jnz near JUMP_000450 mov edi,0x1 jmp JUMP_000450 JUMP_000372: ; Pos = 12eea push ebx call FUNC_000020 pop ecx mov edi,eax mov [esi+0x14],edi mov eax,[esi+0x1c] mov eax,[eax+edi*4+0x1c] mov [esi+0x10],eax mov dword [esi],0x4 mov edi,0x1 jmp JUMP_000450 JUMP_000373: ; Pos = 12f10 mov eax,[ebx] mov [ebp-0x10],eax mov eax,[ebp-0x10] push eax call _strlen pop ecx inc eax add [ebx],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x20],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x24],eax mov eax,[ebp-0x24] push eax mov eax,[ebp-0x20] push eax mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x10] push eax call FUNC_000101 add esp,byte +0x14 mov [ebp-0x14],eax mov eax,[ebp-0x14] push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000374: ; Pos = 12f88 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax mov eax,[ebp-0x14] push eax call FUNC_000102 pop ecx jmp JUMP_000450 JUMP_000375: ; Pos = 12fa4 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax mov eax,[ebp-0x14] push eax call FUNC_000103 pop ecx jmp JUMP_000450 JUMP_000376: ; Pos = 12fc0 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax mov eax,[ebp-0x14] push eax call FUNC_000097 pop ecx jmp JUMP_000450 JUMP_000377: ; Pos = 12fdc push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax push byte +0x0 push byte +0x0 mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000098 add esp,byte +0x14 jmp JUMP_000450 JUMP_000378: ; Pos = 13020 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000099 add esp,byte +0x8 jmp JUMP_000450 JUMP_000379: ; Pos = 1304f push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000100 add esp,byte +0xc jmp JUMP_000450 JUMP_000380: ; Pos = 1308f push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000104 add esp,byte +0x8 jmp JUMP_000450 JUMP_000381: ; Pos = 130be push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call FUNC_000105 pop ecx jmp JUMP_000450 JUMP_000382: ; Pos = 130d4 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax mov eax,[ebp-0x14] push eax call FUNC_000772 pop ecx mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz JUMP_000383 mov eax,[ebp-0x8] movzx eax,byte [eax+0x86] jmp short JUMP_000384 JUMP_000383: ; Pos = 13100 xor eax,eax JUMP_000384: ; Pos = 13102 push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000385: ; Pos = 13112 push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call FUNC_000039 pop ecx jmp JUMP_000450 JUMP_000386: ; Pos = 13128 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x18] push eax mov eax,[DATA_009133] push eax mov eax,[ebp-0x14] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 push eax call FUNC_000953 add esp,byte +0xc jmp JUMP_000450 JUMP_000387: ; Pos = 13178 mov dword [ebp-0x70],0xffffffff push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000349 pop ecx jmp JUMP_000450 JUMP_000388: ; Pos = 131a1 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000345 pop ecx jmp JUMP_000450 JUMP_000389: ; Pos = 131c3 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000346 pop ecx jmp JUMP_000450 JUMP_000390: ; Pos = 131e5 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax xor eax,eax mov [ebp-0x70],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000360 pop ecx jmp JUMP_000450 JUMP_000391: ; Pos = 1320c push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax lea eax,[ebp+0xffffff64] push eax mov eax,[ebp-0x18] push eax mov eax,[DATA_009133] push eax mov eax,[ebp-0x14] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 add eax,0x124 push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov eax,[ebp-0x14] push eax push byte +0x0 push byte +0x12 call FUNC_000048 add esp,byte +0xc jmp JUMP_000450 JUMP_000392: ; Pos = 13268 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff7c],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000345 pop ecx jmp JUMP_000450 JUMP_000393: ; Pos = 1329a mov dword [ebp-0x70],0xffffffff push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff7c],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000349 pop ecx jmp JUMP_000450 JUMP_000394: ; Pos = 132d3 mov dword [ebp-0x70],0xffffffff push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000352 pop ecx jmp JUMP_000450 JUMP_000395: ; Pos = 132fc mov dword [ebp-0x70],0xffffffff push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff7c],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000352 pop ecx jmp JUMP_000450 JUMP_000396: ; Pos = 13335 mov dword [ebp-0x70],0xffffffff push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff7c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x80],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000352 pop ecx jmp JUMP_000450 JUMP_000397: ; Pos = 1337b mov dword [ebp-0x70],0xffffffff push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000347 pop ecx jmp JUMP_000450 JUMP_000398: ; Pos = 133a4 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 imul eax,eax,0xc22e mov [ebp-0x18],eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000332 add esp,byte +0x8 jmp JUMP_000450 JUMP_000399: ; Pos = 133d9 call FUNC_000359 jmp JUMP_000450 JUMP_000400: ; Pos = 133e3 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax lea eax,[ebp+0xffffff64] push eax mov eax,[ebp-0x14] push eax mov eax,[DATA_008558] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc dec eax mov [DATA_008558],eax jmp JUMP_000450 JUMP_000401: ; Pos = 13415 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff64],eax lea eax,[ebp+0xffffff64] push eax mov eax,[ebp-0x14] push eax mov eax,[DATA_008558] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc dec eax mov [DATA_008558],eax jmp JUMP_000450 JUMP_000402: ; Pos = 13457 mov eax,[DATA_008885] push eax push dword DATA_002244 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x7 call FUNC_000314 add esp,byte +0x2c mov [ebp-0x14],eax mov eax,[ebp-0x14] push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000403: ; Pos = 13492 push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call FUNC_000315 pop ecx jmp JUMP_000450 JUMP_000404: ; Pos = 134a8 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x20],eax mov eax,[ebp-0x20] push eax call FUNC_000023 pop ecx push eax mov eax,[ebp-0x20] push eax call FUNC_000024 pop ecx push eax mov al,[ebp-0x1c] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000664 add esp,byte +0x14 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz JUMP_000405 mov eax,[ebp-0x8] movzx eax,byte [eax+0x86] jmp short JUMP_000406 JUMP_000405: ; Pos = 1351b xor eax,eax JUMP_000406: ; Pos = 1351d push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000407: ; Pos = 1352d push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax mov eax,[DATA_008862] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000236 add esp,byte +0xc jmp JUMP_000450 JUMP_000408: ; Pos = 13562 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000665 add esp,byte +0x8 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz JUMP_000409 mov eax,[ebp-0x8] movzx eax,byte [eax+0x86] jmp short JUMP_000410 JUMP_000409: ; Pos = 135a1 xor eax,eax JUMP_000410: ; Pos = 135a3 push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000411: ; Pos = 135b3 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000666 add esp,byte +0x8 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz JUMP_000412 mov eax,[ebp-0x8] movzx eax,byte [eax+0x86] jmp short JUMP_000413 JUMP_000412: ; Pos = 135f2 xor eax,eax JUMP_000413: ; Pos = 135f4 push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000414: ; Pos = 13604 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000668 add esp,byte +0x8 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz JUMP_000415 mov eax,[ebp-0x8] movzx eax,byte [eax+0x86] jmp short JUMP_000416 JUMP_000415: ; Pos = 13643 xor eax,eax JUMP_000416: ; Pos = 13645 push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000417: ; Pos = 13655 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff7c],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000346 pop ecx jmp JUMP_000450 JUMP_000418: ; Pos = 13687 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff64],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff68],eax lea eax,[ebp+0xffffff64] push eax mov eax,[ebp-0x14] push eax mov eax,[DATA_008558] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc dec eax mov [DATA_008558],eax jmp JUMP_000450 JUMP_000419: ; Pos = 136d9 mov dword [ebp-0x70],0xffffffff push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff7c],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000347 pop ecx jmp JUMP_000450 JUMP_000420: ; Pos = 13712 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff64],eax lea eax,[ebp+0xffffff64] push eax mov eax,[ebp-0x18] push eax mov eax,[DATA_009133] push eax mov eax,[ebp-0x14] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 add eax,0x124 push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov eax,[ebp-0x14] push eax push byte +0x0 push byte +0x12 call FUNC_000048 add esp,byte +0xc jmp JUMP_000450 JUMP_000421: ; Pos = 1377e push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x20],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x24],eax mov eax,[ebp-0x24] push eax mov eax,[ebp-0x20] push eax mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000297 add esp,byte +0x14 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz JUMP_000422 mov eax,[ebp-0x8] movzx eax,byte [eax+0x86] jmp short JUMP_000423 JUMP_000422: ; Pos = 137f0 xor eax,eax JUMP_000423: ; Pos = 137f2 push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000424: ; Pos = 13802 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call FUNC_000023 pop ecx mov [ebp-0x20],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x24],eax mov eax,[ebp-0x24] push eax mov eax,[ebp-0x20] push eax mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000290 add esp,byte +0x14 jmp JUMP_000450 JUMP_000425: ; Pos = 1386b push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x20],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x24],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x28],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x2c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x30],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax mov eax,[ebp-0x30] push eax mov eax,[ebp-0x2c] push eax mov eax,[ebp-0x28] push eax mov eax,[ebp-0x24] push eax mov eax,[ebp-0x20] push eax mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax call FUNC_000040 add esp,byte +0x24 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz JUMP_000426 mov eax,[ebp-0x8] movzx eax,byte [eax+0x86] jmp short JUMP_000427 JUMP_000426: ; Pos = 1391b xor eax,eax JUMP_000427: ; Pos = 1391d push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000428: ; Pos = 1392d push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax mov eax,[DATA_009133] push eax mov eax,[ebp-0x14] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz near JUMP_000450 mov eax,[ebp-0x18] push eax mov eax,[ebp-0x8] push eax call FUNC_000942 add esp,byte +0x8 jmp JUMP_000450 JUMP_000429: ; Pos = 1397c push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax mov eax,[DATA_009133] push eax mov eax,[ebp-0x18] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz JUMP_000430 mov eax,[ebp-0x8] push eax mov eax,[ebp-0x14] add eax,0x8e00 push eax call FUNC_000926 add esp,byte +0x8 jmp short JUMP_000431 JUMP_000430: ; Pos = 139c9 xor eax,eax JUMP_000431: ; Pos = 139cb mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz JUMP_000432 mov eax,[ebp-0x8] movzx eax,byte [eax+0x86] jmp short JUMP_000433 JUMP_000432: ; Pos = 139e0 xor eax,eax JUMP_000433: ; Pos = 139e2 push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000434: ; Pos = 139f2 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax cmp dword [ebp-0x14],byte +0x1 jnz JUMP_000435 mov eax,[ebp-0x1c] push eax lea eax,[ebp-0x4] push eax mov al,[ebp-0x18] push eax call FUNC_000305 add esp,byte +0xc jmp JUMP_000450 JUMP_000435: ; Pos = 13a38 cmp dword [ebp-0x14],byte +0x2 jnz near JUMP_000450 mov eax,[ebp-0x1c] push eax lea eax,[ebp-0x4] push eax mov al,[ebp-0x18] push eax call FUNC_000304 add esp,byte +0xc jmp JUMP_000450 JUMP_000436: ; Pos = 13a5b mov eax,[DATA_009133] push eax push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x8],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x3c],eax mov eax,[ebp-0x3c] push eax mov eax,[ebp-0x8] push eax call FUNC_000702 add esp,byte +0x8 cmp dword [ebp-0x18],byte +0x0 jz near JUMP_000438 cmp dword [DATA_009133],byte +0x0 jz JUMP_000437 mov al,[ebp-0x18] mov edx,[ebp-0x8] mov [edx+0x56],al jmp JUMP_000450 JUMP_000437: ; Pos = 13ac3 mov eax,[DATA_009133] push eax mov eax,[ebp-0x18] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0xc],eax mov eax,[ebp-0xc] push dword [eax+0x42] push dword [eax+0x3e] mov eax,[ebp-0x8] push dword [eax+0x42] push dword [eax+0x3e] mov eax,[ebp-0x8] add eax,byte +0x3e push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov eax,[ebp-0xc] push dword [eax+0x4a] push dword [eax+0x46] mov eax,[ebp-0x8] push dword [eax+0x4a] push dword [eax+0x46] mov eax,[ebp-0x8] add eax,byte +0x46 push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov eax,[ebp-0xc] push dword [eax+0x52] push dword [eax+0x4e] mov eax,[ebp-0x8] push dword [eax+0x52] push dword [eax+0x4e] mov eax,[ebp-0x8] add eax,byte +0x4e push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov eax,[ebp-0xc] mov al,[eax+0x56] mov edx,[ebp-0x8] mov [edx+0x56],al jmp JUMP_000450 JUMP_000438: ; Pos = 13b4d mov eax,[ebp-0x8] mov byte [eax+0x56],0x0 jmp JUMP_000450 JUMP_000439: ; Pos = 13b59 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff7c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x80],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000345 pop ecx jmp JUMP_000450 JUMP_000440: ; Pos = 13b98 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff7c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x80],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x7c],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000345 pop ecx jmp JUMP_000450 JUMP_000441: ; Pos = 13be4 mov eax,[DATA_009133] push eax push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x8],eax mov eax,[ebp-0x8] xor edx,edx mov [eax+0x8c],edx mov eax,[ebp-0x8] xor edx,edx mov [eax+0x90],edx mov eax,[ebp-0x8] xor edx,edx mov [eax+0x94],edx jmp JUMP_000450 JUMP_000442: ; Pos = 13c27 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x14],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x18],eax mov eax,[DATA_009133] push eax mov eax,[ebp-0x14] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x8],eax sub dword [ebp-0x18],0x3e8 cmp dword [ebp-0x18],byte +0x0 jl JUMP_000445 cmp dword [ebp-0x18],byte +0x26 jnl JUMP_000445 mov eax,[ebp-0x8] cmp eax,[DATA_008861] jnz JUMP_000443 mov eax,[ebp-0x18] cmp word [eax*2+DATA_008896],byte +0x0 jz JUMP_000444 JUMP_000443: ; Pos = 13c83 mov eax,[ebp-0x18] push eax mov eax,[ebp-0x8] push eax call FUNC_000291 add esp,byte +0x8 mov [ebp-0x8],eax jmp short JUMP_000445 JUMP_000444: ; Pos = 13c98 xor eax,eax mov [ebp-0x8],eax JUMP_000445: ; Pos = 13c9d cmp dword [ebp-0x8],byte +0x0 jz JUMP_000446 mov eax,[ebp-0x8] movzx eax,byte [eax+0x86] jmp short JUMP_000447 JUMP_000446: ; Pos = 13caf xor eax,eax JUMP_000447: ; Pos = 13cb1 push eax push esi push ebx call FUNC_000037 add esp,byte +0xc jmp JUMP_000450 JUMP_000448: ; Pos = 13cc1 push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff78],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp+0xffffff7c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x80],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x7c],eax push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x64],eax xor eax,eax mov [ebp-0x70],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000360 pop ecx jmp JUMP_000450 JUMP_000449: ; Pos = 13d1f mov eax,[DATA_009133] push eax push esi push ebx call FUNC_000031 add esp,byte +0x8 push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x8],eax mov eax,[ebp-0x8] mov byte [eax+0xff],0xb mov eax,[ebp-0x8] mov al,[eax+0xfe] mov edx,[ebp-0x8] mov [edx+0x100],al push esi push ebx call FUNC_000031 add esp,byte +0x8 mov edx,[ebp-0x8] mov [edx+0xfe],al push esi push ebx call FUNC_000031 add esp,byte +0x8 mov [ebp-0x1c],eax mov eax,[ebp-0x1c] lea eax,[eax+eax*2] mov dx,[eax*4+DATA_001705] mov ecx,[ebp-0x8] mov [ecx+0x102],dx mov dx,[eax*4+DATA_001706] mov ecx,[ebp-0x8] mov [ecx+0x104],dx mov ax,[eax*4+DATA_001707] mov edx,[ebp-0x8] mov [edx+0x106],ax JUMP_000450: ; Pos = 13db4 test edi,edi jz near JUMP_000359 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000042: ; Pos = 13dc4 push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,[eax] mov ebx,[edx] cmp ecx,ebx jz JUMP_000451 sub ecx,ebx mov eax,ecx pop ebx pop ebp ret JUMP_000451: ; Pos = 13ddd mov ecx,[eax+0x4] mov ebx,[edx+0x4] cmp ecx,ebx jz JUMP_000452 sub ecx,ebx mov eax,ecx pop ebx pop ebp ret JUMP_000452: ; Pos = 13dee mov ecx,[eax+0x8] mov ebx,[edx+0x8] cmp ecx,ebx jz JUMP_000453 sub ecx,ebx mov eax,ecx pop ebx pop ebp ret JUMP_000453: ; Pos = 13dff mov ecx,[eax+0x10] mov ebx,[edx+0x10] cmp ecx,ebx jz JUMP_000454 sub ecx,ebx mov eax,ecx pop ebx pop ebp ret JUMP_000454: ; Pos = 13e10 mov ecx,[eax+0x14] mov ebx,[edx+0x14] cmp ecx,ebx jz JUMP_000455 sub ecx,ebx mov eax,ecx pop ebx pop ebp ret JUMP_000455: ; Pos = 13e21 mov eax,[eax+0xc] sub eax,[edx+0xc] pop ebx pop ebp ret FUNC_000043: ; Pos = 13e2c push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,[eax] mov ebx,[edx] cmp ecx,ebx jz JUMP_000456 sub ecx,ebx mov eax,ecx pop ebx pop ebp ret JUMP_000456: ; Pos = 13e45 mov ecx,[eax+0x4] mov ebx,[edx+0x4] cmp ecx,ebx jz JUMP_000457 sub ecx,ebx mov eax,ecx pop ebx pop ebp ret JUMP_000457: ; Pos = 13e56 mov eax,[eax+0x8] sub eax,[edx+0x8] pop ebx pop ebp ret FUNC_000044: ; Pos = 13e60 push ebp mov ebp,esp push ebx push esi push edi push byte +0x20 call _malloc pop ecx mov esi,eax xor eax,eax mov [esi],eax xor eax,eax mov [esi+0x4],eax mov eax,[ebp+0x8] mov [esi+0x8],eax mov eax,[ebp+0xc] mov [esi+0xc],eax mov eax,[ebp+0x10] mov [esi+0x10],eax mov eax,[ebp+0x14] mov [esi+0x14],eax mov eax,[ebp+0x18] mov [esi+0x18],eax mov eax,[ebp+0x1c] mov [esi+0x1c],eax mov ebx,DATA_008564 jmp short JUMP_000460 JUMP_000458: ; Pos = 13ea4 add edi,byte +0x8 push edi lea eax,[esi+0x8] push eax call FUNC_000042 add esp,byte +0x8 test eax,eax jnl JUMP_000459 mov ebx,[ebx] jmp short JUMP_000460 JUMP_000459: ; Pos = 13ebc mov eax,[ebx] add eax,byte +0x4 mov ebx,eax JUMP_000460: ; Pos = 13ec3 mov edi,[ebx] test edi,edi jnz JUMP_000458 mov [ebx],esi pop edi pop esi pop ebx pop ebp ret FUNC_000045: ; Pos = 13ed0 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi mov eax,[ebp+0x8] mov [ebp-0x18],eax mov eax,[ebp+0xc] mov [ebp-0x14],eax mov eax,[ebp+0x10] mov [ebp-0x10],eax mov eax,[ebp+0x14] mov [ebp-0xc],eax mov eax,[ebp+0x18] mov [ebp-0x8],eax mov eax,[ebp+0x1c] mov [ebp-0x4],eax mov ebx,DATA_008564 jmp short JUMP_000463 JUMP_000461: ; Pos = 13f03 add eax,byte +0x8 push eax lea eax,[ebp-0x18] push eax call FUNC_000042 add esp,byte +0x8 test eax,eax jnl JUMP_000462 mov ebx,[ebx] jmp short JUMP_000463 JUMP_000462: ; Pos = 13f1b test eax,eax jng JUMP_000464 mov eax,[ebx] add eax,byte +0x4 mov ebx,eax JUMP_000463: ; Pos = 13f26 mov eax,[ebx] test eax,eax jnz JUMP_000461 JUMP_000464: ; Pos = 13f2c mov eax,[ebx] test eax,eax jz JUMP_000470 mov edx,[eax+0x4] test edx,edx jz JUMP_000468 cmp dword [eax],byte +0x0 jnz JUMP_000465 mov esi,edx push eax call _free pop ecx mov [ebx],esi jmp short JUMP_000470 JUMP_000465: ; Pos = 13f4b mov eax,[ebx] jmp short JUMP_000467 JUMP_000466: ; Pos = 13f4f add edx,byte +0x4 mov eax,edx JUMP_000467: ; Pos = 13f54 mov edx,[eax] cmp dword [edx+0x4],byte +0x0 jnz JUMP_000466 mov edx,[eax] mov esi,edx mov edx,[edx] mov [eax],edx mov eax,[ebx] mov eax,[eax] mov [esi],eax mov eax,[ebx] mov eax,[eax+0x4] mov [esi+0x4],eax mov eax,[ebx] push eax call _free pop ecx mov [ebx],esi jmp short JUMP_000470 JUMP_000468: ; Pos = 13f7f mov edx,[ebx] mov eax,[edx] test eax,eax jz JUMP_000469 mov esi,eax push edx call _free pop ecx mov [ebx],esi jmp short JUMP_000470 JUMP_000469: ; Pos = 13f94 mov eax,[ebx] push eax call _free pop ecx xor eax,eax mov [ebx],eax JUMP_000470: ; Pos = 13fa1 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000046: ; Pos = 13fa8 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] test esi,esi jz JUMP_000472 mov eax,[ebp+0x10] push eax mov eax,[esi] push eax push ebx call FUNC_000046 add esp,byte +0xc mov eax,[ebp+0x10] push eax lea eax,[esi+0x8] push eax call FUNC_000043 add esp,byte +0x8 test eax,eax jnz JUMP_000471 push byte +0x10 call _malloc pop ecx mov edi,eax mov eax,[ebx] mov [eax],edi xor eax,eax mov [edi],eax mov eax,[esi+0x14] mov [edi+0x4],eax mov eax,[esi+0x18] mov [edi+0x8],eax mov eax,[esi+0x1c] mov [edi+0xc],eax mov [ebx],edi JUMP_000471: ; Pos = 14002 mov eax,[ebp+0x10] push eax mov eax,[esi+0x4] push eax push ebx call FUNC_000046 add esp,byte +0xc JUMP_000472: ; Pos = 14013 pop edi pop esi pop ebx pop ebp ret FUNC_000047: ; Pos = 14018 push ebp mov ebp,esp push ecx push ebx mov eax,[ebp+0xc] mov ebx,[ebp+0x8] cmp dword [ebx],byte +0x1 jnz JUMP_000473 mov edx,[ebx+0x8] cmp eax,[edx+0x4] jnl JUMP_000473 mov edx,[ebx+0x8] mov eax,[edx+eax*4+0x8] mov [ebp-0x4],eax push ebx lea eax,[ebp-0x4] push eax call FUNC_000031 add esp,byte +0x8 test eax,eax jz JUMP_000473 mov dword [ebx],0x2 push ebx lea eax,[ebp-0x4] push eax call FUNC_000041 add esp,byte +0x8 cmp dword [ebx],byte +0x2 jnz JUMP_000473 mov dword [ebx],0x1 JUMP_000473: ; Pos = 14069 pop ebx pop ecx pop ebp ret FUNC_000048: ; Pos = 14070 push ebp mov ebp,esp add esp,byte -0x20 push ebx push esi lea esi,[ebp-0x4] mov eax,[ebp+0x8] mov [ebp-0x20],eax mov eax,[ebp+0xc] mov [ebp-0x1c],eax mov eax,[ebp+0x10] mov [ebp-0x18],eax mov ebx,DATA_008564 jmp short JUMP_000476 JUMP_000474: ; Pos = 14094 add eax,byte +0x8 push eax lea eax,[ebp-0x20] push eax call FUNC_000043 add esp,byte +0x8 test eax,eax jnl JUMP_000475 mov ebx,[ebx] jmp short JUMP_000476 JUMP_000475: ; Pos = 140ac test eax,eax jng JUMP_000477 mov eax,[ebx] add eax,byte +0x4 mov ebx,eax JUMP_000476: ; Pos = 140b7 mov eax,[ebx] test eax,eax jnz JUMP_000474 JUMP_000477: ; Pos = 140bd cmp dword [ebx],byte +0x0 jz JUMP_000482 xor eax,eax mov [esi],eax mov [ebp-0x8],esi lea eax,[ebp-0x20] push eax mov eax,[ebx] push eax lea eax,[ebp-0x8] push eax call FUNC_000046 add esp,byte +0xc mov ebx,[esi] test ebx,ebx jz JUMP_000479 JUMP_000478: ; Pos = 140e2 mov eax,[ebx+0xc] push eax mov eax,[ebx+0x8] push eax call near [ebx+0x4] add esp,byte +0x8 mov ebx,[ebx] test ebx,ebx jnz JUMP_000478 JUMP_000479: ; Pos = 140f6 cmp dword [esi],byte +0x0 jz JUMP_000481 JUMP_000480: ; Pos = 140fb mov ebx,[esi] mov eax,[esi] mov eax,[eax] mov [esi],eax push ebx call _free pop ecx cmp dword [esi],byte +0x0 jnz JUMP_000480 JUMP_000481: ; Pos = 1410f call FUNC_000054 JUMP_000482: ; Pos = 14114 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000049: ; Pos = 1411c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] test ebx,ebx jz JUMP_000483 mov eax,[ebx] push eax call FUNC_000049 pop ecx mov eax,[ebx+0x4] push eax call FUNC_000049 pop ecx push ebx call _free pop ecx JUMP_000483: ; Pos = 14141 pop ebx pop ebp ret FUNC_000050: ; Pos = 14144 push ebp mov ebp,esp mov eax,[DATA_008564] push eax call FUNC_000049 pop ecx xor eax,eax mov [DATA_008564],eax pop ebp ret FUNC_000051: ; Pos = 1415c push ebp mov ebp,esp push ebx push esi push edi mov eax,[ebp+0x8] xor esi,esi lea edi,[eax*4+DATA_001697] mov ebx,DATA_008561 JUMP_000484: ; Pos = 14173 cmp dword [ebx],byte +0x0 jnz JUMP_000485 mov dword [ebx],0x4 mov [ebx+0x4],si inc word [ebx+0x6] xor edx,edx mov [ebx+0x8],edx mov dword [ebx+0xc],0xffffffff xor edx,edx mov [ebx+0x10],edx mov dword [ebx+0x14],0xffffffff mov [ebx+0x18],eax mov eax,[edi] mov [ebx+0x1c],eax mov eax,[edi] mov eax,[eax+0x10] shl eax,0x2 push eax call _malloc pop ecx mov [ebx+0x20],eax mov eax,[ebx+0x20] mov edx,[ebx+0x4] mov [eax],edx mov eax,[ebx+0x20] mov edx,[ebp+0xc] mov [eax+0x4],edx mov eax,esi shl eax,0x2 lea eax,[eax+eax*8] add eax,DATA_008561 jmp short JUMP_000486 JUMP_000485: ; Pos = 141d9 inc esi add ebx,byte +0x24 cmp esi,0x96 jl JUMP_000484 xor eax,eax JUMP_000486: ; Pos = 141e7 pop edi pop esi pop ebx pop ebp ret FUNC_000052: ; Pos = 141ec push ebp mov ebp,esp push ecx push ebx push esi push edi mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax call FUNC_000051 add esp,byte +0x8 mov esi,eax mov eax,[ebp+0x10] mov eax,[eax*4+DATA_001697] mov eax,[eax] mov [ebp-0x4],eax xor ebx,ebx mov eax,[ebp+0x10] lea edi,[eax*4+DATA_001697] jmp short JUMP_000488 JUMP_000487: ; Pos = 14222 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000031 add esp,byte +0x8 push eax push esi lea eax,[ebp-0x4] push eax call FUNC_000037 add esp,byte +0xc inc ebx JUMP_000488: ; Pos = 14241 mov eax,[edi] cmp ebx,[eax+0x8] jl JUMP_000487 mov eax,[ebp+0x10] mov eax,[eax*4+DATA_001697] mov eax,[eax+0x1c] mov [esi+0x10],eax xor eax,eax mov [esi+0x14],eax mov eax,[esi+0x4] pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000053: ; Pos = 14268 push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0x8] lea edi,[ebp-0x4] mov dword [ebx],0x3 cmp dword [ebx+0x8],byte +0x0 jz JUMP_000489 push dword FUNC_000045 push ebx call FUNC_000033 add esp,byte +0x8 xor eax,eax mov [ebx+0x8],eax mov dword [ebx+0xc],0xffffffff JUMP_000489: ; Pos = 1429b mov eax,[ebx+0x10] mov eax,[eax] mov [edi],eax push ebx push edi call FUNC_000041 add esp,byte +0x8 cmp dword [ebx],byte +0x3 jnz JUMP_000493 xor esi,esi jmp short JUMP_000492 JUMP_000490: ; Pos = 142b5 mov eax,[eax+esi*4+0x8] mov [edi],eax push ebx push edi call FUNC_000031 add esp,byte +0x8 test eax,eax jz JUMP_000491 push ebx push edi call FUNC_000041 add esp,byte +0x8 cmp dword [ebx],byte +0x3 jnz JUMP_000493 xor esi,esi JUMP_000491: ; Pos = 142da inc esi JUMP_000492: ; Pos = 142db mov eax,[ebx+0x10] cmp esi,[eax+0x4] jl JUMP_000490 mov eax,[ebx+0x10] mov [ebx+0x8],eax mov eax,[ebx+0x14] mov [ebx+0xc],eax push dword FUNC_000044 push ebx call FUNC_000033 add esp,byte +0x8 mov dword [ebx],0x1 JUMP_000493: ; Pos = 14303 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000054: ; Pos = 1430c push ebp mov ebp,esp push ecx push ebx push esi JUMP_000494: ; Pos = 14312 xor ecx,ecx xor edx,edx mov eax,DATA_008561 JUMP_000495: ; Pos = 1431b mov ebx,[eax] cmp ecx,ebx jnl JUMP_000496 mov ecx,ebx mov esi,edx JUMP_000496: ; Pos = 14325 inc edx add eax,byte +0x24 cmp edx,0x96 jl JUMP_000495 cmp ecx,byte +0x3 jng near JUMP_000500 sub ecx,byte +0x4 jz JUMP_000497 dec ecx jz JUMP_000498 dec ecx jz JUMP_000499 jmp short JUMP_000494 JUMP_000497: ; Pos = 14347 mov eax,esi shl eax,0x2 lea eax,[eax+eax*8] add eax,DATA_008561 push eax call FUNC_000053 pop ecx jmp short JUMP_000494 JUMP_000498: ; Pos = 1435e lea eax,[esi+esi*8] mov dword [eax*4+DATA_008561],0x6 mov eax,[eax*4+DATA_008562] mov edx,[eax*4+DATA_001697] mov ecx,[edx+0xc] mov eax,[edx+ecx*4+0x1c] mov eax,[eax] mov [ebp-0x4],eax mov eax,esi shl eax,0x2 lea eax,[eax+eax*8] add eax,DATA_008561 push eax lea eax,[ebp-0x4] push eax call FUNC_000041 add esp,byte +0x8 jmp JUMP_000494 JUMP_000499: ; Pos = 143a6 lea ebx,[esi+esi*8] mov eax,[ebx*4+DATA_008563] push eax call _free pop ecx xor eax,eax mov [ebx*4+DATA_008561],eax jmp JUMP_000494 JUMP_000500: ; Pos = 143c5 pop esi pop ebx pop ecx pop ebp ret FUNC_000055: ; Pos = 143cc push ebp mov ebp,esp xor eax,eax mov [DATA_008557],eax mov [DATA_008556],eax mov [DATA_008555],eax mov [DATA_008554],eax mov [DATA_008553],eax mov [DATA_008552],eax mov [DATA_008551],eax mov [DATA_008550],eax push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 call FUNC_000052 add esp,byte +0x10 call FUNC_000054 pop ebp ret FUNC_000056: ; Pos = 14410 push ebp mov ebp,esp push ebx push esi xor esi,esi mov ebx,DATA_008561 JUMP_000501: ; Pos = 1441c cmp dword [ebx],byte +0x0 jng JUMP_000502 mov eax,[ebx+0x20] push eax call _free pop ecx xor eax,eax mov [ebx],eax JUMP_000502: ; Pos = 1442f inc esi add ebx,byte +0x24 cmp esi,0x96 jl JUMP_000501 call FUNC_000050 pop esi pop ebx pop ebp ret FUNC_000057: ; Pos = 14444 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov esi,ebx and esi,0xff cmp esi,byte +0x1 jnz JUMP_000503 call FUNC_000056 JUMP_000503: ; Pos = 1445e cmp esi,byte +0x4 jnz JUMP_000504 call FUNC_000055 call FUNC_000068 JUMP_000504: ; Pos = 1446d pop esi pop ebx pop ebp ret FUNC_000058: ; Pos = 14474 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov ebx,[ebp+0xc] mov esi,[ebp+0x8] cmp esi,[ebx] jc JUMP_000505 mov eax,[ebp+0x14] push eax push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc lea ecx,[edi+esi] mov [ebx],ecx mov eax,ecx xor edx,edx div edi sub [ebx],edx JUMP_000505: ; Pos = 144a4 pop edi pop esi pop ebx pop ebp ret FUNC_000059: ; Pos = 144ac push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax] cmp eax,byte +0x9 jnl JUMP_000506 dec eax sub eax,byte +0x5 jc JUMP_000508 dec eax jz JUMP_000508 pop ebp ret JUMP_000506: ; Pos = 144c4 add eax,byte -0x9 sub eax,byte +0x6 jc JUMP_000508 jz JUMP_000507 dec eax sub eax,byte +0xa jc JUMP_000508 pop ebp ret JUMP_000507: ; Pos = 144d6 push byte +0x8 push byte +0x1 push dword DATA_008554 mov eax,[DATA_008807] push eax call FUNC_000058 add esp,byte +0x10 push byte +0x9 push byte +0x7 push dword DATA_008555 mov eax,[DATA_008807] push eax call FUNC_000058 add esp,byte +0x10 push byte +0xa push byte +0x1c push dword DATA_008556 mov eax,[DATA_008807] push eax call FUNC_000058 add esp,byte +0x10 push byte +0xb push dword 0x16d push dword DATA_008557 mov eax,[DATA_008807] push eax call FUNC_000058 add esp,byte +0x10 pop ebp ret JUMP_000508: ; Pos = 14537 pop ebp ret FUNC_000060: ; Pos = 1453c push ebp mov ebp,esp mov eax,[DATA_008807] cmp eax,[DATA_008550] jna JUMP_000509 xor edx,edx mov [DATA_008553],edx mov [DATA_008552],edx mov [DATA_008551],edx mov [DATA_008550],eax JUMP_000509: ; Pos = 14565 push byte +0x5 push dword 0xc22e push dword DATA_008551 mov eax,[DATA_008804] push eax call FUNC_000058 add esp,byte +0x10 push byte +0x6 push dword 0x2d82c8 push dword DATA_008552 mov eax,[DATA_008804] push eax call FUNC_000058 add esp,byte +0x10 push byte +0x7 push dword 0xaaaa6e0 push dword DATA_008553 mov eax,[DATA_008804] push eax call FUNC_000058 add esp,byte +0x10 pop ebp ret FUNC_000061: ; Pos = 145b8 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [eax],byte +0x0 jnz JUMP_000510 movsx edx,byte [eax+0x8] mov [DATA_008560],edx push edx push byte +0x0 push byte +0x16 call FUNC_000048 add esp,byte +0xc xor eax,eax mov [DATA_008560],eax JUMP_000510: ; Pos = 145e1 pop ebp ret FUNC_000062: ; Pos = 145e4 push ebp mov ebp,esp push dword DATA_001699 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] and eax,0x1ff push eax mov eax,[ebp+0x10] push eax call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret FUNC_000063: ; Pos = 14608 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] jmp short JUMP_000512 JUMP_000511: ; Pos = 14616 inc edi inc esi JUMP_000512: ; Pos = 14618 mov bl,[edi] test bl,bl jz JUMP_000513 movsx eax,bl push eax call _tolower pop ecx push eax movsx eax,byte [esi] push eax call _tolower pop ecx pop edx cmp edx,eax jz JUMP_000511 JUMP_000513: ; Pos = 14638 movsx eax,byte [edi] push eax call _tolower pop ecx push eax movsx eax,byte [esi] push eax call _tolower pop ecx pop edx xchg eax,edx sub eax,edx pop edi pop esi pop ebx pop ebp ret FUNC_000064: ; Pos = 14658 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x14] mov eax,[ebp+0x8] mov [DATA_008558],eax add eax,[ebp+0xc] mov [DATA_008559],eax mov eax,[ebp+0x10] push eax push byte +0x7 call FUNC_000034 add esp,byte +0x8 xor esi,esi mov ebx,DATA_001698 JUMP_000514: ; Pos = 14686 mov eax,[ebx] push eax push edi call FUNC_000063 add esp,byte +0x8 test eax,eax jnz JUMP_000515 mov eax,[ebx+0x4] push eax push byte +0x6 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x6 call FUNC_000034 add esp,byte +0x8 jmp short JUMP_000516 JUMP_000515: ; Pos = 146b2 inc esi add ebx,byte +0x8 cmp esi,byte +0x44 jl JUMP_000514 JUMP_000516: ; Pos = 146bb mov eax,[DATA_008558] pop edi pop esi pop ebx pop ebp ret FUNC_000065: ; Pos = 146c8 push ebp mov ebp,esp push ecx push ebx push esi push edi mov dword [ebp-0x4],0x1 mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x4 lea eax,[ebp-0x4] push eax call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000517 mov eax,[ebp+0xc] mov dword [eax],0x2 xor eax,eax jmp JUMP_000522 JUMP_000517: ; Pos = 146ff mov eax,[ebp+0x8] push eax push byte +0x47 push byte +0x4 push dword DATA_008548 call _fwrite add esp,byte +0x10 cmp eax,byte +0x47 jz JUMP_000518 mov eax,[ebp+0xc] mov dword [eax],0x2 xor eax,eax jmp short JUMP_000522 JUMP_000518: ; Pos = 14726 xor edi,edi mov ebx,DATA_001697 JUMP_000519: ; Pos = 1472d mov eax,[ebx] mov esi,[eax+0x18] test esi,esi jz JUMP_000520 mov eax,[ebp+0x8] push eax push esi push byte +0x4 mov eax,[ebx] mov eax,[eax+0x14] push eax call _fwrite add esp,byte +0x10 cmp eax,esi jz JUMP_000520 mov eax,[ebp+0xc] mov dword [eax],0x2 xor eax,eax jmp short JUMP_000522 JUMP_000520: ; Pos = 1475c inc edi add ebx,byte +0x4 cmp edi,byte +0x69 jl JUMP_000519 mov eax,[ebp+0x8] push eax push dword 0x96 ; Ships present array... push byte +0x24 push dword DATA_008561 call _fwrite add esp,byte +0x10 cmp eax,0x96 jz JUMP_000521 mov eax,[ebp+0xc] mov dword [eax],0x2 xor eax,eax jmp short JUMP_000522 JUMP_000521: ; Pos = 14791 mov eax,[ebp+0xc] push eax push byte +0x0 mov eax,[ebp+0x8] push eax call FUNC_000067 add esp,byte +0xc JUMP_000522: ; Pos = 147a3 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000066: ; Pos = 147ac push ebp mov ebp,esp push ecx push ebx push esi push edi mov dword [ebp-0x4],0x1 mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x4 lea eax,[ebp-0x4] push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000523 mov eax,[ebp+0xc] mov dword [eax],0x2 xor eax,eax jmp JUMP_000529 JUMP_000523: ; Pos = 147e3 cmp dword [ebp-0x4],byte +0x1 jz JUMP_000524 mov eax,[ebp+0xc] mov dword [eax],0x2 xor eax,eax jmp JUMP_000529 JUMP_000524: ; Pos = 147f9 call FUNC_000056 mov eax,[ebp+0x8] push eax push byte +0x47 push byte +0x4 push dword DATA_008548 call _fread add esp,byte +0x10 cmp eax,byte +0x47 jz JUMP_000525 mov eax,[ebp+0xc] mov dword [eax],0x2 xor eax,eax jmp JUMP_000529 JUMP_000525: ; Pos = 14828 xor eax,eax mov [DATA_008549],eax xor edi,edi mov ebx,DATA_001697 JUMP_000526: ; Pos = 14836 mov eax,[ebx] mov esi,[eax+0x18] test esi,esi jz JUMP_000527 mov eax,[ebp+0x8] push eax push esi push byte +0x4 mov eax,[ebx] mov eax,[eax+0x14] push eax call _fread add esp,byte +0x10 cmp esi,eax jz JUMP_000527 mov eax,[ebp+0xc] mov dword [eax],0x2 xor eax,eax jmp short JUMP_000529 JUMP_000527: ; Pos = 14865 inc edi add ebx,byte +0x4 cmp edi,byte +0x69 jl JUMP_000526 mov eax,[ebp+0x8] push eax push dword 0x96 push byte +0x24 push dword DATA_008561 call _fread add esp,byte +0x10 cmp eax,0x96 jz JUMP_000528 mov eax,[ebp+0xc] mov dword [eax],0x2 xor eax,eax jmp short JUMP_000529 JUMP_000528: ; Pos = 1489a mov eax,[ebp+0xc] push eax push byte +0x1 mov eax,[ebp+0x8] push eax call FUNC_000067 add esp,byte +0xc JUMP_000529: ; Pos = 148ac pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000067: ; Pos = 148b4 push ebp mov ebp,esp push ebx push esi push edi mov eax,[ebp+0xc] sub eax,byte +0x1 jc near JUMP_000534 jnz near JUMP_000537 mov ebx,DATA_008561 xor esi,esi JUMP_000530: ; Pos = 148d3 cmp dword [ebx],byte +0x0 jz JUMP_000533 mov edx,[ebx+0x18] mov eax,[edx*4+DATA_001697] mov edi,[eax+0x10] mov [ebx+0x1c],eax cmp dword [ebx+0xc],byte +0x0 jl JUMP_000531 mov eax,[ebx+0x1c] mov edx,[ebx+0xc] mov eax,[eax+edx*4+0x1c] mov [ebx+0x8],eax JUMP_000531: ; Pos = 148fb mov eax,edi shl eax,0x2 push eax call _malloc pop ecx mov [ebx+0x20],eax mov eax,[ebp+0x8] push eax push edi push byte +0x4 mov eax,[ebx+0x20] push eax call _fread add esp,byte +0x10 cmp eax,edi jz JUMP_000532 mov eax,[ebp+0x10] mov dword [eax],0x2 xor eax,eax jmp short JUMP_000539 JUMP_000532: ; Pos = 1492e push dword FUNC_000044 push ebx call FUNC_000033 add esp,byte +0x8 JUMP_000533: ; Pos = 1493c inc esi add ebx,byte +0x24 cmp esi,0x96 jl JUMP_000530 jmp short JUMP_000538 JUMP_000534: ; Pos = 1494a mov ebx,DATA_008561 xor esi,esi JUMP_000535: ; Pos = 14951 cmp dword [ebx],byte +0x0 jz JUMP_000536 mov eax,[ebx+0x18] mov eax,[eax*4+DATA_001697] mov edi,[eax+0x10] mov eax,[ebp+0x8] push eax push edi push byte +0x4 mov eax,[ebx+0x20] push eax call _fwrite add esp,byte +0x10 cmp eax,edi jz JUMP_000536 mov eax,[ebp+0x10] mov dword [eax],0x2 xor eax,eax jmp short JUMP_000539 JUMP_000536: ; Pos = 14987 inc esi add ebx,byte +0x24 cmp esi,0x96 jl JUMP_000535 jmp short JUMP_000538 JUMP_000537: ; Pos = 14995 xor eax,eax jmp short JUMP_000539 JUMP_000538: ; Pos = 14999 mov eax,[ebp+0x10] xor edx,edx mov [eax],edx mov eax,0x1 JUMP_000539: ; Pos = 149a5 pop edi pop esi pop ebx pop ebp ret FUNC_000068: ; Pos = 149ac push ebp mov ebp,esp push ebx cmp dword [DATA_008566],byte +0x0 jnz JUMP_000541 xor ebx,ebx JUMP_000540: ; Pos = 149bb push byte +0x0 push ebx call FUNC_000089 add esp,byte +0x8 inc ebx cmp ebx,byte +0x5 jl JUMP_000540 JUMP_000541: ; Pos = 149cc pop ebx pop ebp ret FUNC_000069: ; Pos = 149d0 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov esi,[ebp+0x8] lea edi,[ebp-0x4] mov ebx,DATA_008567 xor eax,eax mov [edi],eax JUMP_000542: ; Pos = 149e8 mov eax,[edi] cmp dword [ebx+eax*4],byte +0x0 jz JUMP_000544 push esi push byte +0x1 push byte +0x4 push edi call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000543 xor eax,eax jmp JUMP_000567 JUMP_000543: ; Pos = 14a0a push esi push byte +0x1 push byte +0x4 mov eax,[edi] shl eax,0x2 add eax,ebx push eax call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000544 xor eax,eax jmp JUMP_000567 JUMP_000544: ; Pos = 14a2b inc dword [edi] cmp dword [edi],byte +0x64 jl JUMP_000542 xor eax,eax mov [edi],eax push esi push byte +0x1 push byte +0x4 push edi call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000545 xor eax,eax jmp JUMP_000567 JUMP_000545: ; Pos = 14a50 push esi push byte +0x1 push byte +0x4 push edi call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000546 xor eax,eax jmp JUMP_000567 JUMP_000546: ; Pos = 14a6a xor eax,eax mov [edi],eax JUMP_000547: ; Pos = 14a6e mov eax,[edi] cmp dword [eax*4+DATA_008568],byte +0x0 jz JUMP_000549 push esi push byte +0x1 push byte +0x4 push edi call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000548 xor eax,eax jmp JUMP_000567 JUMP_000548: ; Pos = 14a94 push esi push byte +0x1 push byte +0x4 mov eax,[edi] shl eax,0x2 add eax,DATA_008568 push eax call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000549 xor eax,eax jmp JUMP_000567 JUMP_000549: ; Pos = 14ab9 inc dword [edi] cmp dword [edi],byte +0x64 jl JUMP_000547 xor eax,eax mov [edi],eax push esi push byte +0x1 push byte +0x4 push edi call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000550 xor eax,eax jmp JUMP_000567 JUMP_000550: ; Pos = 14ade push esi push byte +0x1 push byte +0x4 push edi call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000551 xor eax,eax jmp JUMP_000567 JUMP_000551: ; Pos = 14af8 xor eax,eax mov [edi],eax JUMP_000552: ; Pos = 14afc push esi push byte +0x1 push byte +0x38 mov eax,[edi] mov edx,eax shl eax,0x3 sub eax,edx shl eax,0x3 add eax,DATA_008569 push eax call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000553 xor eax,eax jmp JUMP_000567 JUMP_000553: ; Pos = 14b28 xor eax,eax mov [ebp-0x8],eax mov eax,[edi] mov edx,eax shl eax,0x3 sub eax,edx mov ebx,[eax*8+DATA_008577] test ebx,ebx jz JUMP_000555 JUMP_000554: ; Pos = 14b41 inc dword [ebp-0x8] mov ebx,[ebx+0x3c] test ebx,ebx jnz JUMP_000554 JUMP_000555: ; Pos = 14b4b xor eax,eax mov [ebp-0xc],eax mov eax,[edi] mov edx,eax shl eax,0x3 sub eax,edx mov ebx,[eax*8+DATA_008578] test ebx,ebx jz JUMP_000557 JUMP_000556: ; Pos = 14b64 inc dword [ebp-0xc] mov ebx,[ebx+0x3c] test ebx,ebx jnz JUMP_000556 JUMP_000557: ; Pos = 14b6e push esi push byte +0x1 push byte +0x4 lea eax,[ebp-0x8] push eax call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000558 xor eax,eax jmp JUMP_000567 JUMP_000558: ; Pos = 14b8b push esi push byte +0x1 push byte +0x4 lea eax,[ebp-0xc] push eax call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000559 xor eax,eax jmp JUMP_000567 JUMP_000559: ; Pos = 14ba8 mov eax,[edi] mov edx,eax shl eax,0x3 sub eax,edx mov ebx,[eax*8+DATA_008577] test ebx,ebx jz JUMP_000562 JUMP_000560: ; Pos = 14bbc push esi push byte +0x1 push byte +0x44 push ebx call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000561 xor eax,eax jmp short JUMP_000567 JUMP_000561: ; Pos = 14bd3 mov ebx,[ebx+0x3c] test ebx,ebx jnz JUMP_000560 JUMP_000562: ; Pos = 14bda mov eax,[edi] mov edx,eax shl eax,0x3 sub eax,edx mov ebx,[eax*8+DATA_008578] test ebx,ebx jz JUMP_000565 JUMP_000563: ; Pos = 14bee push esi push byte +0x1 push byte +0x44 push ebx call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000564 xor eax,eax jmp short JUMP_000567 JUMP_000564: ; Pos = 14c05 mov ebx,[ebx+0x3c] test ebx,ebx jnz JUMP_000563 JUMP_000565: ; Pos = 14c0c inc dword [edi] cmp dword [edi],byte +0x5 jl near JUMP_000552 push esi push byte +0x1 push byte +0x16 push dword DATA_008565 call _fwrite add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000566 xor eax,eax jmp short JUMP_000567 JUMP_000566: ; Pos = 14c32 mov eax,0x1 JUMP_000567: ; Pos = 14c37 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000070: ; Pos = 14c40 push ebp mov ebp,esp add esp,byte -0x6c push ebx push esi push edi mov edi,DATA_008579 xor ebx,ebx JUMP_000568: ; Pos = 14c50 mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x4 lea eax,[ebp-0x8] push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000569 xor eax,eax jmp JUMP_000591 JUMP_000569: ; Pos = 14c70 mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x4 lea eax,[ebp-0xc] push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000570 xor eax,eax jmp JUMP_000591 JUMP_000570: ; Pos = 14c90 cmp dword [ebp-0xc],byte +0x0 jz JUMP_000571 mov eax,[ebp-0x8] mov edx,[ebp-0xc] mov [eax*4+DATA_008567],edx JUMP_000571: ; Pos = 14ca3 cmp dword [ebp-0xc],byte +0x0 jnz JUMP_000568 JUMP_000572: ; Pos = 14ca9 mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x4 lea eax,[ebp-0x8] push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000573 xor eax,eax jmp JUMP_000591 JUMP_000573: ; Pos = 14cc9 mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x4 lea eax,[ebp-0xc] push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000574 xor eax,eax jmp JUMP_000591 JUMP_000574: ; Pos = 14ce9 cmp dword [ebp-0xc],byte +0x0 jz JUMP_000575 mov eax,[ebp-0x8] mov edx,[ebp-0xc] mov [eax*4+DATA_008568],edx JUMP_000575: ; Pos = 14cfc cmp dword [ebp-0xc],byte +0x0 jnz JUMP_000572 xor eax,eax mov [ebp-0x4],eax mov dword [ebp-0x20],DATA_008577 JUMP_000576: ; Pos = 14d0e mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x38 mov eax,[ebp-0x4] mov edx,eax shl eax,0x3 sub eax,edx shl eax,0x3 add eax,DATA_008569 push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000577 xor eax,eax jmp JUMP_000591 JUMP_000577: ; Pos = 14d3e mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x4 lea eax,[ebp-0x10] push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000578 xor eax,eax jmp JUMP_000591 JUMP_000578: ; Pos = 14d5e mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x4 lea eax,[ebp-0x14] push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000579 xor eax,eax jmp JUMP_000591 JUMP_000579: ; Pos = 14d7e xor esi,esi mov eax,[ebp-0x20] mov [ebp-0x1c],eax mov eax,ebx shl eax,0x4 add eax,ebx lea eax,[edi+eax*4-0x8] mov [ebp-0x18],eax cmp dword [ebp-0x10],byte +0x0 jz JUMP_000584 JUMP_000580: ; Pos = 14d9a mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x44 mov eax,ebx shl eax,0x4 add eax,ebx shl eax,0x2 add eax,edi push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000581 xor eax,eax jmp JUMP_000591 JUMP_000581: ; Pos = 14dc3 test esi,esi jz JUMP_000582 mov eax,ebx shl eax,0x4 add eax,ebx shl eax,0x2 add eax,edi mov edx,[ebp-0x18] mov [edx],eax mov eax,ebx shl eax,0x4 add eax,ebx shl eax,0x2 lea edx,[edi-0x44] add eax,edx mov edx,[ebp-0x18] mov [edx+0x48],eax jmp short JUMP_000583 JUMP_000582: ; Pos = 14def mov eax,ebx shl eax,0x4 add eax,ebx shl eax,0x2 add eax,edi mov edx,[ebp-0x1c] mov [edx],eax mov esi,0x1 JUMP_000583: ; Pos = 14e05 dec dword [ebp-0x10] inc ebx add dword [ebp-0x18],byte +0x44 cmp dword [ebp-0x10],byte +0x0 jnz JUMP_000580 JUMP_000584: ; Pos = 14e13 xor esi,esi mov eax,[ebp-0x20] add eax,byte +0x4 mov [ebp-0x28],eax mov eax,ebx shl eax,0x4 add eax,ebx lea eax,[edi+eax*4-0x8] mov [ebp-0x24],eax cmp dword [ebp-0x14],byte +0x0 jz JUMP_000589 JUMP_000585: ; Pos = 14e32 mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x44 mov eax,ebx shl eax,0x4 add eax,ebx shl eax,0x2 add eax,edi push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000586 xor eax,eax jmp JUMP_000591 JUMP_000586: ; Pos = 14e5b test esi,esi jz JUMP_000587 mov eax,ebx shl eax,0x4 add eax,ebx shl eax,0x2 add eax,edi mov edx,[ebp-0x24] mov [edx],eax mov eax,ebx shl eax,0x4 add eax,ebx shl eax,0x2 lea edx,[edi-0x44] add eax,edx mov edx,[ebp-0x24] mov [edx+0x48],eax jmp short JUMP_000588 JUMP_000587: ; Pos = 14e87 mov eax,ebx shl eax,0x4 add eax,ebx shl eax,0x2 add eax,edi mov edx,[ebp-0x28] mov [edx],eax mov esi,0x1 JUMP_000588: ; Pos = 14e9d dec dword [ebp-0x14] inc ebx add dword [ebp-0x24],byte +0x44 cmp dword [ebp-0x14],byte +0x0 jnz JUMP_000585 JUMP_000589: ; Pos = 14eab inc dword [ebp-0x4] add dword [ebp-0x20],byte +0x38 cmp dword [ebp-0x4],byte +0x5 jl near JUMP_000576 mov eax,[ebp+0x8] push eax push byte +0x1 push byte +0x16 push dword DATA_008565 call _fread add esp,byte +0x10 cmp eax,byte +0x1 jz JUMP_000590 xor eax,eax jmp short JUMP_000591 JUMP_000590: ; Pos = 14eda mov eax,0x1 JUMP_000591: ; Pos = 14edf pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000071: ; Pos = 14ee8 push ebp mov ebp,esp push ebx mov eax,[ebp+0x8] mov edx,eax shl eax,0x3 sub eax,edx mov ebx,[eax*8+DATA_008578] test ebx,ebx jz JUMP_000594 JUMP_000592: ; Pos = 14f01 test byte [ebx+0x5],0x1 jz JUMP_000593 mov eax,[ebx] push eax call FUNC_000078 pop ecx JUMP_000593: ; Pos = 14f10 mov ebx,[ebx+0x3c] test ebx,ebx jnz JUMP_000592 JUMP_000594: ; Pos = 14f17 pop ebx pop ebp ret FUNC_000072: ; Pos = 14f1c push ebp mov ebp,esp push ebx xor ebx,ebx JUMP_000595: ; Pos = 14f22 push ebx call FUNC_000264_ConsoleHideButton pop ecx inc ebx cmp ebx,byte +0xa jng JUMP_000595 or byte [DATA_008809],0x1 mov byte [DATA_008651],0x0 pop ebx pop ebp ret FUNC_000073: ; Pos = 14f40 push ebp mov ebp,esp push ebx mov bl,0x31 JUMP_000596: ; Pos = 14f46 movsx eax,bl push eax call near [DATA_007680] ; FUNC_001443_GuiRemoveHotArea pop ecx inc ebx cmp bl,0x36 jl JUMP_000596 pop ebx pop ebp ret FUNC_000074: ; Pos = 14f5c push ebp mov ebp,esp push ecx push esi mov esi,[ebp+0xc] mov eax,[ebp+0x8] xor edx,edx mov dword [ebp-0x4],0x1 mov ecx,[eax] cmp byte [ecx],0x2d jnz JUMP_000598 mov dword [ebp-0x4],0xffffffff inc dword [eax] inc dword [esi] jmp short JUMP_000598 JUMP_000597: ; Pos = 14f84 add edx,edx lea edx,[edx+edx*4] add edx,ecx add edx,byte -0x30 inc dword [esi] inc dword [eax] JUMP_000598: ; Pos = 14f92 mov ecx,[eax] movsx ecx,byte [ecx] test byte [ecx+DATA_008428],0x2 jnz JUMP_000597 mov eax,edx imul dword [ebp-0x4] pop esi pop ecx pop ebp ret FUNC_000075: ; Pos = 14fac push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[ebx] mov al,[eax] inc dword [ebx] inc dword [esi] sub al,0x47 jz JUMP_000599 sub al,0x5 jz JUMP_000600 sub al,0x6 jnz JUMP_000601 call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] jmp short JUMP_000602 JUMP_000599: ; Pos = 14fd8 push esi push ebx call FUNC_000074 add esp,byte +0x8 push eax call FUNC_000106 pop ecx jmp short JUMP_000602 JUMP_000600: ; Pos = 14feb mov eax,[ebp+0x10] push eax mov eax,[DATA_002288] push eax push esi push ebx call FUNC_000074 add esp,byte +0x8 push eax call FUNC_000095 add esp,byte +0xc jmp short JUMP_000602 JUMP_000601: ; Pos = 1500a xor eax,eax JUMP_000602: ; Pos = 1500c pop esi pop ebx pop ebp ret FUNC_000076: ; Pos = 15010 push ebp mov ebp,esp push eax mov eax,0x4 JUMP_000603: ; Pos = 15019 add esp,0xfffff004 push eax dec eax jnz JUMP_000603 mov eax,[ebp-0x4] add esp,0xfffffb00 push ebx push esi push edi mov edi,[ebp+0x8] lea esi,[ebp-0x4] mov ebx,DATA_002301 mov eax,[ebp+0x10] mov eax,[eax] mov [esi],eax mov eax,[ebp+0xc] mov eax,[eax] mov [ebp-0x8],eax mov eax,[ebp+0x14] mov eax,[eax] mov [ebp-0xc],eax mov eax,[esi] mov al,[eax] mov [ebp-0x6f],al inc dword [esi] mov eax,[esi] mov al,[eax] mov [ebp-0x6e],al inc dword [esi] mov byte [ebp-0x6d],0x0 add dword [ebp-0xc],byte +0x2 lea eax,[ebp-0x6f] lea edx,[ebx+0xc0] JUMP_000604: ; Pos = 15074 mov cl,[eax] cmp cl,[edx] jnz JUMP_000608 test cl,cl jz JUMP_000605 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000608 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000604 JUMP_000605: ; Pos = 15090 jnz JUMP_000608 xor eax,eax jmp short JUMP_000607 JUMP_000606: ; Pos = 15096 add eax,eax lea eax,[eax+eax*4] add eax,edx add eax,byte -0x30 inc dword [esi] inc dword [ebp-0xc] JUMP_000607: ; Pos = 150a5 mov edx,[esi] movsx edx,byte [edx] test byte [edx+DATA_008428],0x2 jnz JUMP_000606 mov edx,[ebp-0x8] mov byte [edx],0x2 inc dword [ebp-0x8] mov edx,[ebp-0x8] mov [edx],al jmp JUMP_000767 JUMP_000608: ; Pos = 150c6 lea eax,[ebp-0x6f] lea edx,[ebx+0xc3] JUMP_000609: ; Pos = 150cf mov cl,[eax] cmp cl,[edx] jnz JUMP_000614 test cl,cl jz JUMP_000610 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000614 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000609 JUMP_000610: ; Pos = 150eb jnz JUMP_000614 push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc mov [ebp-0x74],eax lea edx,[ebp+0xffffeeb8] inc dword [esi] inc dword [ebp-0xc] jmp short JUMP_000612 JUMP_000611: ; Pos = 1510b mov [edx],al inc dword [esi] inc edx inc dword [ebp-0xc] JUMP_000612: ; Pos = 15113 mov eax,[esi] mov al,[eax] test al,al jz JUMP_000613 cmp al,0x29 jnz JUMP_000611 JUMP_000613: ; Pos = 1511f mov byte [edx],0x0 inc dword [esi] inc dword [ebp-0xc] lea eax,[ebp+0xffffeeb8] push eax mov eax,[ebp-0x74] push eax push dword 0x100 mov eax,[ebp-0x8] push eax call FUNC_000064 add esp,byte +0x10 dec eax mov [ebp-0x8],eax jmp JUMP_000767 JUMP_000614: ; Pos = 1514c lea eax,[ebp-0x6f] lea edx,[ebx+0xc6] JUMP_000615: ; Pos = 15155 mov cl,[eax] cmp cl,[edx] jnz JUMP_000617 test cl,cl jz JUMP_000616 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000617 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000615 JUMP_000616: ; Pos = 15171 jnz JUMP_000617 mov eax,[ebp-0x8] mov byte [eax],0x24 inc dword [ebp-0x8] push byte +0x1 mov eax,[DATA_008888] push eax mov eax,[ebp-0x8] push eax call FUNC_001377_StringConvertFraction add esp,byte +0xc add eax,byte -0x2 mov [ebp-0x8],eax jmp JUMP_000767 JUMP_000617: ; Pos = 1519b lea eax,[ebp-0x6f] lea edx,[ebx+0xc9] JUMP_000618: ; Pos = 151a4 mov cl,[eax] cmp cl,[edx] jnz JUMP_000620 test cl,cl jz JUMP_000619 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000620 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000618 JUMP_000619: ; Pos = 151c0 jnz JUMP_000620 mov eax,[ebp-0x8] push eax push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc push eax push byte +0x0 push byte +0x1 call FUNC_000791 add esp,byte +0x10 add eax,byte -0x2 mov [ebp-0x8],eax jmp JUMP_000767 JUMP_000620: ; Pos = 151ec lea eax,[ebp-0x6f] lea edx,[ebx+0xcc] JUMP_000621: ; Pos = 151f5 mov cl,[eax] cmp cl,[edx] jnz JUMP_000623 test cl,cl jz JUMP_000622 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000623 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000621 JUMP_000622: ; Pos = 15211 jnz JUMP_000623 mov eax,[ebp-0x8] push eax push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc push eax push byte +0x0 push byte +0x2 call FUNC_000791 add esp,byte +0x10 add eax,byte -0x2 mov [ebp-0x8],eax jmp JUMP_000767 JUMP_000623: ; Pos = 1523d lea eax,[ebp-0x6f] lea edx,[ebx+0xcf] JUMP_000624: ; Pos = 15246 mov cl,[eax] cmp cl,[edx] jnz JUMP_000625 test cl,cl jz JUMP_000628 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000625 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000624 JUMP_000625: ; Pos = 15262 jz JUMP_000628 lea eax,[ebp-0x6f] lea edx,[ebx+0xd2] JUMP_000626: ; Pos = 1526d mov cl,[eax] cmp cl,[edx] jnz JUMP_000629 test cl,cl jz JUMP_000627 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000629 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000626 JUMP_000627: ; Pos = 15289 jnz JUMP_000629 JUMP_000628: ; Pos = 1528b mov eax,[ebp-0x8] push eax push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc push eax lea eax,[ebp+0xfffffeb8] push eax push byte +0xc call FUNC_000791 add esp,byte +0x10 add eax,byte -0x2 mov [ebp-0x8],eax jmp JUMP_000767 JUMP_000629: ; Pos = 152ba lea eax,[ebp-0x6f] lea edx,[ebx+0xd5] JUMP_000630: ; Pos = 152c3 mov cl,[eax] cmp cl,[edx] jnz near JUMP_000632 test cl,cl jz JUMP_000631 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz near JUMP_000632 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000630 JUMP_000631: ; Pos = 152e7 jnz near JUMP_000632 push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc mov [ebp-0x80],eax mov eax,[ebp-0x80] mov [ebp+0xffffff7c],eax inc dword [esi] inc dword [ebp-0xc] lea eax,[ebp-0xc] push eax push esi call FUNC_000074 add esp,byte +0x8 mov [ebp-0x78],eax inc dword [esi] inc dword [ebp-0xc] lea eax,[ebp-0xc] push eax push esi call FUNC_000074 add esp,byte +0x8 mov [ebp-0x7c],eax inc dword [esi] inc dword [ebp-0xc] push byte +0x1 lea eax,[ebp+0xffffff7c] push eax lea eax,[ebp-0x80] push eax mov eax,[ebp-0x7c] sub eax,[ebp-0x78] push eax call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc add eax,[DATA_008807] add eax,[ebp-0x78] push eax mov eax,[ebp-0x8] push eax call FUNC_001358_StringConvertDate add esp,byte +0xc add eax,byte -0x2 mov [ebp-0x8],eax jmp JUMP_000767 JUMP_000632: ; Pos = 15374 lea eax,[ebp-0x6f] lea edx,[ebx+0xd8] JUMP_000633: ; Pos = 1537d mov cl,[eax] cmp cl,[edx] jnz near JUMP_000635 test cl,cl jz JUMP_000634 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz near JUMP_000635 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000633 JUMP_000634: ; Pos = 153a1 jnz near JUMP_000635 push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc mov [ebp+0xffffff70],eax mov eax,[ebp+0xffffff70] mov [ebp+0xffffff6c],eax inc dword [esi] inc dword [ebp-0xc] lea eax,[ebp-0xc] push eax push esi call FUNC_000074 add esp,byte +0x8 mov [ebp+0xffffff78],eax inc dword [esi] inc dword [ebp-0xc] lea eax,[ebp-0xc] push eax push esi call FUNC_000074 add esp,byte +0x8 mov [ebp+0xffffff74],eax inc dword [esi] inc dword [ebp-0xc] lea eax,[ebp+0xffffff6c] push eax lea eax,[ebp+0xffffff70] push eax mov eax,[ebp+0xffffff74] sub eax,[ebp+0xffffff78] push eax call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc add eax,[ebp+0xffffff78] push eax lea eax,[ebx+0xdb] push eax lea eax,[ebp+0xffffedb8] push eax call _sprintf add esp,byte +0xc mov eax,[ebp-0x8] push esi mov esi,eax lea edi,[ebp+0xffffedb8] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi mov eax,[ebp-0x8] push eax call _strlen pop ecx dec eax add [ebp-0x8],eax jmp JUMP_000767 JUMP_000635: ; Pos = 1547a lea eax,[ebp-0x6f] lea edx,[ebx+0xde] JUMP_000636: ; Pos = 15483 mov cl,[eax] cmp cl,[edx] jnz JUMP_000638 test cl,cl jz JUMP_000637 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000638 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000636 JUMP_000637: ; Pos = 1549f jnz JUMP_000638 mov byte [ebp+0xffffff6b],0x0 xor eax,eax mov [ebp+0xffffff64],eax push byte -0x1 lea eax,[ebp+0xffffff64] push eax mov al,[ebp+0xffffff6b] push eax call FUNC_000305 add esp,byte +0xc lea eax,[ebp+0xffffeda4] push eax mov eax,[ebp+0xffffff64] push eax mov eax,[ebp-0x8] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc add eax,byte -0x2 mov [ebp-0x8],eax jmp JUMP_000767 JUMP_000638: ; Pos = 154ee lea eax,[ebp-0x6f] lea edx,[ebx+0xe1] JUMP_000639: ; Pos = 154f7 mov cl,[eax] cmp cl,[edx] jnz near JUMP_000641 test cl,cl jz JUMP_000640 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz near JUMP_000641 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000639 JUMP_000640: ; Pos = 1551b jnz near JUMP_000641 xor eax,eax mov [ebp+0xffffff60],eax push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc mov [ebp+0xffffff5c],eax mov byte [ebp+0xffffff5b],0x0 inc dword [esi] inc dword [ebp-0xc] lea eax,[ebp-0xc] push eax push esi call FUNC_000074 add esp,byte +0x8 mov [ebp+0xffffff5b],al inc dword [esi] inc dword [ebp-0xc] mov byte [ebp+0xffffff5b],0x0 push byte -0x1 lea eax,[ebp+0xffffff60] push eax mov al,[ebp+0xffffff5b] push eax call FUNC_000304 add esp,byte +0xc lea eax,[ebp+0xffffed90] push eax mov eax,[ebp+0xffffff60] push eax mov eax,[ebp-0x8] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc add eax,byte -0x2 mov [ebp-0x8],eax jmp JUMP_000767 JUMP_000641: ; Pos = 155a6 lea eax,[ebp-0x6f] lea edx,[ebx+0xe4] JUMP_000642: ; Pos = 155af mov cl,[eax] cmp cl,[edx] jnz JUMP_000643 test cl,cl jz JUMP_000644 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000643 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000642 JUMP_000643: ; Pos = 155cb jnz JUMP_000647 JUMP_000644: ; Pos = 155cd mov eax,DATA_005110 mov ebx,0x8 JUMP_000645: ; Pos = 155d7 mov edx,[eax] cmp edx,[DATA_008911] jng JUMP_000646 dec ebx add eax,byte +0x4 test ebx,ebx jnl JUMP_000645 JUMP_000646: ; Pos = 155e9 lea eax,[ebp+0xffffed7c] push eax add ebx,0x9c3f push ebx mov eax,[ebp-0x8] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc add eax,byte -0x2 mov [ebp-0x8],eax jmp JUMP_000767 JUMP_000647: ; Pos = 1560f lea eax,[ebp-0x6f] lea edx,[ebx+0xe7] JUMP_000648: ; Pos = 15618 mov cl,[eax] cmp cl,[edx] jnz JUMP_000650 test cl,cl jz JUMP_000649 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000650 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000648 JUMP_000649: ; Pos = 15634 jnz JUMP_000650 mov eax,[DATA_008861] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov [ebp+0xffffff54],eax mov eax,[ebp+0xffffff54] mov eax,[eax+0x38] mov [ebp+0xffffff50],eax lea eax,[ebp+0xffffed68] push eax mov eax,[ebp+0xffffff50] movsx eax,word [eax+0xe] push eax mov eax,[ebp-0x8] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc add eax,byte -0x2 mov [ebp-0x8],eax jmp JUMP_000767 JUMP_000650: ; Pos = 15688 lea eax,[ebp-0x6f] lea edx,[ebx+0xea] JUMP_000651: ; Pos = 15691 mov cl,[eax] cmp cl,[edx] jnz JUMP_000653 test cl,cl jz JUMP_000652 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000653 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000651 JUMP_000652: ; Pos = 156ad jnz JUMP_000653 mov eax,[DATA_008861] add eax,0x124 mov edx,[ebp-0x8] push esi mov edi,eax mov esi,edx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi mov eax,[DATA_008861] add eax,0x124 push eax call _strlen pop ecx dec eax add [ebp-0x8],eax jmp JUMP_000767 JUMP_000653: ; Pos = 156f9 lea eax,[ebp-0x6f] lea edx,[ebx+0xed] JUMP_000654: ; Pos = 15702 mov cl,[eax] cmp cl,[edx] jnz near JUMP_000669 test cl,cl jz JUMP_000655 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz near JUMP_000669 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000654 JUMP_000655: ; Pos = 15726 jnz near JUMP_000669 lea ebx,[ebp+0xffffdd68] xor eax,eax mov [ebp+0xffffff4c],eax push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc mov [ebp+0xffffff48],eax mov eax,[ebp+0xffffff48] mov [ebp+0xffffff44],eax inc dword [esi] inc dword [ebp-0xc] jmp short JUMP_000657 JUMP_000656: ; Pos = 15761 mov [ebx],al inc dword [esi] inc ebx inc dword [ebp-0xc] JUMP_000657: ; Pos = 15769 mov eax,[esi] mov al,[eax] cmp al,0x29 jnz JUMP_000656 mov byte [ebx],0x0 inc dword [esi] inc dword [ebp-0xc] xor edi,edi lea ebx,[ebp+0xffffdd68] jmp short JUMP_000661 JUMP_000658: ; Pos = 15783 cmp al,0x22 jnz JUMP_000659 mov eax,[ebp+0xffffff4c] cmp eax,byte +0x1 sbb eax,eax neg eax mov [ebp+0xffffff4c],eax JUMP_000659: ; Pos = 1579a cmp byte [ebx],0x2c jnz JUMP_000660 cmp dword [ebp+0xffffff4c],byte +0x0 jnz JUMP_000660 inc edi JUMP_000660: ; Pos = 157a9 inc ebx JUMP_000661: ; Pos = 157aa mov al,[ebx] test al,al jnz JUMP_000658 lea eax,[ebp+0xffffff44] push eax lea eax,[ebp+0xffffff48] push eax inc edi push edi call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov edi,eax lea ebx,[ebp+0xffffdd68] xor eax,eax mov [ebp+0xffffff4c],eax test edi,edi jz JUMP_000665 JUMP_000662: ; Pos = 157dd cmp byte [ebx],0x22 jnz JUMP_000663 mov eax,[ebp+0xffffff4c] cmp eax,byte +0x1 sbb eax,eax neg eax mov [ebp+0xffffff4c],eax JUMP_000663: ; Pos = 157f5 mov al,[ebx] inc ebx cmp al,0x2c jnz JUMP_000664 cmp dword [ebp+0xffffff4c],byte +0x0 jnz JUMP_000664 dec edi JUMP_000664: ; Pos = 15806 test edi,edi jnz JUMP_000662 JUMP_000665: ; Pos = 1580a inc ebx jmp short JUMP_000667 JUMP_000666: ; Pos = 1580d mov edx,[ebp-0x8] mov [edx],al inc ebx inc dword [ebp-0x8] JUMP_000667: ; Pos = 15816 mov al,[ebx] test al,al jz JUMP_000668 cmp al,0x22 jnz JUMP_000666 JUMP_000668: ; Pos = 15820 dec dword [ebp-0x8] jmp JUMP_000767 JUMP_000669: ; Pos = 15828 lea eax,[ebp-0x6f] lea edx,[ebx+0xf0] JUMP_000670: ; Pos = 15831 mov cl,[eax] cmp cl,[edx] jnz near JUMP_000689 test cl,cl jz JUMP_000671 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz near JUMP_000689 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000670 JUMP_000671: ; Pos = 15855 jnz near JUMP_000689 lea eax,[ebp+0xffffdc68] mov [ebp+0xffffff40],eax xor ebx,ebx push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc mov [ebp+0xffffff38],eax mov eax,[ebp+0xffffff38] mov [ebp+0xffffff34],eax inc dword [esi] inc dword [ebp-0xc] jmp short JUMP_000676 JUMP_000672: ; Pos = 15890 mov eax,[esi] cmp byte [eax],0x28 jnz JUMP_000673 test ebx,ebx JUMP_000673: ; Pos = 15899 mov eax,[esi] mov al,[eax] cmp al,0x29 jnz JUMP_000674 test ebx,ebx JUMP_000674: ; Pos = 158a3 cmp al,0x22 jnz JUMP_000675 cmp ebx,byte +0x1 sbb ebx,ebx neg ebx JUMP_000675: ; Pos = 158ae mov edx,[ebp+0xffffff40] mov [edx],al inc dword [esi] inc dword [ebp+0xffffff40] inc dword [ebp-0xc] JUMP_000676: ; Pos = 158c1 mov eax,[esi] cmp byte [eax],0x29 jnz JUMP_000672 mov eax,[ebp+0xffffff40] mov byte [eax],0x0 inc dword [ebp+0xffffff40] inc dword [esi] inc dword [ebp-0xc] xor eax,eax mov [ebp+0xffffff30],eax xor eax,eax xor ebx,ebx lea edx,[ebp+0xffffdc68] mov [ebp+0xffffff40],edx jmp short JUMP_000682 JUMP_000677: ; Pos = 158f6 cmp dl,0x22 jnz JUMP_000678 cmp ebx,byte +0x1 sbb ebx,ebx neg ebx JUMP_000678: ; Pos = 15902 mov edx,[esi] cmp byte [edx],0x28 jnz JUMP_000679 test ebx,ebx jnz JUMP_000679 inc eax JUMP_000679: ; Pos = 1590e mov edx,[esi] cmp byte [edx],0x29 jnz JUMP_000680 test ebx,ebx jnz JUMP_000680 dec eax JUMP_000680: ; Pos = 1591a mov edx,[ebp+0xffffff40] cmp byte [edx],0x2c jnz JUMP_000681 test ebx,ebx jnz JUMP_000681 test eax,eax jnz JUMP_000681 inc dword [ebp+0xffffff30] JUMP_000681: ; Pos = 15933 inc dword [ebp+0xffffff40] JUMP_000682: ; Pos = 15939 mov edx,[ebp+0xffffff40] mov dl,[edx] test dl,dl jnz JUMP_000677 lea eax,[ebp+0xffffff34] push eax lea eax,[ebp+0xffffff38] push eax mov eax,[ebp+0xffffff30] inc eax push eax call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov [ebp+0xffffff30],eax lea eax,[ebp+0xffffdc68] mov [ebp+0xffffff40],eax xor ebx,ebx xor eax,eax cmp dword [ebp+0xffffff30],byte +0x0 jz JUMP_000688 JUMP_000683: ; Pos = 15983 mov edx,[ebp+0xffffff40] cmp byte [edx],0x22 jnz JUMP_000684 cmp ebx,byte +0x1 sbb ebx,ebx neg ebx JUMP_000684: ; Pos = 15995 mov edx,[esi] cmp byte [edx],0x28 jnz JUMP_000685 test ebx,ebx jnz JUMP_000685 inc eax JUMP_000685: ; Pos = 159a1 mov edx,[esi] cmp byte [edx],0x29 jnz JUMP_000686 test ebx,ebx jnz JUMP_000686 dec eax JUMP_000686: ; Pos = 159ad mov edx,[ebp+0xffffff40] inc dword [ebp+0xffffff40] cmp byte [edx],0x2c jnz JUMP_000687 test ebx,ebx jnz JUMP_000687 test eax,eax jnz JUMP_000687 dec dword [ebp+0xffffff30] JUMP_000687: ; Pos = 159cc cmp dword [ebp+0xffffff30],byte +0x0 jnz JUMP_000683 JUMP_000688: ; Pos = 159d5 inc dword [ebp+0xffffff40] lea eax,[ebp+0xffffff3c] push eax lea eax,[ebp+0xffffff40] push eax lea eax,[ebp-0x8] push eax push edi call FUNC_000076 add esp,byte +0x10 jmp JUMP_000767 JUMP_000689: ; Pos = 159fb lea eax,[ebp-0x6f] lea edx,[ebx+0xf3] JUMP_000690: ; Pos = 15a04 mov cl,[eax] cmp cl,[edx] jnz JUMP_000692 test cl,cl jz JUMP_000691 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000692 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000690 JUMP_000691: ; Pos = 15a20 jnz JUMP_000692 mov eax,[ebp-0x8] push esi mov esi,eax mov edi,DATA_008919 xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi push dword DATA_008919 call _strlen pop ecx dec eax add [ebp-0x8],eax jmp JUMP_000767 JUMP_000692: ; Pos = 15a5f lea eax,[ebp-0x6f] lea edx,[ebx+0xf6] JUMP_000693: ; Pos = 15a68 mov cl,[eax] cmp cl,[edx] jnz JUMP_000694 test cl,cl jz JUMP_000695 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000694 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000693 JUMP_000694: ; Pos = 15a84 jnz JUMP_000696 JUMP_000695: ; Pos = 15a86 inc dword [esi] inc dword [ebp-0xc] lea eax,[ebp-0xc] push eax push esi call FUNC_000074 add esp,byte +0x8 mov [ebp+0xffffff2c],eax mov eax,[ebp+0xffffff2c] xor edx,edx mov [eax*4+DATA_008567],edx mov eax,[esi] cmp byte [eax],0x2c jz JUMP_000695 inc dword [esi] inc dword [ebp-0xc] dec dword [ebp-0x8] jmp JUMP_000767 JUMP_000696: ; Pos = 15ac1 lea eax,[ebp-0x6f] lea edx,[ebx+0xf9] JUMP_000697: ; Pos = 15aca mov cl,[eax] cmp cl,[edx] jnz JUMP_000698 test cl,cl jz JUMP_000703 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000698 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000697 JUMP_000698: ; Pos = 15ae6 jz JUMP_000703 lea eax,[ebp-0x6f] lea edx,[ebx+0xfc] JUMP_000699: ; Pos = 15af1 mov cl,[eax] cmp cl,[edx] jnz JUMP_000700 test cl,cl jz JUMP_000703 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000700 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000699 JUMP_000700: ; Pos = 15b0d jz JUMP_000703 lea eax,[ebp-0x6f] lea edx,[ebx+0xff] JUMP_000701: ; Pos = 15b18 mov cl,[eax] cmp cl,[edx] jnz JUMP_000702 test cl,cl jz JUMP_000703 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000702 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000701 JUMP_000702: ; Pos = 15b34 jnz near JUMP_000757 JUMP_000703: ; Pos = 15b3a mov eax,[DATA_002295] mov [ebp+0xffffff24],eax push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc mov [ebp+0xffffff20],eax mov eax,[ebp+0xffffff20] mov [ebp+0xffffff1c],eax mov eax,[esi] movsx eax,byte [eax] test byte [eax+DATA_008428],0x2 jnz JUMP_000704 mov eax,[esi] cmp byte [eax],0x2d jnz near JUMP_000711 JUMP_000704: ; Pos = 15b7e lea eax,[ebp-0xc] push eax push esi call FUNC_000074 add esp,byte +0x8 mov [ebp+0xffffff18],eax inc dword [esi] inc dword [ebp-0xc] mov eax,[DATA_008885] mov [ebp+0xffffff24],eax xor edi,edi JUMP_000705: ; Pos = 15ba3 lea eax,[ebp+0xffffff1c] push eax lea eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff18] push eax mov eax,[ebp+0xffffff24] push eax call FUNC_000858 add esp,byte +0x10 mov [ebp+0xffffff24],eax cmp dword [ebp+0xffffff24],byte +0x0 jnz JUMP_000706 inc edi cmp edi,byte +0x5 jl JUMP_000705 JUMP_000706: ; Pos = 15bdc cmp dword [ebp+0xffffff24],byte +0x0 jnz JUMP_000707 mov eax,[DATA_008885] mov [ebp+0xffffff24],eax JUMP_000707: ; Pos = 15bf0 lea eax,[ebp-0x6f] lea edx,[ebx+0x102] JUMP_000708: ; Pos = 15bf9 mov cl,[eax] cmp cl,[edx] jnz JUMP_000710 test cl,cl jz JUMP_000709 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000710 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000708 JUMP_000709: ; Pos = 15c15 jnz JUMP_000710 mov eax,[ebp+0xffffff24] push eax lea eax,[ebp+0xffffdc40] push eax call FUNC_000860 add esp,byte +0x8 mov eax,[ebp-0x8] push esi mov esi,eax lea edi,[ebp+0xffffdc54] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi lea eax,[ebp+0xffffdc54] push eax call _strlen pop ecx dec eax add [ebp-0x8],eax jmp JUMP_000767 JUMP_000710: ; Pos = 15c6d mov eax,[ebp+0xffffff24] push eax lea eax,[ebp+0xffffcc50] push eax call FUNC_000461 add esp,byte +0x8 test eax,eax jnz near JUMP_000767 lea eax,[ebp+0xffffcc50] push eax call FUNC_000462 pop ecx mov [ebp+0xffffff14],eax cmp dword [ebp+0xffffff14],byte +0x0 jz near JUMP_000767 lea eax,[ebp+0xffffff1c] push eax lea eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff14] push eax call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc push eax lea eax,[ebp+0xffffcc50] push eax call FUNC_000463 add esp,byte +0x8 mov [ebp+0xffffff10],eax cmp dword [ebp+0xffffff10],byte +0x0 jz near JUMP_000767 mov eax,[ebp+0xffffff10] movzx eax,word [eax+0x8] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 lea edx,[ebp+0xffffcc32] add eax,edx mov edx,[ebp-0x8] push esi mov edi,eax mov esi,edx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi mov eax,[ebp-0x8] push eax call _strlen pop ecx dec eax add [ebp-0x8],eax jmp JUMP_000767 JUMP_000711: ; Pos = 15d41 lea eax,[ebp+0xffffcb50] jmp short JUMP_000713 JUMP_000712: ; Pos = 15d49 mov [eax],dl inc dword [esi] inc eax inc dword [ebp-0xc] JUMP_000713: ; Pos = 15d51 mov edx,[esi] mov dl,[edx] cmp dl,0x29 jnz JUMP_000712 inc dword [esi] inc dword [ebp-0xc] mov byte [eax],0x0 mov eax,[DATA_008885] mov [ebp+0xffffff24],eax lea eax,[ebp+0xffffcb50] lea edx,[ebx+0x105] JUMP_000714: ; Pos = 15d79 mov cl,[eax] cmp cl,[edx] jnz JUMP_000716 test cl,cl jz JUMP_000715 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000716 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000714 JUMP_000715: ; Pos = 15d95 jnz JUMP_000716 lea eax,[ebp+0xffffff1c] push eax lea eax,[ebp+0xffffff20] push eax push byte +0x6 call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov [ebp+0xffffff0c],eax mov eax,[ebp+0xffffff0c] mov eax,[eax*4+DATA_002289] mov [ebp+0xffffff24],eax jmp JUMP_000722 JUMP_000716: ; Pos = 15dce lea eax,[ebp+0xffffcb50] lea edx,[ebx+0x10e] JUMP_000717: ; Pos = 15dda mov cl,[eax] cmp cl,[edx] jnz JUMP_000719 test cl,cl jz JUMP_000718 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000719 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000717 JUMP_000718: ; Pos = 15df6 jnz JUMP_000719 lea eax,[ebp+0xffffff1c] push eax lea eax,[ebp+0xffffff20] push eax push byte +0x8 call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov [ebp+0xffffff08],eax mov eax,[ebp+0xffffff08] mov eax,[eax*4+DATA_002291] mov [ebp+0xffffff24],eax jmp short JUMP_000722 JUMP_000719: ; Pos = 15e2c lea eax,[ebp+0xffffcb50] lea edx,[ebx+0x115] JUMP_000720: ; Pos = 15e38 mov cl,[eax] cmp cl,[edx] jnz JUMP_000722 test cl,cl jz JUMP_000721 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000722 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000720 JUMP_000721: ; Pos = 15e54 jnz JUMP_000722 lea eax,[ebp+0xffffff1c] push eax lea eax,[ebp+0xffffff20] push eax push byte +0x5 call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov [ebp+0xffffff04],eax mov eax,[ebp+0xffffff04] mov eax,[eax*4+DATA_002290] mov [ebp+0xffffff24],eax JUMP_000722: ; Pos = 15e88 xor edi,edi lea eax,[ebp+0xffffcb50] lea edx,[ebx+0x11e] JUMP_000723: ; Pos = 15e96 mov cl,[eax] cmp cl,[edx] jnz JUMP_000725 test cl,cl jz JUMP_000724 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000725 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000723 JUMP_000724: ; Pos = 15eb2 jnz JUMP_000725 mov edi,0x1 jmp JUMP_000743 JUMP_000725: ; Pos = 15ebe lea eax,[ebp+0xffffcb50] lea edx,[ebx+0x120] JUMP_000726: ; Pos = 15eca mov cl,[eax] cmp cl,[edx] jnz JUMP_000728 test cl,cl jz JUMP_000727 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000728 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000726 JUMP_000727: ; Pos = 15ee6 jnz JUMP_000728 mov edi,0x5 jmp JUMP_000743 JUMP_000728: ; Pos = 15ef2 lea eax,[ebp+0xffffcb50] lea edx,[ebx+0x122] JUMP_000729: ; Pos = 15efe mov cl,[eax] cmp cl,[edx] jnz JUMP_000731 test cl,cl jz JUMP_000730 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000731 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000729 JUMP_000730: ; Pos = 15f1a jnz JUMP_000731 mov edi,0x4 jmp JUMP_000743 JUMP_000731: ; Pos = 15f26 lea eax,[ebp+0xffffcb50] lea edx,[ebx+0x124] JUMP_000732: ; Pos = 15f32 mov cl,[eax] cmp cl,[edx] jnz JUMP_000734 test cl,cl jz JUMP_000733 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000734 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000732 JUMP_000733: ; Pos = 15f4e jnz JUMP_000734 mov edi,0xb jmp JUMP_000743 JUMP_000734: ; Pos = 15f5a lea eax,[ebp+0xffffcb50] lea edx,[ebx+0x126] JUMP_000735: ; Pos = 15f66 mov cl,[eax] cmp cl,[edx] jnz JUMP_000737 test cl,cl jz JUMP_000736 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000737 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000735 JUMP_000736: ; Pos = 15f82 jnz JUMP_000737 mov edi,0xc jmp short JUMP_000743 JUMP_000737: ; Pos = 15f8b lea eax,[ebp+0xffffcb50] lea edx,[ebx+0x12e] JUMP_000738: ; Pos = 15f97 mov cl,[eax] cmp cl,[edx] jnz JUMP_000740 test cl,cl jz JUMP_000739 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000740 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000738 JUMP_000739: ; Pos = 15fb3 jnz JUMP_000740 mov edi,0xc jmp short JUMP_000743 JUMP_000740: ; Pos = 15fbc lea eax,[ebp+0xffffcb50] lea edx,[ebx+0x136] JUMP_000741: ; Pos = 15fc8 mov cl,[eax] cmp cl,[edx] jnz JUMP_000743 test cl,cl jz JUMP_000742 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000743 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000741 JUMP_000742: ; Pos = 15fe4 jnz JUMP_000743 mov edi,0xe JUMP_000743: ; Pos = 15feb test edi,edi jz near JUMP_000750 xor eax,eax mov [ebp+0xffffff00],eax mov eax,DATA_007108 jmp short JUMP_000746 JUMP_000744: ; Pos = 16002 mov dl,[eax+0xa] and edx,byte +0xf cmp edi,edx jnz JUMP_000745 inc dword [ebp+0xffffff00] JUMP_000745: ; Pos = 16012 add eax,byte +0x34 JUMP_000746: ; Pos = 16015 cmp dword [eax],byte +0x0 jnz JUMP_000744 lea eax,[ebp+0xffffff1c] push eax lea eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff00] push eax call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov [ebp+0xffffff00],eax xor edx,edx mov eax,DATA_007109 cmp dword [ebp+0xffffff00],byte +0x0 jz JUMP_000749 JUMP_000747: ; Pos = 1604e mov cl,[eax] and ecx,byte +0xf cmp edi,ecx jnz JUMP_000748 dec dword [ebp+0xffffff00] JUMP_000748: ; Pos = 1605d inc edx add eax,byte +0x34 cmp dword [ebp+0xffffff00],byte +0x0 jnz JUMP_000747 JUMP_000749: ; Pos = 1606a lea eax,[edx+edx*2] lea eax,[edx+eax*4] mov eax,[eax*4+DATA_007107] mov [ebp+0xffffff24],eax JUMP_000750: ; Pos = 1607d cmp dword [ebp+0xffffff24],byte +0x0 jz near JUMP_000767 lea eax,[ebp-0x6f] lea edx,[ebx+0x13d] JUMP_000751: ; Pos = 16093 mov cl,[eax] cmp cl,[edx] jnz JUMP_000753 test cl,cl jz JUMP_000752 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000753 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000751 JUMP_000752: ; Pos = 160af jnz JUMP_000753 mov eax,[ebp+0xffffff24] push eax lea eax,[ebp+0xffffdc40] push eax call FUNC_000860 add esp,byte +0x8 mov eax,[ebp-0x8] push esi mov esi,eax lea edi,[ebp+0xffffdc54] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi lea eax,[ebp+0xffffdc54] push eax call _strlen pop ecx dec eax add [ebp-0x8],eax jmp JUMP_000767 JUMP_000753: ; Pos = 16107 mov eax,[ebp+0xffffff24] push eax lea eax,[ebp+0xffffbb60] push eax call FUNC_000461 add esp,byte +0x8 test eax,eax jnz near JUMP_000767 lea eax,[ebp+0xffffbb60] push eax call FUNC_000462 pop ecx mov [ebp+0xfffffefc],eax cmp dword [ebp+0xfffffefc],byte +0x0 jz near JUMP_000767 lea eax,[ebp+0xffffff1c] push eax lea eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xfffffefc] push eax call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc push eax lea eax,[ebp+0xffffbb60] push eax call FUNC_000463 add esp,byte +0x8 mov [ebp+0xfffffef8],eax cmp dword [ebp+0xfffffef8],byte +0x0 jz JUMP_000756 lea eax,[ebp-0x6f] lea edx,[ebx+0x140] JUMP_000754: ; Pos = 1618b mov cl,[eax] cmp cl,[edx] jnz JUMP_000756 test cl,cl jz JUMP_000755 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_000756 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000754 JUMP_000755: ; Pos = 161a7 jnz JUMP_000756 mov eax,[ebp+0xfffffef8] movzx eax,word [eax+0x8] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 lea edx,[ebp+0xffffbb1c] add eax,edx mov [ebp+0xfffffef8],eax JUMP_000756: ; Pos = 161cb cmp dword [ebp+0xfffffef8],byte +0x0 jz near JUMP_000767 mov eax,[ebp+0xfffffef8] add eax,byte +0x26 mov edx,[ebp-0x8] push esi mov edi,eax mov esi,edx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi mov eax,[ebp-0x8] push eax call _strlen pop ecx dec eax add [ebp-0x8],eax jmp JUMP_000767 JUMP_000757: ; Pos = 1621a lea eax,[ebp-0x6f] lea edx,[ebx+0x143] JUMP_000758: ; Pos = 16223 mov cl,[eax] cmp cl,[edx] jnz near JUMP_000761 test cl,cl jz JUMP_000759 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz near JUMP_000761 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000758 JUMP_000759: ; Pos = 16247 jnz near JUMP_000761 mov eax,[DATA_002296] mov [ebp+0xfffffef4],eax push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc mov [ebp+0xfffffef0],eax mov eax,[ebp+0xfffffef0] mov [ebp+0xfffffeec],eax inc dword [esi] inc dword [ebp-0xc] lea eax,[ebp-0xc] push eax push esi call FUNC_000074 add esp,byte +0x8 mov [ebp+0xfffffee8],eax inc dword [esi] inc dword [ebp-0xc] mov eax,[DATA_008885] mov [ebp+0xfffffef4],eax lea eax,[ebp+0xfffffeec] push eax lea eax,[ebp+0xfffffef0] push eax mov eax,[ebp+0xfffffee8] push eax mov eax,[ebp+0xfffffef4] push eax call FUNC_000858 add esp,byte +0x10 mov [ebp+0xfffffef4],eax cmp dword [ebp+0xfffffef4],byte +0x0 jnz JUMP_000760 mov eax,[DATA_008885] mov [ebp+0xfffffef4],eax JUMP_000760: ; Pos = 162de mov eax,[ebp+0xfffffef4] push eax lea eax,[ebp+0xffffbb38] push eax call FUNC_000860 add esp,byte +0x8 mov eax,[ebp-0x8] mov byte [eax],0x28 inc dword [ebp-0x8] push byte +0x0 mov ax,[ebp+0xfffffef4] and eax,0x1fff sub eax,0x1718 push eax mov eax,[ebp-0x8] push eax call FUNC_001377_StringConvertFraction add esp,byte +0xc add eax,byte -0x2 mov [ebp-0x8],eax mov eax,[ebp-0x8] mov byte [eax],0x2c inc dword [ebp-0x8] push byte +0x0 mov eax,[ebp+0xfffffef4] shr eax,0xd and eax,0x1fff sub eax,0x1524 push eax mov eax,[ebp-0x8] push eax call FUNC_001377_StringConvertFraction add esp,byte +0xc add eax,byte -0x2 mov [ebp-0x8],eax mov eax,[ebp-0x8] mov byte [eax],0x29 jmp JUMP_000767 JUMP_000761: ; Pos = 1635f lea eax,[ebp-0x6f] lea edx,[ebx+0x146] JUMP_000762: ; Pos = 16368 mov cl,[eax] cmp cl,[edx] jnz near JUMP_000764 test cl,cl jz JUMP_000763 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz near JUMP_000764 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000762 JUMP_000763: ; Pos = 1638c jnz JUMP_000764 mov eax,[DATA_002297] mov [ebp+0xfffffee4],eax push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc mov eax,[DATA_008885] mov [ebp+0xfffffee4],eax mov eax,[ebp+0xfffffee4] push eax lea eax,[ebp+0xffffbb10] push eax call FUNC_000860 add esp,byte +0x8 mov eax,[ebp-0x8] push esi mov esi,eax lea edi,[ebp+0xffffbb24] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi lea eax,[ebp+0xffffbb24] push eax call _strlen pop ecx dec eax add [ebp-0x8],eax jmp JUMP_000767 JUMP_000764: ; Pos = 16408 lea eax,[ebp-0x6f] lea edx,[ebx+0x149] JUMP_000765: ; Pos = 16411 mov cl,[eax] cmp cl,[edx] jnz near JUMP_000767 test cl,cl jz JUMP_000766 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz near JUMP_000767 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_000765 JUMP_000766: ; Pos = 16435 jnz near JUMP_000767 push edi lea eax,[ebp-0xc] push eax push esi call FUNC_000075 add esp,byte +0xc mov [ebp+0xfffffedc],eax mov eax,[ebp+0xfffffedc] mov [ebp+0xfffffed8],eax lea eax,[ebp+0xfffffed8] push eax lea eax,[ebp+0xfffffedc] push eax push byte +0x30 call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov [ebp+0xfffffecc],eax mov eax,[ebp+0xfffffecc] add eax,byte +0xf push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov [ebp+0xfffffed4],eax mov eax,[ebp+0xfffffed4] mov eax,[eax+0x38] mov [ebp+0xfffffed0],eax lea eax,[ebp+0xffffbafc] push eax mov eax,[ebp+0xfffffed0] movsx eax,word [eax+0xe] push eax mov eax,[ebp-0x8] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc add eax,byte -0x2 mov [ebp-0x8],eax JUMP_000767: ; Pos = 164c5 mov eax,[ebp+0x14] mov edx,[ebp-0xc] mov [eax],edx mov eax,[ebp+0x10] mov edx,[esi] mov [eax],edx mov eax,[ebp+0xc] mov edx,[ebp-0x8] mov [eax],edx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000077_ExpandBracketCodes: ; Pos = 164e4 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov esi,[ebp+0x10] mov edi,[ebp+0xc] mov ebx,[ebp+0x8] mov [ebp-0x4],ebx mov [ebp-0x8],esi push esi call _strlen pop ecx mov esi,eax xor eax,eax mov [ebp-0xc],eax cmp esi,[ebp-0xc] jng JUMP_000771 JUMP_000768: ; Pos = 1650f mov eax,[ebp-0x8] mov al,[eax] mov edx,[ebp-0x4] mov [edx],al inc dword [ebp-0x8] mov eax,[ebp-0x4] cmp byte [eax],0xd5 jnz JUMP_000769 mov eax,[ebp-0x4] mov byte [eax],0x27 JUMP_000769: ; Pos = 1652a mov eax,[ebp-0x4] cmp byte [eax],0x5b jnz JUMP_000770 lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax push byte +0x0 call FUNC_000076 add esp,byte +0x10 JUMP_000770: ; Pos = 16548 inc dword [ebp-0x4] mov eax,[ebp-0x4] sub eax,ebx cmp edi,eax jng JUMP_000771 inc dword [ebp-0xc] cmp esi,[ebp-0xc] jg JUMP_000768 JUMP_000771: ; Pos = 1655c mov eax,[ebp-0x4] mov byte [eax],0x0 mov eax,[ebp-0x4] pop edi pop esi pop ebx mov esp,ebp pop ebp ret SECTION .data pAsmLog db 'ffemiss.log', 0x0 pAsmAttr db 'wt', 0x0 pAsmFile dd 0x0 pAsmOutInt db 'Output value = %i', 0x0 pAsmOutStr db 'Output value = %s', 0x0 SECTION .text FUNC_000078: ; Pos = 1656c push ebp mov ebp,esp push eax mov eax,0x3 JUMP_000772: ; Pos = 16575 add esp,0xfffff004 push eax dec eax jnz JUMP_000772 mov eax,[ebp-0x4] add esp,byte -0x8 push ebx push esi push edi mov eax,[DATA_002294] mov edx,eax add edx,byte +0x3 mov [ebp-0x4],edx lea edx,[ebp+0xffffe878] mov [ebp-0xc],edx mov dword [ebp-0x18],0x1 mov byte [eax],0xd mov byte [eax+0x1],0x1e mov byte [eax+0x2],0xa push dword DATA_002308 lea eax,[ebp+0xffffd008] push eax call _strcpy add esp,byte +0x8 push dword DATA_002309 lea eax,[ebp+0xffffd008] push eax call _fopen add esp,byte +0x8 mov [ebp-0x10],eax cmp dword [ebp-0x10],byte +0x0 jz near JUMP_000795 mov eax,[ebp+0x8] shl eax,0x2 add eax,DATA_002292 push byte 0x0 mov eax, [eax] push eax mov eax,[ebp-0x10] push eax call _fseek add esp,byte +0xc mov eax,[ebp-0x10] push eax mov eax,[ebp+0x8] mov eax,[eax*4+DATA_002293] mov edx,[ebp+0x8] sub eax,[edx*4+DATA_002292] push eax push byte +0x1 lea eax,[ebp+0xffffd108] push eax call _fread add esp,byte +0x10 lea eax,[ebp+0xffffe878] mov [ebp-0x8],eax xor eax,eax xor edx,edx xor ecx,ecx mov [ebp-0x14],ecx mov ecx,[ebp+0x8] lea esi,[ecx*4+DATA_002293] jmp JUMP_000777 JUMP_000773: ; Pos = 16653 shl eax,0x8 mov ecx,[ebp-0x14] movzx ecx,byte [ebp+ecx+0xffffd108] or eax,ecx inc edx cmp edx,byte +0x4 jnz near JUMP_000776 mov ecx,eax shr ecx,0x1f and ecx,byte +0x1 shl ecx,0x1f mov ebx,eax shr ebx,0x1e and ebx,byte +0x1 shl ebx,0x17 or ecx,ebx mov ebx,eax shr ebx,0x1d and ebx,byte +0x1 shl ebx,0xf or ecx,ebx mov ebx,eax shr ebx,0x1c and ebx,byte +0x1 shl ebx,0x7 or ecx,ebx mov ebx,eax shr ebx,0x15 and ebx,byte +0x7f shl ebx,0x18 or ecx,ebx mov ebx,eax shr ebx,0xe and ebx,byte +0x7f shl ebx,0x10 or ecx,ebx mov ebx,eax shr ebx,0x7 and ebx,byte +0x7f shl ebx,0x8 or ecx,ebx shr eax,0x0 and eax,byte +0x7f or ecx,eax mov eax,ecx mov ecx,[ebp-0x8] lea ecx,[ecx+edx-0x1] test edx,edx jz JUMP_000775 JUMP_000774: ; Pos = 166db mov ebx,eax and bl,0xff mov [ecx],bl shr eax,0x8 dec edx dec ecx test edx,edx jnz JUMP_000774 JUMP_000775: ; Pos = 166eb add dword [ebp-0x8],byte +0x4 xor edx,edx xor eax,eax JUMP_000776: ; Pos = 166f3 inc dword [ebp-0x14] JUMP_000777: ; Pos = 166f6 mov ecx,[esi] sub ecx,[esi-0x4] cmp ecx,[ebp-0x14] jg near JUMP_000773 lea eax,[ebp+0xffffd008] mov [ebp-0x8],eax JUMP_000778: ; Pos = 1670d mov eax,[ebp-0xc] mov al,[eax] mov edx,[ebp-0x8] mov [edx],al inc dword [ebp-0xc] inc dword [ebp-0x8] mov eax,[ebp-0x8] cmp byte [eax-0x1],0xa jnz JUMP_000778 mov eax,[ebp-0x8] mov byte [eax-0x1],0x0 lea eax,[ebp+0xffffd008] push eax call _strlen pop ecx mov edx,[ebp+0x8] add eax,[edx*4+DATA_002292] dec eax mov [ebp-0x14],eax mov eax,[ebp+0x8] lea esi,[eax*4+DATA_002293] jmp JUMP_000793 JUMP_000779: ; Pos = 16757 mov eax,[ebp-0xc] mov al,[eax] test al,al jz near JUMP_000794 mov edx,[ebp-0x4] mov [edx],al inc dword [ebp-0xc] mov eax,[ebp-0x4] cmp byte [eax],0xe jnz JUMP_000780 mov eax,[ebp-0x4] mov byte [eax],0x83 JUMP_000780: ; Pos = 1677a mov eax,[ebp-0x4] mov al,[eax] cmp al,0x7f jz near JUMP_000792 cmp al,0x26 jnz JUMP_000781 mov eax,[ebp-0x4] mov byte [eax],0x2b JUMP_000781: ; Pos = 16791 mov eax,[ebp-0x4] cmp byte [eax],0xa jnz JUMP_000782 mov eax,[ebp-0x4] mov byte [eax],0xd JUMP_000782: ; Pos = 1679f mov eax,[ebp-0x4] cmp byte [eax],0xd5 jnz JUMP_000783 mov eax,[ebp-0x4] mov byte [eax],0x27 JUMP_000783: ; Pos = 167ad mov eax,[ebp-0x4] cmp byte [eax],0x5b jnz JUMP_000784 lea eax,[ebp-0x14] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax mov eax,[ebp+0x8] push eax call FUNC_000076 add esp,byte +0x10 JUMP_000784: ; Pos = 167cd mov eax,[ebp-0x4] cmp byte [eax],0xd jnz near JUMP_000791 cmp dword [ebp-0x18],byte +0x0 jz near JUMP_000790 xor edi,edi mov ebx,[DATA_002294] add ebx,byte +0x2 cmp ebx,[ebp-0x4] jnc JUMP_000786 JUMP_000785: ; Pos = 167f3 movsx eax,byte [ebx] push eax call _toupper pop ecx mov [ebx],al mov al,[ebx] push eax call FUNC_001597_CharAdvanceWidth pop ecx add edi,eax inc ebx cmp ebx,[ebp-0x4] jc JUMP_000785 JUMP_000786: ; Pos = 16810 mov eax,0x140 sub eax,edi mov edx,eax test edx,edx jns JUMP_000787 add edx,byte +0x3 JUMP_000787: ; Pos = 16820 sar edx,0x2 mov ecx,[DATA_002294] mov [ecx+0x2],dl xor edx,edx mov [ebp-0x18],edx inc dword [ebp-0x4] mov edx,[ebp-0x4] mov byte [edx],0x1e inc dword [ebp-0x4] sar eax,1 jns JUMP_000788 adc eax,byte +0x0 JUMP_000788: ; Pos = 16844 add eax,edi add eax,byte -0x28 sar eax,1 jns JUMP_000789 adc eax,byte +0x0 JUMP_000789: ; Pos = 16850 mov edx,[ebp-0x4] mov [edx],al inc dword [ebp-0x4] mov eax,[ebp-0x4] push eax push byte +0x0 push dword 0xa602 call FUNC_000084 add esp,byte +0xc dec eax mov [ebp-0x4],eax mov eax,[ebp-0x4] mov byte [eax],0x20 inc dword [ebp-0x4] mov eax,[ebp-0x4] push esi mov esi,eax lea edi,[ebp+0xffffd008] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi lea eax,[ebp+0xffffd008] push eax call _strlen pop ecx dec eax add [ebp-0x4],eax inc dword [ebp-0x4] mov eax,[ebp-0x4] mov byte [eax],0xd JUMP_000790: ; Pos = 168bc inc dword [ebp-0x4] mov eax,[ebp-0x4] mov byte [eax],0x20 inc dword [ebp-0x4] mov eax,[ebp-0x4] mov byte [eax],0x20 inc dword [ebp-0x4] mov eax,[ebp-0x4] mov byte [eax],0x20 inc dword [ebp-0x4] mov eax,[ebp-0x4] mov byte [eax],0x20 inc dword [ebp-0x4] mov eax,[ebp-0x4] mov byte [eax],0x20 JUMP_000791: ; Pos = 168e9 inc dword [ebp-0x4] JUMP_000792: ; Pos = 168ec inc dword [ebp-0x14] JUMP_000793: ; Pos = 168ef mov eax,[esi] add eax,byte -0x4 cmp eax,[ebp-0x14] jg near JUMP_000779 JUMP_000794: ; Pos = 168fd mov eax,[ebp-0x10] push eax call _fclose pop ecx mov eax,[ebp-0x4] mov byte [eax],0x0 inc dword [ebp-0x4] push dword 0x12c mov eax,[DATA_002294] push eax call near [DATA_007643] ; FUNC_001398_StringWrap add esp,byte +0x8 mov eax,[ebp-0x4] dec eax mov [DATA_002294],eax JUMP_000795: ; Pos = 1692d pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000079: ; Pos = 16934 push ebp mov ebp,esp push dword 0x8c push byte +0x28 push byte +0xf mov eax,[ebp+0x8] push eax push byte +0xa push dword DATA_008581 call FUNC_001585_TextWriteDefaultHeight add esp,byte +0x18 cmp dword [DATA_009221],byte +0x0 jz JUMP_000796 push dword 0x92 push byte +0x7c push byte +0x30 call FUNC_001621_BlitIndexToBuf add esp,byte +0xc push byte +0x0 push dword 0x92 push dword 0x9a push byte +0xf push byte +0x0 push dword 0xa601 call near [DATA_007645] ; FUNC_001401_StringDrawWrap add esp,byte +0x18 mov dword [DATA_009221],0x1 JUMP_000796: ; Pos = 16995 pop ebp ret FUNC_000080: ; Pos = 16998 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,ebx shl esi,0x3 sub esi,ebx mov eax,[esi*8+DATA_008570] push eax call FUNC_001620_BmpIndexToPtr pop ecx mov edi,eax push byte +0x0 call FUNC_000956 pop ecx push byte +0x2 movsx eax,word [edi+0x2] mov edx,0x140 sub edx,eax sar edx,1 jns JUMP_000797 adc edx,byte +0x0 JUMP_000797: ; Pos = 169d4 push edx mov eax,[esi*8+DATA_008570] push eax call FUNC_001621_BlitIndexToBuf add esp,byte +0xc cmp dword [DATA_008580],byte +0x28 jnl JUMP_000798 push dword 0x92 push dword 0x88 push byte +0x2f call FUNC_001621_BlitIndexToBuf add esp,byte +0xc push byte +0x0 push dword 0x92 push dword 0x9a push byte +0xf push byte +0x0 push dword 0xa601 call near [DATA_007645] ; FUNC_001401_StringDrawWrap add esp,byte +0x18 JUMP_000798: ; Pos = 16a20 call FUNC_000073 mov eax,[DATA_008580] push eax call FUNC_000079 pop ecx mov eax,[DATA_009221] mov [esi*8+DATA_008571],eax pop edi pop esi pop ebx pop ebp ret FUNC_000081: ; Pos = 16a44 push ebp mov ebp,esp add esp,byte -0x28 push ebx push esi push edi mov esi,DATA_002286 mov edi,DATA_002287 push esi push edi mov esi,DATA_002298 lea edi,[ebp-0x28] mov ecx,0xa rep movsd pop edi pop esi call near [DATA_007672] ; FUNC_001414_GuiGetLastAction xor ebx,ebx mov bl,al mov eax,ebx sub eax,0xf5 jz JUMP_000800 dec eax sub eax,byte +0x7 jc JUMP_000799 jmp short JUMP_000801 JUMP_000799: ; Pos = 16a85 push byte +0x0 push byte +0x1 push byte +0xe call FUNC_000144 add esp,byte +0xc push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx jmp short JUMP_000801 JUMP_000800: ; Pos = 16a9d call FUNC_000082 jmp JUMP_000819 JUMP_000801: ; Pos = 16aa7 cmp dword [esi],byte +0x0 jz JUMP_000807 cmp dword [DATA_008580],byte +0x28 jnl JUMP_000802 inc dword [DATA_008580] jmp short JUMP_000803 JUMP_000802: ; Pos = 16abd xor eax,eax mov [esi],eax JUMP_000803: ; Pos = 16ac1 cmp dword [DATA_008580],byte +0x28 jnl JUMP_000804 inc dword [DATA_008580] jmp short JUMP_000805 JUMP_000804: ; Pos = 16ad2 xor eax,eax mov [esi],eax JUMP_000805: ; Pos = 16ad6 mov eax,[DATA_002288] push eax call FUNC_000080 pop ecx cmp dword [esi],byte +0x0 jz JUMP_000806 dec dword [esi] JUMP_000806: ; Pos = 16ae9 cmp dword [esi],byte +0x0 jz near JUMP_000819 dec dword [esi] jmp JUMP_000819 JUMP_000807: ; Pos = 16af9 cmp dword [edi],byte +0x0 jz JUMP_000813 mov eax,[DATA_002288] mov edx,eax shl eax,0x3 sub eax,edx cmp dword [eax*8+DATA_008571],byte +0x0 jz JUMP_000808 dec dword [DATA_008580] jmp short JUMP_000809 JUMP_000808: ; Pos = 16b1c xor eax,eax mov [edi],eax JUMP_000809: ; Pos = 16b20 mov eax,[DATA_002288] mov edx,eax shl eax,0x3 sub eax,edx cmp dword [eax*8+DATA_008571],byte +0x0 jz JUMP_000810 dec dword [DATA_008580] jmp short JUMP_000811 JUMP_000810: ; Pos = 16b3e xor eax,eax mov [edi],eax JUMP_000811: ; Pos = 16b42 mov eax,[DATA_002288] push eax call FUNC_000080 pop ecx cmp dword [edi],byte +0x0 jz JUMP_000812 dec dword [edi] JUMP_000812: ; Pos = 16b55 cmp dword [edi],byte +0x0 jz near JUMP_000819 dec dword [edi] jmp JUMP_000819 JUMP_000813: ; Pos = 16b65 test ebx,ebx jz near JUMP_000819 cmp ebx,byte +0xf jnz JUMP_000814 mov eax,[DATA_008580] mov ecx,0xa cdq idiv ecx mov eax,0x3c sub eax,edx mov [edi],eax xor eax,eax mov [esi],eax JUMP_000814: ; Pos = 16b8c cmp ebx,byte +0xe jnz JUMP_000815 mov eax,[DATA_008580] mov ecx,0xa cdq idiv ecx mov eax,0x3c sub eax,edx mov [esi],eax xor eax,eax mov [edi],eax JUMP_000815: ; Pos = 16bab cmp ebx,byte +0x31 jl near JUMP_000816 cmp ebx,byte +0x36 jnl near JUMP_000816 mov dword [DATA_008580],0x28 lea esi,[ebx-0x31] mov [DATA_002288],esi push byte +0x2f call FUNC_001620_BmpIndexToPtr pop ecx mov dword [ebp-0x28],0x88 mov dword [ebp-0x24],0x92 movsx edx,word [eax+0x2] add edx,[ebp-0x28] mov [ebp-0x20],edx movzx eax,byte [eax+0x1] add eax,[ebp-0x24] mov [ebp-0x1c],eax mov dword [ebp-0x18],0x5 lea eax,[ebp-0x28] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx push byte +0x30 call FUNC_001620_BmpIndexToPtr pop ecx mov dword [ebp-0x28],0x7c mov dword [ebp-0x24],0x92 movsx edx,word [eax+0x2] add edx,[ebp-0x28] mov [ebp-0x20],edx movzx eax,byte [eax+0x1] add eax,[ebp-0x24] mov [ebp-0x1c],eax mov dword [ebp-0x18],0x6 lea eax,[ebp-0x28] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx mov eax,DATA_008581 mov [DATA_002294],eax mov byte [eax],0x0 push esi call FUNC_000071 pop ecx push esi call FUNC_000080 pop ecx jmp short JUMP_000819 JUMP_000816: ; Pos = 16c65 cmp ebx,byte +0x5 jnz JUMP_000817 mov eax,[DATA_008580] mov ecx,0xa cdq idiv ecx mov eax,0xa sub eax,edx mov [esi],eax xor eax,eax mov [edi],eax jmp short JUMP_000819 JUMP_000817: ; Pos = 16c86 cmp ebx,byte +0x6 jnz JUMP_000818 mov eax,[DATA_008580] mov ecx,0xa cdq idiv ecx mov eax,0xa sub eax,edx mov [edi],eax xor eax,eax mov [esi],eax jmp short JUMP_000819 JUMP_000818: ; Pos = 16ca7 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx JUMP_000819: ; Pos = 16caf pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000082: ; Pos = 16cb8 push ebp mov ebp,esp add esp,byte -0x40 push ebx push esi push edi mov edi,0x28 push edi mov esi,DATA_002299 lea edi,[ebp-0x2c] mov ecx,0xa rep movsd pop edi push byte +0x0 call FUNC_000956 pop ecx call FUNC_000073 push byte +0x0 push byte +0x8 push byte +0x32 mov eax,[DATA_008673] push eax push byte +0x0 push dword 0xa603 call near [DATA_007645] ; FUNC_001401_StringDrawWrap add esp,byte +0x18 push byte +0x0 push byte +0x16 push byte +0x22 push byte +0xf push byte +0x0 push dword 0xa604 call near [DATA_007645] ; FUNC_001401_StringDrawWrap add esp,byte +0x18 xor eax,eax mov [ebp-0x4],eax mov ebx,DATA_008572 JUMP_000820: ; Pos = 16d22 cmp dword [ebx],byte +0x0 jz near JUMP_000823 test byte [ebx+0x8],0x1 jz near JUMP_000823 mov eax,[ebx-0x8] add eax,byte +0x5 push eax call FUNC_001620_BmpIndexToPtr pop ecx mov esi,eax push edi push byte +0x1e mov eax,[ebx-0x8] add eax,byte +0x5 push eax call FUNC_001621_BlitIndexToBuf add esp,byte +0xc test byte [ebx+0x8],0x2 jz JUMP_000821 mov eax,[ebx+0x10] sub eax,[DATA_008807] xor edx,edx div dword [ebx] test eax,eax jna JUMP_000821 mov eax,[ebx+0x10] sub eax,[DATA_008807] dec eax xor edx,edx div dword [ebx] mov [ebp-0x40],eax push byte +0x0 xor eax,eax mov al,[esi+0x1] add eax,edi add eax,byte -0xa push eax push dword 0xc8 push byte +0xf lea eax,[ebp-0x40] push eax push dword 0xa605 call near [DATA_007645] ; FUNC_001401_StringDrawWrap add esp,byte +0x18 jmp short JUMP_000822 JUMP_000821: ; Pos = 16da6 push byte +0x0 xor eax,eax mov al,[esi+0x1] add eax,edi add eax,byte -0xa push eax push dword 0xc8 push byte +0xf push byte +0x0 push dword 0xa606 call near [DATA_007645] ; FUNC_001401_StringDrawWrap add esp,byte +0x18 JUMP_000822: ; Pos = 16dca mov dword [ebp-0x2c],0x1e mov [ebp-0x28],edi movsx eax,word [esi+0x2] add eax,[ebp-0x2c] mov [ebp-0x24],eax xor eax,eax mov al,[esi+0x1] add eax,[ebp-0x28] mov [ebp-0x20],eax mov eax,[ebp-0x4] add eax,byte +0x31 mov [ebp-0x1c],eax lea eax,[ebp-0x2c] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx xor eax,eax mov al,[esi+0x1] add eax,byte +0x2 add edi,eax JUMP_000823: ; Pos = 16e07 inc dword [ebp-0x4] add ebx,byte +0x38 cmp dword [ebp-0x4],byte +0x5 jl near JUMP_000820 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000083: ; Pos = 16e20 push ebp mov ebp,esp xor eax,eax mov edx,DATA_008572 JUMP_000824: ; Pos = 16e2a cmp dword [edx],byte +0x0 jnz JUMP_000825 inc eax add edx,byte +0x38 cmp eax,byte +0x5 jl JUMP_000824 JUMP_000825: ; Pos = 16e38 cmp eax,byte +0x5 jz JUMP_000826 push byte +0x13 call near [DATA_007200] ; FUNC_000923 pop ecx call FUNC_000276 push byte +0x1 push byte +0xa call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x1 push byte +0xd call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 and byte [DATA_008809],0xfe mov byte [DATA_008651],0xff call FUNC_000082 JUMP_000826: ; Pos = 16e76 pop ebp ret FUNC_000084: ; Pos = 16e78 push ebp mov ebp,esp mov eax,[ebp+0x8] and eax,0x1ff push dword DATA_002245 mov edx,[ebp+0xc] push edx push eax mov eax,[ebp+0x10] push eax call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret FUNC_000085: ; Pos = 16e9c push ebp mov ebp,esp mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,eax shl eax,0x3 sub eax,ecx mov eax,[eax*8+DATA_008578] test eax,eax jz JUMP_000829 JUMP_000827: ; Pos = 16eb7 cmp edx,[eax] jnz JUMP_000828 mov eax,0x1 pop ebp ret JUMP_000828: ; Pos = 16ec2 mov eax,[eax+0x3c] test eax,eax jnz JUMP_000827 JUMP_000829: ; Pos = 16ec9 xor eax,eax pop ebp ret FUNC_000086: ; Pos = 16ed0 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov ecx,ebx and ecx,byte +0x7 mov eax,0x1 shl eax,cl mov edx,ebx test edx,edx jns JUMP_000830 add edx,byte +0x7 JUMP_000830: ; Pos = 16eed sar edx,0x3 movsx edx,byte [edx+DATA_008565] and eax,edx jz JUMP_000831 xor eax,eax jmp short JUMP_000836 JUMP_000831: ; Pos = 16eff mov esi,ebx shl esi,0x4 test byte [esi+DATA_002284],0x1 jz JUMP_000832 push byte +0x16 call FUNC_000035 pop ecx test eax,eax jnz JUMP_000832 xor eax,eax jmp short JUMP_000836 JUMP_000832: ; Pos = 16f1d mov eax,[esi+DATA_002280] sub eax,byte +0x1 jc JUMP_000833 jz JUMP_000834 jmp short JUMP_000835 JUMP_000833: ; Pos = 16f2c shl ebx,0x4 mov eax,[ebx+DATA_002281] mov edx,[ebp+0xc] cmp dword [eax+edx*4],byte -0x1 setnz al and eax,byte +0x1 jmp short JUMP_000836 JUMP_000834: ; Pos = 16f44 shl ebx,0x4 mov eax,[ebx+DATA_002282] cmp eax,[ebp+0xc] setz al and eax,byte +0x1 jmp short JUMP_000836 JUMP_000835: ; Pos = 16f58 xor eax,eax JUMP_000836: ; Pos = 16f5a pop esi pop ebx pop ebp ret FUNC_000087: ; Pos = 16f60 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] xor edx,edx mov eax,DATA_002280 JUMP_000837: ; Pos = 16f6f mov ecx,[eax] sub ecx,byte +0x1 jc JUMP_000838 jz JUMP_000840 jmp short JUMP_000842 JUMP_000838: ; Pos = 16f7a mov ecx,[eax+0x4] cmp dword [ecx+esi*4],byte -0x1 jz JUMP_000842 mov ecx,edx and ecx,byte +0x7 mov bl,0x1 shl bl,cl not bl mov ecx,edx test ecx,ecx jns JUMP_000839 add ecx,byte +0x7 JUMP_000839: ; Pos = 16f97 sar ecx,0x3 and [ecx+DATA_008565],bl jmp short JUMP_000842 JUMP_000840: ; Pos = 16fa2 cmp esi,[eax+0x8] jnz JUMP_000842 mov ecx,edx and ecx,byte +0x7 mov bl,0x1 shl bl,cl not bl mov ecx,edx test ecx,ecx jns JUMP_000841 add ecx,byte +0x7 JUMP_000841: ; Pos = 16fbb sar ecx,0x3 and [ecx+DATA_008565],bl JUMP_000842: ; Pos = 16fc4 inc edx add eax,byte +0x10 cmp edx,0xaa jl JUMP_000837 pop esi pop ebx pop ebp ret FUNC_000088: ; Pos = 16fd4 push ebp mov ebp,esp add esp,byte -0x2c push ebx push esi push edi xor esi,esi lea edi,[ebp-0x2c] mov ebx,DATA_002300 JUMP_000843: ; Pos = 16fe7 mov eax,[ebx] push eax call FUNC_000035 pop ecx mov [edi],eax inc esi add edi,byte +0x4 add ebx,byte +0x4 cmp esi,byte +0x5 jl JUMP_000843 xor eax,eax mov [ebp-0x4],eax lea eax,[ebp-0x2c] JUMP_000844: ; Pos = 17006 mov edx,[eax] cmp edx,[ebp+0x8] jz JUMP_000845 inc dword [ebp-0x4] add eax,byte +0x4 cmp dword [ebp-0x4],byte +0x5 jl JUMP_000844 JUMP_000845: ; Pos = 17019 cmp dword [ebp-0x4],byte +0x5 jnl near JUMP_000864 xor edi,edi xor eax,eax mov [ebp-0xc],eax JUMP_000846: ; Pos = 1702a xor ebx,ebx mov esi,DATA_002283 JUMP_000847: ; Pos = 17031 mov eax,[ebp-0x4] push eax push ebx call FUNC_000086 add esp,byte +0x8 test eax,eax jz JUMP_000848 mov eax,[esi] and eax,0xffff cmp edi,eax jnl JUMP_000848 mov edi,[esi] and edi,0xffff JUMP_000848: ; Pos = 17055 inc ebx add esi,byte +0x10 cmp ebx,0xaa jl JUMP_000847 test edi,edi jnz JUMP_000850 cmp dword [ebp-0xc],byte +0x0 jnz JUMP_000849 mov eax,[ebp-0x4] push eax call FUNC_000087 pop ecx JUMP_000849: ; Pos = 17075 inc dword [ebp-0xc] cmp dword [ebp-0xc],byte +0x2 jl JUMP_000846 JUMP_000850: ; Pos = 1707e test edi,edi jz near JUMP_000864 xor eax,eax mov [ebp-0x8],eax xor ebx,ebx mov esi,DATA_002283 JUMP_000851: ; Pos = 17092 mov eax,[ebp-0x4] push eax push ebx call FUNC_000086 add esp,byte +0x8 test eax,eax jz JUMP_000852 mov eax,[esi] and eax,0xffff cmp edi,eax jnz JUMP_000852 inc dword [ebp-0x8] JUMP_000852: ; Pos = 170b1 inc ebx add esi,byte +0x10 cmp ebx,0xaa jl JUMP_000851 mov eax,[ebp-0x8] push eax call near [DATA_007217] ; FUNC_000922 pop ecx mov [ebp-0x8],eax xor ebx,ebx mov esi,DATA_002283 JUMP_000853: ; Pos = 170d2 mov eax,[ebp-0x4] push eax push ebx call FUNC_000086 add esp,byte +0x8 test eax,eax jz JUMP_000854 mov eax,[esi] and eax,0xffff cmp edi,eax jnz JUMP_000854 mov eax,[ebp-0x8] add dword [ebp-0x8],byte -0x1 test eax,eax jz JUMP_000855 JUMP_000854: ; Pos = 170f9 inc ebx add esi,byte +0x10 cmp ebx,0xaa jl JUMP_000853 JUMP_000855: ; Pos = 17105 mov eax,ebx shl eax,0x4 mov eax,[eax+DATA_002280] sub eax,byte +0x1 jc JUMP_000856 jz near JUMP_000861 jmp JUMP_000862 JUMP_000856: ; Pos = 17120 xor esi,esi mov eax,ebx add eax,eax lea eax,[eax*8+DATA_002282] mov [ebp-0x10],eax jmp short JUMP_000860 JUMP_000857: ; Pos = 17132 xor edi,edi lea eax,[ebp-0x2c] mov [ebp-0x18],eax mov eax,[ebp-0x10] add eax,byte -0x4 mov [ebp-0x14],eax JUMP_000858: ; Pos = 17143 lea eax,[esi+esi*4] mov edx,[ebp-0x14] mov edx,[edx] lea eax,[edx+eax*4] mov eax,[eax+edi*4] cmp eax,byte -0x1 jz JUMP_000859 mov edx,[ebp-0x18] mov edx,[edx] mov ecx,edx shl edx,0x3 sub edx,ecx mov edx,[edx*8+DATA_008572] imul edx,esi add edx,[DATA_008807] push edx push byte +0x0 push byte +0x1 lea edx,[esi+esi*4] mov ecx,[ebp-0x14] mov ecx,[ecx] lea edx,[ecx+edx*4] push eax mov eax,[ebp-0x18] mov eax,[eax] push eax call FUNC_000098 add esp,byte +0x14 JUMP_000859: ; Pos = 17191 inc edi add dword [ebp-0x18],byte +0x4 cmp edi,byte +0x5 jl JUMP_000858 inc esi JUMP_000860: ; Pos = 1719c mov eax,[ebp-0x10] cmp esi,[eax] jl JUMP_000857 jmp short JUMP_000862 JUMP_000861: ; Pos = 171a5 push byte +0x0 push byte +0x0 push byte +0x1 mov eax,ebx shl eax,0x4 mov eax,[eax+DATA_002281] push eax mov eax,[ebp+0x8] push eax call FUNC_000098 add esp,byte +0x14 JUMP_000862: ; Pos = 171c3 mov ecx,ebx and ecx,byte +0x7 mov al,0x1 shl al,cl test ebx,ebx jns JUMP_000863 add ebx,byte +0x7 JUMP_000863: ; Pos = 171d3 sar ebx,0x3 or [ebx+DATA_008565],al JUMP_000864: ; Pos = 171dc pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000089: ; Pos = 171e4 push ebp mov ebp,esp add esp,0xfffffee8 push ebx push esi push edi xor ebx,ebx or esi,byte -0x1 mov dword [DATA_008566],0x1 mov edi,[ebp+0x8] mov eax,edi shl edi,0x3 sub edi,eax mov eax,[edi*8+DATA_008572] add eax,[DATA_008807] mov [edi*8+DATA_008573],eax cmp dword [edi*8+DATA_008577],byte +0x0 jnz JUMP_000865 mov eax,[ebp+0x8] push eax call FUNC_000088 pop ecx JUMP_000865: ; Pos = 17231 cmp dword [edi*8+DATA_008577],byte +0x0 jz near JUMP_000884 mov eax,[edi*8+DATA_008578] mov edx,[ebp+0x8] mov ecx,edx shl edx,0x3 sub edx,ecx lea edx,[edx*8+DATA_008575] test eax,eax jz JUMP_000871 JUMP_000866: ; Pos = 1725b mov ecx,[edx] add ecx,[eax+0x10] cmp ecx,[DATA_008807] ja JUMP_000870 cmp dword [eax+0x40],byte +0x0 jz JUMP_000867 mov ecx,[eax+0x40] mov edi,[eax+0x3c] mov [ecx+0x3c],edi jmp short JUMP_000868 JUMP_000867: ; Pos = 17279 mov ecx,[eax+0x3c] mov [edx+0xc],ecx JUMP_000868: ; Pos = 1727f cmp dword [eax+0x3c],byte +0x0 jz JUMP_000869 mov ecx,[eax+0x3c] mov edi,[eax+0x40] mov [ecx+0x40],edi JUMP_000869: ; Pos = 1728e mov dword [eax],0xffffffff JUMP_000870: ; Pos = 17294 mov eax,[eax+0x3c] test eax,eax jnz JUMP_000866 JUMP_000871: ; Pos = 1729b xor edi,edi mov eax,[ebp+0x8] mov edx,eax shl eax,0x3 sub eax,edx lea eax,[eax*8+DATA_008577] mov [ebp-0x4],eax JUMP_000872: ; Pos = 172b1 mov eax,[ebp-0x4] mov eax,[eax] test eax,eax jz JUMP_000875 JUMP_000873: ; Pos = 172ba mov edx,[eax+0x8] cmp esi,edx jg JUMP_000874 mov ecx,[eax+0xc] cmp ecx,[DATA_008807] ja JUMP_000874 mov esi,edx mov ebx,eax JUMP_000874: ; Pos = 172d0 mov eax,[eax+0x3c] test eax,eax jnz JUMP_000873 JUMP_000875: ; Pos = 172d7 test ebx,ebx jnz JUMP_000877 test edi,edi jnz JUMP_000876 mov eax,[ebp+0x8] push eax call FUNC_000088 pop ecx JUMP_000876: ; Pos = 172e9 inc edi cmp edi,byte +0x2 jl JUMP_000872 JUMP_000877: ; Pos = 172ef test ebx,ebx jz near JUMP_000884 mov eax,[ebx+0x40] test eax,eax jnz JUMP_000878 mov eax,[ebp+0x8] mov edx,eax shl eax,0x3 sub eax,edx mov edx,[ebx+0x3c] mov [eax*8+DATA_008577],edx jmp short JUMP_000879 JUMP_000878: ; Pos = 17314 mov edx,[ebx+0x3c] mov [eax+0x3c],edx JUMP_000879: ; Pos = 1731a mov eax,[ebx+0x3c] test eax,eax jz JUMP_000880 mov edx,[ebx+0x40] mov [eax+0x40],edx JUMP_000880: ; Pos = 17327 mov esi,[ebp+0x8] mov eax,esi shl esi,0x3 sub esi,eax mov eax,[esi*8+DATA_008578] mov [ebx+0x3c],eax xor eax,eax mov [ebx+0x40],eax mov eax,[ebx+0x3c] test eax,eax jz JUMP_000881 mov [eax+0x40],ebx JUMP_000881: ; Pos = 1734a mov [esi*8+DATA_008578],ebx mov eax,[DATA_008807] mov [ebx+0x10],eax mov eax,[ebx] push eax mov eax,[ebp+0x8] push eax push byte +0x7 call FUNC_000048 add esp,byte +0xc test byte [esi*8+DATA_008574],0x2 jz JUMP_000883 or dword [ebx+0x4],0x400 mov al,[DATA_008870] cmp al,0x30 jz JUMP_000882 cmp al,0x2a jnz JUMP_000883 JUMP_000882: ; Pos = 17388 or dword [ebx+0x4],0x100 JUMP_000883: ; Pos = 1738f mov eax,[ebp+0x8] mov edx,eax shl eax,0x3 sub eax,edx shl eax,0x3 add eax,DATA_008569 mov [ebp+0xfffffef4],eax lea eax,[ebp+0xfffffee8] push eax push dword 0xa600 lea eax,[ebp+0xfffffefc] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov byte [eax],0x0 cmp dword [ebp+0xc],byte +0x0 jz JUMP_000884 push byte +0x0 push byte +0x0 lea eax,[ebp+0xfffffefc] push eax call FUNC_000271 add esp,byte +0xc JUMP_000884: ; Pos = 173e0 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000090: ; Pos = 173e8 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi mov eax,[ebp+0x8] mov eax,[eax] sub eax,byte +0x5 jz JUMP_000885 sub eax,byte +0xa jz JUMP_000890 jmp short JUMP_000894 JUMP_000885: ; Pos = 17401 xor ecx,ecx mov edx,DATA_008574 JUMP_000886: ; Pos = 17408 test byte [edx],0x1 jz JUMP_000889 mov eax,[edx+0x10] test eax,eax jz JUMP_000889 JUMP_000887: ; Pos = 17414 test byte [eax+0x5],0x4 jz JUMP_000888 or dword [eax+0x4],0x100 JUMP_000888: ; Pos = 17421 mov eax,[eax+0x3c] test eax,eax jnz JUMP_000887 JUMP_000889: ; Pos = 17428 inc ecx add edx,byte +0x38 cmp ecx,byte +0x5 jl JUMP_000886 jmp short JUMP_000894 JUMP_000890: ; Pos = 17433 xor esi,esi mov ebx,DATA_008576 JUMP_000891: ; Pos = 1743a mov eax,[ebx] cmp eax,[DATA_008807] jnc JUMP_000892 and dword [ebx-0x8],byte -0x3 JUMP_000892: ; Pos = 17448 cmp dword [ebx-0x10],byte +0x0 jz JUMP_000893 test byte [ebx-0x8],0x4 jnz JUMP_000893 mov eax,[ebx-0xc] cmp eax,[DATA_008807] ja JUMP_000893 push byte +0x1 push esi call FUNC_000089 add esp,byte +0x8 JUMP_000893: ; Pos = 1746a inc esi add ebx,byte +0x38 cmp esi,byte +0x5 jl JUMP_000891 JUMP_000894: ; Pos = 17473 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000091: ; Pos = 1747c push ebp mov ebp,esp mov eax,[ebp+0x8] and eax,0xff dec eax jnz JUMP_000897 xor edx,edx mov eax,DATA_008572 JUMP_000895: ; Pos = 17491 xor ecx,ecx mov [eax],ecx xor ecx,ecx mov [eax-0x8],ecx xor ecx,ecx mov [eax+0x8],ecx inc edx add eax,byte +0x38 cmp edx,byte +0x5 jl JUMP_000895 xor edx,edx mov eax,DATA_008579 JUMP_000896: ; Pos = 174af mov dword [eax],0xffffffff inc edx add eax,byte +0x44 cmp edx,0x2bc jl JUMP_000896 push byte +0x16 push byte +0x0 push dword DATA_008565 call _memset add esp,byte +0xc xor eax,eax mov [DATA_008566],eax JUMP_000897: ; Pos = 174d9 pop ebp ret FUNC_000092: ; Pos = 17534 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] cmp ebx,byte +0xa jl JUMP_000903 xor eax,eax jmp short JUMP_000905 JUMP_000903: ; Pos = 17548 cmp dword [esi+ebx*4+0x14],byte +0x0 jnz JUMP_000904 call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] mov [esi+ebx*4+0x14],eax JUMP_000904: ; Pos = 1755e mov eax,[esi+ebx*4+0x14] JUMP_000905: ; Pos = 17562 pop esi pop ebx pop ebp ret FUNC_000093: ; Pos = 17568 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[ebp+0xc] mov [eax*4+DATA_008568],edx pop ebp ret FUNC_000094: ; Pos = 1757c push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax*4+DATA_008568] pop ebp ret FUNC_000095: ; Pos = 1758c push ebp mov ebp,esp push ebx mov edx,[ebp+0x10] mov ebx,[ebp+0xc] mov ecx,[ebp+0x8] test edx,edx jnz JUMP_000906 mov eax,[ecx*4+DATA_008568] pop ebx pop ebp ret JUMP_000906: ; Pos = 175a7 cmp ebx,byte +0x5 jl JUMP_000907 xor eax,eax pop ebx pop ebp ret JUMP_000907: ; Pos = 175b1 mov eax,ebx shl eax,0x3 sub eax,ebx mov eax,[eax*8+DATA_008578] test eax,eax jz JUMP_000910 JUMP_000908: ; Pos = 175c3 cmp edx,[eax] jnz JUMP_000909 push ecx push eax call FUNC_000092 add esp,byte +0x8 pop ebx pop ebp ret JUMP_000909: ; Pos = 175d4 mov eax,[eax+0x3c] test eax,eax jnz JUMP_000908 JUMP_000910: ; Pos = 175db mov eax,ebx shl eax,0x3 sub eax,ebx mov eax,[eax*8+DATA_008577] test eax,eax jz JUMP_000913 JUMP_000911: ; Pos = 175ed cmp edx,[eax] jnz JUMP_000912 push ecx push eax call FUNC_000092 add esp,byte +0x8 pop ebx pop ebp ret JUMP_000912: ; Pos = 175fe mov eax,[eax+0x3c] test eax,eax jnz JUMP_000911 JUMP_000913: ; Pos = 17605 xor eax,eax pop ebx pop ebp ret FUNC_000096: ; Pos = 1760c push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,[ebp+0x10] push edx push eax mov eax,[ebp+0x8] push eax call FUNC_000095 add esp,byte +0xc pop ebp ret FUNC_000097: ; Pos = 17628 push ebp mov ebp,esp mov edx,[ebp+0x8] cmp edx,byte +0x5 jnl JUMP_000916 mov eax,edx shl eax,0x3 sub eax,edx mov eax,[eax*8+DATA_008577] test eax,eax jz JUMP_000915 JUMP_000914: ; Pos = 17645 mov dword [eax],0xffffffff mov eax,[eax+0x3c] test eax,eax jnz JUMP_000914 JUMP_000915: ; Pos = 17652 mov eax,edx shl eax,0x3 sub eax,edx xor ecx,ecx mov [eax*8+DATA_008577],ecx or dword [eax*8+DATA_008574],byte +0x4 JUMP_000916: ; Pos = 1766a pop ebp ret FUNC_000098: ; Pos = 1766c push ebp mov ebp,esp push ebx push esi push edi mov ebx,DATA_008579 mov ecx,[ebp+0x8] cmp ecx,byte +0x5 jnl near JUMP_000921 xor eax,eax mov edx,ebx JUMP_000917: ; Pos = 17687 cmp dword [edx],byte -0x1 jz JUMP_000918 inc eax add edx,byte +0x44 cmp eax,0x2bc jl JUMP_000917 JUMP_000918: ; Pos = 17697 cmp eax,0x2bc jnl near JUMP_000921 mov edx,eax shl edx,0x4 add edx,eax mov esi,[ebp+0xc] mov [ebx+edx*4],esi mov esi,[ebp+0x14] mov [ebx+edx*4+0x4],esi mov esi,[ebp+0x10] mov [ebx+edx*4+0x8],esi mov esi,[ebp+0x18] mov [ebx+edx*4+0xc],esi mov esi,ecx shl esi,0x3 sub esi,ecx mov esi,[esi*8+DATA_008577] mov [ebx+edx*4+0x3c],esi xor esi,esi mov [ebx+edx*4+0x40],esi xor esi,esi mov edx,eax shl edx,0x4 add edx,eax lea edx,[ebx+edx*4+0x14] JUMP_000919: ; Pos = 176e9 xor edi,edi mov [edx],edi inc esi add edx,byte +0x4 cmp esi,byte +0xa jl JUMP_000919 mov edx,ecx shl edx,0x3 sub edx,ecx cmp dword [edx*8+DATA_008577],byte +0x0 jz JUMP_000920 mov esi,eax shl esi,0x4 add esi,eax shl esi,0x2 add esi,ebx mov edi,ecx shl edi,0x3 sub edi,ecx mov edi,[edi*8+DATA_008577] mov [edi+0x40],esi JUMP_000920: ; Pos = 17724 mov esi,eax shl eax,0x4 add eax,esi shl eax,0x2 add eax,ebx mov [edx*8+DATA_008577],eax JUMP_000921: ; Pos = 17737 pop edi pop esi pop ebx pop ebp ret FUNC_000099: ; Pos = 1773c push ebp mov ebp,esp push ebx push esi mov edx,[ebp+0xc] mov ecx,[ebp+0x8] cmp ecx,byte +0x5 jnl JUMP_000931 mov eax,ecx shl eax,0x3 sub eax,ecx mov eax,[eax*8+DATA_008577] test eax,eax jz JUMP_000926 JUMP_000922: ; Pos = 1775e cmp edx,[eax] jnz JUMP_000925 mov ebx,[eax+0x40] test ebx,ebx jz JUMP_000923 mov esi,[eax+0x3c] mov [ebx+0x3c],esi JUMP_000923: ; Pos = 1776f mov ebx,[eax+0x3c] test ebx,ebx jz JUMP_000924 mov esi,[eax+0x40] mov [ebx+0x40],esi JUMP_000924: ; Pos = 1777c mov dword [eax],0xffffffff JUMP_000925: ; Pos = 17782 mov eax,[eax+0x3c] test eax,eax jnz JUMP_000922 JUMP_000926: ; Pos = 17789 mov eax,ecx shl eax,0x3 sub eax,ecx mov eax,[eax*8+DATA_008578] test eax,eax jz JUMP_000931 JUMP_000927: ; Pos = 1779b cmp edx,[eax] jnz JUMP_000930 mov ecx,[eax+0x40] test ecx,ecx jz JUMP_000928 mov ebx,[eax+0x3c] mov [ecx+0x3c],ebx JUMP_000928: ; Pos = 177ac mov ecx,[eax+0x3c] test ecx,ecx jz JUMP_000929 mov ebx,[eax+0x40] mov [ecx+0x40],ebx JUMP_000929: ; Pos = 177b9 mov dword [eax],0xffffffff JUMP_000930: ; Pos = 177bf mov eax,[eax+0x3c] test eax,eax jnz JUMP_000927 JUMP_000931: ; Pos = 177c6 pop esi pop ebx pop ebp ret nop nop FUNC_000100: ; Pos = 177cc push ebp mov ebp,esp push ebx mov ecx,[ebp+0x10] mov edx,[ebp+0xc] mov ebx,[ebp+0x8] cmp ebx,byte +0x5 jnl JUMP_000937 mov eax,ebx shl eax,0x3 sub eax,ebx mov eax,[eax*8+DATA_008577] test eax,eax jz JUMP_000934 JUMP_000932: ; Pos = 177f0 cmp edx,[eax] jnz JUMP_000933 mov [eax],ecx jmp short JUMP_000934 JUMP_000933: ; Pos = 177f8 mov eax,[eax+0x3c] test eax,eax jnz JUMP_000932 JUMP_000934: ; Pos = 177ff mov eax,ebx shl eax,0x3 sub eax,ebx mov eax,[eax*8+DATA_008578] test eax,eax jz JUMP_000937 JUMP_000935: ; Pos = 17811 cmp edx,[eax] jnz JUMP_000936 mov [eax],ecx pop ebx pop ebp ret JUMP_000936: ; Pos = 1781a mov eax,[eax+0x3c] test eax,eax jnz JUMP_000935 JUMP_000937: ; Pos = 17821 pop ebx pop ebp ret FUNC_000101: ; Pos = 17824 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,DATA_008569 xor ebx,ebx lea eax,[esi+0x1c] JUMP_000938: ; Pos = 17837 cmp dword [eax],byte +0x0 jz JUMP_000939 inc ebx add eax,byte +0x38 cmp ebx,byte +0x5 jl JUMP_000938 JUMP_000939: ; Pos = 17845 cmp ebx,byte +0x5 jnz JUMP_000940 or eax,byte -0x1 jmp JUMP_000944 JUMP_000940: ; Pos = 17852 mov eax,ebx shl eax,0x3 sub eax,ebx shl eax,0x3 add eax,esi mov edx,[ebp+0x8] push esi push edi mov esi,eax mov edi,edx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop edi pop esi mov eax,ebx shl eax,0x3 sub eax,ebx mov edx,[ebp+0xc] mov [esi+eax*8+0x14],edx test edi,edi jnz JUMP_000941 mov edx,[DATA_008807] jmp short JUMP_000942 JUMP_000941: ; Pos = 178a0 mov edx,edi JUMP_000942: ; Pos = 178a2 mov eax,ebx shl eax,0x3 sub eax,ebx mov [esi+eax*8+0x20],edx mov edx,[ebp+0x14] mov [esi+eax*8+0x1c],edx mov edx,[ebp+0x18] mov [esi+eax*8+0x28],edx xor edx,edx mov [esi+eax*8+0x24],edx xor edx,edx mov [esi+eax*8+0x30],edx xor edx,edx mov [esi+eax*8+0x34],edx xor edx,edx mov [esi+eax*8+0x2c],edx mov eax,[esi+eax*8+0x20] cmp eax,[DATA_008807] jna JUMP_000943 mov eax,ebx jmp short JUMP_000944 JUMP_000943: ; Pos = 178e3 mov eax,ebx JUMP_000944: ; Pos = 178e5 pop edi pop esi pop ebx pop ebp ret FUNC_000102: ; Pos = 178ec push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,byte +0x5 jnl JUMP_000945 mov edx,eax shl eax,0x3 sub eax,edx or dword [eax*8+DATA_008574],byte +0x1 JUMP_000945: ; Pos = 17906 pop ebp ret FUNC_000103: ; Pos = 17908 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,byte +0x5 jnl JUMP_000946 mov edx,eax shl eax,0x3 sub eax,edx and dword [eax*8+DATA_008574],byte -0x2 JUMP_000946: ; Pos = 17922 pop ebp ret FUNC_000104: ; Pos = 17924 push ebp mov ebp,esp push ebx push esi mov ecx,[ebp+0xc] mov eax,[ebp+0x8] cmp eax,byte +0x5 jnl JUMP_000948 mov edx,eax shl edx,0x3 sub edx,eax or dword [edx*8+DATA_008574],byte +0x2 mov esi,[edx*8+DATA_008576] mov ebx,[DATA_008807] cmp esi,ebx ja JUMP_000947 add ebx,ecx mov [edx*8+DATA_008576],ebx jmp short JUMP_000948 JUMP_000947: ; Pos = 1795f add [edx*8+DATA_008576],ecx JUMP_000948: ; Pos = 17966 pop esi pop ebx pop ebp ret FUNC_000105: ; Pos = 1796c push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,byte +0x5 jnl JUMP_000949 mov edx,eax shl eax,0x3 sub eax,edx and dword [eax*8+DATA_008574],byte -0x3 JUMP_000949: ; Pos = 17986 pop ebp ret FUNC_000106: ; Pos = 17988 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp ebx,byte +0x64 jl JUMP_000950 xor eax,eax pop ebx pop ebp ret JUMP_000950: ; Pos = 17999 cmp dword [ebx*4+DATA_008567],byte +0x0 jnz JUMP_000951 call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] mov [ebx*4+DATA_008567],eax JUMP_000951: ; Pos = 179b5 mov eax,[ebx*4+DATA_008567] pop ebx pop ebp ret FUNC_000107: ; Pos = 179c0 push ebp mov ebp,esp push dword DATA_002312 call FUNC_000108 pop ecx pop ebp ret FUNC_000108: ; Pos = 179d0 push ebp mov ebp,esp push ebx cmp dword [DATA_002310],byte +0x0 jnz near JUMP_000956 cmp dword [DATA_002311],byte +0x0 jz JUMP_000954 xor eax,eax mov [DATA_002311],eax push dword FUNC_000107 call _atexit pop ecx test eax,eax jz JUMP_000952 mov dword [DATA_002310],0x1 pop ebx pop ebp ret JUMP_000952: ; Pos = 17a0d push dword DATA_002314 push dword DATA_002313 call _fopen add esp,byte +0x8 mov ebx,eax mov [DATA_008582],ebx test ebx,ebx jz JUMP_000953 push dword DATA_002315 push ebx call _fprintf add esp,byte +0x8 jmp short JUMP_000955 JUMP_000953: ; Pos = 17a3b mov dword [DATA_002310],0x1 pop ebx pop ebp ret JUMP_000954: ; Pos = 17a48 push dword DATA_002317 push dword DATA_002316 call _fopen add esp,byte +0x8 mov ebx,eax mov [DATA_008582],ebx test ebx,ebx jnz JUMP_000955 mov dword [DATA_002310],0x1 pop ebx pop ebp ret JUMP_000955: ; Pos = 17a73 lea eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax mov eax,[DATA_008582] push eax call _vfprintf add esp,byte +0xc mov eax,[DATA_008582] push eax call _fclose pop ecx test eax,eax jz JUMP_000956 mov dword [DATA_002310],0x1 JUMP_000956: ; Pos = 17aa3 pop ebx pop ebp ret FUNC_000109: ; Pos = 17aa8 push ebp mov ebp,esp push ecx push byte +0x4 lea eax,[ebp-0x4] push eax mov eax,[DATA_002320] push eax call FUNC_000123 add esp,byte +0xc mov eax,[ebp-0x4] pop ecx pop ebp ret FUNC_000110: ; Pos = 17ac8 push ebp mov ebp,esp push ecx push byte +0x2 lea eax,[ebp-0x2] push eax mov eax,[DATA_002320] push eax call FUNC_000123 add esp,byte +0xc movzx eax,word [ebp-0x2] pop ecx pop ebp ret FUNC_000111: ; Pos = 17ae8 push ebp mov ebp,esp push ecx push byte +0x4 lea eax,[ebp-0x4] push eax mov eax,[DATA_002320] push eax call FUNC_000123 add esp,byte +0xc mov eax,[ebp-0x4] shl eax,0x18 mov edx,[ebp-0x4] shl edx,0x8 and edx,0xff0000 or eax,edx mov edx,[ebp-0x4] shr edx,0x8 and edx,0xff00 or eax,edx mov edx,[ebp-0x4] shr edx,0x18 or eax,edx pop ecx pop ebp ret FUNC_000112: ; Pos = 17b90 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi xor ebx,ebx mov dword [ebp-0xc],DATA_008602 mov dword [ebp-0x8],DATA_008601 mov edi,DATA_008600 mov esi,DATA_008599 JUMP_000957: ; Pos = 17bb3 mov [ebp-0x10],ebx fild dword [ebp-0x10] fstp dword [ebp-0x4] test bl,0x80 jz JUMP_000958 fld dword [ebp-0x4] fsub dword [DATA_000006] fstp dword [ebp-0x4] JUMP_000958: ; Pos = 17bcd fld dword [ebp-0x4] fmul dword [DATA_000007] fstp dword [ebp-0x4] fld qword [DATA_000008] fmul dword [ebp-0x4] call FUNC_002095_fstore mov [esi],eax fld qword [DATA_000009] fmul dword [ebp-0x4] call FUNC_002095_fstore mov [edi],eax fld qword [DATA_000010] fmul dword [ebp-0x4] call FUNC_002095_fstore mov edx,[ebp-0x8] mov [edx],eax fld qword [DATA_000011] fmul dword [ebp-0x4] call FUNC_002095_fstore mov edx,[ebp-0xc] mov [edx],eax inc ebx add dword [ebp-0xc],byte +0x4 add dword [ebp-0x8],byte +0x4 add edi,byte +0x4 add esi,byte +0x4 cmp ebx,0x100 jl near JUMP_000957 pop edi pop esi pop ebx mov esp,ebp pop ebp ret SECTION .data DATA_000006: ; Pos = 17c44 db 0x0, 0x0, 0x80, 0x43 DATA_000007: ; Pos = 17c48 db 0x0, 0x0, 0x80, 0x46 DATA_000008: ; Pos = 17c4c db 0x27, 0x31, 0x8, 0xac, 0x1c, 0x5a, 0xfc, 0x3f DATA_000009: ; Pos = 17c54 db 0x3b, 0xdf, 0x4f, 0x8d, 0x97, 0x6e, 0xf6, 0x3f DATA_000010: ; Pos = 17c5c db 0x4a, 0xb5, 0x4f, 0xc7, 0x63, 0x6, 0xd6, 0xbf DATA_000011: ; Pos = 17c64 db 0x7c, 0x7e, 0x18, 0x21, 0x3c, 0xda, 0xe6, 0xbf SECTION .text FUNC_000113: ; Pos = 17c6c push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] cmp dword [ebp+0x8],byte +0x38 jz JUMP_000959 call FUNC_001529_SysExit JUMP_000959: ; Pos = 17c7e push byte +0x38 push ebx mov eax,[DATA_002320] push eax call FUNC_000123 add esp,byte +0xc mov eax,[ebx] mov ecx,0x3e8 xor edx,edx div ecx mov [DATA_008589],eax mov eax,0x1 pop ebx pop ebp ret FUNC_000114: ; Pos = 17ca8 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] cmp ebx,byte +0x24 jnc JUMP_000960 call FUNC_001529_SysExit JUMP_000960: ; Pos = 17cbd call FUNC_000111 mov [esi],eax call FUNC_000111 mov [esi+0x4],eax push byte +0x28 add esi,byte +0x8 push esi mov eax,[DATA_002320] push eax call FUNC_000123 add esp,byte +0xc mov eax,0x30 test bl,0x1 jz JUMP_000961 inc ebx JUMP_000961: ; Pos = 17ceb cmp ebx,eax jna JUMP_000962 sub ebx,eax push ebx mov eax,[DATA_002320] push eax call FUNC_000124 add esp,byte +0x8 JUMP_000962: ; Pos = 17d00 mov eax,0x1 pop esi pop ebx pop ebp ret FUNC_000115: ; Pos = 17d0c push ebp mov ebp,esp add esp,0xfffff7fc push ebx push esi push edi mov ebx,[ebp+0xc] call FUNC_000109 mov [ebx],eax call FUNC_000109 mov [ebx+0x4],eax call FUNC_000109 mov [ebx+0x8],eax call FUNC_000110 mov [ebx+0xc],eax call FUNC_000110 mov [ebx+0x10],eax call FUNC_000111 mov [ebx+0x14],eax mov [DATA_008588],eax call FUNC_000109 mov [ebx+0x18],eax call FUNC_000109 mov [ebx+0x1c],eax call FUNC_000109 mov [ebx+0x20],eax call FUNC_000109 mov [ebx+0x24],eax call FUNC_000109 mov [ebx+0x28],eax mov eax,[ebx+0x10] mov [DATA_008587],eax mov eax,[ebx+0x4] mov [DATA_008584],eax mov eax,[ebx+0x8] mov [DATA_008585],eax mov eax,[ebx+0x24] mov [DATA_008586],eax cmp dword [DATA_008586],byte +0x0 jnz JUMP_000963 cmp dword [DATA_008587],byte +0x8 ja JUMP_000963 mov ecx,[DATA_008587] mov eax,0x1 shl eax,cl mov [DATA_008586],eax JUMP_000963: ; Pos = 17dbb mov eax,[DATA_008586] mov [ebx+0x24],eax mov eax,[DATA_008588] cmp eax,0x200ffff jg JUMP_000965 jz near JUMP_000972 cmp eax,0x1000000 jg JUMP_000964 jz JUMP_000968 sub eax,byte +0x1 jc JUMP_000967 sub eax,0xfffe jz JUMP_000970 jmp JUMP_000978 JUMP_000964: ; Pos = 17def sub eax,0x100ffff jz JUMP_000971 sub eax,0xff0001 jz JUMP_000969 jmp JUMP_000978 JUMP_000965: ; Pos = 17e02 cmp eax,0x4352414d jg JUMP_000966 jz near JUMP_000977 sub eax,0x300ffff jz JUMP_000973 sub eax,0x1000000 jz JUMP_000974 jmp JUMP_000978 JUMP_000966: ; Pos = 17e22 sub eax,0x63766964 jz JUMP_000976 sub eax,0xefdc8cd jz JUMP_000975 jmp JUMP_000978 JUMP_000967: ; Pos = 17e35 mov dword [DATA_008588],0x52474220 jmp JUMP_000978 JUMP_000968: ; Pos = 17e44 mov dword [DATA_008588],0x524c4538 jmp short JUMP_000978 JUMP_000969: ; Pos = 17e50 mov dword [DATA_008588],0x524c4534 jmp short JUMP_000978 JUMP_000970: ; Pos = 17e5c mov dword [DATA_008588],0x4e4f4e45 jmp short JUMP_000978 JUMP_000971: ; Pos = 17e68 mov dword [DATA_008588],0x5041434b jmp short JUMP_000978 JUMP_000972: ; Pos = 17e74 mov dword [DATA_008588],0x5452414e jmp short JUMP_000978 JUMP_000973: ; Pos = 17e80 mov dword [DATA_008588],0x43434320 jmp short JUMP_000978 JUMP_000974: ; Pos = 17e8c mov dword [DATA_008588],0x4a504547 jmp short JUMP_000978 JUMP_000975: ; Pos = 17e98 mov dword [DATA_008588],0x52543231 jmp short JUMP_000978 JUMP_000976: ; Pos = 17ea4 call FUNC_000112 JUMP_000977: ; Pos = 17ea9 mov eax,[DATA_008584] add eax,byte +0x3 shr eax,0x2 shl eax,0x2 mov [DATA_008584],eax mov eax,[DATA_008585] add eax,byte +0x3 shr eax,0x2 shl eax,0x2 mov [DATA_008585],eax JUMP_000978: ; Pos = 17ecf cmp dword [DATA_008587],byte +0x8 ja near JUMP_000983 mov eax,[DATA_008586] shl eax,0x2 push eax lea eax,[ebp+0xfffffbfc] push eax mov eax,[DATA_002320] push eax call FUNC_000123 add esp,byte +0xc xor esi,esi lea edi,[ebp+0xfffff7fc] lea ebx,[ebp+0xfffffbfe] jmp short JUMP_000980 JUMP_000979: ; Pos = 17f0a xor eax,eax mov al,[ebx] sar eax,0x4 mov [ebp-0x3],al xor eax,eax mov al,[ebx-0x1] sar eax,0x4 mov [ebp-0x2],al xor eax,eax mov al,[ebx-0x2] sar eax,0x4 mov [ebp-0x1],al mov eax,[ebp-0x3] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [edi],eax inc esi add edi,byte +0x4 add ebx,byte +0x4 JUMP_000980: ; Pos = 17f41 cmp esi,[DATA_008586] jc JUMP_000979 call near [DATA_007632] ; FUNC_001330_DPalBuild xor esi,esi mov edi,DATA_008604 lea ebx,[ebp+0xfffff7fc] jmp short JUMP_000982 JUMP_000981: ; Pos = 17f5e mov ax,[ebx] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov [edi],al inc esi inc edi add ebx,byte +0x4 JUMP_000982: ; Pos = 17f70 cmp esi,[DATA_008586] jc JUMP_000981 call near [DATA_007633] ; FUNC_001331_DPalSet jmp short JUMP_000984 JUMP_000983: ; Pos = 17f80 call FUNC_001529_SysExit JUMP_000984: ; Pos = 17f85 mov eax,[DATA_008586] shl eax,0x2 add eax,byte +0x28 mov edx,[ebp+0x8] inc edx and edx,byte -0x2 mov [ebp+0x8],edx cmp eax,[ebp+0x8] jnc JUMP_000985 mov edx,[ebp+0x8] sub edx,eax push edx mov eax,[DATA_002320] push eax call FUNC_000124 add esp,byte +0x8 JUMP_000985: ; Pos = 17fb3 mov eax,0x1 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000116: ; Pos = 17fc0 push ebp mov ebp,esp sub esp, 3504 push ebx push esi mov ebx,[ebp+0xc] mov eax,[ebp+0x8] cmp eax,byte +0x5 ja near JUMP_000995 jmp near [eax*4+DATA_000012] SECTION .data DATA_000012: ; Pos = 17fdb dd JUMP_000995 dd JUMP_000986 dd JUMP_000988 dd JUMP_000992 dd JUMP_000993 dd JUMP_000994 SECTION .text JUMP_000986: ; Pos = 17ff3 call _SoundStreamReset jmp JUMP_000997 JUMP_000988: ; Pos = 1802e test bl, 0x1 jz JUMP_000989 inc ebx JUMP_000989: ; Pos = 18034 cmp ebx, 3500 jng JUMP_000990 call FUNC_001529_SysExit JUMP_000990: ; Pos = 18041 mov esi, ebx push esi lea eax, [esp-0xdb0] push eax mov eax, [DATA_002320] push eax call FUNC_000123 add esp,byte +0xc push esi lea eax, [esp-0xdb0] push eax call _SoundStreamAddBlock add esp, byte 0x8 jmp JUMP_000997 JUMP_000992: ; Pos = 180b4 call _SoundStreamStart jmp short JUMP_000997 JUMP_000993: ; Pos = 180ea call _SoundStreamWait jmp short JUMP_000997 JUMP_000994: ; Pos = 18104 call _SoundStreamStop jmp short JUMP_000997 JUMP_000995: ; Pos = 1813b ; push dword DATA_002324 ; push dword DATA_008349 ; call _fprintf ; add esp,byte +0x8 JUMP_000996: ; Pos = 1814d call near [DATA_007672] ; FUNC_001414_GuiGetLastAction test al,al jz JUMP_000996 call FUNC_001529_SysExit JUMP_000997: ; Pos = 1815c mov eax,0x1 pop esi pop ebx mov esp, ebp pop ebp ret FUNC_000117: ; Pos = 18168 push ebp mov ebp,esp mov byte [DATA_008642],0x0 xor eax,eax mov [DATA_002323],eax mov eax,[DATA_002320] test eax,eax jz JUMP_000998 push eax call _fclose pop ecx xor eax,eax mov [DATA_002320],eax JUMP_000998: ; Pos = 18190 push byte +0x0 push byte +0x5 call FUNC_000116 add esp,byte +0x8 pop ebp ret FUNC_000118: ; Pos = 18264 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi mov eax,[ebp+0x8] cmp dword [DATA_008616],byte +0x0 jg JUMP_001001 cmp dword [DATA_008613],byte +0x0 jng near JUMP_001031 JUMP_001001: ; Pos = 18285 call FUNC_000111 mov esi,eax call FUNC_000109 mov ebx,eax cmp esi,0x52494646 jg near JUMP_001004 jz near JUMP_001006 cmp esi,0x30317762 jg JUMP_001003 jz near JUMP_001026 cmp esi,0x30306478 jg JUMP_001002 jz near JUMP_001012 sub esi,0x3030414d jz near JUMP_001028 add esi,0xffffdceb sub esi,byte +0x2 jc near JUMP_001012 jmp JUMP_001029 JUMP_001002: ; Pos = 182e1 sub esi,0x30306976 jz near JUMP_001012 sub esi,0xf02 jz near JUMP_001012 jmp JUMP_001029 JUMP_001003: ; Pos = 182fe sub esi,0x44495350 jz near JUMP_001028 sub esi,0x509eefa jz near JUMP_001028 sub esi,0x1020c01 jz near JUMP_001028 sub esi,0x1f40509 jz JUMP_001007 jmp JUMP_001029 JUMP_001004: ; Pos = 1832f cmp esi,0x73747266 jg JUMP_001005 jz near JUMP_001010 sub esi,0x61766968 jz JUMP_001008 sub esi,0x6ee0904 jz near JUMP_001028 sub esi,0x10005c5 jz near JUMP_001028 sub esi,0xa0ffa33 jz near JUMP_001028 jmp JUMP_001029 JUMP_001005: ; Pos = 1836e sub esi,0x73747268 jz JUMP_001009 sub esi,byte +0x4 jz near JUMP_001028 sub esi,0x2f0f208 jz near JUMP_001028 sub esi,0x3ffff jz near JUMP_001028 jmp JUMP_001029 JUMP_001006: ; Pos = 1839c call FUNC_000111 jmp JUMP_001032 JUMP_001007: ; Pos = 183a6 call FUNC_000111 jmp JUMP_001032 JUMP_001008: ; Pos = 183b0 push dword DATA_008595 push ebx call FUNC_000113 add esp,byte +0x8 test eax,eax jnz near JUMP_001032 jmp JUMP_001032 JUMP_001009: ; Pos = 183cb push dword DATA_008596 push ebx call FUNC_000114 add esp,byte +0x8 test eax,eax jnz near JUMP_001032 jmp JUMP_001032 JUMP_001010: ; Pos = 183e6 mov eax,[DATA_008596] sub eax,0x61756473 jz JUMP_001011 sub eax,0x14f40000 jnz near JUMP_001032 push dword DATA_008597 push ebx call FUNC_000115 add esp,byte +0x8 test eax,eax jnz near JUMP_001032 jmp JUMP_001032 JUMP_001011: ; Pos = 18418 inc ebx and ebx,byte -0x2 push ebx mov eax,[DATA_002320] push eax call FUNC_000124 add esp,byte +0x8 jmp JUMP_001032 JUMP_001012: ; Pos = 18430 inc dword [DATA_008611] jz JUMP_001013 call FUNC_000560 JUMP_001013: ; Pos = 1843d mov eax,[DATA_008611] mov ecx,0x5 cdq idiv ecx test edx,edx jnz JUMP_001014 mov byte [DATA_008612],0x1 JUMP_001014: ; Pos = 18455 cmp byte [DATA_008612],0x1 jnz near JUMP_001025 mov esi,DATA_008606 inc ebx and ebx,byte -0x2 test ebx,ebx jz near JUMP_001032 mov dword [esi+0x4],0x1100 xor eax,eax mov [esi+0x20],eax mov [esi+0x24],ebx push ebx lea eax,[esi+0x28] push eax mov eax,[DATA_002320] push eax call FUNC_000123 add esp,byte +0xc mov eax,[DATA_008607] add eax,[DATA_008584] mov [DATA_008609],eax mov eax,[DATA_008608] add eax,[DATA_008585] mov [DATA_008610],eax xor eax,eax mov [esi+0xc],eax mov [esi+0x8],eax mov eax,[DATA_008584] mov [esi+0x10],eax mov eax,[DATA_008585] mov [esi+0x14],eax xor eax,eax mov [esi+0x18],eax xor eax,eax mov [esi+0x1c],eax mov eax,[DATA_008588] sub eax,0x4352414d jz JUMP_001015 sub eax,0xef500d3 jz JUMP_001016 jmp JUMP_001032 JUMP_001015: ; Pos = 184ef cmp dword [DATA_008587],byte +0x8 jnz near JUMP_001032 mov dword [esi],FUNC_000119 jmp short JUMP_001017 JUMP_001016: ; Pos = 18504 cmp dword [DATA_008587],byte +0x8 jnz near JUMP_001032 mov dword [esi],FUNC_000121 JUMP_001017: ; Pos = 18517 cmp dword [DATA_008598],byte +0x0 jz JUMP_001018 cmp dword [DATA_008587],byte +0x8 ja JUMP_001019 JUMP_001018: ; Pos = 18529 lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax push byte +0x8 mov eax,[DATA_008585] push eax mov eax,[DATA_008584] push eax mov eax,[esi+0x24] push eax lea eax,[esi+0x28] push eax push dword DATA_008605 call near [esi] add esp,byte +0x28 mov eax,[ebp-0x4] sub [ebp-0xc],eax mov eax,[ebp-0x8] sub [ebp-0x10],eax JUMP_001019: ; Pos = 18565 cmp dword [DATA_007902],byte +0x0 jz JUMP_001023 cmp dword [DATA_008611],byte +0x0 jnz JUMP_001020 push byte +0x0 push byte +0x3 call FUNC_000116 add esp,byte +0x8 test eax,eax jnz JUMP_001024 jmp JUMP_001032 JUMP_001020: ; Pos = 1858c call _TimerGetTimeStamp mov [DATA_008618],eax JUMP_001021: ; Pos = 18596 call _SoundStreamGetUsedBlocks cmp eax,[DATA_008611] jnl JUMP_001022 call _TimerGetTimeStamp mov [ebp-0x14],eax fild dword [ebp-0x14] fild dword [DATA_008618] fadd qword [DATA_000013] fcompp fnstsw ax sahf jnc JUMP_001021 JUMP_001022: ; Pos = 185c1 call _SoundStreamGetUsedBlocks cmp eax,[DATA_008611] jng JUMP_001024 mov byte [DATA_008612],0x0 jmp short JUMP_001024 JUMP_001023: ; Pos = 185d7 call _TimerGetTimeStamp sub eax,[DATA_008618] mov [ebp-0x14],eax fild dword [ebp-0x14] fcomp qword [DATA_000014] fnstsw ax sahf jc JUMP_001023 call _TimerGetTimeStamp mov [DATA_008618],eax JUMP_001024: ; Pos = 185fd call FUNC_001418_TimerAdvance call FUNC_001637_FlipScreen jmp JUMP_001032 JUMP_001025: ; Pos = 18607 push ebx mov eax,[DATA_002320] push eax call FUNC_000124 add esp,byte +0x8 jmp near JUMP_001032 JUMP_001026: ; Pos = 18618 cmp dword [DATA_007902],byte +0x0 jz JUMP_001027 push ebx push byte +0x2 call FUNC_000116 add esp,byte +0x8 test eax,eax jnz JUMP_001032 jmp short JUMP_001032 JUMP_001027: ; Pos = 18632 inc ebx and ebx,byte -0x2 push ebx mov eax,[DATA_002320] push eax call FUNC_000124 add esp,byte +0x8 jmp short JUMP_001032 JUMP_001028: ; Pos = 18647 inc ebx and ebx,byte -0x2 push ebx mov eax,[DATA_002320] push eax call FUNC_000124 add esp,byte +0x8 jmp short JUMP_001032 JUMP_001029: ; Pos = 1865c cmp dword [DATA_008616],byte +0x0 jg JUMP_001030 cmp dword [DATA_008613],byte +0x0 jng JUMP_001032 JUMP_001030: ; Pos = 1866e call FUNC_000117 call FUNC_000560 call FUNC_001418_TimerAdvance call FUNC_001637_FlipScreen jmp short JUMP_001032 JUMP_001031: ; Pos = 1867f call FUNC_000117 call FUNC_000560 call FUNC_001418_TimerAdvance call FUNC_001637_FlipScreen JUMP_001032: ; Pos = 1868e pop esi pop ebx mov esp,ebp pop ebp ret SECTION .data DATA_000013: ; Pos = 18694 db 0xab, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x50, 0x40 DATA_000014: ; Pos = 1869c db 0xab, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x40, 0x40 SECTION .text FUNC_000119: ; Pos = 186a4 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi mov eax,[ebp+0x10] mov [ebp+0x10],eax mov eax,[ebp+0x1c] mov [ebp+0x1c],eax xor eax,eax mov [ebp-0xc],eax xor eax,eax mov [ebp-0x28],eax mov [ebp-0x20],eax mov eax,[ebp+0x14] mov [ebp-0x1c],eax mov eax,[ebp+0x18] mov [ebp-0x24],eax mov ecx,[ebp+0xc] mov eax,[ebp+0x14] add eax,byte +0x3 mov [ebp-0x4],eax xor esi,esi mov eax,[ebp+0x18] dec eax mov [ebp-0x18],eax xor eax,eax mov [ebp-0x8],eax mov eax,[ebp+0x14] imul dword [ebp+0x18] shr eax,0x4 inc eax mov [ebp-0x10],eax jmp JUMP_001110 JUMP_001033: ; Pos = 186fd mov al,[ecx] mov [ebp-0x11],al inc ecx mov dl,[ecx] inc ecx dec dword [ebp-0x10] test dl,dl jnz JUMP_001034 cmp byte [ebp-0x11],0x0 jnz JUMP_001034 cmp dword [ebp-0x10],byte +0x0 jnz JUMP_001034 mov dword [ebp-0x8],0x1 jmp JUMP_001110 JUMP_001034: ; Pos = 18725 cmp dword [ebp-0x18],byte +0x0 jnl JUMP_001035 mov dword [ebp-0x8],0x1 jmp JUMP_001110 JUMP_001035: ; Pos = 18737 cmp dl,0x84 jc JUMP_001038 cmp dl,0x87 ja JUMP_001038 xor eax,eax mov al,dl add eax,0xffffff7c shl eax,0x8 xor edx,edx mov dl,[ebp-0x11] add eax,edx mov edx,eax dec edx sub [ebp-0x10],edx jmp short JUMP_001037 JUMP_001036: ; Pos = 1875c add esi,byte +0x4 cmp esi,[ebp+0x14] jc JUMP_001037 xor esi,esi sub dword [ebp-0x18],byte +0x4 JUMP_001037: ; Pos = 1876a mov edx,eax add eax,byte -0x1 test edx,edx jnz JUMP_001036 jmp JUMP_001110 JUMP_001038: ; Pos = 18778 cmp dl,0x90 jc near JUMP_001071 mov eax,[ebp-0x18] imul eax,[ebp+0x14] add eax,[ebp+0x8] add eax,esi mov bl,[ecx] mov [ebp-0x2b],bl inc ecx mov bl,[ecx] mov [ebp-0x29],bl inc ecx mov bl,[ecx] mov [ebp-0x2c],bl inc ecx mov bl,[ecx] mov [ebp-0x2a],bl inc ecx test byte [ebp-0x11],0x1 jz JUMP_001039 mov bl,[ebp-0x2b] jmp short JUMP_001040 JUMP_001039: ; Pos = 187b0 mov bl,[ebp-0x29] JUMP_001040: ; Pos = 187b3 mov [eax],bl inc eax test byte [ebp-0x11],0x2 jz JUMP_001041 mov bl,[ebp-0x2b] jmp short JUMP_001042 JUMP_001041: ; Pos = 187c1 mov bl,[ebp-0x29] JUMP_001042: ; Pos = 187c4 mov [eax],bl inc eax test byte [ebp-0x11],0x4 jz JUMP_001043 mov bl,[ebp-0x2c] jmp short JUMP_001044 JUMP_001043: ; Pos = 187d2 mov bl,[ebp-0x2a] JUMP_001044: ; Pos = 187d5 mov [eax],bl inc eax test byte [ebp-0x11],0x8 jz JUMP_001045 mov bl,[ebp-0x2c] jmp short JUMP_001046 JUMP_001045: ; Pos = 187e3 mov bl,[ebp-0x2a] JUMP_001046: ; Pos = 187e6 mov [eax],bl sub eax,[ebp-0x4] test byte [ebp-0x11],0x10 jz JUMP_001047 mov bl,[ebp-0x2b] jmp short JUMP_001048 JUMP_001047: ; Pos = 187f6 mov bl,[ebp-0x29] JUMP_001048: ; Pos = 187f9 mov [eax],bl inc eax test byte [ebp-0x11],0x20 jz JUMP_001049 mov bl,[ebp-0x2b] jmp short JUMP_001050 JUMP_001049: ; Pos = 18807 mov bl,[ebp-0x29] JUMP_001050: ; Pos = 1880a mov [eax],bl inc eax test byte [ebp-0x11],0x40 jz JUMP_001051 mov bl,[ebp-0x2c] jmp short JUMP_001052 JUMP_001051: ; Pos = 18818 mov bl,[ebp-0x2a] JUMP_001052: ; Pos = 1881b mov [eax],bl inc eax test byte [ebp-0x11],0x80 jz JUMP_001053 mov bl,[ebp-0x2c] jmp short JUMP_001054 JUMP_001053: ; Pos = 18829 mov bl,[ebp-0x2a] JUMP_001054: ; Pos = 1882c mov [eax],bl sub eax,[ebp-0x4] mov bl,[ecx] mov [ebp-0x2b],bl inc ecx mov bl,[ecx] mov [ebp-0x29],bl inc ecx mov bl,[ecx] mov [ebp-0x2c],bl inc ecx mov bl,[ecx] mov [ebp-0x2a],bl inc ecx test dl,0x1 jz JUMP_001055 mov bl,[ebp-0x2b] jmp short JUMP_001056 JUMP_001055: ; Pos = 18853 mov bl,[ebp-0x29] JUMP_001056: ; Pos = 18856 mov [eax],bl inc eax test dl,0x2 jz JUMP_001057 mov bl,[ebp-0x2b] jmp short JUMP_001058 JUMP_001057: ; Pos = 18863 mov bl,[ebp-0x29] JUMP_001058: ; Pos = 18866 mov [eax],bl inc eax test dl,0x4 jz JUMP_001059 mov bl,[ebp-0x2c] jmp short JUMP_001060 JUMP_001059: ; Pos = 18873 mov bl,[ebp-0x2a] JUMP_001060: ; Pos = 18876 mov [eax],bl inc eax test dl,0x8 jz JUMP_001061 mov bl,[ebp-0x2c] jmp short JUMP_001062 JUMP_001061: ; Pos = 18883 mov bl,[ebp-0x2a] JUMP_001062: ; Pos = 18886 mov [eax],bl sub eax,[ebp-0x4] test dl,0x10 jz JUMP_001063 mov bl,[ebp-0x2b] jmp short JUMP_001064 JUMP_001063: ; Pos = 18895 mov bl,[ebp-0x29] JUMP_001064: ; Pos = 18898 mov [eax],bl inc eax test dl,0x20 jz JUMP_001065 mov bl,[ebp-0x2b] jmp short JUMP_001066 JUMP_001065: ; Pos = 188a5 mov bl,[ebp-0x29] JUMP_001066: ; Pos = 188a8 mov [eax],bl inc eax test dl,0x40 jz JUMP_001067 mov bl,[ebp-0x2c] jmp short JUMP_001068 JUMP_001067: ; Pos = 188b5 mov bl,[ebp-0x2a] JUMP_001068: ; Pos = 188b8 mov [eax],bl inc eax test dl,0x80 jz JUMP_001069 mov dl,[ebp-0x2c] jmp short JUMP_001070 JUMP_001069: ; Pos = 188c5 mov dl,[ebp-0x2a] JUMP_001070: ; Pos = 188c8 mov [eax],dl jmp JUMP_001105 JUMP_001071: ; Pos = 188cf cmp dl,0x80 jnc near JUMP_001104 mov eax,[ebp-0x18] imul eax,[ebp+0x14] add eax,[ebp+0x8] add eax,esi mov bl,[ecx] mov [ebp-0x2e],bl inc ecx mov bl,[ecx] mov [ebp-0x2d],bl inc ecx test byte [ebp-0x11],0x1 jz JUMP_001072 mov bl,[ebp-0x2e] jmp short JUMP_001073 JUMP_001072: ; Pos = 188fb mov bl,[ebp-0x2d] JUMP_001073: ; Pos = 188fe mov [eax],bl inc eax test byte [ebp-0x11],0x2 jz JUMP_001074 mov bl,[ebp-0x2e] jmp short JUMP_001075 JUMP_001074: ; Pos = 1890c mov bl,[ebp-0x2d] JUMP_001075: ; Pos = 1890f mov [eax],bl inc eax test byte [ebp-0x11],0x4 jz JUMP_001076 mov bl,[ebp-0x2e] jmp short JUMP_001077 JUMP_001076: ; Pos = 1891d mov bl,[ebp-0x2d] JUMP_001077: ; Pos = 18920 mov [eax],bl inc eax test byte [ebp-0x11],0x8 jz JUMP_001078 mov bl,[ebp-0x2e] jmp short JUMP_001079 JUMP_001078: ; Pos = 1892e mov bl,[ebp-0x2d] JUMP_001079: ; Pos = 18931 mov [eax],bl sub eax,[ebp-0x4] test byte [ebp-0x11],0x10 jz JUMP_001080 mov bl,[ebp-0x2e] jmp short JUMP_001081 JUMP_001080: ; Pos = 18941 mov bl,[ebp-0x2d] JUMP_001081: ; Pos = 18944 mov [eax],bl inc eax test byte [ebp-0x11],0x20 jz JUMP_001082 mov bl,[ebp-0x2e] jmp short JUMP_001083 JUMP_001082: ; Pos = 18952 mov bl,[ebp-0x2d] JUMP_001083: ; Pos = 18955 mov [eax],bl inc eax test byte [ebp-0x11],0x40 jz JUMP_001084 mov bl,[ebp-0x2e] jmp short JUMP_001085 JUMP_001084: ; Pos = 18963 mov bl,[ebp-0x2d] JUMP_001085: ; Pos = 18966 mov [eax],bl inc eax test byte [ebp-0x11],0x80 jz JUMP_001086 mov bl,[ebp-0x2e] jmp short JUMP_001087 JUMP_001086: ; Pos = 18974 mov bl,[ebp-0x2d] JUMP_001087: ; Pos = 18977 mov [eax],bl sub eax,[ebp-0x4] test dl,0x1 jz JUMP_001088 mov bl,[ebp-0x2e] jmp short JUMP_001089 JUMP_001088: ; Pos = 18986 mov bl,[ebp-0x2d] JUMP_001089: ; Pos = 18989 mov [eax],bl inc eax test dl,0x2 jz JUMP_001090 mov bl,[ebp-0x2e] jmp short JUMP_001091 JUMP_001090: ; Pos = 18996 mov bl,[ebp-0x2d] JUMP_001091: ; Pos = 18999 mov [eax],bl inc eax test dl,0x4 jz JUMP_001092 mov bl,[ebp-0x2e] jmp short JUMP_001093 JUMP_001092: ; Pos = 189a6 mov bl,[ebp-0x2d] JUMP_001093: ; Pos = 189a9 mov [eax],bl inc eax test dl,0x8 jz JUMP_001094 mov bl,[ebp-0x2e] jmp short JUMP_001095 JUMP_001094: ; Pos = 189b6 mov bl,[ebp-0x2d] JUMP_001095: ; Pos = 189b9 mov [eax],bl sub eax,[ebp-0x4] test dl,0x10 jz JUMP_001096 mov bl,[ebp-0x2e] jmp short JUMP_001097 JUMP_001096: ; Pos = 189c8 mov bl,[ebp-0x2d] JUMP_001097: ; Pos = 189cb mov [eax],bl inc eax test dl,0x20 jz JUMP_001098 mov bl,[ebp-0x2e] jmp short JUMP_001099 JUMP_001098: ; Pos = 189d8 mov bl,[ebp-0x2d] JUMP_001099: ; Pos = 189db mov [eax],bl inc eax test dl,0x40 jz JUMP_001100 mov bl,[ebp-0x2e] jmp short JUMP_001101 JUMP_001100: ; Pos = 189e8 mov bl,[ebp-0x2d] JUMP_001101: ; Pos = 189eb mov [eax],bl inc eax test dl,0x80 jz JUMP_001102 mov dl,[ebp-0x2e] jmp short JUMP_001103 JUMP_001102: ; Pos = 189f8 mov dl,[ebp-0x2d] JUMP_001103: ; Pos = 189fb mov [eax],dl jmp short JUMP_001105 JUMP_001104: ; Pos = 189ff mov dl,[ebp-0x11] mov eax,[ebp-0x18] imul eax,[ebp+0x14] add eax,[ebp+0x8] add eax,esi mov [eax],dl inc eax mov [eax],dl inc eax mov [eax],dl inc eax mov [eax],dl mov ebx,[ebp-0x4] sub eax,ebx mov [eax],dl inc eax mov [eax],dl inc eax mov [eax],dl inc eax mov [eax],dl sub eax,ebx mov [eax],dl inc eax mov [eax],dl inc eax mov [eax],dl inc eax mov [eax],dl sub eax,ebx mov [eax],dl inc eax mov [eax],dl inc eax mov [eax],dl inc eax mov [eax],dl JUMP_001105: ; Pos = 18a43 cmp esi,[ebp-0x1c] jnl JUMP_001106 mov [ebp-0x1c],esi JUMP_001106: ; Pos = 18a4b mov eax,[ebp-0x18] cmp eax,[ebp-0x28] jng JUMP_001107 mov eax,[ebp-0x18] mov [ebp-0x28],eax JUMP_001107: ; Pos = 18a59 cmp esi,[ebp-0x20] jng JUMP_001108 mov [ebp-0x20],esi JUMP_001108: ; Pos = 18a61 mov eax,[ebp-0x18] cmp eax,[ebp-0x24] jnl JUMP_001109 mov eax,[ebp-0x18] mov [ebp-0x24],eax JUMP_001109: ; Pos = 18a6f mov dword [ebp-0xc],0x1 add esi,byte +0x4 cmp esi,[ebp+0x14] jc JUMP_001110 xor esi,esi sub dword [ebp-0x18],byte +0x4 JUMP_001110: ; Pos = 18a84 cmp dword [ebp-0x8],byte +0x0 jz near JUMP_001033 cmp dword [DATA_002318],byte +0x1 jnz JUMP_001112 cmp dword [ebp-0xc],byte +0x0 jz JUMP_001111 mov eax,[ebp+0x20] mov edx,[ebp-0x1c] mov [eax],edx mov eax,[ebp-0x24] add eax,byte -0x3 mov edx,[ebp+0x24] mov [edx],eax mov eax,[ebp-0x20] add eax,byte +0x4 mov edx,[ebp+0x28] mov [edx],eax mov eax,[ebp-0x28] inc eax mov edx,[ebp+0x2c] mov [edx],eax jmp short JUMP_001113 JUMP_001111: ; Pos = 18ac6 mov eax,[ebp+0x2c] xor edx,edx mov [eax],edx mov eax,[ebp+0x28] mov [eax],edx mov eax,[ebp+0x24] mov [eax],edx mov eax,[ebp+0x20] mov [eax],edx mov eax,0x4 jmp short JUMP_001120 JUMP_001112: ; Pos = 18ae3 mov eax,[ebp+0x24] xor edx,edx mov [eax],edx mov eax,[ebp+0x20] mov [eax],edx mov eax,[ebp+0x28] mov edx,[ebp+0x14] mov [eax],edx mov eax,[ebp+0x2c] mov edx,[ebp+0x18] mov [eax],edx JUMP_001113: ; Pos = 18aff mov edx,[DATA_008603] xor esi,esi cmp esi,[ebp+0x18] jnc JUMP_001119 JUMP_001114: ; Pos = 18b0c mov ecx,[ebp+0x14] test ecx,ecx jng JUMP_001118 JUMP_001115: ; Pos = 18b13 mov eax,[ebp+0x8] movzx eax,byte [eax] mov al,[eax+DATA_008604] inc dword [ebp+0x8] test al,al jz JUMP_001116 mov [edx],al inc edx jmp short JUMP_001117 JUMP_001116: ; Pos = 18b2b inc edx JUMP_001117: ; Pos = 18b2c dec ecx test ecx,ecx jg JUMP_001115 JUMP_001118: ; Pos = 18b31 mov eax,0x140 sub eax,[ebp+0x14] add edx,eax inc esi cmp esi,[ebp+0x18] jc JUMP_001114 JUMP_001119: ; Pos = 18b41 xor eax,eax JUMP_001120: ; Pos = 18b43 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_extravideo: push ebp mov ebp,esp push ebx push esi mov eax,[ebp+0xc] movsx edx,word [eax] mov ebx,edx add ebx,[DATA_007773] movsx ecx,word [eax+0x2] mov esi,ecx shl esi,0x6 lea esi,[esi+esi*4] add ebx,esi mov [DATA_008603],ebx mov [DATA_008607],edx mov [DATA_008608],ecx push dword VideoFType push dword [ebp+0x8] call _fopen add esp,byte +0x8 mov ebx,eax mov [DATA_002320],ebx test ebx,ebx jnz JUMP_000999 xor eax,eax jmp JUMP_001000 JUMP_000999: ; Pos = 181f6 xor eax,eax mov [DATA_008590],eax xor eax,eax mov [DATA_008592],eax xor eax,eax mov [DATA_008583],eax xor eax,eax mov [DATA_008593],eax xor eax,eax mov [DATA_008594],eax mov dword [DATA_008589],0x11 xor eax,eax mov [DATA_008591],eax xor eax,eax mov [DATA_008586],eax mov [DATA_008585],eax mov [DATA_008584],eax xor eax,eax mov [DATA_008588],eax push byte 2 push byte 0 push ebx call _fseek add esp, byte 0xc push ebx call _ftell pop ecx mov [DATA_008613],eax push byte 0 push byte 0 push ebx call _fseek add esp, byte 0xc mov eax,[DATA_002320] push eax call FUNC_000122 pop ecx mov eax,0x1 JUMP_001000: ; Pos = 1825f pop esi pop ebx pop ebp ret FUNC_000120: ; Pos = 18b4c push ebp mov ebp,esp add esp,0xfffffcf0 push ebx push esi push edi ; FIX: pause during video mov dword [DATA_007706], 0x0 ; cmp byte [DATA_009166], 0 ; jz near JUMP_1132 mov esi,DATA_007672 ; GuiGetLastAction mov edi,DATA_002324 cmp dword [DATA_002321],byte +0x0 jz JUMP_1121 cmp byte [DATA_009027],0x0 jnz JUMP_1122 JUMP_1121: ; Pos = 18b3c xor eax,eax jmp JUMP_1133 JUMP_1122: ; Pos = 18b43 call FUNC_000117 call FUNC_001637_FlipScreen cmp dword [DATA_007902],byte +0x0 jz JUMP_1123 push byte +0x0 push byte +0x1 call FUNC_000116 add esp,byte +0x8 JUMP_1123: ; Pos = 18b69 mov dword [DATA_008611],0xffffffff mov word [ebp-0x4],0x1 mov word [ebp-0x2],0x11 mov eax,[DATA_002322] push eax call near [DATA_007217] ; FUNC_000922 pop ecx mov edx,[DATA_002321] mov eax,[edx+eax*4] ;push dword VideoData3 push eax lea eax,[ebp+0xfffffefc] push eax call _DirMakeAVIName add esp, byte 0x8 xor eax,eax mov [DATA_002321],eax mov byte [DATA_008612],0x1 call near [esi] call _TimerGetTimeStamp mov [DATA_008618],eax jmp JUMP_1128 JUMP_1124: ; Pos = 18c04 call _TimerGetTimeStamp mov ebx,eax sub ebx,[DATA_008618] mov [ebp+0xfffffcf0],ebx fild dword [ebp+0xfffffcf0] fcomp dword [VideoData1] fnstsw ax sahf jna JUMP_1126 mov byte [ebp+0xfffffdf8],0x14 mov byte [ebp+0xfffffdf9],0x64 push esi push edi lea esi,[edi+0x39] lea edi,[ebp+0xfffffdfa] mov eax,edi mov ecx,0x5 rep movsd pop edi pop esi lea eax,[ebp+0xfffffdf8] push eax call FUNC_001582_TextWriteStringOnly pop ecx JUMP_1125: ; Pos = 18c59 call near [esi] test al,al jz JUMP_1125 call FUNC_001529_SysExit JUMP_1126: ; Pos = 18c64 call FUNC_000117 call FUNC_000560 mov byte [ebp+0xfffffcf4],0x14 mov byte [ebp+0xfffffcf5],0x64 push esi push edi lea esi,[edi+0x4d] lea edi,[ebp+0xfffffcf6] mov eax,edi mov ecx,0x3 rep movsd movsb pop edi pop esi push dword 0x408f4000 push byte +0x0 mov [ebp+0xfffffcf0],ebx fild dword [ebp+0xfffffcf0] add esp,byte -0x8 fstp qword [esp] call FUNC_002110 add esp,byte +0x10 fcomp dword [VideoData2] fnstsw ax sahf jnc JUMP_1127 lea eax,[ebp+0xfffffcf4] push eax call FUNC_001582_TextWriteStringOnly pop ecx JUMP_1127: ; Pos = 18ccc call FUNC_001637_FlipScreen JUMP_1128: ; Pos = 18cd1 lea eax,[ebp-0x4] push eax lea eax,[ebp+0xfffffefc] push eax call FUNC_extravideo add esp,byte +0x8 test eax,eax ; jz near JUMP_1124 jz near JUMP_1132 mov dword [DATA_002323],0x1 call near [esi] call near [esi] call _TimerGetTimeStamp mov [DATA_008618],eax jmp short JUMP_1131 JUMP_1129: ; Pos = 18d06 call near [esi] xor ebx,ebx mov bl,al test ebx,ebx jz JUMP_1130 push ebx call near [DATA_007673] pop ecx call FUNC_000117 call FUNC_000560 call FUNC_001418_TimerAdvance call FUNC_001637_FlipScreen xor eax, eax jmp short JUMP_1133 JUMP_1130: ; Pos = 18d29 push byte +0x0 call FUNC_000118 pop ecx JUMP_1131: ; Pos = 18d31 cmp dword [DATA_002320],byte +0x0 jnz JUMP_1129 xor eax, eax jmp short JUMP_1133 JUMP_1132: ; Pos = 18d3a push dword 0x64 push dword 0x14 lea esi,[edi+0x4d] push esi call FUNC_001583_TextWriteDefaultColor add esp, byte 0xc xor eax,eax JUMP_1133: ; Pos = 18d3c ; FIX: pause during video mov dword [DATA_007706], 0x3e2 pop edi pop esi pop ebx mov esp,ebp pop ebp ret VideoData1: ; Pos = 18d44 add [eax+0x6a],ah inc edi VideoData2: ; Pos = 18d48 add [eax],al cli inc ebx SECTION .data VideoData3 db 'f46', 0x0 VideoFType db 'rb', 0x0 SECTION .text FUNC_000121: ; Pos = 18b54 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov ecx,[ebp+0x1c] mov eax,[ebp+0x10] mov esi,[ebp+0x8] mov edx,[DATA_008603] mov ebx,[ebp+0x18] dec ebx mov [ebp-0x8],ebx mov edi,[ebp+0xc] mov eax,[ebp+0x14] and eax,byte +0x1 mov [ebp-0x4],eax cmp dword [ebp-0x8],byte +0x0 jl JUMP_001125 JUMP_001121: ; Pos = 18b85 mov eax,[ebp-0x8] imul eax,[ebp+0x14] add eax,esi dec dword [ebp-0x8] mov ecx,[ebp+0x14] jmp short JUMP_001123 JUMP_001122: ; Pos = 18b96 mov bl,[edi] mov [eax],bl inc edi inc eax JUMP_001123: ; Pos = 18b9c mov ebx,ecx add ecx,byte -0x1 test ebx,ebx jnz JUMP_001122 cmp dword [ebp-0x4],byte +0x0 jz JUMP_001124 inc edi JUMP_001124: ; Pos = 18bac cmp dword [ebp-0x8],byte +0x0 jnl JUMP_001121 JUMP_001125: ; Pos = 18bb2 xor ecx,ecx jmp short JUMP_001131 JUMP_001126: ; Pos = 18bb6 mov ebx,[ebp+0x14] test ebx,ebx jng JUMP_001130 JUMP_001127: ; Pos = 18bbd xor eax,eax mov al,[esi] mov al,[eax+DATA_008604] inc esi test al,al jz JUMP_001128 mov [edx],al inc edx jmp short JUMP_001129 JUMP_001128: ; Pos = 18bd1 inc edx JUMP_001129: ; Pos = 18bd2 dec ebx test ebx,ebx jg JUMP_001127 JUMP_001130: ; Pos = 18bd7 mov eax,0x140 sub eax,[ebp+0x14] add edx,eax inc ecx JUMP_001131: ; Pos = 18be2 cmp ecx,[ebp+0x18] jc JUMP_001126 mov eax,[ebp+0x24] xor edx,edx mov [eax],edx mov eax,[ebp+0x20] mov [eax],edx mov eax,[ebp+0x28] mov edx,[ebp+0x14] mov [eax],edx mov eax,[ebp+0x2c] mov edx,[ebp+0x18] mov [eax],edx xor eax,eax pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000122: ; Pos = 18c0c push ebp mov ebp,esp mov eax,[ebp+0x8] test eax,eax jnz JUMP_001132 or eax,byte -0x1 pop ebp ret JUMP_001132: ; Pos = 18c1b cmp dword [DATA_008613],0x2000 jl JUMP_001133 push eax push dword 0x2000 push byte 1 push dword DATA_008614 call _fread add esp,byte +0x10 sub dword [DATA_008613],0x2000 mov dword [DATA_008616],0x2000 jmp short JUMP_001134 JUMP_001133: ; Pos = 18c50 push eax mov edx,[DATA_008613] push edx push byte 1 push dword DATA_008614 call _fread add esp,byte +0x10 mov edx,[DATA_008613] mov [DATA_008616],edx xor edx,edx mov [DATA_008613],edx JUMP_001134: ; Pos = 18c79 mov dword [DATA_008615],DATA_008614 pop ebp ret FUNC_000123: ; Pos = 18c88 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x10] mov esi,[ebp+0xc] mov edi,[ebp+0x8] cmp ebx,[DATA_008616] jnl JUMP_001135 push ebx mov eax,[DATA_008615] push eax push esi call _memcpy add esp,byte +0xc sub [DATA_008616],ebx add [DATA_008615],ebx jmp short JUMP_001136 JUMP_001135: ; Pos = 18cbd mov eax,[DATA_008616] push eax mov eax,[DATA_008615] push eax push esi call _memcpy add esp,byte +0xc mov eax,[DATA_008616] add esi,eax sub ebx,eax push edi call FUNC_000122 pop ecx push ebx push esi push edi call FUNC_000123 add esp,byte +0xc JUMP_001136: ; Pos = 18ced pop edi pop esi pop ebx pop ebp ret FUNC_000124: ; Pos = 18cf4 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] cmp ebx,[DATA_008616] jg JUMP_001137 sub [DATA_008616],ebx add [DATA_008615],ebx jmp short JUMP_001138 JUMP_001137: ; Pos = 18d15 sub ebx,[DATA_008616] xor eax,eax mov [DATA_008616],eax push esi call FUNC_000122 pop ecx push ebx push esi call FUNC_000124 add esp,byte +0x8 JUMP_001138: ; Pos = 18d33 pop esi pop ebx pop ebp ret FUNC_000125: ; Pos = 18d38 push ebp mov ebp,esp add esp,0xfffff7fc push ebx push esi push edi push byte +0x0 call near [DATA_007630] ; FUNC_001328_DPalClear pop ecx push dword 0x400 lea eax,[ebp+0xfffffbfc] push eax mov eax,[ebp+0x8] push eax call FUNC_000123 add esp,byte +0xc xor esi,esi lea edi,[ebp+0xfffff7fc] lea ebx,[ebp+0xfffffbfe] JUMP_001139: ; Pos = 18d73 xor eax,eax mov al,[ebx] sar eax,0x4 mov [ebp-0x3],al xor eax,eax mov al,[ebx-0x1] sar eax,0x4 mov [ebp-0x2],al xor eax,eax mov al,[ebx-0x2] sar eax,0x4 mov [ebp-0x1],al mov eax,[ebp-0x3] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [edi],eax inc esi add edi,byte +0x4 add ebx,byte +0x4 cmp esi,0x100 jl JUMP_001139 call near [DATA_007632] ; FUNC_001330_DPalBuild xor esi,esi mov edi,DATA_008604 lea ebx,[ebp+0xfffff7fc] JUMP_001140: ; Pos = 18dc5 mov ax,[ebx] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov [edi],al inc esi inc edi add ebx,byte +0x4 cmp esi,0x100 jl JUMP_001140 call near [DATA_007633] ; FUNC_001331_DPalSet pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000126: ; Pos = 18dec push ebp mov ebp,esp add esp,0xffffff7c push ebx push esi mov esi,[DATA_008603] add esi,0x94c0 push dword VideoFType mov eax,[ebp+0x8] push eax call _fopen add esp,byte +0x8 mov [ebp-0x4],eax test eax,eax jnz JUMP_001141 xor eax,eax jmp JUMP_001145 JUMP_001141: ; Pos = 18e22 push byte 2 push byte 0 push dword [ebp-4] call _fseek add esp, byte 0xc push dword [ebp-4] call _ftell pop ecx mov [DATA_008613],eax push byte 0 push byte 0 push dword [ebp-4] call _fseek add esp, byte 0xc mov eax,[ebp-0x4] push eax call FUNC_000122 pop ecx push byte +0x36 mov eax,[ebp-0x4] push eax call FUNC_000124 add esp,byte +0x8 mov eax,[ebp-0x4] push eax call FUNC_000125 pop ecx xor eax,eax mov [ebp-0x8],eax JUMP_001142: ; Pos = 18e58 lea ebx,[ebp+0xffffff7c] push byte +0x78 push ebx mov eax,[ebp-0x4] push eax call FUNC_000123 add esp,byte +0xc xor edx,edx JUMP_001143: ; Pos = 18e6f xor eax,eax mov al,[ebx] mov al,[eax+DATA_008604] inc ebx test al,al jz JUMP_001144 mov [esi],al JUMP_001144: ; Pos = 18e80 inc esi inc edx cmp edx,byte +0x78 jl JUMP_001143 sub esi,0x1b8 inc dword [ebp-0x8] cmp dword [ebp-0x8],byte +0x77 jl JUMP_001142 mov eax,[ebp-0x4] push eax call _fclose pop ecx mov eax,0x1 JUMP_001145: ; Pos = 18ea5 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000127: ; Pos = 18f30 push ebp mov ebp,esp push ecx push esi push edi mov esi,[ebp+0x18] mov ecx,[ebp+0x14] mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov edi,[ebp+0x8] cmp eax,esi jng JUMP_001148 mov byte [edi+esi],0x5f mov byte [edi+esi+0x1],0x0 mov eax,[ebp+0x1c] push eax push ecx push edx push edi call FUNC_001581_PersistTextWrite add esp,byte +0x10 mov byte [edi+esi],0x0 jmp short JUMP_001149 JUMP_001148: ; Pos = 18f67 test eax,eax jng JUMP_001149 lea esi,[edi+eax-0x1] mov al,[esi] mov [ebp-0x1],al mov byte [esi],0x5f mov eax,[ebp+0x1c] push eax push ecx push edx push edi call FUNC_001581_PersistTextWrite add esp,byte +0x10 mov al,[ebp-0x1] mov [esi],al JUMP_001149: ; Pos = 18f8b pop edi pop esi pop ecx pop ebp ret FUNC_000128: ; Pos = 18f90 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x14] mov esi,[ebp+0x10] mov ebx,[ebp+0x8] mov eax,[ebp+0x20] push eax mov eax,[ebp+0x18] push eax push edi push esi mov eax,[ebp+0xc] push eax push ebx call FUNC_000127 add esp,byte +0x18 mov eax,[ebp+0x1c] push eax push edi push esi push ebx call FUNC_001581_PersistTextWrite add esp,byte +0x10 pop edi pop esi pop ebx pop ebp ret nop nop FUNC_000129: ; Pos = 18fcc push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov edi,[ebp+0x8] xor eax,eax mov [ebp-0x4],eax call _TimerGetTimeStamp mov [ebp-0x8],eax inc dword [ebp+0x10] inc dword [ebp+0x14] mov eax,[ebp+0xc] mov byte [edi+eax],0x0 push edi call _strlen pop ecx mov esi,eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi call FUNC_001581_PersistTextWrite add esp,byte +0x10 lea eax,[edi+esi] mov [ebp-0x10],eax JUMP_001150: ; Pos = 19016 call FUNC_001418_TimerAdvance call FUNC_001632_UpdatePtr call near [DATA_007672] ; FUNC_001414_GuiGetLastAction xor ebx,ebx mov bl,al test ebx,ebx jnz near JUMP_001156 call _TimerGetTimeStamp mov ebx,eax cmp ebx,byte -0x1 jnz JUMP_001151 mov eax,[ebp-0x4] jmp short JUMP_001152 JUMP_001151: ; Pos = 19039 mov eax,ebx sub eax,[ebp-0x8] cmp eax,0x14e setg al and eax,byte +0x1 JUMP_001152: ; Pos = 19049 test eax,eax jz JUMP_001150 cmp dword [ebp-0x4],byte +0x0 jz JUMP_001153 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax push esi mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi call FUNC_000128 add esp,byte +0x1c xor eax,eax mov [ebp-0x4],eax jmp short JUMP_001155 JUMP_001153: ; Pos = 19078 cmp esi,[ebp+0xc] jl JUMP_001154 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi call FUNC_001581_PersistTextWrite add esp,byte +0x10 JUMP_001154: ; Pos = 19092 mov eax,[ebp+0x18] push eax push esi mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi call FUNC_000127 add esp,byte +0x18 mov dword [ebp-0x4],0x1 JUMP_001155: ; Pos = 190b3 mov [ebp-0x8],ebx jmp JUMP_001150 JUMP_001156: ; Pos = 190bb cmp ebx,byte +0xd jz JUMP_001157 cmp ebx,byte +0x7 jnz JUMP_001158 JUMP_001157: ; Pos = 190c5 cmp dword [ebp-0x4],byte +0x0 jz near JUMP_001169 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax push esi mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi call FUNC_000128 add esp,byte +0x1c jmp JUMP_001169 JUMP_001158: ; Pos = 190f2 cmp ebx,byte +0x8 jz JUMP_001159 cmp dword [ebp+0x20],byte +0x0 jz JUMP_001162 cmp ebx,byte +0x20 jnz JUMP_001162 cmp esi,[ebp+0xc] jnz JUMP_001162 JUMP_001159: ; Pos = 19107 test esi,esi jng near JUMP_001150 cmp dword [ebp-0x4],byte +0x0 jz JUMP_001160 mov eax,[ebp+0x1c] push eax push esi mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi call FUNC_000127 add esp,byte +0x18 jmp short JUMP_001161 JUMP_001160: ; Pos = 19131 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi call FUNC_001581_PersistTextWrite add esp,byte +0x10 JUMP_001161: ; Pos = 19146 dec esi dec dword [ebp-0x10] mov eax,[ebp-0x10] mov byte [eax],0x0 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi call FUNC_001581_PersistTextWrite add esp,byte +0x10 xor eax,eax mov [ebp-0x4],eax jmp JUMP_001150 JUMP_001162: ; Pos = 1916f test byte [ebx+DATA_008428],0x2 jnz JUMP_001163 push ebx call _toupper pop ecx test byte [eax+DATA_008428],0xc jnz JUMP_001163 cmp ebx,byte +0x5f jz JUMP_001163 cmp dword [ebp+0x20],byte +0x0 jnz near JUMP_001150 cmp ebx,byte +0x3a jz JUMP_001163 cmp ebx,byte +0x5c jz JUMP_001163 cmp ebx,byte +0x20 jz JUMP_001163 cmp ebx,byte +0x28 jz JUMP_001163 cmp ebx,byte +0x29 jnz near JUMP_001150 JUMP_001163: ; Pos = 191b4 cmp dword [ebp-0x4],byte +0x0 jz JUMP_001164 mov dword [ebp-0xc],0x1 mov eax,[ebp+0x1c] push eax push esi mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi call FUNC_000127 add esp,byte +0x18 xor eax,eax mov [ebp-0x4],eax jmp short JUMP_001165 JUMP_001164: ; Pos = 191e2 xor eax,eax mov [ebp-0xc],eax JUMP_001165: ; Pos = 191e7 cmp esi,[ebp+0xc] jnl JUMP_001166 mov eax,[ebp-0x10] mov [eax],bl inc esi inc dword [ebp-0x10] mov eax,[ebp-0x10] mov byte [eax],0x0 jmp short JUMP_001168 JUMP_001166: ; Pos = 191fd cmp dword [ebp-0xc],byte +0x0 jnz JUMP_001167 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi call FUNC_001581_PersistTextWrite add esp,byte +0x10 JUMP_001167: ; Pos = 19218 mov eax,[ebp-0x10] mov [eax-0x1],bl JUMP_001168: ; Pos = 1921e mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi call FUNC_001581_PersistTextWrite add esp,byte +0x10 jmp JUMP_001150 JUMP_001169: ; Pos = 19238 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000130: ; Pos = 19244 mov eax,DATA_008626 mov byte [eax+0x4],0xf2 mov byte [eax+0x5],0x2 ret FUNC_000131: ; Pos = 19254 mov eax,DATA_008629 mov byte [eax+0x4],0xf1 mov byte [eax+0x5],0x67 mov byte [eax+0x6],0xff mov byte [eax+0x7],0xff ret FUNC_000132: ; Pos = 1926c mov eax,DATA_008632 mov byte [eax+0x5],0xb mov byte [eax+0x6],0xff ret FUNC_000133: ; Pos = 1927c mov byte [DATA_008633],0xf2 ret FUNC_000134: ; Pos = 19284 mov byte [DATA_008636],0xa ret FUNC_000135: ; Pos = 1928c mov eax,DATA_008637 mov byte [eax+0x4],0x7 mov byte [eax+0x6],0xff or byte [eax+0x5],0x1 ret FUNC_000136: ; Pos = 192a0 mov byte [DATA_008638],0x16 ret FUNC_000137: ; Pos = 192a8 mov eax,DATA_008639 mov byte [eax+0x4],0xf4 mov byte [eax+0x5],0xa ret FUNC_000138: ; Pos = 192b8 mov eax,DATA_008643 mov byte [eax+0x4],0xf3 mov byte [eax+0x5],0x2a ret FUNC_000139: ; Pos = 192c8 mov byte [DATA_008646],0x2 ret FUNC_000140: ; Pos = 192d0 mov byte [DATA_008648],0x68 ret FUNC_000141: ; Pos = 192d8 mov eax,DATA_008650 mov byte [eax+0x5],0x2 ret FUNC_000142: ; Pos = 192e4 mov eax,DATA_008652 mov byte [eax+0x5],0x7 ret FUNC_000143: ; Pos = 192f0 push ebp mov ebp,esp push dword 0x200 push byte +0x0 push dword DATA_008622 call _memset add esp,byte +0xc call FUNC_000130 call FUNC_000131 call FUNC_000132 call FUNC_000133 call FUNC_000134 call FUNC_000135 call FUNC_000136 call FUNC_000137 call FUNC_000138 call FUNC_000139 call FUNC_000140 call FUNC_000141 call FUNC_000142 pop ebp ret FUNC_000144: ; Pos = 1934c push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax*4+DATA_004892] mov edx,[ebp+0xc] mov eax,[eax+edx*4] test eax,eax jz JUMP_001170 mov edx,[ebp+0x10] push edx call eax pop ecx JUMP_001170: ; Pos = 1936a pop ebp ret FUNC_000145: ; Pos = 1936c push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x8] mov ebx,0x72 lea esi,[edi+0x72] JUMP_001171: ; Pos = 1937d cmp byte [esi],0x0 jz JUMP_001172 mov eax,[ebp+0x10] push eax lea eax,[ebx+ebx*4] lea eax,[ebx+eax*4] lea eax,[ebx+eax*8] add eax,eax add eax,edi add eax,byte +0x74 push eax call near [ebp+0xc] add esp,byte +0x8 JUMP_001172: ; Pos = 1939d dec ebx dec esi test ebx,ebx jg JUMP_001171 pop edi pop esi pop ebx pop ebp ret FUNC_000146: ; Pos = 193a8 push ebp mov ebp,esp push ebx call FUNC_000143 xor eax,eax mov [DATA_008619],eax mov dword [DATA_008818],0x12345678 mov dword [DATA_008820],0x456789ab mov dword [DATA_008621],0x14 xor ebx,ebx JUMP_001173: ; Pos = 193d8 push byte +0x0 push byte +0x0 push ebx call FUNC_000144 add esp,byte +0xc inc ebx cmp ebx,byte +0x15 jl JUMP_001173 pop ebx pop ebp ret FUNC_000147: ; Pos = 193f0 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x8] call FUNC_000143 cmp edi,byte +0x5 jnl JUMP_001174 mov dword [DATA_008818],0x12345678 mov dword [DATA_008820],0x456789ab JUMP_001174: ; Pos = 19417 xor eax,eax mov [DATA_008619],eax mov dword [DATA_008804],0x80000000 mov dword [DATA_008807],0x121cf7 mov dword [DATA_008837],0xffffffff xor eax,eax mov [DATA_008808],eax mov esi,0x1 JUMP_001175: ; Pos = 19448 xor ebx,ebx JUMP_001176: ; Pos = 1944a mov eax,edi shl eax,0x8 add eax,esi push eax push byte +0x0 push ebx call FUNC_000144 add esp,byte +0xc inc ebx cmp ebx,byte +0x15 jl JUMP_001176 inc esi cmp esi,byte +0x5 jl JUMP_001175 pop edi pop esi pop ebx pop ebp ret FUNC_000148: ; Pos = 19470 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi mov eax,[ebp+0x8] mov [ebp-0x8],eax mov eax,[ebp+0xc] mov [ebp-0x4],eax xor ebx,ebx mov esi,DATA_008623 JUMP_001177: ; Pos = 1948b test byte [esi],0x2 jz JUMP_001178 lea eax,[ebp-0x8] push eax push byte +0x2 push ebx call FUNC_000144 add esp,byte +0xc JUMP_001178: ; Pos = 1949f inc ebx add esi,byte +0x8 cmp ebx,byte +0x15 jl JUMP_001177 pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000149: ; Pos = 194b0 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov eax,[ebp+0xc] mov [ebp-0xc],eax mov eax,[ebp+0x10] mov [ebp-0x8],eax mov eax,[ebp+0x8] mov [DATA_007758],eax mov esi,0x72 mov eax,[ebp+0x8] lea ebx,[eax+0x9783] mov eax,[ebp+0x8] lea edi,[eax+0x72] JUMP_001179: ; Pos = 194e1 test byte [edi],0x1 jz JUMP_001180 mov al,[ebx] add byte [ebx],0xff test al,al jnz JUMP_001180 mov al,[ebx-0x1] mov [ebx],al lea eax,[esi+esi*4] lea eax,[esi+eax*4] lea eax,[esi+eax*8] add eax,eax add eax,[ebp+0x8] add eax,byte +0x74 mov [ebp-0x4],eax lea eax,[ebp-0xc] push eax push byte +0x5 xor eax,eax mov al,[ebx-0x4] push eax call FUNC_000144 add esp,byte +0xc JUMP_001180: ; Pos = 1951c dec esi add ebx,0xfffffeae dec edi test esi,esi jg JUMP_001179 ; FIX: Laser invulnerability mov ebx, [DATA_007758] add ebx, 0x74 mov esi, 0x72 .loop: test byte [ebx+0x151], 2 jz .cont and byte [ebx+0x151], 0xfd push byte 0 push ebx call FUNC_000931 add esp, 8 .cont: add ebx, 0x152 dec esi jg .loop pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000150: ; Pos = 19530 push ebp mov ebp,esp push ebx push esi test byte [DATA_008835],0x1 jnz JUMP_001184 call near [DATA_007672] ; FUNC_001414_GuiGetLastAction xor ebx,ebx mov bl,al test ebx,ebx jz JUMP_001184 xor esi,esi mov eax,DATA_004893 JUMP_001181: ; Pos = 19553 xor edx,edx mov dl,[eax] cmp ebx,edx jnz JUMP_001182 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx push ebx push byte +0x1 push esi call FUNC_000144 add esp,byte +0xc xor ebx,ebx jmp short JUMP_001183 JUMP_001182: ; Pos = 19573 inc esi inc eax cmp esi,byte +0x15 jl JUMP_001181 JUMP_001183: ; Pos = 1957a test ebx,ebx jz JUMP_001184 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx JUMP_001184: ; Pos = 19586 pop esi pop ebx pop ebp ret FUNC_000151: ; Pos = 1958c push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov eax,[ebp+0x8] mov [DATA_007758],eax mov eax,[ebp+0xc] mov [ebp-0x4],eax push byte +0x0 push byte +0x37 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 and byte [DATA_009046],0xfd mov ebx,0x72 mov eax,[ebp+0x8] lea esi,[eax+0x72] JUMP_001185: ; Pos = 195c1 test byte [esi],0x2 jz JUMP_001186 mov eax,[ebp+0x8] push eax push ebx call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edi,eax mov [ebp-0x8],edi mov byte [edi+0x25],0x0 mov al,[edi+0x87] test al,al jz JUMP_001186 lea edx,[ebp-0x8] push edx push byte +0x6 and eax,0xff push eax call FUNC_000144 add esp,byte +0xc JUMP_001186: ; Pos = 195fb dec ebx dec esi test ebx,ebx jg JUMP_001185 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000152: ; Pos = 19608 push ebp mov ebp,esp push ebx push esi push edi and byte [DATA_008835],0xe3 xor ebx,ebx mov esi,DATA_008624 JUMP_001187: ; Pos = 1961c cmp byte [esi],0x0 jz JUMP_001188 mov [DATA_008620],ebx push byte +0x0 push byte +0x3 push ebx call FUNC_000144 add esp,byte +0xc JUMP_001188: ; Pos = 19634 inc ebx add esi,byte +0x8 cmp ebx,byte +0x15 jl JUMP_001187 mov eax,[DATA_008804] sub eax,[DATA_008808] mov ecx,0xc22e xor edx,edx div ecx mov edi,eax test edi,edi jz JUMP_001191 imul eax,edi,0xc22e add [DATA_008808],eax xor ebx,ebx mov esi,DATA_008623 JUMP_001189: ; Pos = 1966a test byte [esi],0x1 jz JUMP_001190 mov [DATA_008620],ebx push edi push byte +0xa push ebx call FUNC_000144 add esp,byte +0xc JUMP_001190: ; Pos = 19681 inc ebx add esi,byte +0x8 cmp ebx,byte +0x15 jl JUMP_001189 push edi mov eax,[ebp+0x8] push eax call FUNC_000151 add esp,byte +0x8 JUMP_001191: ; Pos = 19697 pop edi pop esi pop ebx pop ebp ret FUNC_000153: ; Pos = 1969c push ebp mov ebp,esp mov edx,[ebp+0x8] mov [DATA_007758],edx test byte [DATA_008835],0x2 jnz JUMP_001195 lea eax,[edx+0x96f8] jmp short JUMP_001194 JUMP_001192: ; Pos = 196b9 test byte [eax+0x14c],0x40 jz JUMP_001193 mov byte [eax+0x151],0x0 mov word [eax+0x98],0x8000 mov word [eax+0x9a],0x8000 JUMP_001193: ; Pos = 196db sub eax,0x152 JUMP_001194: ; Pos = 196e0 lea ecx,[edx+0x74] cmp eax,ecx ja JUMP_001192 JUMP_001195: ; Pos = 196e7 pop ebp ret FUNC_000154: ; Pos = 196ec push ebp mov ebp,esp push ebx push esi xor ebx,ebx mov esi,DATA_008625 JUMP_001196: ; Pos = 196f8 cmp byte [esi],0x0 jz JUMP_001197 mov [DATA_008620],ebx push byte +0x0 push byte +0x4 push ebx call FUNC_000144 add esp,byte +0xc JUMP_001197: ; Pos = 19710 inc ebx add esi,byte +0x8 cmp ebx,byte +0x15 jl JUMP_001196 pop esi pop ebx pop ebp ret ; int F165 (char *start, char *end, int val) ; Returns offset of first char within start->end not equal to val FUNC_000165_CdrFileStrChrNon: ; Pos = 19c34 push ebp mov ebp,esp push esi mov ecx,[ebp+0x10] mov edx,[ebp+0xc] mov esi,[ebp+0x8] lea eax,[esi+0xff] cmp eax,edx jnc JUMP_001225 mov edx,eax JUMP_001225: ; Pos = 19c4d mov eax,esi jmp short JUMP_001227 JUMP_001226: ; Pos = 19c51 inc eax JUMP_001227: ; Pos = 19c52 cmp edx,eax jna JUMP_001228 cmp cl,[eax] jz JUMP_001226 JUMP_001228: ; Pos = 19c5a sub eax,esi pop esi pop ebp ret ; int F166 (char *dest, char *src, int maxchars) ; Expands {0, n} groups to n zeros, returns total chars written FUNC_000166_CdrFileExpandZeros: ; Pos = 19c60 push ebp mov ebp,esp push ecx push ebx push esi mov ecx,[ebp+0x10] mov esi,[ebp+0xc] mov eax,[ebp+0x8] mov [ebp-0x4],esi jmp short JUMP_001233 JUMP_001229: ; Pos = 19c74 mov dl,[esi] inc esi inc eax mov [eax-0x1],dl test dl,dl jnz JUMP_001233 mov dl,[esi] inc esi xor ebx,ebx mov bl,dl cmp ecx,ebx jnc JUMP_001230 mov edx,ecx xor ecx,ecx jmp short JUMP_001232 JUMP_001230: ; Pos = 19c90 xor ebx,ebx mov bl,dl sub ecx,ebx jmp short JUMP_001232 JUMP_001231: ; Pos = 19c98 mov byte [eax],0x0 inc eax JUMP_001232: ; Pos = 19c9c mov ebx,edx add dl,0xff test bl,bl ja JUMP_001231 JUMP_001233: ; Pos = 19ca5 mov edx,ecx add ecx,byte -0x1 test edx,edx ja JUMP_001229 mov eax,esi sub eax,[ebp-0x4] pop esi pop ebx pop ecx pop ebp ret ; int F167 (char *dest, char *src, int maxchars) ; Compresses groups of n zeros to {0, n}, returns total chars written FUNC_000167_CdrFileCompressZeros: ; Pos = 19cb8 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0xc] mov edi,[ebp+0x10] add edi,ebx mov esi,[ebp+0x8] cmp edi,ebx jna JUMP_001236 JUMP_001234: ; Pos = 19ccd mov al,[ebx] inc ebx inc esi mov [esi-0x1],al test al,al jnz JUMP_001235 push byte +0x0 push edi push ebx call FUNC_000165_CdrFileStrChrNon add esp,byte +0xc mov [esi],al inc esi and eax,0xff add ebx,eax JUMP_001235: ; Pos = 19cee cmp edi,ebx ja JUMP_001234 JUMP_001236: ; Pos = 19cf2 mov eax,esi sub eax,[ebp+0x8] pop edi pop esi pop ebx pop ebp ret ; ULONG F168 (void *data, int size) ; Iterative XOR scrambler, returns CRC val FUNC_000168_CdrFileScramble: ; Pos = 19cfc push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov ecx,0x2 mov eax,ebx xor edx,edx div ecx mov ebx,eax mov eax,0x12345678 add eax,[DATA_008669] mov edx,[ebp+0x8] jmp short JUMP_001238 JUMP_001237: ; Pos = 19d21 mov cx,[edx] mov esi,eax and si,byte -0x1 xor [edx],si add edx,byte +0x2 movsx ecx,cx add eax,ecx add eax,eax JUMP_001238: ; Pos = 19d37 mov ecx,ebx add ebx,byte -0x1 test ecx,ecx ja JUMP_001237 pop esi pop ebx pop ebp ret ; ULONG F169 (void *data, int size) ; Iterative XOR unscrambler, returns CRC val FUNC_000169_CdrFileUnscramble: ; Pos = 19d44 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] mov ecx,0x2 mov eax,ebx cdq idiv ecx mov ebx,eax mov eax,0x12345678 add eax,[DATA_008669] mov edx,[ebp+0x8] jmp short JUMP_001240 JUMP_001239: ; Pos = 19d67 mov ecx,eax and cx,byte -0x1 xor [edx],cx mov cx,[edx] add edx,byte +0x2 movsx ecx,cx add eax,ecx add eax,eax JUMP_001240: ; Pos = 19d7d mov ecx,ebx add ebx,byte -0x1 test ecx,ecx jg JUMP_001239 pop ebx pop ebp ret ; int F170 (void *data) ; Compresses and scrambles game data, returns total size ; ; Saves 0x984a bytes at [D9133], ; every other dword from D8622 to D8653, ; 0x40 bytes at D8663 (uncompressed), ; 0x556a bytes at D8804 and ; 0x51 bytes at D8656 FUNC_000170_CdrFileMangleData: ; Pos = 19d8c push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0x8] mov dword [ebx],0x11 add ebx,byte +0x4 push dword 0x984a mov eax,[DATA_009133] push eax push ebx call FUNC_000167_CdrFileCompressZeros add esp,byte +0xc add ebx,eax mov edi,0x4 mov esi,DATA_008622 mov dword [ebp-0x4],DATA_008653 cmp esi,[ebp-0x4] jnc JUMP_001242 JUMP_001241: ; Pos = 19dcb push edi lea eax,[esi+0x4] push eax push ebx call _memcpy add esp,byte +0xc add ebx,edi add esi,byte +0x8 cmp esi,[ebp-0x4] jc JUMP_001241 JUMP_001242: ; Pos = 19de3 push byte +0x40 push dword DATA_008663 push ebx call _memcpy add esp,byte +0xc add ebx,byte +0x40 push dword 0x556a push dword DATA_008804 push ebx call FUNC_000167_CdrFileCompressZeros add esp,byte +0xc add ebx,eax push byte +0x51 push dword DATA_008656 push ebx call FUNC_000167_CdrFileCompressZeros add esp,byte +0xc add ebx,eax mov esi,ebx sub esi,[ebp+0x8] test esi,0x1 jz JUMP_001243 inc esi inc ebx JUMP_001243: ; Pos = 19e2c push esi mov eax,[ebp+0x8] push eax call FUNC_000168_CdrFileScramble add esp,byte +0x8 mov [ebx],eax add esi,byte +0x4 mov eax,esi pop edi pop esi pop ebx pop ecx pop ebp ret ; int F171 (void *data, int size) ; Unscrambles and uncompresses game data as above ; returns 0 for fail, 1 for success FUNC_000171_CdrFileUnmangleData: ; Pos = 19e48 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov eax,[ebp+0xc] mov esi,[ebp+0x8] mov ebx,esi cmp eax,byte +0x4 ja JUMP_001244 xor eax,eax jmp JUMP_001249 JUMP_001244: ; Pos = 19e65 sub eax,byte +0x4 mov [ebp-0x4],eax mov eax,[ebp-0x4] mov edi,[esi+eax] mov eax,[ebp-0x4] push eax push esi call FUNC_000169_CdrFileUnscramble add esp,byte +0x8 cmp edi,eax jz JUMP_001245 xor eax,eax jmp JUMP_001249 JUMP_001245: ; Pos = 19e89 mov edi,[ebx] add ebx,byte +0x4 cmp edi,byte +0x11 jz JUMP_001246 xor eax,eax jmp JUMP_001249 JUMP_001246: ; Pos = 19e9a push dword 0x984a push ebx mov eax,[DATA_009133] push eax call FUNC_000166_CdrFileExpandZeros add esp,byte +0xc add ebx,eax mov edi,0x4 mov esi,DATA_008622 mov dword [ebp-0x8],DATA_008653 cmp esi,[ebp-0x8] jnc JUMP_001248 JUMP_001247: ; Pos = 19ec6 push edi push ebx lea eax,[esi+0x4] push eax call _memcpy add esp,byte +0xc add ebx,edi add esi,byte +0x8 cmp esi,[ebp-0x8] jc JUMP_001247 JUMP_001248: ; Pos = 19ede push byte +0x40 push ebx push dword DATA_008663 call _memcpy add esp,byte +0xc add ebx,byte +0x40 push dword 0x556a push ebx push dword DATA_008804 call FUNC_000166_CdrFileExpandZeros add esp,byte +0xc add ebx,eax push byte +0x51 push ebx push dword DATA_008656 call FUNC_000166_CdrFileExpandZeros add esp,byte +0xc mov eax,0x1 JUMP_001249: ; Pos = 19f1b pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret ; int F172 (void) ; Waits until GUI action, returns 1 for Y/y, 0 for anything else FUNC_000172_CdrFileConfirmYN: ; Pos = 19f24 push ebp mov ebp,esp JUMP_001250: ; Pos = 19f27 call near [DATA_007672] ; FUNC_001414_GuiGetLastAction and eax,0xff test eax,eax jz JUMP_001250 push eax call _toupper pop ecx cmp eax,byte +0x59 setz al and eax,byte +0x1 pop ebp ret ; int F173 (char *filename, int *errno) ; Deletes file, returns 1 for fail and error index in errno. FUNC_000173_CdrFileDeleteInternal: ; Pos = 19f48 push ebp mov ebp,esp add esp,byte -0x78 push ebx mov ebx,[ebp+0x8] call FUNC_001618_ClearUpperBuf mov word [ebp-0x4],0x64 mov ax,0x46 mov [ebp-0x2],ax mov [ebp-0x6c],ebx push byte +0x0 movsx eax,ax push eax movsx eax,word [ebp-0x4] push eax push byte +0xa lea eax,[ebp-0x78] push eax push dword 0x940f call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call FUNC_001637_FlipScreen call FUNC_000172_CdrFileConfirmYN test eax,eax jnz JUMP_001251 mov eax,0x1 jmp short JUMP_001252 JUMP_001251: ; Pos = 19f9c push ebx lea eax,[ebp-0x64] push eax call _DirMakeCmmdrName add esp,byte +0x8 mov eax,[ebp+0xc] push eax lea eax,[ebp-0x64] push eax call FUNC_001456_FileDelete add esp,byte +0x8 JUMP_001252: ; Pos = 19fba pop ebx mov esp,ebp pop ebp ret ; int F174 (char *filename, void *data, int size, int *errno) ; Saves data to file. Returns 0 for error. ; Calls F69 and F65 with file handle before saving data FUNC_000174_CdrFileSaveInternal: ; Pos = 19fc0 push ebp mov ebp,esp add esp,byte -0x78 push ebx mov ebx,[ebp+0x8] mov word [ebp-0x4],0x64 mov word [ebp-0x2],0x46 call FUNC_001618_ClearUpperBuf mov [ebp-0x6c],ebx push byte +0x0 movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax mov eax,[DATA_008674] push eax lea eax,[ebp-0x78] push eax push dword 0x940e call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call FUNC_001637_FlipScreen push ebx lea eax,[ebp-0x64] push eax call _DirMakeCmmdrName add esp,byte +0x8 mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax lea eax,[ebp-0x64] push eax call FUNC_000175_CdrFileSaveInternal2 add esp,byte +0x10 pop ebx mov esp,ebp pop ebp ret ; int F175 (char *filename, void *data, int size, int *errno) ; Internal function used only by F174 FUNC_000175_CdrFileSaveInternal2: ; Pos = 1a034 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x14] push dword DATA_005025 mov eax,[ebp+0x8] push eax call _fopen add esp,byte +0x8 mov ebx,eax test ebx,ebx jnz JUMP_001253 mov dword [esi],0x2 xor eax,eax jmp short JUMP_001256 JUMP_001253: ; Pos = 1a05d push ebx call FUNC_000069 pop ecx test eax,eax jnz JUMP_001254 mov dword [esi],0x2 xor eax,eax jmp short JUMP_001256 JUMP_001254: ; Pos = 1a072 push esi push ebx call FUNC_000065 add esp,byte +0x8 test eax,eax jnz JUMP_001255 mov dword [esi],0x2 xor eax,eax jmp short JUMP_001256 JUMP_001255: ; Pos = 1a08a push ebx mov eax,[ebp+0x10] push eax push byte +0x1 mov eax,[ebp+0xc] push eax call _fwrite add esp,byte +0x10 push ebx call _fclose pop ecx xor eax,eax mov [esi],eax mov eax,0x1 JUMP_001256: ; Pos = 1a0ad pop esi pop ebx pop ebp ret ; int F176 (char *filename, void *data, int size, int *errno) ; Loads data from file. Returns 0 for error. ; Calls F70 and F66 with file handle before loading data FUNC_000176_CdrFileLoadInternal: ; Pos = 1a0b4 push ebp mov ebp,esp add esp,byte -0x78 push ebx mov ebx,[ebp+0x8] call FUNC_001618_ClearUpperBuf mov word [ebp-0x4],0x64 mov ax,0x46 mov [ebp-0x2],ax ; mov dword [DATA_007777],0xf mov [ebp-0x6c],ebx push byte +0x0 movsx eax,ax push eax movsx eax,word [ebp-0x4] push eax push byte +0x11 lea eax,[ebp-0x78] push eax push dword 0x940d call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call FUNC_001637_FlipScreen push ebx lea eax,[ebp-0x64] push eax call _DirMakeCmmdrName add esp,byte +0x8 mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax lea eax,[ebp-0x64] push eax call FUNC_000177_CdrFileLoadInternal2 add esp,byte +0x10 mov ebx,eax test ebx,ebx jnz JUMP_001257 mov eax,ebx jmp short JUMP_001258 JUMP_001257: ; Pos = 1a132 mov eax,ebx JUMP_001258: ; Pos = 1a134 pop ebx mov esp,ebp pop ebp ret ; int F177 (char *filename, void *data, int size, int *errno) ; Internal function used only by F176 FUNC_000177_CdrFileLoadInternal2: ; Pos = 1a13c push ebp mov ebp,esp push ecx push ebx push esi mov esi,[ebp+0x14] push dword DATA_005026 mov eax,[ebp+0x8] push eax call _fopen add esp,byte +0x8 mov ebx,eax test ebx,ebx jnz JUMP_001259 mov dword [esi],0x2 xor eax,eax jmp short JUMP_001262 JUMP_001259: ; Pos = 1a166 push ebx call FUNC_000070 pop ecx test eax,eax jnz JUMP_001260 xor eax,eax jmp short JUMP_001262 JUMP_001260: ; Pos = 1a175 push esi push ebx call FUNC_000066 add esp,byte +0x8 test eax,eax jnz JUMP_001261 xor eax,eax jmp short JUMP_001262 JUMP_001261: ; Pos = 1a187 push ebx call _ftell pop ecx sub [DATA_008660],eax push ebx mov eax,[DATA_008660] push eax push byte +0x1 mov eax,[ebp+0xc] push eax call _fread add esp,byte +0x10 push ebx call _fclose pop ecx mov eax,0x1 JUMP_001262: ; Pos = 1a1be pop esi pop ebx pop ecx pop ebp ret ; void F178 (FileInfo *file) ; Sets FileInfo struct at D8661 to file. FUNC_000178_CdrFileSetLastLoaded: ; Pos = 1a1c4 push ebp mov ebp,esp push esi push edi mov eax,[ebp+0x8] mov esi,eax mov edi,DATA_008661 mov ecx,0x6 rep movsd pop edi pop esi pop ebp ret ; void F179 (int ffcode, StrVars *vars) ; Writes dialog string to screen FUNC_000179_SysMenuWriteDialogString: ; Pos = 1a1e0 push ebp mov ebp,esp push ecx mov word [ebp-0x4],0x6 mov ax,0x9 mov [ebp-0x2],ax push byte +0x0 movsx eax,ax push eax movsx eax,word [ebp-0x4] push eax push byte +0x11 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 pop ecx pop ebp ret ; void F180 (void) ; Displays file not commander error FUNC_000180_CdrFileDispErrorNotCmmdr: ; Pos = 1a214 push ebp mov ebp,esp push dword 0x9419 call near [DATA_004937] ; FUNC_000183_CdrFileDispErrorDirect pop ecx pop ebp ret ; void F181 (int ffcode, StrVars *vars) ; Writes string to screen - color 0x10, x=0x64, y=0x5a ; Waits until keypress or 5 seconds, then refreshes file dialog FUNC_000181_CdrFileDispErrorInternal: ; Pos = 1a228 push ebp mov ebp,esp push ecx push ebx push esi mov word [ebp-0x4],0x64 mov ax,0x5a mov [ebp-0x2],ax push byte +0x0 movsx eax,ax push eax movsx eax,word [ebp-0x4] push eax push byte +0x10 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call FUNC_001637_FlipScreen call _TimerGetTimeStamp mov ebx,eax lea esi,[ebx+0x1388] JUMP_001263: ; Pos = 1a26c call near [DATA_007672] ; FUNC_001414_GuiGetLastAction test al,al jnz JUMP_001264 cmp ebx,byte -0x1 jz JUMP_001263 cmp esi,ebx jng JUMP_001264 call _TimerGetTimeStamp mov ebx,eax jmp short JUMP_001263 JUMP_001264: ; Pos = 1a288 call near [DATA_004950] ; FUNC_000203_SysMenuReadDirectory call near [DATA_004941] ; FUNC_000191_SysMenuDrawFileDialog pop esi pop ebx pop ecx pop ebp ret ; void F182 (int errorcode) ; Prints string corresponding to error code, calls F181 FUNC_000182_CdrFileDispErrorCode: ; Pos = 1a29c push ebp mov ebp,esp add esp,byte -0x14 call FUNC_001618_ClearUpperBuf mov eax,[ebp+0x8] cmp eax,byte +0x13 jg JUMP_001265 jz near JUMP_001269 cmp eax,byte +0xf ja near JUMP_001273 jmp near [eax*4+DATA_000015] SECTION .data DATA_000015: ; Pos = 1a2c5 dd JUMP_001273 dd JUMP_001273 dd JUMP_001268 dd JUMP_001272 dd JUMP_001273 dd JUMP_001271 dd JUMP_001273 dd JUMP_001273 dd JUMP_001270 dd JUMP_001273 dd JUMP_001273 dd JUMP_001273 dd JUMP_001273 dd JUMP_001273 dd JUMP_001273 dd JUMP_001272 SECTION .text JUMP_001265: ; Pos = 1a305 cmp eax,byte +0x19 jnl JUMP_001266 sub eax,byte +0x15 jz JUMP_001272 sub eax,byte +0x2 jz JUMP_001267 jmp short JUMP_001273 JUMP_001266: ; Pos = 1a316 add eax,byte -0x19 sub eax,byte +0x3 jc JUMP_001267 sub eax,byte +0x3 jz JUMP_001267 sub eax,byte +0x31 jnz JUMP_001273 mov eax,0x9412 jmp short JUMP_001274 JUMP_001267: ; Pos = 1a32f mov eax,0x9414 jmp short JUMP_001274 JUMP_001268: ; Pos = 1a336 mov eax,0x9413 jmp short JUMP_001274 JUMP_001269: ; Pos = 1a33d mov eax,0x9415 jmp short JUMP_001274 JUMP_001270: ; Pos = 1a344 mov eax,0x9416 jmp short JUMP_001274 JUMP_001271: ; Pos = 1a34b mov eax,0x9417 jmp short JUMP_001274 JUMP_001272: ; Pos = 1a352 mov eax,0x9418 jmp short JUMP_001274 JUMP_001273: ; Pos = 1a359 mov eax,[DATA_008658] mov [ebp-0x14],eax mov eax,0x9410 JUMP_001274: ; Pos = 1a366 lea edx,[ebp-0x14] push edx push eax call FUNC_000181_CdrFileDispErrorInternal add esp,byte +0x8 mov esp,ebp pop ebp ret ; void F183 (int ffcode) ; Print error string ffcode, calls F181 FUNC_000183_CdrFileDispErrorDirect: ; Pos = 1a378 push ebp mov ebp,esp add esp,byte -0x14 call FUNC_001618_ClearUpperBuf lea eax,[ebp-0x14] push eax mov eax,[ebp+0x8] push eax call FUNC_000181_CdrFileDispErrorInternal add esp,byte +0x8 mov esp,ebp pop ebp ret ; void F184 (void) ; Increments save file extension at D9119/D9120 FUNC_000184_CdrFileIncFileExtension: ; Pos = 1a398 inc byte [DATA_009120] cmp byte [DATA_009120],0x39 jng JUMP_001275 mov byte [DATA_009120],0x30 inc byte [DATA_009119] cmp byte [DATA_009119],0x39 jng JUMP_001275 mov byte [DATA_009119],0x30 JUMP_001275: ; Pos = 1a3c4 ret ; void F185 (FileInfo *file) ; Process file selection in load file dialog ; Loads commander file, writes error to [D8658] if any. FUNC_000185_SysMenuLoadCdrFile: ; Pos = 1a3c8 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x8] mov edi,DATA_008804 mov eax,[esi+0x14] cmp eax,[DATA_008670] ja JUMP_001276 cmp eax,0x258 jnc JUMP_001277 JUMP_001276: ; Pos = 1a3e8 call near [DATA_004936] ; FUNC_000180_CdrFileDispErrorNotCmmdr jmp JUMP_001290 JUMP_001277: ; Pos = 1a3f3 call FUNC_001903_SoundStopSong mov eax,[esi+0x14] mov [DATA_008660],eax push esi call near [DATA_004925] ; FUNC_000178_CdrFileSetLastLoaded pop ecx mov eax,[DATA_008670] push eax call _malloc pop ecx mov ebx,eax test ebx,ebx jnz JUMP_001278 mov eax,0x8 mov [DATA_008658],eax push eax call FUNC_000182_CdrFileDispErrorCode pop ecx jmp JUMP_001290 JUMP_001278: ; Pos = 1a430 push dword DATA_008658 mov eax,[DATA_008670] push eax push ebx push esi call near [DATA_004956] ; FUNC_000176_CdrFileLoadInternal add esp,byte +0x10 test eax,eax jnz JUMP_001279 push ebx call _free pop ecx mov eax,[DATA_008658] push eax call FUNC_000182_CdrFileDispErrorCode pop ecx jmp JUMP_001290 JUMP_001279: ; Pos = 1a462 mov eax,[DATA_008660] push eax push ebx call FUNC_000171_CdrFileUnmangleData add esp,byte +0x8 test eax,eax jnz JUMP_001280 call near [DATA_004936] ; FUNC_000180_CdrFileDispErrorNotCmmdr push ebx call _free pop ecx jmp JUMP_001290 JUMP_001280: ; Pos = 1a487 push ebx call _free pop ecx call near [DATA_004948] ; FUNC_000184_CdrFileIncFileExtension cmp word [edi+0x172],0xea60 jna JUMP_001281 mov word [edi+0x172],0x64 JUMP_001281: ; Pos = 1a4a8 cmp dword [edi+0x118],byte +0x0 jnl JUMP_001283 xor eax,eax mov [edi+0x118],eax xor edx,edx lea eax,[edi+0x134] JUMP_001282: ; Pos = 1a4c1 movzx ecx,word [eax] add [edi+0x118],ecx inc edx add eax,byte +0x2 cmp edx,byte +0x26 jl JUMP_001282 mov eax,[edi+0x118] mov [edi+0x120],eax JUMP_001283: ; Pos = 1a4df cmp dword [edi+0x214],byte +0x0 jnl JUMP_001284 mov eax,[edi+0x214] mov edx,eax neg eax mov [edi+0x214],eax JUMP_001284: ; Pos = 1a4f8 cmp dword [edi+0x218],byte +0x0 jng JUMP_001285 mov eax,[edi+0x218] mov edx,eax neg eax mov [edi+0x218],eax JUMP_001285: ; Pos = 1a511 cmp dword [edi+0x21c],byte +0x0 jnl JUMP_001286 mov eax,[edi+0x21c] mov edx,eax neg eax mov [edi+0x21c],eax JUMP_001286: ; Pos = 1a52a cmp dword [edi+0x220],byte +0x0 jng JUMP_001287 mov eax,[edi+0x220] mov edx,eax neg eax mov [edi+0x220],eax JUMP_001287: ; Pos = 1a543 cmp dword [edi+0x224],byte +0x0 jnl JUMP_001288 mov eax,[edi+0x224] mov edx,eax neg eax mov [edi+0x224],eax JUMP_001288: ; Pos = 1a55c cmp dword [edi+0x228],byte +0x0 jng JUMP_001289 mov eax,[edi+0x228] mov edx,eax neg eax mov [edi+0x228],eax JUMP_001289: ; Pos = 1a575 cmp dword [DATA_008804+0x3f7e], 0 jnz .nofudge mov eax, [DATA_008804+0x3f4c] mov [DATA_008804+0x3f7e], eax mov byte [DATA_008804+0x3f86], 0xff mov byte [DATA_008804+0x3f87], 0xff mov byte [DATA_008804+0x3f88], 4 .nofudge: call near [DATA_007215] ; FUNC_000919 JUMP_001290: ; Pos = 1a57b pop edi pop esi pop ebx pop ebp ret ; void F186 (FileInfo *file) ; Process selection in save file dialog ; Changes file save name to selected FUNC_000186_SysMenuUpdateSaveName: ; Pos = 1a580 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov edx,ebx mov ecx,DATA_009117 JUMP_001291: ; Pos = 1a58e mov al,[edx] cmp al,0x2e jnz JUMP_001292 cmp ebx,edx jz JUMP_001293 xor eax,eax JUMP_001292: ; Pos = 1a59a inc edx mov [ecx],al inc ecx test al,al jnz JUMP_001291 JUMP_001293: ; Pos = 1a5a2 call near [DATA_004944] ; FUNC_000195_SysMenuDrawSaveDialog pop ebx pop ebp ret ; void F187 (FileInfo *file) ; Process selection in file delete dialog FUNC_000187_SysMenuDeleteFile: ; Pos = 1a5ac push ebp mov ebp,esp push dword DATA_008658 mov eax,[ebp+0x8] push eax call near [DATA_004958] ; FUNC_000173_CdrFileDeleteInternal add esp,byte +0x8 test eax,eax jnz JUMP_001294 mov eax,[DATA_008658] push eax call FUNC_000182_CdrFileDispErrorCode pop ecx JUMP_001294: ; Pos = 1a5d1 call near [DATA_004950] ; FUNC_000203_SysMenuReadDirectory call near [DATA_004946] ; FUNC_000197_SysMenuDrawDeleteDialog pop ebp ret ; void F190 (FileInfo *dir) ; Navigates directory tree and redraws dialog FUNC_000190_SysMenuChangeDir: ; Pos = 1a61c push ebp mov ebp, esp push dword [ebp+0x8] call _DirNavigateTree pop ecx call near [DATA_004950] ; FUNC_000203_SysMenuReadDirectory call near [DATA_004941] ; FUNC_000191_SysMenuDrawFileDialog pop ebp ret ; void F191 (void) ; Draws a file dialog depending on value of [D9044] FUNC_000191_SysMenuDrawFileDialog: ; Pos = 1a644 push ebp mov ebp,esp mov al,[DATA_009044] sub al,0x3 jz JUMP_001297 dec al jz JUMP_001298 jmp short JUMP_001299 JUMP_001297: ; Pos = 1a656 call near [DATA_004944] ; FUNC_000195_SysMenuDrawSaveDialog pop ebp ret JUMP_001298: ; Pos = 1a65e call near [DATA_004946] ; FUNC_000197_SysMenuDrawDeleteDialog pop ebp ret JUMP_001299: ; Pos = 1a666 call near [DATA_004942] ; FUNC_000193_SysMenuDrawLoadDialog pop ebp ret ; void F192 (void) ; Initialises and draws file load dialog FUNC_000192_SysMenuSelectLoadDialog: ; Pos = 1a670 push ebp mov ebp,esp mov byte [DATA_009044],0x2 call near [DATA_004950] ; FUNC_000203_SysMenuReadDirectory call near [DATA_004942] ; FUNC_000193_SysMenuDrawLoadDialog pop ebp ret ; void F193 (void) ; Draw file load dialog to the screen FUNC_000193_SysMenuDrawLoadDialog: ; Pos = 1a688 push ebp mov ebp,esp add esp,byte -0x18 call FUNC_001618_ClearUpperBuf mov word [ebp-0x4],0x32 mov ax,0x5 mov [ebp-0x2],ax push byte +0x0 movsx eax,ax push eax movsx eax,word [ebp-0x4] push eax push byte +0x10 lea eax,[ebp-0x18] push eax push dword 0x9406 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call near [DATA_004949] ; FUNC_000198_SysMenuDrawFiles push byte +0x0 push byte +0x5 push byte +0x14 push byte +0x11 lea eax,[ebp-0x18] push eax push dword 0x9405 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 push dword DATA_004906 call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx push byte +0x5 push byte +0x5 push byte +0x2c call FUNC_001621_BlitIndexToBuf add esp,byte +0xc call FUNC_001637_FlipScreen mov esp,ebp pop ebp ret ; void F194 (void) ; Initialises and draws file save dialog FUNC_000194_SysMenuSelectSaveDialog: ; Pos = 1a704 push ebp mov ebp,esp mov byte [DATA_009044],0x3 call near [DATA_004950] ; FUNC_000203_SysMenuReadDirectory call near [DATA_004944] ; FUNC_000195_SysMenuDrawSaveDialog pop ebp ret ; void F195 (void) ; Draw file save dialog to the screen FUNC_000195_SysMenuDrawSaveDialog: ; Pos = 1a71c push ebp mov ebp,esp add esp,byte -0x18 call FUNC_001618_ClearUpperBuf mov word [ebp-0x4],0x2d mov ax,0x5 mov [ebp-0x2],ax mov edx,DATA_009117 mov [ebp-0xc],edx mov edx,DATA_009118 mov [ebp-0x8],edx push byte +0x0 movsx eax,ax push eax movsx eax,word [ebp-0x4] push eax push byte +0x10 lea eax,[ebp-0x18] push eax push dword 0x9408 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call near [DATA_004949] ; FUNC_000198_SysMenuDrawFiles push dword DATA_004909 call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx mov ax,[DATA_004909] mov [ebp-0x4],ax mov ax,[DATA_004910] mov [ebp-0x2],ax movsx eax,ax push eax movsx eax,word [ebp-0x4] push eax push byte +0x2d call FUNC_001621_BlitIndexToBuf add esp,byte +0xc push byte +0x0 push byte +0x5 push byte +0x14 push byte +0x11 lea eax,[ebp-0x18] push eax push dword 0x9405 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 push dword DATA_004906 call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx push byte +0x5 push byte +0x5 push byte +0x2c call FUNC_001621_BlitIndexToBuf add esp,byte +0xc call FUNC_001637_FlipScreen mov esp,ebp pop ebp ret ; void F196 (void) ; Initialises and draws file delete dialog FUNC_000196_SysMenuSelectDeleteDialog: ; Pos = 1a7dc push ebp mov ebp,esp mov byte [DATA_009044],0x4 call near [DATA_004950] ; FUNC_000203_SysMenuReadDirectory call near [DATA_004946] ; FUNC_000197_SysMenuDrawDeleteDialog pop ebp ret ; void F197 (void) ; Draw file delete dialog to the screen FUNC_000197_SysMenuDrawDeleteDialog: ; Pos = 1a7f4 push ebp mov ebp,esp add esp,byte -0x18 call FUNC_001618_ClearUpperBuf mov word [ebp-0x4],0x32 mov ax,0x5 mov [ebp-0x2],ax push byte +0x0 movsx eax,ax push eax movsx eax,word [ebp-0x4] push eax push byte +0x10 lea eax,[ebp-0x18] push eax push dword 0x9407 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call near [DATA_004949] ; FUNC_000198_SysMenuDrawFiles push byte +0x0 push byte +0x5 push byte +0x14 push byte +0x11 lea eax,[ebp-0x18] push eax push dword 0x9405 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 push dword DATA_004906 call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx push byte +0x5 push byte +0x5 push byte +0x2c call FUNC_001621_BlitIndexToBuf add esp,byte +0xc call FUNC_001637_FlipScreen mov esp,ebp pop ebp ret ; void F198 (void) ; Draw all file items and current directory name to screen FUNC_000198_SysMenuDrawFiles: ; Pos = 1a870 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi lea edi,[ebp-0x4] call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas mov word [edi],0xa mov ax,0xf mov [edi+0x2],ax call _DirGetCmmdrPath mov [ebp-0xc],eax push byte +0x0 movsx eax,word [edi+0x2] push eax movsx eax,word [edi] push eax push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x940a call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 cmp dword [DATA_008659],byte +0x0 jz near JUMP_001307 xor ebx,ebx mov word [edi],0xa mov word [edi+0x2],0x1e jmp JUMP_001306 JUMP_001300: ; Pos = 1a8d4 mov eax,ebx shl eax,0x3 lea eax,[eax+eax*2] add eax,DATA_008665 mov edx,[eax+0x10] sub edx,byte +0x1 jc JUMP_001301 dec edx jz JUMP_001302 sub edx,byte +0x2 jz JUMP_001303 sub edx,byte +0x2 jz JUMP_001304 jmp short JUMP_001304 JUMP_001301: ; Pos = 1a8f9 mov esi,0xa jmp short JUMP_001305 JUMP_001302: ; Pos = 1a900 mov esi,0x10 jmp short JUMP_001305 JUMP_001303: ; Pos = 1a907 mov esi,0x5f jmp short JUMP_001305 JUMP_001304: ; Pos = 1a90e mov esi,0x11 JUMP_001305: ; Pos = 1a913 push esi movsx edx,word [edi+0x2] push edx movsx edx,word [edi] push edx push eax call FUNC_001589_WriteStringShadowed add esp,byte +0x10 lea eax,[ebx+0x80] push eax push byte +0x5 push byte +0x1f movsx eax,word [edi+0x2] add eax,byte +0x4 push eax movsx eax,word [edi] add eax,byte +0x1d push eax call near [DATA_007678] ; FUNC_001441_GuiAddHotRect add esp,byte +0x14 inc ebx add word [edi+0x2],byte +0xa cmp word [edi+0x2],0x94 jl JUMP_001306 add word [edi],byte +0x3e mov word [edi+0x2],0x1e JUMP_001306: ; Pos = 1a961 cmp ebx,[DATA_008659] jl near JUMP_001300 JUMP_001307: ; Pos = 1a96d pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; void F199 (FileInfo *item) ; Adds file item to array at D8665, total so far at D8659 FUNC_000199_SysMenuAddFile: ; Pos = 1a974 push ebp mov ebp,esp push esi push edi cmp dword [DATA_008659],byte +0x40 jnl JUMP_001308 mov eax,[DATA_008659] lea eax,[eax+eax*2] mov edx,[ebp+0x8] lea edi,[eax*8+DATA_008665] mov esi,edx mov ecx,0x6 rep movsd inc dword [DATA_008659] JUMP_001308: ; Pos = 1a9a3 pop edi pop esi pop ebp ret ; void F201 (void) ; Internal function for below. Calls F199 for each item. FUNC_000201_SysMenuReadDirectoryInternal: ; Pos = 1a9b8 sub esp, byte 0x18 push ebx lea ebx, [ebp-0x18] push ebx call _DirFindFirst pop ecx test eax, eax jz .end .loop: push ebx call near [DATA_004951] ; FUNC_000199_SysMenuAddFile pop ecx push ebx call _DirFindNext pop ecx test eax, eax jnz .loop .end: pop ebx add esp, byte 0x18 ret ; void F203 (void) ; Reads all files, dirs, drives in current directory FUNC_000203_SysMenuReadDirectory: ; Pos = 1aaa8 push ebp mov ebp,esp add esp,byte -0x18 push esi push edi call FUNC_001618_ClearUpperBuf mov word [ebp-0x4],0x64 mov ax,0x46 mov [ebp-0x2],ax call _DirGetCmmdrPath mov [ebp-0xc],eax push byte +0x0 movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x940c call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call FUNC_001637_FlipScreen xor eax,eax mov [DATA_008659],eax call near [DATA_004960] ; FUNC_000201_SysMenuReadDirectoryInternal pop edi pop esi mov esp,ebp pop ebp ret ; void F204 (int action) ; Processes file dialog action (any dialog) FUNC_000204_SysMenuProcessFileDialogAction: ; Pos = 1ab60 push ebp mov ebp,esp add esp,byte -0x18 push esi push edi mov eax,[ebp+0x8] cmp al,0x80 jc JUMP_001318 cmp al,0xbf ja JUMP_001318 and eax,0xff add eax,byte -0x80 lea eax,[eax+eax*2] lea esi,[eax*8+DATA_008665] lea edi,[ebp-0x18] mov ecx,0x6 rep movsd lea eax,[ebp-0x18] push eax call near [DATA_004930] ; FUNC_000205_SysMenuProcessFileSelect pop ecx jmp short JUMP_001321 JUMP_001318: ; Pos = 1ab9c cmp byte [DATA_009044],0x3 jnz JUMP_001320 cmp al,0xd jnz JUMP_001319 lea eax,[ebp-0x18] push eax call near [DATA_004933] ; FUNC_000210_SysMenuSaveCdrFile pop ecx jmp short JUMP_001321 JUMP_001319: ; Pos = 1abb6 cmp al,0xe0 jnz JUMP_001321 call near [DATA_004934] ; FUNC_000212_SysMenuFileNameEntry jmp short JUMP_001321 JUMP_001320: ; Pos = 1abc2 push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx JUMP_001321: ; Pos = 1abca pop edi pop esi mov esp,ebp pop ebp ret ; void F205 (FileInfo *fileselected) ; Processes file/directory selection for all dialogs. FUNC_000205_SysMenuProcessFileSelect: ; Pos = 1abd0 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [eax+0x10],byte +0x0 jz JUMP_001322 push eax call near [DATA_004940] ; FUNC_000190_SysMenuChangeDir pop ecx pop ebp ret JUMP_001322: ; Pos = 1abe6 mov dl,[DATA_009044] sub dl,0x3 jz JUMP_001323 dec dl jz JUMP_001324 jmp short JUMP_001325 JUMP_001323: ; Pos = 1abf7 push eax call near [DATA_004932] ; FUNC_000186_SysMenuUpdateSaveName pop ecx pop ebp ret JUMP_001324: ; Pos = 1ac01 push eax call near [DATA_004935] ; FUNC_000187_SysMenuDeleteFile pop ecx pop ebp ret JUMP_001325: ; Pos = 1ac0b push eax call near [DATA_004931] ; FUNC_000185_SysMenuLoadCdrFile pop ecx pop ebp ret ; void F206 (void) ; Calls F216 if [D9044] != 0 FUNC_000206_SysMenuProcessIfOn: ; Pos = 1ac18 push ebp mov ebp,esp cmp byte [DATA_009044],0x0 jz JUMP_001326 push byte +0x0 call FUNC_000216_SysMenuProcessAction_Event4 pop ecx JUMP_001326: ; Pos = 1ac2c pop ebp ret ; void F207 (void) ; Copies temporary accel params into permanent ones FUNC_000207_SysMenuUpdateAccel: ; Pos = 1ac38 push ebp mov ebp,esp mov eax,[DATA_009012] mov [DATA_007706],eax mov eax,[DATA_009013] mov [DATA_009123],eax pop ebp ret ; void F208 (void) ; Processes accelerator 1x - 10000x actions, ; returns 1 if action was accel, otherwise 0 FUNC_000208_SysMenuProcessAccel: ; Pos = 1ac54 push ebp mov ebp,esp push ebx push esi xor esi,esi test byte [DATA_008835],0x0 jz JUMP_001327 xor eax,eax jmp JUMP_001339 JUMP_001327: ; Pos = 1ac6b call near [DATA_007672] ; FUNC_001414_GuiGetLastAction mov ebx,eax test bl,bl jnz JUMP_001328 xor eax,eax jmp JUMP_001339 JUMP_001328: ; Pos = 1ac7e cmp byte [DATA_008870],0x4 jnz JUMP_001331 cmp bl,0xc1 jc JUMP_001329 cmp bl,0xc5 jna JUMP_001330 JUMP_001329: ; Pos = 1ac91 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx xor eax,eax jmp JUMP_001339 JUMP_001330: ; Pos = 1aca0 mov dword [DATA_009012],0xf880000 mov dword [DATA_009013],0x12 mov esi,0x1 mov eax,esi jmp JUMP_001339 JUMP_001331: ; Pos = 1acc0 xor eax,eax mov al,bl cmp eax, 0x3a jz near JUMP_001337 cmp eax, 0x30 jnz .nomod mov eax, 0x3a .nomod: cmp eax, 0xc1 jl .notrans cmp eax, 0xc5 jg .notrans sub eax, 0x8b .notrans add eax,0xffffffca ; was ffffff3f cmp eax,byte +0x4 ja near JUMP_001337 jmp near [eax*4+DATA_000016] SECTION .data DATA_000016: ; Pos = 1acd9 dd JUMP_001332 dd JUMP_001333 dd JUMP_001334 dd JUMP_001335 dd JUMP_001336 SECTION .text JUMP_001332: ; Pos = 1aced mov dword [DATA_009012],0x3e2 xor eax,eax mov [DATA_009013],eax mov esi,0x1 push byte +0x1 push byte +0x27 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_001338 JUMP_001333: ; Pos = 1ad14 mov dword [DATA_009012],0x26d6 mov dword [DATA_009013],0x3 sub dword [DATA_008808],0xc22e mov esi,0x1 push byte +0x1 push byte +0x28 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_001338 JUMP_001334: ; Pos = 1ad48 mov dword [DATA_009012],0x1845c mov dword [DATA_009013],0x7 sub dword [DATA_008808],0xc22e mov esi,0x1 push byte +0x1 push byte +0x29 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_001338 JUMP_001335: ; Pos = 1ad79 mov dword [DATA_009012],0xf2b98 mov dword [DATA_009013],0xa sub dword [DATA_008808],0xc22e mov esi,0x1 push byte +0x1 push byte +0x2a call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_001338 JUMP_001336: ; Pos = 1adaa mov dword [DATA_009012],0x97b3f0 mov dword [DATA_009013],0xc sub dword [DATA_008808],0xc22e mov esi,0x1 push byte +0x1 push byte +0x2b call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_001338 JUMP_001337: ; Pos = 1addb push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx JUMP_001338: ; Pos = 1ade3 mov eax,esi JUMP_001339: ; Pos = 1ade5 pop esi pop ebx pop ebp ret ; void F209 (void) ; Processes accelerator clicks, others if SysMenu enabled ; Calls F144 (3, 1, 0) if 1-10000 click FUNC_000209_SysMenuProcessBackground_Event3: ; Pos = 1adec push ebp mov ebp,esp push ebx call FUNC_000208_SysMenuProcessAccel mov ebx,eax cmp ebx,byte -0x1 jz JUMP_001342 test ebx,ebx jz JUMP_001341 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx cmp byte [DATA_009044],0x0 jz JUMP_001340 push byte +0x0 push byte +0x1 push byte +0x3 call FUNC_000144 add esp,byte +0xc JUMP_001340: ; Pos = 1ae1f push ebx call FUNC_000207_SysMenuUpdateAccel pop ecx pop ebx pop ebp ret JUMP_001341: ; Pos = 1ae29 call FUNC_000206_SysMenuProcessIfOn JUMP_001342: ; Pos = 1ae2e pop ebx pop ebp ret ; void F210 (FileInfo *file) ; Saves data to specified file FUNC_000210_SysMenuSaveCdrFile: ; Pos = 1ae34 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[DATA_008670] push eax call _malloc pop ecx mov esi,eax test esi,esi jnz JUMP_001343 mov eax,0x8 mov [DATA_008658],eax push eax call FUNC_000182_CdrFileDispErrorCode pop ecx jmp JUMP_001345 JUMP_001343: ; Pos = 1ae65 call near [DATA_004952] ; FUNC_000214_SysMenuZeroUnusedObjects push esi call FUNC_000170_CdrFileMangleData pop ecx mov [ebx+0x14],eax push esi mov esi,ebx mov edi,DATA_009117 xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi push dword DATA_009118 push ebx call _strcat add esp,byte +0x8 push ebx call near [DATA_004925] ; FUNC_000178_CdrFileSetLastLoaded pop ecx push dword DATA_008658 mov eax,[ebx+0x14] push eax push esi push ebx call near [DATA_004957] ; FUNC_000174_CdrFileSaveInternal add esp,byte +0x10 mov ebx,eax push esi call _free pop ecx test ebx,ebx jz JUMP_001344 call near [DATA_004950] ; FUNC_000203_SysMenuReadDirectory call near [DATA_004948] ; FUNC_000184_CdrFileIncFileExtension call near [DATA_004944] ; FUNC_000195_SysMenuDrawSaveDialog jmp short JUMP_001345 JUMP_001344: ; Pos = 1aee6 mov eax,[DATA_008658] push eax call FUNC_000182_CdrFileDispErrorCode pop ecx JUMP_001345: ; Pos = 1aef2 pop edi pop esi pop ebx pop ebp ret ; void F211 (char *name) ; Copies name to D8919 and D8920 FUNC_000211_SysMenuUpdateCmmdrName: ; Pos = 1aef8 push ebp mov ebp,esp push esi push edi mov eax,[ebp+0x8] mov esi,DATA_008919 mov edi,eax xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb mov esi,DATA_008920 mov edi,DATA_008919 xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop edi pop esi pop ebp ret ; void F212 (void) ; Text-entry process for save file name FUNC_000212_SysMenuFileNameEntry: ; Pos = 1af5c push ebp mov ebp,esp add esp,byte -0x10 call near [DATA_004944] ; FUNC_000195_SysMenuDrawSaveDialog xor eax,eax mov [DATA_008671],eax mov ax,[DATA_004911] mov [ebp-0x4],ax mov ax,[DATA_004912] mov [ebp-0x2],ax mov dx,[DATA_004913] mov [ebp-0xc],dx mov dx,[DATA_004914] mov [ebp-0xa],dx mov cx,[ebp-0xc] mov [ebp-0x8],cx mov [ebp-0x6],ax mov ax,[ebp-0x4] mov [ebp-0x10],ax mov [ebp-0xe],dx push byte +0x0 lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001607_DrawQuad add esp,byte +0x14 call FUNC_001637_FlipScreen push byte +0x1 push byte +0x0 push byte +0x5f movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax push byte +0x8 push dword DATA_009117 call FUNC_000129 add esp,byte +0x1c call near [DATA_004944] ; FUNC_000195_SysMenuDrawSaveDialog mov esp,ebp pop ebp ret ; void F213 (void) ; Text-entry process for commander name FUNC_000213_SysMenuCmmdrNameEntry: ; Pos = 1b004 push ebp mov ebp,esp add esp,byte -0x10 xor eax,eax mov [DATA_008671],eax mov ax,[DATA_004898] mov [ebp-0x4],ax mov ax,[DATA_004899] mov [ebp-0x2],ax mov dx,[DATA_004900] mov [ebp-0xc],dx mov dx,[DATA_004901] mov [ebp-0xa],dx mov cx,[ebp-0xc] mov [ebp-0x8],cx mov [ebp-0x6],ax mov ax,[ebp-0x4] mov [ebp-0x10],ax mov [ebp-0xe],dx push byte +0x0 lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001607_DrawQuad add esp,byte +0x14 call FUNC_001637_FlipScreen push byte +0x0 push byte +0x0 push byte +0x5f movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax push byte +0x7 push dword DATA_009121 call FUNC_000129 add esp,byte +0x1c push dword DATA_009121 call FUNC_000211_SysMenuUpdateCmmdrName pop ecx mov esp,ebp pop ebp ret FUNC_000214_SysMenuZeroUnusedObjects: ; Pos = 1b0a0 push ebp mov ebp,esp push ebx push esi mov esi,DATA_009133 push byte +0x0 push byte +0x4 call FUNC_000148 add esp,byte +0x8 mov ebx,0x72 JUMP_001346: ; Pos = 1b0bb lea edx,[ebx+ebx*4] lea edx,[ebx+edx*4] lea edx,[ebx+edx*8] add edx,edx mov eax,[esi] add edx,eax add edx,byte +0x74 test edx,edx jnz JUMP_001347 push eax push ebx call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 push dword 0x152 push byte +0x0 push eax call _memset add esp,byte +0xc JUMP_001347: ; Pos = 1b0ec dec ebx test ebx,ebx jnl JUMP_001346 pop esi pop ebx pop ebp ret ; void F215 (int songindex) ; Disables song and stops if currently playing FUNC_000215_SysMenuDisableSong: ; Pos = 1b0f8 push ebp mov ebp,esp mov eax,[ebp+0x8] xor byte [eax+DATA_009038],0xff jnz JUMP_001348 cmp eax,[DATA_009116] jnz JUMP_001348 call FUNC_001903_SoundStopSong JUMP_001348: ; Pos = 1b114 pop ebp ret ; void F216 (void) ; Processes input for all SysMenu dialogs FUNC_000216_SysMenuProcessAction_Event4: ; Pos = 1b118 push ebp mov ebp,esp call near [DATA_007672] ; FUNC_001414_GuiGetLastAction test al,al jz near JUMP_001412 xor edx,edx mov dl,al cmp edx,0xf8 jg JUMP_001349 jz JUMP_001351 cmp byte [DATA_009044],0x1 jnz .entry30 cmp edx,0x9e jz JUMP_001354 .entry30: sub edx, 0xc0 jz JUMP_001354 sub edx,byte +0x37 jz JUMP_001350 jmp short JUMP_001355 JUMP_001349: ; Pos = 1b14b sub edx,0xf9 jz JUMP_001352 dec edx jz JUMP_001353 jmp short JUMP_001355 JUMP_001350: ; Pos = 1b158 call near [DATA_004961] ; FUNC_000192_SysMenuSelectLoadDialog pop ebp ret JUMP_001351: ; Pos = 1b160 call near [DATA_004943] ; FUNC_000194_SysMenuSelectSaveDialog pop ebp ret JUMP_001352: ; Pos = 1b168 call near [DATA_004945] ; FUNC_000196_SysMenuSelectDeleteDialog pop ebp ret JUMP_001353: ; Pos = 1b170 call near [DATA_004947] ; FUNC_000230_SysMenuNewGame pop ebp ret JUMP_001354: ; Pos = 1b178 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas xor eax,eax mov [DATA_004897],eax mov eax,[DATA_004897] mov eax,[eax*4+DATA_004907] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx call near [DATA_004926] ; FUNC_000228_SysMenuUpdateGfxDetail call near [DATA_004927] ; FUNC_000225_SysMenuDisplayNonFile mov byte [DATA_009044],0x1 pop ebp ret JUMP_001355: ; Pos = 1b1b6 cmp byte [DATA_009044],0x1 jz JUMP_001356 push eax call near [DATA_004929] ; FUNC_000204_SysMenuProcessFileDialogAction pop ecx pop ebp ret JUMP_001356: ; Pos = 1b1c9 mov edx,[DATA_004897] dec edx jz JUMP_001357 dec edx jz near JUMP_001383 dec edx jz near JUMP_001361 dec edx jz near JUMP_001374 jmp JUMP_001398 JUMP_001357: ; Pos = 1b1e8 mov edx,eax add dl,0x7f sub dl,0x4 jc JUMP_001358 sub dl,0x5 jc JUMP_SpaceColor sub dl,0x14 jz JUMP_001359 jmp short JUMP_001360 JUMP_001358: ; Pos = 1b1f9 xor edx,edx mov [DATA_008804+0x3f4c],edx mov [DATA_008804+0x3f7e],edx and eax,0xff sub eax,0x81 mov byte [DATA_008804+0x3f4c+eax],0xff mov byte [DATA_008804+0x3f7e+eax],0xff jmp JUMP_001411 JUMP_SpaceColor: xor edx,edx mov [DATA_008804+0x3f82],edx mov [DATA_008804+0x3f86],dl and eax,0xff sub eax,0x85 mov byte [DATA_008804+0x3f82+eax],0xff mov byte [DATA_008804+0x3f88],al jmp JUMP_001411 JUMP_001359: ; Pos = 1b224 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas xor eax,eax mov [DATA_004897],eax mov eax,[DATA_004897] mov eax,[eax*4+DATA_004907] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx jmp JUMP_001411 JUMP_001360: ; Pos = 1b24a push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx pop ebp ret JUMP_001361: ; Pos = 1b254 xor edx,edx mov dl,al add edx,0xffffff7b cmp edx,byte +0x19 ja near JUMP_001373 mov dl,[edx+DATA_000017] jmp near [edx*4+DATA_000018] SECTION .data DATA_000017: ; Pos = 1b274 db 0xb, 0xa, 0x9, 0x8, 0x7, 0x6, 0x5, 0x4 db 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 db 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 db 0x0, 0x1 DATA_000018: ; Pos = 1b28e dd JUMP_001373 dd JUMP_001372 dd JUMP_001371 dd JUMP_001370 dd JUMP_001369 dd JUMP_001368 dd JUMP_001367 dd JUMP_001366 dd JUMP_001365 dd JUMP_001364 dd JUMP_001363 dd JUMP_001362 SECTION .text JUMP_001362: ; Pos = 1b2be xor byte [DATA_009018],0xff jnz near JUMP_001411 call near [DATA_007213] ; FUNC_000914 jmp JUMP_001411 JUMP_001363: ; Pos = 1b2d6 not byte [DATA_009019] jmp JUMP_001411 JUMP_001364: ; Pos = 1b2e1 not byte [DATA_009020] jmp JUMP_001411 JUMP_001365: ; Pos = 1b2ec not byte [DATA_009021] jmp JUMP_001411 JUMP_001366: ; Pos = 1b2f7 not byte [DATA_009022] jmp JUMP_001411 JUMP_001367: ; Pos = 1b302 not byte [DATA_009023] jmp JUMP_001411 JUMP_001368: ; Pos = 1b30d not byte [DATA_009024] jmp JUMP_001411 JUMP_001369: ; Pos = 1b318 not byte [DATA_009025] jmp JUMP_001411 JUMP_001370: ; Pos = 1b323 not byte [DATA_009026] xor byte [DATA_009118],0x2e jmp JUMP_001411 JUMP_001371: ; Pos = 1b335 not byte [DATA_009027] jmp JUMP_001411 JUMP_001372: ; Pos = 1b340 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas xor eax,eax mov [DATA_004897],eax mov eax,[DATA_004897] mov eax,[eax*4+DATA_004907] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx jmp JUMP_001411 JUMP_001373: ; Pos = 1b366 push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx pop ebp ret JUMP_001374: ; Pos = 1b370 xor edx,edx mov dl,al cmp edx,0x84 jg JUMP_001375 jz JUMP_001379 sub edx,0x81 jz JUMP_001376 dec edx jz JUMP_001377 dec edx jz JUMP_001378 jmp JUMP_001382 JUMP_001375: ; Pos = 1b391 sub edx,0x85 jz JUMP_001380 sub edx,byte +0x19 jz JUMP_001381 jmp JUMP_001382 JUMP_001376: ; Pos = 1b3a3 not byte [DATA_009039] xor word [DATA_008949],byte +0x20 jmp JUMP_001411 JUMP_001377: ; Pos = 1b3b6 not byte [DATA_009040] xor word [DATA_008949],byte +0x1 jmp JUMP_001411 JUMP_001378: ; Pos = 1b3c9 not byte [DATA_009041] xor word [DATA_008949],byte +0x8 jmp JUMP_001411 JUMP_001379: ; Pos = 1b3dc not byte [DATA_009042] xor word [DATA_008949],byte +0x40 xor byte [DATA_008982],0x2 jmp JUMP_001411 JUMP_001380: ; Pos = 1b3f6 not byte [DATA_009043] xor byte [DATA_008982],0x4 jmp JUMP_001411 JUMP_001381: ; Pos = 1b408 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas xor eax,eax mov [DATA_004897],eax mov eax,[DATA_004897] mov eax,[eax*4+DATA_004907] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx jmp JUMP_001411 JUMP_001382: ; Pos = 1b42e push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx pop ebp ret JUMP_001383: ; Pos = 1b438 xor edx,edx mov dl,al add edx,0xffffff7f cmp edx,byte +0x1d ja near JUMP_001396 mov dl,[edx+DATA_000019] jmp near [edx*4+DATA_000020] SECTION .data DATA_000019: ; Pos = 1b458 db 0xb, 0xa, 0x9, 0x8, 0x7, 0x6, 0x5, 0x4 db 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 db 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 db 0x0, 0x0, 0x0, 0x0, 0x0, 0x1 DATA_000020: ; Pos = 1b476 dd JUMP_001396 dd JUMP_001395 dd JUMP_001386 dd JUMP_001394 dd JUMP_001393 dd JUMP_001390 dd JUMP_001392 dd JUMP_001389 dd JUMP_001391 dd JUMP_001388 dd JUMP_001385 dd JUMP_001384 SECTION .text JUMP_001384: ; Pos = 1b4a6 xor byte [DATA_009028],0xff jnz near JUMP_001411 call FUNC_001909_SoundStopAllSamples and byte [DATA_008835],0xf9 jmp JUMP_001411 JUMP_001385: ; Pos = 1b4c4 xor byte [DATA_009029],0xff jnz near JUMP_001411 cmp byte [DATA_009037],0x0 jz near JUMP_001411 call FUNC_001903_SoundStopSong jmp JUMP_001411 JUMP_001386: ; Pos = 1b4e8 xor byte [DATA_009037],0xff jnz JUMP_001387 call FUNC_001903_SoundStopSong jmp JUMP_001411 JUMP_001387: ; Pos = 1b4fb push byte -0x1 call FUNC_001902_SoundPlaySong pop ecx jmp JUMP_001411 JUMP_001388: ; Pos = 1b508 not byte [DATA_009030] jmp JUMP_001411 JUMP_001389: ; Pos = 1b513 xor byte [DATA_009032],0xff jnz near JUMP_001411 jmp JUMP_001411 JUMP_001390: ; Pos = 1b525 xor byte [DATA_009034],0xff jnz near JUMP_001411 and byte [DATA_008835],0xf9 jmp JUMP_001411 JUMP_001391: ; Pos = 1b53e not byte [DATA_009031] jmp JUMP_001411 JUMP_001392: ; Pos = 1b549 not byte [DATA_009033] jmp JUMP_001411 JUMP_001393: ; Pos = 1b554 not byte [DATA_009035] jmp JUMP_001411 JUMP_001394: ; Pos = 1b55f not byte [DATA_009036] jmp JUMP_001411 JUMP_001395: ; Pos = 1b56a call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas xor eax,eax mov [DATA_004897],eax mov eax,[DATA_004897] mov eax,[eax*4+DATA_004907] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx jmp JUMP_001411 JUMP_001396: ; Pos = 1b590 cmp al,0x8b jc JUMP_001397 cmp al,0x9b ja JUMP_001397 and eax,0xff add eax,0xffffff75 push eax call FUNC_000215_SysMenuDisableSong pop ecx jmp JUMP_001411 JUMP_001397: ; Pos = 1b5ae push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx pop ebp ret JUMP_001398: ; Pos = 1b5b8 xor edx,edx mov dl,al add edx,0xffffff7e cmp edx,byte +0xa ja near JUMP_001410 jmp near [edx*4+DATA_000021] SECTION .data DATA_000021: ; Pos = 1b5d2 dd JUMP_001400 dd JUMP_001401 dd JUMP_001402 dd JUMP_001403 dd JUMP_001404 dd JUMP_001406 dd JUMP_001405 dd JUMP_001407 dd JUMP_001408 dd JUMP_001409 dd JUMP_001399 SECTION .text JUMP_001399: ; Pos = 1b5fe call FUNC_000213_SysMenuCmmdrNameEntry jmp JUMP_001411 JUMP_001400: ; Pos = 1b608 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas mov dword [DATA_004897],0x1 mov eax,[DATA_004897] mov eax,[eax*4+DATA_004907] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx jmp JUMP_001411 JUMP_001401: ; Pos = 1b631 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas mov dword [DATA_004897],0x2 mov eax,[DATA_004897] mov eax,[eax*4+DATA_004907] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx jmp JUMP_001411 JUMP_001402: ; Pos = 1b65a call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas mov dword [DATA_004897],0x3 mov eax,[DATA_004897] mov eax,[eax*4+DATA_004907] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx jmp short JUMP_001411 JUMP_001403: ; Pos = 1b680 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas mov dword [DATA_004897],0x4 mov eax,[DATA_004897] mov eax,[eax*4+DATA_004907] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx jmp short JUMP_001411 JUMP_001404: ; Pos = 1b6a6 call FUNC_001529_SysExit jmp short JUMP_001411 JUMP_001405: ; Pos = 1b6ad call near [DATA_004961] ; FUNC_000192_SysMenuSelectLoadDialog pop ebp ret JUMP_001406: ; Pos = 1b6b5 call near [DATA_004943] ; FUNC_000194_SysMenuSelectSaveDialog pop ebp ret JUMP_001407: ; Pos = 1b6bd call near [DATA_004945] ; FUNC_000196_SysMenuSelectDeleteDialog pop ebp ret JUMP_001408: ; Pos = 1b6c5 push byte +0x0 call FUNC_000224_SysMenuProcessEsc_Event1 pop ecx pop ebp ret JUMP_001409: ; Pos = 1b6cf call near [DATA_004947] ; FUNC_000230_SysMenuNewGame pop ebp ret JUMP_001410: ; Pos = 1b6d7 push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx pop ebp ret JUMP_001411: ; Pos = 1b6e1 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx call near [DATA_004926] ; FUNC_000228_SysMenuUpdateGfxDetail call near [DATA_004927] ; FUNC_000225_SysMenuDisplayNonFile JUMP_001412: ; Pos = 1b6f5 pop ebp ret ; void F217 (void) ; Set time accel and button to play mode FUNC_000217_SysMenuPlayTime: ; Pos = 1b6f8 push ebp mov ebp,esp push ecx push ebx xor edx,edx mov eax,0x3e2 mov ebx,[DATA_007706] mov ecx,eax cmp ebx,ecx jz JUMP_001413 mov [DATA_009012],eax xor edx,edx mov [DATA_009013],edx mov [DATA_007706],ecx xor eax,eax mov [DATA_009123],eax xor eax,eax mov [DATA_009156],eax mov [DATA_009155],eax push byte +0x1 push byte +0x27 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 or edx,byte -0x1 JUMP_001413: ; Pos = 1b745 mov eax,edx pop ebx pop ecx pop ebp ret ; void F218 (int flags) ; if flags&0xff == 0, initialize ; if flags&0xff == 4, reset commander name ; and: if flags>>8 == 5, jump to load dialog ; if flags>>8 == 6, jump to load last FUNC_000218_SysMenuReset_Event0: ; Pos = 1b74c push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x8] xor eax,eax mov [DATA_004897],eax mov byte [DATA_009044],0x0 mov ebx,esi and bl,0xff test bl,bl jnz JUMP_001414 xor eax,eax mov [DATA_008662],eax call near [DATA_004921] ; FUNC_000219_SysMenuInit JUMP_001414: ; Pos = 1b779 push byte +0x1 push byte +0x27 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 cmp bl,0x4 jnz JUMP_001416 mov ebx,esi sar ebx,0x8 mov esi,DATA_009121 mov edi,DATA_004916 xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb push dword DATA_004916 call FUNC_000211_SysMenuUpdateCmmdrName pop ecx cmp bl,0x5 jnz JUMP_001415 call near [DATA_004923] ; FUNC_000222_SysMenuLoadDialogHotkey jmp short JUMP_001416 JUMP_001415: ; Pos = 1b7ce cmp bl,0x6 jnz JUMP_001416 call near [DATA_004922] ; FUNC_000221_SysMenuLoadLastHotkey JUMP_001416: ; Pos = 1b7d9 pop edi pop esi pop ebx pop ebp ret ; void F219 (void) ; Reset last file, file path, flag settings, ; Commander name, save file name FUNC_000219_SysMenuInit: ; Pos = 1b7e0 push ebp mov ebp,esp sub esp,0x100 push ebx push esi push edi mov ebx,DATA_008804 xor eax,eax mov [DATA_008662],eax push byte +0x32 push dword DATA_004895 lea eax,[ebx+0x3f4c] push eax call _memcpy add esp,byte +0xc mov eax, [DATA_008804+0x3f4c] mov [DATA_008804+0x3f7e], eax mov byte [DATA_008804+0x3f86], 0xff mov byte [DATA_008804+0x3f87], 0xff mov byte [DATA_008804+0x3f88], 4 call near [DATA_004926] ; FUNC_000228_SysMenuUpdateGfxDetail mov dword [ebx+0x3f44],0x3e2 push byte +0x1 push byte +0x27 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 xor eax,eax mov [ebx+0x3f48],eax mov edx,[ebx+0x3f44] mov [DATA_007706],edx mov [DATA_009123],eax call _DirResetCmmdrPath lea esi,[ebx+0x5538] mov edi,DATA_004917 xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb lea esi,[ebx+0x554c] mov edi,DATA_004918 xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb mov byte [ebx+0x554c],0x2e mov dword [DATA_008669],0xef0a and dword [DATA_008669],byte -0x2 mov dword [DATA_008670],0x186a0 pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; void F220 (void) ; Stops time, sets accel button to pause FUNC_000220_SysMenuStopTime: ; Pos = 1b930 push ebp mov ebp,esp xor eax,eax mov [DATA_009012],eax xor eax,eax mov [DATA_009013],eax xor eax,eax mov [DATA_009155],eax push byte +0x1 call FUNC_000207_SysMenuUpdateAccel pop ecx push byte +0x1 push byte +0x25 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebp ret ; void F221 (void) ; Loads last file, if present, otherwise goes to load dialog FUNC_000221_SysMenuLoadLastHotkey: ; Pos = 1b960 push ebp mov ebp,esp cmp dword [DATA_008662],byte +0x0 jnz JUMP_001418 call near [DATA_004923] ; FUNC_000222_SysMenuLoadDialogHotkey pop ebp ret JUMP_001418: ; Pos = 1b974 mov byte [DATA_009044],0x0 call FUNC_000220_SysMenuStopTime call near [DATA_004924] ; FUNC_000229_SysMenuSwitchOn mov byte [DATA_009044],0x2 push dword DATA_008661 call near [DATA_004931] ; FUNC_000185_SysMenuLoadCdrFile pop ecx pop ebp ret ; void F222 (void) ; Goes straight to SysMenu load dialog FUNC_000222_SysMenuLoadDialogHotkey: ; Pos = 1b99c push ebp mov ebp,esp mov byte [DATA_009044],0x0 call FUNC_000220_SysMenuStopTime call near [DATA_004924] ; FUNC_000229_SysMenuSwitchOn call near [DATA_004961] ; FUNC_000192_SysMenuSelectLoadDialog pop ebp ret ; void F223 (void) ; Calls Escape function of module 3, stops time FUNC_000223_SysMenuSignalModule3Esc: ; Pos = 1b9bc push ebp mov ebp,esp push byte +0x0 push byte +0x1 push byte +0x3 call FUNC_000144 add esp,byte +0xc call FUNC_000220_SysMenuStopTime pop ebp ret ; void F224 (void) ; Escape button actions FUNC_000224_SysMenuProcessEsc_Event1: ; Pos = 1b9d4 push ebp mov ebp,esp cmp dword [DATA_009012],byte +0x0 jz JUMP_001419 call FUNC_000220_SysMenuStopTime push byte +0x25 call FUNC_000264_ConsoleHideButton pop ecx push byte +0x26 call FUNC_000263_ConsoleShowButton pop ecx push byte +0x1 push byte +0x26 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebp ret JUMP_001419: ; Pos = 1ba03 cmp byte [DATA_009044],0x0 jz JUMP_001420 call FUNC_000223_SysMenuSignalModule3Esc push byte +0x25 call FUNC_000264_ConsoleHideButton pop ecx push byte +0x26 call FUNC_000263_ConsoleShowButton pop ecx push byte +0x1 push byte +0x26 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebp ret JUMP_001420: ; Pos = 1ba2f call near [DATA_004924] ; FUNC_000229_SysMenuSwitchOn mov eax,[DATA_004897] mov eax,[eax*4+DATA_004907] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx call near [DATA_004927] ; FUNC_000225_SysMenuDisplayNonFile push byte +0x26 call FUNC_000264_ConsoleHideButton pop ecx push byte +0x25 call FUNC_000263_ConsoleShowButton pop ecx push byte +0x1 push byte +0x25 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebp ret ; void F225 (void) ; Draws dialog text and buttons ; Dialog specified by [D4897] FUNC_000225_SysMenuDisplayNonFile: ; Pos = 1ba70 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov eax,[DATA_004897] mov eax,[eax*4+DATA_004896] mov [ebp-0x4],eax xor eax,eax mov esi,eax mov ebx,eax call FUNC_001618_ClearUpperBuf mov eax,[DATA_004897] mov edi,[eax*4+DATA_004907] mov eax,DATA_009121 mov [ebp-0xc],eax lea eax,[ebp-0x18] push eax mov eax,[DATA_004897] mov eax,[eax*4+DATA_004908] push eax call near [DATA_004928] ; FUNC_000179_SysMenuWriteDialogString add esp,byte +0x8 cmp dword [DATA_004897],byte +0x0 jnz JUMP_001421 inc ebx JUMP_001421: ; Pos = 1bacb lea eax,[esi+DATA_008804] mov edx,[ebp-0x4] lea eax,[eax+edx+0x3f4c] mov esi,eax lea eax,[ebx+ebx*4] lea eax,[edi+eax*4] mov ebx,eax jmp short JUMP_001425 JUMP_001422: ; Pos = 1bae7 mov eax,0x2d cmp dword [DATA_004897],byte +0x0 jnz JUMP_001423 mov eax,0x2c jmp short JUMP_001424 JUMP_001423: ; Pos = 1bafc cmp byte [esi],0x0 jz JUMP_001424 mov eax,0x2c JUMP_001424: ; Pos = 1bb06 mov edx,[ebx+0x4] push edx mov edx,[ebx] push edx push eax call FUNC_001621_BlitIndexToBuf add esp,byte +0xc add ebx,byte +0x14 inc esi JUMP_001425: ; Pos = 1bb1a cmp dword [ebx],byte +0x0 jnl JUMP_001422 call FUNC_001637_FlipScreen pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; char *F226 (int stringindex, StringVars *vars, char *dest) ; Expands string index FUNC_000226_SysMenuExpandString: ; Pos = 1bb2c push ebp mov ebp,esp push dword DATA_004894 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] and eax,0x1ff push eax mov eax,[ebp+0x10] push eax call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret ; void F227 (void) ; Sets accel to play, resets hot areas, [D9044] = 0 FUNC_000227_SysMenuSwitchOff_Event8: ; Pos = 1bb50 push ebp mov ebp,esp mov byte [DATA_009044],0x0 mov dword [DATA_009012],0x3e2 xor eax,eax mov [DATA_009013],eax push byte +0x1 call FUNC_000207_SysMenuUpdateAccel pop ecx push byte +0x1 push byte +0x27 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas call FUNC_001573 pop ebp ret ; void F228 (void) ; Modifies D8804 + 0x10-0x18 using 0x3f4c-0x3f4e FUNC_000228_SysMenuUpdateGfxDetail: ; Pos = 1bb90 mov eax,DATA_008804 cmp byte [eax+0x3f4c],0x0 jz JUMP_001426 mov dword [eax+0x10],0xffffffff mov dword [eax+0x14],0xfffffffe mov dword [eax+0x18],0x4100 ret JUMP_001426: ; Pos = 1bbb4 cmp byte [eax+0x3f4d],0x0 jz JUMP_001427 xor edx,edx mov [eax+0x10],edx xor edx,edx mov [eax+0x14],edx mov dword [eax+0x18],0x4030 ret JUMP_001427: ; Pos = 1bbcf cmp byte [eax+0x3f4e],0x0 jz JUMP_001428 mov dword [eax+0x10],0x1 mov dword [eax+0x14],0x1 xor edx,edx mov [eax+0x18],edx ret JUMP_001428: ; Pos = 1bbec mov dword [eax+0x10],0x1 mov dword [eax+0x14],0x1 xor edx,edx mov [eax+0x18],edx ret ; void F229 (void) ; Switches to SysMenu (module 10), stops clock FUNC_000229_SysMenuSwitchOn: ; Pos = 1bc00 push ebp mov ebp,esp push ecx push byte +0xa call near [DATA_007200] ; FUNC_000923 pop ecx mov byte [DATA_009044],0x1 push dword 0x941a call FUNC_000267 pop ecx mov word [ebp-0x4],0x100 mov word [ebp-0x2],0xbc xor eax,eax mov [DATA_009012],eax xor eax,eax mov [DATA_007706],eax mov al,0x3 mov [DATA_008655],al mov [DATA_008654],al mov [DATA_008653],al push dword DATA_008653 push byte +0x0 call FUNC_001572 add esp,byte +0x8 pop ecx pop ebp ret ; void F230 (void) ; Resets to intro FUNC_000230_SysMenuNewGame: ; Pos = 1bc5c push ebp mov ebp,esp call FUNC_000916 pop ebp ret ; void F232 (void) ; Starts new song if enabled and not playing FUNC_000232_SysMenuUpdateSong_Event10: ; Pos = 1c010 push ebp mov ebp,esp cmp dword [DATA_007900],byte +0x0 jz JUMP_001452 cmp dword [DATA_007901],byte +0x0 jz JUMP_001452 cmp byte [DATA_009037],0x0 jz JUMP_001452 cmp dword [DATA_009116],byte -0x1 jz JUMP_001451 call FUNC_001904_SoundSongDone dec eax jnz JUMP_001452 JUMP_001451: ; Pos = 1c03f push byte -0x1 call FUNC_001902_SoundPlaySong pop ecx JUMP_001452: ; Pos = 1c047 pop ebp ret FUNC_000233: ; Pos = 1c04c push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax] dec eax jz JUMP_001453 sub eax,byte +0x4 jz JUMP_001454 sub eax,byte +0xc jnz JUMP_001457 push byte +0x0 push byte +0x8 call FUNC_000237 add esp,byte +0x8 pop ebp ret JUMP_001453: ; Pos = 1c06f mov byte [DATA_008647],0x0 and byte [DATA_008646],0xfe pop ebp ret JUMP_001454: ; Pos = 1c07f call near [DATA_007752] ; FUNC_001530 and eax,byte +0x7 cmp eax,[DATA_009010] jnc JUMP_001457 xor edx,edx mov eax,0x20 JUMP_001455: ; Pos = 1c097 test byte [eax+DATA_008989],0x80 jz JUMP_001456 movzx ecx,word [eax*2+DATA_008896] add edx,ecx JUMP_001456: ; Pos = 1c0aa dec eax test eax,eax jnl JUMP_001455 test edx,edx jz JUMP_001457 push dword [DATA_008862] push byte +0x7 call FUNC_000237 add esp,byte +0x8 JUMP_001457: ; Pos = 1c0c3 pop ebp ret FUNC_000234: ; Pos = 1c0c5 push ebp mov ebp,esp push ebx push esi mov esi,DATA_009133 mov byte [DATA_009098],0x7f mov byte [DATA_009099],0x7f mov byte [DATA_009100],0x0 xor eax,eax mov [DATA_009101],eax mov ebx,0x72 JUMP_001458: ; Pos = 1c0f0 mov eax,[esi] test byte [eax+ebx],0x8 jz JUMP_001459 mov eax,[esi] test byte [eax+ebx],0x20 jnz JUMP_001459 imul eax,ebx,0x152 add eax,[esi] add eax,byte +0x74 push eax call FUNC_000235 pop ecx JUMP_001459: ; Pos = 1c112 dec ebx test ebx,ebx jg JUMP_001458 cmp dword [DATA_009101],byte +0x0 jz JUMP_001461 mov bl,[DATA_009098] sub bl,[ebp+0x8] test bl,bl jng JUMP_001460 cmp byte [ebp+0x8],0x32 jg JUMP_001460 call near [DATA_007752] ; FUNC_001530 and eax,byte +0x7 movsx edx,bl cmp eax,edx jna JUMP_001461 JUMP_001460: ; Pos = 1c143 mov eax,[DATA_009101] jmp short JUMP_001462 JUMP_001461: ; Pos = 1c14a xor eax,eax JUMP_001462: ; Pos = 1c14c pop esi pop ebx pop ebp ret FUNC_000235: ; Pos = 1c150 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,DATA_008804 cmp byte [eax+0x87],0xb jnz JUMP_001463 cmp byte [eax+0x118],0xe jnz near JUMP_001465 mov cl,[eax+0x88] cmp cl,[edx+0x5110] jg JUMP_001465 mov cl,[eax+0x86] mov [edx+0x5112],cl mov al,[eax+0x88] mov [edx+0x5110],al pop ebp ret JUMP_001463: ; Pos = 1c199 cmp byte [eax+0x87],0x1 jnz JUMP_001465 test byte [eax+0x14c],0x10 jz JUMP_001465 mov cl,[eax+0x88] cmp cl,[edx+0x5111] jg JUMP_001464 mov [edx+0x5114],eax mov cl,[eax+0x88] mov [edx+0x5111],cl JUMP_001464: ; Pos = 1c1cb mov cl,[eax+0x88] cmp cl,[edx+0x5110] jg JUMP_001465 mov cl,[eax+0x86] mov [edx+0x5112],cl mov al,[eax+0x88] mov [edx+0x5110],al JUMP_001465: ; Pos = 1c1f1 pop ebp ret FUNC_000236: ; Pos = 1c1f3 push ebp mov ebp,esp add esp,0xffffff1c push ebx push esi push edi mov edi,[ebp+0xc] mov ebx,[ebp+0x8] mov esi,DATA_008804 push esi push edi mov esi,DATA_005039 lea edi,[ebp+0xffffff64] mov ecx,0x26 rep movsd movsw pop edi pop esi mov eax,edi shl eax,0x3 sub eax,edi mov eax,[ebp+eax*2+0xffffff64] mov [ebp+0xffffff60],eax mov eax,edi shl eax,0x3 sub eax,edi mov eax,[ebp+eax*2+0xffffff68] mov [ebp+0xffffff54],eax mov eax,edi shl eax,0x3 sub eax,edi mov al,[ebp+eax*2+0xffffff70] mov [ebp+0xffffff5f],al mov eax,edi shl eax,0x3 sub eax,edi mov eax,[ebp+eax*2+0xffffff6c] mov [ebp+0xffffff50],eax movzx eax,word [esi+0x43c] cmp ebx,eax jnz JUMP_001466 test byte [ebp+0xffffff5f],0x4 jz JUMP_001466 mov al,[ebp+0xffffff50] add al,[esi+0x3f3a] push eax call FUNC_000234 pop ecx mov [ebp+0xffffff4c],eax test eax,eax jz near JUMP_001474 mov eax,[ebp+0xffffff4c] mov [esi+0x50dc],eax jmp short JUMP_001467 JUMP_001466: ; Pos = 1c2b5 cmp dword [ebp+0x10],byte +0x0 jz JUMP_001467 mov eax,[ebp+0x10] mov [esi+0x50dc],eax JUMP_001467: ; Pos = 1c2c4 mov eax,[esi+ebx*4+0x50f8] mov [ebp+0xffffff58],eax mov eax,[ebp+0xffffff54] add eax,eax lea eax,[eax+eax*4] add [esi+ebx*4+0x50f8],eax mov eax,[esi+ebx*4+0x50f8] cmp eax,[ebp+0xffffff58] jnl JUMP_001468 mov eax,[ebp+0xffffff58] mov [esi+ebx*4+0x50f8],eax JUMP_001468: ; Pos = 1c2ff mov eax,[esi+ebx*4+0x184] add eax,[ebp+0xffffff60] cmp eax,[esi+ebx*4+0x184] jnl JUMP_001469 mov dword [esi+ebx*4+0x184],0xffffffff jmp short JUMP_001470 JUMP_001469: ; Pos = 1c322 mov [esi+ebx*4+0x184],eax JUMP_001470: ; Pos = 1c329 mov ecx,edi mov eax,0x1 shl eax,cl or [esi+ebx*4+0x50e0],eax push ebx push byte +0x0 push byte +0xa call FUNC_000048 add esp,byte +0xc push ebx push byte +0x0 push byte +0x11 call FUNC_000048 add esp,byte +0xc push ebx push byte +0x0 push byte +0x15 call FUNC_000048 add esp,byte +0xc movzx eax,word [esi+0x43c] cmp ebx,eax jnz near JUMP_001474 test byte [ebp+0xffffff5f],0x2 jz near JUMP_001472 cmp dword [esi+0x50dc],byte +0x0 jz JUMP_001472 add edi,0x9e02 mov [ebp+0xffffff24],edi mov eax,0x9e01 cmp dword [ebp+0xffffff58],byte +0x0 jnz JUMP_001471 dec eax JUMP_001471: ; Pos = 1c3a0 mov [ebp+0xffffff1c],eax mov eax,[esi+0x50dc] movzx eax,byte [eax+0x86] mov [ebp+0xffffff20],eax mov eax,[esi+0x50dc] mov al,[eax+0x86] mov [esi+0x112],al mov dword [ebp+0xffffff34],0x9 mov eax,[ebp+0xffffff54] mov [ebp+0xffffff28],eax mov eax,[esi+0x50dc] mov [ebp+0xffffff38],eax lea eax,[ebp+0xffffff1c] push eax call FUNC_000349 pop ecx push byte +0x26 call FUNC_001906_SoundPlaySample pop ecx JUMP_001472: ; Pos = 1c402 test byte [ebp+0xffffff5f],0x1 jz JUMP_001474 mov eax,[esi+0x50dc] cmp dword [eax+0x82],byte +0x45 jz JUMP_001474 mov eax,[esi+0x50dc] cmp dword [eax+0x82],byte +0x4f jz JUMP_001474 or byte [DATA_008646],0x1 cmp byte [esi+0x3f63],0x0 jz JUMP_001473 push byte +0xe call FUNC_001902_SoundPlaySong pop ecx jmp short JUMP_001474 JUMP_001473: ; Pos = 1c443 call FUNC_001903_SoundStopSong JUMP_001474: ; Pos = 1c448 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000237: ; Pos = 1c44f push ebp mov ebp,esp push dword [ebp+0xc] push dword [ebp+0x8] movzx eax,word [DATA_008996] push eax call FUNC_000236 add esp,byte +0xc pop ebp ret FUNC_000238: ; Pos = 1c46a push ebp mov ebp,esp push ebx push esi mov esi,DATA_008804 cmp byte [DATA_008647],0x0 jnz near JUMP_001483 cmp dword [esi+0x50dc],byte +0x0 jz near JUMP_001483 mov eax,[esi+0x50dc] test byte [eax+0x14c],0x40 jnz near JUMP_001480 mov eax,[esi+0x50dc] cmp word [eax+0xdc],byte +0x0 jng near JUMP_001479 mov eax,[esi+0x50dc] cmp byte [eax+0xc9],0x0 jz JUMP_001476 mov eax,[esi+0x50dc] cmp byte [eax+0xca],0x0 jz JUMP_001475 mov eax,[esi+0x50dc] movsx eax,byte [eax+0xca] cmp eax,[esi+0xc0] jnz near JUMP_001483 JUMP_001475: ; Pos = 1c4ec mov eax,[esi+0x50dc] mov byte [eax+0xc9],0x1 mov eax,[esi+0x50dc] mov byte [eax+0xca],0x0 mov eax,[esi+0x50dc] mov word [eax+0xd8],0x0 jmp JUMP_001483 JUMP_001476: ; Pos = 1c51a mov ebx,0x1 JUMP_001477: ; Pos = 1c51f push byte +0x22 push ebx push dword [esi+0x50dc] call FUNC_000239 add esp,byte +0xc mov eax,[esi+0x50dc] dec word [eax+0xdc] mov ax,[eax+0xdc] test ax,ax jz JUMP_001478 dec ebx test ebx,ebx jnl JUMP_001477 JUMP_001478: ; Pos = 1c54e mov eax,[esi+0x50dc] mov byte [eax+0xc9],0xff mov byte [DATA_008647],0x1 mov eax,[esi+0x50dc] mov word [eax+0xde],0x0 jmp JUMP_001483 JUMP_001479: ; Pos = 1c576 mov eax,[esi+0x50dc] mov byte [eax+0xc9],0x1 and byte [DATA_008646],0xfe mov eax,[esi+0x50dc] mov word [eax+0xdc],0x0 jmp short JUMP_001483 JUMP_001480: ; Pos = 1c59b mov eax,[esi+0x50dc] cmp word [eax+0xde],byte +0x0 jnz JUMP_001481 mov byte [DATA_008647],0x1 jmp short JUMP_001483 JUMP_001481: ; Pos = 1c5b4 call near [DATA_007752] ; FUNC_001530 cmp eax,0x4000 jnc JUMP_001483 mov eax,[esi+0x50dc] dec word [eax+0xdc] mov ax,[eax+0xdc] test ax,ax jnl JUMP_001482 mov byte [DATA_008647],0xff and byte [DATA_008646],0xfe mov eax,[esi+0x50dc] mov word [eax+0xdc],0x0 jmp short JUMP_001483 JUMP_001482: ; Pos = 1c5f9 push byte +0x1 push byte +0x4 call near [DATA_007217] ; FUNC_000922 pop ecx push eax push dword [esi+0x50dc] call FUNC_000239 add esp,byte +0xc JUMP_001483: ; Pos = 1c613 pop esi pop ebx pop ebp ret FUNC_000239: ; Pos = 1c617 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov esi,[ebp+0x8] mov eax,[DATA_009133] mov [DATA_007758],eax lea eax,[ebp-0x18] push eax push dword [ebp+0xc] push esi call FUNC_000659 add esp,byte +0xc lea eax,[ebp-0x18] push eax call FUNC_000661 pop ecx mov ebx,eax test ebx,ebx jnz JUMP_001484 inc word [esi+0xdc] jmp JUMP_001489 JUMP_001484: ; Pos = 1c659 mov al,[ebp+0x10] mov [ebx+0xff],al test byte [esi+0x14c],0x20 jz JUMP_001485 lea eax,[esi+0x3e] push eax lea eax,[ebx+0x3e] push eax call FUNC_001661_Vec64Add add esp,byte +0x8 mov al,[esi+0x56] mov [ebx+0x56],al mov al,[esi+0x57] mov [ebx+0x57],al push esi mov edi,ebx mov ecx,0x9 rep movsd pop esi jmp short JUMP_001486 JUMP_001485: ; Pos = 1c694 mov al,[esi+0x86] mov [ebx+0x56],al mov byte [ebx+0x57],0x1 JUMP_001486: ; Pos = 1c6a1 test byte [esi+0x14c],0x20 jz JUMP_001487 test byte [esi+0x14c],0x40 jnz JUMP_001487 xor eax,eax mov [ebx+0x94],eax mov [ebx+0x90],eax mov [ebx+0x8c],eax jmp short JUMP_001488 JUMP_001487: ; Pos = 1c6c9 mov eax,[ebx+0x18] sar eax,0x15 mov [ebx+0x8c],eax mov eax,[ebx+0x1c] sar eax,0x15 mov [ebx+0x90],eax mov eax,[ebx+0x20] sar eax,0x15 mov [ebx+0x94],eax test byte [esi+0x14c],0x20 jz JUMP_001489 JUMP_001488: ; Pos = 1c6f6 mov eax,[ebx+0xc] sar eax,0x16 add [ebx+0x8c],eax mov eax,[ebx+0x10] sar eax,0x16 add [ebx+0x90],eax mov eax,[ebx+0x14] sar eax,0x16 add [ebx+0x94],eax JUMP_001489: ; Pos = 1c71a pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000240: ; Pos = 1c721 push ebp mov ebp,esp mov edx,[DATA_009155] shr edx,0x2 mov eax,[DATA_009092] movzx eax,word [eax+0xde] cmp byte [DATA_008647],0x0 jnl JUMP_001491 sub eax,edx test eax,eax jg JUMP_001490 mov byte [DATA_008647],0x0 mov eax,[DATA_009092] mov word [eax+0xde],0x0 pop ebp ret JUMP_001490: ; Pos = 1c75f mov edx,[DATA_009092] mov [edx+0xde],ax pop ebp ret JUMP_001491: ; Pos = 1c76e add eax,edx cmp eax,0xffff jl JUMP_001492 mov byte [DATA_008647],0x0 mov eax,[DATA_009092] mov word [eax+0xde],0xffff pop ebp ret JUMP_001492: ; Pos = 1c78e mov edx,[DATA_009092] mov [edx+0xde],ax pop ebp ret FUNC_000241: ; Pos = 1c79d push ebp mov ebp,esp push dword DATA_005037 push dword [ebp+0xc] mov eax,[ebp+0x8] and eax,0x1ff push eax push dword [ebp+0x10] call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret FUNC_000242: ; Pos = 1c7c0 push ebp mov ebp,esp xor eax,eax mov [DATA_009104],eax xor eax,eax mov [DATA_009105],eax pop ebp ret FUNC_000243: ; Pos = 1c7d4 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov eax,[ebp+0x8] mov eax,[eax] cmp eax,byte +0x10 jnz JUMP_001496 xor edi,edi mov eax,DATA_009108 jmp short JUMP_001495 JUMP_001493: ; Pos = 1c7f0 cmp byte [eax],0x0 jng JUMP_001494 cmp byte [eax-0x1],0xa jnl JUMP_001494 dec byte [eax] inc byte [eax-0x1] JUMP_001494: ; Pos = 1c800 inc edi add eax,byte +0x34 JUMP_001495: ; Pos = 1c804 cmp edi,[DATA_009104] jl JUMP_001493 jmp JUMP_001500 JUMP_001496: ; Pos = 1c811 cmp eax,byte +0x2 jnz near JUMP_001500 xor edi,edi mov ebx,DATA_009109 jmp JUMP_001499 JUMP_001497: ; Pos = 1c826 mov byte [ebx],0x0 mov eax,[DATA_008885] cmp eax,[ebx-0x1e] jnz near JUMP_001498 mov eax,[DATA_009133] mov [DATA_007758],eax lea eax,[ebp-0x4] push eax push byte +0x6e push byte +0xd mov eax,[DATA_008861] push eax mov eax,[DATA_007758] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov esi,eax test esi,esi jz JUMP_001498 mov byte [esi+0x87],0x11 mov byte [esi+0x118],0xf9 mov byte [esi+0xff],0x0 mov word [esi+0x9e],0xffff mov byte [esi+0x57],0x1 push esi push edi lea edi,[esi+0x3e] lea esi,[ebx-0x18] mov ecx,0x6 rep movsd pop edi pop esi mov al,[esi+0x86] mov [ebx],al lea eax,[edi+edi*2] lea eax,[edi+eax*4] shl eax,0x2 add eax,DATA_009106 push eax push esi mov eax,[DATA_009133] push eax call FUNC_000244 add esp,byte +0xc lea eax,[ebp-0x11] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x6] push eax lea eax,[ebp-0x5] push eax mov eax,[DATA_009133] push eax push esi call near [DATA_006140] ; FUNC_000568 add esp,byte +0x1c JUMP_001498: ; Pos = 1c8e2 inc edi add ebx,byte +0x34 JUMP_001499: ; Pos = 1c8e6 cmp edi,[DATA_009104] jl near JUMP_001497 JUMP_001500: ; Pos = 1c8f2 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000244: ; Pos = 1c8fc push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0xc] mov eax,[ebp+0x8] mov [DATA_007758],eax mov ebx,0x72 lea esi,[eax+0x72] JUMP_001501: ; Pos = 1c915 test byte [esi],0x20 jnz JUMP_001502 push ebx call near [DATA_007753] ; FUNC_001531 pop ecx mov edx,[ebp+0x10] push edx push edi push eax call FUNC_000245 add esp,byte +0xc JUMP_001502: ; Pos = 1c930 dec ebx dec esi test ebx,ebx jnl JUMP_001501 pop edi pop esi pop ebx pop ebp ret FUNC_000245: ; Pos = 1c93c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] lea eax,[ebx+0x124] mov edx,[ebp+0x10] add edx,byte +0x20 JUMP_001503: ; Pos = 1c94f mov cl,[eax] cmp cl,[edx] jnz JUMP_001504 test cl,cl jz JUMP_001505 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_001504 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_001503 JUMP_001504: ; Pos = 1c96b jnz JUMP_001506 JUMP_001505: ; Pos = 1c96d mov al,[ebx+0x86] mov edx,[ebp+0xc] mov [edx+0x56],al JUMP_001506: ; Pos = 1c979 pop ebx pop ebp ret FUNC_000246: ; Pos = 1c97c push ebp mov ebp,esp add esp,0xffffff54 push ebx push esi push edi mov edi,DATA_008804 call FUNC_000251 mov ebx,eax cmp ebx,byte -0x1 jz near JUMP_001524 mov eax,[DATA_009133] mov [DATA_007758],eax lea eax,[ebx+ebx*2] lea eax,[ebx+eax*4] cmp dword [edi+eax*4+0x5122],byte -0x1 jz JUMP_001507 mov dword [ebp-0x1c],0x6e jmp short JUMP_001508 JUMP_001507: ; Pos = 1c9c0 mov dword [ebp-0x1c],0x6f JUMP_001508: ; Pos = 1c9c7 lea eax,[ebp-0x4] push eax mov eax,[ebp-0x1c] push eax push byte +0xd mov eax,[edi+0xc8] push eax mov eax,[DATA_007758] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov esi,eax test esi,esi jz near JUMP_001524 mov byte [esi+0x87],0x11 mov byte [esi+0x118],0xf9 mov word [esi+0x9e],0x0 mov byte [esi+0xff],0x0 mov eax,[edi+0xc8] mov edx,[eax+0x18] sar edx,0xe mov ecx,[eax+0xc] sar ecx,0x10 sub edx,ecx mov [ebp-0x4c],edx mov edx,[eax+0x1c] sar edx,0xe mov ecx,[eax+0x10] sar ecx,0x10 sub edx,ecx mov [ebp-0x48],edx mov edx,[eax+0x20] sar edx,0xe mov eax,[eax+0x14] sar eax,0x10 sub edx,eax mov [ebp-0x44],edx lea eax,[ebp-0x4c] push eax push esi call near [DATA_007746] ; FUNC_001514 add esp,byte +0x8 lea eax,[ebp-0xf] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0xe] push eax lea eax,[ebp-0xd] push eax mov eax,[DATA_009133] push eax push esi call near [DATA_006140] ; FUNC_000568 add esp,byte +0x1c add dword [edi+0x118],byte +0x1e lea eax,[ebx+ebx*2] lea eax,[ebx+eax*4] mov edx,[edi+0x10a] mov [edi+eax*4+0x5122],edx lea eax,[ebx+ebx*2] lea eax,[ebx+eax*4] push esi push edi lea edi,[edi+eax*4+0x5128] add esi,byte +0x3e mov ecx,0x6 rep movsd pop edi pop esi lea eax,[ebx+ebx*2] lea eax,[ebx+eax*4] mov dl,[esi+0x86] mov [edi+eax*4+0x5140],dl lea eax,[ebx+ebx*2] lea eax,[ebx+eax*4] mov byte [edi+eax*4+0x5126],0x0 dec dword [edi+0x511e] mov eax,[DATA_009133] push eax mov eax,[edi+0xc8] movzx eax,byte [eax+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax xor eax,eax mov [ebp-0xc],eax xor eax,eax mov dx,[esi+0xe0] cmp dx,0x1d9 jng JUMP_001509 mov dword [ebp-0x8],0xa212 jmp JUMP_001523 JUMP_001509: ; Pos = 1cb13 cmp dx,byte +0x32 jnl JUMP_001510 mov dword [ebp-0x8],0xa213 jmp JUMP_001523 JUMP_001510: ; Pos = 1cb25 mov edx,[esi+0x82] sub edx,byte +0x7a jz JUMP_001511 add edx,byte -0x3 sub edx,byte +0x2 jc JUMP_001513 jz JUMP_001512 dec edx sub edx,byte +0x2 jc JUMP_001513 jmp short JUMP_001514 JUMP_001511: ; Pos = 1cb42 mov dword [ebp-0x8],0xa214 xor edx,edx mov [ebp-0xc],edx jmp JUMP_001523 JUMP_001512: ; Pos = 1cb53 mov eax,0x2 mov dword [ebp-0x8],0xa215 mov dword [ebp-0xc],0xffff jmp JUMP_001523 JUMP_001513: ; Pos = 1cb6b mov dword [ebp-0x8],0xa216 mov dword [ebp-0xc],0xffff jmp JUMP_001523 JUMP_001514: ; Pos = 1cb7e cmp word [esi+0xe0],0x107 jnl JUMP_001515 call near [DATA_007752] ; FUNC_001530 test al,0x1 jz JUMP_001515 mov eax,0x2 mov dword [ebp-0x8],0xa215 jmp JUMP_001523 JUMP_001515: ; Pos = 1cba4 lea eax,[ebp-0x40] push eax lea eax,[ebp-0x3c] push eax lea eax,[ebp-0x38] push eax lea eax,[ebp-0x34] push eax lea eax,[ebp-0x30] push eax lea eax,[ebp-0x2c] push eax lea eax,[ebp-0x28] push eax lea eax,[ebp-0x24] push eax mov eax,[edi+0x10a] push eax call FUNC_000869 add esp,byte +0x24 cmp dword [ebp-0x2c],byte +0x0 jnz JUMP_001516 mov al,0xa jmp short JUMP_001520 JUMP_001516: ; Pos = 1cbdd cmp dword [ebp-0x2c],byte +0x3 jnl JUMP_001517 mov al,0x9 jmp short JUMP_001520 JUMP_001517: ; Pos = 1cbe7 cmp dword [ebp-0x2c],byte +0xe jnl JUMP_001518 mov al,0x8 jmp short JUMP_001520 JUMP_001518: ; Pos = 1cbf1 cmp dword [ebp-0x2c],byte +0x1b jnl JUMP_001519 mov al,0x6 jmp short JUMP_001520 JUMP_001519: ; Pos = 1cbfb mov al,0x4 JUMP_001520: ; Pos = 1cbfd mov edx,0x3 cmp word [esi+0xa6],byte +0x1d jnl JUMP_001521 dec edx JUMP_001521: ; Pos = 1cc0d mov [ebp-0x20],edx movsx eax,al imul eax,[ebp-0x20] mov [ebp-0x20],eax mov eax,[ebp-0x20] push eax call near [DATA_007217] ; FUNC_000922 pop ecx mov [ebp-0x20],eax mov eax,[ebp-0x20] imul eax,[ebp-0x20] mov [ebp-0x20],eax sar dword [ebp-0x20],0x5 cmp dword [ebp-0x20],byte +0x1b jl JUMP_001522 mov dword [ebp-0x20],0x1a JUMP_001522: ; Pos = 1cc43 mov eax,[ebp-0x20] lea eax,[eax+eax*2] mov edx,[eax*4+DATA_005056] mov [ebp-0x8],edx mov edx,[eax*4+DATA_005057] mov [ebp-0xc],edx mov eax,[eax*4+DATA_005055] JUMP_001523: ; Pos = 1cc64 mov dl,[ebp-0xc] lea ecx,[ebx+ebx*2] lea ecx,[ebx+ecx*4] mov [edi+ecx*4+0x5127],dl lea edx,[ebx+ebx*2] lea edx,[ebx+edx*4] mov [edi+edx*4+0x5141],al mov dword [ebp-0x7c],0xa20c mov dword [ebp-0x64],0xffffffff lea eax,[ebp-0x7c] push eax call FUNC_000349 pop ecx movsx eax,word [esi+0xe0] add eax,0xfffffeef mov [ebp+0xffffff58],eax mov eax,[ebp-0x8] mov [ebp+0xffffff5c],eax mov dword [ebp+0xffffff54],0xa211 mov dword [ebp+0xffffff6c],0xffffffff lea eax,[ebp+0xffffff54] push eax call FUNC_000349 pop ecx push byte +0x14 add esi,0x124 push esi lea eax,[ebx+ebx*2] lea eax,[ebx+eax*4] shl eax,0x2 lea edx,[edi+0x5142] add eax,edx push eax call _strncpyfill add esp,byte +0xc mov byte [DATA_008649],0x16 push byte +0x0 push byte +0x4 call FUNC_000237 add esp,byte +0x8 JUMP_001524: ; Pos = 1cd0b pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000247: ; Pos = 1cd14 push ebp mov ebp,esp add esp,byte -0x34 push ebx push esi mov eax,[DATA_009133] push eax movsx eax,byte [DATA_009113] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax mov eax,[esi+0x82] cmp eax,byte +0x6e jz JUMP_001525 cmp eax,byte +0x6f jnz near JUMP_001534 JUMP_001525: ; Pos = 1cd49 xor eax,eax mov al,[esi+0x86] push eax call FUNC_000252 pop ecx mov [ebp-0x4],eax inc eax jz near JUMP_001534 cmp dword [esi+0x82],byte +0x6f jnz near JUMP_001530 mov eax,0x72 mov edx,[DATA_009133] lea ecx,[edx+0x977a] mov edx,[DATA_009133] add edx,byte +0x72 JUMP_001526: ; Pos = 1cd89 cmp byte [edx],0x0 jz JUMP_001527 cmp dword [ecx],byte +0x69 jz JUMP_001528 JUMP_001527: ; Pos = 1cd93 dec eax add ecx,0xfffffeae dec edx test eax,eax jg JUMP_001526 JUMP_001528: ; Pos = 1cd9f test eax,eax jng JUMP_001530 mov edx,eax lea eax,[edx+eax*4] lea eax,[edx+eax*4] lea eax,[edx+eax*8] mov edx,[DATA_009133] cmp byte [edx+eax*2+0xfc],0x8 jnl JUMP_001530 mov eax,[DATA_008889] sub eax,[DATA_008891] test eax,eax jng JUMP_001530 mov eax,0x5 mov edx,[DATA_008889] sub edx,[DATA_008891] cmp eax,edx jng JUMP_001529 mov eax,edx JUMP_001529: ; Pos = 1cde4 add [DATA_008891],eax add [DATA_008905],ax mov dword [ebp-0x34],0xa20f mov [ebp-0x30],eax mov dword [ebp-0x28],0x8e23 mov dword [ebp-0x1c],0xffffffff lea eax,[ebp-0x34] push eax call FUNC_000349 pop ecx JUMP_001530: ; Pos = 1ce13 mov edx,[ebp-0x4] mov eax,edx lea edx,[eax+edx*2] lea edx,[eax+edx*4] movsx eax,byte [edx*4+DATA_009107] test eax,eax jz JUMP_001532 mov ecx,0xa20f mov ebx,[DATA_008889] sub ebx,[DATA_008891] cmp ebx,eax jnl JUMP_001531 mov eax,ebx mov ecx,0xa210 JUMP_001531: ; Pos = 1ce46 add [DATA_008891],eax sub [edx*4+DATA_009107],al mov dl,[edx*4+DATA_009110] and edx,0xff mov dl,[edx+DATA_005058] xor ebx,ebx mov bl,dl add [ebx*2+DATA_008896],ax mov [ebp-0x34],ecx add ebx,0x8e00 mov [ebp-0x28],ebx mov dword [ebp-0x1c],0xffffffff lea eax,[ebp-0x34] push eax call FUNC_000349 pop ecx push byte +0x0 push byte +0x17 call FUNC_000148 add esp,byte +0x8 jmp short JUMP_001534 JUMP_001532: ; Pos = 1ce9d mov eax,[DATA_008889] sub eax,[DATA_008891] cmp eax,byte +0x1e jl JUMP_001533 mov byte [esi+0xff],0xff and word [DATA_008860],0xffef mov dword [ebp-0x34],0xa20d mov dword [ebp-0x1c],0xffffffff lea eax,[ebp-0x34] push eax call FUNC_000349 pop ecx jmp short JUMP_001534 JUMP_001533: ; Pos = 1ced7 mov dword [ebp-0x34],0x98e3 mov dword [ebp-0x1c],0xffffffff lea eax,[ebp-0x34] push eax call FUNC_000349 pop ecx JUMP_001534: ; Pos = 1ceef pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000248: ; Pos = 1cef8 push ebp mov ebp,esp inc dword [DATA_009105] inc dword [DATA_009104] cmp dword [ebp+0x8],byte +0x12 jnz JUMP_001535 mov eax,[DATA_009104] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov dword [eax*4+DATA_009094],0xffffffff pop ebp ret JUMP_001535: ; Pos = 1cf27 mov eax,[DATA_009104] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] xor edx,edx mov [eax*4+DATA_009094],edx pop ebp ret FUNC_000249: ; Pos = 1cf40 push ebp mov ebp,esp push ebx push esi push edi call FUNC_000251 mov ebx,eax cmp ebx,byte -0x1 jnz JUMP_001536 xor eax,eax jmp short JUMP_001539 JUMP_001536: ; Pos = 1cf56 lea eax,[ebx+ebx*2] lea eax,[ebx+eax*4] lea eax,[eax*4+DATA_009112] cmp ebx,byte +0x8 jnl JUMP_001538 JUMP_001537: ; Pos = 1cf68 mov esi,eax lea edi,[eax-0x34] mov ecx,0xd rep movsd inc ebx add eax,byte +0x34 cmp ebx,byte +0x8 jl JUMP_001537 JUMP_001538: ; Pos = 1cf7d dec dword [DATA_009104] dec dword [DATA_009105] or eax,byte -0x1 JUMP_001539: ; Pos = 1cf8c pop edi pop esi pop ebx pop ebp ret FUNC_000250: ; Pos = 1cf94 push ebp mov ebp,esp jmp short JUMP_001541 JUMP_001540: ; Pos = 1cf99 call FUNC_000249 JUMP_001541: ; Pos = 1cf9e cmp dword [DATA_009105],byte +0x0 jnz JUMP_001540 pop ebp ret FUNC_000251: ; Pos = 1cfac mov edx,[DATA_009104] dec edx lea eax,[edx+edx*2] lea eax,[edx+eax*4] lea eax,[eax*4+DATA_009106] test edx,edx jl JUMP_001545 JUMP_001542: ; Pos = 1cfc4 mov ecx,[eax] test ecx,ecx jz JUMP_001543 inc ecx jnz JUMP_001544 JUMP_001543: ; Pos = 1cfcd mov eax,edx ret JUMP_001544: ; Pos = 1cfd0 dec edx add eax,byte -0x34 test edx,edx jnl JUMP_001542 JUMP_001545: ; Pos = 1cfd8 or eax,byte -0x1 ret FUNC_000252: ; Pos = 1cfdc push ebp mov ebp,esp push ebx mov ecx,[ebp+0x8] mov eax,[DATA_009104] dec eax lea edx,[eax+eax*2] lea edx,[eax+edx*4] lea edx,[edx*4+DATA_009109] test eax,eax jl JUMP_001547 JUMP_001546: ; Pos = 1cffa movsx ebx,byte [edx] cmp ecx,ebx jz JUMP_001548 dec eax add edx,byte -0x34 test eax,eax jnl JUMP_001546 JUMP_001547: ; Pos = 1d009 or eax,byte -0x1 JUMP_001548: ; Pos = 1d00c pop ebx pop ebp ret nop FUNC_000253: ; Pos = 1d010 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov ebx,[ebp+0x8] mov edi,DATA_008804 cmp byte [ebx+0xff],0x0 jnz JUMP_001552 movzx eax,word [ebx+0x9e] mov edx,[DATA_009155] shr edx,0x2 add eax,edx cmp eax,0xffff jg JUMP_001549 mov [ebx+0x9e],ax jmp short JUMP_001550 JUMP_001549: ; Pos = 1d04c mov word [ebx+0x9e],0xffff JUMP_001550: ; Pos = 1d055 cmp byte [ebx+0x88],0x5 jg near JUMP_001556 cmp byte [edi+0xe8],0x34 jnz near JUMP_001556 mov al,[ebx+0x86] mov [edi+0x532a],al movzx eax,word [edi+0xc6] cmp eax,byte +0x1 sbb eax,eax neg eax test al,0x10 jz JUMP_001551 push byte +0x0 push byte +0x17 call FUNC_000148 add esp,byte +0x8 JUMP_001551: ; Pos = 1d099 or word [edi+0xc6],byte +0x10 jmp JUMP_001556 JUMP_001552: ; Pos = 1d0a6 movzx eax,word [ebx+0x9e] mov edx,[DATA_009155] shr edx,0x2 sub eax,edx test eax,eax jl JUMP_001553 mov [ebx+0x9e],ax jmp JUMP_001556 JUMP_001553: ; Pos = 1d0c8 mov word [ebx+0x9e],0x0 xor eax,eax mov al,[ebx+0x86] push eax call FUNC_000252 pop ecx mov esi,eax cmp esi,byte -0x1 jz near JUMP_001556 cmp dword [ebx+0x82],byte +0x6f jnz JUMP_001554 lea eax,[esi+esi*2] lea eax,[esi+eax*4] mov dword [edi+eax*4+0x5122],0xffffffff jmp short JUMP_001555 JUMP_001554: ; Pos = 1d107 lea eax,[esi+esi*2] lea eax,[esi+eax*4] xor edx,edx mov [edi+eax*4+0x5122],edx JUMP_001555: ; Pos = 1d116 inc dword [edi+0x511e] sub dword [edi+0x118],byte +0x1e mov dword [ebp-0x30],0xa20e mov dword [ebp-0x18],0xffffffff lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx mov dword [ebx+0x82],0x9e push ebx call near [DATA_007218] ; FUNC_000925 pop ecx push byte +0x0 push byte +0x17 call FUNC_000148 add esp,byte +0x8 mov eax,[edi+0x511e] cmp eax,[edi+0x511a] jnz JUMP_001556 mov byte [DATA_008649],0x0 JUMP_001556: ; Pos = 1d16e pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000254: ; Pos = 1d178 push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax+0x8] push eax call FUNC_000253 pop ecx pop ebp ret FUNC_000255: ; Pos = 1d18c push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x8] cmp dword [esi+0x82],byte +0x6e jnz JUMP_001559 xor eax,eax mov al,[esi+0x86] push eax call FUNC_000252 pop ecx mov ebx,eax cmp ebx,byte -0x1 jz JUMP_001559 lea eax,[ebx+ebx*2] lea eax,[ebx+eax*4] lea eax,[eax*4+DATA_009112] jmp short JUMP_001558 JUMP_001557: ; Pos = 1d1c3 mov esi,eax lea edi,[eax-0x34] mov ecx,0xd rep movsd inc ebx add eax,byte +0x34 JUMP_001558: ; Pos = 1d1d3 mov edx,[DATA_009104] dec edx cmp ebx,edx jl JUMP_001557 dec dword [DATA_009104] push byte +0x0 push byte +0x17 call FUNC_000148 add esp,byte +0x8 mov eax,[DATA_009105] cmp eax,[DATA_009104] jnz JUMP_001559 mov byte [DATA_008649],0x0 JUMP_001559: ; Pos = 1d204 pop edi pop esi pop ebx pop ebp ret FUNC_000256: ; Pos = 1d20c push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [eax],byte +0x0 jnz JUMP_001560 mov eax,[eax+0x4] push eax call FUNC_000255 pop ecx JUMP_001560: ; Pos = 1d221 pop ebp ret nop FUNC_000257: ; Pos = 1d224 push ebp mov ebp,esp push dword DATA_005053 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] and eax,0x1ff push eax mov eax,[ebp+0x10] push eax call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret FUNC_000258: ; Pos = 1d248 push ebp mov ebp,esp mov eax,[ebp+0x8] sub eax,byte +0x3 jz JUMP_001561 sub eax,byte +0xc jz JUMP_001561 pop ebp ret JUMP_001561: ; Pos = 1d25a cmp byte [DATA_008810],0x0 pop ebp ret FUNC_000259: ; Pos = 1d264 push ebp mov ebp,esp push ebx push esi mov esi,DATA_008683 mov al,[ebp+0x8] and al,0xff cmp al,0x1 jnz near JUMP_001565 xor eax,eax mov [DATA_008941],eax mov edx,DATA_008672 mov eax,DATA_005095 jmp short JUMP_001563 JUMP_001562: ; Pos = 1d28e mov [edx],ecx add edx,byte +0x4 add eax,byte +0x4 JUMP_001563: ; Pos = 1d296 mov ecx,[eax] cmp ecx,byte -0x1 jnz JUMP_001562 mov dword [esi],0x43 mov dword [esi+0x4],0x11 mov dword [esi+0x8],0x73 mov dword [esi+0xc],0x73 mov dword [esi+0x10],0x10 mov dword [esi+0x14],0x10 mov dword [esi+0x18],0x5f mov dword [esi+0x1c],0x5f mov dword [esi+0x20],0x5f mov dword [esi+0x24],0x12 mov dword [esi+0x28],0x12 mov dword [esi+0x2c],0x12 mov dword [esi+0x30],0x8 mov dword [esi+0x34],0x9 mov dword [esi+0x38],0xa mov dword [esi+0x3c],0xb mov dword [esi+0x40],0xc mov dword [esi+0x44],0xd mov dword [esi+0x48],0xe call FUNC_001576 mov ebx,0x37 JUMP_001564: ; Pos = 1d32b push ebx call FUNC_000263_ConsoleShowButton pop ecx inc ebx cmp ebx,byte +0x39 jng JUMP_001564 JUMP_001565: ; Pos = 1d338 xor ebx,ebx mov eax,DATA_008681 JUMP_001566: ; Pos = 1d33f mov byte [eax],0x0 inc ebx add eax,0x40e cmp ebx,byte +0xa jl JUMP_001566 xor eax,eax mov [DATA_005096],eax xor eax,eax mov [DATA_005097],eax xor eax,eax mov [DATA_005098],eax xor eax,eax mov [DATA_005099],eax mov dword [DATA_005094],0xffffffff pop esi pop ebx pop ebp ret FUNC_000260: ; Pos = 1d378 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] mov edx,[ebp+0xc] mov ebx,[ebp+0x8] cmp ebx,byte +0x2 jl JUMP_001568 cmp ebx,byte +0x3 jz JUMP_001567 push esi call FUNC_000269 pop ecx JUMP_001567: ; Pos = 1d397 cmp ebx,byte +0x4 jz JUMP_001573 call FUNC_000268 jmp short JUMP_001573 JUMP_001568: ; Pos = 1d3a3 mov eax,[DATA_008941] mov ecx,esi mov [DATA_008942],cl test eax,eax jz JUMP_001570 cmp edx,eax jz JUMP_001570 test ebx,ebx jnz JUMP_001569 xor edx,edx mov [DATA_008941],edx push byte +0x1 push byte +0x8 push eax call FUNC_000144 add esp,byte +0xc jmp short JUMP_001572 JUMP_001569: ; Pos = 1d3d3 push byte -0x1 push byte +0x8 push eax call FUNC_000144 add esp,byte +0xc jmp short JUMP_001572 JUMP_001570: ; Pos = 1d3e2 test ebx,ebx jz JUMP_001571 mov [DATA_008941],edx jmp short JUMP_001572 JUMP_001571: ; Pos = 1d3ee xor eax,eax mov [DATA_008941],eax JUMP_001572: ; Pos = 1d3f5 call FUNC_000272 call FUNC_001576 JUMP_001573: ; Pos = 1d3ff pop esi pop ebx pop ebp ret ; struct ConButton { ; long xpos; ; long ypos; ; long bmpindex[10]; ; long visible; ; long curindex; ; word unused; ; long radioID; ; }; ; void F261 (void) ; Renders console buttons in D5100+4 to buffer FUNC_000261_ConsoleDrawButtons: ; Pos = 1d404 push ebp mov ebp,esp push ebx push esi xor esi,esi mov ebx,DATA_005101 JUMP_001574: ; Pos = 1d410 test byte [ebx],0x1 jz JUMP_001575 mov eax,[ebx-0x2c] push eax mov eax,[ebx-0x30] push eax mov eax,[ebx+0x4] lea eax,[ebx+eax*4-0x30] mov edx,[DATA_005100] mov eax,[eax+edx*4+0x8] push eax call FUNC_001621_BlitIndexToBuf add esp,byte +0xc JUMP_001575: ; Pos = 1d437 inc esi add ebx,byte +0x3e cmp esi,byte +0x52 jl JUMP_001574 pop esi pop ebx pop ebp ret ; void F262 (int buttonindex, int imageindex) ; Sets curindex of ConButton (D5100+4)[i] ; Switches all radioID matches to image 0 FUNC_000262_ConsoleSetButtonImage: ; Pos = 1d444 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov eax,ebx shl eax,0x5 sub eax,ebx mov ecx,[eax*2+DATA_005103] mov eax,[eax*2+DATA_005102] cmp eax,[ebp+0xc] jz JUMP_001579 cmp dword [ebp+0xc],byte +0x0 jz JUMP_001578 xor edx,edx mov eax,DATA_005103 JUMP_001576: ; Pos = 1d473 cmp ecx,[eax] jnz JUMP_001577 xor esi,esi mov [eax-0x6],esi JUMP_001577: ; Pos = 1d47c inc edx add eax,byte +0x3e cmp edx,byte +0x52 jl JUMP_001576 JUMP_001578: ; Pos = 1d485 mov eax,ebx shl eax,0x5 sub eax,ebx mov edx,[ebp+0xc] mov [eax*2+DATA_005102],edx JUMP_001579: ; Pos = 1d496 pop esi pop ebx pop ebp ret ; void F263 (int buttonindex) ; Makes specified ConButton visible FUNC_000263_ConsoleShowButton: ; Pos = 1d49c push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,eax shl edx,0x5 sub edx,eax test byte [edx*2+DATA_005101],0x1 jnz JUMP_001580 or dword [edx*2+DATA_005101],byte +0x1 JUMP_001580: ; Pos = 1d4bb pop ebp ret ; void F264 (int buttonindex) ; Makes specified ConButton hidden FUNC_000264_ConsoleHideButton: ; Pos = 1d4c0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,eax shl edx,0x5 sub edx,eax test byte [edx*2+DATA_005101],0x1 jz JUMP_001581 and dword [edx*2+DATA_005101],byte -0x2 JUMP_001581: ; Pos = 1d4df pop ebp ret FUNC_000265: ; Pos = 1d4fc push ebp mov ebp,esp mov eax,[ebp+0x8] push eax push byte +0x0 push byte +0x0 call FUNC_000260 add esp,byte +0xc pop ebp ret FUNC_000266: ; Pos = 1d514 push ebp mov ebp,esp call FUNC_000268 mov eax,[ebp+0x8] push eax call FUNC_000269 pop ecx pop ebp ret FUNC_000267: ; Pos = 1d534 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000269 pop ecx pop ebp ret FUNC_000268: ; Pos = 1d544 ret FUNC_000269: ; Pos = 1d558 push ebp mov ebp,esp mov edx,DATA_008804 mov eax,[ebp+0x8] mov [DATA_008676],eax test byte [edx+0xe9],0x1 jz JUMP_001582 mov dword [DATA_008675],0x8619 pop ebp ret JUMP_001582: ; Pos = 1d57d mov al,[edx+0xe8] cmp al,0x2 jnz JUMP_001583 mov dword [DATA_008675],0x8618 pop ebp ret JUMP_001583: ; Pos = 1d593 cmp al,0x30 jnz JUMP_001584 mov dword [DATA_008675],0x8617 pop ebp ret JUMP_001584: ; Pos = 1d5a3 cmp al,0x2a jnz JUMP_001585 mov dword [DATA_008675],0x8616 pop ebp ret JUMP_001585: ; Pos = 1d5b3 cmp al,0x34 jnz JUMP_001586 mov dword [DATA_008675],0x8615 pop ebp ret JUMP_001586: ; Pos = 1d5c3 cmp al,0x24 jnz JUMP_001587 mov dword [DATA_008675],0x8614 pop ebp ret JUMP_001587: ; Pos = 1d5d3 mov dword [DATA_008675],0x8613 pop ebp ret FUNC_000270: ; Pos = 1d5e0 push ebp mov ebp,esp mov eax,[DATA_008861] movsx edx,byte [eax+0xd0] mov edx,[edx*4+DATA_005089] mov eax,[eax+0x11e] shr eax,0x10 imul edx,eax shr edx,0x8 and edx,0xffff mov eax,edx cmp eax,0x2000 jnc JUMP_001588 test byte [DATA_008805],0x80 jz JUMP_001588 mov eax,0xffff JUMP_001588: ; Pos = 1d622 push byte -0x1 push byte -0x1 shl eax,0x2 lea eax,[eax+eax*2] shr eax,0x10 mov edx,0xad sub edx,eax push edx push byte +0x0 push dword 0xa1 push dword 0xf9 push dword 0x113 call FUNC_001622_BlitClipIndexToBuf add esp,byte +0x1c push byte -0x1 push byte -0x1 mov eax,[DATA_008861] movzx eax,word [eax+0xea] shl eax,0x2 lea eax,[eax+eax*2] sar eax,0x10 mov edx,0xad sub edx,eax push edx push byte +0x0 push dword 0xa1 push dword 0xf2 push dword 0x112 call FUNC_001622_BlitClipIndexToBuf add esp,byte +0x1c push byte -0x1 push byte -0x1 mov eax,[DATA_008921] shl eax,0x2 lea eax,[eax+eax*2] sar eax,0x10 mov edx,0xad sub edx,eax push edx push byte +0x0 push dword 0xa1 push dword 0xed push dword 0x111 call FUNC_001622_BlitClipIndexToBuf add esp,byte +0x1c pop ebp ret FUNC_000271: ; Pos = 1d6c0 push ebp mov ebp,esp add esp,0xfffffc00 push ebx push esi push edi mov esi,[ebp+0x8] test esi,esi jz near JUMP_001597 xor ebx,ebx push esi mov edi,esi lea esi,[ebp+0xfffffc00] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi push byte +0x78 lea eax,[ebp+0xfffffc00] push eax call near [DATA_007643] ; FUNC_001398_StringWrap add esp,byte +0x8 lea eax,[ebp+0xfffffc00] jmp short JUMP_001591 JUMP_001589: ; Pos = 1d71a cmp dl,0xd jnz JUMP_001590 inc ebx JUMP_001590: ; Pos = 1d720 inc eax JUMP_001591: ; Pos = 1d721 mov dl,[eax] test dl,dl jnz JUMP_001589 mov eax,[DATA_005099] mov edx,eax shl eax,0x6 add eax,edx shl eax,0x3 sub eax,edx add eax,eax add eax,DATA_008681 push esi mov edi,esi mov esi,eax xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi mov ecx,[DATA_005099] mov eax,ecx shl ecx,0x6 add ecx,eax shl ecx,0x3 sub ecx,eax mov eax,[ebp+0x10] mov [ecx*2+DATA_008682],eax mov al,[ebp+0xc] mov [ecx*2+DATA_008680],al mov eax,[DATA_008807] mov [ecx*2+DATA_008678],eax mov eax,[DATA_008804] mov [ecx*2+DATA_008679],eax mov edi,[DATA_005099] mov esi,edi mov [DATA_005098],esi mov eax,esi inc eax mov esi,0xa cdq idiv esi mov [DATA_005097],edx test byte [ecx*2+DATA_008682],0x1 jnz JUMP_001592 mov eax,edi inc eax mov ecx,0xa cdq idiv ecx mov [DATA_005099],edx mov dword [DATA_005094],0xffffffff jmp short JUMP_001593 JUMP_001592: ; Pos = 1d7e7 mov [DATA_005094],ebx JUMP_001593: ; Pos = 1d7ed mov eax,ebx shl eax,0x3 add eax,byte -0x18 sub eax,[DATA_005096] test eax,eax jng JUMP_001594 mov eax,ebx shl eax,0x3 add eax,byte -0x18 sub eax,[DATA_005096] jmp short JUMP_001595 JUMP_001594: ; Pos = 1d80f mov eax,ebx shl eax,0x3 add eax,byte -0x18 sub eax,[DATA_005096] neg eax JUMP_001595: ; Pos = 1d81f mov [DATA_005092],eax or eax,byte -0x1 shl ebx,0x3 add ebx,byte -0x18 cmp ebx,[DATA_005096] jl JUMP_001596 add eax,byte +0x2 JUMP_001596: ; Pos = 1d838 mov [DATA_008677],eax mov eax,[DATA_008799] mov [DATA_005093],eax jmp short JUMP_001599 JUMP_001597: ; Pos = 1d849 mov ecx,[DATA_005099] mov eax,ecx shl ecx,0x6 add ecx,eax shl ecx,0x3 sub ecx,eax test byte [ecx*2+DATA_008682],0x1 jz JUMP_001599 dec dword [DATA_005098] cmp dword [DATA_005098],byte -0x1 jnz JUMP_001598 mov dword [DATA_005098],0x9 JUMP_001598: ; Pos = 1d87e mov eax,[DATA_005098] inc eax mov ebx,0xa cdq idiv ebx mov [DATA_005097],edx xor eax,eax mov [ecx*2+DATA_008682],eax mov byte [ecx*2+DATA_008681],0x0 mov dword [DATA_005094],0xffffffff JUMP_001599: ; Pos = 1d8ad pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000272: ; Pos = 1d8b4 push ebp mov ebp,esp push eax mov eax,0x2 JUMP_001600: ; Pos = 1d8bd add esp,0xfffff004 push eax dec eax jnz JUMP_001600 mov eax,[ebp-0x4] add esp,0xfffff570 push ebx push esi push edi xor edi,edi lea ebx,[ebp+0xffffd66c] lea ecx,[ebp+0xffffd56c] push byte +0x1 mov eax,[DATA_008807] push eax push ecx call FUNC_001358_StringConvertDate add esp,byte +0xc mov ecx,eax mov byte [ecx-0x1],0x20 mov eax,[DATA_008804] push eax push ecx call FUNC_001363_StringConvertTime add esp,byte +0x8 mov byte [ebx],0x1 inc ebx mov byte [ebx],0x4 inc ebx push edi mov esi,ebx lea edi,[ebp+0xffffd56c] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop edi lea eax,[ebp+0xffffd56c] push eax call _strlen pop ecx add ebx,eax mov byte [ebx],0xd inc ebx mov byte [ebx],0x0 mov esi,[DATA_005098] inc esi mov dword [ebp-0x4],0x1 cmp byte [DATA_008810],0x0 jz near JUMP_001611 JUMP_001601: ; Pos = 1d967 lea ecx,[ebp+0xffffd56c] dec esi test esi,esi jnl JUMP_001602 mov esi,0x9 JUMP_001602: ; Pos = 1d977 mov eax,esi push ecx mov ecx,0xa cdq idiv ecx pop ecx mov eax,edx shl eax,0x6 add eax,edx shl eax,0x3 sub eax,edx cmp byte [eax*2+DATA_008681],0x0 jz near JUMP_001604 mov eax,esi push ecx mov ecx,0xa cdq idiv ecx pop ecx mov eax,edx shl eax,0x6 add eax,edx shl eax,0x3 sub eax,edx test byte [eax*2+DATA_008682],0x1 jnz near JUMP_001603 cmp dword [ebp-0x4],byte +0x0 jnz near JUMP_001603 mov byte [ebx],0x1 inc ebx mov byte [ebx],0x4 inc ebx push byte +0x1 mov eax,esi push ecx mov ecx,0xa cdq idiv ecx pop ecx mov eax,edx shl eax,0x6 add eax,edx shl eax,0x3 sub eax,edx mov eax,[eax*2+DATA_008678] push eax push ecx call FUNC_001358_StringConvertDate add esp,byte +0xc mov ecx,eax mov byte [ecx-0x1],0x20 mov eax,esi push ecx mov ecx,0xa cdq idiv ecx pop ecx mov eax,edx shl eax,0x6 add eax,edx shl eax,0x3 sub eax,edx mov eax,[eax*2+DATA_008679] push eax push ecx call FUNC_001363_StringConvertTime add esp,byte +0x8 push esi push edi mov esi,ebx lea edi,[ebp+0xffffd56c] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop edi pop esi lea eax,[ebp+0xffffd56c] push eax call _strlen pop ecx add ebx,eax mov byte [ebx],0xd inc ebx JUMP_001603: ; Pos = 1da6b mov byte [ebx],0x1 inc ebx mov byte [ebx],0x6 inc ebx mov eax,esi mov ecx,0xa cdq idiv ecx mov eax,edx shl eax,0x6 add eax,edx shl eax,0x3 sub eax,edx add eax,eax add eax,DATA_008681 push esi push edi mov edi,eax mov esi,ebx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop edi pop esi mov eax,esi mov ecx,0xa cdq idiv ecx mov eax,edx shl eax,0x6 add eax,edx shl eax,0x3 sub eax,edx add eax,eax add eax,DATA_008681 push eax call _strlen pop ecx add ebx,eax mov byte [ebx],0xd inc ebx xor eax,eax mov [ebp-0x4],eax JUMP_001604: ; Pos = 1dae6 mov byte [ebx],0x0 cmp esi,[DATA_005097] jnz near JUMP_001601 push dword 0x9e push byte +0x0 push byte +0x2b call FUNC_001621_BlitIndexToBuf add esp,byte +0xc push dword 0xaf push byte +0x65 mov eax,[DATA_005090] add eax,0xfe push eax call FUNC_001621_BlitIndexToBuf add esp,byte +0xc call FUNC_000261_ConsoleDrawButtons call FUNC_000270 mov eax,[DATA_008861] test byte [eax+0xca],0x4 jz JUMP_001605 call FUNC_000274 JUMP_001605: ; Pos = 1db3d push byte +0x7c lea eax,[ebp+0xffffd66c] push eax call near [DATA_007643] ; FUNC_001398_StringWrap add esp,byte +0x8 lea ebx,[ebp+0xffffd66c] jmp short JUMP_001608 JUMP_001606: ; Pos = 1db57 cmp al,0xd jnz JUMP_001607 inc edi JUMP_001607: ; Pos = 1db5c inc ebx JUMP_001608: ; Pos = 1db5d mov al,[ebx] test al,al jnz JUMP_001606 mov eax,0x9f sub eax,[DATA_005096] mov [DATA_008684],eax mov [DATA_008685],edi xor edx,edx mov [DATA_007778],edx xor edx,edx mov [DATA_007779],edx xor edx,edx mov [DATA_007780],edx xor edx,edx mov [DATA_007781],edx xor edx,edx mov [DATA_007782],edx push byte +0x8 push byte -0x1 push dword 0x9e push byte +0x0 push eax push dword 0xc4 lea eax,[ebp+0xffffd66c] push eax call FUNC_001586_TextWriteDetailed add esp,byte +0x1c mov dword [DATA_007778],0x10 mov dword [DATA_007779],0x5f mov dword [DATA_007780],0x11 mov dword [DATA_007781],0xf mov dword [DATA_007782],0x43 push byte +0x8 push byte -0x1 push dword 0x9e push byte +0x4 mov eax,[DATA_008684] dec eax push eax push dword 0xc3 lea eax,[ebp+0xffffd66c] push eax call FUNC_001586_TextWriteDetailed add esp,byte +0x1c movsx eax,byte [DATA_008809] test ah,0x1 jnz near JUMP_001611 call FUNC_001882_FlipScreenLow ; Big mod JUMP_001611: ; Pos = 1dcbf pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000273: ; Pos = 1dd74 push ebp mov ebp,esp push ebx movzx eax,word [DATA_008933] sar eax,0x9 and eax,byte +0x7 mov [DATA_005090],eax cmp dword [DATA_005092],byte +0x0 jz JUMP_001612 dec dword [DATA_005092] mov eax,[DATA_008677] add [DATA_005096],eax JUMP_001612: ; Pos = 1dda4 cmp dword [DATA_005092],byte +0x0 jz JUMP_001613 dec dword [DATA_005092] mov eax,[DATA_008677] add [DATA_005096],eax JUMP_001613: ; Pos = 1ddbe call near [DATA_007672] ; FUNC_001414_GuiGetLastAction xor ebx,ebx mov bl,al test ebx,ebx jz near JUMP_001622 mov eax,ebx sub eax,byte +0xe jz JUMP_001618 dec eax jz JUMP_001614 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx jmp JUMP_001622 JUMP_001614: ; Pos = 1dde7 cmp dword [DATA_005092],byte +0x0 jnz JUMP_001617 mov eax,[DATA_008685] shl eax,0x3 add eax,byte -0x8 cmp eax,[DATA_005096] jng JUMP_001617 mov eax,[DATA_008685] shl eax,0x3 add eax,byte -0x8 sub eax,[DATA_005096] cmp eax,byte +0x20 jnl JUMP_001615 mov eax,[DATA_008685] shl eax,0x3 add eax,byte -0x8 sub eax,[DATA_005096] jmp short JUMP_001616 JUMP_001615: ; Pos = 1de2c mov eax,0x18 JUMP_001616: ; Pos = 1de31 mov [DATA_005092],eax mov dword [DATA_008677],0x1 JUMP_001617: ; Pos = 1de40 mov eax,[DATA_008799] mov [DATA_005093],eax jmp short JUMP_001622 JUMP_001618: ; Pos = 1de4c cmp dword [DATA_005092],byte +0x0 jnz JUMP_001621 cmp dword [DATA_005096],byte -0x18 jng JUMP_001621 cmp dword [DATA_005096],byte +0x0 jnl JUMP_001619 mov eax,[DATA_005096] add eax,byte +0x20 jmp short JUMP_001620 JUMP_001619: ; Pos = 1de71 mov eax,0x20 JUMP_001620: ; Pos = 1de76 mov [DATA_005092],eax mov dword [DATA_008677],0xffffffff JUMP_001621: ; Pos = 1de85 mov eax,[DATA_008799] mov [DATA_005093],eax JUMP_001622: ; Pos = 1de8f mov eax,[DATA_008799] sub eax,[DATA_005093] cmp eax,0x3cae6 jna JUMP_001626 mov eax,[DATA_005094] shl eax,0x3 add eax,byte -0x18 cmp eax,[DATA_005096] jz JUMP_001626 mov eax,[DATA_005096] add eax,byte +0x18 mov edx,[DATA_005094] shl edx,0x3 sub eax,edx test eax,eax jng JUMP_001623 mov eax,[DATA_005096] add eax,byte +0x18 mov edx,[DATA_005094] shl edx,0x3 sub eax,edx jmp short JUMP_001624 JUMP_001623: ; Pos = 1dee0 mov eax,[DATA_005096] add eax,byte +0x18 mov edx,[DATA_005094] shl edx,0x3 sub eax,edx neg eax JUMP_001624: ; Pos = 1def5 mov [DATA_005092],eax or eax,byte -0x1 mov edx,[DATA_005094] shl edx,0x3 add edx,byte -0x18 cmp edx,[DATA_005096] jl JUMP_001625 add eax,byte +0x2 JUMP_001625: ; Pos = 1df14 mov [DATA_008677],eax JUMP_001626: ; Pos = 1df19 call FUNC_000272 pop ebx pop ebp ret FUNC_000274: ; Pos = 1df24 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi mov esi,DATA_009133 mov eax,[DATA_008861] cmp byte [eax+0x57],0x0 jz JUMP_001627 push eax call near [DATA_007804] ; FUNC_001679 pop ecx JUMP_001627: ; Pos = 1df44 mov eax,[DATA_008861] push eax lea eax,[ebp-0x18] push eax call near [DATA_007802] ; FUNC_001677 add esp,byte +0x8 mov ebx,0x72 JUMP_001628: ; Pos = 1df5c mov edx,[esi] mov al,[edx+ebx] test al,0x8 jz JUMP_001629 mov ecx,[esi] test al,0x20 jnz JUMP_001629 mov eax,[DATA_008861] xor ecx,ecx mov cl,[eax+0x86] push ecx movzx eax,byte [eax+0x56] push eax lea eax,[ebx+ebx*4] lea eax,[ebx+eax*4] lea eax,[ebx+eax*8] add eax,eax add eax,edx add eax,byte +0x74 push eax call FUNC_000275 add esp,byte +0xc JUMP_001629: ; Pos = 1df97 dec ebx test ebx,ebx jg JUMP_001628 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000275: ; Pos = 1dfb0 push ebp mov ebp,esp add esp,byte -0x2c push ebx push esi push edi mov eax,[ebp+0xc] mov ebx,[ebp+0x8] lea edi,[ebp-0x14] xor edx,edx mov dl,[ebx+0x56] cmp eax,edx jz JUMP_001630 xor edx,edx mov dl,[ebx+0x86] cmp eax,edx jnz near JUMP_001640 JUMP_001630: ; Pos = 1dfdb xor eax,eax mov al,[ebx+0x86] cmp eax,[ebp+0x10] jz near JUMP_001640 test byte [ebx+0x14c],0x20 jnz near JUMP_001640 mov eax,[DATA_008861] push eax push ebx lea eax,[ebp-0x2c] push eax call near [DATA_007803] ; FUNC_001678 add esp,byte +0xc push byte +0x1c lea eax,[ebp-0x2c] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 test eax,eax jg near JUMP_001640 mov ecx,[DATA_008861] mov eax,[DATA_008861] cmp byte [eax+0x57],0x0 jz JUMP_001631 cmp byte [ebx+0x57],0x0 jnz JUMP_001631 mov dl,[eax+0x56] cmp dl,[ebx+0x86] jz JUMP_001631 mov ecx,eax add ecx,byte +0x5a JUMP_001631: ; Pos = 1e04a mov eax,[ebp-0x2c] mov esi,0x131 cdq idiv esi mov [edi],eax mov eax,[ebp-0x24] mov esi,0x131 cdq idiv esi mov [edi+0x4],eax mov eax,[ebp-0x1c] mov esi,0x131 cdq idiv esi mov [edi+0x8],eax push ecx push edi push edi call FUNC_001670_VecMatTMul add esp,byte +0xc push edi call FUNC_001466 pop ecx mov esi,eax mov dword [ebp-0x4],0xf mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx cmp dword [eax+0x38],byte +0x0 jz JUMP_001632 mov edx,[eax+0x38] mov dx,[edx+0x6] cmp dx,0x12c jnl JUMP_001632 test dx,dx jl JUMP_001632 movsx eax,dx sar eax,0x4 mov eax,[eax*4+DATA_008683] mov [ebp-0x4],eax JUMP_001632: ; Pos = 1e0c5 cmp esi,0x50000 jg near JUMP_001640 cmp esi,0x10000 jng JUMP_001633 push dword 0x10000 mov ebx,esi push ebx mov eax,[edi] push eax call FUNC_001501 add esp,byte +0x8 push eax call FUNC_001521 add esp,byte +0x8 mov [edi],eax push dword 0x10000 push ebx mov eax,[edi+0x4] push eax call FUNC_001501 add esp,byte +0x8 push eax call FUNC_001521 add esp,byte +0x8 mov [edi+0x4],eax push dword 0x10000 push ebx mov eax,[edi+0x8] push eax call FUNC_001501 add esp,byte +0x8 push eax call FUNC_001521 add esp,byte +0x8 mov [edi+0x8],eax jmp short JUMP_001634 JUMP_001633: ; Pos = 1e135 cmp esi,0x3333 jnl JUMP_001634 push dword 0x3333 mov ebx,esi push ebx mov eax,[edi] push eax call FUNC_001501 add esp,byte +0x8 push eax call FUNC_001521 add esp,byte +0x8 mov [edi],eax push dword 0x3333 push ebx mov eax,[edi+0x4] push eax call FUNC_001501 add esp,byte +0x8 push eax call FUNC_001521 add esp,byte +0x8 mov [edi+0x4],eax push dword 0x3333 push ebx mov eax,[edi+0x8] push eax call FUNC_001501 add esp,byte +0x8 push eax call FUNC_001521 add esp,byte +0x8 mov [edi+0x8],eax JUMP_001634: ; Pos = 1e197 mov eax,[edi] lea eax,[eax+eax*4] lea eax,[eax+eax*8] test eax,eax jns JUMP_001635 add eax,0xffff JUMP_001635: ; Pos = 1e1a8 sar eax,0x10 mov [edi],eax mov eax,[edi+0x4] lea eax,[eax+eax*4] lea eax,[eax+eax*8] test eax,eax jns JUMP_001636 add eax,0xffff JUMP_001636: ; Pos = 1e1bf sar eax,0x10 mov [edi+0x4],eax mov ebx,[edi+0x8] lea ebx,[ebx+ebx*4] lea ebx,[ebx+ebx*8] test ebx,ebx jns JUMP_001637 add ebx,0xffff JUMP_001637: ; Pos = 1e1d8 sar ebx,0x10 mov [edi+0x8],ebx mov ecx,[edi] mov eax,ebx add eax,eax lea eax,[eax+eax*4] mov ebx,0x2d cdq idiv ebx mov edx,eax neg edx mov eax,[edi+0x4] sar eax,1 jns JUMP_001638 adc eax,byte +0x0 JUMP_001638: ; Pos = 1e1fd add cx,0x93 mov [ebp-0x8],cx add dx,0xbb mov [ebp-0x6],dx xor edx,edx cmp byte [DATA_008630],0x0 jl JUMP_001639 dec edx JUMP_001639: ; Pos = 1e21b push edx mov edx,[ebp-0x4] push edx push eax lea eax,[ebp-0x8] push eax call FUNC_001569_DrawScannerStalk add esp,byte +0x10 JUMP_001640: ; Pos = 1e22d pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000276: ; Pos = 1e234 push ebp mov ebp,esp cmp dword [DATA_009104],byte +0x0 jz JUMP_001641 push byte +0x3 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_001642 JUMP_001641: ; Pos = 1e24a push byte +0x3 call FUNC_000264_ConsoleHideButton pop ecx JUMP_001642: ; Pos = 1e252 cmp dword [DATA_009084],byte +0x0 jz JUMP_001643 push byte +0x4 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_001644 JUMP_001643: ; Pos = 1e265 push byte +0x4 call FUNC_000264_ConsoleHideButton pop ecx JUMP_001644: ; Pos = 1e26d cmp dword [DATA_008891],byte +0x0 jz JUMP_001645 push byte +0x5 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_001646 JUMP_001645: ; Pos = 1e280 push byte +0x5 call FUNC_000264_ConsoleHideButton pop ecx JUMP_001646: ; Pos = 1e288 cmp dword [DATA_009073],byte +0x0 jz JUMP_001647 push byte +0x6 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_001648 JUMP_001647: ; Pos = 1e29b push byte +0x6 call FUNC_000264_ConsoleHideButton pop ecx JUMP_001648: ; Pos = 1e2a3 cmp dword [DATA_009087],byte +0x0 jz JUMP_001649 push byte +0x7 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_001650 JUMP_001649: ; Pos = 1e2b6 push byte +0x7 call FUNC_000264_ConsoleHideButton pop ecx JUMP_001650: ; Pos = 1e2be push byte +0x8 call FUNC_000263_ConsoleShowButton pop ecx push byte +0x9 call FUNC_000263_ConsoleShowButton pop ecx push byte +0xa call FUNC_000263_ConsoleShowButton pop ecx pop ebp ret FUNC_000277: ; Pos = 1e2d8 push ebp mov ebp,esp push dword DATA_005104 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] and eax,0x1ff push eax mov eax,[ebp+0x10] push eax call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret FUNC_000278: ; Pos = 1e2fc push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov eax,[ebp+0x8] mov esi,[eax] cmp byte [esi+0x88],0x11 jnl near JUMP_001653 cmp dword [esi+0x82],byte +0x68 jz near JUMP_001653 cmp dword [esi+0x82],byte +0x69 jz near JUMP_001653 call near [DATA_007752] ; FUNC_001530 cmp eax,0x1000 jnc near JUMP_001653 push byte +0x4 call near [DATA_007217] ; FUNC_000922 pop ecx mov bl,0x1 lea edx,[ebp-0x18] push edx push eax push esi call FUNC_000659 add esp,byte +0xc cmp byte [esi+0x124],0x2a jnz JUMP_001651 lea eax,[ebp-0x18] push eax call FUNC_000662 pop ecx mov edi,eax jmp short JUMP_001652 JUMP_001651: ; Pos = 1e372 lea eax,[ebp-0x18] push eax call FUNC_000663 pop ecx mov edi,eax JUMP_001652: ; Pos = 1e37e test edi,edi jz JUMP_001653 mov [edi+0xff],bl lea eax,[esi+0x3e] push eax lea eax,[edi+0x3e] push eax call FUNC_001661_Vec64Add add esp,byte +0x8 mov al,[esi+0x56] mov [edi+0x56],al mov al,[esi+0x57] mov [edi+0x57],al push esi push edi mov ecx,0x9 rep movsd pop edi pop esi mov eax,[edi+0x18] sar eax,0x15 mov edx,[edi+0xc] sar edx,0x15 add eax,edx mov [edi+0x8c],eax mov eax,[edi+0x1c] sar eax,0x15 mov edx,[edi+0x10] sar edx,0x15 add eax,edx mov [edi+0x90],eax mov eax,[edi+0x20] sar eax,0x15 mov edx,[edi+0x14] sar edx,0x15 add eax,edx mov [edi+0x94],eax JUMP_001653: ; Pos = 1e3eb pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000279: ; Pos = 1e3f4 push ebp mov ebp,esp cmp byte [DATA_008645],0x0 jz JUMP_001654 call FUNC_000284 mov al,[DATA_009082] push eax call FUNC_000286 pop ecx JUMP_001654: ; Pos = 1e411 pop ebp ret nop FUNC_000280: ; Pos = 1e414 push ebp mov ebp,esp mov eax,[ebp+0x8] and eax,0xff sub eax,byte +0x2 jc JUMP_001655 jz JUMP_001657 pop ebp ret JUMP_001655: ; Pos = 1e428 xor eax,eax mov [DATA_009073],eax xor eax,eax mov [DATA_009086],eax xor eax,eax mov [DATA_009087],eax mov byte [DATA_009078],0x0 xor eax,eax mov [DATA_009084],eax xor eax,eax mov [DATA_009090],eax xor edx,edx mov eax,DATA_009093 JUMP_001656: ; Pos = 1e459 xor ecx,ecx mov [eax],ecx inc edx add eax,byte +0x4 cmp edx,byte +0x6 jl JUMP_001656 pop ebp ret JUMP_001657: ; Pos = 1e468 push byte +0x1 push byte +0x0 push dword FUNC_000279 mov eax,[DATA_008857] push eax push byte +0x0 push byte +0xb call FUNC_000044 add esp,byte +0x18 push byte +0x1 push byte +0x0 push dword FUNC_000279 mov eax,[DATA_008857] push eax push byte +0x0 push byte +0x12 call FUNC_000044 add esp,byte +0x18 push byte +0x1 push byte +0x0 push dword FUNC_000279 mov eax,[DATA_008857] push eax push byte +0x0 push byte +0x13 call FUNC_000044 add esp,byte +0x18 pop ebp ret nop FUNC_000281: ; Pos = 1e4bc push ebp mov ebp,esp add esp,byte -0x50 push ebx mov byte [DATA_008645],0x0 or byte [DATA_008809],0x1 mov al,[DATA_009082] mov [DATA_009078],al mov al,[DATA_009082] push eax call FUNC_000309 pop ecx xor ebx,ebx JUMP_001658: ; Pos = 1e4e9 push ebx call FUNC_000264_ConsoleHideButton pop ecx inc ebx cmp ebx,byte +0xa jng JUMP_001658 push byte +0x0 push byte +0xd call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov al,[DATA_007204] shl eax,0x2 add al,0x3 mov [ebp-0x4f],al mov al,[DATA_007205] shl eax,0x2 add al,0x3 mov [ebp-0x4e],al mov al,[DATA_007206] shl eax,0x2 add al,0x3 mov [ebp-0x4d],al lea eax,[ebp-0x4f] push eax call FUNC_001575 pop ecx pop ebx mov esp,ebp pop ebp ret FUNC_000282: ; Pos = 1e538 push ebp mov ebp,esp push byte +0x0 mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push byte +0xf mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 pop ebp ret nop nop FUNC_000283: ; Pos = 1e55c push ebp mov ebp,esp add esp,0xffffff6c push ebx push esi push edi push byte +0x0 call FUNC_000956 pop ecx mov eax,[DATA_008861] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] mov ax,[eax+0xe] mov [ebp-0x6],ax movsx eax,word [ebp-0x6] mov [ebp-0x44],eax lea eax,[ebp-0x44] push eax push dword 0x9c04 call FUNC_000318 add esp,byte +0x8 mov eax,[DATA_008861] mov word [ebp-0x4],0x5 mov word [ebp-0x2],0x2f mov edx,[eax+0xc8] mov ebx,edx shl ebx,0x10 shr edx,0x10 or ebx,edx mov edx,[eax+0xcc] mov ecx,edx shl ecx,0x10 shr edx,0x10 or ecx,edx mov [ebp-0x10],ecx or ebx,[ebp-0x10] not dword [ebp-0x10] xor edx,edx mov eax,0x1 JUMP_001659: ; Pos = 1e5e7 mov ecx,eax and ecx,ebx cmp ecx,byte +0x1 sbb ecx,ecx neg ecx cmp ecx,byte +0x1 sbb ecx,ecx neg ecx add edx,ecx add eax,eax test eax,eax jnz JUMP_001659 cmp edx,byte +0x10 jng JUMP_001663 mov dword [ebp-0x18],0x7 inc edx sar edx,1 jns JUMP_001660 adc edx,byte +0x0 JUMP_001660: ; Pos = 1e615 mov [ebp-0x1c],edx mov eax,[ebp-0x1c] sub eax,[ebp-0x18] mov [DATA_008687],eax cmp eax,[DATA_008686] jnl JUMP_001661 mov [DATA_008686],eax JUMP_001661: ; Pos = 1e630 mov edx,[DATA_008686] mov [ebp-0x14],edx cmp eax,[ebp-0x14] jng JUMP_001662 push byte +0x70 push byte +0x14 push byte +0x30 call FUNC_001621_BlitIndexToBuf add esp,byte +0xc JUMP_001662: ; Pos = 1e64c cmp dword [ebp-0x14],byte +0x0 jng JUMP_001664 push byte +0x70 push byte +0x20 push byte +0x2f call FUNC_001621_BlitIndexToBuf add esp,byte +0xc jmp short JUMP_001664 JUMP_001663: ; Pos = 1e662 xor eax,eax mov [DATA_008687],eax xor eax,eax mov [ebp-0x14],eax mov dword [ebp-0x18],0x8 mov dword [ebp-0x1c],0x8 JUMP_001664: ; Pos = 1e67c xor edi,edi mov esi,DATA_005106 test ebx,ebx jz JUMP_001669 JUMP_001665: ; Pos = 1e687 test bl,0x1 jz JUMP_001668 cmp edi,[ebp-0x14] jl JUMP_001667 mov eax,[ebp-0x14] add eax,[ebp-0x18] cmp edi,eax jnl JUMP_001667 mov al,0x11 test byte [ebp-0x10],0x1 jnz JUMP_001666 dec eax JUMP_001666: ; Pos = 1e6a4 movsx edx,word [ebp-0x6] mov [ebp-0x58],edx push byte +0x0 movsx edx,word [ebp-0x2] push edx movsx edx,word [ebp-0x4] push edx and eax,0xff push eax lea eax,[ebp-0x58] push eax mov eax,[esi] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 add word [ebp-0x2],byte +0x9 JUMP_001667: ; Pos = 1e6d2 inc edi cmp edi,[ebp-0x1c] jnz JUMP_001668 xor edi,edi mov word [ebp-0x4],0x60 mov word [ebp-0x2],0x2f JUMP_001668: ; Pos = 1e6e6 shr dword [ebp-0x10],1 shr ebx,1 add esi,byte +0x4 test ebx,ebx jnz JUMP_001665 JUMP_001669: ; Pos = 1e6f2 mov eax,[DATA_008861] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx ebx,word [eax+0x6] mov ecx,[DATA_008861] movzx esi,word [ecx+0xe2] sar esi,0x6 movzx eax,word [ecx+0xe4] add eax,eax lea eax,[eax+eax*4] lea eax,[eax+eax*4] lea eax,[eax+eax*4] xor edx,edx div ebx mov ebx,eax mov dword [ebp-0x20],0x1 lea eax,[ebp-0x24] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x30] push eax lea eax,[ebp-0x2c] push eax lea eax,[ebp-0x28] push eax lea eax,[ebp-0x20] push eax push ecx call FUNC_000899 add esp,byte +0x1c mov word [ebp-0x4],0x5 mov ax,0xf mov [ebp-0x2],ax mov [ebp-0x60],esi mov [ebp-0x6c],ebx mov edx,[ebp-0x24] mov [ebp-0x68],edx mov edx,[ebp-0x28] mov [ebp-0x5c],edx mov edx,[ebp-0x30] mov [ebp-0x64],edx movsx eax,ax push eax movsx eax,word [ebp-0x4] push eax lea eax,[ebp-0x6c] push eax push dword 0x9c12 call FUNC_000282 add esp,byte +0x10 mov edx,[DATA_008861] mov eax,edx add eax,0xd2 mov word [ebp-0x4],0x5 mov word [ebp-0x2],0x7d cmp byte [edx+0xd1],0x0 jnz JUMP_001670 call FUNC_000310 push dword 0x82 push dword 0x13d push byte +0x2 push dword 0xbd call FUNC_000957 add esp,byte +0x10 jmp JUMP_001675 JUMP_001670: ; Pos = 1e7e1 xor ebx,ebx mov esi,eax jmp JUMP_001674 JUMP_001671: ; Pos = 1e7ea mov al,[esi] and eax,byte +0x78 sar eax,0x3 mov edx,[DATA_008861] cmp byte [edx+0xd1],0x4 jnz JUMP_001672 cmp bl,0x2 jnz JUMP_001672 mov dword [ebp-0x80],0x9874 mov eax,[eax*4+DATA_005107] mov [ebp-0x7c],eax inc ebx inc esi mov al,[esi] and eax,byte +0x78 sar eax,0x3 mov eax,[eax*4+DATA_005107] mov [ebp-0x78],eax movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax lea eax,[ebp-0x80] push eax push dword 0x9c0d call FUNC_000282 add esp,byte +0x10 jmp short JUMP_001673 JUMP_001672: ; Pos = 1e848 movsx edx,bl add edx,0x9870 mov [ebp+0xffffff6c],edx mov eax,[eax*4+DATA_005107] mov [ebp+0xffffff70],eax movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax lea eax,[ebp+0xffffff6c] push eax push dword 0x9c0c call FUNC_000282 add esp,byte +0x10 JUMP_001673: ; Pos = 1e882 add word [ebp-0x2],byte +0xa inc ebx inc esi JUMP_001674: ; Pos = 1e889 mov eax,[DATA_008861] cmp bl,[eax+0xd1] jl near JUMP_001671 call FUNC_000310 push dword 0x82 push dword 0x13d push byte +0x2 push dword 0xbd call FUNC_000957 add esp,byte +0x10 JUMP_001675: ; Pos = 1e8b8 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_000284: ; Pos = 1e8c0 push ebp mov ebp,esp mov eax,[DATA_008861] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0xc] mov edx,eax shl edx,0x4 lea edx,[edx+edx*4] lea edx,[edx+edx*4] lea edx,[edx+edx*4] lea edx,[edx+edx*4] lea edx,[edx+edx*8] test edx,edx jns JUMP_001676 add edx,0xff JUMP_001676: ; Pos = 1e8fb sar edx,0x8 mov [DATA_009070],edx imul edx,eax,0x2af8 test edx,edx jns JUMP_001677 add edx,0xff JUMP_001677: ; Pos = 1e914 sar edx,0x8 mov [DATA_009071],edx shl eax,0x3 lea eax,[eax+eax*4] lea eax,[eax+eax*4] lea eax,[eax+eax*4] mov [DATA_009072],eax pop ebp ret FUNC_000285: ; Pos = 1e930 push ebp mov ebp,esp push ebx mov ebx,DATA_008804 cmp byte [DATA_008645],0x0 jz JUMP_001678 mov al,[ebx+0x4a39] push eax call FUNC_000286 pop ecx push byte +0x1 push byte +0xd call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebx pop ebp ret JUMP_001678: ; Pos = 1e95e push byte +0xe call near [DATA_007200] ; FUNC_000923 pop ecx mov byte [DATA_008645],0x1 push dword 0x9c0b call FUNC_000267 pop ecx call FUNC_000276 push byte +0x1 push byte +0xd call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov dword [ebx+0x2c],0xffffb619 mov dword [ebx+0x30],0xffffb619 mov dword [ebx+0x34],0x49e7 mov al,0x7 mov [ebx+0x56],al mov [ebx+0x55],al mov [ebx+0x54],al mov al,0x7 mov [ebx+0x59],al mov [ebx+0x58],al mov [ebx+0x57],al mov al,0x6 mov [ebx+0x5c],al mov [ebx+0x5b],al mov [ebx+0x5a],al mov al,0x5 mov [ebx+0x5f],al mov [ebx+0x5e],al mov [ebx+0x5d],al mov al,0x4 mov [ebx+0x62],al mov [ebx+0x61],al mov [ebx+0x60],al mov al,0x3 mov [ebx+0x65],al mov [ebx+0x64],al mov [ebx+0x63],al mov al,0x2 mov [ebx+0x68],al mov [ebx+0x67],al mov [ebx+0x66],al mov al,0x1 mov [ebx+0x6b],al mov [ebx+0x6a],al mov [ebx+0x69],al call FUNC_000284 mov al,[ebx+0x4a39] push eax call FUNC_000286 pop ecx pop ebx pop ebp ret FUNC_000286: ; Pos = 1ea0c push ebp mov ebp,esp add esp,byte -0x50 push ebx mov ebx,[ebp+0x8] mov [DATA_009082],bl call FUNC_000308 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas movsx eax,bl cmp eax,byte +0x6 ja near JUMP_001686 jmp near [eax*4+DATA_000022] SECTION .data DATA_000022: ; Pos = 1ea3a dd JUMP_001679 dd JUMP_001680 dd JUMP_001681 dd JUMP_001682 dd JUMP_001683 dd JUMP_001684 dd JUMP_001685 SECTION .text JUMP_001679: ; Pos = 1ea56 push dword DATA_005108 call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx mov byte [ebp-0x4f],0x13 mov byte [ebp-0x4e],0x13 mov byte [ebp-0x4d],0x23 lea eax,[ebp-0x4f] push eax call FUNC_001575 pop ecx and byte [DATA_008809],0xfe call FUNC_000283 call FUNC_001637_FlipScreen call FUNC_000283 call FUNC_000288 jmp JUMP_001687 JUMP_001680: ; Pos = 1ea98 mov byte [ebp-0x4f],0x13 mov byte [ebp-0x4e],0x13 mov byte [ebp-0x4d],0x13 lea eax,[ebp-0x4f] push eax call FUNC_001575 pop ecx call FUNC_000312 call FUNC_001637_FlipScreen call FUNC_000312 call FUNC_000288 jmp JUMP_001687 JUMP_001681: ; Pos = 1eac7 xor eax,eax mov [DATA_005122],eax mov byte [ebp-0x4f],0x1b mov byte [ebp-0x4e],0x1b mov byte [ebp-0x4d],0x1b lea eax,[ebp-0x4f] push eax call FUNC_001575 pop ecx call FUNC_000313 call FUNC_001637_FlipScreen call FUNC_000313 call FUNC_000288 jmp JUMP_001687 JUMP_001682: ; Pos = 1eafd xor eax,eax mov [DATA_005122],eax mov byte [ebp-0x4f],0x2b mov byte [ebp-0x4e],0x13 mov byte [ebp-0x4d],0x13 lea eax,[ebp-0x4f] push eax call FUNC_001575 pop ecx call FUNC_000287 jmp JUMP_001687 JUMP_001683: ; Pos = 1eb24 mov byte [ebp-0x4f],0x23 mov byte [ebp-0x4e],0x13 mov byte [ebp-0x4d],0x3 lea eax,[ebp-0x4f] push eax call FUNC_001575 pop ecx call FUNC_000295 call FUNC_001637_FlipScreen call FUNC_000295 call FUNC_000288 jmp JUMP_001687 JUMP_001684: ; Pos = 1eb53 mov byte [ebp-0x4f],0x13 mov byte [ebp-0x4e],0x1b mov byte [ebp-0x4d],0x1b lea eax,[ebp-0x4f] push eax call FUNC_001575 pop ecx call FUNC_001637_FlipScreen call FUNC_000316 call FUNC_001637_FlipScreen and byte [DATA_008809],0xfe call FUNC_000316 jmp short JUMP_001687 JUMP_001685: ; Pos = 1eb86 xor eax,eax mov [DATA_005122],eax mov byte [ebp-0x4f],0x13 mov byte [ebp-0x4e],0x23 mov byte [ebp-0x4d],0x13 lea eax,[ebp-0x4f] push eax call FUNC_001575 pop ecx call FUNC_000317 call FUNC_001637_FlipScreen call FUNC_000288 jmp short JUMP_001687 JUMP_001686: ; Pos = 1ebb4 mov byte [ebp-0x4f],0x13 mov byte [ebp-0x4e],0x13 mov byte [ebp-0x4d],0x23 lea eax,[ebp-0x4f] push eax call FUNC_001575 pop ecx and byte [DATA_008809],0xfe call FUNC_000283 call FUNC_001637_FlipScreen call FUNC_000283 call FUNC_000288 JUMP_001687: ; Pos = 1ebe5 pop ebx mov esp,ebp pop ebp ret FUNC_000287: ; Pos = 1ebec push ebp mov ebp,esp call FUNC_000294 call FUNC_001637_FlipScreen call FUNC_000294 call FUNC_000288 pop ebp ret FUNC_000288: ; Pos = 1ec08 push ebp mov ebp,esp add esp,0xfffffeac push ebx push esi push edi lea ebx,[ebp+0xfffffeac] push dword 0x82 push dword 0x13d push byte +0x2 push dword 0xbd call FUNC_000957 add esp,byte +0x10 and byte [DATA_008809],0xfe push byte +0x0 mov eax,[DATA_008861] push eax push ebx call near [DATA_007755] ; FUNC_001533 add esp,byte +0xc xor eax,eax mov [ebx+0x26],eax xor eax,eax mov [ebx+0x2e],eax xor eax,eax mov [ebx+0x36],eax xor eax,eax mov [ebx+0x2a],eax xor eax,eax mov [ebx+0x32],eax xor eax,eax mov [ebx+0x3a],eax mov word [ebx+0xb6],0x0 mov word [ebx+0xba],0x0 mov esi,DATA_009070 lea edi,[ebx+0x26] mov ecx,0x6 rep movsd mov eax,[DATA_008804] shr eax,0xa mov [ebx+0x9c],ax mov eax,[DATA_009068] mov [DATA_008802],eax mov edx,[DATA_009069] mov [DATA_008803],edx push edx push eax push ebx call FUNC_001675_MatBuildYZT add esp,byte +0xc push ebx call near [DATA_007807] ; FUNC_001682 pop ecx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000289: ; Pos = 1eccc push ebp mov ebp,esp add esp,byte -0x60 push ebx push esi mov eax,DATA_008804 mov esi,[eax+0xc8] mov dl,[esi+0xd0] xor ecx,ecx mov cl,dl mov ecx,[ecx*4+DATA_005111] mov esi,[esi+0x11e] mov ebx,ecx sub ebx,0x1999999 cmp esi,ebx jc JUMP_001688 mov dword [ebp-0x30],0x99e3 mov dword [ebp-0x18],0xffffffff lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx call FUNC_000287 jmp JUMP_001694 JUMP_001688: ; Pos = 1ed24 cmp dl,0xa jc JUMP_001690 cmp word [eax+0x15c],byte +0x0 ja JUMP_001689 call FUNC_000293 jmp JUMP_001694 JUMP_001689: ; Pos = 1ed3d dec word [eax+0x15c] inc word [eax+0x16e] jmp short JUMP_001692 JUMP_001690: ; Pos = 1ed4d cmp word [eax+0x15a],byte +0x0 ja JUMP_001691 call FUNC_000293 jmp JUMP_001694 JUMP_001691: ; Pos = 1ed61 dec word [eax+0x15a] dec dword [eax+0x120] JUMP_001692: ; Pos = 1ed6e and word [eax+0xc6],0xfffe mov edx,[eax+0xc8] mov bx,[eax+0x214] mov [edx+0xbc],bx mov bx,[eax+0x218] mov [edx+0xbe],bx mov bx,[eax+0x21c] mov [edx+0xc0],bx mov bx,[eax+0x220] mov [edx+0xc2],bx mov bx,[eax+0x224] mov [edx+0xc4],bx mov bx,[eax+0x228] mov [edx+0xc6],bx add dword [edx+0x11e],0x20000000 mov edx,[eax+0xc8] mov edx,[edx+0x11e] cmp ecx,edx jc JUMP_001693 cmp esi,edx jnc JUMP_001693 call FUNC_000287 jmp short JUMP_001694 JUMP_001693: ; Pos = 1edf6 mov eax,[eax+0xc8] mov [eax+0x11e],ecx mov dword [ebp-0x60],0x99e3 mov dword [ebp-0x48],0xffffffff lea eax,[ebp-0x60] push eax call FUNC_000349 pop ecx call FUNC_000287 JUMP_001694: ; Pos = 1ee1f pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000290: ; Pos = 1ee28 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x18] mov eax,[ebp+0x8] mov esi,DATA_008804 mov edx,[esi+0x4a18] lea edx,[edx+edx*4] mov [esi+edx*4+0x4a3e],eax mov edx,[esi+0x4a18] lea edx,[edx+edx*4] mov ecx,[ebp+0xc] mov [esi+edx*4+0x4a3a],ecx mov edx,[esi+0x4a18] lea edx,[edx+edx*4] mov ecx,[ebp+0x10] mov [esi+edx*4+0x4a42],ecx mov edx,[esi+0x4a18] lea edx,[edx+edx*4] mov ecx,[ebp+0x14] mov [esi+edx*4+0x4a46],ecx mov edx,[esi+0x4a18] lea edx,[edx+edx*4] mov [esi+edx*4+0x4a4a],edi inc dword [esi+0x4a18] mov ebx,eax sar ebx,0x9 and ebx,byte +0xf lea eax,[ebx+ebx*2] cmp dword [eax*2+DATA_005123],byte +0x0 jz near JUMP_001699 call near [DATA_007752] ; FUNC_001530 lea edx,[ebx+ebx*2] cmp eax,[edx*2+DATA_005123] ja near JUMP_001699 lea eax,[ebx+ebx*2] mov al,[eax*2+DATA_005124] sub al,0x1 jc JUMP_001695 jz JUMP_001698 dec al jz JUMP_001696 dec al jz JUMP_001697 jmp short JUMP_001699 JUMP_001695: ; Pos = 1eee1 push edi mov eax,[esi+0xc0] push eax call FUNC_000665 add esp,byte +0x8 jmp short JUMP_001699 JUMP_001696: ; Pos = 1eef3 push edi mov eax,[esi+0xc0] push eax call FUNC_000668 add esp,byte +0x8 push edi mov eax,[esi+0xc0] push eax call FUNC_000668 add esp,byte +0x8 jmp short JUMP_001699 JUMP_001697: ; Pos = 1ef15 push edi mov eax,[esi+0xc0] push eax call FUNC_000666 add esp,byte +0x8 push edi mov eax,[esi+0xc0] push eax call FUNC_000666 add esp,byte +0x8 push edi mov eax,[esi+0xc0] push eax call FUNC_000666 add esp,byte +0x8 jmp short JUMP_001699 JUMP_001698: ; Pos = 1ef47 push edi mov eax,[esi+0xc0] push eax call FUNC_000667 add esp,byte +0x8 JUMP_001699: ; Pos = 1ef57 pop edi pop esi pop ebx pop ebp ret FUNC_000291: ; Pos = 1ef5c push ebp mov ebp,esp add esp,byte -0x54 push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] cmp esi,[DATA_008861] jnz JUMP_001703 lea eax,[ebx+0x3e8] push eax push byte +0x5 call FUNC_000034 add esp,byte +0x8 push byte +0x5 call FUNC_000035 pop ecx test eax,eax jnz JUMP_001700 xor eax,eax jmp JUMP_001705 JUMP_001700: ; Pos = 1ef97 push byte +0x0 push byte +0x5 call FUNC_000034 add esp,byte +0x8 cmp word [ebx*2+DATA_008896],byte +0x0 jz JUMP_001701 add word [ebx*2+DATA_008896],0xffff dec dword [DATA_008891] jmp short JUMP_001702 JUMP_001701: ; Pos = 1efc0 xor eax,eax jmp JUMP_001705 JUMP_001702: ; Pos = 1efc7 mov dword [ebp-0x34],0x9c2f lea eax,[ebx+0x8e00] mov [ebp-0x30],eax mov dword [ebp-0x1c],0xffffffff lea eax,[ebp-0x34] push eax call FUNC_000349 pop ecx JUMP_001703: ; Pos = 1efe8 movsx edi,byte [ebx+DATA_005112] lea eax,[ebp-0x4] push eax push dword 0x99 push byte +0xf mov eax,[DATA_008861] push eax mov eax,[DATA_009133] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov ebx,eax test ebx,ebx jz near JUMP_001704 mov [ebx+0x9e],di lea eax,[ebp-0x48] push eax add edi,0x8e00 push edi push dword DATA_009124 call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc lea eax,[ebx+0x124] push esi mov esi,eax mov edi,DATA_009124 xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi mov byte [ebx+0x87],0xb mov byte [ebx+0xff],0x16 mov eax,[esi+0xc] mov [ebp-0x54],eax mov eax,[esi+0x10] mov [ebp-0x50],eax mov eax,[esi+0x14] mov [ebp-0x4c],eax call near [DATA_007752] ; FUNC_001530 mov edx,[ebp-0x54] sar edx,0xb mov eax,[DATA_008818] mov ecx,eax sar ecx,0x10 add edx,ecx mov [ebp-0x54],edx mov edx,[ebp-0x50] sar edx,0xb shl eax,0x10 sar eax,0x10 add edx,eax mov [ebp-0x50],edx mov eax,[ebp-0x4c] sar eax,0xb mov edx,[DATA_008820] sar edx,0x10 add eax,edx mov [ebp-0x4c],eax mov eax,[ebp-0x54] sar eax,0xc sub [ebx+0x8c],eax mov eax,[ebp-0x50] sar eax,0xc sub [ebx+0x90],eax mov eax,[ebp-0x4c] sar eax,0xc sub [ebx+0x94],eax mov eax,[esi+0xc] mov [ebp-0x54],eax mov eax,[esi+0x10] mov [ebp-0x50],eax mov eax,[esi+0x14] mov [ebp-0x4c],eax mov edi,[esi+0x140] neg edi push edi mov eax,[esi+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x54],eax push edi mov eax,[esi+0x10] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x50],eax push edi mov eax,[esi+0x14] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x4c],eax lea eax,[ebp-0x54] push eax push ebx call near [DATA_007746] ; FUNC_001514 add esp,byte +0x8 cmp esi,[DATA_008861] jnz JUMP_001704 push byte +0x20 call FUNC_001906_SoundPlaySample pop ecx JUMP_001704: ; Pos = 1f151 mov eax,ebx JUMP_001705: ; Pos = 1f153 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop FUNC_000292: ; Pos = 1f15c push ebp mov ebp,esp add esp,0xffffff2c push ebx push esi push edi mov edi,DATA_008804 call near [DATA_007672] ; FUNC_001414_GuiGetLastAction xor ebx,ebx mov bl,al test ebx,ebx jnz JUMP_001706 call FUNC_000293 jmp JUMP_001734 JUMP_001706: ; Pos = 1f185 cmp ebx,0xf5 jnz JUMP_001707 push byte +0x0 call FUNC_000083 pop ecx jmp JUMP_001734 JUMP_001707: ; Pos = 1f19a cmp ebx,0xf6 jnz JUMP_001708 push byte +0x0 call FUNC_000286 pop ecx jmp JUMP_001734 JUMP_001708: ; Pos = 1f1af cmp ebx,0xf7 jnz JUMP_001709 push byte +0x1 call FUNC_000286 pop ecx jmp JUMP_001734 JUMP_001709: ; Pos = 1f1c4 cmp ebx,0xf8 jnz JUMP_001710 cmp dword [edi+0x5030],byte +0x0 jz JUMP_001710 push byte +0x2 call FUNC_000286 pop ecx jmp JUMP_001734 JUMP_001710: ; Pos = 1f1e2 cmp ebx,0xf9 jnz JUMP_001711 cmp dword [edi+0x4a18],byte +0x0 jz JUMP_001711 push byte +0x4 call FUNC_000286 pop ecx jmp JUMP_001734 JUMP_001711: ; Pos = 1f200 cmp ebx,0xfa jnz JUMP_001712 cmp dword [edi+0x120],byte +0x0 jz JUMP_001712 push byte +0x3 call FUNC_000286 pop ecx jmp JUMP_001734 JUMP_001712: ; Pos = 1f21e cmp ebx,0xfb jnz JUMP_001713 cmp dword [edi+0x4ef0],byte +0x0 jz JUMP_001713 push byte +0x5 call FUNC_000286 pop ecx jmp JUMP_001734 JUMP_001713: ; Pos = 1f23c cmp ebx,0xfc jnz JUMP_001714 cmp dword [edi+0x511a],byte +0x0 jz JUMP_001714 push byte +0x6 call FUNC_000286 pop ecx jmp JUMP_001734 JUMP_001714: ; Pos = 1f25a mov al,[edi+0x4eea] sub al,0x1 jc JUMP_001715 dec al jz JUMP_001717 dec al jz near JUMP_001726 sub al,0x3 jz near JUMP_001722 jmp JUMP_001732 JUMP_001715: ; Pos = 1f27d cmp ebx,byte +0x5 jnz JUMP_001716 cmp dword [DATA_008686],byte +0x0 jng JUMP_001716 dec dword [DATA_008686] mov al,[edi+0x4eea] push eax call FUNC_000286 pop ecx jmp JUMP_001734 JUMP_001716: ; Pos = 1f2a3 cmp ebx,byte +0x6 jnz near JUMP_001732 mov eax,[DATA_008686] cmp eax,[DATA_008687] jnl near JUMP_001732 inc dword [DATA_008686] mov al,[edi+0x4eea] push eax call FUNC_000286 pop ecx jmp JUMP_001734 JUMP_001717: ; Pos = 1f2d5 cmp ebx,0x80 jl near JUMP_001732 cmp ebx,0x94 jl JUMP_001718 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx call FUNC_000293 jmp JUMP_001734 JUMP_001718: ; Pos = 1f2fb sub ebx,0x80 cmp ebx,[edi+0x5030] jl JUMP_001719 call FUNC_000293 jmp JUMP_001734 JUMP_001719: ; Pos = 1f313 mov al,[edi+0xe8] cmp al,0x2a jz JUMP_001720 cmp al,0x30 jnz JUMP_001721 JUMP_001720: ; Pos = 1f321 mov esi,ebx shl esi,0x3 lea eax,[edi+0x5034] add esi,eax push dword DATA_009148 mov eax,[esi] push eax lea eax,[ebp-0x14] push eax push byte +0x3 call FUNC_000791 add esp,byte +0x10 mov dword [ebp-0x44],0x9c1c xor eax,eax mov [ebp-0x2c],eax xor eax,eax mov [ebp-0x28],eax lea eax,[ebp-0x44] push eax call FUNC_000349 pop ecx inc ebx mov eax,[edi+0x5030] sub eax,ebx shl eax,0x3 push eax lea eax,[esi+0x8] push eax push esi call _memcpy add esp,byte +0xc dec dword [edi+0x5030] call FUNC_000313 call FUNC_001637_FlipScreen call FUNC_000313 call FUNC_000288 jmp JUMP_001734 JUMP_001721: ; Pos = 1f398 mov dword [ebp-0x74],0x9c1d mov dword [ebp-0x5c],0xffffffff lea eax,[ebp-0x74] push eax call FUNC_000349 pop ecx jmp JUMP_001734 JUMP_001722: ; Pos = 1f3b5 cmp ebx,0x80 jl near JUMP_001732 cmp ebx,0x8a jl JUMP_001723 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx call FUNC_000293 jmp JUMP_001734 JUMP_001723: ; Pos = 1f3db sub ebx,0x80 cmp ebx,[edi+0x511a] jl JUMP_001724 call FUNC_000293 jmp JUMP_001734 JUMP_001724: ; Pos = 1f3f3 lea eax,[ebx+ebx*2] lea eax,[ebx+eax*4] mov edx,[edi+eax*4+0x5122] cmp edx,[edi+0x10a] jz JUMP_001725 call FUNC_000293 jmp JUMP_001734 JUMP_001725: ; Pos = 1f412 mov al,[edi+eax*4+0x5140] mov [edi+0xec],al mov dword [ebp+0xffffff5c],0xa20b mov dword [ebp+0xffffff74],0xffffffff lea eax,[ebp+0xffffff5c] push eax call FUNC_000349 pop ecx call FUNC_000293 jmp JUMP_001734 JUMP_001726: ; Pos = 1f44a cmp ebx,0x80 jl near JUMP_001732 cmp ebx,0x98 jnl near JUMP_001732 add ebx,byte -0x7f and ebx,0xff xor esi,esi lea eax,[edi+0x134] JUMP_001727: ; Pos = 1f473 movzx edx,word [eax] test edx,edx jz JUMP_001728 dec ebx test ebx,ebx jz JUMP_001729 JUMP_001728: ; Pos = 1f47f inc esi add eax,byte +0x2 cmp esi,byte +0x26 jl JUMP_001727 JUMP_001729: ; Pos = 1f488 test ebx,ebx jz JUMP_001730 call FUNC_000293 jmp short JUMP_001734 JUMP_001730: ; Pos = 1f493 cmp byte [edi+0xe8],0x0 jz JUMP_001731 mov dword [ebp+0xffffff2c],0x9c30 mov dword [ebp+0xffffff44],0xffffffff lea eax,[ebp+0xffffff2c] push eax call FUNC_000349 pop ecx jmp short JUMP_001734 JUMP_001731: ; Pos = 1f4bf push esi mov eax,[edi+0xc8] push eax call FUNC_000291 add esp,byte +0x8 mov bl,[esi+DATA_005112] call FUNC_000287 mov eax,[edi+0xc0] shl eax,0x8 movsx edx,bl or eax,edx push eax push byte +0x11 call FUNC_000148 add esp,byte +0x8 jmp short JUMP_001734 JUMP_001732: ; Pos = 1f4f5 cmp ebx,byte +0x72 ; modified from 0x66 'f' to 'r' jnz JUMP_001733 call FUNC_000289 jmp short JUMP_001734 JUMP_001733: ; Pos = 1f501 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx call FUNC_000293 JUMP_001734: ; Pos = 1f50e pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000293: ; Pos = 1f518 push ebp mov ebp,esp cmp byte [DATA_009082],0x5 jz JUMP_001735 call FUNC_000288 mov eax,[DATA_009122] sar eax,0x3 add [DATA_009068],eax sar eax,1 add [DATA_009069],eax JUMP_001735: ; Pos = 1f53f pop ebp ret FUNC_000294: ; Pos = 1f544 push ebp mov ebp,esp add esp,byte -0x60 push ebx push esi push edi mov esi,DATA_005125 lea edi,[ebp-0x34] mov ecx,0xa rep movsd push byte +0x0 call FUNC_000956 pop ecx lea eax,[ebp-0x4c] push eax push dword 0x9c05 call FUNC_000318 add esp,byte +0x8 mov dword [ebp-0x4],0x9c13 mov dword [ebp-0xc],0x12 mov dword [ebp-0x8],0x23 xor esi,esi xor ebx,ebx mov dword [ebp-0x38],DATA_008896 jmp JUMP_001740 JUMP_001736: ; Pos = 1f59a mov eax,[ebp-0x38] movzx edi,word [eax] test edi,edi jz near JUMP_001739 cmp esi,byte +0xc jnz JUMP_001737 mov dword [ebp-0xc],0x6a mov dword [ebp-0x8],0x23 mov dword [ebp-0x4],0x9c14 JUMP_001737: ; Pos = 1f5c2 cmp dword [DATA_005122],byte +0x0 jnz JUMP_001738 mov eax,[ebp-0xc] mov edx,eax add edx,byte -0xc mov [ebp-0x34],edx mov edx,[ebp-0x8] mov [ebp-0x30],edx add eax,byte -0x4 mov [ebp-0x2c],eax add edx,byte +0x8 mov [ebp-0x28],edx lea eax,[esi+0x80] mov [ebp-0x24],eax lea eax,[ebp-0x34] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx JUMP_001738: ; Pos = 1f5fc mov eax,[ebp-0x8] dec eax push eax mov eax,[ebp-0xc] add eax,byte -0xc push eax push byte +0x31 call FUNC_001621_BlitIndexToBuf add esp,byte +0xc lea eax,[ebx+0x8e00] mov [ebp-0x60],eax mov [ebp-0x5c],edi mov eax,[ebp-0x8] push eax mov eax,[ebp-0xc] push eax lea eax,[ebp-0x60] push eax mov eax,[ebp-0x4] push eax call FUNC_000282 add esp,byte +0x10 add dword [ebp-0x8],byte +0xa inc esi JUMP_001739: ; Pos = 1f63b inc ebx add dword [ebp-0x38],byte +0x2 JUMP_001740: ; Pos = 1f640 cmp ebx,byte +0x26 jnl JUMP_001741 cmp esi,byte +0x18 jl near JUMP_001736 JUMP_001741: ; Pos = 1f64e call FUNC_000310 mov dword [ebp-0xc],0x78 mov eax,0xf mov [ebp-0x8],eax push eax mov eax,[ebp-0xc] push eax push byte +0x31 call FUNC_001621_BlitIndexToBuf add esp,byte +0xc cmp dword [DATA_005122],byte +0x0 jnz JUMP_001742 mov dword [ebp-0x34],0x78 mov dword [ebp-0x30],0xf mov dword [ebp-0x2c],0x80 mov dword [ebp-0x28],0x17 mov dword [ebp-0x24],0x72 ; Changed from 0x66 'f' lea eax,[ebp-0x34] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx JUMP_001742: ; Pos = 1f6a8 push dword 0x82 push dword 0x13d push byte +0x2 push dword 0xbd call FUNC_000957 add esp,byte +0x10 mov dword [DATA_005122],0x3 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000295: ; Pos = 1f6d4 push ebp mov ebp,esp add esp,byte -0x3c push ebx push esi push byte +0x0 call FUNC_000956 pop ecx lea eax,[ebp-0x28] push eax push dword 0x9c06 call FUNC_000318 add esp,byte +0x8 mov word [ebp-0xc],0x2 mov word [ebp-0xa],0x23 cmp dword [DATA_009073],byte +0xd jg JUMP_001743 mov eax,[DATA_009073] jmp short JUMP_001744 JUMP_001743: ; Pos = 1f711 mov eax,0xd JUMP_001744: ; Pos = 1f716 dec eax mov [ebp-0x8],eax xor eax,eax mov [ebp-0x4],eax mov ebx,DATA_009079 cmp dword [ebp-0x8],byte +0x0 jl JUMP_001749 JUMP_001745: ; Pos = 1f72a mov eax,[ebx] mov [ebp-0x10],eax mov eax,[ebx+0x4] mov edx,[ebx+0x8] mov [ebp-0x14],edx mov edx,[ebx+0xc] mov ecx,[ebx+0x10] mov esi,0x9c16 test ah,0x20 jnz JUMP_001746 dec esi JUMP_001746: ; Pos = 1f749 test ecx,ecx jnz JUMP_001747 mov esi,0x9c18 test ah,0x40 jnz JUMP_001748 dec esi jmp short JUMP_001748 JUMP_001747: ; Pos = 1f75a mov edx,eax and edx,byte +0x7 inc edx JUMP_001748: ; Pos = 1f760 mov eax,[ebp-0x10] mov [ebp-0x3c],eax mov [ebp-0x38],edx mov eax,[ebp-0x14] mov [ebp-0x34],eax mov [ebp-0x30],ecx movsx eax,word [ebp-0xa] push eax movsx eax,word [ebp-0xc] push eax lea eax,[ebp-0x3c] push eax push esi call FUNC_000282 add esp,byte +0x10 add word [ebp-0xa],byte +0xa dec dword [ebp-0x8] add ebx,byte +0x14 inc dword [ebp-0x4] cmp dword [ebp-0x8],byte +0x0 jnl JUMP_001745 JUMP_001749: ; Pos = 1f79d call FUNC_000310 push dword 0x82 push dword 0x13d push byte +0x2 push dword 0xbd call FUNC_000957 add esp,byte +0x10 pop esi pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_000296: ; Pos = 1f7c4 push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax] cmp eax,byte +0x19 ja near JUMP_001761 mov al,[eax+DATA_000023] jmp near [eax*4+DATA_000024] SECTION .data DATA_000023: ; Pos = 1f7e2 db 0x0, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0 db 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3 db 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1 db 0x0, 0x1 DATA_000024: ; Pos = 1f7fc dd JUMP_001761 dd JUMP_001759 dd JUMP_001753 dd JUMP_001752 dd JUMP_001750 dd JUMP_001760 SECTION .text JUMP_001750: ; Pos = 1f814 cmp dword [DATA_009073],byte +0x0 jnz JUMP_001751 cmp dword [DATA_009084],byte +0x0 jz near JUMP_001761 JUMP_001751: ; Pos = 1f82a or byte [DATA_008644],0x1 mov byte [DATA_009077],0xa pop ebp ret JUMP_001752: ; Pos = 1f83a call FUNC_000301 pop ebp ret JUMP_001753: ; Pos = 1f841 cmp dword [DATA_009087],byte +0x0 jz near JUMP_001761 xor ecx,ecx xor edx,edx mov eax,DATA_009089 jmp short JUMP_001755 JUMP_001754: ; Pos = 1f859 add ecx,[eax] inc edx add eax,byte +0x8 JUMP_001755: ; Pos = 1f85f cmp edx,[DATA_009087] jl JUMP_001754 sub [DATA_008888],ecx jns JUMP_001756 mov eax,[DATA_008888] sub [DATA_009090],eax xor eax,eax mov [DATA_008888],eax JUMP_001756: ; Pos = 1f881 mov eax,[DATA_009090] test eax,eax jz JUMP_001758 cmp dword [DATA_008888],byte +0x0 jz JUMP_001758 mov edx,[DATA_008888] cmp eax,edx jng JUMP_001757 sub [DATA_009090],edx xor eax,eax mov [DATA_008888],eax jmp short JUMP_001758 JUMP_001757: ; Pos = 1f8ac mov eax,[DATA_009090] sub [DATA_008888],eax xor eax,eax mov [DATA_009090],eax JUMP_001758: ; Pos = 1f8be cmp byte [DATA_008645],0x0 jz JUMP_001761 mov al,[DATA_009082] push eax call FUNC_000286 pop ecx pop ebp ret JUMP_001759: ; Pos = 1f8d5 cmp byte [DATA_008645],0x0 jz JUMP_001761 mov al,[DATA_009082] push eax call FUNC_000286 pop ecx pop ebp ret JUMP_001760: ; Pos = 1f8ec call FUNC_000298 JUMP_001761: ; Pos = 1f8f1 pop ebp ret nop FUNC_000297: ; Pos = 1f8f4 push ebp mov ebp,esp push ecx push ebx push esi mov esi,[ebp+0x14] lea eax,[ebp-0x4] push eax mov eax,[ebp+0xc] push eax push byte +0xe push dword DATA_005121 mov eax,[DATA_009133] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov ebx,eax test ebx,ebx jnz JUMP_001762 mov eax,ebx jmp short JUMP_001764 JUMP_001762: ; Pos = 1f925 mov al,0x2a cmp dword [ebp+0x8],byte +0x0 jnz JUMP_001763 inc eax JUMP_001763: ; Pos = 1f92e mov [ebx+0x124],al mov word [ebx+0xce],0x0 or byte [ebx+0x14c],0x60 mov byte [ebx+0x87],0xe mov al,[ebp+0x10] mov [ebx+0x56],al mov eax,[ebp+0x18] mov [ebx+0xa0],eax mov byte [ebx+0x57],0x1 mov byte [ebx+0x58],0x0 mov eax,[DATA_009133] push eax mov eax,[esi*8+DATA_007130] push eax mov eax,[esi*8+DATA_007131] push eax push ebx call FUNC_000879 add esp,byte +0x10 mov eax,ebx JUMP_001764: ; Pos = 1f983 pop esi pop ebx pop ecx pop ebp ret FUNC_000298: ; Pos = 1f988 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,DATA_008804 mov esi,[edi+0x4ef0] dec esi lea eax,[esi+esi*2] lea eax,[esi+eax*4] lea ebx,[edi+eax*4+0x4efa] test esi,esi jl near JUMP_001770 JUMP_001765: ; Pos = 1f9b0 mov eax,[edi+0x10a] cmp eax,[ebx] jnz near JUMP_001769 mov al,[ebx-0x2] and eax,byte +0xf sub eax,byte +0x3 jc JUMP_001766 sub eax,byte +0x4 jc JUMP_001768 jz near JUMP_001769 jmp JUMP_001769 JUMP_001766: ; Pos = 1f9d9 mov edx,[edi] mov eax,[edi+0x4] cmp eax,[ebx+0x8] ja near JUMP_001769 cmp eax,[ebx+0x8] jnz JUMP_001767 cmp edx,[ebx+0x4] ja near JUMP_001769 JUMP_001767: ; Pos = 1f9f5 mov byte [edi+0x4eeb],0x0 lea eax,[esi+esi*2] lea eax,[esi+eax*4] shl eax,0x2 lea edx,[edi+0x4ef4] add eax,edx push eax push dword FUNC_000299 mov eax,[DATA_009133] push eax call FUNC_000145 add esp,byte +0xc mov al,[edi+0x4eeb] test al,al jz near JUMP_001769 mov ecx,[ebx+0x8] push ecx mov edx,[ebx+0x4] push edx push eax push edx mov eax,[ebx+0x10] push eax call FUNC_000664 add esp,byte +0x14 jmp JUMP_001769 JUMP_001768: ; Pos = 1fa4a mov byte [edi+0x4eeb],0x0 lea eax,[esi+esi*2] lea eax,[esi+eax*4] shl eax,0x2 lea edx,[edi+0x4ef4] add eax,edx push eax push dword FUNC_000299 mov eax,[DATA_009133] push eax call FUNC_000145 add esp,byte +0xc cmp byte [edi+0x4eeb],0x0 jz JUMP_001769 movsx eax,byte [ebx-0x2] sar eax,0x4 and eax,byte +0x7 mov [ebp-0x4],eax mov eax,[ebp-0x4] mov eax,[eax*4+DATA_005117] mov [ebp-0x4],eax mov eax,[ebx+0x4] mov [DATA_008802],eax mov edx,eax shl edx,0x10 shr eax,0x10 or edx,eax mov eax,edx mov [DATA_008803],eax push eax mov eax,[DATA_008802] and eax,byte +0xf push eax movsx eax,byte [edi+0x4eeb] push eax mov eax,[ebp-0x4] push eax mov eax,esi and eax,byte +0x1 push eax call FUNC_000297 add esp,byte +0x14 mov al,[eax+0x86] mov [ebx+0x14],al mov byte [ebx+0x15],0xff JUMP_001769: ; Pos = 1fae3 dec esi add ebx,byte -0x34 test esi,esi jnl near JUMP_001765 JUMP_001770: ; Pos = 1faef pop edi pop esi pop ebx pop ecx pop ebp ret nop nop nop FUNC_000299: ; Pos = 1faf8 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] mov ebx,[ebp+0xc] lea eax,[ebx+0x1c] lea edx,[esi+0x124] JUMP_001771: ; Pos = 1fb0c mov cl,[eax] cmp cl,[edx] jnz JUMP_001773 test cl,cl jz JUMP_001772 mov cl,[eax+0x1] cmp cl,[edx+0x1] jnz JUMP_001773 add eax,byte +0x2 add edx,byte +0x2 test cl,cl jnz JUMP_001771 JUMP_001772: ; Pos = 1fb28 jnz JUMP_001773 mov al,[esi+0x86] mov [DATA_009083],al JUMP_001773: ; Pos = 1fb35 pop esi pop ebx pop ebp ret nop nop nop FUNC_000300: ; Pos = 1fb3c push ebp mov ebp,esp add esp,byte -0x5c push ebx push esi push edi mov eax,[DATA_009084] test eax,eax jnz JUMP_001774 xor eax,eax jmp JUMP_001796 JUMP_001774: ; Pos = 1fb55 mov esi,DATA_009085 mov [ebp-0x10],eax cmp dword [ebp-0x10],byte +0x0 jl near JUMP_001795 JUMP_001775: ; Pos = 1fb67 mov eax,[esi+0x30] cmp eax,[DATA_008885] jnz near JUMP_001794 mov bl,[esi+0x4] and bl,0xf mov eax,ebx sub al,0x3 jc JUMP_001776 sub al,0x4 jc near JUMP_001780 jz near JUMP_001794 jmp JUMP_001785 JUMP_001776: ; Pos = 1fb95 cmp byte [esi+0x5],0x0 jnz JUMP_001778 mov eax,[DATA_008804] mov edx,[DATA_008807] mov [ebp-0x14],edx mov edx,[ebp-0x14] cmp edx,[esi+0xe] jg JUMP_001777 mov edx,[ebp-0x14] cmp edx,[esi+0xe] jnz near JUMP_001794 cmp eax,[esi+0xa] jng near JUMP_001794 JUMP_001777: ; Pos = 1fbc6 mov edi,0xfffffc00 mov byte [ebp-0x1],0xfb mov dword [ebp-0x8],0x9c29 jmp JUMP_001785 JUMP_001778: ; Pos = 1fbdb cmp byte [esi+0x5],0x0 jng JUMP_001779 mov edi,0xfffffe00 mov byte [ebp-0x1],0xff mov dword [ebp-0x8],0x9c2b jmp JUMP_001785 JUMP_001779: ; Pos = 1fbf6 mov eax,[esi+0x12] add eax,eax lea eax,[eax+eax*4] mov [ebp-0x18],eax mov eax,[ebp-0x18] add [DATA_008888],eax mov edi,0x200 mov byte [ebp-0x1],0xc mov dword [ebp-0x8],0x9c2a jmp JUMP_001785 JUMP_001780: ; Pos = 1fc1f mov eax,[DATA_008807] mov [ebp-0x14],eax mov eax,[ebp-0x14] cmp eax,[esi+0xe] jng JUMP_001782 cmp byte [esi+0x5],0x0 jnz JUMP_001781 mov edi,0xfffffc00 mov byte [ebp-0x1],0xfb mov dword [ebp-0x8],0x9c29 jmp short JUMP_001785 JUMP_001781: ; Pos = 1fc47 mov edi,0xfffffc00 mov byte [ebp-0x1],0xff mov dword [ebp-0x8],0x9c2c jmp short JUMP_001785 JUMP_001782: ; Pos = 1fc59 cmp byte [esi+0x5],0x0 jz near JUMP_001794 cmp bl,0x4 jg JUMP_001784 mov eax,[esi+0x12] add eax,eax lea eax,[eax+eax*4] mov [ebp-0x18],eax mov eax,[ebp-0x18] add [DATA_008888],eax cmp byte [esi+0x1b],0xa jng JUMP_001783 mov byte [ebp-0x1],0x10 mov dword [ebp-0x8],0x9c2d jmp short JUMP_001785 JUMP_001783: ; Pos = 1fc8f mov byte [ebp-0x1],0x14 mov dword [ebp-0x8],0x9c2e jmp short JUMP_001785 JUMP_001784: ; Pos = 1fc9c mov eax,[esi+0x12] add eax,eax lea eax,[eax+eax*4] mov [ebp-0x18],eax mov eax,[ebp-0x18] add [DATA_008888],eax mov byte [ebp-0x1],0x12 mov dword [ebp-0x8],0x9c2a JUMP_001785: ; Pos = 1fcbb dec dword [DATA_009084] cmp dword [ebp-0x10],byte +0x0 jz JUMP_001786 mov eax,[ebp-0x10] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] shl eax,0x2 push eax lea eax,[esi+0x34] push eax push esi call _memcpy add esp,byte +0xc JUMP_001786: ; Pos = 1fce3 lea eax,[ebp-0x2c] push eax movsx eax,bl mov eax,[eax*4+DATA_005118] push eax push dword DATA_009148 call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov eax,[ebp-0x8] mov [ebp-0x5c],eax mov eax,[ebp-0x18] mov [ebp-0x58],eax mov eax,[ebp-0x14] mov [ebp-0x54],eax movsx eax,bl movsx eax,byte [eax+DATA_005119] mov [ebp-0x44],eax xor eax,eax mov [ebp-0x40],eax lea eax,[ebp-0x5c] push eax call FUNC_000349 pop ecx test bl,bl jnz JUMP_001790 test edi,edi jng JUMP_001787 mov eax,0xfffffff sub eax,edi cmp eax,[DATA_008911] jng JUMP_001789 add [DATA_008911],edi jmp short JUMP_001789 JUMP_001787: ; Pos = 1fd4d mov eax,edi neg eax cmp eax,[DATA_008911] jng JUMP_001788 xor eax,eax mov [DATA_008911],eax jmp short JUMP_001789 JUMP_001788: ; Pos = 1fd62 add [DATA_008911],edi JUMP_001789: ; Pos = 1fd68 push byte +0x0 push byte +0x19 call FUNC_000148 add esp,byte +0x8 jmp short JUMP_001794 JUMP_001790: ; Pos = 1fd76 or eax,byte -0x1 cmp byte [ebp-0x1],0x0 jl JUMP_001791 movsx eax,bl mov dl,[eax+DATA_005119] mov [ebp-0x1],dl movsx eax,byte [eax+DATA_005120] cmp byte [ebp-0x1],0x14 jnz JUMP_001791 inc eax JUMP_001791: ; Pos = 1fd99 cmp byte [ebp-0x1],0xa jnz JUMP_001792 push eax lea eax,[ebp-0xc] push eax mov al,[ebp-0x1] push eax call FUNC_000304 add esp,byte +0xc jmp short JUMP_001793 JUMP_001792: ; Pos = 1fdb2 push eax lea eax,[ebp-0xc] push eax mov al,[ebp-0x1] push eax call FUNC_000305 add esp,byte +0xc JUMP_001793: ; Pos = 1fdc3 push byte +0x0 push byte +0x19 call FUNC_000148 add esp,byte +0x8 mov eax,0x1 jmp short JUMP_001796 JUMP_001794: ; Pos = 1fdd6 dec dword [ebp-0x10] add esi,byte +0x34 cmp dword [ebp-0x10],byte +0x0 jnl near JUMP_001775 JUMP_001795: ; Pos = 1fde6 xor eax,eax JUMP_001796: ; Pos = 1fde8 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_000301: ; Pos = 1fdf0 push ebp mov ebp,esp add esp,byte -0x44 push ebx push esi mov esi,DATA_008804 cmp byte [esi+0xe8],0x4 jz near JUMP_001802 and word [esi+0xc6],0xfff3 cmp dword [esi+0x4a18],byte +0x0 jg JUMP_001797 push byte +0x0 push byte +0x19 call FUNC_000148 add esp,byte +0x8 jmp JUMP_001802 JUMP_001797: ; Pos = 1fe2d lea eax,[esi+0x4a3a] mov edx,[esi+0x4a18] dec edx test edx,edx jl near JUMP_001801 JUMP_001798: ; Pos = 1fe42 mov ecx,[esi+0x4] cmp ecx,[eax+0xc] jna JUMP_001800 test byte [eax+0x5],0x80 jnz JUMP_001800 or dword [eax+0x4],0x8000 mov ebx,[eax+0x10] test ebx,ebx jz JUMP_001802 sub dword [esi+0x1f0],byte +0x2 test byte [eax+0x5],0x20 jnz JUMP_001802 push dword DATA_009148 push ebx lea eax,[ebp-0x14] push eax push byte +0x3 call FUNC_000791 add esp,byte +0x10 mov dword [ebp-0x44],0x9c36 mov [ebp-0x38],ebx xor eax,eax mov [ebp-0x2c],eax xor eax,eax mov [ebp-0x28],eax lea eax,[ebp-0x44] push eax call FUNC_000349 pop ecx mov al,[esi+0xe8] cmp al,0x2a jz JUMP_001799 cmp al,0x30 jnz JUMP_001802 JUMP_001799: ; Pos = 1feab or byte [DATA_008644],0x1 mov byte [esi+0x4a38],0xa jmp short JUMP_001802 JUMP_001800: ; Pos = 1febb dec edx add eax,byte +0x14 test edx,edx jnl near JUMP_001798 JUMP_001801: ; Pos = 1fec7 push byte +0x0 push byte +0x19 call FUNC_000148 add esp,byte +0x8 JUMP_001802: ; Pos = 1fed3 pop esi pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_000302: ; Pos = 1fedc push ebp mov ebp,esp add esp,0xffffff74 push ebx push esi push edi dec byte [DATA_009077] mov al,[DATA_009077] test al,al jnl near JUMP_001812 mov byte [DATA_009077],0xa mov ebx,DATA_009079 mov esi,[DATA_009073] dec esi test esi,esi jl near JUMP_001811 JUMP_001803: ; Pos = 1ff16 test byte [ebx+0x5],0x80 jnz JUMP_001804 mov eax,[DATA_008885] cmp eax,[ebx+0x8] jnz near JUMP_001810 push esi push ebx call FUNC_000303 add esp,byte +0x8 jmp JUMP_001812 JUMP_001804: ; Pos = 1ff39 mov edx,[ebx+0x4] mov eax,edx sar eax,0x8 and edx,0xff mov edi,[ebx+0x10] test al,0x20 jz near JUMP_001807 mov ecx,[DATA_008885] cmp ecx,[ebx+0x8] jnz near JUMP_001810 cmp dword [ebx+0x10],byte +0x0 jnz near JUMP_001807 mov dl,0xfd or edi,byte -0x1 test al,0x40 jz JUMP_001805 push edi lea eax,[ebp-0x4] push eax push edx call FUNC_000305 add esp,byte +0xc mov edi,0xb mov eax,0x9c68 jmp short JUMP_001806 JUMP_001805: ; Pos = 1ff8e push edi lea eax,[ebp-0x4] push eax push edx call FUNC_000304 add esp,byte +0xc mov eax,0x9c69 mov edi,0xa JUMP_001806: ; Pos = 1ffa6 lea edx,[ebp-0x18] push edx push eax push dword DATA_009148 call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov eax,0x9c38 mov [ebp-0x48],eax mov [ebp-0x30],edi xor eax,eax mov [ebp-0x2c],eax lea eax,[ebp-0x48] push eax call FUNC_000349 pop ecx inc esi mov eax,esi shl eax,0x2 lea eax,[eax+eax*4] push eax lea eax,[ebx+0x14] push eax push ebx call _memcpy add esp,byte +0xc dec dword [DATA_009073] push byte +0x0 push byte +0x19 call FUNC_000148 add esp,byte +0x8 jmp JUMP_001812 JUMP_001807: ; Pos = 20001 sub dword [DATA_008922],byte +0x2 cmp edx,byte +0x7 jnz JUMP_001808 mov eax,edi mov edx,eax shl edx,0x18 shr eax,0x8 or edx,eax mov edi,edx jmp short JUMP_001809 JUMP_001808: ; Pos = 2001d inc edx sub [DATA_008892],edx push byte +0x10 push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_001809: ; Pos = 20032 push dword DATA_009148 push edi lea eax,[ebp-0x5c] push eax push byte +0x3 call FUNC_000791 add esp,byte +0x10 mov dword [ebp+0xffffff74],0x9c37 mov [ebp-0x80],edi xor eax,eax mov [ebp-0x74],eax xor eax,eax mov [ebp-0x70],eax lea eax,[ebp+0xffffff74] push eax call FUNC_000349 pop ecx inc esi mov eax,esi shl eax,0x2 lea eax,[eax+eax*4] push eax lea eax,[ebx+0x14] push eax push ebx call _memcpy add esp,byte +0xc dec dword [DATA_009073] push byte +0x0 push byte +0x19 call FUNC_000148 add esp,byte +0x8 jmp short JUMP_001812 JUMP_001810: ; Pos = 20095 dec esi add ebx,byte +0x14 test esi,esi jnl near JUMP_001803 JUMP_001811: ; Pos = 200a1 call FUNC_000300 test eax,eax jnz JUMP_001812 and byte [DATA_008644],0xfe JUMP_001812: ; Pos = 200b1 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000303: ; Pos = 200b8 push ebp mov ebp,esp add esp,0xffffff78 push ebx push esi push edi mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,[eax] mov [ebp-0x14],ecx mov ecx,[eax+0x4] mov esi,ecx sar esi,0x8 mov [ebp-0x18],esi and ecx,0xff mov [ebp-0x1c],ecx mov ecx,[eax+0x8] mov [ebp-0x8],ecx mov ecx,[eax+0xc] mov [ebp-0xc],ecx mov ecx,[eax+0x10] mov [ebp-0x10],ecx test edx,edx jl JUMP_001814 JUMP_001813: ; Pos = 200f9 lea esi,[eax+0x14] mov edi,eax mov ecx,0x5 rep movsd dec edx add eax,byte +0x14 test edx,edx jnl JUMP_001813 JUMP_001814: ; Pos = 2010d mov eax,[ebp-0x18] and eax,byte +0x1f cmp eax,byte +0x14 jnz JUMP_001816 push dword DATA_009148 mov eax,[ebp-0x10] push eax lea eax,[ebp-0x30] push eax push byte +0x3 call FUNC_000791 add esp,byte +0x10 mov esi,0x9c35 cmp dword [ebp-0x1c],byte +0x7 jz JUMP_001815 mov eax,[ebp-0x1c] inc eax sub [DATA_008892],eax push byte +0x10 push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp JUMP_001825 JUMP_001815: ; Pos = 20157 xor ebx,ebx jmp JUMP_001825 JUMP_001816: ; Pos = 2015e mov eax,[ebp-0x14] add eax,eax lea eax,[eax+eax*4] mov [ebp-0x14],eax mov eax,[ebp-0x14] add [DATA_008888],eax cmp dword [ebp-0x10],byte +0x0 jnz JUMP_001819 mov edx,[ebp-0x18] and edx,byte +0x3 mov al,0x2 test byte [ebp-0x18],0x40 jz JUMP_001817 movsx edx,byte [edx+DATA_005116] push edx lea edx,[ebp-0x4] push edx push eax call FUNC_000305 add esp,byte +0xc mov bl,0xb mov esi,0x9c68 jmp short JUMP_001818 JUMP_001817: ; Pos = 201a4 movsx esi,byte [edx+DATA_005115] push esi lea edx,[ebp-0x4] push edx push eax call FUNC_000304 add esp,byte +0xc mov bl,0xa mov esi,0x9c69 JUMP_001818: ; Pos = 201c0 lea eax,[ebp-0x44] push eax push esi push dword DATA_009148 call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov esi,0x9c33 jmp short JUMP_001825 JUMP_001819: ; Pos = 201da cmp dword [DATA_008922],byte +0x5 jnl JUMP_001820 inc dword [DATA_008922] JUMP_001820: ; Pos = 201e9 push dword DATA_009148 mov eax,[ebp-0x10] push eax lea eax,[ebp-0x58] push eax push byte +0x3 call FUNC_000791 add esp,byte +0x10 cmp dword [ebp-0x1c],byte +0x7 jnl JUMP_001822 mov esi,0x9c32 cmp dword [ebp-0x1c],byte +0x0 jnz JUMP_001821 mov esi,0x9c31 JUMP_001821: ; Pos = 20216 mov eax,[ebp-0x1c] inc eax sub [DATA_008892],eax push byte +0x10 push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_001824 JUMP_001822: ; Pos = 20230 cmp dword [ebp-0x1c],byte +0x7 jnz JUMP_001823 mov esi,0x9c34 jmp short JUMP_001824 JUMP_001823: ; Pos = 2023d mov esi,0x9c34 JUMP_001824: ; Pos = 20242 xor ebx,ebx JUMP_001825: ; Pos = 20244 mov [ebp+0xffffff78],esi mov eax,[ebp-0x10] mov [ebp-0x7c],eax movsx eax,bl mov [ebp-0x70],eax mov eax,[ebp-0x8] mov [ebp+0xffffff7c],eax mov eax,[ebp-0xc] mov [ebp-0x80],eax xor eax,eax mov [ebp-0x6c],eax lea eax,[ebp+0xffffff78] push eax call FUNC_000349 pop ecx dec dword [DATA_009073] push byte +0x0 push byte +0x19 call FUNC_000148 add esp,byte +0x8 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000304: ; Pos = 20290 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] push ebx push byte +0xa push dword 0x9c69 push dword 0x9c4d mov eax,[ebp+0x10] push eax call FUNC_000307 add esp,byte +0x14 push ebx push byte +0xa push dword 0x9c69 push dword 0x9c4d push dword DATA_008912 mov al,[ebp+0x8] push eax call FUNC_000306 add esp,byte +0x18 pop ebx pop ebp ret nop nop nop FUNC_000305: ; Pos = 202d4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] push ebx push byte +0xb push dword 0x9c68 push dword 0x9c5a mov eax,[ebp+0x10] push eax call FUNC_000307 add esp,byte +0x14 push ebx push byte +0xb push dword 0x9c68 push dword 0x9c5a push dword DATA_008913 mov al,[ebp+0x8] push eax call FUNC_000306 add esp,byte +0x18 pop ebx pop ebp ret nop nop nop FUNC_000306: ; Pos = 20318 push ebp mov ebp,esp add esp,0xffffff74 push ebx push esi mov ecx,[ebp+0xc] mov ebx,[ebp+0x8] mov esi,[ecx] xor eax,eax mov edx,DATA_005114 JUMP_001826: ; Pos = 20332 cmp esi,[edx] jc JUMP_001827 inc eax add edx,byte +0x4 cmp eax,byte +0xd jl JUMP_001826 JUMP_001827: ; Pos = 2033f mov edx,[eax*4+DATA_005113] mov esi,[eax*4+DATA_005114] mov [ebp-0x4],esi mov esi,[ebp+0x10] add esi,eax mov eax,[ebp+0x1c] mov [eax],esi test bl,bl jl JUMP_001830 movsx esi,bl mov eax,[ecx] add esi,eax cmp esi,eax jc JUMP_001828 movsx eax,bl add eax,[ecx] jmp short JUMP_001829 JUMP_001828: ; Pos = 20370 mov eax,0xffff JUMP_001829: ; Pos = 20375 mov [ecx],eax jmp short JUMP_001833 JUMP_001830: ; Pos = 20379 movsx eax,bl neg eax cmp eax,[ecx] ja JUMP_001831 movsx eax,bl add eax,[ecx] jmp short JUMP_001832 JUMP_001831: ; Pos = 20389 xor eax,eax JUMP_001832: ; Pos = 2038b mov [ecx],eax JUMP_001833: ; Pos = 2038d mov eax,[ecx] cmp eax,[ebp-0x4] jc JUMP_001835 cmp eax,0xffff jnz JUMP_001834 xor eax,eax jmp JUMP_001837 JUMP_001834: ; Pos = 203a2 mov eax,[ebp+0x1c] inc dword [eax] lea eax,[ebp-0x18] push eax mov eax,[ebp+0x14] push eax push dword DATA_009148 call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov dword [ebp-0x48],0x9c39 mov eax,[ebp+0x1c] mov eax,[eax] mov [ebp-0x40],eax xor eax,eax mov [ebp-0x2c],eax lea eax,[ebp-0x48] push eax call FUNC_000349 pop ecx push byte +0x7 call FUNC_001902_SoundPlaySong pop ecx mov al,0x1 jmp short JUMP_001837 JUMP_001835: ; Pos = 203e7 cmp edx,[ecx] jna JUMP_001836 mov eax,[ebp+0x1c] dec dword [eax] lea eax,[ebp-0x5c] push eax mov eax,[ebp+0x14] push eax push dword DATA_009148 call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov dword [ebp+0xffffff74],0x9c3a mov eax,[ebp+0x1c] mov eax,[eax] mov [ebp+0xffffff7c],eax xor eax,eax mov [ebp-0x70],eax lea eax,[ebp+0xffffff74] push eax call FUNC_000349 pop ecx mov al,0x1 jmp short JUMP_001837 JUMP_001836: ; Pos = 20431 xor eax,eax JUMP_001837: ; Pos = 20433 pop esi pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_000307: ; Pos = 2043c push ebp mov ebp,esp add esp,byte -0x44 push ebx mov ebx,[ebp+0x8] test ebx,ebx jl JUMP_001838 mov ecx,ebx mov eax,0x1 shl eax,cl mov edx,eax and edx,[DATA_009091] jnz JUMP_001838 or [DATA_009091],eax lea eax,[ebp-0x14] push eax mov eax,[ebp+0x10] push eax push dword DATA_009148 call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov dword [ebp-0x44],0x9c70 lea eax,[ebx+0x9c71] mov [ebp-0x3c],eax mov eax,[ebp+0xc] mov [ebp-0x20],eax mov [ebp-0x34],ebx xor eax,eax mov [ebp-0x28],eax mov eax,[ebp+0x14] mov [ebp-0x2c],eax lea eax,[ebp-0x44] push eax call FUNC_000349 pop ecx push byte +0xa call FUNC_001902_SoundPlaySong pop ecx JUMP_001838: ; Pos = 204af pop ebx mov esp,ebp pop ebp ret FUNC_000308: ; Pos = 204b4 push ebp mov ebp,esp push ebx push esi mov esi,DATA_008804 mov al,[esi+0x4eea] mov ebx,eax inc ebx push eax call FUNC_000309 pop ecx cmp bl,0x1 jnz JUMP_001839 mov [esi+0x4a39],bl jmp short JUMP_001849 JUMP_001839: ; Pos = 204db cmp bl,0x2 jnz JUMP_001841 cmp dword [esi+0x5030],byte +0x0 jz JUMP_001840 mov [esi+0x4a39],bl jmp short JUMP_001849 JUMP_001840: ; Pos = 204f1 inc ebx JUMP_001841: ; Pos = 204f2 cmp bl,0x3 jnz JUMP_001843 cmp dword [esi+0x120],byte +0x0 jz JUMP_001842 mov [esi+0x4a39],bl jmp short JUMP_001849 JUMP_001842: ; Pos = 20508 inc ebx JUMP_001843: ; Pos = 20509 cmp bl,0x4 jnz JUMP_001845 cmp dword [esi+0x4a18],byte +0x0 jz JUMP_001844 mov [esi+0x4a39],bl jmp short JUMP_001849 JUMP_001844: ; Pos = 2051f inc ebx JUMP_001845: ; Pos = 20520 cmp bl,0x5 jnz JUMP_001847 cmp dword [esi+0x4ef0],byte +0x0 jz JUMP_001846 mov [esi+0x4a39],bl jmp short JUMP_001849 JUMP_001846: ; Pos = 20536 inc ebx JUMP_001847: ; Pos = 20537 cmp bl,0x6 ja JUMP_001848 cmp dword [esi+0x511a],byte +0x0 jz JUMP_001848 mov [esi+0x4a39],bl jmp short JUMP_001849 JUMP_001848: ; Pos = 2054d mov byte [esi+0x4a39],0x0 JUMP_001849: ; Pos = 20554 pop esi pop ebx pop ebp ret FUNC_000309: ; Pos = 20558 push ebp mov ebp,esp push byte +0x1 xor eax,eax mov al,[ebp+0x8] mov eax,[eax*4+DATA_005126] push eax call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebp ret FUNC_000310: ; Pos = 20574 push ebp mov ebp,esp add esp,byte -0x14 mov eax,[DATA_008888] mov [ebp-0x14],eax mov eax,[DATA_008891] mov [ebp-0x10],eax mov eax,[DATA_008892] mov [ebp-0xc],eax mov eax,[DATA_008889] mov [ebp-0x8],eax mov eax,[DATA_008890] mov [ebp-0x4],eax push dword 0x8a push dword 0xbe lea eax,[ebp-0x14] push eax push dword 0x9c3b call FUNC_000282 add esp,byte +0x10 mov esp,ebp pop ebp ret nop nop nop FUNC_000311: ; Pos = 205c4 push ebp mov ebp,esp mov ecx,[ebp+0x8] mov edx,DATA_005109 mov eax,0x3 JUMP_001850: ; Pos = 205d4 cmp ecx,[edx] jnl JUMP_001851 dec eax add edx,byte +0x4 test eax,eax jnl JUMP_001850 JUMP_001851: ; Pos = 205e0 add eax,0x9c49 pop ebp ret nop FUNC_000312: ; Pos = 205e8 push ebp mov ebp,esp add esp,byte -0x68 push ebx push esi push edi mov eax,DATA_008920 mov [ebp-0xc],eax lea eax,[ebp-0x18] push eax push dword 0x9c07 call FUNC_000318 add esp,byte +0x8 mov edx,DATA_005110 mov eax,0x8 JUMP_001852: ; Pos = 20614 mov ecx,[edx] cmp ecx,[DATA_008911] jng JUMP_001853 dec eax add edx,byte +0x4 test eax,eax jnl JUMP_001852 JUMP_001853: ; Pos = 20626 add eax,0x9c3f mov [ebp-0x2c],eax mov eax,[DATA_009097] push eax call FUNC_000311 pop ecx mov [ebp-0x28],eax mov eax,[DATA_009096] push eax call FUNC_000311 pop ecx mov [ebp-0x24],eax mov eax,[DATA_009095] push eax call FUNC_000311 pop ecx mov [ebp-0x20],eax movzx eax,word [DATA_008996] add eax,0x9c6a mov [ebp-0x1c],eax push byte +0x0 push byte +0x14 push byte +0x2 push byte +0xf lea eax,[ebp-0x2c] push eax push dword 0x9c3c call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 xor ebx,ebx push byte -0x1 lea eax,[ebp-0x3c] push eax push ebx call FUNC_000305 add esp,byte +0xc push byte -0x1 lea eax,[ebp-0x40] push eax push ebx call FUNC_000304 add esp,byte +0xc push byte +0x0 push byte +0x1e push byte +0x2 push byte +0xf lea eax,[ebp-0x40] push eax push dword 0x9c3d call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 mov word [ebp-0x4],0x4 mov word [ebp-0x2],0x4b movzx eax,word [DATA_008996] mov ebx,[eax*4+DATA_009093] mov esi,0x9e02 xor edi,edi JUMP_001854: ; Pos = 206df mov eax,ebx and al,0x1 shr ebx,1 test ebx,ebx jnz JUMP_001855 test al,al jz JUMP_001857 JUMP_001855: ; Pos = 206ed test al,al jz JUMP_001856 movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax lea eax,[ebp-0x54] push eax push esi call FUNC_000282 add esp,byte +0x10 add word [ebp-0x2],byte +0x9 inc edi cmp edi,byte +0x5 jnz JUMP_001856 mov word [ebp-0x4],0x6c mov word [ebp-0x2],0x4b JUMP_001856: ; Pos = 2071f inc esi jmp short JUMP_001854 JUMP_001857: ; Pos = 20722 mov word [ebp-0x4],0x4 mov word [ebp-0x2],0x84 mov ebx,[DATA_009091] mov esi,0x9c71 JUMP_001858: ; Pos = 20739 mov eax,ebx and al,0x1 shr ebx,1 test ebx,ebx jnz JUMP_001859 test al,al jz JUMP_001861 JUMP_001859: ; Pos = 20747 test al,al jz JUMP_001860 movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax lea eax,[ebp-0x68] push eax push esi call FUNC_000282 add esp,byte +0x10 add word [ebp-0x2],byte +0x9 cmp word [ebp-0x2],0xa1 jl JUMP_001860 add word [ebp-0x4],byte +0x4c mov word [ebp-0x2],0x84 JUMP_001860: ; Pos = 2077a inc esi jmp short JUMP_001858 JUMP_001861: ; Pos = 2077d push dword 0x82 push dword 0x13d push byte +0x2 push dword 0xbd call FUNC_000957 add esp,byte +0x10 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_000313: ; Pos = 207a0 push ebp mov ebp,esp add esp,0xffffff7c push ebx push esi push edi mov esi,DATA_005127 lea edi,[ebp-0x34] mov ecx,0xa rep movsd lea eax,[ebp-0x48] push eax push dword 0x9c08 call FUNC_000318 add esp,byte +0x8 mov esi,DATA_009088 mov dword [ebp-0x8],0x18 mov dword [ebp-0x4],0x23 xor ebx,ebx jmp JUMP_001865 JUMP_001862: ; Pos = 207e6 cmp dword [DATA_005122],byte +0x0 jnz JUMP_001863 mov eax,[ebp-0x8] mov edx,eax add edx,byte -0x14 mov [ebp-0x34],edx mov edx,[ebp-0x4] mov [ebp-0x30],edx add eax,byte -0xc mov [ebp-0x2c],eax add edx,byte +0x8 mov [ebp-0x28],edx lea eax,[ebx+0x80] mov [ebp-0x24],eax lea eax,[ebp-0x34] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx JUMP_001863: ; Pos = 20820 mov edi,[esi] mov eax,[esi+0x4] mov [ebp-0xc],eax add esi,byte +0x8 mov eax,[ebp-0x4] dec eax push eax mov eax,[ebp-0x8] add eax,byte -0x12 push eax push byte +0x31 call FUNC_001621_BlitIndexToBuf add esp,byte +0xc mov [ebp-0x50],edi mov eax,[ebp-0xc] mov [ebp-0x54],eax mov eax,[ebp-0x4] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0x5c] push eax push dword 0x9c19 call FUNC_000282 add esp,byte +0x10 add dword [ebp-0x4],byte +0x9 cmp ebx,byte +0xb jnz JUMP_001864 mov dword [ebp-0x8],0x72 mov dword [ebp-0x4],0x23 JUMP_001864: ; Pos = 2087a inc ebx JUMP_001865: ; Pos = 2087b mov eax,[DATA_009087] dec eax cmp ebx,eax jng near JUMP_001862 mov dword [DATA_005122],0x2 mov eax,[DATA_009090] test eax,eax jz JUMP_001866 mov [ebp-0x70],eax push byte +0x0 push dword 0x82 push byte +0x6 push byte +0xf lea eax,[ebp-0x70] push eax push dword 0x9c1a call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_001866: ; Pos = 208bc mov eax,[DATA_008807] mov ecx,0x7 xor edx,edx div ecx mov eax,edx test al,al jz JUMP_001867 mov edx,[DATA_008807] add edx,byte +0x7 movsx eax,al sub edx,eax jmp short JUMP_001868 JUMP_001867: ; Pos = 208e0 mov edx,[DATA_008807] JUMP_001868: ; Pos = 208e6 mov eax,edx mov [ebp+0xffffff7c],eax mov eax,[DATA_009086] mov [ebp-0x80],eax push byte +0x0 push dword 0x91 push byte +0x6 push byte +0xf lea eax,[ebp+0xffffff7c] push eax push dword 0x9c1b call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call FUNC_000310 push dword 0x82 push dword 0x13d push byte +0x2 push dword 0xbd call FUNC_000957 add esp,byte +0x10 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_000314: ; Pos = 2093c push ebp mov ebp,esp push ebx push esi push edi mov ebx,DATA_008804 xor esi,esi cmp dword [ebx+0x4ef0],byte +0x6 jl JUMP_001869 or eax,byte -0x1 jmp JUMP_001874 JUMP_001869: ; Pos = 2095a xor edx,edx lea eax,[ebx+0x4ef4] jmp short JUMP_001872 JUMP_001870: ; Pos = 20964 mov ecx,[eax] cmp esi,ecx jnl JUMP_001871 mov esi,ecx JUMP_001871: ; Pos = 2096c inc edx add eax,byte +0x34 JUMP_001872: ; Pos = 20970 cmp edx,[ebx+0x4ef0] jl JUMP_001870 inc esi mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov [ebx+eax*4+0x4ef4],esi mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov dl,[ebp+0x8] mov [ebx+eax*4+0x4ef8],dl mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov dl,[ebp+0xc] mov [ebx+eax*4+0x4ef9],dl mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov edx,[ebp+0x10] mov [ebx+eax*4+0x4efa],edx mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov edx,[ebp+0x14] mov [ebx+eax*4+0x4efe],edx mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov edx,[ebp+0x18] mov [ebx+eax*4+0x4f02],edx mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov edx,[ebp+0x1c] mov [ebx+eax*4+0x4f06],edx mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov edx,[ebp+0x20] mov [ebx+eax*4+0x4f0a],edx mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov dl,[ebp+0x24] mov [ebx+eax*4+0x4f0e],dl mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov dl,[ebp+0x28] mov [ebx+eax*4+0x4f0f],dl mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] shl eax,0x2 lea edx,[ebx+0x4f10] add eax,edx mov edx,[ebp+0x2c] push esi mov esi,eax mov edi,edx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi mov eax,[ebx+0x4ef0] mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] mov edx,[ebp+0x30] mov [ebx+eax*4+0x4f24],edx inc dword [ebx+0x4ef0] cmp byte [DATA_008645],0x0 jz JUMP_001873 cmp byte [ebx+0x4eea],0x5 jnz JUMP_001873 mov al,[ebx+0x4eea] push eax call FUNC_000286 pop ecx JUMP_001873: ; Pos = 20ae2 mov eax,esi JUMP_001874: ; Pos = 20ae4 pop edi pop esi pop ebx pop ebp ret nop nop nop FUNC_000315: ; Pos = 20aec push ebp mov ebp,esp push esi mov ecx,[ebp+0x8] mov esi,DATA_008804 xor eax,eax lea edx,[esi+0x4ef4] jmp short JUMP_001876 JUMP_001875: ; Pos = 20b02 cmp ecx,[edx] jz JUMP_001877 inc eax add edx,byte +0x34 JUMP_001876: ; Pos = 20b0a cmp eax,[esi+0x4ef0] jl JUMP_001875 JUMP_001877: ; Pos = 20b12 mov edx,[esi+0x4ef0] cmp eax,edx jnl JUMP_001878 sub edx,eax dec edx mov ecx,edx lea edx,[ecx+edx*2] lea edx,[ecx+edx*4] shl edx,0x2 push edx lea edx,[eax+eax*2] lea edx,[eax+edx*4] shl edx,0x2 lea ecx,[esi+0x4f28] add edx,ecx push edx mov edx,eax lea eax,[edx+eax*2] lea eax,[edx+eax*4] shl eax,0x2 lea edx,[esi+0x4ef4] add eax,edx push eax call _memmove add esp,byte +0xc dec dword [esi+0x4ef0] JUMP_001878: ; Pos = 20b5f cmp byte [DATA_008645],0x0 jz JUMP_001879 cmp byte [esi+0x4eea],0x5 jnz JUMP_001879 mov al,[esi+0x4eea] push eax call FUNC_000286 pop ecx JUMP_001879: ; Pos = 20b7e pop esi pop ebp ret nop nop nop FUNC_000316: ; Pos = 20b84 push ebp mov ebp,esp add esp,byte -0x2c push ebx push esi push edi lea eax,[ebp-0x18] push eax push dword 0x9c09 call FUNC_000318 add esp,byte +0x8 mov ebx,DATA_009085 mov word [ebp-0x4],0x2 mov word [ebp-0x2],0x1b mov edi,[DATA_009084] dec edi test edi,edi jl near JUMP_001887 JUMP_001880: ; Pos = 20bbe mov al,[ebx+0x4] and eax,byte +0xf mov esi,eax mov eax,esi sub eax,byte +0x3 jc JUMP_001881 sub eax,byte +0x4 jc near JUMP_001883 jz near JUMP_001884 jmp JUMP_001885 JUMP_001881: ; Pos = 20be1 mov eax,0x99bc test esi,esi jnz JUMP_001882 add eax,byte -0x8 JUMP_001882: ; Pos = 20bed add esi,0x9c1e movsx edx,byte [ebx+0x4] sar edx,0x4 and edx,byte +0xf add eax,edx mov [ebp-0x28],eax mov eax,[ebx+0x30] mov [ebp-0x24],eax mov eax,[ebx+0xa] mov [ebp-0x20],eax push byte +0x78 movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax push byte +0xf lea eax,[ebp-0x2c] push eax push esi call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 mov eax,[ebx+0x6] mov [ebp-0x24],eax mov eax,[ebx+0xa] mov [ebp-0x20],eax lea eax,[ebx+0x1c] mov [ebp-0x1c],eax movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax lea eax,[ebp-0x2c] push eax push dword 0x9c21 call FUNC_000282 add esp,byte +0x10 push dword DATA_009148 mov eax,[ebx+0xa] push eax lea eax,[ebp-0x2c] push eax push byte +0x12 call FUNC_000791 add esp,byte +0x10 mov eax,[ebx+0x16] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] mov edx,[ebx+0xa] mov [ebp-0x2c],edx mov edx,[ebx+0xe] mov [ebp-0x28],edx mov edx,[ebx+0x12] mov [ebp-0x24],edx mov edx,DATA_009148 mov [ebp-0x20],edx movsx eax,word [eax+0xe] mov [ebp-0x1c],eax movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax lea eax,[ebp-0x2c] push eax push dword 0x9c22 call FUNC_000282 add esp,byte +0x10 jmp JUMP_001885 JUMP_001883: ; Pos = 20cbd cmp esi,byte +0x6 jg near JUMP_001885 add esi,0x9c21 mov eax,[ebx+0x30] mov [ebp-0x24],eax mov al,[ebx+0x4] and eax,0xff sar eax,0x4 add eax,0x9966 mov [ebp-0x28],eax push byte +0x78 movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax push byte +0xf lea eax,[ebp-0x2c] push eax push esi call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 mov eax,[ebx+0x12] mov [ebp-0x2c],eax mov eax,[ebx+0xe] mov [ebp-0x28],eax mov eax,[ebx+0x6] mov [ebp-0x24],eax lea eax,[ebx+0x1c] mov [ebp-0x1c],eax movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax lea eax,[ebp-0x2c] push eax push dword 0x9c28 call FUNC_000282 add esp,byte +0x10 jmp short JUMP_001885 JUMP_001884: ; Pos = 20d36 mov eax,[ebx] push eax push byte +0x8 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x8 call FUNC_000034 add esp,byte +0x8 push byte +0x1 call FUNC_000035 pop ecx mov [ebp-0x2c],eax push byte +0x2 call FUNC_000035 pop ecx mov [ebp-0x28],eax push byte +0x3 call FUNC_000035 pop ecx mov [ebp-0x24],eax push dword 0x13b movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax push byte +0xf lea eax,[ebp-0x2c] push eax push byte +0x9 call FUNC_000035 pop ecx push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_001885: ; Pos = 20d97 cmp byte [ebx+0x5],0x0 jz JUMP_001886 cmp esi,byte +0x7 jz JUMP_001886 movsx eax,word [ebp-0x2] push eax movsx eax,word [ebp-0x4] push eax lea eax,[ebp-0x2c] push eax push dword 0x9c23 call FUNC_000282 add esp,byte +0x10 JUMP_001886: ; Pos = 20dbd add ebx,byte +0x34 add word [ebp-0x2],byte +0x18 dec edi test edi,edi jnl near JUMP_001880 JUMP_001887: ; Pos = 20dce pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_000317: ; Pos = 20dd8 push ebp mov ebp,esp add esp,byte -0x68 push ebx push esi push edi mov esi,DATA_005128 lea edi,[ebp-0x40] mov ecx,0xa rep movsd push byte +0x0 call FUNC_000956 pop ecx lea eax,[ebp-0x54] push eax push dword 0x9c0a call FUNC_000318 add esp,byte +0x8 mov dword [ebp-0x10],0x18 mov dword [ebp-0xc],0x23 xor esi,esi xor edi,edi mov ebx,DATA_009106 jmp JUMP_001892 JUMP_001888: ; Pos = 20e25 mov eax,[ebp-0xc] dec eax push eax mov eax,[ebp-0x10] add eax,byte -0x12 push eax push byte +0x31 call FUNC_001621_BlitIndexToBuf add esp,byte +0xc cmp dword [DATA_005122],byte +0x0 jnz JUMP_001889 mov eax,[ebp-0x10] mov edx,eax add edx,byte -0x12 mov [ebp-0x40],edx mov edx,[ebp-0xc] mov [ebp-0x3c],edx add eax,byte -0xa mov [ebp-0x38],eax add edx,byte +0x8 mov [ebp-0x34],edx lea eax,[edi+0x80] mov [ebp-0x30],eax lea eax,[ebp-0x40] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx JUMP_001889: ; Pos = 20e75 lea edx,[esi+esi*2] lea edx,[esi+edx*4] shl edx,0x2 add edx,DATA_009111 mov eax,[ebx] movsx ecx,byte [ebx+0x1f] mov [ebp-0x8],ecx test eax,eax jz JUMP_001890 cmp eax,byte -0x1 jz JUMP_001890 mov ecx,0xa200 jmp short JUMP_001891 JUMP_001890: ; Pos = 20e9d mov ecx,0xa201 JUMP_001891: ; Pos = 20ea2 mov [ebp-0x4],ecx mov ecx,[ebp-0x8] add ecx,0xa202 mov [ebp-0x64],ecx mov [ebp-0x60],eax mov [ebp-0x5c],edx mov eax,[ebp-0xc] push eax mov eax,[ebp-0x10] push eax lea eax,[ebp-0x68] push eax mov eax,[ebp-0x4] push eax call FUNC_000282 add esp,byte +0x10 add dword [ebp-0xc],byte +0xa inc edi inc esi add ebx,byte +0x34 JUMP_001892: ; Pos = 20ed8 cmp esi,[DATA_009104] jnl JUMP_001893 cmp edi,byte +0xc jl near JUMP_001888 JUMP_001893: ; Pos = 20ee9 mov dword [DATA_005122],0x6 call FUNC_000310 push dword 0x82 push dword 0x13d push byte +0x2 push dword 0xbd call FUNC_000957 add esp,byte +0x10 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000318: ; Pos = 20f18 push ebp mov ebp,esp push byte +0x0 call FUNC_000956 pop ecx mov eax,[DATA_008673] mov [DATA_007783],eax push byte +0x0 push byte +0x5 push byte +0x1e push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 pop ebp ret FUNC_000319: ; Pos = 20f48 push ebp mov ebp,esp push dword DATA_005299 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] and eax,0x1ff push eax mov eax,[ebp+0x10] push eax call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret FUNC_000320: ; Pos = 20f6c push ebp mov ebp,esp mov eax,[ebp+0x8] and eax,0xff sub eax,byte +0x2 jc JUMP_001894 jz JUMP_001895 pop ebp ret JUMP_001894: ; Pos = 20f80 xor eax,eax mov [DATA_009051],eax mov byte [DATA_008640],0x0 mov byte [DATA_008641],0x0 xor eax,eax mov [DATA_009067],eax mov dword [DATA_005315],0x1 pop ebp ret JUMP_001895: ; Pos = 20fa8 push byte +0x0 push byte +0x0 push dword FUNC_000322 push byte +0x2 push byte +0x0 push byte +0x1 call FUNC_000044 add esp,byte +0x18 pop ebp ret FUNC_000321: ; Pos = 20fc4 push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax] cmp eax,byte +0x5 jnz JUMP_001896 call FUNC_000323 pop ebp ret JUMP_001896: ; Pos = 20fd8 cmp eax,byte +0xf jnz JUMP_001897 call FUNC_000324 pop ebp ret JUMP_001897: ; Pos = 20fe4 cmp eax,byte +0x19 jnz JUMP_001898 call FUNC_000325 JUMP_001898: ; Pos = 20fee pop ebp ret FUNC_000322: ; Pos = 2100c push ebp mov ebp,esp cmp byte [DATA_008640],0x0 jz JUMP_001900 call FUNC_000326 JUMP_001900: ; Pos = 2101d pop ebp ret FUNC_000323: ; Pos = 21020 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi mov esi,DATA_008804 xor eax,eax mov [esi+0x49f4],eax call FUNC_000359 cmp word [esi+0x43c],byte +0x4 jz near JUMP_001908 mov eax,[esi+0xcc] cmp dword [eax+0x82],byte +0x45 jz near JUMP_001908 movzx eax,word [esi+0x43a] cmp eax,0xb3 jnl JUMP_001901 mov ebx,0xa jmp short JUMP_001904 JUMP_001901: ; Pos = 21070 cmp eax,0xcc jnl JUMP_001902 mov ebx,0x14 jmp short JUMP_001904 JUMP_001902: ; Pos = 2107e cmp eax,0xee jnl JUMP_001903 mov ebx,0x1e jmp short JUMP_001904 JUMP_001903: ; Pos = 2108c mov ebx,0x28 JUMP_001904: ; Pos = 21091 cmp ebx,[esi+0x114] jng JUMP_001906 movzx eax,word [esi+0x43c] add [esi+eax*4+0x50f8],ebx movzx eax,word [esi+0x43c] cmp ebx,[esi+eax*4+0x50f8] jng JUMP_001905 sub [esi+eax*4+0x50f8],ebx JUMP_001905: ; Pos = 210be movzx eax,word [esi+0x43c] push eax push byte +0x0 push byte +0xa call FUNC_000048 add esp,byte +0xc mov dword [ebp-0x30],0x9955 jmp short JUMP_001907 JUMP_001906: ; Pos = 210db sub [esi+0x114],ebx mov dword [ebp-0x30],0x9954 JUMP_001907: ; Pos = 210e8 mov [ebp-0x24],ebx mov dword [ebp-0x18],0x8 mov eax,[esi+0xcc] mov [ebp-0x14],eax lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx JUMP_001908: ; Pos = 21105 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000324: ; Pos = 2110c push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi mov esi,DATA_008804 mov al,[esi+0xe8] cmp al,0x2a jz JUMP_001909 cmp al,0x30 jnz near JUMP_001918 JUMP_001909: ; Pos = 2112b xor eax,eax mov [esi+0x49f4],eax movzx eax,word [esi+0x43a] cmp eax,0xb3 jnl JUMP_001910 mov ebx,0x5 jmp short JUMP_001913 JUMP_001910: ; Pos = 21148 cmp eax,0xcc jnl JUMP_001911 mov ebx,0xa jmp short JUMP_001913 JUMP_001911: ; Pos = 21156 cmp eax,0xee jnl JUMP_001912 mov ebx,0x14 jmp short JUMP_001913 JUMP_001912: ; Pos = 21164 mov ebx,0x1e JUMP_001913: ; Pos = 21169 cmp ebx,[esi+0x114] jng JUMP_001915 movzx eax,word [esi+0x43c] add [esi+eax*4+0x50f8],ebx movzx eax,word [esi+0x43c] cmp ebx,[esi+eax*4+0x50f8] jng JUMP_001914 sub [esi+eax*4+0x50f8],ebx JUMP_001914: ; Pos = 21196 movzx eax,word [esi+0x43c] push eax push byte +0x0 push byte +0xa call FUNC_000048 add esp,byte +0xc mov dword [ebp-0x30],0x9955 jmp short JUMP_001916 JUMP_001915: ; Pos = 211b3 sub [esi+0x114],ebx mov dword [ebp-0x30],0x9957 JUMP_001916: ; Pos = 211c0 cmp byte [DATA_008640],0x0 jz JUMP_001917 call FUNC_000326 JUMP_001917: ; Pos = 211ce mov [ebp-0x24],ebx mov eax,[esi+0xcc] mov [ebp-0x14],eax mov dword [ebp-0x18],0x8 lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx JUMP_001918: ; Pos = 211eb pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000325: ; Pos = 211f4 push ebp mov ebp,esp cmp byte [DATA_008640],0x0 jz JUMP_001919 call FUNC_000326 JUMP_001919: ; Pos = 21205 pop ebp ret FUNC_000326: ; Pos = 21208 push ebp mov ebp,esp add esp,byte -0x30 mov eax,[DATA_009054] cmp eax,byte +0xb ja near JUMP_001929 jmp near [eax*4+DATA_000025] SECTION .data DATA_000025: ; Pos = 21223 dd JUMP_001929 dd JUMP_001926 dd JUMP_001922 dd JUMP_001920 dd JUMP_001924 dd JUMP_001921 dd JUMP_001928 dd JUMP_001923 dd JUMP_001925 dd JUMP_001929 dd JUMP_001929 dd JUMP_001927 SECTION .text JUMP_001920: ; Pos = 21253 lea eax,[ebp-0x30] push eax call FUNC_000538 pop ecx jmp short JUMP_001930 JUMP_001921: ; Pos = 2125f lea eax,[ebp-0x30] push eax call FUNC_000437 pop ecx jmp short JUMP_001930 JUMP_001922: ; Pos = 2126b lea eax,[ebp-0x30] push eax call FUNC_000453 pop ecx jmp short JUMP_001930 JUMP_001923: ; Pos = 21277 lea eax,[ebp-0x30] push eax call FUNC_000493 pop ecx jmp short JUMP_001930 JUMP_001924: ; Pos = 21283 call FUNC_000385 jmp short JUMP_001930 JUMP_001925: ; Pos = 2128a call FUNC_000445 jmp short JUMP_001930 JUMP_001926: ; Pos = 21291 call FUNC_000523 jmp short JUMP_001930 JUMP_001927: ; Pos = 21298 push byte +0xb call FUNC_000541 pop ecx jmp short JUMP_001930 JUMP_001928: ; Pos = 212a2 push dword DATA_009048 call FUNC_000439 pop ecx jmp short JUMP_001930 JUMP_001929: ; Pos = 212af call FUNC_000335 JUMP_001930: ; Pos = 212b4 mov esp,ebp pop ebp ret FUNC_000327: ; Pos = 212b8 push ebp mov ebp,esp add esp,byte -0x3c push ebx push esi push edi call FUNC_000358 mov eax,[ebp+0x8] mov [DATA_009054],eax mov eax,[DATA_009052] test eax,eax jz JUMP_001931 mov edx,[DATA_009056] mov [ebp-0x8],edx mov edx,[DATA_008862] add edx,0x124 mov [ebp-0x4],edx push byte +0x79 push byte +0x6 push byte +0x4 movsx edx,byte [DATA_005286] push edx lea edx,[ebp-0x14] push edx push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_001931: ; Pos = 2130b mov ebx,[DATA_008688] test ebx,ebx jz JUMP_001932 mov eax,[DATA_008689] mov [ebp-0x28],eax mov eax,[DATA_008690] mov [ebp-0x24],eax mov eax,[DATA_008691] mov [ebp-0x20],eax mov eax,[ebp+0x8] lea eax,[eax+eax*4] mov esi,[eax*8+DATA_005307] mov eax,0x140 sub eax,esi add eax,byte -0x3 push eax push byte +0x1 mov eax,[ebp+0x8] lea eax,[eax+eax*4] push esi movsx eax,byte [DATA_005286] push eax lea eax,[ebp-0x28] push eax push ebx call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 add eax,eax lea eax,[eax+eax*4] mov ebx,eax jmp short JUMP_001933 JUMP_001932: ; Pos = 2136d xor ebx,ebx JUMP_001933: ; Pos = 2136f mov esi,[ebp+0x8] lea esi,[esi+esi*4] mov eax,[esi*8+DATA_005304] test eax,eax jz JUMP_001934 push byte +0x0 lea edx,[ebx+0x2] push edx mov edx,[esi*8+DATA_005305] push edx movsx edx,byte [DATA_005287] push edx lea edx,[ebp-0x3c] push edx mov edx,[ebp+0x8] lea edx,[edx+edx*4] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_001934: ; Pos = 213aa add ebx,[esi*8+DATA_005306] mov esi,[DATA_009050] mov eax,[ebp+0x8] lea eax,[eax+eax*4] lea edi,[eax*8+DATA_005308] jmp short JUMP_001937 JUMP_001935: ; Pos = 213c6 mov eax,esi shl eax,0x4 lea eax,[eax+eax*2] add eax,DATA_009048 mov edx,esi sub edx,[DATA_009050] push edx push ebx mov edx,[ebp+0x8] push edx push eax call FUNC_000329 add esp,byte +0x10 add ebx,[edi] cmp eax,ebx jng JUMP_001936 mov ebx,eax JUMP_001936: ; Pos = 213f3 inc esi JUMP_001937: ; Pos = 213f4 cmp esi,[DATA_009051] jnl JUMP_001938 mov eax,[edi] add eax,ebx cmp eax,0x94 jl JUMP_001935 JUMP_001938: ; Pos = 21407 mov edx,esi mov eax,[DATA_009050] sub edx,eax mov [DATA_008692],edx test eax,eax setnz al and eax,byte +0x1 push eax cmp esi,[DATA_009051] setl al and eax,byte +0x1 push eax call FUNC_000330 add esp,byte +0x8 mov eax,[ebp+0x8] lea eax,[eax+eax*4] cmp dword [eax*8+DATA_005312],byte +0x0 jz JUMP_001939 call FUNC_000566 JUMP_001939: ; Pos = 21449 mov dword [DATA_008693],0x1 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000328: ; Pos = 2145c push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x1c] mov esi,[ebp+0x10] mov ebx,[ebp+0xc] push esi push ebx mov eax,[ebp+0x8] push eax call FUNC_001621_BlitIndexToBuf add esp,byte +0xc cmp dword [DATA_008693],byte +0x0 jnz JUMP_001940 push edi mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax push esi push ebx call near [DATA_007671] ; FUNC_001461_GuiAddHotRect2 add esp,byte +0x14 mov eax,[DATA_008694] mov [eax*4+DATA_008695],edi inc dword [DATA_008694] JUMP_001940: ; Pos = 214a8 pop edi pop esi pop ebx pop ebp ret FUNC_000329: ; Pos = 214b0 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] lea eax,[esi+esi*4] mov eax,[eax*8+DATA_005313] sub eax,byte +0x1 jc near JUMP_001942 jz JUMP_001941 dec eax jnz near JUMP_001943 mov eax,[ebp+0x14] add eax,0x80 push eax push byte +0x9 push byte +0x8 push edi lea eax,[esi+esi*4] mov eax,[eax*8+DATA_005309] push eax push byte +0x2e call FUNC_000328 add esp,byte +0x18 test byte [ebx+0x18],0x1 jz near JUMP_001943 mov eax,[ebp+0x14] add eax,0x90 push eax push byte +0x9 push byte +0x8 push edi lea eax,[esi+esi*4] mov eax,[eax*8+DATA_005310] push eax push byte +0x2e call FUNC_000328 add esp,byte +0x18 jmp short JUMP_001943 JUMP_001941: ; Pos = 21530 mov eax,[ebp+0x14] add eax,0x80 push eax push byte +0x9 push byte +0x8 push edi lea eax,[esi+esi*4] mov eax,[eax*8+DATA_005309] push eax push byte +0x2e call FUNC_000328 add esp,byte +0x18 mov eax,[ebp+0x14] add eax,0x90 push eax push byte +0x9 push byte +0x8 push edi lea eax,[esi+esi*4] mov eax,[eax*8+DATA_005310] push eax push byte +0x2e call FUNC_000328 add esp,byte +0x18 jmp short JUMP_001943 JUMP_001942: ; Pos = 21578 mov eax,[ebp+0x14] add eax,0x80 push eax push byte +0x9 push byte +0x8 push edi lea eax,[esi+esi*4] mov eax,[eax*8+DATA_005309] push eax push byte +0x2e call FUNC_000328 add esp,byte +0x18 JUMP_001943: ; Pos = 2159b mov eax,[ebx+0x4] mov [ebp-0x14],eax mov eax,[ebx+0x8] mov [ebp-0x10],eax mov eax,[ebx+0xc] mov [ebp-0xc],eax mov eax,[ebx+0x24] mov [ebp-0x8],eax mov eax,[ebx+0x2c] mov [ebp-0x4],eax lea eax,[esi+esi*4] mov eax,[eax*8+DATA_005311] mov edx,0x140 sub edx,eax add edx,byte -0x3 push edx lea edx,[edi+0x1] push edx lea edx,[esi+esi*4] push eax movsx eax,byte [DATA_005286] push eax lea eax,[ebp-0x14] push eax mov eax,[ebx] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 add eax,eax lea eax,[eax+eax*4] add edi,eax mov eax,edi pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000330: ; Pos = 21600 push ebp mov ebp,esp add esp,byte -0x14 push ebx mov ebx,[ebp+0xc] mov eax,[ebp+0x8] test eax,eax jnz JUMP_001944 test ebx,ebx jz JUMP_001947 JUMP_001944: ; Pos = 21615 test eax,eax jz JUMP_001945 push dword 0x8f push byte +0x9 push byte +0x8 push dword 0x93 push byte +0x7c push byte +0x30 call FUNC_000328 add esp,byte +0x18 JUMP_001945: ; Pos = 21633 test ebx,ebx jz JUMP_001946 push dword 0x9f push byte +0x9 push byte +0x8 push dword 0x93 push dword 0x88 push byte +0x2f call FUNC_000328 add esp,byte +0x18 JUMP_001946: ; Pos = 21654 push dword 0xa9 push dword 0x94 push dword 0x94 movsx eax,byte [DATA_005286] push eax lea eax,[ebp-0x14] push eax push dword 0x98e9 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_001947: ; Pos = 2167d pop ebx mov esp,ebp pop ebp ret FUNC_000331: ; Pos = 21684 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] cmp byte [DATA_008640],0x0 jnz JUMP_001949 push byte +0xc call near [DATA_007200] ; FUNC_000923 pop ecx mov byte [DATA_008640],0xff mov ebx,0x32 JUMP_001948: ; Pos = 216aa push byte +0x0 push ebx call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push ebx call FUNC_000263_ConsoleShowButton pop ecx inc ebx cmp ebx,byte +0x36 jng JUMP_001948 push byte +0x1 push byte +0xb call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 JUMP_001949: ; Pos = 216ce mov eax,[ebp+0x8] mov [DATA_009054],eax mov eax,[ebp+0xc] mov [DATA_009052],eax mov eax,[ebp+0x14] mov [DATA_009056],eax mov eax,[ebp+0x18] mov [DATA_009057],eax mov eax,[ebp+0x1c] mov [DATA_009061],eax test esi,esi jz JUMP_001950 push esi call FUNC_000352 pop ecx JUMP_001950: ; Pos = 21701 call FUNC_000342 pop esi pop ebx pop ebp ret FUNC_000332: ; Pos = 2170c push ebp mov ebp,esp call FUNC_000359 or byte [DATA_008641],0x1 mov eax,[ebp+0xc] mov [DATA_009049],eax mov eax,[ebp+0x8] mov [DATA_009054],eax xor eax,eax mov [DATA_009052],eax call FUNC_000342 pop ebp ret FUNC_000333: ; Pos = 2173c push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov ebx,DATA_008804 mov esi,DATA_002321 cmp dword [DATA_005315],byte +0x0 jz near JUMP_001961 mov eax,[ebx+0xc8] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] mov cx,[eax+0x6] mov eax,[ebx+0xc8] movzx eax,word [eax+0xe4] shl eax,0x2 lea eax,[eax+eax*4] lea eax,[eax+eax*4] test eax,eax jns JUMP_001951 add eax,byte +0x3 JUMP_001951: ; Pos = 21794 sar eax,0x2 movsx edx,cx mov ecx,edx cdq idiv ecx mov edi,eax xor eax,eax mov [DATA_005315],eax cmp word [ebx+0x43c],byte +0x0 jnz near JUMP_001954 mov dword [esi],DATA_005265 mov dword [esi+0x4],0x8 cmp edi,byte +0x4b jnl JUMP_001952 push byte +0x2 call near [DATA_007217] ; FUNC_000922 pop ecx test eax,eax jz JUMP_001952 mov dword [esi],DATA_005263 mov dword [esi+0x4],0xd JUMP_001952: ; Pos = 217e2 movzx eax,word [ebx+0x43c] cmp dword [ebx+eax*4+0x50f8],byte +0x32 jng JUMP_001953 push byte +0x2 call near [DATA_007217] ; FUNC_000922 pop ecx test eax,eax jz JUMP_001953 mov dword [esi],DATA_005264 mov dword [esi+0x4],0x8 JUMP_001953: ; Pos = 2180d cmp word [ebx+0x43a],0xb4 jnc near JUMP_001958 push byte +0x2 call near [DATA_007217] ; FUNC_000922 pop ecx test eax,eax jz near JUMP_001958 mov dword [esi],DATA_005266 mov dword [esi+0x4],0xa jmp JUMP_001958 JUMP_001954: ; Pos = 2183f cmp word [ebx+0x43c],byte +0x1 jnz JUMP_001955 mov dword [esi],DATA_005261 mov dword [esi+0x4],0x9 cmp dword [ebx+0x1a0],0x2710 jc near JUMP_001958 push byte +0x2 call near [DATA_007217] ; FUNC_000922 pop ecx test eax,eax jz JUMP_001958 mov dword [esi],DATA_005262 mov dword [esi+0x4],0x6 jmp short JUMP_001958 JUMP_001955: ; Pos = 21882 cmp word [ebx+0x43c],byte +0x2 jnz JUMP_001957 mov dword [esi],DATA_005260 mov dword [esi+0x4],0x7 cmp dword [ebx+0x1a4],0x2710 jc JUMP_001956 push byte +0x2 call near [DATA_007217] ; FUNC_000922 pop ecx test eax,eax jz JUMP_001956 mov dword [esi],DATA_005259 mov dword [esi+0x4],0x6 JUMP_001956: ; Pos = 218bf cmp edi,byte +0x4b jnl JUMP_001958 push byte +0x2 call near [DATA_007217] ; FUNC_000922 pop ecx test eax,eax jz JUMP_001958 mov dword [esi],DATA_005258 mov dword [esi+0x4],0x4 jmp short JUMP_001958 JUMP_001957: ; Pos = 218e0 mov dword [esi],DATA_005267 mov dword [esi+0x4],0x9 JUMP_001958: ; Pos = 218ed push byte +0x14 call near [DATA_007217] ; FUNC_000922 pop ecx cmp eax,byte +0x3 jnc JUMP_001959 mov dword [esi],DATA_005267 mov dword [esi+0x4],0x9 JUMP_001959: ; Pos = 21908 cmp word [ebx+0x43c],byte +0x4 jz JUMP_001960 mov eax,[ebx+0xcc] cmp dword [eax+0x82],byte +0x45 jnz JUMP_001961 JUMP_001960: ; Pos = 21921 xor eax,eax mov [esi],eax xor eax,eax mov [esi+0x4],eax JUMP_001961: ; Pos = 2192a mov byte [ebx+0x3f42],0x0 mov byte [ebx+0x4920],0x0 mov eax,[ebx+0xcc] mov [ebp-0x14],eax mov edx,[eax+0xa0] mov eax,edx shl eax,0x10 shr edx,0x10 or eax,edx mov dword [ebp-0x30],0x98dc push dword 0x8000 push byte +0x1 push eax lea eax,[ebp-0x30] push eax push dword 0x98d2 push byte +0x0 call FUNC_000331 add esp,byte +0x18 lea eax,[ebp-0x30] push eax push dword 0x9819 call FUNC_000348 add esp,byte +0x8 cmp word [ebx+0x43c],byte +0x4 jz JUMP_001962 lea eax,[ebp-0x30] push eax push dword 0x980a call FUNC_000348 add esp,byte +0x8 lea eax,[ebp-0x30] push eax push dword 0x980b call FUNC_000348 add esp,byte +0x8 lea eax,[ebp-0x30] push eax push dword 0x980c call FUNC_000348 add esp,byte +0x8 JUMP_001962: ; Pos = 219c1 call FUNC_000335 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000334: ; Pos = 219d0 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000352 pop ecx push byte +0x0 call FUNC_000336 pop ecx pop ebp ret FUNC_000335: ; Pos = 219e8 push ebp mov ebp,esp push byte +0x0 call FUNC_000336 pop ecx pop ebp ret FUNC_000336: ; Pos = 219f8 push ebp mov ebp,esp push dword DATA_005316 push byte +0x0 call FUNC_001572 add esp,byte +0x8 push byte +0x0 call FUNC_000956 pop ecx mov eax,[ebp+0x8] push eax call FUNC_000327 pop ecx call FUNC_000565 call FUNC_000558 call FUNC_001637_FlipScreen pop ebp ret FUNC_000337: ; Pos = 21a30 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000352 pop ecx call FUNC_000338 pop ebp ret FUNC_000338: ; Pos = 21a44 push ebp mov ebp,esp push byte +0x2 call FUNC_000336 pop ecx pop ebp ret FUNC_000339: ; Pos = 21a54 push ebp mov ebp,esp push ebx cmp dword [ebp+0x8],byte +0x0 jnz JUMP_001966 cmp byte [DATA_008640],0x0 jnz JUMP_001963 test byte [DATA_008641],0x1 jz JUMP_001966 JUMP_001963: ; Pos = 21a70 push byte +0x2 push byte +0x0 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x0 call FUNC_000034 add esp,byte +0x8 mov byte [DATA_008640],0x0 mov byte [DATA_008641],0x0 call FUNC_000117 call FUNC_000358 push byte +0x0 push byte +0x0 push byte +0x0 call FUNC_000271 add esp,byte +0xc cmp byte [DATA_009062],0x0 jz JUMP_001964 push byte +0x0 push byte +0x12 call FUNC_000148 add esp,byte +0x8 JUMP_001964: ; Pos = 21ac3 call FUNC_001573 mov ebx,0x32 JUMP_001965: ; Pos = 21acd push ebx call FUNC_000264_ConsoleHideButton pop ecx inc ebx cmp ebx,byte +0x36 jng JUMP_001965 JUMP_001966: ; Pos = 21ada pop ebx pop ebp ret FUNC_000340: ; Pos = 21ae0 push ebp mov ebp,esp push dword 0x54f42 push byte +0x9 call FUNC_000332 add esp,byte +0x8 pop ebp ret FUNC_000341: ; Pos = 21af4 push ebp mov ebp,esp xor eax,eax mov [DATA_008688],eax xor eax,eax mov [DATA_009051],eax call FUNC_000358 pop ebp ret FUNC_000342: ; Pos = 21b0c push ebp mov ebp,esp push byte +0x2 push byte +0x0 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x0 call FUNC_000034 add esp,byte +0x8 call FUNC_000341 xor eax,eax mov [DATA_009050],eax pop ebp ret FUNC_000343: ; Pos = 21b38 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov esi,DATA_008804 mov edi,DATA_009133 mov byte [DATA_007689],0x0 mov al,[esi+0xe8] cmp al,0x2a jz JUMP_001967 cmp al,0x30 jnz JUMP_001969 JUMP_001967: ; Pos = 21b60 mov ebx,0x2c JUMP_001968: ; Pos = 21b65 push byte +0x0 push ebx call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 inc ebx cmp ebx,byte +0x36 jng JUMP_001968 call FUNC_000333 jmp JUMP_001978 JUMP_001969: ; Pos = 21b80 call FUNC_000340 lea eax,[ebp-0x30] push eax push dword 0x9803 call FUNC_000348 add esp,byte +0x8 mov al,[esi+0xec] test al,al jz JUMP_001972 mov edx,[edi] push edx movsx eax,al push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 cmp byte [eax+0x118],0xff jz JUMP_001970 mov edx,[eax+0x82] cmp edx,byte +0xf jc JUMP_001970 cmp edx,byte +0x3f jna JUMP_001971 JUMP_001970: ; Pos = 21bc9 test byte [eax+0x14c],0x10 jz JUMP_001972 JUMP_001971: ; Pos = 21bd2 mov dword [ebp-0x30],0x9802 mov [ebp-0x14],eax add eax,0x124 mov [ebp-0xc],eax lea eax,[ebp-0x30] push eax call FUNC_000345 pop ecx JUMP_001972: ; Pos = 21bee mov eax,[edi] push eax mov eax,[esi+0xc8] movzx eax,byte [eax+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 test byte [eax+0x14c],0x10 jz JUMP_001973 mov dword [ebp-0x30],0x9800 mov [ebp-0x14],eax add eax,0x124 mov [ebp-0xc],eax lea eax,[ebp-0x30] push eax call FUNC_000345 pop ecx jmp short JUMP_001976 JUMP_001973: ; Pos = 21c2c mov ebx,0x72 JUMP_001974: ; Pos = 21c31 mov eax,[edi] cmp byte [eax+ebx],0x0 jz JUMP_001975 mov edx,[esi+0xc8] mov dl,[edx+0x56] push edx lea edx,[ebx+ebx*4] lea edx,[ebx+edx*4] lea edx,[ebx+edx*8] add edx,edx add edx,eax add edx,byte +0x74 push edx call FUNC_000344 add esp,byte +0x8 JUMP_001975: ; Pos = 21c5c dec ebx test ebx,ebx jg JUMP_001974 JUMP_001976: ; Pos = 21c61 movzx eax,word [esi+0x43c] mov eax,[esi+eax*4+0x50f8] mov [ebp-0x24],eax test eax,eax jz JUMP_001977 mov dword [ebp-0x30],0x9809 lea eax,[ebp-0x30] push eax call FUNC_000345 pop ecx JUMP_001977: ; Pos = 21c87 cmp byte [esi+0x112],0x0 jz JUMP_001978 mov dword [ebp-0x30],0x9830 lea eax,[ebp-0x30] push eax call FUNC_000345 pop ecx JUMP_001978: ; Pos = 21ca1 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000344: ; Pos = 21ca8 push ebp mov ebp,esp add esp,byte -0x30 push ebx mov eax,[ebp+0x8] mov dl,[eax+0x14c] test dl,0x10 jz JUMP_001980 movsx ecx,byte [ebp+0xc] xor ebx,ebx mov bl,[eax+0x56] cmp ecx,ebx jnz JUMP_001980 cmp byte [eax+0x88],0x13 jg JUMP_001980 mov ecx,0x9801 test dl,0x20 jnz JUMP_001979 dec ecx JUMP_001979: ; Pos = 21cde mov [ebp-0x30],ecx mov [ebp-0x14],eax add eax,0x124 mov [ebp-0xc],eax lea eax,[ebp-0x30] push eax call FUNC_000345 pop ecx JUMP_001980: ; Pos = 21cf6 pop ebx mov esp,ebp pop ebp ret FUNC_000345: ; Pos = 21cfc push ebp mov ebp,esp push esi push edi cmp dword [DATA_009051],byte +0x2d jnl JUMP_001981 mov eax,[DATA_009051] inc dword [DATA_009051] add eax,eax lea eax,[eax+eax*2] mov edx,[ebp+0x8] lea edi,[eax*8+DATA_009048] mov esi,edx mov ecx,0xc rep movsd JUMP_001981: ; Pos = 21d2d pop edi pop esi pop ebp ret FUNC_000346: ; Pos = 21d34 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0x8] mov ebx,[DATA_009051] cmp ebx,byte +0x2d jg JUMP_001984 test ebx,ebx jng JUMP_001982 mov eax,[esi] mov edx,eax shl edx,0x10 or edx,eax mov [ebp-0x8],edx mov [ebp-0x4],edx lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax push ebx call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc jmp short JUMP_001983 JUMP_001982: ; Pos = 21d72 xor eax,eax JUMP_001983: ; Pos = 21d74 mov edx,eax add edx,edx lea edx,[edx+edx*2] mov ecx,[DATA_009051] inc dword [DATA_009051] add ecx,ecx lea ecx,[ecx+ecx*2] push esi lea esi,[edx*8+DATA_009048] lea edi,[ecx*8+DATA_009048] mov ecx,0xc rep movsd pop esi push esi lea edi,[edx*8+DATA_009048] mov ecx,0xc rep movsd pop esi JUMP_001984: ; Pos = 21db3 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000347: ; Pos = 21dbc push ebp mov ebp,esp push esi push edi mov eax,[ebp+0x8] mov esi,eax mov edi,DATA_008688 mov ecx,0xc rep movsd pop edi pop esi pop ebp ret FUNC_000348: ; Pos = 21dd8 push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,[ebp+0x8] mov [eax],edx push eax call FUNC_000345 pop ecx pop ebp ret FUNC_000349: ; Pos = 21dec push ebp mov ebp,esp cmp byte [DATA_008870],0x4 jz JUMP_001985 call near [DATA_004920] ; FUNC_000217_SysMenuPlayTime JUMP_001985: ; Pos = 21dfe mov eax,[ebp+0x8] push eax call FUNC_000351 pop ecx pop ebp ret FUNC_000350: ; Pos = 21e0c push ebp mov ebp,esp add esp,0xfffff7ec push ebx push esi mov eax,[ebp+0x8] lea esi,[ebp+0xfffff7ec] mov edx,[eax+0x8] mov [esi+0x4],edx mov edx,[eax+0xc] mov [esi+0x8],edx mov edx,[eax+0x18] test edx,edx jl JUMP_001989 test dl,0x1 jnz JUMP_001988 mov edx,[eax] mov [esi],edx mov edx,[eax+0x2c] mov [esi+0xc],edx mov edx,[eax+0x1c] test edx,edx jnz JUMP_001986 mov eax,DATA_009148 mov [esi+0x10],eax jmp short JUMP_001987 JUMP_001986: ; Pos = 21e53 add edx,0x124 mov [esi+0x10],edx JUMP_001987: ; Pos = 21e5c mov eax,0x9917 mov bl,0x5f jmp short JUMP_001990 JUMP_001988: ; Pos = 21e65 mov edx,[eax+0x4] mov [esi],edx mov edx,[eax+0x24] mov [esi+0xc],edx mov edx,[eax+0x2c] mov [esi+0x10],edx mov eax,[eax] mov bl,0x5f jmp short JUMP_001990 JUMP_001989: ; Pos = 21e7c mov edx,[eax+0x4] mov [esi],edx mov edx,[eax+0x8] mov [esi+0x4],edx mov edx,[eax+0xc] mov [esi+0x8],edx mov edx,[eax+0x24] mov [esi+0xc],edx mov edx,[eax+0x2c] mov [esi+0x10],edx mov eax,[eax] mov bl,0x11 JUMP_001990: ; Pos = 21e9d push esi push eax lea eax,[ebp+0xfffff800] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc xor eax,eax cmp dword [ebp+0xc],byte +0x0 jnz JUMP_001991 inc eax JUMP_001991: ; Pos = 21eb8 push eax push ebx lea eax,[ebp+0xfffff800] push eax call FUNC_000271 add esp,byte +0xc pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000351: ; Pos = 21ed0 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp byte [DATA_008870],0x2c jz JUMP_001993 cmp dword [ebx+0x18],byte +0x0 jl JUMP_001992 push byte +0x16 call FUNC_001906_SoundPlaySample pop ecx JUMP_001992: ; Pos = 21eee push byte +0x1 push ebx call FUNC_000350 add esp,byte +0x8 JUMP_001993: ; Pos = 21ef9 pop ebx pop ebp ret FUNC_000352: ; Pos = 21efc push ebp mov ebp,esp add esp,byte -0x30 push esi push edi mov eax,[ebp+0x8] mov esi,eax lea edi,[ebp-0x30] mov ecx,0xc rep movsd mov dword [ebp-0x18],0xffffffff push byte +0x0 lea eax,[ebp-0x30] push eax call FUNC_000350 add esp,byte +0x8 pop edi pop esi mov esp,ebp pop ebp ret FUNC_000353: ; Pos = 21f30 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x20] mov edx,[edx] mov [eax+0x8],edx mov dword [eax],0x992d push eax call FUNC_000352 pop ecx pop ebp ret FUNC_000354: ; Pos = 21f50 push ebp mov ebp,esp add esp,0xffffff10 push ebx mov ebx,DATA_008804 cmp byte [ebx+0x3f42],0x0 jnz JUMP_001994 call near [DATA_007672] ; FUNC_001414_GuiGetLastAction and eax,0xff test eax,eax jz JUMP_001994 mov edx,[DATA_007705] mov [ebx+0x48e4],edx JUMP_001994: ; Pos = 21f83 test eax,eax jz near JUMP_002007 cmp eax,0xf5 jnz JUMP_001995 lea eax,[ebp-0x30] push eax call FUNC_000381 pop ecx jmp JUMP_002010 JUMP_001995: ; Pos = 21fa1 cmp eax,0xf6 jnz JUMP_001996 lea eax,[ebp-0x60] push eax call FUNC_000382 pop ecx jmp JUMP_002010 JUMP_001996: ; Pos = 21fb7 cmp eax,0xf7 jnz JUMP_001997 lea eax,[ebp+0xffffff70] push eax call FUNC_000453 pop ecx jmp JUMP_002010 JUMP_001997: ; Pos = 21fd0 cmp eax,0xf8 jnz JUMP_001998 lea eax,[ebp+0xffffff40] push eax call FUNC_000536 pop ecx jmp JUMP_002010 JUMP_001998: ; Pos = 21fe9 cmp eax,0xf9 jnz JUMP_001999 lea eax,[ebp+0xffffff10] push eax call FUNC_000552 pop ecx jmp JUMP_002010 JUMP_001999: ; Pos = 22002 cmp eax,byte +0x31 jc JUMP_002000 cmp eax,byte +0x34 ja JUMP_002000 mov edx,[ebx+0x48d6] add edx,eax sub edx,byte +0x31 cmp edx,[ebx+0x48da] jnl near JUMP_002007 push byte +0x0 push edx call FUNC_000361 add esp,byte +0x8 jmp short JUMP_002007 JUMP_002000: ; Pos = 22030 cmp eax,0x8f jz JUMP_002001 cmp eax,byte +0x6 jnz JUMP_002002 JUMP_002001: ; Pos = 2203c push byte +0x1 call FUNC_000356 pop ecx jmp JUMP_002010 JUMP_002002: ; Pos = 22049 cmp eax,0x9f jz JUMP_002003 cmp eax,byte +0x5 jnz JUMP_002004 JUMP_002003: ; Pos = 22055 push byte -0x1 call FUNC_000356 pop ecx jmp JUMP_002010 JUMP_002004: ; Pos = 22062 cmp eax,byte +0x3 jnz JUMP_002005 call FUNC_000362 jmp short JUMP_002010 JUMP_002005: ; Pos = 2206e cmp eax,0x80 jc JUMP_002006 cmp eax,0x9f ja JUMP_002006 mov edx,eax and edx,byte +0xf add edx,[ebx+0x48d6] cmp edx,[ebx+0x48da] jnl JUMP_002007 push eax push edx call FUNC_000361 add esp,byte +0x8 jmp short JUMP_002007 JUMP_002006: ; Pos = 2209b push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx JUMP_002007: ; Pos = 220a3 cmp dword [ebx+0x48e8],byte +0x6 jnz JUMP_002008 call FUNC_000562 jmp short JUMP_002010 JUMP_002008: ; Pos = 220b3 mov eax,[ebx+0x491c] test eax,eax jz JUMP_002010 mov edx,[DATA_009155] cmp eax,edx jna JUMP_002009 sub eax,edx mov [ebx+0x491c],eax jmp short JUMP_002010 JUMP_002009: ; Pos = 220d1 xor eax,eax mov [ebx+0x491c],eax call FUNC_001617_BlitVidToBuf call FUNC_000563 call FUNC_001637_FlipScreen JUMP_002010: ; Pos = 220e8 pop ebx mov esp,ebp pop ebp ret FUNC_000355: ; Pos = 220f0 push ebp mov ebp,esp mov eax,[ebp+0x8] add eax,[DATA_009050] test eax,eax jl JUMP_002011 mov edx,[DATA_008692] add edx,eax cmp edx,[DATA_009051] jng JUMP_002012 JUMP_002011: ; Pos = 22110 mov eax,0x1 pop ebp ret JUMP_002012: ; Pos = 22117 mov [DATA_009050],eax xor eax,eax pop ebp ret FUNC_000356: ; Pos = 22120 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000355 pop ecx test eax,eax jnz near JUMP_002021 mov eax,[DATA_009054] cmp eax,byte +0xb ja JUMP_002020 jmp near [eax*4+DATA_000026] SECTION .data DATA_000026: ; Pos = 22146 dd JUMP_002020 dd JUMP_002018 dd JUMP_002017 dd JUMP_002015 dd JUMP_002016 dd JUMP_002016 dd JUMP_002016 dd JUMP_002013 dd JUMP_002014 dd JUMP_002020 dd JUMP_002020 dd JUMP_002019 SECTION .text JUMP_002013: ; Pos = 22176 call FUNC_000494 pop ebp ret JUMP_002014: ; Pos = 2217d call FUNC_000445 pop ebp ret JUMP_002015: ; Pos = 22184 call FUNC_000539 pop ebp ret JUMP_002016: ; Pos = 2218b call FUNC_000385 pop ebp ret JUMP_002017: ; Pos = 22192 mov eax,[DATA_009050] mov [DATA_009067],eax call FUNC_000338 pop ebp ret JUMP_002018: ; Pos = 221a3 call FUNC_000523 pop ebp ret JUMP_002019: ; Pos = 221aa push byte +0xb call FUNC_000541 pop ecx pop ebp ret JUMP_002020: ; Pos = 221b4 call FUNC_000335 JUMP_002021: ; Pos = 221b9 pop ebp ret FUNC_000357: ; Pos = 221bc push ebp mov ebp,esp push ebx test byte [DATA_008641],0x1 jz near JUMP_002030 cmp byte [DATA_008630],0x0 jnl near JUMP_002029 call near [DATA_007672] ; FUNC_001414_GuiGetLastAction xor ebx,ebx mov bl,al test ebx,ebx jz near JUMP_002028 mov eax,ebx cmp eax,0x8f jg JUMP_002022 jz JUMP_002023 add eax,byte -0x31 sub eax,byte +0x4 jc JUMP_002025 add eax,byte -0x4b sub eax,byte +0xf jc JUMP_002026 jmp short JUMP_002027 JUMP_002022: ; Pos = 22209 add eax,0xffffff70 sub eax,byte +0xf jc JUMP_002026 jz JUMP_002024 jmp short JUMP_002027 JUMP_002023: ; Pos = 22217 push byte +0x1 call FUNC_000355 pop ecx jmp short JUMP_002028 JUMP_002024: ; Pos = 22221 push byte -0x1 call FUNC_000355 pop ecx jmp short JUMP_002028 JUMP_002025: ; Pos = 2222b mov eax,[DATA_009050] add eax,ebx add eax,byte -0x31 cmp eax,[DATA_009051] jnl JUMP_002030 push byte +0x0 push eax call FUNC_000361 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002026: ; Pos = 2224b mov eax,ebx and eax,byte +0xf add eax,[DATA_009050] cmp eax,[DATA_009051] jnl JUMP_002030 push ebx push eax call FUNC_000361 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002027: ; Pos = 2226b push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx JUMP_002028: ; Pos = 22273 mov eax,[DATA_009054] push eax call FUNC_000327 pop ecx mov eax,[DATA_009049] sub eax,[DATA_009122] mov [DATA_009049],eax test eax,eax jnl JUMP_002030 call FUNC_000359 pop ebx pop ebp ret JUMP_002029: ; Pos = 2229b call FUNC_000359 JUMP_002030: ; Pos = 222a0 pop ebx pop ebp ret FUNC_000358: ; Pos = 222a4 push ebp mov ebp,esp push ebx push esi xor esi,esi mov ebx,DATA_008695 jmp short JUMP_002032 JUMP_002031: ; Pos = 222b2 mov eax,[ebx] push eax call near [DATA_007680] ; FUNC_001443_GuiRemoveHotArea pop ecx inc esi add ebx,byte +0x4 JUMP_002032: ; Pos = 222c0 cmp esi,[DATA_008694] jl JUMP_002031 xor eax,eax mov [DATA_008693],eax xor eax,eax mov [DATA_008694],eax pop esi pop ebx pop ebp ret FUNC_000359: ; Pos = 222dc push ebp mov ebp,esp test byte [DATA_008641],0x1 jz JUMP_002033 push byte +0x2 push byte +0x0 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x0 call FUNC_000034 add esp,byte +0x8 JUMP_002033: ; Pos = 22300 and byte [DATA_008641],0xfe call FUNC_000358 pop ebp ret FUNC_000360: ; Pos = 22310 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] call FUNC_000117 mov al,[DATA_008870] cmp al,0x2a jz JUMP_002034 cmp al,0x30 jnz JUMP_002035 JUMP_002034: ; Pos = 22329 call FUNC_000560 call FUNC_001637_FlipScreen JUMP_002035: ; Pos = 22333 cmp dword [DATA_007706],0x3e2 jz JUMP_002036 call near [DATA_004920] ; FUNC_000217_SysMenuPlayTime JUMP_002036: ; Pos = 22345 mov eax,[ebx] add eax,0xffff6800 test eax,eax jl JUMP_002037 cmp eax,byte +0x74 jnl JUMP_002037 cmp dword [eax*4+DATA_005288],byte +0x0 jz JUMP_002037 push ebx mov eax,[eax*4+DATA_005288] call eax pop ecx pop ebx pop ebp ret JUMP_002037: ; Pos = 2236d mov eax,[ebx+0x4] push eax push byte +0x1 call FUNC_000034 add esp,byte +0x8 mov eax,[ebx+0x8] push eax push byte +0x2 call FUNC_000034 add esp,byte +0x8 mov eax,[ebx+0xc] push eax push byte +0x3 call FUNC_000034 add esp,byte +0x8 mov eax,[ebx] push eax push byte +0x0 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x0 call FUNC_000034 add esp,byte +0x8 pop ebx pop ebp ret FUNC_000361: ; Pos = 223b4 push ebp mov ebp,esp add esp,byte -0x30 push esi push edi mov eax,[ebp+0x8] mov edx,eax add edx,edx lea edx,[edx+edx*2] lea esi,[edx*8+DATA_009048] lea edi,[ebp-0x30] mov ecx,0xc rep movsd shl eax,0x4 lea eax,[eax+eax*2] add eax,DATA_009048 mov [ebp-0x10],eax xor eax,eax mov al,[ebp+0xc] mov [ebp-0x18],eax push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx lea eax,[ebp-0x30] push eax call FUNC_000360 pop ecx pop edi pop esi mov esp,ebp pop ebp ret FUNC_000362: ; Pos = 22408 push ebp mov ebp,esp add esp,byte -0x30 push byte +0x30 push byte +0x0 lea eax,[ebp-0x30] push eax call _memset add esp,byte +0xc mov eax,[DATA_009054] lea eax,[eax+eax*4] mov eax,[eax*8+DATA_005312] test eax,eax jz JUMP_002039 sub eax,0x9800 test eax,eax jl JUMP_002038 cmp eax,byte +0x74 jnl JUMP_002038 cmp dword [eax*4+DATA_005288],byte +0x0 jz JUMP_002038 lea edx,[ebp-0x30] push edx mov eax,[eax*4+DATA_005288] call eax pop ecx jmp short JUMP_002039 JUMP_002038: ; Pos = 22459 mov eax,[DATA_009054] lea eax,[eax+eax*4] mov eax,[eax*8+DATA_005312] push eax push byte +0x0 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x0 call FUNC_000034 add esp,byte +0x8 JUMP_002039: ; Pos = 2247f mov esp,ebp pop ebp ret FUNC_000363: ; Pos = 22484 push ebp mov ebp,esp cmp byte [DATA_008880],0x0 jnz JUMP_002040 mov eax,[DATA_008862] push eax mov al,[DATA_008857] push eax call FUNC_000651 add esp,byte +0x8 JUMP_002040: ; Pos = 224a4 mov eax,[ebp+0x8] push eax call FUNC_000365 pop ecx pop ebp ret FUNC_000364: ; Pos = 224b0 push ebp mov ebp,esp mov edx,[ebp+0x8] mov al,[DATA_008870] cmp al,0x26 jz JUMP_002041 cmp al,0x24 jnz JUMP_002042 JUMP_002041: ; Pos = 224c3 push edx call FUNC_000363 pop ecx pop ebp ret JUMP_002042: ; Pos = 224cc push edx call FUNC_000365 pop ecx pop ebp ret FUNC_000365: ; Pos = 224d8 push ebp mov ebp,esp add esp,byte -0x1c push ebx mov ebx,[ebp+0x8] lea eax,[ebp-0x4] push eax lea eax,[ebp-0x1c] push eax mov eax,[ebx+0x1c] push eax mov eax,[DATA_008861] push eax call FUNC_000655 add esp,byte +0x10 test al,al jnz JUMP_002043 mov eax,[ebx+0x1c] mov [DATA_008862],eax mov al,[eax+0x86] mov [DATA_008859],al mov byte [DATA_008873],0x0 mov byte [DATA_008870],0x0 push byte +0xd push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_002043: ; Pos = 2252f call FUNC_000359 pop ebx mov esp,ebp pop ebp ret FUNC_000366: ; Pos = 2253c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,DATA_008804 movzx edx,word [eax+0x43c] mov edx,[eax+edx*4+0x50f8] mov [ebx+0xc],edx movzx edx,word [eax+0x43c] mov edx,[eax+edx*4+0x50f8] cmp edx,[eax+0x114] jg JUMP_002044 movzx ecx,word [eax+0x43c] sub [eax+0x114],edx movzx edx,word [eax+0x43c] xor ecx,ecx mov [eax+edx*4+0x50f8],ecx movzx eax,word [eax+0x43c] push eax push byte +0x0 push byte +0xa call FUNC_000048 add esp,byte +0xc mov dword [ebx],0x9951 push ebx call FUNC_000352 pop ecx jmp short JUMP_002045 JUMP_002044: ; Pos = 225af mov dword [ebx],0x9950 push ebx call FUNC_000352 pop ecx JUMP_002045: ; Pos = 225bc call FUNC_000359 pop ebx pop ebp ret FUNC_000367: ; Pos = 225c4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[DATA_008861] mov [ebx+0x1c],eax call FUNC_000340 push ebx push dword 0x9807 call FUNC_000348 add esp,byte +0x8 push ebx push dword 0x9808 call FUNC_000348 add esp,byte +0x8 pop ebx pop ebp ret nop FUNC_000368: ; Pos = 225f8 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov esi,[ebx+0x1c] call FUNC_000340 test byte [esi+0x14c],0x10 jz JUMP_002046 push ebx push dword 0x9806 call FUNC_000348 add esp,byte +0x8 push ebx push dword 0x9831 call FUNC_000348 add esp,byte +0x8 jmp short JUMP_002047 JUMP_002046: ; Pos = 2262f push ebx push dword 0x9804 call FUNC_000348 add esp,byte +0x8 push ebx push dword 0x9805 call FUNC_000348 add esp,byte +0x8 push ebx push dword 0x9807 call FUNC_000348 add esp,byte +0x8 push ebx push dword 0x9808 call FUNC_000348 add esp,byte +0x8 push ebx push dword 0x9806 call FUNC_000348 add esp,byte +0x8 JUMP_002047: ; Pos = 22675 pop esi pop ebx pop ebp ret nop nop nop FUNC_000369: ; Pos = 2267c push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax+0x1c] mov dl,[eax+0x118] cmp byte [eax+0x87],0xb jnz JUMP_002051 dec dl jz JUMP_002049 sub dl,0xc jz JUMP_002049 dec dl jz JUMP_002048 sub dl,0x2 jz JUMP_002049 jmp short JUMP_002050 JUMP_002048: ; Pos = 226a8 push eax call FUNC_000374 pop ecx pop ebp ret JUMP_002049: ; Pos = 226b1 push eax call FUNC_000370 pop ecx pop ebp ret JUMP_002050: ; Pos = 226ba push eax call FUNC_000373 pop ecx JUMP_002051: ; Pos = 226c1 pop ebp ret nop FUNC_000370: ; Pos = 226c4 push ebp mov ebp,esp add esp,byte -0x30 mov eax,[ebp+0x8] cmp byte [eax+0xff],0x24 jnz JUMP_002052 push eax call FUNC_000371 pop ecx jmp short JUMP_002054 JUMP_002052: ; Pos = 226df mov dword [ebp-0x30],0x99cc cmp dword [eax+0x82],byte +0x24 ja JUMP_002053 mov dword [ebp-0x30],0x99cd JUMP_002053: ; Pos = 226f6 push eax lea eax,[ebp-0x30] push eax call FUNC_000372 add esp,byte +0x8 JUMP_002054: ; Pos = 22703 mov esp,ebp pop ebp ret nop FUNC_000371: ; Pos = 22708 push ebp mov ebp,esp add esp,byte -0x30 mov eax,[ebp+0x8] mov dword [ebp-0x30],0x99ce cmp dword [eax+0x82],byte +0x24 ja JUMP_002055 mov dword [ebp-0x30],0x99cf JUMP_002055: ; Pos = 22728 push eax lea eax,[ebp-0x30] push eax call FUNC_000372 add esp,byte +0x8 mov esp,ebp pop ebp ret nop nop nop FUNC_000372: ; Pos = 2273c push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov [ebx+0x1c],esi push byte +0x26 call FUNC_001906_SoundPlaySample pop ecx mov al,[esi+0x86] mov [DATA_008887],al mov eax,[esi+0xa0] mov edx,eax shl edx,0x10 shr eax,0x10 or edx,eax mov [ebx+0xc],edx xor eax,eax mov [ebx+0x18],eax push ebx call FUNC_000349 pop ecx pop esi pop ebx pop ebp ret FUNC_000373: ; Pos = 22780 push ebp mov ebp,esp add esp,byte -0x30 mov dword [ebp-0x30],0x99d0 mov eax,[ebp+0x8] push eax lea eax,[ebp-0x30] push eax call FUNC_000372 add esp,byte +0x8 mov esp,ebp pop ebp ret nop nop nop FUNC_000374: ; Pos = 227a4 push ebp mov ebp,esp add esp,byte -0x30 mov dword [ebp-0x30],0x99d1 mov eax,[ebp+0x8] push eax lea eax,[ebp-0x30] push eax call FUNC_000372 add esp,byte +0x8 mov esp,ebp pop ebp ret nop nop nop FUNC_000375: ; Pos = 227c8 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] mov ebx,[esi+0x1c] mov al,[ebx+0x118] sub al,0xfb jz JUMP_002056 sub al,0x11 jz JUMP_002056 sub al,0x2 jnz JUMP_002057 push ebx call FUNC_000374 pop ecx jmp short JUMP_002059 JUMP_002056: ; Pos = 227ee push ebx call FUNC_000373 pop ecx jmp short JUMP_002059 JUMP_002057: ; Pos = 227f7 mov al,[ebx+0x100] test al,al jnz JUMP_002058 push ebx call FUNC_000376 pop ecx jmp short JUMP_002059 JUMP_002058: ; Pos = 2280a mov edx,[DATA_009133] push edx movsx eax,al push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 add eax,0x124 mov [esi+0x2c],eax mov [esi+0x24],eax mov dword [esi],0x99d2 push ebx push esi call FUNC_000372 add esp,byte +0x8 JUMP_002059: ; Pos = 22839 pop esi pop ebx pop ebp ret FUNC_000376: ; Pos = 22840 push ebp mov ebp,esp add esp,byte -0x30 mov eax,[ebp+0x8] mov dword [ebp-0x30],0x99d3 cmp byte [eax+0xff],0x24 jz JUMP_002060 mov dword [ebp-0x30],0x99d4 JUMP_002060: ; Pos = 22860 push eax lea eax,[ebp-0x30] push eax call FUNC_000372 add esp,byte +0x8 mov esp,ebp pop ebp ret nop nop nop FUNC_000377: ; Pos = 22874 push ebp mov ebp,esp add esp,byte -0x30 push ebx mov eax,[ebp+0x8] mov ebx,[eax+0x1c] test byte [ebx+0x14c],0x10 jz JUMP_002061 push ebx push byte +0xa call FUNC_000237 add esp,byte +0x8 jmp short JUMP_002062 JUMP_002061: ; Pos = 22897 cmp byte [ebx+0x87],0xb jnz JUMP_002062 cmp dword [ebx+0x82],byte +0xf jc JUMP_002062 cmp dword [ebx+0x82],byte +0x3f ja JUMP_002062 mov dword [ebp-0x30],0x99d5 push ebx lea eax,[ebp-0x30] push eax call FUNC_000372 add esp,byte +0x8 cmp byte [ebx+0x118],0x1 jnz JUMP_002062 cmp byte [ebx+0xff],0x0 jnz JUMP_002062 mov byte [ebx+0xff],0x4 mov al,[DATA_008857] mov [ebx+0xfe],al JUMP_002062: ; Pos = 228ea pop ebx mov esp,ebp pop ebp ret nop FUNC_000378: ; Pos = 228f0 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov dword [ebx+0xc],0xa cmp dword [DATA_008888],byte +0xa jnl JUMP_002063 mov dword [ebx],0x9950 push ebx call FUNC_000352 pop ecx call FUNC_000359 pop ebx pop ebp ret JUMP_002063: ; Pos = 2291c sub dword [DATA_008888],byte +0xa call FUNC_000340 mov eax,[ebx+0x1c] movzx eax,byte [eax+0x86] push eax call FUNC_000649 pop ecx mov [ebx+0x24],eax push ebx push dword 0x8fff call FUNC_000348 add esp,byte +0x8 mov dword [DATA_009049],0x16c164 push ebx call FUNC_000379 pop ecx pop ebx pop ebp ret nop nop FUNC_000379: ; Pos = 22960 push ebp mov ebp,esp push byte +0x26 call FUNC_001906_SoundPlaySample pop ecx pop ebp ret FUNC_000380: ; Pos = 22970 push ebp mov ebp,esp mov al,[DATA_008887] mov [DATA_008874],al push byte +0x15 call FUNC_001906_SoundPlaySample pop ecx pop ebp ret FUNC_000381: ; Pos = 22988 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x8] mov edi,DATA_008804 mov ebx,[edi+0xcc] mov [esi+0x1c],ebx mov eax,[edi+0xc8] cmp byte [eax+0xd0],0x0 jnz JUMP_002064 mov eax,0x98c0 jmp JUMP_002069 JUMP_002064: ; Pos = 229b8 mov eax,[edi+0x5030] cmp eax,[edi+0x502c] jz JUMP_002065 mov eax,0x9938 jmp JUMP_002069 JUMP_002065: ; Pos = 229d0 movzx eax,word [edi+0x43c] cmp dword [edi+eax*4+0x50f8],byte +0x0 jz JUMP_002066 mov eax,0x99e5 jmp JUMP_002069 JUMP_002066: ; Pos = 229eb push ebx mov al,[edi+0xc0] push eax call FUNC_000654 add esp,byte +0x8 test al,al jnz JUMP_002067 mov eax,0x98b7 jmp JUMP_002069 JUMP_002067: ; Pos = 22a09 push byte +0x1 push byte +0x4 call FUNC_000034 add esp,byte +0x8 push byte +0x4 call FUNC_000035 pop ecx test eax,eax jz near JUMP_002070 push byte +0x0 push byte +0x4 call FUNC_000034 add esp,byte +0x8 test byte [ebx+0x14c],0x40 jnz JUMP_002068 mov byte [edi+0xe8],0x1a mov dword [edi+0x106],0x17530 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_002068: ; Pos = 22a59 mov dword [edi+0xf0],0x1 mov byte [edi+0xf8],0x0 push byte +0x0 push byte +0x7 call FUNC_000148 add esp,byte +0x8 ; FIX: Station instead of player set to 0x4f mov eax, [DATA_008861] movzx eax, byte [eax+0x86] mov edx, [DATA_007758] mov byte [edx+eax], 0x4f ; xor eax,eax ; mov al,[ebx+0x86] ; mov edx,[DATA_007758] ; mov byte [edx+eax], 0x4f push byte +0x0 push byte +0x1 push byte +0x3 call FUNC_000144 add esp,byte +0xc mov eax,0x98bb JUMP_002069: ; Pos = 22a9b mov [esi],eax mov eax,[ebx+0xa0] mov edx,eax shl edx,0x10 shr eax,0x10 or edx,eax mov [esi+0xc],edx mov dword [esi+0x18],0x8 push esi call FUNC_000351 pop ecx JUMP_002070: ; Pos = 22abe pop edi pop esi pop ebx pop ebp ret nop FUNC_000382: ; Pos = 22ac4 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,DATA_008804 mov ax,[esi+0x43c] cmp ax,byte +0x4 jz near JUMP_002078 test ax,ax jnz JUMP_002071 mov dword [DATA_002321],DATA_005268 mov dword [DATA_002322],0x9 jmp short JUMP_002074 JUMP_002071: ; Pos = 22afe cmp ax,byte +0x1 jnz JUMP_002072 mov dword [DATA_002321],DATA_005270 mov dword [DATA_002322],0x9 jmp short JUMP_002074 JUMP_002072: ; Pos = 22b1a cmp ax,byte +0x2 jnz JUMP_002073 mov dword [DATA_002321],DATA_005269 mov dword [DATA_002322],0x9 jmp short JUMP_002074 JUMP_002073: ; Pos = 22b36 mov dword [DATA_002321],DATA_005268 mov dword [DATA_002322],0x9 JUMP_002074: ; Pos = 22b4a push byte +0x14 call near [DATA_007217] ; FUNC_000922 pop ecx cmp eax,byte +0x3 jnc JUMP_002075 mov dword [DATA_002321],DATA_005268 mov dword [DATA_002322],0x9 JUMP_002075: ; Pos = 22b6c mov eax,[esi+0xc8] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] mov cx,[eax+0x6] mov eax,[esi+0xc8] movzx eax,word [eax+0xe4] shl eax,0x2 lea eax,[eax+eax*4] lea eax,[eax+eax*4] test eax,eax jns JUMP_002076 add eax,byte +0x3 JUMP_002076: ; Pos = 22ba4 sar eax,0x2 movsx edx,cx mov ecx,edx cdq idiv ecx mov edi,eax cmp edi,byte +0x4b jnl JUMP_002077 push byte +0x2 call near [DATA_007217] ; FUNC_000922 pop ecx test eax,eax jz JUMP_002077 mov dword [DATA_002321],DATA_005272 mov dword [DATA_002322],0x4 JUMP_002077: ; Pos = 22bd7 push byte +0x1 push byte +0x35 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov eax,[esi+0xcc] mov eax,[eax+0xa0] mov [esi+0x48f0],eax push byte +0x15 lea eax,[esi+0x48f0] push eax call FUNC_000505 add esp,byte +0x8 mov dword [ebx],0x98dc push dword 0x8000 push byte +0x2 mov eax,[esi+0x48f0] push eax push ebx push dword 0x98d3 push byte +0x0 call FUNC_000331 add esp,byte +0x18 push ebx push dword 0x980d call FUNC_000348 add esp,byte +0x8 push ebx push dword 0x980e call FUNC_000348 add esp,byte +0x8 push ebx push dword 0x980f call FUNC_000348 add esp,byte +0x8 push ebx push dword 0x9810 call FUNC_000348 add esp,byte +0x8 call FUNC_000335 JUMP_002078: ; Pos = 22c67 pop edi pop esi pop ebx pop ebp ret FUNC_000383: ; Pos = 22c6c push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0x8] call FUNC_000341 ; FIX: incorrect tech prices mov dword [DATA_009064],0xc cmp word [DATA_008995],0xcc jc JUMP_002079 mov dword [DATA_009064],0xb cmp word [DATA_008995],0xb3 jc JUMP_002079 mov dword [DATA_009064],0xa cmp word [DATA_008995],byte +0x17 jc JUMP_002079 mov dword [DATA_009064],0x9 JUMP_002079: ; Pos = 22cc3 mov eax,[DATA_009064] push eax push byte +0xa call FUNC_000034 add esp,byte +0x8 push byte +0x1 push byte +0xb call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0xb call FUNC_000034 add esp,byte +0x8 push byte +0xa call FUNC_000035 pop ecx mov [ebp-0x4],eax mov dword [esi],0x986f xor edi,edi mov ebx,DATA_005292 JUMP_002080: ; Pos = 22d03 movzx eax,word [DATA_008995] xor edx,edx mov dl,[ebx] cmp eax,edx jl JUMP_002083 cmp byte [ebx+0x1],0x0 jz JUMP_002081 mov eax,[ebx-0x13] imul dword [ebp-0x4] mov [esi+0x4],eax mov eax,[ebx-0xf] imul dword [ebp-0x4] mov [esi+0x8],eax jmp short JUMP_002082 JUMP_002081: ; Pos = 22d2c mov eax,[ebx-0x13] imul dword [DATA_009064] mov [esi+0x4],eax mov eax,[ebx-0xf] imul dword [DATA_009064] mov [esi+0x8],eax JUMP_002082: ; Pos = 22d44 mov eax,[ebx-0xb] mov [esi+0xc],eax lea eax,[edi+0x9875] mov [esi+0x24],eax mov [esi+0x10],edi push edi mov eax,[DATA_008861] push eax call FUNC_000392 add esp,byte +0x8 test eax,eax setnz al and eax,byte +0x1 mov [esi+0x18],eax push esi call FUNC_000345 pop ecx JUMP_002083: ; Pos = 22d77 inc edi add ebx,byte +0x16 cmp edi,byte +0x42 jl JUMP_002080 call FUNC_000385 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000384: ; Pos = 22d8c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov dword [DATA_002321],DATA_005271 mov dword [DATA_002322],0x12 mov eax,[DATA_008862] mov eax,[eax+0xa0] mov [DATA_009056],eax push byte +0x17 push dword DATA_009056 call FUNC_000505 add esp,byte +0x8 mov dword [ebx],0x98eb push dword 0x8000 push byte +0x4 mov eax,[DATA_009056] push eax push ebx push dword 0x98d3 push byte +0x4 call FUNC_000331 add esp,byte +0x18 push ebx call FUNC_000383 pop ecx pop ebx pop ebp ret FUNC_000385: ; Pos = 22df4 push ebp mov ebp,esp push byte +0x4 call FUNC_000541 pop ecx pop ebp ret FUNC_000386: ; Pos = 22e04 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx+0x10] mov esi,ebx lea edi,[ebp-0x30] mov ecx,0xc rep movsd mov edx,[DATA_008861] mov [ebp-0x14],edx lea edx,[eax+0x9875] mov [ebp-0x30],edx mov esi,[DATA_009051] test byte [ebx+0x18],0x10 jnz near JUMP_002086 mov edx,[ebx+0x4] add edx,edx lea edx,[edx+edx*4] cmp edx,[DATA_008888] jng JUMP_002084 lea eax,[ebp-0x30] push eax push dword 0x99e4 call FUNC_000389 add esp,byte +0x8 jmp JUMP_002087 JUMP_002084: ; Pos = 22e67 lea edx,[eax+eax*4] lea edx,[eax+edx*2] mov ecx,[edx*2+DATA_005290] mov edi,[DATA_008889] sub edi,[DATA_008891] cmp ecx,edi jng JUMP_002085 lea eax,[ebp-0x30] push eax push dword 0x98fe call FUNC_000389 add esp,byte +0x8 jmp short JUMP_002087 JUMP_002085: ; Pos = 22e97 push eax lea ecx,[eax+eax*4] lea ecx,[eax+ecx*2] add ecx,ecx add ecx,DATA_005289 push ecx lea ecx,[ebp-0x30] push ecx xor eax,eax mov al,[edx*2+DATA_005291] lea eax,[eax+eax*4] mov eax,[eax*4+DATA_005293] call eax add esp,byte +0xc jmp short JUMP_002087 JUMP_002086: ; Pos = 22ec5 push eax lea edx,[eax+eax*4] lea edx,[eax+edx*2] add edx,edx add edx,DATA_005289 push edx lea edx,[ebp-0x30] push edx mov edx,eax lea eax,[edx+eax*4] lea eax,[edx+eax*2] movzx eax,byte [eax*2+DATA_005291] lea eax,[eax+eax*4] mov eax,[eax*4+DATA_005294] call eax add esp,byte +0xc JUMP_002087: ; Pos = 22ef8 push byte +0x0 push byte +0x12 call FUNC_000148 add esp,byte +0x8 cmp esi,[DATA_009051] jnz JUMP_002088 push ebx call FUNC_000383 pop ecx jmp short JUMP_002089 JUMP_002088: ; Pos = 22f15 call FUNC_000385 JUMP_002089: ; Pos = 22f1a pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000387: ; Pos = 22f24 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x4] add edx,edx lea edx,[edx+edx*4] sub [DATA_008888],edx push eax push dword 0x9900 call FUNC_000389 add esp,byte +0x8 pop ebp ret FUNC_000388: ; Pos = 22f48 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x8] add edx,edx lea edx,[edx+edx*4] add [DATA_008888],edx push eax push dword 0x9901 call FUNC_000389 add esp,byte +0x8 pop ebp ret FUNC_000389: ; Pos = 22f6c push ebp mov ebp,esp add esp,byte -0x30 mov eax,[ebp+0x8] mov [ebp-0x30],eax mov eax,[ebp+0xc] mov eax,[eax] mov [ebp-0x2c],eax lea eax,[ebp-0x30] push eax call FUNC_000352 pop ecx call FUNC_000385 mov esp,ebp pop ebp ret nop FUNC_000390: ; Pos = 22f94 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0xc] mov edi,[ebp+0x8] test ebx,ebx jl JUMP_002090 cmp ebx,byte +0x42 jl JUMP_002091 JUMP_002090: ; Pos = 22fa9 mov eax,0x1 jmp short JUMP_002094 JUMP_002091: ; Pos = 22fb0 lea esi,[ebx+ebx*4] lea esi,[ebx+esi*2] add esi,esi add esi,DATA_005289 push esi push edi xor eax,eax mov al,[esi+0x10] lea eax,[eax+eax*4] mov eax,[eax*4+DATA_005295] call eax add esp,byte +0x8 test eax,eax jnz JUMP_002093 cmp edi,[DATA_008861] jnz JUMP_002092 mov eax,[esi+0x8] sub [DATA_008889],eax JUMP_002092: ; Pos = 22fe9 add ebx,byte +0x64 push ebx xor eax,eax mov al,[edi+0x86] push eax push byte +0xc call FUNC_000048 add esp,byte +0xc xor eax,eax mov al,[edi+0x86] push eax push byte +0x0 push byte +0x13 call FUNC_000048 add esp,byte +0xc xor eax,eax jmp short JUMP_002094 JUMP_002093: ; Pos = 23019 mov eax,0x1 JUMP_002094: ; Pos = 2301e pop edi pop esi pop ebx pop ebp ret nop FUNC_000391: ; Pos = 23024 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0xc] mov edi,[ebp+0x8] test ebx,ebx jl JUMP_002095 cmp ebx,byte +0x42 jl JUMP_002096 JUMP_002095: ; Pos = 23039 mov eax,0x1 jmp short JUMP_002099 JUMP_002096: ; Pos = 23040 lea esi,[ebx+ebx*4] lea esi,[ebx+esi*2] add esi,esi add esi,DATA_005289 push esi push edi xor eax,eax mov al,[esi+0x10] lea eax,[eax+eax*4] mov eax,[eax*4+DATA_005296] call eax add esp,byte +0x8 test eax,eax jnz JUMP_002098 cmp edi,[DATA_008861] jnz JUMP_002097 mov eax,[esi+0x8] add [DATA_008889],eax JUMP_002097: ; Pos = 23079 add ebx,byte +0x64 push ebx xor eax,eax mov al,[edi+0x86] push eax push byte +0xc call FUNC_000048 add esp,byte +0xc xor eax,eax mov al,[edi+0x86] push eax push byte +0x0 push byte +0x13 call FUNC_000048 add esp,byte +0xc xor eax,eax jmp short JUMP_002099 JUMP_002098: ; Pos = 230a9 mov eax,0x1 JUMP_002099: ; Pos = 230ae pop edi pop esi pop ebx pop ebp ret nop FUNC_000392: ; Pos = 230b4 push ebp mov ebp,esp mov eax,[ebp+0xc] test eax,eax jl JUMP_002100 cmp eax,byte +0x42 jl JUMP_002101 JUMP_002100: ; Pos = 230c3 xor eax,eax pop ebp ret JUMP_002101: ; Pos = 230c7 mov edx,eax lea eax,[edx+eax*4] lea eax,[edx+eax*2] add eax,eax add eax,DATA_005289 push eax mov edx,[ebp+0x8] push edx movzx eax,byte [eax+0x10] lea eax,[eax+eax*4] mov eax,[eax*4+DATA_005297] call eax add esp,byte +0x8 pop ebp ret FUNC_000393: ; Pos = 230f4 push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] xor ecx,ecx mov cl,[edx+0x12] xor ecx,byte +0x10 mov ebx,0x1 shl ebx,cl mov ecx,ebx and ecx,[eax+0xc8] jz JUMP_002102 mov eax,0x1 pop ebx pop ebp ret JUMP_002102: ; Pos = 2311f or [eax+0xc8],ebx xor eax,eax pop ebx pop ebp ret FUNC_000394: ; Pos = 2312c push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x8] mov ebx,[edi+0x1c] mov eax,[ebp+0xc] movzx esi,byte [eax+0x12] mov ecx,esi xor ecx,byte +0x10 mov eax,0x1 shl eax,cl and eax,[ebx+0xc8] jz JUMP_002103 push edi push dword 0x98f7 call FUNC_000389 add esp,byte +0x8 jmp short JUMP_002106 JUMP_002103: ; Pos = 23163 cmp esi,byte +0x4 jnz JUMP_002104 mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x4] test ah,0x1 jnz JUMP_002104 push edi push dword 0x9903 call FUNC_000389 add esp,byte +0x8 jmp short JUMP_002106 JUMP_002104: ; Pos = 23192 cmp esi,byte +0xd jnz JUMP_002105 test byte [ebx+0xca],0x10 jnz JUMP_002105 push edi push dword 0x9904 call FUNC_000389 add esp,byte +0x8 jmp short JUMP_002106 JUMP_002105: ; Pos = 231b0 mov eax,[ebp+0x10] push eax push ebx call FUNC_000390 add esp,byte +0x8 push edi call FUNC_000387 pop ecx JUMP_002106: ; Pos = 231c4 pop edi pop esi pop ebx pop ebp ret nop nop nop FUNC_000395: ; Pos = 231cc push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] xor ecx,ecx mov cl,[edx+0x12] xor ecx,byte +0x10 mov ebx,0x1 shl ebx,cl mov ecx,ebx and ecx,[eax+0xc8] jz JUMP_002107 not ebx and [eax+0xc8],ebx xor eax,eax pop ebx pop ebp ret JUMP_002107: ; Pos = 231fc mov eax,0x1 pop ebx pop ebp ret FUNC_000396: ; Pos = 23204 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebp+0xc] movzx eax,byte [eax+0x12] mov ecx,eax xor ecx,byte +0x10 mov eax,0x1 shl eax,cl mov edx,[ebx+0x1c] and eax,[edx+0xc8] jz JUMP_002108 mov eax,[ebp+0x10] push eax push edx call FUNC_000391 add esp,byte +0x8 push ebx call FUNC_000388 pop ecx pop ebx pop ebp ret JUMP_002108: ; Pos = 23240 push ebx push dword 0x98fa call FUNC_000389 add esp,byte +0x8 pop ebx pop ebp ret nop nop nop FUNC_000397: ; Pos = 23254 push ebp mov ebp,esp mov eax,0x1 mov edx,[ebp+0xc] xor ecx,ecx mov cl,[edx+0x12] xor ecx,byte +0x10 mov edx,0x1 shl edx,cl mov ecx,[ebp+0x8] and edx,[ecx+0xc8] jnz JUMP_002109 dec eax JUMP_002109: ; Pos = 2327a pop ebp ret FUNC_000398: ; Pos = 2327c push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,[DATA_008861] jnz JUMP_002110 inc dword [DATA_008890] push byte +0xf push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc xor eax,eax pop ebp ret JUMP_002110: ; Pos = 232a2 mov eax,0x1 pop ebp ret nop nop nop FUNC_000399: ; Pos = 232ac push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebp+0x10] push eax mov eax,[ebx+0x1c] push eax call FUNC_000390 add esp,byte +0x8 push ebx call FUNC_000387 pop ecx pop ebx pop ebp ret nop nop nop FUNC_000400: ; Pos = 232d0 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,[DATA_008861] jnz JUMP_002111 cmp dword [DATA_008890],byte +0x0 jng JUMP_002111 dec dword [DATA_008890] push byte +0xf push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc xor eax,eax pop ebp ret JUMP_002111: ; Pos = 232ff mov eax,0x1 pop ebp ret nop nop FUNC_000401: ; Pos = 23308 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[DATA_008890] mov [ebx+0x18],eax cmp dword [DATA_008890],byte +0x0 jnz JUMP_002112 push ebx push dword 0x98fa call FUNC_000389 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002112: ; Pos = 23331 mov eax,[DATA_008892] cmp eax,[DATA_008890] jnz JUMP_002113 push ebx push dword 0x98fc call FUNC_000389 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002113: ; Pos = 2334f mov eax,[ebp+0x10] push eax mov eax,[ebx+0x1c] push eax call FUNC_000391 add esp,byte +0x8 push ebx call FUNC_000388 pop ecx pop ebx pop ebp ret nop nop nop FUNC_000402: ; Pos = 2336c push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,[DATA_008861] jnz JUMP_002114 mov eax,[DATA_008890] pop ebp ret JUMP_002114: ; Pos = 23381 xor eax,eax pop ebp ret nop nop nop FUNC_000403: ; Pos = 23388 push ebp mov ebp,esp push esi mov esi,[ebp+0xc] mov eax,[ebp+0x8] movsx ecx,byte [eax+0xd1] xor edx,edx add eax,0xd2 cmp ecx,edx jng JUMP_002117 JUMP_002115: ; Pos = 233a4 cmp byte [eax],0x0 jnz JUMP_002116 mov dl,[esi+0x12] mov [eax],dl xor eax,eax pop esi pop ebp ret JUMP_002116: ; Pos = 233b3 inc edx inc eax cmp ecx,edx jg JUMP_002115 JUMP_002117: ; Pos = 233b9 mov eax,0x1 pop esi pop ebp ret nop nop nop FUNC_000404: ; Pos = 233c4 push ebp mov ebp,esp mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000428 add esp,byte +0x8 pop ebp ret nop nop nop FUNC_000405: ; Pos = 233dc push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov eax,[ebp+0x8] movsx ecx,byte [eax+0xd1] xor edx,edx add eax,0xd2 cmp ecx,edx jng JUMP_002120 JUMP_002118: ; Pos = 233f9 mov bl,[esi+0x12] cmp bl,[eax] jnz JUMP_002119 mov byte [eax],0x0 xor eax,eax jmp short JUMP_002121 JUMP_002119: ; Pos = 23407 inc edx inc eax cmp ecx,edx jg JUMP_002118 JUMP_002120: ; Pos = 2340d mov eax,0x1 JUMP_002121: ; Pos = 23412 pop esi pop ebx pop ebp ret nop nop FUNC_000406: ; Pos = 23418 push ebp mov ebp,esp mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000428 add esp,byte +0x8 pop ebp ret nop nop nop FUNC_000407: ; Pos = 23430 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov eax,[ebp+0x8] lea edx,[eax+0xd2] xor ecx,ecx movsx eax,byte [eax+0xd1] dec eax add edx,eax test eax,eax jl JUMP_002124 JUMP_002122: ; Pos = 23451 mov bl,[esi+0x12] cmp bl,[edx] jnz JUMP_002123 inc ecx JUMP_002123: ; Pos = 23459 dec eax dec edx test eax,eax jnl JUMP_002122 JUMP_002124: ; Pos = 2345f mov eax,ecx pop esi pop ebx pop ebp ret nop nop nop FUNC_000408: ; Pos = 23468 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0xd0],0x0 jz JUMP_002125 mov eax,0x1 pop ebp ret JUMP_002125: ; Pos = 2347e mov edx,[ebp+0xc] mov dl,[edx+0x12] mov [eax+0xd0],dl mov dword [DATA_008924],0x1f4 mov edx,[DATA_008807] mov [DATA_008926],edx cmp eax,[DATA_008861] jnz JUMP_002126 and word [DATA_008860],0xfffe JUMP_002126: ; Pos = 234b1 xor eax,eax pop ebp ret nop nop nop FUNC_000409: ; Pos = 234b8 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0x1c] cmp byte [eax+0xd0],0x0 jz JUMP_002127 push ebx push dword 0x98f9 call FUNC_000389 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002127: ; Pos = 234dc mov eax,[ebp+0x10] push eax mov eax,[ebx+0x1c] push eax call FUNC_000390 add esp,byte +0x8 push ebx call FUNC_000387 pop ecx pop ebx pop ebp ret nop nop FUNC_000410: ; Pos = 234f8 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] cmp word [eax+0x14],byte +0x0 jl JUMP_002128 movsx eax,byte [ebx+0xd0] mov edx,[ebp+0xc] movzx edx,byte [edx+0x12] cmp eax,edx jnz JUMP_002128 mov byte [ebx+0xd0],0x0 xor eax,eax mov [ebx+0x11e],eax xor eax,eax pop ebx pop ebp ret JUMP_002128: ; Pos = 2353d mov eax,0x1 pop ebx pop ebp ret nop nop nop FUNC_000411: ; Pos = 23548 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0x1c] movsx eax,byte [eax+0xd0] mov edx,[ebp+0xc] movzx edx,byte [edx+0x12] cmp eax,edx jz JUMP_002129 push ebx push dword 0x98fa call FUNC_000389 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002129: ; Pos = 23575 mov eax,[ebx+0x1c] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] cmp word [eax+0x14],byte +0x0 jnl JUMP_002130 push ebx push dword 0x98fb call FUNC_000389 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002130: ; Pos = 235a1 mov eax,[ebp+0x10] push eax mov eax,[ebx+0x1c] push eax call FUNC_000391 add esp,byte +0x8 push ebx call FUNC_000388 pop ecx pop ebx pop ebp ret nop FUNC_000412: ; Pos = 235bc push ebp mov ebp,esp mov eax,0x1 mov edx,[ebp+0x8] movsx edx,byte [edx+0xd0] mov ecx,[ebp+0xc] movzx ecx,byte [ecx+0x12] cmp edx,ecx jz JUMP_002131 dec eax JUMP_002131: ; Pos = 235da pop ebp ret FUNC_000413: ; Pos = 235dc push ebp mov ebp,esp mov eax,[ebp+0x8] add word [eax+0xe2],byte +0x40 xor eax,eax pop ebp ret nop nop FUNC_000414: ; Pos = 235f0 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebp+0x10] push eax mov eax,[ebx+0x1c] push eax call FUNC_000390 add esp,byte +0x8 push ebx call FUNC_000387 pop ecx pop ebx pop ebp ret nop nop nop FUNC_000415: ; Pos = 23614 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp word [eax+0xe2],byte +0x40 jc JUMP_002132 add word [eax+0xe2],0xffc0 xor eax,eax pop ebp ret JUMP_002132: ; Pos = 23631 mov eax,0x1 pop ebp ret FUNC_000416: ; Pos = 23638 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0x1c] cmp word [eax+0xe2],byte +0x40 jnc JUMP_002133 push ebx push dword 0x98fa call FUNC_000389 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002133: ; Pos = 2365d mov eax,[ebp+0x10] push eax mov eax,[ebx+0x1c] push eax call FUNC_000391 add esp,byte +0x8 push ebx call FUNC_000388 pop ecx pop ebx pop ebp ret nop FUNC_000417: ; Pos = 23678 push ebp mov ebp,esp mov eax,[ebp+0x8] movzx eax,word [eax+0xe2] test eax,eax jns JUMP_002134 add eax,byte +0x3f JUMP_002134: ; Pos = 2368c sar eax,0x6 pop ebp ret nop nop nop FUNC_000418: ; Pos = 23694 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov eax,[esi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx edx,word [eax+0x12] lea eax,[esi+0xd6] add eax,edx jmp short JUMP_002136 JUMP_002135: ; Pos = 236be cmp byte [eax],0x0 jnz JUMP_002136 mov dl,[ebx+0x12] mov [eax],dl xor eax,eax jmp short JUMP_002137 JUMP_002136: ; Pos = 236cc dec eax dec edx jns JUMP_002135 mov eax,0x1 JUMP_002137: ; Pos = 236d5 pop esi pop ebx pop ebp ret nop nop nop FUNC_000419: ; Pos = 236dc push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] mov eax,[ebx+0x1c] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx edx,word [eax+0x12] mov eax,[ebx+0x1c] add eax,0xd6 add eax,edx jmp short JUMP_002139 JUMP_002138: ; Pos = 2370b cmp byte [eax],0x0 jnz JUMP_002139 push esi mov eax,[ebx+0x1c] push eax call FUNC_000390 add esp,byte +0x8 push ebx call FUNC_000387 pop ecx jmp short JUMP_002140 JUMP_002139: ; Pos = 23726 dec eax dec edx jns JUMP_002138 push ebx push dword 0x98f8 call FUNC_000389 add esp,byte +0x8 JUMP_002140: ; Pos = 23738 pop esi pop ebx pop ebp ret FUNC_000420: ; Pos = 2373c push ebp mov ebp,esp push ebx mov ecx,[ebp+0xc] mov eax,[ebp+0x8] add eax,0xd6 mov edx,0x9 add eax,byte +0x9 JUMP_002141: ; Pos = 23753 mov bl,[eax] cmp bl,[ecx+0x12] jnz JUMP_002142 mov byte [eax],0x0 xor eax,eax pop ebx pop ebp ret JUMP_002142: ; Pos = 23762 dec edx dec eax test edx,edx jnl JUMP_002141 mov eax,0x1 pop ebx pop ebp ret FUNC_000421: ; Pos = 23770 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0xc] mov ebx,[ebp+0x8] mov esi,[ebx+0x1c] lea eax,[esi+0xd6] mov edx,0x9 add eax,byte +0x9 JUMP_002143: ; Pos = 2378d mov cl,[edi+0x12] cmp cl,[eax] jnz JUMP_002144 mov eax,[ebp+0x10] push eax push esi call FUNC_000391 add esp,byte +0x8 push ebx call FUNC_000388 pop ecx jmp short JUMP_002145 JUMP_002144: ; Pos = 237aa dec edx dec eax test edx,edx jnl JUMP_002143 push ebx push dword 0x98fa call FUNC_000389 add esp,byte +0x8 JUMP_002145: ; Pos = 237be pop edi pop esi pop ebx pop ebp ret nop FUNC_000422: ; Pos = 237c4 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] xor ecx,ecx mov eax,[ebp+0x8] add eax,0xd6 xor edx,edx JUMP_002146: ; Pos = 237d8 mov bl,[esi+0x12] cmp bl,[eax] jnz JUMP_002147 inc ecx JUMP_002147: ; Pos = 237e0 inc edx inc eax cmp edx,byte +0xa jl JUMP_002146 mov eax,ecx pop esi pop ebx pop ebp ret nop nop nop FUNC_000423: ; Pos = 237f0 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,[DATA_008861] jnz JUMP_002148 cmp dword [DATA_009104],byte +0xa jnl JUMP_002148 mov eax,[ebp+0xc] movzx eax,byte [eax+0x12] push eax call FUNC_000248 pop ecx xor eax,eax pop ebp ret JUMP_002148: ; Pos = 23819 mov eax,0x1 pop ebp ret FUNC_000424: ; Pos = 23820 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[DATA_009104] mov [ebx+0x18],eax cmp dword [DATA_009104],byte +0xa jl JUMP_002149 push ebx push dword 0x99d6 call FUNC_000389 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002149: ; Pos = 23849 mov eax,[ebp+0x10] push eax mov eax,[ebx+0x1c] push eax call FUNC_000390 add esp,byte +0x8 push ebx call FUNC_000387 pop ecx pop ebx pop ebp ret nop FUNC_000425: ; Pos = 23864 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,[DATA_008861] jnz JUMP_002150 cmp dword [DATA_009105],byte +0x0 jng JUMP_002150 call FUNC_000249 xor eax,eax pop ebp ret JUMP_002150: ; Pos = 23884 mov eax,0x1 pop ebp ret nop FUNC_000426: ; Pos = 2388c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp dword [DATA_009105],byte +0x0 jng JUMP_002151 mov eax,[ebp+0x10] push eax mov eax,[ebx+0x1c] push eax call FUNC_000391 add esp,byte +0x8 push ebx call FUNC_000388 pop ecx pop ebx pop ebp ret JUMP_002151: ; Pos = 238b6 push ebx push dword 0x98fa call FUNC_000389 add esp,byte +0x8 pop ebx pop ebp ret nop FUNC_000427: ; Pos = 238c8 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,[DATA_008861] jnz JUMP_002152 mov eax,[DATA_009105] pop ebp ret JUMP_002152: ; Pos = 238dd xor eax,eax pop ebp ret nop nop nop FUNC_000428: ; Pos = 238e4 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx+0x1c] mov edx,eax add edx,0xd2 mov [ebp-0x4],edx movsx esi,byte [eax+0xd1] xor eax,eax mov [ebp-0x8],eax test byte [ebx+0x18],0x10 jz JUMP_002153 mov eax,[ebp+0xc] movzx edi,byte [eax+0x12] jmp short JUMP_002154 JUMP_002153: ; Pos = 23919 xor edi,edi JUMP_002154: ; Pos = 2391b xor eax,eax mov edx,[ebp-0x4] cmp esi,eax jng JUMP_002157 JUMP_002155: ; Pos = 23924 xor ecx,ecx mov cl,[edx] cmp edi,ecx jnz JUMP_002156 inc dword [ebp-0x8] mov [ebp-0xc],eax JUMP_002156: ; Pos = 23932 inc eax inc edx cmp esi,eax jg JUMP_002155 JUMP_002157: ; Pos = 23938 cmp dword [ebp-0x8],byte +0x1 jnl JUMP_002158 push ebx push dword 0x98ff call FUNC_000567 add esp,byte +0x8 jmp JUMP_002165 JUMP_002158: ; Pos = 23951 cmp dword [ebp-0x8],byte +0x1 jnz JUMP_002160 test byte [ebx+0x18],0x10 jz JUMP_002159 mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp-0xc] push eax call FUNC_000435 add esp,byte +0xc jmp JUMP_002165 JUMP_002159: ; Pos = 23973 mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp-0xc] push eax call FUNC_000434 add esp,byte +0xc jmp JUMP_002165 JUMP_002160: ; Pos = 23989 call FUNC_000342 mov eax,[ebx+0x18] mov [ebx+0x2c],eax xor eax,eax mov [ebx+0x18],eax test esi,esi jng JUMP_002161 mov eax,[ebp-0x4] movzx eax,byte [eax] cmp edi,eax jnz JUMP_002161 push ebx push dword 0x9870 call FUNC_000348 add esp,byte +0x8 JUMP_002161: ; Pos = 239b5 cmp esi,byte +0x1 jng JUMP_002162 mov eax,[ebp-0x4] movzx eax,byte [eax+0x1] cmp edi,eax jnz JUMP_002162 push ebx push dword 0x9871 call FUNC_000348 add esp,byte +0x8 JUMP_002162: ; Pos = 239d3 cmp esi,byte +0x2 jng JUMP_002163 mov eax,[ebp-0x4] movzx eax,byte [eax+0x2] cmp edi,eax jnz JUMP_002163 push ebx push dword 0x9872 call FUNC_000348 add esp,byte +0x8 JUMP_002163: ; Pos = 239f1 cmp esi,byte +0x3 jng JUMP_002164 mov eax,[ebp-0x4] movzx eax,byte [eax+0x3] cmp edi,eax jnz JUMP_002164 push ebx push dword 0x9873 call FUNC_000348 add esp,byte +0x8 JUMP_002164: ; Pos = 23a0f mov dword [ebx],0x9902 push ebx call FUNC_000334 pop ecx JUMP_002165: ; Pos = 23a1c pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_000429: ; Pos = 23a24 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax push byte +0x1 call FUNC_000433 add esp,byte +0x8 pop ebp ret nop FUNC_000430: ; Pos = 23a38 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax push byte +0x2 call FUNC_000433 add esp,byte +0x8 pop ebp ret nop FUNC_000431: ; Pos = 23a4c push ebp mov ebp,esp mov eax,[ebp+0x8] push eax push byte +0x3 call FUNC_000433 add esp,byte +0x8 pop ebp ret nop FUNC_000432: ; Pos = 23a60 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax push byte +0x0 call FUNC_000433 add esp,byte +0x8 pop ebp ret nop FUNC_000433: ; Pos = 23a74 push ebp mov ebp,esp add esp,byte -0x60 push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] lea eax,[ebp-0x30] push eax call FUNC_000384 pop ecx test byte [ebx+0x2c],0x10 jz JUMP_002166 mov eax,[ebx+0x10] mov edx,eax lea eax,[edx+eax*4] lea eax,[edx+eax*2] add eax,eax add eax,DATA_005289 push eax push ebx push esi call FUNC_000435 add esp,byte +0xc jmp short JUMP_002167 JUMP_002166: ; Pos = 23ab2 mov eax,[ebx+0x10] mov edx,eax lea eax,[edx+eax*4] lea eax,[edx+eax*2] add eax,eax add eax,DATA_005289 push eax push ebx push esi call FUNC_000434 add esp,byte +0xc JUMP_002167: ; Pos = 23ad0 lea eax,[ebp-0x60] push eax call FUNC_000383 pop ecx pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000434: ; Pos = 23ae0 push ebp mov ebp,esp push ebx push esi mov ecx,[ebp+0x10] mov esi,[ebp+0xc] mov edx,[ebp+0x8] mov eax,[DATA_008861] add eax,0xd2 cmp byte [eax+edx],0x0 jz JUMP_002168 push esi push dword 0x98fd call FUNC_000567 add esp,byte +0x8 jmp short JUMP_002169 JUMP_002168: ; Pos = 23b0e mov bl,[ecx+0x12] mov [eax+edx],bl mov eax,[ecx+0x8] sub [DATA_008889],eax push esi call FUNC_000387 pop ecx JUMP_002169: ; Pos = 23b24 pop esi pop ebx pop ebp ret FUNC_000435: ; Pos = 23b28 push ebp mov ebp,esp push ebx push esi mov ecx,[ebp+0x10] mov esi,[ebp+0xc] mov edx,[ebp+0x8] mov eax,[DATA_008861] add eax,0xd2 mov bl,[eax+edx] cmp bl,[ecx+0x12] jz JUMP_002170 push esi push dword 0x98fa call FUNC_000389 add esp,byte +0x8 jmp short JUMP_002171 JUMP_002170: ; Pos = 23b58 mov byte [eax+edx],0x0 mov eax,[ecx+0x8] add [DATA_008889],eax push esi call FUNC_000388 pop ecx JUMP_002171: ; Pos = 23b6c pop esi pop ebx pop ebp ret FUNC_000436: ; Pos = 23b70 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000437 pop ecx pop ebp ret nop FUNC_000437: ; Pos = 23b80 push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0x8] mov dword [ebx],0x98ec mov eax,[DATA_008862] mov [ebx+0x1c],eax mov eax,[DATA_008862] mov eax,[eax+0xa0] mov edx,eax shl edx,0x8 shr eax,0x18 or edx,eax mov [DATA_009056],edx push dword 0x8000 push byte +0x5 push edx push ebx push dword 0x98d3 push byte +0x5 call FUNC_000331 add esp,byte +0x18 mov eax,[DATA_008862] movzx eax,byte [eax+0x86] push eax call FUNC_000649 pop ecx mov esi,eax mov [DATA_009058],esi mov eax,[esi+0x31e] dec eax mov [ebx+0x18],eax test eax,eax jl near JUMP_002174 mov eax,[DATA_008861] movsx edx,byte [eax+0xd0] mov edi,[edx*4+DATA_005300] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx edx,word [eax+0xa] add edi,edx mov ax,[eax+0x14] and eax,0xff sub edi,[eax*4+DATA_005300] mov eax,edi shl eax,0x4 sub eax,edi shl eax,0x3 sub eax,edi shl eax,0x2 sub eax,edi add eax,eax mov edi,eax mov dword [ebx],0x9811 xor eax,eax mov [ebp-0x4],eax lea eax,[esi+0x2e6] mov esi,eax jmp short JUMP_002173 JUMP_002172: ; Pos = 23c5c movzx eax,word [esi] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx edx,word [eax+0xa] shl edx,0x3 lea edx,[edx+edx*4] lea edx,[edx+edx*4] lea edx,[edx+edx*4] mov [ebx+0x4],edx sub edx,edi mov [ebx+0x8],edx movsx edx,word [eax+0x8] mov [ebx+0xc],edx movsx eax,word [eax+0xe] mov [ebx+0x24],eax movzx eax,word [esi+0x2] shl eax,0x10 movzx edx,word [esi] add eax,edx mov [ebx+0x10],eax push ebx call FUNC_000345 pop ecx add esi,byte +0x4 inc dword [ebp-0x4] dec dword [ebx+0x18] JUMP_002173: ; Pos = 23caf cmp dword [ebx+0x18],byte +0x0 jnl JUMP_002172 jmp short JUMP_002175 JUMP_002174: ; Pos = 23cb7 mov dword [ebx],0x98ed push ebx call FUNC_000352 pop ecx JUMP_002175: ; Pos = 23cc4 push byte +0x5 call FUNC_000541 pop ecx pop edi pop esi pop ebx pop ecx pop ebp ret nop nop FUNC_000438: ; Pos = 23cd4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] call FUNC_000117 mov al,[DATA_008870] cmp al,0x2a jz JUMP_002176 cmp al,0x30 jnz JUMP_002177 JUMP_002176: ; Pos = 23ced call FUNC_000560 call FUNC_001637_FlipScreen JUMP_002177: ; Pos = 23cf7 test byte [ebx+0x18],0x10 jz JUMP_002178 push ebx call FUNC_000439 pop ecx pop ebx pop ebp ret JUMP_002178: ; Pos = 23d07 push ebx call FUNC_000442 pop ecx pop ebx pop ebp ret FUNC_000439: ; Pos = 23d14 push ebp mov ebp,esp add esp,byte -0x64 push ebx push esi push edi mov esi,[ebp+0x8] lea edi,[ebp-0x64] push esi push edi lea edi,[ebp-0x50] mov ecx,0xc rep movsd pop edi pop esi mov dword [ebp-0x50],0x9811 call FUNC_000342 lea eax,[ebp-0x50] push eax call FUNC_000345 pop ecx mov eax,[ebp-0x40] shr eax,0x10 imul eax,eax,0x4a0d mov [DATA_009074],eax push dword DATA_009075 push eax push edi push byte +0x12 call FUNC_000791 add esp,byte +0x10 push byte +0x6 call FUNC_000540 pop ecx mov ax,[ebp-0x40] and ax,0xffff movzx eax,ax push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov ebx,[eax+0x38] movsx eax,word [ebx+0x6] mov [edi],eax movsx eax,word [ebx+0x8] mov [edi+0x4],eax mov ax,[ebx+0x4] and eax,byte +0xf mov [edi+0x8],eax movsx eax,word [ebx+0x12] mov [edi+0xc],eax movsx eax,word [ebx+0x10] mov [edi+0x10],eax push byte +0x0 push byte +0x19 push dword 0x87 movsx eax,byte [DATA_005286] push eax push edi push dword 0x9913 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 lea eax,[ebp-0x20] push eax mov ax,[ebp-0x40] and ax,0xffff push eax call FUNC_000902 add esp,byte +0x8 mov eax,[ebp-0x20] mov [edi],eax mov eax,[ebp-0x1c] mov [edi+0x4],eax mov eax,[ebp-0x18] mov [edi+0x8],eax push byte +0x0 push byte +0x73 push dword 0x87 movsx eax,byte [DATA_005286] push eax push edi push dword 0x9915 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 mov eax,[ebp-0x14] mov [edi],eax mov eax,[ebp-0x10] mov [edi+0x4],eax mov eax,[ebp-0xc] mov [edi+0x8],eax push byte +0x0 push dword 0x87 push dword 0xd7 movsx eax,byte [DATA_005286] push eax push edi push dword 0x9916 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 movsx eax,word [ebx] mov ecx,0x36 cdq idiv ecx mov [edi],eax movsx eax,word [ebx+0x2] neg eax mov ecx,0x36 cdq idiv ecx mov [edi+0x4],eax mov eax,[ebp-0x8] mov [edi+0x8],eax movsx eax,byte [ebx+0x14] mov eax,[eax*4+DATA_005301] mov [edi+0xc],eax mov eax,DATA_009075 mov [edi+0x10],eax push byte +0x0 push byte +0x4b push dword 0x87 movsx eax,byte [DATA_005286] push eax push edi push dword 0x9914 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call FUNC_001637_FlipScreen call FUNC_001617_BlitVidToBuf mov eax,[esi+0x10] mov [esi],eax push esi call FUNC_000559 pop ecx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000440: ; Pos = 23ec0 push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,[ebp+0x8] add [DATA_008888],edx mov [eax+0xc],edx mov dword [eax],0x9950 push eax call FUNC_000352 pop ecx pop ebp ret FUNC_000441: ; Pos = 23ee4 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,DATA_008804 mov eax,[ebp+0xc] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov edi,eax xor edx,edx lea eax,[ebx+0xd6] JUMP_002179: ; Pos = 23f0a mov byte [eax],0x0 inc edx inc eax cmp edx,byte +0xa jl JUMP_002179 xor eax,eax mov [ebx+0xc8],eax xor eax,eax mov [ebx+0xcc],eax mov byte [ebx+0xd2],0x0 mov byte [ebx+0xd3],0x0 mov byte [ebx+0xd4],0x0 mov byte [ebx+0xd5],0x0 mov word [ebx+0xe0],0x0 mov word [ebx+0xe2],0x0 mov dword [ebx+0x11e],0x20000000 mov eax,[ebp+0x10] mov [ebx+0xa0],eax cmp ebx,[esi+0xc8] jnz near JUMP_002180 cmp byte [esi+0xe8],0x2a jnz near JUMP_002180 mov eax,[esi+0xcc] test byte [eax+0x14c],0x40 jz JUMP_002180 mov eax,[ebx+0x140] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 push eax push dword [ebx+0x42] push dword [ebx+0x3e] lea eax,[ebx+0x3e] push eax call FUNC_001336_Int64Sub32 add esp,byte +0x10 mov eax,[ebx+0x140] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 push eax push dword [ebx+0x4a] push dword [ebx+0x46] lea eax,[ebx+0x46] push eax call FUNC_001336_Int64Sub32 add esp,byte +0x10 mov eax,[ebx+0x140] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 push eax push dword [ebx+0x52] push dword [ebx+0x4e] lea eax,[ebx+0x4e] push eax call FUNC_001336_Int64Sub32 add esp,byte +0x10 JUMP_002180: ; Pos = 23fff mov eax,[ebp+0xc] push eax push ebx push ebx call near [DATA_007755] ; FUNC_001533 add esp,byte +0xc lea eax,[ebx+0x124] push eax mov eax,[ebx+0xa0] push eax lea eax,[ebp-0x14] push eax push byte +0x12 call FUNC_000791 add esp,byte +0x10 mov eax,[edi+0x38] cmp word [eax+0x14],byte +0x0 jl JUMP_002181 mov al,[eax+0x14] and al,0xff mov [ebx+0xd0],al JUMP_002181: ; Pos = 2403f cmp ebx,[esi+0xc8] jnz near JUMP_002182 cmp byte [esi+0xe8],0x2a jnz near JUMP_002182 mov eax,[esi+0xcc] test byte [eax+0x14c],0x40 jz near JUMP_002182 mov eax,[esi+0xc8] mov eax,[eax+0x140] push eax mov eax,[esi+0xc8] mov eax,[eax+0xc] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0xc8] push dword [eax+0x42] push dword [eax+0x3e] mov eax,[esi+0xc8] add eax,byte +0x3e push eax call FUNC_001334_Int64Add32 add esp,byte +0x10 mov eax,[esi+0xc8] mov eax,[eax+0x140] push eax mov eax,[esi+0xc8] mov eax,[eax+0x10] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0xc8] push dword [eax+0x4a] push dword [eax+0x46] mov eax,[esi+0xc8] add eax,byte +0x46 push eax call FUNC_001334_Int64Add32 add esp,byte +0x10 mov eax,[esi+0xc8] mov eax,[eax+0x140] push eax mov eax,[esi+0xc8] mov eax,[eax+0x14] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0xc8] push dword [eax+0x52] push dword [eax+0x4e] mov eax,[esi+0xc8] add eax,byte +0x4e push eax call FUNC_001334_Int64Add32 add esp,byte +0x10 JUMP_002182: ; Pos = 24125 cmp ebx,[esi+0xc8] jnz near JUMP_002183 mov dword [esi+0x1f4],0x1f4 mov dword [esi+0x1f8],0x1f4 mov eax,[esi+0x4] mov [esi+0x1fc],eax mov eax,[esi+0x4] mov [esi+0x200],eax mov eax,[edi+0x38] movsx eax,word [eax+0x10] dec eax mov [esi+0x502c],eax push ebx call FUNC_000993 pop ecx call FUNC_000250 movsx eax,word [ebx+0xbc] mov [esi+0x214],eax movsx eax,word [ebx+0xbe] mov [esi+0x218],eax movsx eax,word [ebx+0xc0] mov [esi+0x21c],eax movsx eax,word [ebx+0xc2] mov [esi+0x220],eax movsx eax,word [ebx+0xc4] mov [esi+0x224],eax movsx eax,word [ebx+0xc6] mov [esi+0x228],eax mov eax,[edi+0x38] mov ax,[eax+0x14] test ax,ax jl JUMP_002183 and eax,0xff mov eax,[eax*4+DATA_005302] sub [esi+0x118],eax JUMP_002183: ; Pos = 241dd xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0xb call FUNC_000048 add esp,byte +0xc pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000442: ; Pos = 241fc push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,DATA_008804 cmp dword [esi+0x124],byte +0x0 jz JUMP_002184 mov dword [ebx],0x98ef push ebx call FUNC_000352 pop ecx jmp JUMP_002188 JUMP_002184: ; Pos = 24228 mov eax,[ebx+0x8] add eax,eax lea eax,[eax+eax*4] sub [esi+0x114],eax cmp dword [esi+0x114],byte +0x0 jnl JUMP_002185 push ebx push eax call FUNC_000440 add esp,byte +0x8 jmp JUMP_002188 JUMP_002185: ; Pos = 2424e mov eax,[esi+0xc8] mov edx,[eax+0x82] mov [ebp-0x4],edx mov eax,[eax+0xa0] mov [ebp-0x8],eax push ebx call FUNC_000439 pop ecx mov eax,[esi+0x4a1c] push eax mov eax,[ebx+0x10] and eax,0xffff push eax mov eax,[esi+0xc8] push eax call FUNC_000441 add esp,byte +0xc push byte +0x0 call FUNC_000956 pop ecx push ebx call FUNC_000439 pop ecx mov dword [DATA_002321],DATA_005273 mov dword [DATA_002322],0x6 mov eax,[ebx+0x10] mov [ebx+0x4],eax mov eax,[ebx+0x10] mov edx,eax shl edx,0x10 shr eax,0x10 or edx,eax mov [ebx+0x10],edx and edx,0xffff mov eax,[esi+0x48f8] mov ecx,[eax+0x31e] dec ecx mov eax,[esi+0x48f8] lea eax,[eax+ecx*4+0x2e8] test ecx,ecx jl JUMP_002187 JUMP_002186: ; Pos = 242e9 movzx edi,word [eax] cmp edx,edi jz JUMP_002187 dec ecx add eax,byte -0x4 test ecx,ecx jnl JUMP_002186 JUMP_002187: ; Pos = 242f8 mov edi,[esi+0x48f8] mov ax,[ebp-0x4] mov [edi+ecx*4+0x2e6],ax mov eax,[ebp-0x8] push ecx mov ecx,0x4a0d xor edx,edx div ecx pop ecx mov [edi+ecx*4+0x2e8],ax mov dword [ebx],0x98ee push ebx call FUNC_000352 pop ecx call FUNC_000342 call FUNC_000566 push byte +0x0 push byte +0x12 call FUNC_000148 add esp,byte +0x8 JUMP_002188: ; Pos = 24343 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000443: ; Pos = 2434c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov dword [ebx],0x98f0 push ebx call FUNC_000352 pop ecx push ebx call FUNC_000444 pop ecx pop ebx pop ebp ret FUNC_000444: ; Pos = 2436c push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov ebx,[ebp+0x8] call FUNC_000342 mov dword [DATA_009052],0x98d3 mov eax,[DATA_008862] mov eax,[eax+0xa0] mov edx,eax shl edx,0xe shr eax,0x12 or edx,eax mov [DATA_009056],edx mov dword [DATA_009061],0x8000 mov dword [DATA_009057],0x6 mov eax,[DATA_008861] mov [ebx+0x1c],eax mov edi,eax mov eax,[edi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov esi,[eax+0x38] mov [ebx+0x2c],esi movsx eax,word [esi+0xa] shl eax,0x4 lea eax,[eax+eax*4] mov [ebx+0xc],eax mov dword [ebx],0x9815 push ebx call FUNC_000345 pop ecx cmp byte [edi+0xd0],0x0 jz JUMP_002189 movsx eax,word [esi+0xa] add eax,eax lea eax,[eax+eax*4] lea eax,[eax+eax*4] mov [ebx+0xc],eax mov eax,[DATA_008926] mov [ebx+0x8],eax mov dword [ebx],0x9816 push ebx call FUNC_000345 pop ecx JUMP_002189: ; Pos = 2441b mov eax,[DATA_008925] mov [ebx+0x8],eax movsx eax,word [esi+0xa] add eax,eax lea eax,[eax+eax*4] lea eax,[eax+eax*4] mov [ebx+0xc],eax mov dword [ebx],0x9817 push ebx call FUNC_000345 pop ecx movsx eax,word [esi+0x6] shl eax,0x2 movzx edx,word [edi+0xe4] sub eax,edx mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jz JUMP_002190 mov eax,[ebp-0x4] lea eax,[eax+eax*4] lea eax,[eax+eax*4] mov [ebx+0x4],eax mov dword [ebx+0xc],0xa mov dword [ebx],0x9813 push ebx call FUNC_000345 pop ecx mov eax,[ebp-0x4] lea eax,[eax+eax*4] lea eax,[eax+eax*4] mov [ebx+0x4],eax movsx eax,word [esi+0x6] shl eax,0x2 mov [ebx+0x8],eax mov eax,[ebp-0x4] add eax,eax lea eax,[eax+eax*4] mov [ebx+0xc],eax mov dword [ebx],0x9818 push ebx call FUNC_000345 pop ecx JUMP_002190: ; Pos = 244a6 cmp byte [edi+0xd0],0x0 jz JUMP_002193 mov dword [ebx+0xc],0x64 xor esi,esi mov dword [ebp-0xc],DATA_008935 JUMP_002191: ; Pos = 244bf mov eax,[ebp-0xc] cmp dword [eax],byte +0x0 jnz JUMP_002192 lea eax,[esi+0x99ae] mov [ebx+0x4],eax mov dword [ebx],0x9814 push ebx call FUNC_000345 pop ecx JUMP_002192: ; Pos = 244dd inc esi add dword [ebp-0xc],byte +0x4 cmp esi,byte +0x6 jl JUMP_002191 JUMP_002193: ; Pos = 244e7 mov eax,[edi+0xcc] mov edx,eax shl edx,0x10 shr eax,0x10 or edx,eax mov [ebp-0x8],edx mov esi,0x1f mov edi,DATA_005303 JUMP_002194: ; Pos = 24504 test byte [ebp-0x5],0x80 jnz JUMP_002195 shl dword [ebp-0x8],1 jmp short JUMP_002196 JUMP_002195: ; Pos = 2450f shl dword [ebp-0x8],1 mov [ebx+0x4],esi mov eax,[edi] mov [ebx+0x8],eax mov eax,[edi+0x4] mov [ebx+0xc],eax mov dword [ebx],0x9812 push ebx call FUNC_000345 pop ecx JUMP_002196: ; Pos = 2452d dec esi add edi,byte -0x8 test esi,esi jnl JUMP_002194 call FUNC_000445 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000445: ; Pos = 24544 push ebp mov ebp,esp push byte +0x8 call FUNC_000541 pop ecx pop ebp ret FUNC_000446: ; Pos = 24554 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0xc] add eax,eax lea eax,[eax+eax*4] sub [DATA_008888],eax cmp dword [DATA_008888],byte +0x0 jnl JUMP_002197 push ebx push eax call FUNC_000440 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002197: ; Pos = 2457f mov ecx,[ebx+0x4] xor ecx,byte +0x10 mov eax,0x1 shl eax,cl mov edx,eax not edx mov ecx,[DATA_008861] and [ecx+0xcc],edx mov edx,[DATA_008861] or [edx+0xc8],eax mov dword [ebx],0x98f1 push ebx call FUNC_000352 pop ecx push ebx call FUNC_000444 pop ecx pop ebx pop ebp ret FUNC_000447: ; Pos = 245c0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0xc] add edx,edx lea edx,[edx+edx*4] sub [DATA_008888],edx cmp dword [DATA_008888],byte +0x0 jnl JUMP_002198 push eax push edx call FUNC_000440 add esp,byte +0x8 pop ebp ret JUMP_002198: ; Pos = 245e9 mov edx,[DATA_008861] inc word [edx+0xe4] push eax call FUNC_000444 pop ecx pop ebp ret FUNC_000448: ; Pos = 24600 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0xc] add edx,edx lea edx,[edx+edx*4] sub [DATA_008888],edx cmp dword [DATA_008888],byte +0x0 jnl JUMP_002199 push eax push edx call FUNC_000440 add esp,byte +0x8 pop ebp ret JUMP_002199: ; Pos = 24629 mov edx,[DATA_008861] mov cx,[eax+0x8] mov [edx+0xe4],cx push eax call FUNC_000444 pop ecx pop ebp ret FUNC_000449: ; Pos = 24644 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov eax,[ebx+0xc] add eax,eax lea eax,[eax+eax*4] sub [DATA_008888],eax cmp dword [DATA_008888],byte +0x0 jnl JUMP_002200 push ebx push eax call FUNC_000440 add esp,byte +0x8 jmp JUMP_002208 JUMP_002200: ; Pos = 24672 mov eax,[DATA_008861] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov ecx,[eax+0x38] mov edx,[ebx+0x4] add edx,0xffff6652 mov ax,[ecx+0x2] neg ax mov esi,edx cmp esi,byte +0x5 ja near JUMP_002207 jmp near [esi*4+DATA_000027] SECTION .data DATA_000027: ; Pos = 246aa dd JUMP_002201 dd JUMP_002202 dd JUMP_002203 dd JUMP_002204 dd JUMP_002205 dd JUMP_002206 SECTION .text JUMP_002201: ; Pos = 246c2 mov ecx,[DATA_008861] mov [ecx+0xbc],ax movsx eax,ax mov [edx*4+DATA_008935],eax jmp JUMP_002207 JUMP_002202: ; Pos = 246de mov ecx,eax neg cx mov esi,[DATA_008861] mov [esi+0xbe],cx movsx eax,ax neg eax mov [edx*4+DATA_008935],eax jmp short JUMP_002207 JUMP_002203: ; Pos = 246fe mov ecx,[DATA_008861] mov [ecx+0xc0],ax movsx eax,ax mov [edx*4+DATA_008935],eax jmp short JUMP_002207 JUMP_002204: ; Pos = 24717 mov ecx,eax neg cx mov esi,[DATA_008861] mov [esi+0xc2],cx movsx eax,ax neg eax mov [edx*4+DATA_008935],eax jmp short JUMP_002207 JUMP_002205: ; Pos = 24737 mov ax,[ecx] mov ecx,[DATA_008861] mov [ecx+0xc4],ax movsx eax,ax mov [edx*4+DATA_008935],eax jmp short JUMP_002207 JUMP_002206: ; Pos = 24753 mov ecx,eax neg cx mov esi,[DATA_008861] mov [esi+0xc6],cx movsx eax,ax neg eax mov [edx*4+DATA_008935],eax JUMP_002207: ; Pos = 24771 push ebx call FUNC_000444 pop ecx JUMP_002208: ; Pos = 24778 pop esi pop ebx pop ebp ret FUNC_000450: ; Pos = 2477c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov edx,DATA_008804 mov eax,[ebx+0xc] add eax,eax lea eax,[eax+eax*4] sub [edx+0x114],eax cmp dword [edx+0x114],byte +0x0 jnl JUMP_002209 push ebx push eax call FUNC_000440 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002209: ; Pos = 247ac mov dword [edx+0x1f4],0x1f4 mov dword [edx+0x1f8],0x1f4 mov eax,[edx+0x4] mov [edx+0x1fc],eax mov eax,[edx+0x4] mov [edx+0x200],eax mov dword [ebx],0x98f2 push ebx call FUNC_000352 pop ecx push ebx call FUNC_000444 pop ecx pop ebx pop ebp ret FUNC_000451: ; Pos = 247ec push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0xc] add eax,eax lea eax,[eax+eax*4] sub [DATA_008888],eax cmp dword [DATA_008888],byte +0x0 jnl JUMP_002210 push ebx push eax call FUNC_000440 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002210: ; Pos = 24817 mov dword [DATA_008924],0x1f4 mov eax,[DATA_008807] mov [DATA_008926],eax mov dword [ebx],0x98f3 push ebx call FUNC_000352 pop ecx push ebx call FUNC_000444 pop ecx pop ebx pop ebp ret FUNC_000452: ; Pos = 24844 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0xc] add eax,eax lea eax,[eax+eax*4] sub [DATA_008888],eax cmp dword [DATA_008888],byte +0x0 jnl JUMP_002211 push ebx push eax call FUNC_000440 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002211: ; Pos = 2486f mov dword [DATA_008923],0x1f4 mov eax,[DATA_008807] mov [DATA_008925],eax mov dword [ebx],0x98f3 push ebx call FUNC_000352 pop ecx push ebx call FUNC_000444 pop ecx pop ebx pop ebp ret FUNC_000453: ; Pos = 2489c push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0x8] mov ax,[DATA_008996] cmp ax,byte +0x4 jz near JUMP_002220 cmp ax,byte +0x2 jnz JUMP_002212 mov dword [DATA_002321],DATA_005280 mov dword [DATA_002322],0x3 jmp short JUMP_002214 JUMP_002212: ; Pos = 248d4 cmp ax,byte +0x1 jnz JUMP_002213 mov dword [DATA_002321],DATA_005281 mov dword [DATA_002322],0x5 jmp short JUMP_002214 JUMP_002213: ; Pos = 248f0 mov dword [DATA_002321],DATA_005282 mov dword [DATA_002322],0xd JUMP_002214: ; Pos = 24904 push byte +0x1 push byte +0x34 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov eax,[DATA_008862] mov eax,[eax+0xa0] mov [ebp-0x8],eax push byte +0x13 lea eax,[ebp-0x8] push eax call FUNC_000504 add esp,byte +0x8 push dword 0x8000 push byte +0x0 mov eax,[ebp-0x8] push eax push byte +0x0 push dword 0x98d5 push byte +0x2 call FUNC_000331 add esp,byte +0x18 mov eax,[DATA_009067] mov [DATA_009050],eax mov eax,[DATA_008862] movzx eax,byte [eax+0x86] push eax call FUNC_000649 pop ecx mov [DATA_009058],eax xor edx,edx mov [esi+0x14],edx mov edx,[eax+0x2e2] mov [ebp-0x4],edx xor edi,edi lea ebx,[eax+0x132] cmp edi,[ebp-0x4] jnl JUMP_002217 JUMP_002215: ; Pos = 24985 mov eax,[ebx] test eax,eax jz JUMP_002216 mov [esi],eax mov [esi+0x14],edi mov eax,[ebx+0x4] mov [esi+0x8],eax mov eax,[ebx+0x8] mov [esi+0xc],eax mov eax,[ebx+0xc] mov [esi+0x10],eax mov [esi+0x2c],eax mov eax,[ebx+0x10] mov [esi+0x4],eax mov eax,[ebx+0x14] mov [esi+0x24],eax push esi call FUNC_000345 pop ecx JUMP_002216: ; Pos = 249b8 inc edi add ebx,byte +0x18 cmp edi,[ebp-0x4] jl JUMP_002215 JUMP_002217: ; Pos = 249c1 push byte +0x1 push byte +0x0 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x0 call FUNC_000034 add esp,byte +0x8 cmp dword [DATA_009051],byte +0x0 jng JUMP_002218 mov dword [esi],0x98dd jmp short JUMP_002219 JUMP_002218: ; Pos = 249ea mov dword [esi],0x98de JUMP_002219: ; Pos = 249f0 push esi call FUNC_000337 pop ecx JUMP_002220: ; Pos = 249f7 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000454: ; Pos = 24a00 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x8] mov [eax+0xc],edx mov dword [eax+0x8],0x98d7 mov edx,[eax+0x1c] mov [eax+0x4],edx push eax push dword 0x80 call FUNC_000537 add esp,byte +0x8 pop ebp ret FUNC_000455: ; Pos = 24a2c push ebp mov ebp,esp pop ebp ret FUNC_000456: ; Pos = 24a34 push ebp mov ebp,esp pop ebp ret FUNC_000457: ; Pos = 24a3c push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi lea ebx,[ebp-0x30] mov esi,DATA_008804 mov eax,[ebp+0x8] push esi mov esi,eax mov edi,ebx mov ecx,0xc rep movsd pop esi mov edi,[ebx+0x1c] mov dword [DATA_002321],DATA_005284 mov dword [DATA_002322],0xc mov eax,[ebx] add eax,0xffff6800 mov [esi+0x48fc],eax mov eax,[ebx+0x4] mov [esi+0x4900],eax mov eax,[ebx+0x8] mov [esi+0x4904],eax mov eax,[ebx+0xc] mov [esi+0x4908],eax mov eax,[ebx+0x10] mov [esi+0x490c],eax mov eax,[ebx+0x14] mov [esi+0x4910],eax mov eax,[ebx+0x24] mov [esi+0x4914],eax call FUNC_000342 mov dword [esi+0x48de],0x98d8 mov eax,[ebx+0x24] mov [esi+0x48f0],eax mov dword [esi+0x491c],0x8000 xor eax,eax mov [esi+0x48f4],eax mov eax,[esi+0x4900] mov [ebx+0x4],eax mov eax,[esi+0x4904] mov [ebx+0x8],eax mov eax,[esi+0x490c] mov [ebx+0x10],eax mov eax,[esi+0x4910] mov [ebx+0x14],eax mov eax,[esi+0x4914] mov [ebx+0x24],eax mov dword [ebx],0x986e mov dword [ebx+0xc],0x1 push ebx call FUNC_000345 pop ecx mov dword [ebx+0xc],0xa push ebx call FUNC_000345 pop ecx mov dword [ebx+0xc],0x64 push ebx call FUNC_000345 pop ecx mov dword [ebx+0xc],0x3e8 push ebx call FUNC_000345 pop ecx mov dword [ebx+0xc],0x2710 push ebx call FUNC_000345 pop ecx mov dword [ebx+0xc],0x186a0 push ebx call FUNC_000345 pop ecx mov dword [ebx],0x983f push ebx call FUNC_000345 pop ecx mov dword [ebx],0x99df mov [ebx+0x2c],edi push ebx call FUNC_000352 pop ecx call FUNC_000523 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000458: ; Pos = 24b94 push ebp mov ebp,esp mov edx,[ebp+0x8] mov eax,[edx+0xc] sub [DATA_008888],eax cmp dword [DATA_008888],byte +0x0 jnl JUMP_002221 push edx push eax call FUNC_000440 add esp,byte +0x8 pop ebp ret JUMP_002221: ; Pos = 24bb8 mov dword [edx+0x2c],0x99e0 cmp eax,0x3e8 jl JUMP_002222 inc dword [DATA_008922] JUMP_002222: ; Pos = 24bcc cmp eax,0x2710 jnl JUMP_002223 cmp dword [DATA_008922],byte +0x5 jng JUMP_002224 JUMP_002223: ; Pos = 24bdc mov dword [DATA_008922],0x5 JUMP_002224: ; Pos = 24be6 cmp eax,0x186a0 jl JUMP_002225 mov dword [edx+0x2c],0x99e1 JUMP_002225: ; Pos = 24bf4 push edx call FUNC_000353 pop ecx call FUNC_000523 pop ebp ret FUNC_000459: ; Pos = 24c04 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov dword [ebx],0x99c5 push ebx call FUNC_000352 pop ecx mov dword [ebx],0x983f push ebx call FUNC_000345 pop ecx call FUNC_000523 pop ebx pop ebp ret FUNC_000460: ; Pos = 24c30 push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0x8] add dword [ebx+0x8],0x121cf7 mov eax,[ebx+0x24] mov [DATA_009056],eax mov eax,[ebx] mov [DATA_009059],eax mov dword [ebx],0x99c4 push dword 0x8000 push byte +0x0 mov eax,[ebx+0x24] push eax push ebx push dword 0x98d8 push byte +0x1 call FUNC_000331 add esp,byte +0x18 mov esi,[ebx+0x24] shl esi,0x6 shl esi,0x8 sar esi,0x10 add esi,0x1000 cmp esi,[DATA_008911] jg JUMP_002226 push ebx call FUNC_000466 pop ecx test eax,eax jz JUMP_002227 JUMP_002226: ; Pos = 24c96 push ebx call FUNC_000459 pop ecx jmp JUMP_002228 JUMP_002227: ; Pos = 24ca2 mov ax,[ebx+0x24] mov [ebp-0x2],ax lea eax,[ebp-0x2] push eax push byte +0x10 call FUNC_000658 add esp,byte +0x8 mov [DATA_009066],eax mov dword [ebx],0x9861 push ebx call FUNC_000345 pop ecx mov edi,[ebx+0x4] mov esi,[ebx+0x8] mov [ebx+0x4],esi mov eax,[ebx+0x2c] mov [ebx+0x8],eax mov dword [ebx],0x9862 push ebx call FUNC_000345 pop ecx mov [ebx+0x4],edi mov [ebx+0x8],esi mov dword [ebx],0x9863 push ebx call FUNC_000345 pop ecx mov dword [ebx],0x9864 push ebx call FUNC_000345 pop ecx mov dword [ebx],0x983e push ebx call FUNC_000345 pop ecx mov dword [ebx],0x983f push ebx call FUNC_000345 pop ecx call FUNC_000523 JUMP_002228: ; Pos = 24d25 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000461: ; Pos = 24d2c push ebp mov ebp,esp add esp,byte -0x28 mov eax,[ebp+0xc] push eax lea eax,[ebp-0x28] push eax call FUNC_000860 add esp,byte +0x8 test eax,eax jz JUMP_002229 mov eax,0x1 jmp short JUMP_002230 JUMP_002229: ; Pos = 24d4d lea eax,[ebp-0x28] push eax mov eax,[ebp+0x8] push eax call FUNC_000878 add esp,byte +0x8 xor eax,eax JUMP_002230: ; Pos = 24d5f mov esp,ebp pop ebp ret FUNC_000462: ; Pos = 24d64 push ebp mov ebp,esp xor edx,edx mov eax,[ebp+0x8] jmp short JUMP_002233 JUMP_002231: ; Pos = 24d6e cmp word [eax+0xa],byte +0x20 jc JUMP_002232 inc edx JUMP_002232: ; Pos = 24d76 add eax,byte +0x44 JUMP_002233: ; Pos = 24d79 cmp dword [eax],byte +0x0 jnz JUMP_002231 mov eax,edx pop ebp ret FUNC_000463: ; Pos = 24d84 push ebp mov ebp,esp push ebx push esi mov ecx,[ebp+0xc] mov esi,[ebp+0x8] xor edx,edx mov eax,esi jmp short JUMP_002236 JUMP_002234: ; Pos = 24d95 cmp word [eax+0xa],byte +0x20 jc JUMP_002235 mov ebx,ecx add ecx,byte -0x1 test ebx,ebx jnz JUMP_002235 mov eax,edx shl eax,0x4 add eax,edx shl eax,0x2 add eax,esi jmp short JUMP_002237 JUMP_002235: ; Pos = 24db3 inc edx add eax,byte +0x44 JUMP_002236: ; Pos = 24db7 cmp dword [eax],byte +0x0 jnz JUMP_002234 xor eax,eax JUMP_002237: ; Pos = 24dbe pop esi pop ebx pop ebp ret FUNC_000464: ; Pos = 24dc4 push ebp mov ebp,esp push ebx push esi mov ecx,[ebp+0xc] mov esi,[ebp+0x8] xor edx,edx mov eax,esi jmp short JUMP_002240 JUMP_002238: ; Pos = 24dd5 cmp word [eax+0xa],byte +0x20 jc JUMP_002239 mov ebx,[eax+0x4] cmp ebx,ecx jnz JUMP_002239 mov eax,edx shl eax,0x4 add eax,edx shl eax,0x2 add eax,esi jmp short JUMP_002241 JUMP_002239: ; Pos = 24df1 inc edx add eax,byte +0x44 JUMP_002240: ; Pos = 24df5 cmp dword [eax],byte +0x0 jnz JUMP_002238 xor eax,eax JUMP_002241: ; Pos = 24dfc pop esi pop ebx pop ebp ret FUNC_000465: ; Pos = 24e00 push ebp mov ebp,esp push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] xor ecx,ecx mov eax,edi jmp short JUMP_002244 JUMP_002242: ; Pos = 24e11 mov dx,[eax+0xa] cmp dx,byte +0x1 jc JUMP_002243 cmp dx,byte +0x10 ja JUMP_002243 mov edx,[eax+0x4] cmp edx,esi jnz JUMP_002243 mov eax,ecx shl eax,0x4 add eax,ecx shl eax,0x2 add eax,edi jmp short JUMP_002245 JUMP_002243: ; Pos = 24e36 inc ecx add eax,byte +0x44 JUMP_002244: ; Pos = 24e3a cmp dword [eax],byte +0x0 jnz JUMP_002242 xor eax,eax JUMP_002245: ; Pos = 24e41 pop edi pop esi pop ebp ret FUNC_000466: ; Pos = 24e48 push ebp mov ebp,esp add esp,0xfffff00c push ebx push esi mov esi,[ebp+0x8] mov eax,[esi+0xc] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xfffff00c] push eax call FUNC_000461 add esp,byte +0x8 test eax,eax jz JUMP_002246 mov eax,0x1 jmp short JUMP_002248 JUMP_002246: ; Pos = 24e7a lea eax,[ebp+0xfffff00c] push eax call FUNC_000462 pop ecx mov ebx,eax test ebx,ebx jnz JUMP_002247 mov byte [DATA_009065],0xff mov eax,0x1 jmp short JUMP_002248 JUMP_002247: ; Pos = 24e9b mov eax,[esi+0x24] and eax,0xffff imul ebx sar eax,0x10 push eax lea eax,[ebp+0xfffff00c] push eax call FUNC_000463 add esp,byte +0x8 lea edx,[ebp+0xfffff00c] sub eax,edx mov ecx,0x44 cdq idiv ecx mov [DATA_009065],al xor eax,eax JUMP_002248: ; Pos = 24ecf pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000467: ; Pos = 24ed8 push ebp mov ebp,esp add esp,0xfffff00c push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 cmp dword [esi+0x4ef0],byte +0x6 jl JUMP_002249 mov dword [ebx],0x99cb push ebx call FUNC_000352 pop ecx jmp JUMP_002251 JUMP_002249: ; Pos = 24f06 mov dword [ebx],0x99ca push ebx call FUNC_000352 pop ecx mov eax,[ebx+0xc] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xfffff00c] push eax call FUNC_000461 add esp,byte +0x8 cmp dword [esi+0x48fc],0x9857 jnz JUMP_002250 mov eax,[esi+0x10a] push eax movsx eax,byte [esi+0x492a] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 lea edx,[ebp+0xfffff032] add eax,edx push eax push byte +0x0 push byte +0x0 mov eax,[esi+0x492c] push eax mov eax,[ebx+0x4] push eax mov eax,[ebx+0x8] push eax mov eax,[ebx+0x24] push eax mov eax,[ebx+0xc] push eax push byte +0x0 mov al,[ebx+0x2c] add al,0x44 shl eax,0x4 add al,[esi+0x43c] push eax call FUNC_000314 add esp,byte +0x2c push ebx call FUNC_000507 pop ecx jmp short JUMP_002251 JUMP_002250: ; Pos = 24f96 mov eax,[esi+0x10a] push eax movsx eax,byte [esi+0x492a] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 lea edx,[ebp+0xfffff032] add eax,edx push eax push byte +0x0 push byte +0x0 mov eax,[esi+0x492c] push eax mov eax,[ebx+0x4] push eax mov eax,[ebx+0x8] push eax mov eax,[ebx+0x24] push eax mov eax,[ebx+0xc] push eax push byte +0x0 mov al,[ebx+0x2c] add al,0x4c shl eax,0x4 push eax call FUNC_000314 add esp,byte +0x2c push ebx call FUNC_000535 pop ecx call FUNC_000342 push ebx push dword 0x983f call FUNC_000348 add esp,byte +0x8 call FUNC_000523 JUMP_002251: ; Pos = 25004 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000468: ; Pos = 2500c push ebp mov ebp,esp add esp,0xfffff00c push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0xc] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xfffff00c] push eax call FUNC_000461 add esp,byte +0x8 movsx eax,byte [DATA_009065] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 lea edx,[ebp+0xfffff032] add eax,edx mov [ebx+0x2c],eax mov eax,[ebx+0x8] mov [ebx+0x4],eax mov dword [ebx],0x99c8 push ebx call FUNC_000352 pop ecx pop ebx mov esp,ebp pop ebp ret FUNC_000469: ; Pos = 25068 push ebp mov ebp,esp add esp,0xfffff00c push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0xc] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xfffff00c] push eax call FUNC_000461 add esp,byte +0x8 movsx eax,byte [DATA_009065] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 lea edx,[ebp+0xfffff032] add eax,edx mov [ebx+0x2c],eax mov eax,[ebx+0x24] mov [ebx+0x8],eax mov dword [ebx],0x99c6 push ebx call FUNC_000352 pop ecx pop ebx mov esp,ebp pop ebp ret FUNC_000470: ; Pos = 250c4 push ebp mov ebp,esp add esp,byte -0x14 push ebx mov ebx,[ebp+0x8] push dword DATA_009148 mov eax,[ebx+0x24] push eax lea eax,[ebp-0x14] push eax push byte +0x12 call FUNC_000791 add esp,byte +0x10 mov eax,[ebx+0x2c] mov [ebx+0x8],eax mov eax,[DATA_009066] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0xe] mov [ebx+0xc],eax mov eax,DATA_009148 mov [ebx+0x2c],eax mov dword [ebx],0x99c7 push ebx call FUNC_000352 pop ecx pop ebx mov esp,ebp pop ebp ret FUNC_000471: ; Pos = 2511c push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [DATA_008922],byte +0x0 jnl JUMP_002252 push eax call FUNC_000475 pop ecx pop ebp ret JUMP_002252: ; Pos = 25134 push eax call FUNC_000474 pop ecx pop ebp ret FUNC_000472: ; Pos = 25140 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [DATA_008922],byte -0x9 jnl JUMP_002253 push eax call FUNC_000475 pop ecx pop ebp ret JUMP_002253: ; Pos = 25158 push eax call FUNC_000474 pop ecx pop ebp ret FUNC_000473: ; Pos = 25164 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000474 pop ecx pop ebp ret FUNC_000474: ; Pos = 25174 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x8] mov edi,DATA_008804 mov dword [DATA_002321],DATA_005283 mov dword [DATA_002322],0xb mov eax,[ebx+0x20] mov eax,[eax] mov [ebx],eax mov [edi+0x48fc],eax mov eax,[ebx+0x14] mov [edi+0x490c],eax mov eax,[ebx+0x8] mov [edi+0x4900],eax mov eax,[ebx+0xc] mov [edi+0x4904],eax mov eax,[ebx+0x10] mov [edi+0x4908],eax mov eax,[ebx+0x24] mov [edi+0x4910],eax mov eax,[ebx+0x2c] mov [edi+0x4914],eax call FUNC_000342 mov dword [edi+0x48de],0x98d8 mov eax,[ebx+0x1c] mov [edi+0x48f0],eax mov dword [edi+0x491c],0x8000 xor eax,eax mov [edi+0x48f4],eax mov dword [ebx],0x9841 mov esi,0x1 JUMP_002254: ; Pos = 2520e push ebx call FUNC_000345 pop ecx inc dword [ebx] inc esi cmp esi,byte +0x6 jng JUMP_002254 push ebx push dword 0x983f call FUNC_000348 add esp,byte +0x8 mov eax,[edi+0x4900] mov [ebx+0x8],eax mov eax,[edi+0x4904] mov [ebx+0xc],eax mov eax,[edi+0x4908] mov [ebx+0x10],eax mov eax,[edi+0x490c] mov [ebx+0x14],eax mov eax,[edi+0x4910] mov [ebx+0x24],eax mov eax,[edi+0x4914] mov [ebx+0x2c],eax mov dword [ebx],0x9931 push ebx call FUNC_000352 pop ecx call FUNC_000523 pop edi pop esi pop ebx pop ebp ret FUNC_000475: ; Pos = 25278 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] call FUNC_000342 push ebx push dword 0x983f call FUNC_000348 add esp,byte +0x8 mov dword [ebx],0x9932 push ebx call FUNC_000352 pop ecx call FUNC_000523 pop ebx pop ebp ret nop FUNC_000476: ; Pos = 252a8 push ebp mov ebp,esp mov eax,[ebp+0x8] mov ecx,DATA_008804 mov edx,[ecx+0x48fc] mov [eax],edx mov edx,[ecx+0x4900] mov [eax+0x8],edx mov edx,[ecx+0x4904] add edx,0x99b4 mov [eax+0xc],edx mov edx,[ecx+0x4908] mov [eax+0x10],edx mov edx,[ecx+0x490c] mov [eax+0x14],edx mov edx,[ecx+0x4914] mov [eax+0x2c],edx mov edx,[ecx+0x4910] mov [eax+0x24],edx mov [eax+0x4],edx test dword [eax+0x24],0xffff jnl JUMP_002255 mov dword [eax+0x2c],0x9936 jmp short JUMP_002256 JUMP_002255: ; Pos = 2530c mov dword [eax+0x2c],0x9935 JUMP_002256: ; Pos = 25313 push eax call FUNC_000353 pop ecx pop ebp ret FUNC_000477: ; Pos = 2531c push ebp mov ebp,esp mov eax,[ebp+0x8] mov ecx,DATA_008804 mov edx,[ecx+0x48fc] mov [eax],edx mov edx,[ecx+0x4900] mov [eax+0x8],edx mov edx,[ecx+0x4904] add edx,0x99b4 mov [eax+0xc],edx mov edx,[ecx+0x4908] mov [eax+0x10],edx mov edx,[ecx+0x490c] mov [eax+0x14],edx mov edx,[ecx+0x4910] mov [eax+0x24],edx and edx,0xffff sar edx,0xd add edx,0x9939 mov [eax+0x4],edx mov [eax+0x2c],edx push eax call FUNC_000353 pop ecx pop ebp ret FUNC_000478: ; Pos = 25380 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x8],0x4000 mov dword [eax+0xc],0x32 push eax call FUNC_000482 pop ecx pop ebp ret nop nop nop FUNC_000479: ; Pos = 253a0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x8],0x6000 mov dword [eax+0xc],0x64 push eax call FUNC_000482 pop ecx pop ebp ret nop nop nop FUNC_000480: ; Pos = 253c0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x8],0xe000 mov dword [eax+0xc],0x96 push eax call FUNC_000482 pop ecx pop ebp ret nop nop nop FUNC_000481: ; Pos = 253e0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x8],0xffff mov dword [eax+0xc],0xc8 push eax call FUNC_000482 pop ecx pop ebp ret nop nop nop FUNC_000482: ; Pos = 25400 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 mov eax,[ebx+0xc] mov [esi+0x4904],eax mov eax,[esi+0x4908] mov [ebx+0x10],eax mov eax,[esi+0x490c] mov [ebx+0x14],eax mov eax,[esi+0x4910] mov [ebx+0x24],eax mov eax,[esi+0x4914] mov [ebx+0x2c],eax mov eax,[esi+0x5030] cmp eax,[esi+0x502c] jl JUMP_002257 mov dword [ebx],0x9937 push ebx call FUNC_000352 pop ecx jmp JUMP_002259 JUMP_002257: ; Pos = 2545a mov eax,[ebx+0x24] and eax,0xffff cmp eax,[ebx+0x8] jl JUMP_002258 mov eax,[esi+0x48fc] mov [ebx],eax mov eax,[esi+0x4900] mov [ebx+0x8],eax mov eax,[esi+0x4904] mov [ebx+0xc],eax mov eax,[esi+0x4908] mov [ebx+0x10],eax mov eax,[esi+0x490c] mov [ebx+0x14],eax mov eax,[esi+0x4910] mov [ebx+0x24],eax mov dword [ebx+0x2c],0x9934 push ebx call FUNC_000353 pop ecx jmp JUMP_002259 JUMP_002258: ; Pos = 254af mov eax,[esi+0x5030] mov edx,[ebx+0x24] mov [esi+eax*8+0x5034],edx mov eax,[esi+0x5030] mov edx,[ebx+0xc] mov [esi+eax*8+0x5038],edx inc dword [esi+0x5030] mov dword [ebx+0x2c],0x9933 push ebx call FUNC_000353 pop ecx mov eax,[esi+0x48fc] mov [ebx],eax mov eax,[esi+0x4900] mov [ebx+0x8],eax mov eax,[esi+0x4904] mov [ebx+0xc],eax mov eax,[esi+0x4908] mov [ebx+0x10],eax mov eax,[esi+0x490c] mov [ebx+0x14],eax mov eax,[esi+0x4910] mov [ebx+0x24],eax mov eax,[esi+0x4914] mov [ebx+0x2c],eax push ebx call FUNC_000535 pop ecx call FUNC_000342 push ebx push dword 0x983f call FUNC_000348 add esp,byte +0x8 call FUNC_000523 JUMP_002259: ; Pos = 25540 pop esi pop ebx pop ebp ret FUNC_000483: ; Pos = 25544 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp dword [DATA_008922],byte +0x0 jnl JUMP_002260 mov dword [ebx],0x991f push dword 0x8000 push byte +0x0 mov eax,[ebx+0x24] mov edx,eax shl edx,0x1c shr eax,0x4 or edx,eax push edx push ebx push dword 0x98d8 push byte +0x1 call FUNC_000331 add esp,byte +0x18 push ebx call FUNC_000484 pop ecx pop ebx pop ebp ret JUMP_002260: ; Pos = 25589 mov dword [ebx],0x9941 push dword 0x8000 push byte +0x0 mov eax,[ebx+0x24] mov edx,eax shl edx,0x1c shr eax,0x4 or edx,eax push edx push ebx push dword 0x98d8 push byte +0x1 call FUNC_000331 add esp,byte +0x18 push ebx push dword 0x9847 call FUNC_000348 add esp,byte +0x8 cmp dword [DATA_008916],byte +0x0 jz JUMP_002261 mov eax,[DATA_009007] mov [ebx+0x8],eax mov eax,[DATA_008916] mov [ebx+0xc],eax push ebx push dword 0x9848 call FUNC_000348 add esp,byte +0x8 cmp dword [DATA_008915],byte +0x0 jz JUMP_002261 mov eax,[DATA_009008] mov [ebx+0x8],eax mov eax,[DATA_008915] mov [ebx+0xc],eax push ebx push dword 0x9848 call FUNC_000348 add esp,byte +0x8 cmp dword [DATA_008914],byte +0x0 jz JUMP_002261 mov eax,[DATA_009009] mov [ebx+0x8],eax mov eax,[DATA_008914] mov [ebx+0xc],eax push ebx push dword 0x9848 call FUNC_000348 add esp,byte +0x8 JUMP_002261: ; Pos = 25637 mov dword [ebx],0x9849 push ebx call FUNC_000345 pop ecx mov dword [ebx],0x984a push ebx call FUNC_000345 pop ecx push ebx push dword 0x983f call FUNC_000348 add esp,byte +0x8 call FUNC_000523 pop ebx pop ebp ret nop FUNC_000484: ; Pos = 25668 push ebp mov ebp,esp call FUNC_000342 mov eax,[ebp+0x8] push eax push dword 0x983f call FUNC_000348 add esp,byte +0x8 call FUNC_000523 pop ebp ret FUNC_000485: ; Pos = 25688 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x8] xor esi,esi xor edx,edx mov eax,DATA_009081 jmp short JUMP_002264 JUMP_002262: ; Pos = 2569c mov ecx,[ebx+0x24] cmp ecx,[eax] jnz JUMP_002263 test byte [eax-0xb],0x20 jnz JUMP_002263 inc esi jmp short JUMP_002265 JUMP_002263: ; Pos = 256ac inc edx add eax,byte +0x14 JUMP_002264: ; Pos = 256b0 cmp edx,[DATA_009073] jl JUMP_002262 JUMP_002265: ; Pos = 256b8 test esi,esi jz JUMP_002268 lea eax,[edx+edx*4] mov eax,[eax*4+DATA_009080] and eax,0xff sar eax,0x2 inc eax sub [DATA_008892],eax dec dword [DATA_009073] lea eax,[edx+edx*4] lea eax,[eax*4+DATA_009079] jmp short JUMP_002267 JUMP_002266: ; Pos = 256e7 inc edx add eax,byte +0x14 mov esi,eax mov edi,eax mov ecx,0x5 rep movsd JUMP_002267: ; Pos = 256f6 cmp edx,[DATA_009073] jl JUMP_002266 sub dword [DATA_008922],byte +0x8 mov dword [ebx+0x2c],0x9943 push ebx call FUNC_000488 pop ecx push byte +0x10 push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_002269 JUMP_002268: ; Pos = 25723 mov dword [ebx+0x2c],0x9946 dec dword [DATA_008922] push ebx call FUNC_000353 pop ecx push ebx call FUNC_000484 pop ecx JUMP_002269: ; Pos = 2573e pop edi pop esi pop ebx pop ebp ret nop FUNC_000486: ; Pos = 25744 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov dword [ebx+0x2c],0x9942 mov eax,[ebx+0x8] cmp eax,[ebx+0x24] jnz JUMP_002270 push ebx call FUNC_000488 pop ecx pop ebx pop ebp ret JUMP_002270: ; Pos = 25764 mov dword [ebx+0x2c],0x9944 dec dword [DATA_008922] push ebx call FUNC_000353 pop ecx push ebx call FUNC_000484 pop ecx pop ebx pop ebp ret nop nop FUNC_000487: ; Pos = 25784 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov dword [ebx+0x2c],0x9948 cmp dword [ebx+0x10],byte +0x1 jnz JUMP_002271 push ebx call FUNC_000488 pop ecx pop ebx pop ebp ret JUMP_002271: ; Pos = 257a2 mov dword [ebx+0x2c],0x9945 dec dword [DATA_008922] push ebx call FUNC_000353 pop ecx push ebx call FUNC_000484 pop ecx pop ebx pop ebp ret FUNC_000488: ; Pos = 257c0 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000353 pop ecx mov eax,[ebx+0x4] add eax,eax lea eax,[eax+eax*4] add [DATA_008888],eax push ebx call FUNC_000535 pop ecx call FUNC_000342 push ebx push dword 0x983f call FUNC_000348 add esp,byte +0x8 call FUNC_000523 pop ebx pop ebp ret nop nop FUNC_000489: ; Pos = 25800 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x2c],0x9947 push eax call FUNC_000353 pop ecx pop ebp ret nop nop FUNC_000490: ; Pos = 25818 push ebp mov ebp,esp mov edx,DATA_008804 mov dword [edx+0x48f4],0xa mov dword [edx+0x48de],0x9908 mov byte [edx+0x4921],0x2 mov eax,[edx+0xcc] mov eax,[eax+0xa0] mov ecx,eax shl ecx,0x8 shr eax,0x18 or ecx,eax mov [edx+0x48f0],ecx mov eax,[ebp+0x8] push eax call FUNC_000492 pop ecx pop ebp ret nop FUNC_000491: ; Pos = 25864 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [DATA_009057],0xb mov dword [DATA_009052],0x9909 mov byte [DATA_009063],0x1 mov edx,[DATA_008862] mov edx,[edx+0xa0] mov ecx,edx shl ecx,0xf shr edx,0x11 or ecx,edx mov [eax+0x24],ecx and dword [eax+0x24],byte -0x2 push eax call FUNC_000492 pop ecx pop ebp ret nop FUNC_000492: ; Pos = 258ac push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x24] mov [DATA_009056],edx mov dword [DATA_009061],0x8000 push eax call FUNC_000493 pop ecx pop ebp ret nop nop FUNC_000493: ; Pos = 258d0 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] mov eax,[DATA_008862] mov [esi+0x1c],eax call FUNC_000342 mov ebx,DATA_009004 jmp short JUMP_002273 JUMP_002272: ; Pos = 258ec mov [esi],eax mov eax,[ebx+0x10] mov [esi+0x4],eax mov eax,[ebx+0x8] mov [esi+0x8],eax mov eax,[ebx+0x4] mov [esi+0xc],eax mov eax,[ebx+0x14] mov [esi+0x24],eax mov eax,[ebx+0xc] mov [esi+0x2c],eax push esi call FUNC_000345 pop ecx add ebx,byte +0x18 JUMP_002273: ; Pos = 25916 mov eax,[ebx] test eax,eax jnz JUMP_002272 push byte +0x3 push byte +0x0 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x0 call FUNC_000034 add esp,byte +0x8 cmp dword [DATA_009051],byte +0x0 jnz JUMP_002274 mov dword [esi],0x990b jmp short JUMP_002275 JUMP_002274: ; Pos = 25945 mov dword [esi],0x990a JUMP_002275: ; Pos = 2594b push esi call FUNC_000352 pop ecx push esi push dword 0x983f call FUNC_000348 add esp,byte +0x8 call FUNC_000494 pop esi pop ebx pop ebp ret nop nop nop FUNC_000494: ; Pos = 2596c push ebp mov ebp,esp push byte +0x7 call FUNC_000541 pop ecx pop ebp ret nop nop nop FUNC_000495: ; Pos = 2597c push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000496 pop ecx pop ebp ret nop FUNC_000496: ; Pos = 2598c push ebp mov ebp,esp add esp,0xfffff00c push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx] mov [DATA_009059],eax push ebx call FUNC_000352 pop ecx call FUNC_000342 mov eax,[ebx+0xc] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xfffff00c] push eax call FUNC_000461 add esp,byte +0x8 test eax,eax jz JUMP_002276 push ebx call FUNC_000497 pop ecx jmp JUMP_002284 JUMP_002276: ; Pos = 259d7 mov byte [DATA_009065],0xff xor esi,esi lea edi,[ebp+0xfffff00c] jmp short JUMP_002279 JUMP_002277: ; Pos = 259e8 push esi mov eax,[ebx+0x24] push eax mov eax,esi shl eax,0x4 add eax,esi shl eax,0x2 lea edx,[ebp+0xfffff00c] add eax,edx push eax call FUNC_000503 add esp,byte +0xc test al,al jl JUMP_002278 mov [DATA_009065],al JUMP_002278: ; Pos = 25a11 inc esi add edi,byte +0x44 JUMP_002279: ; Pos = 25a15 cmp dword [edi],byte +0x0 jnz JUMP_002277 cmp byte [DATA_009065],0x0 jnl JUMP_002280 push ebx call FUNC_000497 pop ecx jmp short JUMP_002284 JUMP_002280: ; Pos = 25a2c push ebx push dword 0x9858 call FUNC_000348 add esp,byte +0x8 cmp dword [DATA_009059],0x9855 jnz JUMP_002281 push ebx push dword 0x9866 call FUNC_000348 add esp,byte +0x8 jmp short JUMP_002282 JUMP_002281: ; Pos = 25a56 push ebx push dword 0x9867 call FUNC_000348 add esp,byte +0x8 push ebx push dword 0x9868 call FUNC_000348 add esp,byte +0x8 JUMP_002282: ; Pos = 25a72 push ebx push dword 0x9865 call FUNC_000348 add esp,byte +0x8 mov dword [ebx],0x9859 xor esi,esi JUMP_002283: ; Pos = 25a88 push ebx call FUNC_000345 pop ecx inc dword [ebx] inc esi cmp esi,byte +0x7 jl JUMP_002283 push ebx push dword 0x9860 call FUNC_000348 add esp,byte +0x8 call FUNC_000523 JUMP_002284: ; Pos = 25aaa pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_000497: ; Pos = 25ab4 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax push dword 0x9860 call FUNC_000348 add esp,byte +0x8 call FUNC_000523 pop ebp ret nop FUNC_000498: ; Pos = 25ad0 push ebp mov ebp,esp add esp,0xfffff00c push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,DATA_008804 cmp dword [esi+0x4ef0],byte +0x6 jl JUMP_002285 mov dword [ebx],0x99cb push ebx call FUNC_000352 pop ecx jmp JUMP_002291 JUMP_002285: ; Pos = 25aff cmp dword [esi+0x48fc],0x9856 jnz JUMP_002289 mov eax,[esi+0xc8] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x12] dec eax mov edx,[esi+0x120] cmp edx,[esi+0x118] jnl JUMP_002286 test eax,eax jnl JUMP_002288 JUMP_002286: ; Pos = 25b39 mov dword [ebx],0x98f8 push ebx call FUNC_000352 pop ecx jmp JUMP_002291 JUMP_002287: ; Pos = 25b4b dec eax jns JUMP_002288 mov dword [ebx],0x98f8 push ebx call FUNC_000352 pop ecx jmp JUMP_002291 JUMP_002288: ; Pos = 25b60 mov edx,[esi+0xc8] cmp byte [edx+eax+0xd6],0x0 jnz JUMP_002287 dec dword [esi+0x118] mov edx,[esi+0xc8] mov byte [edx+eax+0xd6],0x89 jmp short JUMP_002290 JUMP_002289: ; Pos = 25b86 mov eax,[esi+0xc8] or dword [eax+0xc8],byte +0x4 mov eax,[esi+0xc8] and dword [eax+0xcc],byte -0x5 JUMP_002290: ; Pos = 25ba0 mov edi,[ebx+0x2c] add edi,0xffff669a shl edi,0x4 mov eax,[esi+0x48fc] add eax,0xffff67ab add eax,eax add edi,eax movzx eax,word [esi+0x43c] add edi,eax add edi,byte +0x2 mov eax,[ebx+0xc] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xfffff00c] push eax call FUNC_000461 add esp,byte +0x8 mov eax,[esi+0x10a] push eax movsx eax,byte [esi+0x492a] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 lea edx,[ebp+0xfffff032] add eax,edx push eax push byte +0x0 push byte +0x0 push byte +0x0 mov eax,[ebx+0x4] push eax mov eax,[ebx+0x8] push eax mov eax,[ebx+0x24] push eax mov eax,[ebx+0xc] push eax push byte +0x0 mov eax,edi and al,0xff push eax call FUNC_000314 add esp,byte +0x2c mov dword [ebx],0x99ca push ebx call FUNC_000352 pop ecx push ebx call FUNC_000516 pop ecx call FUNC_000342 push ebx push dword 0x9860 call FUNC_000348 add esp,byte +0x8 call FUNC_000523 JUMP_002291: ; Pos = 25c52 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_000499: ; Pos = 25c5c push ebp mov ebp,esp add esp,0xfffff00c push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0xc] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xfffff00c] push eax call FUNC_000461 add esp,byte +0x8 movsx eax,byte [DATA_009065] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 lea edx,[ebp+0xfffff032] add eax,edx mov [ebx+0x24],eax mov dword [ebx],0x995b push ebx call FUNC_000352 pop ecx pop ebx mov esp,ebp pop ebp ret FUNC_000500: ; Pos = 25cb0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x2c],0x9958 push eax call FUNC_000353 pop ecx pop ebp ret nop nop FUNC_000501: ; Pos = 25cc8 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x2c],0x9959 push eax call FUNC_000353 pop ecx pop ebp ret nop nop FUNC_000502: ; Pos = 25ce0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x2c],0x995a push eax call FUNC_000353 pop ecx pop ebp ret nop nop FUNC_000503: ; Pos = 25cf8 push ebp mov ebp,esp or eax,byte -0x1 mov edx,[ebp+0x8] mov dx,[edx+0xc] add edx,byte -0x77 sub dx,byte +0x4 jc JUMP_002292 jmp short JUMP_002294 JUMP_002292: ; Pos = 25d10 cmp byte [DATA_009065],0x0 jl JUMP_002293 test byte [ebp+0xc],0x3 jz JUMP_002294 JUMP_002293: ; Pos = 25d1f mov al,[ebp+0x10] JUMP_002294: ; Pos = 25d22 pop ebp ret FUNC_000504: ; Pos = 25d24 push ebp mov ebp,esp push ebx push esi mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,edx mov ebx,[eax] mov esi,ebx shr esi,cl mov ecx,0x20 sub ecx,edx shl ebx,cl or esi,ebx mov [eax],esi cmp dword [eax],byte +0x0 jnz JUMP_002295 xor eax,eax jmp short JUMP_002296 JUMP_002295: ; Pos = 25d4d mov eax,0x1 JUMP_002296: ; Pos = 25d52 pop esi pop ebx pop ebp ret nop nop FUNC_000505: ; Pos = 25d58 push ebp mov ebp,esp push ebx push esi mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,edx mov ebx,[eax] mov esi,ebx shl esi,cl mov ecx,0x20 sub ecx,edx shr ebx,cl or esi,ebx mov [eax],esi cmp dword [eax],byte +0x0 jnz JUMP_002297 xor eax,eax jmp short JUMP_002298 JUMP_002297: ; Pos = 25d81 mov eax,0x1 JUMP_002298: ; Pos = 25d86 pop esi pop ebx pop ebp ret nop nop FUNC_000506: ; Pos = 25d8c push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx] mov [DATA_009059],eax xor eax,eax mov [DATA_009060],eax call FUNC_000342 push ebx call FUNC_000466 pop ecx test eax,eax jz JUMP_002299 push ebx call FUNC_000497 pop ecx jmp JUMP_002301 JUMP_002299: ; Pos = 25dc0 mov dword [ebx],0x99c4 push ebx call FUNC_000352 pop ecx mov ax,[ebx+0x24] mov [ebp-0x2],ax lea eax,[ebp-0x2] push eax push byte +0x10 call FUNC_000658 add esp,byte +0x8 mov [DATA_009066],eax mov dword [ebx],0x9861 push ebx call FUNC_000345 pop ecx mov edi,[ebx+0x4] mov esi,[ebx+0x8] mov [ebx+0x4],esi mov eax,[ebx+0x2c] mov [ebx+0x8],eax mov dword [ebx],0x9862 push ebx call FUNC_000345 pop ecx mov [ebx+0x4],edi mov [ebx+0x8],esi mov dword [ebx],0x9863 push ebx call FUNC_000345 pop ecx mov dword [ebx],0x9864 push ebx call FUNC_000345 pop ecx mov dword [ebx],0x9859 xor esi,esi JUMP_002300: ; Pos = 25e39 push ebx call FUNC_000345 pop ecx inc dword [ebx] inc esi cmp esi,byte +0x7 jl JUMP_002300 mov dword [ebx],0x9860 push ebx call FUNC_000345 pop ecx call FUNC_000523 JUMP_002301: ; Pos = 25e5a pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000507: ; Pos = 25e60 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000516 pop ecx call FUNC_000342 push ebx push dword 0x9860 call FUNC_000348 add esp,byte +0x8 call FUNC_000523 pop ebx pop ebp ret nop nop nop FUNC_000508: ; Pos = 25e8c push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov eax,[ebx] mov [DATA_009059],eax push ebx call FUNC_000352 pop ecx call FUNC_000342 mov dword [ebx],0x9858 xor esi,esi JUMP_002302: ; Pos = 25eaf push ebx call FUNC_000345 pop ecx inc dword [ebx] inc esi cmp esi,byte +0x8 jl JUMP_002302 mov dword [ebx],0x9860 push ebx call FUNC_000345 pop ecx call FUNC_000523 pop esi pop ebx pop ebp ret FUNC_000509: ; Pos = 25ed4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp dword [DATA_009059],0x9855 jl JUMP_002303 push ebx call FUNC_000498 pop ecx pop ebx pop ebp ret JUMP_002303: ; Pos = 25ef1 cmp dword [DATA_009073],byte +0x3b jl JUMP_002304 mov dword [ebx],0x9929 push ebx call FUNC_000352 pop ecx pop ebx pop ebp ret JUMP_002304: ; Pos = 25f0a push ebx call FUNC_000516 pop ecx mov dword [ebx+0x10],0x2000 cmp dword [DATA_009059],0x9976 jl JUMP_002305 add dword [ebx+0x10],0x100 JUMP_002305: ; Pos = 25f2b cmp dword [DATA_009059],0x997a jl JUMP_002306 add dword [ebx+0x10],0x100 JUMP_002306: ; Pos = 25f3e cmp byte [DATA_009063],0x2 jz JUMP_002307 or dword [ebx+0x10],0x4000 JUMP_002307: ; Pos = 25f4e push byte +0x0 mov eax,[ebx+0x8] push eax mov eax,[ebx+0xc] push eax mov eax,[ebx+0x4] push eax mov eax,[ebx+0x10] push eax call FUNC_000290 add esp,byte +0x14 mov dword [ebx+0x2c],0x992a push ebx call FUNC_000353 pop ecx call FUNC_000342 push ebx push dword 0x9860 call FUNC_000348 add esp,byte +0x8 call FUNC_000523 pop ebx pop ebp ret nop nop nop FUNC_000510: ; Pos = 25f94 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x2c],0x990c push eax call FUNC_000353 pop ecx pop ebp ret nop nop FUNC_000511: ; Pos = 25fac push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x2c],0x990d push eax call FUNC_000353 pop ecx pop ebp ret nop nop FUNC_000512: ; Pos = 25fc4 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x2c],0x990e push eax call FUNC_000353 pop ecx pop ebp ret nop nop FUNC_000513: ; Pos = 25fdc push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[DATA_009059] mov [eax],edx cmp edx,0x9857 jnz JUMP_002308 mov dword [eax],0x99c4 JUMP_002308: ; Pos = 25ff8 push eax call FUNC_000352 pop ecx pop ebp ret nop nop nop FUNC_000514: ; Pos = 26004 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[DATA_009059] add edx,0xffff67ab sub edx,byte +0x2 jc JUMP_002310 jz JUMP_002309 sub edx,0x123 jz JUMP_002311 jmp short JUMP_002312 JUMP_002309: ; Pos = 26027 mov dword [eax+0x2c],0x9910 jmp short JUMP_002313 JUMP_002310: ; Pos = 26030 mov dword [eax+0x2c],0x9911 jmp short JUMP_002313 JUMP_002311: ; Pos = 26039 mov dword [eax+0x2c],0x9910 jmp short JUMP_002313 JUMP_002312: ; Pos = 26042 mov dword [eax+0x2c],0x990f JUMP_002313: ; Pos = 26049 push eax call FUNC_000353 pop ecx pop ebp ret nop nop FUNC_000515: ; Pos = 26054 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000493 pop ecx pop ebp ret nop FUNC_000516: ; Pos = 26064 push ebp mov ebp,esp push ebx mov edx,[ebp+0x8] xor ecx,ecx mov eax,DATA_009004 jmp short JUMP_002316 JUMP_002314: ; Pos = 26074 mov ebx,[eax+0x8] cmp ebx,[edx+0x8] jnz JUMP_002315 mov ebx,[eax+0x4] cmp ebx,[edx+0xc] jnz JUMP_002315 mov ebx,[eax+0x14] cmp ebx,[edx+0x24] jnz JUMP_002315 push ecx call FUNC_000517 pop ecx pop ebx pop ebp ret JUMP_002315: ; Pos = 26096 inc ecx add eax,byte +0x18 JUMP_002316: ; Pos = 2609a cmp dword [eax],byte +0x0 jnz JUMP_002314 pop ebx pop ebp ret nop nop FUNC_000517: ; Pos = 260a4 push ebp mov ebp,esp push esi push edi mov eax,[ebp+0x8] lea eax,[eax+eax*2] lea eax,[eax*8+DATA_009004] jmp short JUMP_002318 JUMP_002317: ; Pos = 260b8 lea esi,[eax+0x18] mov edi,eax mov ecx,0x6 rep movsd add eax,byte +0x18 JUMP_002318: ; Pos = 260c7 cmp dword [eax],byte +0x0 jnz JUMP_002317 pop edi pop esi pop ebp ret FUNC_000518: ; Pos = 260d0 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 call FUNC_000342 mov dword [esi+0x48de],0x98d8 mov eax,[ebx+0x1c] mov [esi+0x48f0],eax mov dword [esi+0x491c],0x8000 xor eax,eax mov [esi+0x48f4],eax mov dword [ebx],0x9840 mov eax,[ebx+0x8] add eax,0xffff7200 mov [ebx+0x10],eax movzx eax,word [esi+eax*2+0x134] mov [ebx+0x4],eax push ebx call FUNC_000345 pop ecx mov dword [ebx],0x983f push ebx call FUNC_000345 pop ecx mov dword [ebx],0x992e mov eax,[esi+0x48f0] mov [ebx+0x24],eax push ebx call FUNC_000334 pop ecx pop esi pop ebx pop ebp ret nop nop nop FUNC_000519: ; Pos = 26154 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,DATA_008804 mov ecx,[eax+0x8] mov [eax+0x4],ecx mov dword [eax],0x98e5 mov ecx,[eax+0x10] cmp word [edx+ecx*2+0x134],byte +0x0 jnz JUMP_002319 push eax call FUNC_000352 pop ecx pop ebp ret JUMP_002319: ; Pos = 26182 mov byte [edx+0x4920],0xff mov ecx,[eax+0xc] add [edx+0x114],ecx mov ecx,[eax+0x10] dec word [edx+ecx*2+0x134] dec dword [edx+0x120] mov ecx,[eax+0x20] dec dword [ecx+0x4] cmp dword [edx+0x48e4],byte +0x0 jnz JUMP_002320 mov dword [eax],0x98e7 push eax call FUNC_000334 pop ecx jmp short JUMP_002321 JUMP_002320: ; Pos = 261c1 call FUNC_000335 JUMP_002321: ; Pos = 261c6 push byte +0x0 push byte +0x12 call FUNC_000148 add esp,byte +0x8 pop ebp ret FUNC_000520: ; Pos = 261d4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov dword [ebx],0x991e push ebx call FUNC_000352 pop ecx call FUNC_000342 push ebx push dword 0x983f call FUNC_000348 add esp,byte +0x8 call FUNC_000523 pop ebx pop ebp ret FUNC_000521: ; Pos = 26204 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] xor eax,eax mov [DATA_009059],eax mov eax,[ebx+0x4] mov [DATA_009060],eax mov dword [ebx],0x991d push dword 0x8000 push byte +0x0 mov eax,[ebx+0x24] push eax push ebx mov eax,[DATA_009052] push eax push byte +0x1 call FUNC_000331 add esp,byte +0x18 push byte +0x9 call near [DATA_007217] ; FUNC_000922 pop ecx neg eax cmp eax,[DATA_008922] jng JUMP_002322 push ebx call FUNC_000520 pop ecx pop ebx pop ebp ret JUMP_002322: ; Pos = 26259 mov dword [ebx],0x9833 push byte +0xd push ebx call FUNC_000522 add esp,byte +0x8 pop ebx pop ebp ret FUNC_000522: ; Pos = 26270 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0xc] mov ebx,[ebp+0x8] call FUNC_000342 xor esi,esi cmp edi,esi jng JUMP_002326 JUMP_002323: ; Pos = 26287 cmp dword [ebx],0x9834 jnz JUMP_002324 test byte [ebx+0x11],0x20 jnz JUMP_002325 JUMP_002324: ; Pos = 26295 push ebx call FUNC_000345 pop ecx JUMP_002325: ; Pos = 2629c inc dword [ebx] inc esi cmp edi,esi jg JUMP_002323 JUMP_002326: ; Pos = 262a3 call FUNC_000523 pop edi pop esi pop ebx pop ebp ret FUNC_000523: ; Pos = 262b0 push ebp mov ebp,esp push byte +0x1 call FUNC_000541 pop ecx pop ebp ret FUNC_000524: ; Pos = 262c0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x10] sar edx,0x9 and edx,byte +0x1f add edx,0x997e mov [eax+0x2c],edx add dword [eax+0x24],0xffffedcc push eax call FUNC_000353 pop ecx pop ebp ret FUNC_000525: ; Pos = 262e8 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x10] sar edx,0x9 and edx,byte +0xf add edx,0x999e mov [eax+0x2c],edx add dword [eax+0x24],0xffffedcc push eax call FUNC_000353 pop ecx pop ebp ret FUNC_000526: ; Pos = 26310 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax],0x991d push eax call FUNC_000352 pop ecx pop ebp ret nop nop nop FUNC_000527: ; Pos = 26328 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000453 pop ecx pop ebp ret nop FUNC_000528: ; Pos = 26338 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000529 pop ecx test eax,eax jz JUMP_002327 mov dword [ebx+0x2c],0x9930 or dword [DATA_009059],byte +0x10 push ebx call FUNC_000353 pop ecx pop ebx pop ebp ret JUMP_002327: ; Pos = 26362 mov dword [ebx+0x2c],0x992f push ebx call FUNC_000353 pop ecx pop ebx pop ebp ret nop FUNC_000529: ; Pos = 26374 push ebp mov ebp,esp mov edx,[ebp+0x8] xor eax,eax mov ecx,[edx+0xc] cmp ecx,0xaa4b718 jnz JUMP_002328 mov eax,0xe jmp short JUMP_002330 JUMP_002328: ; Pos = 2638e cmp ecx,0x16a49718 jnz JUMP_002329 mov eax,0xd jmp short JUMP_002330 JUMP_002329: ; Pos = 2639d cmp ecx,0xaa4971a jnz JUMP_002330 mov eax,0xf JUMP_002330: ; Pos = 263aa pop ebp ret FUNC_000530: ; Pos = 263ac push ebp mov ebp,esp push ebx mov ecx,[ebp+0x8] cmp dword [DATA_008922],byte +0x5 jl JUMP_002332 test byte [DATA_009059],0x20 jz JUMP_002331 mov dword [ecx+0x2c],0x9926 jmp short JUMP_002333 JUMP_002331: ; Pos = 263ce or dword [DATA_009059],byte +0x20 mov eax,[DATA_009060] mov ebx,0xa cdq idiv ebx add [DATA_009060],eax mov eax,[DATA_009060] mov [ecx+0x4],eax mov dword [ecx+0x2c],0x9927 jmp short JUMP_002333 JUMP_002332: ; Pos = 263f9 mov dword [ecx+0x2c],0x9921 JUMP_002333: ; Pos = 26400 push ecx call FUNC_000353 pop ecx pop ebx pop ebp ret nop nop FUNC_000531: ; Pos = 2640c push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov eax,[ebx+0x10] sar eax,0x8 and eax,byte +0x1e cmp eax,byte +0x14 jnz JUMP_002334 mov dword [ebx+0x2c],0x9922 jmp short JUMP_002337 JUMP_002334: ; Pos = 2642b test byte [DATA_009059],0x80 jz JUMP_002335 mov dword [ebx+0x2c],0x9926 jmp short JUMP_002337 JUMP_002335: ; Pos = 2643d mov esi,0x2 sub esi,[DATA_008922] test esi,esi jng JUMP_002336 lea eax,[ebx+0x24] push eax lea eax,[ebx+0x10] push eax push esi call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc test eax,eax jz JUMP_002336 mov dword [ebx+0x2c],0x9925 jmp short JUMP_002337 JUMP_002336: ; Pos = 2646b or dword [DATA_009059],0x80 mov dword [ebx+0x2c],0x9923 JUMP_002337: ; Pos = 2647c push ebx call FUNC_000353 pop ecx pop esi pop ebx pop ebp ret nop FUNC_000532: ; Pos = 26488 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov eax,[ebx+0x10] sar eax,0x8 and eax,byte +0x1e cmp eax,byte +0x14 jnz JUMP_002338 mov dword [ebx+0x2c],0x9922 jmp short JUMP_002341 JUMP_002338: ; Pos = 264a7 test byte [DATA_009059],0x80 jz JUMP_002339 mov dword [ebx+0x2c],0x9926 jmp short JUMP_002341 JUMP_002339: ; Pos = 264b9 mov esi,0xa sub esi,[DATA_008922] test esi,esi jna JUMP_002340 lea eax,[ebx+0x24] push eax lea eax,[ebx+0x10] push eax push esi call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc test eax,eax jz JUMP_002340 mov dword [ebx+0x2c],0x9925 jmp short JUMP_002341 JUMP_002340: ; Pos = 264e7 or dword [DATA_009059],byte +0x40 mov dword [ebx+0x2c],0x9924 JUMP_002341: ; Pos = 264f5 push ebx call FUNC_000353 pop ecx pop esi pop ebx pop ebp ret FUNC_000533: ; Pos = 26500 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x10] and edx,byte +0x7 inc edx mov [eax+0x4],edx mov dword [eax+0x2c],0x9920 push eax call FUNC_000353 pop ecx pop ebp ret FUNC_000534: ; Pos = 26520 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,DATA_008804 cmp dword [esi+0x4a18],byte +0x3b jl JUMP_002342 mov dword [ebx],0x9929 push ebx call FUNC_000352 pop ecx jmp JUMP_002350 JUMP_002342: ; Pos = 26549 mov eax,[ebx+0x10] test ah,0x20 jnz JUMP_002344 and eax,byte +0x7 inc eax mov edx,[esi+0x11c] sub edx,[esi+0x124] cmp eax,edx jng JUMP_002343 mov dword [ebx],0x9928 push ebx call FUNC_000352 pop ecx jmp JUMP_002350 JUMP_002343: ; Pos = 26577 add [esi+0x124],eax push byte +0x10 push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_002344: ; Pos = 2658b test byte [esi+0x48fc],0x10 jz JUMP_002345 push ebx call FUNC_000529 pop ecx mov edi,eax test edi,edi jz JUMP_002345 mov ecx,edi mov eax,0x1 shl eax,cl or [esi+0x50d8],eax JUMP_002345: ; Pos = 265b0 mov dword [ebx+0x2c],0x992a mov eax,[esi+0x4900] mov [ebx+0x4],eax mov eax,[esi+0x48fc] test al,0x80 jz JUMP_002349 test al,0x40 jz JUMP_002346 mov dword [ebx+0x2c],0x992c mov eax,[ebx+0x4] xor edx,edx mov [ebx+0x4],edx jmp short JUMP_002348 JUMP_002346: ; Pos = 265df mov dword [ebx+0x2c],0x992b mov eax,[ebx+0x4] sar eax,1 jns JUMP_002347 adc eax,byte +0x0 JUMP_002347: ; Pos = 265f0 mov [ebx+0x4],eax JUMP_002348: ; Pos = 265f3 mov edx,eax add edx,edx lea edx,[edx+edx*4] mov eax,edx add [esi+0x114],eax JUMP_002349: ; Pos = 26602 push ebx call FUNC_000353 pop ecx push ebx call FUNC_000535 pop ecx mov eax,[esi+0x4] add eax,byte +0x1c mov [ebx+0x8],eax mov edx,[ebx+0x24] push edx push eax mov eax,[ebx+0xc] push eax mov eax,[ebx+0x4] push eax mov eax,[ebx+0x10] push eax call FUNC_000290 add esp,byte +0x14 mov dword [ebx],0x983f push byte +0x1 push ebx call FUNC_000522 add esp,byte +0x8 JUMP_002350: ; Pos = 26643 pop edi pop esi pop ebx pop ebp ret FUNC_000535: ; Pos = 26648 push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax+0x14] lea eax,[eax+eax*2] mov edx,[DATA_009058] xor ecx,ecx mov [edx+eax*8+0x132],ecx pop ebp ret FUNC_000536: ; Pos = 26668 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp word [DATA_008996],byte +0x4 jz JUMP_002351 mov dword [DATA_002321],DATA_005275 mov dword [DATA_002322],0x1e push byte +0x1 push byte +0x33 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov eax,[DATA_008862] mov [ebx+0x1c],eax mov eax,[DATA_008862] mov eax,[eax+0xa0] mov edx,eax shl edx,0xa shr eax,0x16 or edx,eax mov [ebx+0x4],edx mov dword [ebx+0x8],0x98d6 xor eax,eax mov [ebx+0xc],eax push ebx push byte +0x0 call FUNC_000537 add esp,byte +0x8 JUMP_002351: ; Pos = 266d0 pop ebx pop ebp ret nop FUNC_000537: ; Pos = 266d4 push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,DATA_008804 mov ecx,[ebp+0x8] mov [edx+0x48ec],ecx mov ecx,[eax+0x4] mov [edx+0x48f0],ecx mov dword [edx+0x491c],0x8000 xor ecx,ecx mov [edx+0x48f4],ecx mov ecx,[eax+0x8] mov [edx+0x48de],ecx mov cl,[eax+0xc] mov [edx+0x48e3],cl push eax call FUNC_000538 pop ecx pop ebp ret nop nop FUNC_000538: ; Pos = 26720 push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0x8] mov dword [esi],0x98df push esi call FUNC_000352 pop ecx call FUNC_000342 mov eax,[DATA_008862] movzx eax,byte [eax+0x86] push eax call FUNC_000649 pop ecx mov [DATA_009058],eax mov dword [esi],0x9832 xor ebx,ebx mov dword [ebp-0x4],DATA_008896 mov edi,DATA_008989 JUMP_002352: ; Pos = 26768 movsx eax,byte [edi] xor eax,[DATA_009055] test al,0x80 jnz JUMP_002353 mov eax,[DATA_009058] mov eax,[eax+ebx*8+0x4] mov [esi+0x4],eax mov eax,[DATA_009058] mov eax,[eax+ebx*8] mov [esi+0x8],eax mov eax,[ebp-0x4] movzx eax,word [eax] mov [esi+0xc],eax lea eax,[ebx+0x8e00] mov [esi+0x24],eax push esi call FUNC_000345 pop ecx JUMP_002353: ; Pos = 267a5 inc ebx add dword [ebp-0x4],byte +0x2 inc edi cmp ebx,byte +0x21 jl JUMP_002352 call FUNC_000539 pop edi pop esi pop ebx pop ecx pop ebp ret nop FUNC_000539: ; Pos = 267bc push ebp mov ebp,esp push byte +0x3 call FUNC_000541 pop ecx pop ebp ret nop nop nop FUNC_000540: ; Pos = 267cc push ebp mov ebp,esp add esp,byte -0x14 push byte +0x0 call FUNC_000956 pop ecx mov eax,[ebp+0x8] push eax call FUNC_000327 pop ecx call FUNC_000558 push dword DATA_005317 push byte +0x0 call FUNC_001572 add esp,byte +0x8 mov esp,ebp pop ebp ret FUNC_000541: ; Pos = 267fc push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000540 pop ecx call FUNC_001637_FlipScreen pop ebp ret FUNC_000542: ; Pos = 26900 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 mov ax,[esi+0x43c] test ax,ax jnz JUMP_002356 mov dword [DATA_002321],DATA_005276 mov dword [DATA_002322],0x1 jmp short JUMP_002359 JUMP_002356: ; Pos = 2692f cmp ax,byte +0x1 jnz JUMP_002357 mov dword [DATA_002321],DATA_005277 mov dword [DATA_002322],0x1 jmp short JUMP_002359 JUMP_002357: ; Pos = 2694b cmp ax,byte +0x2 jnz JUMP_002358 mov dword [DATA_002321],DATA_005278 mov dword [DATA_002322],0x1 jmp short JUMP_002359 JUMP_002358: ; Pos = 26967 mov dword [DATA_002321],DATA_005279 mov dword [DATA_002322],0x12 JUMP_002359: ; Pos = 2697b mov dword [esi+0x48de],0x98d8 mov eax,[esi+0xcc] push eax push byte +0x5 call FUNC_000237 add esp,byte +0x8 mov eax,[esi+0xcc] mov [ebx+0x20],eax mov dword [ebx],0x984b mov dword [ebx+0x4],0x9949 mov dword [ebx+0xc],0x1388 push ebx push byte +0x6 call FUNC_000543 add esp,byte +0x8 pop esi pop ebx pop ebp ret nop nop FUNC_000543: ; Pos = 269c4 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,DATA_008804 mov eax,[esi+0xcc] mov eax,[eax+0xa0] mov [esi+0x48f0],eax push byte +0x14 lea eax,[esi+0x48f0] push eax call FUNC_000504 add esp,byte +0x8 mov dword [esi+0x491c],0x4000 mov dword [esi+0x48f4],0x9 mov eax,[esi+0xcc] add eax,0x124 mov [ebx+0x24],eax movzx eax,word [esi+0x43c] mov eax,[esi+eax*4+0x50f8] add [ebx+0xc],eax mov eax,[ebx+0xc] test eax,eax jng JUMP_002360 movzx edx,word [esi+0x43c] mov [esi+edx*4+0x50f8],eax movzx eax,word [esi+0x43c] push eax push byte +0x0 push byte +0xa call FUNC_000048 add esp,byte +0xc JUMP_002360: ; Pos = 26a50 mov esi,[ebx] mov eax,[ebx+0x4] mov [ebx],eax push ebx call FUNC_000352 pop ecx call FUNC_000342 mov [ebx],esi mov esi,[ebp+0x8] test esi,esi jl JUMP_002362 JUMP_002361: ; Pos = 26a6c push ebx call FUNC_000345 pop ecx inc dword [ebx] dec esi test esi,esi jnl JUMP_002361 JUMP_002362: ; Pos = 26a7a call FUNC_000523 pop esi pop ebx pop ebp ret nop FUNC_000544: ; Pos = 26a84 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,DATA_008804 movzx edx,word [eax+0x43c] mov edx,[eax+edx*4+0x50f8] cmp edx,[eax+0x114] jng JUMP_002363 push ebx call FUNC_000545 pop ecx pop ebx pop ebp ret JUMP_002363: ; Pos = 26ab0 movzx edx,word [eax+0x43c] mov edx,[eax+edx*4+0x50f8] mov [ebx+0xc],edx movzx edx,word [eax+0x43c] mov edx,[eax+edx*4+0x50f8] sub [eax+0x114],edx movzx edx,word [eax+0x43c] xor ecx,ecx mov [eax+edx*4+0x50f8],ecx movzx eax,word [eax+0x43c] push eax push byte +0x0 push byte +0xa call FUNC_000048 add esp,byte +0xc mov dword [ebx+0x2c],0x994a push ebx call FUNC_000353 pop ecx mov dword [ebx],0x983f push byte +0x1 push ebx call FUNC_000522 add esp,byte +0x8 pop ebx pop ebp ret nop FUNC_000545: ; Pos = 26b1c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov dword [ebx+0x2c],0x994b movzx eax,word [DATA_008996] mov eax,[eax*4+DATA_009095] mov [ebx+0xc],eax push ebx call FUNC_000353 pop ecx mov dword [ebx],0x983f push byte +0x1 push ebx call FUNC_000522 add esp,byte +0x8 pop ebx pop ebp ret nop nop FUNC_000546: ; Pos = 26b58 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] movzx eax,word [DATA_008996] mov ebx,[eax*4+DATA_009095] add ebx,0x9c4 test ebx,ebx jl JUMP_002364 mov [eax*4+DATA_009095],ebx movzx eax,word [DATA_008996] push eax push byte +0x0 push byte +0xa call FUNC_000048 add esp,byte +0xc mov dword [esi+0x2c],0x994c mov [esi+0xc],ebx push esi call FUNC_000353 pop ecx JUMP_002364: ; Pos = 26ba4 pop esi pop ebx pop ebp ret FUNC_000547: ; Pos = 26ba8 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax+0x2c],0x994d push eax call FUNC_000353 pop ecx pop ebp ret nop nop FUNC_000548: ; Pos = 26bc0 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax push byte +0x64 push byte +0x14 call FUNC_000551 add esp,byte +0xc pop ebp ret nop nop nop FUNC_000549: ; Pos = 26bd8 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax push dword 0x1f4 push byte +0x6 call FUNC_000551 add esp,byte +0xc pop ebp ret FUNC_000550: ; Pos = 26bf0 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax push dword 0x9c4 push byte +0x2 call FUNC_000551 add esp,byte +0xc pop ebp ret FUNC_000551: ; Pos = 26c08 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x10] mov esi,[ebp+0xc] mov edi,DATA_008804 mov eax,[edi+0xcc] mov eax,[eax+0xa0] mov edx,eax shl edx,0xc shr eax,0x14 or edx,eax mov [edi+0x48f0],edx mov eax,[edi+0x48f0] mov [ebx+0x24],eax mov eax,[edi+0x48f0] mov [ebx+0x8],eax mov [ebx+0x4],eax lea eax,[ebx+0x8] push eax lea eax,[ebx+0x4] push eax mov eax,[ebp+0x8] push eax call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc test eax,eax jz JUMP_002365 movzx eax,word [edi+0x43c] mov esi,[edi+eax*4+0x50f8] add esi,0x4e20 test esi,esi jng near JUMP_002367 mov [ebx+0xc],esi movzx eax,word [edi+0x43c] mov [edi+eax*4+0x50f8],esi movzx eax,word [edi+0x43c] push eax push byte +0x0 push byte +0xa call FUNC_000048 add esp,byte +0xc mov dword [ebx+0x2c],0x994e push ebx call FUNC_000353 pop ecx mov eax,[edi+0xcc] push eax push byte +0x6 call FUNC_000237 add esp,byte +0x8 jmp short JUMP_002367 JUMP_002365: ; Pos = 26cc5 cmp esi,[edi+0x114] jg JUMP_002366 sub [edi+0x114],esi movzx eax,word [edi+0x43c] xor edx,edx mov [edi+eax*4+0x50f8],edx movzx eax,word [edi+0x43c] push eax push byte +0x0 push byte +0xa call FUNC_000048 add esp,byte +0xc mov dword [ebx+0x2c],0x994f push ebx call FUNC_000353 pop ecx mov dword [ebx],0x9852 push byte +0x1 push ebx call FUNC_000522 add esp,byte +0x8 jmp short JUMP_002367 JUMP_002366: ; Pos = 26d18 mov dword [ebx],0x9950 push ebx call FUNC_000352 pop ecx JUMP_002367: ; Pos = 26d25 pop edi pop esi pop ebx pop ebp ret nop nop FUNC_000552: ; Pos = 26d2c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push byte +0x1 push byte +0x32 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 movzx eax,word [DATA_008996] cmp dword [eax*4+DATA_009095],byte +0x0 jz JUMP_002368 mov dword [ebx],0x984b mov dword [ebx+0x4],0x9949 xor eax,eax mov [ebx+0xc],eax push ebx push byte +0x7 call FUNC_000543 add esp,byte +0x8 pop ebx pop ebp ret JUMP_002368: ; Pos = 26d70 mov dword [DATA_002321],DATA_005274 mov dword [DATA_002322],0xb mov dword [ebx],0x9852 mov dword [ebx+0x4],0x9953 xor eax,eax mov [ebx+0xc],eax push ebx push byte +0x0 call FUNC_000543 add esp,byte +0x8 pop ebx pop ebp ret FUNC_000553: ; Pos = 26da4 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000382 pop ecx pop ebp ret FUNC_000554: ; Pos = 26db4 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [DATA_009053],0x0 jz JUMP_002369 push eax call FUNC_000542 pop ecx pop ebp ret JUMP_002369: ; Pos = 26dcc mov byte [DATA_009062],0xff mov edx,[eax+0x1c] mov [eax+0x4],edx mov edx,[eax+0x24] add edx,0xffff7200 mov [eax+0x14],edx mov [eax+0x10],edx mov ecx,[DATA_009058] mov edx,[ecx+edx*8+0x4] mov [eax+0xc],edx test byte [eax+0x18],0x10 jz JUMP_002370 push eax call FUNC_000556 pop ecx jmp short JUMP_002371 JUMP_002370: ; Pos = 26e04 push eax call FUNC_000555 pop ecx JUMP_002371: ; Pos = 26e0b push byte +0x0 push byte +0x12 call FUNC_000148 add esp,byte +0x8 pop ebp ret FUNC_000555: ; Pos = 26e1c push ebp mov ebp,esp push ebx push esi mov eax,[ebp+0x8] mov ecx,DATA_008804 mov esi,[ecx+0x48e4] sar esi,0x6 JUMP_002372: ; Pos = 26e32 mov edx,[ecx+0x120] cmp edx,[ecx+0x118] jl JUMP_002373 mov dword [eax],0x98e3 push eax call FUNC_000557 pop ecx jmp JUMP_002377 JUMP_002373: ; Pos = 26e52 mov edx,[ecx+0x48f8] mov ebx,[eax+0x14] cmp dword [edx+ebx*8],byte +0x0 jnz JUMP_002374 mov dword [eax],0x98e4 push eax call FUNC_000557 pop ecx jmp short JUMP_002377 JUMP_002374: ; Pos = 26e70 mov edx,[eax+0xc] test edx,edx jng JUMP_002375 cmp edx,[ecx+0x114] jng JUMP_002375 mov dword [eax],0x98e1 push eax call FUNC_000557 pop ecx jmp short JUMP_002377 JUMP_002375: ; Pos = 26e8e sub [ecx+0x114],edx mov edx,[ecx+0x48f8] mov ebx,[eax+0x14] dec dword [edx+ebx*8] mov edx,[eax+0x10] inc word [ecx+edx*2+0x134] inc dword [ecx+0x120] mov edx,[eax+0x20] dec dword [edx+0x8] mov edx,[eax+0x20] inc dword [edx+0xc] dec esi test esi,esi jg near JUMP_002372 cmp dword [ecx+0x48e4],byte +0x40 jl JUMP_002376 call FUNC_000539 jmp short JUMP_002377 JUMP_002376: ; Pos = 26ed6 mov dword [eax],0x98e6 push eax call FUNC_000557 pop ecx JUMP_002377: ; Pos = 26ee3 pop esi pop ebx pop ebp ret FUNC_000556: ; Pos = 26ee8 push ebp mov ebp,esp push ebx push esi mov eax,[ebp+0x8] mov esi,DATA_008804 mov ecx,[esi+0x48e4] sar ecx,0x6 mov dword [eax],0x98e5 JUMP_002378: ; Pos = 26f04 mov edx,[eax+0x10] cmp word [esi+edx*2+0x134],byte +0x0 jnz JUMP_002379 mov dword [eax],0x98e5 push eax call FUNC_000557 pop ecx jmp short JUMP_002382 JUMP_002379: ; Pos = 26f21 mov edx,[eax+0xc] test edx,edx jnl JUMP_002380 mov ebx,edx neg ebx cmp ebx,[esi+0x114] jng JUMP_002380 mov dword [eax],0x98e2 neg edx mov [eax+0xc],edx push eax call FUNC_000557 pop ecx jmp short JUMP_002382 JUMP_002380: ; Pos = 26f48 add [esi+0x114],edx mov edx,[eax+0x10] add word [esi+edx*2+0x134],0xffff mov edx,[esi+0x48f8] mov ebx,[eax+0x14] inc dword [edx+ebx*8] dec dword [esi+0x120] mov edx,[eax+0x20] inc dword [edx+0x8] mov edx,[eax+0x20] dec dword [edx+0xc] dec ecx test ecx,ecx jg JUMP_002378 cmp dword [esi+0x48e4],byte +0x40 jl JUMP_002381 call FUNC_000539 jmp short JUMP_002382 JUMP_002381: ; Pos = 26f8e mov dword [eax],0x98e7 push eax call FUNC_000557 pop ecx JUMP_002382: ; Pos = 26f9b pop esi pop ebx pop ebp ret nop FUNC_000557: ; Pos = 26fa0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x24] mov [eax+0x4],edx push eax call FUNC_000352 pop ecx call FUNC_000539 pop ebp ret FUNC_000558: ; Pos = 26fbc push ebp mov ebp,esp add esp,byte -0x14 mov eax,[DATA_008888] mov [ebp-0x14],eax mov eax,[DATA_008891] mov [ebp-0x10],eax mov eax,[DATA_008889] mov [ebp-0x8],eax mov eax,[DATA_008892] mov [ebp-0xc],eax mov eax,[DATA_008890] mov [ebp-0x4],eax push byte +0x0 push dword 0x8a push byte +0x1 movsx eax,byte [DATA_005287] push eax lea eax,[ebp-0x14] push eax push dword 0x98e8 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 mov esp,ebp pop ebp ret FUNC_000559: ; Pos = 27014 push ebp mov ebp,esp push ebx push esi mov ebx,DATA_008804 mov eax,[ebp+0x8] mov eax,[eax] and eax,0xffff mov [ebx+0x4918],eax push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] mov dword [ebx+0x48e8],0x6 movsx edx,word [eax+0x14] mov [ebx+0x4eec],edx mov dword [ebx+0x4a34],0x1194 movsx esi,word [eax+0xc] test esi,esi jz JUMP_002383 mov eax,[ebx+0x4a34] cdq idiv esi mov [ebx+0x4a34],eax JUMP_002383: ; Pos = 2706e imul eax,esi,0xfffe94b8 test eax,eax jns JUMP_002384 add eax,0xff JUMP_002384: ; Pos = 2707d sar eax,0x8 mov [ebx+0x4a00],eax mov eax,esi neg eax shl eax,0x3 lea eax,[eax+eax*4] lea eax,[eax+eax*4] lea eax,[eax+eax*4] test eax,eax jns JUMP_002385 add eax,0xff JUMP_002385: ; Pos = 2709f sar eax,0x8 mov [ebx+0x4a08],eax mov eax,esi shl eax,0x3 lea eax,[eax+eax*4] lea eax,[eax+eax*4] lea eax,[eax+eax*4] mov [ebx+0x4a10],eax call FUNC_001574 push dword DATA_005319 call FUNC_001575 pop ecx and byte [ebx+0xc],0xfe mov dword [ebx+0x2c],0xffffb619 mov dword [ebx+0x30],0xffffb619 mov dword [ebx+0x34],0x49e7 mov ax,[DATA_005320] mov [ebx+0x54],ax mov al,[DATA_005321] mov [ebx+0x56],al mov ax,[DATA_005320] mov [ebx+0x57],ax mov al,[DATA_005321] mov [ebx+0x59],al mov ax,[DATA_005322] mov [ebx+0x5a],ax mov al,[DATA_005323] mov [ebx+0x5c],al mov ax,[DATA_005324] mov [ebx+0x5d],ax mov al,[DATA_005325] mov [ebx+0x5f],al mov ax,[DATA_005326] mov [ebx+0x60],ax mov al,[DATA_005327] mov [ebx+0x62],al mov ax,[DATA_005328] mov [ebx+0x63],ax mov al,[DATA_005329] mov [ebx+0x65],al mov ax,[DATA_005330] mov [ebx+0x66],ax mov al,[DATA_005331] mov [ebx+0x68],al mov ax,[DATA_005332] mov [ebx+0x69],ax mov al,[DATA_005333] mov [ebx+0x6b],al pop esi pop ebx pop ebp ret FUNC_000560: ; Pos = 2718c push ebp mov ebp,esp push dword 0x89 push byte +0x79 push byte +0x11 push byte +0x1 call FUNC_000957 add esp,byte +0x10 pop ebp ret FUNC_000561: ; Pos = 271a4 push ebp mov ebp,esp add esp,byte -0x8 mov word [ebp-0x4],0x4 mov word [ebp-0x2],0x86 mov word [ebp-0x8],0x4 mov word [ebp-0x6],0x83 push byte +0xf lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001616_DrawLine add esp,byte +0xc mov ax,[DATA_009076] add ax,byte +0x4 mov [ebp-0x4],ax mov word [ebp-0x2],0x86 mov [ebp-0x8],ax mov word [ebp-0x6],0x83 push byte +0xf lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001616_DrawLine add esp,byte +0xc mov word [ebp-0x4],0x4 mov word [ebp-0x2],0x85 mov ax,[DATA_009076] add ax,byte +0x4 mov [ebp-0x8],ax mov word [ebp-0x6],0x85 push byte +0xf lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001616_DrawLine add esp,byte +0xc pop ecx pop ecx pop ebp ret FUNC_000562: ; Pos = 2723c push ebp mov ebp,esp add esp,0xfffffeac push ebx push esi push edi mov ebx,DATA_008804 lea esi,[ebp+0xfffffeac] mov eax,[DATA_009122] shr eax,0x3 add [ebx+0x49f8],eax sar eax,1 add [ebx+0x49fc],eax call FUNC_000560 call FUNC_000561 and byte [ebx+0xc],0xfe push byte +0x0 push dword DATA_005298 push esi call near [DATA_007755] ; FUNC_001533 add esp,byte +0xc push esi lea edi,[esi+0x26] lea esi,[ebx+0x4a00] mov ecx,0x6 rep movsd pop esi mov eax,[ebx+0x4a1c] mov [esi+0xa0],eax mov dword [esi+0xc8],0xffffffff mov dword [esi+0xd2],0x88888888 mov dword [esi+0xd6],0x82828282 mov byte [esi+0xd0],0x2 mov eax,[ebx+0x4918] mov [esi+0x82],eax push esi add esi,0x124 lea edi,[ebx+0x4a20] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi mov eax,[ebx] shr eax,0xa mov [esi+0x9c],ax mov eax,[ebx+0x49fc] push eax mov eax,[ebx+0x49f8] push eax push esi call FUNC_001675_MatBuildYZT add esp,byte +0xc push esi call near [DATA_007807] ; FUNC_001682 pop ecx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000563: ; Pos = 27334 push ebp mov ebp,esp mov eax,[DATA_009057] push eax mov eax,[DATA_009056] push eax call FUNC_000564 add esp,byte +0x8 pop ebp ret FUNC_000564: ; Pos = 27350 push ebp mov ebp,esp cmp word [DATA_008996],byte +0x4 jz JUMP_002386 mov eax,[DATA_008862] cmp dword [eax+0x82],byte +0x45 jz JUMP_002386 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000913 add esp,byte +0x8 JUMP_002386: ; Pos = 2737b pop ebp ret FUNC_000565: ; Pos = 27380 push ebp mov ebp,esp add esp,byte -0x14 cmp dword [DATA_009061],byte +0x0 jnz JUMP_002387 call FUNC_000563 jmp short JUMP_002388 JUMP_002387: ; Pos = 27396 call FUNC_000560 cmp dword [DATA_005315],byte +0x0 jz JUMP_002388 cmp dword [DATA_002321],byte +0x0 jz JUMP_002388 push byte +0x0 push byte +0x4c push byte +0x1e mov eax,[DATA_008673] push eax lea eax,[ebp-0x14] push eax push dword 0x98d9 call near [DATA_007645] ; FUNC_001401_StringDrawWrap add esp,byte +0x18 JUMP_002388: ; Pos = 273cb mov esp,ebp pop ebp ret FUNC_000566: ; Pos = 273d0 push ebp mov ebp,esp push byte +0x3 push byte +0x9 push byte +0x8 push dword 0x93 push dword 0xc8 push byte +0x2e call FUNC_000328 add esp,byte +0x18 push byte +0x0 push dword 0x93 push dword 0xd2 movsx eax,byte [DATA_005286] push eax push byte +0x0 push dword 0x98ea call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 pop ebp ret FUNC_000567: ; Pos = 27414 push ebp mov ebp,esp add esp,byte -0x30 mov eax,[ebp+0xc] mov eax,[eax+0x4] mov [ebp-0x30],eax lea eax,[ebp-0x30] push eax mov eax,[ebp+0x8] push eax call FUNC_000389 add esp,byte +0x8 mov esp,ebp pop ebp ret FUNC_000568: ; Pos = 27438 push ebp mov ebp,esp mov byte [DATA_008700],0x0 mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000570 add esp,byte +0x1c pop ebp ret FUNC_000569: ; Pos = 27468 push ebp mov ebp,esp mov byte [DATA_008700],0xff mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000570 add esp,byte +0x1c pop ebp ret FUNC_000570: ; Pos = 27498 push ebp mov ebp,esp add esp,byte -0x38 push ebx push esi push edi mov ebx,[ebp+0x8] mov byte [DATA_008696],0x0 mov byte [DATA_008697],0x0 mov byte [DATA_008698],0x0 mov byte [DATA_008701],0x0 mov dword [DATA_008703],0xffffffff mov byte [DATA_008707],0x0 mov al,[ebx+0x56] test al,al jz near JUMP_002393 mov edx,[ebp+0xc] push edx and eax,0xff push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax mov [DATA_008702],esi push esi lea esi,[ebx+0x3e] lea edi,[ebp-0x20] mov ecx,0x6 rep movsd pop esi push esi push ebx lea eax,[ebp-0x20] push eax call FUNC_000575 add esp,byte +0xc mov [ebp-0x1],al mov edx,[ebx+0x148] test edx,edx jz JUMP_002391 mov eax,[DATA_009155] sar eax,1 jns JUMP_002389 adc eax,byte +0x0 JUMP_002389: ; Pos = 2752d cmp eax,edx jg JUMP_002390 sub [ebx+0x148],eax jmp short JUMP_002393 JUMP_002390: ; Pos = 27539 xor eax,eax mov [ebx+0x148],eax jmp short JUMP_002393 JUMP_002391: ; Pos = 27543 test byte [ebp-0x1],0x2 jz JUMP_002392 cmp byte [ebx+0x57],0x0 jnz JUMP_002393 push esi push ebx call FUNC_000572 add esp,byte +0x8 mov dword [ebx+0x148],0x7f jmp short JUMP_002393 JUMP_002392: ; Pos = 27565 cmp byte [ebx+0x57],0x0 jz JUMP_002393 push esi push ebx call FUNC_000573 add esp,byte +0x8 mov dword [ebx+0x148],0x7f JUMP_002393: ; Pos = 2757f mov eax,[ebp+0x14] mov dl,[ebx+0x56] mov [eax],dl mov al,[DATA_008696] mov [ebp-0x1],al mov edi,0x72 mov eax,[ebp+0xc] add eax,byte +0x72 mov [ebp-0x8],eax JUMP_002394: ; Pos = 2759d mov eax,[ebp-0x8] test byte [eax],0x4 jz near JUMP_002398 xor eax,eax mov al,[ebx+0x86] cmp edi,eax jz near JUMP_002398 mov eax,[ebp+0xc] push eax push edi call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax cmp byte [esi+0x8b],0x0 jnz near JUMP_002398 mov eax,[ebp+0x14] movsx eax,byte [eax] xor edx,edx mov dl,[esi+0x56] cmp eax,edx jnz JUMP_002398 cmp dword [esi+0x82],0x99 jnz JUMP_002395 cmp dword [ebx+0x82],0x99 jnz JUMP_002398 JUMP_002395: ; Pos = 275fd mov al,[ebx+0x57] cmp al,[esi+0x57] jz JUMP_002396 push ebx lea eax,[ebp-0x20] push eax call near [DATA_007802] ; FUNC_001677 add esp,byte +0x8 push esi lea eax,[ebp-0x38] push eax call near [DATA_007802] ; FUNC_001677 add esp,byte +0x8 lea eax,[ebp-0x38] push eax lea eax,[ebp-0x20] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 jmp short JUMP_002397 JUMP_002396: ; Pos = 27633 push esi push edi lea esi,[ebx+0x3e] lea edi,[ebp-0x20] mov ecx,0x6 rep movsd pop edi pop esi lea eax,[esi+0x3e] push eax lea eax,[ebp-0x20] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 JUMP_002397: ; Pos = 27654 push esi push ebx lea eax,[ebp-0x20] push eax call FUNC_000575 add esp,byte +0xc JUMP_002398: ; Pos = 27662 dec edi dec dword [ebp-0x8] test edi,edi jg near JUMP_002394 mov al,[ebp-0x1] or [DATA_008696],al cmp dword [DATA_008704],byte +0x0 jnz JUMP_002399 cmp dword [DATA_008703],byte +0x0 jnl JUMP_002400 JUMP_002399: ; Pos = 27689 mov eax,[ebp+0x1c] mov dword [eax],0xffffffff jmp short JUMP_002401 JUMP_002400: ; Pos = 27694 mov eax,[ebp+0x1c] mov edx,[DATA_008703] mov [eax],edx JUMP_002401: ; Pos = 2769f mov eax,[ebp+0x18] mov edx,[DATA_008702] mov [eax],edx mov al,[DATA_008701] and al,0x1f mov edx,[ebp+0x20] mov [edx],al mov eax,[ebp+0x14] mov dl,[DATA_008698] mov [eax],dl mov eax,[ebp+0x10] mov dl,[DATA_008696] mov [eax],dl mov al,[DATA_008696] pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000571: ; Pos = 276d8 push ebp mov ebp,esp add esp,byte -0xc mov eax,[ebp+0x8] mov edx,[eax+0x18] mov [ebp-0xc],edx mov edx,[eax+0x1c] mov [ebp-0x8],edx mov edx,[eax+0x20] mov [ebp-0x4],edx mov edx,[eax+0xc] mov [eax+0x18],edx mov edx,[eax+0x10] mov [eax+0x1c],edx mov edx,[eax+0x14] mov [eax+0x20],edx mov edx,[ebp-0xc] mov [eax+0xc],edx mov edx,[ebp-0x8] mov [eax+0x10],edx mov edx,[ebp-0x4] mov [eax+0x14],edx neg dword [eax] neg dword [eax+0x4] neg dword [eax+0x8] mov esp,ebp pop ebp ret FUNC_000572: ; Pos = 27724 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push byte +0x1c lea eax,[ebx+0x3e] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov edi,eax mov eax,[ebx+0x3e] mov [ebp-0xc],eax mov eax,[ebx+0x46] mov [ebp-0x8],eax mov eax,[ebx+0x4e] mov [ebp-0x4],eax push esi lea eax,[ebp-0xc] push eax lea eax,[ebp-0xc] push eax call FUNC_001670_VecMatTMul add esp,byte +0xc push edi lea eax,[ebp-0xc] push eax lea eax,[ebx+0x3e] push eax call near [DATA_007749] ; FUNC_001517 add esp,byte +0xc push esi push ebx push ebx call FUNC_001673_MatMatTMul add esp,byte +0xc mov al,[DATA_008811] dec eax mov [ebx+0x58],al mov byte [ebx+0x57],0x1 push esi lea eax,[ebx+0x8c] push eax push eax call FUNC_001670_VecMatTMul add esp,byte +0xc pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000573: ; Pos = 277a8 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push byte +0x1c lea eax,[ebx+0x3e] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov edi,eax mov eax,[ebx+0x3e] mov [ebp-0x24],eax mov eax,[ebx+0x46] mov [ebp-0x20],eax mov eax,[ebx+0x4e] mov [ebp-0x1c],eax push esi lea eax,[ebp-0x24] push eax lea eax,[ebp-0x24] push eax call FUNC_001669_VecMatMul add esp,byte +0xc push edi lea eax,[ebp-0x24] push eax lea eax,[ebx+0x3e] push eax call near [DATA_007749] ; FUNC_001517 add esp,byte +0xc push esi push ebx push ebx call FUNC_001672_MatMatMul add esp,byte +0xc mov byte [ebx+0x57],0x0 push esi lea eax,[ebx+0x8c] push eax push eax call FUNC_001669_VecMatMul add esp,byte +0xc pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000574: ; Pos = 27824 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov byte [DATA_008700],0x0 mov byte [DATA_008696],0x0 mov byte [DATA_008697],0x0 mov byte [DATA_008698],0x0 mov byte [DATA_008701],0x0 mov dword [DATA_008703],0xffffffff mov byte [DATA_008707],0x0 mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax call FUNC_000575 add esp,byte +0xc cmp dword [DATA_008704],byte +0x0 jnz JUMP_002402 cmp dword [DATA_008703],byte +0x0 jnl JUMP_002403 JUMP_002402: ; Pos = 27885 mov dword [ebx],0xffffffff pop ebx pop ebp ret JUMP_002403: ; Pos = 2788e mov eax,[DATA_008703] mov [ebx],eax pop ebx pop ebp ret FUNC_000575: ; Pos = 27898 push ebp mov ebp,esp add esp,0xffffff2c push ebx push esi push edi mov edi,[ebp+0x10] mov ebx,[ebp+0xc] mov esi,[ebp+0x8] push esi push edi lea edi,[ebp-0x38] mov ecx,0x6 rep movsd pop edi pop esi push esi push esi call FUNC_001664_Vec64Abs add esp,byte +0x8 push dword [esi+0xc] push dword [esi+0x8] push dword [esi+0x4] push dword [esi] lea eax,[ebp-0x8] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [esi+0x14] push dword [esi+0x10] push dword [ebp-0x4] push dword [ebp-0x8] lea eax,[ebp-0x8] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push byte -0x1 lea eax,[ebp-0x8] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 push dword [ebx+0x13c] push dword [ebx+0x138] push dword [ebp-0x4] push dword [ebp-0x8] lea eax,[ebp-0x8] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 cmp dword [ebp-0x4],byte +0x0 jl JUMP_002404 push dword [edi+0x13c] push dword [edi+0x138] push dword [ebp-0x4] push dword [ebp-0x8] lea eax,[ebp-0x8] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 cmp dword [ebp-0x4],byte +0x0 jl JUMP_002404 xor eax,eax jmp JUMP_002432 JUMP_002404: ; Pos = 27951 mov byte [DATA_008707],0x0 cmp byte [edi+0x14c],0x0 jnl JUMP_002406 lea eax,[ebp-0x38] push eax push edi push ebx call FUNC_000576 add esp,byte +0xc test eax,eax jnz JUMP_002405 cmp byte [DATA_008707],0x0 jnz JUMP_002410 push edi push ebx call FUNC_000578 add esp,byte +0x8 mov al,[DATA_008696] jmp JUMP_002432 JUMP_002405: ; Pos = 27990 mov al,[DATA_008696] jmp JUMP_002432 JUMP_002406: ; Pos = 2799a push esi lea eax,[ebp-0x38] mov edx,0x5 JUMP_002407: ; Pos = 279a3 push dword [eax+edx*4] dec edx jns JUMP_002407 push edi push ebx lea eax,[ebp-0xc] push eax call FUNC_000577 add esp,byte +0x28 test eax,eax jnz JUMP_002409 mov al,[edi+0x86] cmp al,[ebx+0x56] jz JUMP_002408 push edi push ebx call FUNC_000578 add esp,byte +0x8 mov al,[DATA_008696] jmp JUMP_002432 JUMP_002408: ; Pos = 279da mov byte [DATA_008707],0x2 jmp short JUMP_002410 JUMP_002409: ; Pos = 279e3 mov al,[DATA_008696] jmp JUMP_002432 JUMP_002410: ; Pos = 279ed or byte [DATA_008696],0x2 mov eax,[ebx+0x8c] push eax call _abs pop ecx mov esi,eax mov eax,[ebx+0x90] push eax call _abs pop ecx add esi,eax mov eax,[ebx+0x94] push eax call _abs pop ecx add esi,eax mov [ebp-0x10],esi cmp byte [DATA_008707],0x1 jnz JUMP_002411 push edi lea esi,[ebp-0x38] lea edi,[ebp-0x50] mov ecx,0x6 rep movsd pop edi push byte +0x1c lea eax,[ebp-0x50] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov eax,[ebp-0x50] mov [ebp-0x80],eax mov eax,[ebp-0x48] mov [ebp-0x7c],eax mov eax,[ebp-0x40] mov [ebp-0x78],eax push dword 0x7fffffff lea eax,[ebp-0x80] push eax call FUNC_001503 add esp,byte +0x8 jmp short JUMP_002412 JUMP_002411: ; Pos = 27a6f mov eax,[ebp-0x38] mov [ebp-0x80],eax mov eax,[ebp-0x30] mov [ebp-0x7c],eax mov eax,[ebp-0x28] mov [ebp-0x78],eax lea eax,[ebp-0x80] push eax lea eax,[ebp-0x80] push eax call FUNC_001519 add esp,byte +0x8 JUMP_002412: ; Pos = 27a91 mov eax,[ebp-0x80] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebp-0x7c] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp-0x78] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,esi cmp dword [ebp-0x10],0x258 jg JUMP_002413 cmp word [ebx+0x9e],0xffff jnz JUMP_002413 cmp eax,0x78000000 jl JUMP_002413 or byte [DATA_008696],0x40 and byte [DATA_008696],0x7f mov byte [DATA_008699],0x0 jmp short JUMP_002414 JUMP_002413: ; Pos = 27afb mov al,[DATA_008700] mov [DATA_008699],al JUMP_002414: ; Pos = 27b05 mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov [ebp-0x18],eax mov eax,[edi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov edx,eax cmp byte [DATA_008707],0x1 jnz near JUMP_002418 push dword [DATA_008706] push dword [DATA_008705] push dword [ebx+0x144] push dword [ebx+0x140] lea eax,[ebp-0x20] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 mov eax,[ebp-0x20] push eax mov eax,[ebp-0x80] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp+0xffffff68],eax mov eax,[ebp-0x20] push eax mov eax,[ebp-0x7c] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp+0xffffff70],eax mov eax,[ebp-0x20] push eax mov eax,[ebp-0x78] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp+0xffffff78],eax or eax,byte -0x1 cmp dword [ebp+0xffffff68],byte +0x0 jl JUMP_002415 inc eax JUMP_002415: ; Pos = 27ba6 mov [ebp+0xffffff6c],eax or eax,byte -0x1 cmp dword [ebp+0xffffff70],byte +0x0 jl JUMP_002416 inc eax JUMP_002416: ; Pos = 27bb9 mov [ebp+0xffffff74],eax or eax,byte -0x1 cmp dword [ebp+0xffffff78],byte +0x0 jl JUMP_002417 inc eax JUMP_002417: ; Pos = 27bcc mov [ebp+0xffffff7c],eax push dword [ebp+0xffffff6c] push dword [ebp+0xffffff68] push dword [ebx+0x42] push dword [ebx+0x3e] lea eax,[ebx+0x3e] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [ebp+0xffffff74] push dword [ebp+0xffffff70] push dword [ebx+0x4a] push dword [ebx+0x46] lea eax,[ebx+0x46] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [ebp+0xffffff7c] push dword [ebp+0xffffff78] push dword [ebx+0x52] push dword [ebx+0x4e] lea eax,[ebx+0x4e] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 jmp JUMP_002421 JUMP_002418: ; Pos = 27c31 mov eax,[edx+0x2c] shl eax,0x10 mov esi,[edx+0x14] add esi,[edx+0x18] mov edx,[ebp-0x18] mov edx,[edx+0x14] mov ecx,[ebp-0x18] add edx,[ecx+0x18] push edx mov edx,esi pop ecx sub edx,ecx mov ecx,[ebp-0x18] mov ecx,[ecx+0x30] shl ecx,0x10 mov [ebp-0x14],ecx test edx,edx jz JUMP_002419 mov ecx,edx sar dword [ebp-0x14],cl JUMP_002419: ; Pos = 27c64 add eax,[ebp-0x14] test eax,eax jnl JUMP_002420 shr eax,1 inc dword [ebp-0xc] JUMP_002420: ; Pos = 27c70 mov edx,[ebp-0x38] mov [ebp-0x68],edx mov edx,[ebp-0x30] mov [ebp-0x64],edx mov edx,[ebp-0x28] mov [ebp-0x60],edx mov edx,[ebp-0xc] push edx push eax lea eax,[ebp-0x68] push eax call FUNC_001504 add esp,byte +0xc sub esi,byte +0x37 neg esi inc esi mov eax,0x20 sub eax,esi mov ecx,eax mov edx,[ebp-0x68] shl edx,cl mov [ebx+0x3e],edx mov ecx,eax mov edx,[ebp-0x64] shl edx,cl mov [ebx+0x46],edx mov ecx,eax mov eax,[ebp-0x60] shl eax,cl mov [ebx+0x4e],eax mov ecx,esi mov eax,[ebp-0x68] sar eax,cl mov [ebx+0x42],eax mov ecx,esi mov eax,[ebp-0x64] sar eax,cl mov [ebx+0x4a],eax mov ecx,esi mov eax,[ebp-0x60] sar eax,cl mov [ebx+0x52],eax JUMP_002421: ; Pos = 27cdc cmp byte [DATA_008699],0x0 jz near JUMP_002428 or byte [DATA_008696],0x80 xor eax,eax mov al,[ebx+0x86] cmp eax,[DATA_008857] jnz near JUMP_002426 push edi mov esi,ebx lea edi,[ebp+0xffffff2c] mov ecx,0x9 rep movsd pop edi mov eax,[ebp-0x80] mov [ebx+0xc],eax mov eax,[ebp-0x7c] mov [ebx+0x10],eax mov eax,[ebp-0x78] mov [ebx+0x14],eax push ebx call FUNC_000571 pop ecx push ebx call near [DATA_007719] ; FUNC_001520 pop ecx push ebx call FUNC_000571 pop ecx mov eax,[ebp-0x80] push eax mov eax,[ebx+0x8c] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebp-0x7c] push eax mov eax,[ebx+0x90] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp-0x78] push eax mov eax,[ebx+0x94] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax push esi mov eax,[ebp-0x80] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x68],eax push esi mov eax,[ebp-0x7c] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x64],eax push esi mov eax,[ebp-0x78] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x60],eax mov eax,[ebx+0x8c] add eax,eax mov ecx,0x3 cdq idiv ecx mov ecx,eax mov eax,[ebp-0x68] add eax,eax lea eax,[eax+eax*4] mov esi,0xc cdq idiv esi sub ecx,eax mov [ebx+0x8c],ecx mov eax,[ebx+0x90] add eax,eax mov ecx,0x3 cdq idiv ecx mov ecx,eax mov eax,[ebp-0x64] add eax,eax lea eax,[eax+eax*4] mov esi,0xc cdq idiv esi sub ecx,eax mov [ebx+0x90],ecx mov eax,[ebx+0x94] add eax,eax mov ecx,0x3 cdq idiv ecx mov ecx,eax mov eax,[ebp-0x60] add eax,eax lea eax,[eax+eax*4] mov esi,0xc cdq idiv esi sub ecx,eax mov [ebx+0x94],ecx mov eax,[ebx+0x8c] mov [ebp-0x68],eax mov eax,[ebx+0x90] mov [ebp-0x64],eax mov eax,[ebx+0x94] mov [ebp-0x60],eax mov eax,[ebx+0x8c] push eax mov eax,[ebp+0xffffff44] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebx+0x90] push eax mov eax,[ebp+0xffffff48] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebx+0x94] push eax mov eax,[ebp+0xffffff4c] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax test esi,esi jnl JUMP_002422 neg dword [ebp-0x68] neg dword [ebp-0x64] neg dword [ebp-0x60] JUMP_002422: ; Pos = 27e9a mov eax,[ebx+0x8c] push eax call _abs pop ecx mov esi,eax mov eax,[ebx+0x90] push eax call _abs pop ecx add esi,eax mov eax,[ebx+0x94] push eax call _abs pop ecx add esi,eax sub [ebp-0x10],esi mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx ecx,word [eax+0x6] shl ecx,0x2 mov eax,ecx imul dword [ebp-0x10] mov esi,0x708 cdq idiv esi mov edx,ecx test edx,edx jns JUMP_002423 add edx,byte +0x3 JUMP_002423: ; Pos = 27ef8 sar edx,0x2 cmp eax,edx jnl JUMP_002424 mov eax,edx JUMP_002424: ; Pos = 27f01 push byte +0x0 push eax push ebx call FUNC_000953 add esp,byte +0xc cmp dword [ebp-0x68],byte +0x0 jnz JUMP_002425 cmp dword [ebp-0x64],byte +0x0 jnz JUMP_002425 cmp dword [ebp-0x60],byte +0x0 jnz JUMP_002425 mov eax,[ebp+0xffffff44] mov [ebp-0x68],eax mov eax,[ebp+0xffffff48] mov [ebp-0x64],eax mov eax,[ebp+0xffffff4c] mov [ebp-0x60],eax JUMP_002425: ; Pos = 27f3a push dword 0x7fffffff lea eax,[ebp-0x68] push eax call FUNC_001503 add esp,byte +0x8 push edi lea esi,[ebp+0xffffff2c] mov edi,ebx mov ecx,0x9 rep movsd pop edi mov eax,[ebp-0x68] mov [ebx+0x18],eax mov eax,[ebp-0x64] mov [ebx+0x1c],eax mov eax,[ebp-0x60] mov [ebx+0x20],eax push ebx call near [DATA_007719] ; FUNC_001520 pop ecx jmp JUMP_002429 JUMP_002426: ; Pos = 27f7b cmp dword [ebx+0x82],byte +0xd jna near JUMP_002429 mov al,[ebx+0x87] cmp al,0xb jz JUMP_002427 cmp al,0xe jnz near JUMP_002429 JUMP_002427: ; Pos = 27f9a mov eax,[ebp-0x80] mov [ebx+0xc],eax mov eax,[ebp-0x7c] mov [ebx+0x10],eax mov eax,[ebp-0x78] mov [ebx+0x14],eax push ebx call FUNC_000571 pop ecx push ebx call near [DATA_007719] ; FUNC_001520 pop ecx push ebx call FUNC_000571 pop ecx xor eax,eax mov [ebx+0x8c],eax xor eax,eax mov [ebx+0x90],eax xor eax,eax mov [ebx+0x94],eax cmp byte [DATA_008700],0x0 jz JUMP_002429 push byte +0x0 push byte -0x1 push ebx call FUNC_000953 add esp,byte +0xc jmp short JUMP_002429 JUMP_002428: ; Pos = 27ff2 mov eax,[ebp-0x80] mov [ebx+0xc],eax mov eax,[ebp-0x7c] mov [ebx+0x10],eax mov eax,[ebp-0x78] mov [ebx+0x14],eax push ebx call FUNC_000571 pop ecx push ebx call near [DATA_007719] ; FUNC_001520 pop ecx push ebx call FUNC_000571 pop ecx xor eax,eax mov [ebx+0x8c],eax xor eax,eax mov [ebx+0x90],eax xor eax,eax mov [ebx+0x94],eax JUMP_002429: ; Pos = 28032 mov eax,[edi+0x140] cmp eax,[edi+0x138] jz JUMP_002430 or byte [DATA_008696],0x1 JUMP_002430: ; Pos = 28047 cmp byte [DATA_008698],0x0 jnz JUMP_002431 mov al,[edi+0x86] mov [DATA_008698],al mov [DATA_008702],edi JUMP_002431: ; Pos = 28061 mov al,[DATA_008696] JUMP_002432: ; Pos = 28066 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000576: ; Pos = 28070 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov esi,[ebp+0x8] mov byte [DATA_008697],0x0 mov eax,[esi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov edx,0x17 sub edx,[eax+0x14] mov [ebp-0xc],edx mov eax,[eax+0x34] mov [ebp-0x4],eax mov ebx,[esi+0x140] mov eax,[ebp+0x10] push esi mov esi,eax lea edi,[ebp-0x24] mov ecx,0x6 rep movsd pop esi JUMP_002433: ; Pos = 280b9 push ebx lea eax,[ebp-0x24] push eax mov eax,[ebp+0xc] push eax push esi lea eax,[ebp-0x5] push eax call FUNC_000579 add esp,byte +0x14 test al,al jng JUMP_002434 or byte [DATA_008697],0x80 JUMP_002434: ; Pos = 280da mov dl,[DATA_008697] test dl,dl jz JUMP_002435 mov ecx,[ebp+0xc] mov cl,[ecx+0x86] mov [DATA_008698],cl mov ecx,[ebp+0xc] mov [DATA_008702],ecx mov [DATA_008696],dl mov dl,[ebp-0x5] mov [DATA_008701],dl JUMP_002435: ; Pos = 2810b test al,al jl JUMP_002436 xor eax,eax jmp JUMP_002445 JUMP_002436: ; Pos = 28116 cmp byte [esi+0x14c],0x0 jl JUMP_002437 or eax,byte -0x1 jmp JUMP_002445 JUMP_002437: ; Pos = 28127 sub dword [ebp-0x4],byte +0x2 mov eax,[ebp-0x4] movsx eax,word [eax] test eax,eax jnz JUMP_002438 or eax,byte -0x1 jmp JUMP_002445 JUMP_002438: ; Pos = 2813d sub dword [ebp-0x4],byte +0x2 mov edx,[ebp-0x4] movsx ebx,word [edx] mov edx,ebx and edx,byte +0x6 sub edx,byte +0x1 jc JUMP_002439 dec edx jz JUMP_002440 sub edx,byte +0x2 jz JUMP_002441 jmp short JUMP_002442 JUMP_002439: ; Pos = 2815b mov edx,[esi] mov [ebp-0x30],edx mov edx,[esi+0x4] mov [ebp-0x2c],edx mov edx,[esi+0x8] mov [ebp-0x28],edx jmp short JUMP_002442 JUMP_002440: ; Pos = 2816e mov edx,[esi+0xc] mov [ebp-0x30],edx mov edx,[esi+0x10] mov [ebp-0x2c],edx mov edx,[esi+0x14] mov [ebp-0x28],edx jmp short JUMP_002442 JUMP_002441: ; Pos = 28182 mov edx,[esi+0x18] mov [ebp-0x30],edx mov edx,[esi+0x1c] mov [ebp-0x2c],edx mov edx,[esi+0x20] mov [ebp-0x28],edx JUMP_002442: ; Pos = 28194 test bl,0x1 jz JUMP_002443 neg dword [ebp-0x30] neg dword [ebp-0x2c] neg dword [ebp-0x28] JUMP_002443: ; Pos = 281a2 mov edx,[ebp-0x30] sar edx,0x10 imul edx,eax mov [ebp-0x30],edx mov edx,[ebp-0x2c] sar edx,0x10 imul edx,eax mov [ebp-0x2c],edx mov edx,[ebp-0x28] sar edx,0x10 imul edx,eax mov [ebp-0x28],edx and ebx,0xfff8 shl ebx,0xf cmp dword [ebp-0xc],byte +0x0 jz JUMP_002444 mov ecx,[ebp-0xc] sar dword [ebp-0x30],cl mov ecx,[ebp-0xc] sar dword [ebp-0x2c],cl mov ecx,[ebp-0xc] sar dword [ebp-0x28],cl mov ecx,[ebp-0xc] sar ebx,cl JUMP_002444: ; Pos = 281ec mov eax,[ebp-0x30] push eax mov eax,[ebp+0x10] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x24] push eax call FUNC_001334_Int64Add32 add esp,byte +0x10 mov eax,[ebp-0x2c] push eax mov eax,[ebp+0x10] push dword [eax+0xc] push dword [eax+0x8] lea eax,[ebp-0x1c] push eax call FUNC_001334_Int64Add32 add esp,byte +0x10 mov eax,[ebp-0x28] push eax mov eax,[ebp+0x10] push dword [eax+0x14] push dword [eax+0x10] lea eax,[ebp-0x14] push eax call FUNC_001334_Int64Add32 add esp,byte +0x10 jmp JUMP_002433 JUMP_002445: ; Pos = 2823b pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000577: ; Pos = 28244 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov ebx,[ebp+0x2c] mov esi,[ebp+0x10] mov edi,[ebp+0x8] mov eax,[ebx+0x4] or eax,[ebx+0xc] or eax,[ebx+0x14] or eax,[esi+0x13c] mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jz JUMP_002446 mov eax,[ebp-0x4] push eax call FUNC_001656_FindMSB pop ecx mov ebx,eax add ebx,byte +0x3 jmp short JUMP_002447 JUMP_002446: ; Pos = 2827f mov eax,[ebx] or eax,[ebx+0x8] or eax,[ebx+0x10] or eax,[esi+0x138] push eax call FUNC_001656_FindMSB pop ecx add eax,byte -0x1d mov ebx,eax JUMP_002447: ; Pos = 28299 test ebx,ebx jg JUMP_002448 neg ebx mov ecx,ebx mov eax,[ebp+0xc] mov eax,[eax+0x140] ; FIX: Collision radius add eax,[esi+0x140] ; add eax,[esi+0x138] shl eax,cl mov [ebp-0x8],eax mov ecx,ebx shl dword [ebp+0x14],cl mov ecx,ebx shl dword [ebp+0x1c],cl mov ecx,ebx shl dword [ebp+0x24],cl neg ebx jmp short JUMP_002449 JUMP_002448: ; Pos = 282c8 push ebx lea eax,[ebp+0x14] push eax call FUNC_001660_Vec64Shift add esp,byte +0x8 mov eax,[ebp+0xc] push dword [eax+0x13c] push dword [eax+0x138] push dword [esi+0x13c] push dword [esi+0x138] lea eax,[ebp-0x10] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov eax,ebx neg eax push eax lea eax,[ebp-0x10] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x10] mov [ebp-0x8],eax JUMP_002449: ; Pos = 28313 mov eax,[ebp+0x14] push eax call near [DATA_007737] ; FUNC_001522 pop ecx push eax mov eax,[ebp+0x1c] push eax call near [DATA_007737] ; FUNC_001522 pop ecx pop edx add edx,eax push edx mov eax,[ebp+0x24] push eax call near [DATA_007737] ; FUNC_001522 pop ecx pop edx add edx,eax mov [edi],edx mov eax,[ebp-0x8] push eax call near [DATA_007737] ; FUNC_001522 pop ecx cmp eax,[edi] jna JUMP_002450 xor eax,eax jmp short JUMP_002453 JUMP_002450: ; Pos = 28351 or byte [DATA_008696],0x2 mov eax,[edi] shr eax,1 push eax call near [DATA_007738] ; FUNC_001502 pop ecx add eax,eax mov [DATA_008703],eax cmp dword [DATA_008703],byte +0x0 jnl JUMP_002451 xor eax,eax mov [DATA_008703],eax JUMP_002451: ; Pos = 2837b xor eax,eax mov [DATA_008704],eax push ebx push dword DATA_008703 call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[esi+0x140] cmp eax,[esi+0x138] jz JUMP_002452 or byte [DATA_008696],0x1 JUMP_002452: ; Pos = 283a5 or eax,byte -0x1 JUMP_002453: ; Pos = 283a8 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000578: ; Pos = 283b0 push ebp mov ebp,esp sub esp, 0x24 push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] or byte [DATA_008696],0x80 mov al,[ebx+0x56] cmp al,[esi+0x86] jz JUMP_002454 cmp byte [esi+0x87],0x1 jnz near JUMP_002455 JUMP_002454: ; Pos = 283da mov eax,[ebx+0x8c] sar eax,0x2 neg eax mov [ebx+0x8c],eax mov eax,[ebx+0x90] sar eax,0x2 neg eax mov [ebx+0x90],eax mov eax,[ebx+0x94] sar eax,0x2 neg eax mov [ebx+0x94],eax mov eax,[ebx+0x8c] push eax call _abs pop ecx mov esi,eax mov eax,[ebx+0x90] push eax call _abs pop ecx add esi,eax mov eax,[ebx+0x94] push eax call _abs pop ecx add esi,eax mov eax,esi add eax,byte +0xa cmp dword [ebx+0x82],byte +0xd jna near JUMP_002457 push byte +0x0 push eax push ebx call FUNC_000953 add esp,byte +0xc jmp JUMP_002457 JUMP_002455: ; Pos = 2845d ; FIX: Missile retardation cmp dword [ebx+0x82],byte +0xd jna near JUMP_002457 cmp dword [esi+0x82],byte +0xd jna near JUMP_002457 cmp byte [DATA_008700],0x0 jz near JUMP_002457 ; If p2 > p1, swap push dword [ebx+0x82] call FUNC_001538 add esp, 4 push eax push dword [esi+0x82] call FUNC_001538 add esp, 4 pop edx mov eax, [eax+0x38] mov edx, [edx+0x38] cmp eax, 0 jz near JUMP_002457 cmp edx, 0 jz near JUMP_002457 movzx eax, word [eax+0x6] movzx edx, word [edx+0x6] cmp edx, eax jnl .noswap mov eax, ebx mov ebx, esi mov esi, eax .noswap: ; Stack offsets: ;ebp-0x18: Vec64 colloff ;ebp-0x24: Vec32 colldir32 ; Vec64Sub (colldir, p2+0x3e, p1+0x3e) push esi lea esi, [esi+0x3e] lea edi, [ebp-0x18] mov ecx, 6 rep movsd pop esi lea eax, [ebx+0x3e] push eax lea eax, [ebp-0x18] push eax call FUNC_001662_Vec64Sub add esp, 8 ; Vec64Truncate (colldir, 0x1e); ; Vec64to32 (colldir32, colldir); ; Vec32Normalise (colldir32); push dword 0x1d ; 0x1f? 0x1e? lea eax, [ebp-0x18] push eax call FUNC_001658_Vec64Truncate add esp, 8 mov eax, [ebp-0x18] mov [ebp-0x24], eax mov eax, [ebp-0x10] mov [ebp-0x20], eax mov eax, [ebp-0x8] mov [ebp-0x1c], eax lea eax, [ebp-0x24] push eax lea eax, [ebp-0x24] push eax call FUNC_001519 add esp, 8 ; Vec32Sub (veldiff, p2+0x8c, p1+0x8c) ; veldiffmag = Vec32Dot (colldir32, veldiff) mov eax, [esi+0x8c] sub eax, [ebx+0x8c] push eax push dword [ebp-0x24] call FUNC_001521 add esp, 8 push eax mov eax, [esi+0x90] sub eax, [ebx+0x90] push eax push dword [ebp-0x20] call FUNC_001521 add esp, 8 pop edx add eax, edx push eax mov eax, [esi+0x94] sub eax, [ebx+0x94] push eax push dword [ebp-0x1c] call FUNC_001521 add esp, 8 pop edx add eax, edx ; -2 times, check negative. add eax, eax neg eax test eax, eax jl near JUMP_002457 mov edi, eax ; Vec32Mul (veldiff, colldir32, veldiffmag) ; Vec32Add (p2+0x8c, p2+0x8c, veldiff) push edi push dword [ebp-0x24] call FUNC_001521 add esp, 8 add [esi+0x8c], eax push edi push dword [ebp-0x20] call FUNC_001521 add esp, 8 add [esi+0x90], eax push edi push dword [ebp-0x1c] call FUNC_001521 add esp, 8 add [esi+0x94], eax ; Apply damage. veldiffmag * w[p2+0xe4] / factor push dword [esi+0x82] call FUNC_001538 add esp, 4 mov eax, [eax+0x38] movzx eax, word [eax+0x6] xor edx, edx mul edi mov ecx, 5000 div ecx mov edi, eax movzx eax, byte [esi+0x86] push eax push edi push ebx call FUNC_000953 add esp,byte +0xc movzx eax, byte [ebx+0x86] push eax push edi push esi call FUNC_000953 add esp,byte +0xc JUMP_002457: ; Pos = 2854c pop edi pop esi pop ebx mov esp, ebp pop ebp ret ; mov eax,[ebx+0x8c] ; add eax,[esi+0x8c] ; sar eax,1 ; mov [esi+0x8c],eax ; mov [ebx+0x8c],eax ; mov eax,[ebx+0x90] ; add eax,[esi+0x90] ; sar eax,1 ; mov [esi+0x90],eax ; mov [ebx+0x90],eax ; mov eax,[ebx+0x94] ; add eax,[esi+0x94] ; sar eax,1 ; mov [esi+0x94],eax ; mov [ebx+0x94],eax ; cmp byte [DATA_008700],0x0 ; jz near JUMP_002457 ; mov ax,[esi+0xe4] ; cmp ax,[ebx+0xe4] ; ja JUMP_002456 ; xor edx,edx ; mov dl,[ebx+0x86] ; push edx ; movzx eax,ax ; add eax,eax ; push eax ; push esi ; call FUNC_000953 ; add esp,byte +0xc ; xor eax,eax ; mov al,[esi+0x86] ; push eax ; movzx eax,word [esi+0xe4] ; add eax,eax ; push eax ; push ebx ; call FUNC_000953 ; add esp,byte +0xc ; jmp short JUMP_002457 ; JUMP_002456: ; Pos = 28514 ; xor eax,eax ; mov al,[ebx+0x86] ; push eax ; movzx eax,word [ebx+0xe4] ; add eax,eax ; push eax ; push esi ; call FUNC_000953 ; add esp,byte +0xc ; xor eax,eax ; mov al,[esi+0x86] ; push eax ; movzx eax,word [ebx+0xe4] ; add eax,eax ; push eax ; push ebx ; call FUNC_000953 ; add esp,byte +0xc ; JUMP_002457: ; Pos = 2854c ; pop esi ; pop ebx ; pop ebp ; ret FUNC_000579: ; Pos = 28550 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi push edi mov esi,[ebp+0x14] mov edi,[ebp+0x10] mov eax,[edi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov ebx,eax mov eax,[ebx+0xc] mov [ebp-0x10],eax mov eax,[ebx+0x4] mov [ebp-0xc],eax mov eax,[ebx+0x14] add eax,[ebx+0x18] mov [ebp-0x8],eax push byte +0x1c push esi call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov edx,[esi] mov [ebp-0x1c],edx mov edx,[esi+0x8] mov [ebp-0x18],edx mov edx,[esi+0x10] mov [ebp-0x14],edx mov [ebp-0x4],eax mov edx,[ebp-0x8] add edx,byte -0x17 sub eax,edx test eax,eax jnl JUMP_002458 neg eax add [ebp-0x4],eax mov ecx,eax sar dword [ebp-0x1c],cl mov ecx,eax sar dword [ebp-0x18],cl mov ecx,eax sar dword [ebp-0x14],cl JUMP_002458: ; Pos = 285c3 mov eax,[ebp-0x4] test eax,eax jnl JUMP_002459 mov ecx,eax neg ecx shl dword [ebp+0x18],cl jmp short JUMP_002460 JUMP_002459: ; Pos = 285d3 test eax,eax jng JUMP_002460 mov ecx,eax sar dword [ebp+0x18],cl JUMP_002460: ; Pos = 285dc mov eax,[ebp+0xc] cmp byte [eax+0x57],0x0 jz JUMP_002461 mov eax,[ebp+0xc] mov al,[eax+0x56] cmp al,[edi+0x86] jz JUMP_002462 JUMP_002461: ; Pos = 285f3 push edi lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x1c] push eax call FUNC_001670_VecMatTMul add esp,byte +0xc JUMP_002462: ; Pos = 28604 mov eax,[ebp+0x18] push eax push edi mov eax,[ebx+0x34] push eax lea eax,[ebp-0x1c] push eax mov eax,[ebp+0x8] push eax call FUNC_000582 add esp,byte +0x14 movsx eax,al pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000580: ; Pos = 28628 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi mov ebx,[ebp+0xc] mov eax,[ebp+0x10] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov esi,eax mov eax,[esi+0xc] mov [ebp-0x24],eax mov eax,[esi+0x4] mov [ebp-0x20],eax mov eax,[esi+0x14] add eax,[esi+0x18] mov [ebp-0x1c],eax mov eax,[ebx+0x18] mov [ebp-0x18],eax movsx eax,byte [ebp+0x14] sar eax,1 lea eax,[eax+eax*2] mov edx,[ebx+0x10] mov ecx,[edx+eax*2] mov [ebp-0x8],ecx mov cx,[edx+eax*2+0x4] mov [ebp-0x4],cx test byte [ebp+0x14],0x1 jz JUMP_002463 movsx eax,byte [ebp-0x6] neg eax mov [ebp-0x14],eax jmp short JUMP_002464 JUMP_002463: ; Pos = 28687 movsx eax,byte [ebp-0x6] mov [ebp-0x14],eax JUMP_002464: ; Pos = 2868e movsx eax,byte [ebp-0x5] mov [ebp-0x10],eax movsx eax,byte [ebp-0x4] mov [ebp-0xc],eax mov eax,[ebx+0x14] sub eax,[ebx+0x18] test eax,eax jnl JUMP_002465 neg eax mov ecx,eax sar dword [ebp-0x14],cl mov ecx,eax sar dword [ebp-0x10],cl mov ecx,eax sar dword [ebp-0xc],cl jmp short JUMP_002466 JUMP_002465: ; Pos = 286b9 test eax,eax jz JUMP_002466 mov ecx,eax shl dword [ebp-0x14],cl mov ecx,eax shl dword [ebp-0x10],cl mov ecx,eax shl dword [ebp-0xc],cl JUMP_002466: ; Pos = 286cc mov eax,[ebx] sub eax,[ebp-0x14] mov [ebp-0x14],eax mov eax,[ebx+0x4] sub eax,[ebp-0x10] mov [ebp-0x10],eax mov eax,[ebx+0x8] sub eax,[ebp-0xc] mov [ebp-0xc],eax cmp byte [ebp+0x18],0x0 jnz JUMP_002467 mov eax,[ebp-0x14] mov [ebp-0x30],eax mov eax,[ebp-0x10] mov [ebp-0x2c],eax mov eax,[ebp-0xc] mov [ebp-0x28],eax jmp JUMP_002477 JUMP_002467: ; Pos = 28703 mov al,[ebp+0x18] test al,0x20 jz JUMP_002468 neg dword [ebp-0x14] JUMP_002468: ; Pos = 2870d test al,0x10 jz JUMP_002469 neg dword [ebp-0x10] JUMP_002469: ; Pos = 28714 test al,0x8 jz JUMP_002470 neg dword [ebp-0xc] JUMP_002470: ; Pos = 2871b mov al,[ebp+0x18] and eax,byte +0x7 cmp eax,byte +0x5 ja near JUMP_002477 jmp near [eax*4+DATA_000028] SECTION .data DATA_000028: ; Pos = 28731 dd JUMP_002471 dd JUMP_002472 dd JUMP_002473 dd JUMP_002474 dd JUMP_002475 dd JUMP_002476 SECTION .text JUMP_002471: ; Pos = 28749 mov eax,[ebp-0x14] mov [ebp-0x30],eax mov eax,[ebp-0x10] mov [ebp-0x2c],eax mov eax,[ebp-0xc] mov [ebp-0x28],eax jmp short JUMP_002477 JUMP_002472: ; Pos = 2875d mov eax,[ebp-0x14] mov [ebp-0x2c],eax mov eax,[ebp-0x10] mov [ebp-0x28],eax mov eax,[ebp-0xc] mov [ebp-0x30],eax jmp short JUMP_002477 JUMP_002473: ; Pos = 28771 mov eax,[ebp-0x14] mov [ebp-0x28],eax mov eax,[ebp-0x10] mov [ebp-0x30],eax mov eax,[ebp-0xc] mov [ebp-0x2c],eax jmp short JUMP_002477 JUMP_002474: ; Pos = 28785 mov eax,[ebp-0x14] mov [ebp-0x28],eax mov eax,[ebp-0x10] mov [ebp-0x2c],eax mov eax,[ebp-0xc] mov [ebp-0x30],eax jmp short JUMP_002477 JUMP_002475: ; Pos = 28799 mov eax,[ebp-0x14] mov [ebp-0x2c],eax mov eax,[ebp-0x10] mov [ebp-0x30],eax mov eax,[ebp-0xc] mov [ebp-0x28],eax jmp short JUMP_002477 JUMP_002476: ; Pos = 287ad mov eax,[ebp-0x14] mov [ebp-0x30],eax mov eax,[ebp-0x10] mov [ebp-0x28],eax mov eax,[ebp-0xc] mov [ebp-0x2c],eax JUMP_002477: ; Pos = 287bf mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x20] push eax mov eax,[esi+0x34] push eax lea eax,[ebp-0x30] push eax mov eax,[ebp+0x8] push eax call FUNC_000582 add esp,byte +0x14 movsx eax,al pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000581: ; Pos = 287e4 push ebp mov ebp,esp add esp,0xffffff70 push ebx push esi push edi mov eax,[ebp+0xc] movzx eax,byte [eax] mov edx,[ebp+0xc] movzx edx,byte [edx+0x1] mov ecx,[ebp+0xc] xor ebx,ebx mov bl,[ecx+0x2] mov ecx,[ebp+0xc] movzx ecx,byte [ecx+0x3] mov [ebp-0x4],ecx mov ecx,[ebp+0xc] movzx ecx,byte [ecx+0x5] shl ecx,0x8 mov esi,[ebp+0xc] movzx esi,byte [esi+0x4] or ecx,esi mov [ebp-0x8],ecx mov byte [DATA_008707],0xff mov ecx,eax sar ecx,1 lea ecx,[ecx+ecx*2] mov esi,[ebp+0x18] mov esi,[esi+0x10] mov edi,[esi+ecx*2] mov [ebp-0x10],edi mov di,[esi+ecx*2+0x4] mov [ebp-0xc],di test al,0x1 jz JUMP_002478 movsx eax,byte [ebp-0xe] neg eax mov [ebp-0x30],eax jmp short JUMP_002479 JUMP_002478: ; Pos = 28857 movsx eax,byte [ebp-0xe] mov [ebp-0x30],eax JUMP_002479: ; Pos = 2885e movsx eax,byte [ebp-0xd] mov [ebp-0x2c],eax movsx eax,byte [ebp-0xc] mov [ebp-0x28],eax mov eax,edx sar eax,1 lea eax,[eax+eax*2] mov ecx,[ebp+0x18] mov ecx,[ecx+0x10] mov esi,[ecx+eax*2] mov [ebp-0x10],esi mov si,[ecx+eax*2+0x4] mov [ebp-0xc],si test dl,0x1 jz JUMP_002480 movsx eax,byte [ebp-0xe] neg eax mov [ebp-0x78],eax jmp short JUMP_002481 JUMP_002480: ; Pos = 28898 movsx eax,byte [ebp-0xe] mov [ebp-0x78],eax JUMP_002481: ; Pos = 2889f movsx eax,byte [ebp-0xd] mov [ebp-0x74],eax movsx eax,byte [ebp-0xc] mov [ebp-0x70],eax mov eax,ebx sar eax,1 lea eax,[eax+eax*2] mov edx,[ebp+0x18] mov edx,[edx+0x10] mov ecx,[edx+eax*2] mov [ebp-0x10],ecx mov cx,[edx+eax*2+0x4] mov [ebp-0xc],cx test bl,0x1 jz JUMP_002482 movsx eax,byte [ebp-0xe] neg eax mov [ebp-0x6c],eax jmp short JUMP_002483 JUMP_002482: ; Pos = 288d9 movsx eax,byte [ebp-0xe] mov [ebp-0x6c],eax JUMP_002483: ; Pos = 288e0 movsx eax,byte [ebp-0xd] mov [ebp-0x68],eax movsx eax,byte [ebp-0xc] mov [ebp-0x64],eax mov eax,[ebp-0x4] sar eax,1 lea eax,[eax+eax*2] mov edx,[ebp+0x18] mov edx,[edx+0x10] mov ecx,[edx+eax*2] mov [ebp-0x10],ecx mov cx,[edx+eax*2+0x4] mov [ebp-0xc],cx test byte [ebp-0x4],0x1 jz JUMP_002484 movsx eax,byte [ebp-0xe] neg eax mov [ebp-0x60],eax jmp short JUMP_002485 JUMP_002484: ; Pos = 2891c movsx eax,byte [ebp-0xe] mov [ebp-0x60],eax JUMP_002485: ; Pos = 28923 movsx eax,byte [ebp-0xd] mov [ebp-0x5c],eax movsx eax,byte [ebp-0xc] mov [ebp-0x58],eax mov eax,[ebp+0x18] mov eax,[eax+0x14] mov edx,[ebp+0x18] sub eax,[edx+0x18] test eax,eax jnl JUMP_002486 neg eax mov ecx,eax sar dword [ebp-0x30],cl mov ecx,eax sar dword [ebp-0x2c],cl mov ecx,eax sar dword [ebp-0x28],cl mov ecx,eax sar dword [ebp-0x78],cl mov ecx,eax sar dword [ebp-0x74],cl mov ecx,eax sar dword [ebp-0x70],cl mov ecx,eax sar dword [ebp-0x6c],cl mov ecx,eax sar dword [ebp-0x68],cl mov ecx,eax sar dword [ebp-0x64],cl mov ecx,eax sar dword [ebp-0x60],cl mov ecx,eax sar dword [ebp-0x5c],cl mov ecx,eax sar dword [ebp-0x58],cl jmp short JUMP_002487 JUMP_002486: ; Pos = 28981 mov ecx,eax shl dword [ebp-0x30],cl mov ecx,eax shl dword [ebp-0x2c],cl mov ecx,eax shl dword [ebp-0x28],cl mov ecx,eax shl dword [ebp-0x78],cl mov ecx,eax shl dword [ebp-0x74],cl mov ecx,eax shl dword [ebp-0x70],cl mov ecx,eax shl dword [ebp-0x6c],cl mov ecx,eax shl dword [ebp-0x68],cl mov ecx,eax shl dword [ebp-0x64],cl mov ecx,eax shl dword [ebp-0x60],cl mov ecx,eax shl dword [ebp-0x5c],cl mov ecx,eax shl dword [ebp-0x58],cl JUMP_002487: ; Pos = 289bd mov eax,[ebp-0x30] neg eax add [ebp-0x78],eax mov edx,[ebp-0x2c] neg edx add [ebp-0x74],edx mov ecx,[ebp-0x28] neg ecx add [ebp-0x70],ecx mov ebx,[ebp-0x30] neg ebx add [ebp-0x6c],eax mov ebx,[ebp-0x2c] neg ebx add [ebp-0x68],edx mov ebx,[ebp-0x28] neg ebx add [ebp-0x64],ecx mov ebx,[ebp-0x30] neg ebx add [ebp-0x60],eax mov eax,[ebp-0x2c] neg eax add [ebp-0x5c],edx mov eax,[ebp-0x28] neg eax add [ebp-0x58],ecx mov eax,[ebp+0x18] mov eax,[eax] sub [ebp-0x30],eax mov eax,[ebp+0x18] mov eax,[eax+0x4] sub [ebp-0x2c],eax mov eax,[ebp+0x18] mov eax,[eax+0x8] sub [ebp-0x28],eax lea eax,[ebp-0x30] push eax call FUNC_001466 pop ecx mov [ebp-0x14],eax mov eax,[ebp+0x10] mov edx,[eax+0x138] mov [ebp-0x20],edx mov edx,[eax+0x13c] mov [ebp-0x1c],edx mov eax,[ebp+0x18] mov eax,[eax+0x18] neg eax push eax lea eax,[ebp-0x20] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x14] sub eax,[ebp-0x20] cmp eax,[ebp+0x14] jl JUMP_002488 mov eax,[ebp+0x8] mov dword [eax],0xffffffff mov byte [DATA_008707],0x0 mov eax,[ebp+0xc] add eax,byte +0x6 push eax call FUNC_001822 pop ecx jmp JUMP_002508 JUMP_002488: ; Pos = 28a83 mov eax,[ebp+0x10] mov edx,[eax+0x140] mov [ebp-0x20],edx mov edx,[eax+0x144] mov [ebp-0x1c],edx mov eax,[ebp+0x18] mov eax,[eax+0x18] neg eax push eax lea eax,[ebp-0x20] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x14] sub eax,[ebp-0x20] cmp eax,[ebp+0x14] jg JUMP_002489 mov eax,[ebp+0x8] xor edx,edx mov [eax],edx mov byte [DATA_008707],0x1 mov eax,[ebp+0xc] add eax,byte +0x6 push eax call FUNC_001822 pop ecx jmp JUMP_002508 JUMP_002489: ; Pos = 28ad8 mov eax,[ebp-0x30] test eax,eax jz near JUMP_002496 mov [ebp+0xffffff7c],eax mov eax,[ebp-0x2c] mov [ebp-0x80],eax xor eax,eax mov [ebp-0x7c],eax lea eax,[ebp+0xffffff7c] push eax call FUNC_001466 pop ecx mov edi,eax mov ebx,[ebp+0xffffff7c] test ebx,ebx jnl JUMP_002491 push edi neg ebx push ebx call FUNC_001523 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnl JUMP_002490 mov ebx,0x7fffffff JUMP_002490: ; Pos = 28b24 neg ebx jmp short JUMP_002492 JUMP_002491: ; Pos = 28b28 push edi mov eax,[ebp+0xffffff7c] push eax call FUNC_001523 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnl JUMP_002492 mov ebx,0x7fffffff JUMP_002492: ; Pos = 28b43 mov esi,[ebp-0x80] test esi,esi jnl JUMP_002494 push edi neg esi push esi call FUNC_001523 add esp,byte +0x8 mov esi,eax test esi,esi jnl JUMP_002493 mov esi,0x7fffffff JUMP_002493: ; Pos = 28b61 neg esi jmp short JUMP_002495 JUMP_002494: ; Pos = 28b65 push edi mov eax,[ebp-0x80] push eax call FUNC_001523 add esp,byte +0x8 mov esi,eax test esi,esi jnl JUMP_002495 mov esi,0x7fffffff JUMP_002495: ; Pos = 28b7d mov [ebp-0x54],esi mov [ebp-0x50],ebx xor eax,eax mov [ebp-0x4c],eax neg ebx mov [ebp-0x48],ebx mov [ebp-0x44],esi xor eax,eax mov [ebp-0x40],eax xor eax,eax mov [ebp-0x3c],eax xor eax,eax mov [ebp-0x38],eax mov dword [ebp-0x34],0x7fffffff mov [ebp-0x2c],edi jmp short JUMP_002497 JUMP_002496: ; Pos = 28bab mov dword [ebp-0x54],0x7fffffff xor eax,eax mov [ebp-0x50],eax xor eax,eax mov [ebp-0x4c],eax xor eax,eax mov [ebp-0x48],eax mov dword [ebp-0x44],0x7fffffff xor eax,eax mov [ebp-0x40],eax xor eax,eax mov [ebp-0x3c],eax xor eax,eax mov [ebp-0x38],eax mov dword [ebp-0x34],0x7fffffff JUMP_002497: ; Pos = 28bde mov eax,[ebp-0x2c] test eax,eax jz near JUMP_002504 xor edx,edx mov [ebp+0xffffff70],edx mov [ebp+0xffffff74],eax mov eax,[ebp-0x28] mov [ebp+0xffffff78],eax lea eax,[ebp+0xffffff70] push eax call FUNC_001466 pop ecx mov edi,eax mov ebx,[ebp+0xffffff74] test ebx,ebx jnl JUMP_002499 push edi neg ebx push ebx call FUNC_001523 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnl JUMP_002498 mov ebx,0x7fffffff JUMP_002498: ; Pos = 28c30 neg ebx jmp short JUMP_002500 JUMP_002499: ; Pos = 28c34 push edi mov eax,[ebp+0xffffff74] push eax call FUNC_001523 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnl JUMP_002500 mov ebx,0x7fffffff JUMP_002500: ; Pos = 28c4f mov esi,[ebp+0xffffff78] test esi,esi jnl JUMP_002502 push edi neg esi push esi call FUNC_001523 add esp,byte +0x8 mov esi,eax test esi,esi jnl JUMP_002501 mov esi,0x7fffffff JUMP_002501: ; Pos = 28c70 neg esi jmp short JUMP_002503 JUMP_002502: ; Pos = 28c74 push edi mov eax,[ebp+0xffffff78] push eax call FUNC_001523 add esp,byte +0x8 mov esi,eax test esi,esi jnl JUMP_002503 mov esi,0x7fffffff JUMP_002503: ; Pos = 28c8f push ebx mov eax,[ebp-0x50] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x4c],eax push esi mov eax,[ebp-0x50] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x50],eax push ebx mov eax,[ebp-0x44] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x40],eax push esi mov eax,[ebp-0x44] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x44],eax neg ebx mov [ebp-0x38],ebx mov [ebp-0x34],esi JUMP_002504: ; Pos = 28cd7 xor eax,eax mov [ebp-0x30],eax xor eax,eax mov [ebp-0x2c],eax mov eax,[ebp-0x14] mov [ebp-0x28],eax lea eax,[ebp-0x54] push eax lea eax,[ebp-0x78] push eax lea eax,[ebp-0x78] push eax call FUNC_001669_VecMatMul add esp,byte +0xc lea eax,[ebp-0x54] push eax lea eax,[ebp-0x6c] push eax lea eax,[ebp-0x6c] push eax call FUNC_001669_VecMatMul add esp,byte +0xc lea eax,[ebp-0x54] push eax lea eax,[ebp-0x60] push eax lea eax,[ebp-0x60] push eax call FUNC_001669_VecMatMul add esp,byte +0xc push byte +0x1 push byte +0x0 push byte +0x0 push byte +0x0 mov eax,[ebp-0x8] push eax lea eax,[ebp-0x78] push eax lea eax,[ebp-0x30] push eax mov eax,[ebp+0xc] add eax,byte +0x6 push eax push byte +0x0 mov eax,[ebp+0x10] push eax mov eax,[ebp+0x18] mov ecx,[eax+0x18] mov eax,0x77359400 sar eax,cl push eax lea eax,[ebp-0x18] push eax call FUNC_001876 add esp,byte +0x30 mov [ebp+0xc],eax xor eax,eax mov edx,[ebp+0x14] sar edx,0x10 cmp edx,[ebp-0x18] jg JUMP_002505 dec eax JUMP_002505: ; Pos = 28d6f mov edx,[ebp+0x8] mov [edx],eax mov eax,[ebp+0x18] mov eax,[eax+0x18] mov ecx,eax mov edx,0x77359400 sar edx,cl cmp edx,[ebp-0x18] jng JUMP_002506 mov edx,[ebp-0x18] mov [DATA_008703],edx mov edx,[ebp-0x18] sar edx,0x1f mov [DATA_008704],edx push eax push dword DATA_008703 call FUNC_001341_Int64ArithShift add esp,byte +0x8 JUMP_002506: ; Pos = 28dab mov eax,[DATA_008703] mov [DATA_008705],eax mov eax,[DATA_008704] mov [DATA_008706],eax mov eax,[ebp+0x8] cmp dword [eax],byte +0x0 jnz JUMP_002507 xor eax,eax mov [DATA_008703],eax xor eax,eax mov [DATA_008704],eax mov byte [DATA_008707],0x1 JUMP_002507: ; Pos = 28de0 mov eax,[ebp+0xc] JUMP_002508: ; Pos = 28de3 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000582: ; Pos = 28dec push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0x10] mov bl,[esi] inc esi test bl,bl jz near JUMP_002531 JUMP_002509: ; Pos = 28e03 xor eax,eax mov al,[esi] mov [ebp-0x4],eax inc esi test bl,0x20 jz near JUMP_002516 mov al,[esi] inc esi and eax,0xff mov edx,[ebp+0x14] movzx edx,word [edx+eax*2+0x9c] mov al,[esi] inc esi movsx ecx,al and ecx,byte +0x1f shr edx,cl movsx eax,al sar eax,0x7 xor edx,eax test dl,0x1 jz JUMP_002516 and ebx,0xc0 sub ebx,byte +0x1 jc JUMP_002510 sub ebx,byte +0x3f jz JUMP_002513 sub ebx,byte +0x40 jz JUMP_002514 sub ebx,byte +0x40 jz JUMP_002515 jmp JUMP_002530 JUMP_002510: ; Pos = 28e5e movzx edi,byte [esi] inc esi cmp edi,0xff jnz JUMP_002511 add esi,byte +0x6 push esi call FUNC_001822 pop ecx mov esi,eax jmp JUMP_002530 JUMP_002511: ; Pos = 28e7b test edi,edi jz near JUMP_002530 JUMP_002512: ; Pos = 28e83 movzx edi,byte [esi] inc esi test edi,edi jnz JUMP_002512 jmp JUMP_002530 JUMP_002513: ; Pos = 28e90 movzx edi,byte [esi] inc esi test edi,edi jnz JUMP_002513 jmp JUMP_002530 JUMP_002514: ; Pos = 28e9d add esi,byte +0x4 jmp JUMP_002530 JUMP_002515: ; Pos = 28ea5 movzx edi,byte [esi] inc esi test edi,edi jnz JUMP_002515 jmp JUMP_002530 JUMP_002516: ; Pos = 28eb2 mov eax,ebx and eax,0xc0 sub eax,byte +0x1 jc JUMP_002517 sub eax,byte +0x3f jz near JUMP_002522 sub eax,byte +0x40 jz near JUMP_002525 sub eax,byte +0x40 jz near JUMP_002527 jmp JUMP_002530 JUMP_002517: ; Pos = 28ede movzx edi,byte [esi] inc esi cmp edi,0xff jnz JUMP_002519 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax push esi lea eax,[ebp-0x8] push eax call FUNC_000581 add esp,byte +0x14 mov esi,eax cmp dword [ebp-0x8],byte +0x0 jnz JUMP_002518 mov al,[ebp-0x4] or [DATA_008697],al mov eax,[ebp+0x8] mov [eax],bl xor eax,eax jmp JUMP_002532 JUMP_002518: ; Pos = 28f20 mov al,[ebp-0x4] and al,0x7f or [DATA_008697],al jmp JUMP_002530 JUMP_002519: ; Pos = 28f30 test edi,edi jz near JUMP_002530 JUMP_002520: ; Pos = 28f38 mov eax,[ebp+0xc] push eax push edi mov eax,[ebp+0x18] push eax call FUNC_000583 add esp,byte +0xc test eax,eax jz JUMP_002521 mov al,[ebp-0x4] and al,0x7f or [DATA_008697],al mov eax,[ebp+0x8] mov [eax],bl or eax,byte -0x1 jmp JUMP_002532 JUMP_002521: ; Pos = 28f65 inc esi movzx edi,byte [esi-0x1] test edi,edi jnz JUMP_002520 jmp JUMP_002530 JUMP_002522: ; Pos = 28f73 movzx edi,byte [esi] inc esi test edi,edi jnz JUMP_002523 mov al,[ebp-0x4] and al,0x7f or [DATA_008697],al mov eax,[ebp+0x8] mov [eax],bl or eax,byte -0x1 jmp JUMP_002532 JUMP_002523: ; Pos = 28f93 mov eax,[ebp+0xc] push eax push edi mov eax,[ebp+0x18] push eax call FUNC_000583 add esp,byte +0xc test eax,eax jnz JUMP_002522 JUMP_002524: ; Pos = 28fa8 mov al,[esi] inc esi test al,al jnz JUMP_002524 jmp JUMP_002530 JUMP_002525: ; Pos = 28fb4 movzx edi,byte [esi] shl edi,0x8 inc esi xor eax,eax mov al,[esi] or edi,eax inc esi mov dl,[esi] inc esi mov al,[esi] inc esi mov ecx,[ebp+0x14] push ecx mov ecx,[ebp+0x18] push ecx push edx push eax push edi mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000580 add esp,byte +0x1c mov edx,[ebp+0x8] mov dl,[edx] or [DATA_008701],dl test eax,eax jnl JUMP_002526 mov al,[ebp-0x4] and al,0x7f or [DATA_008697],al mov eax,[ebp+0x8] mov [eax],bl or eax,byte -0x1 jmp short JUMP_002532 JUMP_002526: ; Pos = 29007 test eax,eax jg JUMP_002530 mov al,[ebp-0x4] or [DATA_008697],al test byte [ebp-0x4],0x80 jz JUMP_002530 mov eax,[ebp+0x8] mov [eax],bl xor eax,eax jmp short JUMP_002532 JUMP_002527: ; Pos = 29023 movzx edi,byte [esi] inc esi test edi,edi jnz JUMP_002528 mov al,[ebp-0x4] or [DATA_008697],al test byte [ebp-0x4],0x80 jz JUMP_002528 mov eax,[ebp+0x8] mov [eax],bl xor eax,eax jmp short JUMP_002532 JUMP_002528: ; Pos = 29043 mov eax,[ebp+0xc] push eax push edi mov eax,[ebp+0x18] push eax call FUNC_000583 add esp,byte +0xc test eax,eax jz JUMP_002527 JUMP_002529: ; Pos = 29058 mov bl,[esi] inc esi test bl,bl jnz JUMP_002529 JUMP_002530: ; Pos = 2905f mov bl,[esi] inc esi test bl,bl jnz near JUMP_002509 JUMP_002531: ; Pos = 2906a mov eax,[ebp+0x8] mov byte [eax],0x0 mov al,0x1 JUMP_002532: ; Pos = 29072 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000583: ; Pos = 2907c push ebp mov ebp,esp add esp,byte -0x28 push ebx push esi push edi mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ecx,eax sar ecx,1 lea ecx,[ecx+ecx*2] mov ebx,[edx+0xc] mov esi,[ebx+ecx*2-0x6] mov [ebp-0x8],esi mov si,[ebx+ecx*2-0x2] mov [ebp-0x4],si mov bl,[ebp-0x8] xor ecx,ecx mov cl,bl sar ecx,1 lea ecx,[ecx+ecx*2] mov esi,[edx+0x10] mov edi,[esi+ecx*2] mov [ebp-0x10],edi mov di,[esi+ecx*2+0x4] mov [ebp-0xc],di test al,0x1 jz JUMP_002533 movsx eax,byte [ebp-0x6] neg eax shl eax,0x8 mov [ebp-0x1c],eax movsx eax,byte [ebp-0x5] shl eax,0x8 mov [ebp-0x18],eax movsx eax,byte [ebp-0x4] shl eax,0x8 mov [ebp-0x14],eax xor eax,eax mov al,[ebp-0x8] test al,0x1 jnz JUMP_002534 neg byte [ebp-0xe] jmp short JUMP_002534 JUMP_002533: ; Pos = 290f5 movsx eax,byte [ebp-0x6] shl eax,0x8 mov [ebp-0x1c],eax movsx eax,byte [ebp-0x5] shl eax,0x8 mov [ebp-0x18],eax movsx eax,byte [ebp-0x4] shl eax,0x8 mov [ebp-0x14],eax test bl,0x1 jz JUMP_002534 neg byte [ebp-0xe] JUMP_002534: ; Pos = 2911b mov eax,[edx+0x14] sub eax,[edx+0x18] test eax,eax jnl JUMP_002535 neg eax mov ecx,eax movsx ebx,byte [ebp-0xe] sar ebx,cl mov [ebp-0x28],ebx mov ecx,eax movsx ebx,byte [ebp-0xd] sar ebx,cl mov [ebp-0x24],ebx mov ecx,eax movsx eax,byte [ebp-0xc] sar eax,cl mov [ebp-0x20],eax jmp short JUMP_002536 JUMP_002535: ; Pos = 2914a mov ecx,eax movsx ebx,byte [ebp-0xe] shl ebx,cl mov [ebp-0x28],ebx mov ecx,eax movsx ebx,byte [ebp-0xd] shl ebx,cl mov [ebp-0x24],ebx mov ecx,eax movsx eax,byte [ebp-0xc] shl eax,cl mov [ebp-0x20],eax JUMP_002536: ; Pos = 2916b mov eax,[edx] sub [ebp-0x28],eax mov eax,[edx+0x4] sub [ebp-0x24],eax mov eax,[edx+0x8] sub [ebp-0x20],eax mov eax,[ebp-0x28] push eax call _abs pop ecx mov ebx,eax mov eax,[ebp-0x24] push eax call _abs pop ecx or ebx,eax mov eax,[ebp-0x20] push eax call _abs pop ecx or ebx,eax push ebx call FUNC_001656_FindMSB pop ecx add eax,byte -0xd test eax,eax jnl JUMP_002537 xor eax,eax JUMP_002537: ; Pos = 291b0 mov ecx,eax mov edx,[ebp-0x28] sar edx,cl imul edx,[ebp-0x1c] mov ecx,eax mov ebx,[ebp-0x24] sar ebx,cl imul ebx,[ebp-0x18] add edx,ebx mov ecx,eax mov ebx,[ebp-0x20] sar ebx,cl imul ebx,[ebp-0x14] add edx,ebx neg edx add edx,edx mov ecx,eax mov eax,[ebp+0x8] sar eax,cl cmp edx,eax setnl al and eax,byte +0x1 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000584: ; Pos = 291f0 push ebp mov ebp,esp mov edx,[ebp+0xc] mov eax,[ebp+0x8] cmp dword [eax],0x9fb jl JUMP_002538 mov dword [edx],0x2 mov dword [eax],0x9fb pop ebp ret JUMP_002538: ; Pos = 2920f cmp dword [eax],0x511 jl JUMP_002539 mov dword [edx],0x3 mov dword [eax],0x511 pop ebp ret JUMP_002539: ; Pos = 29225 cmp dword [eax],0x28b jl JUMP_002540 mov dword [edx],0x4 mov dword [eax],0x28b pop ebp ret JUMP_002540: ; Pos = 2923b cmp dword [eax],0x146 jl JUMP_002541 mov dword [edx],0x5 mov dword [eax],0x146 pop ebp ret JUMP_002541: ; Pos = 29251 cmp dword [eax],0xa3 jl JUMP_002542 mov dword [edx],0x6 mov dword [eax],0xa3 pop ebp ret JUMP_002542: ; Pos = 29267 cmp dword [eax],byte +0x52 jl JUMP_002543 mov dword [edx],0x7 mov dword [eax],0x52 pop ebp ret JUMP_002543: ; Pos = 2927a cmp dword [eax],byte +0x29 jl JUMP_002544 mov dword [edx],0x8 mov dword [eax],0x29 pop ebp ret JUMP_002544: ; Pos = 2928d mov dword [edx],0x9 mov dword [eax],0x14 pop ebp ret nop FUNC_000585: ; Pos = 2929c push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov eax,[ebp+0x14] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] lea edi,[ebp-0x4] mov edx,[ebx+0x82] cmp edx,byte +0x35 jc JUMP_002545 sar esi,1 cmp edx,byte +0x3b jc JUMP_002545 sar esi,1 JUMP_002545: ; Pos = 292c5 cmp dword [ebp+0x10],byte +0x0 jz JUMP_002547 cmp eax,0x7fff jl JUMP_002546 mov eax,0x7fff JUMP_002546: ; Pos = 292d7 movsx edx,word [ebx+0x110] imul edx,eax sar edx,0x10 add [ebx+0xb0],dx movsx edx,word [ebx+0x112] imul edx,eax sar edx,0x10 add [ebx+0xb2],dx movsx edx,word [ebx+0x114] imul edx,eax sar edx,0x10 add [ebx+0xb4],dx JUMP_002547: ; Pos = 29313 cmp esi,0x7fff jl JUMP_002548 mov esi,0x7fff JUMP_002548: ; Pos = 29320 movsx eax,word [ebx+0xb0] mov [edi],eax cmp dword [edi],byte +0x0 jl JUMP_002550 cmp esi,[edi] jnl JUMP_002549 mov [edi],esi JUMP_002549: ; Pos = 29334 cmp dword [edi],byte +0xf jl JUMP_002552 lea eax,[ebp-0x8] push eax push edi call FUNC_000584 add esp,byte +0x8 mov ax,[edi] sub [ebx+0xb0],ax mov eax,[ebp-0x8] push eax push byte +0x70 lea eax,[ebx+0xc] push eax lea eax,[ebx+0x18] push eax push ebx call FUNC_000611 add esp,byte +0x14 jmp short JUMP_002552 JUMP_002550: ; Pos = 29369 neg dword [edi] cmp esi,[edi] jnl JUMP_002551 mov [edi],esi JUMP_002551: ; Pos = 29371 cmp dword [edi],byte +0xf jl JUMP_002552 lea eax,[ebp-0x8] push eax push edi call FUNC_000584 add esp,byte +0x8 mov ax,[edi] add [ebx+0xb0],ax mov eax,[ebp-0x8] push eax push byte +0x6d lea eax,[ebx+0xc] push eax lea eax,[ebx+0x18] push eax push ebx call FUNC_000611 add esp,byte +0x14 JUMP_002552: ; Pos = 293a4 movsx eax,word [ebx+0xb2] mov [edi],eax cmp dword [edi],byte +0x0 jl JUMP_002554 cmp esi,[edi] jnl JUMP_002553 mov [edi],esi JUMP_002553: ; Pos = 293b8 cmp dword [edi],byte +0xf jl JUMP_002556 lea eax,[ebp-0x8] push eax push edi call FUNC_000584 add esp,byte +0x8 mov ax,[edi] sub [ebx+0xb2],ax mov eax,[ebp-0x8] push eax push byte +0x70 push ebx lea eax,[ebx+0xc] push eax push ebx call FUNC_000611 add esp,byte +0x14 jmp short JUMP_002556 JUMP_002554: ; Pos = 293ea neg dword [edi] cmp esi,[edi] jnl JUMP_002555 mov [edi],esi JUMP_002555: ; Pos = 293f2 cmp dword [edi],byte +0xf jl JUMP_002556 lea eax,[ebp-0x8] push eax push edi call FUNC_000584 add esp,byte +0x8 mov ax,[edi] add [ebx+0xb2],ax mov eax,[ebp-0x8] push eax push byte +0x6d push ebx lea eax,[ebx+0xc] push eax push ebx call FUNC_000611 add esp,byte +0x14 JUMP_002556: ; Pos = 29422 movsx eax,word [ebx+0xb4] mov [edi],eax cmp dword [edi],byte +0x0 jl JUMP_002558 cmp esi,[edi] jnl JUMP_002557 mov [edi],esi JUMP_002557: ; Pos = 29436 cmp dword [edi],byte +0xf jl near JUMP_002560 lea eax,[ebp-0x8] push eax push edi call FUNC_000584 add esp,byte +0x8 mov ax,[edi] sub [ebx+0xb4],ax mov eax,[ebp-0x8] push eax push byte +0x70 lea eax,[ebx+0x18] push eax push ebx push ebx call FUNC_000611 add esp,byte +0x14 xor eax,eax mov al,[ebx+0x86] cmp eax,[DATA_008857] jnz JUMP_002560 mov ax,[edi] sub [DATA_008933],ax jmp short JUMP_002560 JUMP_002558: ; Pos = 29486 neg dword [edi] cmp esi,[edi] jnl JUMP_002559 mov [edi],esi JUMP_002559: ; Pos = 2948e cmp dword [edi],byte +0xf jl JUMP_002560 lea eax,[ebp-0x8] push eax push edi call FUNC_000584 add esp,byte +0x8 mov ax,[edi] add [ebx+0xb4],ax mov eax,[ebp-0x8] push eax push byte +0x6d lea eax,[ebx+0x18] push eax push ebx push ebx call FUNC_000611 add esp,byte +0x14 xor eax,eax mov al,[ebx+0x86] cmp eax,[DATA_008857] jnz JUMP_002560 mov ax,[edi] add [DATA_008933],ax JUMP_002560: ; Pos = 294d8 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000586: ; Pos = 294e0 push ebp mov ebp,esp mov eax,[ebp+0x8] movsx edx,word [eax+0xb6] sar edx,0x3 mov [eax+0x114],dx movsx edx,word [eax+0xb8] sar edx,0x2 neg dx mov [eax+0x110],dx pop ebp ret FUNC_000587: ; Pos = 29510 push ebp mov ebp,esp push ebx mov eax,[ebp+0x8] movsx edx,word [eax+0x108] mov ecx,[eax+0xc] sar ecx,0x10 imul edx,ecx movsx ecx,word [eax+0x10a] mov ebx,[eax+0x10] sar ebx,0x10 imul ecx,ebx add edx,ecx movsx ecx,word [eax+0x10c] mov ebx,[eax+0x14] sar ebx,0x10 imul ecx,ebx add edx,ecx add edx,edx neg edx sar edx,0x10 mov [eax+0x110],dx movsx edx,word [eax+0x108] mov ecx,[eax] sar ecx,0x10 imul edx,ecx movsx ecx,word [eax+0x10a] mov ebx,[eax+0x4] sar ebx,0x10 imul ecx,ebx add edx,ecx movsx ecx,word [eax+0x10c] mov ebx,[eax+0x8] sar ebx,0x10 imul ecx,ebx add edx,ecx add edx,edx sar edx,0x10 mov [eax+0x114],dx mov word [eax+0x112],0x0 movsx edx,word [eax+0x108] mov ecx,[eax+0x18] sar ecx,0x10 imul edx,ecx movsx ecx,word [eax+0x10a] mov ebx,[eax+0x1c] sar ebx,0x10 imul ecx,ebx add edx,ecx movsx ecx,word [eax+0x10c] mov ebx,[eax+0x20] sar ebx,0x10 imul ecx,ebx add edx,ecx test edx,edx jnl JUMP_002563 mov edx,0x4000 cmp word [eax+0x110],byte +0x0 jnl JUMP_002561 neg edx JUMP_002561: ; Pos = 295ea mov [eax+0x110],dx mov edx,0x4000 cmp word [eax+0x114],byte +0x0 jnl JUMP_002562 neg edx JUMP_002562: ; Pos = 29602 mov [eax+0x114],dx JUMP_002563: ; Pos = 29609 pop ebx pop ebp ret FUNC_000588: ; Pos = 2960c push ebp mov ebp,esp push ebx mov eax,[ebp+0x8] movsx edx,word [eax+0x108] mov ecx,[eax+0xc] sar ecx,0x10 imul edx,ecx movsx ecx,word [eax+0x10a] mov ebx,[eax+0x10] sar ebx,0x10 imul ecx,ebx add edx,ecx movsx ecx,word [eax+0x10c] mov ebx,[eax+0x14] sar ebx,0x10 imul ecx,ebx add edx,ecx add edx,edx sar edx,0x10 mov [eax+0x110],dx movsx edx,word [eax+0x108] mov ecx,[eax] sar ecx,0x10 imul edx,ecx movsx ecx,word [eax+0x10a] mov ebx,[eax+0x4] sar ebx,0x10 imul ecx,ebx add edx,ecx movsx ecx,word [eax+0x10c] mov ebx,[eax+0x8] sar ebx,0x10 imul ecx,ebx add edx,ecx add edx,edx neg edx sar edx,0x10 mov [eax+0x114],dx mov word [eax+0x112],0x0 movsx edx,word [eax+0x108] mov ecx,[eax+0x18] sar ecx,0x10 imul edx,ecx movsx ecx,word [eax+0x10a] mov ebx,[eax+0x1c] sar ebx,0x10 imul ecx,ebx add edx,ecx movsx ecx,word [eax+0x10c] mov ebx,[eax+0x20] sar ebx,0x10 imul ecx,ebx add edx,ecx test edx,edx jl JUMP_002564 movsx edx,word [eax+0x110] sar edx,0x8 xor edx,0x3fff mov [eax+0x110],dx movsx edx,word [eax+0x114] sar edx,0x8 xor edx,0x3fff mov [eax+0x114],dx JUMP_002564: ; Pos = 29703 pop ebx pop ebp ret FUNC_000589: ; Pos = 29708 push ebp mov ebp,esp push ebx push esi mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov cl,[eax+0x56] cmp cl,[edx+0x86] jnz JUMP_002565 cmp byte [eax+0x57],0x0 jz JUMP_002566 mov edx,[eax+0x4] sar edx,0x11 neg dx mov [eax+0x112],dx cmp dword [ebp+0x10],byte +0x0 jz near JUMP_002567 mov edx,[eax+0x14] sar edx,0x11 mov [eax+0x110],dx mov edx,[eax+0x18] sar edx,0x11 mov [eax+0x114],dx jmp JUMP_002567 JUMP_002565: ; Pos = 2975d mov cl,[eax+0x56] cmp cl,[edx+0x56] jnz near JUMP_002567 JUMP_002566: ; Pos = 29769 mov ecx,[eax] sar ecx,0x10 mov ebx,[edx+0xc] sar ebx,0x10 imul ecx,ebx mov ebx,[eax+0x4] sar ebx,0x10 mov esi,[edx+0x10] sar esi,0x10 imul ebx,esi add ecx,ebx mov ebx,[eax+0x8] sar ebx,0x10 mov esi,[edx+0x14] sar esi,0x10 imul ebx,esi add ecx,ebx neg ecx sar ecx,0x10 mov [eax+0x112],cx cmp dword [ebp+0x10],byte +0x0 jz JUMP_002567 mov ecx,[eax+0xc] sar ecx,0x10 mov ebx,[edx+0x18] sar ebx,0x10 imul ecx,ebx mov ebx,[eax+0x10] sar ebx,0x10 mov esi,[edx+0x1c] sar esi,0x10 imul ebx,esi add ecx,ebx mov ebx,[eax+0x14] sar ebx,0x10 mov esi,[edx+0x20] sar esi,0x10 imul ebx,esi add ecx,ebx sar ecx,0x10 mov [eax+0x110],cx mov ecx,[eax+0x18] sar ecx,0x10 mov ebx,[edx] sar ebx,0x10 imul ecx,ebx mov ebx,[eax+0x1c] sar ebx,0x10 mov esi,[edx+0x4] sar esi,0x10 imul ebx,esi add ecx,ebx mov ebx,[eax+0x20] sar ebx,0x10 mov edx,[edx+0x8] sar edx,0x10 imul ebx,edx add ecx,ebx sar ecx,0x10 mov [eax+0x114],cx JUMP_002567: ; Pos = 29820 pop esi pop ebx pop ebp ret FUNC_000590: ; Pos = 29824 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi mov ebx,[ebp+0x10] mov esi,[ebp+0x8] push esi lea eax,[ebp-0x18] push eax call near [DATA_007802] ; FUNC_001677 add esp,byte +0x8 push esi mov eax,[ebp+0xc] push eax lea eax,[ebp-0x18] push eax call near [DATA_007803] ; FUNC_001678 add esp,byte +0xc push byte +0xd lea eax,[ebp-0x18] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov edx,[ebp+0x14] mov [edx],eax mov eax,[ebp-0x18] mov [ebx],eax mov eax,[ebp-0x10] mov [ebx+0x4],eax mov eax,[ebp-0x8] mov [ebx+0x8],eax pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000591: ; Pos = 2987c push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] push ebx push esi call near [DATA_007802] ; FUNC_001677 add esp,byte +0x8 push ebx mov eax,[ebp+0xc] push eax push esi call near [DATA_007803] ; FUNC_001678 add esp,byte +0xc pop esi pop ebx pop ebp ret FUNC_000592: ; Pos = 298a8 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov ebx,[ebp+0x10] mov edi,[ebp+0xc] mov esi,[ebp+0x8] push esi lea eax,[ebp-0x18] push eax call near [DATA_007802] ; FUNC_001677 add esp,byte +0x8 lea eax,[ebp-0x18] push eax push edi push esi call FUNC_000593 add esp,byte +0xc cmp byte [esi+0x57],0x0 jz JUMP_002568 cmp byte [edi+0x57],0x0 jnz JUMP_002568 push byte +0xd lea eax,[ebp-0x18] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov edx,[ebp+0x14] mov [edx],eax mov eax,[ebp-0x18] mov [ebx],eax mov eax,[ebp-0x10] mov [ebx+0x4],eax mov eax,[ebp-0x8] mov [ebx+0x8],eax mov eax,[ebp+0x18] push eax xor eax,eax mov al,[esi+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 push eax push ebx push ebx call FUNC_001670_VecMatTMul add esp,byte +0xc jmp short JUMP_002569 JUMP_002568: ; Pos = 29926 push byte +0xd lea eax,[ebp-0x18] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov edx,[ebp+0x14] mov [edx],eax mov eax,[ebp-0x18] mov [ebx],eax mov eax,[ebp-0x10] mov [ebx+0x4],eax mov eax,[ebp-0x8] mov [ebx+0x8],eax JUMP_002569: ; Pos = 2994a pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000593: ; Pos = 29954 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x10] mov esi,[ebp+0x8] push esi mov eax,[ebp+0xc] push eax push ebx call near [DATA_007803] ; FUNC_001678 add esp,byte +0xc movsx eax,word [esi+0x102] shl eax,0xa mov edx,eax sar edx,0x1f mov ecx,[ebx] mov edi,ecx add edi,eax mov eax,edi cmp ecx,eax jna JUMP_002570 inc dword [ebx+0x4] JUMP_002570: ; Pos = 2998d mov [ebx],eax add [ebx+0x4],edx movsx eax,word [esi+0x104] shl eax,0xa mov edx,eax sar edx,0x1f mov ecx,[ebx+0x8] mov edi,ecx add edi,eax mov eax,edi cmp ecx,eax jna JUMP_002571 inc dword [ebx+0xc] JUMP_002571: ; Pos = 299b1 mov [ebx+0x8],eax add [ebx+0xc],edx movsx eax,word [esi+0x106] shl eax,0xa mov edx,eax sar edx,0x1f mov ecx,[ebx+0x10] mov esi,ecx add esi,eax mov eax,esi cmp ecx,eax jna JUMP_002572 inc dword [ebx+0x14] JUMP_002572: ; Pos = 299d6 mov [ebx+0x10],eax add [ebx+0x14],edx pop edi pop esi pop ebx pop ebp ret FUNC_000594: ; Pos = 299e4 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x10] mov edx,[ebp+0xc] mov ebx,[ebp+0x8] mov al,[ebx+0x56] movsx ecx,al movzx edi,byte [edx+0x86] cmp ecx,edi jz JUMP_002573 movsx eax,al xor ecx,ecx mov cl,[edx+0x56] cmp eax,ecx jnz JUMP_002573 push esi push edx call FUNC_000595 add esp,byte +0x8 mov eax,[ebx+0x8c] sub [esi],eax mov eax,[ebx+0x90] sub [esi+0x4],eax mov eax,[ebx+0x94] sub [esi+0x8],eax jmp short JUMP_002574 JUMP_002573: ; Pos = 29a36 mov eax,[ebx+0x8c] neg eax mov [esi],eax mov eax,[ebx+0x90] neg eax mov [esi+0x4],eax mov eax,[ebx+0x94] neg eax mov [esi+0x8],eax JUMP_002574: ; Pos = 29a56 pop edi pop esi pop ebx pop ebp ret FUNC_000595: ; Pos = 29a5c push ebp mov ebp,esp add esp,0xfffffe80 push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] cmp byte [ebx+0x87],0x1 jz JUMP_002575 mov eax,[ebx+0x8c] mov [esi],eax mov eax,[ebx+0x90] mov [esi+0x4],eax mov eax,[ebx+0x94] mov [esi+0x8],eax jmp JUMP_002578 JUMP_002575: ; Pos = 29a95 test byte [ebx+0x14c],0x20 jz JUMP_002576 xor eax,eax mov [esi],eax xor eax,eax mov [esi+0x4],eax xor eax,eax mov [esi+0x8],eax jmp JUMP_002578 JUMP_002576: ; Pos = 29ab1 push byte +0x0 push ebx lea eax,[ebp+0xfffffea4] push eax call near [DATA_007755] ; FUNC_001533 add esp,byte +0xc mov eax,[ebp+0xffffff4c] mov [ebp-0x8],eax mov eax,[ebp+0xffffff50] mov [ebp-0x4],eax mov eax,[ebx+0x3e] mov [ebp+0xfffffe8c],eax mov eax,[ebx+0x46] mov [ebp+0xfffffe90],eax mov eax,[ebx+0x4e] mov [ebp+0xfffffe94],eax mov edx,[ebp-0x8] mov eax,edx add eax,0x82c00 cmp edx,eax jna JUMP_002577 inc dword [ebp-0x4] JUMP_002577: ; Pos = 29b02 mov edx,eax mov [ebp-0x8],edx mov [ebp+0xfffffe80],edx mov eax,[ebp-0x4] mov [ebp+0xfffffe84],eax lea eax,[ebp+0xfffffea4] mov [ebp+0xfffffe88],eax lea eax,[ebp+0xfffffe80] push eax call FUNC_000866 pop ecx ; FIX: Linear FOR switch velocity mov eax,[ebp+0xfffffea4+0x3e] sub [ebp+0xfffffe8c],eax mov eax,[ebp+0xfffffea4+0x46] sub [ebp+0xfffffe90],eax mov eax,[ebp+0xfffffea4+0x4e] sub [ebp+0xfffffe94],eax ; mov eax,[ebx+0x3e] ; sub [ebp+0xfffffe8c],eax ; mov eax,[ebx+0x46] ; sub [ebp+0xfffffe90],eax ; mov eax,[ebx+0x4e] ; sub [ebp+0xfffffe94],eax neg dword [ebp+0xfffffe8c] neg dword [ebp+0xfffffe90] neg dword [ebp+0xfffffe94] sar dword [ebp+0xfffffe8c],0xa sar dword [ebp+0xfffffe90],0xa sar dword [ebp+0xfffffe94],0xa mov eax,[ebp+0xfffffe8c] mov [esi],eax mov eax,[ebp+0xfffffe90] mov [esi+0x4],eax mov eax,[ebp+0xfffffe94] mov [esi+0x8],eax JUMP_002578: ; Pos = 29b8b pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000596: ; Pos = 29b94 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov edi,[ebp+0x18] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push edi push esi push ebx call FUNC_000594 add esp,byte +0xc push edi call FUNC_000612 pop ecx mov [ebp-0x4],eax mov eax,[ebp+0x1c] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x14] push eax push esi push ebx call FUNC_000592 add esp,byte +0x14 mov ax,[ebp-0x14] mov [ebx+0x108],ax mov ax,[ebp-0x10] mov [ebx+0x10a],ax mov ax,[ebp-0xc] mov [ebx+0x10c],ax mov ax,[ebp-0x8] mov [ebx+0x10e],ax mov eax,[ebp+0x1c] push eax lea eax,[ebp-0x14] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] push eax push edi mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push esi push ebx call FUNC_000597 add esp,byte +0x24 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000597: ; Pos = 29c28 push ebp mov ebp,esp add esp,byte -0x38 push ebx push esi push edi mov edi,[ebp+0x24] mov eax,[ebp+0x20] mov esi,[ebp+0x18] mov ebx,[ebp+0x8] mov [ebp-0x4],eax cmp dword [DATA_009013],byte +0x0 jz near JUMP_002583 cmp dword [ebp+0x1c],byte +0x2 jnl JUMP_002579 mov edx,0x2 jmp short JUMP_002580 JUMP_002579: ; Pos = 29c5a mov edx,[ebp+0x1c] JUMP_002580: ; Pos = 29c5d push edx mov edx,eax pop ecx sub edx,ecx mov ecx,[DATA_009013] sar ecx,0x2 add ecx,[DATA_009013] sub edx,ecx cmp edx,byte +0x8 jg near JUMP_002583 mov byte [ebx+0x14d],0x0 mov ecx,[ebp+0xc] mov byte [ecx+0x8b],0x0 cmp edx,byte +0x6 jnl near JUMP_002583 mov dx,[ebx+0x102] or dx,[ebx+0x104] or dx,[ebx+0x106] jz near JUMP_002583 ; FIX: Autopilot acceleration fudge ; Extra check for v^2 < 4as cmp ebx, [DATA_008861] jnz near .novelcheck ; Get relative position mov eax,[ebp+0x28] push eax lea eax, [ebp-0x14] push eax lea eax, [ebp-0x10] push eax mov eax, [ebp+0xc] push eax push ebx call FUNC_000592 add esp, 20 lea eax, [ebp-0x10] push eax call FUNC_001466 add esp, 4 push eax call FUNC_001489 add esp, 4 mov ecx, [ebp-0x14] mov [ebp-0x14], eax sub cx, 8 add [ebp-0x12], cx ; Get relative velocity squared lea eax, [ebp-0x20] push eax mov eax, [ebp+0xc] push eax push ebx call FUNC_000594 add esp, 12 lea eax, [ebp-0x20] push eax call FUNC_001466 add esp, 4 push eax call FUNC_001489 add esp, 4 push eax push eax call FUNC_001482 add esp, 8 mov [ebp-0x24], eax ; Get ffp thrust * 4 * dist movsx eax, word [ebx+0xbe] neg eax lea eax, [2*eax+eax] add eax, eax push eax call FUNC_001489 add esp, 4 push eax push dword [ebp-0x14] call FUNC_001482 add esp, 8 ; If 4as < v^2, overshoot cmp eax, [ebp-0x24] jl near JUMP_002583 .novelcheck: mov eax,[ebp+0x28] push eax push ebx call FUNC_000606 add esp,byte +0x8 mov eax,[ebp+0xc] test byte [eax+0x14c],0x20 jz JUMP_002581 mov eax,[ebp+0xc] mov al,[eax+0x56] mov [ebx+0x56],al mov eax,[ebp+0xc] mov al,[eax+0x57] mov [ebx+0x57],al jmp short JUMP_002582 JUMP_002581: ; Pos = 29cdf mov eax,[ebp+0xc] test byte [eax+0x14c],0x10 jz JUMP_002582 mov eax,[ebp+0xc] mov al,[eax+0x86] mov [ebx+0x56],al mov byte [ebx+0x57],0x0 JUMP_002582: ; Pos = 29cfb lea eax,[ebp-0x20] push eax mov eax,[ebp+0xc] push eax push ebx call FUNC_000594 add esp,byte +0xc mov eax,[ebp-0x20] add [ebx+0x8c],eax mov eax,[ebp-0x1c] add [ebx+0x90],eax mov eax,[ebp-0x18] add [ebx+0x94],eax push ebx lea eax,[ebp-0x38] push eax call near [DATA_007802] ; FUNC_001677 add esp,byte +0x8 lea eax,[ebp-0x38] push eax mov eax,[ebp+0xc] push eax push ebx call FUNC_000593 add esp,byte +0xc push dword [ebp-0x34] push dword [ebp-0x38] push dword [ebx+0x42] push dword [ebx+0x3e] lea eax,[ebx+0x3e] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [ebp-0x2c] push dword [ebp-0x30] push dword [ebx+0x4a] push dword [ebx+0x46] lea eax,[ebx+0x46] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [ebp-0x24] push dword [ebp-0x28] push dword [ebx+0x52] push dword [ebx+0x4e] lea eax,[ebx+0x4e] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov byte [ebx+0x25],0x0 mov eax,[ebp+0xc] mov byte [eax+0x8a],0x0 mov eax,[ebp+0xc] mov byte [eax+0x8b],0x0 xor eax,eax mov [esi],eax xor eax,eax mov [esi+0x4],eax xor eax,eax mov [esi+0x8],eax xor eax,eax mov [ebx+0xf2],eax xor eax,eax mov [ebx+0xf6],eax xor eax,eax mov [ebx+0xfa],eax mov word [ebx+0xec],0x0 mov word [ebx+0xee],0x0 mov word [ebx+0xf0],0x0 mov word [ebx+0xb6],0x0 mov word [ebx+0xb8],0x0 mov word [ebx+0xba],0x0 mov eax,[ebp+0x14] xor edx,edx mov [eax],edx jmp JUMP_002595 JUMP_002583: ; Pos = 29e0e add eax,[ebp+0x10] add eax,byte -0x8 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jl JUMP_002586 test byte [ebp-0x8],0x1 jz JUMP_002584 mov eax,[ebp-0x8] sar eax,1 inc eax mov [ebp-0x8],eax sar dword [edi],1 sar dword [edi+0x4],1 sar dword [edi+0x8],1 jmp short JUMP_002585 JUMP_002584: ; Pos = 29e36 sar dword [ebp-0x8],1 JUMP_002585: ; Pos = 29e39 push edi call near [DATA_007724] ; FUNC_001465 pop ecx shl eax,0x10 push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov ecx,eax test ecx,ecx jz JUMP_002586 mov eax,[edi] shl eax,0xf cdq idiv ecx mov [edi],eax mov eax,[edi+0x4] shl eax,0xf cdq idiv ecx mov [edi+0x4],eax mov eax,[edi+0x8] shl eax,0xf cdq idiv ecx mov [edi+0x8],eax JUMP_002586: ; Pos = 29e74 mov eax,[ebp-0x8] add eax,byte -0x2 push eax mov eax,[ebp+0x1c] pop edx sub eax,edx test eax,eax jl JUMP_002587 mov ecx,eax mov edx,[edi] sar edx,cl add [esi],edx mov ecx,eax mov edx,[edi+0x4] sar edx,cl add [esi+0x4],edx mov ecx,eax mov eax,[edi+0x8] sar eax,cl add [esi+0x8],eax jmp short JUMP_002588 JUMP_002587: ; Pos = 29ea3 mov ecx,eax neg ecx mov edx,[esi] sar edx,cl add edx,[edi] mov [esi],edx mov ecx,eax neg ecx mov edx,[esi+0x4] sar edx,cl add edx,[edi+0x4] mov [esi+0x4],edx mov ecx,eax neg ecx mov edx,[esi+0x8] sar edx,cl add edx,[edi+0x8] mov [esi+0x8],edx sub [ebp+0x1c],eax JUMP_002588: ; Pos = 29ed0 cmp dword [ebp+0x1c],byte +0x0 jng JUMP_002590 cmp dword [ebp+0x1c],byte +0xc jng JUMP_002589 mov dword [ebp+0x1c],0xc JUMP_002589: ; Pos = 29ee3 mov ecx,[ebp+0x1c] mov eax,[esi] shl eax,cl mov [ebx+0xf2],eax mov ecx,[ebp+0x1c] mov eax,[esi+0x4] shl eax,cl mov [ebx+0xf6],eax mov ecx,[ebp+0x1c] mov eax,[esi+0x8] shl eax,cl mov [ebx+0xfa],eax jmp short JUMP_002591 JUMP_002590: ; Pos = 29f0e mov eax,[esi] mov [ebx+0xf2],eax mov eax,[esi+0x4] mov [ebx+0xf6],eax mov eax,[esi+0x8] mov [ebx+0xfa],eax JUMP_002591: ; Pos = 29f28 push ebx push esi push esi call FUNC_001670_VecMatTMul add esp,byte +0xc mov eax,[ebp+0x1c] add eax,byte +0x2 test eax,eax jnl JUMP_002592 mov edx,eax neg edx mov ecx,edx sar dword [esi],cl mov ecx,eax neg ecx mov ecx,edx sar dword [esi+0x4],cl neg eax mov ecx,edx sar dword [esi+0x8],cl jmp short JUMP_002594 JUMP_002592: ; Pos = 29f57 test eax,eax jng JUMP_002594 cmp eax,byte +0x2 jng JUMP_002593 mov eax,0x2 JUMP_002593: ; Pos = 29f65 mov ecx,eax shl dword [esi],cl mov ecx,eax shl dword [esi+0x4],cl mov ecx,eax shl dword [esi+0x8],cl JUMP_002594: ; Pos = 29f73 mov eax,[ebp+0x14] mov edx,[ebp-0x4] mov [eax],edx JUMP_002595: ; Pos = 29f7b pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000598: ; Pos = 29fa8 push ebp mov ebp,esp push ebx mov eax,[ebp+0x10] mov ecx,[ebp+0xc] mov edx,[ebp+0x8] mov ebx,0xffff8001 cmp dword [ecx],byte +0x0 jl JUMP_002596 add ebx,0xfffe JUMP_002596: ; Pos = 29fc5 mov [eax],ebx mov ebx,0xffff8001 cmp dword [ecx+0x4],byte +0x0 jl JUMP_002597 add ebx,0xfffe JUMP_002597: ; Pos = 29fd8 mov [eax+0x4],ebx mov ecx,[ecx+0x8] shl ecx,0x3 mov [eax+0x8],ecx movsx ecx,word [edx+0xbc] movsx ebx,word [edx+0xbe] cmp ecx,[eax] jnl JUMP_002598 mov [eax],ecx JUMP_002598: ; Pos = 29ff8 cmp ebx,[eax] jng JUMP_002599 mov [eax],ebx JUMP_002599: ; Pos = 29ffe movsx ecx,word [edx+0xc0] movsx ebx,word [edx+0xc2] cmp ecx,[eax+0x4] jnl JUMP_002600 mov [eax+0x4],ecx JUMP_002600: ; Pos = 2a014 cmp ebx,[eax+0x4] jng JUMP_002601 mov [eax+0x4],ebx JUMP_002601: ; Pos = 2a01c movsx ecx,word [edx+0xc4] movsx ebx,word [edx+0xc6] cmp ecx,[eax+0x8] jnl JUMP_002602 mov [eax+0x8],ecx JUMP_002602: ; Pos = 2a032 cmp ebx,[eax+0x8] jng JUMP_002603 mov [eax+0x8],ebx JUMP_002603: ; Pos = 2a03a mov cx,[eax] mov [edx+0xb6],cx mov cx,[eax+0x4] mov [edx+0xb8],cx mov ax,[eax+0x8] mov [edx+0xba],ax pop ebx pop ebp ret FUNC_000599: ; Pos = 2a060 push ebp mov ebp,esp push ebx mov eax,[ebp+0x8] mov edx,[ebp+0x10] mov ecx,[ebp+0xc] mov ebx,[ecx] mov [edx],ebx mov ebx,[ecx+0x4] mov [edx+0x4],ebx mov ebx,[ecx+0x8] mov [edx+0x8],ebx movsx edx,word [eax+0xbc] movsx ecx,word [eax+0xbe] mov ebx,[ebp+0xc] cmp edx,[ebx] jnl JUMP_002604 mov ebx,[ebp+0x10] mov [ebx],edx JUMP_002604: ; Pos = 2a097 mov edx,[ebp+0xc] cmp ecx,[edx] jng JUMP_002605 mov edx,[ebp+0x10] mov [edx],ecx JUMP_002605: ; Pos = 2a0a3 movsx edx,word [eax+0xc0] movsx ecx,word [eax+0xc2] mov ebx,[ebp+0xc] cmp edx,[ebx+0x4] jnl JUMP_002606 mov ebx,[ebp+0x10] mov [ebx+0x4],edx JUMP_002606: ; Pos = 2a0bf mov edx,[ebp+0xc] cmp ecx,[edx+0x4] jng JUMP_002607 mov edx,[ebp+0x10] mov [edx+0x4],ecx JUMP_002607: ; Pos = 2a0cd movsx edx,word [eax+0xc4] movsx ecx,word [eax+0xc6] mov ebx,[ebp+0xc] cmp edx,[ebx+0x8] jnl JUMP_002608 mov ebx,[ebp+0x10] mov [ebx+0x8],edx JUMP_002608: ; Pos = 2a0e9 mov edx,[ebp+0xc] cmp ecx,[edx+0x8] jng JUMP_002609 mov edx,[ebp+0x10] mov [edx+0x8],ecx JUMP_002609: ; Pos = 2a0f7 mov edx,[ebp+0x10] mov dx,[edx] mov [eax+0xb6],dx mov edx,[ebp+0x10] mov dx,[edx+0x4] mov [eax+0xb8],dx mov edx,[ebp+0x10] mov dx,[edx+0x8] mov [eax+0xba],dx pop ebx pop ebp ret FUNC_000600: ; Pos = 2a124 push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov dword [ebp-0x4],0x7fffffff movsx eax,word [esi+0xbc] movsx edi,word [esi+0xbe] mov edx,[ebx] cmp eax,edx jnl JUMP_002610 push edx push eax call FUNC_001523 add esp,byte +0x8 mov [ebp-0x4],eax JUMP_002610: ; Pos = 2a159 mov eax,[ebx] cmp edi,eax jng JUMP_002611 neg eax push eax neg edi push edi call FUNC_001523 add esp,byte +0x8 mov [ebp-0x4],eax JUMP_002611: ; Pos = 2a170 movsx eax,word [esi+0xc0] movsx edi,word [esi+0xc2] mov edx,[ebx+0x4] cmp eax,edx jnl JUMP_002612 push edx push eax call FUNC_001523 add esp,byte +0x8 mov [ebp-0x4],eax JUMP_002612: ; Pos = 2a192 mov eax,[ebx+0x4] cmp edi,eax jng JUMP_002613 neg eax push eax neg edi push edi call FUNC_001523 add esp,byte +0x8 mov [ebp-0x4],eax JUMP_002613: ; Pos = 2a1aa movsx eax,word [esi+0xc4] movsx edi,word [esi+0xc6] mov edx,[ebx+0x8] cmp eax,edx jnl JUMP_002614 push edx push eax call FUNC_001523 add esp,byte +0x8 mov [ebp-0x4],eax JUMP_002614: ; Pos = 2a1cc mov eax,[ebx+0x8] cmp edi,eax jng JUMP_002615 neg eax push eax neg edi push edi call FUNC_001523 add esp,byte +0x8 mov [ebp-0x4],eax JUMP_002615: ; Pos = 2a1e4 mov eax,[ebx] push eax mov eax,[ebp-0x4] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0x10] mov [edx],eax mov eax,[ebx+0x4] push eax mov eax,[ebp-0x4] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0x10] mov [edx+0x4],eax mov eax,[ebx+0x8] push eax mov eax,[ebp-0x4] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0x10] mov [edx+0x8],eax mov eax,[ebp+0x10] mov ax,[eax] mov [esi+0xb6],ax mov eax,[ebp+0x10] mov ax,[eax+0x4] mov [esi+0xb8],ax mov eax,[ebp+0x10] mov ax,[eax+0x8] mov [esi+0xba],ax pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000601: ; Pos = 2a254 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov edx,[ebp+0xc] mov eax,[ebp+0x8] lea edi,[ebp-0xc] shr edx,0x3 or esi,byte -0x1 cmp edx,0x7fff jng JUMP_002617 mov esi,0x10 cmp edx,0x7fff jng JUMP_002617 JUMP_002616: ; Pos = 2a281 shr edx,1 dec esi cmp edx,0x7fff jg JUMP_002616 JUMP_002617: ; Pos = 2a28c xor ecx,ecx mov [edi],ecx xor ecx,ecx mov [edi+0x4],ecx xor ecx,ecx mov [edi+0x8],ecx movsx ecx,word [eax+0xb6] test ecx,ecx jz JUMP_002618 mov ebx,[eax] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx mov [edi],ebx mov ebx,[eax+0x4] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx mov [edi+0x4],ebx mov ebx,[eax+0x8] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx mov [edi+0x8],ebx JUMP_002618: ; Pos = 2a2d9 movsx ecx,word [eax+0xb8] test ecx,ecx jz JUMP_002619 mov ebx,[eax+0xc] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi],ebx mov ebx,[eax+0x10] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi+0x4],ebx mov ebx,[eax+0x14] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi+0x8],ebx JUMP_002619: ; Pos = 2a319 movsx ecx,word [eax+0xba] test ecx,ecx jz JUMP_002620 mov ebx,[eax+0x18] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi],ebx mov ebx,[eax+0x1c] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi+0x4],ebx mov ebx,[eax+0x20] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi+0x8],ebx JUMP_002620: ; Pos = 2a359 shl dword [edi],1 shl dword [edi+0x4],1 shl dword [edi+0x8],1 test esi,esi jnl near JUMP_002634 cmp edx,0x4014 jnl JUMP_002621 movzx ecx,word [eax+0xec] add ecx,[edi] mov edx,ecx and dx,0xffff mov [eax+0xec],dx sar ecx,0x10 add [eax+0x8c],ecx movzx ecx,word [eax+0xee] add ecx,[edi+0x4] mov edx,ecx and dx,0xffff mov [eax+0xee],dx sar ecx,0x10 add [eax+0x90],ecx movzx ecx,word [eax+0xf0] add ecx,[edi+0x8] mov edx,ecx and dx,0xffff mov [eax+0xf0],dx sar ecx,0x10 add [eax+0x94],ecx jmp JUMP_002647 JUMP_002621: ; Pos = 2a3d8 movzx ecx,word [eax+0xec] add ecx,[edi] mov edx,ecx and dx,0xffff mov [eax+0xec],dx mov edx,[eax+0xf2] sar ecx,0x10 test edx,edx jl JUMP_002623 cmp edx,ecx jnl JUMP_002622 mov ecx,edx JUMP_002622: ; Pos = 2a402 test ecx,ecx jnl JUMP_002623 xor ecx,ecx JUMP_002623: ; Pos = 2a408 test edx,edx jnl JUMP_002625 cmp edx,ecx jng JUMP_002624 mov ecx,edx JUMP_002624: ; Pos = 2a412 test ecx,ecx jng JUMP_002625 xor ecx,ecx JUMP_002625: ; Pos = 2a418 add [eax+0x8c],ecx movzx ecx,word [eax+0xee] add ecx,[edi+0x4] mov edx,ecx and dx,0xffff mov [eax+0xee],dx mov edx,[eax+0xf6] sar ecx,0x10 test edx,edx jl JUMP_002627 cmp edx,ecx jnl JUMP_002626 mov ecx,edx JUMP_002626: ; Pos = 2a449 test ecx,ecx jnl JUMP_002627 xor ecx,ecx JUMP_002627: ; Pos = 2a44f test edx,edx jnl JUMP_002629 cmp edx,ecx jng JUMP_002628 mov ecx,edx JUMP_002628: ; Pos = 2a459 test ecx,ecx jng JUMP_002629 xor ecx,ecx JUMP_002629: ; Pos = 2a45f add [eax+0x90],ecx movzx ecx,word [eax+0xf0] add ecx,[edi+0x8] mov edx,ecx and dx,0xffff mov [eax+0xf0],dx mov edx,[eax+0xfa] sar ecx,0x10 test edx,edx jl JUMP_002631 cmp edx,ecx jnl JUMP_002630 mov ecx,edx JUMP_002630: ; Pos = 2a490 test ecx,ecx jnl JUMP_002631 xor ecx,ecx JUMP_002631: ; Pos = 2a496 test edx,edx jnl JUMP_002633 cmp edx,ecx jng JUMP_002632 mov ecx,edx JUMP_002632: ; Pos = 2a4a0 test ecx,ecx jng JUMP_002633 xor ecx,ecx JUMP_002633: ; Pos = 2a4a6 add [eax+0x94],ecx jmp JUMP_002647 JUMP_002634: ; Pos = 2a4b1 mov ecx,esi sar dword [edi],cl mov ecx,esi sar dword [edi+0x4],cl mov ecx,esi sar dword [edi+0x8],cl mov edx,[eax+0xf2] test edx,edx jl JUMP_002636 cmp edx,[edi] jnl JUMP_002635 mov [edi],edx JUMP_002635: ; Pos = 2a4cf cmp dword [edi],byte +0x0 jnl JUMP_002636 xor ecx,ecx mov [edi],ecx JUMP_002636: ; Pos = 2a4d8 test edx,edx jnl JUMP_002638 cmp edx,[edi] jng JUMP_002637 mov [edi],edx JUMP_002637: ; Pos = 2a4e2 cmp dword [edi],byte +0x0 jng JUMP_002638 xor edx,edx mov [edi],edx JUMP_002638: ; Pos = 2a4eb mov edx,[eax+0xf6] test edx,edx jl JUMP_002640 cmp edx,[edi+0x4] jnl JUMP_002639 mov [edi+0x4],edx JUMP_002639: ; Pos = 2a4fd cmp dword [edi+0x4],byte +0x0 jnl JUMP_002640 xor ecx,ecx mov [edi+0x4],ecx JUMP_002640: ; Pos = 2a508 test edx,edx jnl JUMP_002642 cmp edx,[edi+0x4] jng JUMP_002641 mov [edi+0x4],edx JUMP_002641: ; Pos = 2a514 cmp dword [edi+0x4],byte +0x0 jng JUMP_002642 xor edx,edx mov [edi+0x4],edx JUMP_002642: ; Pos = 2a51f mov edx,[eax+0xfa] test edx,edx jl JUMP_002644 cmp edx,[edi+0x8] jnl JUMP_002643 mov [edi+0x8],edx JUMP_002643: ; Pos = 2a531 cmp dword [edi+0x8],byte +0x0 jnl JUMP_002644 xor ecx,ecx mov [edi+0x8],ecx JUMP_002644: ; Pos = 2a53c test edx,edx jnl JUMP_002646 cmp edx,[edi+0x8] jng JUMP_002645 mov [edi+0x8],edx JUMP_002645: ; Pos = 2a548 cmp dword [edi+0x8],byte +0x0 jng JUMP_002646 xor edx,edx mov [edi+0x8],edx JUMP_002646: ; Pos = 2a553 mov edx,[edi] add [eax+0x8c],edx mov edx,[edi+0x4] add [eax+0x90],edx mov edx,[edi+0x8] add [eax+0x94],edx JUMP_002647: ; Pos = 2a56d pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000602: ; Pos = 2a574 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov edx,[ebp+0xc] mov eax,[ebp+0x8] lea edi,[ebp-0xc] sar edx,0x3 or esi,byte -0x1 cmp edx,0x7fff jng JUMP_002649 mov esi,0xf cmp edx,0x7fff jng JUMP_002649 JUMP_002648: ; Pos = 2a5a1 sar edx,1 dec esi cmp edx,0x7fff jg JUMP_002648 JUMP_002649: ; Pos = 2a5ac xor ecx,ecx mov [edi],ecx xor ecx,ecx mov [edi+0x4],ecx xor ecx,ecx mov [edi+0x8],ecx movsx ecx,word [eax+0xb6] test ecx,ecx jz JUMP_002650 mov ebx,[eax] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx mov [edi],ebx mov ebx,[eax+0x4] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx mov [edi+0x4],ebx mov ebx,[eax+0x8] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx mov [edi+0x8],ebx JUMP_002650: ; Pos = 2a5f9 movsx ecx,word [eax+0xb8] test ecx,ecx jz JUMP_002651 mov ebx,[eax+0xc] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi],ebx mov ebx,[eax+0x10] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi+0x4],ebx mov ebx,[eax+0x14] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi+0x8],ebx JUMP_002651: ; Pos = 2a639 movsx ecx,word [eax+0xba] test ecx,ecx jz JUMP_002652 mov ebx,[eax+0x18] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi],ebx mov ebx,[eax+0x1c] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi+0x4],ebx mov ebx,[eax+0x20] sar ebx,0x10 imul ebx,edx sar ebx,0xf imul ebx,ecx add [edi+0x8],ebx JUMP_002652: ; Pos = 2a679 shl dword [edi],1 shl dword [edi+0x4],1 shl dword [edi+0x8],1 test esi,esi jnl JUMP_002653 movzx edx,word [eax+0xec] add edx,[edi] mov ecx,edx and cx,0xffff mov [eax+0xec],cx sar edx,0x10 add [eax+0x8c],edx movzx edx,word [eax+0xee] add edx,[edi+0x4] mov ecx,edx and cx,0xffff mov [eax+0xee],cx sar edx,0x10 add [eax+0x90],edx movzx edx,word [eax+0xf0] add edx,[edi+0x8] mov ecx,edx and cx,0xffff mov [eax+0xf0],cx sar edx,0x10 add [eax+0x94],edx jmp short JUMP_002654 JUMP_002653: ; Pos = 2a6e9 mov ecx,esi sar dword [edi],cl mov ecx,esi sar dword [edi+0x4],cl mov ecx,esi sar dword [edi+0x8],cl mov edx,[edi] add [eax+0x8c],edx mov edx,[edi+0x4] add [eax+0x90],edx mov edx,[edi+0x8] add [eax+0x94],edx JUMP_002654: ; Pos = 2a711 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000603: ; Pos = 2a718 push ebp mov ebp,esp add esp,byte -0x38 push ebx push esi push edi mov ebx,[ebp+0x10] mov esi,[ebp+0x8] mov al,[esi+0x56] test al,al jz near JUMP_002662 mov edx,[ebp+0xc] push edx and eax,0xff push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edi,eax cmp word [edi+0xa4],byte +0x0 jz near JUMP_002662 push esi push edi add esi,byte +0x3e lea edi,[ebp-0x2c] mov ecx,0x6 rep movsd pop edi pop esi push byte +0xd lea eax,[ebp-0x2c] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov [ebp-0x14],eax mov eax,[ebp-0x2c] mov [ebp-0x38],eax mov eax,[ebp-0x24] mov [ebp-0x34],eax mov eax,[ebp-0x1c] mov [ebp-0x30],eax mov eax,[ebp-0x38] mov [DATA_008708],eax mov eax,[ebp-0x34] mov [DATA_008709],eax mov eax,[ebp-0x30] mov [DATA_008710],eax lea eax,[ebp-0x38] push eax call FUNC_001466 pop ecx mov [ebp-0x4],ax mov ax,[ebp-0x14] mov [ebp-0x2],ax mov eax,[ebp-0x4] push eax call near [DATA_007722] ; FUNC_001496 pop ecx mov [ebp-0x4],eax cmp word [ebp-0x4],byte +0x0 jz near JUMP_002662 mov eax,[ebp-0x4] push eax mov eax,[ebp-0x4] push eax call FUNC_001482 add esp,byte +0x8 mov [ebp-0x10],eax movsx eax,word [ebp-0x4] movsx edx,word [ebp-0x10] imul edx sar eax,0xf mov [ebp-0x8],ax mov ax,[ebp-0xe] mov [ebp-0x6],ax mov eax,[ebp-0x8] push eax call near [DATA_007722] ; FUNC_001496 pop ecx push eax mov eax,[edi+0xa4] push eax call near [DATA_007731] ; FUNC_001483 add esp,byte +0x8 mov [ebp-0x8],eax test ebx,ebx jnl JUMP_002656 cmp ebx,0xffff8001 jnl JUMP_002658 JUMP_002655: ; Pos = 2a82a inc word [ebp-0x6] sar ebx,1 cmp ebx,0xffff8001 jl JUMP_002655 jmp short JUMP_002658 JUMP_002656: ; Pos = 2a83a cmp ebx,0x7fff jng JUMP_002658 JUMP_002657: ; Pos = 2a842 inc word [ebp-0x6] sar ebx,1 cmp ebx,0x7fff jg JUMP_002657 JUMP_002658: ; Pos = 2a850 movsx eax,word [ebp-0x8] imul ebx sar eax,0xf neg eax mov edx,eax imul edx,[ebp-0x38] mov [ebp-0x38],edx mov edx,eax imul edx,[ebp-0x34] mov [ebp-0x34],edx imul eax,[ebp-0x30] mov [ebp-0x30],eax mov ax,[ebp-0x6] test ax,ax jg near JUMP_002660 cmp ax,byte -0x20 jng near JUMP_002662 test ax,ax jz JUMP_002659 movsx edx,ax neg edx mov ecx,edx sar dword [ebp-0x38],cl movsx eax,word [ebp-0x6] neg eax mov ecx,edx sar dword [ebp-0x34],cl movsx eax,word [ebp-0x6] neg eax mov ecx,edx sar dword [ebp-0x30],cl JUMP_002659: ; Pos = 2a8b0 movzx eax,word [esi+0xec] add eax,[ebp-0x38] mov edx,eax and dx,0xffff mov [esi+0xec],dx sar eax,0x10 add [esi+0x8c],eax movzx eax,word [esi+0xee] add eax,[ebp-0x34] mov edx,eax and dx,0xffff mov [esi+0xee],dx sar eax,0x10 add [esi+0x90],eax movzx eax,word [esi+0xf0] add eax,[ebp-0x30] mov edx,eax and dx,0xffff mov [esi+0xf0],dx sar eax,0x10 add [esi+0x94],eax jmp short JUMP_002662 JUMP_002660: ; Pos = 2a915 add word [ebp-0x6],byte -0x10 mov dx,[ebp-0x6] test dx,dx jnl JUMP_002661 movsx eax,dx neg eax mov ecx,eax sar dword [ebp-0x38],cl movsx edx,word [ebp-0x6] neg edx mov ecx,eax sar dword [ebp-0x34],cl movsx edx,word [ebp-0x6] neg edx mov ecx,eax sar dword [ebp-0x30],cl JUMP_002661: ; Pos = 2a943 mov eax,[ebp-0x38] add [esi+0x8c],eax mov eax,[ebp-0x34] add [esi+0x90],eax mov eax,[ebp-0x30] add [esi+0x94],eax JUMP_002662: ; Pos = 2a95e pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000604: ; Pos = 2a968 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov al,[esi+0x56] mov [ebx+0x56],al push dword [esi+0x42] push dword [esi+0x3e] push dword [ebx+0x42] push dword [ebx+0x3e] lea eax,[ebx+0x3e] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [esi+0x4a] push dword [esi+0x46] push dword [ebx+0x4a] push dword [ebx+0x46] lea eax,[ebx+0x46] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [esi+0x52] push dword [esi+0x4e] push dword [ebx+0x52] push dword [ebx+0x4e] lea eax,[ebx+0x4e] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 lea eax,[ebp-0xc] push eax push esi call FUNC_000595 add esp,byte +0x8 mov eax,[ebp-0xc] add [ebx+0x8c],eax mov eax,[ebp-0x8] add [ebx+0x90],eax mov eax,[ebp-0x4] add [ebx+0x94],eax push byte +0x0 push byte +0xb call FUNC_000148 add esp,byte +0x8 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000605: ; Pos = 2aa00 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi mov eax,[ebp+0x10] mov ebx,[ebp+0x8] mov edx,eax mov [ebx+0x56],dl mov ecx,[ebp+0xc] push ecx movsx eax,dl push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax push dword [esi+0x42] push dword [esi+0x3e] push dword [ebx+0x42] push dword [ebx+0x3e] lea eax,[ebx+0x3e] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 push dword [esi+0x4a] push dword [esi+0x46] push dword [ebx+0x4a] push dword [ebx+0x46] lea eax,[ebx+0x46] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 push dword [esi+0x52] push dword [esi+0x4e] push dword [ebx+0x52] push dword [ebx+0x4e] lea eax,[ebx+0x4e] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 lea eax,[ebp-0xc] push eax push esi call FUNC_000595 add esp,byte +0x8 mov eax,[ebp-0xc] sub [ebx+0x8c],eax mov eax,[ebp-0x8] sub [ebx+0x90],eax mov eax,[ebp-0x4] sub [ebx+0x94],eax push byte +0x0 push byte +0xb call FUNC_000148 add esp,byte +0x8 pop esi pop ebx mov esp,ebp pop ebp ret ; Two params - object, list FUNC_FindFORNew: push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov ebx, [ebp+0x8] ; cmp byte [ebx+0x57], 0 ; jnz .end mov esi, [DATA_009133] add esi, 0x72 ; last object flag ptr mov edi, [DATA_009133] add edi, 0x96f8 ; 0x152*0x72 + 0x74 - last object ptr mov [ebp-0x4], dword 0x72 mov [ebp-0x18], dword 0xfff80000 .loop: test byte [esi], 0x10 jz .loopend lea eax, [ebp-0x8] ; Distance exp, output push eax lea eax, [ebp-0x14] ; Distance vec32, output push eax push edi push ebx call FUNC_000590 add esp, 16 movzx eax, word [edi+0xda] sub eax, [ebp-0x8] sub eax, [ebp-0x8] sub eax, [ebp-0x8] cmp eax, [ebp-0x18] jl .loopend mov [ebp-0x18], eax mov [ebp-0x1c], edi mov eax, [ebp-0x4] mov [ebp-0x20], eax .loopend: sub edi, 0x152 sub esi, 1 dec dword [ebp-0x4] jnz .loop .end: mov eax, [ebp-0x1c] pop edi pop esi pop ebx mov esp, ebp pop ebp ret FUNC_000606: ; Pos = 2aaa8 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov edi,[ebp+0x8] cmp byte [edi+0x57],0x0 jnz near JUMP_002670 xor eax,eax mov al,[edi+0x56] mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jnz JUMP_002663 mov dword [ebp-0xc],0x32 xor eax,eax mov [ebp-0x8],eax jmp JUMP_002664 JUMP_002663: ; Pos = 2aadd mov eax,[ebp+0xc] push eax mov eax,[ebp-0x4] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x24] push eax push ebx push edi call FUNC_000590 add esp,byte +0x10 movsx eax,word [ebx+0xda] sub [ebp-0xc],eax shl dword [ebp-0xc],0x2 add dword [ebp-0xc],byte +0x20 xor eax,eax mov al,[ebx+0x56] mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jz JUMP_002664 mov eax,[ebp+0xc] push eax mov eax,[ebp-0x8] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x24] push eax push esi push edi call FUNC_000590 add esp,byte +0x10 movsx eax,word [esi+0xda] sub [ebp-0x14],eax add dword [ebp-0x14],byte +0x28 mov eax,[ebp-0x14] cmp eax,[ebp-0xc] jg JUMP_002664 push ebx push edi call FUNC_000604 add esp,byte +0x8 jmp JUMP_002670 JUMP_002664: ; Pos = 2ab6c mov esi,0x72 mov eax,[ebp+0xc] add eax,byte +0x72 mov [ebp-0x18],eax JUMP_002665: ; Pos = 2ab7a mov eax,[ebp-0x18] test byte [eax],0x10 jnz JUMP_002666 dec dword [ebp-0x18] dec esi test esi,esi jg JUMP_002665 JUMP_002666: ; Pos = 2ab8a test esi,esi jg JUMP_002667 xor eax,eax mov al,[edi+0x56] cmp eax,[ebp-0x4] jz near JUMP_002670 mov eax,[ebp-0x4] push eax mov eax,[ebp+0xc] push eax push edi call FUNC_000605 add esp,byte +0xc jmp JUMP_002670 JUMP_002667: ; Pos = 2abb2 mov eax,[ebp+0xc] push eax push esi call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax mov al,[ebx+0x56] cmp al,[edi+0x56] jnz JUMP_002668 lea eax,[ebp-0x10] push eax lea eax,[ebp-0x24] push eax push ebx push edi call FUNC_000590 add esp,byte +0x10 movsx eax,word [ebx+0xda] sub [ebp-0x10],eax shl dword [ebp-0x10],0x4 mov eax,[ebp-0x10] cmp eax,[ebp-0xc] jnl JUMP_002669 mov [ebp-0x4],esi mov eax,[ebp-0x10] mov [ebp-0xc],eax jmp short JUMP_002669 JUMP_002668: ; Pos = 2abfd xor eax,eax mov al,[ebx+0x56] cmp eax,[ebp-0x8] jnz JUMP_002669 lea eax,[ebp-0x10] push eax lea eax,[ebp-0x24] push eax push ebx push edi call FUNC_000590 add esp,byte +0x10 movsx eax,word [ebx+0xda] sub [ebp-0x10],eax shl dword [ebp-0x10],0x2 add dword [ebp-0x10],byte +0x20 mov eax,[ebp-0x10] cmp eax,[ebp-0xc] jnl JUMP_002669 mov eax,[ebp+0xc] push eax xor eax,eax mov al,[edi+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax push ebx push edi call FUNC_000604 add esp,byte +0x8 jmp short JUMP_002670 JUMP_002669: ; Pos = 2ac54 dec esi dec dword [ebp-0x18] test esi,esi jg near JUMP_002665 xor eax,eax mov al,[edi+0x56] cmp eax,[ebp-0x4] jz JUMP_002670 mov eax,[ebp-0x4] push eax mov eax,[ebp+0xc] push eax push edi call FUNC_000605 add esp,byte +0xc JUMP_002670: ; Pos = 2ac7b pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000607: ; Pos = 2ac84 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,esi mov ecx,0x64 cdq idiv ecx add esi,eax test esi,esi jnl JUMP_002671 neg esi mov eax,[ebx+0x18] sar eax,0x10 push eax push esi call near [DATA_007748] ; FUNC_001516 add esp,byte +0x8 neg eax mov [ebp-0xc],eax mov eax,[ebx+0x1c] sar eax,0x10 push eax push esi call near [DATA_007748] ; FUNC_001516 add esp,byte +0x8 neg eax mov [ebp-0x8],eax mov eax,[ebx+0x20] sar eax,0x10 push eax push esi call near [DATA_007748] ; FUNC_001516 add esp,byte +0x8 neg eax mov [ebp-0x4],eax jmp short JUMP_002672 JUMP_002671: ; Pos = 2acec mov eax,[ebx+0x18] sar eax,0x10 push eax push esi call near [DATA_007748] ; FUNC_001516 add esp,byte +0x8 mov [ebp-0xc],eax mov eax,[ebx+0x1c] sar eax,0x10 push eax push esi call near [DATA_007748] ; FUNC_001516 add esp,byte +0x8 mov [ebp-0x8],eax mov eax,[ebx+0x20] sar eax,0x10 push eax push esi call near [DATA_007748] ; FUNC_001516 add esp,byte +0x8 mov [ebp-0x4],eax JUMP_002672: ; Pos = 2ad28 mov eax,[ebx+0x8c] sub [ebp-0xc],eax mov eax,[ebx+0x90] sub [ebp-0x8],eax mov eax,[ebx+0x94] sub [ebp-0x4],eax mov eax,[ebp-0xc] mov [ebx+0xf2],eax mov eax,[ebp-0x8] mov [ebx+0xf6],eax mov eax,[ebp-0x4] mov [ebx+0xfa],eax push ebx lea eax,[ebp-0xc] push eax push edi call FUNC_001670_VecMatTMul add esp,byte +0xc shl dword [edi],0x2 shl dword [edi+0x4],0x2 shl dword [edi+0x8],0x2 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000608: ; Pos = 2ad80 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x10] mov eax,[ebp+0x8] push eax push ebx call FUNC_001475 add esp,byte +0x8 mov edx,[ebp+0x14] mov [edx],eax mov eax,[ebp+0xc] push eax push ebx push ebx call FUNC_001670_VecMatTMul add esp,byte +0xc pop ebx pop ebp ret FUNC_000609: ; Pos = 2adac push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax] sar edx,0x10 imul edx,[DATA_008708] mov ecx,[eax+0x4] sar ecx,0x10 imul ecx,[DATA_008709] add edx,ecx mov ecx,[eax+0x8] sar ecx,0x10 imul ecx,[DATA_008710] add edx,ecx sar edx,0x12 neg dx mov [eax+0x112],dx pop ebp ret FUNC_000610: ; Pos = 2adec push ebp mov ebp,esp add esp,byte -0x50 push ebx push esi mov ebx,[ebp+0x8] mov eax,[ebp+0x18] push eax mov eax,[ebp+0xc] push eax push ebx call FUNC_000594 add esp,byte +0xc mov eax,[ebp+0x18] push eax call FUNC_000612 pop ecx mov [ebp-0x24],eax mov eax,[ebp+0x1c] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x38] push eax mov eax,[ebp+0xc] push eax push ebx call FUNC_000592 add esp,byte +0x14 lea eax,[ebp-0x38] push eax lea eax,[ebp-0x44] push eax call FUNC_001518 add esp,byte +0x8 mov eax,[ebp+0xc] cmp dword [eax+0x13c],byte +0x0 jnz JUMP_002673 mov eax,[ebp+0xc] cmp dword [eax+0x138],0x5f5e100 jl JUMP_002674 JUMP_002673: ; Pos = 2ae59 mov eax,[ebp+0xc] mov edx,[eax+0x138] mov [ebp-0x2c],edx mov edx,[eax+0x13c] mov [ebp-0x28],edx mov eax,[ebp-0x4] neg eax push eax lea eax,[ebp-0x2c] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x2c] push eax mov eax,[ebp-0x44] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 sub [ebp-0x38],eax mov eax,[ebp-0x2c] push eax mov eax,[ebp-0x40] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 sub [ebp-0x34],eax mov eax,[ebp-0x2c] push eax mov eax,[ebp-0x3c] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 sub [ebp-0x30],eax JUMP_002674: ; Pos = 2aec2 mov ax,[ebp-0x38] mov [ebx+0x108],ax mov ax,[ebp-0x34] mov [ebx+0x10a],ax mov ax,[ebp-0x30] mov [ebx+0x10c],ax mov ax,[ebp-0x4] mov [ebx+0x10e],ax mov al,[DATA_009123] inc eax mov dl,[ebx+0x150] cmp dl,al jc JUMP_002675 sub [ebx+0x150],al mov eax,[ebp+0x1c] push eax lea eax,[ebp-0x38] push eax mov eax,[ebp-0x4] push eax mov eax,[ebp-0x24] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push ebx call FUNC_000597 add esp,byte +0x24 jmp JUMP_002689 JUMP_002675: ; Pos = 2af32 shl eax,0x4 mov [ebx+0x150],al mov edx,[ebx+0x8c] test edx,edx jnl JUMP_002676 neg edx JUMP_002676: ; Pos = 2af47 mov eax,[ebx+0x90] test eax,eax jnl JUMP_002677 neg eax JUMP_002677: ; Pos = 2af53 cmp edx,eax jg JUMP_002678 mov edx,eax JUMP_002678: ; Pos = 2af59 mov eax,[ebx+0x94] test eax,eax jnl JUMP_002679 neg eax JUMP_002679: ; Pos = 2af65 cmp edx,eax jg JUMP_002680 mov edx,eax JUMP_002680: ; Pos = 2af6b sar edx,1 mov eax,[DATA_009123] add eax,byte +0xb cmp eax,byte +0xf jnl JUMP_002681 mov eax,0xf JUMP_002681: ; Pos = 2af7f mov [ebp-0xc],edx xor edx,edx mov [ebp-0x8],edx push eax lea eax,[ebp-0xc] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 lea eax,[ebp-0x38] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov esi,eax mov [ebp-0x14],esi mov eax,esi shr eax,0x3 sub esi,eax mov [ebp-0x14],esi xor eax,eax mov [ebp-0x10],eax mov eax,[ebp-0x4] push eax lea eax,[ebp-0x14] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x8] cmp eax,[ebp-0x10] jg JUMP_002682 mov eax,[ebp-0x8] cmp eax,[ebp-0x10] jnz JUMP_002683 mov eax,[ebp-0xc] cmp eax,[ebp-0x14] jna JUMP_002683 JUMP_002682: ; Pos = 2afdb mov eax,[ebp-0x14] mov [ebp-0xc],eax mov eax,[ebp-0x10] mov [ebp-0x8],eax JUMP_002683: ; Pos = 2afe7 cmp dword [ebp-0x8],byte +0x0 jz JUMP_002684 mov eax,0x5800 jmp short JUMP_002685 JUMP_002684: ; Pos = 2aff4 mov eax,0x1800 JUMP_002685: ; Pos = 2aff9 xor edx,edx mov [ebp-0x50],edx xor edx,edx mov [ebp-0x4c],edx xor edx,edx mov [ebp-0x48],edx push eax push dword [ebp-0x8] push dword [ebp-0xc] xor eax,eax mov al,[ebx+0x86] push eax lea eax,[ebp-0x44] push eax lea eax,[ebp-0x50] push eax mov eax,[ebp+0x1c] push eax push ebx call near [DATA_006791] ; FUNC_000802 add esp,byte +0x20 test byte [DATA_008711],0x80 jnz JUMP_002686 movsx eax,word [ebx+0x108] mov [ebp-0x38],eax movsx eax,word [ebx+0x10a] mov [ebp-0x34],eax movsx eax,word [ebx+0x10c] mov [ebp-0x30],eax movsx eax,word [ebx+0x10e] mov [ebp-0x4],eax mov eax,[ebp+0x1c] push eax lea eax,[ebp-0x38] push eax mov eax,[ebp-0x4] push eax mov eax,[ebp-0x24] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push ebx call FUNC_000597 add esp,byte +0x24 jmp JUMP_002689 JUMP_002686: ; Pos = 2b08d movsx eax,word [ebx+0x108] mov [ebp-0x38],eax movsx eax,word [ebx+0x10a] mov [ebp-0x34],eax movsx eax,word [ebx+0x10c] mov [ebp-0x30],eax lea eax,[ebp-0x38] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x18],ax mov ax,[ebx+0x10e] add ax,byte +0xf mov [ebp-0x16],ax mov eax,[ebp-0x18] push eax lea eax,[ebp-0x20] push eax call near [DATA_007734] ; FUNC_001495 add esp,byte +0x8 push dword [ebp-0x1c] push dword [ebp-0x20] push dword [DATA_008713] push dword [DATA_008712] lea eax,[ebp-0x20] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 cmp dword [ebp-0x1c],byte +0x0 jl JUMP_002687 movsx eax,word [ebx+0x108] mov [ebp-0x38],eax movsx eax,word [ebx+0x10a] mov [ebp-0x34],eax movsx eax,word [ebx+0x10c] mov [ebp-0x30],eax movsx eax,word [ebx+0x10e] mov [ebp-0x4],eax jmp short JUMP_002688 JUMP_002687: ; Pos = 2b128 mov eax,[DATA_008721] sar eax,0x11 mov edx,[ebp-0x44] sar edx,0x2 add ax,dx mov [ebx+0x108],ax movsx eax,ax mov [ebp-0x38],eax mov eax,[DATA_008722] sar eax,0x11 mov edx,[ebp-0x40] sar edx,0x2 add ax,dx mov [ebx+0x10a],ax movsx eax,ax mov [ebp-0x34],eax mov eax,[DATA_008723] sar eax,0x11 mov edx,[ebp-0x3c] sar edx,0x2 add ax,dx mov [ebx+0x10c],ax movsx eax,ax mov [ebp-0x30],eax movsx eax,word [ebx+0x10e] mov [ebp-0x4],eax mov byte [ebx+0x150],0x0 JUMP_002688: ; Pos = 2b193 mov eax,[ebp+0x1c] push eax lea eax,[ebp-0x38] push eax mov eax,[ebp-0x4] push eax mov eax,[ebp-0x24] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push ebx call FUNC_000597 add esp,byte +0x24 JUMP_002689: ; Pos = 2b1bc pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000611: ; Pos = 2b1c4 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov ebx,[ebp+0x18] mov eax,[ebp+0x10] mov edx,[ebp+0xc] mov ecx,[DATA_006159] mov [ebp-0xc],ecx mov ecx,[DATA_006160] mov [ebp-0x8],ecx mov cx,[DATA_006161] mov [ebp-0x4],cx cmp ebx,byte +0x5 jg JUMP_002690 mov esi,ebx add esi,esi inc esi mov ecx,esi mov edi,[edx] sar edi,cl sub [edx],edi mov ecx,esi mov edi,[edx+0x4] sar edi,cl sub [edx+0x4],edi mov ecx,esi mov edi,[edx+0x8] sar edi,cl sub [edx+0x8],edi mov ecx,esi mov edi,[eax] sar edi,cl sub [eax],edi mov ecx,esi mov edi,[eax+0x4] sar edi,cl sub [eax+0x4],edi mov ecx,esi mov esi,[eax+0x8] sar esi,cl sub [eax+0x8],esi JUMP_002690: ; Pos = 2b235 cmp byte [ebp+0x14],0x70 jnz JUMP_002691 mov ecx,ebx mov esi,[edx] sar esi,cl add esi,[eax] mov [ebp-0x18],esi mov ecx,ebx mov esi,[edx+0x4] sar esi,cl add esi,[eax+0x4] mov [ebp-0x14],esi mov ecx,ebx mov esi,[edx+0x8] sar esi,cl add esi,[eax+0x8] mov [ebp-0x10],esi jmp short JUMP_002692 JUMP_002691: ; Pos = 2b262 mov ecx,ebx mov esi,[edx] sar esi,cl mov ecx,[eax] sub ecx,esi mov [ebp-0x18],ecx mov ecx,ebx mov esi,[edx+0x4] sar esi,cl mov ecx,[eax+0x4] sub ecx,esi mov [ebp-0x14],ecx mov ecx,ebx mov esi,[edx+0x8] sar esi,cl mov ecx,[eax+0x8] sub ecx,esi mov [ebp-0x10],ecx JUMP_002692: ; Pos = 2b28d mov ecx,ebx mov esi,[eax] sar esi,cl mov [ebp-0x24],esi mov ecx,ebx mov esi,[eax+0x4] sar esi,cl mov [ebp-0x20],esi mov ecx,ebx mov esi,[eax+0x8] sar esi,cl mov [ebp-0x1c],esi mov ecx,[ebp-0x18] mov [eax],ecx mov ecx,[ebp-0x14] mov [eax+0x4],ecx mov ecx,[ebp-0x10] mov [eax+0x8],ecx cmp byte [ebp+0x14],0x70 jnz JUMP_002693 mov eax,[ebp-0x24] sub [edx],eax mov eax,[ebp-0x20] sub [edx+0x4],eax mov eax,[ebp-0x1c] sub [edx+0x8],eax jmp short JUMP_002694 JUMP_002693: ; Pos = 2b2d4 mov eax,[ebp-0x24] add [edx],eax mov eax,[ebp-0x20] add [edx+0x4],eax mov eax,[ebp-0x1c] add [edx+0x8],eax JUMP_002694: ; Pos = 2b2e5 mov al,[ebp+ebx-0xe] mov edx,[ebp+0x8] sub [edx+0x24],al mov eax,[ebp+0x8] cmp byte [eax+0x24],0x0 jnl JUMP_002695 mov eax,[ebp+0x8] push eax call near [DATA_007719] ; FUNC_001520 pop ecx mov eax,[ebp+0x8] mov byte [eax+0x24],0x3c JUMP_002695: ; Pos = 2b30a pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000612: ; Pos = 2b314 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp dword [ebx],byte +0x0 jnl JUMP_002696 mov eax,[ebx] neg eax jmp short JUMP_002697 JUMP_002696: ; Pos = 2b326 mov eax,[ebx] JUMP_002697: ; Pos = 2b328 cmp dword [ebx+0x4],byte +0x0 jnl JUMP_002698 mov edx,[ebx+0x4] neg edx jmp short JUMP_002699 JUMP_002698: ; Pos = 2b335 mov edx,[ebx+0x4] JUMP_002699: ; Pos = 2b338 or eax,edx cmp dword [ebx+0x8],byte +0x0 jnl JUMP_002700 mov edx,[ebx+0x8] neg edx jmp short JUMP_002701 JUMP_002700: ; Pos = 2b347 mov edx,[ebx+0x8] JUMP_002701: ; Pos = 2b34a or eax,edx push eax call FUNC_001656_FindMSB pop ecx add eax,byte -0xe test eax,eax jnl JUMP_002702 mov edx,eax neg edx mov ecx,edx shl dword [ebx],cl mov ecx,eax neg ecx mov ecx,edx shl dword [ebx+0x4],cl mov ecx,eax neg ecx mov ecx,edx shl dword [ebx+0x8],cl jmp short JUMP_002703 JUMP_002702: ; Pos = 2b376 test eax,eax jng JUMP_002703 mov ecx,eax sar dword [ebx],cl mov ecx,eax sar dword [ebx+0x4],cl mov ecx,eax sar dword [ebx+0x8],cl JUMP_002703: ; Pos = 2b388 pop ebx pop ebp ret FUNC_000613: ; Pos = 2b38c push ebp mov ebp,esp mov ecx,[ebp+0x10] mov edx,[ebp+0xc] mov eax,[ebp+0x8] and eax,0x1ff cmp eax,0x1ff jnz JUMP_002704 push edx push ecx call FUNC_000614 add esp,byte +0x8 pop ebp ret JUMP_002704: ; Pos = 2b3b0 push dword DATA_006162 push edx push eax push ecx call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret FUNC_000614: ; Pos = 2b3c4 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,[ebp+0xc] lea ebx,[ebp+0x8] xor eax,eax mov [ebp-0x4],eax xor esi,esi JUMP_002705: ; Pos = 2b3d8 mov eax,[ebx] mov byte [eax],0x1f inc dword [ebx] mov eax,[ebx] mov byte [eax],0x7 inc dword [ebx] lea eax,[esi+esi*8] inc eax mov edx,[ebx] mov [edx],al inc dword [ebx] lea eax,[ebp-0x4] push eax push ebx push byte +0x50 push edi call FUNC_000615 add esp,byte +0x10 test eax,eax jz JUMP_002706 cmp dword [ebp-0x4],byte +0x21 jnl JUMP_002706 mov eax,[ebx] mov byte [eax-0x1],0x1e mov eax,[ebx] mov byte [eax],0x5a inc dword [ebx] lea eax,[ebp-0x4] push eax push ebx push dword 0x118 push edi call FUNC_000615 add esp,byte +0x10 mov eax,[ebx] mov byte [eax-0x1],0xd inc esi JUMP_002706: ; Pos = 2b431 cmp dword [ebp-0x4],byte +0x21 jl JUMP_002705 mov eax,[ebx] mov byte [eax-0x1],0x0 mov eax,[ebx] pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000615: ; Pos = 2b448 push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0x14] mov esi,[ebp+0x10] mov edi,[ebp+0x8] jmp short JUMP_002708 JUMP_002707: ; Pos = 2b45a inc dword [ebx] cmp dword [ebx],byte +0x21 jl JUMP_002708 xor eax,eax jmp short JUMP_002709 JUMP_002708: ; Pos = 2b465 mov eax,[ebx] test byte [eax+DATA_008989],0x80 jnz JUMP_002707 mov eax,[ebx] add eax,0x8e00 mov [ebp-0x4],eax mov eax,[esi] push eax push edi mov eax,[ebp-0x4] push eax call FUNC_000613 add esp,byte +0xc mov [esi],eax mov eax,[esi] mov byte [eax-0x1],0x1e mov eax,[ebp+0xc] sar eax,1 mov edx,[esi] inc dword [esi] mov [edx],al mov eax,[edi+0xc] mov edx,[ebx] mov eax,[eax+edx*8+0x4] mov [edi],eax push edi push dword 0x3004 mov eax,[esi] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov [esi],eax inc dword [ebx] mov eax,0x1 JUMP_002709: ; Pos = 2b4c3 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000616: ; Pos = 2b4cc push ebp mov ebp,esp mov eax,[ebp+0x8] and eax,0xff dec eax jnz JUMP_002710 xor eax,eax mov [DATA_009009],eax xor eax,eax mov [DATA_009008],eax xor eax,eax mov [DATA_009007],eax xor eax,eax mov [DATA_009006],eax call FUNC_000617 mov eax,[DATA_008885] push eax call FUNC_000622 pop ecx JUMP_002710: ; Pos = 2b507 pop ebp ret FUNC_000617: ; Pos = 2b50c push ebp mov ebp,esp xor eax,eax mov [DATA_008997],eax push byte +0x0 push dword FUNC_000618 mov eax,[DATA_009133] push eax call FUNC_000145 add esp,byte +0xc pop ebp ret FUNC_000618: ; Pos = 2b530 push ebp mov ebp,esp mov eax,[ebp+0x8] test byte [eax+0x14c],0x10 jz JUMP_002711 mov edx,[DATA_008997] mov ecx,edx lea edx,[ecx+edx*2] lea edx,[ecx+edx*8] shl edx,0x4 add edx,ecx mov al,[eax+0x86] mov [edx*2+DATA_009000],al cmp dword [DATA_008997],byte +0x12 jnl JUMP_002711 inc dword [DATA_008997] JUMP_002711: ; Pos = 2b56e pop ebp ret FUNC_000619: ; Pos = 2b570 push ebp mov ebp,esp push ebx mov edx,[ebp+0x18] mov eax,[ebp+0x8] mov ecx,[ebp+0xc] mov ebx,[ecx*4+DATA_006165] imul ebx,[eax+0x4] sar ebx,0xf mov ecx,[ebp+0x14] mov ecx,[ecx*4+DATA_006164] imul ecx,ebx sar ecx,0xf mov ebx,ecx test dl,0x8 jz JUMP_002712 neg ebx JUMP_002712: ; Pos = 2b5a4 add ebx,[eax] test dl,0x80 jz JUMP_002713 mov eax,ebx add eax,eax mov ebx,eax JUMP_002713: ; Pos = 2b5b1 mov eax,[ebp+0x10] mov eax,[eax*4+DATA_006166] imul ebx sar eax,0xf mov ebx,eax cmp ebx,0x7fff jng JUMP_002714 mov ebx,0x7fff jmp short JUMP_002715 JUMP_002714: ; Pos = 2b5d1 mov eax,ebx add eax,eax mov ebx,eax JUMP_002715: ; Pos = 2b5d7 call near [DATA_007752] ; FUNC_001530 and eax,0x3ff add eax,0x4000 sub eax,0x200 imul ebx mov ebx,eax cmp ebx,0x1fffffff jg JUMP_002716 mov eax,ebx shl eax,0x2 mov ebx,eax jmp short JUMP_002718 JUMP_002716: ; Pos = 2b601 cmp ebx,0x3fffffff jg JUMP_002717 mov eax,ebx add eax,eax mov ebx,eax jmp short JUMP_002718 JUMP_002717: ; Pos = 2b611 mov ebx,0x7fffffff JUMP_002718: ; Pos = 2b616 mov eax,ebx sar eax,0x10 pop ebx pop ebp ret FUNC_000620: ; Pos = 2b620 push ebp mov ebp,esp push ebx mov edx,[ebp+0x18] mov eax,[ebp+0x8] mov ecx,[ebp+0x14] mov ebx,[ecx*4+DATA_006164] imul ebx,[eax+0xc] sar ebx,0xf test dl,0x8 jnz JUMP_002719 neg ebx JUMP_002719: ; Pos = 2b642 add ebx,[eax+0x8] mov eax,[ebp+0xc] mov eax,[eax*4+DATA_006167] imul eax,ebx sar eax,0xf mov ebx,eax test dl,0x80 jz JUMP_002720 sar ebx,0x3 JUMP_002720: ; Pos = 2b65f mov eax,[ebp+0x10] mov eax,[eax*4+DATA_006168] imul ebx sar eax,0xf mov ebx,eax call near [DATA_007752] ; FUNC_001530 and eax,0x3fff add eax,0x4000 imul ebx sar eax,0xf js JUMP_002721 call near [DATA_007752] ; FUNC_001530 and eax,0x3fff add eax,0x4000 imul ebx sar eax,0xf jmp short JUMP_002722 JUMP_002721: ; Pos = 2b69e call near [DATA_007752] ; FUNC_001530 and eax,0x3fff add eax,0x4000 imul ebx sar eax,0xf neg eax JUMP_002722: ; Pos = 2b6b5 add ebx,eax test ebx,ebx jnl JUMP_002723 xor eax,eax jmp short JUMP_002724 JUMP_002723: ; Pos = 2b6bf mov eax,ebx JUMP_002724: ; Pos = 2b6c1 pop ebx pop ebp ret FUNC_000621: ; Pos = 2b6c4 push ebp mov ebp,esp push byte +0x20 call near [DATA_007217] ; FUNC_000922 pop ecx mov edx,[ebp+0xc] push edx mov edx,[ebp+0x8] push edx mov eax,[eax*4+DATA_006170] call eax add esp,byte +0x8 pop ebp ret FUNC_000622: ; Pos = 2b6e8 push ebp mov ebp,esp add esp,byte -0x58 push ebx push esi push edi lea eax,[ebp-0x2c] push eax lea eax,[ebp-0x28] push eax lea eax,[ebp-0x4c] push eax lea eax,[ebp-0x48] push eax lea eax,[ebp-0x44] push eax lea eax,[ebp-0x40] push eax lea eax,[ebp-0x24] push eax lea eax,[ebp-0x20] push eax mov eax,[ebp+0x8] push eax call FUNC_000869 add esp,byte +0x24 mov ax,[ebp-0x40] mov [DATA_008995],ax mov ax,[ebp-0x44] mov [DATA_008993],ax mov eax,[ebp-0x48] mov [DATA_009010],eax mov ax,[ebp-0x4c] mov [DATA_008994],ax mov eax,[ebp-0x2c] shr eax,0x6 mov [DATA_008996],ax lea eax,[ebp-0x2c] push eax lea eax,[ebp-0x54] push eax lea eax,[ebp-0x50] push eax lea eax,[ebp-0x1c] push eax mov eax,[ebp+0x8] push eax call FUNC_000870 add esp,byte +0x14 mov ax,[ebp-0x50] mov [DATA_008991],ax mov ax,[ebp-0x54] mov [DATA_008992],ax xor ebx,ebx mov edx,DATA_008989 mov eax,[ebp-0x1c] JUMP_002725: ; Pos = 2b789 mov cl,[eax] mov [edx],cl inc ebx inc edx inc eax cmp ebx,byte +0x26 jl JUMP_002725 mov eax,[DATA_008997] mov [ebp-0x4],eax mov esi,DATA_008999 cmp dword [ebp-0x4],byte +0x0 jng near JUMP_002738 JUMP_002726: ; Pos = 2b7ac mov eax,[DATA_009133] push eax xor eax,eax mov al,[esi+0x130] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x14],eax xor ebx,ebx mov [ebp-0x8],esi mov dword [ebp-0x10],DATA_006169 mov dword [ebp-0x58],DATA_008989 JUMP_002727: ; Pos = 2b7da mov eax,[ebp-0x58] movsx edi,byte [eax] mov eax,edi and eax,byte +0x7 mov [ebp-0xc],eax push edi mov eax,[ebp-0xc] push eax movsx eax,word [DATA_008992] push eax movzx eax,word [DATA_008991] push eax mov eax,[ebp-0x10] push eax call FUNC_000619 add esp,byte +0x14 mov edx,[ebp-0x8] mov [edx+0x4],eax push edi mov eax,[ebp-0xc] push eax movsx eax,word [DATA_008992] push eax movzx eax,word [DATA_008991] push eax mov eax,[ebp-0x10] push eax call FUNC_000620 add esp,byte +0x14 mov edx,[ebp-0x8] mov [edx],eax lea eax,[ebx+0x3e8] push eax mov eax,[ebp-0x14] mov eax,[eax+0xa0] push eax push byte +0x18 call FUNC_000048 add esp,byte +0xc inc dword [ebp-0x58] inc ebx add dword [ebp-0x8],byte +0x8 add dword [ebp-0x10],byte +0x10 cmp ebx,byte +0x21 jl near JUMP_002727 xor eax,eax mov [esi+0x2e2],eax mov byte [esi+0x131],0x0 xor ebx,ebx jmp short JUMP_002729 JUMP_002728: ; Pos = 2b878 mov eax,[esi+0x2e2] shl eax,0x3 lea eax,[eax+eax*2] add eax,esi add eax,0x132 push eax push esi call FUNC_000621 add esp,byte +0x8 inc ebx JUMP_002729: ; Pos = 2b896 movzx eax,word [DATA_008991] shl eax,0x2 cmp ebx,eax jng JUMP_002728 mov eax,[ebp-0x14] mov eax,[eax+0xa0] mov edx,eax shl edx,0x10 shr eax,0x10 or edx,eax mov [DATA_008998],edx mov eax,[ebp-0x14] test byte [eax+0x14c],0x20 jnz JUMP_002730 or byte [esi+0x131],0x10 JUMP_002730: ; Pos = 2b8d0 lea eax,[esi+0x2e6] mov [ebp-0x18],eax xor eax,eax mov [esi+0x31e],eax mov ebx,[DATA_008997] dec ebx test ebx,ebx jns JUMP_002731 add ebx,byte +0x3 JUMP_002731: ; Pos = 2b8ef sar ebx,0x2 test ebx,ebx jl JUMP_002733 JUMP_002732: ; Pos = 2b8f6 lea eax,[ebp-0x18] push eax push esi push byte +0xd call FUNC_000634 add esp,byte +0xc dec ebx test ebx,ebx jnl JUMP_002732 JUMP_002733: ; Pos = 2b90a movzx eax,word [DATA_008993] lea ebx,[eax+eax*2] test ebx,ebx jl JUMP_002735 JUMP_002734: ; Pos = 2b918 lea eax,[ebp-0x18] push eax push esi push byte +0x0 call FUNC_000634 add esp,byte +0xc dec ebx test ebx,ebx jnl JUMP_002734 JUMP_002735: ; Pos = 2b92c movzx eax,word [DATA_008994] lea ebx,[eax+eax*2] test ebx,ebx jl JUMP_002737 JUMP_002736: ; Pos = 2b93a lea eax,[ebp-0x18] push eax push esi push byte +0x1 call FUNC_000634 add esp,byte +0xc dec ebx test ebx,ebx jnl JUMP_002736 JUMP_002737: ; Pos = 2b94e xor eax,eax mov al,[esi+0x130] push eax push byte +0x10 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x10 call FUNC_000034 add esp,byte +0x8 dec dword [ebp-0x4] add esi,0x322 cmp dword [ebp-0x4],byte +0x0 jg near JUMP_002726 JUMP_002738: ; Pos = 2b980 xor eax,eax mov [DATA_009004],eax push dword DATA_009002 push dword DATA_009003 lea eax,[ebp-0x3c] push eax lea eax,[ebp-0x38] push eax lea eax,[ebp-0x34] push eax lea eax,[ebp-0x30] push eax mov eax,[ebp+0x8] push eax call FUNC_000871 add esp,byte +0x1c mov eax,[ebp-0x38] shl eax,0x3 add eax,byte +0x8 mov [DATA_009001],eax xor ebx,ebx jmp short JUMP_002740 JUMP_002739: ; Pos = 2b9bf call FUNC_000623 inc ebx JUMP_002740: ; Pos = 2b9c5 cmp ebx,[DATA_009001] jl JUMP_002739 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000623: ; Pos = 2b9d4 push ebp mov ebp,esp call near [DATA_007752] ; FUNC_001530 and eax,byte +0xf mov edx,[DATA_009002] cmp edx,[DATA_009003] jnl JUMP_002741 xor edx,edx jmp short JUMP_002742 JUMP_002741: ; Pos = 2b9f2 mov edx,[DATA_009002] sub edx,[DATA_009003] JUMP_002742: ; Pos = 2b9fe push edx mov eax,[eax*4+DATA_006201] call eax pop ecx pop ebp ret FUNC_000624: ; Pos = 2ba0c push ebp mov ebp,esp mov ecx,[ebp+0x8] xor edx,edx JUMP_002743: ; Pos = 2ba14 mov eax,edx shl eax,0x3 lea eax,[eax+eax*2] add eax,DATA_009004 cmp dword [eax],byte +0x0 jnz JUMP_002744 mov [eax],ecx mov edx,[ebp+0xc] mov [eax+0x4],edx mov edx,[ebp+0x10] mov [eax+0x8],edx mov edx,[ebp+0x14] mov [eax+0x10],edx mov edx,[ebp+0x18] mov [eax+0xc],edx mov edx,[ebp+0x1c] mov [eax+0x14],edx xor edx,edx mov [eax+0x18],edx pop ebp ret JUMP_002744: ; Pos = 2ba4e inc edx cmp edx,byte +0x19 jl JUMP_002743 pop ebp ret FUNC_000625: ; Pos = 2ba58 push ebp mov ebp,esp add esp,byte -0x10 push ebx mov ebx,[ebp+0x8] push byte +0x3 call near [DATA_007217] ; FUNC_000922 pop ecx push eax movzx eax,word [DATA_008996] mov eax,[eax*4+DATA_006210] push eax call FUNC_000857 add esp,byte +0x8 mov [ebx],eax cmp dword [ebx],byte +0x0 jz JUMP_002745 lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0x4] push eax mov eax,[ebx] push eax call FUNC_000870 add esp,byte +0x14 mov eax,[ebp-0x10] jmp short JUMP_002746 JUMP_002745: ; Pos = 2baaa xor eax,eax JUMP_002746: ; Pos = 2baac pop ebx mov esp,ebp pop ebp ret FUNC_000626: ; Pos = 2bab4 push ebp mov ebp,esp push ecx push ebx push esi cmp dword [ebp+0x8],0x100 jng JUMP_002747 lea eax,[ebp-0x4] push eax call FUNC_000625 pop ecx cmp eax,byte +0x3 jl JUMP_002747 call near [DATA_007752] ; FUNC_001530 mov ebx,eax and ebx,byte +0x7 mov esi,[DATA_008820] call near [DATA_007752] ; FUNC_001530 mov edx,eax and edx,byte +0x3f add edx,[DATA_008807] add edx,byte +0xe mov eax,[ebx*4+DATA_006211] add ebx,0x99bc push esi push ebx push eax push edx mov eax,[ebp-0x4] push eax push dword 0x9857 call FUNC_000624 add esp,byte +0x18 JUMP_002747: ; Pos = 2bb19 pop esi pop ebx pop ecx pop ebp ret FUNC_000627: ; Pos = 2bb20 push ebp mov ebp,esp push ecx push ebx push esi cmp dword [ebp+0x8],0x271 jng JUMP_002748 lea eax,[ebp-0x4] push eax call FUNC_000625 pop ecx cmp eax,byte +0x3 jl JUMP_002748 call near [DATA_007752] ; FUNC_001530 mov ebx,eax and ebx,byte +0x7 mov esi,[DATA_008820] call near [DATA_007752] ; FUNC_001530 mov edx,eax and edx,byte +0x3f add edx,[DATA_008807] add edx,byte +0xe mov eax,[ebx*4+DATA_006212] add ebx,0x9966 push esi push ebx push eax push edx mov eax,[ebp-0x4] push eax push dword 0x9855 call FUNC_000624 add esp,byte +0x18 JUMP_002748: ; Pos = 2bb85 pop esi pop ebx pop ecx pop ebp ret FUNC_000628: ; Pos = 2bb8c push ebp mov ebp,esp push ecx push ebx push esi cmp dword [ebp+0x8],0x510 jng JUMP_002749 lea eax,[ebp-0x4] push eax call FUNC_000625 pop ecx dec eax jl JUMP_002749 call near [DATA_007752] ; FUNC_001530 mov ebx,eax and ebx,byte +0x7 mov esi,[DATA_008820] call near [DATA_007752] ; FUNC_001530 mov edx,eax and edx,byte +0x3f add edx,[DATA_008807] add edx,byte +0xe mov eax,[ebx*4+DATA_006213] add ebx,0x9966 push esi push ebx push eax push edx mov eax,[ebp-0x4] push eax push dword 0x9856 call FUNC_000624 add esp,byte +0x18 JUMP_002749: ; Pos = 2bbef pop esi pop ebx pop ecx pop ebp ret FUNC_000629: ; Pos = 2bbf4 push ebp mov ebp,esp push dword 0x996e push byte +0x8 call FUNC_000632 add esp,byte +0x8 pop ebp ret FUNC_000630: ; Pos = 2bc08 push ebp mov ebp,esp cmp dword [ebp+0x8],byte +0x10 jng JUMP_002750 push dword 0x9976 push byte +0x4 call FUNC_000632 add esp,byte +0x8 JUMP_002750: ; Pos = 2bc20 pop ebp ret FUNC_000631: ; Pos = 2bc24 push ebp mov ebp,esp cmp dword [ebp+0x8],byte +0x51 jng JUMP_002751 push dword 0x997a push byte +0x4 call FUNC_000632 add esp,byte +0x8 JUMP_002751: ; Pos = 2bc3c pop ebp ret FUNC_000632: ; Pos = 2bc40 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi push edi mov ebx,[ebp+0xc] mov eax,[ebp+0x8] push eax call near [DATA_007217] ; FUNC_000922 pop ecx mov [ebp-0xc],eax mov eax,[DATA_008885] mov [ebp-0x4],eax push byte +0x3 call near [DATA_007217] ; FUNC_000922 pop ecx mov esi,eax push esi mov eax,[ebp-0x4] push eax call FUNC_000857 add esp,byte +0x8 mov [ebp-0x8],eax test eax,eax jz JUMP_002752 lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax call FUNC_000870 add esp,byte +0x14 cmp dword [ebp-0x14],byte +0x3 jl JUMP_002752 call near [DATA_007752] ; FUNC_001530 mov edi,[DATA_008820] push byte +0xe call near [DATA_007217] ; FUNC_000922 pop ecx mov edx,eax add edx,byte +0xa add edx,[DATA_008807] add ebx,[ebp-0xc] lea eax,[ebx+esi*2] add eax,eax lea eax,[eax+eax*4] lea eax,[eax+eax*4] add eax,0xffe2091a push edi push ebx push eax push edx mov eax,[ebp-0x8] push eax push dword 0x9854 call FUNC_000624 add esp,byte +0x18 JUMP_002752: ; Pos = 2bceb pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000633: ; Pos = 2bcf4 push ebp mov ebp,esp add esp,byte -0x20 push ebx push esi push edi mov ebx,[DATA_008807] add ebx,byte +0x4 mov eax,DATA_009004 mov edx,eax jmp short JUMP_002755 JUMP_002753: ; Pos = 2bd0f cmp ebx,[eax+0x8] jg JUMP_002754 mov esi,eax mov edi,edx mov ecx,0x6 rep movsd add edx,byte +0x18 JUMP_002754: ; Pos = 2bd22 add eax,byte +0x18 JUMP_002755: ; Pos = 2bd25 cmp dword [eax],byte +0x0 jnz JUMP_002753 xor eax,eax mov [edx],eax xor ebx,ebx JUMP_002756: ; Pos = 2bd30 push byte +0x19 call near [DATA_007217] ; FUNC_000922 pop ecx cmp eax,[DATA_009001] ja JUMP_002757 call FUNC_000623 JUMP_002757: ; Pos = 2bd46 inc ebx cmp ebx,byte +0x3 jl JUMP_002756 movzx eax,word [DATA_008991] mov [ebp-0xc],eax movsx eax,word [DATA_008992] mov [ebp-0x10],eax xor eax,eax mov [ebp-0x4],eax jmp JUMP_002771 JUMP_002758: ; Pos = 2bd6a mov edi,[ebp-0x4] mov eax,edi lea edi,[eax+edi*2] lea edi,[eax+edi*8] shl edi,0x4 add edi,eax add edi,edi add edi,DATA_008999 mov eax,[DATA_009133] push eax xor eax,eax mov al,[edi+0x130] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x1c],eax xor ebx,ebx mov dword [ebp-0x20],DATA_008989 JUMP_002759: ; Pos = 2bda6 mov eax,[ebp-0x20] movsx eax,byte [eax] mov [ebp-0x18],eax mov eax,[ebp-0x18] and eax,byte +0x7 mov [ebp-0x14],eax lea esi,[edi+ebx*8] mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,ebx shl eax,0x4 add eax,DATA_006169 push eax call FUNC_000619 add esp,byte +0x14 mov edx,[esi+0x4] lea edx,[edx+edx*2] add eax,edx test eax,eax jns JUMP_002760 add eax,byte +0x3 JUMP_002760: ; Pos = 2bdee sar eax,0x2 mov [esi+0x4],eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,ebx shl eax,0x4 add eax,DATA_006169 push eax call FUNC_000620 add esp,byte +0x14 mov edx,[esi] lea edx,[edx+edx*2] add eax,edx test eax,eax jns JUMP_002761 add eax,byte +0x3 JUMP_002761: ; Pos = 2be26 sar eax,0x2 mov [esi],eax lea eax,[ebx+0x3e8] push eax mov eax,[ebp-0x1c] mov eax,[eax+0xa0] push eax push byte +0x18 call FUNC_000048 add esp,byte +0xc inc ebx inc dword [ebp-0x20] cmp ebx,byte +0x21 jl near JUMP_002759 push byte +0x7 call near [DATA_007217] ; FUNC_000922 pop ecx movzx edx,word [DATA_008991] cmp eax,edx jnc JUMP_002766 mov eax,[edi+0x2e2] push eax call near [DATA_007217] ; FUNC_000922 pop ecx shl eax,0x3 lea eax,[eax+eax*2] add eax,edi add eax,0x132 mov edx,[eax] sub edx,0x9827 jz JUMP_002763 dec edx jz JUMP_002764 dec edx jnz JUMP_002765 mov dl,0xfd cmp dword [eax+0x4],byte +0x0 jl JUMP_002762 inc edx JUMP_002762: ; Pos = 2be9b and [edi+0x131],dl jmp short JUMP_002765 JUMP_002763: ; Pos = 2bea3 and byte [edi+0x131],0xfb jmp short JUMP_002765 JUMP_002764: ; Pos = 2beac and byte [edi+0x131],0xf7 JUMP_002765: ; Pos = 2beb3 xor edx,edx mov [eax],edx mov ebx,[edi+0x2e2] dec dword [edi+0x2e2] push eax push edi call FUNC_000621 add esp,byte +0x8 mov [edi+0x2e2],ebx JUMP_002766: ; Pos = 2bed3 lea eax,[edi+0x2e6] mov [ebp-0x8],eax push byte +0xe call near [DATA_007217] ; FUNC_000922 pop ecx mov edx,eax mov eax,[edi+0x31e] sub eax,edx test eax,eax jng JUMP_002767 shl eax,0x2 push eax mov ecx,edx shl ecx,0x2 add ecx,[ebp-0x8] mov eax,ecx add eax,byte +0x4 push eax push ecx call _memmove add esp,byte +0xc dec dword [edi+0x31e] JUMP_002767: ; Pos = 2bf14 mov eax,[edi+0x31e] shl eax,0x2 add [ebp-0x8],eax push byte +0x9 call near [DATA_007217] ; FUNC_000922 pop ecx movzx edx,word [DATA_008993] cmp eax,edx jnc JUMP_002768 lea eax,[ebp-0x8] push eax push edi push byte +0x0 call FUNC_000634 add esp,byte +0xc JUMP_002768: ; Pos = 2bf43 push byte +0x9 call near [DATA_007217] ; FUNC_000922 pop ecx movzx edx,word [DATA_008994] cmp eax,edx jnc JUMP_002769 lea eax,[ebp-0x8] push eax push edi push byte +0x1 call FUNC_000634 add esp,byte +0xc JUMP_002769: ; Pos = 2bf66 push byte +0x1b call near [DATA_007217] ; FUNC_000922 pop ecx cmp eax,[DATA_008997] jnc JUMP_002770 lea eax,[ebp-0x8] push eax push edi push byte +0xd call FUNC_000634 add esp,byte +0xc JUMP_002770: ; Pos = 2bf86 xor eax,eax mov al,[edi+0x130] push eax push byte +0x10 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x10 call FUNC_000034 add esp,byte +0x8 inc dword [ebp-0x4] JUMP_002771: ; Pos = 2bfa8 mov eax,[ebp-0x4] cmp eax,[DATA_008997] jl near JUMP_002758 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000634: ; Pos = 2bfc0 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x10] mov esi,[ebp+0xc] call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008820] test al,0x8 jnz JUMP_002772 cmp dword [esi+0x31e],byte +0xd jnl JUMP_002772 mov eax,[ebx] add eax,byte +0x2 push eax mov eax,[ebp+0x8] push eax call FUNC_000635 add esp,byte +0x8 mov edx,[ebx] mov [edx],ax add dword [ebx],byte +0x4 inc dword [esi+0x31e] JUMP_002772: ; Pos = 2c003 pop esi pop ebx pop ebp ret FUNC_000635: ; Pos = 2c008 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov edx,[ebp+0x8] mov ebx,edx cmp edx,byte +0x1 jz JUMP_002773 test edx,edx jnz JUMP_002774 JUMP_002773: ; Pos = 2c01e movzx eax,word [DATA_008996] add eax,eax add ebx,eax JUMP_002774: ; Pos = 2c029 mov eax,[ebx*8+DATA_006199] cmp edx,byte +0x1 jnz JUMP_002775 cmp word [DATA_008991],byte +0x4 jnc JUMP_002775 movzx ecx,word [DATA_008991] imul ecx,eax shr ecx,0x2 mov eax,ecx JUMP_002775: ; Pos = 2c04e cmp edx,byte +0x10 jz JUMP_002776 push eax call near [DATA_007217] ; FUNC_000922 pop ecx mov dx,[DATA_008820] mov [esi],dx jmp short JUMP_002777 JUMP_002776: ; Pos = 2c067 movzx eax,word [esi] imul dword [ebx*8+DATA_006199] sar eax,0x10 JUMP_002777: ; Pos = 2c074 mov edx,[ebx*8+DATA_006200] mov eax,[edx+eax*4] pop esi pop ebx pop ebp ret FUNC_000636: ; Pos = 2c084 push ebp mov ebp,esp push ecx push ebx push esi mov esi,0x2 mov ebx,[DATA_009009] xor eax,eax mov [DATA_009009],eax test ebx,ebx jnz JUMP_002779 mov ebx,[DATA_009008] xor eax,eax mov [DATA_009008],eax test ebx,ebx jnz JUMP_002779 mov ebx,[DATA_009007] xor eax,eax mov [DATA_009007],eax test ebx,ebx jnz JUMP_002779 mov ebx,[DATA_009006] xor eax,eax mov [DATA_009006],eax test ebx,ebx jnz JUMP_002778 xor eax,eax jmp short JUMP_002783 JUMP_002778: ; Pos = 2c0d7 mov esi,0x1 JUMP_002779: ; Pos = 2c0dc push byte +0x1 mov eax,[DATA_008885] push eax call FUNC_000857 add esp,byte +0x8 mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jnz JUMP_002780 xor eax,eax jmp short JUMP_002783 JUMP_002780: ; Pos = 2c0f9 test ebx,ebx jnl JUMP_002781 mov eax,0x981e jmp short JUMP_002782 JUMP_002781: ; Pos = 2c104 mov eax,0x981d JUMP_002782: ; Pos = 2c109 mov edx,ebx and edx,byte +0x3 shl edx,0x3 lea edx,[edx+edx*4] add edx,byte +0x50 push ebx push edx push esi mov edx,[ebp-0x4] push edx push byte +0x1 push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000646 add esp,byte +0x20 mov eax,0x1 JUMP_002783: ; Pos = 2c136 pop esi pop ebx pop ecx pop ebp ret FUNC_000637: ; Pos = 2c13c push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi call near [DATA_007752] ; FUNC_001530 mov ebx,[DATA_008820] xor eax,eax mov [ebp-0x4],eax mov esi,0x1 push byte +0x1 mov eax,[DATA_008885] push eax call FUNC_000857 add esp,byte +0x8 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jnz JUMP_002784 xor eax,eax jmp short JUMP_002787 JUMP_002784: ; Pos = 2c177 test ebx,ebx jnl JUMP_002785 mov eax,0x981e jmp short JUMP_002786 JUMP_002785: ; Pos = 2c182 mov eax,0x981d JUMP_002786: ; Pos = 2c187 mov edx,ebx and edx,byte +0x3 shl edx,0x3 lea edx,[edx+edx*4] add edx,byte +0x50 push ebx push edx mov edx,[ebp-0x4] push edx mov edx,[ebp-0x8] push edx push esi push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000646 add esp,byte +0x20 mov eax,0x1 JUMP_002787: ; Pos = 2c1b6 pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000638: ; Pos = 2c1bc push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi xor esi,esi JUMP_002788: ; Pos = 2c1c6 push byte +0x3 call near [DATA_007217] ; FUNC_000922 pop ecx mov [ebp-0x18],eax mov eax,[ebp-0x18] push eax mov eax,[DATA_008885] push eax call FUNC_000857 add esp,byte +0x8 mov [ebp-0x1c],eax mov eax,[ebp-0x1c] test eax,eax jz near JUMP_002793 cmp eax,[DATA_008885] jz near JUMP_002793 lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0x4] push eax mov eax,[ebp-0x1c] push eax call FUNC_000870 add esp,byte +0x14 cmp dword [ebp-0x10],byte +0x3 jl near JUMP_002793 call near [DATA_007752] ; FUNC_001530 mov ecx,[DATA_008820] mov eax,[DATA_008818] mov edx,eax and edx,byte +0x7 mov ebx,[edx*8+DATA_006171] mov [ebp-0x14],ebx mov esi,[ebp-0x18] add esi,byte +0x3 imul esi,[edx*8+DATA_006172] cmp edx,byte +0x7 jnz JUMP_002789 or edx,0x2000 JUMP_002789: ; Pos = 2c25d mov ebx,eax imul ebx,eax mov eax,ebx shr eax,0x10 mov ebx,eax imul ebx,eax mov eax,ebx sar eax,0x13 and eax,0x1e00 add edx,eax sar eax,0x9 and eax,byte +0xf add esi,[eax*4+DATA_006173] cmp eax,byte +0xf jl JUMP_002790 test dh,0x20 jnz JUMP_002790 mov [DATA_009006],ecx JUMP_002790: ; Pos = 2c295 mov eax,ecx and eax,byte +0x7 movsx ebx,word [DATA_008992] add eax,ebx mov eax,[eax*4+DATA_006174] imul eax,esi mov esi,eax test ch,0x10 jz JUMP_002791 push ecx push esi push edx mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x14] push eax push dword 0x981b mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000646 add esp,byte +0x20 jmp short JUMP_002792 JUMP_002791: ; Pos = 2c2d6 push ecx push esi push edx mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x14] push eax push dword 0x981a mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000646 add esp,byte +0x20 JUMP_002792: ; Pos = 2c2f6 mov eax,0x1 jmp short JUMP_002794 JUMP_002793: ; Pos = 2c2fd inc esi cmp esi,byte +0x4 jl near JUMP_002788 xor eax,eax JUMP_002794: ; Pos = 2c309 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000639: ; Pos = 2c310 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] test byte [ebx+0x131],0x1 jz JUMP_002795 xor eax,eax pop ebx pop ebp ret JUMP_002795: ; Pos = 2c325 or byte [ebx+0x131],0x1 mov eax,0x20 mov edx,DATA_008990 JUMP_002796: ; Pos = 2c336 test byte [edx],0x80 jnz JUMP_002797 dec eax dec edx test eax,eax jnl JUMP_002796 JUMP_002797: ; Pos = 2c341 test eax,eax jl JUMP_002798 mov eax,[DATA_009133] push eax xor eax,eax mov al,[ebx+0x130] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov eax,[eax+0xa0] mov edx,eax mov ecx,edx shr ecx,0xf shl edx,0x11 or ecx,edx mov eax,ecx push eax push eax push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x9829 mov eax,[ebp+0xc] push eax push ebx call FUNC_000646 add esp,byte +0x20 mov eax,0x1 pop ebx pop ebp ret JUMP_002798: ; Pos = 2c393 xor eax,eax pop ebx pop ebp ret FUNC_000640: ; Pos = 2c398 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] test byte [ebx+0x131],0x2 jz JUMP_002799 xor eax,eax jmp short JUMP_002802 JUMP_002799: ; Pos = 2c3b0 call near [DATA_007752] ; FUNC_001530 mov edx,0x20 mov eax,DATA_008990 JUMP_002800: ; Pos = 2c3c0 test byte [eax],0x80 jz JUMP_002801 or byte [ebx+0x131],0x2 mov eax,[DATA_008818] push eax push eax push byte +0x0 push byte +0x0 push byte -0x1 push dword 0x9829 push esi push ebx call FUNC_000646 add esp,byte +0x20 mov eax,0x1 jmp short JUMP_002802 JUMP_002801: ; Pos = 2c3ef dec edx dec eax test edx,edx jnl JUMP_002800 xor eax,eax JUMP_002802: ; Pos = 2c3f7 pop esi pop ebx pop ebp ret FUNC_000641: ; Pos = 2c3fc push ebp mov ebp,esp push ebx push esi push byte +0xc call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax mov edx,0x20 mov eax,[ebp+0x8] add eax,0x100 JUMP_002803: ; Pos = 2c419 cmp dword [eax],byte +0x0 jnz JUMP_002804 dec ebx jns JUMP_002804 mov esi,[eax+0x4] mov ecx,esi add esi,esi xor ecx,esi test ecx,ecx jl JUMP_002804 lea eax,[edx+0x8e00] mov edx,[DATA_008818] push edx push byte +0x0 push byte +0x0 push esi push eax push dword 0x982a mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000646 add esp,byte +0x20 mov eax,0x1 jmp short JUMP_002805 JUMP_002804: ; Pos = 2c45d dec edx add eax,byte -0x8 test edx,edx jnl JUMP_002803 xor eax,eax JUMP_002805: ; Pos = 2c467 pop esi pop ebx pop ebp ret FUNC_000642: ; Pos = 2c46c push ebp mov ebp,esp mov eax,[ebp+0x8] mov dx,[DATA_008996] dec dx jz JUMP_002806 dec dx jnz JUMP_002807 test byte [eax+0x131],0x4 jnz JUMP_002807 or byte [eax+0x131],0x4 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x9827 mov edx,[ebp+0xc] push edx push eax call FUNC_000646 add esp,byte +0x20 mov eax,0x1 pop ebp ret JUMP_002806: ; Pos = 2c4b6 test byte [eax+0x131],0x8 jnz JUMP_002807 or byte [eax+0x131],0x8 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x9828 mov edx,[ebp+0xc] push edx push eax call FUNC_000646 add esp,byte +0x20 mov eax,0x1 pop ebp ret JUMP_002807: ; Pos = 2c4e9 xor eax,eax pop ebp ret FUNC_000643: ; Pos = 2c4f0 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi xor esi,esi JUMP_002808: ; Pos = 2c4fb push byte +0x3 call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax push ebx mov eax,[DATA_008885] push eax call FUNC_000857 add esp,byte +0x8 mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jz near JUMP_002809 lea eax,[ebp-0x10] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax mov eax,[ebp-0x4] push eax call FUNC_000870 add esp,byte +0x14 cmp dword [ebp-0xc],byte +0x3 jl near JUMP_002809 call near [DATA_007752] ; FUNC_001530 mov edi,[DATA_008818] mov esi,[DATA_008820] and esi,byte +0xf call near [DATA_007752] ; FUNC_001530 mov edx,[DATA_008807] sub edx,0x121cf7 mov eax,[DATA_008820] and eax,byte +0x3f add edx,eax add edx,byte +0x7 mov eax,ebx shl eax,0x3 lea eax,[eax+eax*4] lea eax,[eax+eax*4] lea eax,[eax+eax*4] add eax,[esi*8+DATA_006214] mov ecx,[esi*8+DATA_006215] add ecx,0x99b4 mov esi,[DATA_008818] shr esi,0x10 and esi,byte +0x3 add esi,0x981f push edi push eax push ecx mov eax,[ebp-0x4] push eax push edx push esi mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000646 add esp,byte +0x20 mov eax,0x1 jmp short JUMP_002810 JUMP_002809: ; Pos = 2c5d0 inc esi cmp esi,byte +0x4 jl near JUMP_002808 xor eax,eax JUMP_002810: ; Pos = 2c5dc pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000644: ; Pos = 2c644 push ebp mov ebp,esp call near [DATA_007752] ; FUNC_001530 mov edx,[DATA_008820] mov eax,edx shr eax,0x10 and eax,byte +0x3 add eax,0x9823 push edx push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000646 add esp,byte +0x20 mov eax,0x1 pop ebp ret FUNC_000645: ; Pos = 2c684 push ebp mov ebp,esp call near [DATA_007752] ; FUNC_001530 mov edx,[DATA_008818] mov eax,edx and eax,byte +0x7 add eax,0x99d7 push edx mov edx,[DATA_008820] push edx push byte +0x0 push byte +0x0 push eax sar eax,0x10 and eax,byte +0x1 add eax,0x982c push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000646 add esp,byte +0x20 mov eax,0x1 pop ebp ret FUNC_000646: ; Pos = 2c6d0 push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,[ebp+0x8] cmp dword [edx+0x2e2],byte +0x12 jnl JUMP_002811 inc dword [edx+0x2e2] mov edx,[ebp+0x10] mov [eax],edx mov edx,[ebp+0x14] mov [eax+0x4],edx mov edx,[ebp+0x18] mov [eax+0x8],edx mov edx,[ebp+0x1c] mov [eax+0xc],edx mov edx,[ebp+0x20] mov [eax+0x10],edx mov edx,[ebp+0x24] mov [eax+0x14],edx JUMP_002811: ; Pos = 2c70b pop ebp ret FUNC_000647: ; Pos = 2c710 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x8] mov ecx,[eax] mov [edx+0xa8],ecx mov eax,[eax+0x4] mov [edx+0xac],eax pop ebp ret FUNC_000648: ; Pos = 2c72c push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax] sub eax,byte +0x2 jz JUMP_002812 sub eax,byte +0xd jz JUMP_002813 pop ebp ret JUMP_002812: ; Pos = 2c740 call FUNC_000617 mov eax,[DATA_009008] mov [DATA_009009],eax mov eax,[DATA_009007] mov [DATA_009008],eax mov eax,[DATA_009006] mov [DATA_009007],eax xor eax,eax mov [DATA_009006],eax mov eax,[DATA_008885] push eax call FUNC_000622 pop ecx pop ebp ret JUMP_002813: ; Pos = 2c778 cmp byte [DATA_008870],0x4 jz JUMP_002814 call FUNC_000633 JUMP_002814: ; Pos = 2c786 pop ebp ret FUNC_000649: ; Pos = 2c788 push ebp mov ebp,esp push ebx mov ecx,[ebp+0x8] mov eax,DATA_008999 mov edx,[DATA_008997] jmp short JUMP_002816 JUMP_002815: ; Pos = 2c79c dec edx add eax,0x322 JUMP_002816: ; Pos = 2c7a2 xor ebx,ebx mov bl,[eax+0x130] cmp ecx,ebx jz JUMP_002817 test edx,edx jnl JUMP_002815 JUMP_002817: ; Pos = 2c7b2 test edx,edx jnl JUMP_002818 xor edx,edx jmp short JUMP_002819 JUMP_002818: ; Pos = 2c7ba mov edx,eax JUMP_002819: ; Pos = 2c7bc mov eax,edx pop ebx pop ebp ret FUNC_000650: ; Pos = 2c7c4 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi mov ebx,[ebp+0xc] xor eax,eax mov [ebp-0x4],eax cmp ebx,[DATA_008857] jnz JUMP_002821 mov eax,[ebp+0x8] movzx eax,byte [eax+0x86] push eax push byte +0x17 call FUNC_000034 add esp,byte +0x8 push byte +0x17 call FUNC_000035 pop ecx test eax,eax jnz JUMP_002820 or eax,byte -0x1 jmp JUMP_002835 JUMP_002820: ; Pos = 2c805 push byte +0x0 push byte +0x17 call FUNC_000034 add esp,byte +0x8 JUMP_002821: ; Pos = 2c811 mov eax,[ebp+0x8] movsx edx,word [eax+0xce] mov eax,[ebp+0x8] lea eax,[eax+edx+0xd0] test edx,edx jl JUMP_002824 JUMP_002822: ; Pos = 2c829 mov cl,[eax] movsx esi,cl cmp ebx,esi jz JUMP_002824 test cl,cl jnz JUMP_002823 mov [eax],bl dec dword [ebp-0x4] jmp short JUMP_002824 JUMP_002823: ; Pos = 2c83d dec edx dec eax test edx,edx jnl JUMP_002822 JUMP_002824: ; Pos = 2c843 test edx,edx jnl JUMP_002825 or eax,byte -0x1 jmp JUMP_002835 JUMP_002825: ; Pos = 2c84f cmp ebx,[DATA_008857] jnz JUMP_002826 mov [DATA_008879],edx JUMP_002826: ; Pos = 2c85d mov eax,[ebp+0x18] mov [eax],edx mov eax,[ebp+0x8] test byte [eax+0x14c],0x40 jnz JUMP_002827 xor eax,eax mov [ebp-0x10],eax xor eax,eax mov [ebp-0xc],eax mov dword [ebp-0x8],0xffffffff jmp JUMP_002834 JUMP_002827: ; Pos = 2c884 mov eax,[ebp+0x8] mov eax,[eax+0x82] add eax,byte -0x51 sub eax,byte +0x2 jc JUMP_002828 sub eax,byte +0x2 jz JUMP_002829 dec eax jz JUMP_002831 sub eax,byte +0x3 jz JUMP_002830 jmp short JUMP_002832 JUMP_002828: ; Pos = 2c8a4 mov eax,DATA_006178 jmp short JUMP_002833 JUMP_002829: ; Pos = 2c8ab mov eax,DATA_006177 jmp short JUMP_002833 JUMP_002830: ; Pos = 2c8b2 mov eax,DATA_006176 jmp short JUMP_002833 JUMP_002831: ; Pos = 2c8b9 mov eax,DATA_006175 jmp short JUMP_002833 JUMP_002832: ; Pos = 2c8c0 mov eax,DATA_006179 JUMP_002833: ; Pos = 2c8c5 mov edx,[ebp+0x18] mov edx,[edx] mov ecx,[ebp+0x14] mov [ecx],edx mov edx,[ebp+0x18] mov edx,[edx] lea edx,[edx+edx*2] mov ecx,[eax+edx*4] mov [ebp-0x10],ecx mov ecx,[eax+edx*4+0x4] mov [ebp-0xc],ecx mov ecx,[eax+edx*4+0x8] mov [ebp-0x8],ecx mov eax,[ebp+0x8] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0x10] push eax call FUNC_001669_VecMatMul add esp,byte +0xc shl dword [ebp-0x10],0xa shl dword [ebp-0xc],0xa shl dword [ebp-0x8],0xa JUMP_002834: ; Pos = 2c90b mov eax,[ebp+0x10] mov edx,[ebp-0x10] mov [eax],edx mov eax,[ebp+0x10] mov edx,[ebp-0xc] mov [eax+0x8],edx mov eax,[ebp+0x10] mov edx,[ebp-0x8] mov [eax+0x10],edx cmp dword [ebp-0x10],byte +0x0 setl al and eax,byte +0x1 neg eax mov edx,[ebp+0x10] mov [edx+0x4],eax cmp dword [ebp-0xc],byte +0x0 setl al and eax,byte +0x1 neg eax mov edx,[ebp+0x10] mov [edx+0xc],eax cmp dword [ebp-0x8],byte +0x0 setl al and eax,byte +0x1 neg eax mov edx,[ebp+0x10] mov [edx+0x14],eax mov eax,[ebp+0x14] mov edx,[ebp-0x4] mov [eax],edx xor eax,eax JUMP_002835: ; Pos = 2c965 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000651: ; Pos = 2c96c push ebp mov ebp,esp push esi mov esi,[ebp+0xc] mov ecx,[ebp+0x8] movsx edx,word [esi+0xce] lea eax,[esi+edx+0xd0] test edx,edx jl JUMP_002838 JUMP_002836: ; Pos = 2c988 cmp cl,[eax] jnz JUMP_002837 mov byte [eax],0x0 jmp short JUMP_002838 JUMP_002837: ; Pos = 2c991 dec edx dec eax test edx,edx jnl JUMP_002836 JUMP_002838: ; Pos = 2c997 mov byte [esi+0xc9],0x1 mov byte [esi+0xca],0x0 mov word [esi+0xd8],0x0 pop esi pop ebp ret FUNC_000652: ; Pos = 2c9b4 push ebp mov ebp,esp mov eax,[ebp+0xc] mov dl,[ebp+0x8] cmp dl,[eax+0xca] jz JUMP_002839 xor eax,eax pop ebp ret JUMP_002839: ; Pos = 2c9c9 mov byte [eax+0xc9],0x3 mov word [eax+0xd8],0x7080 mov al,0x1 pop ebp ret FUNC_000653: ; Pos = 2c9e0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov byte [eax+0xc9],0x0 mov byte [eax+0xca],0x0 mov word [eax+0xd8],0x0 pop ebp ret FUNC_000654: ; Pos = 2ca00 push ebp mov ebp,esp mov eax,[ebp+0xc] mov ecx,[ebp+0x8] mov dl,[eax+0xc9] test dl,dl jz JUMP_002840 cmp dl,0x1 jz JUMP_002840 cmp cl,[eax+0xca] jz JUMP_002840 xor eax,eax pop ebp ret JUMP_002840: ; Pos = 2ca24 mov byte [eax+0xc9],0xff mov [eax+0xca],cl mov word [eax+0xd8],0x7080 mov al,0x1 pop ebp ret FUNC_000655: ; Pos = 2ca40 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,[ebp+0x14] mov esi,[ebp+0xc] mov eax,[ebp+0x8] mov bl,[eax+0x86] movsx eax,bl cmp eax,[DATA_008857] jnz JUMP_002841 movzx eax,word [DATA_008996] cmp dword [eax*4+DATA_009095],0x2710 jl JUMP_002841 mov eax,[edi] push eax push dword 0x98b9 push ebx push esi call FUNC_000656 add esp,byte +0x10 mov al,0x1 jmp JUMP_002846 JUMP_002841: ; Pos = 2ca8e push esi push ebx call FUNC_000654 add esp,byte +0x8 mov edx,[ebp+0x8] mov bl,[edx+0x86] test al,al jnz JUMP_002842 mov eax,[edi] push eax push dword 0x98b7 push ebx push esi call FUNC_000656 add esp,byte +0x10 mov al,0x1 jmp short JUMP_002846 JUMP_002842: ; Pos = 2cabb push edi lea eax,[ebp-0x4] push eax mov eax,[ebp+0x10] push eax movsx eax,bl push eax push esi call FUNC_000650 add esp,byte +0x14 mov edx,[ebp+0x8] mov bl,[edx+0x86] test al,al jz JUMP_002843 mov byte [esi+0xc9],0x0 mov byte [esi+0xca],0x0 mov word [esi+0xd8],0x0 mov eax,[edi] push eax push dword 0x98b8 push ebx push esi call FUNC_000656 add esp,byte +0x10 mov al,0x1 jmp short JUMP_002846 JUMP_002843: ; Pos = 2cb0b cmp dword [ebp-0x4],byte +0x0 jnz JUMP_002844 mov eax,[edi] push eax push dword 0x98bc push ebx push esi call FUNC_000656 add esp,byte +0x10 jmp short JUMP_002845 JUMP_002844: ; Pos = 2cb25 mov eax,[edi] push eax push dword 0x98ba push ebx push esi call FUNC_000656 add esp,byte +0x10 JUMP_002845: ; Pos = 2cb37 xor eax,eax JUMP_002846: ; Pos = 2cb39 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000656: ; Pos = 2cb40 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] movsx eax,byte [ebp+0xc] cmp eax,[DATA_008857] jnz JUMP_002848 cmp esi,0x98ba jnz JUMP_002847 cmp byte [DATA_009033],0x0 jz JUMP_002847 cmp dword [DATA_009116],byte +0xf jz JUMP_002847 push byte +0xf call FUNC_001902_SoundPlaySong pop ecx JUMP_002847: ; Pos = 2cb7c mov eax,[ebx+0xa0] mov [ebp-0x14],ebx mov [ebp-0x30],esi mov dword [ebp-0x18],0x8 mov edx,[ebp+0x14] inc edx mov [ebp-0x28],edx mov edx,eax shr edx,0x10 shl eax,0x10 or edx,eax mov [ebp-0x24],edx lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx JUMP_002848: ; Pos = 2cbad pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000657: ; Pos = 2cbb4 push ebp mov ebp,esp xor eax,eax mov edx,[ebp+0xc] movsx edx,byte [edx+0xca] cmp edx,[ebp+0x8] jnz JUMP_002849 dec eax JUMP_002849: ; Pos = 2cbc9 pop ebp ret FUNC_000658: ; Pos = 2cbcc push ebp mov ebp,esp mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000635 add esp,byte +0x8 pop ebp ret FUNC_000659: ; Pos = 2cbe4 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi mov ebx,[ebp+0x10] mov eax,[ebp+0x8] mov dl,[eax+0x14c] test dl,0x40 jz JUMP_002850 mov edx,DATA_006203 mov cx,[eax+0xce] cmp cx,byte +0x3 jz near JUMP_002852 mov edx,DATA_006202 cmp cx,byte +0x1 jz near JUMP_002852 mov edx,DATA_006204 test cx,cx jnz JUMP_002852 mov edx,DATA_006205 jmp short JUMP_002852 JUMP_002850: ; Pos = 2cc33 test dl,0x20 jz JUMP_002851 mov edx,DATA_006209 jmp short JUMP_002852 JUMP_002851: ; Pos = 2cc3f mov eax,[ebp+0xc] lea eax,[eax+eax*2] mov edx,[eax*4+DATA_006206] mov [ebp-0xc],edx mov edx,[eax*4+DATA_006207] mov [ebp-0x8],edx mov edx,[eax*4+DATA_006208] mov [ebp-0x4],edx sar dword [ebp-0x4],0x2 mov eax,[ebp-0xc] mov [ebx],eax mov eax,[ebp-0x8] mov [ebx+0x8],eax mov eax,[ebp-0x4] mov [ebx+0x10],eax cmp dword [ebp-0xc],byte +0x0 setl al and eax,byte +0x1 neg eax mov [ebx+0x4],eax cmp dword [ebp-0x8],byte +0x0 setl al and eax,byte +0x1 neg eax mov [ebx+0xc],eax cmp dword [ebp-0x4],byte +0x0 setl al and eax,byte +0x1 neg eax mov [ebx+0x14],eax jmp short JUMP_002853 JUMP_002852: ; Pos = 2cca7 mov ecx,[ebp+0xc] lea ecx,[ecx+ecx*2] mov esi,[edx+ecx*4] mov [ebp-0xc],esi mov esi,[edx+ecx*4+0x4] mov [ebp-0x8],esi mov esi,[edx+ecx*4+0x8] mov [ebp-0x4],esi push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0xc] push eax call FUNC_001669_VecMatMul add esp,byte +0xc shl dword [ebp-0xc],0xa shl dword [ebp-0x8],0xa shl dword [ebp-0x4],0xa mov eax,[ebp-0xc] mov [ebx],eax mov eax,[ebp-0x8] mov [ebx+0x8],eax mov eax,[ebp-0x4] mov [ebx+0x10],eax cmp dword [ebp-0xc],byte +0x0 setl al and eax,byte +0x1 neg eax mov [ebx+0x4],eax cmp dword [ebp-0x8],byte +0x0 setl al and eax,byte +0x1 neg eax mov [ebx+0xc],eax cmp dword [ebp-0x4],byte +0x0 setl al and eax,byte +0x1 neg eax mov [ebx+0x14],eax JUMP_002853: ; Pos = 2cd1c pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000660: ; Pos = 2cd24 push ebp mov ebp,esp pop ebp ret FUNC_000661: ; Pos = 2cd2c push ebp mov ebp,esp push dword [ebp+0x8] push byte +0xe call FUNC_000670 add esp,byte +0x8 pop ebp ret FUNC_000662: ; Pos = 2cd3e push ebp mov ebp,esp push dword [ebp+0x8] push byte +0x4 call FUNC_000670 add esp,byte +0x8 pop ebp ret FUNC_000663: ; Pos = 2cd50 push ebp mov ebp,esp push dword [ebp+0x8] push byte +0x2 call FUNC_000670 add esp,byte +0x8 pop ebp ret FUNC_000664: ; Pos = 2cd62 push ebp mov ebp,esp push dword [ebp+0x18] push dword [ebp+0x14] movsx eax,byte [ebp+0x10] push eax push dword [ebp+0xc] push dword [ebp+0x8] call FUNC_000672 add esp,byte +0x14 pop ebp ret FUNC_000665: ; Pos = 2cd80 push ebp mov ebp,esp push dword [ebp+0x8] push dword [ebp+0xc] push byte +0xc call FUNC_000669 add esp,byte +0xc pop ebp ret FUNC_000666: ; Pos = 2cd95 push ebp mov ebp,esp push dword [ebp+0x8] push dword [ebp+0xc] push byte +0x4 call FUNC_000669 add esp,byte +0xc pop ebp ret FUNC_000667: ; Pos = 2cdaa push ebp mov ebp,esp push dword [ebp+0x8] push dword [ebp+0xc] push byte +0xe call FUNC_000669 add esp,byte +0xc pop ebp ret FUNC_000668: ; Pos = 2cdbf push ebp mov ebp,esp push dword [ebp+0x8] push dword [ebp+0xc] push byte +0x2 call FUNC_000669 add esp,byte +0xc pop ebp ret FUNC_000669: ; Pos = 2cdd4 push ebp mov ebp,esp push ecx push ebx push dword [ebp+0x8] call FUNC_000772 pop ecx mov ebx,eax test ebx,ebx jnz JUMP_002854 xor eax,eax jmp short JUMP_002855 JUMP_002854: ; Pos = 2cdec mov word [ebp-0x4],0x5000 mov word [ebp-0x2],0x31 push dword [ebp-0x4] push ebx call FUNC_000702 add esp,byte +0x8 mov byte [ebx+0xff],0x9 mov al,[ebp+0x10] mov [ebx+0xfe],al mov eax,[ebp+0xc] mov [ebx+0x11a],eax call near [DATA_007752] ; FUNC_001530 shr eax,0x3 mov [ebx+0x102],ax mov [ebx+0x106],ax sar eax,0x3 mov [ebx+0x104],ax xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc mov eax,ebx JUMP_002855: ; Pos = 2ce55 pop ebx pop ecx pop ebp ret FUNC_000670: ; Pos = 2ce59 push ebp mov ebp,esp push ebx push esi push edi push dword [ebp+0x8] call FUNC_000772 pop ecx mov ebx,eax test ebx,ebx jnz JUMP_002856 xor eax,eax jmp short JUMP_002857 JUMP_002856: ; Pos = 2ce72 mov eax,[ebp+0xc] mov esi,eax lea edi,[ebx+0x3e] mov ecx,0x6 rep movsd mov al,[DATA_008857] mov [ebx+0xfe],al mov byte [ebx+0x25],0x0 mov byte [ebx+0x58],0x0 mov word [ebx+0x106],0xfff6 mov eax,ebx JUMP_002857: ; Pos = 2ce9f pop edi pop esi pop ebx pop ebp ret FUNC_000671: ; Pos = 2cea4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push dword [ebx+0x140] push dword [ebx+0xc] call FUNC_001521 add esp,byte +0x8 push eax push dword [ebx+0x42] push dword [ebx+0x3e] lea eax,[ebx+0x3e] push eax call FUNC_001334_Int64Add32 add esp,byte +0x10 push dword [ebx+0x140] push dword [ebx+0x10] call FUNC_001521 add esp,byte +0x8 push eax push dword [ebx+0x4a] push dword [ebx+0x46] lea eax,[ebx+0x46] push eax call FUNC_001334_Int64Add32 add esp,byte +0x10 push dword [ebx+0x140] push dword [ebx+0x14] call FUNC_001521 add esp,byte +0x8 push eax push dword [ebx+0x52] push dword [ebx+0x4e] add ebx,byte +0x4e push ebx call FUNC_001334_Int64Add32 add esp,byte +0x10 pop ebx pop ebp ret FUNC_000672: ; Pos = 2cf1a push ebp mov ebp,esp add esp,byte -0x38 push ebx push esi push edi mov esi,[ebp+0xc] push dword [ebp+0x8] push byte +0x10 push dword DATA_006259 call FUNC_000771 add esp,byte +0xc mov edi,eax test edi,edi jnz JUMP_002858 xor eax,eax jmp JUMP_002864 JUMP_002858: ; Pos = 2cf45 mov [edi+0xa0],esi lea eax,[edi+0x124] push eax push esi lea eax,[ebp-0x38] push eax push byte +0x12 call FUNC_000791 add esp,byte +0x10 push dword [DATA_009133] push dword [ebp+0x10] call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax test byte [esi+0x14c],0x20 jz JUMP_002859 push esi push edi add esi,byte +0x3e add edi,byte +0x3e mov ecx,0x6 rep movsd pop edi pop esi push esi push edi mov ecx,0x9 rep movsd pop edi pop esi mov al,[esi+0x56] mov [edi+0x56],al mov byte [edi+0x57],0x1 jmp short JUMP_002860 JUMP_002859: ; Pos = 2cfa6 mov al,[esi+0x86] mov [edi+0x56],al mov byte [edi+0x57],0x1 JUMP_002860: ; Pos = 2cfb3 mov bl,[edi+0x86] mov dword [edi+0x11a],0xffffffff mov byte [edi+0x100],0x0 mov al,[esi+0x86] mov [edi+0xfe],al lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x24] push eax movsx eax,bl push eax push esi call FUNC_000650 add esp,byte +0x14 test eax,eax jz JUMP_002861 mov word [ebp-0xc],0x5000 mov word [ebp-0xa],0x31 push dword [ebp-0xc] push edi call FUNC_000702 add esp,byte +0x8 mov byte [edi+0x56],0x0 mov byte [edi+0x57],0x0 mov al,[esi+0x86] mov [edi+0x100],al mov byte [edi+0xff],0x8 jmp short JUMP_002863 JUMP_002861: ; Pos = 2d028 lea eax,[ebp-0x24] push eax lea eax,[edi+0x3e] push eax call FUNC_001661_Vec64Add add esp,byte +0x8 mov byte [edi+0xff],0x24 mov eax,[ebp+0x14] mov [edi+0xa8],eax mov eax,[ebp+0x18] mov [edi+0xac],eax push edi call FUNC_000671 pop ecx test byte [esi+0x14c],0x40 jz JUMP_002862 xor eax,eax mov al,[edi+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x4e jmp short JUMP_002863 JUMP_002862: ; Pos = 2d075 xor eax,eax mov al,[edi+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x2 JUMP_002863: ; Pos = 2d087 xor eax,eax mov al,[edi+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc mov eax,edi JUMP_002864: ; Pos = 2d09e pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000673: ; Pos = 2d0a5 push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax] dec eax jz JUMP_002865 dec eax jz JUMP_002867 sub eax,byte +0xe jz JUMP_002868 sub eax,byte +0x3 jz JUMP_002866 pop ebp ret JUMP_002865: ; Pos = 2d0bf call FUNC_000674 pop ebp ret JUMP_002866: ; Pos = 2d0c6 call FUNC_000679 pop ebp ret JUMP_002867: ; Pos = 2d0cd call FUNC_000680 pop ebp ret JUMP_002868: ; Pos = 2d0d4 call FUNC_000686 pop ebp ret FUNC_000674: ; Pos = 2d0db push ebp mov ebp,esp push ecx push ebx push esi mov esi,DATA_009133 mov dword [ebp-0x4],DATA_009047 mov ebx,0x1 JUMP_002869: ; Pos = 2d0f2 mov eax,[esi] cmp byte [eax+ebx],0x0 jz JUMP_002870 lea eax,[ebp-0x4] push eax imul eax,ebx,0x152 add eax,[esi] add eax,byte +0x74 push eax call FUNC_000675 add esp,byte +0x8 JUMP_002870: ; Pos = 2d112 inc ebx cmp ebx,byte +0x72 jl JUMP_002869 mov eax,[ebp-0x4] mov byte [eax],0x0 pop esi pop ebx pop ecx pop ebp ret FUNC_000675: ; Pos = 2d123 push ebp mov ebp,esp mov edx,[ebp+0xc] mov eax,[ebp+0x8] cmp byte [eax+0x87],0xb jnz JUMP_002871 cmp dword [eax+0x82],byte +0xf jc JUMP_002871 cmp dword [eax+0x82],byte +0x3f jna JUMP_002872 JUMP_002871: ; Pos = 2d147 cmp dword [eax+0x82],0x9a jnz JUMP_002875 JUMP_002872: ; Pos = 2d153 cmp byte [eax+0x118],0xc jnz JUMP_002873 push edx push eax call FUNC_000677 add esp,byte +0x8 pop ebp ret JUMP_002873: ; Pos = 2d168 cmp dword [eax+0x82],0x9a jnz JUMP_002874 push edx push eax call FUNC_000678 add esp,byte +0x8 pop ebp ret JUMP_002874: ; Pos = 2d180 cmp byte [eax+0x118],0xfb jnz JUMP_002875 push edx push eax call FUNC_000676 add esp,byte +0x8 JUMP_002875: ; Pos = 2d193 pop ebp ret FUNC_000676: ; Pos = 2d195 push ebp mov ebp,esp add esp,byte -0x10 push ebx mov ebx,[ebp+0x8] lea eax,[ebp-0x4] push eax lea eax,[ebp-0x10] push eax push dword [DATA_008861] push ebx call near [DATA_006148] ; FUNC_000590 add esp,byte +0x10 test byte [ebx+0xcb],0x1 jz JUMP_002876 lea eax,[ebp-0x4] push eax lea eax,[ebp-0x10] push eax push dword [DATA_008861] push ebx call near [DATA_006148] ; FUNC_000590 add esp,byte +0x10 cmp dword [ebp-0x4],byte +0x10 jnl JUMP_002876 push dword [ebp+0xc] push ebx call FUNC_000677 add esp,byte +0x8 JUMP_002876: ; Pos = 2d1ea pop ebx mov esp,ebp pop ebp ret FUNC_000677: ; Pos = 2d1ef push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,[eax] inc dword [eax] mov eax,[ebp+0x8] mov al,[eax+0x86] mov [edx],al pop ebp ret FUNC_000678: ; Pos = 2d206 push ebp mov ebp,esp add esp,byte -0x10 push ebx mov ebx,[ebp+0x8] cmp word [ebx+0x9e],byte +0x0 jnl JUMP_002877 mov eax,[ebx+0xf2] cmp eax,[DATA_008917] jnz JUMP_002877 lea eax,[ebp-0x4] push eax lea eax,[ebp-0x10] push eax push dword [DATA_008861] push ebx call near [DATA_006148] ; FUNC_000590 add esp,byte +0x10 mov ax,[ebp-0x4] mov [ebx+0x9e],ax mov eax,[ebp+0xc] mov edx,[eax] inc dword [eax] mov al,[ebx+0x86] mov [edx],al JUMP_002877: ; Pos = 2d25a pop ebx mov esp,ebp pop ebp ret FUNC_000679: ; Pos = 2d25f push ebp mov ebp,esp push ebx xor ebx,ebx jmp short JUMP_002879 JUMP_002878: ; Pos = 2d267 push dword [DATA_009133] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 movzx eax,byte [eax+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0xa JUMP_002879: ; Pos = 2d288 mov eax,ebx inc ebx movsx eax,byte [eax+DATA_009047] test eax,eax jnz JUMP_002878 pop ebx pop ebp ret FUNC_000680: ; Pos = 2d299 push ebp mov ebp,esp push ebx push esi push edi mov edi,DATA_008804 xor esi,esi jmp short JUMP_002884 JUMP_002880: ; Pos = 2d2a8 push dword [DATA_009133] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax mov eax,[edi+0x1b0] mov [ebx+0xf2],eax mov byte [ebx+0x56],0x0 mov byte [ebx+0x57],0x0 mov byte [ebx+0x25],0x0 cmp byte [ebx+0x118],0xc jnz JUMP_002881 push ebx call FUNC_000681 pop ecx jmp short JUMP_002883 JUMP_002881: ; Pos = 2d2e4 cmp dword [ebx+0x82],0x9a jnz JUMP_002882 push ebx call FUNC_000683 pop ecx jmp short JUMP_002883 JUMP_002882: ; Pos = 2d2f9 push ebx call FUNC_000682 pop ecx JUMP_002883: ; Pos = 2d300 test eax,eax jz JUMP_002884 push ebx call FUNC_000940 pop ecx JUMP_002884: ; Pos = 2d30b mov eax,esi inc esi movsx eax,byte [edi+eax+0x3fb7] test eax,eax jnz JUMP_002880 and byte [edi+0x3fb6],0xfe call FUNC_000688 pop edi pop esi pop ebx pop ebp ret FUNC_000681: ; Pos = 2d32b push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp dword [ebx+0x82],0x9a jnz JUMP_002885 mov al,[ebx+0xf8] mov [ebx+0xff],al movzx eax,word [ebx+0xe6] mov [ebx+0x82],eax xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_002885: ; Pos = 2d36c push ebx call FUNC_000682 pop ecx pop ebx pop ebp ret FUNC_000682: ; Pos = 2d376 push ebp mov ebp,esp add esp,byte -0x14 push ebx mov ebx,[ebp+0x8] lea eax,[ebp-0x14] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax push dword DATA_009115 push ebx call FUNC_000901 add esp,byte +0x1c test eax,eax jnl JUMP_002886 mov eax,0x1 jmp short JUMP_002887 JUMP_002886: ; Pos = 2d3ad mov ax,[ebp-0x14] mov [ebx+0xf6],ax mov eax,[ebp-0x4] mov [ebx+0xfa],eax push ebx call FUNC_000684 pop ecx xor eax,eax mov al,[ebx+0xff] mov [ebx+0xf8],ax mov byte [ebx+0xff],0x11 xor eax,eax mov al,[ebx+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x2 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc xor eax,eax JUMP_002887: ; Pos = 2d407 pop ebx mov esp,ebp pop ebp ret FUNC_000683: ; Pos = 2d40c push ebp mov ebp,esp push ecx push ebx mov ebx,[ebp+0x8] cmp word [ebx+0x9e],byte +0xf jl JUMP_002888 push ebx call FUNC_000685 pop ecx jmp short JUMP_002889 JUMP_002888: ; Pos = 2d427 push ebx call FUNC_000684 pop ecx JUMP_002889: ; Pos = 2d42e push dword [DATA_009133] push ebx call near [DATA_006154] ; FUNC_000606 add esp,byte +0x8 push dword [DATA_009133] push ebx call near [DATA_006154] ; FUNC_000606 add esp,byte +0x8 mov byte [ebx+0xff],0x12 mov word [ebx+0xf8],0x8 mov word [ebx+0x9e],0x0 lea eax,[ebp-0x4] push eax call FUNC_000700 pop ecx test eax,eax jz JUMP_002890 mov eax,[ebp-0x4] mov al,[eax+0x130] mov [ebx+0x100],al jmp short JUMP_002891 JUMP_002890: ; Pos = 2d486 mov word [ebx+0xf8],0x10 JUMP_002891: ; Pos = 2d48f xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc xor eax,eax pop ebx pop ecx pop ebp ret FUNC_000684: ; Pos = 2d4aa push ebp mov ebp,esp push ecx push ebx mov ebx,[ebp+0x8] mov word [ebp-0x4],0x5000 mov word [ebp-0x2],0x15 push dword [ebp-0x4] push ebx call FUNC_000702 add esp,byte +0x8 mov eax,[DATA_008861] add eax,byte +0x3e push eax lea eax,[ebx+0x3e] push eax call FUNC_001661_Vec64Add add esp,byte +0x8 mov eax,[DATA_008861] mov al,[eax+0x56] mov [ebx+0x56],al mov byte [ebx+0x57],0x0 pop ebx pop ecx pop ebp ret FUNC_000685: ; Pos = 2d4f2 push ebp mov ebp,esp push ecx mov word [ebp-0x4],0x5000 mov word [ebp-0x2],0x33 push dword [ebp-0x4] push dword [ebp+0x8] call FUNC_000702 add esp,byte +0x8 pop ecx pop ebp ret FUNC_000686: ; Pos = 2d513 push ebp mov ebp,esp cmp byte [DATA_008870],0x4 jz JUMP_002892 or byte [DATA_009046],0x1 call FUNC_000688 JUMP_002892: ; Pos = 2d52b pop ebp ret FUNC_000687: ; Pos = 2d52d push ebp mov ebp,esp mov al,[ebp+0x8] and al,0xff cmp al,0x3 jnz JUMP_002893 and byte [DATA_009046],0xfe call FUNC_000688 JUMP_002893: ; Pos = 2d545 pop ebp ret ret FUNC_000688: ; Pos = 2d548 push ebp mov ebp,esp add esp,byte -0x20 push ebx push esi lea eax,[ebp-0xc] push eax lea eax,[ebp-0x20] push eax lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax push dword [DATA_008885] call FUNC_000869 add esp,byte +0x24 mov eax,[DATA_009133] mov [DATA_007758],eax push dword [ebp-0x1c] call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax test ebx,ebx jna JUMP_002895 JUMP_002894: ; Pos = 2d598 call FUNC_000689 dec ebx test ebx,ebx ja JUMP_002894 JUMP_002895: ; Pos = 2d5a2 push byte +0x16 call FUNC_000035 pop ecx push eax call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax test ebx,ebx jna JUMP_002897 JUMP_002896: ; Pos = 2d5b8 call FUNC_000690 dec ebx test ebx,ebx ja JUMP_002896 JUMP_002897: ; Pos = 2d5c2 test byte [DATA_009046],0x1 jnz JUMP_002903 xor esi,esi cmp dword [DATA_008997],byte +0x0 jz JUMP_002901 mov eax,[DATA_008997] shl eax,0x2 push eax call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax cmp ebx,byte +0x19 jna JUMP_002898 mov ebx,0x19 JUMP_002898: ; Pos = 2d5f2 test ebx,ebx jnz JUMP_002899 mov esi,0x1 JUMP_002899: ; Pos = 2d5fb test ebx,ebx jna JUMP_002901 JUMP_002900: ; Pos = 2d5ff call FUNC_000691 dec ebx test ebx,ebx ja JUMP_002900 JUMP_002901: ; Pos = 2d609 test esi,esi jnz JUMP_002903 push dword [ebp-0x1c] call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax test ebx,ebx jna JUMP_002903 JUMP_002902: ; Pos = 2d61d call FUNC_000699 dec ebx test ebx,ebx ja JUMP_002902 JUMP_002903: ; Pos = 2d627 mov ebx,[ebp-0x14] test byte [DATA_009046],0x1 jnz JUMP_002904 shl ebx,0x2 JUMP_002904: ; Pos = 2d636 push ebx call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax test ebx,ebx jna JUMP_002906 JUMP_002905: ; Pos = 2d644 call FUNC_000698 dec ebx test ebx,ebx ja JUMP_002905 JUMP_002906: ; Pos = 2d64e push dword [ebp-0x14] call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax test ebx,ebx jna JUMP_002908 JUMP_002907: ; Pos = 2d65e call FUNC_000692 dec ebx test ebx,ebx ja JUMP_002907 JUMP_002908: ; Pos = 2d668 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000689: ; Pos = 2d66e push ebp mov ebp,esp add esp,byte -0x8 push ebx push byte +0x1 call FUNC_000772 pop ecx mov ebx,eax test ebx,ebx jz near JUMP_002912 mov word [ebp-0x4],0x5000 mov word [ebp-0x2],0x33 push dword [ebp-0x4] push ebx call FUNC_000702 add esp,byte +0x8 mov byte [ebx+0xff],0x11 mov word [ebx+0xf8],0x8 lea eax,[ebp-0x8] push eax call FUNC_000700 pop ecx test eax,eax jnz JUMP_002909 push ebx call FUNC_000940 pop ecx jmp JUMP_002912 JUMP_002909: ; Pos = 2d6c9 mov eax,[ebp-0x8] mov al,[eax+0x130] mov [ebx+0x100],al call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] shl eax,0x2 mov [ebx+0xa8],eax mov eax,[DATA_008818] shr eax,0x1e mov [ebx+0xac],eax test byte [DATA_008806],0x80 jz JUMP_002910 test byte [ebx+0xab],0x80 jz JUMP_002910 inc dword [ebx+0xac] JUMP_002910: ; Pos = 2d712 mov eax,[DATA_008804] add [ebx+0xa8],eax mov eax,[DATA_008807] add [ebx+0xac],eax push ebx call FUNC_000775 pop ecx test eax,eax jnz JUMP_002911 push ebx call FUNC_000940 pop ecx jmp short JUMP_002912 JUMP_002911: ; Pos = 2d73c xor eax,eax mov al,[ebx+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x2 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_002912: ; Pos = 2d763 pop ebx pop ecx pop ecx pop ebp ret FUNC_000690: ; Pos = 2d768 push ebp mov ebp,esp add esp,byte -0x8 push ebx push byte +0x11 call FUNC_000772 pop ecx mov ebx,eax test ebx,ebx jz near JUMP_002916 mov word [ebp-0x4],0x5000 mov word [ebp-0x2],0x33 push dword [ebp-0x4] push ebx call FUNC_000702 add esp,byte +0x8 mov byte [ebx+0xff],0x11 mov word [ebx+0xf8],0x8 lea eax,[ebp-0x8] push eax call FUNC_000700 pop ecx test eax,eax jnz JUMP_002913 push ebx call FUNC_000940 pop ecx jmp JUMP_002916 JUMP_002913: ; Pos = 2d7c3 mov eax,[ebp-0x8] mov al,[eax+0x130] mov [ebx+0x100],al call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] shl eax,0x2 mov [ebx+0xa8],eax mov eax,[DATA_008818] shr eax,0x1e mov [ebx+0xac],eax test byte [DATA_008806],0x80 jz JUMP_002914 test byte [ebx+0xab],0x80 jz JUMP_002914 inc dword [ebx+0xac] JUMP_002914: ; Pos = 2d80c mov eax,[DATA_008804] add [ebx+0xa8],eax mov eax,[DATA_008807] add [ebx+0xac],eax push ebx call FUNC_000775 pop ecx test eax,eax jnz JUMP_002915 push ebx call FUNC_000940 pop ecx jmp short JUMP_002916 JUMP_002915: ; Pos = 2d836 xor eax,eax mov al,[ebx+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x2 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_002916: ; Pos = 2d85d pop ebx pop ecx pop ecx pop ebp ret FUNC_000691: ; Pos = 2d862 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi push byte +0x1 call FUNC_000772 pop ecx mov edi,eax test edi,edi jz near JUMP_002924 lea eax,[ebp-0xc] push eax call FUNC_000700 pop ecx mov esi,eax test esi,esi jnz JUMP_002917 push edi call FUNC_000940 pop ecx jmp JUMP_002924 JUMP_002917: ; Pos = 2d899 test byte [esi+0x14c],0x20 jz JUMP_002918 push esi push edi add esi,byte +0x3e add edi,byte +0x3e mov ecx,0x6 rep movsd pop edi pop esi push esi push edi mov ecx,0x9 rep movsd pop edi pop esi mov al,[esi+0x56] mov [edi+0x56],al mov byte [edi+0x57],0x1 jmp short JUMP_002919 JUMP_002918: ; Pos = 2d8ca mov al,[esi+0x86] mov [edi+0x56],al mov byte [edi+0x57],0x1 JUMP_002919: ; Pos = 2d8d7 mov bl,[edi+0x86] lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x24] push eax movsx eax,bl push eax push esi call FUNC_000650 add esp,byte +0x14 test eax,eax jz JUMP_002920 push edi call FUNC_000940 pop ecx jmp JUMP_002924 JUMP_002920: ; Pos = 2d906 lea eax,[ebp-0x24] push eax lea eax,[edi+0x3e] push eax call FUNC_001661_Vec64Add add esp,byte +0x8 mov byte [edi+0xff],0x24 mov byte [edi+0x100],0x0 mov al,[esi+0x86] mov [edi+0xfe],al call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] shl eax,0x4 mov [edi+0xa8],eax mov eax,[DATA_008818] shr eax,0x1c mov [edi+0xac],eax test byte [DATA_008806],0x80 jz JUMP_002921 test byte [edi+0xab],0x80 jz JUMP_002921 inc dword [edi+0xac] JUMP_002921: ; Pos = 2d96a mov eax,[DATA_008804] add [edi+0xa8],eax mov eax,[DATA_008807] add [edi+0xac],eax push edi call FUNC_000671 pop ecx test byte [esi+0x14c],0x40 jz JUMP_002922 xor eax,eax mov al,[edi+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x4e jmp short JUMP_002923 JUMP_002922: ; Pos = 2d9a4 xor eax,eax mov al,[edi+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x2 JUMP_002923: ; Pos = 2d9b6 xor eax,eax mov al,[edi+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_002924: ; Pos = 2d9cb pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000692: ; Pos = 2d9d2 ret FUNC_000693: ; Pos = 2d9d3 push ebp mov ebp,esp pop ebp ret FUNC_000694: ; Pos = 2d9d8 push ebp mov ebp,esp push ecx push ebx push byte +0xa call FUNC_000772 pop ecx mov ebx,eax test ebx,ebx jz JUMP_002925 mov al,[ebp+0x8] mov [ebx+0xfe],al mov word [ebp-0x4],0x5000 mov word [ebp-0x2],0x33 push dword [ebp-0x4] push ebx call FUNC_000702 add esp,byte +0x8 mov byte [ebx+0xff],0x5 push byte +0x4 push ebx call FUNC_000697 add esp,byte +0x8 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_002925: ; Pos = 2da33 pop ebx pop ecx pop ebp ret FUNC_000695: ; Pos = 2da37 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,DATA_006270 lea edi,[ebp-0x1c] mov ecx,0x6 rep movsd push byte +0xb call FUNC_000772 pop ecx mov edi,eax test edi,edi jz near JUMP_002926 mov [edi+0xfe],bl mov word [ebp-0x4],0x5000 mov word [ebp-0x2],0x33 push dword [ebp-0x4] push edi call FUNC_000702 add esp,byte +0x8 mov byte [edi+0xff],0x5 push byte +0x2 push edi call FUNC_000697 add esp,byte +0x8 xor eax,eax mov al,[edi+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc mov esi,edi push dword [esi+0x82] push byte +0xb push esi call FUNC_000771 add esp,byte +0xc mov edi,eax test edi,edi jz near JUMP_002926 mov byte [edi+0xff],0xb mov al,[esi+0x86] mov [edi+0xfe],al mov [edi+0x100],bl inc byte [edi+0x101] mov word [edi+0x102],0x1f4 mov word [edi+0x106],0xfe0c mov word [edi+0x104],0x0 lea eax,[ebp-0x1c] push eax lea eax,[edi+0x3e] push eax call FUNC_001661_Vec64Add add esp,byte +0x8 push byte +0x0 push edi call FUNC_000697 add esp,byte +0x8 xor eax,eax mov al,[edi+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc call near [DATA_007752] ; FUNC_001530 test ah,0x40 jnz near JUMP_002926 push dword [esi+0x82] push byte +0xb push esi call FUNC_000771 add esp,byte +0xc mov edi,eax test edi,edi jz near JUMP_002926 mov byte [edi+0xff],0xb mov al,[esi+0x86] mov [edi+0xfe],al mov [edi+0x100],bl inc byte [edi+0x101] mov word [edi+0x102],0xfe0c mov word [edi+0x106],0xfe0c mov word [edi+0x104],0x0 lea eax,[ebp-0x1c] push eax lea eax,[edi+0x3e] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 lea eax,[ebp-0x1c] push eax lea eax,[edi+0x3e] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 push byte +0x0 push edi call FUNC_000697 add esp,byte +0x8 xor eax,eax mov al,[edi+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc call near [DATA_007752] ; FUNC_001530 test ah,0x40 jnz near JUMP_002926 push dword [esi+0x82] push byte +0xb push esi call FUNC_000771 add esp,byte +0xc mov edi,eax test edi,edi jz near JUMP_002926 mov byte [edi+0xff],0xb mov al,[esi+0x86] mov [edi+0xfe],al mov [edi+0x100],bl inc byte [edi+0x101] mov word [edi+0x102],0x0 mov word [edi+0x106],0xfc18 mov word [edi+0x104],0x0 lea eax,[ebp-0x1c] push eax lea eax,[edi+0x3e] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 lea eax,[ebp-0x1c] push eax lea eax,[edi+0x3e] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 lea eax,[ebp-0x1c] push eax lea eax,[edi+0x3e] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 push byte +0x0 push edi call FUNC_000697 add esp,byte +0x8 xor eax,eax mov al,[edi+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_002926: ; Pos = 2dc88 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000696: ; Pos = 2dc8f push ebp mov ebp,esp add esp,byte -0x20 push ebx push esi push edi mov esi,DATA_006271 lea edi,[ebp-0x20] mov ecx,0x6 rep movsd push byte +0xa call FUNC_000772 pop ecx mov ebx,eax test ebx,ebx jz near JUMP_002927 mov al,[ebp+0x8] mov [ebx+0xfe],al mov word [ebp-0x8],0x5000 mov word [ebp-0x6],0x33 push dword [ebp-0x8] push ebx call FUNC_000702 add esp,byte +0x8 mov byte [ebx+0xff],0x5 push byte +0x4 push ebx call FUNC_000697 add esp,byte +0x8 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc mov esi,ebx lea eax,[ebp-0x2] push eax push byte +0xb call FUNC_000658 add esp,byte +0x8 mov edi,eax push edi push byte +0xb push esi call FUNC_000773 add esp,byte +0xc mov ebx,eax test ebx,ebx jz near JUMP_002927 mov byte [ebx+0xff],0xb mov al,[esi+0x86] mov [ebx+0xfe],al mov al,[ebp+0x8] mov [ebx+0x100],al inc byte [ebx+0x101] mov word [ebx+0x102],0x1f4 mov word [ebx+0x106],0xfe0c mov word [ebx+0x104],0x0 lea eax,[ebp-0x20] push eax lea eax,[ebx+0x3e] push eax call FUNC_001661_Vec64Add add esp,byte +0x8 push byte +0x0 push ebx call FUNC_000697 add esp,byte +0x8 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc call near [DATA_007752] ; FUNC_001530 test ah,0x40 jnz near JUMP_002927 lea eax,[ebp-0x2] push eax push byte +0xb call FUNC_000658 add esp,byte +0x8 mov edi,eax push edi push byte +0xb push esi call FUNC_000773 add esp,byte +0xc mov ebx,eax test ebx,ebx jz near JUMP_002927 mov byte [ebx+0xff],0xb mov al,[esi+0x86] mov [ebx+0xfe],al mov al,[ebp+0x8] mov [ebx+0x100],al inc byte [ebx+0x101] mov word [ebx+0x102],0xfe0c mov word [ebx+0x106],0xfe0c mov word [ebx+0x104],0x0 lea eax,[ebp-0x20] push eax lea eax,[ebx+0x3e] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 lea eax,[ebp-0x20] push eax lea eax,[ebx+0x3e] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 push byte +0x0 push ebx call FUNC_000697 add esp,byte +0x8 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc call near [DATA_007752] ; FUNC_001530 test ah,0x40 jnz near JUMP_002927 lea eax,[ebp-0x2] push eax push byte +0xb call FUNC_000658 add esp,byte +0x8 mov edi,eax push edi push byte +0xb push esi call FUNC_000773 add esp,byte +0xc mov ebx,eax test ebx,ebx jz near JUMP_002927 mov byte [ebx+0xff],0xb mov al,[esi+0x86] mov [ebx+0xfe],al mov al,[ebp+0x8] mov [ebx+0x100],al inc byte [ebx+0x101] mov word [ebx+0x102],0x0 mov word [ebx+0x106],0xfc18 mov word [ebx+0x104],0x0 lea eax,[ebp-0x20] push eax lea eax,[ebx+0x3e] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 lea eax,[ebp-0x20] push eax lea eax,[ebx+0x3e] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 lea eax,[ebp-0x20] push eax lea eax,[ebx+0x3e] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 push byte +0x0 push ebx call FUNC_000697 add esp,byte +0x8 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_002927: ; Pos = 2df0a pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000697: ; Pos = 2df11 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] call near [DATA_007752] ; FUNC_001530 and eax,byte +0xf add eax,[ebp+0xc] mov eax,[eax*4+DATA_006268] mov [ebx+0x11a],eax mov byte [ebx+0x118],0xfb pop ebx pop ebp ret FUNC_000698: ; Pos = 2df3b push ebp mov ebp,esp push byte +0x4 call near [DATA_007217] ; FUNC_000922 pop ecx sub eax,byte +0x1 jc JUMP_002928 jz JUMP_002929 dec eax jz JUMP_002930 dec eax jz JUMP_002931 pop ebp ret JUMP_002928: ; Pos = 2df56 mov al,[DATA_008857] push eax call FUNC_000694 pop ecx pop ebp ret JUMP_002929: ; Pos = 2df64 mov al,[DATA_008857] push eax call FUNC_000695 pop ecx pop ebp ret JUMP_002930: ; Pos = 2df72 mov al,[DATA_008857] push eax call FUNC_000696 pop ecx pop ebp ret JUMP_002931: ; Pos = 2df80 mov al,[DATA_008857] push eax call FUNC_000693 pop ecx pop ebp ret ret FUNC_000699: ; Pos = 2df8f push ebp mov ebp,esp add esp,byte -0x8 push ebx lea eax,[ebp-0x8] push eax call FUNC_000701 pop ecx test al,al jz JUMP_002932 push byte +0xf call FUNC_000772 pop ecx mov ebx,eax test ebx,ebx jz JUMP_002932 mov byte [ebx+0x101],0xff mov word [ebp-0x4],0x5000 mov word [ebp-0x2],0x18 push dword [ebp-0x4] push ebx call FUNC_000702 add esp,byte +0x8 mov byte [ebx+0xff],0xd mov eax,[ebp-0x8] mov al,[eax+0x130] mov [ebx+0x56],al xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_002932: ; Pos = 2dff9 pop ebx pop ecx pop ecx pop ebp ret FUNC_000700: ; Pos = 2dffe push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp dword [DATA_008997],byte +0x0 jnz JUMP_002933 xor eax,eax pop ebx pop ebp ret JUMP_002933: ; Pos = 2e013 push dword [DATA_008997] call near [DATA_007217] ; FUNC_000922 pop ecx imul eax,eax,0x322 add eax,DATA_008999 mov [ebx],eax push dword [DATA_009133] mov eax,[ebx] movzx eax,byte [eax+0x130] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 pop ebx pop ebp ret FUNC_000701: ; Pos = 2e04a push ebp mov ebp,esp push ebx mov ebx,DATA_008804 cmp dword [ebx+0x3f3e],byte +0x0 jz JUMP_002934 cmp dword [ebx+0x442],byte +0x0 jnz JUMP_002935 JUMP_002934: ; Pos = 2e065 xor eax,eax pop ebx pop ebp ret JUMP_002935: ; Pos = 2e06a push dword [ebx+0x3f3e] call near [DATA_007217] ; FUNC_000922 pop ecx mov edx,eax xor eax,eax jmp short JUMP_002938 JUMP_002936: ; Pos = 2e07d imul ecx,eax,0x191 test byte [ebx+ecx*2+0x57b],0x10 jz JUMP_002937 mov ecx,edx add edx,byte -0x1 test ecx,ecx jng JUMP_002939 JUMP_002937: ; Pos = 2e096 inc eax JUMP_002938: ; Pos = 2e097 cmp eax,[ebx+0x442] jl JUMP_002936 JUMP_002939: ; Pos = 2e09f test edx,edx jl JUMP_002940 xor eax,eax pop ebx pop ebp ret JUMP_002940: ; Pos = 2e0a8 imul edx,eax,0x191 test byte [ebx+edx*2+0x57b],0x10 jz JUMP_002941 imul eax,eax,0x322 lea edx,[ebx+0x44a] add eax,edx mov edx,[ebp+0x8] mov [edx],eax mov al,0x1 pop ebx pop ebp ret JUMP_002941: ; Pos = 2e0d0 xor eax,eax pop ebx pop ebp ret FUNC_000702: ; Pos = 2e0d5 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] mov edx,[DATA_008820] push edx push eax push dword [ebp+0xc] push ebx call near [DATA_007741] ; FUNC_001507 add esp,byte +0x10 mov word [ebx+0xb4],0x0 mov word [ebx+0xb6],0x0 mov word [ebx+0xb8],0x0 pop ebx pop ebp ret FUNC_000703: ; Pos = 2e11a push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] mov [ebx+0xa0],eax add ebx,0x124 push ebx push dword [DATA_008818] push dword [ebp+0x10] push dword [ebp+0xc] call FUNC_000791 add esp,byte +0x10 pop ebx pop ebp ret FUNC_000704: ; Pos = 2e150 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x10] mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,ebx sub ecx,[eax+0xac] cmp edx,[eax+0xa8] jnc JUMP_002942 dec ecx JUMP_002942: ; Pos = 2e16f mov esi,edx sub esi,[eax+0xa8] mov [eax+0xa8],edx mov [eax+0xac],ebx xor edx,edx mov dl,[eax+0xff] shl edx,0x4 mov edx,[edx+DATA_006256] test edx,edx jz JUMP_002943 push ecx push esi push eax call edx add esp,byte +0xc JUMP_002943: ; Pos = 2e1a0 pop esi pop ebx pop ebp ret FUNC_000705: ; Pos = 2e1a4 push ebp mov ebp,esp mov eax,[ebp+0x8] push dword [eax+0x4] push dword [eax] push dword [eax+0x8] call FUNC_000704 add esp,byte +0xc pop ebp ret FUNC_000706: ; Pos = 2e1bc push ebp mov ebp,esp mov edx,[ebp+0x8] mov eax,[ebp+0xc] mov [DATA_009045],eax xor eax,eax mov al,[edx+0xff] shl eax,0x4 mov eax,[eax+DATA_006255] test eax,eax jz JUMP_002944 push edx call eax pop ecx JUMP_002944: ; Pos = 2e1e3 pop ebp ret FUNC_000707: ; Pos = 2e1e5 push ebp mov ebp,esp mov eax,[ebp+0x8] push dword [eax+0x4] push dword [eax] call FUNC_000706 add esp,byte +0x8 pop ebp ret FUNC_000708: ; Pos = 2e1fa push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov edx,[DATA_009155] shl edx,0xe mov ax,[ebx+0xa4] and ax,0xffff shr edx,0x10 movzx eax,ax cmp edx,eax seta al and eax,byte +0x1 sub [ebx+0xa4],edx test eax,eax jz JUMP_002945 push ebx call FUNC_000940 pop ecx pop ebx pop ebp ret JUMP_002945: ; Pos = 2e237 mov ax,[ebx+0xa4] and ax,0xffff cmp ax,0xc800 jnc JUMP_002946 cmp ax,0xbc00 jc JUMP_002946 push byte +0x2 lea eax,[ebx+0x3e] push eax push ebx call FUNC_000939 add esp,byte +0xc JUMP_002946: ; Pos = 2e25d push dword [ebp+0xc] push dword [ebp+0x10] push ebx call near [DATA_007744] ; FUNC_001512 add esp,byte +0xc pop ebx pop ebp ret FUNC_000709: ; Pos = 2e270 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,[DATA_009155] shl esi,0xf mov di,[ebx+0xa4] and di,0xffff push dword [ebp+0xc] push dword [ebp+0x10] push ebx call near [DATA_007744] ; FUNC_001512 add esp,byte +0xc shr esi,0x10 movzx eax,di cmp esi,eax seta al and eax,byte +0x1 sub [ebx+0xa4],esi test eax,eax jnz JUMP_002947 cmp byte [ebx+0x88],0xd jng JUMP_002948 JUMP_002947: ; Pos = 2e2bf push ebx call FUNC_000940 pop ecx JUMP_002948: ; Pos = 2e2c6 pop edi pop esi pop ebx pop ebp ret FUNC_000710: ; Pos = 2e2cb push ebp mov ebp,esp pop ebp ret FUNC_000711: ; Pos = 2e2d0 push ebp mov ebp,esp push ebx push esi mov eax,[ebp+0x8] mov edx,[eax+0xa0] and edx,0xff mov ebx,[eax+0xa0] shr ebx,0x10 mov ecx,ebx and cl,0x7 add cl,0x6 mov esi,[DATA_008804] shl esi,cl shr esi,0x10 add esi,edx push esi mov ecx,edx and cl,0x7 add cl,0x6 mov edx,[DATA_008804] shl edx,cl shr edx,0x10 add edx,ebx push edx push eax call FUNC_001675_MatBuildYZT add esp,byte +0xc pop esi pop ebx pop ebp ret FUNC_000712: ; Pos = 2e326 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push byte +0x4 lea eax,[ebx+0x3e] push eax push ebx call FUNC_000939 add esp,byte +0xc push dword [ebp+0x10] push dword [ebp+0xc] push ebx call FUNC_000713 add esp,byte +0xc pop ebx pop ebp ret FUNC_000713: ; Pos = 2e34e push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push esi push edi push ebx call near [DATA_007744] ; FUNC_001512 add esp,byte +0xc push dword [DATA_009155] push dword [DATA_009133] push ebx call near [DATA_006153] ; FUNC_000603 add esp,byte +0xc push edi push esi push ebx call FUNC_000714 add esp,byte +0xc pop edi pop esi pop ebx pop ebp ret FUNC_000714: ; Pos = 2e38f push ebp mov ebp,esp add esp,byte -0x60 push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,DATA_008804 cmp byte [esi+0xe8],0x2c jz near JUMP_002957 mov eax,[esi+0xc8] test byte [eax+0xc9],0x4 jz near JUMP_002949 mov eax,[esi+0xc8] mov al,[eax+0x56] cmp al,[ebx+0x56] jnz near JUMP_002957 mov eax,[esi+0xc8] mov al,[eax+0x57] cmp al,[ebx+0x57] jnz near JUMP_002957 push esi lea esi,[ebx+0x3e] lea edi,[ebp-0x24] mov ecx,0x6 rep movsd pop esi mov eax,[esi+0xc8] add eax,byte +0x3e push eax lea eax,[ebp-0x24] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 push byte +0xd lea eax,[ebp-0x24] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 cmp eax,byte +0x2 jnl near JUMP_002957 mov eax,[ebp-0x24] mov [ebp-0x30],eax mov eax,[ebp-0x1c] mov [ebp-0x2c],eax mov eax,[ebp-0x14] mov [ebp-0x28],eax lea eax,[ebp-0x30] push eax lea eax,[ebp-0x30] push eax call FUNC_001519 add esp,byte +0x8 push dword [ebp-0x30] mov eax,[esi+0xc8] push dword [eax+0x18] call FUNC_001521 add esp,byte +0x8 mov edi,eax push dword [ebp-0x2c] mov eax,[esi+0xc8] push dword [eax+0x1c] call FUNC_001521 add esp,byte +0x8 add edi,eax push dword [ebp-0x28] mov eax,[esi+0xc8] push dword [eax+0x20] call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,edi cmp eax,0x3fffffff jl near JUMP_002957 jmp short JUMP_002950 JUMP_002949: ; Pos = 2e493 lea eax,[ebp-0x3] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x1] push eax lea eax,[ebp-0x2] push eax push dword [DATA_009133] push ebx call near [DATA_006141] ; FUNC_000569 add esp,byte +0x1c test byte [ebp-0x2],0x10 jz near JUMP_002957 movsx eax,byte [ebp-0x1] cmp eax,[esi+0xc0] jz JUMP_002950 push ebx call FUNC_000940 pop ecx jmp JUMP_002957 JUMP_002950: ; Pos = 2e4d9 mov eax,[esi+0x120] cmp eax,[esi+0x118] jnl near JUMP_002957 cmp dword [ebx+0x82],0x99 jz JUMP_002951 cmp dword [ebx+0x82],byte +0x6a jnz JUMP_002952 JUMP_002951: ; Pos = 2e500 mov dword [ebp-0x60],0x9905 mov dword [ebp-0x48],0xffffffff mov [ebp-0x44],ebx movzx eax,word [ebx+0x9e] add eax,0x8e00 mov [ebp-0x5c],eax lea eax,[ebp-0x60] push eax call FUNC_000349 pop ecx push byte +0x11 call FUNC_001906_SoundPlaySample pop ecx inc dword [esi+0x120] movzx eax,word [ebx+0x9e] inc word [esi+eax*2+0x134] movzx eax,word [ebx+0x9e] push eax push byte +0x16 call FUNC_000148 add esp,byte +0x8 push ebx call FUNC_000940 pop ecx jmp short JUMP_002957 JUMP_002952: ; Pos = 2e562 mov eax,[esi+0xc8] push dword [eax+0x82] call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x12] jmp short JUMP_002956 JUMP_002953: ; Pos = 2e57e mov edx,[esi+0xc8] cmp byte [edx+eax+0xd6],0x0 jnz JUMP_002956 cmp dword [ebx+0x82],byte +0xc jnz JUMP_002954 mov edx,[esi+0xc8] mov byte [edx+eax+0xd6],0x88 jmp short JUMP_002955 JUMP_002954: ; Pos = 2e5a7 mov edx,[esi+0xc8] mov byte [edx+eax+0xd6],0xc0 JUMP_002955: ; Pos = 2e5b5 dec dword [esi+0x118] push ebx call FUNC_000940 pop ecx jmp short JUMP_002957 JUMP_002956: ; Pos = 2e5c4 dec eax jns JUMP_002953 JUMP_002957: ; Pos = 2e5c7 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000715: ; Pos = 2e5ce push ebp mov ebp,esp pop ebp ret FUNC_000716: ; Pos = 2e5d3 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push dword [DATA_009155] push dword [DATA_009133] push ebx call near [DATA_006153] ; FUNC_000603 add esp,byte +0xc push dword [ebp+0x10] push dword [ebp+0xc] push ebx call FUNC_000718 add esp,byte +0xc pop ebx pop ebp ret FUNC_000717: ; Pos = 2e602 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov byte [ebx+0x8b],0x0 push dword [DATA_009155] push dword [DATA_009133] push ebx call near [DATA_006153] ; FUNC_000603 add esp,byte +0xc push esi push ebx call near [DATA_006142] ; FUNC_000601 add esp,byte +0x8 push esi push byte +0x1 push esi push ebx call near [DATA_006143] ; FUNC_000585 add esp,byte +0x10 push dword [ebp+0x10] push esi push ebx call FUNC_000718 add esp,byte +0xc pop esi pop ebx pop ebp ret FUNC_000718: ; Pos = 2e654 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov ebx,[ebp+0x8] push dword [ebp+0xc] push dword [ebp+0x10] push ebx call near [DATA_007744] ; FUNC_001512 add esp,byte +0xc cmp word [ebx+0x9e],byte +0x0 jz near JUMP_002958 cmp dword [ebx+0x82],byte +0x5 jna near JUMP_002958 ; FIX: Mispositioned smoke ; lea esi,[ebx+0x3e] ; lea edi,[ebp-0x24] ; mov ecx,0x6 ; rep movsd ; mov eax,[ebx+0x8c] ; sub [ebp-0x24],eax ; mov eax,[ebx+0x90] ; sub [ebp-0x1c],eax ; mov eax,[ebx+0x94] ; sub [ebp-0x14],eax mov [ebp-0x30], dword 0 mov [ebp-0x2c], dword 0 mov [ebp-0x28], dword -100000 push ebx lea eax, [ebp-0x30] push eax push eax call FUNC_001669_VecMatMul add esp, 12 push dword [ebp-0x30] push dword [ebx+0x42] push dword [ebx+0x3e] lea eax, [ebp-0x24] push eax call FUNC_001334_Int64Add32 add esp, 16 push dword [ebp-0x2c] push dword [ebx+0x4a] push dword [ebx+0x46] lea eax, [ebp-0x1c] push eax call FUNC_001334_Int64Add32 add esp, 16 push dword [ebp-0x28] push dword [ebx+0x52] push dword [ebx+0x4e] lea eax, [ebp-0x14] push eax call FUNC_001334_Int64Add32 add esp, 16 push byte +0x0 lea eax,[ebp-0x24] push eax push ebx call FUNC_000939 add esp,byte +0xc JUMP_002958: ; Pos = 2e6ba lea eax,[ebp-0x3] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x1] push eax lea eax,[ebp-0x2] push eax push dword [DATA_009133] push ebx call near [DATA_006141] ; FUNC_000569 add esp,byte +0x1c test byte [ebp-0x2],0x80 jz JUMP_002959 push dword [ebp-0xc] push ebx call FUNC_000721 add esp,byte +0x8 jmp short JUMP_002962 JUMP_002959: ; Pos = 2e6f2 test byte [DATA_008835],0x4 jz JUMP_002962 mov eax,[ebx+0x82] cmp eax,byte +0xd ja JUMP_002961 mov al,[eax+DATA_000029] jmp near [eax*4+DATA_000030] SECTION .data DATA_000029: ; Pos = 2e713 db 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2 db 0x1, 0x2, 0x2, 0x1, 0x1, 0x1 DATA_000030: ; Pos = 2e721 dd JUMP_002961 dd JUMP_002962 dd JUMP_002960 db 0xeb, 0x10 SECTION .text JUMP_002960: ; Pos = 2e72f test byte [DATA_008835],0x8 ; FIX: Reversed ECM bug jz JUMP_002962 ; jnz JUMP_002962 JUMP_002961: ; Pos = 2e738 push ebx call FUNC_000719 pop ecx JUMP_002962: ; Pos = 2e73f pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000719: ; Pos = 2e746 push ebp mov ebp,esp push ecx push ebx push esi mov esi,[ebp+0x8] lea eax,[ebp-0x4] push eax push dword 0x9b push byte +0x9 push esi push dword [DATA_009133] call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov ebx,eax test ebx,ebx jz JUMP_002963 mov byte [ebx+0x87],0xb mov byte [ebx+0xff],0x1c mov dword [ebx+0xa4],0xffffffff mov word [ebx+0x9e],0xffff call near [DATA_007752] ; FUNC_001530 mov edx,eax shr edx,0x10 push edx and eax,0xffff push eax push ebx call FUNC_001675_MatBuildYZT add esp,byte +0xc movsx eax,byte [esi+0x88] push eax push byte +0x6 call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 push esi call near [DATA_007218] ; FUNC_000925 pop ecx JUMP_002963: ; Pos = 2e7c6 pop esi pop ebx pop ecx pop ebp ret FUNC_000720: ; Pos = 2e7cb push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov eax,[ebx+0x82] mov esi,[eax*4+DATA_006269] xor eax,eax mov al,[ebx+0x100] push eax push esi push dword [ebp+0xc] call FUNC_000953 add esp,byte +0xc test eax,eax jz JUMP_002964 push ebx call FUNC_000719 pop ecx jmp short JUMP_002965 JUMP_002964: ; Pos = 2e802 movsx eax,byte [ebx+0x88] push eax push byte +0x6 call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 push ebx call near [DATA_007218] ; FUNC_000925 pop ecx JUMP_002965: ; Pos = 2e81c pop esi pop ebx pop ebp ret FUNC_000721: ; Pos = 2e820 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov al,[esi+0x86] cmp al,[ebx+0x100] jnz JUMP_002966 cmp word [ebx+0x9e],byte +0x2 jna JUMP_002968 JUMP_002966: ; Pos = 2e843 cmp dword [ebx+0x82],byte +0xd jnz JUMP_002967 push esi push ebx call FUNC_000722 add esp,byte +0x8 test al,al jg JUMP_002968 JUMP_002967: ; Pos = 2e85a push esi push ebx call FUNC_000720 add esp,byte +0x8 JUMP_002968: ; Pos = 2e864 pop esi pop ebx pop ebp ret FUNC_000722: ; Pos = 2e868 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] mov edx,[DATA_009084] JUMP_002969: ; Pos = 2e876 dec edx jns JUMP_002970 xor eax,eax jmp JUMP_002974 JUMP_002970: ; Pos = 2e880 imul ebx,edx,byte +0x34 add ebx,DATA_009085 mov al,[ebx+0x4] and eax,byte +0xf cmp eax,byte +0x5 jz JUMP_002971 cmp eax,byte +0x6 jnz JUMP_002969 JUMP_002971: ; Pos = 2e899 mov eax,[ebx+0x6] cmp eax,[DATA_008885] jnz JUMP_002969 cmp byte [ebx+0x1a],0x0 jz JUMP_002969 movsx eax,byte [ebx+0x1a] xor ecx,ecx mov cl,[esi+0xfe] cmp eax,ecx jnz JUMP_002969 movsx eax,byte [ebx+0x1a] mov edx,[ebp+0xc] movzx edx,byte [edx+0x86] cmp eax,edx jz JUMP_002972 push dword [DATA_009133] movsx eax,byte [ebx+0x1a] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov al,[eax+0x56] mov edx,[ebp+0xc] cmp al,[edx+0x86] jz JUMP_002972 xor eax,eax jmp short JUMP_002974 JUMP_002972: ; Pos = 2e8f2 push esi call FUNC_000719 pop ecx mov eax,[ebp+0xc] mov dword [eax+0x7e],0xa mov byte [ebx+0x5],0xff push dword [DATA_009133] movsx eax,byte [ebx+0x1a] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov dword [eax+0x82],0xa2 mov dword [eax+0x7e],0x6 movzx eax,byte [eax+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x8 mov eax,[ebp+0xc] cmp byte [eax+0x88],0x10 jg JUMP_002973 push byte +0x0 push dword 0xc8 push dword [DATA_008861] call FUNC_000953 add esp,byte +0xc JUMP_002973: ; Pos = 2e95e mov al,0x1 JUMP_002974: ; Pos = 2e960 pop esi pop ebx pop ebp ret FUNC_000723: ; Pos = 2e964 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi mov ebx,[ebp+0x8] push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax cmp byte [esi+0x14c],0x40 jnz JUMP_002975 push byte -0x1 push esi push ebx call near [DATA_006147] ; FUNC_000589 add esp,byte +0xc lea eax,[ebp-0x18] push eax push esi push ebx call near [DATA_006149] ; FUNC_000591 add esp,byte +0xc mov eax,[ebp-0x18] sar eax,0x7 mov edx,[ebp-0x14] and edx,byte +0x7f shl edx,0x19 or eax,edx mov [ebx+0x8c],eax mov eax,[ebp-0x10] sar eax,0x7 mov edx,[ebp-0xc] and edx,byte +0x7f shl edx,0x19 or eax,edx mov [ebx+0x90],eax mov eax,[ebp-0x8] sar eax,0x7 mov edx,[ebp-0xc] and edx,byte +0x7f shl edx,0x19 or eax,edx mov [ebx+0x94],eax push dword [ebp+0xc] push dword [ebp+0x10] push ebx call near [DATA_007744] ; FUNC_001512 add esp,byte +0xc JUMP_002975: ; Pos = 2ea03 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000724: ; Pos = 2ea09 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push dword [ebp+0x10] push dword [ebp+0xc] push ebx call FUNC_000725 add esp,byte +0xc ; FIX: Laser invulnerability or byte [ebx+0x151], 2 ; push byte +0x0 ; push ebx ; call FUNC_000931 ; add esp,byte +0x8 pop ebx pop ebp ret FUNC_000725: ; Pos = 2ea2d push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov byte [ebx+0x8b],0x0 push dword [DATA_009155] push dword [DATA_009133] push ebx call near [DATA_006153] ; FUNC_000603 add esp,byte +0xc push esi push byte +0x1 push esi push ebx call near [DATA_006143] ; FUNC_000585 add esp,byte +0x10 push esi push ebx call near [DATA_006142] ; FUNC_000601 add esp,byte +0x8 ; FIX: Combat vel fudge issues test byte [DATA_009046], 2 jz .nofudge push byte +0xd push esi push dword DATA_008839 lea eax,[ebx+0x8c] push eax call FUNC_000726 add esp,byte +0x10 .nofudge: push esi push edi push ebx call near [DATA_007744] ; FUNC_001512 add esp,byte +0xc push edi push esi push ebx call FUNC_000730 add esp,byte +0xc cmp byte [ebx+0x14e],0x0 jz JUMP_002976 push byte +0x0 lea eax,[ebx+0x3e] push eax push ebx call FUNC_000939 add esp,byte +0xc JUMP_002976: ; Pos = 2eabb lea eax,[ebp-0x7] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x5] push eax lea eax,[ebp-0x6] push eax push dword [DATA_009133] push ebx call near [DATA_006141] ; FUNC_000569 add esp,byte +0x1c pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000726: ; Pos = 2eae6 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] cmp edi,0xc22e jnc near JUMP_002985 test edi,edi jna near JUMP_002985 mov eax,[ebx] sub eax,[esi] js JUMP_002977 mov eax,[ebx] sub eax,[esi] jmp short JUMP_002978 JUMP_002977: ; Pos = 2eb15 mov eax,[ebx] sub eax,[esi] neg eax JUMP_002978: ; Pos = 2eb1b cmp eax,byte +0x64 jng JUMP_002979 mov ecx,[ebp+0x14] mov eax,edi shl eax,cl push eax mov eax,[ebx] sub eax,[esi] push eax call FUNC_001521 add esp,byte +0x8 sub [ebx],eax JUMP_002979: ; Pos = 2eb37 mov eax,[ebx+0x4] sub eax,[esi+0x4] js JUMP_002980 mov eax,[ebx+0x4] sub eax,[esi+0x4] jmp short JUMP_002981 JUMP_002980: ; Pos = 2eb47 mov eax,[ebx+0x4] sub eax,[esi+0x4] neg eax JUMP_002981: ; Pos = 2eb4f cmp eax,byte +0x64 jng JUMP_002982 mov ecx,[ebp+0x14] mov eax,edi shl eax,cl push eax mov eax,[ebx+0x4] sub eax,[esi+0x4] push eax call FUNC_001521 add esp,byte +0x8 sub [ebx+0x4],eax JUMP_002982: ; Pos = 2eb6e mov eax,[ebx+0x8] sub eax,[esi+0x8] js JUMP_002983 mov eax,[ebx+0x8] sub eax,[esi+0x8] jmp short JUMP_002984 JUMP_002983: ; Pos = 2eb7e mov eax,[ebx+0x8] sub eax,[esi+0x8] neg eax JUMP_002984: ; Pos = 2eb86 cmp eax,byte +0x64 jng JUMP_002985 mov ecx,[ebp+0x14] shl edi,cl push edi mov eax,[ebx+0x8] sub eax,[esi+0x8] push eax call FUNC_001521 add esp,byte +0x8 sub [ebx+0x8],eax JUMP_002985: ; Pos = 2eba3 pop edi pop esi pop ebx pop ebp ret FUNC_000727: ; Pos = 2eba8 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov byte [ebx+0x8b],0x0 push dword [DATA_009155] push dword [DATA_009133] push ebx call near [DATA_006153] ; FUNC_000603 add esp,byte +0xc push esi push ebx call near [DATA_006142] ; FUNC_000601 add esp,byte +0x8 push esi push byte +0x1 push esi push ebx call near [DATA_006143] ; FUNC_000585 add esp,byte +0x10 push esi push edi push ebx call near [DATA_007744] ; FUNC_001512 add esp,byte +0xc push edi push esi push ebx call FUNC_000730 add esp,byte +0xc cmp byte [ebx+0x14e],0x0 jz JUMP_002986 push byte +0x0 lea eax,[ebx+0x3e] push eax push ebx call FUNC_000939 add esp,byte +0xc JUMP_002986: ; Pos = 2ec1f cmp byte [ebx+0xff],0x7 jz JUMP_002987 lea eax,[ebp-0x7] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x5] push eax lea eax,[ebp-0x6] push eax push dword [DATA_009133] push ebx call near [DATA_006141] ; FUNC_000569 add esp,byte +0x1c JUMP_002987: ; Pos = 2ec4c cmp byte [ebp-0x6],0x0 jz JUMP_002989 cmp byte [ebx+0xff],0x23 jnz JUMP_002989 test byte [ebp-0x6],0x40 jz JUMP_002989 test byte [ebp-0x6],0x20 jz JUMP_002989 push dword [ebp-0x4] mov al,[ebx+0x86] push eax call FUNC_000652 add esp,byte +0x8 test al,al jz JUMP_002988 mov byte [ebx+0xff],0x20 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc jmp short JUMP_002989 JUMP_002988: ; Pos = 2ec9b push dword [ebp-0x4] push ebx call FUNC_000745 add esp,byte +0x8 JUMP_002989: ; Pos = 2eca7 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000728: ; Pos = 2ecae push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov ebx,[ebp+0x8] push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov byte [ebx+0x8b],0x0 mov dl,[eax+0x56] mov [ebx+0x56],dl mov dl,[eax+0x57] mov [ebx+0x57],dl mov esi,eax mov edi,ebx mov ecx,0x9 rep movsd mov edx,[eax+0x8c] mov [ebx+0x8c],edx mov edx,[eax+0x90] mov [ebx+0x90],edx mov edx,[eax+0x94] mov [ebx+0x94],edx lea edx,[ebp-0x18] push edx push eax push ebx call FUNC_000593 add esp,byte +0xc push dword [ebp-0x14] push dword [ebp-0x18] push dword [ebx+0x42] push dword [ebx+0x3e] lea eax,[ebx+0x3e] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [ebp-0xc] push dword [ebp-0x10] push dword [ebx+0x4a] push dword [ebx+0x46] lea eax,[ebx+0x46] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [ebp-0x4] push dword [ebp-0x8] push dword [ebx+0x52] push dword [ebx+0x4e] lea eax,[ebx+0x4e] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov byte [ebx+0x25],0x0 mov byte [ebx+0x58],0x0 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000729: ; Pos = 2ed79 push ebp mov ebp,esp add esp,byte -0x24 push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000728 pop ecx push dword [ebp+0x10] push dword [ebp+0xc] push ebx call FUNC_000730 add esp,byte +0xc cmp byte [ebx+0x14e],0x0 jz JUMP_002990 push byte +0x0 lea eax,[ebx+0x3e] push eax push ebx call FUNC_000939 add esp,byte +0xc JUMP_002990: ; Pos = 2edb1 lea eax,[ebp-0x7] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x5] push eax lea eax,[ebp-0x6] push eax push dword [DATA_009133] push ebx call near [DATA_006141] ; FUNC_000569 add esp,byte +0x1c pop ebx mov esp,ebp pop ebp ret FUNC_000730: ; Pos = 2edda push ebp mov ebp,esp mov eax,[ebp+0x8] mov ecx,[DATA_009155] sar ecx,0x10 mov edx,[DATA_009155] and edx,0xffff cmp word [eax+0xe8],byte +0x0 jz JUMP_002992 ; FIX: Pulse laser non-limitation test ecx,ecx ; jng JUMP_002991 jnz JUMP_002991 movzx ecx,word [eax+0xe8] cmp edx,ecx jnl JUMP_002991 sub [eax+0xe8],dx jmp short JUMP_002992 JUMP_002991: ; Pos = 2ee17 mov word [eax+0xe8],0x0 JUMP_002992: ; Pos = 2ee20 cmp byte [eax+0xff],0x1e jnc JUMP_002994 cmp word [eax+0x9e],byte +0x0 jz JUMP_002996 movzx edx,word [eax+0x9e] mov ecx,[DATA_009155] shr ecx,1 cmp edx,ecx jnc JUMP_002993 mov word [eax+0x9e],0x0 pop ebp ret JUMP_002993: ; Pos = 2ee51 mov edx,[DATA_009155] shr edx,1 sub [eax+0x9e],dx pop ebp ret JUMP_002994: ; Pos = 2ee62 cmp byte [eax+0xff],0xc jna JUMP_002996 cmp word [eax+0x9e],0xffff jz JUMP_002996 movzx edx,word [eax+0x9e] mov ecx,0xffff sub ecx,edx mov edx,[DATA_009155] shr edx,1 cmp ecx,edx jnc JUMP_002995 mov word [eax+0x9e],0xffff pop ebp ret JUMP_002995: ; Pos = 2ee9b mov edx,[DATA_009155] shr edx,1 add [eax+0x9e],dx JUMP_002996: ; Pos = 2eeaa pop ebp ret FUNC_000731: ; Pos = 2eeac push ebp mov ebp,esp push ebx mov edx,[ebp+0x8] mov ecx,DATA_008804 cmp byte [edx+0x118],0x10 jnz JUMP_002999 movsx eax,byte [ebp+0x14] cmp eax,[ecx+0xc0] jnz JUMP_002999 mov eax,[ecx+0x4ef0] dec eax test eax,eax jl JUMP_002999 JUMP_002997: ; Pos = 2eed8 imul ebx,eax,byte +0xd mov ebx,[ecx+ebx*4+0x4efe] cmp ebx,[edx+0xa0] jnz JUMP_002998 imul eax,eax,byte +0xd mov dl,[edx+0x11a] mov [ecx+eax*4+0x4ef9],dl pop ebx pop ebp ret JUMP_002998: ; Pos = 2eefd dec eax test eax,eax jnl JUMP_002997 JUMP_002999: ; Pos = 2ef02 pop ebx pop ebp ret FUNC_000732: ; Pos = 2ef05 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push dword [DATA_009045] push ebx call FUNC_000938 add esp,byte +0x8 mov al,[DATA_009045] sub [ebx+0x14d],al mov al,[ebx+0x14d] test al,al jnl JUMP_003000 push dword [DATA_009133] push ebx call near [DATA_006154] ; FUNC_000606 add esp,byte +0x8 mov byte [ebx+0x14d],0x13 JUMP_003000: ; Pos = 2ef47 pop ebx pop ebp ret FUNC_000733: ; Pos = 2ef4a push ebp mov ebp,esp add esp,byte -0x8 push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0xa8] mov [ebp-0x4],eax mov eax,[ebx+0xac] mov [ebp-0x8],eax push dword DATA_008804 push dword DATA_008807 lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_000739 add esp,byte +0x10 test al,al jz JUMP_003002 mov eax,[DATA_008804] mov [ebx+0xa8],eax mov eax,[DATA_008807] mov [ebx+0xac],eax cmp byte [ebx+0x118],0x10 jnz JUMP_003001 mov byte [ebx+0x100],0x0 JUMP_003001: ; Pos = 2efaa mov byte [ebx+0xff],0x1f xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc push ebx call FUNC_000734 pop ecx JUMP_003002: ; Pos = 2efcd pop ebx pop ecx pop ecx pop ebp ret FUNC_000734: ; Pos = 2efd2 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax push esi mov al,[ebx+0x86] push eax call FUNC_000654 add esp,byte +0x8 test al,al jz JUMP_003003 xor eax,eax mov al,[ebx+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x4f mov byte [ebx+0x57],0x1 mov byte [ebx+0xff],0x21 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003003: ; Pos = 2f03a pop esi pop ebx pop ebp ret FUNC_000735: ; Pos = 2f03e push ebp mov ebp,esp add esp,byte -0xc push ebx push esi mov ebx,[ebp+0x8] push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax cmp byte [esi+0xc9],0xfe jz JUMP_003004 cmp byte [esi+0xc9],0x0 jnz near JUMP_003007 JUMP_003004: ; Pos = 2f079 mov byte [ebx+0xff],0x7 test byte [esi+0x14c],0x20 jz JUMP_003005 call near [DATA_007752] ; FUNC_001530 and eax,0xfff mov [ebp-0x4],eax mov dword [ebp-0xc],0x1388 mov dword [ebp-0x8],0x3a98 push esi lea eax,[ebp-0xc] push eax lea eax,[ebp-0xc] push eax call FUNC_001669_VecMatMul add esp,byte +0xc mov ax,[ebp-0xc] mov [ebx+0x102],ax mov ax,[ebp-0x8] mov [ebx+0x104],ax mov ax,[ebp-0x4] mov [ebx+0x106],ax jmp short JUMP_003006 JUMP_003005: ; Pos = 2f0d9 call near [DATA_007752] ; FUNC_001530 and ax,0x1ff add ax,0x1388 mov [ebx+0x106],ax mov word [ebx+0x102],0x0 mov word [ebx+0x104],0x0 JUMP_003006: ; Pos = 2f100 xor eax,eax mov [ebx+0x8c],eax xor eax,eax mov [ebx+0x90],eax xor eax,eax mov [ebx+0x94],eax push ebx call FUNC_000736 pop ecx JUMP_003007: ; Pos = 2f11f pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000736: ; Pos = 2f125 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi mov ebx,[ebp+0x8] push ebx call FUNC_000732 pop ecx push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax movsx eax,byte [ebx+0x101] push dword [DATA_009133] lea edx,[ebp-0x10] push edx lea edx,[ebp-0x4] push edx push eax push esi push ebx call near [DATA_006158] ; FUNC_000610 add esp,byte +0x18 cmp dword [ebp-0x4],byte +0x6 jng JUMP_003008 lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push ebx call FUNC_000600 add esp,byte +0xc push ebx call near [DATA_006144] ; FUNC_000586 pop ecx jmp short JUMP_003011 JUMP_003008: ; Pos = 2f193 push esi mov al,[ebx+0x86] push eax call FUNC_000651 add esp,byte +0x8 cmp byte [ebx+0x100],0x0 jnz JUMP_003009 push ebx call FUNC_000761 pop ecx jmp short JUMP_003011 JUMP_003009: ; Pos = 2f1b5 mov al,[ebx+0x100] cmp al,[ebx+0xfe] jz JUMP_003010 push ebx call FUNC_000741 pop ecx jmp short JUMP_003011 JUMP_003010: ; Pos = 2f1cc push esi push ebx call FUNC_000745 add esp,byte +0x8 JUMP_003011: ; Pos = 2f1d6 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000737: ; Pos = 2f1dc push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[DATA_008807] cmp eax,[ebx+0xac] jc JUMP_003013 mov eax,[DATA_008807] cmp eax,[ebx+0xac] jnz JUMP_003012 mov eax,[DATA_008804] cmp eax,[ebx+0xa8] jc JUMP_003013 JUMP_003012: ; Pos = 2f20a mov byte [ebx+0xff],0x12 mov word [ebx+0x9e],0x0 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc push ebx call FUNC_000738 pop ecx JUMP_003013: ; Pos = 2f236 pop ebx pop ebp ret FUNC_000738: ; Pos = 2f239 push ebp mov ebp,esp mov eax,[ebp+0x8] mov word [eax+0xb6],0x0 mov word [eax+0xb8],0x0 mov word [eax+0xba],0x0 mov dx,[eax+0x82] mov [eax+0xe6],dx mov dword [eax+0x82],0x9a xor edx,edx mov dl,[eax+0x86] mov ecx,[DATA_007758] mov byte [ecx+edx],0xa mov dword [eax+0x7e],0x8 mov edx,[eax+0xfa] mov ecx,edx shl ecx,0x10 shr edx,0x10 ; FIX: AI Time travel during HS ; test ecx,0x80000000 ; jz JUMP_003014 ; test byte [eax+0xab],0x80 ; jz JUMP_003014 ; inc dword [eax+0xac] ; JUMP_003014: ; Pos = 2f2b0 add [eax+0xa8],ecx adc [eax+0xac], edx ; add [eax+0xac],edx pop ebp ret FUNC_000739: ; Pos = 2f2be push ebp mov ebp,esp push ebx push esi mov ecx,[ebp+0x10] mov ebx,[ebp+0xc] mov eax,[ebp+0x8] mov edx,[ebx] mov esi,[ebp+0x14] cmp edx,[esi] setc dl and edx,byte +0x1 mov esi,[ebp+0x14] mov esi,[esi] sub [ebx],esi cmp dword [eax],byte +0x0 jnz JUMP_003015 test edx,edx jnz JUMP_003016 JUMP_003015: ; Pos = 2f2e9 mov ebx,[eax] sub ebx,edx cmp ebx,[ecx] jnc JUMP_003017 JUMP_003016: ; Pos = 2f2f1 mov ebx,[eax] sub ebx,[ecx] sub ebx,edx mov [eax],ebx mov al,0x1 jmp short JUMP_003018 JUMP_003017: ; Pos = 2f2fd mov ebx,[eax] sub ebx,[ecx] sub ebx,edx mov [eax],ebx xor eax,eax JUMP_003018: ; Pos = 2f307 pop esi pop ebx pop ebp ret FUNC_000740: ; Pos = 2f30b push ebp mov ebp,esp add esp,byte -0xc push ebx push esi mov ebx,[ebp+0x8] mov eax,[DATA_008804] mov [ebp-0x4],eax mov eax,[DATA_008807] mov [ebp-0x8],eax lea eax,[ebx+0xa8] push eax lea eax,[ebx+0xac] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_000739 add esp,byte +0x10 test al,al jz JUMP_003019 mov eax,[ebp-0x4] shr eax,0x3 mov edx,[ebp-0x8] shl edx,0x1d or eax,edx mov [ebx+0xa4],eax jmp JUMP_003021 JUMP_003019: ; Pos = 2f361 lea eax,[ebp-0xc] push eax push byte +0x0 push byte +0xa push ebx push dword [DATA_009133] call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov esi,eax test esi,esi jz JUMP_003020 mov byte [esi+0xff],0x1e mov byte [esi+0x118],0xfe mov dword [esi+0xa8],0xff9e8e xor eax,eax mov [esi+0xac],eax mov word [esi+0x9e],0x1 JUMP_003020: ; Pos = 2f3a8 xor eax,eax mov al,[ebx+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x4f xor eax,eax mov [ebx+0xf2],eax xor eax,eax mov [ebx+0x7e],eax movzx eax,word [ebx+0xe6] mov [ebx+0x82],eax mov al,[ebx+0xf8] mov [ebx+0xff],al xor eax,eax mov [ebx+0x8c],eax xor eax,eax mov [ebx+0x90],eax mov dword [ebx+0x94],0x71b7 xor eax,eax mov [ebx+0xf2],eax xor eax,eax mov [ebx+0xf6],eax xor eax,eax mov [ebx+0xfa],eax xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003021: ; Pos = 2f427 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000741: ; Pos = 2f42d push ebp mov ebp,esp add esp,byte -0xc push ebx push esi mov ebx,[ebp+0x8] mov al,[ebx+0x100] mov [ebx+0xfe],al push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax mov byte [ebx+0xff],0x0 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc test byte [esi+0x14c],0x10 jz JUMP_003024 test byte [esi+0x14c],0x20 jz JUMP_003022 xor eax,eax mov [ebp-0xc],eax mov dword [ebp-0x8],0x1770 xor eax,eax mov [ebp-0x4],eax push esi lea eax,[ebp-0xc] push eax lea eax,[ebp-0xc] push eax call FUNC_001669_VecMatMul add esp,byte +0xc jmp short JUMP_003023 JUMP_003022: ; Pos = 2f4b0 xor eax,eax mov [ebp-0xc],eax xor eax,eax mov [ebp-0x8],eax mov dword [ebp-0x4],0xfa0 JUMP_003023: ; Pos = 2f4c1 mov ax,[ebp-0xc] mov [ebx+0x102],ax mov ax,[ebp-0x8] mov [ebx+0x104],ax mov ax,[ebp-0x4] mov [ebx+0x106],ax jmp short JUMP_003025 JUMP_003024: ; Pos = 2f4e4 mov word [ebx+0x102],0x0 mov word [ebx+0x104],0x0 mov word [ebx+0x106],0x0 JUMP_003025: ; Pos = 2f4ff push ebx call FUNC_000742 pop ecx pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000742: ; Pos = 2f50c push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi mov ebx,[ebp+0x8] push ebx call FUNC_000732 pop ecx push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax movsx eax,byte [ebx+0x101] push dword [DATA_009133] lea edx,[ebp-0x10] push edx lea edx,[ebp-0x4] push edx push eax push esi push ebx call near [DATA_006158] ; FUNC_000610 add esp,byte +0x18 cmp dword [ebp-0x4],byte +0x6 jng JUMP_003026 lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push ebx call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc push ebx call near [DATA_006145] ; FUNC_000587 pop ecx jmp short JUMP_003029 JUMP_003026: ; Pos = 2f57b cmp byte [ebx+0x100],0x0 jnz JUMP_003027 push ebx call FUNC_000761 pop ecx jmp short JUMP_003029 JUMP_003027: ; Pos = 2f58d mov al,[ebx+0x100] cmp al,[ebx+0xfe] jz JUMP_003028 push ebx call FUNC_000741 pop ecx jmp short JUMP_003029 JUMP_003028: ; Pos = 2f5a4 push esi push ebx call FUNC_000745 add esp,byte +0x8 JUMP_003029: ; Pos = 2f5ae pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000743: ; Pos = 2f5b4 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi push edi mov ebx,[ebp+0x8] push ebx call FUNC_000732 pop ecx push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edi,eax push dword [edi+0x82] call near [DATA_007756] ; FUNC_001538 pop ecx mov esi,[eax+0x14] add esi,[eax+0x18] add esi,byte -0xc test esi,esi jng JUMP_003030 xor esi,esi JUMP_003030: ; Pos = 2f5fd cmp esi,byte -0xf jnl JUMP_003031 mov esi,0xfffffff1 JUMP_003031: ; Pos = 2f607 movsx eax,word [ebx+0x102] push eax call _abs pop ecx push eax movsx eax,word [ebx+0x104] push eax call _abs pop ecx pop edx add edx,eax push edx movsx eax,word [ebx+0x106] push eax call _abs pop ecx pop edx add edx,eax mov ecx,esi neg ecx mov eax,0x2000 sar eax,cl cmp edx,eax jnl JUMP_003032 push dword 0xffff call near [DATA_007217] ; FUNC_000922 pop ecx push eax push dword 0xffff call near [DATA_007217] ; FUNC_000922 pop ecx push eax lea eax,[ebp-0x10] push eax call near [DATA_007739] ; FUNC_001505 add esp,byte +0xc mov ecx,esi neg ecx mov eax,[ebp-0x10] sar eax,cl mov [ebx+0x102],ax mov ecx,esi neg ecx mov eax,[ebp-0xc] sar eax,cl mov [ebx+0x104],ax mov ecx,esi neg ecx mov eax,[ebp-0x8] sar eax,cl mov [ebx+0x106],ax JUMP_003032: ; Pos = 2f69f movsx eax,byte [ebx+0x101] push dword [DATA_009133] lea edx,[ebp-0x10] push edx lea edx,[ebp-0x4] push edx add eax,byte -0x2 push eax push edi push ebx call near [DATA_006158] ; FUNC_000610 add esp,byte +0x18 cmp dword [ebp-0x4],byte +0x6 jng JUMP_003033 lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push ebx call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc push ebx call near [DATA_006145] ; FUNC_000587 pop ecx jmp short JUMP_003034 JUMP_003033: ; Pos = 2f6e5 push dword 0xffff call near [DATA_007217] ; FUNC_000922 pop ecx push eax push dword 0xffff call near [DATA_007217] ; FUNC_000922 pop ecx push eax lea eax,[ebp-0x10] push eax call near [DATA_007739] ; FUNC_001505 add esp,byte +0xc mov ecx,esi neg ecx mov eax,[ebp-0x10] sar eax,cl mov [ebx+0x102],ax mov ecx,esi neg ecx mov eax,[ebp-0xc] sar eax,cl mov [ebx+0x104],ax mov ecx,esi neg ecx mov eax,[ebp-0x8] sar eax,cl mov [ebx+0x106],ax JUMP_003034: ; Pos = 2f73c pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000744: ; Pos = 2f743 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push esi mov al,[ebx+0x86] push eax call FUNC_000652 add esp,byte +0x8 test al,al jz JUMP_003035 mov byte [ebx+0xff],0x20 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc jmp short JUMP_003036 JUMP_003035: ; Pos = 2f780 push esi push ebx call FUNC_000745 add esp,byte +0x8 JUMP_003036: ; Pos = 2f78a pop esi pop ebx pop ebp ret FUNC_000745: ; Pos = 2f78e push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] test byte [esi+0x14c],0x10 jz JUMP_003037 lea eax,[ebp-0x4] push eax lea eax,[ebp-0x1c] push eax push esi push ebx call FUNC_000655 add esp,byte +0x10 test al,al jnz JUMP_003037 mov eax,[ebp-0x1c] sar eax,0xa mov [ebx+0x102],ax mov eax,[ebp-0x14] sar eax,0xa mov [ebx+0x104],ax mov eax,[ebp-0xc] sar eax,0xa mov [ebx+0x106],ax movsx eax,byte [ebx+0x88] push eax push byte +0xc call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 mov byte [ebx+0xff],0x23 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003037: ; Pos = 2f810 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000746: ; Pos = 2f816 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi push edi mov ebx,[ebp+0x8] push ebx call FUNC_000732 pop ecx push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax mov eax,0xfffffffe push dword [DATA_009133] lea edx,[ebp-0x10] push edx lea edx,[ebp-0x4] push edx push eax push esi push ebx call near [DATA_006150] ; FUNC_000596 add esp,byte +0x18 cmp dword [ebp-0x4],byte +0x0 jg JUMP_003040 cmp dword [DATA_007706],0x3e2 jz JUMP_003040 push esi push ebx call FUNC_000744 add esp,byte +0x8 test byte [esi+0x14c],0x20 jz JUMP_003038 push esi mov edi,ebx mov ecx,0x9 rep movsd pop esi jmp short JUMP_003039 JUMP_003038: ; Pos = 2f894 mov dword [ebx],0x7f000000 xor eax,eax mov [ebx+0x4],eax xor eax,eax mov [ebx+0x8],eax xor eax,eax mov [ebx+0xc],eax mov dword [ebx+0x10],0x7f000000 xor eax,eax mov [ebx+0x14],eax xor eax,eax mov [ebx+0x18],eax xor eax,eax mov [ebx+0x1c],eax mov dword [ebx+0x20],0x7f000000 JUMP_003039: ; Pos = 2f8c6 push ebx call FUNC_000671 pop ecx jmp short JUMP_003041 JUMP_003040: ; Pos = 2f8cf push byte -0x1 push esi push ebx call near [DATA_006147] ; FUNC_000589 add esp,byte +0xc lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push ebx call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc JUMP_003041: ; Pos = 2f8ee pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000747: ; Pos = 2f8f5 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax cmp byte [esi+0xc9],0x3 jz near JUMP_003045 push esi call FUNC_000653 pop ecx test byte [esi+0x14c],0x40 jz JUMP_003042 mov eax,0x4e jmp short JUMP_003043 JUMP_003042: ; Pos = 2f93b mov eax,0x2 JUMP_003043: ; Pos = 2f940 xor edx,edx mov dl,[ebx+0x86] mov ecx,[DATA_007758] lea edx,[ecx+edx] push edx pop edx mov [edx],al mov byte [ebx+0xff],0x24 mov byte [ebx+0x100],0x0 call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008804] add eax,[DATA_008818] mov [ebx+0xa8],eax mov eax,[DATA_008807] add eax,byte +0x2 mov [ebx+0xac],eax test byte [DATA_008806],0x8 jz JUMP_003044 test byte [DATA_008819],0x8 jz JUMP_003044 inc dword [ebx+0xac] JUMP_003044: ; Pos = 2f9a0 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003045: ; Pos = 2f9b5 pop esi pop ebx pop ebp ret FUNC_000748: ; Pos = 2f9b9 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000732 pop ecx mov eax,[DATA_009092] cmp byte [eax+0xc9],0xfe jz JUMP_003046 mov eax,[DATA_009092] cmp byte [eax+0xc9],0x0 jnz JUMP_003047 JUMP_003046: ; Pos = 2f9e3 mov byte [ebx+0xff],0x1 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003047: ; Pos = 2f9ff pop ebx pop ebp ret FUNC_000749: ; Pos = 2fa02 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov esi,[DATA_008818] and esi,0xffff call near [DATA_007752] ; FUNC_001530 push esi call FUNC_001913_Sin16 pop ecx sar eax,0x5 mov [ebx+0x102],ax add esi,0x4000 push esi call FUNC_001913_Sin16 pop ecx sar eax,0x5 mov [ebx+0x104],ax mov eax,[DATA_008820] shr eax,0x16 mov [ebx+0x106],ax mov byte [ebx+0xff],0x4 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc pop esi pop ebx pop ebp ret FUNC_SetupCombatVelocity: push dword [DATA_009133] mov eax,[DATA_008861] movzx eax,byte [eax+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 test byte [eax+0x14c],0x10 jnz JUMP_003052 cmp dword [DATA_008867],0x9c40 jnl JUMP_003053 JUMP_003052: ; Pos = 2fbfa xor eax,eax mov [DATA_008839],eax xor eax,eax mov [DATA_008840],eax xor eax,eax mov [DATA_008841],eax xor eax,eax mov [DATA_008842],eax jmp short JUMP_003054 JUMP_003053: ; Pos = 2fc18 mov eax,[DATA_008861] mov edx,[eax+0x8c] mov [DATA_008839],edx mov edx,[eax+0x90] mov [DATA_008840],edx mov edx,[eax+0x94] mov [DATA_008841],edx mov eax,[DATA_008866] mov [DATA_008842],eax JUMP_003054: ; Pos = 2fc4b ret FUNC_000750: ; Pos = 2fa73 push ebp mov ebp,esp add esp,byte -0x4c push ebx push esi push edi mov esi,[ebp+0x8] push esi call FUNC_000732 pop ecx push dword [DATA_009133] xor eax,eax mov al,[esi+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 cmp byte [eax+0xff],0x24 jnz JUMP_003048 mov word [esi+0xb6],0x0 mov word [esi+0xb8],0x0 mov word [esi+0xba],0x0 jmp JUMP_003057 JUMP_003048: ; Pos = 2fac7 mov edx,0x1 push dword [DATA_009133] lea ecx,[ebp-0x10] push ecx lea ecx,[ebp-0x4] push ecx push edx push eax push esi call near [DATA_006150] ; FUNC_000596 add esp,byte +0x18 cmp dword [ebp-0x4],byte +0xa jl JUMP_003049 lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push esi call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc push esi call near [DATA_006145] ; FUNC_000587 pop ecx jmp JUMP_003057 JUMP_003049: ; Pos = 2fb0b mov byte [esi+0xff],0x1 mov ebx,0x72 JUMP_003050: ; Pos = 2fb17 mov eax,[DATA_009133] test byte [eax+ebx],0x40 jz JUMP_003051 push dword [DATA_009133] push ebx call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edi,eax cmp byte [edi+0xff],0xb jnz JUMP_003051 mov al,[edi+0xfe] cmp al,[esi+0x86] jnz JUMP_003051 push edi call FUNC_000728 pop ecx mov byte [edi+0xff],0x1 mov al,[edi+0x100] mov [edi+0xfe],al mov word [edi+0x102],0x0 mov word [edi+0x104],0x0 mov word [edi+0x106],0x0 JUMP_003051: ; Pos = 2fb80 dec ebx test ebx,ebx jg JUMP_003050 xor eax,eax mov al,[esi+0xfe] cmp eax,[DATA_008857] jnz near JUMP_003056 cmp byte [DATA_008870],0x4 jz near JUMP_003056 ; FIX: Combat vel fudge issues call FUNC_SetupCombatVelocity call near [DATA_004920] ; FUNC_000217_SysMenuPlayTime test al,al jz near JUMP_003056 mov dword [ebp-0x4c],0x98c3 mov dword [ebp-0x34],0xffffffff lea eax,[ebp-0x4c] push eax call FUNC_000349 pop ecx push byte +0x1e call FUNC_001906_SoundPlaySample pop ecx mov al,[DATA_009035] and al,[DATA_009029] jz JUMP_003055 push byte +0xe call FUNC_001902_SoundPlaySong pop ecx jmp short JUMP_003056 JUMP_003055: ; Pos = 2fc6a call FUNC_001903_SoundStopSong JUMP_003056: ; Pos = 2fc6f mov word [esi+0x102],0x0 mov word [esi+0x104],0x0 mov word [esi+0x106],0x0 xor eax,eax mov al,[esi+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc push esi call FUNC_000753 pop ecx JUMP_003057: ; Pos = 2fca6 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000751: ; Pos = 2fcad push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 cmp byte [eax+0xff],0x1 jnz JUMP_003058 mov byte [ebx+0xff],0x1 mov al,[ebx+0x100] mov [ebx+0xfe],al mov word [ebx+0x102],0x0 mov word [ebx+0x104],0x0 mov word [ebx+0x106],0x0 push ebx call FUNC_000732 pop ecx push ebx call FUNC_000753 pop ecx JUMP_003058: ; Pos = 2fd11 pop ebx pop ebp ret FUNC_000752: ; Pos = 2fd14 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000732 pop ecx push ebx call FUNC_000753 pop ecx pop ebx pop ebp ret FUNC_000753: ; Pos = 2fd2c push ebp mov ebp,esp add esp,byte -0x1c push ebx mov ebx,[ebp+0x8] push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edx,0x1 push dword [DATA_009133] lea ecx,[ebp-0x10] push ecx lea ecx,[ebp-0x4] push ecx push edx push eax push ebx call near [DATA_006158] ; FUNC_000610 add esp,byte +0x18 cmp dword [ebp-0x4],byte +0xa jng JUMP_003059 push ebx call FUNC_000749 pop ecx jmp JUMP_003064 JUMP_003059: ; Pos = 2fd7f or byte [DATA_009046],0x2 push byte +0x1 push byte +0x37 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 cmp dword [ebp-0x4],byte +0x5 jnl JUMP_003060 mov byte [ebx+0xff],0x3 push ebx call FUNC_000756 pop ecx xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc jmp JUMP_003064 JUMP_003060: ; Pos = 2fdc0 mov eax,[ebp-0x4] sub eax,byte +0x5 jz JUMP_003062 dec eax sub eax,byte +0x3 jc JUMP_003061 mov byte [ebx+0xff],0x1 push ebx call near [DATA_006145] ; FUNC_000587 pop ecx lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push ebx call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc jmp short JUMP_003063 JUMP_003061: ; Pos = 2fdf1 push ebx call near [DATA_006145] ; FUNC_000587 pop ecx lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push ebx call FUNC_000598 add esp,byte +0xc push ebx call FUNC_000754 pop ecx jmp short JUMP_003063 JUMP_003062: ; Pos = 2fe13 push ebx call near [DATA_006145] ; FUNC_000587 pop ecx lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push ebx call FUNC_000598 add esp,byte +0xc push ebx call FUNC_000754 pop ecx JUMP_003063: ; Pos = 2fe33 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003064: ; Pos = 2fe48 pop ebx mov esp,ebp pop ebp ret FUNC_000754: ; Pos = 2fe4d push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi mov ebx,[ebp+0x8] cmp byte [ebx+0xff],0x1 jz JUMP_003065 cmp byte [ebx+0xff],0x2 jnz JUMP_003067 JUMP_003065: ; Pos = 2fe6a movsx eax,word [ebx+0x108] mov [ebp-0x18],eax movsx eax,word [ebx+0x10a] mov [ebp-0x14],eax movsx eax,word [ebx+0x10c] mov [ebp-0x10],eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0xc] push eax call FUNC_001518 add esp,byte +0x8 mov eax,[ebx+0x18] sar eax,0x10 imul dword [ebp-0xc] mov edx,[ebx+0x1c] sar edx,0x10 imul edx,[ebp-0x8] add eax,edx mov edx,[ebx+0x20] sar edx,0x10 imul edx,[ebp-0x4] add eax,edx cmp eax,0x20000000 jg JUMP_003066 mov byte [ebx+0xff],0x1 jmp short JUMP_003067 JUMP_003066: ; Pos = 2fec9 mov byte [ebx+0xff],0x2 JUMP_003067: ; Pos = 2fed0 call near [DATA_007752] ; FUNC_001530 mov esi,eax cmp esi,0x2000 jnc JUMP_003068 and esi,byte +0x7 inc esi xor eax,eax mov al,[ebx+0xfe] push eax push esi push ebx call FUNC_000941 add esp,byte +0xc test eax,eax jnz JUMP_003068 push ebx call FUNC_000937 pop ecx JUMP_003068: ; Pos = 2ff02 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000755: ; Pos = 2ff08 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000732 pop ecx push ebx call FUNC_000756 pop ecx pop ebx pop ebp ret FUNC_000756: ; Pos = 2ff20 push ebp mov ebp,esp add esp,byte -0x28 push ebx push esi mov ebx,[ebp+0x8] push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 lea edx,[ebp-0x4] push edx lea edx,[ebp-0x10] push edx push eax push ebx call near [DATA_006148] ; FUNC_000590 add esp,byte +0x10 mov ax,[ebp-0x10] mov [ebx+0x108],ax mov ax,[ebp-0xc] mov [ebx+0x10a],ax mov ax,[ebp-0x8] mov [ebx+0x10c],ax mov ax,[ebp-0x4] mov [ebx+0x10e],ax push ebx call near [DATA_006146] ; FUNC_000588 pop ecx mov eax,[ebx+0x8c] sub eax,[DATA_008839] mov [ebp-0x28],eax mov eax,[ebx+0x90] sub eax,[DATA_008840] mov [ebp-0x24],eax mov eax,[ebx+0x94] sub eax,[DATA_008841] mov [ebp-0x20],eax push dword [ebp-0x28] push dword [ebx+0xc] call FUNC_001521 add esp,byte +0x8 mov esi,eax neg esi push dword [ebp-0x24] push dword [ebx+0x10] call FUNC_001521 add esp,byte +0x8 add esi,eax push dword [ebp-0x20] push dword [ebx+0x14] call FUNC_001521 add esp,byte +0x8 add esi,eax shl esi,0x2 mov [ebp-0x10],esi push dword [ebp-0x28] push dword [ebx] call FUNC_001521 add esp,byte +0x8 mov esi,eax neg esi push dword [ebp-0x24] push dword [ebx+0x4] call FUNC_001521 add esp,byte +0x8 add esi,eax push dword [ebp-0x20] push dword [ebx+0x8] call FUNC_001521 add esp,byte +0x8 add esi,eax shl esi,0x2 mov [ebp-0xc],esi mov dword [ebp-0x8],0x7fff lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push ebx call FUNC_000598 add esp,byte +0xc cmp dword [ebp-0x4],byte +0xa jng JUMP_003069 push ebx call FUNC_000749 pop ecx jmp short JUMP_003071 JUMP_003069: ; Pos = 3004d or byte [DATA_009046],0x2 push byte +0x1 push byte +0x37 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 cmp dword [ebp-0x4],byte +0x6 jng JUMP_003070 mov byte [ebx+0xff],0x1 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003070: ; Pos = 30082 push ebx call FUNC_000754 pop ecx JUMP_003071: ; Pos = 30089 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000757: ; Pos = 3008f push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi mov ebx,[ebp+0x8] push ebx call FUNC_000732 pop ecx xor eax,eax mov [ebp-0x8],eax mov [ebp-0xc],eax mov dword [ebp-0x4],0x7fff lea eax,[ebp-0x18] push eax lea eax,[ebp-0xc] push eax push ebx call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc push ebx call near [DATA_006146] ; FUNC_000588 pop ecx call near [DATA_007752] ; FUNC_001530 mov esi,eax cmp esi,0xa000 jna JUMP_003072 push ebx call FUNC_000935 pop ecx JUMP_003072: ; Pos = 300e1 mov eax,esi and ax,0xff add [ebx+0xb2],ax shr esi,0x8 and si,0xff add [ebx+0xb0],si pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000758: ; Pos = 30103 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi mov ebx,[ebp+0x8] inc word [ebx+0x9e] cmp word [ebx+0x9e],byte +0x3c jna JUMP_003073 push ebx call FUNC_000719 pop ecx jmp short JUMP_003075 JUMP_003073: ; Pos = 30128 push ebx call FUNC_000732 pop ecx push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax mov eax,0x3 push dword [DATA_009133] lea edx,[ebp-0x10] push edx lea edx,[ebp-0x4] push edx push eax push esi push ebx call near [DATA_006150] ; FUNC_000596 add esp,byte +0x18 cmp dword [ebp-0x4],byte +0x4 jng JUMP_003074 add dword [ebp-0x8],0x1108 lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push ebx call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc push ebx call near [DATA_006144] ; FUNC_000586 pop ecx jmp short JUMP_003075 JUMP_003074: ; Pos = 30191 push esi push ebx call FUNC_000721 add esp,byte +0x8 JUMP_003075: ; Pos = 3019b pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000759: ; Pos = 301a1 push ebp mov ebp,esp push dword [ebp+0x8] call FUNC_000732 pop ecx pop ebp ret FUNC_000760: ; Pos = 301af push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax+0x3e] add dword [eax+0x3e],0x1312d00 cmp edx,[eax+0x3e] jng JUMP_003076 inc dword [eax+0x42] JUMP_003076: ; Pos = 301c7 push eax call FUNC_000761 pop ecx pop ebp ret FUNC_000761: ; Pos = 301d0 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000775 pop ecx test eax,eax jnz JUMP_003077 push ebx call FUNC_000775 pop ecx test eax,eax jnz JUMP_003077 push ebx call FUNC_000762 pop ecx pop ebx pop ebp ret JUMP_003077: ; Pos = 301f7 mov byte [ebx+0xff],0x1d mov word [ebx+0x9e],0xffff mov dword [ebx+0xa4],0xffffffff push ebx call FUNC_000738 pop ecx xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc pop ebx pop ebp ret FUNC_000762: ; Pos = 30230 push ebp mov ebp,esp push ecx push ebx push esi mov ebx,[ebp+0x8] lea eax,[ebp-0x4] push eax call FUNC_000700 pop ecx mov esi,eax test esi,esi jnz JUMP_003078 push ebx call near [DATA_007218] ; FUNC_000925 pop ecx jmp short JUMP_003079 JUMP_003078: ; Pos = 30253 mov al,[esi+0x86] mov [ebx+0x100],al mov byte [ebx+0xff],0x8 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003079: ; Pos = 3027b pop esi pop ebx pop ecx pop ebp ret FUNC_000763: ; Pos = 30280 push ebp mov ebp,esp add esp,byte -0x8 push ebx mov ebx,[ebp+0x8] mov eax,[DATA_008804] mov [ebp-0x4],eax mov eax,[DATA_008807] mov [ebp-0x8],eax lea eax,[ebx+0xa8] push eax lea eax,[ebx+0xac] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_000739 add esp,byte +0x10 test al,al jz JUMP_003081 mov eax,[ebp-0x4] test eax,eax jns JUMP_003080 add eax,0xff JUMP_003080: ; Pos = 302c8 sar eax,0x8 inc eax mov edx,eax neg eax mov [ebx+0xa4],eax jmp short JUMP_003082 JUMP_003081: ; Pos = 302d8 push ebx call near [DATA_007218] ; FUNC_000925 pop ecx JUMP_003082: ; Pos = 302e0 pop ebx pop ecx pop ecx pop ebp ret FUNC_000764: ; Pos = 302e5 push ebp mov ebp,esp add esp,byte -0x8 push ebx mov ebx,[ebp+0x8] mov eax,[DATA_008804] mov [ebp-0x4],eax mov eax,[DATA_008807] mov [ebp-0x8],eax lea eax,[ebx+0xa8] push eax lea eax,[ebx+0xac] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_000739 add esp,byte +0x10 test al,al jz JUMP_003083 mov eax,[ebp-0x4] shr eax,0x3 mov edx,[ebp-0x8] shl edx,0x1d and eax,edx not eax mov [ebx+0xa4],eax jmp short JUMP_003084 JUMP_003083: ; Pos = 30339 push ebx call near [DATA_007218] ; FUNC_000925 pop ecx JUMP_003084: ; Pos = 30341 pop ebx pop ecx pop ecx pop ebp ret FUNC_000765: ; Pos = 30346 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0x88],0x10 jl JUMP_003085 dec byte [DATA_009102] push eax call near [DATA_007218] ; FUNC_000925 pop ecx JUMP_003085: ; Pos = 30363 pop ebp ret FUNC_000766: ; Pos = 30365 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0x88],0xf jl JUMP_003086 push eax call FUNC_000940 pop ecx JUMP_003086: ; Pos = 3037b pop ebp ret FUNC_000767: ; Pos = 3037d push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000732 pop ecx cmp byte [ebx+0x88],0xd jl JUMP_003087 push ebx call near [DATA_007218] ; FUNC_000925 pop ecx JUMP_003087: ; Pos = 3039c pop ebx pop ebp ret FUNC_000768: ; Pos = 3039f push ebp mov ebp,esp mov eax,[ebp+0x8] dec byte [eax+0x14e] mov dl,[eax+0x14e] test dl,dl jnl JUMP_003088 mov byte [eax+0xff],0x16 movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003088: ; Pos = 303d0 pop ebp ret FUNC_000769: ; Pos = 303d2 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0x8b],0x0 jnz JUMP_003089 cmp byte [eax+0x88],0x14 jg JUMP_003089 mov edx,[DATA_009045] shl edx,0x8 add [eax+0xb0],edx mov edx,[eax+0xb0] cmp edx,[DATA_007706] jc JUMP_003090 JUMP_003089: ; Pos = 30407 push eax call FUNC_000940 pop ecx JUMP_003090: ; Pos = 3040e pop ebp ret FUNC_000770: ; Pos = 30410 push ebp mov ebp,esp add esp,byte -0x4c push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000732 pop ecx push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 movsx edx,byte [ebx+0x101] push dword [DATA_009133] lea ecx,[ebp-0x10] push ecx lea ecx,[ebp-0x4] push ecx push edx push eax push ebx call near [DATA_006150] ; FUNC_000596 add esp,byte +0x18 cmp dword [ebp-0x4],byte +0xa jl JUMP_003091 lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x10] push eax push ebx call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc push ebx call near [DATA_006145] ; FUNC_000587 pop ecx jmp JUMP_003093 JUMP_003091: ; Pos = 3047c xor eax,eax mov al,[ebx+0xfe] cmp eax,[DATA_008857] jnz JUMP_003092 mov dword [ebp-0x4c],0x98d0 mov dword [ebp-0x34],0xd mov eax,[ebx+0xa0] mov [ebp-0x40],eax mov eax,[ebx+0x11a] mov [ebp-0x28],eax mov [ebp-0x30],ebx lea eax,[ebp-0x4c] push eax call FUNC_000349 pop ecx call FUNC_001903_SoundStopSong ; FIX: Combat vel fudge issues call FUNC_SetupCombatVelocity JUMP_003092: ; Pos = 304be mov byte [ebx+0xff],0x1 mov word [ebx+0x102],0x0 mov word [ebx+0x104],0x0 mov word [ebx+0x106],0x0 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc push ebx call FUNC_000753 pop ecx JUMP_003093: ; Pos = 304da pop ebx mov esp,ebp pop ebp ret FUNC_000771: ; Pos = 304df push ebp mov ebp,esp push dword [ebp+0x10] push dword [ebp+0xc] push dword [ebp+0x8] call FUNC_000773 add esp,byte +0xc pop ebp ret FUNC_000772: ; Pos = 304f5 push ebp mov ebp,esp push ecx push ebx mov ebx,[ebp+0x8] lea eax,[ebp-0x2] push eax push ebx call FUNC_000658 add esp,byte +0x8 push eax push ebx push dword DATA_006259 call FUNC_000773 add esp,byte +0xc pop ebx pop ecx pop ebp ret FUNC_000773: ; Pos = 3051d push ebp mov ebp,esp add esp,byte -0x28 push ebx push esi push edi mov ebx,[ebp+0xc] lea eax,[ebp-0x4] push eax push dword [ebp+0x10] push byte +0x4f push dword [ebp+0x8] push dword [DATA_009133] call near [DATA_007198] ; FUNC_000927 add esp,byte +0x14 mov esi,eax cmp dword [ebp-0x4],byte +0x0 jnz JUMP_003094 xor eax,eax jmp JUMP_003112 JUMP_003094: ; Pos = 30553 mov byte [esi+0x87],0xb mov [esi+0x118],bl lea eax,[ebp-0x28] push eax movsx eax,byte [ebx+DATA_006267] push eax push esi call FUNC_000703 add esp,byte +0xc push dword [esi+0x82] call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] mov [ebp-0x14],eax call near [DATA_007752] ; FUNC_001530 and ax,0xffff mov [ebp-0xa],ax cmp byte [esi+0x118],0xe jnz JUMP_003095 xor eax,eax mov [esi+0xa0],eax mov ax,[DATA_008995] shl eax,0x8 mov [ebp-0xa],ax JUMP_003095: ; Pos = 305b4 cmp byte [esi+0x118],0x10 jnz JUMP_003096 mov word [ebp-0xa],0xffff JUMP_003096: ; Pos = 305c3 movzx eax,word [esi+0x116] mov [ebp-0x8],eax xor edi,edi call near [DATA_007752] ; FUNC_001530 mov edx,eax mov eax,[ebp-0x14] movsx eax,word [eax+0x14] cmp byte [esi+0x118],0xc jnz JUMP_003097 mov edx,0xffff JUMP_003097: ; Pos = 305ec cmp edx,0xf000 jna JUMP_003098 cmp byte [esi+0x118],0x1 jz JUMP_003098 dec dword [ebp-0x8] or edi,0x100 JUMP_003098: ; Pos = 30606 test eax,eax jl JUMP_003100 cmp edx,0xc000 jna JUMP_003099 shr eax,0x8 JUMP_003099: ; Pos = 30615 and eax,byte +0xf mov [esi+0xd0],al mov eax,[eax*4+DATA_006261] sub [ebp-0x8],eax JUMP_003100: ; Pos = 30628 movsx eax,byte [esi+0xd0] mov ebx,[eax*4+DATA_006266] shl ebx,0x18 mov [esi+0x11e],ebx mov ebx,[eax*4+DATA_006262] cmp ebx,[ebp-0x8] jc JUMP_003101 mov ebx,[ebp-0x8] JUMP_003101: ; Pos = 3064e mov eax,[ebp-0x8] sub eax,ebx mov [ebp-0x8],eax mov [esi+0x119],bl lea eax,[ebp-0x8] push eax push esi call FUNC_000774 add esp,byte +0x8 mov [esi+0xd2],al mov ebx,[ebp-0x8] cmp ebx,0x12c jna JUMP_003102 mov ebx,0x12c JUMP_003102: ; Pos = 3067f cmp byte [esi+0x118],0x1 jnz JUMP_003103 mov ecx,0x4 mov eax,ebx xor edx,edx div ecx mov ebx,eax JUMP_003103: ; Pos = 30695 mov ecx,0x4 mov eax,ebx xor edx,edx div ecx mov ebx,eax movzx eax,word [ebp-0xa] imul ebx mov ecx,0xffff xor edx,edx div ecx mov ebx,eax push ebx call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax push ebx call near [DATA_007217] ; FUNC_000922 pop ecx add eax,eax mov ebx,eax mov eax,[ebp-0x8] sub eax,ebx mov [ebp-0x8],eax shl ebx,0x4 mov [esi+0xe2],bx cmp dword [ebp-0x8],byte +0x2 jl JUMP_003105 movzx eax,word [ebp-0xa] push eax call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax cmp ebx,0xc000 jc JUMP_003104 or edi,0x80 sub dword [ebp-0x8],byte +0x2 jmp short JUMP_003105 JUMP_003104: ; Pos = 30703 cmp ebx,0x4000 jc JUMP_003105 or edi,byte +0x8 sub dword [ebp-0x8],byte +0x2 JUMP_003105: ; Pos = 30712 cmp dword [ebp-0x8],byte +0x0 jng JUMP_003108 mov eax,[ebp-0x14] movsx eax,word [eax+0x12] mov [ebp-0x10],eax mov eax,[ebp-0x10] inc eax push eax call near [DATA_007217] ; FUNC_000922 pop ecx mov [ebp-0x10],eax cmp dword [ebp-0x10],byte +0x1 jl JUMP_003108 movzx eax,word [ebp-0xa] sar eax,0xc xor ebx,ebx mov bl,[eax+DATA_006260] jmp short JUMP_003107 JUMP_003106: ; Pos = 30748 mov eax,[ebp-0x10] mov [esi+eax+0xd6],bl dec dword [ebp-0x8] dec dword [ebp-0x10] JUMP_003107: ; Pos = 30758 cmp dword [ebp-0x8],byte +0x0 jng JUMP_003108 cmp dword [ebp-0x10],byte +0x0 jnz JUMP_003106 JUMP_003108: ; Pos = 30764 cmp dword [ebp-0x8],byte +0x0 jng JUMP_003110 movzx eax,word [ebp-0xa] push eax call near [DATA_007217] ; FUNC_000922 pop ecx cmp eax,0x800 jc JUMP_003109 dec dword [ebp-0x8] or edi,byte +0x4 JUMP_003109: ; Pos = 30783 movzx eax,word [ebp-0xa] push eax call near [DATA_007217] ; FUNC_000922 pop ecx cmp eax,0xfc00 jc JUMP_003110 cmp dword [ebp-0x8],byte +0x4 jl JUMP_003110 cmp byte [esi+0x118],0xe jz JUMP_003110 sub dword [ebp-0x8],byte +0x4 or edi,0x400 JUMP_003110: ; Pos = 307af or edi,0x4000 movsx eax,byte [esi+0x118] mov ebx,[eax*4+DATA_006263] imul ebx,[ebp-0x8] cmp ebx,0xaf jna JUMP_003111 mov ebx,0xaf JUMP_003111: ; Pos = 307d4 mov eax,[ebp-0x8] sub eax,ebx mov [ebp-0x8],eax add [esi+0x119],bl mov ax,[ebp-0x8] mov [esi+0x116],ax mov eax,edi sar eax,0x10 shl edi,0x10 or eax,edi mov [esi+0xc8],eax mov eax,esi JUMP_003112: ; Pos = 307ff pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000774: ; Pos = 30806 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,DATA_006265 push byte +0x33 call near [DATA_007217] ; FUNC_000922 pop ecx mov edx,eax mov eax,[ebp+0x8] movsx eax,byte [eax+0x118] add edx,[eax*4+DATA_006264] imul edx,[ebx] shr edx,0x8 mov eax,0x1 JUMP_003113: ; Pos = 3083a cmp edx,[esi+eax*8+0x4] jc JUMP_003114 inc eax cmp eax,byte +0x9 jl JUMP_003113 JUMP_003114: ; Pos = 30846 dec eax mov edx,[ebx] sub edx,[esi+eax*8+0x4] mov [ebx],edx mov al,[esi+eax*8] pop esi pop ebx pop ebp ret FUNC_000775: ; Pos = 30856 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] push byte +0x1 push esi call FUNC_000776 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnz JUMP_003115 push byte +0x1 push esi call FUNC_000776 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnz JUMP_003115 push byte +0x0 push esi call FUNC_000776 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnz JUMP_003115 push byte +0x0 push esi call FUNC_000776 add esp,byte +0x8 mov ebx,eax test ebx,ebx jz JUMP_003116 JUMP_003115: ; Pos = 308a2 mov eax,ebx jmp short JUMP_003117 JUMP_003116: ; Pos = 308a6 xor eax,eax JUMP_003117: ; Pos = 308a8 pop esi pop ebx pop ebp ret FUNC_000776: ; Pos = 308ac push ebp mov ebp,esp add esp,byte -0x44 push ebx mov ebx,[ebp+0x8] push dword [ebp+0xc] push dword [DATA_008885] call FUNC_000857 add esp,byte +0x8 mov [ebp-0x2c],eax cmp dword [ebp-0x2c],byte +0x0 jnz JUMP_003118 xor eax,eax jmp JUMP_003121 JUMP_003118: ; Pos = 308d7 mov eax,[ebp-0x2c] mov [ebx+0xf2],eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x18] push eax push dword [ebp-0x2c] call FUNC_000870 add esp,byte +0x14 cmp dword [ebp-0xc],byte +0x3 jg JUMP_003119 xor eax,eax jmp short JUMP_003121 JUMP_003119: ; Pos = 30905 lea eax,[ebp-0x38] push eax lea eax,[ebp-0x34] push eax lea eax,[ebp-0x30] push eax lea eax,[ebp-0x44] push eax push dword [ebp-0x2c] call FUNC_000859 add esp,byte +0x14 mov [ebp-0x4],eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x28] push eax lea eax,[ebp-0x24] push eax lea eax,[ebp-0x20] push eax lea eax,[ebp-0x4] push eax push ebx call FUNC_000901 add esp,byte +0x1c test eax,eax jnl JUMP_003120 xor eax,eax jmp short JUMP_003121 JUMP_003120: ; Pos = 3094c mov ax,[ebp-0x8] mov [ebx+0xf6],ax mov eax,[ebp-0x1c] mov [ebx+0xfa],eax mov eax,[ebp-0x2c] JUMP_003121: ; Pos = 30963 pop ebx mov esp,ebp pop ebp ret FUNC_000777: ; Pos = 30968 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov al,[ebp+0x10] push eax push dword [DATA_008807] push dword [DATA_008804] push esi call FUNC_000731 add esp,byte +0x10 mov edi,0x72 JUMP_003122: ; Pos = 30992 mov eax,[DATA_009133] cmp byte [eax+edi],0x0 jz JUMP_003123 push ebx push esi imul eax,edi,0x152 add eax,[DATA_009133] add eax,byte +0x74 push eax call FUNC_000780 add esp,byte +0xc JUMP_003123: ; Pos = 309b7 dec edi test edi,edi jg JUMP_003122 pop edi pop esi pop ebx pop ebp ret FUNC_000778: ; Pos = 309c1 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0x87],0xb jnz JUMP_003124 xor edx,edx mov dl,[eax+0xff] shl edx,0x4 mov edx,[edx+DATA_006258] test edx,edx jz JUMP_003124 mov cl,[ebp+0xc] push ecx push eax call edx add esp,byte +0x8 JUMP_003124: ; Pos = 309ef pop ebp ret FUNC_000779: ; Pos = 309f1 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [eax],byte +0x0 jz JUMP_003125 mov dl,[eax+0x8] push edx push dword [eax+0x4] call FUNC_000778 add esp,byte +0x8 pop ebp ret JUMP_003125: ; Pos = 30a0d mov dl,[eax+0x9] push edx mov dl,[eax+0x8] push edx push dword [eax+0x4] call FUNC_000777 add esp,byte +0xc pop ebp ret FUNC_000780: ; Pos = 30a22 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0x87],0xb jnz JUMP_003126 xor edx,edx mov dl,[eax+0xff] shl edx,0x4 mov edx,[edx+DATA_006257] test edx,edx jz JUMP_003126 mov cl,[ebp+0x10] push ecx push dword [ebp+0xc] push eax call edx add esp,byte +0xc JUMP_003126: ; Pos = 30a53 pop ebp ret FUNC_000781: ; Pos = 30a55 push ebp mov ebp,esp push ebx push esi mov ecx,[ebp+0x10] mov edx,[ebp+0xc] mov eax,[ebp+0x8] movsx ebx,cl movzx esi,byte [eax+0xfe] cmp ebx,esi jnz JUMP_003128 mov bl,[edx+0x100] mov [eax+0xfe],bl cmp byte [edx+0x100],0x0 jnz JUMP_003127 push ecx push edx push eax call FUNC_000783 add esp,byte +0xc jmp short JUMP_003128 JUMP_003127: ; Pos = 30a93 mov byte [eax+0xff],0x5 movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003128: ; Pos = 30aae pop esi pop ebx pop ebp ret FUNC_000782: ; Pos = 30ab2 push ebp mov ebp,esp push ebx mov edx,[ebp+0x10] mov eax,[ebp+0x8] movsx ecx,dl xor ebx,ebx mov bl,[eax+0xfe] cmp ecx,ebx jnz JUMP_003129 push edx push dword [ebp+0xc] push eax call FUNC_000783 add esp,byte +0xc JUMP_003129: ; Pos = 30ad8 pop ebx pop ebp ret FUNC_000783: ; Pos = 30adb push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0x118],0xe jnz JUMP_003130 mov byte [DATA_008647],0x0 and byte [DATA_008646],0xfe JUMP_003130: ; Pos = 30af8 push eax call FUNC_000762 pop ecx pop ebp ret FUNC_000784: ; Pos = 30b01 push ebp mov ebp,esp push ebx mov edx,[ebp+0x10] mov eax,[ebp+0x8] movsx ecx,dl xor ebx,ebx mov bl,[eax+0xfe] cmp ecx,ebx jnz JUMP_003131 mov word [eax+0x9e],0x3c JUMP_003131: ; Pos = 30b23 movsx edx,dl xor ecx,ecx mov cl,[eax+0x100] cmp edx,ecx jnz JUMP_003132 mov byte [eax+0x100],0x0 JUMP_003132: ; Pos = 30b39 pop ebx pop ebp ret FUNC_000785: ; Pos = 30b3c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] movsx eax,byte [ebp+0xc] cmp eax,[DATA_008857] jnz JUMP_003133 call near [DATA_007752] ; FUNC_001530 sar eax,0x6 mov [ebx+0xb2],ax mov byte [ebx+0xff],0x3 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003133: ; Pos = 30b7b pop ebx pop ebp ret FUNC_000786: ; Pos = 30b7e push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp byte [ebx+0x118],0x10 jnz JUMP_003134 mov dword [ebx+0x11a],0x1 JUMP_003134: ; Pos = 30b98 mov byte [ebx+0xff],0x1f mov eax,[DATA_008804] mov [ebx+0xa8],eax mov eax,[DATA_008807] mov [ebx+0xac],eax xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc mov al,[ebp+0xc] push eax push ebx call FUNC_000790 add esp,byte +0x8 pop ebx pop ebp ret FUNC_000787: ; Pos = 30bda push ebp mov ebp,esp mov eax,[ebp+0x8] xor edx,edx mov dl,[eax+0x86] mov ecx,[DATA_007758] mov byte [ecx+edx],0x4f mov byte [eax+0xff],0x21 movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc pop ebp ret FUNC_000788: ; Pos = 30c0f push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push dword [DATA_009133] xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 push eax mov al,[ebx+0x86] push eax call FUNC_000651 add esp,byte +0x8 pop ebx pop ebp ret FUNC_000789: ; Pos = 30c41 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] movsx eax,bl cmp eax,[DATA_008857] jnz JUMP_003135 mov [esi+0xfe],bl mov byte [esi+0xff],0x1 xor eax,eax mov al,[esi+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003135: ; Pos = 30c79 push ebx push esi call FUNC_000790 add esp,byte +0x8 pop esi pop ebx pop ebp ret FUNC_000790: ; Pos = 30c87 push ebp mov ebp,esp movsx eax,byte [ebp+0xc] cmp eax,[DATA_008857] jnz JUMP_003136 test byte [DATA_008860],0x3 jz JUMP_003136 push byte +0x0 push byte +0xa call FUNC_000237 add esp,byte +0x8 JUMP_003136: ; Pos = 30cab pop ebp ret FUNC_000791: ; Pos = 30cb0 push ebp mov ebp,esp push eax mov eax,0x2 JUMP_003137: ; Pos = 30cb9 add esp,0xfffff004 push eax dec eax jnz JUMP_003137 mov eax,[ebp-0x4] add esp,byte -0x48 push ebx push esi push edi mov esi,[ebp+0x14] mov ebx,[ebp+0x8] cmp ebx,byte +0x16 jnl JUMP_003139 cmp ebx,byte +0x6 jnl JUMP_003138 mov eax,[ebp+0x10] shl eax,0x10 mov edx,[ebp+0x10] shr edx,0x10 or eax,edx add eax,[ebp+0x10] mov [ebp-0x4],eax mov eax,[ebp+0x10] shr eax,0x19 mov edx,[ebp+0x10] shl edx,0x7 or eax,edx mov [ebp+0x10],eax jmp short JUMP_003139 JUMP_003138: ; Pos = 30d03 mov eax,[ebp+0x10] shl eax,0x10 mov edx,[ebp+0x10] shr edx,0x10 or eax,edx mov [ebp-0x4],eax mov eax,[ebp-0x4] add [ebp+0x10],eax mov eax,[ebp-0x4] shr eax,0x19 mov edx,[ebp-0x4] shl edx,0x7 or eax,edx mov [ebp-0x4],eax mov eax,[ebp-0x4] add [ebp+0x10],eax mov eax,[ebp-0x4] shr eax,0x1c mov edx,[ebp-0x4] shl edx,0x4 or eax,edx mov [ebp-0x4],eax mov eax,[ebp-0x4] add [ebp+0x10],eax JUMP_003139: ; Pos = 30d48 mov eax,ebx cmp eax,byte +0x19 ja near JUMP_003160 jmp near [eax*4+DATA_000031] SECTION .data DATA_000031: ; Pos = 30d5a dd JUMP_003160 dd JUMP_003140 dd JUMP_003141 dd JUMP_003143 dd JUMP_003142 dd JUMP_003143 dd JUMP_003146 dd JUMP_003146 dd JUMP_003146 dd JUMP_003146 dd JUMP_003146 dd JUMP_003146 dd JUMP_003146 dd JUMP_003146 dd JUMP_003146 dd JUMP_003160 dd JUMP_003151 dd JUMP_003150 dd JUMP_003147 dd JUMP_003148 dd JUMP_003149 dd JUMP_003160 dd JUMP_003152 dd JUMP_003153 dd JUMP_003154 dd JUMP_003157 SECTION .text JUMP_003140: ; Pos = 30dc2 lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax push byte +0x69 call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov edi,eax lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi push esi call FUNC_000792 add esp,byte +0x14 mov byte [eax-0x1],0x20 lea edx,[ebp-0x4] push edx lea edx,[ebp+0x10] push edx mov edx,[ebp+0xc] push edx push edi push eax call FUNC_000793 add esp,byte +0x14 jmp JUMP_003161 JUMP_003141: ; Pos = 30e0c lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax push byte +0x3c call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov edi,eax add edi,0xe0 lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi push esi call FUNC_000792 add esp,byte +0x14 mov byte [eax-0x1],0x20 lea edx,[ebp-0x4] push edx lea edx,[ebp+0x10] push edx mov edx,[ebp+0xc] push edx push edi push eax call FUNC_000793 add esp,byte +0x14 jmp JUMP_003161 JUMP_003142: ; Pos = 30e5c lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax push ebx call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax push dword 0x8a call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov edi,eax add edi,byte +0x59 push esi mov eax,[ebp+0xc] push eax push edi call FUNC_000800 add esp,byte +0xc jmp JUMP_003161 JUMP_003143: ; Pos = 30e9c ; Fix: Female only crew members lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax push dword 0xff call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc test al,0x40 jz JUMP_003144 lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax push byte +0x3c call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov edi,eax add edi,0xe0 jmp short JUMP_003145 JUMP_003144: ; Pos = 30ebf lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax push byte +0x69 call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov edi,eax JUMP_003145: ; Pos = 30ed4 lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi push esi call FUNC_000792 add esp,byte +0x14 cmp ebx,byte +0x3 jnz near JUMP_003161 mov byte [eax-0x1],0x20 lea edx,[ebp-0x4] push edx lea edx,[ebp+0x10] push edx mov edx,[ebp+0xc] push edx push edi push eax call FUNC_000793 add esp,byte +0x14 jmp JUMP_003161 JUMP_003146: ; Pos = 30f12 lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi lea eax,[ebp-0x2c] push eax call FUNC_000793 add esp,byte +0x14 lea eax,[ebp-0x2c] mov edx,[ebp+0xc] mov [edx+0xc],eax lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax mov eax,[ebx*4+DATA_006275] push eax call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov edi,eax add edi,[ebx*4+DATA_006274] push esi mov eax,[ebp+0xc] push eax push edi call FUNC_000800 add esp,byte +0xc jmp JUMP_003161 JUMP_003147: ; Pos = 30f69 lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax push esi call FUNC_000795 add esp,byte +0xc jmp JUMP_003161 JUMP_003148: ; Pos = 30f7f lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax push esi call FUNC_000796 add esp,byte +0xc jmp JUMP_003161 JUMP_003149: ; Pos = 30f95 lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax push esi call FUNC_000797 add esp,byte +0xc jmp JUMP_003161 JUMP_003150: ; Pos = 30fab lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi lea eax,[ebp-0x4c] push eax call FUNC_000794 add esp,byte +0x14 lea eax,[ebp-0x4c] mov edx,[ebp+0xc] mov [edx+0xc],eax lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax mov eax,[DATA_006279] push eax call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov edi,eax add edi,[DATA_006277] push esi mov eax,[ebp+0xc] push eax push edi call FUNC_000800 add esp,byte +0xc jmp JUMP_003161 JUMP_003151: ; Pos = 30fff lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi lea eax,[ebp-0x6c] push eax call FUNC_000794 add esp,byte +0x14 lea eax,[ebp-0x6c] mov edx,[ebp+0xc] mov [edx+0xc],eax lea eax,[ebp-0x4] push eax lea eax,[ebp+0x10] push eax mov eax,[DATA_006278] push eax call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc mov edi,eax add edi,[DATA_006276] push esi mov eax,[ebp+0xc] push eax push edi call FUNC_000800 add esp,byte +0xc jmp JUMP_003161 JUMP_003152: ; Pos = 31053 push esi mov edi,DATA_008919 xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi push esi call _strlen pop ecx add eax,esi inc eax jmp JUMP_003161 JUMP_003153: ; Pos = 31086 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x10] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0xe] push eax push esi call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc jmp JUMP_003161 JUMP_003154: ; Pos = 310ac mov eax,[ebp+0xc] mov eax,[eax+0x4] mov [ebp-0x8],eax mov eax,[ebp-0x8] push eax lea eax,[ebp+0xffffefa4] push eax call FUNC_000461 add esp,byte +0x8 test eax,eax jz JUMP_003155 lea eax,[esi+0x1] jmp JUMP_003161 JUMP_003155: ; Pos = 310d4 mov eax,[ebp+0x10] push eax lea eax,[ebp+0xffffefa4] push eax call FUNC_000464 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnz JUMP_003156 lea eax,[esi+0x1] jmp JUMP_003161 JUMP_003156: ; Pos = 310f5 add ebx,byte +0x26 push esi mov edi,ebx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi push esi call _strlen pop ecx add eax,esi inc eax jmp JUMP_003161 JUMP_003157: ; Pos = 31128 mov eax,[ebp+0xc] mov eax,[eax+0x4] mov [ebp-0xc],eax mov eax,[ebp-0xc] push eax lea eax,[ebp+0xffffdfb4] push eax call FUNC_000461 add esp,byte +0x8 test eax,eax jz JUMP_003158 lea eax,[esi+0x1] jmp short JUMP_003161 JUMP_003158: ; Pos = 3114d mov eax,[ebp+0x10] push eax lea eax,[ebp+0xffffdfb4] push eax call FUNC_000465 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnz JUMP_003159 lea eax,[esi+0x1] jmp short JUMP_003161 JUMP_003159: ; Pos = 3116b add ebx,byte +0x26 push esi mov edi,ebx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi push esi call _strlen pop ecx add eax,esi inc eax jmp short JUMP_003161 JUMP_003160: ; Pos = 3119b push esi mov edi,esi mov esi,DATA_006790 mov eax,edi movsd movsb pop esi push esi call _strlen pop ecx add eax,esi inc eax JUMP_003161: ; Pos = 311b2 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000792: ; Pos = 311bc push ebp mov ebp,esp mov eax,[ebp+0x8] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax call FUNC_000800 add esp,byte +0xc pop ebp ret FUNC_000793: ; Pos = 311d8 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x14] mov edi,[ebp+0x10] mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[esi] and eax,0xff cmp eax,byte +0x19 jc JUMP_003162 mov eax,[ebp+0x18] push eax push esi push dword 0x8a call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc add eax,byte +0x59 push ebx push edi push eax call FUNC_000800 add esp,byte +0xc mov ebx,eax jmp short JUMP_003164 JUMP_003162: ; Pos = 3121b mov eax,[ebp+0x18] push eax push esi push byte +0xa call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc add eax,byte +0x4f push ebx push edi push eax call FUNC_000800 add esp,byte +0xc mov ebx,eax mov byte [ebx-0x1],0x73 test byte [esi+0x1],0x8 jnz JUMP_003163 mov byte [ebx],0x6f inc ebx mov byte [ebx],0x6e inc ebx JUMP_003163: ; Pos = 3124d mov byte [ebx],0x0 inc ebx JUMP_003164: ; Pos = 31251 mov eax,ebx pop edi pop esi pop ebx pop ebp ret FUNC_000794: ; Pos = 31258 push ebp mov ebp,esp push ebx mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax push byte +0x58 call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc add eax,0x18a push ebx mov edx,[ebp+0x10] push edx push eax call FUNC_000800 add esp,byte +0xc mov ebx,eax mov eax,ebx pop ebx pop ebp ret FUNC_000795: ; Pos = 31290 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000798 add esp,byte +0xc push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000798 add esp,byte +0xc mov eax,[ebp+0x8] mov byte [eax],0x2d inc dword [ebp+0x8] push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000799 add esp,byte +0xc push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000799 add esp,byte +0xc push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000799 add esp,byte +0xc mov eax,[ebp+0x8] mov byte [eax],0x0 inc dword [ebp+0x8] mov eax,[ebp+0x8] pop esi pop ebx pop ebp ret FUNC_000796: ; Pos = 312fc push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] mov eax,[ebp+0x8] mov byte [eax],0x20 inc dword [ebp+0x8] mov eax,[ebp+0x8] mov byte [eax],0x2b inc dword [ebp+0x8] push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000799 add esp,byte +0xc push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000799 add esp,byte +0xc push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000799 add esp,byte +0xc push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000798 add esp,byte +0xc mov eax,[ebp+0x8] mov byte [eax],0x0 inc dword [ebp+0x8] mov eax,[ebp+0x8] pop esi pop ebx pop ebp ret FUNC_000797: ; Pos = 31364 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000798 add esp,byte +0xc push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000798 add esp,byte +0xc mov eax,[ebp+0x8] mov byte [eax],0x2a inc dword [ebp+0x8] mov eax,[ebp+0x8] mov byte [eax],0x20 inc dword [ebp+0x8] mov eax,[ebp+0x8] mov byte [eax],0x20 inc dword [ebp+0x8] push esi push ebx lea eax,[ebp+0x8] push eax call FUNC_000799 add esp,byte +0xc mov eax,[ebp+0x8] mov byte [eax],0x0 inc dword [ebp+0x8] mov eax,[ebp+0x8] pop esi pop ebx pop ebp ret FUNC_000798: ; Pos = 313c4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push byte +0x1a call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc add al,0x41 mov edx,[ebx] mov [edx],al inc dword [ebx] pop ebx pop ebp ret FUNC_000799: ; Pos = 313ec push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push byte +0xa call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc add al,0x30 mov edx,[ebx] mov [edx],al inc dword [ebx] pop ebx pop ebp ret FUNC_000800: ; Pos = 31414 push ebp mov ebp,esp push dword DATA_006272 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] and eax,0x1ff push eax mov eax,[ebp+0x10] push eax call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret FUNC_000801: ; Pos = 31438 push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] and eax,0x1ff mov ecx,eax shr ecx,0x6 dec ecx jz JUMP_003165 dec ecx jz JUMP_003166 dec ecx jz JUMP_003167 dec ecx jz JUMP_003168 jmp short JUMP_003169 JUMP_003165: ; Pos = 3145a mov ecx,[edx] jmp short JUMP_003170 JUMP_003166: ; Pos = 3145e mov ecx,[edx+0x4] jmp short JUMP_003170 JUMP_003167: ; Pos = 31463 mov ecx,[edx+0x8] jmp short JUMP_003170 JUMP_003168: ; Pos = 31468 mov ecx,[edx+0x10] jmp short JUMP_003170 JUMP_003169: ; Pos = 3146d mov ecx,[edx+0xc] JUMP_003170: ; Pos = 31470 mov ebx,[ebp+0x10] push ebx push ecx push edx and eax,byte +0x3f push eax call FUNC_000791 add esp,byte +0x10 pop ebx pop ebp ret FUNC_000802: ; Pos = 31488 push ebp mov ebp,esp mov eax,[ebp+0x24] push eax push dword [ebp+0x20] push dword [ebp+0x1c] mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000817 add esp,byte +0x20 pop ebp ret nop FUNC_000803: ; Pos = 314b4 push ebp mov ebp,esp mov ecx,[ebp+0x18] mov eax,[ebp+0x8] add eax,byte +0x32 test byte [eax+0x8],0x1 jz JUMP_003171 mov byte [ecx],0x1e jmp short JUMP_003172 JUMP_003171: ; Pos = 314cb mov edx,eax mov eax,[eax+0x4] test byte [eax+0x8],0x1 jz JUMP_003171 mov dl,[edx+0x9] mov [ecx],dl JUMP_003172: ; Pos = 314db mov edx,[ebp+0x10] mov ecx,[eax+0xa] mov [edx],ecx mov ecx,[eax+0xe] mov [edx+0x4],ecx mov ecx,[eax+0x12] mov [edx+0x8],ecx mov edx,[ebp+0x14] mov cl,[eax+0x9] mov [edx],cl mov edx,[ebp+0xc] mov eax,[eax] mov [edx],eax pop ebp ret FUNC_000804: ; Pos = 31500 push ebp mov ebp,esp mov ecx,[ebp+0x8] mov edx,[ebp+0xc] add edx,byte +0x32 mov eax,[edx+0x4] jmp short JUMP_003174 JUMP_003173: ; Pos = 31511 mov edx,eax mov eax,[eax+0x4] JUMP_003174: ; Pos = 31516 cmp ecx,[eax] jnl JUMP_003173 mov eax,edx pop ebp ret nop nop FUNC_000805: ; Pos = 31520 push ebp mov ebp,esp mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov [eax+0x8],dl cmp dl,0x10 jz JUMP_003175 mov dl,[ebp+0x10] mov [eax+0x9],dl pop ebp ret JUMP_003175: ; Pos = 31539 mov byte [eax+0x9],0x1f pop ebp ret nop FUNC_000806: ; Pos = 31540 push ebp mov ebp,esp mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,[eax+0x2e] add dword [eax+0x2e],byte +0x16 mov eax,ecx mov ecx,[edx+0x4] mov [eax+0x4],ecx mov ecx,[ebp+0x10] mov [eax],ecx mov [edx+0x4],eax pop ebp ret nop nop FUNC_000807: ; Pos = 31564 push ebp mov ebp,esp mov edx,[ebp+0x8] lea eax,[edx+0x32] xor ecx,ecx mov [eax],ecx lea ecx,[eax+0x16] mov [eax+0x4],ecx mov byte [eax+0x8],0x2 mov byte [eax+0x9],0x1f add eax,byte +0x16 mov dword [eax],0x7ffffff1 xor ecx,ecx mov [eax+0x4],ecx mov byte [eax+0x8],0x15 mov byte [eax+0x9],0x1d lea eax,[edx+0x5e] mov [edx+0x2e],eax pop ebp ret nop nop nop FUNC_000808: ; Pos = 315a0 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi mov ebx,[ebp+0x10] mov esi,[ebp+0xc] jmp JUMP_003182 JUMP_003176: ; Pos = 315b3 sub al,0x7 jz JUMP_003177 dec al jz JUMP_003179 sub al,0x5 jz JUMP_003177 jmp JUMP_003181 JUMP_003177: ; Pos = 315c4 mov eax,[esi+0xa] mov [ebp-0xc],eax mov eax,[esi+0xe] mov [ebp-0x8],eax mov eax,[esi+0x12] mov [ebp-0x4],eax test bl,bl jz JUMP_003178 lea eax,[ebp-0xc] push eax push ebx call FUNC_000809 add esp,byte +0x8 JUMP_003178: ; Pos = 315e7 mov eax,[esi] mov edx,[esi+0x4] mov edx,[edx] cmp edx,eax jz JUMP_003183 movsx ecx,byte [esi+0x9] push ecx lea ecx,[ebp-0xc] push ecx push edx push eax mov eax,[ebp+0x8] push eax call FUNC_000811 add esp,byte +0x14 jmp short JUMP_003183 JUMP_003179: ; Pos = 3160b mov eax,[esi+0x4] mov edx,[eax+0xa] mov [ebp-0xc],edx mov edx,[eax+0xe] mov [ebp-0x8],edx mov edx,[eax+0x12] mov [ebp-0x4],edx test bl,bl jz JUMP_003180 lea eax,[ebp-0xc] push eax push ebx call FUNC_000809 add esp,byte +0x8 JUMP_003180: ; Pos = 31631 mov eax,[esi] mov edx,[esi+0x4] mov edx,[edx] cmp edx,eax jz JUMP_003181 movsx ecx,byte [esi+0x9] push ecx lea ecx,[ebp-0xc] push ecx push edx push eax mov eax,[ebp+0x8] push eax call FUNC_000810 add esp,byte +0x14 JUMP_003181: ; Pos = 31653 mov esi,[esi+0x4] JUMP_003182: ; Pos = 31656 mov al,[esi+0x8] cmp al,0x15 jnz near JUMP_003176 JUMP_003183: ; Pos = 31661 pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_000809: ; Pos = 31668 push ebp mov ebp,esp push ebx mov eax,[ebp+0xc] mov edx,[ebp+0x8] mov ecx,edx and ecx,byte +0x7 cmp ecx,byte +0x5 ja JUMP_003189 jmp near [ecx*4+DATA_000032] SECTION .data DATA_000032: ; Pos = 31683 dd JUMP_003189 dd JUMP_003184 dd JUMP_003185 dd JUMP_003186 dd JUMP_003187 dd JUMP_003188 db 0xeb, 0x48 SECTION .text JUMP_003184: ; Pos = 3169d mov ecx,[eax] mov ebx,[eax+0x4] mov [eax],ebx mov ebx,[eax+0x8] mov [eax+0x4],ebx mov [eax+0x8],ecx jmp short JUMP_003189 JUMP_003185: ; Pos = 316af mov ecx,[eax] mov ebx,[eax+0x8] mov [eax],ebx mov ebx,[eax+0x4] mov [eax+0x8],ebx mov [eax+0x4],ecx jmp short JUMP_003189 JUMP_003186: ; Pos = 316c1 mov ecx,[eax] mov ebx,[eax+0x8] mov [eax],ebx mov [eax+0x8],ecx jmp short JUMP_003189 JUMP_003187: ; Pos = 316cd mov ecx,[eax] mov ebx,[eax+0x4] mov [eax],ebx mov [eax+0x4],ecx jmp short JUMP_003189 JUMP_003188: ; Pos = 316d9 mov ecx,[eax+0x4] mov ebx,[eax+0x8] mov [eax+0x4],ebx mov [eax+0x8],ecx JUMP_003189: ; Pos = 316e5 mov ecx,edx test cl,0x20 jz JUMP_003190 neg dword [eax] JUMP_003190: ; Pos = 316ee test cl,0x10 jz JUMP_003191 neg dword [eax+0x4] JUMP_003191: ; Pos = 316f6 test cl,0x8 jz JUMP_003192 neg dword [eax+0x8] JUMP_003192: ; Pos = 316fe pop ebx pop ebp ret nop nop nop FUNC_000810: ; Pos = 31704 push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0xc] mov eax,[ebp+0x8] push eax push esi call FUNC_000804 add esp,byte +0x8 mov ebx,eax mov edi,[ebx+0x4] test byte [ebx+0x8],0x2 jz JUMP_003194 cmp esi,[ebx] jng JUMP_003193 mov [ebp-0x4],ebx push esi push ebx mov eax,[ebp+0x8] push eax call FUNC_000806 add esp,byte +0xc mov ebx,eax mov esi,eax jmp short JUMP_003199 JUMP_003193: ; Pos = 31741 mov esi,ebx mov [ebp-0x4],esi jmp short JUMP_003199 JUMP_003194: ; Pos = 31748 xor esi,esi jmp short JUMP_003199 JUMP_003195: ; Pos = 3174c test byte [ebx+0x8],0x2 jz JUMP_003197 test esi,esi jz JUMP_003196 mov eax,[ebx+0x4] mov [esi+0x4],eax jmp short JUMP_003198 JUMP_003196: ; Pos = 3175e mov esi,ebx mov [ebp-0x4],esi jmp short JUMP_003198 JUMP_003197: ; Pos = 31765 test esi,esi jz JUMP_003198 mov al,[ebp+0x18] push eax push byte +0x8 push esi call FUNC_000805 add esp,byte +0xc mov eax,[ebp+0x14] mov edx,[eax] mov [ebx+0xa],edx mov edx,[eax+0x4] mov [ebx+0xe],edx mov edx,[eax+0x8] mov [ebx+0x12],edx xor esi,esi JUMP_003198: ; Pos = 3178e mov ebx,edi mov edi,[edi+0x4] JUMP_003199: ; Pos = 31793 mov eax,[edi] cmp eax,[ebp+0x10] jl JUMP_003195 cmp ebx,esi jnz JUMP_003200 mov eax,[edi] cmp eax,[ebp+0x10] jng JUMP_003203 mov eax,[ebp+0x10] push eax push ebx mov eax,[ebp+0x8] push eax call FUNC_000806 add esp,byte +0xc mov ebx,eax mov eax,[ebp-0x4] mov al,[eax+0x8] mov [ebx+0x8],al mov eax,[ebp-0x4] mov al,[eax+0x9] mov [ebx+0x9],al jmp short JUMP_003203 JUMP_003200: ; Pos = 317cc test byte [ebx+0x8],0x2 jz JUMP_003203 test esi,esi jz JUMP_003202 mov eax,[edi] cmp eax,[ebp+0x10] jng JUMP_003201 mov eax,[ebp+0x10] mov [ebx],eax jmp short JUMP_003203 JUMP_003201: ; Pos = 317e4 mov eax,[ebx+0x4] mov [esi+0x4],eax jmp short JUMP_003203 JUMP_003202: ; Pos = 317ec mov esi,ebx mov eax,[edi] cmp eax,[ebp+0x10] jng JUMP_003203 mov eax,[ebp+0x10] push eax push ebx mov eax,[ebp+0x8] push eax call FUNC_000806 add esp,byte +0xc mov ebx,eax mov al,[esi+0x8] mov [ebx+0x8],al mov al,[esi+0x9] mov [ebx+0x9],al JUMP_003203: ; Pos = 31814 test esi,esi jz JUMP_003204 mov al,[ebp+0x18] push eax push byte +0x8 push esi call FUNC_000805 add esp,byte +0xc mov eax,[esi+0x4] mov edx,[ebp+0x14] mov ecx,[edx] mov [eax+0xa],ecx mov ecx,[edx+0x4] mov [eax+0xe],ecx mov ecx,[edx+0x8] mov [eax+0x12],ecx JUMP_003204: ; Pos = 3183e pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000811: ; Pos = 31844 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0xc] mov esi,[ebp+0x8] push esi push edi call FUNC_000804 add esp,byte +0x8 mov ebx,eax test byte [ebx+0x8],0x2 jz JUMP_003206 cmp edi,[ebx] jz JUMP_003205 push edi push ebx push esi call FUNC_000806 add esp,byte +0xc mov ebx,eax JUMP_003205: ; Pos = 31873 mov eax,[ebp+0x14] mov edx,[eax] mov [ebx+0xa],edx mov edx,[eax+0x4] mov [ebx+0xe],edx mov edx,[eax+0x8] mov [ebx+0x12],edx mov al,[ebp+0x18] push eax push byte +0xd push ebx call FUNC_000805 add esp,byte +0xc add esi,byte +0x48 mov [ebx+0x4],esi jmp short JUMP_003207 JUMP_003206: ; Pos = 3189e mov ebx,[ebx+0x4] mov eax,[ebp+0x10] cmp eax,[ebx] jng JUMP_003207 test byte [ebx+0x8],0x2 jz JUMP_003206 mov al,[ebp+0x18] push eax push byte +0xd push ebx call FUNC_000805 add esp,byte +0xc add esi,byte +0x48 mov [ebx+0x4],esi JUMP_003207: ; Pos = 318c3 pop edi pop esi pop ebx pop ebp ret FUNC_000812: ; Pos = 318c8 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,[ebp+0xc] mov ebx,[ebp+0x8] add ebx,byte +0x32 mov esi,[ebx+0x4] jmp short JUMP_003210 JUMP_003208: ; Pos = 318dd test byte [ebx+0x8],0x2 jz JUMP_003209 mov al,[ebp+0x18] push eax push byte +0x10 push ebx call FUNC_000805 add esp,byte +0xc JUMP_003209: ; Pos = 318f2 mov ebx,esi mov esi,[ebx+0x4] JUMP_003210: ; Pos = 318f7 cmp edi,[esi] jnl JUMP_003208 test byte [ebx+0x8],0x2 jz JUMP_003212 cmp edi,[ebx] jng JUMP_003211 mov [ebp-0x4],ebx push edi push ebx mov eax,[ebp+0x8] push eax call FUNC_000806 add esp,byte +0xc mov ebx,eax mov edi,eax jmp short JUMP_003217 JUMP_003211: ; Pos = 3191c mov edi,ebx mov [ebp-0x4],edi jmp short JUMP_003217 JUMP_003212: ; Pos = 31923 xor edi,edi jmp short JUMP_003217 JUMP_003213: ; Pos = 31927 test byte [ebx+0x8],0x2 jz JUMP_003215 test edi,edi jz JUMP_003214 mov [edi+0x4],esi jmp short JUMP_003216 JUMP_003214: ; Pos = 31936 mov edi,ebx mov [ebp-0x4],edi jmp short JUMP_003216 JUMP_003215: ; Pos = 3193d test edi,edi jz JUMP_003216 mov al,[ebp+0x18] push eax push byte +0x7 push edi call FUNC_000805 add esp,byte +0xc mov eax,[ebp+0x14] mov edx,[eax] mov [edi+0xa],edx mov edx,[eax+0x4] mov [edi+0xe],edx mov edx,[eax+0x8] mov [edi+0x12],edx xor edi,edi JUMP_003216: ; Pos = 31966 mov ebx,esi mov esi,[ebx+0x4] JUMP_003217: ; Pos = 3196b mov eax,[esi] cmp eax,[ebp+0x10] jng JUMP_003213 cmp ebx,edi jnz JUMP_003218 mov eax,[ebp+0x10] push eax push ebx mov eax,[ebp+0x8] push eax call FUNC_000806 add esp,byte +0xc mov ebx,eax mov eax,[ebp-0x4] mov al,[eax+0x8] mov [ebx+0x8],al mov eax,[ebp-0x4] mov al,[eax+0x9] mov [ebx+0x9],al jmp short JUMP_003221 JUMP_003218: ; Pos = 3199d test byte [ebx+0x8],0x2 jz JUMP_003221 test edi,edi jz JUMP_003220 mov eax,[esi] cmp eax,[ebp+0x10] jng JUMP_003219 mov eax,[ebp+0x10] mov [ebx],eax jmp short JUMP_003221 JUMP_003219: ; Pos = 319b5 mov [edi+0x4],esi mov ebx,esi jmp short JUMP_003221 JUMP_003220: ; Pos = 319bc mov eax,[ebx] cmp eax,[ebp+0x10] jnl JUMP_003221 mov edi,ebx mov eax,[ebp+0x10] push eax push ebx mov eax,[ebp+0x8] push eax call FUNC_000806 add esp,byte +0xc mov ebx,eax mov al,[edi+0x8] mov [ebx+0x8],al mov al,[edi+0x9] mov [ebx+0x9],al JUMP_003221: ; Pos = 319e4 test edi,edi jz JUMP_003224 mov al,[ebp+0x18] push eax push byte +0x7 push edi call FUNC_000805 add esp,byte +0xc mov eax,[ebp+0x14] mov edx,[eax] mov [edi+0xa],edx mov edx,[eax+0x4] mov [edi+0xe],edx mov edx,[eax+0x8] mov [edi+0x12],edx jmp short JUMP_003224 JUMP_003222: ; Pos = 31a0d test byte [ebx+0x8],0x2 jz JUMP_003223 mov al,[ebp+0x18] push eax push byte +0x10 push ebx call FUNC_000805 add esp,byte +0xc JUMP_003223: ; Pos = 31a22 mov ebx,[ebx+0x4] JUMP_003224: ; Pos = 31a25 mov eax,[ebp+0x8] add eax,byte +0x48 cmp ebx,eax jnz JUMP_003222 pop edi pop esi pop ebx pop ecx pop ebp ret nop nop nop FUNC_000813: ; Pos = 31a38 push ebp mov ebp,esp add esp,byte -0x18 push ebx mov ebx,[ebp+0xc] mov eax,[ebp+0x8] cmp byte [eax+0x57],0x0 jz JUMP_003225 lea edx,[ebp-0x18] push edx push eax call FUNC_000816 add esp,byte +0x8 lea eax,[ebp-0x18] push eax push ebx call FUNC_001662_Vec64Sub add esp,byte +0x8 jmp short JUMP_003226 JUMP_003225: ; Pos = 31a67 add eax,byte +0x3e push eax push ebx call FUNC_001662_Vec64Sub add esp,byte +0x8 JUMP_003226: ; Pos = 31a74 pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_000814: ; Pos = 31a7c push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov esi,DATA_008747 mov eax,[DATA_008764] push eax push dword DATA_008753 push dword DATA_008744 call FUNC_001669_VecMatMul add esp,byte +0xc push esi mov edi,esi mov esi,DATA_008756 mov ecx,0x6 rep movsd pop esi push byte +0x1c push esi call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov ebx,eax mov eax,[esi] mov [ebp-0xc],eax mov eax,[esi+0x8] mov [ebp-0x8],eax mov eax,[esi+0x10] mov [ebp-0x4],eax mov eax,[DATA_008764] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0xc] push eax call FUNC_001669_VecMatMul add esp,byte +0xc push ebx lea eax,[ebp-0xc] push eax push esi call near [DATA_007749] ; FUNC_001517 add esp,byte +0xc pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000815: ; Pos = 31afc push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[DATA_008764] push eax push dword DATA_008744 push dword DATA_008753 call FUNC_001670_VecMatTMul add esp,byte +0xc mov esi,DATA_008747 mov edi,ebx mov ecx,0x6 rep movsd push byte +0x1c push ebx call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov esi,eax mov eax,[ebx] mov [ebp-0xc],eax mov eax,[ebx+0x8] mov [ebp-0x8],eax mov eax,[ebx+0x10] mov [ebp-0x4],eax mov eax,[DATA_008764] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0xc] push eax call FUNC_001670_VecMatTMul add esp,byte +0xc push esi lea eax,[ebp-0xc] push eax push dword DATA_008756 call near [DATA_007749] ; FUNC_001517 add esp,byte +0xc mov esi,DATA_008756 mov edi,ebx mov ecx,0x6 rep movsd pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop FUNC_000816: ; Pos = 31b8c push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] push esi add esi,byte +0x3e mov edi,ebx mov ecx,0x6 rep movsd pop esi push byte +0x1c push ebx call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov edi,eax mov eax,[ebx] mov [ebp-0xc],eax mov eax,[ebx+0x8] mov [ebp-0x8],eax mov eax,[ebx+0x10] mov [ebp-0x4],eax push esi lea eax,[ebp-0xc] push eax lea eax,[ebp-0xc] push eax call FUNC_001669_VecMatMul add esp,byte +0xc push edi lea eax,[ebp-0xc] push eax push ebx call near [DATA_007749] ; FUNC_001517 add esp,byte +0xc pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop push ebp mov ebp,esp add esp,byte -0x28 push ebx push esi push edi mov ebx,[ebp+0x8] mov byte [DATA_008711],0x0 mov byte [DATA_008757],0x0 mov byte [DATA_008758],0x0 mov byte [DATA_008759],0x0 mov eax,[DATA_008733] mov [ebp-0x8],eax mov eax,[DATA_008734] mov [ebp-0x4],eax push dword [DATA_008713] push dword [DATA_008712] push dword [ebp-0x4] push dword [ebp-0x8] lea eax,[ebp-0x8] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 cmp dword [ebp-0x4],byte +0x0 jnl JUMP_003227 movsx eax,byte [DATA_008711] jmp JUMP_003228 JUMP_003227: ; Pos = 31c5a mov eax,[ebp+0xc] neg eax push eax lea eax,[ebp-0x8] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x8] mov [ebp-0x10],eax mov eax,[ebp-0x4] mov [ebp-0xc],eax mov edi,[DATA_008721] mov esi,edi sar esi,0x10 imul esi,[DATA_008735] mov eax,[DATA_008722] sar eax,0x10 imul dword [DATA_008736] add esi,eax mov eax,[DATA_008723] sar eax,0x10 imul dword [DATA_008737] add esi,eax add esi,esi push edi push esi call FUNC_001521 add esp,byte +0x8 sar eax,0xf mov edx,[DATA_008735] sub edx,eax mov [ebp-0x28],edx mov eax,[DATA_008722] push eax push esi call FUNC_001521 add esp,byte +0x8 sar eax,0xf mov edx,[DATA_008736] sub edx,eax mov [ebp-0x24],edx mov eax,[DATA_008723] push eax push esi call FUNC_001521 add esp,byte +0x8 sar eax,0xf mov edx,[DATA_008737] sub edx,eax mov [ebp-0x20],edx mov eax,[DATA_008715] sub eax,[ebx+0x3e] mov [ebp-0x1c],eax mov eax,[DATA_008717] sub eax,[ebx+0x46] mov [ebp-0x18],eax mov eax,[DATA_008719] sub eax,[ebx+0x4e] mov [ebp-0x14],eax or eax,byte -0x1 mov edx,[ebp+0x14] push edx push dword [ebp-0xc] push dword [ebp-0x10] push eax lea eax,[ebp-0x28] push eax lea eax,[ebp-0x1c] push eax mov eax,[ebp+0x10] push eax push ebx call FUNC_000817 add esp,byte +0x20 JUMP_003228: ; Pos = 31d42 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000817: ; Pos = 31d4c push ebp mov ebp,esp add esp,byte -0x40 push ebx push esi push edi mov ebx,[ebp+0x10] mov byte [DATA_008711],0x0 mov byte [DATA_008757],0x0 mov byte [DATA_008758],0x0 mov byte [DATA_008759],0x0 mov eax,[ebp+0x24] sar eax,0x8 mov [DATA_008767],al mov eax,[ebp+0x14] mov edx,[eax] mov [DATA_008735],edx mov edx,[eax+0x4] mov [DATA_008736],edx mov edx,[eax+0x8] mov [DATA_008737],edx mov eax,[ebp+0x18] mov [DATA_008775],eax mov eax,[ebp+0x1c] mov [DATA_008733],eax mov eax,[ebp+0x20] mov [DATA_008734],eax mov eax,[ebp+0x1c] mov [DATA_008712],eax mov eax,[ebp+0x20] mov [DATA_008713],eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] movzx eax,byte [eax+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax mov [DATA_008764],esi mov [DATA_008714],esi mov al,[esi+0x56] mov [ebp-0x11],al mov eax,[ebx] mov [DATA_008738],eax sar eax,0x1f mov [DATA_008739],eax mov eax,[ebx+0x4] mov [DATA_008740],eax sar eax,0x1f mov [DATA_008741],eax mov eax,[ebx+0x8] mov [DATA_008742],eax sar eax,0x1f mov [DATA_008743],eax mov eax,[ebp+0x8] add eax,byte +0x3e push eax push dword DATA_008738 call FUNC_001661_Vec64Add add esp,byte +0x8 mov eax,[ebp+0x8] cmp byte [eax+0x57],0x0 jz JUMP_003229 mov eax,[DATA_008735] mov [DATA_008753],eax mov eax,[DATA_008736] mov [DATA_008754],eax mov eax,[DATA_008737] mov [DATA_008755],eax mov esi,DATA_008738 mov edi,DATA_008756 mov ecx,0x6 rep movsd mov byte [DATA_008766],0x1 call FUNC_000814 jmp short JUMP_003230 JUMP_003229: ; Pos = 31e80 mov eax,[DATA_008735] mov [DATA_008744],eax mov eax,[DATA_008736] mov [DATA_008745],eax mov eax,[DATA_008737] mov [DATA_008746],eax mov esi,DATA_008738 mov edi,DATA_008747 mov ecx,0x6 rep movsd mov byte [DATA_008766],0x0 JUMP_003230: ; Pos = 31ebc mov eax,[ebp+0x8] mov al,[eax+0x56] mov [ebp-0x12],al mov bl,0x72 mov eax,[ebp+0xc] add eax,byte +0x72 mov [ebp-0x1c],eax JUMP_003231: ; Pos = 31ed0 mov eax,[ebp-0x1c] test byte [eax],0x4 jz near JUMP_003244 movsx eax,bl cmp eax,[ebp+0x18] jz near JUMP_003244 mov eax,[ebp+0xc] push eax movsx eax,bl push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edi,eax cmp byte [edi+0x8b],0x0 jnz near JUMP_003244 movsx eax,byte [ebp-0x12] xor edx,edx mov dl,[edi+0x56] cmp eax,edx jnz JUMP_003236 cmp byte [edi+0x57],0x0 jz JUMP_003234 mov esi,DATA_008753 cmp byte [DATA_008766],0x0 jz JUMP_003232 push esi push edi mov esi,DATA_008756 lea edi,[ebp-0x40] mov ecx,0x6 rep movsd pop edi pop esi jmp short JUMP_003233 JUMP_003232: ; Pos = 31f3e mov byte [DATA_008766],0x1 lea eax,[ebp-0x40] push eax call FUNC_000815 pop ecx JUMP_003233: ; Pos = 31f4f mov byte [DATA_008760],0x1 jmp short JUMP_003235 JUMP_003234: ; Pos = 31f58 mov esi,DATA_008744 push esi push edi mov esi,DATA_008747 lea edi,[ebp-0x40] mov ecx,0x6 rep movsd pop edi pop esi mov byte [DATA_008760],0x0 JUMP_003235: ; Pos = 31f77 lea eax,[edi+0x3e] push eax lea eax,[ebp-0x40] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 jmp JUMP_003243 JUMP_003236: ; Pos = 31f8c cmp bl,[ebp-0x12] jnz JUMP_003238 mov eax,[ebp+0x8] cmp byte [eax+0x57],0x0 jz JUMP_003237 mov esi,DATA_008753 push esi push edi mov esi,DATA_008756 lea edi,[ebp-0x40] mov ecx,0x6 rep movsd pop edi pop esi mov byte [DATA_008760],0x1 jmp JUMP_003243 JUMP_003237: ; Pos = 31fbe mov esi,DATA_008744 push esi push edi mov esi,DATA_008747 lea edi,[ebp-0x40] mov ecx,0x6 rep movsd pop edi pop esi mov byte [DATA_008760],0x0 jmp JUMP_003243 JUMP_003238: ; Pos = 31fe2 movsx eax,byte [ebp-0x11] xor edx,edx mov dl,[edi+0x56] cmp eax,edx jnz near JUMP_003239 mov esi,DATA_008744 mov eax,[DATA_008764] push dword [eax+0x42] push dword [eax+0x3e] push dword [DATA_008748] push dword [DATA_008747] lea eax,[ebp-0x40] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov eax,[DATA_008764] push dword [eax+0x4a] push dword [eax+0x46] push dword [DATA_008750] push dword [DATA_008749] lea eax,[ebp-0x38] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov eax,[DATA_008764] push dword [eax+0x52] push dword [eax+0x4e] push dword [DATA_008752] push dword [DATA_008751] lea eax,[ebp-0x30] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 lea eax,[ebp-0x40] push eax push edi call FUNC_000813 add esp,byte +0x8 mov byte [DATA_008760],0x0 jmp JUMP_003243 JUMP_003239: ; Pos = 3207a mov eax,[ebp+0x8] mov al,[eax+0x86] cmp al,[edi+0x56] jnz JUMP_003240 mov esi,DATA_008744 push esi push edi mov esi,DATA_006792 lea edi,[ebp-0x40] mov ecx,0x6 rep movsd pop edi pop esi lea eax,[ebp-0x40] push eax push edi call FUNC_000813 add esp,byte +0x8 mov byte [DATA_008760],0x0 jmp JUMP_003243 JUMP_003240: ; Pos = 320b9 cmp bl,[ebp-0x11] jnz JUMP_003241 mov esi,DATA_008744 push esi push edi mov esi,DATA_008747 lea edi,[ebp-0x40] mov ecx,0x6 rep movsd pop edi pop esi mov eax,[DATA_008764] add eax,byte +0x3e push eax lea eax,[ebp-0x40] push eax call FUNC_001661_Vec64Add add esp,byte +0x8 mov byte [DATA_008760],0x0 jmp JUMP_003243 JUMP_003241: ; Pos = 320f7 mov eax,[ebp+0xc] push eax xor eax,eax mov al,[edi+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x4],eax movsx eax,byte [ebp-0x12] mov edx,[ebp-0x4] movzx edx,byte [edx+0x56] cmp eax,edx jnz JUMP_003242 mov esi,DATA_008744 push esi push edi mov esi,DATA_008747 lea edi,[ebp-0x40] mov ecx,0x6 rep movsd pop edi pop esi mov eax,[ebp-0x4] add eax,byte +0x3e push eax lea eax,[ebp-0x40] push eax call FUNC_001662_Vec64Sub add esp,byte +0x8 lea eax,[ebp-0x40] push eax push edi call FUNC_000813 add esp,byte +0x8 mov byte [DATA_008760],0x0 jmp short JUMP_003243 JUMP_003242: ; Pos = 3215d mov eax,[ebp+0x8] mov al,[eax+0x86] mov edx,[ebp-0x4] cmp al,[edx+0x56] jnz JUMP_003244 mov esi,DATA_008744 mov eax,[ebp-0x4] add eax,byte +0x3e push eax lea eax,[ebp-0x40] push eax call FUNC_001663_Vec64NegAssign add esp,byte +0x8 lea eax,[ebp-0x40] push eax push edi call FUNC_000813 add esp,byte +0x8 mov byte [DATA_008760],0x0 JUMP_003243: ; Pos = 3219a push esi push edi lea eax,[ebp-0x40] push eax call FUNC_000819 add esp,byte +0xc JUMP_003244: ; Pos = 321a8 dec ebx dec dword [ebp-0x1c] test bl,bl jg near JUMP_003231 movsx eax,byte [DATA_008711] test al,0x80 jz near JUMP_003256 test byte [DATA_008767],0x8 jz near JUMP_003253 cmp byte [DATA_008763],0x1e jz near JUMP_003253 cmp byte [DATA_008757],0x0 jnz near JUMP_003250 mov edx,[DATA_008714] mov al,[edx+0x57] test al,al jz JUMP_003245 cmp byte [DATA_008761],0x0 jnz near JUMP_003249 JUMP_003245: ; Pos = 32204 test al,al jnz JUMP_003246 push edx push dword DATA_008772 push dword DATA_008730 call FUNC_001669_VecMatMul add esp,byte +0xc jmp short JUMP_003247 JUMP_003246: ; Pos = 3221d mov eax,[DATA_008714] add eax,byte +0x5a push eax push dword DATA_008772 push dword DATA_008730 call FUNC_001669_VecMatMul add esp,byte +0xc JUMP_003247: ; Pos = 32238 test byte [DATA_008767],0x10 jz near JUMP_003253 mov eax,[ebp+0x8] cmp byte [eax+0x57],0x0 jz JUMP_003248 mov eax,[DATA_008764] push eax push dword DATA_008730 push dword DATA_008721 call FUNC_001670_VecMatTMul add esp,byte +0xc jmp JUMP_003253 JUMP_003248: ; Pos = 3226b mov eax,[DATA_008730] mov [DATA_008721],eax mov eax,[DATA_008731] mov [DATA_008722],eax mov eax,[DATA_008732] mov [DATA_008723],eax jmp JUMP_003253 JUMP_003249: ; Pos = 32294 mov eax,[DATA_008714] push eax push dword DATA_008772 push dword DATA_008721 call FUNC_001669_VecMatMul add esp,byte +0xc test byte [DATA_008767],0x20 jz near JUMP_003253 mov eax,[DATA_008764] push eax push dword DATA_008721 push dword DATA_008730 call FUNC_001669_VecMatMul add esp,byte +0xc jmp JUMP_003253 JUMP_003250: ; Pos = 322d6 cmp byte [DATA_008761],0x0 jz JUMP_003251 push dword DATA_008735 push dword DATA_008721 call FUNC_000818 add esp,byte +0x8 test byte [DATA_008767],0x20 jz JUMP_003253 mov eax,[DATA_008764] push eax push dword DATA_008721 push dword DATA_008730 call FUNC_001669_VecMatMul add esp,byte +0xc jmp short JUMP_003253 JUMP_003251: ; Pos = 32314 push dword DATA_008744 push dword DATA_008730 call FUNC_000818 add esp,byte +0x8 test byte [DATA_008767],0x10 jz JUMP_003253 mov eax,[ebp+0x8] cmp byte [eax+0x57],0x0 jz JUMP_003252 mov eax,[DATA_008764] push eax push dword DATA_008730 push dword DATA_008721 call FUNC_001670_VecMatTMul add esp,byte +0xc jmp short JUMP_003253 JUMP_003252: ; Pos = 32352 mov eax,[DATA_008730] mov [DATA_008721],eax mov eax,[DATA_008731] mov [DATA_008722],eax mov eax,[DATA_008732] mov [DATA_008723],eax JUMP_003253: ; Pos = 32376 test byte [DATA_008767],0x2 jz near JUMP_003254 mov eax,[DATA_008735] mov [DATA_008715],eax sar eax,0x1f mov [DATA_008716],eax mov eax,[DATA_008736] mov [DATA_008717],eax sar eax,0x1f mov [DATA_008718],eax mov eax,[DATA_008737] mov [DATA_008719],eax sar eax,0x1f mov [DATA_008720],eax push dword [DATA_008716] push dword [DATA_008715] push dword [DATA_008713] push dword [DATA_008712] push dword DATA_008715 call FUNC_001337_Int64Mul64 add esp,byte +0x14 push byte -0xf push dword DATA_008715 call FUNC_001341_Int64ArithShift add esp,byte +0x8 push dword [DATA_008718] push dword [DATA_008717] push dword [DATA_008713] push dword [DATA_008712] push dword DATA_008717 call FUNC_001337_Int64Mul64 add esp,byte +0x14 push byte -0xf push dword DATA_008717 call FUNC_001341_Int64ArithShift add esp,byte +0x8 push dword [DATA_008720] push dword [DATA_008719] push dword [DATA_008713] push dword [DATA_008712] push dword DATA_008719 call FUNC_001337_Int64Mul64 add esp,byte +0x14 push byte -0xf push dword DATA_008719 call FUNC_001341_Int64ArithShift add esp,byte +0x8 push dword DATA_008738 push dword DATA_008715 call FUNC_001661_Vec64Add add esp,byte +0x8 JUMP_003254: ; Pos = 32467 test byte [DATA_008767],0x4 jz near JUMP_003255 mov eax,[DATA_008744] mov [DATA_008724],eax mov eax,[DATA_008744] sar eax,0x1f mov [DATA_008725],eax mov eax,[DATA_008745] mov [DATA_008726],eax mov eax,[DATA_008745] sar eax,0x1f mov [DATA_008727],eax mov eax,[DATA_008746] mov [DATA_008728],eax mov eax,[DATA_008746] sar eax,0x1f mov [DATA_008729],eax push dword [DATA_008725] push dword [DATA_008724] push dword [DATA_008713] push dword [DATA_008712] push dword DATA_008724 call FUNC_001337_Int64Mul64 add esp,byte +0x14 push byte -0xf push dword DATA_008724 call FUNC_001341_Int64ArithShift add esp,byte +0x8 push dword [DATA_008727] push dword [DATA_008726] push dword [DATA_008713] push dword [DATA_008712] push dword DATA_008726 call FUNC_001337_Int64Mul64 add esp,byte +0x14 push byte -0xf push dword DATA_008726 call FUNC_001341_Int64ArithShift add esp,byte +0x8 push dword [DATA_008729] push dword [DATA_008728] push dword [DATA_008713] push dword [DATA_008712] push dword DATA_008728 call FUNC_001337_Int64Mul64 add esp,byte +0x14 push byte -0xf push dword DATA_008728 call FUNC_001341_Int64ArithShift add esp,byte +0x8 push dword DATA_008747 push dword DATA_008724 call FUNC_001661_Vec64Add add esp,byte +0x8 JUMP_003255: ; Pos = 32567 mov eax,[DATA_008714] mov al,[eax+0x86] mov [DATA_008759],al movsx eax,byte [DATA_008711] JUMP_003256: ; Pos = 3257e pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000818: ; Pos = 32588 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[DATA_008771] push eax mov eax,[esi] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 add eax,[DATA_008768] mov [ebx],eax mov eax,[DATA_008771] push eax mov eax,[esi+0x4] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 add eax,[DATA_008769] mov [ebx+0x4],eax mov eax,[DATA_008771] push eax mov eax,[esi+0x8] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 add eax,[DATA_008770] mov [ebx+0x8],eax push ebx push ebx call FUNC_001519 add esp,byte +0x8 pop esi pop ebx pop ebp ret nop nop nop FUNC_000819: ; Pos = 325fc push ebp mov ebp,esp add esp,0xfffff6d8 push ebx push esi push edi mov edi,[ebp+0xc] mov ebx,[ebp+0x8] cmp byte [edi+0x14c],0x0 jnl JUMP_003257 test byte [DATA_008767],0x40 jz JUMP_003258 JUMP_003257: ; Pos = 32620 mov eax,[ebp+0x10] push eax push edi push ebx call FUNC_000826 add esp,byte +0xc jmp JUMP_003277 JUMP_003258: ; Pos = 32633 push dword [DATA_008713] push dword [DATA_008712] push dword [edi+0x13c] push dword [edi+0x138] lea eax,[ebp-0x8] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov eax,[ebx+0x14] test eax,eax jnl JUMP_003259 mov edx,[ebx+0x10] not edx mov [ebp-0x1c],edx not eax mov [ebp-0x18],eax jmp short JUMP_003260 JUMP_003259: ; Pos = 3266d mov eax,[ebx+0x10] mov [ebp-0x1c],eax mov eax,[ebx+0x14] mov [ebp-0x18],eax JUMP_003260: ; Pos = 32679 mov eax,[ebp-0x18] cmp eax,[ebp-0x4] jg near JUMP_003277 mov eax,[ebp-0x18] cmp eax,[ebp-0x4] jnz JUMP_003261 mov eax,[ebp-0x1c] cmp eax,[ebp-0x8] jnc near JUMP_003277 JUMP_003261: ; Pos = 32699 mov eax,[ebx+0xc] test eax,eax jnl JUMP_003262 mov edx,[ebx+0x8] not edx mov [ebp-0x24],edx not eax mov [ebp-0x20],eax jmp short JUMP_003263 JUMP_003262: ; Pos = 326af mov eax,[ebx+0x8] mov [ebp-0x24],eax mov eax,[ebx+0xc] mov [ebp-0x20],eax JUMP_003263: ; Pos = 326bb mov eax,[ebp-0x20] cmp eax,[ebp-0x4] jg near JUMP_003277 mov eax,[ebp-0x20] cmp eax,[ebp-0x4] jnz JUMP_003264 mov eax,[ebp-0x24] cmp eax,[ebp-0x8] jnc near JUMP_003277 JUMP_003264: ; Pos = 326db mov eax,[ebx+0x4] test eax,eax jnl JUMP_003265 mov edx,[ebx] not edx mov [ebp-0x2c],edx not eax mov [ebp-0x28],eax jmp short JUMP_003266 JUMP_003265: ; Pos = 326f0 mov eax,[ebx] mov [ebp-0x2c],eax mov eax,[ebx+0x4] mov [ebp-0x28],eax JUMP_003266: ; Pos = 326fb mov eax,[ebp-0x28] cmp eax,[ebp-0x4] jg near JUMP_003277 mov eax,[ebp-0x28] cmp eax,[ebp-0x4] jnz JUMP_003267 mov eax,[ebp-0x2c] cmp eax,[ebp-0x8] jnc near JUMP_003277 JUMP_003267: ; Pos = 3271b mov eax,[edi+0x138] mov [ebp-0x10],eax mov eax,[edi+0x13c] mov [ebp-0xc],eax mov esi,[ebp-0x28] or esi,[ebp-0x20] or esi,[ebp-0x18] or esi,[DATA_008713] or esi,[ebp-0xc] test esi,esi jz JUMP_003268 push esi call FUNC_001656_FindMSB pop ecx add eax,byte +0x3 mov esi,eax jmp short JUMP_003269 JUMP_003268: ; Pos = 32751 mov eax,[ebp-0x2c] or eax,[ebp-0x24] or eax,[ebp-0x1c] or eax,[DATA_008712] or eax,[ebp-0x10] push eax call FUNC_001656_FindMSB pop ecx mov esi,eax add esi,byte -0x1d test esi,esi jnl JUMP_003269 xor esi,esi JUMP_003269: ; Pos = 32775 mov eax,esi neg eax push eax push ebx call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,esi neg eax push eax lea eax,[ebx+0x8] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,esi neg eax push eax lea eax,[ebx+0x10] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,esi neg eax push eax lea eax,[ebp-0x2c] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,esi neg eax push eax lea eax,[ebp-0x24] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,esi neg eax push eax lea eax,[ebp-0x1c] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,esi neg eax push eax lea eax,[ebp-0x10] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[DATA_008712] mov [ebp-0x8],eax mov eax,[DATA_008713] mov [ebp-0x4],eax mov eax,esi neg eax push eax lea eax,[ebp-0x8] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebx] mov [ebp-0x38],eax mov eax,[ebx+0x8] mov [ebp-0x34],eax mov eax,[ebx+0x10] mov [ebp-0x30],eax mov ebx,[ebp-0x10] mov eax,[ebp-0x8] mov [DATA_008765],eax mov eax,[ebp-0x30] push eax mov eax,[ebp+0x10] mov eax,[eax+0x4] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp-0x34] push eax mov eax,[ebp+0x10] mov eax,[eax+0x8] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 pop edx sub edx,eax push edx call _abs pop ecx cmp ebx,eax jl near JUMP_003277 mov eax,[ebp-0x38] push eax mov eax,[ebp+0x10] mov eax,[eax+0x8] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp-0x30] push eax mov eax,[ebp+0x10] mov eax,[eax] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 pop edx sub edx,eax push edx call _abs pop ecx cmp ebx,eax jl near JUMP_003277 mov eax,[ebp-0x34] push eax mov eax,[ebp+0x10] mov eax,[eax] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp-0x38] push eax mov eax,[ebp+0x10] mov eax,[eax+0x4] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 pop edx sub edx,eax push edx call _abs pop ecx cmp ebx,eax jl near JUMP_003277 test byte [DATA_008767],0x1 jz near JUMP_003270 mov eax,[ebp+0x10] mov eax,[eax] shl eax,0x10 push eax mov eax,[ebp-0x38] push eax call FUNC_001521 add esp,byte +0x8 mov ebx,eax mov eax,[ebp+0x10] mov eax,[eax+0x4] shl eax,0x10 push eax mov eax,[ebp-0x34] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax mov eax,[ebp+0x10] mov eax,[eax+0x8] shl eax,0x10 push eax mov eax,[ebp-0x30] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax test ebx,ebx jl near JUMP_003277 cmp ebx,[DATA_008765] jg near JUMP_003277 mov [DATA_008712],ebx xor eax,eax mov [DATA_008713],eax push esi push dword DATA_008712 call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov byte [ebp-0x11],0x1d mov byte [ebp-0x12],0x1d mov al,[DATA_008760] mov [DATA_008761],al mov al,[ebp-0x11] mov [DATA_008762],al mov al,[ebp-0x12] mov [DATA_008763],al mov eax,[ebp-0x50] mov [DATA_008772],eax mov eax,[ebp-0x4c] mov [DATA_008773],eax mov eax,[ebp-0x48] mov [DATA_008774],eax mov [DATA_008714],edi mov byte [DATA_008757],0x0 or byte [DATA_008711],0x80 jmp JUMP_003277 JUMP_003270: ; Pos = 329bc mov eax,[edi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov ebx,eax mov eax,[ebx+0xc] mov [ebp+0xfffff6fc],eax mov eax,[ebx+0x4] mov [ebp+0xfffff700],eax mov eax,[ebx+0x14] add eax,[ebx+0x18] mov [ebp+0xfffff704],eax lea eax,[ebp+0xfffff6e4] push eax call FUNC_000807 pop ecx mov eax,esi mov [ebp+0xfffff708],eax mov edx,[ebp+0xfffff704] add edx,byte +0x7 sub edx,eax cmp edx,byte +0x1d jng JUMP_003271 mov esi,[ebp+0xfffff704] add esi,byte +0x7 sub esi,[ebp+0xfffff708] add esi,byte -0x1d mov ecx,esi sar dword [ebp-0x38],cl mov ecx,esi sar dword [ebp-0x34],cl mov ecx,esi sar dword [ebp-0x30],cl add [ebp+0xfffff708],esi JUMP_003271: ; Pos = 32a36 cmp byte [DATA_008760],0x0 jz JUMP_003272 cmp edi,[DATA_008764] jnz JUMP_003272 mov eax,[ebp+0x10] mov edx,[eax] mov [ebp+0xfffff6f0],edx mov edx,[eax+0x4] mov [ebp+0xfffff6f4],edx mov edx,[eax+0x8] mov [ebp+0xfffff6f8],edx mov eax,[ebp-0x38] mov [ebp+0xfffff6e4],eax mov eax,[ebp-0x34] mov [ebp+0xfffff6e8],eax mov eax,[ebp-0x30] mov [ebp+0xfffff6ec],eax jmp short JUMP_003275 JUMP_003272: ; Pos = 32a81 cmp byte [DATA_008760],0x0 jnz JUMP_003273 cmp byte [edi+0x57],0x0 jz JUMP_003273 push edi call near [DATA_007804] ; FUNC_001679 pop ecx lea esi,[edi+0x5a] jmp short JUMP_003274 JUMP_003273: ; Pos = 32a9d mov esi,edi JUMP_003274: ; Pos = 32a9f push esi lea eax,[ebp-0x38] push eax lea eax,[ebp+0xfffff6e4] push eax call FUNC_001670_VecMatTMul add esp,byte +0xc push esi mov eax,[ebp+0x10] push eax lea eax,[ebp+0xfffff6f0] push eax call FUNC_001670_VecMatTMul add esp,byte +0xc mov eax,[ebp+0xfffff6f0] mov [ebp-0x50],eax mov eax,[ebp+0xfffff6f4] mov [ebp-0x4c],eax mov eax,[ebp+0xfffff6f8] mov [ebp-0x48],eax JUMP_003275: ; Pos = 32ae2 push edi mov eax,[ebx+0x34] push eax lea eax,[ebp+0xfffff6e4] push eax call FUNC_000821 add esp,byte +0xc lea eax,[ebp-0x12] push eax lea eax,[ebp-0x11] push eax lea eax,[ebp-0x50] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp+0xfffff6e4] push eax call FUNC_000803 add esp,byte +0x14 xor eax,eax mov [ebp-0x4],eax mov eax,[ebp+0xfffff708] push eax lea eax,[ebp-0x8] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x4] cmp eax,[DATA_008713] jg JUMP_003277 mov eax,[ebp-0x4] cmp eax,[DATA_008713] jnz JUMP_003276 mov eax,[ebp-0x8] cmp eax,[DATA_008712] jnc JUMP_003277 JUMP_003276: ; Pos = 32b4e mov al,[DATA_008760] mov [DATA_008761],al mov eax,[ebp-0x8] mov [DATA_008712],eax mov eax,[ebp-0x4] mov [DATA_008713],eax mov al,[ebp-0x11] mov [DATA_008762],al mov al,[ebp-0x12] mov [DATA_008763],al mov eax,[ebp-0x50] mov [DATA_008772],eax mov eax,[ebp-0x4c] mov [DATA_008773],eax mov eax,[ebp-0x48] mov [DATA_008774],eax mov [DATA_008714],edi mov byte [DATA_008757],0x0 or byte [DATA_008711],0x80 JUMP_003277: ; Pos = 32ba9 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000820: ; Pos = 32bb0 push ebp mov ebp,esp add esp,0xfffff710 push ebx push esi push edi mov esi,[ebp+0x14] mov edi,[ebp+0x10] mov ebx,[ebp+0x8] mov eax,[ebp+0xc] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov edx,[eax+0xc] mov [ebp+0xfffff740],edx mov edx,[eax+0x4] mov [ebp+0xfffff744],edx mov edx,[eax+0x14] add edx,[eax+0x18] mov [ebp+0xfffff748],edx mov eax,[eax+0x34] mov [ebp-0x4],eax lea eax,[ebp+0xfffff728] push eax call FUNC_000807 pop ecx mov eax,[ebx+0x24] mov [ebp+0xfffff74c],eax mov [ebp+0xfffff752],esi mov eax,edi sar eax,1 lea eax,[eax+eax*2] mov edx,[ebx+0x1c] mov ecx,[edx+eax*2] mov [ebp-0xc],ecx mov cx,[edx+eax*2+0x4] mov [ebp-0x8],cx movsx eax,byte [ebp-0xa] mov [ebp+0xfffff71c],eax movsx eax,byte [ebp-0x9] mov [ebp+0xfffff720],eax movsx eax,byte [ebp-0x8] mov [ebp+0xfffff724],eax test edi,0x1 jz JUMP_003278 neg dword [ebp+0xfffff71c] JUMP_003278: ; Pos = 32c55 mov eax,[ebx+0x20] sub eax,[ebx+0x24] test eax,eax jnl JUMP_003279 neg eax mov ecx,eax sar dword [ebp+0xfffff71c],cl mov ecx,eax sar dword [ebp+0xfffff720],cl mov ecx,eax sar dword [ebp+0xfffff724],cl jmp short JUMP_003280 JUMP_003279: ; Pos = 32c7b mov ecx,eax shl dword [ebp+0xfffff71c],cl mov ecx,eax shl dword [ebp+0xfffff720],cl mov ecx,eax shl dword [ebp+0xfffff724],cl JUMP_003280: ; Pos = 32c93 mov eax,[ebx] sub eax,[ebp+0xfffff71c] mov [ebp+0xfffff71c],eax mov eax,[ebx+0x4] sub eax,[ebp+0xfffff720] mov [ebp+0xfffff720],eax mov eax,[ebx+0x8] sub eax,[ebp+0xfffff724] mov [ebp+0xfffff724],eax mov eax,[ebx+0xc] mov [ebp+0xfffff710],eax mov eax,[ebx+0x10] mov [ebp+0xfffff714],eax mov eax,[ebx+0x14] mov [ebp+0xfffff718],eax test esi,esi jnz JUMP_003281 mov eax,[ebp+0xfffff71c] mov [ebp+0xfffff728],eax mov eax,[ebp+0xfffff720] mov [ebp+0xfffff72c],eax mov eax,[ebp+0xfffff724] mov [ebp+0xfffff730],eax mov eax,[ebp+0xfffff710] mov [ebp+0xfffff734],eax mov eax,[ebp+0xfffff714] mov [ebp+0xfffff738],eax mov eax,[ebp+0xfffff718] mov [ebp+0xfffff73c],eax jmp JUMP_003292 JUMP_003281: ; Pos = 32d2b test esi,0x20 jz JUMP_003282 neg dword [ebp+0xfffff71c] neg dword [ebp+0xfffff710] JUMP_003282: ; Pos = 32d3f test esi,0x10 jz JUMP_003283 neg dword [ebp+0xfffff720] neg dword [ebp+0xfffff714] JUMP_003283: ; Pos = 32d53 test esi,0x8 jz JUMP_003284 neg dword [ebp+0xfffff724] neg dword [ebp+0xfffff718] JUMP_003284: ; Pos = 32d67 and esi,byte +0x7 cmp esi,byte +0x5 ja near JUMP_003291 jmp near [esi*4+DATA_000033] SECTION .data DATA_000033: ; Pos = 32d7a dd JUMP_003285 dd JUMP_003286 dd JUMP_003287 dd JUMP_003288 dd JUMP_003289 dd JUMP_003290 SECTION .text JUMP_003285: ; Pos = 32d92 mov eax,[ebp+0xfffff71c] mov [ebp+0xfffff728],eax mov eax,[ebp+0xfffff720] mov [ebp+0xfffff72c],eax mov eax,[ebp+0xfffff724] mov [ebp+0xfffff730],eax mov eax,[ebp+0xfffff710] mov [ebp+0xfffff734],eax mov eax,[ebp+0xfffff714] mov [ebp+0xfffff738],eax mov eax,[ebp+0xfffff718] mov [ebp+0xfffff73c],eax jmp JUMP_003292 JUMP_003286: ; Pos = 32ddf mov eax,[ebp+0xfffff71c] mov [ebp+0xfffff72c],eax mov eax,[ebp+0xfffff720] mov [ebp+0xfffff730],eax mov eax,[ebp+0xfffff724] mov [ebp+0xfffff728],eax mov eax,[ebp+0xfffff710] mov [ebp+0xfffff738],eax mov eax,[ebp+0xfffff714] mov [ebp+0xfffff73c],eax mov eax,[ebp+0xfffff718] mov [ebp+0xfffff734],eax jmp JUMP_003292 JUMP_003287: ; Pos = 32e2c mov eax,[ebp+0xfffff71c] mov [ebp+0xfffff730],eax mov eax,[ebp+0xfffff720] mov [ebp+0xfffff728],eax mov eax,[ebp+0xfffff724] mov [ebp+0xfffff72c],eax mov eax,[ebp+0xfffff710] mov [ebp+0xfffff73c],eax mov eax,[ebp+0xfffff714] mov [ebp+0xfffff734],eax mov eax,[ebp+0xfffff718] mov [ebp+0xfffff738],eax jmp JUMP_003292 JUMP_003288: ; Pos = 32e79 mov eax,[ebp+0xfffff71c] mov [ebp+0xfffff730],eax mov eax,[ebp+0xfffff720] mov [ebp+0xfffff72c],eax mov eax,[ebp+0xfffff724] mov [ebp+0xfffff728],eax mov eax,[ebp+0xfffff710] mov [ebp+0xfffff73c],eax mov eax,[ebp+0xfffff714] mov [ebp+0xfffff738],eax mov eax,[ebp+0xfffff718] mov [ebp+0xfffff734],eax jmp JUMP_003292 JUMP_003289: ; Pos = 32ec6 mov eax,[ebp+0xfffff71c] mov [ebp+0xfffff72c],eax mov eax,[ebp+0xfffff720] mov [ebp+0xfffff728],eax mov eax,[ebp+0xfffff724] mov [ebp+0xfffff730],eax mov eax,[ebp+0xfffff710] mov [ebp+0xfffff738],eax mov eax,[ebp+0xfffff714] mov [ebp+0xfffff734],eax mov eax,[ebp+0xfffff718] mov [ebp+0xfffff73c],eax jmp JUMP_003292 JUMP_003290: ; Pos = 32f13 mov eax,[ebp+0xfffff71c] mov [ebp+0xfffff728],eax mov eax,[ebp+0xfffff720] mov [ebp+0xfffff730],eax mov eax,[ebp+0xfffff724] mov [ebp+0xfffff72c],eax mov eax,[ebp+0xfffff710] mov [ebp+0xfffff734],eax mov eax,[ebp+0xfffff714] mov [ebp+0xfffff73c],eax mov eax,[ebp+0xfffff718] mov [ebp+0xfffff738],eax jmp short JUMP_003292 JUMP_003291: ; Pos = 32f5d mov eax,[ebp+0xfffff71c] mov [ebp+0xfffff728],eax mov eax,[ebp+0xfffff720] mov [ebp+0xfffff72c],eax mov eax,[ebp+0xfffff724] mov [ebp+0xfffff730],eax mov eax,[ebp+0xfffff710] mov [ebp+0xfffff734],eax mov eax,[ebp+0xfffff714] mov [ebp+0xfffff738],eax mov eax,[ebp+0xfffff718] mov [ebp+0xfffff73c],eax JUMP_003292: ; Pos = 32fa5 mov eax,[ebp+0x18] push eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xfffff728] push eax call FUNC_000821 add esp,byte +0xc mov al,[ebp+0xfffff752] push eax lea eax,[ebp+0xfffff75a] push eax push ebx call FUNC_000808 add esp,byte +0xc pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop FUNC_000821: ; Pos = 32fdc push ebp mov ebp,esp add esp,byte -0x2c push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] jmp JUMP_003310 JUMP_003293: ; Pos = 32ff0 inc esi mov [edi+0x29],bl test bl,0x20 jz near JUMP_003300 mov al,[esi] inc esi and eax,0xff mov edx,[ebp+0x10] movzx eax,word [edx+eax*2+0x9c] mov [ebp-0x14],eax mov al,[esi] inc esi movsx ecx,al and ecx,byte +0x1f mov edx,[ebp-0x14] shr edx,cl movsx eax,al sar eax,0x7 xor edx,eax test dl,0x1 jz JUMP_003300 and ebx,0xc0 sub ebx,byte +0x1 jc JUMP_003294 sub ebx,byte +0x3f jz JUMP_003297 sub ebx,byte +0x40 jz JUMP_003298 sub ebx,byte +0x40 jz JUMP_003299 jmp JUMP_003310 JUMP_003294: ; Pos = 3304d mov al,[esi] inc esi cmp al,0xff jnz JUMP_003295 add esi,byte +0x6 push esi call FUNC_001822 pop ecx mov esi,eax jmp JUMP_003310 JUMP_003295: ; Pos = 33065 test al,al jz near JUMP_003310 JUMP_003296: ; Pos = 3306d mov al,[esi] inc esi test al,al jnz JUMP_003296 jmp JUMP_003310 JUMP_003297: ; Pos = 33079 mov al,[esi] inc esi test al,al jnz JUMP_003297 jmp JUMP_003310 JUMP_003298: ; Pos = 33085 add esi,byte +0x4 jmp JUMP_003310 JUMP_003299: ; Pos = 3308d mov al,[esi] inc esi test al,al jnz JUMP_003299 jmp JUMP_003310 JUMP_003300: ; Pos = 33099 mov eax,ebx and eax,0xc0 sub eax,byte +0x1 jc JUMP_003301 sub eax,byte +0x3f jz near JUMP_003305 sub eax,byte +0x40 jz near JUMP_003307 sub eax,byte +0x40 jz near JUMP_003308 jmp JUMP_003310 JUMP_003301: ; Pos = 330c5 cmp byte [esi],0xff jnz JUMP_003303 mov eax,[ebp+0x10] push eax lea eax,[ebp-0x2c] push eax inc esi push esi lea eax,[ebp-0xc] push eax lea eax,[ebp-0x10] push eax push edi call FUNC_000823 add esp,byte +0x18 mov esi,eax cmp dword [ebp-0x10],byte +0x0 jl near JUMP_003311 cmp dword [ebp-0xc],byte +0x0 jnl JUMP_003302 xor eax,eax mov [ebp-0xc],eax JUMP_003302: ; Pos = 330fc mov eax,[ebp-0xc] cmp eax,[ebp-0x10] jz near JUMP_003310 movsx eax,bl push eax lea eax,[ebp-0x2c] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax push edi call FUNC_000811 add esp,byte +0x14 jmp JUMP_003310 JUMP_003303: ; Pos = 33126 lea eax,[ebp-0x2c] push eax push esi lea eax,[ebp-0xc] push eax lea eax,[ebp-0x10] push eax push edi call FUNC_000822 add esp,byte +0x14 mov esi,eax cmp dword [ebp-0x10],byte +0x0 jl near JUMP_003311 cmp dword [ebp-0xc],byte +0x0 jnl JUMP_003304 xor eax,eax mov [ebp-0xc],eax JUMP_003304: ; Pos = 33153 mov eax,[ebp-0xc] cmp eax,[ebp-0x10] jz near JUMP_003310 movsx eax,bl push eax lea eax,[ebp-0x2c] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax push edi call FUNC_000812 add esp,byte +0x14 jmp JUMP_003310 JUMP_003305: ; Pos = 3317d lea eax,[ebp-0x2c] push eax push esi lea eax,[ebp-0xc] push eax lea eax,[ebp-0x10] push eax push edi call FUNC_000824 add esp,byte +0x14 mov esi,eax cmp dword [ebp-0x10],byte +0x0 jl near JUMP_003310 sub dword [ebp-0xc],byte +0x2 cmp dword [ebp-0xc],byte +0x0 jnl JUMP_003306 xor eax,eax mov [ebp-0xc],eax JUMP_003306: ; Pos = 331ae mov eax,[ebp-0xc] cmp eax,[ebp-0x10] jz near JUMP_003310 movsx eax,bl push eax lea eax,[ebp-0x2c] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax push edi call FUNC_000810 add esp,byte +0x14 jmp short JUMP_003310 JUMP_003307: ; Pos = 331d5 xor eax,eax mov al,[esi] shl eax,0x8 inc esi xor edx,edx mov dl,[esi] or eax,edx inc esi mov dl,[esi] inc esi mov cl,[esi] inc esi mov ebx,[ebp+0x10] push ebx movsx edx,dl push edx movsx edx,cl push edx push eax push edi call FUNC_000820 add esp,byte +0x14 jmp short JUMP_003310 JUMP_003308: ; Pos = 33202 lea eax,[ebp-0x2c] push eax push esi lea eax,[ebp-0xc] push eax lea eax,[ebp-0x10] push eax push edi call FUNC_000822 add esp,byte +0x14 mov esi,eax cmp dword [ebp-0x10],byte +0x0 jl JUMP_003310 cmp dword [ebp-0xc],byte +0x0 jnl JUMP_003309 xor eax,eax mov [ebp-0xc],eax JUMP_003309: ; Pos = 3322b mov eax,[ebp-0xc] cmp eax,[ebp-0x10] jz JUMP_003310 movsx eax,bl push eax lea eax,[ebp-0x2c] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax push edi call FUNC_000811 add esp,byte +0x14 JUMP_003310: ; Pos = 3324c mov bl,[esi] inc esi test bl,bl jnz near JUMP_003293 JUMP_003311: ; Pos = 33257 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop FUNC_000822: ; Pos = 33260 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi mov ebx,[ebp+0x14] mov esi,[ebp+0xc] mov dword [esi],0x7ffffff0 mov eax,[ebp+0x10] mov dword [eax],0x80000010 JUMP_003312: ; Pos = 3327d mov al,[ebx] inc ebx test al,al jnz JUMP_003313 mov eax,ebx jmp JUMP_003318 JUMP_003313: ; Pos = 3328b lea edx,[ebp-0x4] push edx lea edx,[ebp-0x10] push edx movsx eax,al push eax mov eax,[ebp+0x8] push eax call FUNC_000825 add esp,byte +0x10 test eax,eax jng JUMP_003314 mov eax,[ebp+0x10] mov eax,[eax] cmp eax,[ebp-0x4] jg JUMP_003316 mov eax,[esi] cmp eax,[ebp-0x4] jng JUMP_003312 mov eax,[ebp-0x4] mov [esi],eax cmp dword [ebp-0x4],byte +0x0 jng JUMP_003316 jmp short JUMP_003312 JUMP_003314: ; Pos = 332c5 test eax,eax jnl JUMP_003315 mov eax,[esi] cmp eax,[ebp-0x4] jl JUMP_003316 mov eax,[ebp+0x10] mov eax,[eax] cmp eax,[ebp-0x4] jnl JUMP_003312 mov eax,[ebp+0x10] mov edx,[ebp-0x4] mov [eax],edx mov eax,[ebp+0x18] mov edx,[ebp-0x10] mov [eax],edx mov edx,[ebp-0xc] mov [eax+0x4],edx mov edx,[ebp-0x8] mov [eax+0x8],edx jmp short JUMP_003312 JUMP_003315: ; Pos = 332f8 cmp dword [ebp-0x4],byte +0x0 jnl near JUMP_003312 JUMP_003316: ; Pos = 33302 mov dword [esi],0x80000010 JUMP_003317: ; Pos = 33308 mov al,[ebx] inc ebx test al,al jnz JUMP_003317 mov eax,ebx JUMP_003318: ; Pos = 33311 pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_000823: ; Pos = 33318 push ebp mov ebp,esp add esp,0xffffff64 push ebx push esi push edi mov esi,[ebp+0x8] mov eax,[ebp+0x14] movzx eax,byte [eax] mov edx,[ebp+0x14] movzx edx,byte [edx+0x1] mov ecx,[ebp+0x14] movzx ecx,byte [ecx+0x2] mov [ebp-0x4],ecx mov ecx,[ebp+0x14] movzx ecx,byte [ecx+0x3] mov [ebp-0x8],ecx mov ecx,[ebp+0x14] movzx ecx,byte [ecx+0x5] shl ecx,0x8 mov ebx,[ebp+0x14] movzx ebx,byte [ebx+0x4] or ecx,ebx mov [ebp-0xc],ecx mov ecx,eax sar ecx,1 lea ecx,[ecx+ecx*2] mov ebx,[esi+0x1c] mov edi,[ebx+ecx*2] mov [ebp-0x14],edi mov di,[ebx+ecx*2+0x4] mov [ebp-0x10],di test al,0x1 jz JUMP_003319 movsx eax,byte [ebp-0x12] neg eax mov [ebp-0x30],eax jmp short JUMP_003320 JUMP_003319: ; Pos = 33386 movsx eax,byte [ebp-0x12] mov [ebp-0x30],eax JUMP_003320: ; Pos = 3338d movsx eax,byte [ebp-0x11] mov [ebp-0x2c],eax movsx eax,byte [ebp-0x10] mov [ebp-0x28],eax mov eax,edx sar eax,1 lea eax,[eax+eax*2] mov ecx,[esi+0x1c] mov ebx,[ecx+eax*2] mov [ebp-0x14],ebx mov bx,[ecx+eax*2+0x4] mov [ebp-0x10],bx test dl,0x1 jz JUMP_003321 movsx eax,byte [ebp-0x12] neg eax mov [ebp-0x78],eax jmp short JUMP_003322 JUMP_003321: ; Pos = 333c4 movsx eax,byte [ebp-0x12] mov [ebp-0x78],eax JUMP_003322: ; Pos = 333cb movsx eax,byte [ebp-0x11] mov [ebp-0x74],eax movsx eax,byte [ebp-0x10] mov [ebp-0x70],eax mov eax,[ebp-0x4] sar eax,1 lea eax,[eax+eax*2] mov edx,[esi+0x1c] mov ecx,[edx+eax*2] mov [ebp-0x14],ecx mov cx,[edx+eax*2+0x4] mov [ebp-0x10],cx test byte [ebp-0x4],0x1 jz JUMP_003323 movsx eax,byte [ebp-0x12] neg eax mov [ebp-0x6c],eax jmp short JUMP_003324 JUMP_003323: ; Pos = 33404 movsx eax,byte [ebp-0x12] mov [ebp-0x6c],eax JUMP_003324: ; Pos = 3340b movsx eax,byte [ebp-0x11] mov [ebp-0x68],eax movsx eax,byte [ebp-0x10] mov [ebp-0x64],eax mov eax,[ebp-0x8] sar eax,1 lea eax,[eax+eax*2] mov edx,[esi+0x1c] mov ecx,[edx+eax*2] mov [ebp-0x14],ecx mov cx,[edx+eax*2+0x4] mov [ebp-0x10],cx test byte [ebp-0x8],0x1 jz JUMP_003325 movsx eax,byte [ebp-0x12] neg eax mov [ebp-0x60],eax jmp short JUMP_003326 JUMP_003325: ; Pos = 33444 movsx eax,byte [ebp-0x12] mov [ebp-0x60],eax JUMP_003326: ; Pos = 3344b movsx eax,byte [ebp-0x11] mov [ebp-0x5c],eax movsx eax,byte [ebp-0x10] mov [ebp-0x58],eax mov eax,[esi+0x20] sub eax,[esi+0x24] test eax,eax jnl JUMP_003327 neg eax mov ecx,eax sar dword [ebp-0x30],cl mov ecx,eax sar dword [ebp-0x2c],cl mov ecx,eax sar dword [ebp-0x28],cl mov ecx,eax sar dword [ebp-0x78],cl mov ecx,eax sar dword [ebp-0x74],cl mov ecx,eax sar dword [ebp-0x70],cl mov ecx,eax sar dword [ebp-0x6c],cl mov ecx,eax sar dword [ebp-0x68],cl mov ecx,eax sar dword [ebp-0x64],cl mov ecx,eax sar dword [ebp-0x60],cl mov ecx,eax sar dword [ebp-0x5c],cl mov ecx,eax sar dword [ebp-0x58],cl jmp short JUMP_003328 JUMP_003327: ; Pos = 334a3 mov ecx,eax shl dword [ebp-0x30],cl mov ecx,eax shl dword [ebp-0x2c],cl mov ecx,eax shl dword [ebp-0x28],cl mov ecx,eax shl dword [ebp-0x78],cl mov ecx,eax shl dword [ebp-0x74],cl mov ecx,eax shl dword [ebp-0x70],cl mov ecx,eax shl dword [ebp-0x6c],cl mov ecx,eax shl dword [ebp-0x68],cl mov ecx,eax shl dword [ebp-0x64],cl mov ecx,eax shl dword [ebp-0x60],cl mov ecx,eax shl dword [ebp-0x5c],cl mov ecx,eax shl dword [ebp-0x58],cl JUMP_003328: ; Pos = 334df mov eax,[ebp-0x30] neg eax add [ebp-0x78],eax mov edx,[ebp-0x2c] neg edx add [ebp-0x74],edx mov ecx,[ebp-0x28] neg ecx add [ebp-0x70],ecx mov ebx,[ebp-0x30] neg ebx add [ebp-0x6c],eax mov ebx,[ebp-0x2c] neg ebx add [ebp-0x68],edx mov ebx,[ebp-0x28] neg ebx add [ebp-0x64],ecx mov ebx,[ebp-0x30] neg ebx add [ebp-0x60],eax mov eax,[ebp-0x2c] neg eax add [ebp-0x5c],edx mov eax,[ebp-0x28] neg eax add [ebp-0x58],ecx mov eax,[esi] sub [ebp-0x30],eax mov eax,[esi+0x4] sub [ebp-0x2c],eax mov eax,[esi+0x8] sub [ebp-0x28],eax test byte [DATA_008767],0x8 jz JUMP_003329 mov eax,[ebp+0x18] mov edx,[ebp-0x30] mov [eax],edx mov edx,[ebp-0x2c] mov [eax+0x4],edx mov edx,[ebp-0x28] mov [eax+0x8],edx JUMP_003329: ; Pos = 33555 lea eax,[ebp-0x30] push eax call FUNC_001466 pop ecx mov edi,eax mov eax,[ebp+0x1c] mov edx,[eax+0x138] mov [ebp-0x20],edx mov edx,[eax+0x13c] mov [ebp-0x1c],edx mov eax,[esi+0x24] neg eax push eax lea eax,[ebp-0x20] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,edi sub eax,[ebp-0x20] cmp eax,[DATA_008765] jl JUMP_003330 mov eax,[ebp+0xc] mov dword [eax],0x80000010 mov eax,[ebp+0x10] mov dword [eax],0x80000010 mov eax,[ebp+0x14] add eax,byte +0x6 push eax call FUNC_001822 pop ecx jmp JUMP_003350 JUMP_003330: ; Pos = 335b9 mov eax,[esi+0xc] shl eax,0x10 push eax mov eax,[ebp-0x30] push eax call FUNC_001521 add esp,byte +0x8 mov ebx,eax mov eax,[esi+0x10] shl eax,0x10 push eax mov eax,[ebp-0x2c] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax mov eax,[esi+0x14] shl eax,0x10 push eax mov eax,[ebp-0x28] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax sar edi,1 neg edi cmp ebx,edi jnl JUMP_003331 mov eax,[ebp+0xc] mov dword [eax],0x80000010 mov eax,[ebp+0x10] mov dword [eax],0x80000010 mov eax,[ebp+0x14] add eax,byte +0x6 push eax call FUNC_001822 pop ecx jmp JUMP_003350 JUMP_003331: ; Pos = 33624 mov eax,[esi+0xc] mov [ebp+0xffffff7c],eax mov eax,[esi+0x10] mov [ebp-0x80],eax mov eax,[esi+0x14] mov [ebp-0x7c],eax mov eax,[ebp+0xffffff7c] test eax,eax jz near JUMP_003338 mov [ebp+0xffffff70],eax mov eax,[ebp-0x80] mov [ebp+0xffffff74],eax xor eax,eax mov [ebp+0xffffff78],eax lea eax,[ebp+0xffffff70] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov edi,eax mov ebx,[ebp+0xffffff70] test ebx,ebx jnl JUMP_003333 push edi neg ebx push ebx call FUNC_001523 add esp,byte +0x8 mov esi,eax test esi,esi jnl JUMP_003332 mov esi,0x7fffffff JUMP_003332: ; Pos = 3368f neg esi jmp short JUMP_003334 JUMP_003333: ; Pos = 33693 push edi mov eax,[ebp+0xffffff70] push eax call FUNC_001523 add esp,byte +0x8 mov esi,eax test esi,esi jnl JUMP_003334 mov esi,0x7fffffff JUMP_003334: ; Pos = 336ae mov ebx,[ebp+0xffffff74] test ebx,ebx jnl JUMP_003336 push edi neg ebx push ebx call FUNC_001523 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnl JUMP_003335 mov ebx,0x7fffffff JUMP_003335: ; Pos = 336cf neg ebx jmp short JUMP_003337 JUMP_003336: ; Pos = 336d3 push edi mov eax,[ebp+0xffffff74] push eax call FUNC_001523 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnl JUMP_003337 mov ebx,0x7fffffff JUMP_003337: ; Pos = 336ee mov [ebp-0x54],ebx mov [ebp-0x50],esi xor eax,eax mov [ebp-0x4c],eax neg esi mov [ebp-0x48],esi mov [ebp-0x44],ebx xor eax,eax mov [ebp-0x40],eax xor eax,eax mov [ebp-0x3c],eax xor eax,eax mov [ebp-0x38],eax mov dword [ebp-0x34],0x7fffffff mov [ebp-0x80],edi jmp short JUMP_003339 JUMP_003338: ; Pos = 3371c mov dword [ebp-0x54],0x7fffffff xor eax,eax mov [ebp-0x50],eax xor eax,eax mov [ebp-0x4c],eax xor eax,eax mov [ebp-0x48],eax mov dword [ebp-0x44],0x7fffffff xor eax,eax mov [ebp-0x40],eax xor eax,eax mov [ebp-0x3c],eax xor eax,eax mov [ebp-0x38],eax mov dword [ebp-0x34],0x7fffffff JUMP_003339: ; Pos = 3374f mov eax,[ebp-0x80] test eax,eax jz near JUMP_003346 xor edx,edx mov [ebp+0xffffff64],edx mov [ebp+0xffffff68],eax mov eax,[ebp-0x7c] mov [ebp+0xffffff6c],eax lea eax,[ebp+0xffffff64] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov edi,eax mov ebx,[ebp+0xffffff68] test ebx,ebx jnl JUMP_003341 push edi neg ebx push ebx call FUNC_001523 add esp,byte +0x8 mov esi,eax test esi,esi jnl JUMP_003340 mov esi,0x7fffffff JUMP_003340: ; Pos = 337a2 neg esi jmp short JUMP_003342 JUMP_003341: ; Pos = 337a6 push edi mov eax,[ebp+0xffffff68] push eax call FUNC_001523 add esp,byte +0x8 mov esi,eax test esi,esi jnl JUMP_003342 mov esi,0x7fffffff JUMP_003342: ; Pos = 337c1 mov ebx,[ebp+0xffffff6c] test ebx,ebx jnl JUMP_003344 push edi neg ebx push ebx call FUNC_001523 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnl JUMP_003343 mov ebx,0x7fffffff JUMP_003343: ; Pos = 337e2 neg ebx jmp short JUMP_003345 JUMP_003344: ; Pos = 337e6 push edi mov eax,[ebp+0xffffff6c] push eax call FUNC_001523 add esp,byte +0x8 mov ebx,eax test ebx,ebx jnl JUMP_003345 mov ebx,0x7fffffff JUMP_003345: ; Pos = 33801 push esi mov eax,[ebp-0x50] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x4c],eax push ebx mov eax,[ebp-0x50] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x50],eax push esi mov eax,[ebp-0x44] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x40],eax push ebx mov eax,[ebp-0x44] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x44],eax neg esi mov [ebp-0x38],esi mov [ebp-0x34],ebx JUMP_003346: ; Pos = 33849 lea eax,[ebp-0x54] push eax lea eax,[ebp-0x30] push eax lea eax,[ebp-0x30] push eax call FUNC_001669_VecMatMul add esp,byte +0xc lea eax,[ebp-0x54] push eax lea eax,[ebp-0x78] push eax lea eax,[ebp-0x78] push eax call FUNC_001669_VecMatMul add esp,byte +0xc lea eax,[ebp-0x54] push eax lea eax,[ebp-0x6c] push eax lea eax,[ebp-0x6c] push eax call FUNC_001669_VecMatMul add esp,byte +0xc lea eax,[ebp-0x54] push eax lea eax,[ebp-0x60] push eax lea eax,[ebp-0x60] push eax call FUNC_001669_VecMatMul add esp,byte +0xc push byte +0x2 push byte +0x0 push byte +0x0 push byte +0x0 mov eax,[ebp-0xc] push eax lea eax,[ebp-0x78] push eax lea eax,[ebp-0x30] push eax mov eax,[ebp+0x14] add eax,byte +0x6 push eax push byte +0x0 mov eax,[ebp+0x1c] push eax mov eax,[DATA_008765] push eax lea eax,[ebp-0x18] push eax call FUNC_001876 add esp,byte +0x30 mov [ebp+0x14],eax mov eax,[ebp-0x18] cmp eax,[DATA_008765] jnl JUMP_003348 test byte [DATA_008767],0x8 jz JUMP_003347 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x18] push eax call FUNC_001518 add esp,byte +0x8 mov eax,[ebp+0x18] neg dword [eax] mov eax,[ebp+0x18] neg dword [eax+0x4] mov eax,[ebp+0x18] neg dword [eax+0x8] JUMP_003347: ; Pos = 33904 mov eax,[ebp+0x10] mov edx,[ebp-0x18] mov [eax],edx mov eax,[ebp+0xc] mov dword [eax],0x7ffffff0 jmp short JUMP_003349 JUMP_003348: ; Pos = 33917 mov eax,[ebp+0x10] mov dword [eax],0x80000010 mov eax,[ebp+0xc] mov dword [eax],0x80000010 JUMP_003349: ; Pos = 33929 mov eax,[ebp+0x14] JUMP_003350: ; Pos = 3392c pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_000824: ; Pos = 33934 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi mov ebx,[ebp+0x14] mov esi,[ebp+0xc] mov dword [esi],0x7ffffff0 mov eax,[ebp+0x10] mov dword [eax],0x80000010 JUMP_003351: ; Pos = 33951 mov al,[ebx] inc ebx test al,al jnz JUMP_003352 mov eax,ebx jmp JUMP_003357 JUMP_003352: ; Pos = 3395f lea edx,[ebp-0x4] push edx lea edx,[ebp-0x10] push edx movsx eax,al push eax mov eax,[ebp+0x8] push eax call FUNC_000825 add esp,byte +0x10 test eax,eax jnl JUMP_003353 mov eax,[ebp+0x10] mov eax,[eax] cmp eax,[ebp-0x4] jg JUMP_003355 mov eax,[esi] cmp eax,[ebp-0x4] jng JUMP_003351 mov eax,[ebp-0x4] mov [esi],eax mov eax,[ebp+0x18] mov edx,[ebp-0x10] mov [eax],edx mov edx,[ebp-0xc] mov [eax+0x4],edx mov edx,[ebp-0x8] mov [eax+0x8],edx cmp dword [ebp-0x4],byte +0x0 jl JUMP_003355 jmp short JUMP_003351 JUMP_003353: ; Pos = 339ad test eax,eax jng JUMP_003354 mov eax,[esi] cmp eax,[ebp-0x4] jl JUMP_003355 mov eax,[ebp+0x10] mov eax,[eax] cmp eax,[ebp-0x4] jnl JUMP_003351 mov eax,[ebp+0x10] mov edx,[ebp-0x4] mov [eax],edx jmp short JUMP_003351 JUMP_003354: ; Pos = 339cc cmp dword [ebp-0x4],byte +0x0 jng near JUMP_003351 JUMP_003355: ; Pos = 339d6 mov dword [esi],0x80000010 JUMP_003356: ; Pos = 339dc mov al,[ebx] inc ebx test al,al jnz JUMP_003356 mov eax,ebx JUMP_003357: ; Pos = 339e5 pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_000825: ; Pos = 339ec push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi push edi mov ebx,[ebp+0x10] mov eax,[ebp+0xc] mov esi,[ebp+0x8] mov edx,eax shr edx,1 lea edx,[edx+edx*2] mov ecx,[esi+0x18] mov edi,[ecx+edx*2-0x6] mov [ebp-0x8],edi mov di,[ecx+edx*2-0x2] mov [ebp-0x4],di xor edx,edx mov dl,[ebp-0x8] sar edx,1 lea edx,[edx+edx*2] mov ecx,[esi+0x1c] mov edi,[ecx+edx*2] mov [ebp-0x10],edi mov di,[ecx+edx*2+0x4] mov [ebp-0xc],di test al,0x1 jz JUMP_003358 movsx eax,byte [ebp-0x6] neg eax shl eax,0x18 mov [ebx],eax movsx eax,byte [ebp-0x5] shl eax,0x18 mov [ebx+0x4],eax movsx eax,byte [ebp-0x4] shl eax,0x18 mov [ebx+0x8],eax movsx eax,byte [ebp-0xe] mov [ebp-0x1c],eax movsx eax,byte [ebp-0xd] mov [ebp-0x18],eax movsx eax,byte [ebp-0xc] mov [ebp-0x14],eax test byte [ebp-0x8],0x1 jnz JUMP_003359 neg dword [ebp-0x1c] jmp short JUMP_003359 JUMP_003358: ; Pos = 33a77 movsx eax,byte [ebp-0x6] shl eax,0x18 mov [ebx],eax movsx eax,byte [ebp-0x5] shl eax,0x18 mov [ebx+0x4],eax movsx eax,byte [ebp-0x4] shl eax,0x18 mov [ebx+0x8],eax movsx eax,byte [ebp-0xe] mov [ebp-0x1c],eax movsx eax,byte [ebp-0xd] mov [ebp-0x18],eax movsx eax,byte [ebp-0xc] mov [ebp-0x14],eax test byte [ebp-0x8],0x1 jz JUMP_003359 neg dword [ebp-0x1c] JUMP_003359: ; Pos = 33ab2 mov eax,[esi+0x20] sub eax,[esi+0x24] test eax,eax jnl JUMP_003360 neg eax mov ecx,eax sar dword [ebp-0x1c],cl mov ecx,eax sar dword [ebp-0x18],cl mov ecx,eax sar dword [ebp-0x14],cl jmp short JUMP_003361 JUMP_003360: ; Pos = 33acf mov ecx,eax shl dword [ebp-0x1c],cl mov ecx,eax shl dword [ebp-0x18],cl mov ecx,eax shl dword [ebp-0x14],cl JUMP_003361: ; Pos = 33ade mov eax,[esi] sub [ebp-0x1c],eax mov eax,[esi+0x4] sub [ebp-0x18],eax mov eax,[esi+0x8] sub [ebp-0x14],eax mov eax,[ebx] push eax mov eax,[esi+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[ebx+0x4] push eax mov eax,[esi+0x10] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[ebx+0x8] push eax mov eax,[esi+0x14] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov esi,edi mov eax,[ebx] push eax mov eax,[ebp-0x1c] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[ebx+0x4] push eax mov eax,[ebp-0x18] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[ebx+0x8] push eax mov eax,[ebp-0x14] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[ebp+0x14] mov [eax],edi test esi,esi jz JUMP_003362 mov ebx,edi xor ebx,esi push esi call _abs pop ecx shl eax,0x10 push eax push edi call _abs pop ecx push eax call FUNC_001523 add esp,byte +0x8 mov edx,[ebp+0x14] mov [edx],eax test ebx,ebx jnl JUMP_003362 mov eax,[ebp+0x14] mov eax,[eax] neg eax mov edx,[ebp+0x14] mov [edx],eax JUMP_003362: ; Pos = 33b98 mov eax,esi pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_000826: ; Pos = 33ba4 push ebp mov ebp,esp add esp,byte -0x44 push ebx push esi push edi mov ebx,[ebp+0x10] lea esi,[ebp-0x2c] mov eax,[ebp+0x8] push esi mov edi,esi mov esi,eax mov ecx,0x6 rep movsd pop esi mov eax,[ebp+0xc] mov edx,[eax+0x138] mov [ebp-0x10],edx mov edx,[eax+0x13c] mov [ebp-0xc],edx cmp dword [ebp-0xc],byte +0x0 jnz JUMP_003363 cmp dword [ebp-0x10],0x3e8 jc near JUMP_003374 JUMP_003363: ; Pos = 33beb push dword [DATA_008713] push dword [DATA_008712] push dword [ebp-0xc] push dword [ebp-0x10] lea eax,[ebp-0x8] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 cmp dword [esi+0x14],byte +0x0 jnl JUMP_003364 not dword [esi+0x10] not dword [esi+0x14] JUMP_003364: ; Pos = 33c15 mov eax,[esi+0x14] cmp eax,[ebp-0x4] jg near JUMP_003374 mov eax,[esi+0x14] cmp eax,[ebp-0x4] jnz JUMP_003365 mov eax,[esi+0x10] cmp eax,[ebp-0x8] jnc near JUMP_003374 JUMP_003365: ; Pos = 33c35 cmp dword [esi+0xc],byte +0x0 jnl JUMP_003366 not dword [esi+0x8] not dword [esi+0xc] JUMP_003366: ; Pos = 33c41 mov eax,[esi+0xc] cmp eax,[ebp-0x4] jg near JUMP_003374 mov eax,[esi+0xc] cmp eax,[ebp-0x4] jnz JUMP_003367 mov eax,[esi+0x8] cmp eax,[ebp-0x8] jnc near JUMP_003374 JUMP_003367: ; Pos = 33c61 cmp dword [esi+0x4],byte +0x0 jnl JUMP_003368 not dword [esi] not dword [esi+0x4] JUMP_003368: ; Pos = 33c6c mov eax,[esi+0x4] cmp eax,[ebp-0x4] jg near JUMP_003374 mov eax,[esi+0x4] cmp eax,[ebp-0x4] jnz JUMP_003369 mov eax,[esi] cmp eax,[ebp-0x8] jnc near JUMP_003374 JUMP_003369: ; Pos = 33c8b mov edi,[esi+0x4] or edi,[esi+0xc] or edi,[esi+0x14] or edi,[ebp-0xc] test edi,edi jz JUMP_003370 push edi call FUNC_001656_FindMSB pop ecx add eax,byte +0x3 mov edi,eax jmp short JUMP_003371 JUMP_003370: ; Pos = 33ca9 mov eax,[esi] or eax,[esi+0x8] or eax,[esi+0x10] or eax,[ebp-0x10] push eax call FUNC_001656_FindMSB pop ecx mov edi,eax add edi,byte -0x1d JUMP_003371: ; Pos = 33cc0 mov eax,[ebp+0x8] push esi push edi mov edi,esi mov esi,eax mov ecx,0x6 rep movsd pop edi pop esi mov eax,edi neg eax push eax push esi call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,edi neg eax push eax lea eax,[esi+0x8] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,edi neg eax push eax lea eax,[esi+0x10] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,edi neg eax push eax lea eax,[ebp-0x10] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[esi+0x10] push eax mov eax,[ebx+0x4] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0x8] push eax mov eax,[ebx+0x8] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 pop edx sub edx,eax mov [ebp-0x38],edx mov eax,[esi] push eax mov eax,[ebx+0x8] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0x10] push eax mov eax,[ebx] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 pop edx sub edx,eax mov [ebp-0x34],edx mov eax,[esi+0x8] push eax mov eax,[ebx] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi] push eax mov eax,[ebx+0x4] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 pop edx sub edx,eax mov [ebp-0x30],edx lea eax,[ebp-0x38] push eax call FUNC_001466 pop ecx mov [ebp-0x14],eax mov eax,[ebp-0x14] cmp eax,[ebp-0x10] jnl near JUMP_003374 mov eax,[esi] push eax mov eax,[ebx] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0x8] push eax mov eax,[ebx+0x4] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[esi+0x10] push eax mov eax,[ebx+0x8] shl eax,0x10 push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov ebx,edx test ebx,ebx jl JUMP_003372 mov eax,[esi] mov [ebp-0x44],eax mov eax,[esi+0x8] mov [ebp-0x40],eax mov eax,[esi+0x10] mov [ebp-0x3c],eax lea eax,[ebp-0x44] push eax call FUNC_001466 pop ecx cmp eax,[ebp-0x10] jnc near JUMP_003374 xor eax,eax mov [DATA_008771],eax xor eax,eax mov [ebp-0x4],eax mov [ebp-0x8],eax jmp short JUMP_003373 JUMP_003372: ; Pos = 33e29 neg ebx mov eax,[ebp-0x10] push eax call near [DATA_007737] ; FUNC_001522 pop ecx push eax mov eax,[ebp-0x14] push eax call near [DATA_007737] ; FUNC_001522 pop ecx pop edx sub edx,eax shr edx,1 push edx call near [DATA_007738] ; FUNC_001502 pop ecx sub ebx,eax mov [ebp-0x8],ebx mov [DATA_008771],ebx xor eax,eax mov [ebp-0x4],eax push edi lea eax,[ebp-0x8] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x4] cmp eax,[DATA_008713] jg JUMP_003374 mov eax,[ebp-0x4] cmp eax,[DATA_008713] jnz JUMP_003373 mov eax,[ebp-0x8] cmp eax,[DATA_008712] ja JUMP_003374 JUMP_003373: ; Pos = 33e8d mov al,[DATA_008760] mov [DATA_008761],al mov eax,[ebp-0x8] mov [DATA_008712],eax mov eax,[ebp-0x4] mov [DATA_008713],eax mov byte [DATA_008762],0x1c mov byte [DATA_008763],0x1f mov eax,[esi] mov [DATA_008768],eax mov eax,[esi+0x8] mov [DATA_008769],eax mov eax,[esi+0x10] mov [DATA_008770],eax mov eax,[ebp+0xc] mov [DATA_008714],eax mov byte [DATA_008757],0xff or byte [DATA_008711],0x80 JUMP_003374: ; Pos = 33ee4 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000827: ; Pos = 33eec push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,edx mov ebx,eax shl bx,cl mov ecx,0x10 sub ecx,edx movzx eax,ax sar eax,cl or bx,ax mov eax,ebx pop ebx pop ebp ret FUNC_000828: ; Pos = 33f11 push ebp mov ebp,esp add esp,0xfffffeec mov eax,[DATA_008944] sar eax,0x10 sub eax,0x1718 mov [ebp-0x14],eax mov eax,[DATA_008945] sar eax,0x10 sub eax,0x1524 mov [ebp-0x10],eax push byte +0x0 push dword 0x93 push byte +0x6 push byte +0xf lea eax,[ebp-0x14] push eax push dword 0x84ae call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 cmp dword [DATA_008963],byte +0x0 jz JUMP_003379 cmp dword [DATA_008963],byte +0x0 jng JUMP_003375 mov eax,0x84af jmp short JUMP_003376 JUMP_003375: ; Pos = 33f70 mov eax,0x84b1 cmp dword [DATA_008963],0xffffd8f1 jz JUMP_003376 dec eax JUMP_003376: ; Pos = 33f82 cmp dword [DATA_008963],byte +0x0 jng JUMP_003377 mov edx,[DATA_008963] jmp short JUMP_003378 JUMP_003377: ; Pos = 33f93 mov edx,[DATA_008963] neg edx JUMP_003378: ; Pos = 33f9b mov [ebp-0x14],edx push byte +0x0 push dword 0x89 push byte +0x6 push byte +0xc lea edx,[ebp-0x14] push edx push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_003379: ; Pos = 33fb7 mov esp,ebp pop ebp ret FUNC_000829: ; Pos = 33fbb push ebp mov ebp,esp push ebx push esi push edi mov edx,[ebp+0x8] mov ebx,DATA_008776 mov esi,DATA_008804 mov edi,DATA_006820 mov eax,edx and eax,0xff00 sar eax,0x8 and edx,0xff dec edx jnz near JUMP_003380 xor edx,edx mov [DATA_006797],edx lea edx,[eax+eax*4] mov edx,[edi+edx*4] mov [esi+0x250],edx mov [esi+0x23a],edx mov [esi+0x25c],edx lea edx,[eax+eax*4] mov edx,[edi+edx*4+0x4] mov [esi+0x254],edx mov [esi+0x23e],edx mov [esi+0x260],edx lea edx,[eax+eax*4] mov edx,[edi+edx*4+0x8] mov [esi+0x258],edx mov [esi+0x264],edx mov dword [esi+0x242],0x30d40 lea edx,[eax+eax*4] mov edx,[edi+edx*4+0x10] shr edx,0x8 push edx lea edx,[eax+eax*4] mov edx,[edi+edx*4+0x10] and edx,0xff push edx lea eax,[eax+eax*4] push dword [edi+eax*4+0xc] call FUNC_000832 add esp,byte +0xc mov word [esi+0x24e],0x69 mov dword [esi+0x29a],0x1 mov byte [esi+0x299],0x0 mov dword [ebx],0xa8 mov dword [ebx+0x4],0x155 xor eax,eax mov [ebx+0x8],eax xor eax,eax mov [ebx+0xc],eax xor eax,eax mov [ebx+0x10],eax mov dword [ebx+0x14],0x156 mov dword [ebx+0x18],0x157 mov dword [ebx+0x1c],0xad xor eax,eax mov [ebx+0x20],eax xor eax,eax mov [ebx+0x24],eax xor eax,eax mov [ebx+0x28],eax xor eax,eax mov [ebx+0x2c],eax xor eax,eax mov [ebx+0x30],eax xor eax,eax mov [ebx+0x34],eax xor eax,eax mov [ebx+0x38],eax xor eax,eax mov [ebx+0x3c],eax mov dword [ebx+0x40],0x158 mov dword [ebx+0x44],0xad xor eax,eax mov [ebx+0x48],eax xor eax,eax mov [ebx+0x4c],eax xor eax,eax mov [ebx+0x50],eax xor eax,eax mov [ebx+0x54],eax xor eax,eax mov [ebx+0x58],eax xor eax,eax mov [ebx+0x5c],eax mov dword [ebx+0x60],0x159 xor eax,eax mov [ebx+0x64],eax xor eax,eax mov [ebx+0x68],eax xor eax,eax mov [ebx+0x6c],eax xor eax,eax mov [ebx+0x70],eax xor eax,eax mov [ebx+0x74],eax xor eax,eax mov [ebx+0x78],eax xor eax,eax mov [ebx+0x7c],eax xor eax,eax mov [ebx+0x80],eax mov dword [ebx+0x84],0xad xor eax,eax mov [ebx+0x88],eax xor eax,eax mov [ebx+0x8c],eax xor eax,eax mov [ebx+0x90],eax mov dword [ebx+0x94],0xad mov dword [ebx+0x98],0xad xor eax,eax mov [ebx+0x9c],eax xor eax,eax mov [ebx+0xa0],eax xor eax,eax mov [ebx+0xa4],eax xor eax,eax mov [ebx+0xa8],eax xor eax,eax mov [ebx+0xac],eax xor eax,eax mov [ebx+0xb0],eax xor eax,eax mov [ebx+0xb4],eax mov dword [ebx+0xb8],0xad mov dword [ebx+0xbc],0xad mov dword [ebx+0xc0],0xae JUMP_003380: ; Pos = 341c5 pop edi pop esi pop ebx pop ebp ret FUNC_000830: ; Pos = 341ca push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0x10] mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,DATA_006823 and eax,0x1ff cmp eax,0x1fe jnz JUMP_003381 mov eax,[ebp+0x14] shr eax,0xd and eax,0x1fff sub eax,0x1524 push eax mov ax,[ebp+0x14] and eax,0x1fff sub eax,0x1718 push eax push dword DATA_007097 push esi call _sprintf add esp,byte +0x10 push esi call _strlen pop ecx add eax,esi jmp JUMP_003387 JUMP_003381: ; Pos = 34229 cmp eax,0x1fe jnc JUMP_003382 test eax,eax jna JUMP_003382 push dword DATA_006796 push edx dec eax push eax push esi call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 jmp JUMP_003387 JUMP_003382: ; Pos = 3424b mov ax,[ebp+0x14] and eax,0x1fff mov [ebp-0x4],ax mov eax,[ebp+0x14] shr eax,0xd and eax,0x1fff mov [ebp-0x2],ax xor eax,eax JUMP_003383: ; Pos = 34269 mov ebx,[eax*4+DATA_006799] cmp ebx,[ebp-0x4] jnz JUMP_003384 push dword DATA_006796 push edx mov dl,[ebp+0x17] shr edx,0x2 and edx,byte +0x3f add edx,[eax*4+DATA_006800] push edx push esi call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 jmp JUMP_003387 JUMP_003384: ; Pos = 3429b inc eax cmp eax,byte +0x31 jl JUMP_003383 xor eax,eax JUMP_003385: ; Pos = 342a3 lea edx,[eax+eax*2] mov edx,[ecx+edx*8] cmp edx,[ebp+0x14] jnz JUMP_003386 shl eax,0x3 lea eax,[eax+eax*2] lea edx,[ecx+0x4] add eax,edx push eax push esi call _strcpy add esp,byte +0x8 mov eax,esi jmp JUMP_003387 JUMP_003386: ; Pos = 342ca inc eax cmp eax,byte +0x1 jl JUMP_003385 mov bx,[ebp+0x14] and ebx,0x1fff mov edi,[ebp+0x14] shr edi,0xd and edi,0x1fff mov al,[ebp+0x17] shr eax,0x2 and eax,byte +0x3f add bx,ax add di,bx push byte +0x3 push ebx call FUNC_000827 add esp,byte +0x8 mov ebx,eax add bx,di push byte +0x5 push edi call FUNC_000827 add esp,byte +0x8 mov edi,eax add di,bx push byte +0x4 push edi call FUNC_000827 add esp,byte +0x8 mov edi,eax mov al,[ebp+0x17] shr eax,0x2 and eax,byte +0x3f and eax,byte +0xf push eax push ebx call FUNC_000827 add esp,byte +0x8 mov ebx,eax add bx,di movzx edi,bx push byte +0xb push ebx call FUNC_000827 add esp,byte +0x8 mov ebx,eax movzx eax,ax mov [ebp-0x8],eax push byte +0xb push ebx call FUNC_000827 add esp,byte +0x8 mov ebx,eax movzx eax,ax and eax,byte +0x7c sar eax,0x2 shl eax,0x2 add eax,DATA_006802 push eax mov eax,[ebp-0x8] and eax,byte +0x7c sar eax,0x2 shl eax,0x2 add eax,DATA_006802 push eax and edi,byte +0x7c sar edi,0x2 shl edi,0x2 add edi,DATA_006802 push edi push dword DATA_007098 push esi call _sprintf add esp,byte +0x14 add byte [esi],0xe0 push esi call _strlen pop ecx add eax,esi JUMP_003387: ; Pos = 343b0 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000831: ; Pos = 343b7 push ebp mov ebp,esp push ecx mov edx,[ebp+0xc] mov eax,[ebp+0x8] and eax,0x1ff cmp eax,0x1f0 jc JUMP_003393 mov ecx,eax shr ecx,1 and ecx,byte +0x7 sub ecx,byte +0x3 jz JUMP_003390 dec ecx jz JUMP_003389 dec ecx jz JUMP_003388 dec ecx jnz JUMP_003391 mov ecx,[edx] mov [ebp-0x4],ecx jmp short JUMP_003392 JUMP_003388: ; Pos = 343e9 mov ecx,[edx+0x4] mov [ebp-0x4],ecx jmp short JUMP_003392 JUMP_003389: ; Pos = 343f1 mov ecx,[edx+0xc] mov [ebp-0x4],ecx jmp short JUMP_003392 JUMP_003390: ; Pos = 343f9 mov ecx,[edx+0x10] mov [ebp-0x4],ecx jmp short JUMP_003392 JUMP_003391: ; Pos = 34401 mov ecx,[edx+0x8] mov [ebp-0x4],ecx JUMP_003392: ; Pos = 34407 or eax,byte +0xe jmp short JUMP_003394 JUMP_003393: ; Pos = 3440c mov ecx,[edx+0x8] mov [ebp-0x4],ecx JUMP_003394: ; Pos = 34412 push dword [ebp-0x4] push dword [ebp+0x10] push edx push eax call FUNC_000830 add esp,byte +0x10 pop ecx pop ebp ret FUNC_000832: ; Pos = 34425 push ebp mov ebp,esp add esp,byte -0x40 push ebx push esi push edi mov ebx,DATA_008804 mov esi,DATA_006824 lea edi,[ebp-0x40] mov ecx,0x5 rep movsd mov esi,DATA_008657 mov al,[ebp+0x10] mov [ebx+0x269],al mov al,[ebp+0xc] mov [ebx+0x26a],al mov eax,[ebx+0x25c] sar eax,0x10 and eax,0x1fff and ax,0x1fff mov dx,[ebx+0x27c] and dx,0xe000 or ax,dx mov [ebx+0x27c],ax mov eax,[ebx+0x260] sar eax,0x10 and eax,0x1fff and eax,0x1fff shl eax,0xd mov edx,[ebx+0x27c] and edx,0xfc001fff or eax,edx mov [ebx+0x27c],eax mov eax,[ebp+0x8] and al,0x3f shl eax,0x2 mov dl,[ebx+0x27f] and dl,0x3 or al,dl mov [ebx+0x27f],al push dword [ebx+0x27c] push dword DATA_008656 lea eax,[ebp-0x40] push eax push byte +0x0 call FUNC_000830 add esp,byte +0x10 test byte [ebx+0x269],0x7 jz JUMP_003395 push dword [ebx+0x27c] push dword DATA_008657 lea eax,[ebp-0x40] push eax mov al,[ebx+0x269] and eax,byte +0x7 add eax,0x8498 push eax call FUNC_000830 add esp,byte +0x10 mov esi,eax dec esi JUMP_003395: ; Pos = 3450f push dword [ebx+0x27c] push esi lea eax,[ebp-0x40] push eax mov al,[ebx+0x26a] and eax,byte +0x1f add eax,0x8488 push eax call FUNC_000830 add esp,byte +0x10 push dword [ebx+0x258] push dword [ebx+0x254] push dword [ebx+0x250] push dword [ebx+0x264] push dword [ebx+0x260] push dword [ebx+0x25c] call FUNC_000833 add esp,byte +0x18 mov [ebx+0x26c],eax mov eax,[ebx+0x260] sar eax,0x10 mov edx,[ebx+0x260] shl edx,0x10 add eax,edx add eax,[ebx+0x25c] sub eax,[ebx+0x264] mov [ebx+0x274],eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax lea eax,[ebx+0x28c] push eax lea eax,[ebx+0x284] push eax lea eax,[ebx+0x280] push eax push dword [ebx+0x27c] call FUNC_000869 add esp,byte +0x24 test byte [ebx+0x26a],0x80 jz JUMP_003396 xor eax,eax mov [ebx+0x274],eax JUMP_003396: ; Pos = 345d1 mov al,[ebx+0x26a] and eax,byte +0xf mov eax,[eax*4+DATA_006804] mov dl,[ebx+0x26a] and edx,byte +0xf sub eax,[edx*4+DATA_006803] shr eax,0x10 mov dl,[ebx+0x269] and edx,0xf8 shl edx,0x8 imul edx mov dl,[ebx+0x26a] and edx,byte +0xf add eax,[edx*4+DATA_006803] mov [ebx+0x278],eax cmp dword [ebx+0x26c],byte +0x0 jnz JUMP_003397 and word [ebx+0xc6],0xfeff xor eax,eax mov [ebx+0x294],eax jmp short JUMP_003399 JUMP_003397: ; Pos = 34637 mov eax,[ebx+0x26c] mov [ebp-0x24],eax lea eax,[ebp-0x28] push eax lea eax,[ebp-0x2c] push eax lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0x20] push eax lea eax,[ebp-0x24] push eax push dword [ebx+0xc8] call FUNC_000899 add esp,byte +0x1c cmp dword [ebp-0x18],byte +0x0 jl JUMP_003398 mov eax,[ebp-0x18] mov [ebx+0x294],eax cmp dword [ebp-0x1c],byte +0x0 jg JUMP_003399 neg dword [ebx+0x294] jmp short JUMP_003399 JUMP_003398: ; Pos = 34683 mov dword [ebx+0x294],0xffffd8f1 JUMP_003399: ; Pos = 3468d pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000833: ; Pos = 34694 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov dword [ebp-0x4],0xe mov eax,[ebp+0x14] sub eax,[ebp+0x8] sar eax,0x8 cdq xor eax,edx sub eax,edx mov ebx,eax mov eax,[ebp+0x18] sub eax,[ebp+0xc] sar eax,0x8 cdq xor eax,edx sub eax,edx mov esi,eax mov eax,[ebp+0x1c] sub eax,[ebp+0x10] sar eax,0x8 cdq xor eax,edx sub eax,edx mov edi,eax JUMP_003400: ; Pos = 346d4 cmp ebx,0x7fff jng JUMP_003401 sar ebx,1 sar esi,1 sar edi,1 dec dword [ebp-0x4] JUMP_003401: ; Pos = 346e5 cmp esi,0x7fff jng JUMP_003402 sar ebx,1 sar esi,1 sar edi,1 dec dword [ebp-0x4] JUMP_003402: ; Pos = 346f6 cmp edi,0x7fff jng JUMP_003403 sar ebx,1 sar esi,1 sar edi,1 dec dword [ebp-0x4] JUMP_003403: ; Pos = 34707 cmp ebx,0x7fff jg JUMP_003400 cmp esi,0x7fff jg JUMP_003400 cmp edi,0x7fff jg JUMP_003400 mov eax,ebx imul ebx mov edx,esi imul edx,esi add eax,edx mov edx,edi imul edx,edi add eax,edx mov [ebp-0x8],eax fild dword [ebp-0x8] add esp,byte -0x8 fstp qword [esp] call _sqrt add esp,byte +0x8 call FUNC_002095_fstore imul eax,eax,0xc8b4 mov ecx,[ebp-0x4] sar eax,cl pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000834: ; Pos = 3475c push ebp mov ebp,esp add esp,byte -0x70 push ebx mov word [ebp-0x4],0x10 mov word [ebp-0x2],0xbc push byte +0xc call FUNC_000263_ConsoleShowButton pop ecx push byte +0x1 push byte +0xc call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 cmp byte [DATA_008627],0x0 jnz JUMP_003405 push byte +0x2 call near [DATA_007200] ; FUNC_000923 pop ecx mov byte [DATA_008809],0xfe mov byte [DATA_008953],0x0 mov dword [DATA_008943],0xffffffff mov byte [DATA_008627],0xff mov byte [DATA_008628],0xff push byte +0x0 push byte +0x0 call near [DATA_007681] ; FUNC_001444_GuiSetXYAccum add esp,byte +0x8 mov ebx,0x1c JUMP_003404: ; Pos = 347cd push ebx call FUNC_000263_ConsoleShowButton pop ecx inc ebx cmp ebx,byte +0x24 jng JUMP_003404 push byte +0x1 push byte +0x24 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 JUMP_003405: ; Pos = 347e6 pop ebx mov esp,ebp pop ebp ret FUNC_000835: ; Pos = 347eb push ebp mov ebp,esp mov eax,[ebp+0x8] test eax,eax jnl JUMP_003406 mov eax,0x1 jmp short JUMP_003408 JUMP_003406: ; Pos = 347fc cmp byte [DATA_008627],0x0 jnz JUMP_003407 xor eax,eax jmp short JUMP_003408 JUMP_003407: ; Pos = 34809 mov byte [DATA_008953],0x0 mov dword [DATA_008943],0xffffffff mov eax,0x1 JUMP_003408: ; Pos = 3481f pop ebp ret FUNC_000836: ; Pos = 34821 push ebp mov ebp,esp push byte +0x2 call FUNC_000265 pop ecx pop ebp ret FUNC_000837: ; Pos = 3482e push ebp mov ebp,esp push ecx push byte +0x2 call FUNC_000265 pop ecx mov byte [DATA_008965],0x0 pop ecx pop ebp ret FUNC_000838: ; Pos = 34844 push ebp mov ebp,esp push ecx pop ecx pop ebp ret FUNC_000839: ; Pos = 3484b push ebp mov ebp,esp add esp,byte -0x38 push ebx push esi mov eax,[ebp+0x8] mov ebx,DATA_008804 mov edx,[eax] mov esi,[eax+0x4] mov eax,[eax+0x4] mov [ebp-0x4],eax cmp edx,byte +0x1 jnz JUMP_003409 lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x2c] push eax push dword [ebp-0x4] call FUNC_000852 add esp,byte +0x14 mov eax,[ebp-0x2c] mov [ebx+0x25c],eax mov [ebx+0x250],eax mov eax,[ebp-0x28] mov [ebx+0x260],eax mov [ebx+0x254],eax mov eax,[ebp-0x24] mov [ebx+0x264],eax mov [ebx+0x258],eax mov dword [ebx+0x236],0xffffffff xor eax,eax mov [ebx+0x294],eax xor eax,eax mov [ebx+0x26c],eax push dword [ebp-0x10] push dword [ebp-0xc] push dword [ebp-0x8] call FUNC_000832 add esp,byte +0xc jmp JUMP_003413 JUMP_003409: ; Pos = 348e3 cmp edx,byte +0x14 jnz near JUMP_003413 mov eax,[ebx+0x10a] mov [ebp-0x14],eax and byte [ebp-0x11],0x3 cmp byte [esi],0x4 jnc near JUMP_003412 call near [DATA_007752] ; FUNC_001530 add eax,[ebx+0x250] and eax,0xffff mov edx,[ebx+0x250] and edx,0xffff0000 or eax,edx mov [ebx+0x250],eax call near [DATA_007752] ; FUNC_001530 add eax,[ebx+0x254] and eax,0xffff mov edx,[ebx+0x254] and edx,0xffff0000 or eax,edx mov [ebx+0x254],eax call near [DATA_007752] ; FUNC_001530 add eax,[ebx+0x258] mov [ebx+0x258],eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x2c] push eax push dword [ebp-0x14] call FUNC_000852 add esp,byte +0x14 mov [ebx+0x26c],eax JUMP_003410: ; Pos = 3497f lea eax,[ebp-0x20] push eax lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0x38] push eax push dword [ebp-0x14] call FUNC_000852 add esp,byte +0x14 test eax,eax jl JUMP_003411 cmp eax,byte +0x50 jnl JUMP_003411 mov eax,[ebp-0x38] mov [ebx+0x25c],eax mov eax,[ebp-0x34] mov [ebx+0x260],eax mov eax,[ebp-0x30] mov [ebx+0x264],eax push dword [ebp-0x20] push dword [ebp-0x1c] push dword [ebp-0x18] call FUNC_000832 add esp,byte +0xc add byte [esi],0xfe jmp short JUMP_003413 JUMP_003411: ; Pos = 349d4 mov dl,[ebp-0x11] and dl,0x3 mov cl,[ebp-0x11] add cl,0x4 and cl,0xfc or dl,cl mov [ebp-0x11],dl test eax,eax jnl JUMP_003410 jmp short JUMP_003413 JUMP_003412: ; Pos = 349ee call near [DATA_007752] ; FUNC_001530 shr eax,0x8 add eax,[ebx+0x250] mov [ebx+0x250],eax call near [DATA_007752] ; FUNC_001530 shr eax,0x8 add eax,[ebx+0x254] mov [ebx+0x254],eax call near [DATA_007752] ; FUNC_001530 and eax,0xffff add [ebx+0x258],eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x2c] push eax push dword [ebp-0x14] call FUNC_000852 add esp,byte +0x14 mov [ebx+0x26c],eax JUMP_003413: ; Pos = 34a4a pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000840: ; Pos = 34a50 push ebp mov ebp,esp add esp,0xfffffcd0 push ebx push esi push edi mov ebx,DATA_008804 lea esi,[ebp+0xfffffe50] mov edi,DATA_007691 xor eax,eax mov edx,0xe000 cmp byte [edi+0x2a],0x0 jz JUMP_003414 cmp byte [edi+0x36],0x0 jz JUMP_003414 add edx,0xffff2800 JUMP_003414: ; Pos = 34a85 cmp byte [edi+0x2a],0x0 jz JUMP_003415 cmp byte [edi+0x36],0x0 jnz JUMP_003416 JUMP_003415: ; Pos = 34a91 mov ecx,0x1f40 jmp short JUMP_003417 JUMP_003416: ; Pos = 34a98 mov ecx,0xfa0 JUMP_003417: ; Pos = 34a9d mov [ebp-0xc],ecx cmp byte [DATA_008627],0x0 jl JUMP_003418 call FUNC_000843 jmp JUMP_003468 JUMP_003418: ; Pos = 34ab3 cmp byte [edi+0x38],0x0 jz JUMP_003427 cmp byte [edi+0x4b],0x0 jz JUMP_003419 cmp byte [edi+0xcb],0x0 jnz JUMP_003420 JUMP_003419: ; Pos = 34ac8 sub [ebx+0x23a],edx or eax,byte -0x1 JUMP_003420: ; Pos = 34ad1 cmp byte [edi+0x4d],0x0 jz JUMP_003421 cmp byte [edi+0xcd],0x0 jnz JUMP_003422 JUMP_003421: ; Pos = 34ae0 add [ebx+0x23a],edx or eax,byte -0x1 JUMP_003422: ; Pos = 34ae9 cmp byte [edi+0x48],0x0 jz JUMP_003423 cmp byte [edi+0xc8],0x0 jnz JUMP_003424 JUMP_003423: ; Pos = 34af8 add [ebx+0x23e],edx or eax,byte -0x1 JUMP_003424: ; Pos = 34b01 cmp byte [edi+0x50],0x0 jz JUMP_003425 cmp byte [edi+0xd0],0x0 jnz JUMP_003426 JUMP_003425: ; Pos = 34b10 sub [ebx+0x23e],edx or eax,byte -0x1 JUMP_003426: ; Pos = 34b19 or [ebx+0x236],eax JUMP_003427: ; Pos = 34b1f and word [ebx+0x24e],0xfffd xor eax,eax mov [ebx+0x29e],eax call near [DATA_007672] ; FUNC_001414_GuiGetLastAction mov edi,eax and edi,0xff test edi,edi jz near JUMP_003454 cmp byte [ebx+0x299],0x0 jnz near JUMP_003444 mov eax,edi cmp eax,0xf8 jg JUMP_003429 jz JUMP_003431 cmp eax,0xf5 jg JUMP_003428 jz JUMP_003430 sub eax,byte +0x63 jz near JUMP_003432 sub eax,byte +0xb jz near JUMP_003438 sub eax,byte +0x4 jz near JUMP_003438 jmp JUMP_003443 JUMP_003428: ; Pos = 34b87 sub eax,0xf6 jz near JUMP_003436 dec eax jz near JUMP_003435 jmp JUMP_003443 JUMP_003429: ; Pos = 34b9e add eax,0xffffff07 cmp eax,byte +0x6 ja near JUMP_003443 jmp near [eax*4+DATA_000034] SECTION .data DATA_000034: ; Pos = 34bb3 dd JUMP_003434 dd JUMP_003433 dd JUMP_003440 dd JUMP_003441 dd JUMP_003443 dd JUMP_003443 dd JUMP_003442 SECTION .text JUMP_003430: ; Pos = 34bcf push byte +0x0 call FUNC_000834 pop ecx jmp JUMP_003454 JUMP_003431: ; Pos = 34bdc call FUNC_000844 push byte +0x1 push byte +0x21 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_003468 JUMP_003432: ; Pos = 34c0a mov eax,[ebx+0x250] mov [ebx+0x25c],eax mov [ebx+0x23a],eax mov eax,[ebx+0x254] mov [ebx+0x260],eax mov [ebx+0x23e],eax mov eax,[ebx+0x258] mov [ebx+0x264],eax push byte +0x0 push byte +0x0 call near [DATA_007681] ; FUNC_001444_GuiSetXYAccum add esp,byte +0x8 mov dword [ebx+0x242],0x30d40 mov dword [ebx+0x236],0xffffffff jmp JUMP_003454 JUMP_003433: ; Pos = 34c60 cmp byte [ebx+0x268],0x0 jz near JUMP_003454 call FUNC_000842 push byte +0x1 push byte +0x22 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x1 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov eax,edi push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx jmp JUMP_003468 JUMP_003434: ; Pos = 34c99 cmp byte [ebx+0x268],0x0 jz near JUMP_003454 call FUNC_000842 push byte +0x1 push byte +0x22 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x1 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov eax,edi push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx jmp JUMP_003468 JUMP_003435: ; Pos = 34cd2 cmp byte [ebx+0x268],0x0 jz near JUMP_003454 call FUNC_000842 push byte +0x1 push byte +0x22 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_003468 JUMP_003436: ; Pos = 34d0d push byte +0x0 call FUNC_000966 pop ecx mov ebx,0x1c JUMP_003437: ; Pos = 34d1a push ebx call FUNC_000263_ConsoleShowButton pop ecx inc ebx cmp ebx,byte +0x24 jng JUMP_003437 push byte +0x1 push byte +0x23 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_003468 JUMP_003438: ; Pos = 34d50 cmp dword [ebx+0x28c],byte +0x0 jz near JUMP_003454 call FUNC_000974 mov ebx,0x1c JUMP_003439: ; Pos = 34d67 push ebx call FUNC_000263_ConsoleShowButton pop ecx inc ebx cmp ebx,byte +0x24 jng JUMP_003439 jmp JUMP_003468 JUMP_003440: ; Pos = 34d79 mov eax,[ebp-0xc] sub [ebx+0x242],eax jmp JUMP_003454 JUMP_003441: ; Pos = 34d87 mov eax,[ebp-0xc] add [ebx+0x242],eax jmp JUMP_003454 JUMP_003442: ; Pos = 34d95 or word [ebx+0x24e],byte +0x2 jmp JUMP_003454 JUMP_003443: ; Pos = 34da2 mov eax,edi push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx jmp JUMP_003454 JUMP_003444: ; Pos = 34db1 mov eax,edi add eax,0xffffff0b cmp eax,byte +0x7 ja near JUMP_003453 jmp near [eax*4+DATA_000035] SECTION .data DATA_000035: ; Pos = 34dc8 dd JUMP_003447 dd JUMP_003450 dd JUMP_003448 dd JUMP_003449 dd JUMP_003452 dd JUMP_003452 dd JUMP_003445 dd JUMP_003446 SECTION .text JUMP_003445: ; Pos = 34de8 xor word [ebx+0x24e],byte +0x20 jmp JUMP_003453 JUMP_003446: ; Pos = 34df5 xor word [ebx+0x24e],byte +0x1 jmp JUMP_003453 JUMP_003447: ; Pos = 34e02 push byte +0x0 call FUNC_000834 pop ecx jmp JUMP_003453 JUMP_003448: ; Pos = 34e0f cmp byte [ebx+0x268],0x0 jz near JUMP_003453 mov byte [ebx+0x299],0x0 call FUNC_000842 push byte +0x1 push byte +0x22 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_003468 JUMP_003449: ; Pos = 34e51 mov byte [ebx+0x299],0x0 call FUNC_000844 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x1 push byte +0x21 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_003468 JUMP_003450: ; Pos = 34e86 mov byte [ebx+0x299],0x0 push byte +0x0 call FUNC_000966 pop ecx mov edi,0x1c JUMP_003451: ; Pos = 34e9a push edi call FUNC_000263_ConsoleShowButton pop ecx inc edi cmp edi,byte +0x24 jng JUMP_003451 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x1 push byte +0x23 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_003453 JUMP_003452: ; Pos = 34ecd mov byte [ebx+0x299],0x0 mov eax,edi push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx jmp JUMP_003468 JUMP_003453: ; Pos = 34ee3 mov byte [ebx+0x299],0x0 JUMP_003454: ; Pos = 34eea push byte +0x0 call FUNC_000956 pop ecx call near [DATA_007682] ; FUNC_001445_GuiGetXYAccum mov [ebp-0x4],eax cmp dword [DATA_009176],byte +0x0 jnz JUMP_003455 movsx eax,word [ebp-0x2] shl eax,0x7 push eax movsx eax,word [ebp-0x4] shl eax,0x7 push eax push esi call FUNC_001675_MatBuildYZT add esp,byte +0xc jmp short JUMP_003456 JUMP_003455: ; Pos = 34f1f push byte +0x0 push byte +0x0 push esi call FUNC_001675_MatBuildYZT add esp,byte +0xc JUMP_003456: ; Pos = 34f2c mov eax,[esi] mov edx,[esi+0x14] mov [esi],edx mov edx,[esi+0x18] mov [esi+0x14],edx mov edx,[esi+0x10] mov [esi+0x18],edx mov [esi+0x10],eax mov eax,[esi+0x4] mov edx,[esi+0x8] mov [esi+0x4],edx mov edx,[esi+0x20] mov [esi+0x8],edx mov edx,[esi+0x1c] mov [esi+0x20],edx mov [esi+0x1c],eax xor eax,eax mov [ebp-0x38],eax mov ax,[ebx+0x23e] add ax,0x8000 movsx eax,ax sar eax,1 neg eax shl eax,0xf mov [ebp-0x34],eax mov ax,[ebx+0x23a] add ax,0x8000 movsx eax,ax sar eax,1 neg eax shl eax,0xf mov [ebp-0x30],eax push esi lea eax,[ebp-0x38] push eax lea eax,[ebp-0x44] push eax call FUNC_001669_VecMatMul add esp,byte +0xc xor eax,eax mov [ebp-0x38],eax xor eax,eax mov [ebp-0x34],eax mov dword [ebp-0x30],0x20000000 push esi lea eax,[ebp-0x38] push eax lea eax,[ebp-0x50] push eax call FUNC_001669_VecMatMul add esp,byte +0xc xor eax,eax mov [ebp-0x38],eax mov dword [ebp-0x34],0x20000000 xor eax,eax mov [ebp-0x30],eax push esi lea eax,[ebp-0x38] push eax lea eax,[ebp-0x5c] push eax call FUNC_001669_VecMatMul add esp,byte +0xc mov ax,[ebx+0x24e] mov [esi+0x9e],ax mov byte [DATA_008628],0xff test byte [ebx+0x24e],0x1 jz JUMP_003457 mov eax,[ebp-0x44] sar eax,0xe mov [esi+0x26],eax mov eax,[ebp-0x40] sar eax,0xe mov [esi+0x2e],eax mov eax,[ebp-0x3c] sar eax,0xe add eax,[ebx+0x242] mov [esi+0x36],eax mov dword [esi+0x82],0xa6 push esi call near [DATA_007807] ; FUNC_001682 pop ecx JUMP_003457: ; Pos = 35035 push byte +0x1 push dword [ebx+0x23e] push dword [ebx+0x23a] push esi lea eax,[ebp+0xfffffcd0] push eax call FUNC_000841 add esp,byte +0x14 mov [ebp-0x8],eax cmp dword [ebx+0x236],byte +0x0 jz near JUMP_003463 xor eax,eax mov [ebx+0x236],eax mov ax,[ebx+0x23a] and ax,0xfe00 add ax,0x8000 movsx eax,ax sar eax,0x9 mov [ebp-0x10],eax mov ax,[ebx+0x23e] and ax,0xfe00 add ax,0x8000 movsx eax,ax sar eax,0x9 mov [ebp-0x14],eax mov dword [ebp-0x18],0x20 xor ecx,ecx cmp ecx,[ebp-0x8] jnl JUMP_003460 JUMP_003458: ; Pos = 350a9 lea eax,[ecx+ecx*2] movsx eax,byte [ebp+eax*2+0xfffffcd4] sub eax,[ebp-0x10] cdq xor eax,edx sub eax,edx mov edi,eax lea eax,[ecx+ecx*2] movsx eax,byte [ebp+eax*2+0xfffffcd3] sub eax,[ebp-0x14] cdq xor eax,edx sub eax,edx add edi,eax mov [ebp-0x1c],edi cmp edi,[ebp-0x18] jnl JUMP_003459 mov [ebp-0x20],ecx mov eax,[ebp-0x1c] mov [ebp-0x18],eax JUMP_003459: ; Pos = 350e4 inc ecx cmp ecx,[ebp-0x8] jl JUMP_003458 JUMP_003460: ; Pos = 350ea cmp dword [ebp-0x18],byte +0x20 jz near JUMP_003462 lea eax,[ebp-0x38] push eax mov eax,[ebp-0x20] add eax,eax lea eax,[eax+eax*2] lea edx,[ebp+0xfffffcd0] add eax,edx push eax push dword [ebx+0x23e] push dword [ebx+0x23a] call FUNC_000856 add esp,byte +0x10 cmp byte [ebx+0x268],0x0 jz JUMP_003461 mov eax,[ebp-0x38] cmp eax,[ebx+0x25c] jnz JUMP_003461 mov eax,[ebp-0x34] cmp eax,[ebx+0x260] jnz JUMP_003461 mov eax,[ebp-0x30] cmp eax,[ebx+0x264] jz JUMP_003463 JUMP_003461: ; Pos = 35147 mov byte [ebx+0x268],0xff mov eax,[ebp-0x38] mov [ebx+0x25c],eax mov eax,[ebp-0x34] mov [ebx+0x260],eax mov eax,[ebp-0x30] mov [ebx+0x264],eax mov eax,[ebp-0x20] movzx eax,byte [esi+eax*2+0xa7] push eax mov eax,[ebp-0x20] movzx eax,byte [esi+eax*2+0xa6] push eax push dword [ebp-0x20] call FUNC_000832 add esp,byte +0xc call FUNC_000863 jmp short JUMP_003463 JUMP_003462: ; Pos = 35193 cmp byte [ebx+0x268],0x0 jz JUMP_003463 call FUNC_000837 mov byte [ebx+0x268],0x0 JUMP_003463: ; Pos = 351a8 mov eax,[ebp-0x44] sar eax,0xe mov edx,[ebp-0x50] sar edx,0xd add eax,edx mov [esi+0x26],eax mov eax,[ebp-0x40] sar eax,0xe mov edx,[ebp-0x4c] sar edx,0xd add eax,edx mov [esi+0x2e],eax mov eax,[ebp-0x3c] sar eax,0xe mov edx,[ebp-0x48] sar edx,0xd add eax,edx add eax,[ebx+0x242] mov [esi+0x36],eax push byte +0x1 push dword [ebx+0x23e] mov eax,[ebx+0x23a] add eax,0x10000 push eax push esi lea eax,[ebp+0xfffffcd0] push eax call FUNC_000841 add esp,byte +0x14 mov eax,[ebp-0x44] sar eax,0xe mov edx,[ebp-0x50] sar edx,0xd add eax,edx mov edx,[ebp-0x5c] sar edx,0xd add eax,edx mov [esi+0x26],eax mov eax,[ebp-0x40] sar eax,0xe mov edx,[ebp-0x4c] sar edx,0xd add eax,edx mov edx,[ebp-0x58] sar edx,0xd add eax,edx mov [esi+0x2e],eax mov eax,[ebp-0x3c] sar eax,0xe mov edx,[ebp-0x48] sar edx,0xd add eax,edx mov edx,[ebp-0x54] sar edx,0xd add eax,edx add eax,[ebx+0x242] mov [esi+0x36],eax push byte +0x1 mov eax,[ebx+0x23e] add eax,0x10000 push eax mov eax,[ebx+0x23a] add eax,0x10000 push eax push esi lea eax,[ebp+0xfffffcd0] push eax call FUNC_000841 add esp,byte +0x14 mov eax,[ebp-0x44] sar eax,0xe mov edx,[ebp-0x5c] sar edx,0xd add eax,edx mov [esi+0x26],eax mov eax,[ebp-0x40] sar eax,0xe mov edx,[ebp-0x58] sar edx,0xd add eax,edx mov [esi+0x2e],eax mov eax,[ebp-0x3c] sar eax,0xe mov edx,[ebp-0x54] sar edx,0xd add eax,edx add eax,[ebx+0x242] mov [esi+0x36],eax push byte +0x1 mov eax,[ebx+0x23e] add eax,0x10000 push eax push dword [ebx+0x23a] push esi lea eax,[ebp+0xfffffcd0] push eax call FUNC_000841 add esp,byte +0x14 mov eax,[ebp-0x44] sar eax,0xe mov edx,[ebp-0x50] sar edx,0xd sub eax,edx mov edx,[ebp-0x5c] sar edx,0xd add eax,edx mov [esi+0x26],eax mov eax,[ebp-0x40] sar eax,0xe mov edx,[ebp-0x4c] sar edx,0xd sub eax,edx mov edx,[ebp-0x58] sar edx,0xd add eax,edx mov [esi+0x2e],eax mov eax,[ebp-0x3c] sar eax,0xe mov edx,[ebp-0x48] sar edx,0xd sub eax,edx mov edx,[ebp-0x54] sar edx,0xd add eax,edx add eax,[ebx+0x242] mov [esi+0x36],eax push byte +0x1 mov eax,[ebx+0x23e] add eax,0x10000 push eax mov eax,[ebx+0x23a] add eax,0xffff0000 push eax push esi lea eax,[ebp+0xfffffcd0] push eax call FUNC_000841 add esp,byte +0x14 mov eax,[ebp-0x44] sar eax,0xe mov edx,[ebp-0x50] sar edx,0xd sub eax,edx mov [esi+0x26],eax mov eax,[ebp-0x40] sar eax,0xe mov edx,[ebp-0x4c] sar edx,0xd sub eax,edx mov [esi+0x2e],eax mov eax,[ebp-0x3c] sar eax,0xe mov edx,[ebp-0x48] sar edx,0xd sub eax,edx add eax,[ebx+0x242] mov [esi+0x36],eax push byte +0x1 push dword [ebx+0x23e] mov eax,[ebx+0x23a] add eax,0xffff0000 push eax push esi lea eax,[ebp+0xfffffcd0] push eax call FUNC_000841 add esp,byte +0x14 mov eax,[ebp-0x44] sar eax,0xe mov edx,[ebp-0x50] sar edx,0xd sub eax,edx mov edx,[ebp-0x5c] sar edx,0xd sub eax,edx mov [esi+0x26],eax mov eax,[ebp-0x40] sar eax,0xe mov edx,[ebp-0x4c] sar edx,0xd sub eax,edx mov edx,[ebp-0x58] sar edx,0xd sub eax,edx mov [esi+0x2e],eax mov eax,[ebp-0x3c] sar eax,0xe mov edx,[ebp-0x48] sar edx,0xd sub eax,edx mov edx,[ebp-0x54] sar edx,0xd sub eax,edx add eax,[ebx+0x242] mov [esi+0x36],eax push byte +0x1 mov eax,[ebx+0x23e] add eax,0xffff0000 push eax mov eax,[ebx+0x23a] add eax,0xffff0000 push eax push esi lea eax,[ebp+0xfffffcd0] push eax call FUNC_000841 add esp,byte +0x14 mov eax,[ebp-0x44] sar eax,0xe mov edx,[ebp-0x5c] sar edx,0xd sub eax,edx mov [esi+0x26],eax mov eax,[ebp-0x40] sar eax,0xe mov edx,[ebp-0x58] sar edx,0xd sub eax,edx mov [esi+0x2e],eax mov eax,[ebp-0x3c] sar eax,0xe mov edx,[ebp-0x54] sar edx,0xd sub eax,edx add eax,[ebx+0x242] mov [esi+0x36],eax push byte +0x1 mov eax,[ebx+0x23e] add eax,0xffff0000 push eax push dword [ebx+0x23a] push esi lea eax,[ebp+0xfffffcd0] push eax call FUNC_000841 add esp,byte +0x14 mov eax,[ebp-0x44] sar eax,0xe mov edx,[ebp-0x50] sar edx,0xd add eax,edx mov edx,[ebp-0x5c] sar edx,0xd sub eax,edx mov [esi+0x26],eax mov eax,[ebp-0x40] sar eax,0xe mov edx,[ebp-0x4c] sar edx,0xd add eax,edx mov edx,[ebp-0x58] sar edx,0xd sub eax,edx mov [esi+0x2e],eax mov eax,[ebp-0x3c] sar eax,0xe mov edx,[ebp-0x48] sar edx,0xd add eax,edx mov edx,[ebp-0x54] sar edx,0xd sub eax,edx add eax,[ebx+0x242] mov [esi+0x36],eax push byte +0x1 mov eax,[ebx+0x23e] add eax,0xffff0000 push eax mov eax,[ebx+0x23a] add eax,0x10000 push eax push esi lea eax,[ebp+0xfffffcd0] push eax call FUNC_000841 add esp,byte +0x14 mov eax,[ebx+0x250] mov [ebp-0x38],eax mov eax,[ebx+0x254] mov [ebp-0x34],eax mov eax,[ebx+0x258] mov [ebp-0x30],eax cmp dword [ebx+0x180],0xc80 jl JUMP_003464 mov eax,0xffff jmp short JUMP_003465 JUMP_003464: ; Pos = 35536 mov eax,[ebx+0x180] mov edx,eax shl eax,0x10 sub eax,edx mov ecx,0xc80 cdq idiv ecx JUMP_003465: ; Pos = 3554b push eax push dword 0xaa lea eax,[ebp-0x38] push eax push esi call FUNC_000862 add esp,byte +0x10 cmp byte [ebx+0x268],0x0 jz JUMP_003466 mov eax,[ebx+0x25c] mov [ebp-0x38],eax mov eax,[ebx+0x260] mov [ebp-0x34],eax mov eax,[ebx+0x264] mov [ebp-0x30],eax push byte +0x0 push dword 0xa9 lea eax,[ebp-0x38] push eax push esi call FUNC_000862 add esp,byte +0x10 JUMP_003466: ; Pos = 35596 cmp dword [ebx+0x29e],byte +0x0 jz JUMP_003468 lea eax,[ebp-0x2c] push eax lea eax,[ebp-0x28] push eax lea eax,[ebp-0x24] push eax lea eax,[ebp-0x38] push eax push dword [ebx+0x29e] call FUNC_000852 add esp,byte +0x14 inc eax jz JUMP_003467 mov eax,[ebp-0x38] mov [ebx+0x23a],eax mov eax,[ebp-0x34] mov [ebx+0x23e],eax mov dword [ebx+0x236],0xffffffff JUMP_003467: ; Pos = 355dc xor eax,eax mov [ebx+0x29e],eax JUMP_003468: ; Pos = 355e4 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000841: ; Pos = 355eb push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov ebx,[ebp+0x10] mov edi,[ebp+0xc] mov eax,ebx sar eax,0x10 mov [ebp-0x8],ax movsx eax,ax and ax,0x1fff mov dx,[ebp-0xc] and dx,0xe000 or ax,dx mov [ebp-0xc],ax mov eax,[ebp+0x14] sar eax,0x10 mov [ebp-0x6],ax movsx eax,ax and eax,0x1fff shl eax,0xd mov edx,[ebp-0xc] and edx,0xfc001fff or eax,edx mov [ebp-0xc],eax and byte [ebp-0x9],0x3 mov eax,[ebp-0xc] mov [edi+0xa0],eax xor esi,esi JUMP_003469: ; Pos = 3564c mov eax,[esi*4+DATA_006799] cmp eax,[ebp-0x8] jnz JUMP_003470 xor eax,eax mov [ebp-0x8],eax jmp short JUMP_003471 JUMP_003470: ; Pos = 3565f inc esi cmp esi,byte +0x31 jl JUMP_003469 JUMP_003471: ; Pos = 35665 cmp dword [ebp-0x8],byte +0x0 jz near JUMP_003478 push byte +0x0 mov eax,[ebp+0x14] sar eax,0x10 push eax sar ebx,0x10 push ebx call FUNC_000853 add esp,byte +0xc sar eax,0xa mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x3f jl JUMP_003472 mov eax,0x3e jmp short JUMP_003473 JUMP_003472: ; Pos = 35697 mov eax,[ebp-0x4] JUMP_003473: ; Pos = 3569a mov [ebp-0x4],eax mov ax,[ebp-0x4] mov [edi+0xa4],ax cmp dword [ebp-0x4],byte +0x0 jnz JUMP_003474 mov eax,[ebp-0x4] jmp JUMP_003483 JUMP_003474: ; Pos = 356b6 mov dword [edi+0x82],0xab mov eax,[ebp-0x8] sar eax,0x10 mov edx,[ebp-0x8] shl edx,0x10 or eax,edx mov [DATA_008947],eax mov eax,[ebp-0x8] mov [DATA_008948],eax call FUNC_000861 call FUNC_000861 call FUNC_000861 xor ebx,ebx cmp ebx,[ebp-0x4] jnl near JUMP_003476 JUMP_003475: ; Pos = 356f5 call FUNC_000861 lea eax,[ebx+ebx*2] mov edx,[ebp+0x8] mov byte [edx+eax*2],0x9 lea eax,[ebx+ebx*2] mov edx,[ebp+0x8] mov ecx,[DATA_008947] and ecx,0xff0000 sar ecx,0x10 mov [edx+eax*2+0x2],cl lea eax,[ebx+ebx*2] mov edx,[ebp+0x8] mov cx,[DATA_008947] and cx,0xff00 movsx ecx,cx sar ecx,0x9 mov [edx+eax*2+0x3],cl lea eax,[ebx+ebx*2] mov edx,[ebp+0x8] mov ecx,[DATA_008947] and ecx,0x1fe sar ecx,1 movsx ecx,cl sar ecx,1 mov [edx+eax*2+0x4],cl mov eax,[DATA_008948] and eax,byte +0x1f mov al,[eax+DATA_006810] mov [edi+ebx*2+0xa7],al mov eax,[DATA_008948] sar eax,0x10 and eax,byte +0x1f mov al,[eax+DATA_006811] mov [edi+ebx*2+0xa6],al inc ebx cmp ebx,[ebp-0x4] jl near JUMP_003475 JUMP_003476: ; Pos = 3578d cmp dword [ebp+0x18],byte +0x0 jz JUMP_003477 push dword [ebp+0x8] push edi call near [DATA_007808] ; FUNC_001684 add esp,byte +0x8 JUMP_003477: ; Pos = 357a0 mov eax,[ebp-0x4] jmp JUMP_003483 JUMP_003478: ; Pos = 357a8 mov dword [edi+0x82],0xab mov eax,[esi*4+DATA_006801] sub eax,[esi*4+DATA_006800] mov [ebp-0x4],eax test eax,eax jz JUMP_003481 mov eax,[esi*4+DATA_006800] mov [ebp-0x10],eax xor ebx,ebx cmp ebx,[ebp-0x4] jnl JUMP_003480 JUMP_003479: ; Pos = 357d8 lea eax,[ebx+ebx*2] mov edx,[ebp+0x8] mov ecx,[ebp-0x10] add ecx,ebx lea ecx,[ecx+ecx*2] lea edx,[edx+eax*2] mov eax,[ecx*2+DATA_006793] mov [edx],eax mov ax,[ecx*2+DATA_006794] mov [edx+0x4],ax mov eax,[ebp-0x10] add eax,ebx mov ax,[eax*2+DATA_006795] mov [edi+ebx*2+0xa6],ax inc ebx cmp ebx,[ebp-0x4] jl JUMP_003479 JUMP_003480: ; Pos = 35819 mov ax,[ebp-0x4] mov [edi+0xa4],ax cmp dword [ebp+0x18],byte +0x0 jz JUMP_003481 push dword [ebp+0x8] push edi call near [DATA_007808] ; FUNC_001684 add esp,byte +0x8 JUMP_003481: ; Pos = 35837 cmp dword [ebp+0x18],byte +0x0 jz JUMP_003482 mov eax,[esi*4+DATA_008776] mov [edi+0x82],eax test eax,eax jz JUMP_003482 push edi call near [DATA_007807] ; FUNC_001682 pop ecx JUMP_003482: ; Pos = 35856 mov eax,[ebp-0x4] JUMP_003483: ; Pos = 35859 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000842: ; Pos = 35860 push ebp mov ebp,esp add esp,byte -0x3c push dword DATA_006825 push byte +0x0 call FUNC_001572 add esp,byte +0x8 mov byte [DATA_008627],0x1 mov byte [DATA_008628],0x0 cmp dword [DATA_008962],byte +0x0 jz near JUMP_003484 ; Comment out fo mov eax,[DATA_008956] mov [ebp-0x28],eax mov eax,[DATA_008957] mov [ebp-0x24],eax mov al,[DATA_008954] and eax,byte +0x7 mov [ebp-0x20],eax mov eax,[DATA_008958] mov [ebp-0x1c],eax mov eax,[DATA_008962] mov [ebp-0x18],eax push dword DATA_008656 lea eax,[ebp-0x14] push eax call _strcpy add esp,byte +0x8 lea eax,[ebp-0x28] push eax push dword DATA_008778 call FUNC_000878 add esp,byte +0x8 call FUNC_000850 xor eax,eax mov al,[DATA_008847] mov [ebp-0x3c],eax push byte +0x12 push byte +0x5f push byte +0xa push dword [DATA_008958] lea eax,[ebp-0x3c] push eax push dword 0x84a0 call FUNC_000854 add esp,byte +0x18 push dword 0x12c push byte +0x69 push byte +0xa push byte +0x11 lea eax,[ebp-0x3c] push eax push dword [DATA_008961] call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 jmp short JUMP_003485 JUMP_003484: ; Pos = 35929 push byte +0x0 call FUNC_000956 pop ecx push dword 0x12c push byte +0x5f push byte +0xa push byte +0x12 lea eax,[ebp-0x3c] push eax push dword 0x84b3 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_003485: ; Pos = 3594e call FUNC_001637_FlipScreen mov esp,ebp pop ebp ret FUNC_000843: ; Pos = 35957 push ebp mov ebp,esp add esp,byte -0x6c push ebx push esi push edi mov esi,DATA_006826 lea edi,[ebp-0x58] mov ecx,0x5 rep movsd call near [DATA_007672] ; FUNC_001414_GuiGetLastAction and eax,0xff cmp byte [DATA_008627],0x2 jz near JUMP_003519 mov edx,eax cmp edx,0xf7 jg JUMP_003486 jz near JUMP_003498 sub edx,byte +0x6e jz near JUMP_003496 sub edx,byte +0x4 jz near JUMP_003496 sub edx,0x83 jz JUMP_003487 dec edx jz near JUMP_003500 jmp JUMP_003502 JUMP_003486: ; Pos = 359bd sub edx,0xf8 jz near JUMP_003499 dec edx jz JUMP_003488 dec edx jz near JUMP_003495 jmp JUMP_003502 JUMP_003487: ; Pos = 359d8 mov byte [DATA_008627],0xff call FUNC_001573 mov byte [DATA_008809],0xfe call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas push byte +0x1 push byte +0x24 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_003520 JUMP_003488: ; Pos = 35a02 mov esi,DATA_006827 lea edi,[ebp-0x6c] mov ecx,0x5 rep movsd push byte +0x1 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 cmp dword [DATA_008962],byte +0x0 jz near JUMP_003520 call FUNC_000850 push byte +0xf push byte +0x3b push byte +0x2 push dword [DATA_008958] lea eax,[ebp-0x58] push eax push dword 0x84b4 call FUNC_000854 add esp,byte +0x18 lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax push dword [DATA_008958] call FUNC_000870 add esp,byte +0x14 xor ebx,ebx JUMP_003489: ; Pos = 35a6c mov eax,[ebp-0x4] test byte [eax+ebx],0x80 jz JUMP_003490 push byte +0x0 mov eax,[ebp-0x5c] inc dword [ebp-0x5c] lea eax,[eax+eax*8] add eax,byte +0x45 push eax push dword 0x100 push byte +0x12 lea eax,[ebp-0x58] push eax lea eax,[ebx+0x8e00] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 jmp JUMP_003494 JUMP_003490: ; Pos = 35aa4 mov eax,[ebp-0x4] mov al,[eax+ebx] and eax,byte +0x7 cmp eax,byte +0x5 jl JUMP_003492 mov eax,[ebp-0x4] test byte [eax+ebx],0x8 jz JUMP_003491 push byte +0x0 mov eax,[ebp-0x64] inc dword [ebp-0x64] lea eax,[eax+eax*8] add eax,byte +0x45 push eax push dword 0x80 push byte +0x12 lea eax,[ebp-0x58] push eax lea eax,[ebx+0x8e00] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 jmp JUMP_003494 JUMP_003491: ; Pos = 35aea push byte +0x0 mov eax,[ebp-0x6c] inc dword [ebp-0x6c] lea eax,[eax+eax*8] add eax,byte +0x45 push eax push byte +0x2 push byte +0x12 lea eax,[ebp-0x58] push eax lea eax,[ebx+0x8e00] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 jmp short JUMP_003494 JUMP_003492: ; Pos = 35b13 mov eax,[ebp-0x4] mov al,[eax+ebx] and eax,byte +0x7 cmp eax,byte +0x3 jl JUMP_003494 mov eax,[ebp-0x4] test byte [eax+ebx],0x8 jz JUMP_003493 push byte +0x0 mov eax,[ebp-0x60] inc dword [ebp-0x60] lea eax,[eax+eax*8] add eax,byte +0x45 push eax push dword 0xc1 push byte +0x12 lea eax,[ebp-0x58] push eax lea eax,[ebx+0x8e00] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 jmp short JUMP_003494 JUMP_003493: ; Pos = 35b56 push byte +0x0 mov eax,[ebp-0x68] inc dword [ebp-0x68] lea eax,[eax+eax*8] add eax,byte +0x45 push eax push byte +0x41 push byte +0x12 lea eax,[ebp-0x58] push eax lea eax,[ebx+0x8e00] push eax call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_003494: ; Pos = 35b7d inc ebx cmp ebx,byte +0x21 jl near JUMP_003489 call FUNC_001637_FlipScreen jmp JUMP_003520 JUMP_003495: ; Pos = 35b91 push byte +0x1 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 cmp dword [DATA_008962],byte +0x0 jz near JUMP_003520 call FUNC_000850 lea eax,[ebp-0x3c] push eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x1c] push eax push dword [DATA_008958] call FUNC_000870 add esp,byte +0x14 lea eax,[ebp-0x3c] push eax lea eax,[ebp-0x38] push eax lea eax,[ebp-0x34] push eax lea eax,[ebp-0x30] push eax lea eax,[ebp-0x2c] push eax lea eax,[ebp-0x28] push eax lea eax,[ebp-0x24] push eax lea eax,[ebp-0x20] push eax push dword [DATA_008958] call FUNC_000869 add esp,byte +0x24 mov eax,[ebp-0x3c] and eax,byte +0x3f add eax,0x84cb mov [ebp-0x58],eax mov eax,[ebp-0x3c] and eax,byte +0x3f add eax,0x84bb mov [ebp-0x54],eax mov eax,[ebp-0x3c] sar eax,0x6 add eax,0x84b7 mov [ebp-0x50],eax mov eax,[ebp-0x14] add eax,0x84db mov [ebp-0x4c],eax push byte +0x12 push byte +0x63 push byte +0x28 push dword [DATA_008958] lea eax,[ebp-0x58] push eax push dword 0x84b5 call FUNC_000854 add esp,byte +0x18 mov ax,[DATA_008958] and eax,0x1fff sub eax,0x1718 mov [ebp-0x58],eax mov eax,[DATA_008958] shr eax,0xd and eax,0x1fff sub eax,0x1524 mov [ebp-0x54],eax mov al,[DATA_008959] shr eax,0x2 and eax,byte +0x3f mov [ebp-0x50],eax push byte +0x12 push dword 0x8b push byte +0x28 push dword [DATA_008958] lea eax,[ebp-0x58] push eax push dword 0x84b6 call FUNC_000854 add esp,byte +0x18 call FUNC_001637_FlipScreen jmp JUMP_003520 JUMP_003496: ; Pos = 35cad cmp dword [DATA_008962],byte +0x0 jz near JUMP_003520 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas call FUNC_000974 mov ebx,0x1c JUMP_003497: ; Pos = 35cca push ebx call FUNC_000263_ConsoleShowButton pop ecx inc ebx cmp ebx,byte +0x24 jng JUMP_003497 jmp JUMP_003520 JUMP_003498: ; Pos = 35cdc cmp byte [DATA_008953],0x0 jz near JUMP_003520 mov byte [DATA_008965],0x0 call FUNC_000842 push byte +0x1 push byte +0x22 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_003520 JUMP_003499: ; Pos = 35d1e mov byte [DATA_008965],0x0 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas call FUNC_000844 push byte +0x1 push byte +0x21 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_003520 JUMP_003500: ; Pos = 35d59 mov byte [DATA_008965],0x0 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas push byte +0x0 call FUNC_000966 pop ecx mov ebx,0x1c JUMP_003501: ; Pos = 35d73 push ebx call FUNC_000263_ConsoleShowButton pop ecx inc ebx cmp ebx,byte +0x24 jng JUMP_003501 push byte +0x1 push byte +0x23 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_003520 JUMP_003502: ; Pos = 35da9 cmp eax,0x80 jnl JUMP_003503 push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx jmp JUMP_003520 JUMP_003503: ; Pos = 35dbd cmp eax,0xbc jg near JUMP_003517 lea ebx,[eax-0x80] call FUNC_000850 mov eax,ebx shl eax,0x4 add eax,ebx cmp word [eax*4+DATA_008781],byte +0x0 jz near JUMP_003508 mov eax,ebx shl eax,0x4 add eax,ebx cmp word [eax*4+DATA_008781],byte +0x20 jnc near JUMP_003508 mov eax,ebx shl eax,0x4 add eax,ebx mov eax,[eax*4+DATA_008778] mov [ebp-0x40],eax add word [ebp-0x3e],byte -0x3f mov eax,ebx shl eax,0x4 add eax,ebx movzx eax,word [eax*4+DATA_008787] add eax,0xfffffeef mov [ebp-0x58],eax push dword 0xab5a push dword [ebp-0x40] call near [DATA_007733] ; FUNC_001494 pop ecx push eax call near [DATA_007747] ; FUNC_001515 add esp,byte +0x8 shr eax,0x2 mov [ebp-0x54],eax push byte +0x12 push byte +0x69 push byte +0xa push dword [DATA_008958] lea eax,[ebp-0x58] push eax push dword 0x84a1 call FUNC_000854 add esp,byte +0x18 mov byte [DATA_009147],0x0 mov eax,ebx shl eax,0x4 add eax,ebx cmp word [eax*4+DATA_008789],byte +0x23 jnz JUMP_003506 lea esi,[ebx+0x1] jmp short JUMP_003505 JUMP_003504: ; Pos = 35e83 imul eax,esi,byte +0x44 add eax,DATA_008788 push eax push dword DATA_009147 call _strcat add esp,byte +0x8 inc esi mov eax,esi shl eax,0x4 add eax,esi cmp word [eax*4+DATA_008781],byte +0x23 jnz JUMP_003505 push dword DATA_007099 push dword DATA_009147 call _strcat add esp,byte +0x8 JUMP_003505: ; Pos = 35ebf mov eax,esi shl eax,0x4 add eax,esi cmp word [eax*4+DATA_008781],byte +0x23 jnz JUMP_003507 mov eax,esi shl eax,0x4 add eax,esi cmp dword [eax*4+DATA_008778],byte +0x0 jnz JUMP_003504 jmp short JUMP_003507 JUMP_003506: ; Pos = 35ee4 push dword [DATA_008958] push dword DATA_009147 lea eax,[ebp-0x58] push eax push dword 0x84a7 call FUNC_000830 add esp,byte +0x10 JUMP_003507: ; Pos = 35f00 push byte +0x12 push byte +0x7d push byte +0x52 push dword DATA_009147 call FUNC_001589_WriteStringShadowed add esp,byte +0x10 JUMP_003508: ; Pos = 35f13 mov eax,ebx shl eax,0x4 add eax,ebx cmp dword [eax*4+DATA_008783],byte +0x0 jz near JUMP_003513 mov eax,ebx shl eax,0x4 add eax,ebx cmp word [eax*4+DATA_008784],byte +0x1b jng JUMP_003509 mov esi,0x84a6 mov word [ebp-0x42],0xffeb mov word [ebp-0x44],0x551f jmp short JUMP_003511 JUMP_003509: ; Pos = 35f4d mov eax,ebx shl eax,0x4 add eax,ebx cmp word [eax*4+DATA_008784],byte +0x13 jng JUMP_003510 mov esi,0x84a5 mov word [ebp-0x42],0xfff0 mov word [ebp-0x44],0x6117 jmp short JUMP_003511 JUMP_003510: ; Pos = 35f72 mov esi,0x84a4 mov word [ebp-0x42],0xfff5 mov word [ebp-0x44],0x48d1 JUMP_003511: ; Pos = 35f83 push dword [ebp-0x44] mov eax,ebx shl eax,0x4 add eax,ebx push dword [eax*4+DATA_008783] call FUNC_001482 add esp,byte +0x8 push eax call near [DATA_007733] ; FUNC_001494 pop ecx mov [ebp-0x54],eax push byte +0x12 push dword 0x87 push byte +0x52 push dword [DATA_008958] lea eax,[ebp-0x58] push eax push esi call FUNC_000854 add esp,byte +0x18 mov word [ebp-0x44],0x759a mov word [ebp-0x42],0xffdb mov eax,ebx shl eax,0x4 add eax,ebx push dword [eax*4+DATA_008782] push dword [ebp-0x44] call FUNC_001482 add esp,byte +0x8 push eax call near [DATA_007733] ; FUNC_001494 pop ecx mov [ebp-0x58],eax mov eax,ebx shl eax,0x4 add eax,ebx movzx eax,word [eax*4+DATA_008785] mov [ebp-0x54],eax mov eax,ebx shl eax,0x4 add eax,ebx movzx eax,word [eax*4+DATA_008786] imul eax,eax,0xe10 sar eax,0x10 mov [ebp-0x50],eax mov eax,ebx shl eax,0x4 add eax,ebx mov eax,[eax*4+DATA_008779] mov [ebp-0x4c],eax mov eax,ebx shl eax,0x4 add eax,ebx movzx eax,word [eax*4+DATA_008780] mov edx,eax shl eax,0x4 add eax,edx cmp word [eax*4+DATA_008777],byte +0x0 jnz JUMP_003512 mov eax,ebx shl eax,0x4 add eax,ebx movzx eax,word [eax*4+DATA_008780] lea edx,[ebx-0x2] cmp eax,edx jng JUMP_003512 shl dword [ebp-0x58],1 push byte +0x12 push dword 0x87 push byte +0xa push dword [DATA_008958] lea eax,[ebp-0x58] push eax push dword 0x84a3 call FUNC_000854 add esp,byte +0x18 jmp short JUMP_003513 JUMP_003512: ; Pos = 3608d push byte +0x12 push dword 0x87 push byte +0xa push dword [DATA_008958] lea eax,[ebp-0x58] push eax push dword 0x84a2 call FUNC_000854 add esp,byte +0x18 JUMP_003513: ; Pos = 360ad mov byte [DATA_009147],0x0 imul eax,ebx,byte +0x44 add eax,DATA_008788 push eax push dword DATA_009147 call _strcat add esp,byte +0x8 push dword DATA_007100 push dword DATA_009147 call _strcat add esp,byte +0x8 push dword [DATA_008958] push dword DATA_009147 call _strlen pop ecx add eax,DATA_009147 push eax lea eax,[ebp-0x58] push eax mov eax,ebx shl eax,0x4 add eax,ebx movzx eax,word [eax*4+DATA_008781] add eax,0x8476 push eax call FUNC_000830 add esp,byte +0x10 mov eax,ebx shl eax,0x4 add eax,ebx cmp word [eax*4+DATA_008781],byte +0x0 jz JUMP_003514 mov eax,ebx shl eax,0x4 add eax,ebx cmp word [eax*4+DATA_008781],byte +0x20 jc JUMP_003515 JUMP_003514: ; Pos = 3613a push byte +0x12 push byte +0x7d push byte +0xa push dword DATA_009147 call FUNC_001589_WriteStringShadowed add esp,byte +0x10 jmp short JUMP_003516 JUMP_003515: ; Pos = 3614f push byte +0x12 push byte +0x5f push byte +0xa push dword DATA_009147 call FUNC_001589_WriteStringShadowed add esp,byte +0x10 JUMP_003516: ; Pos = 36162 call FUNC_001637_FlipScreen jmp short JUMP_003520 JUMP_003517: ; Pos = 36169 cmp eax,0xff jnz JUMP_003518 call FUNC_000850 xor eax,eax mov al,[DATA_008847] mov [ebp-0x58],eax push byte +0x12 push byte +0x5f push byte +0xa push dword [DATA_008958] lea eax,[ebp-0x58] push eax push dword 0x84a0 call FUNC_000854 add esp,byte +0x18 push dword 0x12c push byte +0x69 push byte +0xa push byte +0x11 lea eax,[ebp-0x58] push eax push dword [DATA_008961] call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 call FUNC_001637_FlipScreen jmp short JUMP_003520 JUMP_003518: ; Pos = 361c1 push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx jmp short JUMP_003520 JUMP_003519: ; Pos = 361cb push eax call FUNC_000845 pop ecx JUMP_003520: ; Pos = 361d2 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000844: ; Pos = 361d9 push ebp mov ebp,esp push ebx mov ebx,DATA_008804 push dword DATA_006828 push byte +0x0 call FUNC_001572 add esp,byte +0x8 mov byte [DATA_008627],0x2 mov byte [ebx+0x298],0x2 mov dword [ebx+0x246],0x12345678 mov dword [ebx+0x24a],0x87654321 push dword [ebx+0x23e] push dword [ebx+0x23a] push dword [ebx+0x29a] call FUNC_000849 add esp,byte +0xc call FUNC_000846 call FUNC_001637_FlipScreen pop ebx pop ebp ret FUNC_000845: ; Pos = 3623a push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,ebx cmp eax,0xf8 jg JUMP_003521 jz near JUMP_003526 sub eax,byte +0x1 jc JUMP_003522 sub eax,0xf4 jz near JUMP_003531 dec eax jz near JUMP_003527 dec eax jz near JUMP_003524 jmp JUMP_003533 JUMP_003521: ; Pos = 36273 add eax,0xffffff07 sub eax,byte +0x2 jc near JUMP_003532 jz near JUMP_003529 dec eax jz near JUMP_003530 jmp JUMP_003533 JUMP_003522: ; Pos = 36293 cmp byte [DATA_008964],0x0 jz near JUMP_003534 dec byte [DATA_008964] mov al,[DATA_008964] test al,al jz JUMP_003523 push dword [DATA_008945] push dword [DATA_008944] push dword [DATA_008966] call FUNC_000848 add esp,byte +0xc call FUNC_000846 call FUNC_001637_FlipScreen pop ebx pop ebp ret JUMP_003523: ; Pos = 362d6 push dword [DATA_008945] push dword [DATA_008944] push dword [DATA_008966] call FUNC_000847 add esp,byte +0xc call FUNC_000846 call FUNC_001637_FlipScreen pop ebx pop ebp ret JUMP_003524: ; Pos = 362fd cmp byte [DATA_008953],0x0 jz JUMP_003525 mov byte [DATA_008965],0x0 call FUNC_000842 push byte +0x1 push byte +0x22 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebx pop ebp ret JUMP_003525: ; Pos = 36321 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebx pop ebp ret JUMP_003526: ; Pos = 3633c mov byte [DATA_008965],0x0 call FUNC_000844 push byte +0x1 push byte +0x21 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebx pop ebp ret JUMP_003527: ; Pos = 3636f mov byte [DATA_008965],0x0 push byte +0x0 call FUNC_000966 pop ecx mov ebx,0x1c JUMP_003528: ; Pos = 36383 push ebx call FUNC_000263_ConsoleShowButton pop ecx inc ebx cmp ebx,byte +0x24 jng JUMP_003528 push byte +0x1 push byte +0x23 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x1f call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x20 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebx pop ebp ret JUMP_003529: ; Pos = 363b7 cmp dword [DATA_008966],byte +0x1 jng near JUMP_003534 dec dword [DATA_008966] mov byte [DATA_008964],0x2 mov dword [DATA_008947],0x12345678 mov dword [DATA_008948],0x87654321 push dword [DATA_008945] push dword [DATA_008944] push dword [DATA_008966] call FUNC_000849 add esp,byte +0xc call FUNC_000846 call FUNC_001637_FlipScreen pop ebx pop ebp ret JUMP_003530: ; Pos = 3640c cmp dword [DATA_008966],0xff jnl near JUMP_003534 inc dword [DATA_008966] mov byte [DATA_008964],0x2 mov dword [DATA_008947],0x12345678 mov dword [DATA_008948],0x87654321 push dword [DATA_008945] push dword [DATA_008944] push dword [DATA_008966] call FUNC_000849 add esp,byte +0xc call FUNC_000846 call FUNC_001637_FlipScreen pop ebx pop ebp ret JUMP_003531: ; Pos = 36464 mov byte [DATA_008627],0xff call FUNC_001573 mov byte [DATA_008809],0xfe mov byte [DATA_008965],0x0 push byte +0x1 push byte +0x24 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebx pop ebp ret JUMP_003532: ; Pos = 3648d mov byte [DATA_008627],0xff call FUNC_001573 mov byte [DATA_008809],0xfe mov byte [DATA_008965],0x0 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx pop ebx pop ebp ret JUMP_003533: ; Pos = 364b2 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx JUMP_003534: ; Pos = 364ba pop ebx pop ebp ret FUNC_000846: ; Pos = 364bd push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov esi,DATA_006829 lea edi,[ebp-0x14] mov ecx,0x5 rep movsd xor ebx,ebx jmp JUMP_003537 JUMP_003535: ; Pos = 364dc mov eax,ebx shl eax,0x4 mov eax,[eax+DATA_006813] mov edx,[DATA_008944] sar edx,0x10 sub eax,edx cdq idiv dword [DATA_008966] mov ecx,eax add ecx,0xa2 mov eax,ebx shl eax,0x4 mov eax,[eax+DATA_006814] neg eax mov edx,[DATA_008945] sar edx,0x10 add eax,edx cdq idiv dword [DATA_008966] add eax,byte +0x4c cmp eax,0x95 jg JUMP_003536 test eax,eax jng JUMP_003536 cmp ecx,0x136 jg JUMP_003536 test ecx,ecx jng JUMP_003536 push byte +0x10 push eax push ecx push dword [DATA_008958] lea eax,[ebp-0x14] push eax mov eax,ebx shl eax,0x4 push dword [eax+DATA_006815] call FUNC_000854 add esp,byte +0x18 JUMP_003536: ; Pos = 3655b inc ebx JUMP_003537: ; Pos = 3655c mov eax,ebx shl eax,0x4 mov eax,[eax+DATA_006812] cmp eax,[DATA_008966] jnl near JUMP_003535 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000847: ; Pos = 3657a push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov eax,[ebp+0x10] mov esi,[ebp+0x8] mov edx,[ebp+0xc] sar edx,0x10 mov ecx,esi sar ecx,1 sub edx,ecx mov ecx,esi shl ecx,0x5 lea ecx,[ecx+ecx*4] add edx,ecx mov [ebp+0xc],edx sar eax,0x10 mov edx,esi sar edx,1 add eax,edx imul edx,esi,byte +0x4f sub eax,edx mov [ebp-0x4],eax mov dword [ebp-0x8],0x9d JUMP_003538: ; Pos = 365ba mov edi,[ebp+0xc] mov ebx,0x13f JUMP_003539: ; Pos = 365c2 push esi mov ax,[ebp-0x4] push eax push edi call FUNC_000853 add esp,byte +0xc sar eax,0xa push dword [eax*4+DATA_006821] push dword [ebp-0x8] push ebx call FUNC_001629_DrawPixelToBuf add esp,byte +0xc sub edi,esi dec ebx test ebx,ebx jnl JUMP_003539 add [ebp-0x4],esi dec dword [ebp-0x8] cmp dword [ebp-0x8],byte +0x0 jnl JUMP_003538 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000848: ; Pos = 36601 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov eax,[ebp+0x10] mov edi,[ebp+0x8] add edi,edi mov edx,[ebp+0xc] sar edx,0x10 mov ecx,edi sar ecx,1 sub edx,ecx mov ecx,edi shl ecx,0x4 lea ecx,[ecx+ecx*4] add edx,ecx mov [ebp+0xc],edx sar eax,0x10 mov edx,edi sar edx,1 add eax,edx imul edx,edi,byte +0x27 sub eax,edx mov [ebp-0x4],eax mov esi,0x9c JUMP_003540: ; Pos = 36641 mov eax,[ebp+0xc] mov [ebp-0x8],eax mov ebx,0x13e JUMP_003541: ; Pos = 3664c push edi mov ax,[ebp-0x4] push eax mov ax,[ebp-0x8] push eax call FUNC_000853 add esp,byte +0xc sar eax,0xa push dword [eax*4+DATA_006821] lea eax,[esi+0x1] push eax lea eax,[ebx+0x1] push eax push esi push ebx call FUNC_001627_DrawBoxToBuf add esp,byte +0x14 sub [ebp-0x8],edi sub ebx,byte +0x2 test ebx,ebx jnl JUMP_003541 add [ebp-0x4],edi sub esi,byte +0x2 test esi,esi jnl JUMP_003540 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000849: ; Pos = 36696 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov eax,[ebp+0x10] mov edi,[ebp+0x8] shl edi,0x2 mov edx,[ebp+0xc] sar edx,0x10 mov ecx,edi sar ecx,1 sub edx,ecx mov ecx,edi shl ecx,0x3 lea ecx,[ecx+ecx*4] add edx,ecx mov [ebp+0xc],edx sar eax,0x10 mov edx,edi sar edx,1 add eax,edx imul edx,edi,byte +0x13 sub eax,edx mov [ebp-0x4],eax mov esi,0x9a JUMP_003542: ; Pos = 366d7 mov eax,[ebp+0xc] mov [ebp-0x8],eax mov ebx,0x13c JUMP_003543: ; Pos = 366e2 push edi mov ax,[ebp-0x4] push eax mov ax,[ebp-0x8] push eax call FUNC_000853 add esp,byte +0xc sar eax,0xa push dword [eax*4+DATA_006821] lea eax,[esi+0x3] push eax lea eax,[ebx+0x3] push eax push esi push ebx call FUNC_001627_DrawBoxToBuf add esp,byte +0x14 sub [ebp-0x8],edi sub ebx,byte +0x4 test ebx,ebx jnl JUMP_003543 add [ebp-0x4],edi sub esi,byte +0x4 test esi,esi jnl JUMP_003542 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000850: ; Pos = 3672c push ebp mov ebp,esp push ecx push ebx push esi xor eax,eax mov [ebp-0x4],eax xor ebx,ebx xor esi,esi call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas push byte +0x0 call FUNC_000956 pop ecx push byte +0x1 add esi,byte +0x4 push esi add ebx,byte +0x18 push ebx push byte +0x0 push byte +0x1 lea eax,[ebp-0x4] push eax call FUNC_000851 add esp,byte +0x18 pop esi pop ebx pop ecx pop ebp ret FUNC_000851: ; Pos = 36768 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov edi,[ebp+0x18] mov esi,[ebp+0x14] mov ebx,[ebp+0x8] mov eax,[ebx] mov [ebp-0x4],eax mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx movzx eax,word [eax*4+DATA_008781] lea eax,[eax+eax*4] push esi push edi lea esi,[eax*4+DATA_006822] lea edi,[ebp-0x18] mov ecx,0x5 rep movsd pop edi pop esi cmp dword [ebp+0x1c],byte +0x0 jz JUMP_003544 mov eax,[ebp+0x10] imul dword [ebp-0x18] add esi,eax mov eax,[ebp+0xc] imul dword [ebp-0x14] add edi,eax JUMP_003544: ; Pos = 367be mov eax,edi sub eax,[ebp-0xc] push eax mov eax,esi sub eax,[ebp-0x10] push eax push dword [ebp-0x8] push dword DATA_007774 call FUNC_001623_BlitIndex add esp,byte +0x10 cmp edi,0x9e jnl JUMP_003545 cmp esi,0x140 jnl JUMP_003545 mov eax,[ebx] add eax,0x80 push eax mov eax,[ebp-0x18] inc eax push eax push edi push esi call near [DATA_007679] ; FUNC_001442_GuiAddHotSquare add esp,byte +0x10 JUMP_003545: ; Pos = 36802 inc dword [ebx] mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [eax*4+DATA_008781],byte +0x23 jnz JUMP_003546 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp dword [eax*4+DATA_008778],byte +0x0 jnz JUMP_003545 JUMP_003546: ; Pos = 3682b mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [eax*4+DATA_008777],byte +0x0 jnz JUMP_003547 push byte +0x0 lea eax,[edi-0x1d] push eax push esi push byte +0x0 push byte +0x1 push ebx call FUNC_000851 add esp,byte +0x18 push byte +0x0 lea eax,[edi+0x1c] push eax push esi push byte +0x0 push byte +0x1 push ebx call FUNC_000851 add esp,byte +0x18 JUMP_003547: ; Pos = 36867 mov eax,[ebp-0x18] add eax,byte +0x3 imul dword [ebp+0xc] add esi,eax mov eax,[ebp-0x14] add eax,byte +0x3 imul dword [ebp+0x10] add edi,eax jmp short JUMP_003549 JUMP_003548: ; Pos = 3687f push byte +0x1 push edi push esi push dword [ebp+0xc] push dword [ebp+0x10] push ebx call FUNC_000851 add esp,byte +0x18 mov edx,[ebp+0xc] imul edx,eax add esi,edx mov edx,[ebp+0x10] imul edx,eax add edi,edx JUMP_003549: ; Pos = 368a2 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp dword [eax*4+DATA_008778],byte +0x0 jng JUMP_003550 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx movzx eax,word [eax*4+DATA_008780] mov edx,[ebp-0x4] inc edx cmp eax,edx jz JUMP_003548 JUMP_003550: ; Pos = 368ce mov eax,[ebp-0x18] add eax,eax add eax,byte +0x3 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000852: ; Pos = 368dd push ebp mov ebp,esp add esp,0xfffffd2c push ebx push esi push edi mov ebx,[ebp+0xc] mov si,[ebp+0x8] and esi,0x1fff shl esi,0x10 mov edi,[ebp+0x8] shr edi,0xd and edi,0x1fff shl edi,0x10 push byte +0x0 push edi push esi lea eax,[ebp+0xfffffeac] push eax lea eax,[ebp+0xfffffd2c] push eax call FUNC_000841 add esp,byte +0x14 mov dl,[ebp+0xb] shr edx,0x2 and edx,byte +0x3f cmp edx,eax jc JUMP_003551 or eax,byte -0x1 jmp short JUMP_003552 JUMP_003551: ; Pos = 36934 push ebx mov al,[ebp+0xb] shr eax,0x2 and eax,byte +0x3f add eax,eax lea eax,[eax+eax*2] lea edx,[ebp+0xfffffd2c] add eax,edx push eax push edi push esi call FUNC_000856 add esp,byte +0x10 mov al,[ebp+0xb] shr eax,0x2 and eax,byte +0x3f mov edx,[ebp+0x10] mov [edx],eax mov al,[ebp+0xb] shr eax,0x2 and eax,byte +0x3f movzx eax,byte [ebp+eax*2+0xffffff52] mov edx,[ebp+0x14] mov [edx],eax mov al,[ebp+0xb] shr eax,0x2 and eax,byte +0x3f movzx eax,byte [ebp+eax*2+0xffffff53] mov edx,[ebp+0x18] mov [edx],eax push dword [DATA_008952] push dword [DATA_008951] push dword [DATA_008950] push dword [ebx+0x8] push dword [ebx+0x4] push dword [ebx] call FUNC_000833 add esp,byte +0x18 JUMP_003552: ; Pos = 369b2 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000853: ; Pos = 369b9 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov ecx,[ebp+0xc] mov edx,[ebp+0x8] cmp dx,0x2000 jnc JUMP_003553 cmp cx,0x2000 jc JUMP_003554 JUMP_003553: ; Pos = 369d6 xor eax,eax jmp JUMP_003560 JUMP_003554: ; Pos = 369dd cmp dword [ebp+0x10],byte +0x0 jnz JUMP_003557 mov [ebp-0x10],dx mov [ebp-0xe],cx xor eax,eax JUMP_003555: ; Pos = 369ed mov ebx,[eax*4+DATA_006799] cmp ebx,[ebp-0x10] jnz JUMP_003556 mov edx,[eax*4+DATA_006801] sub edx,[eax*4+DATA_006800] shl edx,0xa mov eax,edx jmp JUMP_003560 JUMP_003556: ; Pos = 36a11 inc eax cmp eax,byte +0x31 jl JUMP_003555 JUMP_003557: ; Pos = 36a17 movzx eax,dx shl eax,0x3 movzx edx,cx shl edx,0x3 mov ebx,edx and ebx,0xfe00 mov ecx,eax sar ecx,0x7 add ebx,ecx sar ebx,0x2 xor ecx,ecx mov cl,[ebx+DATA_006806] movzx esi,byte [ebx+DATA_006808] mov [ebp-0x4],esi movzx esi,byte [ebx+DATA_006809] mov [ebp-0x8],esi movzx ebx,byte [ebx+DATA_006807] mov [ebp-0xc],ebx and eax,0x1ff shl eax,0x6 and edx,0x1ff shl edx,0x6 mov ebx,[ebp-0xc] sub ebx,ecx imul ebx,eax mov esi,[ebp-0x4] sub esi,ecx imul esi,edx add ebx,esi mov esi,eax imul esi,edx sar esi,0xf mov edi,[ebp-0x8] sub edi,[ebp-0x4] sub edi,[ebp-0xc] add edi,ecx imul esi,edi add ebx,esi add ebx,ebx shl ecx,0x10 add ebx,ecx sar ebx,0x8 mov ecx,ebx cmp dword [ebp+0x10],byte +0x10 jl JUMP_003558 mov eax,ecx jmp short JUMP_003560 JUMP_003558: ; Pos = 36aac lea ebx,[eax+ecx] imul edx sar eax,0xf xor ebx,eax sar ebx,0x5 and ebx,byte +0x7f mov eax,[ebx*4+DATA_006805] cmp dword [ebp+0x10],byte +0x0 jnz JUMP_003559 imul ecx,eax shr ecx,0x10 mov eax,ecx jmp short JUMP_003560 JUMP_003559: ; Pos = 36ad3 mov edx,0x10 sub edx,[ebp+0x10] imul edx,eax sar edx,0x5 mov eax,0xffff sub eax,edx imul ecx,eax shr ecx,0x10 mov eax,ecx JUMP_003560: ; Pos = 36af0 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000854: ; Pos = 36af7 push ebp mov ebp,esp push dword [ebp+0x10] push dword DATA_009147 push dword [ebp+0xc] push dword [ebp+0x8] call FUNC_000830 add esp,byte +0x10 push dword [ebp+0x1c] push dword [ebp+0x18] push dword [ebp+0x14] push dword DATA_009147 call FUNC_001589_WriteStringShadowed add esp,byte +0x10 pop ebp ret FUNC_000855: ; Pos = 36b28 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dl,[DATA_008954] and edx,byte +0x7 mov [eax+0x8],edx mov edx,[DATA_008958] mov [eax+0xc],edx mov edx,[DATA_008962] mov [eax+0x10],edx mov edx,[DATA_008956] mov [eax],edx mov edx,[DATA_008957] mov [eax+0x4],edx push byte +0x14 push dword DATA_008656 add eax,byte +0x14 push eax call _strncpyfill add esp,byte +0xc pop ebp ret FUNC_000856: ; Pos = 36b72 push ebp mov ebp,esp push ebx mov edx,[ebp+0x14] mov eax,[ebp+0x10] mov ecx,[ebp+0x8] and ecx,0xffff0000 movsx ebx,byte [eax+0x4] shl ebx,0x9 add ebx,0x8000 and ebx,0xffff add ecx,ebx mov [edx],ecx mov ecx,[ebp+0xc] and ecx,0xffff0000 movsx ebx,byte [eax+0x3] shl ebx,0x9 add ebx,0x8000 and ebx,0xffff add ecx,ebx mov [edx+0x4],ecx mov ecx,0xffff cmp byte [eax+0x2],0x0 jg JUMP_003561 add ecx,0xffff0001 JUMP_003561: ; Pos = 36bce movsx eax,byte [eax+0x2] neg eax shl eax,0x10 or ecx,eax sar ecx,0x7 neg ecx mov [edx+0x8],ecx pop ebx pop ebp ret FUNC_000857: ; Pos = 36be4 push ebp mov ebp,esp push ecx push ebx push esi lea esi,[ebp-0x4] mov eax,[ebp+0xc] sub eax,byte +0x1 jc JUMP_003562 jz JUMP_003563 dec eax jz JUMP_003564 jmp JUMP_003565 JUMP_003562: ; Pos = 36bff mov eax,[ebp+0x8] mov [esi],eax and byte [esi+0x3],0x3 jmp JUMP_003566 JUMP_003563: ; Pos = 36c0d mov eax,[ebp+0x8] mov [esi],eax push byte +0xc call near [DATA_007217] ; FUNC_000922 pop ecx movsx eax,word [eax*4+DATA_006816] add ax,[esi] and ax,0x1fff mov dx,[esi] and dx,0xe000 or ax,dx mov [esi],ax push byte +0xc call near [DATA_007217] ; FUNC_000922 pop ecx movsx eax,word [eax*4+DATA_006817] mov edx,[esi] shr edx,0xd add eax,edx and eax,0x1fff shl eax,0xd mov edx,[esi] and edx,0xfc001fff or eax,edx mov [esi],eax jmp short JUMP_003566 JUMP_003564: ; Pos = 36c66 mov eax,[ebp+0x8] mov [esi],eax push byte +0xc call near [DATA_007217] ; FUNC_000922 pop ecx movsx eax,word [eax*4+DATA_006818] add ax,[esi] and ax,0x1fff mov dx,[esi] and dx,0xe000 or ax,dx mov [esi],ax push byte +0xc call near [DATA_007217] ; FUNC_000922 pop ecx movsx eax,word [eax*4+DATA_006819] mov edx,[esi] shr edx,0xd add eax,edx and eax,0x1fff shl eax,0xd mov edx,[esi] and edx,0xfc001fff or eax,edx mov [esi],eax jmp short JUMP_003566 JUMP_003565: ; Pos = 36cbf xor eax,eax mov [esi],eax mov eax,[esi] jmp short JUMP_003569 JUMP_003566: ; Pos = 36cc7 push byte +0x0 mov eax,[esi] shr eax,0xd and eax,0x1fff push eax mov ax,[esi] and eax,0x1fff push eax call FUNC_000853 add esp,byte +0xc mov ebx,eax sar ebx,0xa test ebx,ebx jnz JUMP_003567 xor eax,eax mov [esi],eax mov eax,[esi] jmp short JUMP_003569 JUMP_003567: ; Pos = 36cf6 push ebx call near [DATA_007217] ; FUNC_000922 pop ecx and al,0x3f shl eax,0x2 mov dl,[esi+0x3] and dl,0x3 or al,dl mov [esi+0x3],al mov eax,[esi] cmp eax,[ebp+0x8] jnz JUMP_003568 xor eax,eax mov [esi],eax JUMP_003568: ; Pos = 36d19 mov eax,[esi] JUMP_003569: ; Pos = 36d1b pop esi pop ebx pop ecx pop ebp ret FUNC_000858: ; Pos = 36d20 push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0x14] mov ebx,[ebp+0x10] mov eax,[ebp+0xc] sub eax,byte +0x1 jc JUMP_003570 jz JUMP_003571 dec eax jz JUMP_003572 jmp JUMP_003573 JUMP_003570: ; Pos = 36d3f mov eax,[ebp+0x8] mov [ebp-0x4],eax and byte [ebp-0x1],0x3 jmp JUMP_003574 JUMP_003571: ; Pos = 36d4e mov eax,[ebp+0x8] mov [ebp-0x4],eax push esi push ebx push byte +0xc call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc movsx eax,word [eax*4+DATA_006816] add ax,[ebp-0x4] and ax,0x1fff mov dx,[ebp-0x4] and dx,0xe000 or ax,dx mov [ebp-0x4],ax push esi push ebx push byte +0xc call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc movsx eax,word [eax*4+DATA_006817] mov edx,[ebp-0x4] shr edx,0xd add eax,edx and eax,0x1fff shl eax,0xd mov edx,[ebp-0x4] and edx,0xfc001fff or eax,edx mov [ebp-0x4],eax jmp short JUMP_003574 JUMP_003572: ; Pos = 36db6 mov eax,[ebp+0x8] mov [ebp-0x4],eax push esi push ebx push byte +0xc call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc movsx eax,word [eax*4+DATA_006818] add ax,[ebp-0x4] and ax,0x1fff mov dx,[ebp-0x4] and dx,0xe000 or ax,dx mov [ebp-0x4],ax push esi push ebx push byte +0xc call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc movsx eax,word [eax*4+DATA_006819] mov edx,[ebp-0x4] shr edx,0xd add eax,edx and eax,0x1fff shl eax,0xd mov edx,[ebp-0x4] and edx,0xfc001fff or eax,edx mov [ebp-0x4],eax jmp short JUMP_003574 JUMP_003573: ; Pos = 36e1e xor eax,eax mov [ebp-0x4],eax mov eax,[ebp-0x4] jmp short JUMP_003577 JUMP_003574: ; Pos = 36e28 push byte +0x0 mov eax,[ebp-0x4] shr eax,0xd and eax,0x1fff push eax mov ax,[ebp-0x4] and eax,0x1fff push eax call FUNC_000853 add esp,byte +0xc mov edi,eax sar edi,0xa test edi,edi jnz JUMP_003575 xor eax,eax mov [ebp-0x4],eax mov eax,[ebp-0x4] jmp short JUMP_003577 JUMP_003575: ; Pos = 36e5b push esi push ebx push edi call near [DATA_007216] ; FUNC_000921 add esp,byte +0xc and al,0x3f shl eax,0x2 mov dl,[ebp-0x1] and dl,0x3 or al,dl mov [ebp-0x1],al mov eax,[ebp-0x4] cmp eax,[ebp+0x8] jnz JUMP_003576 xor eax,eax mov [ebp-0x4],eax JUMP_003576: ; Pos = 36e84 mov eax,[ebp-0x4] JUMP_003577: ; Pos = 36e87 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000859: ; Pos = 36e8d push ebp mov ebp,esp push dword [ebp+0x18] push dword [ebp+0x14] push dword [ebp+0x10] push dword [ebp+0xc] push dword [ebp+0x8] call FUNC_000852 add esp,byte +0x14 pop ebp ret FUNC_000860: ; Pos = 36ea9 push ebp mov ebp,esp add esp,byte -0x38 push ebx mov ebx,[ebp+0x8] lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x38] push eax push dword [ebp+0xc] call FUNC_000852 add esp,byte +0x14 inc eax jnz JUMP_003578 or eax,byte -0x1 jmp JUMP_003581 JUMP_003578: ; Pos = 36ed9 push dword [ebp+0xc] lea eax,[ebx+0x14] push eax push byte +0x0 push dword 0x1ff call FUNC_000830 add esp,byte +0x10 lea eax,[ebp-0x24] push eax lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0x20] push eax lea eax,[ebp-0x2c] push eax lea eax,[ebp-0x28] push eax push dword [ebp+0xc] call FUNC_000869 add esp,byte +0x24 mov eax,[ebp-0xc] and eax,byte +0x7 mov [ebx+0x8],eax mov eax,[ebp+0xc] mov [ebx+0xc],eax mov eax,[ebp-0x20] mov [ebx+0x10],eax test byte [ebp-0x8],0x80 jz JUMP_003579 xor eax,eax mov [ebx],eax jmp short JUMP_003580 JUMP_003579: ; Pos = 36f3b mov eax,[ebp-0x34] sar eax,0x10 mov edx,[ebp-0x34] shl edx,0x10 add eax,edx add eax,[ebp-0x38] sub eax,[ebp-0x30] mov [ebx],eax JUMP_003580: ; Pos = 36f51 mov eax,[ebp-0x8] and eax,byte +0xf mov eax,[eax*4+DATA_006804] mov edx,[ebp-0x8] and edx,byte +0xf sub eax,[edx*4+DATA_006803] shr eax,0x10 mov edx,[ebp-0xc] and edx,0xf8 shl edx,0x8 imul edx mov edx,[ebp-0x8] and edx,byte +0xf add eax,[edx*4+DATA_006803] mov [ebx+0x4],eax xor eax,eax JUMP_003581: ; Pos = 36f8e pop ebx mov esp,ebp pop ebp ret FUNC_000861: ; Pos = 36f93 mov eax,[DATA_008947] mov edx,[DATA_008947] add edx,[DATA_008948] mov ecx,eax shl ecx,0x3 shr eax,0x1d or ecx,eax mov eax,ecx add eax,edx mov ecx,edx shl ecx,0x5 shr edx,0x1b or ecx,edx mov edx,ecx mov [DATA_008948],edx mov [DATA_008947],eax ret FUNC_000862: ; Pos = 36fca push ebp mov ebp,esp add esp,byte -0x18 push ebx mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov edx,[eax+0x8] sar edx,0x2 mov [ebp-0x18],edx mov edx,[eax+0x4] sub edx,[DATA_008945] sar edx,0x2 mov [ebp-0x14],edx mov eax,[eax] sub eax,[DATA_008944] sar eax,0x2 mov [ebp-0x10],eax cmp dword [ebp-0x14],0xffff8001 jl near JUMP_003582 cmp dword [ebp-0x14],0x7fff jg JUMP_003582 cmp dword [ebp-0x10],0xffff8001 jl JUMP_003582 cmp dword [ebp-0x10],0x7fff jg JUMP_003582 shl dword [ebp-0x18],0xf shl dword [ebp-0x14],0xf shl dword [ebp-0x10],0xf push ebx lea eax,[ebp-0x18] push eax lea eax,[ebp-0xc] push eax call FUNC_001669_VecMatMul add esp,byte +0xc mov eax,[ebp-0xc] sar eax,0xd mov [ebx+0x26],eax mov eax,[ebp-0x8] sar eax,0xd mov [ebx+0x2e],eax mov eax,[ebp-0x4] sar eax,0xd add eax,[DATA_008946] mov [ebx+0x36],eax mov eax,[ebp+0x10] mov [ebx+0x82],eax movsx eax,word [ebp+0x14] mov [ebx+0xa4],eax mov ax,[DATA_008949] mov [ebx+0x9e],ax push ebx call near [DATA_007807] ; FUNC_001682 pop ecx JUMP_003582: ; Pos = 3708b pop ebx mov esp,ebp pop ebp ret FUNC_000863: ; Pos = 37090 push ebp mov ebp,esp add esp,0xfffff7ec call FUNC_000838 mov eax,[DATA_008955] mov [ebp-0x14],eax lea eax,[ebp-0x14] push eax push dword 0x849e lea eax,[ebp+0xfffffbec] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc lea eax,[ebp+0xfffffbec] push eax push dword DATA_008656 push dword DATA_007101 lea eax,[ebp+0xfffff7ec] push eax call _sprintf add esp,byte +0x10 lea eax,[ebp-0x14] push eax push dword [DATA_008960] lea eax,[ebp+0xfffffbec] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc push dword DATA_007102 lea eax,[ebp+0xfffff7ec] push eax call _strcat add esp,byte +0x8 push dword DATA_008657 lea eax,[ebp+0xfffff7ec] push eax call _strcat add esp,byte +0x8 push dword DATA_007103 lea eax,[ebp+0xfffff7ec] push eax call _strcat add esp,byte +0x8 lea eax,[ebp+0xfffffbec] push eax lea eax,[ebp+0xfffff7ec] push eax call _strcat add esp,byte +0x8 push byte +0x1 push byte +0x12 lea eax,[ebp+0xfffff7ec] push eax call FUNC_000271 add esp,byte +0xc mov dword [DATA_006797],0xffffffff mov esp,ebp pop ebp ret FUNC_000864: ; Pos = 3716c push ebp mov ebp,esp push ebx mov eax,[ebp+0x8] test eax,eax jz JUMP_003583 push eax call FUNC_000835 pop ecx mov byte [DATA_008628],0x0 pop ebx pop ebp ret JUMP_003583: ; Pos = 37188 call FUNC_001573 mov byte [DATA_008627],0x0 mov byte [DATA_008628],0x0 mov ebx,0x1a JUMP_003584: ; Pos = 371a0 push ebx call FUNC_000264_ConsoleHideButton pop ecx inc ebx cmp ebx,byte +0x24 jng JUMP_003584 call FUNC_000836 cmp dword [DATA_006797],byte +0x0 jz JUMP_003585 push byte +0x0 push byte +0x0 push byte +0x0 call FUNC_000271 add esp,byte +0xc JUMP_003585: ; Pos = 371c9 xor eax,eax mov [DATA_006797],eax pop ebx pop ebp ret FUNC_000865: ; Pos = 371d4 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0xc9],0x0 jng JUMP_003587 movzx edx,word [eax+0x9e] mov ecx,[DATA_009155] shr ecx,1 add edx,ecx cmp edx,0xffff jng JUMP_003586 mov word [eax+0x9e],0xffff and byte [eax+0xc9],0xfe jmp short JUMP_003589 JUMP_003586: ; Pos = 3720e mov [eax+0x9e],dx pop ebp ret JUMP_003587: ; Pos = 37217 cmp byte [eax+0xc9],0x0 jnl JUMP_003589 movzx edx,word [eax+0x9e] mov ecx,[DATA_009155] shr ecx,1 sub edx,ecx test edx,edx jnl JUMP_003588 mov byte [eax+0xc9],0xfe mov word [eax+0x9e],0x0 pop ebp ret JUMP_003588: ; Pos = 37247 mov [eax+0x9e],dx JUMP_003589: ; Pos = 3724e pop ebp ret FUNC_000866: ; Pos = 37250 push ebp mov ebp,esp add esp,byte -0x20 push ebx push esi push edi mov eax,[ebp+0x8] mov ebx,[eax+0x8] mov edi,[eax+0x4] mov esi,[eax] mov eax,[ebx+0xa8] mov [ebp-0x8],eax mov eax,[ebx+0xac] mov [ebp-0x4],eax mov [ebx+0xa8],esi mov [ebx+0xac],edi test byte [ebx+0x14c],0x20 jz JUMP_003590 push ebx call FUNC_000865 pop ecx jmp JUMP_003596 JUMP_003590: ; Pos = 37297 mov eax,[ebx+0xba] mov [ebp-0x10],eax mov eax,[ebx+0xbe] mov [ebp-0xc],eax push esi push edi mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] push eax mov eax,[ebx+0xc2] push eax lea eax,[ebp-0x20] push eax call near [DATA_007743] ; FUNC_001510 add esp,byte +0x18 mov eax,[ebp-0x20] mov [ebp-0x18],eax mov eax,[ebp-0x1c] mov [ebp-0x14],eax push dword [ebp-0x14] push dword [ebp-0x18] push dword [ebp-0xc] push dword [ebp-0x10] lea eax,[ebx+0xba] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov eax,[ebx+0xbe] sub eax,[ebp-0xc] test eax,eax jz JUMP_003592 test eax,eax ; FIX: Orbital drift bug jmp JUMP_003591 ; jng JUMP_003591 cmp eax,0xffff jnl JUMP_003591 push eax push ebx call near [DATA_007742] ; FUNC_001508 add esp,byte +0x8 jmp short JUMP_003592 JUMP_003591: ; Pos = 37313 mov eax,[ebx+0xbe] push eax movsx eax,word [ebx+0xc6] push eax mov eax,[ebx+0xb0] push eax push ebx call near [DATA_007741] ; FUNC_001507 add esp,byte +0x10 JUMP_003592: ; Pos = 37333 test byte [ebx+0x14c],0x10 jz JUMP_003593 push ebx call FUNC_000865 pop ecx JUMP_003593: ; Pos = 37343 mov dl,[ebx+0xc8] test dl,dl jz JUMP_003596 mov eax,esi movsx esi,dl dec esi test esi,esi jl JUMP_003594 mov ecx,esi shl dword [ebp-0x8],cl mov ecx,esi shl eax,cl JUMP_003594: ; Pos = 37360 mov edx,[ebp-0x8] shr edx,0x14 mov ecx,eax shr ecx,0x14 cmp edx,ecx jz JUMP_003596 test byte [ebx+0x14c],0x10 jz JUMP_003595 movsx edx,word [ebx+0xcc] push edx shr eax,0x10 push eax push ebx call FUNC_001675_MatBuildYZT add esp,byte +0xc jmp short JUMP_003596 JUMP_003595: ; Pos = 3738f shr eax,0x10 push eax movsx eax,word [ebx+0xcc] push eax push ebx call FUNC_001675_MatBuildYZT add esp,byte +0xc JUMP_003596: ; Pos = 373a4 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_000867: ; Pos = 373ac push ebp mov ebp,esp add esp,byte -0x30 push ebx mov eax,[ebp+0x8] mov ebx,[eax] mov edx,[eax+0x4] movsx eax,word [ebx+0xd8] test eax,eax jz JUMP_003597 cmp eax,edx jna JUMP_003598 JUMP_003597: ; Pos = 373ca test eax,eax jz JUMP_003601 sub [ebx+0xd8],dx jmp short JUMP_003601 JUMP_003598: ; Pos = 373d7 movsx eax,byte [ebx+0xca] cmp eax,[DATA_008857] jnz JUMP_003600 cmp byte [DATA_008870],0x2 jnz JUMP_003599 mov byte [ebx+0xff],0x8 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003599: ; Pos = 3740b mov dword [ebp-0x30],0x98bd mov dword [ebp-0x18],0x8 mov eax,[ebx+0xa0] mov edx,eax shr edx,0x10 shl eax,0x10 or edx,eax mov [ebp-0x24],edx mov [ebp-0x14],ebx lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx JUMP_003600: ; Pos = 37439 push ebx mov al,[ebx+0xca] push eax call FUNC_000651 add esp,byte +0x8 JUMP_003601: ; Pos = 37449 test byte [ebx+0x14c],0x20 jz JUMP_003602 movsx eax,byte [DATA_008932] push eax call near [DATA_007753] ; FUNC_001531 pop ecx mov al,[eax+0x88] cmp al,[ebx+0x88] jng JUMP_003602 mov al,[ebx+0x86] mov [DATA_008932],al JUMP_003602: ; Pos = 3747a pop ebx mov esp,ebp pop ebp ret FUNC_000868: ; Pos = 37480 push ebp mov ebp,esp push ecx xor eax,eax mov edx,DATA_007110 jmp short JUMP_003604 JUMP_003603: ; Pos = 3748d cmp ecx,[ebp+0x8] jz JUMP_003605 inc eax add edx,byte +0x36 JUMP_003604: ; Pos = 37496 mov ecx,[edx] test ecx,ecx jnz JUMP_003603 JUMP_003605: ; Pos = 3749c lea edx,[eax+eax*2] lea edx,[edx+edx*8] cmp dword [edx*2+DATA_007110],byte +0x0 jnz near JUMP_003618 mov eax,[ebp+0x8] mov [ebp-0x4],eax and byte [ebp-0x1],0x3 xor eax,eax mov edx,DATA_007116 JUMP_003606: ; Pos = 374c1 mov ecx,[edx] cmp ecx,[ebp-0x4] jnz JUMP_003607 or eax,byte -0x1 pop ecx pop ebp ret JUMP_003607: ; Pos = 374ce inc eax add edx,byte +0x4 cmp eax,byte +0x4 jl JUMP_003606 mov ax,[ebp+0x8] and eax,0x1fff sub eax,0x1718 test eax,eax jng JUMP_003608 mov edx,eax jmp short JUMP_003609 JUMP_003608: ; Pos = 374ed mov edx,eax neg edx JUMP_003609: ; Pos = 374f1 mov eax,edx mov dl,[ebp+0xb] shr edx,0x2 and edx,byte +0x3f and edx,byte +0x7 add edx,eax mov eax,edx mov edx,eax imul edx,eax mov eax,edx mov edx,[ebp+0x8] shr edx,0xd and edx,0x1fff sub edx,0x1524 test edx,edx jng JUMP_003610 mov ecx,edx jmp short JUMP_003611 JUMP_003610: ; Pos = 37524 mov ecx,edx neg ecx JUMP_003611: ; Pos = 37528 mov edx,ecx mov cl,[ebp+0xb] shr ecx,0x2 and ecx,byte +0x3f and ecx,byte +0x7 add ecx,edx mov edx,ecx mov ecx,edx imul ecx,edx mov edx,ecx add edx,eax mov eax,edx cmp eax,0x4c90 jc JUMP_003612 mov eax,0xfffffff8 jmp short JUMP_003618 JUMP_003612: ; Pos = 37553 cmp eax,0x121 jc JUMP_003613 mov eax,0xfffffff9 jmp short JUMP_003618 JUMP_003613: ; Pos = 37561 cmp eax,byte +0x64 jc JUMP_003614 mov eax,0xfffffffa jmp short JUMP_003618 JUMP_003614: ; Pos = 3756d cmp eax,byte +0x31 jc JUMP_003615 mov eax,0xfffffffb jmp short JUMP_003618 JUMP_003615: ; Pos = 37579 cmp eax,byte +0x19 jc JUMP_003616 mov eax,0xfffffffc jmp short JUMP_003618 JUMP_003616: ; Pos = 37585 cmp eax,byte +0x9 jc JUMP_003617 mov eax,0xfffffffd jmp short JUMP_003618 JUMP_003617: ; Pos = 37591 mov eax,0xfffffffe JUMP_003618: ; Pos = 37596 pop ecx pop ebp ret FUNC_000869: ; Pos = 3759c push ebp mov ebp,esp push ebx push esi mov ebx,DATA_007106 mov eax,[ebp+0x8] push eax call FUNC_000868 pop ecx lea edx,[eax+eax*2] lea edx,[edx+edx*8] mov ecx,[ebx+edx*2+0x1de] mov esi,[ebp+0xc] mov [esi],ecx mov ecx,[ebx+edx*2+0x1e2] mov esi,[ebp+0x10] mov [esi],ecx xor ecx,ecx mov cl,[ebx+edx*2+0x1b5] mov esi,[ebp+0x14] mov [esi],ecx xor ecx,ecx mov cl,[ebx+edx*2+0x1b6] mov esi,[ebp+0x18] mov [esi],ecx xor ecx,ecx mov cl,[ebx+edx*2+0x1b7] mov esi,[ebp+0x1c] mov [esi],ecx xor ecx,ecx mov cl,[ebx+edx*2+0x1b8] mov esi,[ebp+0x20] mov [esi],ecx xor ecx,ecx mov cl,[ebx+edx*2+0x1b9] mov esi,[ebp+0x24] mov [esi],ecx movzx eax,word [ebx+edx*2+0x1ba] mov edx,[ebp+0x28] mov [edx],eax pop esi pop ebx pop ebp ret FUNC_000870: ; Pos = 37628 push ebp mov ebp,esp push ebx mov eax,[ebp+0x8] push eax call FUNC_000868 pop ecx mov edx,eax lea eax,[edx+edx*2] lea eax,[eax+eax*8] xor ecx,ecx mov cl,[eax*2+DATA_007111] mov ebx,[ebp+0x10] mov [ebx],ecx xor ecx,ecx mov cl,[eax*2+DATA_007113] mov ebx,[ebp+0x14] mov [ebx],ecx movzx eax,word [eax*2+DATA_007112] mov ecx,[ebp+0x18] mov [ecx],eax xor eax,eax mov ecx,DATA_008790 lea edx,[edx+edx*2] lea edx,[edx+edx*8] lea edx,[edx*2+DATA_007114] JUMP_003619: ; Pos = 3767b mov bl,[edx] mov [ecx],bl inc eax inc ecx inc edx cmp eax,byte +0x1f jl JUMP_003619 lea edx,[eax+DATA_008790] cmp eax,byte +0x25 jnl JUMP_003621 JUMP_003620: ; Pos = 37692 mov byte [edx],0x0 inc eax inc edx cmp eax,byte +0x25 jl JUMP_003620 JUMP_003621: ; Pos = 3769c mov byte [DATA_008791],0xd mov eax,[ebp+0xc] mov dword [eax],DATA_008790 pop ebx pop ebp ret FUNC_000871: ; Pos = 376b0 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] mov eax,[ebp+0x8] push eax call FUNC_000868 pop ecx lea edx,[eax+eax*2] lea edx,[edx+edx*8] xor ecx,ecx mov cl,[edx*2+DATA_007115] sar ecx,0x4 mov [esi],ecx mov cl,[edx*2+DATA_007115] and ecx,byte +0xf mov [ebx],ecx movzx eax,word [edx*2+DATA_007112] sar eax,0x6 mov edx,[ebp+0x18] mov [edx],eax mov eax,[esi] cmp eax,[ebx] jg JUMP_003622 mov eax,[esi] cmp eax,[ebx] jnz JUMP_003623 mov eax,[ebp+0x18] cmp dword [eax],byte +0x1 jnz JUMP_003623 JUMP_003622: ; Pos = 37709 mov eax,[ebp+0x1c] mov edx,[DATA_008912] mov [eax],edx mov eax,[ebp+0x20] mov edx,[DATA_008913] mov [eax],edx mov eax,[ebp+0x14] mov edx,[esi] mov [eax],edx jmp short JUMP_003624 JUMP_003623: ; Pos = 37728 mov eax,[ebp+0x20] mov edx,[DATA_008912] mov [eax],edx mov eax,[ebp+0x1c] mov edx,[DATA_008913] mov [eax],edx mov eax,[ebp+0x14] mov edx,[ebx] mov [eax],edx JUMP_003624: ; Pos = 37745 pop esi pop ebx pop ebp ret FUNC_000872: ; Pos = 3774c imul eax,[DATA_007126],0xc6b mov ecx,0x27 xor edx,edx div ecx and eax,0xffff mov [DATA_007126],eax mov eax,[DATA_007127] mov edx,eax lea eax,[edx+eax*2] shl eax,0x4 add eax,edx shl eax,0x6 add eax,edx mov ecx,0x27 xor edx,edx div ecx and eax,0xffff mov [DATA_007127],eax ret FUNC_000873: ; Pos = 37794 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x1c] mov eax,[ebp+0x10] mov ebx,[ebp+0x8] mov edx,[ebp+0xc] inc edx mov [ebx],edx test eax,eax jz JUMP_003625 mov edx,eax shl edx,0x10 shr eax,0x10 or edx,eax mov [ebx+0x4],edx jmp short JUMP_003626 JUMP_003625: ; Pos = 377bc mov eax,[DATA_007126] shl eax,0x10 mov edx,[DATA_007127] and edx,0xffff add eax,edx mov [ebx+0x4],eax call FUNC_000872 JUMP_003626: ; Pos = 377da mov [ebx+0x8],si mov ax,[ebp+0x34] mov [ebx+0xa],ax mov ax,[ebp+0x38] mov [ebx+0xc],ax mov eax,[ebp+0x20] mov [ebx+0xe],eax mov eax,[ebp+0x24] shl eax,0x10 mov ecx,0x168 xor edx,edx div ecx mov [ebx+0x12],ax xor eax,eax mov [ebx+0x14],eax xor eax,eax mov [ebx+0x18],eax mov ax,[ebp+0x14] mov [ebx+0x20],ax mov eax,[ebp+0x18] shl eax,0x10 mov ecx,0xe10 xor edx,edx div ecx mov [ebx+0x22],ax mov ax,[ebp+0x28] add ax,0x111 mov [ebx+0x24],ax lea eax,[ebx+0x26] mov edx,[ebp+0x3c] push esi mov esi,eax mov edi,edx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi mov word [ebx+0x3a],0x0 mov word [ebx+0x3c],0x0 mov al,[ebp+0x2c] mov [ebx+0x3e],al cmp esi,byte +0x2 jnc JUMP_003627 mov eax,esi jmp short JUMP_003628 JUMP_003627: ; Pos = 3787c mov al,0x2 JUMP_003628: ; Pos = 3787e mov [ebx+0x3f],al mov word [ebx+0x40],0x0 mov eax,[ebp+0x30] shl eax,0x10 mov ecx,0x168 xor edx,edx div ecx mov [ebx+0x42],ax mov word [ebx+0x42],0x0 pop edi pop esi pop ebx pop ebp ret FUNC_000874: ; Pos = 378a8 push ebp mov ebp,esp push ebx push esi push edi mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov dword [ebx],0xfff60000 test eax,eax jz JUMP_003629 mov [ebx+0x4],eax jmp short JUMP_003630 JUMP_003629: ; Pos = 378c3 mov eax,[DATA_007126] shl eax,0x10 mov edx,[DATA_007127] and edx,0xffff add eax,edx mov [ebx+0x4],eax call FUNC_000872 JUMP_003630: ; Pos = 378e1 mov ax,[ebp+0x18] mov [ebx+0x8],ax mov word [ebx+0xa],0x23 mov ax,[ebp+0x1c] mov [ebx+0xc],ax xor eax,eax mov [ebx+0xe],eax mov eax,[ebp+0x10] shl eax,0x10 mov ecx,0x8ca0 xor edx,edx div ecx neg ax sub ax,0x4000 mov [ebx+0x12],ax xor eax,eax mov [ebx+0x14],eax xor eax,eax mov [ebx+0x18],eax mov word [ebx+0x20],0x0 mov eax,[ebp+0x14] shl eax,0x10 mov ecx,0x8ca0 xor edx,edx div ecx mov [ebx+0x22],ax mov word [ebx+0x24],0x125 lea eax,[ebx+0x26] mov edx,[ebp+0x20] mov esi,eax mov edi,edx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb mov word [ebx+0x3a],0x0 mov word [ebx+0x3c],0x0 mov byte [ebx+0x3e],0x0 mov byte [ebx+0x3f],0x3 mov word [ebx+0x40],0x0 mov word [ebx+0x42],0x0 pop edi pop esi pop ebx pop ebp ret FUNC_000875: ; Pos = 3798c push ebp mov ebp,esp push ebx push esi mov ebx,DATA_008792 mov esi,DATA_007139 lea eax,[esi+0x18bd] ; Sol push eax push dword 0x8d push byte +0x16 push byte +0x0 push byte +0x2 push dword 0x16a8 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0xbebc200 push ebx call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x18c1] ; Mercury push eax push byte +0x78 push byte +0x3 push byte +0x0 push byte +0x0 push dword 0x15e push byte +0x1e push dword 0x1a5472 push byte +0x1 push byte +0x46 push dword 0xce push byte +0x0 push byte +0x21 lea eax,[ebx+0x44] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x18c9] ; Daedalus push eax push byte +0x48 push byte +0x20 push byte +0x0 push byte +0xc push byte +0xf push byte +0x32 push dword 0xdc push byte +0x2 push dword 0x384 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x88] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x18d2] ; Venus push eax push byte +0x7b push byte +0xc push byte +0x0 push byte +0x0 push dword 0x1e0 push dword 0xdc push dword 0x313423 push byte +0x1 push byte +0x22 push byte +0x1 push byte +0x0 push dword 0x1e7 lea eax,[ebx+0xcc] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x18d8] ; Earth push eax push dword 0x81 ; model byte - originally 0x81 push byte +0xa push byte +0x17 push byte +0x1 push byte +0x16 push byte +0x5a push dword 0x4407bb push byte +0x1 push byte +0x0 push byte +0x11 push dword 0x12340abc push dword 0x256 lea eax,[ebx+0x110] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x18de] ; London push eax push byte +0x54 push byte +0x5 push dword 0xb34 push dword 0xffffcc90 push byte +0x0 lea eax,[ebx+0x154] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x18e5] ; Paris push eax push byte +0x53 push byte +0x5 push dword 0x7c1 push dword 0xffffc7b1 push byte +0x0 lea eax,[ebx+0x198] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x18eb] ; Tokyo push eax push byte +0x5a push byte +0x5 push dword 0x956 push dword 0xffff84ef push byte +0x0 lea eax,[ebx+0x1dc] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x18f1] ; New York push eax push byte +0x54 push byte +0x5 push dword 0x285 push dword 0xffff5e59 push byte +0x0 lea eax,[ebx+0x220] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x18fa] ; New Moscow push eax push byte +0x54 push byte +0x5 push dword 0xfcc push dword 0xffffb738 push byte +0x0 lea eax,[ebx+0x264] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1905] ; New San Francisco push eax push byte +0x5a push byte +0x5 push dword 0xffffefec push dword 0xffff6124 push byte +0x0 lea eax,[ebx+0x2a8] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1917] ; Sydney push eax push byte +0x5a push byte +0x5 push dword 0xfffff636 push dword 0xffff94a5 push byte +0x0 lea eax,[ebx+0x2ec] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x191e] ; Abraham Lincoln push eax push byte +0x50 push byte +0x22 push byte +0x0 push byte +0xa push byte +0xf push byte +0x78 push dword 0x4e9 push byte +0x5 push dword 0xeb push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x330] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x192e] ; M.Gorbachev push eax push byte +0x50 push byte +0x22 push byte +0x0 push byte +0xa push byte +0xf push dword 0xf0 push dword 0x4e9 push byte +0x5 push dword 0xeb push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x374] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x193a] ; Li Quing Jao push eax push byte +0x50 push byte +0x22 push byte +0x0 push byte +0xa push byte +0xf push byte +0x0 push dword 0x4e9 push byte +0x5 push dword 0xeb push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x3b8] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1946] ; Moon push eax push byte +0x78 push byte +0x3 push byte +0x0 push byte +0x0 push byte -0x14 push dword 0x96 push dword 0x2cc0 push byte +0x5 push byte +0x33 push byte +0x36 push dword 0x1234 push byte +0x7 lea eax,[ebx+0x3fc] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x194b] ; Apollonius City push eax push byte +0x60 push byte +0x10 push dword 0x367 push dword 0xffffbd19 push byte +0x0 lea eax,[ebx+0x440] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x195b] ; Galileo push eax push byte +0x49 push byte +0x21 push byte +0x0 push byte +0xb push byte +0xf push byte +0x0 push dword 0xfa push byte +0x10 push dword 0x384 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x484] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1963] ; Mars push eax push byte +0x7d push byte +0x9 push byte +0x18 push byte +0x1 push byte +0xf push byte +0x50 push dword 0x67a30d push byte +0x1 push byte +0x13 push byte +0x5d push dword 0xbcde000a push byte +0x40 lea eax,[ebx+0x4c8] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1968] push eax push byte +0x54 push byte +0x13 push dword 0x956 push dword 0xffff84ef push dword 0xfbfeff0 lea eax,[ebx+0x50c] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1978] push eax push byte +0x53 push byte +0x13 push dword 0xb34 push dword 0xffffcc90 push dword 0xe1234567 lea eax,[ebx+0x550] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1982] push eax push byte +0x50 push byte +0x22 push byte +0x0 push byte +0xa push byte +0xf push byte +0x0 push dword 0xb4 push byte +0x13 push dword 0x384 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x594] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x198c] push eax push byte +0x70 push byte +0x1 push byte +0x0 push byte +0x5 push byte -0x42 push byte +0x0 push dword 0x117 push byte +0x13 push byte +0xb push byte +0x15 push dword 0xef123 push byte +0x0 lea eax,[ebx+0x5d8] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1993] push eax push byte +0x70 push byte +0x1 push byte +0x0 push byte +0x4 push byte -0x42 push byte +0x0 push dword 0x2bc push byte +0x13 push byte +0x12 push byte +0x3 push dword 0x56789 push byte +0x0 lea eax,[ebx+0x61c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x199a] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x0 push byte -0x78 push dword 0xc8 push dword 0xbabe2e push byte +0x1 push byte +0x6a push byte +0x4f push dword 0xef123 push byte +0x1 lea eax,[ebx+0x660] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19a0] push eax push dword 0x86 push byte +0xf push byte +0x3 push byte +0x2 push dword 0xffffff6a push dword 0x12c push dword 0x161ee0b push byte +0x1 push byte +0xd push byte +0x31 push dword 0x60001234 push dword 0x2e5cc lea eax,[ebx+0x6a4] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19a8] push eax push byte +0x70 push byte +0x1 push byte +0x0 push byte +0x2 push dword 0xffffff65 push dword 0xaa push dword 0x1512 push byte +0x1a push byte +0x24 push byte +0x3 push byte +0x0 push byte +0x0 lea eax,[ebx+0x6e8] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19b1] push eax push byte +0x7a push byte +0x5 push byte +0x0 push byte +0x0 push dword 0xffffff6f push byte +0x50 push dword 0x3121 push byte +0x1a push byte +0x1f push byte +0x4 push byte +0x0 push byte +0x9 lea eax,[ebx+0x72c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19b4] push eax push byte +0x49 push byte +0x21 push byte +0x0 push byte +0xb push byte +0xf push byte +0x5a push dword 0x8c push byte +0x1c push dword 0x384 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x770] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19bd] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x0 push dword 0xffffff61 push dword 0x10e push dword 0x4e20 push byte +0x1a push byte +0x24 push byte +0x9 push byte +0x0 push byte +0x5 lea eax,[ebx+0x7b4] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19c4] push eax push byte +0x78 push byte +0x3 push byte +0x0 push byte +0x0 push dword 0xffffff60 push byte +0x78 push dword 0x7c90 push byte +0x1a push byte +0x21 push byte +0x2 push dword 0x34567 push byte +0xf lea eax,[ebx+0x7f8] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19cd] push eax push byte +0x78 push byte +0x3 push byte +0x0 push byte +0x0 push dword 0xffffff60 push byte +0xa push dword 0xdadc push byte +0x1a push byte +0x24 push byte +0x7 push dword 0x12345 push byte +0xa lea eax,[ebx+0x83c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19d6] push eax push dword 0x86 push byte +0xe push byte +0x1d push byte +0x2 push dword 0xffffff4c push dword 0xdc push dword 0x288ecaa push byte +0x1 push byte +0x19 push byte +0x37 push dword 0xffa10123 push dword 0xde1c lea eax,[ebx+0x880] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19dd] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x2 push dword 0xffffff42 push dword 0xfa push dword 0x15a7 push byte +0x21 push byte +0x0 push byte +0x14 push byte +0x0 push byte +0x1 lea eax,[ebx+0x8c4] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19e3] push eax push byte +0x77 push byte +0x2 push byte +0x32 push byte +0x0 push dword 0xffffff42 push byte +0x28 push dword 0x1bb4 push byte +0x21 push byte +0x0 push byte +0x4 push byte +0x0 push byte +0x1 lea eax,[ebx+0x908] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19ed] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x0 push dword 0xffffff42 push byte +0x5a push dword 0x2258 push byte +0x21 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x1 lea eax,[ebx+0x94c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19f4] push eax push byte +0x77 push byte +0x2 push byte +0x1e push byte +0x0 push dword 0xffffff42 push dword 0x8c push dword 0x2be3 push byte +0x21 push byte +0x0 push byte +0x2 push byte +0x0 push byte +0x1 lea eax,[ebx+0x990] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19fa] push eax push byte +0x77 push byte +0x2 push byte +0x5a push byte +0x0 push dword 0xffffff42 push dword 0x154 push dword 0x3d59 push byte +0x21 push byte +0x0 push byte +0x1 push byte +0x0 push byte +0x1 lea eax,[ebx+0x9d4] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x19ff] push eax push byte +0x7c push byte +0x7 push byte +0x0 push byte +0x0 push dword 0xffffff58 push dword 0xc8 push dword 0x8e42 push byte +0x21 push byte +0x0 push byte +0x1d push byte +0x0 push byte +0xe lea eax,[ebx+0xa18] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a05] push eax push byte +0x49 push byte +0x21 push byte +0x0 push byte +0xb push byte +0xf push byte +0x46 push dword 0x1f4 push byte +0x27 push dword 0x384 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0xa5c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a10] push eax push byte +0x75 push byte +0x1 push byte +0x0 push byte +0x0 push dword 0xffffff41 push byte +0x50 push dword 0xac69 push byte +0x21 push dword 0x126 push byte +0x68 push byte +0x0 push byte +0x0 lea eax,[ebx+0xaa0] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a19] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x0 push dword 0xffffff41 push byte +0x78 push dword 0x19e8e push byte +0x21 push byte +0x6e push byte +0x1c push byte +0x0 push byte +0x1 lea eax,[ebx+0xae4] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a21] push eax push dword 0x87 push byte +0xd push byte +0x62 push byte +0x2 push dword 0xffffff2e push byte +0x46 push dword 0x518f168 push byte +0x1 push byte +0x8 push byte +0x2f push dword 0x7f801234 push dword 0x21d4 lea eax,[ebx+0xb28] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a28] push eax push byte +0x75 push byte +0x1 push byte +0x0 push byte +0x0 push dword 0xffffff29 push dword 0x122 push dword 0xf22 push byte +0x2b push dword 0x3d4 push byte +0x11 push byte +0x0 push byte +0x0 lea eax,[ebx+0xb6c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a30] push eax push byte +0x77 push byte +0x2 push byte +0x5a push byte +0x0 push dword 0xffffff29 push byte +0x28 push dword 0x165a push byte +0x2b push dword 0x3d4 push byte +0x3 push byte +0x0 push byte +0x1 lea eax,[ebx+0xbb0] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a36] push eax push byte +0x77 push byte +0x2 push byte +0x1e push byte +0x0 push dword 0xffffff29 push byte +0x64 push dword 0x1f15 push byte +0x2b push dword 0x3d4 push byte +0x4 push byte +0x0 push byte +0x1 lea eax,[ebx+0xbf4] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a3e] push eax push byte +0x77 push byte +0x2 push byte +0x46 push byte +0x0 push dword 0xffffff29 push dword 0x96 push dword 0x32fd push byte +0x2b push dword 0x3d4 push byte +0x2 push byte +0x0 push byte +0x1 lea eax,[ebx+0xc38] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a46] push eax push byte +0x77 push byte +0x2 push byte +0xa push byte +0x0 push dword 0xffffff29 push byte +0x14 push dword 0x4438 push byte +0x2b push dword 0x3d4 push byte +0x1 push byte +0x0 push byte +0x1 lea eax,[ebx+0xc7c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a4d] push eax push dword 0x87 push byte +0xd push byte +0x0 push byte +0x2 push dword 0xffffff24 push dword 0x96 push dword 0x7fcd123 push byte +0x1 push byte +0x12 push byte +0x9 push dword 0x7d40789a push dword 0x283c lea eax,[ebx+0xcc0] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a55] push eax push byte +0x79 push byte +0x4 push byte +0x0 push byte +0x0 push dword 0xffffff42 push dword 0x136 push dword 0x2953 push byte +0x31 push dword 0x63f push byte +0x0 push dword 0x23456 push byte +0x6 lea eax,[ebx+0xd04] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a5c] push eax push byte +0x75 push byte +0x1 push byte +0x0 push byte +0x0 push dword 0xffffff1e push byte +0x3c push dword 0x28780 push byte +0x31 push dword 0x110 push dword 0x2ed push byte +0x0 push byte +0x0 lea eax,[ebx+0xd48] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a63] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x0 push dword 0xffffff18 push dword 0xaa push dword 0xa7b0266 push byte +0x1 push dword 0xac push dword 0xfa push byte +0x0 push byte +0x1 lea eax,[ebx+0xd8c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a69] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x0 push dword 0xffffff18 push byte +0x14 push dword 0x236 push byte +0x34 push dword 0x28a push byte +0x0 push byte +0x0 push byte +0x1 lea eax,[ebx+0xdd0] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0xe14],eax xor eax,eax mov [ebx+0xe58],eax xor eax,eax mov [ebx+0xe9c],eax lea eax,[esi+0x1a70] push eax push byte +0x17 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x17b8ff80 lea eax,[ebx+0xee0] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a83] push eax push dword 0x8d push byte +0x16 push byte +0x0 push byte +0x0 push dword 0x170c push byte +0x0 push dword 0x319e941 push byte +0x1 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0xd1cef00 lea eax,[ebx+0xf24] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1a94] push eax push dword 0x8c push byte +0x15 push byte +0x0 push byte +0x0 push dword 0x1388 push dword 0xb4 push dword 0x319e941 push byte +0x1 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0xa9c1080 lea eax,[ebx+0xf68] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1aa5] push eax push dword 0x86 push byte +0xf push byte +0x50 push byte +0x1 push dword 0xffffff30 push byte +0x5a push dword 0x633d282 push byte +0x1 push byte +0x2 push byte +0x3 push byte -0x1 push dword 0x2bf20 lea eax,[ebx+0xfac] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1aae] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x0 push dword 0xffffff27 push byte +0x0 push dword 0x4e20 push byte +0x4 push dword 0x33a push byte +0x3 push byte +0x0 push byte +0x6 lea eax,[ebx+0xff0] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1ab6] push eax push dword 0x87 push byte +0xd push dword 0xaf push byte +0x0 push dword 0xffffff0b push byte +0x0 push dword 0x35a4e900 push byte +0x1 push byte +0x7d push byte +0x57 push byte +0x0 push dword 0x2710 lea eax,[ebx+0x1034] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1abf] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x0 push dword 0xffffff03 push byte +0x0 push dword 0x1e2a push byte +0x6 push dword 0x2da push dword 0xb2 push byte +0x0 push byte +0x1 lea eax,[ebx+0x1078] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1ac9] push eax push dword 0x8a push byte +0x12 push byte +0x4b push byte +0x2 push dword 0xce4 push byte +0x0 push byte -0x1 push byte +0x1 push dword 0x320 push dword 0x1c2 push byte +0x0 push dword 0x1312d00 lea eax,[ebx+0x10bc] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1ada] push eax push dword 0x80 push byte +0x8 push byte +0x3c push byte +0x2 push byte +0x3 push byte +0x0 push dword 0x61a80 push byte +0x8 push dword 0x304 push byte +0xa push byte +0x0 push dword 0x1c8 lea eax,[ebx+0x1100] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1adf] push eax push byte +0x48 push byte +0x20 push byte +0x0 push byte +0xc push byte +0xf push byte +0x0 push dword 0x12c push byte +0x9 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x1144] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1aec] push eax push byte +0x77 push byte +0x2 push dword 0xaa push byte +0x1 push byte -0x51 push byte +0x0 push dword 0xf4240 push byte +0x8 push dword 0x2f6 push dword 0x15e push byte +0x0 push byte +0x6 lea eax,[ebx+0x1188] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x11cc],eax lea eax,[esi+0x1af5] push eax push byte +0x17 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x27384880 lea eax,[ebx+0x1210] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b06] push eax push dword 0x8f push byte +0x18 push byte +0x0 push byte +0x2 push dword 0x2328 push byte +0x0 push dword 0x2b01fd6 push byte +0x1 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x1b898f80 lea eax,[ebx+0x1254] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b0d] push eax push dword 0x94 push byte +0x19 push byte +0x0 push byte +0xd push dword 0x2af8 push dword 0xb4 push dword 0x2b01fd6 push byte +0x1 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0xbaeb900 lea eax,[ebx+0x1298] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b16] push eax push byte +0x7a push byte +0x5 push byte +0x78 push byte +0x5 push dword 0x9a push byte +0x0 push dword 0x366c9 push byte +0x3 push dword 0x186 push byte +0xe push byte +0x0 push byte +0x23 lea eax,[ebx+0x12dc] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b1e] push eax push byte +0x60 push byte +0x4 push dword 0x6f8 push dword 0xffffad36 push byte +0x0 lea eax,[ebx+0x1320] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1b2e] push eax push dword 0x86 push byte +0xf push byte +0x5f push byte +0x0 push dword 0xffffff06 push byte +0x0 push dword 0x5d0291aa push byte +0x1 push dword 0x147 push dword 0x11b push byte +0x0 push dword 0x33450 lea eax,[ebx+0x1364] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x13a8],eax lea eax,[esi+0x1b37] push eax push byte +0x17 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0xa408300 lea eax,[ebx+0x13ec] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b44] push eax push dword 0x8a push byte +0x14 push byte +0x0 push byte +0x1 push dword 0xd48 push byte +0x0 push dword 0x1fe39c6 push byte +0x1 push dword 0x3b6 push byte +0x0 push byte +0x0 push dword 0x56f9a00 lea eax,[ebx+0x1430] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b4f] push eax push dword 0x8a push byte +0x14 push byte +0x0 push byte +0x1 push dword 0xd16 push dword 0xb4 push dword 0x1fe39c6 push byte +0x1 push dword 0x3b6 push byte +0x0 push byte +0x0 push dword 0x4d0e900 lea eax,[ebx+0x1474] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b5a] push eax push dword 0x94 push byte +0x19 push byte +0x0 push byte +0xc push dword 0x29cc push byte +0x64 push dword 0x2e1b2af0 push byte +0x1 push byte +0x0 push byte +0x0 push dword 0x7234567f push dword 0x8f872a0 lea eax,[ebx+0x14b8] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b6b] push eax push dword 0x89 push byte +0x11 push byte +0xa push byte +0x3 push dword 0x4b0 push byte +0x0 push dword 0x1000ae0 push byte +0x4 push dword 0x4b0 push byte +0x5a push dword 0xfedcba98 push dword 0xef420 lea eax,[ebx+0x14fc] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b74] push eax push byte +0x7e push byte +0xa push dword 0x8c push byte +0x3 push byte +0x18 push byte +0x0 push dword 0x143e9 push byte +0x5 push dword 0x186 push byte +0xe push dword 0x54321 push dword 0x26c lea eax,[ebx+0x1540] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b7d] push eax push byte +0x53 push byte +0x6 push dword 0x6f8 push dword 0xffffad36 push byte +0x0 lea eax,[ebx+0x1584] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1b8c] push eax push byte +0x49 push byte +0x21 push byte +0x0 push byte +0xb push byte +0xf push byte +0x0 push dword 0x1f4 push byte +0x6 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x15c8] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1b9b] push eax push byte +0x17 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x104 push byte -0x1 push byte +0x1 push dword 0x454 push byte +0x0 push byte +0x0 push dword 0x27384880 lea eax,[ebx+0x160c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1ba8] push eax push dword 0x8a push byte +0x14 push byte +0x0 push byte +0x1 push dword 0xc80 push byte +0x0 push dword 0x2c3835 push byte +0x9 push dword 0xfffffb7f push byte +0x0 push byte +0x0 push dword 0x2793d60 lea eax,[ebx+0x1650] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1bb3] push eax push dword 0x8a push byte +0x14 push byte +0x0 push byte +0x1 push dword 0xc4e push dword 0xb4 push dword 0x2c3835 push byte +0x9 push dword 0xfffffb7f push byte +0x0 push byte +0x0 push dword 0x2719c40 lea eax,[ebx+0x1694] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x16d8],eax lea eax,[esi+0x1bbe] push eax push byte +0x17 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0xcfe6a80 lea eax,[ebx+0x171c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1bcb] push eax push dword 0x8c push byte +0x15 push byte +0x0 push byte +0x1 push dword 0x1388 push byte +0x0 push dword 0xa4a7414 push byte +0x1 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x7088980 lea eax,[ebx+0x1760] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1bd6] push eax push dword 0x8c push byte +0x15 push byte +0x0 push byte +0x1 push dword 0x1324 push dword 0xb4 push dword 0xa4a7414 push byte +0x1 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x5f5e100 lea eax,[ebx+0x17a4] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1be1] push eax push byte +0x7f push byte +0xb push byte +0x0 push byte +0x2 push byte -0x5 push byte +0x0 push dword 0x227673 push byte +0x3 push dword 0xe4 push byte +0x53 push byte +0x0 push dword 0x276 lea eax,[ebx+0x17e8] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1be7] push eax push byte +0x55 push byte +0x4 push dword 0x6f8 push dword 0xffffad36 push byte +0x0 lea eax,[ebx+0x182c] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1bf0] push eax push byte +0x17 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0xffffff06 push byte +0x0 push dword 0x75357c1a push byte +0x1 push dword 0x27a push dword 0x11b push byte +0x0 push dword 0x68fb0 lea eax,[ebx+0x1870] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1c01] push eax push dword 0x86 push byte +0xf push byte +0x0 push byte +0x1 push dword 0xfffffefc push byte +0x0 push dword 0x340b08 push byte +0x6 push dword 0x645 push byte +0x0 push byte +0x0 push dword 0x38270 lea eax,[ebx+0x18b4] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1c10] push eax push dword 0x86 push byte +0xf push byte +0x0 push byte +0x1 push dword 0xfffffefc push dword 0xb4 push dword 0x340b08 push byte +0x6 push dword 0x645 push byte +0x0 push byte +0x0 push dword 0x30d40 lea eax,[ebx+0x18f8] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1c1f] push eax push byte +0x7a push byte +0x5 push byte +0x0 push byte +0x2 push dword 0xffffff2b push byte +0x0 push dword 0x2ee0 push byte +0x8 push dword 0x64c push byte +0x54 push byte +0x0 push byte +0x23 lea eax,[ebx+0x193c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1c2f] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x1 push dword 0xfffffef2 push byte +0x0 push dword 0x1d46348 push byte +0x6 push dword 0x6c0 push byte +0x5c push byte +0x0 push byte +0x3 lea eax,[ebx+0x1980] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x19c4],eax lea eax,[esi+0x1c41] push eax push dword 0x8d push byte +0x16 push byte +0x0 push byte +0x2 push dword 0x170c push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0xc02a560 lea eax,[ebx+0x1a08] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1c50] push eax push byte +0x78 push byte +0x3 push byte +0x0 push byte +0x0 push dword 0x1cc push byte +0x0 push dword 0xfcd22 push byte +0x1 push dword 0x33e push dword 0x102 push byte +0x0 push byte +0x26 lea eax,[ebx+0x1a4c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1c55] push eax push dword 0x88 push byte +0x10 push byte +0x28 push byte +0x1 push byte +0xe push byte +0x0 push dword 0x503cbb push byte +0x1 push byte +0xa push byte +0x0 push dword 0xcf019875 push dword 0x7b0c0 lea eax,[ebx+0x1a90] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1c5d] push eax push byte +0x7d push byte +0x9 push byte +0x18 push byte +0x1 push byte +0xf push byte +0x0 push dword 0xcaed push byte +0x3 push byte +0x12 push byte +0x68 push dword 0x12abcfe push byte +0x40 lea eax,[ebx+0x1ad4] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1c6a] push eax push byte +0x50 push byte +0x22 push byte +0x0 push byte +0xa push byte +0xf push byte +0x0 push dword 0xb4 push byte +0x4 push byte +0x72 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x1b18] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1c7c] push eax push byte +0x7e push byte +0xa push byte +0x14 push byte +0x1 push byte +0x18 push dword 0x12c push dword 0x503cbb push byte +0x1 push byte +0xa push byte +0x0 push dword 0x7834536 push dword 0x262 lea eax,[ebx+0x1b5c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1c83] push eax push byte +0x54 push byte +0x6 push dword 0xb34 push dword 0xffffcc90 push byte +0x0 lea eax,[ebx+0x1ba0] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1c8d] push eax push byte +0x53 push byte +0x6 push dword 0x6f8 push dword 0xffffad36 push byte +0x0 lea eax,[ebx+0x1be4] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1c98] push eax push byte +0x53 push byte +0x6 push dword 0xfac push dword 0xffff9f83 push byte +0x0 lea eax,[ebx+0x1c28] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1ca7] push eax push byte +0x52 push byte +0x6 push dword 0x285 push dword 0xffff5e59 push byte +0x0 lea eax,[ebx+0x1c6c] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1cb2] push eax push byte +0x51 push byte +0x6 push dword 0xfcc push dword 0xffffb739 push byte +0x0 lea eax,[ebx+0x1cb0] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1cc1] push eax push byte +0x50 push byte +0x22 push byte +0x0 push byte +0xa push byte +0xf push byte +0x78 push dword 0x274 push byte +0x6 push dword 0x44c push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x1cf4] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1ccd] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x0 push byte -0x14 push byte +0x0 push dword 0xd80 push byte +0x6 push byte +0x33 push byte +0x36 push dword 0x124534 push byte +0x5 lea eax,[ebx+0x1d38] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1cd6] push eax push byte +0x7e push byte +0xa push dword 0xa0 push byte +0x1 push byte +0xa push byte +0x3c push dword 0x503cbb push byte +0x1 push byte +0xa push byte +0x0 push dword 0x1cfd75f push dword 0x1f9 lea eax,[ebx+0x1d7c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1cde] push eax push byte +0x54 push byte +0xe push dword 0x7c1 push dword 0xffffc7b1 push byte +0x0 lea eax,[ebx+0x1dc0] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1cee] push eax push byte +0x53 push byte +0xe push dword 0xfac push dword 0xffff9f83 push byte +0x0 lea eax,[ebx+0x1e04] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1cff] push eax push byte +0x49 push byte +0x21 push byte +0x0 push byte +0xb push byte +0xf push byte +0x78 push dword 0x274 push byte +0xe push dword 0x9c4 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x1e48] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1d0f] push eax push dword 0x8a push byte +0x14 push byte +0x4b push byte +0x2 push dword 0xc80 push dword 0xc8 push dword 0x104fab10 push byte +0x1 push byte +0x32 push byte +0x2d push byte +0x0 push dword 0x121eac0 lea eax,[ebx+0x1e8c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1d20] push eax push byte +0x78 push byte +0x3 push dword 0xaa push byte +0x1 push byte -0x51 push byte +0x0 push dword 0xf4240 push byte +0x12 push dword 0x2f6 push dword 0x15e push byte +0x0 push byte +0x9 lea eax,[ebx+0x1ed0] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1d2d] push eax push dword 0x87 push byte +0xd push dword 0x9e push byte +0x2 push dword 0xffffff07 push byte +0x0 push dword 0x389a6e97 push byte +0x1 push byte +0xa push byte +0x37 push dword 0x7f801234 push dword 0x2328 lea eax,[ebx+0x1f14] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x1f58],eax lea eax,[esi+0x1d3e] push eax push dword 0x8a push byte +0x12 push byte +0x4b push byte +0x0 push dword 0xc80 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x320 push dword 0x1c2 push byte +0x0 push dword 0x1298be0 lea eax,[ebx+0x1f9c] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1d47] push eax push byte +0x77 push byte +0x2 push byte +0x0 push byte +0x0 push byte -0x33 push byte +0x0 push dword 0x6cd92 push byte +0x1 push byte +0x24 push byte +0x9 push byte +0x0 push byte +0x28 lea eax,[ebx+0x1fe0] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1d51] push eax push dword 0x87 push byte +0xd push byte +0x0 push byte +0x3 push byte -0x14 push dword 0x9b push dword 0x16ad3e push byte +0x1 push byte +0x1c push byte +0x9 push dword 0x8d4078ff push dword 0x10040 lea eax,[ebx+0x2024] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1d57] push eax push byte +0x7f push byte +0xa push byte +0x3c push byte +0x1 push byte -0x4 push dword 0x91 push dword 0x1a47 push byte +0x3 push dword 0x12c push byte +0x1a push byte +0x0 push byte +0x19 lea eax,[ebx+0x2068] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1d5e] push eax push byte +0x55 push byte +0x4 push dword 0x82d6 push dword 0x2145 push byte +0x0 lea eax,[ebx+0x20ac] push eax call FUNC_000874 add esp,byte +0x1c lea eax,[esi+0x1d6e] push eax push byte +0x78 push byte +0x3 push byte +0x3c push byte +0x1 push byte -0x28 push byte +0x0 push dword 0x1f97 push byte +0x3 push dword 0xbe push byte +0x1a push byte +0x0 push byte +0x7 lea eax,[ebx+0x20f0] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1d75] push eax push byte +0x78 push byte +0x3 push byte +0xa push byte +0x1 push dword 0xffffff47 push byte +0x0 push dword 0xc753c8 push byte +0x1 push byte +0x35 push dword 0x92 push byte +0x0 push byte +0x1d lea eax,[ebx+0x2134] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x2178],eax lea eax,[esi+0x1d80] push eax push dword 0x8c push byte +0x15 push byte +0x0 push byte +0x0 push dword 0x1388 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x7088980 lea eax,[ebx+0x21bc] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1d85] push eax push byte +0x7e push byte +0xa push byte +0x0 push byte +0x1 push byte +0xe push byte +0x0 push dword 0x2275fb push byte +0x1 push byte +0x0 push byte +0x26 push dword 0x12c1835 push dword 0x256 lea eax,[ebx+0x2200] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1d91] push eax push byte +0x48 push byte +0x20 push byte +0x0 push byte +0xc push byte +0xf push byte +0x78 push dword 0x274 push byte +0x2 push dword 0x9c4 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x2244] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x2288],eax lea eax,[esi+0x1d9e] push eax push dword 0x8d push byte +0x16 push byte +0x0 push byte +0x0 push dword 0x1388 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0xbebc200 lea eax,[ebx+0x22cc] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1da3] push eax push byte +0x7f push byte +0xa push byte +0x1e push byte +0x1 push byte -0x18 push byte +0x0 push dword 0x489b9b push byte +0x1 push byte +0x0 push byte +0x26 push dword 0x12c1835 push dword 0x256 lea eax,[ebx+0x2310] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1dae] push eax push byte +0x48 push byte +0x20 push byte +0x0 push byte +0xc push byte +0xf push byte +0x78 push dword 0x274 push byte +0x2 push dword 0x9c4 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x2354] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x2398],eax lea eax,[esi+0x1dba] push eax push dword 0x8a push byte +0x14 push byte +0x0 push byte +0x0 push dword 0x1388 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x1312d00 lea eax,[ebx+0x23dc] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1dc1] push eax push byte +0x78 push byte +0x3 push byte +0x1e push byte +0x1 push byte +0x10 push byte +0x0 push dword 0x17c79b push byte +0x1 push byte +0x0 push byte +0x26 push dword 0x12c1835 push dword 0x256 lea eax,[ebx+0x2420] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1dca] push eax push byte +0x48 push byte +0x20 push byte +0x0 push byte +0xc push byte +0xf push byte +0x78 push dword 0x274 push byte +0x2 push dword 0x9c4 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x2464] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x24a8],eax lea eax,[esi+0x1dd7] push eax push dword 0x8e push byte +0x17 push byte +0x0 push byte +0x0 push dword 0x1388 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0x1312d00 lea eax,[ebx+0x24ec] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1dde] push eax push byte +0x78 push byte +0x3 push byte +0x1e push byte +0x1 push byte +0x10 push byte +0x0 push dword 0x17c79b push byte +0x1 push byte +0x0 push byte +0x26 push dword 0x12c1835 push dword 0x256 lea eax,[ebx+0x2530] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1de7] push eax push byte +0x48 push byte +0x20 push byte +0x0 push byte +0xc push byte +0xf push byte +0x78 push dword 0x274 push byte +0x2 push dword 0x9c4 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x2574] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x25b8],eax lea eax,[esi+0x1df4] push eax push dword 0x8d push byte +0x16 push byte +0x0 push byte +0x0 push dword 0x1388 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push byte +0x0 push dword 0xbebc200 lea eax,[ebx+0x25fc] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1dfd] push eax push byte +0x7e push byte +0xa push byte +0x1e push byte +0x1 push byte +0x1d push byte +0x0 push dword 0x2275fb push byte +0x1 push byte +0x0 push byte +0x26 push dword 0x12c1835 push dword 0x256 lea eax,[ebx+0x2640] push eax call FUNC_000873 add esp,byte +0x38 lea eax,[esi+0x1e06] push eax push byte +0x49 push byte +0x21 push byte +0x0 push byte +0xb push byte +0xf push byte +0x78 push dword 0x274 push byte +0x2 push dword 0x9c4 push byte +0x0 push byte +0x0 push byte +0x0 lea eax,[ebx+0x2684] push eax call FUNC_000873 add esp,byte +0x38 xor eax,eax mov [ebx+0x26c8],eax pop esi pop ebx pop ebp ret FUNC_000876: ; Pos = 395ac push ebp mov ebp,esp cmp dword [DATA_007135],byte +0x0 jz JUMP_003631 call FUNC_000875 xor eax,eax mov [DATA_007135],eax JUMP_003631: ; Pos = 395c4 pop ebp ret FUNC_000877: ; Pos = 395c8 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov edi,[ebp+0x14] mov ebx,[ebp+0xc] mov esi,[ebp+0x8] cmp edi,byte -0x11 jnc JUMP_003632 cmp edi,0xa21fe80 jc JUMP_003633 cmp edi,0xa6e49c0 jnc JUMP_003633 JUMP_003632: ; Pos = 395ef lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax mov eax,[ebp+0x28] push eax mov eax,[ebp+0x24] push eax mov ax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] push eax push edi push ebx push esi call FUNC_000881 add esp,byte +0x2c lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax mov eax,[ebp+0x28] push eax mov eax,[ebp+0x24] push eax mov ax,[ebp+0x20] push eax mov eax,[ebp+0x18] push eax mov eax,[ebx] push eax shr edi,0x2 push edi push ebx push esi call FUNC_000881 add esp,byte +0x2c jmp JUMP_003638 JUMP_003633: ; Pos = 3964e call FUNC_000894 mov ax,[DATA_008843] or ax,0x8000 and ax,byte -0x1 movsx eax,ax sar eax,0x2 movzx eax,ax mov edx,edi shr edx,0x10 imul edx mov [ebp-0x14],eax cmp dword [ebp-0x14],0x1036640 jna JUMP_003634 mov eax,[ebp-0x14] jmp short JUMP_003635 JUMP_003634: ; Pos = 39682 mov eax,0x1036640 JUMP_003635: ; Pos = 39687 mov [ebp-0x14],eax mov eax,[ebp-0x14] add eax,edi push eax mov ax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] push eax mov eax,[ebx] push eax push esi call FUNC_000882 add esp,byte +0x18 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xa],0x0 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x17 mov eax,[ebx] mov [ebp-0x10],eax mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,esi add eax,byte +0x26 mov edx,[ebp+0x24] push esi push edi mov esi,eax mov edi,edx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop edi pop esi mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,esi add eax,byte +0x26 push eax call _strlen pop ecx mov [ebp-0x18],eax cmp eax,byte +0xb jng JUMP_003636 mov dword [ebp-0x18],0xb mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,esi add eax,[ebp-0x18] add eax,byte +0x26 mov byte [eax],0x2e inc eax jmp short JUMP_003637 JUMP_003636: ; Pos = 39748 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,esi add eax,[ebp-0x18] add eax,byte +0x26 mov byte [eax],0x20 inc eax JUMP_003637: ; Pos = 39760 mov dl,[DATA_008848] add dl,0x41 mov [eax],dl inc eax mov byte [eax],0x2c inc eax mov dl,[DATA_008848] add dl,0x42 mov [eax],dl inc eax mov byte [eax],0x0 inc dword [ebx] lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax mov eax,[ebp+0x28] push eax mov eax,[ebp+0x24] push eax mov ax,[ebp+0x20] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp-0x10] inc eax push eax push edi push ebx push esi call FUNC_000881 add esp,byte +0x2c mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4-0x32],0x0 lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax mov eax,[ebp+0x28] push eax mov eax,[ebp+0x24] push eax mov ax,[ebp+0x20] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp-0x10] inc eax push eax mov eax,[ebp-0x14] push eax push ebx push esi call FUNC_000881 add esp,byte +0x2c mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4-0x32],0x7fff ; FIX: for binary light bug imul ebx, [ebx], 68 mov ecx, [esi+ebx+0x1c-0x44] add ecx, [esi+ebx+0x1c-0x88] mov [esi+ebx+0x1c-0xcc], ecx JUMP_003638: ; Pos = 397fe mov ax,[ebp+0x20] shl eax,0x3 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000878: ; Pos = 3980c push ebp mov ebp,esp add esp,byte -0x5c push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] lea edi,[ebp-0x8] xor eax,eax mov [ebp-0x10],eax xor eax,eax mov [ebp-0x14],eax xor eax,eax mov [ebp-0x18],eax lea eax,[ebp-0x5c] mov [ebp-0xc],eax lea eax,[ebx+0x14] mov [DATA_008845],eax mov eax,[ebx+0x4] mov [DATA_008852],eax mov eax,[ebx+0xc] mov [DATA_008853],eax mov eax,[ebx+0x10] mov [DATA_008854],eax mov byte [DATA_008849],0x0 mov byte [DATA_008855],0x0 mov byte [DATA_008856],0x0 xor eax,eax mov [DATA_008846],eax mov byte [DATA_008847],0x0 mov byte [DATA_008848],0x0 xor eax,eax mov [edi],eax lea eax,[ebp-0x2c] push eax lea eax,[ebp-0x28] push eax push dword DATA_007128 lea eax,[ebp-0x24] push eax lea eax,[ebp-0x20] push eax lea eax,[ebp-0x1c] push eax mov eax,[DATA_008853] push eax call FUNC_000871 add esp,byte +0x1c mov eax,[ebx] test eax,eax jz near JUMP_003645 mov edx,[ebx+0x4] mov [ebp-0x30],edx mov [DATA_008843],eax mov [DATA_008844],edx mov al,[ebx+0x8] mov [DATA_008850],al mov [DATA_008851],al mov eax,[ebx+0x8] sub eax,byte +0x1 jc JUMP_003639 jz near JUMP_003640 jmp JUMP_003643 JUMP_003639: ; Pos = 398e3 lea eax,[ebp-0x18] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax lea eax,[ebx+0x14] push eax push byte +0x0 push byte +0x0 push byte +0x0 mov eax,[ebp-0x30] push eax push edi push esi call FUNC_000881 add esp,byte +0x2c mov [ebp-0x2],ax test ax,ax jz near JUMP_003657 mov eax,[ebp-0x30] mov [ebp-0x34],eax call FUNC_000894 push byte +0x0 push byte +0x0 mov edx,[ebp-0x10] push edx mov edx,[ebp-0xc] push edx add ebx,byte +0x14 push ebx mov edx,[ebp-0x30] shr edx,0x8 push edx mov edx,[ebp-0x34] push edx mov dx,[ebp-0x2] push edx push eax push byte +0x1 push edi push esi call FUNC_000897 add esp,byte +0x30 mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx xor edx,edx mov [esi+eax*4],edx jmp JUMP_003657 JUMP_003640: ; Pos = 39963 dec byte [DATA_008851] call FUNC_000894 movzx eax,word [DATA_008844] sar eax,0x3 test byte [ebp-0x2d],0xe0 jz JUMP_003641 or edx,byte -0x1 jmp short JUMP_003642 JUMP_003641: ; Pos = 39983 mov edx,[ebp-0x30] shl edx,0x3 JUMP_003642: ; Pos = 39989 mov [ebp-0x38],edx mov edx,[ebp-0xc] push edx lea edx,[ebx+0x14] push edx push eax push byte +0x0 mov eax,[ebp-0x38] push eax mov eax,[ebp-0x30] push eax push byte +0x0 push edi push esi call FUNC_000877 add esp,byte +0x24 mov [ebp-0x2],ax push byte +0x0 push byte +0x0 mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax add ebx,byte +0x14 push ebx mov eax,[ebp-0x30] shr eax,0x6 push eax mov eax,[ebp-0x38] push eax mov ax,[ebp-0x2] push eax call FUNC_000894 push eax push byte +0x1 push edi push esi call FUNC_000897 add esp,byte +0x30 mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx xor edx,edx mov [esi+eax*4],edx jmp JUMP_003657 JUMP_003643: ; Pos = 399f4 call FUNC_000894 movzx eax,word [DATA_008844] sar eax,0x8 mov [ebp-0x3a],ax mov eax,[ebp-0xc] push eax lea eax,[ebx+0x14] push eax mov ax,[ebp-0x3a] push eax push byte +0x0 push byte -0x1 mov eax,[ebp-0x30] push eax push byte +0x0 push edi push esi call FUNC_000877 add esp,byte +0x24 mov ax,[ebp-0x3a] shl eax,0x4 mov [ebp-0x2],ax dec byte [DATA_008851] add dword [ebp-0x30],0x81b3200 cmp byte [DATA_008851],0x2 jna JUMP_003644 mov dword [ebp-0x30],0xffffffff JUMP_003644: ; Pos = 39a50 call FUNC_000894 or ax,0x8000 movsx eax,ax sar eax,0x2 push byte +0x0 push byte +0x0 mov edx,[ebp-0x10] push edx mov edx,[ebp-0xc] push edx add ebx,byte +0x14 push ebx mov edx,[ebp-0x30] push edx push byte -0x1 mov dx,[ebp-0x2] push edx push eax push byte +0x1 push edi push esi call FUNC_000897 add esp,byte +0x30 mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx xor edx,edx mov [esi+eax*4],edx jmp JUMP_003657 JUMP_003645: ; Pos = 39a9a mov edx,0x8f mov ebx,DATA_007133 jmp short JUMP_003648 JUMP_003646: ; Pos = 39aa6 cmp eax,[DATA_008853] jnz JUMP_003647 mov edx,[ebx+0x4] jmp short JUMP_003649 JUMP_003647: ; Pos = 39ab3 add ebx,byte +0x8 JUMP_003648: ; Pos = 39ab6 mov eax,[ebx] test eax,eax jnz JUMP_003646 JUMP_003649: ; Pos = 39abc mov [ebp-0x40],edx mov eax,[ebp-0x40] mov edx,eax shl eax,0x4 add eax,edx lea ebx,[eax*4+DATA_008792] jmp JUMP_003656 JUMP_003650: ; Pos = 39ad5 cmp word [ebx+0xa],byte +0x23 jz near JUMP_003654 mov eax,[ebx] dec eax push eax call near [DATA_007736] ; FUNC_001489 pop ecx mov edx,[edi] mov ecx,edx shl edx,0x4 add edx,ecx mov [esi+edx*4],eax mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx add word [esi+eax*4+0x2],byte +0x3f mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov edx,[ebx+0x4] mov [esi+eax*4+0x4],edx mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebx+0x8] mov [esi+eax*4+0x8],dx mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebx+0xa] mov [esi+eax*4+0xa],dx mov eax,[ebx+0xe] push eax call near [DATA_007736] ; FUNC_001489 pop ecx mov edx,[edi] mov ecx,edx shl edx,0x4 add edx,ecx mov [esi+edx*4+0xe],eax mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx add word [esi+eax*4+0x10],byte +0x19 mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebx+0x12] mov [esi+eax*4+0x12],dx mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebx+0x20] mov [esi+eax*4+0x20],dx mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebx+0x22] mov [esi+eax*4+0x22],dx mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebx+0x24] mov [esi+eax*4+0x24],dx mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebx+0x3a] mov [esi+eax*4+0x3a],dx mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebx+0x3c] mov [esi+eax*4+0x3c],dx mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dl,[ebx+0x3e] mov [esi+eax*4+0x3e],dl mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebx+0x42] mov [esi+eax*4+0x42],dx mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebx+0xc] mov [esi+eax*4+0xc],dx inc byte [DATA_008847] mov ax,[ebx+0xa] cmp ax,byte +0x20 jc JUMP_003651 cmp ax,byte +0x22 ja JUMP_003651 inc byte [DATA_008855] inc byte [DATA_008856] JUMP_003651: ; Pos = 39c23 mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x8],byte +0x0 jz near JUMP_003652 mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx mov eax,[esi+eax*4+0xe] mov [ebp-0x44],eax mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx movzx eax,word [esi+eax*4+0x8] mov edx,eax shl eax,0x4 add eax,edx mov eax,[esi+eax*4-0x44] mov [ebp-0x48],eax mov eax,[ebp-0x48] push eax mov eax,[ebp-0x44] push eax mov eax,[ebp-0x44] push eax mov eax,[ebp-0x44] push eax call FUNC_001482 add esp,byte +0x8 push eax call FUNC_001482 add esp,byte +0x8 push eax call near [DATA_007731] ; FUNC_001483 add esp,byte +0x8 push eax call near [DATA_007730] ; FUNC_001463 pop ecx mov edx,[edi] mov ecx,edx shl edx,0x4 add edx,ecx mov [esi+edx*4+0x14],eax mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx movsx edx,word [esi+eax*4+0x14] imul edx,edx,0x5edb sar edx,0xf mov [esi+eax*4+0x14],dx jmp short JUMP_003653 JUMP_003652: ; Pos = 39cc2 mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx xor edx,edx mov [esi+eax*4+0x14],edx JUMP_003653: ; Pos = 39cd1 mov eax,[ebp-0x40] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,DATA_008793 mov edx,[edi] mov ecx,edx shl edx,0x4 add edx,ecx shl edx,0x2 add edx,esi add edx,byte +0x26 push esi push edi mov edi,eax mov esi,edx xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop edi pop esi jmp short JUMP_003655 JUMP_003654: ; Pos = 39d1c push byte +0x44 mov eax,[ebp-0x40] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,DATA_008792 push eax mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,esi push eax call _memcpy add esp,byte +0xc inc byte [DATA_008855] JUMP_003655: ; Pos = 39d4f inc dword [edi] inc dword [ebp-0x40] add ebx,byte +0x44 JUMP_003656: ; Pos = 39d57 cmp dword [ebx],byte +0x0 jnz near JUMP_003650 mov eax,[edi] mov edx,eax shl eax,0x4 add eax,edx xor edx,edx mov [esi+eax*4],edx JUMP_003657: ; Pos = 39d6e pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000879: ; Pos = 39d78 push ebp mov ebp,esp add esp,byte -0x38 push ebx push esi push edi mov edi,[ebp+0x8] mov eax,[ebp+0x14] push eax xor eax,eax mov al,[edi+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x4],eax mov eax,[ebp-0x4] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov ebx,eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push edi call FUNC_001674_MatBuildOdd add esp,byte +0xc mov eax,[edi+0xc] mov [ebp-0x20],eax sar eax,0x1f mov [ebp-0x1c],eax mov eax,[edi+0x10] mov [ebp-0x18],eax sar eax,0x1f mov [ebp-0x14],eax mov eax,[edi+0x14] mov [ebp-0x10],eax sar eax,0x1f mov [ebp-0xc],eax mov esi,[ebx+0x2c] dec esi push esi push dword [ebp-0x1c] push dword [ebp-0x20] lea eax,[ebp-0x38] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 push esi push dword [ebp-0x14] push dword [ebp-0x18] lea eax,[ebp-0x30] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 push esi push dword [ebp-0xc] push dword [ebp-0x10] lea eax,[ebp-0x28] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 mov eax,[ebx+0x14] add eax,[ebx+0x18] add eax,byte -0x8 mov ebx,eax lea eax,[ebx-0x1f] push eax lea eax,[ebp-0x38] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 lea eax,[ebx-0x1f] push eax lea eax,[ebp-0x30] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 lea eax,[ebx-0x1f] push eax lea eax,[ebp-0x28] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x4] push eax push edi lea eax,[ebp-0x38] push eax lea eax,[ebp-0x8] push eax call FUNC_000574 add esp,byte +0x10 mov eax,[ebp-0x8] ; FIX: Starports below ground ; sar eax,0x4 sar eax,0x3 sub [ebp-0x8],eax test ebx,ebx jnl JUMP_003658 mov ecx,ebx neg ecx mov eax,[ebp-0x8] shl eax,cl sub esi,eax jmp short JUMP_003660 JUMP_003658: ; Pos = 39e89 cmp ebx,byte +0x10 jnl JUMP_003659 mov ecx,ebx shl esi,cl sub esi,[ebp-0x8] xor ebx,ebx jmp short JUMP_003660 JUMP_003659: ; Pos = 39e99 sub ebx,byte +0x10 mov ecx,ebx mov eax,[ebp-0x8] sar eax,cl shl esi,0x10 sub esi,eax JUMP_003660: ; Pos = 39ea8 push esi push dword [ebp-0x1c] push dword [ebp-0x20] lea eax,[ebp-0x38] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 push esi push dword [ebp-0x14] push dword [ebp-0x18] lea eax,[ebp-0x30] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 push esi push dword [ebp-0xc] push dword [ebp-0x10] lea eax,[ebp-0x28] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 lea eax,[ebx-0x1f] push eax lea eax,[ebp-0x38] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 lea eax,[ebx-0x1f] push eax lea eax,[ebp-0x30] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 lea eax,[ebx-0x1f] push eax lea eax,[ebp-0x28] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x4] push eax push edi lea eax,[ebp-0x38] push eax lea eax,[ebp-0x8] push eax call FUNC_000574 add esp,byte +0x10 test ebx,ebx jnl JUMP_003661 mov ecx,ebx neg ecx mov eax,[ebp-0x8] shl eax,cl sub esi,eax jmp short JUMP_003662 JUMP_003661: ; Pos = 39f37 mov ecx,ebx mov eax,[ebp-0x8] sar eax,cl sub esi,eax JUMP_003662: ; Pos = 39f40 push esi push dword [ebp-0x1c] push dword [ebp-0x20] lea eax,[ebp-0x38] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 push esi push dword [ebp-0x14] push dword [ebp-0x18] lea eax,[ebp-0x30] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 push esi push dword [ebp-0xc] push dword [ebp-0x10] lea eax,[ebp-0x28] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 lea esi,[ebx-0x1f] push esi lea eax,[ebp-0x38] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 push esi lea eax,[ebp-0x30] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 push esi lea eax,[ebp-0x28] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 push edi lea esi,[ebp-0x38] add edi,byte +0x3e mov ecx,0x6 rep movsd pop edi pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000880: ; Pos = 39fbc push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov edi,[ebp+0xc] xor eax,eax mov [ebp-0x8],eax mov ebx,edi jmp JUMP_003677 JUMP_003663: ; Pos = 39fd4 cmp word [ebx+0x8],byte +0x0 jz JUMP_003664 movzx eax,word [ebx+0x8] mov edx,eax shl eax,0x4 add eax,edx mov esi,[edi+eax*4-0x2c] jmp short JUMP_003665 JUMP_003664: ; Pos = 39fec mov esi,DATA_007134 JUMP_003665: ; Pos = 39ff1 lea eax,[ebp-0xc] push eax movzx eax,word [ebx+0xc] push eax push byte +0x1d push esi mov eax,[ebp+0x8] push eax call near [DATA_007198] ; FUNC_000927 add esp,byte +0x14 mov esi,eax test eax,eax jz near JUMP_003678 mov [ebx+0x18],esi mov eax,[ebx+0x4] mov [esi+0xa0],eax mov al,[ebx+0x3e] mov [esi+0xc8],al mov al,[ebx+0x3f] mov [esi+0xcb],al mov ax,[ebx+0x24] mov [esi+0xe0],ax mov ax,[ebx+0x42] mov [esi+0xcc],ax mov word [ebp-0x4],0x4082 mov word [ebp-0x2],0xffd5 mov eax,[ebp-0x4] push eax mov eax,[ebx] push eax call FUNC_001482 add esp,byte +0x8 push eax call near [DATA_007722] ; FUNC_001496 pop ecx mov [esi+0xa4],eax mov eax,[esi+0xa4] mov [ebp-0x4],eax cmp word [ebx+0xa],byte +0x0 jnz JUMP_003666 xor eax,eax mov al,[esi+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x11 ; FIX: Binary over-adjustment ; add word [ebp-0x2],byte +0x10 add word [ebp-0x2], 2 JUMP_003666: ; Pos = 3a098 mov ax,[ebx+0x8] test ax,ax jz JUMP_003667 movzx edx,ax mov ecx,edx shl edx,0x4 add edx,ecx cmp word [edi+edx*4-0x3a],byte +0x0 jnz JUMP_003667 movzx eax,ax inc eax cmp eax,[ebp-0x8] jc JUMP_003667 ; FIX: Binary child under-adjustment ; add word [ebp-0x2],byte -0xa add word [ebp-0x2], -6 JUMP_003667: ; Pos = 3a0c1 mov ax,[ebp-0x2] mov [esi+0xda],ax mov eax,[ebx+0xe] mov [esi+0xb0],eax mov byte [esi+0x87],0x1 cmp word [ebx+0xa],byte +0x20 jc near JUMP_003674 add word [esi+0xda],byte +0x4 or byte [esi+0x14c],0x10 mov word [esi+0xce],0x3 xor eax,eax mov al,[esi+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x1f cmp word [ebx+0xa],byte +0x22 jnz JUMP_003668 mov word [esi+0xce],0x7 JUMP_003668: ; Pos = 3a121 mov byte [esi+0xca],0x0 mov byte [esi+0xc9],0x0 mov word [esi+0xd8],0x0 mov ax,[esi+0xce] shl eax,0x3 add ax,byte +0x8 mov [esi+0xdc],ax cmp word [ebx+0xa],byte +0x23 jnz near JUMP_003674 movzx eax,word [ebx+0x8] mov edx,eax shl eax,0x4 add eax,edx mov eax,[edi+eax*4-0x2c] mov al,[eax+0x86] mov [esi+0x56],al or byte [esi+0x14c],0x20 mov ax,[ebx+0xc] cmp ax,byte +0x51 jc JUMP_003669 cmp ax,byte +0x5a ja JUMP_003669 or byte [esi+0x14c],0x40 JUMP_003669: ; Pos = 3a18e mov ax,[ebx+0xc] cmp ax,byte +0x51 jz JUMP_003670 cmp ax,byte +0x52 jz JUMP_003670 mov word [esi+0xce],0x5 JUMP_003670: ; Pos = 3a1a7 cmp word [ebx+0xc],byte +0x55 jnz JUMP_003671 mov word [esi+0xce],0x1 JUMP_003671: ; Pos = 3a1b7 cmp word [ebx+0xc],byte +0x56 jnz JUMP_003672 mov word [esi+0xce],0x1 JUMP_003672: ; Pos = 3a1c7 cmp word [ebx+0xc],byte +0x59 jnz JUMP_003673 mov word [esi+0xce],0x1 JUMP_003673: ; Pos = 3a1d7 mov ax,[esi+0xce] shl eax,0x3 add ax,byte +0x8 mov [esi+0xdc],ax xor eax,eax mov al,[esi+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0xf mov byte [esi+0x57],0x1 mov al,[DATA_008811] dec eax mov [esi+0x58],al xor eax,eax mov [esi+0xc2],eax mov eax,[ebp+0x8] push eax movzx eax,word [ebx+0x22] push eax movzx eax,word [ebx+0x12] push eax push esi call FUNC_000879 add esp,byte +0x10 JUMP_003674: ; Pos = 3a22a cmp word [ebx+0xa],byte +0x23 jz near JUMP_003676 mov ax,[ebx+0x8] test ax,ax jz JUMP_003675 movzx eax,ax mov edx,eax shl eax,0x4 add eax,edx mov eax,[edi+eax*4-0x2c] mov al,[eax+0x86] mov [esi+0x56],al JUMP_003675: ; Pos = 3a255 mov word [ebp-0x4],0x5460 mov word [ebp-0x2],0xffee mov eax,[ebx+0x14] push eax call near [DATA_007722] ; FUNC_001496 pop ecx push eax mov eax,[ebp-0x4] push eax call near [DATA_007731] ; FUNC_001483 add esp,byte +0x8 mov [ebp-0x10],eax add word [ebp-0xe],byte +0x40 mov eax,[ebp-0x10] push eax call near [DATA_007733] ; FUNC_001494 pop ecx mov [esi+0xc2],eax mov eax,[ebp+0x10] mov [esi+0xa8],eax mov eax,[ebp+0x14] mov [esi+0xac],eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push byte +0x0 push byte +0x0 mov eax,[esi+0xc2] push eax lea eax,[esi+0xba] push eax call near [DATA_007743] ; FUNC_001510 add esp,byte +0x18 movzx eax,word [ebx+0x12] shl eax,0x10 add [esi+0xbe],eax mov ax,[ebx+0x22] mov [esi+0xc6],ax mov edx,[esi+0xbe] push edx movsx eax,ax push eax mov eax,[esi+0xb0] push eax push esi call near [DATA_007741] ; FUNC_001507 add esp,byte +0x10 movsx eax,byte [esi+0xc8] mov ecx,0x11 sub ecx,eax mov eax,[ebp+0x10] shr eax,cl push eax movsx eax,word [esi+0xcc] push eax push esi call FUNC_001675_MatBuildYZT add esp,byte +0xc JUMP_003676: ; Pos = 3a321 add esi,0x124 mov eax,[ebp-0x8] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,edi add eax,byte +0x26 push esi push edi mov edi,eax xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop edi pop esi inc dword [ebp-0x8] add ebx,byte +0x44 JUMP_003677: ; Pos = 3a362 cmp dword [ebx],byte +0x0 jnz near JUMP_003663 JUMP_003678: ; Pos = 3a36b pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000881: ; Pos = 3a374 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebp+0xc] mov eax,[eax] mov esi,eax cmp eax,byte +0x3c jc JUMP_003679 mov ax,0xffff jmp JUMP_003692 JUMP_003679: ; Pos = 3a395 inc byte [DATA_008847] xor edx,edx mov eax,DATA_007121 jmp short JUMP_003681 JUMP_003680: ; Pos = 3a3a4 cmp ecx,[ebp+0x10] ja JUMP_003682 inc edx add eax,byte +0x4 JUMP_003681: ; Pos = 3a3ad mov ecx,[eax] test ecx,ecx jnz JUMP_003680 JUMP_003682: ; Pos = 3a3b3 mov ecx,[edx*4+DATA_007124] mov eax,esi shl eax,0x4 add eax,esi mov [ebx+eax*4+0x1c],ecx mov cx,[edx*4+DATA_007119] mov [ebx+eax*4+0xa],cx mov cx,[edx*4+DATA_007123] mov [ebx+eax*4+0x24],cx mov cx,[edx*4+DATA_007120] mov [ebx+eax*4+0xc],cx mov ax,[edx*4+DATA_007122] mov [ebp-0x2],ax mov eax,[edx*4+DATA_007125] mov [ebp-0x8],eax cmp dword [ebp+0x10],0x1036640 jc JUMP_003684 mov edi,esi shl edi,0x4 add edi,esi shl edi,0x2 add edi,ebx add edi,byte +0x26 mov eax,[ebp+0x20] push esi push edi mov esi,edi mov edi,eax xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop edi pop esi push dword DATA_007183 push edi call _strcat add esp,byte +0x8 inc byte [DATA_008848] push edi call _strlen pop ecx mov edx,esi shl edx,0x4 add edx,esi shl edx,0x2 add edx,ebx add eax,edx add eax,byte +0x26 cmp dword [ebp+0x14],byte +0x0 jz JUMP_003683 mov dl,[DATA_008848] add dl,0x40 mov [eax],dl inc eax JUMP_003683: ; Pos = 3a480 mov byte [eax],0x0 jmp JUMP_003690 JUMP_003684: ; Pos = 3a488 cmp dword [ebp+0x14],byte +0x0 jz JUMP_003685 mov eax,[ebp+0x14] mov edx,eax shl eax,0x4 add eax,edx test byte [ebx+eax*4-0x5],0x80 jz JUMP_003685 mov eax,esi shl eax,0x4 add eax,esi mov edx,[DATA_008844] mov [ebx+eax*4+0x4],edx mov eax,[ebp+0x24] push eax push byte +0xa push esi push ebx call FUNC_000893 add esp,byte +0x10 jmp JUMP_003690 JUMP_003685: ; Pos = 3a4c5 mov edi,esi shl edi,0x4 add edi,esi shl edi,0x2 add edi,ebx add edi,byte +0x26 mov eax,[ebp+0x14] dec eax mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,ebx add eax,byte +0x26 push esi push edi mov esi,edi mov edi,eax xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop edi pop esi push dword DATA_007184 push edi call _strcat add esp,byte +0x8 cmp byte [DATA_008849],0x0 jnz JUMP_003688 push edi call _strlen pop ecx mov edx,esi shl edx,0x4 add edx,esi shl edx,0x2 add edx,ebx add eax,edx add eax,byte +0x25 mov edx,[ebp+0x28] inc dword [edx] mov edx,[ebp+0x28] cmp dword [edx],byte +0x9 jna JUMP_003686 mov byte [eax],0x31 inc eax mov edx,[ebp+0x28] mov dl,[edx] add dl,0x26 mov [eax],dl inc eax jmp short JUMP_003687 JUMP_003686: ; Pos = 3a559 mov edx,[ebp+0x28] mov dl,[edx] add dl,0x30 mov [eax],dl inc eax JUMP_003687: ; Pos = 3a564 mov byte [eax],0x0 jmp short JUMP_003690 JUMP_003688: ; Pos = 3a569 mov edi,esi shl edi,0x4 add edi,esi shl edi,0x2 add edi,ebx mov eax,edi add eax,byte +0x26 push eax call _strlen pop ecx add eax,edi add eax,byte +0x25 cmp byte [DATA_008849],0x1 jnz JUMP_003689 mov edx,[ebp+0x2c] inc dword [edx] mov edx,[ebp+0x2c] mov dl,[edx] add dl,0x60 mov [eax],dl jmp short JUMP_003690 JUMP_003689: ; Pos = 3a5a0 mov edx,[ebp+0x30] inc dword [edx] mov edx,[ebp+0x30] mov dl,[edx] add dl,0x30 mov [eax],dl JUMP_003690: ; Pos = 3a5af mov eax,[ebp+0x10] push eax mov ax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax push esi push ebx call FUNC_000882 add esp,byte +0x18 cmp dword [ebp-0x8],byte +0x0 jz JUMP_003691 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push ebx call near [ebp-0x8] add esp,byte +0x10 JUMP_003691: ; Pos = 3a5e3 mov eax,[ebp+0xc] inc dword [eax] mov ax,[ebp-0x2] JUMP_003692: ; Pos = 3a5ec pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000882: ; Pos = 3a5f4 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] movzx eax,word [ebp+0x18] push eax mov eax,[ebp+0x14] push eax call near [DATA_007747] ; FUNC_001515 add esp,byte +0x8 mov edi,esi shl edi,0x4 add edi,esi mov [ebx+edi*4+0xe],eax mov eax,esi shl eax,0x4 add eax,esi cmp dword [ebx+eax*4+0xe],byte +0x0 jz near JUMP_003696 mov eax,esi shl eax,0x4 add eax,esi mov eax,[ebx+eax*4+0xe] push eax call near [DATA_007736] ; FUNC_001489 pop ecx mov [ebx+edi*4+0xe],eax add word [ebx+edi*4+0x10],byte +0x19 cmp dword [ebp+0x10],byte +0x0 jz JUMP_003694 mov eax,[ebx+edi*4+0xe] mov [ebp-0x4],eax mov eax,[ebp+0x10] mov edx,eax shl eax,0x4 add eax,edx cmp word [ebx+eax*4-0x3a],byte +0x0 jnz JUMP_003693 mov edx,esi dec edx cmp edx,[ebp+0x10] ja JUMP_003693 inc word [ebp-0x2] JUMP_003693: ; Pos = 3a67a mov eax,[ebx+eax*4-0x44] mov [ebp-0x8],eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] push eax mov eax,[ebp-0x4] push eax mov eax,[ebp-0x4] push eax call FUNC_001482 add esp,byte +0x8 push eax call FUNC_001482 add esp,byte +0x8 push eax call near [DATA_007731] ; FUNC_001483 add esp,byte +0x8 push eax call near [DATA_007730] ; FUNC_001463 pop ecx mov edi,esi shl edi,0x4 add edi,esi mov [ebx+edi*4+0x14],eax movsx eax,word [ebx+edi*4+0x14] imul eax,eax,0x5edb sar eax,0xf mov [ebx+edi*4+0x14],ax jmp short JUMP_003695 JUMP_003694: ; Pos = 3a6d4 mov eax,esi shl eax,0x4 add eax,esi xor edx,edx mov [ebx+eax*4+0x14],edx JUMP_003695: ; Pos = 3a6e1 mov eax,esi shl eax,0x4 add eax,esi mov dx,[DATA_008843] mov [ebx+eax*4+0x12],dx JUMP_003696: ; Pos = 3a6f4 mov edi,esi shl edi,0x4 add edi,esi mov eax,[DATA_008844] mov [ebx+edi*4+0x4],eax inc dword [DATA_008846] mov ax,[ebp+0x10] mov [ebx+edi*4+0x8],ax mov eax,[ebp+0x1c] push eax call near [DATA_007736] ; FUNC_001489 pop ecx mov [ebx+edi*4],eax add word [ebx+edi*4+0x2],byte +0x3f mov eax,[DATA_008843] and eax,0xffff mov edx,eax imul edx,eax movzx eax,dx sar eax,0x18 mov [ebx+edi*4+0x20],ax mov ax,[DATA_008843] movzx edx,ax sar edx,0x3 shl eax,0xd or dx,ax mov eax,edx movzx edx,ax movzx eax,ax imul edx,eax sar edx,0x14 mov [ebx+edi*4+0x22],dx cmp dword [ebp+0x10],byte +0x0 jz JUMP_003697 mov eax,[ebp+0x10] mov edx,eax shl eax,0x4 add eax,edx mov ax,[ebx+eax*4-0x2] add [ebx+edi*4+0x22],ax JUMP_003697: ; Pos = 3a780 mov eax,[ebx+edi*4+0x4] mov edx,esi shl edx,0x4 add edx,esi imul dword [ebx+edx*4+0x4] movsx eax,ax sar eax,0x11 mov [ebx+edi*4+0x42],ax mov al,[ebx+edi*4+0x42] and al,0x3 mov [ebx+edi*4+0x3e],al mov al,[DATA_008849] mov [ebx+edi*4+0x3f],al cmp word [ebx+edi*4+0x24],0x3e8 jnc near JUMP_003701 mov edi,esi xor eax,eax mov [ebp-0x10],eax jmp near JUMP_003700 JUMP_003698: ; Pos = 3a7c3 mov edx,edi shl edx,0x4 add edx,edi movzx eax,ax dec eax mov [ebp-0xc],eax mov eax,[ebp-0xc] mov edx,eax shl eax,0x4 add eax,edx cmp dword [ebx+eax*4+0x1c],byte +0x0 jz near JUMP_003699 mov eax,[ebp-0xc] mov edx,eax shl eax,0x4 add eax,edx mov eax,[ebx+eax*4+0x1c] push eax call near [DATA_007736] ; FUNC_001489 pop ecx mov [ebp-0x14],eax add word [ebp-0x12],byte +0x32 mov eax,edi shl eax,0x4 add eax,edi mov eax,[ebx+eax*4+0xe] push eax mov eax,[ebp-0x14] push eax call near [DATA_007731] ; FUNC_001483 add esp,byte +0x8 mov [ebp-0x14],eax mov eax,[ebp-0x14] push eax mov eax,[ebp-0x14] push eax call FUNC_001482 add esp,byte +0x8 push eax mov eax,[ebp-0x10] push eax call near [DATA_007735] ; FUNC_001486 add esp,byte +0x8 mov [ebp-0x10],eax JUMP_003699: ; Pos = 3a83d mov edi,[ebp-0xc] JUMP_003700: ; Pos = 3a840 mov eax,edi shl eax,0x4 add eax,edi mov ax,[ebx+eax*4+0x8] test ax,ax jnz near JUMP_003698 mov eax,[ebp-0x10] push eax mov edi,[DATA_007730] call edi pop ecx push eax call edi pop ecx push eax call near [DATA_007732] ; FUNC_001491 pop ecx mov edx,esi shl edx,0x4 add edx,esi add [ebx+edx*4+0x24],ax JUMP_003701: ; Pos = 3a87a pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000883: ; Pos = 3a884 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,[ebp+0x14] mov eax,[ebp+0x10] mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov edx,[ebx] mov [ebp-0x4],edx mov ecx,edx shl edx,0x4 add edx,ecx cmp word [esi+edx*4+0x24],0x139 jna JUMP_003702 mov edx,[ebx] mov ecx,edx shl edx,0x4 add edx,ecx mov word [esi+edx*4+0xc],0x7b mov edx,[ebx] mov ecx,edx shl edx,0x4 add edx,ecx mov word [esi+edx*4+0xa],0xc shr eax,1 mov edx,[ebx] mov ecx,edx shl edx,0x4 add edx,ecx add [esi+edx*4+0x24],ax jmp JUMP_003725 JUMP_003702: ; Pos = 3a8e1 mov edx,[ebx] mov ecx,edx shl edx,0x4 add edx,ecx mov dx,[esi+edx*4+0x24] cmp dx,0xd7 ja near JUMP_003711 imul ecx,[ebx],byte +0x11 cmp dx,0xaa jc near JUMP_003709 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx add word [esi+eax*4+0x24],byte +0x19 cmp dword [DATA_008854],0xc8 jnl near JUMP_003705 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x7b mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xa],0x6 mov eax,[DATA_008853] cmp eax,0x1aa89738 jz JUMP_003703 cmp eax,0x2ae1718 jz JUMP_003703 cmp eax,0xeb6973d jnz near JUMP_003725 JUMP_003703: ; Pos = 3a965 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x85 cmp dword [DATA_008853],0x2ae1718 jnz JUMP_003704 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp dword [esi+eax*4+0x4],0x5b5ff290 jnz JUMP_003704 mov eax,[ebp-0x4] inc eax push eax push edi push byte +0x3 push ebx push esi call FUNC_000892 add esp,byte +0x14 JUMP_003704: ; Pos = 3a9a6 cmp dword [DATA_008853],0xeb6973d jnz near JUMP_003725 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp dword [esi+eax*4+0x4],0x70740190 jnz near JUMP_003725 mov eax,[ebp-0x4] inc eax push eax push edi push byte +0x4 push ebx push esi call FUNC_000892 add esp,byte +0x14 jmp JUMP_003725 JUMP_003705: ; Pos = 3a9e4 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0x127 jnc JUMP_003706 mov word [esi+eax*4+0x24],0x127 JUMP_003706: ; Pos = 3a9fd mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x7e mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xa],0xb push edi push byte +0x8 mov eax,[ebx] push eax push esi call FUNC_000893 add esp,byte +0x10 push edi mov eax,[DATA_008854] sar eax,0x5 push eax push byte +0x0 push ebx push esi call FUNC_000891 add esp,byte +0x14 mov eax,[DATA_008854] cmp eax,byte +0x1e jl near JUMP_003725 mov edx,[ebp-0x4] inc edx push edx push edi cmp eax,0xf2 jl JUMP_003707 mov eax,0x2 jmp short JUMP_003708 JUMP_003707: ; Pos = 3aa64 mov eax,0x1 cmp dword [DATA_008854],byte +0x32 jnl JUMP_003708 dec eax JUMP_003708: ; Pos = 3aa73 push eax push ebx push esi call FUNC_000892 add esp,byte +0x14 jmp JUMP_003725 JUMP_003709: ; Pos = 3aa83 mov edx,[ebx] mov ecx,edx shl edx,0x4 add edx,ecx mov dx,[esi+edx*4+0x24] cmp dx,byte +0x7b ja JUMP_003710 imul ecx,[ebx],byte +0x11 cmp dx,byte +0x42 jc JUMP_003710 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx add word [esi+eax*4+0x24],byte +0x16 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x7c mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xa],0x7 jmp JUMP_003725 JUMP_003710: ; Pos = 3aad4 push edi push eax push ebx push esi call FUNC_000884 add esp,byte +0x10 jmp JUMP_003725 JUMP_003711: ; Pos = 3aae5 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx add word [esi+eax*4+0x24],byte +0x23 call FUNC_000894 mov edx,[DATA_008843] and edx,0xff shr edx,0x2 mov eax,[ebx] mov ecx,eax shl eax,0x4 add eax,ecx movzx ecx,word [esi+eax*4+0x24] add ecx,0xffffff06 cmp edx,ecx jna near JUMP_003716 cmp dword [DATA_008854],byte +0x78 jnl JUMP_003712 mov word [esi+eax*4+0xc],0x80 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xa],0x8 jmp JUMP_003725 JUMP_003712: ; Pos = 3ab49 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0x127 jnc JUMP_003713 mov word [esi+eax*4+0x24],0x127 JUMP_003713: ; Pos = 3ab62 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x7e mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xa],0xb push edi push byte +0x8 mov eax,[ebx] push eax push esi call FUNC_000893 add esp,byte +0x10 push edi mov eax,[DATA_008854] sar eax,0x5 push eax push byte +0x0 push ebx push esi call FUNC_000891 add esp,byte +0x14 mov eax,[DATA_008854] cmp eax,byte +0x1e jl near JUMP_003725 mov edx,[ebp-0x4] inc edx push edx push edi cmp eax,0xf2 jl JUMP_003714 mov eax,0x2 jmp short JUMP_003715 JUMP_003714: ; Pos = 3abc9 mov eax,0x1 cmp dword [DATA_008854],byte +0x32 jnl JUMP_003715 dec eax JUMP_003715: ; Pos = 3abd8 push eax push ebx push esi call FUNC_000892 add esp,byte +0x14 jmp JUMP_003725 JUMP_003716: ; Pos = 3abe8 cmp dword [DATA_008854],byte +0x4 jl near JUMP_003725 push edi push byte +0x9 mov eax,[ebx] push eax push esi call FUNC_000893 add esp,byte +0x10 cmp dword [DATA_008854],byte +0x10 jl near JUMP_003725 test byte [DATA_008843],0xf0 jnz JUMP_003717 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x84 JUMP_003717: ; Pos = 3ac2a mov edx,[ebx] mov eax,edx shl edx,0x4 add edx,eax mov ax,[esi+edx*4+0x24] cmp ax,0x118 jna near JUMP_003723 imul ecx,[ebx],byte +0x11 cmp ax,0x134 jna JUMP_003718 mov word [esi+edx*4+0xc],0x83 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0x152 jna JUMP_003718 mov word [esi+eax*4+0xc],0x82 JUMP_003718: ; Pos = 3ac6b test byte [DATA_008843],0xf jnz JUMP_003719 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x80 push edi mov eax,[DATA_008854] sar eax,0x5 push eax push byte +0x24 push ebx push esi call FUNC_000891 add esp,byte +0x14 jmp short JUMP_003720 JUMP_003719: ; Pos = 3ac9c push edi mov eax,[DATA_008854] sar eax,0x5 push eax push byte +0x0 push ebx push esi call FUNC_000891 add esp,byte +0x14 JUMP_003720: ; Pos = 3acb2 mov eax,[DATA_008854] cmp eax,byte +0x1e jl JUMP_003725 mov edx,[ebp-0x4] inc edx push edx push edi cmp eax,0xf2 jl JUMP_003721 mov eax,0x2 jmp short JUMP_003722 JUMP_003721: ; Pos = 3acd0 mov eax,0x1 cmp dword [DATA_008854],byte +0x32 jnl JUMP_003722 dec eax JUMP_003722: ; Pos = 3acdf push eax push ebx push esi call FUNC_000892 add esp,byte +0x14 jmp short JUMP_003725 JUMP_003723: ; Pos = 3acec mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x7f push edi mov eax,[DATA_008854] sar eax,0x6 push eax push byte +0x18 push ebx push esi call FUNC_000891 add esp,byte +0x14 mov eax,[DATA_008854] cmp eax,byte +0x28 jl JUMP_003725 mov edx,[ebp-0x4] inc edx push edx push edi mov edx,0x1 cmp eax,byte +0x50 jnl JUMP_003724 dec edx JUMP_003724: ; Pos = 3ad2d push edx push ebx push esi call FUNC_000892 add esp,byte +0x14 JUMP_003725: ; Pos = 3ad38 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000884: ; Pos = 3ad40 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,[ebp+0x14] mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov eax,[ebx] mov [ebp-0x4],eax mov edx,eax shl eax,0x4 add eax,edx add word [esi+eax*4+0x24],byte +0x14 cmp dword [DATA_008854],0x96 jl near JUMP_003729 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0x102 jc near JUMP_003729 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0x139 ja near JUMP_003729 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0x127 jnc JUMP_003726 mov word [esi+eax*4+0x24],0x127 JUMP_003726: ; Pos = 3adb7 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x7e mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xa],0x9 push edi push byte +0x8 mov eax,[ebx] push eax push esi call FUNC_000893 add esp,byte +0x10 push edi mov eax,[DATA_008854] sar eax,0x6 push eax push byte +0x0 push ebx push esi call FUNC_000891 add esp,byte +0x14 mov eax,[DATA_008854] cmp eax,byte +0x1e jl near JUMP_003735 mov edx,[ebp-0x4] inc edx push edx push edi cmp eax,0xb4 jl JUMP_003727 mov eax,0x2 jmp short JUMP_003728 JUMP_003727: ; Pos = 3ae1e mov eax,0x1 cmp dword [DATA_008854],byte +0x32 jnl JUMP_003728 dec eax JUMP_003728: ; Pos = 3ae2d push eax push ebx push esi call FUNC_000892 add esp,byte +0x14 jmp JUMP_003735 JUMP_003729: ; Pos = 3ae3d mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xc],0x79 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [esi+eax*4+0xa],0x4 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0x212 ja near JUMP_003735 cmp dword [DATA_008854],0xc8 jl JUMP_003730 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0xa0 jnc JUMP_003732 JUMP_003730: ; Pos = 3ae91 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0xb4 jc JUMP_003731 cmp dword [DATA_008854],byte +0x6 jg JUMP_003732 JUMP_003731: ; Pos = 3aeac cmp dword [DATA_008854],0xfa jl JUMP_003735 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0x87 jna JUMP_003735 JUMP_003732: ; Pos = 3aeca mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x2],byte +0x47 jng JUMP_003733 mov word [esi+eax*4+0x2],0x47 JUMP_003733: ; Pos = 3aee2 push edi push byte +0xa mov eax,[ebx] push eax push esi call FUNC_000893 add esp,byte +0x10 cmp dword [DATA_008854],byte +0x1e jl JUMP_003735 push edi push byte +0x0 push byte +0xc push ebx push esi call FUNC_000891 add esp,byte +0x14 mov eax,[DATA_008854] cmp eax,byte +0x64 jl JUMP_003735 mov edx,[ebp-0x4] inc edx push edx push edi xor edx,edx cmp eax,0xaa jl JUMP_003734 inc edx JUMP_003734: ; Pos = 3af23 push edx push ebx push esi call FUNC_000892 add esp,byte +0x14 JUMP_003735: ; Pos = 3af2e pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000885: ; Pos = 3af34 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,[ebp+0x14] mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov eax,[ebx] mov [ebp-0x4],eax mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov ax,[esi+eax*4+0x24] cmp ax,0x96 jc JUMP_003737 mov edx,[ebx] mov ecx,edx shl edx,0x4 add edx,ecx cmp ax,0x1f4 ja JUMP_003737 cmp dword [DATA_008854],0xc8 jnl JUMP_003736 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx cmp word [esi+eax*4+0x24],0xc8 jc JUMP_003737 cmp dword [DATA_008854],byte +0x8 jng JUMP_003737 JUMP_003736: ; Pos = 3af93 push edi push byte +0xa mov eax,[ebx] push eax push esi call FUNC_000893 add esp,byte +0x10 cmp dword [DATA_008854],byte +0x2d jl JUMP_003737 push edi push byte +0x0 push byte +0xc push ebx push esi call FUNC_000891 add esp,byte +0x14 cmp dword [DATA_008854],0x96 jl JUMP_003737 mov eax,[ebp-0x4] inc eax push eax push edi push byte +0x0 push ebx push esi call FUNC_000892 add esp,byte +0x14 JUMP_003737: ; Pos = 3afd8 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000886: ; Pos = 3afe0 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[esi] mov edx,eax shl edx,0x4 add edx,eax cmp word [ebx+edx*4+0x24],0xdc jc JUMP_003738 cmp dword [DATA_008854],byte +0x32 jng JUMP_003738 mov edx,[ebp+0x14] push edx push byte +0xa push eax push ebx call FUNC_000893 add esp,byte +0x10 cmp dword [DATA_008854],byte +0x50 jl JUMP_003738 mov eax,[ebp+0x14] push eax push byte +0x0 push byte +0xc push esi push ebx call FUNC_000891 add esp,byte +0x14 JUMP_003738: ; Pos = 3b031 pop esi pop ebx pop ebp ret FUNC_000887: ; Pos = 3b038 push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,[edx] mov ebx,ecx shl ecx,0x4 add ecx,ebx mov word [eax+ecx*4],0x0 mov ecx,[edx] mov ebx,ecx shl ecx,0x4 add ecx,ebx mov word [eax+ecx*4+0x2],0x38 mov ecx,[edx] mov ebx,ecx shl ebx,0x4 add ebx,ecx cmp word [eax+ebx*4+0x24],0xdc jc JUMP_003739 cmp dword [DATA_008854],byte +0x32 jng JUMP_003739 mov ebx,[ebp+0x14] push ebx push byte +0xa push ecx push eax call FUNC_000893 add esp,byte +0x10 JUMP_003739: ; Pos = 3b08c pop ebx pop ebp ret FUNC_000888: ; Pos = 3b090 push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] cmp dword [DATA_008846],byte +0x2 jng JUMP_003740 mov ecx,[edx] mov ebx,ecx shl ecx,0x4 add ecx,ebx mov word [eax+ecx*4+0xc],0x94 mov ecx,[edx] mov ebx,ecx shl ecx,0x4 add ecx,ebx mov word [eax+ecx*4+0xa],0x19 mov ecx,[edx] mov ebx,ecx shl ecx,0x4 add ecx,ebx mov dword [eax+ecx*4+0x1c],0x3e2 mov ecx,[edx] mov ebx,ecx shl ecx,0x4 add ecx,ebx mov word [eax+ecx*4+0x24],0x2c09 mov edx,[edx] mov ecx,edx shl edx,0x4 add edx,ecx dec word [eax+edx*4+0x2] JUMP_003740: ; Pos = 3b0f2 pop ebx pop ebp ret FUNC_000889: ; Pos = 3b0f8 push ebp mov ebp,esp call FUNC_000894 test eax,0x80000000 jz JUMP_003741 mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000890 add esp,byte +0x10 JUMP_003741: ; Pos = 3b11f pop ebp ret FUNC_000890: ; Pos = 3b124 push ebp mov ebp,esp call FUNC_000894 test eax,0x80000000 jz JUMP_003742 mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000888 add esp,byte +0x10 JUMP_003742: ; Pos = 3b14b pop ebp ret FUNC_000891: ; Pos = 3b150 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov ebx,[ebp+0xc] mov edi,[ebp+0x8] mov esi,[DATA_008843] mov eax,[DATA_008844] mov [ebp-0x4],eax mov edx,[DATA_008854] mov [ebp-0x8],edx mov edx,[ebx] inc edx mov [ebp-0x10],edx cmp byte [DATA_008855],0x12 jnl near JUMP_003746 and eax,0xffff imul dword [ebp+0x14] shr eax,0x10 mov [ebp-0xc],eax cmp dword [ebp-0xc],byte +0x3 jna JUMP_003743 mov dword [ebp-0xc],0x3 JUMP_003743: ; Pos = 3b1a4 xor eax,eax mov [ebp-0x14],eax jmp JUMP_003745 JUMP_003744: ; Pos = 3b1ae add [ebp-0x4],esi mov eax,esi shl eax,0x5 shr esi,0x1b or eax,esi mov esi,eax add esi,[ebp-0x4] mov eax,esi shl eax,0x10 shr esi,0x10 add eax,esi mov esi,eax add esi,[ebp-0x4] inc dword [ebx] push byte +0x44 push dword DATA_008796 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,edi push eax call _memcpy add esp,byte +0xc mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [edi+eax*4],0x0 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov word [edi+eax*4+0x2],0x39 mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebp-0x10] mov [edi+eax*4+0x8],dx mov eax,[ebx] mov edx,eax shl eax,0x4 add eax,edx mov [edi+eax*4+0x4],esi inc dword [DATA_008846] mov eax,[DATA_008846] and eax,byte +0xf mov ax,[eax*8+DATA_007130] mov edx,[ebx] mov ecx,edx shl edx,0x4 add edx,ecx mov [edi+edx*4+0x22],ax mov eax,[DATA_008846] and eax,byte +0xf mov ax,[eax*8+DATA_007131] mov edx,[ebx] mov ecx,edx shl edx,0x4 add edx,ecx mov [edi+edx*4+0x12],ax mov eax,[ebp+0x18] push eax push byte +0x6 mov eax,[ebx] push eax push edi call FUNC_000893 add esp,byte +0x10 mov edx,[ebp-0x8] shr edx,0x5 and edx,byte +0x7 add edx,[ebp+0x10] mov eax,[ebx] mov ecx,eax shl eax,0x4 add eax,ecx mov ecx,[edi+eax*4+0x4] and ecx,0x30000 shr ecx,0x10 add edx,ecx mov dx,[edx*4+DATA_007132] mov [edi+eax*4+0xc],dx inc byte [DATA_008855] mov al,[DATA_008855] cmp al,0x12 jnl JUMP_003746 inc dword [ebp-0x14] JUMP_003745: ; Pos = 3b2c4 mov eax,[ebp-0x14] cmp eax,[ebp-0xc] jna near JUMP_003744 JUMP_003746: ; Pos = 3b2d0 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000892: ; Pos = 3b2d8 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] cmp byte [DATA_008855],0x12 jnl near JUMP_003755 inc byte [DATA_008855] inc byte [DATA_008856] inc dword [esi] mov eax,edi cmp eax,byte +0x4 ja near JUMP_003752 jmp near [eax*4+DATA_000036] SECTION .data DATA_000036: ; Pos = 3b315 dd JUMP_003747 dd JUMP_003748 dd JUMP_003749 dd JUMP_003750 dd JUMP_003751 SECTION .text JUMP_003747: ; Pos = 3b329 push byte +0x44 push dword DATA_008794 mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,ebx push eax call _memcpy add esp,byte +0xc mov eax,[DATA_008843] and eax,0x300 shr eax,0x8 mov ax,[eax*4+DATA_007136] mov edx,[esi] mov ecx,edx shl edx,0x4 add edx,ecx mov [ebx+edx*4+0xc],ax jmp JUMP_003752 JUMP_003748: ; Pos = 3b36f push byte +0x44 push dword DATA_008797 mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,ebx push eax call _memcpy add esp,byte +0xc mov eax,[DATA_008843] and eax,0x300 shr eax,0x8 mov ax,[eax*4+DATA_007137] mov edx,[esi] mov ecx,edx shl edx,0x4 add edx,ecx mov [ebx+edx*4+0xc],ax jmp JUMP_003752 JUMP_003749: ; Pos = 3b3b5 push byte +0x44 push dword DATA_008795 mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,ebx push eax call _memcpy add esp,byte +0xc mov eax,[DATA_008843] and eax,0x300 shr eax,0x8 mov ax,[eax*4+DATA_007138] mov edx,[esi] mov ecx,edx shl edx,0x4 add edx,ecx mov [ebx+edx*4+0xc],ax jmp short JUMP_003752 JUMP_003750: ; Pos = 3b3f8 push byte +0x44 push dword DATA_008794 mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,ebx push eax call _memcpy add esp,byte +0xc mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx mov word [ebx+eax*4+0xc],0x45 jmp short JUMP_003752 JUMP_003751: ; Pos = 3b428 push byte +0x44 push dword DATA_008795 mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,ebx push eax call _memcpy add esp,byte +0xc mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx mov word [ebx+eax*4+0xc],0x4f JUMP_003752: ; Pos = 3b456 mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx mov word [ebx+eax*4],0x0 mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx mov word [ebx+eax*4+0x2],0x39 mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx mov edx,[DATA_008843] mov [ebx+eax*4+0x4],edx mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx mov dx,[ebp+0x18] mov [ebx+eax*4+0x8],dx inc dword [DATA_008846] mov word [ebp-0x4],0x7fff mov word [ebp-0x2],0x22 mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx mov edx,[ebp-0x4] mov [ebx+eax*4+0xe],edx mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx movzx eax,word [ebx+eax*4+0x8] mov edx,eax shl eax,0x4 add eax,edx mov eax,[ebx+eax*4-0x44] push eax mov eax,[ebp-0x4] push eax mov eax,[ebp-0x4] push eax mov eax,[ebp-0x4] push eax call FUNC_001482 add esp,byte +0x8 push eax call FUNC_001482 add esp,byte +0x8 push eax call near [DATA_007731] ; FUNC_001483 add esp,byte +0x8 push eax call near [DATA_007730] ; FUNC_001463 pop ecx mov edx,[esi] mov ecx,edx shl edx,0x4 add edx,ecx mov [ebx+edx*4+0x14],eax mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx movsx edx,word [ebx+eax*4+0x14] imul edx,edx,0x5edb sar edx,0xf mov [ebx+eax*4+0x14],dx cmp edi,byte +0x3 jz JUMP_003753 cmp edi,byte +0x4 jnz JUMP_003754 JUMP_003753: ; Pos = 3b538 mov eax,[esi] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add ebx,eax add ebx,byte +0x26 push esi mov edi,ebx mov esi,DATA_007185 mov eax,edi movsd movsb pop esi jmp short JUMP_003755 JUMP_003754: ; Pos = 3b558 mov eax,[ebp+0x14] push eax push byte +0x7 mov eax,[esi] push eax push ebx call FUNC_000893 add esp,byte +0x10 JUMP_003755: ; Pos = 3b56a pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000893: ; Pos = 3b570 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x14] mov ecx,[ebp+0x10] mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ebx,edx shl ebx,0x4 add ebx,edx or byte [eax+ebx*4+0x3f],0x80 cmp dword [DATA_007128],byte +0x3 jnz JUMP_003759 cmp ecx,byte +0x8 jz JUMP_003756 cmp ecx,byte +0x9 jnz JUMP_003757 JUMP_003756: ; Pos = 3b5a0 mov ecx,edx shl ecx,0x4 add ecx,edx shl ecx,0x2 add ecx,eax add ecx,byte +0x26 push ecx mov ecx,edx shl edx,0x4 add edx,ecx mov eax,[eax+edx*4+0x4] push eax push esi push byte +0x10 call FUNC_000791 add esp,byte +0x10 jmp short JUMP_003760 JUMP_003757: ; Pos = 3b5c9 cmp ecx,byte +0x6 jz JUMP_003758 cmp ecx,byte +0x7 jnz JUMP_003759 JUMP_003758: ; Pos = 3b5d3 mov ecx,edx shl ecx,0x4 add ecx,edx shl ecx,0x2 add ecx,eax add ecx,byte +0x26 push ecx mov ecx,edx shl edx,0x4 add edx,ecx mov eax,[eax+edx*4+0x4] push eax push esi push byte +0x11 call FUNC_000791 add esp,byte +0x10 jmp short JUMP_003760 JUMP_003759: ; Pos = 3b5fc mov ebx,edx shl ebx,0x4 add ebx,edx shl ebx,0x2 add ebx,eax add ebx,byte +0x26 push ebx mov ebx,edx shl edx,0x4 add edx,ebx mov eax,[eax+edx*4+0x4] push eax push esi push ecx call FUNC_000791 add esp,byte +0x10 JUMP_003760: ; Pos = 3b622 pop esi pop ebx pop ebp ret FUNC_000894: ; Pos = 3b628 mov eax,[DATA_008843] mov edx,[DATA_008844] add edx,eax mov ecx,eax shl ecx,0x3 shr eax,0x1d or ecx,eax mov eax,ecx add eax,edx mov ecx,edx shl ecx,0x5 shr edx,0x1b or ecx,edx mov edx,ecx add eax,edx mov [DATA_008844],edx mov [DATA_008843],eax ret FUNC_000895: ; Pos = 3b660 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x10] push dword DATA_007117 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] and eax,0x1ff push eax push ebx call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 push ebx call _strlen pop ecx add eax,ebx pop ebx pop ebp ret FUNC_000896: ; Pos = 3b690 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp ax,0x4000 jna JUMP_003761 mov ax,0xffff pop ebp ret JUMP_003761: ; Pos = 3b6a2 movzx eax,ax sar eax,0x6 mov ax,[eax*4+DATA_007129] pop ebp ret FUNC_000897: ; Pos = 3b6b4 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi push edi mov eax,[ebp+0x1c] mov ebx,[ebp+0x18] cmp eax,0x7fffffff jna JUMP_003762 or edx,byte -0x1 jmp short JUMP_003763 JUMP_003762: ; Pos = 3b6cf mov edx,eax add edx,edx JUMP_003763: ; Pos = 3b6d3 mov [ebp-0x4],edx push ebx call FUNC_000896 pop ecx mov [ebp-0xa],ax xor edi,edi mov esi,ebx jmp JUMP_003779 JUMP_003764: ; Pos = 3b6ea call FUNC_000894 mov ebx,eax and ebx,0xffff shr ebx,0x3 movzx eax,word [ebp+0x14] add ebx,eax cmp ebx,0x10000 jc JUMP_003765 movzx eax,si jmp short JUMP_003766 JUMP_003765: ; Pos = 3b70d movzx eax,si imul ebx shr eax,0x10 JUMP_003766: ; Pos = 3b715 mov ebx,eax movzx eax,si mov edi,eax sar edi,0x2 mov edx,eax sar edx,0x3 add edi,edx add edi,ebx add eax,edi cmp eax,0x10000 jnc near JUMP_003779 call FUNC_000894 mov ebx,eax and ebx,0xffff mov eax,ebx imul ebx shr eax,0x10 mov ebx,eax mov eax,ebx imul ebx shr eax,0x10 mov ebx,eax mov eax,edi add ax,si push eax call FUNC_000896 pop ecx movzx eax,ax movzx edx,word [ebp-0xa] sub eax,edx imul ebx shr eax,0x10 mov ebx,eax add [ebp-0xa],bx movzx eax,bx push eax mov eax,[ebp+0x20] push eax call near [DATA_007747] ; FUNC_001515 add esp,byte +0x8 mov ebx,eax cmp ebx,byte +0x20 jna near JUMP_003778 cmp ebx,0x3a98 jnc JUMP_003767 shr ebx,0x3 JUMP_003767: ; Pos = 3b79b mov eax,[ebp+0xc] mov eax,[eax] mov [ebp-0x10],eax cmp ebx,0x1036640 jna JUMP_003769 cmp byte [DATA_008851],0x1 jna JUMP_003769 mov eax,[DATA_008852] shr eax,1 cmp ebx,eax jna JUMP_003768 mov ebx,eax JUMP_003768: ; Pos = 3b7c1 call FUNC_000894 mov eax,[ebp+0x28] push eax mov eax,[ebp+0x24] push eax mov eax,[DATA_008844] and eax,0xffff shr eax,0xb push eax mov eax,edi shr eax,1 add ax,si push eax mov eax,[ebp-0x4] push eax push ebx mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000877 add esp,byte +0x24 add byte [DATA_008851],0xfe mov word [ebp-0xc],0x3000 shr ebx,0x2 jmp JUMP_003772 JUMP_003769: ; Pos = 3b812 cmp ebx,0x1036640 jna JUMP_003771 cmp byte [DATA_008851],0x0 jz JUMP_003770 dec byte [DATA_008851] mov eax,[DATA_008852] shr eax,1 cmp ebx,eax jna JUMP_003771 mov ebx,eax cmp ebx,0x1036640 jnc JUMP_003771 mov ebx,0x1036640 jmp short JUMP_003771 JUMP_003770: ; Pos = 3b845 call FUNC_000894 and eax,0xffff mov ebx,eax shl ebx,0x7 add ebx,eax lea ebx,[eax+ebx*2] JUMP_003771: ; Pos = 3b859 lea eax,[ebp+0x34] push eax lea eax,[ebp+0x30] push eax lea eax,[ebp+0x2c] push eax mov eax,[ebp+0x28] push eax mov eax,[ebp+0x24] push eax mov eax,edi shr eax,1 add ax,si push eax mov eax,[ebp-0x4] push eax mov eax,[ebp+0x10] push eax push ebx mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000881 add esp,byte +0x2c mov [ebp-0xc],ax JUMP_003772: ; Pos = 3b892 cmp ebx,0x3a98 ja JUMP_003773 shl ebx,0x3 JUMP_003773: ; Pos = 3b89d mov eax,[ebp-0x4] shr eax,0x6 cmp ebx,eax jna JUMP_003774 mov eax,[ebp-0x4] shr eax,0x6 jmp short JUMP_003775 JUMP_003774: ; Pos = 3b8af mov eax,ebx JUMP_003775: ; Pos = 3b8b1 mov [ebp-0x8],eax mov eax,[DATA_008843] mov [ebp-0x14],eax mov eax,[DATA_008844] mov [ebp-0x18],eax xor eax,eax mov al,[DATA_008849] mov [ebp-0x1c],eax cmp ebx,0x1036640 jna JUMP_003776 mov byte [DATA_008849],0x0 jmp short JUMP_003777 JUMP_003776: ; Pos = 3b8df inc byte [DATA_008849] JUMP_003777: ; Pos = 3b8e5 mov eax,[ebp+0x34] push eax mov eax,[ebp+0x30] push eax mov eax,[ebp+0x2c] push eax mov eax,[ebp+0x28] push eax mov eax,[ebp-0x10] mov edx,eax shl eax,0x4 add eax,edx shl eax,0x2 add eax,[ebp+0x8] add eax,byte +0x26 push eax shr ebx,0x7 push ebx mov eax,[ebp-0x8] push eax mov ax,[ebp-0xc] push eax call FUNC_000894 push eax mov eax,[ebp-0x10] inc eax push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000897 add esp,byte +0x30 mov eax,[ebp-0x14] mov [DATA_008843],eax mov eax,[ebp-0x18] mov [DATA_008844],eax mov al,[ebp-0x1c] mov [DATA_008849],al JUMP_003778: ; Pos = 3b949 add si,di JUMP_003779: ; Pos = 3b94c movzx eax,si add edi,eax cmp edi,0x10000 jc near JUMP_003764 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000898: ; Pos = 3b964 push ebp mov ebp,esp call FUNC_000904 pop ebp ret FUNC_000899: ; Pos = 3b970 push ebp mov ebp,esp push byte +0x1 mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000903 add esp,byte +0x20 pop ebp ret FUNC_000900: ; Pos = 3b99c push ebp mov ebp,esp add esp,byte -0x10 xor eax,eax mov [ebp-0x10],eax push byte +0x1 mov eax,[ebp+0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax mov eax,[ebp+0xc] push eax lea eax,[ebp-0x10] push eax mov eax,[ebp+0x8] push eax call FUNC_000903 add esp,byte +0x20 mov esp,ebp pop ebp ret FUNC_000901: ; Pos = 3b9d4 push ebp mov ebp,esp push byte +0x2 mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000903 add esp,byte +0x20 pop ebp ret FUNC_000902: ; Pos = 3ba00 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov ebx,[ebp+0xc] movzx eax,word [ebp+0x8] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] mov [ebp-0x4],eax mov eax,[ebp-0x4] cmp word [eax+0x6],byte +0x0 jz JUMP_003780 mov eax,[ebp-0x4] mov ax,[eax+0x6] jmp short JUMP_003781 JUMP_003780: ; Pos = 3ba31 mov ax,0x1 JUMP_003781: ; Pos = 3ba35 mov [ebp-0x6],ax xor eax,eax mov [ebx],eax mov esi,0x1 mov eax,ebx mov ebx,eax mov ecx,DATA_007189 JUMP_003782: ; Pos = 3ba4b mov eax,[ebp-0x4] movsx eax,word [eax+0x8] cmp eax,[ecx] jg JUMP_003783 xor eax,eax mov [ebx],eax jmp short JUMP_003785 JUMP_003783: ; Pos = 3ba5c movsx eax,word [ebp-0x6] push eax mov eax,[ecx-0x8] pop edx mov edi,edx cdq idiv edi cmp eax,0x12c jnl JUMP_003784 xor eax,eax JUMP_003784: ; Pos = 3ba73 mov [ebx],eax JUMP_003785: ; Pos = 3ba75 inc esi add ebx,byte +0x4 add ecx,byte +0x10 cmp esi,byte +0x8 jng JUMP_003782 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000903: ; Pos = 3ba88 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov edi,[ebp+0x18] mov ebx,[ebp+0x14] mov esi,[ebp+0x8] mov eax,[esi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] mov [ebp-0x4],eax mov eax,[ebp-0x4] movsx eax,word [eax+0x6] mov [ebx],eax movsx eax,byte [esi+0xd0] shl eax,0x4 add eax,DATA_007187 mov [ebp-0x8],eax mov eax,[ebp-0x8] mov eax,[eax+0xc] mov edx,[ebp+0x10] mov [edx],eax mov eax,[ebp-0x8] mov eax,[eax] cdq idiv dword [ebx] mov edx,[ebp+0x20] mov [edx],eax mov edx,[ebp+0x20] mov edx,[edx] mov eax,[ebp+0xc] mov eax,[eax] cmp edx,eax jl JUMP_003786 test eax,eax jnz JUMP_003788 JUMP_003786: ; Pos = 3baf4 xor eax,eax mov [edi],eax mov dword [ebx],0xffffffff xor eax,eax mov al,[esi+0x86] cmp eax,[DATA_008857] jnz JUMP_003787 mov eax,[ebp+0xc] cmp dword [eax],byte +0x0 jz JUMP_003787 and word [DATA_008860],0xfeff JUMP_003787: ; Pos = 3bb1f or eax,byte -0x1 jmp JUMP_003801 JUMP_003788: ; Pos = 3bb27 mov eax,[ebp+0xc] mov eax,[eax] imul dword [ebx] mov ecx,0x7531 cdq idiv ecx inc eax mov [ebx],eax mov eax,[ebp-0x8] mov eax,[eax+0x4] shl eax,0xf push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 sub [ebx],eax cmp dword [ebx],byte +0x1 jnl JUMP_003789 mov dword [ebx],0x1 JUMP_003789: ; Pos = 3bb5b mov eax,[ebp+0xc] mov eax,[eax] shl eax,0x10 dec eax mov edx,[ebp+0x20] mov ecx,[edx] xor edx,edx div ecx mov edx,eax shl eax,0x3 sub eax,edx mov edx,[ebp+0x1c] mov [edx],eax xor eax,eax mov al,[esi+0x86] cmp eax,[DATA_008857] jz JUMP_003790 xor eax,eax mov al,[esi+0x119] mov [edi],eax jmp short JUMP_003792 JUMP_003790: ; Pos = 3bb95 cmp byte [esi+0xd0],0xa jl JUMP_003791 movzx eax,word [DATA_008902] mov [edi],eax jmp short JUMP_003792 JUMP_003791: ; Pos = 3bba9 movzx eax,word [DATA_008901] mov [edi],eax JUMP_003792: ; Pos = 3bbb2 mov eax,[ebx] cmp eax,[edi] jng JUMP_003794 xor eax,eax mov [edi],eax xor eax,eax mov al,[esi+0x86] cmp eax,[DATA_008857] jnz JUMP_003793 and word [DATA_008860],0xfeff JUMP_003793: ; Pos = 3bbd5 or eax,byte -0x1 jmp JUMP_003801 JUMP_003794: ; Pos = 3bbdd xor eax,eax mov al,[esi+0x86] cmp eax,[DATA_008857] jnz JUMP_003795 or word [DATA_008860],0x100 JUMP_003795: ; Pos = 3bbf6 cmp dword [ebp+0x24],byte +0x2 jnz JUMP_003798 xor eax,eax mov al,[esi+0x86] cmp eax,[DATA_008857] jz JUMP_003796 mov al,[ebx] sub [esi+0x119],al mov eax,[ebx] sub [edi],eax jmp short JUMP_003798 JUMP_003796: ; Pos = 3bc1a cmp byte [esi+0xd0],0xa jl JUMP_003797 mov ax,[ebx] sub [DATA_008902],ax add [DATA_008903],ax mov eax,[ebx] sub [edi],eax and word [DATA_008860],0xfeff jmp short JUMP_003798 JUMP_003797: ; Pos = 3bc43 mov ax,[ebx] sub [DATA_008901],ax mov eax,[ebx] sub [DATA_008891],eax sub [edi],eax and word [DATA_008860],0xfeff JUMP_003798: ; Pos = 3bc60 mov eax,[ebp-0x4] movsx ebx,word [eax+0x6] mov eax,[ebp-0x8] mov eax,[eax+0x4] shl eax,0xf push eax push ebx call FUNC_001521 add esp,byte +0x8 sub ebx,eax cmp ebx,byte +0x1 jnl JUMP_003799 mov ebx,0x1 JUMP_003799: ; Pos = 3bc86 mov eax,0x7531 cdq idiv ebx imul eax,[edi] mov [edi],eax mov eax,[ebp+0x20] mov eax,[eax] cmp eax,[edi] jnl JUMP_003800 mov [edi],eax JUMP_003800: ; Pos = 3bc9e mov eax,[ebp+0xc] mov eax,[eax] JUMP_003801: ; Pos = 3bca3 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_000904: ; Pos = 3bcac push ebp mov ebp,esp add esp,byte -0x28 lea eax,[ebp-0x28] push eax call FUNC_000855 pop ecx lea eax,[ebp-0x28] push eax call FUNC_000905 pop ecx mov esp,ebp pop ebp ret nop nop FUNC_000905: ; Pos = 3bccc push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0xc] push eax call FUNC_000906 pop ecx push ebx push dword DATA_008798 call FUNC_000878 add esp,byte +0x8 movsx eax,byte [DATA_008856] mov [DATA_009011],eax mov byte [DATA_008932],0x0 call FUNC_000907 mov eax,[DATA_008807] push eax mov eax,[DATA_008804] push eax push dword DATA_008798 mov eax,[DATA_009133] push eax call FUNC_000880 add esp,byte +0x10 pop ebx pop ebp ret FUNC_000906: ; Pos = 3bd28 push ebp mov ebp,esp mov eax,DATA_008804 mov edx,[eax+0x1ac] mov [eax+0x1a8],edx mov edx,[eax+0x1b0] mov [eax+0x1ac],edx mov edx,[eax+0x10a] mov [eax+0x1b0],edx mov edx,[ebp+0x8] mov [eax+0x10a],edx pop ebp ret nop FUNC_000907: ; Pos = 3bd60 xor eax,eax mov al,[DATA_008847] push eax mov eax,0xc pop edx sub eax,edx test eax,eax jng JUMP_003802 shl eax,0x3 mov edx,[DATA_008843] and edx,0xffff mov ecx,edx imul ecx,eax shr ecx,0x10 mov eax,ecx imul edx,eax shr edx,0x10 mov eax,edx jmp short JUMP_003803 JUMP_003802: ; Pos = 3bd97 xor eax,eax JUMP_003803: ; Pos = 3bd99 mov [DATA_009103],al ; FIX: Asteroids run out (refixed) mov byte [DATA_009102], 0 ret nop FUNC_000908: ; Pos = 3bda0 push ebp mov ebp,esp add esp,byte -0x14 push ebx mov ebx,DATA_008804 mov al,[ebx+0xe8] test al,al jz JUMP_003804 cmp al,0x24 jnz near JUMP_003805 JUMP_003804: ; Pos = 3bdbe cmp byte [ebx+0x268],0x0 jz near JUMP_003805 cmp dword [ebx+0xdc],0xb71b00 jl near JUMP_003805 push byte +0x1 push byte +0xf call FUNC_000034 add esp,byte +0x8 push byte +0xf call FUNC_000035 pop ecx test eax,eax jz near JUMP_003805 push byte +0x0 push byte +0xf call FUNC_000034 add esp,byte +0x8 mov eax,[ebx+0x26c] mov [ebx+0x5330],eax mov eax,[ebx+0x27c] mov [ebx+0x1b4],eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebx+0x5330] push eax mov eax,[ebx+0xc8] push eax call FUNC_000901 add esp,byte +0x1c test eax,eax jl near JUMP_003805 mov eax,[ebp-0x4] mov [ebx+0x532c],eax mov eax,[ebp-0x14] mov [ebx+0x180],eax ; FIX: Player hyperspace time-travel mov eax, [ebp-0x4] shl eax, 0x10 mov edx, [ebp-0x4] shr edx, 0x10 add eax, [ebx] adc edx, [ebx+0x4] mov [ebx+0x76], eax mov [ebx+0x7a], edx ; mov edx,[ebp-0x4] ; shl edx,0x10 ; mov eax,edx ; add eax,[ebx] ; mov [ebx+0x76],eax ; mov ecx,[ebp-0x4] ; shr ecx,0x10 ; add ecx,[ebx+0x4] ; add edx,[ebx] ; cmp eax,edx ; setc al ; and eax,byte +0x1 ; add ecx,eax ; mov [ebx+0x7a],ecx mov byte [ebx+0xe8],0x4 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc push byte +0x21 call FUNC_001906_SoundPlaySample pop ecx push byte +0x1 mov eax,[ebx+0x27c] push eax call FUNC_000909 add esp,byte +0x8 mov eax,[ebx+0x532c] mov [ebx+0x106],eax mov byte [ebx+0xef],0x0 mov dword [DATA_007706],0xf880000 mov dword [DATA_009123],0x12 JUMP_003805: ; Pos = 3bed9 pop ebx mov esp,ebp pop ebp ret FUNC_000909: ; Pos = 3bee0 push ebp mov ebp,esp add esp,byte -0x38 push ebx mov ebx,DATA_008804 mov eax,[ebx+0xc8] mov word [eax+0xb6],0x0 mov word [eax+0xba],0x0 mov eax,[ebp+0x8] push eax push byte +0x1 call FUNC_000148 add esp,byte +0x8 xor eax,eax mov [ebx+0x70],eax mov eax,[DATA_009133] push eax call FUNC_000988 pop ecx mov eax,[ebx+0xc8] movzx eax,byte [eax+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x4f cmp byte [ebx+0xe8],0x2a jnz JUMP_003806 mov eax,[ebx+0xcc] movzx eax,byte [eax+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x4f jmp short JUMP_003807 JUMP_003806: ; Pos = 3bf5c push dword 0x2000 call near [DATA_007217] ; FUNC_000922 pop ecx or ax,0x4000 mov [ebp-0x4],ax mov word [ebp-0x2],0x33 mov eax,[ebp-0x4] push eax mov eax,[ebx+0xc8] push eax call FUNC_000912 add esp,byte +0x8 mov eax,[ebx+0xc8] mov byte [eax+0x56],0x0 mov byte [eax+0x57],0x0 mov byte [eax+0x14d],0x0 JUMP_003807: ; Pos = 3bf9e mov byte [ebx+0xec],0x0 mov byte [ebx+0xed],0x0 mov byte [ebx+0x112],0x0 cmp dword [ebp+0xc],byte +0x0 jz JUMP_003809 call near [DATA_007752] ; FUNC_001530 cmp eax,0xfe00 jna JUMP_003808 mov eax,[ebp+0x8] push eax push byte +0x0 mov eax,[ebx+0xc8] push eax call FUNC_000910 add esp,byte +0xc jmp JUMP_003812 JUMP_003808: ; Pos = 3bfe0 cmp byte [DATA_007695],0x0 jnz JUMP_003809 mov eax,[ebp+0x8] push eax push byte +0x1 mov eax,[ebx+0xc8] push eax call FUNC_000910 add esp,byte +0xc JUMP_003809: ; Pos = 3bffe push byte +0x0 push byte +0x13 call FUNC_000148 add esp,byte +0x8 mov eax,[ebp+0x8] push eax lea eax,[ebp-0x38] push eax call FUNC_000860 add esp,byte +0x8 lea eax,[ebp-0x38] push eax call FUNC_000905 pop ecx cmp byte [ebx+0xe8],0x2a jnz JUMP_003810 mov eax,[ebx+0xcc] cmp dword [eax+0x82],byte +0x45 jnz JUMP_003810 mov eax,[ebx+0xcc] mov byte [eax+0x56],0x70 mov dword [eax+0x3e],0xf4240 xor edx,edx mov [eax+0x42],edx mov dword [eax+0x46],0x989680 xor edx,edx mov [eax+0x4a],edx xor edx,edx mov [eax+0x4e],edx xor edx,edx mov [eax+0x52],edx xor edx,edx mov [eax+0x8c],edx xor edx,edx mov [eax+0x90],edx xor edx,edx mov [eax+0x94],edx jmp short JUMP_003811 JUMP_003810: ; Pos = 3c082 mov eax,[DATA_009133] push eax mov eax,[ebx+0xc8] push eax call near [DATA_006154] ; FUNC_000606 add esp,byte +0x8 mov eax,[DATA_009133] push eax mov eax,[ebx+0xc8] push eax call near [DATA_006154] ; FUNC_000606 add esp,byte +0x8 JUMP_003811: ; Pos = 3c0ae push byte +0x0 push byte +0x2 call FUNC_000148 add esp,byte +0x8 mov dword [ebx+0x408],0x337fff mov byte [ebx+0x3fb],0x72 push byte +0x4 push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_003812: ; Pos = 3c0d9 pop ebx mov esp,ebp pop ebp ret FUNC_000910: ; Pos = 3c0e0 push ebp mov ebp,esp add esp,byte -0x60 push ebx cmp byte [ebp+0xc],0x0 jnz JUMP_003813 mov ebx,0x98c5 jmp short JUMP_003814 JUMP_003813: ; Pos = 3c0f4 mov ebx,0x98c6 JUMP_003814: ; Pos = 3c0f9 call near [DATA_007752] ; FUNC_001530 and eax,byte +0xf mov al,[eax+DATA_007190] mov [ebp-0x1],al lea eax,[ebp-0x1] push eax push byte +0x14 call FUNC_000148 add esp,byte +0x8 xor eax,eax mov al,[ebp-0x1] cmp eax,byte +0x6 ja near JUMP_003821 jmp near [eax*4+DATA_000037] SECTION .data DATA_000037: ; Pos = 3c12e dd JUMP_003816 dd JUMP_003815 dd JUMP_003821 dd JUMP_003820 dd JUMP_003821 dd JUMP_003818 dd JUMP_003819 SECTION .text JUMP_003815: ; Pos = 3c14a mov eax,[ebp+0x8] push eax call FUNC_000911 pop ecx mov ebx,eax JUMP_003816: ; Pos = 3c156 mov [ebp-0x38],ebx mov dword [ebp-0x20],0xffffffff lea eax,[ebp-0x38] push eax call FUNC_000349 pop ecx mov eax,[ebp+0x10] push eax lea eax,[ebp-0x60] push eax call FUNC_000860 add esp,byte +0x8 lea eax,[ebp-0x60] push eax call FUNC_000905 pop ecx push byte +0x0 push byte +0x2 call FUNC_000148 add esp,byte +0x8 mov word [ebp-0x8],0x5600 mov word [ebp-0x6],0x39 mov ecx,[DATA_008955] test ecx,ecx jz JUMP_003817 mov eax,ecx mov ecx,0x50 cdq idiv ecx imul eax,eax,0x6950 mov [ebp-0x8],ax mov word [ebp-0x6],0x3f JUMP_003817: ; Pos = 3c1c0 mov eax,[ebp-0x8] push eax mov eax,[DATA_008861] push eax call FUNC_000912 add esp,byte +0x8 jmp short JUMP_003822 JUMP_003818: ; Pos = 3c1d4 mov [ebp-0x38],ebx mov dword [ebp-0x20],0xffffffff lea eax,[ebp-0x38] push eax call FUNC_000349 pop ecx jmp short JUMP_003822 JUMP_003819: ; Pos = 3c1ea mov eax,[DATA_008861] push eax call near [DATA_007218] ; FUNC_000925 pop ecx jmp short JUMP_003823 JUMP_003820: ; Pos = 3c1f9 mov eax,[ebp+0x8] push eax call FUNC_000911 pop ecx mov ebx,eax JUMP_003821: ; Pos = 3c205 mov [ebp-0x38],ebx mov dword [ebp-0x20],0xffffffff lea eax,[ebp-0x38] push eax call FUNC_000349 pop ecx JUMP_003822: ; Pos = 3c219 mov eax,[DATA_009114] mov [DATA_008884],eax mov dword [DATA_007706],0xf880000 mov dword [DATA_009123],0x12 JUMP_003823: ; Pos = 3c237 pop ebx mov esp,ebp pop ebp ret FUNC_000911: ; Pos = 3c23c push ebp mov ebp,esp mov edx,[ebp+0x8] movsx eax,byte [edx+0xd0] shl eax,0x4 mov eax,[eax+DATA_007188] sub eax,byte +0x4 test eax,eax jl JUMP_003824 add [DATA_008904],ax add [DATA_008891],eax mov [DATA_008889],eax JUMP_003824: ; Pos = 3c26b mov byte [edx+0xd0],0x1 xor eax,eax mov [DATA_008907],eax mov eax,0x98c7 pop ebp ret FUNC_000912: ; Pos = 3c280 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008820] push eax mov eax,[DATA_008818] push eax mov eax,[ebp+0xc] push eax push ebx call near [DATA_007741] ; FUNC_001507 add esp,byte +0x10 mov byte [ebx+0x25],0x0 mov word [ebx+0xb4],0x0 mov word [ebx+0xb6],0x0 mov word [ebx+0xb8],0x0 xor eax,eax mov [ebx+0x8c],eax xor eax,eax mov [ebx+0x90],eax xor eax,eax mov [ebx+0x94],eax xor eax,eax mov [ebx+0xf2],eax xor eax,eax mov [ebx+0xf6],eax xor eax,eax mov [ebx+0xfa],eax xor eax,eax mov [DATA_008918],eax pop ebx pop ebp ret FUNC_000913: ; Pos = 3c31c push ebp mov ebp,esp push ebx mov eax,[ebp+0xc] mov ebx,[ebp+0x8] cmp ebx,[DATA_007192] jnz JUMP_003825 cmp eax,[DATA_007193] jnz JUMP_003825 cmp byte [DATA_008642],0x0 jz JUMP_003825 cmp byte [DATA_007194],0x0 jz JUMP_003825 push byte +0x0 call FUNC_000118 pop ecx pop ebx pop ebp ret JUMP_003825: ; Pos = 3c353 mov [DATA_007192],ebx mov [DATA_007193],eax push ebx call FUNC_000120 pop ecx test eax,eax jz JUMP_003826 mov byte [DATA_008642],0x1 mov byte [DATA_007194],0x1 pop ebx pop ebp ret JUMP_003826: ; Pos = 3c37a mov byte [DATA_007194],0x0 pop ebx pop ebp ret FUNC_000914: ; Pos = 3c384 mov ecx,DATA_009133 xor eax,eax mov [DATA_008834],eax mov eax,0x72 JUMP_003827: ; Pos = 3c395 mov edx,[ecx] test byte [edx+eax],0x20 jz JUMP_003828 mov byte [edx+eax],0x0 JUMP_003828: ; Pos = 3c3a1 dec eax test eax,eax jg JUMP_003827 ret FUNC_000915: ; Pos = 3c3a8 push ebp mov ebp,esp JUMP_003829: ; Pos = 3c3ab call FUNC_001632_UpdatePtr call near [DATA_007672] ; FUNC_001414_GuiGetLastAction test al,al jnz JUMP_003829 xor eax,eax mov [DATA_009155],eax xor eax,eax mov [DATA_009156],eax xor eax,eax mov [DATA_009122],eax xor eax,eax mov [DATA_009157],eax xor eax,eax mov [DATA_008941],eax call FUNC_001577_ClearBuf call FUNC_001637_FlipScreen call FUNC_001577_ClearBuf call near [DATA_007632] ; FUNC_001330_DPalBuild pop ebp ret FUNC_000916: ; Pos = 3c3f0 push ebp mov ebp,esp call FUNC_000915 push byte +0x1 push dword DATA_009125 call _LongJmp add esp,byte +0x8 pop ebp ret FUNC_000917: ; Pos = 3c40c push ebp mov ebp,esp add esp,0xfffffeac push ebx push esi push edi call FUNC_000915 call FUNC_001903_SoundStopSong cmp dword [DATA_008812],byte +0x0 jnl JUMP_003830 xor eax,eax mov [DATA_008812],eax JUMP_003830: ; Pos = 3c432 or byte [DATA_008835],0x20 mov eax,[DATA_007201] mov [DATA_008821],eax mov eax,[DATA_007202] mov [DATA_008822],eax mov eax,[DATA_007203] mov [DATA_008823],eax cmp dword [DATA_008885],0xeb6973d jnz JUMP_003831 mov dword [ebp+0xffffff2e],0xaf jmp short JUMP_003832 JUMP_003831: ; Pos = 3c475 mov dword [ebp+0xffffff2e],0xac JUMP_003832: ; Pos = 3c47f lea esi,[ebp-0x30] mov edi,DATA_008920 xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb xor eax,eax mov [ebp+0xfffffed2],eax xor eax,eax mov [ebp+0xfffffeda],eax mov ebx,0x3d090 JUMP_003833: ; Pos = 3c4b9 call FUNC_001418_TimerAdvance mov [ebp+0xfffffee2],ebx cmp ebx,0x88b8 jnl JUMP_003834 mov dword [ebp+0xfffffee2],0x88b8 JUMP_003834: ; Pos = 3c4d1 call FUNC_001524_TogglePtr call near [DATA_007672] ; FUNC_001414_GuiGetLastAction test al,al jnz JUMP_003835 mov eax,ebx sar eax,1 push eax push byte +0x0 lea eax,[ebp+0xfffffeac] push eax call FUNC_001675_MatBuildYZT add esp,byte +0xc call FUNC_001786 lea eax,[ebp+0xfffffeac] push eax call near [DATA_007806] ; FUNC_001681 pop ecx call near [DATA_007632] ; FUNC_001330_DPalBuild call FUNC_001619_ZeroUpperBuf call FUNC_001789 call FUNC_001637_FlipScreen mov eax,[DATA_009157] mov [DATA_009122],eax sub [DATA_009157],eax sub ebx,eax cmp ebx,0xfff551a0 jg near JUMP_003833 JUMP_003835: ; Pos = 3c538 push byte +0x1 push dword DATA_009125 call _LongJmp add esp,byte +0x8 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000918: ; Pos = 3c550 push ebp mov ebp,esp cmp dword [ebp+0x8],byte +0x0 jnz JUMP_003836 call FUNC_000916 pop ebp ret JUMP_003836: ; Pos = 3c560 call FUNC_000917 pop ebp ret FUNC_000919: ; Pos = 3c568 push ebp mov ebp,esp call near [DATA_007632] ; FUNC_001330_DPalBuild mov byte [DATA_008835],0x0 xor eax,eax mov [DATA_009155],eax xor eax,eax mov [DATA_009156],eax xor eax,eax mov [DATA_009122],eax xor eax,eax mov [DATA_008941],eax xor eax,eax mov [DATA_009157],eax mov byte [DATA_009078],0x0 mov dword [DATA_008837],0xffffffff xor edx,edx mov eax,DATA_008800 JUMP_003837: ; Pos = 3c5b3 mov byte [eax],0x0 inc edx inc eax cmp edx,byte +0x40 jl JUMP_003837 push byte +0x0 push byte +0x3 call FUNC_000148 add esp,byte +0x8 call FUNC_001903_SoundStopSong call FUNC_001909_SoundStopAllSamples push byte +0x0 push byte +0x1 push byte +0x3 call FUNC_000144 add esp,byte +0xc push byte +0x1 push dword DATA_009126 call _LongJmp add esp,byte +0x8 pop ebp ret NullKill: push ebp mov ebp, esp db 0xff SECTION .data pSplash1: db 'JJFFE version 2.8a7', 0x0 pSplash2: db 'Original game copyright Frontier Developments', 0x0 pSplash3: db 'This version recompiled and modified by John Jordan', 0x0 pSplash4: db 'This is a replacement executable not a complete game', 0x0 pSplash5: db 'Visit http://jaj22.org.uk/jjffe/ for more information', 0x0 pSplash6: db 'Visit http://www.eliteclub.co.uk/ to get shareware FFE', 0x0 pSplash7: db 'This is a reverse engineered version of a commercial game', 0x0 pSplash8: db 'It is illegal to own it even if you own the original', 0x0 pSplash9: db 'Press "y" if you accept this or any other key to exit', 0x0 splashTimeout dd 0 frameCount dd 0 flipCount dd 0 framesPerSec dd 0 flipsPerSec dd 0 fpsEnabled dd 0 pFPSString: db 'FPS: %i', 0x0 pDebugString1: db 'Flags: 0x%x, State: 0x%x, FOR: %i:%i', 0x0 pDebugString2: db 'Target AI state: 0x%x, FOR: %i:%i', 0x0 pDebugString3: db 'V-squared: %x, 2as: %x', 0x0 pDebugString4: db 'Current time: %x:%x, stop time: %x:%x', 0x0 pDebugString5: db 'FOR weights: gp: %i, parent: %i, current: %i', 0x0 pDebugString6: db 'Distance exp: gp: %i, parent: %i, current: %i', 0x0 pDebugString7: db 'Current calculated FOR: %s', 0x0 pDebugString8: db 'Max asteroids: %i, num asteroids: %i', 0x0 pDebugString9: db 'Random val: %x, %x', 0x0 pCmpString: db 'XB-584', 0x0 pTempString: times 128 db 0 SECTION .text _asmmain: ; Pos = 3c5f4 push ebp mov ebp,esp sub esp, 0x50 push ebx push esi push edi mov ebx,DATA_008804 push dword 0x556a push byte +0x0 push ebx call _memset add esp,byte +0xc push byte +0x51 push byte +0x0 push dword DATA_008656 call _memset add esp,byte +0xc call FUNC_001527_SysInit ; Time for some splash... push dword DATA_007204 ; Black background call FUNC_001575 pop ecx call FUNC_001573 or byte [ebx+0x74],0x20 ; Pointer off call FUNC_001577_ClearBuf push dword 30 push dword 123 push dword pSplash1 call FUNC_001583_TextWriteDefaultColor add esp, byte 0xc push dword 50 push dword 75 push dword pSplash2 call FUNC_001583_TextWriteDefaultColor add esp, byte 0xc push dword 60 push dword 67 push dword pSplash3 call FUNC_001583_TextWriteDefaultColor add esp, byte 0xc push dword 80 push dword 66 push dword pSplash4 call FUNC_001583_TextWriteDefaultColor add esp, byte 0xc push dword 90 push dword 54 push dword pSplash5 call FUNC_001583_TextWriteDefaultColor add esp, byte 0xc push dword 100 push dword 59 push dword pSplash6 call FUNC_001583_TextWriteDefaultColor add esp, byte 0xc push dword 120 push dword 59 push dword pSplash7 call FUNC_001583_TextWriteDefaultColor add esp, byte 0xc push dword 130 push dword 72 push dword pSplash8 call FUNC_001583_TextWriteDefaultColor add esp, byte 0xc push dword 140 push dword 68 push dword pSplash9 call FUNC_001583_TextWriteDefaultColor add esp, byte 0xc ; Wait for input .splashloop: call FUNC_001418_TimerAdvance call FUNC_001637_FlipScreen call FUNC_001414_GuiGetLastAction test al, al jz .splashloop ; Exit if not 'y' cmp al, 'y' jz .splashnoexit call FUNC_001529_SysExit .splashnoexit: mov dword [splashTimeout], 100 push byte 0x0 call FUNC_001415_GuiSetLastAction pop ecx call FUNC_000958 call FUNC_000146 JUMP_003838: ; Pos = 3c63b push dword DATA_009125 call _SetJmp pop ecx test eax,eax jnz JUMP_003838 call FUNC_000987_nothing mov byte [ebx+0x74],0x0 mov eax,[DATA_007245] mov [DATA_009133],eax xor edx,edx mov [ebx+0x70],edx push eax call FUNC_000988 pop ecx mov byte [ebx+0xe],0x1 push dword DATA_007204 call FUNC_001575 pop ecx call FUNC_001573 or byte [ebx+0x74],0x20 call FUNC_001577_ClearBuf call FUNC_001637_FlipScreen call FUNC_001577_ClearBuf mov dword [DATA_007706],0x3e2 push dword DATA_007214 call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx mov eax,[ebx+0x10] mov esi,eax test eax,eax jnl JUMP_003839 xor eax,eax mov [ebx+0x10],eax JUMP_003839: ; Pos = 3c6b4 or edi,byte -0x1 xor eax,eax mov [DATA_009155],eax xor eax,eax mov [DATA_009156],eax mov dword [ebx],0x400 xor eax,eax mov [DATA_008799],eax call near [DATA_007672] ; FUNC_001414_GuiGetLastAction push byte +0x0 call FUNC_001902_SoundPlaySong pop ecx call FUNC_001903_SoundStopSong JUMP_003840: ; Pos = 3c6e5 call FUNC_001904_SoundSongDone test eax,eax jz JUMP_003841 push byte +0x0 call FUNC_001902_SoundPlaySong pop ecx JUMP_003841: ; Pos = 3c6f6 call FUNC_001418_TimerAdvance call FUNC_001786 mov eax,[DATA_009156] mov [DATA_009155],eax sub [DATA_009156],eax add [ebx],eax cmp eax,[ebx] jna JUMP_003842 inc dword [ebx+0x4] JUMP_003842: ; Pos = 3c71b call FUNC_000961 call near [DATA_007672] ; FUNC_001414_GuiGetLastAction and eax,0xff test eax,eax jz JUMP_003844 cmp eax,byte +0x31 jl JUMP_003843 cmp eax,byte +0x35 jg JUMP_003843 mov edi,[eax*4+DATA_007191] jmp short JUMP_003844 JUMP_003843: ; Pos = 3c742 cmp eax,byte +0x56 jz JUMP_003844 mov edi,[DATA_007199] JUMP_003844: ; Pos = 3c74d call FUNC_001524_TogglePtr call near [DATA_007632] ; FUNC_001330_DPalBuild call FUNC_001618_ClearUpperBuf call FUNC_001789 push byte +0x0 push byte +0x4 push byte +0x8 call FUNC_000144 add esp,byte +0xc call FUNC_001637_FlipScreen cmp edi,byte -0x1 jz near JUMP_003840 JUMP_003845: ; Pos = 3c77e push byte +0x0 call FUNC_001406_KeybGetKeyState pop ecx test eax,eax jnz JUMP_003845 mov [ebx+0x10],esi JUMP_003846: ; Pos = 3c78d call near [DATA_007672] ; FUNC_001414_GuiGetLastAction test al,al jnz JUMP_003846 call FUNC_001903_SoundStopSong and byte [ebx+0x74],0xdf push dword DATA_009126 call _SetJmp pop ecx test eax,eax jnz JUMP_003847 push edi call FUNC_000147 pop ecx jmp short JUMP_003849 JUMP_003847: ; Pos = 3c7b8 push dword DATA_009126 call _SetJmp pop ecx test eax,eax jnz JUMP_003847 jmp short JUMP_003849 JUMP_003849: ; Pos = 3c7cd call FUNC_001418_TimerAdvance call FUNC_001524_TogglePtr call FUNC_001786 inc byte [ebx+0xe] mov al,[ebx+0xe] test al,al jnz JUMP_003850 inc byte [ebx+0xe] JUMP_003850: ; Pos = 3c7f4 mov eax,[DATA_009156] mov [DATA_009155],eax sub [DATA_009156],eax mov esi,[ebx+0x4] add [ebx],eax cmp eax,[ebx] jna JUMP_003851 inc dword [ebx+0x4] cmp dword [ebx+0x4],0x127c8e jna JUMP_003851 push byte +0x1 call FUNC_000918 pop ecx JUMP_003851: ; Pos = 3c821 mov eax,[ebx+0x4] cmp eax,[ebx+0x7a] ; FIX: Groundhog day bug ja .rollback jc JUMP_003852 mov eax,[ebx] cmp eax,[ebx+0x76] jc JUMP_003852 .rollback: mov eax,[ebx+0x76] mov [ebx],eax mov eax,[ebx+0x7a] mov [ebx+0x4],eax push byte +0x0 push byte +0x15 call FUNC_000148 add esp,byte +0x8 mov dword [ebx+0x7a],0xffffffff JUMP_003852: ; Pos = 3c84e mov ecx,[ebx+0x4] cmp esi,ecx jz JUMP_003854 mov eax,ecx mov ecx,0x7 xor edx,edx div ecx test edx,edx jnz JUMP_003853 push byte +0x0 push byte +0x10 call FUNC_000148 add esp,byte +0x8 JUMP_003853: ; Pos = 3c870 push byte +0x0 push byte +0xf call FUNC_000148 add esp,byte +0x8 JUMP_003854: ; Pos = 3c87c mov eax,[DATA_009157] mov [DATA_009122],eax xor edx,edx mov [DATA_009157],edx ; Update frame/flip counts push ebx inc dword [frameCount] mov eax, [DATA_008799] xor edx, edx mov ecx, 49710 div ecx mov ebx, eax mov eax, [DATA_009122] add eax, [DATA_008799] xor edx, edx div ecx cmp eax, ebx jz .notsecond mov eax, [frameCount] mov [framesPerSec], eax mov eax, [flipCount] mov [flipsPerSec], eax xor eax, eax mov [frameCount], eax mov [flipCount], eax .notsecond: pop ebx mov eax, [DATA_009122] add [DATA_008799],eax mov eax,[ebx+0x4] push eax mov eax,[ebx] push eax mov eax,[DATA_009133] push eax call FUNC_000149 add esp,byte +0xc call FUNC_000150 mov eax,[DATA_009133] push eax call FUNC_000152 pop ecx mov eax,[DATA_009133] push eax call FUNC_000153 pop ecx movsx eax,byte [ebx+0xc] test ah,0x1 jnz JUMP_003855 call FUNC_000154 call FUNC_001632_UpdatePtr jmp JUMP_003849 JUMP_003855: ; Pos = 3c8d9 call near [DATA_007632] ; FUNC_001330_DPalBuild test byte [ebx+0xc],0x1 jz JUMP_003856 call FUNC_001618_ClearUpperBuf JUMP_003856: ; Pos = 3c8ea call FUNC_001789 call FUNC_000154 ; Write FPS, FPS2 here: cmp dword [fpsEnabled], 0 jz near .nofps ; cmp byte [DATA_008631], 0 ; check if in view mode ; jz near .nofps push dword [framesPerSec] push dword pFPSString push dword pTempString call _sprintf add esp, byte 0xc push byte 0xf push byte 0x2 push byte 0x2 push dword pTempString call FUNC_001589_WriteStringShadowed add esp, byte 0x10 ; TEST: Debug print: mov ecx, [DATA_008861] movzx eax, byte [ecx+0x57] push eax movzx eax, byte [ecx+0x56] push eax movzx eax, byte [DATA_008870] push eax movzx eax, byte [DATA_008857] mov edx, [DATA_009133] movzx eax, byte [edx+eax] push eax ; movzx eax, byte [DATA_008934] ; push eax push dword pDebugString1 push dword pTempString call _sprintf add esp, 24 push byte 0xf push byte 22 push byte 2 push dword pTempString call FUNC_001589_WriteStringShadowed add esp, 16 movzx eax, byte [DATA_008875] imul ecx, eax, 0x152 add ecx, [DATA_009133] add ecx, 0x74 movzx eax, byte [ecx+0x57] push eax movzx eax, byte [ecx+0x56] push eax movzx eax, byte [ecx+0xff] push eax push dword pDebugString2 push dword pTempString call _sprintf add esp, 20 push byte 0xf push byte 32 push byte 2 push dword pTempString call FUNC_001589_WriteStringShadowed add esp, 16 push esi push ebx ; Get object & target pointers mov ebx, [DATA_008861] movzx eax, byte [DATA_008874] imul esi, eax, 0x152 add esi, [DATA_009133] add esi, 0x74 ; Get relative position push dword [DATA_009133] lea eax, [ebp-0x14] push eax lea eax, [ebp-0x10] push eax push esi push ebx call FUNC_000592 add esp, 20 lea eax, [ebp-0x10] push eax call FUNC_001466 add esp, 4 push eax call FUNC_001489 add esp, 4 mov ecx, [ebp-0x14] mov [ebp-0x14], eax sub cx, 8 add [ebp-0x12], cx ; Get relative velocity squared lea eax, [ebp-0x20] push eax push esi push ebx call FUNC_000594 add esp, 12 lea eax, [ebp-0x20] push eax call FUNC_001466 add esp, 4 push eax call FUNC_001489 add esp, 4 push eax push eax call FUNC_001482 add esp, 8 mov [ebp-0x24], eax ; Get ffp thrust * 2 movsx eax, word [ebx+0xbe] neg eax add eax, eax push eax call FUNC_001489 add esp, 4 mov [ebp-0x28], eax ; Now do v^2 - 2*a*s ;if v^2 > 2as, overshoot push dword [ebp-0x14] push dword [ebp-0x28] call FUNC_001482 add esp, 8 push eax push dword [ebp-0x24] push dword pDebugString3 push dword pTempString call _sprintf add esp, 16 push byte 0xf push byte 42 push byte 2 push dword pTempString call FUNC_001589_WriteStringShadowed add esp, 16 mov ebx, [DATA_008861] movzx eax, byte [DATA_008874] imul esi, eax, 0x152 add esi, [DATA_009133] add esi, 0x74 movzx eax, word [esi+0xda] push eax movzx eax, byte [esi+0x56] imul esi, eax, 0x152 add esi, [DATA_009133] add esi, 0x74 movzx eax, word [esi+0xda] push eax movzx eax, byte [esi+0x56] imul esi, eax, 0x152 add esi, [DATA_009133] add esi, 0x74 movzx eax, word [esi+0xda] push eax push dword pDebugString5 push dword pTempString call _sprintf add esp, 20 push byte 0xf push byte 52 push byte 2 push dword pTempString call FUNC_001589_WriteStringShadowed add esp, 16 mov ebx, [DATA_008861] movzx eax, byte [DATA_008874] imul esi, eax, 0x152 add esi, [DATA_009133] add esi, 0x74 lea eax, [ebp-0x4] push eax lea eax, [ebp-0x10] push eax push esi push ebx call FUNC_000590 add esp, 16 push dword [ebp-0x4] movzx eax, byte [esi+0x56] imul esi, eax, 0x152 add esi, [DATA_009133] add esi, 0x74 lea eax, [ebp-0x4] push eax lea eax, [ebp-0x10] push eax push esi push ebx call FUNC_000590 add esp, 16 push dword [ebp-0x4] movzx eax, byte [esi+0x56] imul esi, eax, 0x152 add esi, [DATA_009133] add esi, 0x74 lea eax, [ebp-0x4] push eax lea eax, [ebp-0x10] push eax push esi push ebx call FUNC_000590 add esp, 16 push dword [ebp-0x4] push dword pDebugString6 push dword pTempString call _sprintf add esp, 20 push byte 0xf push byte 62 push byte 2 push dword pTempString call FUNC_001589_WriteStringShadowed add esp, 16 push dword [DATA_008861] call FUNC_FindFORNew add esp, 4 add eax, 0x124 push eax push dword pDebugString7 push dword pTempString call _sprintf add esp, 12 push byte 0xf push byte 72 push byte 2 push dword pTempString call FUNC_001589_WriteStringShadowed add esp, 16 movzx eax, byte [DATA_009102] push eax movzx eax, byte [DATA_009103] push eax push dword pDebugString8 push dword pTempString call _sprintf add esp, 16 push byte 0xf push byte 82 push byte 2 push dword pTempString call FUNC_001589_WriteStringShadowed add esp, 16 push dword [DATA_008818] push dword [DATA_008820] push dword pDebugString9 push dword pTempString call _sprintf add esp, 16 push byte 0xf push byte 92 push byte 2 push dword pTempString call FUNC_001589_WriteStringShadowed add esp, 16 pop ebx pop esi .nofps: call FUNC_001637_FlipScreen jmp JUMP_003849 pop edi pop esi pop ebx mov esp, ebp pop ebp ret FUNC_000921: ; Pos = 3c904 push ebp mov ebp,esp push ebx mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ecx,[edx] add [eax],ecx mov ecx,[edx] mov ebx,ecx shr ebx,0x1b shl ecx,0x5 or ebx,ecx mov [edx],ebx add [eax],ebx mov edx,[eax] mov ecx,edx shl ecx,0x10 shr edx,0x10 add ecx,edx mov [eax],ecx and ecx,0xffff imul ecx,[ebp+0x8] shr ecx,0x10 mov eax,ecx pop ebx pop ebp ret FUNC_000922: ; Pos = 3c944 push ebp mov ebp,esp mov eax,[DATA_008818] mov edx,[DATA_008820] add eax,edx mov ecx,edx shr ecx,0x1b shl edx,0x5 or ecx,edx mov edx,ecx add eax,edx mov ecx,eax shl ecx,0x10 shr eax,0x10 or ecx,eax mov eax,ecx mov [DATA_008818],eax mov [DATA_008820],edx and eax,0xffff mov edx,[ebp+0x8] imul edx,eax mov eax,edx shr eax,0x10 pop ebp ret FUNC_000923: ; Pos = 3ca20 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp dword [DATA_008619],byte +0x0 jnz JUMP_003857 mov [DATA_008619],ebx pop ebx pop ebp ret JUMP_003857: ; Pos = 3ca39 push byte +0x0 push byte +0x8 mov eax,[DATA_008619] push eax call FUNC_000144 add esp,byte +0xc mov [DATA_008619],ebx pop ebx pop ebp ret FUNC_000924: ; Pos = 3ca84 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov eax,[ebp+0x8] movzx edi,byte [eax+0x86] mov eax,[DATA_007758] test byte [eax+edi],0x20 jz JUMP_003860 dec dword [DATA_008834] mov byte [eax+edi],0x0 jmp short JUMP_003864 JUMP_003860: ; Pos = 3caae xor ebx,ebx mov esi,DATA_008623 jmp short JUMP_003863 JUMP_003861: ; Pos = 3cab7 test byte [esi],0x4 jz JUMP_003862 xor eax,eax mov [ebp-0xc],eax mov eax,[ebp+0x8] mov [ebp-0x8],eax mov eax,edi mov [ebp-0x4],al mov al,[ebp+0xc] mov [ebp-0x3],al lea eax,[ebp-0xc] push eax push byte +0xb push ebx call FUNC_000144 add esp,byte +0xc JUMP_003862: ; Pos = 3cae1 inc ebx add esi,byte +0x8 JUMP_003863: ; Pos = 3cae5 cmp ebx,[DATA_008621] jng JUMP_003861 mov eax,[DATA_007758] mov byte [eax+edi],0x0 JUMP_003864: ; Pos = 3caf6 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000925: ; Pos = 3cb00 push ebp mov ebp,esp push byte +0x0 mov eax,[ebp+0x8] push eax call FUNC_000924 add esp,byte +0x8 pop ebp ret FUNC_000926: ; Pos = 3cb30 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi mov esi,[ebp+0x8] mov eax,0xf lea edx,[ebp-0x4] push edx push dword 0x99 push eax mov eax,[ebp+0xc] push eax mov eax,[DATA_009133] push eax call near [DATA_007198] ; FUNC_000927 add esp,byte +0x14 mov ebx,eax test ebx,ebx jnz JUMP_003865 xor eax,eax jmp JUMP_003866 JUMP_003865: ; Pos = 3cb6a mov eax,esi add ax,0x7200 mov [ebx+0x9e],ax lea eax,[ebp-0x24] push eax push esi lea eax,[ebx+0x124] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc mov byte [ebx+0x118],0xfa mov byte [ebx+0x87],0xb mov byte [ebx+0xff],0x15 mov byte [ebx+0x14e],0x6 call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] sar eax,0x16 mov [ebp-0x10],eax call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] sar eax,0x16 mov [ebp-0xc],eax mov eax,[DATA_008820] sar eax,0x16 mov [ebp-0x8],eax mov eax,[ebp-0x10] add [ebx+0x8c],eax mov eax,[ebp-0xc] add [ebx+0x90],eax mov eax,[ebp-0x8] add [ebx+0x94],eax lea eax,[ebp-0x10] push eax push ebx call near [DATA_007746] ; FUNC_001514 add esp,byte +0x8 mov eax,ebx JUMP_003866: ; Pos = 3cc00 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000927: ; Pos = 3cc28 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x18] mov edx,[ebp+0x8] mov ebx,0x72 lea eax,[edx+0x72] jmp short JUMP_003868 JUMP_003867: ; Pos = 3cc3d dec ebx dec eax JUMP_003868: ; Pos = 3cc3f test ebx,ebx jng JUMP_003869 cmp byte [eax],0x0 jnz JUMP_003867 JUMP_003869: ; Pos = 3cc48 cmp ebx,byte +0x14 jl JUMP_003870 test ebx,ebx jg JUMP_003875 JUMP_003870: ; Pos = 3cc51 mov ebx,0x72 lea eax,[edx+0x72] JUMP_003871: ; Pos = 3cc59 test byte [eax],0x20 jz JUMP_003873 cmp ebx,byte +0x14 jl JUMP_003872 dec dword [DATA_008834] jmp short JUMP_003874 JUMP_003872: ; Pos = 3cc6b xor eax,eax mov [esi],eax xor eax,eax jmp short JUMP_003877 JUMP_003873: ; Pos = 3cc73 dec ebx dec eax test ebx,ebx jg JUMP_003871 JUMP_003874: ; Pos = 3cc79 test ebx,ebx jg JUMP_003875 xor eax,eax mov [esi],eax xor eax,eax jmp short JUMP_003877 JUMP_003875: ; Pos = 3cc85 mov al,[ebp+0x10] mov [edx+ebx],al test byte [ebp+0x10],0x20 jz JUMP_003876 inc dword [DATA_008834] JUMP_003876: ; Pos = 3cc97 mov [esi],ebx lea esi,[ebx+ebx*4] lea esi,[ebx+esi*4] lea esi,[ebx+esi*8] add esi,esi add esi,edx add esi,byte +0x74 mov eax,[ebp+0x14] push eax mov eax,[ebp+0xc] push eax push esi call near [DATA_007755] ; FUNC_001533 add esp,byte +0xc mov eax,[ebp+0x14] mov [esi+0x82],eax mov [esi+0x86],bl mov eax,esi JUMP_003877: ; Pos = 3cccc pop esi pop ebx pop ebp ret FUNC_000928: ; Pos = 3ccd0 push ebp mov ebp,esp push ebx push esi push edi mov edx,[ebp+0x10] mov esi,[ebp+0x8] mov ebx,0x72 lea edi,[esi+0x977e] lea eax,[esi+0x72] JUMP_003878: ; Pos = 3ccea cmp byte [eax],0x0 jnz JUMP_003880 mov [eax],dl test dl,0x20 jz JUMP_003879 inc dword [DATA_008834] JUMP_003879: ; Pos = 3ccfc mov eax,[ebp+0x18] mov [eax],ebx mov eax,[ebp+0x14] push eax mov eax,[ebp+0xc] push eax lea eax,[ebx+ebx*4] lea eax,[ebx+eax*4] lea eax,[ebx+eax*8] add eax,eax add eax,esi add eax,byte +0x74 push eax call near [DATA_007755] ; FUNC_001533 add esp,byte +0xc mov [edi],bl lea eax,[ebx+ebx*4] lea eax,[ebx+eax*4] lea eax,[ebx+eax*8] add eax,eax add eax,esi add eax,byte +0x74 jmp JUMP_003884 JUMP_003880: ; Pos = 3cd3a dec ebx add edi,0xfffffeae dec eax test ebx,ebx jg JUMP_003878 mov ebx,0x72 lea edi,[esi+0x977e] lea eax,[esi+0x72] JUMP_003881: ; Pos = 3cd54 test byte [eax],0x20 jz JUMP_003883 dec dword [DATA_008834] mov [eax],dl test dl,0x20 jz JUMP_003882 inc dword [DATA_008834] JUMP_003882: ; Pos = 3cd6c mov eax,[ebp+0x18] mov [eax],ebx mov eax,[ebp+0x14] push eax mov eax,[ebp+0xc] push eax lea eax,[ebx+ebx*4] lea eax,[ebx+eax*4] lea eax,[ebx+eax*8] add eax,eax add eax,esi add eax,byte +0x74 push eax call near [DATA_007755] ; FUNC_001533 add esp,byte +0xc mov [edi],bl lea eax,[ebx+ebx*4] lea eax,[ebx+eax*4] lea eax,[ebx+eax*8] add eax,eax add eax,esi add eax,byte +0x74 jmp short JUMP_003884 JUMP_003883: ; Pos = 3cda7 dec ebx add edi,0xfffffeae dec eax test ebx,ebx jg JUMP_003881 mov eax,[ebp+0x18] xor edx,edx mov [eax],edx xor eax,eax JUMP_003884: ; Pos = 3cdbc pop edi pop esi pop ebx pop ebp ret FUNC_000929: ; Pos = 3cdc4 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov esi,DATA_008804 mov ecx,[ebx+0x11e] mov edx,eax cmp ecx,edx jna JUMP_003885 sub [ebx+0x11e],edx xor eax,eax mov al,[ebx+0x86] cmp eax,[esi+0xc0] jnz near JUMP_003890 mov ax,[esi+0x214] mov [ebx+0xbc],ax mov ax,[esi+0x218] mov [ebx+0xbe],ax mov ax,[esi+0x21c] mov [ebx+0xc0],ax mov ax,[esi+0x220] mov [ebx+0xc2],ax mov ax,[esi+0x224] mov [ebx+0xc4],ax mov ax,[esi+0x228] mov [ebx+0xc6],ax jmp JUMP_003890 JUMP_003885: ; Pos = 3ce56 xor eax,eax mov [ebx+0x11e],eax xor eax,eax mov al,[ebx+0x86] cmp eax,[esi+0xc0] jnz near JUMP_003888 test byte [ebx+0xc8],0x2 jz JUMP_003887 cmp byte [ebx+0xd0],0xa jnl JUMP_003886 cmp word [esi+0x15a],byte +0x0 jz JUMP_003887 dec word [esi+0x15a] dec dword [esi+0x120] add dword [ebx+0x11e],0x20000000 jmp JUMP_003890 JUMP_003886: ; Pos = 3ceaa cmp word [esi+0x15c],byte +0x0 jz JUMP_003887 dec word [esi+0x15c] inc word [esi+0x16e] add dword [ebx+0x11e],0x20000000 jmp short JUMP_003890 JUMP_003887: ; Pos = 3cece test byte [esi+0xc6],0x1 jnz JUMP_003889 mov dword [ebp-0x18],0xffffffff mov dword [ebp-0x30],0x9907 lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx or word [esi+0xc6],byte +0x1 jmp short JUMP_003889 JUMP_003888: ; Pos = 3cef9 cmp byte [ebx+0x119],0x0 jz JUMP_003889 dec byte [ebx+0x119] add dword [ebx+0x11e],0x20000000 jmp short JUMP_003890 JUMP_003889: ; Pos = 3cf14 mov word [ebx+0xbc],0x0 mov word [ebx+0xc0],0x0 mov word [ebx+0xc4],0x0 mov word [ebx+0xbe],0x0 mov word [ebx+0xc2],0x0 mov word [ebx+0xc6],0x0 JUMP_003890: ; Pos = 3cf4a pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000930: ; Pos = 3cf50 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x8] mov al,[DATA_008836] and eax,byte +0x78 mov edi,eax sar edi,0x3 mov ebx,[edi*4+DATA_007209] cmp edi,byte +0x4 jnl JUMP_003893 movsx eax,byte [esi+0x88] push eax push byte +0xa call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 mov eax,ebx shl eax,0x3 add [esi+0xea],ax mov ecx,0xffff cmp edi,byte +0x3 jz JUMP_003891 add ecx,0xffff795d JUMP_003891: ; Pos = 3cfa0 mov [esi+0xe8],cx mov edi,[DATA_009155] cmp edi,ecx jc JUMP_003892 mov eax,edi xor edx,edx div ecx imul ebx mov ebx,eax mov eax,ebx shl eax,0x4 push eax push esi call FUNC_000929 add esp,byte +0x8 mov eax,ebx jmp JUMP_003896 JUMP_003892: ; Pos = 3cfd1 mov eax,ebx shl eax,0x4 push eax push esi call FUNC_000929 add esp,byte +0x8 mov eax,ebx jmp short JUMP_003896 JUMP_003893: ; Pos = 3cfe4 movsx eax,byte [esi+0x88] push eax push byte +0xb call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 mov eax,[DATA_009155] shr eax,0x7 and eax,0xffff imul ebx mov ebx,eax cmp ebx,0xffff jng JUMP_003894 mov ebx,0xffff JUMP_003894: ; Pos = 3d014 mov eax,ebx shl eax,0x3 mov ecx,[edi*4+DATA_007208] sar eax,cl mov dx,[esi+0xea] and ax,0xffff add [esi+0xea],ax cmp dx,[esi+0xea] jna JUMP_003895 mov word [esi+0xea],0xffff JUMP_003895: ; Pos = 3d046 mov eax,ebx shl eax,0x4 push eax push esi call FUNC_000929 add esp,byte +0x8 mov eax,ebx JUMP_003896: ; Pos = 3d057 pop edi pop esi pop ebx pop ebp ret FUNC_000931: ; Pos = 3d05c push ebp mov ebp,esp add esp,byte -0x20 push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov al,[ebx+esi+0xd2] test al,al jz near JUMP_003909 mov edx,eax mov [DATA_008836],dl cmp word [ebx+0xe8],byte +0x0 jnz near JUMP_003909 cmp word [ebx+0xea],0xf000 ja near JUMP_003909 cmp dword [ebx+0x11e],byte +0x0 jz near JUMP_003909 cmp ebx,[DATA_008861] jnz JUMP_003897 xor eax,eax mov al,dl sar eax,0x3 and eax,byte +0xf add eax,0x7cf push eax push byte +0x5 call FUNC_000034 add esp,byte +0x8 push byte +0x5 call FUNC_000035 pop ecx test eax,eax jz near JUMP_003909 push byte +0x0 push byte +0x5 call FUNC_000034 add esp,byte +0x8 JUMP_003897: ; Pos = 3d0ea xor eax,eax mov al,[ebx+0x86] cmp eax,[DATA_008857] jnz JUMP_003898 test byte [DATA_008860],0x4 jnz JUMP_003898 or word [DATA_008860],byte +0x4 push ebx push byte +0x3 call FUNC_000237 add esp,byte +0x8 JUMP_003898: ; Pos = 3d116 or byte [ebx+0x151],0x2 sub esi,byte +0x1 jc JUMP_003900 jz JUMP_003899 sub esi,byte +0x3 jz JUMP_003900 jmp JUMP_003901 JUMP_003899: ; Pos = 3d12e or byte [ebx+0x151],0x8 mov eax,[ebx+0x18] neg eax sar eax,0x10 mov [ebp-0x14],eax mov eax,[ebx+0x1c] neg eax sar eax,0x10 mov [ebp-0x10],eax mov eax,[ebx+0x20] neg eax sar eax,0x10 mov [ebp-0xc],eax mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx esi,word [eax+0x24] mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x26] movzx edi,byte [ebx+0x86] jmp JUMP_003903 JUMP_003900: ; Pos = 3d18c or byte [ebx+0x151],0x4 mov eax,[ebx+0x18] sar eax,0x10 mov [ebp-0x14],eax mov eax,[ebx+0x1c] sar eax,0x10 mov [ebp-0x10],eax mov eax,[ebx+0x20] sar eax,0x10 mov [ebp-0xc],eax mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx esi,word [eax+0x20] mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x22] movzx edi,byte [ebx+0x86] jmp JUMP_003903 JUMP_003901: ; Pos = 3d1e4 or byte [ebx+0x151],0x10 xor edi,edi movsx eax,word [DATA_008929] mov [ebp-0x14],eax movsx eax,word [DATA_008930] mov [ebp-0x10],eax movsx eax,word [DATA_008931] mov [ebp-0xc],eax cmp word [DATA_008928],byte +0x0 jnl JUMP_003902 mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx esi,word [eax+0x28] mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x2a] jmp short JUMP_003903 JUMP_003902: ; Pos = 3d241 mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx esi,word [eax+0x2c] mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x2e] JUMP_003903: ; Pos = 3d26b mov edx,[ebx+0x18] sar edx,0x10 imul edx,esi mov [ebp-0x20],edx mov edx,[ebx+0x1c] sar edx,0x10 imul edx,esi mov [ebp-0x1c],edx mov edx,[ebx+0x20] sar edx,0x10 imul edx,esi mov [ebp-0x18],edx test eax,eax jz JUMP_003904 mov edx,[ebx+0xc] sar edx,0x10 imul edx,eax add [ebp-0x20],edx mov edx,[ebx+0x10] sar edx,0x10 imul edx,eax add [ebp-0x1c],edx mov edx,[ebx+0x14] sar edx,0x10 imul edx,eax add [ebp-0x18],edx JUMP_003904: ; Pos = 3d2b7 sar dword [ebp-0x20],0xc sar dword [ebp-0x1c],0xc sar dword [ebp-0x18],0xc mov word [ebx+0xe6],0xffff mov dword [ebp-0x8],0x7fffff xor eax,eax mov [ebp-0x4],eax push dword 0x1a80 push dword [ebp-0x4] push dword [ebp-0x8] push edi lea eax,[ebp-0x14] push eax lea eax,[ebp-0x20] push eax mov eax,[DATA_009133] push eax push ebx call near [DATA_006791] ; FUNC_000802 add esp,byte +0x20 test byte [DATA_008711],0x80 jz near JUMP_003908 cmp dword [DATA_008714],byte +0x0 jz near JUMP_003908 mov eax,[DATA_008712] shr eax,0x7 and ax,0xffff mov [ebx+0xe6],ax mov eax,[DATA_008714] mov eax,[eax+0x82] cmp eax,byte +0x70 jc JUMP_003907 cmp eax,byte +0x74 ja JUMP_003907 cmp byte [DATA_008836],0x9a jnz JUMP_003907 push byte +0x3 call near [DATA_007217] ; FUNC_000922 pop ecx mov esi,eax test esi,esi jl JUMP_003907 JUMP_003905: ; Pos = 3d356 mov eax,[DATA_008714] push eax mov eax,[eax+0xa0] and eax,byte +0x1f movzx eax,word [eax*2+DATA_007207] push eax call FUNC_000926 add esp,byte +0x8 test eax,eax jz JUMP_003906 push esi lea edi,[eax+0x3e] mov esi,DATA_008715 mov ecx,0x6 rep movsd pop esi JUMP_003906: ; Pos = 3d38b dec esi test esi,esi jnl JUMP_003905 JUMP_003907: ; Pos = 3d390 xor eax,eax mov al,[ebx+0x86] push eax push ebx call FUNC_000930 pop ecx push eax mov eax,[DATA_008714] push eax call FUNC_000953 add esp,byte +0xc push byte +0x1 push dword DATA_008715 mov eax,[DATA_008861] push eax call FUNC_000939 add esp,byte +0xc jmp short JUMP_003909 JUMP_003908: ; Pos = 3d3c6 push ebx call FUNC_000930 pop ecx JUMP_003909: ; Pos = 3d3cd pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000932: ; Pos = 3d3d4 push ebp mov ebp,esp push esi mov eax,[ebp+0x8] xor edx,edx mov [DATA_008830],edx mov edx,0x72 lea esi,[eax+0x9783] add eax,byte +0x72 JUMP_003910: ; Pos = 3d3f1 mov cl,[eax] test cl,cl jz JUMP_003911 test cl,0x20 jnz JUMP_003911 mov byte [esi],0x0 JUMP_003911: ; Pos = 3d3ff dec edx add esi,0xfffffeae dec eax test edx,edx jg JUMP_003910 pop esi pop ebp ret FUNC_000933: ; Pos = 3d410 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x8] mov esi,[edi+0xc8] mov edx,esi shr edx,0x10 shl esi,0x10 or edx,esi mov esi,edx test esi,esi jz JUMP_003915 mov ebx,0x1c JUMP_003912: ; Pos = 3d434 push byte +0x1d call near [DATA_007217] ; FUNC_000922 pop ecx mov ecx,eax mov edx,0x1 shl edx,cl test edx,esi jnz JUMP_003913 dec ebx test ebx,ebx jnl JUMP_003912 JUMP_003913: ; Pos = 3d44f test ebx,ebx jnl JUMP_003914 xor eax,eax jmp short JUMP_003916 JUMP_003914: ; Pos = 3d457 mov ecx,eax xor ecx,byte +0x10 mov edx,0x1 shl edx,cl or [edi+0xcc],edx not edx and [edi+0xc8],edx mov eax,[eax*4+DATA_007211] jmp short JUMP_003916 JUMP_003915: ; Pos = 3d47a xor eax,eax JUMP_003916: ; Pos = 3d47c pop edi pop esi pop ebx pop ebp ret FUNC_000934: ; Pos = 3d484 push ebp mov ebp,esp add esp,byte -0x60 push ebx push esi push edi mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov esi,DATA_008804 cmp eax,[esi+0x80] jnl JUMP_003917 sub [esi+0x80],eax jmp JUMP_003919 JUMP_003917: ; Pos = 3d4ab mov edx,[esi+0x80] add edx,0x1a5e0 sub edx,eax mov [esi+0x80],edx dec dword [esi+0x1f4] dec dword [esi+0x1f8] call near [DATA_007752] ; FUNC_001530 and eax,0xff cmp eax,[esi+0x1f4] jna JUMP_003918 push ebx call FUNC_000933 pop ecx mov edi,eax test edi,edi jz JUMP_003918 mov dword [ebp-0x30],0x98cd mov [ebp-0x2c],edi mov dword [ebp-0x18],0xffffffff lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx jmp short JUMP_003919 JUMP_003918: ; Pos = 3d508 call near [DATA_007752] ; FUNC_001530 and eax,0xff cmp eax,[esi+0x1f8] jna JUMP_003919 mov al,[ebx+0xd0] test al,al jz JUMP_003919 movsx eax,al mov byte [ebx+0xd0],0x0 xor edx,edx mov [ebx+0x11e],edx mov dx,[eax*4+DATA_007210] add [esi+0x170],dx mov edx,[eax*4+DATA_007210] mov ecx,edx add ecx,[esi+0x120] mov [esi+0x120],ecx add edx,[esi+0x118] mov [esi+0x118],edx mov dword [ebp-0x60],0x98cc mov dword [ebp-0x48],0xffffffff lea eax,[ebp-0x60] push eax call FUNC_000349 pop ecx JUMP_003919: ; Pos = 3d57f pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000935: ; Pos = 3d588 push ebp mov ebp,esp mov eax,[ebp+0x8] test byte [eax+0xca],0x80 jz JUMP_003920 or byte [DATA_008835],0xc mov byte [eax+0x14f],0x2 or byte [eax+0x151],0x20 and byte [eax+0x151],0xbf movsx eax,byte [eax+0x88] push eax push byte +0x1a call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 pop ebp ret JUMP_003920: ; Pos = 3d5c7 test byte [eax+0xca],0x8 jz JUMP_003921 or byte [DATA_008835],0x4 mov byte [eax+0x14f],0x2 or byte [eax+0x151],0x20 and byte [eax+0x151],0xbf movsx eax,byte [eax+0x88] push eax push byte +0x19 call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 JUMP_003921: ; Pos = 3d5fe pop ebp ret FUNC_000936: ; Pos = 3d600 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] cmp dword [ebx+0x82],byte +0x3f ja JUMP_003922 cmp esi,ebx jz JUMP_003922 lea eax,[ebp-0x4] push eax lea eax,[ebp-0x10] push eax push esi push ebx call near [DATA_006148] ; FUNC_000590 add esp,byte +0x10 cmp dword [ebp-0x4],byte +0x11 jg JUMP_003922 xor eax,eax mov al,[esi+0x86] push eax push dword 0x105 push ebx call FUNC_000953 add esp,byte +0xc JUMP_003922: ; Pos = 3d64b pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000937: ; Pos = 3d654 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x8] mov edi,DATA_009133 test byte [esi+0xcb],0x4 jz JUMP_003927 cmp byte [esi+0x118],0xff jnz JUMP_003923 add dword [DATA_008889],byte +0x4 jmp short JUMP_003924 JUMP_003923: ; Pos = 3d67d add word [esi+0x116],byte +0x4 JUMP_003924: ; Pos = 3d685 mov byte [esi+0x14f],0x7 or byte [esi+0x151],0x40 and byte [esi+0x151],0xdf movsx eax,byte [esi+0x88] push eax push byte +0x1b call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 mov ebx,0x72 JUMP_003925: ; Pos = 3d6b1 mov edx,[edi] mov al,[edx+ebx] test al,al jz JUMP_003926 mov ecx,[edi] test al,0x20 jnz JUMP_003926 push esi lea eax,[ebx+ebx*4] lea eax,[ebx+eax*4] lea eax,[ebx+eax*8] add eax,eax add eax,edx add eax,byte +0x74 push eax call FUNC_000936 add esp,byte +0x8 JUMP_003926: ; Pos = 3d6da dec ebx test ebx,ebx jg JUMP_003925 or byte [DATA_008835],0x10 JUMP_003927: ; Pos = 3d6e6 and dword [esi+0xc8],0xfbffffff pop edi pop esi pop ebx pop ebp ret FUNC_000938: ; Pos = 3d6f8 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov edi,[ebx+0xc8] mov eax,edi shl eax,0x10 shr edi,0x10 or eax,edi mov edi,eax mov ax,[ebx+0xe0] cmp ax,[ebx+0xe2] jz JUMP_003930 movzx eax,word [ebx+0xe2] imul esi sar eax,0x5 test edi,0x1000 jnz JUMP_003928 shr eax,1 JUMP_003928: ; Pos = 3d73c movzx edx,word [ebx+0xe0] add edx,eax movzx ecx,word [ebx+0xe2] cmp edx,ecx jna JUMP_003929 mov ax,[ebx+0xe2] mov [ebx+0xe0],ax jmp short JUMP_003930 JUMP_003929: ; Pos = 3d760 add [ebx+0xe0],ax JUMP_003930: ; Pos = 3d767 test edi,0x8000 jz JUMP_003932 mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x6] shl eax,0x2 movzx edx,word [ebx+0xe4] cmp eax,edx jz JUMP_003932 mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x6] shl eax,0x2 movzx edx,word [ebx+0xe4] add edx,esi cmp eax,edx jl JUMP_003931 add [ebx+0xe4],si jmp short JUMP_003932 JUMP_003931: ; Pos = 3d7c0 mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] mov ax,[eax+0x6] shl eax,0x2 mov [ebx+0xe4],ax JUMP_003932: ; Pos = 3d7df mov al,[ebx+0x14e] test al,al jz JUMP_003934 movsx eax,al cmp esi,eax jnl JUMP_003933 mov eax,esi sub [ebx+0x14e],al jmp short JUMP_003934 JUMP_003933: ; Pos = 3d7fa mov byte [ebx+0x14e],0x0 JUMP_003934: ; Pos = 3d801 mov al,[ebx+0x14f] test al,al jz JUMP_003936 movsx eax,al cmp esi,eax jnl JUMP_003935 mov eax,esi sub [ebx+0x14f],al jmp short JUMP_003936 JUMP_003935: ; Pos = 3d81c mov byte [ebx+0x14f],0x0 and byte [ebx+0x151],0x9f JUMP_003936: ; Pos = 3d82a mov dx,[ebx+0xea] test dx,dx jz JUMP_003939 mov eax,esi shl eax,0xa test edi,0x10000 jz JUMP_003937 shl eax,0x2 JUMP_003937: ; Pos = 3d846 movzx edx,dx cmp eax,edx jnc JUMP_003938 sub [ebx+0xea],ax jmp short JUMP_003939 JUMP_003938: ; Pos = 3d856 mov word [ebx+0xea],0x0 JUMP_003939: ; Pos = 3d85f mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x6] cmp word [ebx+0xb6],byte +0x0 jng JUMP_003940 movsx edx,word [ebx+0xb6] jmp short JUMP_003941 JUMP_003940: ; Pos = 3d887 movsx edx,word [ebx+0xb6] neg edx JUMP_003941: ; Pos = 3d890 cmp word [ebx+0xb8],byte +0x0 jng JUMP_003942 movsx ecx,word [ebx+0xb8] jmp short JUMP_003943 JUMP_003942: ; Pos = 3d8a3 movsx ecx,word [ebx+0xb8] neg ecx JUMP_003943: ; Pos = 3d8ac add edx,ecx cmp word [ebx+0xba],byte +0x0 jng JUMP_003944 movsx ecx,word [ebx+0xba] jmp short JUMP_003945 JUMP_003944: ; Pos = 3d8c1 movsx ecx,word [ebx+0xba] neg ecx JUMP_003945: ; Pos = 3d8ca add edx,ecx imul edx sar eax,0x9 imul esi push eax push ebx call FUNC_000929 add esp,byte +0x8 pop edi pop esi pop ebx pop ebp ret FUNC_000939: ; Pos = 3d8e4 push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0x10] cmp dword [DATA_007706],byte +0x0 jz near JUMP_003950 test esi,0x1 jnz JUMP_003946 call near [DATA_007752] ; FUNC_001530 test ah,0x80 jnz near JUMP_003950 JUMP_003946: ; Pos = 3d912 lea eax,[ebp-0x4] push eax push dword 0x9e push byte +0x29 mov eax,[ebp+0x8] push eax mov eax,[DATA_009133] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov ebx,eax test ebx,ebx jz near JUMP_003950 mov eax,[ebp+0xc] push esi mov esi,eax lea edi,[ebx+0x3e] mov ecx,0x6 rep movsd pop esi mov byte [ebx+0x87],0xb mov byte [ebx+0xff],0x1a mov byte [ebx+0x118],0xf8 call near [DATA_007752] ; FUNC_001530 mov [DATA_008802],eax call near [DATA_007752] ; FUNC_001530 mov [DATA_008803],eax mov eax,[DATA_008802] or eax,0x8000 mov [ebx+0xa4],eax mov eax,[DATA_008803] push eax mov eax,[DATA_008802] push eax push ebx call FUNC_001675_MatBuildYZT add esp,byte +0xc test esi,0x2 jz JUMP_003947 add dword [ebx+0x7e],byte +0x2 JUMP_003947: ; Pos = 3d9a7 test esi,0x4 jz JUMP_003948 dec dword [ebx+0x7e] JUMP_003948: ; Pos = 3d9b2 mov eax,[DATA_009133] push eax mov eax,[DATA_008861] movzx eax,byte [eax+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 test byte [eax+0x14c],0x10 jnz JUMP_003949 cmp dword [DATA_008867],0x9c40 jnl JUMP_003950 JUMP_003949: ; Pos = 3d9e0 xor eax,eax mov [ebx+0x8c],eax xor eax,eax mov [ebx+0x90],eax xor eax,eax mov [ebx+0x94],eax JUMP_003950: ; Pos = 3d9f8 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_000940: ; Pos = 3da00 push ebp mov ebp,esp mov eax,[ebp+0x8] xor edx,edx mov dl,[eax+0x86] mov ecx,[DATA_007758] test byte [ecx+edx],0x20 jz JUMP_003951 dec dword [DATA_008834] JUMP_003951: ; Pos = 3da20 mov byte [ecx+edx],0x0 pop ebp ret FUNC_000941: ; Pos = 3da28 push ebp mov ebp,esp add esp,byte -0x50 push ebx push esi push edi mov esi,[ebp+0x8] mov eax,[ebp+0xc] mov bl,[esi+eax+0xd5] test bl,bl jnz JUMP_003952 xor eax,eax jmp JUMP_003966 JUMP_003952: ; Pos = 3da49 mov eax,ebx and al,0x40 mov [ebp-0x1],al and bl,0xf cmp esi,[DATA_008861] jnz JUMP_003954 xor eax,eax mov al,bl mov eax,[eax*4+DATA_007221] push eax push byte +0x5 call FUNC_000034 add esp,byte +0x8 push byte +0x5 call FUNC_000035 pop ecx test eax,eax jnz JUMP_003953 xor eax,eax jmp JUMP_003966 JUMP_003953: ; Pos = 3da84 push byte +0x0 push byte +0x5 call FUNC_000034 add esp,byte +0x8 JUMP_003954: ; Pos = 3da90 lea eax,[ebp-0x8] push eax xor eax,eax mov al,bl mov eax,[eax*4+DATA_007220] push eax push byte +0x4b push esi mov eax,[DATA_009133] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov edi,eax test edi,edi jnz JUMP_003955 xor eax,eax jmp JUMP_003966 JUMP_003955: ; Pos = 3dabf mov eax,[ebp+0xc] mov byte [esi+eax+0xd5],0x0 xor eax,eax mov al,[esi+0x86] cmp eax,[DATA_008857] jnz JUMP_003957 mov al,[edi+0x86] mov [DATA_008877],al test byte [DATA_008860],0x4 jnz JUMP_003956 push esi push byte +0x3 call FUNC_000237 add esp,byte +0x8 JUMP_003956: ; Pos = 3daf9 or word [DATA_008860],byte +0x4 inc dword [DATA_008889] jmp short JUMP_003958 JUMP_003957: ; Pos = 3db09 inc word [esi+0x116] JUMP_003958: ; Pos = 3db10 mov byte [edi+0x87],0xb mov byte [edi+0x118],0xfd mov al,[esi+0x86] mov [edi+0x100],al xor eax,eax mov [edi+0xc8],eax mov byte [edi+0xd0],0x0 cmp byte [ebp-0x1],0x0 jz JUMP_003959 lea eax,[edi+0x124] push esi push edi mov edi,eax mov esi,DATA_007226 mov eax,edi movsd movsb pop edi pop esi mov byte [edi+0xff],0x14 cmp dword [edi+0x82],byte +0x4 jnz near JUMP_003962 mov byte [edi+0xff],0x16 jmp JUMP_003962 JUMP_003959: ; Pos = 3db74 mov byte [edi+0xff],0x13 mov word [edi+0xba],0x442 lea eax,[edi+0x124] push esi push edi mov edi,eax mov esi,DATA_007227 mov eax,edi movsd movsd pop edi pop esi mov al,[ebp+0x10] mov [edi+0xfe],al mov word [edi+0x106],0x8 mov eax,[ebp+0x10] cmp eax,[DATA_008857] jnz JUMP_003960 mov dword [ebp-0x50],0x98c4 mov dword [ebp-0x38],0xffffffff lea eax,[ebp-0x50] push eax call FUNC_000349 pop ecx push byte +0x1e call FUNC_001906_SoundPlaySample pop ecx jmp short JUMP_003961 JUMP_003960: ; Pos = 3dbd8 mov eax,[DATA_009133] push eax mov eax,[ebp+0x10] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 cmp byte [eax+0x87],0xb jnz JUMP_003961 cmp byte [eax+0xff],0xc jnc JUMP_003961 mov byte [eax+0xff],0xc mov dl,[edi+0x86] mov [eax+0xfe],dl movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc JUMP_003961: ; Pos = 3dc24 movsx eax,byte [esi+0x88] push eax push byte +0x20 call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 JUMP_003962: ; Pos = 3dc36 mov word [edi+0x9e],0x0 mov eax,[esi+0x140] neg eax push eax mov eax,[edi+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x14],eax mov eax,[esi+0x140] neg eax push eax mov eax,[edi+0x10] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x10],eax mov eax,[esi+0x140] neg eax push eax mov eax,[edi+0x14] push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0xc],eax mov eax,[edi] sar eax,0x12 mov [ebp-0x20],eax mov eax,[edi+0x4] sar eax,0x12 mov [ebp-0x1c],eax mov eax,[edi+0x8] sar eax,0x12 mov [ebp-0x18],eax cmp dword [edi+0x140],0x4650 jl JUMP_003963 mov eax,[ebp-0x20] add eax,eax mov [ebp-0x20],eax mov eax,[ebp-0x1c] add eax,eax mov [ebp-0x1c],eax mov eax,[ebp-0x18] add eax,eax mov [ebp-0x18],eax JUMP_003963: ; Pos = 3dcc5 test byte [ebp+0xc],0x1 jz JUMP_003964 mov eax,[ebp-0x20] add [ebp-0x14],eax mov eax,[ebp-0x1c] add [ebp-0x10],eax mov eax,[ebp-0x18] add [ebp-0xc],eax jmp short JUMP_003965 JUMP_003964: ; Pos = 3dcdf mov eax,[ebp-0x20] sub [ebp-0x14],eax mov eax,[ebp-0x1c] sub [ebp-0x10],eax mov eax,[ebp-0x18] sub [ebp-0xc],eax JUMP_003965: ; Pos = 3dcf1 lea eax,[ebp-0x14] push eax push edi call near [DATA_007746] ; FUNC_001514 add esp,byte +0x8 xor eax,eax mov al,bl mov eax,[eax*4+DATA_007221] push eax xor eax,eax mov al,[esi+0x86] push eax push byte +0xc call FUNC_000048 add esp,byte +0xc or eax,byte -0x1 JUMP_003966: ; Pos = 3dd21 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000942: ; Pos = 3dd28 push ebp mov ebp,esp add esp,byte -0x70 push ebx push esi push edi mov edi,[ebp+0xc] mov esi,[ebp+0x8] test edi,edi jz near JUMP_003968 cmp edi,[DATA_008857] jnz near JUMP_003968 cmp byte [esi+0x118],0xfb jnz JUMP_003967 mov eax,[esi+0x11a] test eax,eax jz JUMP_003967 mov edx,[DATA_008861] test byte [edx+0xca],0x40 jz JUMP_003967 mov dword [ebp-0x40],0x8635 mov dword [ebp-0x28],0xffffffff mov [ebp-0x34],eax lea eax,[ebp-0x40] push eax call FUNC_000349 pop ecx mov eax,[esi+0x11a] add eax,eax lea eax,[eax+eax*4] add [DATA_008888],eax JUMP_003967: ; Pos = 3dd99 mov eax,[esi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx cmp dword [eax+0x38],byte +0x0 jz JUMP_003968 mov ebx,[DATA_008911] mov eax,[esi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x16] add [DATA_008911],eax mov eax,[DATA_008911] sar eax,0x10 sar ebx,0x10 cmp eax,ebx jz JUMP_003968 mov dword [ebp-0x70],0x98cf mov dword [ebp-0x58],0xffffffff lea eax,[ebp-0x70] push eax call FUNC_000349 pop ecx JUMP_003968: ; Pos = 3ddf5 movsx eax,byte [esi+0x88] push eax push byte +0x5 call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 lea eax,[ebp-0x4] push eax push dword 0x9b push byte +0x9 push esi mov eax,[DATA_009133] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov ebx,eax test ebx,ebx jz near JUMP_003974 mov byte [ebx+0x87],0xb mov byte [ebx+0xff],0x1c mov dword [ebx+0xa4],0xffffffff mov word [ebx+0x9e],0xffff call near [DATA_007752] ; FUNC_001530 mov [DATA_008802],eax call near [DATA_007752] ; FUNC_001530 mov [DATA_008803],eax mov eax,[DATA_008803] push eax mov eax,[DATA_008802] push eax push ebx call FUNC_001675_MatBuildYZT add esp,byte +0xc mov eax,[esi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx cmp dword [eax+0x38],byte +0x0 jz near JUMP_003969 mov eax,[esi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x6] mov [ebp-0x8],eax dec dword [ebx+0x7e] cmp dword [ebp-0x8],byte +0xa jl JUMP_003969 movsx eax,byte [esi+0x88] push eax push byte +0x1f call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 inc dword [ebx+0x7e] cmp dword [ebp-0x8],0x190 jl JUMP_003969 mov eax,[esi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov [ebp-0xc],eax mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov [ebp-0x10],eax mov eax,[ebp-0xc] mov eax,[eax+0x14] mov edx,[ebp-0xc] add eax,[edx+0x18] mov edx,[ebp-0x10] mov edx,[edx+0x14] mov ecx,[ebp-0x10] add edx,[ecx+0x18] sub eax,edx add eax,byte +0x4 mov [ebx+0x7e],eax JUMP_003969: ; Pos = 3df11 mov eax,[esi+0x82] cmp eax,byte +0xf jc JUMP_003974 cmp eax,byte +0x3f ja JUMP_003974 push byte +0x6 call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax sub ebx,byte +0x2 test ebx,ebx jng JUMP_003971 JUMP_003970: ; Pos = 3df33 push esi push dword 0x8e0f call FUNC_000926 add esp,byte +0x8 dec ebx test ebx,ebx jg JUMP_003970 JUMP_003971: ; Pos = 3df46 movzx ebx,word [esi+0x116] sar ebx,1 cmp ebx,byte +0x4 jng JUMP_003972 mov ebx,0x4 JUMP_003972: ; Pos = 3df59 test ebx,ebx jng JUMP_003974 push ebx call near [DATA_007217] ; FUNC_000922 pop ecx sub eax,byte +0x2 mov ebx,eax test eax,eax jl JUMP_003974 JUMP_003973: ; Pos = 3df6e push esi call near [DATA_007752] ; FUNC_001530 and eax,byte +0x1f movzx eax,byte [eax+DATA_007212] add eax,0x8e00 push eax call FUNC_000926 add esp,byte +0x8 dec ebx test ebx,ebx jnl JUMP_003973 JUMP_003974: ; Pos = 3df92 mov eax,edi push eax push esi call FUNC_000924 add esp,byte +0x8 xor eax,eax pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000943: ; Pos = 3dfa8 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0x118],0xff jnz JUMP_003975 push byte +0x0 push byte +0x17 call FUNC_000148 add esp,byte +0x8 JUMP_003975: ; Pos = 3dfc3 mov eax,0x1 pop ebp ret FUNC_000944: ; Pos = 3dfcc push ebp mov ebp,esp add esp,byte -0x30 push ebx mov ebx,[ebp+0x8] cmp byte [ebx+0x118],0xff jnz JUMP_003976 mov dword [ebp-0x18],0xffffffff mov eax,[ebp+0xc] mov [ebp-0x30],eax mov eax,[ebp+0x10] mov [ebp-0x2c],eax lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx push byte +0x0 push byte +0x17 call FUNC_000148 add esp,byte +0x8 JUMP_003976: ; Pos = 3e008 push ebx call FUNC_000943 pop ecx pop ebx mov esp,ebp pop ebp ret FUNC_000945: ; Pos = 3e014 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx call FUNC_000933 pop ecx test eax,eax jz JUMP_003977 push eax push dword 0x98c9 push ebx call FUNC_000944 add esp,byte +0xc pop ebx pop ebp ret JUMP_003977: ; Pos = 3e038 push ebx call FUNC_000943 pop ecx pop ebx pop ebp ret FUNC_000946: ; Pos = 3e044 push ebp mov ebp,esp mov eax,[ebp+0x8] add [DATA_008904],ax mov edx,[DATA_008891] add edx,eax mov [DATA_008891],edx add eax,[DATA_008889] mov [DATA_008889],eax pop ebp ret FUNC_000947: ; Pos = 3e06c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] movsx eax,byte [ebx+0xd0] mov byte [ebx+0xd0],0x0 xor edx,edx mov [ebx+0x11e],edx cmp byte [ebx+0x118],0xff jnz JUMP_003978 mov eax,[eax*4+DATA_007210] push eax call FUNC_000946 pop ecx JUMP_003978: ; Pos = 3e0a0 push byte +0x0 push dword 0x98ca push ebx call FUNC_000944 add esp,byte +0xc pop ebx pop ebp ret FUNC_000948: ; Pos = 3e0b4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov al,[ebx+0xd0] test al,al jz JUMP_003979 movsx eax,al mov byte [ebx+0xd0],0x1 cmp byte [ebx+0x118],0xff jnz JUMP_003979 mov eax,[eax*4+DATA_007210] sub eax,byte +0x4 push eax call FUNC_000946 pop ecx JUMP_003979: ; Pos = 3e0e9 push byte +0x0 push dword 0x98ca push ebx call FUNC_000944 add esp,byte +0xc pop ebx pop ebp ret FUNC_000949: ; Pos = 3e0fc push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push byte +0x6 call near [DATA_007217] ; FUNC_000922 pop ecx mov edx,eax cmp edx,byte +0x5 ja JUMP_003986 jmp near [edx*4+DATA_000038] SECTION .data DATA_000038: ; Pos = 3e11a dd JUMP_003980 dd JUMP_003981 dd JUMP_003982 dd JUMP_003983 dd JUMP_003984 dd JUMP_003985 SECTION .text JUMP_003980: ; Pos = 3e132 mov word [ebx+0xbc],0x0 jmp short JUMP_003986 JUMP_003981: ; Pos = 3e13d mov word [ebx+0xbe],0x0 jmp short JUMP_003986 JUMP_003982: ; Pos = 3e148 mov word [ebx+0xc0],0x0 jmp short JUMP_003986 JUMP_003983: ; Pos = 3e153 mov word [ebx+0xc2],0x0 jmp short JUMP_003986 JUMP_003984: ; Pos = 3e15e mov word [ebx+0xc4],0x0 jmp short JUMP_003986 JUMP_003985: ; Pos = 3e169 mov word [ebx+0xc6],0x0 JUMP_003986: ; Pos = 3e172 cmp byte [ebx+0x118],0xff jnz JUMP_003987 xor edx,edx mov [eax*4+DATA_008935],edx JUMP_003987: ; Pos = 3e184 add eax,0x99ae push eax push dword 0x98cb push ebx call FUNC_000944 add esp,byte +0xc pop ebx pop ebp ret FUNC_000950: ; Pos = 3e19c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] call near [DATA_007752] ; FUNC_001530 cmp ax,0x5555 jc JUMP_003988 push ebx call FUNC_000945 pop ecx pop ebx pop ebp ret JUMP_003988: ; Pos = 3e1b9 cmp ax,0x888 jnc JUMP_003989 push ebx call FUNC_000947 pop ecx pop ebx pop ebp ret JUMP_003989: ; Pos = 3e1c9 cmp ax,0x1c71 jnc JUMP_003990 push ebx call FUNC_000948 pop ecx pop ebx pop ebp ret JUMP_003990: ; Pos = 3e1d9 push ebx call FUNC_000949 pop ecx pop ebx pop ebp ret FUNC_000951: ; Pos = 3e1e4 push ebp mov ebp,esp push ebx push esi mov ecx,[ebp+0xc] mov esi,[ebp+0x8] cmp ecx,[DATA_008891] jnl JUMP_003993 mov edx,0x25 mov eax,DATA_008906 JUMP_003991: ; Pos = 3e201 movzx ebx,word [eax] sub ecx,ebx jns JUMP_003992 dec word [eax] inc word [DATA_008904] add edx,0x8e00 push edx push dword 0x98c8 push esi call FUNC_000944 add esp,byte +0xc jmp short JUMP_003994 JUMP_003992: ; Pos = 3e229 dec edx add eax,byte -0x2 test edx,edx jnl JUMP_003991 JUMP_003993: ; Pos = 3e231 push esi call FUNC_000943 pop ecx JUMP_003994: ; Pos = 3e238 pop esi pop ebx pop ebp ret FUNC_000952: ; Pos = 3e23c push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp byte [ebx+0x118],0xff jnz JUMP_003995 mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x8] push eax call near [DATA_007217] ; FUNC_000922 pop ecx cmp eax,[DATA_008889] jnl JUMP_003995 push eax push ebx call FUNC_000951 add esp,byte +0x8 pop ebx pop ebp ret JUMP_003995: ; Pos = 3e27e push ebx call FUNC_000950 pop ecx pop ebx pop ebp ret FUNC_000953: ; Pos = 3e288 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov edi,[ebp+0xc] mov ebx,[ebp+0x8] test edi,edi jnl JUMP_003996 mov edi,0x7fffffff JUMP_003996: ; Pos = 3e2a0 xor eax,eax mov al,[ebx+0x86] push eax push byte +0xd call FUNC_000034 add esp,byte +0x8 mov eax,[ebp+0x10] push eax push byte +0xe call FUNC_000034 add esp,byte +0x8 push edi push byte +0xc call FUNC_000034 add esp,byte +0x8 push byte +0xc call FUNC_000035 pop ecx mov edi,eax xor esi,esi mov dword [ebp-0x10],DATA_008623 jmp short JUMP_003999 JUMP_003997: ; Pos = 3e2e1 mov eax,[ebp-0x10] test byte [eax],0x4 jz JUMP_003998 mov dword [ebp-0xc],0x1 mov [ebp-0x8],ebx mov al,[ebx+0x86] mov [ebp-0x4],al lea eax,[ebp-0xc] push eax push byte +0xb push esi call FUNC_000144 add esp,byte +0xc JUMP_003998: ; Pos = 3e30b inc esi add dword [ebp-0x10],byte +0x8 JUMP_003999: ; Pos = 3e310 cmp esi,[DATA_008621] jl JUMP_003997 cmp byte [ebx+0x87],0x3 jz JUMP_004000 cmp byte [ebx+0x87],0xb jnz near JUMP_004006 xor eax,eax mov al,[ebx+0x86] mov edx,[DATA_007758] test byte [edx+eax],0x10 jnz near JUMP_004006 mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx cmp dword [eax+0x38],byte +0x0 jz near JUMP_004006 JUMP_004000: ; Pos = 3e35e movzx eax,word [ebx+0xe0] cmp edi,eax jg JUMP_004001 sub [ebx+0xe0],di movsx eax,byte [ebx+0x88] push eax push byte +0x1c call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 or byte [ebx+0x151],0x1 jmp short JUMP_004004 JUMP_004001: ; Pos = 3e38b movzx eax,word [ebx+0xe0] sub edi,eax mov word [ebx+0xe0],0x0 movzx eax,word [ebx+0xe4] cmp edi,eax jl JUMP_004002 mov eax,[ebp+0x10] push eax push ebx call FUNC_000942 add esp,byte +0x8 jmp short JUMP_004007 JUMP_004002: ; Pos = 3e3b7 sub [ebx+0xe4],di mov byte [ebx+0x14e],0xa movsx eax,byte [ebx+0x88] push eax push byte +0x1d call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 movzx esi,word [ebx+0xe4] sar esi,0x2 cmp edi,esi jnl JUMP_004003 call near [DATA_007752] ; FUNC_001530 mov ecx,eax mov eax,edi shl eax,0xf cdq idiv esi cmp ecx,eax jnc JUMP_004004 JUMP_004003: ; Pos = 3e3f9 push ebx call FUNC_000952 pop ecx jmp short JUMP_004007 JUMP_004004: ; Pos = 3e402 cmp byte [ebx+0x118],0xff jnz JUMP_004005 push byte +0x0 push byte +0x17 call FUNC_000148 add esp,byte +0x8 JUMP_004005: ; Pos = 3e417 mov eax,0x1 jmp short JUMP_004007 JUMP_004006: ; Pos = 3e41e movsx eax,byte [ebx+0x88] push eax push byte +0x1d call FUNC_001907_SoundPlaySampleLogVol add esp,byte +0x8 mov eax,0x1 JUMP_004007: ; Pos = 3e435 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000954: ; Pos = 3e43c push ebp mov ebp,esp add esp,0xfffffae8 push ebx push esi push edi mov eax,[ebp+0x8] push eax push dword DATA_007228 lea eax,[ebp+0xfffffae8] push eax call _sprintf add esp,byte +0xc push dword DATA_007229 lea eax,[ebp+0xfffffae8] push eax call _fopen add esp,byte +0x8 mov esi,eax test esi,esi jz JUMP_004010 push esi push byte +0x1 push byte +0xe lea eax,[ebp-0x18] push eax call _fread add esp,byte +0x10 cmp eax,byte +0x1 jnz JUMP_004009 mov eax,[ebp-0xe] mov edx,[DATA_008241] xor ecx,ecx mov cl,[edx+0x1] mov [ebp-0x8],ecx movsx edi,word [edx+0x2] add edi,byte +0x3 and edi,byte -0x4 push byte +0x0 push eax push esi call _fseek add esp,byte +0xc mov eax,[DATA_008241] add eax,byte +0x8 mov [ebp-0x4],eax mov ebx,0x1 cmp ebx,[ebp-0x8] jg JUMP_004009 JUMP_004008: ; Pos = 3e4cc push esi push edi push byte +0x1 mov eax,[ebp-0x8] sub eax,ebx imul edi add eax,[ebp-0x4] push eax call _fread add esp,byte +0x10 inc ebx cmp ebx,[ebp-0x8] jng JUMP_004008 JUMP_004009: ; Pos = 3e4e9 push esi call _fclose pop ecx JUMP_004010: ; Pos = 3e4f0 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000955: ; Pos = 3e4f8 push ebp mov ebp,esp push ebx mov eax,[DATA_008861] mov ebx,[eax+0x82] cmp ebx,byte +0x34 jnz JUMP_004011 mov ebx,0x5 jmp short JUMP_004014 JUMP_004011: ; Pos = 3e513 push ebx call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx ecx,word [eax+0x6] xor eax,eax mov edx,DATA_007222 JUMP_004012: ; Pos = 3e529 cmp ecx,[edx] jl JUMP_004013 inc eax add edx,byte +0x8 cmp eax,byte +0x5 jl JUMP_004012 JUMP_004013: ; Pos = 3e536 mov ebx,[eax*8+DATA_007223] JUMP_004014: ; Pos = 3e53d cmp ebx,[DATA_007224] jz JUMP_004015 push ebx call FUNC_000954 pop ecx mov [DATA_007224],ebx JUMP_004015: ; Pos = 3e552 mov eax,0x60 pop ebx pop ebp ret FUNC_000956: ; Pos = 3e55c push ebp mov ebp,esp call FUNC_000955 cmp dword [ebp+0x8],byte +0x0 jnz JUMP_004016 push byte +0x0 push byte +0x0 push eax push dword DATA_007774 call FUNC_001623_BlitIndex add esp,byte +0x10 JUMP_004016: ; Pos = 3e57c pop ebp ret FUNC_000957: ; Pos = 3e580 push ebp mov ebp,esp call FUNC_000955 mov edx,[ebp+0x14] push edx mov edx,[ebp+0x10] push edx mov edx,[ebp+0xc] push edx mov edx,[ebp+0x8] push edx push byte +0x0 push byte +0x0 push eax call FUNC_001622_BlitClipIndexToBuf add esp,byte +0x1c pop ebp ret FUNC_000958: ; Pos = 3e5c0 mov dword [DATA_008818],0x12345678 mov dword [DATA_008820],0x89abcdef ret FUNC_000959: ; Pos = 3e5d8 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov ebx,DATA_009127 mov edx,DATA_007235 mov esi,DATA_007236 lea edi,[ebp-0x24] mov ecx,0x9 rep movsd cmp dword [ebp+0x8],byte +0x0 jnz near JUMP_004020 lea esi,[ebp-0x24] mov edi,ebx mov ecx,0x9 rep movsd mov byte [ebx+0x24],0x3c mov byte [ebx+0x25],0x0 mov eax,[edx] mov [ebx+0x26],eax mov ecx,[edx+0x4] mov [ebx+0x2e],ecx mov ecx,[edx+0x8] mov [ebx+0x36],ecx or ecx,byte -0x1 test eax,eax jl JUMP_004017 inc ecx JUMP_004017: ; Pos = 3e631 mov [ebx+0x2a],ecx or eax,byte -0x1 cmp dword [edx+0x4],byte +0x0 jl JUMP_004018 inc eax JUMP_004018: ; Pos = 3e63e mov [ebx+0x32],eax or eax,byte -0x1 cmp dword [edx+0x8],byte +0x0 jl JUMP_004019 inc eax JUMP_004019: ; Pos = 3e64b mov [ebx+0x32],eax push byte +0x18 lea eax,[ebx+0x26] push eax lea eax,[ebx+0x3e] push eax call _memcpy add esp,byte +0xc mov byte [ebx+0x56],0x0 mov byte [ebx+0x57],0x0 xor eax,eax mov [ebx+0x7e],eax mov dword [ebx+0x82],0xb0 mov byte [ebx+0x58],0x0 mov byte [ebx+0x86],0x0 mov byte [ebx+0x87],0x0 mov byte [ebx+0x88],0x0 mov byte [ebx+0x8b],0x0 mov byte [ebx+0x8a],0x0 push byte +0xc push byte +0x0 lea eax,[ebx+0x8c] push eax call _memset add esp,byte +0xc mov word [ebx+0x98],0x8000 mov word [ebx+0x9a],0x8000 mov word [ebx+0x9c],0x0 mov word [ebx+0x9e],0x0 mov dword [ebx+0xa0],0x789a3456 xor eax,eax mov [ebx+0xa4],eax mov esi,DATA_007238 lea edi,[ebx+0x124] mov eax,edi movsw movsb xor eax,eax mov [ebx+0x138],eax xor eax,eax mov [ebx+0x13c],eax xor eax,eax mov [ebx+0x140],eax xor eax,eax mov [ebx+0x144],eax xor eax,eax mov [ebx+0x148],eax mov byte [ebx+0x14c],0x0 mov byte [ebx+0x14d],0x0 mov byte [ebx+0x14e],0x0 mov byte [ebx+0x14f],0x0 mov byte [ebx+0x150],0x0 mov byte [ebx+0x151],0x0 JUMP_004020: ; Pos = 3e749 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000960: ; Pos = 3e750 push ebp mov ebp,esp mov eax,[DATA_007231] mov [DATA_008821],eax mov eax,[DATA_007232] mov [DATA_008822],eax mov eax,[DATA_007233] mov [DATA_008823],eax push byte +0x18 push dword DATA_007234 push dword DATA_008831 call _memcpy add esp,byte +0xc mov eax,[ebp+0x8] mov [DATA_009128],eax push dword DATA_009127 call near [DATA_007807] ; FUNC_001682 pop ecx pop ebp ret FUNC_000961: ; Pos = 3e7a4 push ebp mov ebp,esp push ecx push ebx mov ebx,DATA_008804 mov eax,[ebx] mov [DATA_009132],eax cmp eax,0x8276e jnc JUMP_004021 mov byte [ebp-0x3],0x0 mov byte [ebp-0x2],0x0 mov byte [ebp-0x1],0x0 mov byte [ebx+0x20],0x0 mov byte [ebx+0x21],0x0 mov byte [ebx+0x22],0x4 lea eax,[ebp-0x3] push eax call FUNC_001575 pop ecx mov eax,[DATA_009132] shr eax,0xa mov [DATA_009129],ax push dword 0xb1 call FUNC_000960 pop ecx jmp short JUMP_004023 JUMP_004021: ; Pos = 3e7f9 mov eax,[DATA_009132] sub eax,0x8276e shr eax,0xa mov [DATA_009129],ax xor eax,eax mov [ebx+0x1c],eax push dword 0xb0 call FUNC_000960 pop ecx cmp dword [ebx+0x1c],byte +0x0 jnz JUMP_004022 mov byte [ebx+0x20],0x0 mov byte [ebx+0x21],0x0 mov byte [ebx+0x22],0x4 JUMP_004022: ; Pos = 3e82e lea eax,[ebx+0x20] push eax call FUNC_001575 pop ecx JUMP_004023: ; Pos = 3e838 cmp dword [DATA_009132],0x7e7b76 jc JUMP_004024 call FUNC_001577_ClearBuf call FUNC_001637_FlipScreen call FUNC_001577_ClearBuf or byte [ebx+0x74],0x20 xor eax,eax mov [ebx],eax mov al,[DATA_009131] inc byte [DATA_009131] cmp al,0x39 jl JUMP_004024 mov byte [DATA_009131],0x30 mov al,[DATA_009130] inc byte [DATA_009130] cmp al,0x39 jl JUMP_004024 mov byte [DATA_009130],0x30 JUMP_004024: ; Pos = 3e887 pop ebx pop ecx pop ebp ret FUNC_000962: ; Pos = 3e88c push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov ebx,DATA_008804 mov esi,DATA_007644 cmp dword [ebx],0x795cc jna JUMP_004026 cmp byte [ebx+0xd],0x0 jnz JUMP_004026 push byte +0x42 call FUNC_001620_BmpIndexToPtr pop ecx movsx eax,word [eax+0x2] sar eax,1 jns JUMP_004025 adc eax,byte +0x0 JUMP_004025: ; Pos = 3e8c0 mov edx,0xa0 sub edx,eax push dword 0x9e push edx push byte +0x42 call FUNC_001621_BlitIndexToBuf add esp, byte 0xc ; mov dx,0xa0 ; sub dx,ax ; mov [ebp-0x4],dx ; mov word [ebp-0x2],0x9e ; lea eax,[ebp-0x4] ; push eax ; push byte +0x42 ; call FUNC_001580_PersistBlit ; add esp,byte +0x8 JUMP_004026: ; Pos = 3e8df cmp dword [ebx],0x8276e jnc JUMP_004027 xor eax,eax mov [DATA_007237],eax jmp JUMP_004047 JUMP_004027: ; Pos = 3e8f3 call near [DATA_007672] ; FUNC_001414_GuiGetLastAction mov edi,eax and edi,0xff cmp edi,byte +0x56 jnz JUMP_004028 mov dword [DATA_007237],0x1 jmp short JUMP_004029 JUMP_004028: ; Pos = 3e912 mov eax,edi push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx JUMP_004029: ; Pos = 3e91c cmp dword [DATA_007237],byte +0x0 jz JUMP_004030 push dword 0x136 push byte +0x3c push byte +0xa push byte +0x10 lea eax,[ebp-0x18] push eax push dword 0x942d call near [esi] add esp,byte +0x18 JUMP_004030: ; Pos = 3e93e cmp dword [ebx],0xfbd3a jnc JUMP_004031 push byte +0x0 push byte +0xf push byte +0x5a push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x941b call near [esi] add esp,byte +0x18 jmp JUMP_004047 JUMP_004031: ; Pos = 3e961 mov eax,[ebx] cmp eax,0x181534 jc near JUMP_004047 cmp eax,0x1ee8d2 jnc JUMP_004032 push byte +0x0 push byte +0x44 push byte +0x2 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x941c call near [esi] add esp,byte +0x18 jmp JUMP_004047 JUMP_004032: ; Pos = 3e990 mov eax,[ebx] cmp eax,0x212f5c jc near JUMP_004047 cmp eax,0x24fa42 jnc JUMP_004033 push byte +0x0 push byte +0x14 push dword 0xf5 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x941d call near [esi] add esp,byte +0x18 JUMP_004033: ; Pos = 3e9bd mov eax,[ebx] cmp eax,0x2375e6 jc near JUMP_004047 cmp eax,0x2740cc jnc JUMP_004034 push byte +0x0 push byte +0x73 push byte +0xa push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x941e call near [esi] add esp,byte +0x18 JUMP_004034: ; Pos = 3e9e7 mov eax,[ebx] cmp eax,0x2d523c jc near JUMP_004047 cmp eax,0x34e808 jnc JUMP_004035 push byte +0x0 push byte +0xf push dword 0xf0 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x941f call near [esi] add esp,byte +0x18 JUMP_004035: ; Pos = 3ea14 mov eax,[ebx] cmp eax,0x32a17e jc near JUMP_004047 cmp eax,0x372e92 jnc JUMP_004036 push byte +0x0 push byte +0x7d push byte +0x5 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x9420 call near [esi] add esp,byte +0x18 jmp JUMP_004047 JUMP_004036: ; Pos = 3ea43 mov eax,[ebx] cmp eax,0x3bbba6 jc near JUMP_004047 cmp eax,0x3f868c jnc JUMP_004037 push byte +0x0 push byte +0xf push dword 0xf5 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x9421 call near [esi] add esp,byte +0x18 jmp JUMP_004047 JUMP_004037: ; Pos = 3ea75 mov eax,[ebx] cmp eax,0x48a0b4 jc near JUMP_004047 cmp eax,0x4d2dc8 jnc JUMP_004038 push byte +0x0 push byte +0x14 push byte +0x14 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x9422 call near [esi] add esp,byte +0x18 JUMP_004038: ; Pos = 3ea9f mov eax,[ebx] cmp eax,0x4ae73e jc near JUMP_004047 cmp eax,0x4f7452 jnc JUMP_004039 push byte +0x0 push byte +0x73 push dword 0xf0 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x9423 call near [esi] add esp,byte +0x18 JUMP_004039: ; Pos = 3eacc mov eax,[ebx] cmp eax,0x4d2dc8 jc near JUMP_004047 cmp eax,0x50f8ae jnc JUMP_004040 push byte +0x0 push byte +0x14 push byte +0x14 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x9424 call near [esi] add esp,byte +0x18 JUMP_004040: ; Pos = 3eaf6 mov eax,[ebx] cmp eax,0x588e7a jc near JUMP_004047 cmp eax,0x5d1b8e jnc JUMP_004041 push byte +0x0 push byte +0x7d push byte +0x5 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x9425 call near [esi] add esp,byte +0x18 JUMP_004041: ; Pos = 3eb20 mov eax,[ebx] cmp eax,0x5ad504 jc near JUMP_004047 cmp eax,0x5e9fea jnc JUMP_004042 push byte +0x0 push byte +0xa push dword 0xf5 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x9426 call near [esi] add esp,byte +0x18 jmp JUMP_004047 JUMP_004042: ; Pos = 3eb52 mov eax,[ebx] cmp eax,0x626ad0 jc near JUMP_004047 cmp eax,0x67ba12 jnc JUMP_004043 push byte +0x0 push byte +0x64 push byte +0x14 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x9428 call near [esi] add esp,byte +0x18 JUMP_004043: ; Pos = 3eb7c mov eax,[ebx] cmp eax,0x657388 jc near JUMP_004047 cmp eax,0x693e6e jnc JUMP_004044 push byte +0x0 push byte +0xa push dword 0x8c push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x9427 call near [esi] add esp,byte +0x18 jmp JUMP_004047 JUMP_004044: ; Pos = 3ebae mov eax,[ebx] cmp eax,0x6b84f8 jc near JUMP_004047 cmp eax,0x70d43a jnc JUMP_004045 push byte +0x0 push byte +0x14 push byte +0x5 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x9429 call near [esi] add esp,byte +0x18 JUMP_004045: ; Pos = 3ebd8 mov eax,[ebx] cmp eax,0x6d0954 jna JUMP_004046 cmp eax,0x725896 jnc JUMP_004046 push byte +0x0 push byte +0x14 push dword 0xdc push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x942a call near [esi] add esp,byte +0x18 JUMP_004046: ; Pos = 3ec01 cmp dword [ebx],0x77a7d8 jc JUMP_004047 push dword 0x136 push byte +0xa push byte +0x5 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x942b call near [esi] add esp,byte +0x18 push dword 0x136 push byte +0x44 push byte +0x5 push byte +0xf lea eax,[ebp-0x18] push eax push dword 0x942c call near [esi] add esp,byte +0x18 JUMP_004047: ; Pos = 3ec3b pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000963: ; Pos = 3ec44 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,DATA_008804 mov ecx,eax and ecx,0xff dec ecx jnz JUMP_004052 mov byte [edx+0x3fa],0x0 mov ecx,[edx] mov [edx+0x400],ecx mov ecx,[edx+0x4] mov [edx+0x404],ecx mov word [edx+0x40a],0x2a mov word [edx+0x408],0x7fff sar eax,0x8 sub eax,byte +0x1 jc JUMP_004050 dec eax jz JUMP_004048 dec eax jz JUMP_004049 jmp short JUMP_004051 JUMP_004048: ; Pos = 3ec94 mov byte [edx+0x3fb],0x60 pop ebp ret JUMP_004049: ; Pos = 3ec9d mov byte [edx+0x3fb],0x70 pop ebp ret JUMP_004050: ; Pos = 3eca6 mov byte [edx+0x3fb],0x6c pop ebp ret JUMP_004051: ; Pos = 3ecaf mov byte [edx+0x3fb],0x6f JUMP_004052: ; Pos = 3ecb6 pop ebp ret FUNC_000964: ; Pos = 3ecb8 push ebp mov ebp,esp push ebx mov byte [DATA_008634],0x0 mov byte [DATA_008635],0x0 push byte +0x50 call FUNC_000264_ConsoleHideButton pop ecx call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas push byte +0x0 call FUNC_000956 pop ecx call FUNC_001574 test byte [DATA_008982],0x10 jz JUMP_004053 mov al,[DATA_008979] mov [DATA_008983],al mov eax,[DATA_008984] mov [DATA_008988],eax JUMP_004053: ; Pos = 3ed02 test byte [DATA_008982],0x1 jz JUMP_004054 push byte +0x0 push byte +0x0 push byte +0x0 call FUNC_000271 add esp,byte +0xc JUMP_004054: ; Pos = 3ed19 mov ebx,0x1a JUMP_004055: ; Pos = 3ed1e push ebx call FUNC_000264_ConsoleHideButton pop ecx inc ebx cmp ebx,byte +0x24 jng JUMP_004055 pop ebx pop ebp ret FUNC_000965: ; Pos = 3ed30 push ebp mov ebp,esp push dword DATA_007240 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] and eax,0x1ff push eax mov eax,[ebp+0x10] push eax call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret FUNC_000966: ; Pos = 3ed54 push ebp mov ebp,esp or byte [DATA_008982],0x10 mov al,[DATA_008983] mov [DATA_008979],al call FUNC_000969 call FUNC_000971 call FUNC_000968 pop ebp ret FUNC_000967: ; Pos = 3ed7c push ebp mov ebp,esp push byte +0x50 call FUNC_000263_ConsoleShowButton pop ecx pop ebp ret FUNC_000968: ; Pos = 3ed8c push ebp mov ebp,esp xor eax,eax mov al,[DATA_008979] test byte [eax+DATA_008801],0x8 jnz JUMP_004056 dec byte [DATA_008979] JUMP_004056: ; Pos = 3eda5 push byte +0x0 call FUNC_000967 pop ecx pop ebp ret FUNC_000969: ; Pos = 3edb0 push ebp mov ebp,esp push ebx mov ebx,DATA_008804 push byte +0x5 call near [DATA_007200] ; FUNC_000923 pop ecx and byte [ebx+0x3fa],0xfe mov word [ebx+0x3fe],0x33 mov word [ebx+0x3fc],0x7fff mov eax,[ebx] mov [ebx+0x400],eax mov eax,[ebx+0x4] mov [ebx+0x404],eax push dword 0x100 push dword 0x100 call near [DATA_007681] ; FUNC_001444_GuiSetXYAccum add esp,byte +0x8 mov byte [DATA_008634],0xff mov byte [DATA_008635],0xff mov byte [ebx+0xc],0xfe mov byte [ebx+0x20],0x2 mov byte [ebx+0x21],0x2 mov byte [ebx+0x22],0x2 call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas push dword DATA_007241 call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx pop ebx pop ebp ret FUNC_000970: ; Pos = 3ee34 push ebp mov ebp,esp push ebx push esi mov eax,[ebp+0x8] mov [DATA_007758],eax mov ebx,0x72 lea esi,[eax+0x72] JUMP_004057: ; Pos = 3ee49 test byte [esi],0x20 jz JUMP_004058 push ebx call near [DATA_007753] ; FUNC_001531 pop ecx push eax call FUNC_000973 pop ecx JUMP_004058: ; Pos = 3ee5d dec ebx dec esi test ebx,ebx jg JUMP_004057 pop esi pop ebx pop ebp ret FUNC_000971: ; Pos = 3ee68 push ebp mov ebp,esp push esi push edi push dword DATA_008801 call FUNC_000988 pop ecx mov eax,[DATA_009133] mov esi,eax mov edi,DATA_008801 mov ecx,0x2612 rep movsd movsw mov eax,[DATA_008988] mov [DATA_008984],eax push dword DATA_008801 call FUNC_000970 pop ecx pop edi pop esi pop ebp ret FUNC_000972: ; Pos = 3eea8 push ebp mov ebp,esp add esp,byte -0x28 push dword DATA_008801 call FUNC_000988 pop ecx lea eax,[ebp-0x28] push eax call FUNC_000855 pop ecx lea eax,[ebp-0x28] push eax push dword DATA_008798 call FUNC_000878 add esp,byte +0x8 mov eax,[DATA_008807] push eax mov eax,[DATA_008804] push eax push dword DATA_008798 push dword DATA_008801 call FUNC_000880 add esp,byte +0x10 mov esp,ebp pop ebp ret FUNC_000973: ; Pos = 3eef8 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0x87],0x3 jnz JUMP_004059 mov byte [eax+0x87],0x5 cmp byte [eax+0xff],0x24 jz JUMP_004062 mov byte [eax+0x57],0x0 pop ebp ret JUMP_004059: ; Pos = 3ef1d cmp byte [eax+0x87],0xb jnz JUMP_004062 mov dl,[eax+0xff] cmp dl,0x24 jz JUMP_004060 cmp dl,0x11 jz JUMP_004060 cmp dword [eax+0x82],0x9a jnz JUMP_004061 cmp word [eax+0x9e],byte +0x1 jz JUMP_004061 JUMP_004060: ; Pos = 3ef4c push eax call FUNC_000940 pop ecx jmp short JUMP_004062 JUMP_004061: ; Pos = 3ef55 mov byte [eax+0x87],0x5 mov byte [eax+0x57],0x0 JUMP_004062: ; Pos = 3ef60 pop ebp ret FUNC_000974: ; Pos = 3ef64 push ebp mov ebp,esp add esp,byte -0x38 and byte [DATA_008982],0xef mov byte [DATA_008979],0x72 call FUNC_000969 mov byte [ebp-0x37],0x3 mov byte [ebp-0x36],0x0 mov byte [ebp-0x35],0x0 lea eax,[ebp-0x37] push eax call FUNC_001575 pop ecx call FUNC_000972 call FUNC_000968 mov esp,ebp pop ebp ret FUNC_000975: ; Pos = 3efa4 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0xc] mov eax,[ebp+0x8] mov [DATA_007758],eax mov esi,0x72 lea ebx,[eax+0x72] JUMP_004063: ; Pos = 3efbd mov al,[ebx] test al,0x8 jz JUMP_004064 test al,0x20 jnz JUMP_004064 push esi call near [DATA_007753] ; FUNC_001531 pop ecx movsx edx,word [eax+0x98] add edx,byte +0x3 cmp edx,0x13c jnl JUMP_004064 movsx ecx,word [eax+0x9a] add ecx,byte -0x4 cmp ecx,0x95 jnl JUMP_004064 movsx ecx,word [eax+0x9a] add ecx,byte -0x4 push ecx push edx push eax call edi add esp,byte +0xc JUMP_004064: ; Pos = 3f005 dec esi dec ebx test esi,esi jg JUMP_004063 pop edi pop esi pop ebx pop ebp ret FUNC_000976: ; Pos = 3f010 push ebp mov ebp,esp push dword DATA_009147 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_000965 add esp,byte +0xc mov eax,[ebp+0x10] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax push dword DATA_009147 call FUNC_001584_TextWriteDefaultClip add esp,byte +0x10 pop ebp ret FUNC_000977: ; Pos = 3f044 push ebp mov ebp,esp add esp,byte -0x14 mov eax,[DATA_008986] mov [ebp-0x14],eax mov eax,[DATA_008987] mov [ebp-0x10],eax push dword 0x94 push byte +0xa push byte +0xf lea eax,[ebp-0x14] push eax push byte +0x0 call FUNC_000976 add esp,byte +0x14 test byte [DATA_008982],0x2 jnz JUMP_004065 push dword FUNC_000978 push dword DATA_008801 call FUNC_000975 add esp,byte +0x8 JUMP_004065: ; Pos = 3f08c mov esp,ebp pop ebp ret FUNC_000978: ; Pos = 3f090 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] xor eax,eax mov al,[ebx+0x86] movsx edx,byte [DATA_008874] cmp eax,edx jnz JUMP_004066 test byte [DATA_008805],0x1 jnz JUMP_004066 push byte +0x11 push edi lea eax,[esi-0x8] push eax push dword DATA_007242 call FUNC_001584_TextWriteDefaultClip add esp,byte +0x10 JUMP_004066: ; Pos = 3f0cf cmp byte [ebx+0x87],0x1 jnz JUMP_004072 mov al,[ebx+0x56] test al,al jz JUMP_004071 push dword DATA_008801 and eax,0xff push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 movsx edx,word [eax+0x98] sub edx,esi jns JUMP_004067 movsx edx,word [eax+0x98] sub edx,esi neg edx jmp short JUMP_004068 JUMP_004067: ; Pos = 3f10b movsx edx,word [eax+0x98] sub edx,esi JUMP_004068: ; Pos = 3f114 movsx ecx,word [eax+0x9a] sub ecx,edi jns JUMP_004069 movsx ecx,word [eax+0x9a] sub ecx,edi neg ecx jmp short JUMP_004070 JUMP_004069: ; Pos = 3f12c movsx ecx,word [eax+0x9a] sub ecx,edi JUMP_004070: ; Pos = 3f135 add edx,ecx cmp edx,byte +0xa jl JUMP_004072 JUMP_004071: ; Pos = 3f13c push byte +0xf push edi push esi add ebx,0x124 push ebx call FUNC_001589_WriteStringShadowed add esp,byte +0x10 JUMP_004072: ; Pos = 3f14f pop edi pop esi pop ebx pop ebp ret FUNC_000979: ; Pos = 3f154 push ebp mov ebp,esp test byte [DATA_008982],0x8 jz JUMP_004073 and byte [DATA_008982],0xf7 call FUNC_000968 JUMP_004073: ; Pos = 3f16c pop ebp ret FUNC_000980: ; Pos = 3f170 push ebp mov ebp,esp add esp,byte -0x10 push ebx mov ebx,DATA_008804 cmp dword [ebp+0x8],byte +0x0 jl JUMP_004074 mov eax,[ebx+0x404] mov [ebp-0xc],eax mov eax,[ebx+0x400] mov [ebp-0x10],eax push dword [ebp+0x10] push dword [ebp+0xc] push dword [ebp-0xc] push dword [ebp-0x10] lea eax,[ebp-0x8] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov eax,[ebp-0x4] mov [ebx+0x404],eax mov eax,[ebp-0x8] mov [ebx+0x400],eax jmp short JUMP_004075 JUMP_004074: ; Pos = 3f1c0 mov eax,[ebx+0x404] not eax mov [ebp-0xc],eax mov eax,[ebx+0x400] not eax mov [ebp-0x10],eax push dword [ebp+0x10] push dword [ebp+0xc] push dword [ebp-0xc] push dword [ebp-0x10] lea eax,[ebp-0x8] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 mov eax,[ebp-0x4] not eax mov [ebx+0x404],eax mov eax,[ebp-0x8] not eax mov [ebx+0x400],eax JUMP_004075: ; Pos = 3f204 push dword DATA_008801 call FUNC_000932 pop ecx mov eax,[ebx+0x404] push eax mov eax,[ebx+0x400] push eax push dword DATA_008801 call FUNC_000149 add esp,byte +0xc pop ebx mov esp,ebp pop ebp ret FUNC_000981: ; Pos = 3f230 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x8] mov [DATA_007758],edi mov esi,0x72 lea ebx,[edi+0x72] JUMP_004076: ; Pos = 3f247 mov al,[ebx] test al,al jz JUMP_004077 test al,0x20 jnz JUMP_004077 push esi call near [DATA_007753] ; FUNC_001531 pop ecx push edi push eax call FUNC_000986 add esp,byte +0x8 JUMP_004077: ; Pos = 3f263 dec esi dec ebx test esi,esi jg JUMP_004076 pop edi pop esi pop ebx pop ebp ret FUNC_000982: ; Pos = 3f270 push ebp mov ebp,esp add esp,0xfffffeb0 push ebx push esi push edi push byte +0x0 call FUNC_000956 pop ecx call near [DATA_007672] ; FUNC_001414_GuiGetLastAction mov esi,eax and esi,0xff test esi,esi jz near JUMP_004098 mov eax,esi cmp eax,0xf5 jg JUMP_004078 jz JUMP_004079 ; 0xf5 sub eax,byte +0x3 jz near JUMP_004093 ; 0x3 dec eax jz near JUMP_004094 ; 0x4 sub eax,byte +0x70 jz JUMP_004081 ; 0x74 - 't' select target sub eax,byte +0xc jz near JUMP_004088 ; 0x80 jmp JUMP_004097 JUMP_004078: ; Pos = 3f2c8 add eax,0xffffff0a sub eax,byte +0x5 jc JUMP_004080 ; 0xf6-0xfa jz near JUMP_004085 ; 0xfb dec eax jz near JUMP_004095 ; 0xfc sub eax,byte +0x3 jz near JUMP_004083 ; 0xff jmp JUMP_004097 JUMP_004079: ; Pos = 3f2ed push byte +0x0 call FUNC_000834 pop ecx push byte +0x1 push byte +0x24 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_004109 JUMP_004080: ; Pos = 3f306 push byte +0x0 call FUNC_000834 pop ecx mov ebx,esi push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx push byte +0x0 call FUNC_000840 pop ecx push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx push byte +0x0 call FUNC_000840 pop ecx jmp JUMP_004109 JUMP_004081: ; Pos = 3f335 test byte [DATA_008982],0x10 jz JUMP_004082 or byte [DATA_008982],0x1 mov dword [ebp+0xfffffeb0],0x8a01 mov dword [ebp+0xfffffec8],0xffffffff lea eax,[ebp+0xfffffeb0] push eax mov eax,[ebp+0xfffffeb0] push eax lea eax,[ebp+0xfffffee0] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc push byte +0x1 push byte +0x0 lea eax,[ebp+0xfffffee0] push eax call FUNC_000271 add esp,byte +0xc JUMP_004082: ; Pos = 3f38a call FUNC_000979 jmp JUMP_004098 JUMP_004083: ; Pos = 3f394 mov byte [DATA_008876],0x0 push dword FUNC_000983 push dword DATA_008801 call FUNC_000975 add esp,byte +0x8 and byte [DATA_008982],0xfe push byte +0x0 push byte +0x0 push byte +0x0 call FUNC_000271 add esp,byte +0xc call FUNC_000984 movsx edx,word [DATA_008985] cmp eax,edx jng JUMP_004084 mov [DATA_008985],ax JUMP_004084: ; Pos = 3f3d8 push dword DATA_008801 call FUNC_000932 pop ecx call FUNC_000979 jmp JUMP_004098 JUMP_004085: ; Pos = 3f3ed xor eax,eax mov al,[DATA_009160] cmp esi,eax jnz JUMP_004086 cmp byte [DATA_009162],0x14 jnc near JUMP_004098 call FUNC_000984 mov [DATA_008985],ax mov word [DATA_008984],0x4000 jmp JUMP_004098 JUMP_004086: ; Pos = 3f41e mov word [ebp-0xe],0x0 mov word [ebp-0x10],0x7998 mov eax,[ebp-0x10] push eax mov eax,[DATA_008984] push eax call FUNC_001482 add esp,byte +0x8 push eax call near [DATA_007722] ; FUNC_001496 pop ecx mov [ebp-0x10],eax call FUNC_000984 movsx edx,word [ebp-0xe] cmp eax,edx setng al and eax,byte +0x1 test eax,eax jz JUMP_004087 mov eax,[ebp-0x10] mov [DATA_008984],eax JUMP_004087: ; Pos = 3f464 call FUNC_000979 jmp JUMP_004098 JUMP_004088: ; Pos = 3f46e mov ax,[DATA_009209] cmp ax,0x92 jl near JUMP_004098 cmp ax,0xbc jg near JUMP_004098 cmp word [DATA_009208],0x10c jl near JUMP_004098 cmp word [DATA_009208],0x14c jg near JUMP_004098 movsx eax,word [DATA_009208] mov ebx,eax add ebx,0xfffffed4 test ebx,ebx jnl JUMP_004089 push byte -0x1 push dword 0x12c push byte +0x0 dec eax push eax push dword 0x9e push dword 0x10c push dword 0x122 call FUNC_001622_BlitClipIndexToBuf add esp,byte +0x1c or esi,byte -0x1 neg ebx jmp short JUMP_004090 JUMP_004089: ; Pos = 3f4e2 push byte -0x1 movsx eax,word [DATA_009208] inc eax push eax push byte +0x0 push dword 0x12c push dword 0x9e push dword 0x10c push dword 0x122 call FUNC_001622_BlitClipIndexToBuf add esp,byte +0x1c mov esi,0x1 JUMP_004090: ; Pos = 3f510 test byte [DATA_008982],0x10 jz JUMP_004091 mov eax,ebx imul ebx mov [ebp-0x18],eax jmp short JUMP_004092 JUMP_004091: ; Pos = 3f522 mov eax,ebx imul ebx imul ebx mov [ebp-0x18],eax JUMP_004092: ; Pos = 3f52b xor eax,eax mov [ebp-0x14],eax push byte +0x12 lea eax,[ebp-0x18] push eax call FUNC_001340_Int64LogicShift add esp,byte +0x8 push dword [ebp-0x14] push dword [ebp-0x18] push esi call FUNC_000980 add esp,byte +0xc jmp JUMP_004098 JUMP_004093: ; Pos = 3f552 mov eax,[DATA_009122] mov [ebp-0xc],eax xor eax,eax mov [ebp-0x8],eax push byte +0xd lea eax,[ebp-0xc] push eax call FUNC_001340_Int64LogicShift add esp,byte +0x8 push dword [ebp-0x8] push dword [ebp-0xc] push byte -0x1 call FUNC_000980 add esp,byte +0xc jmp JUMP_004098 JUMP_004094: ; Pos = 3f582 mov eax,[DATA_009122] mov [ebp-0xc],eax xor eax,eax mov [ebp-0x8],eax push byte +0xd lea eax,[ebp-0xc] push eax call FUNC_001340_Int64LogicShift add esp,byte +0x8 push dword [ebp-0x8] push dword [ebp-0xc] push byte +0x1 call FUNC_000980 add esp,byte +0xc jmp short JUMP_004098 JUMP_004095: ; Pos = 3f5af mov word [ebp-0x1a],0x1 mov word [ebp-0x1c],0x435d mov eax,[ebp-0x1c] push eax mov eax,[DATA_008984] push eax call FUNC_001482 add esp,byte +0x8 push eax call near [DATA_007722] ; FUNC_001496 pop ecx mov [ebp-0x1c],eax cmp word [ebp-0x1a],byte +0x3f setg al and eax,byte +0x1 test eax,eax jz JUMP_004096 mov word [ebp-0x1a],0x3f mov word [ebp-0x1c],0x7fff JUMP_004096: ; Pos = 3f5f3 mov eax,[ebp-0x1c] mov [DATA_008984],eax jmp short JUMP_004098 JUMP_004097: ; Pos = 3f5fd mov eax,esi push eax call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx JUMP_004098: ; Pos = 3f607 call near [DATA_007682] ; FUNC_001445_GuiGetXYAccum mov [DATA_008980],eax movsx eax,word [DATA_008981] shl eax,0x6 mov [DATA_008802],eax movsx edx,word [DATA_008980] shl edx,0x6 mov [DATA_008803],edx neg edx push edx push eax push dword DATA_008968 call FUNC_001676_MatBuildYZ add esp,byte +0xc movsx eax,word [DATA_008984] neg eax mov edx,[DATA_008969] sar edx,0x10 imul edx or ebx,byte -0x1 test eax,eax jl JUMP_004099 inc ebx JUMP_004099: ; Pos = 3f65e movsx edx,word [DATA_008984] neg edx mov ecx,[DATA_008970] sar ecx,0x10 imul edx,ecx or ecx,byte -0x1 test edx,edx jl JUMP_004100 inc ecx JUMP_004100: ; Pos = 3f67b mov [ebp-0x4],ecx movsx ecx,word [DATA_008984] neg ecx mov esi,[DATA_008971] sar esi,0x10 imul ecx,esi or esi,byte -0x1 test ecx,ecx jl JUMP_004101 inc esi JUMP_004101: ; Pos = 3f69b cmp word [DATA_008985],byte +0x1f jnl JUMP_004103 movsx edi,word [DATA_008985] add edi,byte -0x1f test edi,edi jnl JUMP_004108 JUMP_004102: ; Pos = 3f6b3 sar eax,1 sar edx,1 sar ecx,1 inc edi test edi,edi jl JUMP_004102 jmp short JUMP_004108 JUMP_004103: ; Pos = 3f6c0 cmp word [DATA_008985],byte +0x1f jng JUMP_004108 movsx edi,word [DATA_008985] add edi,byte -0x1f mov [ebp-0x20],edi cmp dword [ebp-0x20],byte +0x0 jng JUMP_004108 JUMP_004104: ; Pos = 3f6dd add ebx,ebx test eax,0x80000000 jz JUMP_004105 or ebx,byte +0x1 JUMP_004105: ; Pos = 3f6e9 add eax,eax shl dword [ebp-0x4],1 test edx,0x80000000 jz JUMP_004106 or dword [ebp-0x4],byte +0x1 JUMP_004106: ; Pos = 3f6fa add edx,edx add esi,esi test ecx,0x80000000 jz JUMP_004107 or esi,byte +0x1 JUMP_004107: ; Pos = 3f709 add ecx,ecx dec dword [ebp-0x20] cmp dword [ebp-0x20],byte +0x0 jg JUMP_004104 JUMP_004108: ; Pos = 3f714 mov [DATA_008973],eax mov [DATA_008974],ebx mov [DATA_008975],edx mov eax,[ebp-0x4] mov [DATA_008976],eax mov [DATA_008977],ecx mov [DATA_008978],esi mov byte [DATA_008972],0x0 push dword DATA_008968 push dword DATA_008801 call near [DATA_007761] ; FUNC_001537 add esp,byte +0x8 test byte [DATA_008982],0x4 jnz JUMP_004109 push dword DATA_008801 call FUNC_000981 pop ecx JUMP_004109: ; Pos = 3f767 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000983: ; Pos = 3f770 push ebp mov ebp,esp push ebx push esi push edi mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov esi,DATA_008804 cmp byte [esi+0xee],0x0 jnz near JUMP_004115 sub eax,byte +0x3 add edx,byte +0x4 movsx ecx,word [esi+0x6c] mov edi,eax sub edi,ecx jns JUMP_004110 movsx ecx,word [esi+0x6c] mov edi,eax sub edi,ecx neg edi jmp short JUMP_004111 JUMP_004110: ; Pos = 3f7ad movsx ecx,word [esi+0x6c] mov edi,eax sub edi,ecx JUMP_004111: ; Pos = 3f7b5 mov eax,edi movsx ecx,word [esi+0x6e] mov edi,edx sub edi,ecx jns JUMP_004112 movsx ecx,word [esi+0x6e] mov edi,edx sub edi,ecx neg edi jmp short JUMP_004113 JUMP_004112: ; Pos = 3f7cd movsx ecx,word [esi+0x6e] mov edi,edx sub edi,ecx JUMP_004113: ; Pos = 3f7d5 mov edx,edi add edx,eax cmp edx,byte +0x8 jg near JUMP_004115 test byte [esi+0x3fa],0x1 jz JUMP_004114 mov byte [esi+0xee],0xff mov al,[ebx+0x86] mov [esi+0xec],al push byte +0x15 call FUNC_001906_SoundPlaySample pop ecx cmp byte [esi+0xe8],0x2 jnz JUMP_004115 mov eax,[esi+0xc8] mov byte [eax+0xff],0x8 mov dl,[ebx+0x86] mov [eax+0x100],dl movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc jmp short JUMP_004115 JUMP_004114: ; Pos = 3f83e test byte [ebx+0x14c],0x20 jnz JUMP_004115 cmp byte [ebx+0x87],0x1 jnz JUMP_004115 mov byte [esi+0xee],0xff mov al,[ebx+0x86] mov [esi+0x2fa],al JUMP_004115: ; Pos = 3f863 pop edi pop esi pop ebx pop ebp ret FUNC_000984: ; Pos = 3f868 push ebp mov ebp,esp push dword DATA_008801 xor eax,eax mov al,[DATA_008979] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov edx,[eax+0x14] add edx,[eax+0x18] add edx,byte +0xa mov eax,edx pop ebp ret FUNC_000985: ; Pos = 3f89c push ebp mov ebp,esp push ebx push esi push edi mov eax,[ebp+0x8] mov ebx,[eax+0x8] mov edx,[ebx+0xa8] mov ecx,[ebx+0xac] mov esi,[eax] mov [ebx+0xa8],esi mov esi,[eax+0x4] mov [ebx+0xac],esi cmp byte [ebx+0xff],0x24 jz JUMP_004117 mov esi,[eax] sub esi,edx mov edi,[eax+0x4] sub edi,ecx cmp esi,[eax] jna JUMP_004116 dec edi JUMP_004116: ; Pos = 3f8dc mov byte [ebx+0x8a],0x0 push esi push dword DATA_008801 push ebx call near [DATA_006153] ; FUNC_000603 add esp,byte +0xc push dword DATA_008801 push ebx call near [DATA_006154] ; FUNC_000606 add esp,byte +0x8 push edi push esi push ebx call near [DATA_007744] ; FUNC_001512 add esp,byte +0xc JUMP_004117: ; Pos = 3f90e pop edi pop esi pop ebx pop ebp ret FUNC_000986: ; Pos = 3f914 push ebp mov ebp,esp add esp,0xfffffea8 push ebx push esi push edi mov ebx,[ebp+0x8] cmp byte [ebx+0x87],0x1 jnz near JUMP_004120 mov al,[ebx+0x56] test al,al jz near JUMP_004118 test byte [ebx+0x14c],0x20 jnz near JUMP_004118 movsx esi,word [ebx+0xc6] mov edx,[ebx+0xbe] sar edx,0x10 mov [ebp-0x4],edx mov edx,[ebp+0xc] push edx and eax,0xff push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov edx,[ebx+0xb0] mov [ebp+0xffffff58],edx add word [ebp+0xffffff5a],byte -0x19 mov dx,[ebp+0xffffff5a] movsx edx,dx mov [ebp+0xffffff26],edx mov dl,[eax+0x56] mov [ebp+0xfffffefe],dl mov dword [ebp+0xffffff2a],0x96 push esi lea esi,[eax+0x3e] lea edi,[ebp+0xfffffee6] mov ecx,0x6 rep movsd pop esi mov byte [ebp+0xfffffeff],0x0 mov byte [ebp+0xffffff2e],0x0 mov byte [ebp+0xfffffecd],0x0 mov eax,[ebp-0x4] push eax push esi lea eax,[ebp+0xfffffea8] push eax call FUNC_001676_MatBuildYZ add esp,byte +0xc push dword DATA_008968 lea eax,[ebp+0xfffffea8] push eax call near [DATA_007805] ; FUNC_001680 add esp,byte +0x8 jmp short JUMP_004120 JUMP_004118: ; Pos = 3f9f7 mov eax,[ebx+0x82] mov esi,eax movzx edi,word [ebx+0x9e] cmp eax,0x9a jnz JUMP_004119 mov edx,0x1 mov dword [ebx+0x82],0x98 JUMP_004119: ; Pos = 3fa1c mov [ebx+0x9e],dx push dword DATA_008968 push ebx call near [DATA_007805] ; FUNC_001680 add esp,byte +0x8 mov [ebx+0x9e],di mov [ebx+0x82],esi JUMP_004120: ; Pos = 3fa3f pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000987_nothing: ; Pos = 3fa48 ret FUNC_000988: ; Pos = 3fa4c push ebp mov ebp,esp mov edx,[ebp+0x8] mov [DATA_007758],edx xor eax,eax JUMP_004121: ; Pos = 3fa5a mov ecx,eax inc eax mov byte [edx+ecx],0x0 cmp eax,byte +0x73 jl JUMP_004121 pop ebp ret FUNC_000989: ; Pos = 3fa68 push ebp mov ebp,esp push ebx push esi push edi mov eax,[ebp+0x8] mov [DATA_007758],eax mov esi,0x72 lea ebx,[eax+0x72] JUMP_004122: ; Pos = 3fa7e mov al,[ebx] test al,0x8 jz JUMP_004123 test al,0x20 jnz JUMP_004123 push esi call near [DATA_007753] ; FUNC_001531 pop ecx mov dx,[eax+0x98] movsx edi,dx add edi,byte +0x3 cmp edi,0x13c jnl JUMP_004123 test dx,dx jng JUMP_004123 movsx edx,word [eax+0x9a] add edx,byte -0x4 cmp edx,0x95 jnl JUMP_004123 cmp word [eax+0x9a],byte +0x0 jng JUMP_004123 movsx edx,word [eax+0x9a] add edx,byte -0x4 push edx push edi push eax call near [ebp+0xc] add esp,byte +0xc JUMP_004123: ; Pos = 3fad9 dec esi dec ebx test esi,esi jg JUMP_004122 pop edi pop esi pop ebx pop ebp ret FUNC_000990: ; Pos = 3fae4 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0xc] mov eax,[ebp+0x8] mov [DATA_007758],eax mov esi,0x72 lea ebx,[eax+0x72] JUMP_004124: ; Pos = 3fafd mov al,[ebx] test al,0x8 jz JUMP_004125 test al,0x20 jnz JUMP_004125 push esi call near [DATA_007753] ; FUNC_001531 pop ecx movsx edx,word [eax+0x9a] add edx,byte -0x4 push edx movsx edx,word [eax+0x98] add edx,byte +0x3 push edx push eax call edi add esp,byte +0xc JUMP_004125: ; Pos = 3fb2b dec esi dec ebx test esi,esi jg JUMP_004124 pop edi pop esi pop ebx pop ebp ret FUNC_000991: ; Pos = 3fb38 push ebp mov ebp,esp push ebx mov ebx,DATA_008804 push byte +0x10 call FUNC_000263_ConsoleShowButton pop ecx mov eax,[ebx+0xc8] test byte [eax+0xc8],0x20 jz JUMP_004126 push byte +0x11 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004127 JUMP_004126: ; Pos = 3fb62 push byte +0x11 call FUNC_000264_ConsoleHideButton pop ecx JUMP_004127: ; Pos = 3fb6a mov eax,[ebx+0xc8] mov eax,[eax+0xc8] test eax,0x8000000 jnz JUMP_004128 test al,0x8 jz JUMP_004129 JUMP_004128: ; Pos = 3fb81 push byte +0x12 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004130 JUMP_004129: ; Pos = 3fb8b push byte +0x12 call FUNC_000264_ConsoleHideButton pop ecx JUMP_004130: ; Pos = 3fb93 mov eax,[ebx+0xc8] test byte [eax+0xc8],0x40 jz JUMP_004131 push byte +0x13 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004132 JUMP_004131: ; Pos = 3fbac push byte +0x13 call FUNC_000264_ConsoleHideButton pop ecx JUMP_004132: ; Pos = 3fbb4 cmp byte [ebx+0xef],0x0 jz JUMP_004133 mov eax,[ebx+0xc8] test byte [eax+0xc9],0x2 jz JUMP_004133 push byte +0x14 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004134 JUMP_004133: ; Pos = 3fbd6 push byte +0x14 call FUNC_000264_ConsoleHideButton pop ecx JUMP_004134: ; Pos = 3fbde push byte +0x15 call FUNC_000263_ConsoleShowButton pop ecx mov eax,[ebx+0xc8] cmp byte [eax+0xd1],0x2 jng JUMP_004135 push byte +0x16 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004136 JUMP_004135: ; Pos = 3fbff push byte +0x16 call FUNC_000264_ConsoleHideButton pop ecx JUMP_004136: ; Pos = 3fc07 push byte +0x17 call FUNC_000263_ConsoleShowButton pop ecx push byte +0x18 call FUNC_000263_ConsoleShowButton pop ecx push byte +0x19 call FUNC_000263_ConsoleShowButton pop ecx pop ebx pop ebp ret FUNC_000992: ; Pos = 3fc24 push ebp mov ebp,esp mov eax,[ebp+0x8] movzx eax,word [eax+0x116] mov [DATA_008889],eax xor eax,eax mov [DATA_008891],eax xor eax,eax mov [DATA_008892],eax xor eax,eax mov [DATA_008890],eax xor edx,edx mov eax,DATA_008896 JUMP_004137: ; Pos = 3fc52 mov word [eax],0x0 inc edx add eax,byte +0x2 cmp edx,byte +0x26 jl JUMP_004137 pop ebp ret FUNC_000993: ; Pos = 3fc64 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_000992 pop ecx pop ebp ret FUNC_000994: ; Pos = 3fc74 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi push edi mov edi,[ebp+0xc] mov ebx,[ebp+0x8] mov esi,DATA_008804 mov eax,edi mov [esi+0xc5],al mov eax,[DATA_009133] push eax push edi call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [esi+0xcc],eax mov eax,[esi+0xcc] mov al,[eax+0x86] mov [esi+0x20e],al mov byte [esi+0x212],0x1 mov byte [esi+0xe8],0x30 mov eax,[esi+0xcc] push esi mov esi,eax mov edi,ebx mov ecx,0x9 rep movsd pop esi mov eax,[esi+0xcc] push esi lea esi,[eax+0x3e] lea edi,[ebx+0x3e] mov ecx,0x6 rep movsd pop esi mov byte [ebx+0x57],0x1 mov eax,[esi+0xcc] mov byte [eax+0xd1],0xff lea edx,[esi+0xf4] push edx lea edx,[ebp-0x4] push edx lea edx,[ebp-0x1c] push edx xor edx,edx mov dl,[ebx+0x86] push edx push eax call FUNC_000650 add esp,byte +0x14 mov eax,[esi+0xcc] mov byte [eax+0xd1],0x0 mov byte [esi+0xf8],0x0 lea eax,[ebp-0x1c] push eax lea esi,[ebx+0x3e] push esi call FUNC_001661_Vec64Add add esp,byte +0x8 mov eax,[ebx+0x140] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 push eax push dword [ebx+0x42] push dword [ebx+0x3e] push esi call FUNC_001334_Int64Add32 add esp,byte +0x10 mov eax,[ebx+0x140] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 push eax push dword [ebx+0x4a] push dword [ebx+0x46] lea eax,[ebx+0x46] push eax call FUNC_001334_Int64Add32 add esp,byte +0x10 mov eax,[ebx+0x140] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 push eax push dword [ebx+0x52] push dword [ebx+0x4e] add ebx,byte +0x4e push ebx call FUNC_001334_Int64Add32 add esp,byte +0x10 push byte +0xd push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000995: ; Pos = 3fdd8 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov ebx,DATA_008804 mov eax,[ebx+0xcc] push dword [eax+0x42] push dword [eax+0x3e] mov eax,[ebx+0xc8] push dword [eax+0x42] push dword [eax+0x3e] lea eax,[ebp-0x18] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 mov eax,[ebx+0xcc] push dword [eax+0x4a] push dword [eax+0x46] mov eax,[ebx+0xc8] push dword [eax+0x4a] push dword [eax+0x46] lea eax,[ebp-0x10] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 mov eax,[ebx+0xcc] push dword [eax+0x52] push dword [eax+0x4e] mov eax,[ebx+0xc8] push dword [eax+0x52] push dword [eax+0x4e] lea eax,[ebp-0x8] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 mov eax,[ebp-0x18] push eax mov eax,[ebx+0xcc] mov eax,[eax+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebp-0x10] push eax mov eax,[ebx+0xcc] mov eax,[eax+0x10] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp-0x8] push eax mov eax,[ebx+0xcc] mov eax,[eax+0x14] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebx+0xc8] sub esi,[eax+0x140] push esi mov eax,[ebx+0xcc] mov eax,[eax+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov [ebp-0x18],edi sar edi,0x1f mov [ebp-0x14],edi push esi mov eax,[ebx+0xcc] mov eax,[eax+0x10] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov [ebp-0x10],edi sar edi,0x1f mov [ebp-0xc],edi push esi mov eax,[ebx+0xcc] mov eax,[eax+0x14] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov [ebp-0x8],edi sar edi,0x1f mov [ebp-0x4],edi push dword [ebp-0x14] push dword [ebp-0x18] mov eax,[ebx+0xc8] push dword [eax+0x42] push dword [eax+0x3e] add eax,byte +0x3e push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 push dword [ebp-0xc] push dword [ebp-0x10] mov eax,[ebx+0xc8] push dword [eax+0x4a] push dword [eax+0x46] add eax,byte +0x46 push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 push dword [ebp-0x4] push dword [ebp-0x8] mov eax,[ebx+0xc8] push dword [eax+0x52] push dword [eax+0x4e] add eax,byte +0x4e push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000996: ; Pos = 3ff64 push ebp mov ebp,esp add esp,0xfffffd74 push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,DATA_007265 lea edi,[ebp-0x24] mov ecx,0x9 rep movsd push dword 0x152 push byte +0x0 lea eax,[ebp+0xfffffd74] push eax call _memset add esp,byte +0xc lea esi,[ebp-0x24] lea edi,[ebp+0xfffffd74] mov ecx,0x9 rep movsd mov [ebp+0xfffffdf6],ebx mov word [ebp+0xfffffe12],0xffff mov word [ebp+0xfffffe0c],0x8000 mov word [ebp+0xfffffe0e],0x8000 mov dword [ebp+0xfffffe14],0x789a3456 mov esi,DATA_007337 lea edi,[ebp+0xfffffe98] mov eax,edi movsd movsd movsb push dword DATA_008857 push ebx push byte +0x4f lea eax,[ebp+0xfffffd74] push eax mov eax,[DATA_009133] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov ebx,eax test ebx,ebx jz near JUMP_004139 mov byte [ebx+0x118],0xff mov [DATA_008861],ebx mov byte [ebx+0x25],0x0 movsx eax,word [ebx+0xbc] mov [DATA_008935],eax movsx eax,word [ebx+0xbe] mov [DATA_008936],eax movsx eax,word [ebx+0xc0] mov [DATA_008937],eax movsx eax,word [ebx+0xc2] mov [DATA_008938],eax movsx eax,word [ebx+0xc4] mov [DATA_008939],eax movsx eax,word [ebx+0xc6] mov [DATA_008940],eax mov byte [ebx+0x88],0x0 mov eax,[DATA_008861] push eax call FUNC_000992 pop ecx mov word [ebx+0x116],0x0 mov byte [DATA_008874],0x0 mov byte [DATA_008875],0x0 mov byte [DATA_008887],0x0 mov byte [ebx+0x87],0x3 xor eax,eax mov [DATA_008918],eax xor eax,eax mov [DATA_008921],eax xor eax,eax mov [DATA_008866],eax xor eax,eax mov [DATA_008922],eax xor edx,edx mov eax,DATA_008908 JUMP_004138: ; Pos = 400bf xor ecx,ecx mov [eax],ecx inc edx add eax,byte +0x4 cmp edx,byte +0x6 jl JUMP_004138 mov byte [DATA_008873],0x0 xor eax,eax mov [DATA_008878],eax xor eax,eax mov [DATA_008872],al push byte +0x1 movsx eax,al mov edx,0x18 sub edx,eax push edx call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov eax,[DATA_008807] mov [DATA_008925],eax mov eax,[DATA_008807] mov [DATA_008926],eax mov dword [DATA_008923],0x1f4 mov dword [DATA_008924],0x1f4 imul eax,[ebp+0xc],0x4a0d mov [ebx+0xa0],eax lea edx,[ebp+0xfffffedc] push edx push eax lea eax,[ebp+0xfffffec8] push eax push byte +0x12 call FUNC_000791 add esp,byte +0x10 lea eax,[ebx+0x124] mov esi,eax lea edi,[ebp+0xfffffedc] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb JUMP_004139: ; Pos = 4016f mov eax,ebx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000997: ; Pos = 40178 push ebp mov ebp,esp mov eax,[ebp+0x8] neg dword [eax+0x18] neg dword [eax+0x1c] neg dword [eax+0x20] neg dword [eax] neg dword [eax+0x4] neg dword [eax+0x8] pop ebp ret FUNC_000998: ; Pos = 40194 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi xor eax,eax mov [DATA_008916],eax xor eax,eax mov [DATA_008915],eax xor eax,eax mov [DATA_008914],eax xor eax,eax mov [DATA_008912],eax xor eax,eax mov [DATA_008913],eax xor eax,eax mov [DATA_008911],eax xor eax,eax mov [DATA_009091],eax xor edx,edx mov eax,DATA_009095 JUMP_004140: ; Pos = 401d4 xor ecx,ecx mov [eax],ecx inc edx add eax,byte +0x4 cmp edx,byte +0x6 jl JUMP_004140 mov eax,[DATA_008881] dec eax jz near JUMP_004143 dec eax jz JUMP_004141 dec eax jz near JUMP_004142 jmp JUMP_004144 JUMP_004141: ; Pos = 401fc mov dword [DATA_008888],0x3e8 push dword 0x4a0d push byte +0x17 call FUNC_000996 add esp,byte +0x8 mov ebx,eax mov byte [ebx+0xd0],0x1 mov byte [ebx+0xd2],0xa0 mov byte [ebx+0xd6],0x82 mov byte [ebx+0xd7],0x82 mov word [ebx+0xe2],0x0 mov dword [ebx+0xc8],0x40000000 sub dword [DATA_008889],byte +0xc xor eax,eax mov [DATA_008907],eax xor eax,eax mov [DATA_008891],eax mov dword [ebx+0x11e],0x40000000 mov byte [ebx+0x56],0x60 push byte +0x5f push ebx call FUNC_000994 add esp,byte +0x8 jmp JUMP_004145 JUMP_004142: ; Pos = 40279 mov dword [DATA_008888],0x3e8 push dword 0x941a push byte +0x26 call FUNC_000996 add esp,byte +0x8 mov ebx,eax mov byte [ebx+0xd0],0x3 mov byte [ebx+0xd2],0x88 mov byte [ebx+0xd6],0x82 mov byte [ebx+0xd7],0x82 mov byte [ebx+0xd8],0x82 mov byte [ebx+0xd9],0x82 mov word [ebx+0xe2],0x0 mov dword [ebx+0xc8],0x40000 sub dword [DATA_008889],byte +0x1f mov dword [DATA_008907],0x320 mov dword [ebx+0x11e],0x40000000 mov word [DATA_008901],0x4 mov dword [DATA_008891],0x4 mov dword [DATA_009097],0xaae60 mov dword [DATA_009096],0xaae60 mov dword [DATA_008909],0x1f4 mov dword [DATA_008910],0x1f4 mov byte [ebx+0x56],0x70 mov byte [DATA_008859],0x70 mov eax,[DATA_009133] push eax push byte +0x70 call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax mov [DATA_008862],esi mov al,[DATA_008857] mov [esi+0xd0],al mov byte [ebx+0x57],0x1 xor eax,eax mov [DATA_008879],eax mov byte [DATA_008870],0x2a xor eax,eax mov al,[ebx+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x4b mov dword [DATA_008867],0xffffffff jmp JUMP_004145 JUMP_004143: ; Pos = 40389 mov dword [DATA_008888],0x3e8 push dword 0xde27 push byte +0x17 call FUNC_000996 add esp,byte +0x8 mov ebx,eax mov byte [ebx+0xd0],0x2 mov byte [ebx+0xd2],0x88 mov dword [ebx+0xc8],0x40240000 mov byte [ebx+0xd6],0x82 mov byte [ebx+0xd7],0x82 sub dword [DATA_008889],byte +0x10 mov word [DATA_008901],0x1 mov dword [DATA_008891],0x1 mov dword [ebx+0x11e],0x20000000 mov dword [DATA_008907],0x3e8 mov byte [ebx+0x56],0x6f push byte +0x6e push ebx call FUNC_000994 add esp,byte +0x8 jmp JUMP_004145 JUMP_004144: ; Pos = 4040c push dword 0xde27 push byte +0x1f call FUNC_000996 add esp,byte +0x8 mov ebx,eax mov dword [DATA_008888],0x2710 mov byte [ebx+0xd2],0x88 mov word [DATA_008901],0x1 mov dword [DATA_008891],0x1 sub dword [DATA_008889],byte +0x10 mov dword [DATA_008907],0x42f mov byte [ebx+0xd0],0x2 mov dword [ebx+0xc8],0x40240020 mov byte [ebx+0xd6],0x82 mov byte [ebx+0xd7],0x82 mov dword [ebx+0x11e],0x20000000 mov byte [ebx+0x56],0x6c push byte +0x6a push ebx call FUNC_000994 add esp,byte +0x8 push ebx call FUNC_000997 pop ecx mov ax,[DATA_007266] mov [ebp-0x23],ax mov al,[DATA_007267] mov [ebp-0x21],al mov ax,[ebp-0x23] mov [DATA_008815],ax mov al,[ebp-0x21] mov [DATA_008817],al mov ax,[ebp-0x23] mov [DATA_009136],ax mov al,[ebp-0x21] mov [DATA_009137],al mov dword [DATA_008814],0xffffffff lea eax,[ebp-0x23] push eax call FUNC_001575 pop ecx JUMP_004145: ; Pos = 404e1 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_000999: ; Pos = 404e8 push ebp mov ebp,esp push ebx push esi mov ebx,DATA_008804 mov eax,[ebx+0xc8] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov esi,eax mov dword [ebx+0x1f4],0x1f4 mov dword [ebx+0x1f8],0x1f4 mov eax,[ebx+0x4] mov [ebx+0x1fc],eax mov eax,[ebx+0x4] mov [ebx+0x200],eax mov eax,[esi+0x38] movsx eax,word [eax+0x10] dec eax mov [ebx+0x502c],eax mov eax,[ebx+0xc8] push eax call FUNC_000993 pop ecx call FUNC_000250 mov eax,[ebx+0xc8] movsx eax,word [eax+0xbc] mov [ebx+0x214],eax mov eax,[ebx+0xc8] movsx eax,word [eax+0xbe] mov [ebx+0x218],eax mov eax,[ebx+0xc8] movsx eax,word [eax+0xc0] mov [ebx+0x21c],eax mov eax,[ebx+0xc8] movsx eax,word [eax+0xc2] mov [ebx+0x220],eax mov eax,[ebx+0xc8] movsx eax,word [eax+0xc4] mov [ebx+0x224],eax mov eax,[ebx+0xc8] movsx eax,word [eax+0xc6] mov [ebx+0x228],eax mov eax,[esi+0x38] mov ax,[eax+0x14] test ax,ax jng JUMP_004146 and eax,0xff mov eax,[eax*4+DATA_005302] sub [ebx+0x118],eax JUMP_004146: ; Pos = 405de pop esi pop ebx pop ebp ret FUNC_001000: ; Pos = 405e4 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,eax and edx,0xff dec edx jz JUMP_004147 dec edx jz near JUMP_004148 pop ebp ret JUMP_004147: ; Pos = 405fe and eax,0xff00 sar eax,0x8 mov [DATA_008881],eax call FUNC_000898 xor eax,eax mov [DATA_009138],eax mov byte [DATA_007250],0x0 mov byte [DATA_007251],0x0 xor eax,eax mov [DATA_007246],eax xor eax,eax mov [DATA_007247],eax mov byte [DATA_008877],0x0 push byte +0x0 push byte +0x48 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov byte [DATA_008871],0x0 push byte +0x0 push byte +0x10 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov word [DATA_008860],0x0 mov word [DATA_008863],0x0 mov word [DATA_008864],0x200 xor eax,eax mov [DATA_008893],eax mov dword [DATA_008894],0x200 mov dword [DATA_008895],0xff400000 call FUNC_000998 push dword 0x8600 call FUNC_000266 pop ecx call FUNC_001003 pop ebp ret JUMP_004148: ; Pos = 406a6 push byte +0x0 push byte +0x0 push dword FUNC_000999 mov eax,[DATA_008857] push eax push byte +0x0 push byte +0xb call FUNC_000044 add esp,byte +0x18 pop ebp ret FUNC_001001: ; Pos = 406c4 push ebp mov ebp,esp mov eax,0x1 movsx edx,byte [DATA_008872] inc edx sub edx,byte +0x2 jz JUMP_004149 dec edx jnz JUMP_004151 inc eax jmp short JUMP_004151 JUMP_004149: ; Pos = 406df mov edx,[DATA_008861] cmp byte [edx+0xd1],0x2 jg JUMP_004150 add eax,byte +0x2 jmp short JUMP_004151 JUMP_004150: ; Pos = 406f3 cmp word [DATA_008928],byte +0x0 jl JUMP_004151 inc eax JUMP_004151: ; Pos = 406fe add [DATA_008872],al mov al,[DATA_008872] cmp al,0x4 jng JUMP_004152 mov byte [DATA_008872],0x0 JUMP_004152: ; Pos = 40714 call FUNC_001116 pop ebp ret FUNC_001002: ; Pos = 4071c push ebp mov ebp,esp cmp byte [DATA_008630],0x0 jnl JUMP_004153 call FUNC_001001 jmp short JUMP_004154 JUMP_004153: ; Pos = 4072f call FUNC_001003 JUMP_004154: ; Pos = 40734 cmp byte [DATA_008872],0x4 jnz JUMP_004155 push byte +0x1 push byte +0x15 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_004158 JUMP_004155: ; Pos = 4074b mov al,[DATA_008872] cmp al,0x3 jz JUMP_004156 cmp al,0x2 jnz JUMP_004157 JUMP_004156: ; Pos = 40758 push byte +0x1 push byte +0x16 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_004158 JUMP_004157: ; Pos = 40766 push byte +0x1 movsx eax,byte [DATA_008872] mov edx,0x18 sub edx,eax push edx call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 JUMP_004158: ; Pos = 4077f mov ax,[DATA_009136] mov [DATA_008815],ax mov al,[DATA_009137] mov [DATA_008817],al push dword DATA_009136 call FUNC_001575 pop ecx pop ebp ret FUNC_001003: ; Pos = 407a8 push ebp mov ebp,esp push byte +0x3 call near [DATA_007200] ; FUNC_000923 pop ecx call near [DATA_007676] ; FUNC_001439_GuiSetConsoleHotAreas call FUNC_001118 mov byte [DATA_008630],0xff mov byte [DATA_008631],0xff movsx eax,word [DATA_008864] push eax movsx eax,word [DATA_008863] push eax call near [DATA_007681] ; FUNC_001444_GuiSetXYAccum add esp,byte +0x8 call FUNC_001116 call FUNC_000991 push byte +0x1 push byte +0xe call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov ax,[DATA_009136] mov [DATA_008815],ax mov al,[DATA_009137] mov [DATA_008817],al push dword DATA_009136 call FUNC_001575 pop ecx test byte [DATA_008871],0x8 jz JUMP_004159 push dword DATA_007258 call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx JUMP_004159: ; Pos = 40836 pop ebp ret FUNC_001004: ; Pos = 40838 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] jmp short JUMP_004161 JUMP_004160: ; Pos = 40841 mov eax,[ebx+0x10] push eax call near [DATA_007680] ; FUNC_001443_GuiRemoveHotArea pop ecx add ebx,byte +0x14 JUMP_004161: ; Pos = 4084f cmp dword [ebx],byte -0x1 jnz JUMP_004160 pop ebx pop ebp ret FUNC_001005: ; Pos = 40858 push ebp mov ebp,esp push dword DATA_007258 call FUNC_001004 pop ecx push dword DATA_007259 call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx pop ebp ret FUNC_001006: ; Pos = 40874 push ebp mov ebp,esp push ebx mov ebx,0xf JUMP_004162: ; Pos = 4087d push ebx call FUNC_000264_ConsoleHideButton pop ecx inc ebx cmp ebx,byte +0x19 jng JUMP_004162 mov ebx,0xd1 JUMP_004163: ; Pos = 4088f push ebx call near [DATA_007680] ; FUNC_001443_GuiRemoveHotArea pop ecx mov byte [DATA_007251],0x0 inc ebx cmp ebx,0xe3 jl JUMP_004163 mov byte [DATA_008630],0x7f mov byte [DATA_008631],0x0 or byte [DATA_008809],0x1 pop ebx pop ebp ret FUNC_001007: ; Pos = 408c0 push ebp mov ebp,esp push ebx push esi push edi mov ebx,DATA_008804 mov edi,[ebp+0x8] mov esi,[edi+0x4] mov eax,esi and eax,0xffff cmp eax,[ebx+0x10e] jng JUMP_004164 xor eax,eax mov [ebx+0x10e],eax jmp short JUMP_004165 JUMP_004164: ; Pos = 408ea sub [ebx+0x10e],eax JUMP_004165: ; Pos = 408f0 cmp dword [ebx+0x1ec],byte +0x0 jz JUMP_004168 mov eax,[ebx+0xc8] test byte [eax+0xcb],0x40 jz JUMP_004166 mov eax,esi shl eax,0x9 sub [ebx+0x1ec],eax jmp short JUMP_004167 JUMP_004166: ; Pos = 40915 mov eax,esi shl eax,0x7 sub [ebx+0x1ec],eax JUMP_004167: ; Pos = 40920 cmp dword [ebx+0x1ec],byte +0x0 jnl JUMP_004168 xor eax,eax mov [ebx+0x1ec],eax JUMP_004168: ; Pos = 40931 push esi mov eax,[ebx+0xc8] push eax call FUNC_000934 add esp,byte +0x8 cmp byte [ebx+0xe8],0x2 jz JUMP_004169 push esi mov eax,[ebx+0xc8] push eax call FUNC_000938 add esp,byte +0x8 jmp JUMP_004175 JUMP_004169: ; Pos = 4095f mov eax,[DATA_009133] push eax mov eax,[ebx+0xc8] movzx eax,byte [eax+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax push edi push byte +0x6 push byte +0xb call FUNC_000144 add esp,byte +0xc mov eax,[ebx+0xc8] mov edx,[eax+0x138] lea edx,[edx+edx*2] cmp edx,[ebx+0xdc] jng JUMP_004170 push byte -0x1 mov edx,[ebx+0xcc] push edx push eax call near [DATA_006147] ; FUNC_000589 add esp,byte +0xc JUMP_004170: ; Pos = 409b5 mov eax,[ebx+0xc8] cmp byte [eax+0xff],0x20 jnz near JUMP_004174 mov eax,esi mov [ebx+0xcc],eax mov al,[eax+0x86] mov [ebx+0xc5],al mov byte [ebx+0xec],0x0 mov al,[esi+0x14c] test al,0x40 jnz JUMP_004172 and byte [ebx+0xe9],0xfb test al,0x20 jnz JUMP_004171 mov byte [ebx+0xe8],0xa call FUNC_001116 jmp short JUMP_004173 JUMP_004171: ; Pos = 40a06 mov byte [ebx+0xe8],0x8 xor eax,eax mov [ebx+0xdc],eax call FUNC_001116 jmp short JUMP_004173 JUMP_004172: ; Pos = 40a1c mov byte [ebx+0xe8],0x2e call FUNC_000995 call FUNC_001116 JUMP_004173: ; Pos = 40a2d push byte +0xd push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_004175 JUMP_004174: ; Pos = 40a4b test byte [esi+0x14c],0x10 jnz JUMP_004175 mov eax,[ebx+0xc8] mov dl,[eax+0xfe] cmp dl,[eax+0x56] jnz JUMP_004175 mov eax,[ebx+0xc8] cmp word [eax+0x10e],byte +0x17 jnl JUMP_004175 mov byte [ebx+0xe8],0x0 push byte -0x1 push dword 0x8637 call FUNC_001097 add esp,byte +0x8 xor eax,eax mov [ebx+0x1b8],eax call FUNC_001116 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_004175: ; Pos = 40aa6 pop edi pop esi pop ebx pop ebp ret FUNC_001008: ; Pos = 40aac push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 mov ax,[ebx+0xe8] test ax,ax jz JUMP_004178 mov edx,[DATA_009155] cmp edx,0xffff ja JUMP_004177 movzx eax,ax cmp edx,eax ja JUMP_004176 mov ax,[DATA_009155] sub [ebx+0xe8],ax jmp short JUMP_004178 JUMP_004176: ; Pos = 40ae9 mov word [ebx+0xe8],0x0 jmp short JUMP_004178 JUMP_004177: ; Pos = 40af4 mov word [ebx+0xe8],0x0 JUMP_004178: ; Pos = 40afd cmp byte [esi+0xe8],0x2 jnz JUMP_004181 and word [esi+0xc6],0xfffd cmp byte [ebx+0xff],0x1e jna JUMP_004180 test byte [esi+0xe9],0x2 jz JUMP_004179 call FUNC_001116 JUMP_004179: ; Pos = 40b26 and byte [esi+0xe9],0xfd jmp short JUMP_004181 JUMP_004180: ; Pos = 40b2f or byte [esi+0xe9],0x2 test byte [esi+0xe9],0x2 jz JUMP_004181 call FUNC_001116 JUMP_004181: ; Pos = 40b44 test byte [esi+0xe9],0x2 jz JUMP_004183 movzx edx,word [ebx+0x9e] mov eax,[DATA_009155] shr eax,1 cmp edx,eax jna JUMP_004182 sub [ebx+0x9e],ax jmp short JUMP_004187 JUMP_004182: ; Pos = 40b68 mov word [ebx+0x9e],0x0 jmp short JUMP_004187 JUMP_004183: ; Pos = 40b73 cmp byte [esi+0xe8],0x2 jz JUMP_004185 cmp dword [esi+0xd8],0x186a0 jl JUMP_004185 test byte [esi+0xc6],0x2 jnz JUMP_004184 push byte -0x1 push dword 0x98ce call FUNC_001097 add esp,byte +0x8 JUMP_004184: ; Pos = 40ba0 or word [esi+0xc6],byte +0x2 JUMP_004185: ; Pos = 40ba8 movzx eax,word [ebx+0x9e] mov edx,[DATA_009155] shr edx,1 add eax,edx cmp eax,0xffff jna JUMP_004186 mov word [ebx+0x9e],0xffff jmp short JUMP_004187 JUMP_004186: ; Pos = 40bcb mov eax,[DATA_009155] shr eax,1 add [ebx+0x9e],ax JUMP_004187: ; Pos = 40bd9 pop esi pop ebx pop ebp ret FUNC_001009: ; Pos = 40be0 push ebp mov ebp,esp push ebx push esi push edi mov eax,[ebp+0x8] mov ebx,[eax+0x8] mov edx,[eax] mov ecx,edx sub ecx,[ebx+0xa8] mov esi,[eax+0x4] sub esi,[ebx+0xac] cmp edx,[ebx+0xa8] mov edi,0x1 jc JUMP_004188 dec edi JUMP_004188: ; Pos = 40c0d sub esi,edi mov [ebx+0xa8],edx mov eax,[eax+0x4] mov [ebx+0xac],eax mov [DATA_008868],ecx mov [DATA_008869],esi mov byte [ebx+0x8a],0x0 mov byte [ebx+0x8b],0x0 push ebx call FUNC_001008 pop ecx push ebx movsx eax,byte [DATA_008870] sar eax,1 mov eax,[eax*8+DATA_007255] call eax pop ecx pop edi pop esi pop ebx pop ebp ret FUNC_001010: ; Pos = 40c58 push ebp mov ebp,esp mov al,[DATA_008872] cmp al,0x6 jz JUMP_004190 cmp al,0x5 jz JUMP_004190 cmp dword [DATA_007246],byte +0x0 jz JUMP_004189 call FUNC_001062 JUMP_004189: ; Pos = 40c76 cmp dword [DATA_007247],byte +0x0 jz JUMP_004190 call FUNC_001064 JUMP_004190: ; Pos = 40c84 movsx eax,byte [DATA_008870] sar eax,1 mov eax,[eax*8+DATA_007256] call eax pop ebp ret FUNC_001011: ; Pos = 40c98 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] xor eax,eax mov [DATA_008867],eax push ebx call FUNC_001039 pop ecx mov eax,[DATA_008862] test byte [eax+0x14c],0x40 jz JUMP_004191 push ebx call FUNC_001014 pop ecx JUMP_004191: ; Pos = 40cc2 cmp byte [ebx+0x14e],0x0 jz JUMP_004192 push byte +0x0 lea eax,[ebx+0x3e] push eax push ebx call FUNC_000939 add esp,byte +0xc JUMP_004192: ; Pos = 40cda pop ebx pop ebp ret FUNC_001012: ; Pos = 40ce0 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] xor eax,eax mov [DATA_008867],eax push ebx call FUNC_001039 pop ecx test byte [DATA_008934],0x1 jz JUMP_004193 push ebx call FUNC_001014 pop ecx jmp short JUMP_004194 JUMP_004193: ; Pos = 40d07 push ebx call FUNC_001015 pop ecx JUMP_004194: ; Pos = 40d0e cmp byte [ebx+0x14e],0x0 jz JUMP_004195 push byte +0x0 lea eax,[ebx+0x3e] push eax push ebx call FUNC_000939 add esp,byte +0xc JUMP_004195: ; Pos = 40d26 pop ebx pop ebp ret FUNC_001013: ; Pos = 40d2c push ebp mov ebp,esp add esp,byte -0x8 push ebx mov ebx,[ebp+0x8] push ebx call FUNC_001037 pop ecx cmp dword [DATA_008867],0x30d40 jg JUMP_004196 cmp dword [DATA_008918],byte +0x0 jz JUMP_004197 JUMP_004196: ; Pos = 40d52 mov byte [DATA_008870],0x26 call FUNC_001116 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_004197: ; Pos = 40d6c push ebx call FUNC_001041 pop ecx mov eax,[DATA_008868] push eax push ebx call near [DATA_006152] ; FUNC_000602 add esp,byte +0x8 push ebx call FUNC_001046 pop ecx lea eax,[ebp-0x2] push eax lea eax,[ebp-0x1] push eax lea eax,[ebp-0x8] push eax mov eax,[DATA_009133] push eax push ebx call FUNC_001033 add esp,byte +0x14 pop ebx pop ecx pop ecx pop ebp ret FUNC_001014: ; Pos = 40dac push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 cmp dword [esi+0xdc],0x1312d00 jg near JUMP_004206 ; FIX: Atmospheric heat dependency on frame rate, not time test byte [ebx+0xcb],0x40 jz JUMP_004198 mov eax, 0x16 jmp short JUMP_004199 JUMP_004198: ; Pos = 40dd9 mov eax, 0x13 JUMP_004199: ; Pos = 40dde ; Undercarriage mod: Not well known enough ; test byte [esi+0xe9], 0x2 ; setz dl ; and edx, byte +0x1 ; sub eax, edx mov ecx, eax mov eax, [esi+0xd8] mov edx, [DATA_009155] cmp edx, 0xffff jl .notimecap mov edx, 0xffff .notimecap: mul edx sar eax, cl cmp eax, 0x1000 jl .noheatcap mov eax, 0x1000 .noheatcap: mov edx, [esi+0x1ec] add edx, eax cmp edx, 0xffff jng JUMP_004200 push byte +0x0 push byte -0x1 push ebx call FUNC_000953 add esp, 12 jmp short JUMP_004201 JUMP_004200: ; Pos = 40e16 xor edx, [esi+0x1ec] add [esi+0x1ec], eax test edx, 0x8000 jz JUMP_004201 push byte -1 push dword 0x99e6 call FUNC_001097 add esp, 8 ; Pointless overheating-damage code ; mov edx,eax ; sar edx,0x8 ; test edx,edx ; jng JUMP_004201 ; push byte +0x0 ; push edx ; push ebx ; call FUNC_000953 ; add esp,byte +0xc JUMP_004201: ; Pos = 40e31 cmp byte [esi+0x3f62],0x0 jz JUMP_004202 cmp byte [esi+0x3f5c],0x0 jz JUMP_004202 mov eax,[DATA_009133] push eax xor eax,eax mov al,[ebx+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 cmp word [eax+0xe0],0x116 jnl JUMP_004202 or byte [esi+0x74],0x40 push byte +0xe call FUNC_001906_SoundPlaySample pop ecx JUMP_004202: ; Pos = 40e6f cmp dword [esi+0xd8],0xbb8 jnl JUMP_004203 push ebx call FUNC_001017 pop ecx jmp short JUMP_004206 JUMP_004203: ; Pos = 40e84 ; Atmospheric drag modification ; Can't be arsed to do it properly though ; mov eax, 0x1312d00 ; sub eax, [esi+0xdc] ; shr eax, 20 ; add eax, 10 ; result: 10 to 30 mov esi, [DATA_009155] cmp esi, 0xffff jl .nocap mov esi, 0xffff .nocap: shl esi, 0xb ; Undercarriage modifies drag ; mov cl, byte [DATA_008871] ; shl cl, 6 ; sar cl, 7 ; add cl, 0x6 ; shl esi, cl push esi mov eax,[ebx+0x8c] push eax call FUNC_001521 add esp,byte +0x8 sub [ebx+0x8c],eax push esi mov eax,[ebx+0x90] push eax call FUNC_001521 add esp,byte +0x8 sub [ebx+0x90],eax push esi mov eax,[ebx+0x94] push eax call FUNC_001521 add esp,byte +0x8 sub [ebx+0x94],eax push ebx call FUNC_001016 pop ecx JUMP_004206: ; Pos = 40ee9 pop esi pop ebx pop ebp ret FUNC_001015: ; Pos = 40ef0 push ebp mov ebp,esp and byte [DATA_008835],0xbf mov eax,[ebp+0x8] push eax call FUNC_001016 pop ecx pop ebp ret FUNC_001016: ; Pos = 40f08 push ebp mov ebp,esp cmp dword [DATA_008867],0x1312d00 jg JUMP_004207 mov eax,[ebp+0x8] push eax call FUNC_001017 pop ecx JUMP_004207: ; Pos = 40f21 pop ebp ret FUNC_001017: ; Pos = 40f24 push ebp mov ebp,esp add esp,byte -0x20 mov esp,ebp pop ebp ret FUNC_001018: ; Pos = 40f30 push ebp mov ebp,esp mov eax,[DATA_008866] mov [DATA_008918],eax mov byte [DATA_008870],0x0 call FUNC_001116 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc pop ebp ret FUNC_001019: ; Pos = 40f64 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 test byte [esi+0x3fb6],0x2 jz JUMP_004208 cmp dword [DATA_009138],byte +0x0 jz JUMP_004208 call FUNC_001018 jmp JUMP_004217 JUMP_004208: ; Pos = 40f90 push ebx call FUNC_001039 pop ecx lea eax,[ebp-0x2] push eax lea eax,[ebp-0x1] push eax lea eax,[ebp-0x8] push eax mov eax,[DATA_009133] push eax push ebx call FUNC_001033 add esp,byte +0x14 cmp byte [esi+0xe8],0x2c jz near JUMP_004217 test al,0x20 jnz JUMP_004210 test al,0x1 jz JUMP_004209 push ebx call FUNC_001014 pop ecx jmp JUMP_004216 JUMP_004209: ; Pos = 40fd3 push ebx call FUNC_001035 pop ecx jmp JUMP_004216 JUMP_004210: ; Pos = 40fdf test al,0x40 jz near JUMP_004214 test al,0x80 jnz near JUMP_004217 mov eax,[ebp-0x8] mov [esi+0xcc],eax mov byte [esi+0xf8],0x0 mov eax,[ebp-0x8] mov al,[eax+0x86] mov [esi+0xc5],al push ebx call FUNC_001042 pop ecx mov eax,[ebp-0x8] push eax mov al,[esi+0xc0] push eax call FUNC_000652 add esp,byte +0x8 mov eax,[ebp-0x8] test byte [eax+0x14c],0x40 jz JUMP_004211 mov byte [esi+0xe8],0x2e call FUNC_000995 call FUNC_001116 jmp short JUMP_004213 JUMP_004211: ; Pos = 41047 mov dword [esi+0x106],0x70000 push byte +0x13 call FUNC_001906_SoundPlaySample pop ecx and byte [esi+0xe9],0xdb mov eax,[ebp-0x8] test byte [eax+0x14c],0x20 jz JUMP_004212 mov byte [esi+0xe8],0x8 xor eax,eax mov [esi+0xdc],eax call FUNC_001116 jmp short JUMP_004213 JUMP_004212: ; Pos = 41082 mov byte [esi+0xe8],0xa call FUNC_001116 JUMP_004213: ; Pos = 4108e push byte +0xd push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_004217 JUMP_004214: ; Pos = 410ac test al,0x1 jz JUMP_004215 push ebx call FUNC_001014 pop ecx jmp short JUMP_004216 JUMP_004215: ; Pos = 410b9 push ebx call FUNC_001035 pop ecx JUMP_004216: ; Pos = 410c0 push ebx call FUNC_001046 pop ecx mov eax,[esi+0xe0] push eax mov eax,[DATA_009133] push eax push ebx call near [DATA_006153] ; FUNC_000603 add esp,byte +0xc mov eax,[esi+0xe0] push eax push ebx call near [DATA_006142] ; FUNC_000601 add esp,byte +0x8 mov eax,[esi+0xe0] push eax push byte +0x1 push eax push ebx call near [DATA_006143] ; FUNC_000585 add esp,byte +0x10 JUMP_004217: ; Pos = 41103 pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001020: ; Pos = 4110c push ebp mov ebp,esp push ebx mov ebx,DATA_008804 cmp byte [ebx+0xe8],0x28 jnl near JUMP_004219 and byte [ebx+0xe9],0xfe mov eax,[ebx+0xc8] mov dl,[ebx+0xec] mov [eax+0x100],dl cmp byte [ebx+0xec],0x0 jz JUMP_004219 mov eax,[ebx+0xc8] test byte [eax+0xca],0x20 jz JUMP_004219 cmp byte [ebx+0xe8],0x26 jnz JUMP_004218 mov eax,[ebx+0xc8] push eax call FUNC_001032 pop ecx JUMP_004218: ; Pos = 41169 mov eax,[ebx+0xc8] mov byte [eax+0xff],0x8 mov byte [ebx+0xe8],0x2 mov eax,[ebx+0xc8] movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc call FUNC_001116 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_004219: ; Pos = 411b2 pop ebx pop ebp ret FUNC_001021: ; Pos = 411b8 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 push ebx call FUNC_001037 pop ecx push ebx call FUNC_001041 pop ecx test byte [esi+0xe9],0x1 jz JUMP_004220 mov eax,[esi+0xe0] push eax push ebx call near [DATA_006152] ; FUNC_000602 add esp,byte +0x8 jmp short JUMP_004221 JUMP_004220: ; Pos = 411f2 mov eax,[esi+0xe0] push eax push ebx call near [DATA_006142] ; FUNC_000601 add esp,byte +0x8 JUMP_004221: ; Pos = 41203 test byte [esi+0x3fb6],0x2 jz near JUMP_004224 cmp dword [DATA_009138],byte +0x0 jz JUMP_004223 cmp byte [esi+0xe8],0x2 jnz JUMP_004222 call FUNC_001018 JUMP_004222: ; Pos = 41227 call FUNC_001120 mov al,[esi+0xe9] and eax,byte +0x1 mov [DATA_009135],eax xor eax,eax mov [DATA_009138],eax JUMP_004223: ; Pos = 41241 push byte +0xd mov eax,[esi+0xe0] push eax lea eax,[esi+0x88] push eax mov eax,[esi+0xc8] add eax,0x8c push eax call FUNC_000726 add esp,byte +0x10 or byte [esi+0xe9],0x1 push byte +0xb mov eax,[esi+0xe0] push eax mov eax,[esi+0xc8] add eax,0x8c push eax lea eax,[esi+0x88] push eax call FUNC_000726 add esp,byte +0x10 jmp short JUMP_004225 JUMP_004224: ; Pos = 41292 cmp dword [DATA_009138],byte +0x0 jnz JUMP_004225 and byte [esi+0xe9],0xfe mov al,[DATA_009135] or [esi+0xe9],al call FUNC_001117 call FUNC_001116 mov dword [DATA_009138],0x1 JUMP_004225: ; Pos = 412c1 push ebx call FUNC_001046 pop ecx lea eax,[ebp-0x6] push eax lea eax,[ebp-0x5] push eax lea eax,[ebp-0x4] push eax mov eax,[DATA_009133] push eax push ebx call FUNC_001033 add esp,byte +0x14 cmp byte [esi+0xe8],0x2c jz near JUMP_004231 test al,0x20 jz JUMP_004228 test al,0x40 jz JUMP_004226 mov byte [esi+0xe8],0x24 call FUNC_001116 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_004226: ; Pos = 41312 mov eax,[ebp-0x4] test byte [eax+0x14c],0x10 jz near JUMP_004231 mov eax,[ebp-0x4] push eax mov eax,[esi+0xc0] push eax call FUNC_000657 add esp,byte +0x8 test al,al jz JUMP_004227 mov byte [esi+0xe8],0x6 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp JUMP_004231 JUMP_004227: ; Pos = 41353 mov eax,[ebp-0x4] push eax call FUNC_001022 pop ecx jmp JUMP_004231 JUMP_004228: ; Pos = 41362 test al,0x40 jz JUMP_004229 mov eax,[ebp-0x4] mov [esi+0xcc],eax mov al,[eax+0x86] mov [esi+0xc5],al push ebx call FUNC_001042 pop ecx mov byte [esi+0xf8],0xff mov byte [esi+0xe8],0x32 push byte +0xd push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_004231 JUMP_004229: ; Pos = 413ae mov byte [esi+0xeb],0x0 test al,0x1 jz JUMP_004230 push ebx call FUNC_001014 pop ecx xor eax,eax mov [esi+0x88],eax xor eax,eax mov [esi+0x8c],eax xor eax,eax mov [esi+0x90],eax mov eax,[esi+0xd8] mov [esi+0x94],eax JUMP_004230: ; Pos = 413e4 push ebx call FUNC_001035 pop ecx JUMP_004231: ; Pos = 413eb pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001022: ; Pos = 413f4 push ebp mov ebp,esp add esp,byte -0x30 mov eax,[ebp+0x8] cmp byte [DATA_008873],0x0 jnz JUMP_004232 mov byte [DATA_008873],0x6 mov [DATA_008862],eax mov dl,[eax+0x86] mov [DATA_008859],dl mov dword [ebp-0x30],0x98be mov dword [ebp-0x18],0x8 mov [ebp-0x14],eax and edx,0xff mov [ebp-0x2c],edx mov eax,[eax+0xa0] mov [ebp-0x8],eax lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx push byte +0xd push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_004232: ; Pos = 41459 mov esp,ebp pop ebp ret FUNC_001023: ; Pos = 41460 push ebp mov ebp,esp add esp,byte -0x30 push ebx mov ebx,DATA_008804 mov eax,[DATA_008799] mov ecx,0xc22e xor edx,edx div ecx mov ecx,eax and ecx,byte +0x1 mov [DATA_007252],ecx cmp dword [DATA_007246],byte +0x0 jz JUMP_004234 test ecx,ecx jz JUMP_004233 push byte +0x49 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004234 JUMP_004233: ; Pos = 4149c push byte +0x49 call FUNC_000264_ConsoleHideButton pop ecx JUMP_004234: ; Pos = 414a4 cmp dword [DATA_007247],byte +0x0 jz JUMP_004236 cmp dword [DATA_007252],byte +0x0 jz JUMP_004235 push byte +0x4f call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004236 JUMP_004235: ; Pos = 414c0 push byte +0x4f call FUNC_000264_ConsoleHideButton pop ecx JUMP_004236: ; Pos = 414c8 cmp byte [ebx+0xe8],0x2 jnz JUMP_004237 mov eax,[DATA_007252] push eax push byte +0x49 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 JUMP_004237: ; Pos = 414e1 cmp byte [ebx+0xeb],0x0 jz JUMP_004239 cmp byte [ebx+0xe8],0x2 jz JUMP_004239 add byte [ebx+0xeb],0xff mov al,[ebx+0xeb] test al,al ja JUMP_004239 cmp byte [ebx+0xeb],0x0 jnz JUMP_004238 dec byte [ebx+0xeb] mov dword [ebp-0x30],0x98bf mov dword [ebp-0x18],0x8 mov eax,[ebx+0xcc] mov [ebp-0x14],eax mov eax,[eax+0xa0] mov [ebp-0x8],eax lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx jmp short JUMP_004239 JUMP_004238: ; Pos = 4153f cmp byte [ebx+0xeb],0xf8 jnz JUMP_004239 mov eax,[ebx+0xcc] push eax push byte +0x0 call FUNC_000237 add esp,byte +0x8 JUMP_004239: ; Pos = 41559 pop ebx mov esp,ebp pop ebp ret FUNC_001024: ; Pos = 41560 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 push ebx call FUNC_001037 pop ecx push ebx call FUNC_001041 pop ecx mov eax,[esi+0xe0] push eax push ebx call near [DATA_006142] ; FUNC_000601 add esp,byte +0x8 push ebx call FUNC_001046 pop ecx lea eax,[ebp-0x2] push eax lea eax,[ebp-0x1] push eax lea eax,[ebp-0x8] push eax mov eax,[DATA_009133] push eax push ebx call FUNC_001033 add esp,byte +0x14 cmp byte [esi+0xe8],0x2c jz near JUMP_004246 test al,0x20 jz near JUMP_004245 dec byte [ebp-0x2] mov dl,[ebp-0x2] test dl,dl jl JUMP_004240 cmp byte [ebp-0x2],0x7 jnl JUMP_004240 movsx edx,byte [ebp-0x2] cmp edx,[esi+0xf4] jz JUMP_004240 push ebx call FUNC_001022 pop ecx jmp JUMP_004244 JUMP_004240: ; Pos = 415ee mov byte [esi+0xeb],0x0 test al,0x40 jz near JUMP_004244 test al,0x80 jnz near JUMP_004246 mov eax,[ebp-0x8] mov [esi+0xcc],eax mov byte [esi+0xf8],0x0 mov eax,[ebp-0x8] mov al,[eax+0x86] mov [esi+0xc5],al push ebx call FUNC_001042 pop ecx mov eax,[ebp-0x8] push eax mov al,[esi+0xc0] push eax call FUNC_000652 add esp,byte +0x8 mov eax,[ebp-0x8] test byte [eax+0x14c],0x40 jz JUMP_004241 mov byte [esi+0xe8],0x2e call FUNC_000995 call FUNC_001116 jmp short JUMP_004243 JUMP_004241: ; Pos = 4165d mov dword [esi+0x106],0x70000 push byte +0x13 call FUNC_001906_SoundPlaySample pop ecx and byte [esi+0xe9],0xdb mov eax,[ebp-0x8] test byte [eax+0x14c],0x20 jz JUMP_004242 mov byte [esi+0xe8],0x8 xor eax,eax mov [esi+0xdc],eax call FUNC_001116 jmp short JUMP_004243 JUMP_004242: ; Pos = 41698 mov byte [esi+0xe8],0xa call FUNC_001116 JUMP_004243: ; Pos = 416a4 push byte +0xd push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_004246 JUMP_004244: ; Pos = 416c2 push byte +0x0 mov eax,[ebp-0x8] push eax push ebx call near [DATA_006147] ; FUNC_000589 add esp,byte +0xc mov eax,[ebp-0x8] mov ax,[eax+0x112] mov [ebx+0xb2],ax jmp short JUMP_004246 JUMP_004245: ; Pos = 416e5 mov byte [esi+0xe8],0x0 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_004246: ; Pos = 416fa pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001025: ; Pos = 41700 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 cmp byte [ebx+0x14e],0x0 jz JUMP_004247 push byte +0x0 lea eax,[ebx+0x3e] push eax push ebx call FUNC_000939 add esp,byte +0xc JUMP_004247: ; Pos = 41728 xor eax,eax mov [esi+0x1b8],eax mov byte [esi+0xec],0x0 mov byte [esi+0xed],0x0 mov byte [ebx+0xff],0x24 xor eax,eax mov al,[ebx+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc mov eax,[esi+0xcc] cmp byte [eax+0xc9],0x2 jnz JUMP_004248 test byte [esi+0xe9],0x20 jnz JUMP_004248 or byte [esi+0xe9],0x20 push byte +0x22 call FUNC_001906_SoundPlaySample pop ecx JUMP_004248: ; Pos = 41781 push byte -0x1 mov eax,[esi+0xcc] push eax push ebx call near [DATA_006147] ; FUNC_000589 add esp,byte +0xc lea eax,[ebp-0x24] push eax mov eax,[esi+0xcc] push eax push ebx call near [DATA_006149] ; FUNC_000591 add esp,byte +0xc cmp byte [esi+0xe8],0xa jnz JUMP_004249 push dword 0x10000 push dword [ebp-0x10] push dword [ebp-0x14] lea eax,[ebp-0x14] push eax call FUNC_001334_Int64Add32 add esp,byte +0x10 JUMP_004249: ; Pos = 417c9 mov eax,[ebp-0x24] shr eax,0x6 mov edx,[ebp-0x20] and edx,byte +0x3f shl edx,0x1a or eax,edx mov [ebx+0x8c],eax mov eax,[ebp-0x1c] shr eax,0x6 mov edx,[ebp-0x18] and edx,byte +0x3f shl edx,0x1a or eax,edx mov [ebx+0x90],eax mov eax,[ebp-0x14] shr eax,0x6 mov edx,[ebp-0x10] and edx,byte +0x3f shl edx,0x1a or eax,edx mov [ebx+0x94],eax mov eax,[DATA_009155] push eax push byte +0x1 push eax push ebx call near [DATA_006143] ; FUNC_000585 add esp,byte +0x10 push ebx call FUNC_001046 pop ecx xor eax,eax mov [ebx+0x8c],eax xor eax,eax mov [ebx+0x90],eax xor eax,eax mov [ebx+0x94],eax lea eax,[ebp-0x1] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x3] push eax lea eax,[ebp-0x2] push eax mov eax,[DATA_009133] push eax push ebx call near [DATA_006140] ; FUNC_000568 add esp,byte +0x1c mov eax,[esi+0x106] cmp eax,[DATA_009155] jnl near JUMP_004252 mov eax,[esi+0xcc] mov eax,[eax+0x82] cmp eax,byte +0x45 jz JUMP_004250 cmp eax,byte +0x4f jnz JUMP_004251 JUMP_004250: ; Pos = 4188c and byte [esi+0xe9],0xdf mov byte [esi+0xe8],0x28 mov eax,[esi+0xcc] push eax call FUNC_000653 pop ecx mov byte [esi+0xea],0x0 call FUNC_001116 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_004253 JUMP_004251: ; Pos = 418c3 and byte [esi+0xe9],0xdf mov byte [esi+0xe8],0xc mov dword [esi+0x106],0x1ffff mov eax,[esi+0xcc] push eax call FUNC_000653 pop ecx mov byte [esi+0xea],0x0 call FUNC_001116 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_004253 JUMP_004252: ; Pos = 41904 mov eax,[esi+0x106] sub eax,[DATA_009155] mov [esi+0x106],eax JUMP_004253: ; Pos = 41916 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001026: ; Pos = 4191c push ebp mov ebp,esp test byte [DATA_008871],0x20 jz JUMP_004254 push byte +0x12 call FUNC_001906_SoundPlaySample pop ecx JUMP_004254: ; Pos = 41930 or byte [DATA_008871],0x20 pop ebp ret FUNC_001027: ; Pos = 4193c push ebp mov ebp,esp cmp dword [DATA_008884],0xffff jnl JUMP_004255 mov eax,[ebp+0x8] push eax call FUNC_001026 pop ecx JUMP_004255: ; Pos = 41955 pop ebp ret FUNC_001028: ; Pos = 41958 push ebp mov ebp,esp and byte [DATA_008871],0xdf pop ebp ret FUNC_001029: ; Pos = 41964 push ebp mov ebp,esp test byte [DATA_008871],0x20 jz JUMP_004256 mov eax,[ebp+0x8] push eax call FUNC_001030 pop ecx jmp short JUMP_004257 JUMP_004256: ; Pos = 4197c push byte +0x13 call FUNC_001906_SoundPlaySample pop ecx JUMP_004257: ; Pos = 41984 or byte [DATA_008871],0x20 pop ebp ret FUNC_001030: ; Pos = 41990 push ebp mov ebp,esp pop ebp ret FUNC_001031: ; Pos = 41998 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi mov ebx,[ebp+0x8] lea eax,[ebp-0x2] push eax lea eax,[ebp-0x1] push eax lea eax,[ebp-0x8] push eax mov eax,[DATA_009133] push eax push ebx call FUNC_001033 add esp,byte +0x14 mov esi,eax push ebx call FUNC_001037 pop ecx push ebx call FUNC_001041 pop ecx mov eax,[DATA_008868] push eax push ebx call near [DATA_006142] ; FUNC_000601 add esp,byte +0x8 push ebx call FUNC_001046 pop ecx cmp byte [DATA_008870],0x2c jz JUMP_004259 test esi,0x20 jnz JUMP_004258 mov byte [DATA_008870],0x0 call FUNC_001116 push ebx call FUNC_001032 pop ecx mov dword [DATA_005315],0x1 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_004259 JUMP_004258: ; Pos = 41a23 test esi,0x40 jz JUMP_004259 mov eax,[DATA_008862] test byte [eax+0x14c],0x20 jz JUMP_004259 xor eax,eax mov [DATA_008918],eax mov byte [DATA_008870],0x24 call FUNC_001116 JUMP_004259: ; Pos = 41a4c pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001032: ; Pos = 41a54 push ebp mov ebp,esp cmp byte [DATA_008880],0x0 jnz JUMP_004260 mov eax,[DATA_008862] push eax mov eax,[ebp+0x8] mov al,[eax+0x86] push eax call FUNC_000651 add esp,byte +0x8 JUMP_004260: ; Pos = 41a78 pop ebp ret FUNC_001033: ; Pos = 41a7c push ebp mov ebp,esp add esp,byte -0x38 push ebx push esi push edi mov ebx,[ebp+0x10] mov edi,[ebp+0x8] mov esi,DATA_008804 mov eax,[ebp+0x18] push eax lea eax,[ebp-0x4] push eax push ebx mov eax,[ebp+0x14] push eax lea eax,[ebp-0x5] push eax mov eax,[ebp+0xc] push eax push edi call near [DATA_006141] ; FUNC_000569 add esp,byte +0x1c mov al,[ebp-0x5] mov [esi+0x212],al cmp dword [ebp-0x4],byte -0x1 jnz JUMP_004261 mov eax,0x7fffffff jmp short JUMP_004262 JUMP_004261: ; Pos = 41ac5 mov eax,[ebp-0x4] JUMP_004262: ; Pos = 41ac8 mov [esi+0xdc],eax cmp eax,0xb71b00 jl JUMP_004264 cmp byte [esi+0xe8],0x2c jz JUMP_004266 test byte [esi+0xc6],0x40 jz JUMP_004263 cmp byte [DATA_008630],0x0 jnl JUMP_004263 call FUNC_001116 JUMP_004263: ; Pos = 41af5 or word [esi+0xc6],byte +0x40 jmp short JUMP_004266 JUMP_004264: ; Pos = 41aff test byte [esi+0xc6],0x40 jz JUMP_004265 cmp byte [DATA_008630],0x0 jnl JUMP_004265 call FUNC_001116 JUMP_004265: ; Pos = 41b16 and word [esi+0xc6],0xffbf JUMP_004266: ; Pos = 41b1f test byte [esi+0x212],0x1 jnz JUMP_004267 push edi call FUNC_001034 pop ecx movsx eax,byte [esi+0x212] jmp JUMP_004274 JUMP_004267: ; Pos = 41b3b mov eax,[ebx] mov eax,[eax+0x82] cmp eax,0x86 jc near JUMP_004273 cmp eax,0x94 ja near JUMP_004273 test byte [edi+0xca],0x10 jz near JUMP_004270 cmp dword [ebp-0x4],0x1c9c380 jg JUMP_004268 cmp dword [esi+0xd8],0x2328 jl JUMP_004268 mov eax,[esi+0x1e8] cmp eax,[DATA_009155] jna JUMP_004269 JUMP_004268: ; Pos = 41b89 movsx eax,byte [esi+0x212] jmp JUMP_004274 JUMP_004269: ; Pos = 41b95 mov eax,[esi+0x120] cmp eax,[esi+0x118] jnl JUMP_004270 inc dword [esi+0x120] inc word [esi+0x15a] mov dword [ebp-0x38],0x9906 movzx eax,word [esi+0x15a] mov [ebp-0x34],eax mov dword [ebp-0x20],0xffffffff lea eax,[ebp-0x38] push eax call FUNC_000349 pop ecx push dword 0x8e13 push byte +0x16 call FUNC_000148 add esp,byte +0x8 push byte +0x11 call FUNC_001906_SoundPlaySample pop ecx JUMP_004270: ; Pos = 41be9 mov dword [esi+0x1e8],0x2468a mov eax,[ebx] mov edx,[eax+0x82] cmp edx,0x89 jc JUMP_004273 mov eax,[esi+0x1ec] cmp edx,0x8c jc JUMP_004271 mov edx,[DATA_009155] shr edx,0x8 jmp short JUMP_004272 JUMP_004271: ; Pos = 41c1c mov edx,[DATA_009155] shr edx,0xa JUMP_004272: ; Pos = 41c25 add edx,[esi+0x1ec] mov [esi+0x1ec],edx cmp eax,[esi+0x1ec] jng JUMP_004273 push byte +0x0 push byte -0x1 push edi call FUNC_000953 add esp,byte +0xc JUMP_004273: ; Pos = 41c46 movsx eax,byte [esi+0x212] JUMP_004274: ; Pos = 41c4d pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001034: ; Pos = 41c54 push ebp mov ebp,esp mov eax,[ebp+0x8] test byte [eax+0xca],0x2 jnz JUMP_004276 cmp word [DATA_008900],byte +0x0 jz JUMP_004275 dec word [DATA_008900] inc word [DATA_008898] JUMP_004275: ; Pos = 41c7b cmp word [DATA_008899],byte +0x0 jz JUMP_004276 dec word [DATA_008899] inc word [DATA_008897] JUMP_004276: ; Pos = 41c93 pop ebp ret FUNC_001035: ; Pos = 41c98 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi mov ebx,[ebp+0x8] cmp dword [DATA_008867],0x1312d00 jnl JUMP_004277 push ebx call FUNC_001015 pop ecx jmp JUMP_004278 JUMP_004277: ; Pos = 41cbb push ebx call FUNC_001036 pop ecx cmp byte [DATA_009018],0x0 jz near JUMP_004278 cmp byte [DATA_008630],0x0 jnl near JUMP_004278 call near [DATA_007752] ; FUNC_001530 and eax,0xffff cmp eax,0x3332 jnc near JUMP_004278 cmp dword [DATA_007706],byte +0x0 jz near JUMP_004278 lea eax,[ebp-0x4] push eax push byte +0x6d push byte +0x2a push ebx mov eax,[DATA_009133] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov ebx,eax test ebx,ebx jz near JUMP_004278 xor eax,eax mov [ebx+0xb0],eax mov byte [ebx+0x57],0x0 mov byte [ebx+0x87],0xb mov byte [ebx+0xff],0x1b call near [DATA_007752] ; FUNC_001530 mov esi,eax mov [DATA_008802],esi mov eax,[DATA_008820] and eax,0xffff mov [DATA_008803],eax push eax push esi push ebx call FUNC_001675_MatBuildYZT add esp,byte +0xc call near [DATA_007752] ; FUNC_001530 and eax,byte +0x3 mov edx,[DATA_008865] add edx,[DATA_009123] add eax,edx sub eax,byte +0x7 mov [ebx+0x7e],eax mov eax,[DATA_009123] add eax,byte +0x7 push eax lea eax,[ebx+0x8c] push eax lea eax,[ebp-0x1c] push eax call near [DATA_007749] ; FUNC_001517 add esp,byte +0xc lea eax,[ebp-0x1c] push eax add ebx,byte +0x3e push ebx call FUNC_001661_Vec64Add add esp,byte +0x8 JUMP_004278: ; Pos = 41dad pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001036: ; Pos = 41db4 push ebp mov ebp,esp add esp,byte -0x28 push ebx mov ebx,[ebp+0x8] call near [DATA_007752] ; FUNC_001530 and eax,0xffff cmp eax,0x1999 jnc near JUMP_004283 cmp byte [ebx+0x56],0x72 jnz near JUMP_004283 mov al,[DATA_009102] cmp al,[DATA_009103] jnc near JUMP_004283 cmp dword [DATA_007706],byte +0x0 jz near JUMP_004283 call near [DATA_007752] ; FUNC_001530 and eax,byte +0x1f mov ax,[eax*2+DATA_007268] lea edx,[ebp-0x4] push edx movzx eax,ax push eax push byte +0xf push ebx mov eax,[DATA_009133] push eax call near [DATA_007198] ; FUNC_000927 add esp,byte +0x14 mov ebx,eax test ebx,ebx jz near JUMP_004283 inc byte [DATA_009102] xor eax,eax mov [ebx+0xb0],eax mov byte [ebx+0x57],0x0 mov byte [ebx+0x87],0xb mov byte [ebx+0xff],0x19 mov byte [ebx+0x118],0xfc call near [DATA_007752] ; FUNC_001530 mov eax,[DATA_008818] mov [ebx+0xa0],eax call near [DATA_007752] ; FUNC_001530 shl eax,0xc mov [ebp-0x10],eax call near [DATA_007752] ; FUNC_001530 shl eax,0xc mov [ebp-0xc],eax call near [DATA_007752] ; FUNC_001530 shl eax,0xc mov [ebp-0x8],eax mov eax,[ebp-0x10] cdq xor eax,edx sub eax,edx mov ecx,eax mov eax,[ebp-0xc] cdq xor eax,edx sub eax,edx add ecx,eax mov eax,[ebp-0x8] cdq xor eax,edx sub eax,edx add ecx,eax cmp ecx,0x3e8 jnl JUMP_004279 mov dword [ebp-0x10],0x5dc JUMP_004279: ; Pos = 41eba mov eax,[ebp-0x10] add [ebx+0x8c],eax mov eax,[ebp-0xc] add [ebx+0x90],eax mov eax,[ebp-0x8] add [ebx+0x94],eax mov eax,[ebx+0x8c] mov [ebp-0x28],eax xor edx,edx test eax,eax jnl JUMP_004280 dec edx JUMP_004280: ; Pos = 41ee5 mov [ebp-0x24],edx mov eax,[ebx+0x90] mov [ebp-0x20],eax xor edx,edx test eax,eax jnl JUMP_004281 dec edx JUMP_004281: ; Pos = 41ef8 mov [ebp-0x1c],edx mov eax,[ebx+0x94] mov [ebp-0x18],eax xor edx,edx test eax,eax jnl JUMP_004282 dec edx JUMP_004282: ; Pos = 41f0b mov [ebp-0x14],edx lea eax,[ebp-0x28] push eax lea eax,[ebx+0x3e] push eax call FUNC_001661_Vec64Add add esp,byte +0x8 xor eax,eax mov [ebx+0x8c],eax xor eax,eax mov [ebx+0x90],eax xor eax,eax mov [ebx+0x94],eax JUMP_004283: ; Pos = 41f36 pop ebx mov esp,ebp pop ebp ret FUNC_001037: ; Pos = 41f3c push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x8] mov ebx,DATA_008804 cmp byte [DATA_008630],0x0 jnl near JUMP_004290 test byte [ebx+0xe9],0x1 jnz near JUMP_004289 cmp byte [DATA_007692],0x0 jnz JUMP_004285 cmp dword [ebx+0x1b8],byte +0x0 jnl JUMP_004284 xor eax,eax mov [ebx+0x1b8],eax push esi call FUNC_001038 pop ecx jmp JUMP_004290 JUMP_004284: ; Pos = 41f8a mov eax,[ebx+0x1b8] push eax call FUNC_001121 pop ecx add [ebx+0x1b8],eax cmp dword [ebx+0x1b8],byte +0x0 jnl JUMP_004285 mov dword [ebx+0x1b8],0x7fffffff JUMP_004285: ; Pos = 41fb0 cmp byte [DATA_007694],0x0 jnz JUMP_004288 mov eax,[ebx+0x1b8] test eax,eax jg JUMP_004286 test byte [ebx+0xe9],0x80 jnz JUMP_004289 mov edx,[DATA_009122] shr edx,0x8 push edx mov edx,eax pop eax sub edx,eax mov [ebx+0x1b8],edx test edx,edx jng JUMP_004289 mov dword [ebx+0x1b8],0x80000000 jmp short JUMP_004289 JUMP_004286: ; Pos = 41ff1 mov edi,[ebx+0x1b8] or byte [ebx+0xe9],0x80 mov eax,[ebx+0x1b8] push eax call FUNC_001121 pop ecx sub [ebx+0x1b8],eax mov eax,[ebx+0x1b8] cmp edi,eax jl JUMP_004287 test eax,eax jnl JUMP_004289 JUMP_004287: ; Pos = 4201f xor eax,eax mov [ebx+0x1b8],eax jmp short JUMP_004289 JUMP_004288: ; Pos = 42029 and byte [ebx+0xe9],0x7f JUMP_004289: ; Pos = 42030 push esi call FUNC_001038 pop ecx JUMP_004290: ; Pos = 42037 pop edi pop esi pop ebx pop ebp ret FUNC_CheckInputWrap: mov ax, [esp+4] mov dx, [esp+8] mov cx, ax add cx, dx cmp ax, 0 jnl .nowrapneg cmp dx, 0 jnl .nowrapneg cmp cx, 0 jl .nowrapneg mov ax, 0x8000 ret .nowrapneg: cmp ax, 0 jng .nowrappos cmp dx, 0 jng .nowrappos cmp cx, 0 jg .nowrappos mov ax, 0x7fff ret .nowrappos: mov ax, cx ret FUNC_CalcKeyInput: xor eax, eax mov ecx, [DATA_007706] cmp ecx, 0 jnz .notstopped ret .notstopped: mov edx, [esp+4] mov edx, [edx*4+DATA_KeyAccumTable] cmp edx, 0 jnz .keydown ret .keydown: cmp edx, 70 jng .nocap mov edx, 70 .nocap: mov eax, [DATA_009122] add edx, 2 mul edx shr eax, 6 ret FUNC_CalcKeyInputNoPause: xor eax, eax mov edx, [esp+4] mov edx, [edx*4+DATA_KeyAccumTable] cmp edx, 0 jnz .keydown ret .keydown: cmp edx, 70 jng .nocap mov edx, 70 .nocap: mov eax, [DATA_009122] add edx, 2 mul edx shr eax, 6 ret FUNC_001038: ; Pos = 4203c push ebp mov ebp,esp add esp,byte -0xc push ebx push esi mov esi,[ebp+0x8] mov ebx,DATA_008804 mov eax,[ebx+0xd0] mov [ebp-0x4],eax call near [DATA_007682] ; FUNC_001445_GuiGetXYAccum mov [ebx+0xd0],eax mov ax,[ebx+0xd2] sub ax,[ebp-0x2] shl eax,0x6 cmp byte [ebx+0x3f55],0x0 jnz .notnegativey neg eax .notnegativey: mov [ebp-0x6],ax mov ax,[ebx+0xd0] sub ax,[ebp-0x4] shl eax,0x6 cmp byte [ebx+0x3f54],0x0 jnz .notnegativex neg eax .notnegativex: mov [ebp-0x8],ax mov word [ebp-0xa], 0 cmp byte [ebx+0x3f56],0x0 jz .notrotation mov al,[ebx+0xea] cmp al,0x2 jz .notrotation cmp al,0x3 jz .notrotation mov [ebp-0xa], ax mov word [ebp-0x8], 0 .notrotation: push byte 0x2c ; up/down call FUNC_CalcKeyInput pop ecx sub [ebp-0x6], ax push byte 0x1e call FUNC_CalcKeyInput pop ecx add [ebp-0x6], ax push byte 0x33 ; left/right call FUNC_CalcKeyInput pop ecx add [ebp-0x8], ax push byte 0x34 call FUNC_CalcKeyInput pop ecx sub [ebp-0x8], ax push byte 0x1a ; roll call FUNC_CalcKeyInput pop ecx add [ebp-0xa], ax push byte 0x1b call FUNC_CalcKeyInput pop ecx sub [ebp-0xa], ax mov al,[ebx+0xea] cmp al,0x2 jz near JUMP_004294 cmp al,0x3 jz near JUMP_004294 mov ax, [esi+0xb0] push eax mov dx, [ebp-0x6] push edx call FUNC_CheckInputWrap add esp, byte 8 mov [esi+0xb0], ax mov ax, [esi+0xb4] push eax mov dx, [ebp-0x8] neg dx push edx call FUNC_CheckInputWrap add esp, byte 8 mov [esi+0xb4], ax ; JUMP_004293: ; Pos = 420e5 ; test byte [ebx+0x212],0x20 ; jnz near JUMP_004297 mov ax, [esi+0xb2] push eax mov dx, [ebp-0xa] push edx call FUNC_CheckInputWrap add esp, byte 8 mov [esi+0xb2], ax jmp short JUMP_004297 JUMP_004294: ; Pos = 42116 mov ax,[ebp-0x8] sub [ebx+0x204],ax mov ax,[ebp-0x6] add [ebx+0x206],ax cmp word [ebx+0x206],byte +0x0 jnl JUMP_004295 mov byte [ebx+0xea],0x2 cmp word [ebx+0x206],0xc000 jg JUMP_004297 mov word [ebx+0x206],0xc001 jmp short JUMP_004297 JUMP_004295: ; Pos = 42153 cmp byte [esi+0xd1],0x4 jl JUMP_004296 mov byte [ebx+0xea],0x3 cmp word [ebx+0x206],0x4000 jl JUMP_004297 mov word [ebx+0x206],0x3fff jmp short JUMP_004297 JUMP_004296: ; Pos = 42179 mov word [ebx+0x206],0xffff JUMP_004297: ; Pos = 42182 pop esi pop ebx mov esp, ebp pop ebp ret FUNC_001039: ; Pos = 42188 push ebp mov ebp,esp mov al,[DATA_008872] cmp al,0x2 jz JUMP_004298 cmp al,0x3 jnz JUMP_004299 JUMP_004298: ; Pos = 42198 mov eax,[ebp+0x8] push eax call FUNC_001038 pop ecx JUMP_004299: ; Pos = 421a2 pop ebp ret FUNC_001040: ; Pos = 421a4 push ebp mov ebp,esp call near [DATA_007682] ; FUNC_001445_GuiGetXYAccum cmp byte [DATA_008872],0x5 jz JUMP_004304 cmp byte [DATA_007696],0x0 jz JUMP_004300 test byte [DATA_009163],0x10 jz JUMP_004300 test byte [DATA_009163],0x20 jz JUMP_004300 cmp byte [DATA_007708],0x0 jz JUMP_004304 cmp byte [DATA_007711],0x0 jz JUMP_004304 JUMP_004300: ; Pos = 421e3 mov al,[DATA_008872] cmp al,0x4 jz JUMP_004301 cmp al,0x6 jnz JUMP_004302 JUMP_004301: ; Pos = 421f0 xor eax,eax jmp short JUMP_004303 JUMP_004302: ; Pos = 421f4 movsx eax,byte [DATA_008872] JUMP_004303: ; Pos = 421fb push eax mov eax,[ebp+0x8] push eax call FUNC_000931 add esp,byte +0x8 JUMP_004304: ; Pos = 42208 pop ebp ret FUNC_001041: ; Pos = 4220c push ebp mov ebp,esp add esp,byte -0x18 push ebx mov ebx,[ebp+0x8] mov eax,[DATA_009155] shr eax,1 push eax push byte +0x0 push eax push ebx call near [DATA_006143] ; FUNC_000585 add esp,byte +0x10 mov eax,[DATA_009155] shr eax,1 push eax push byte +0x0 push eax push ebx call near [DATA_006143] ; FUNC_000585 add esp,byte +0x10 mov eax,[DATA_009155] push eax mov eax,[DATA_009133] push eax push ebx call near [DATA_006153] ; FUNC_000603 add esp,byte +0xc cmp dword [DATA_008867],0x2625a00 jg JUMP_004305 push ebx call near [DATA_006157] ; FUNC_000609 pop ecx mov ax,[ebx+0x112] mov [ebx+0xb2],ax JUMP_004305: ; Pos = 42278 dec byte [ebx+0x14d] mov al,[ebx+0x14d] test al,al jnl JUMP_004306 mov eax,[DATA_009133] push eax push ebx call near [DATA_006154] ; FUNC_000606 add esp,byte +0x8 mov byte [ebx+0x14d],0xd JUMP_004306: ; Pos = 4229f cmp byte [DATA_008870],0x24 jnz JUMP_004307 xor eax,eax mov [ebp-0xc],eax xor eax,eax mov [ebp-0x4],eax mov dword [ebp-0x8],0xcc6 lea eax,[ebp-0x18] push eax lea eax,[ebp-0xc] push eax push ebx call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc jmp short JUMP_004309 JUMP_004307: ; Pos = 422cd test byte [DATA_008871],0x1 jz JUMP_004308 push ebx call FUNC_001043 pop ecx jmp short JUMP_004309 JUMP_004308: ; Pos = 422df lea eax,[ebp-0xc] push eax mov eax,[DATA_008918] push eax push ebx call near [DATA_006155] ; FUNC_000607 add esp,byte +0xc lea eax,[ebp-0x18] push eax lea eax,[ebp-0xc] push eax push ebx call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc JUMP_004309: ; Pos = 42305 pop ebx mov esp,ebp pop ebp ret FUNC_001042: ; Pos = 4230c push ebp mov ebp,esp mov eax,[ebp+0x8] xor edx,edx mov [eax+0x8c],edx xor edx,edx mov [eax+0x90],edx xor edx,edx mov [eax+0x94],edx mov word [eax+0xb0],0x0 mov word [eax+0xb2],0x0 xor edx,edx mov [DATA_008918],edx mov word [eax+0xb6],0x0 mov word [eax+0xb8],0x0 mov word [eax+0xba],0x0 test byte [DATA_008860],0x80 jz JUMP_004310 push eax push dword 0x12c push byte +0x1 push byte +0x3 call FUNC_001910_SoundModifyStationNoise add esp,byte +0x10 JUMP_004310: ; Pos = 4237a pop ebp ret FUNC_001043: ; Pos = 4237c push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov ebx,[ebp+0x8] xor eax,eax mov [ebp-0x4],eax mov [ebp-0x8],eax mov [ebp-0xc],eax test byte [DATA_009046],0x2 jz near JUMP_004314 mov eax,[ebx+0x8c] sub eax,[DATA_008839] mov [ebp-0x24],eax mov eax,[ebx+0x90] sub eax,[DATA_008840] mov [ebp-0x20],eax mov eax,[ebx+0x94] sub eax,[DATA_008841] mov [ebp-0x1c],eax mov eax,[ebp-0x24] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebp-0x20] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp-0x1c] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp-0x24] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[ebp-0x20] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[ebp-0x1c] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,edi cmp eax,0x100 jng JUMP_004311 mov edx,eax neg edx shl edx,0x2 mov [ebp-0xc],edx JUMP_004311: ; Pos = 4244b cmp eax,0xffffff00 jnl JUMP_004312 neg eax shl eax,0x2 mov [ebp-0xc],eax JUMP_004312: ; Pos = 4245a cmp esi,0x100 jng JUMP_004313 mov eax,esi neg eax shl eax,0x2 mov [ebp-0x8],eax JUMP_004313: ; Pos = 4246c cmp esi,0xffffff00 jnl JUMP_004314 neg esi shl esi,0x2 mov [ebp-0x8],esi JUMP_004314: ; Pos = 4247c cmp byte [DATA_007692],0x0 ; forward/reverse thrust jnz JUMP_004315 mov dword [ebp-0x4],0x7fff JUMP_004315: ; Pos = 4248e cmp byte [DATA_007694],0x0 jnz JUMP_0043151 mov dword [ebp-0x4],0xffff8001 JUMP_0043151: cmp byte [DATA_007691+0x48],0x0 jnz JUMP_0043152 mov dword [ebp-0x4],0x7fff JUMP_0043152: cmp byte [DATA_007691+0x4c],0x0 jnz JUMP_0043153 mov dword [ebp-0x4],0xffff8001 JUMP_0043153: cmp byte [DATA_007691+0x4b],0x0 ; up/down thrust jnz JUMP_0043154 mov dword [ebp-0x8],0x7fff JUMP_0043154: cmp byte [DATA_007691+0x4d],0x0 jnz JUMP_0043155 mov dword [ebp-0x8],0x7fff JUMP_0043155: cmp byte [DATA_007691+0x4f],0x0 jnz JUMP_0043156 mov dword [ebp-0x8],0xffff8001 JUMP_0043156: cmp byte [DATA_007691+0x51],0x0 jnz JUMP_0043157 mov dword [ebp-0x8],0xffff8001 JUMP_0043157: cmp byte [DATA_007691+0x49],0x0 ; left/right thrust jnz JUMP_0043158 mov dword [ebp-0xc],0x7fff JUMP_0043158: cmp byte [DATA_007691+0x47],0x0 jnz JUMP_0043159 mov dword [ebp-0xc],0xffff8001 JUMP_0043159: JUMP_004316: ; Pos = 424a0 push ebx push dword 0x12c push byte +0x1 push byte +0x3 call FUNC_001910_SoundModifyStationNoise add esp,byte +0x10 JUMP_004317: ; Pos = 424b2 lea eax,[ebp-0x18] push eax lea eax,[ebp-0xc] push eax push ebx call near [DATA_006151] ; FUNC_000599 add esp,byte +0xc pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001044: ; Pos = 424cc push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_001045 pop ecx pop ebp ret FUNC_001045: ; Pos = 424dc push ebp mov ebp,esp mov eax,[DATA_008868] push eax mov eax,[DATA_008869] push eax mov eax,[ebp+0x8] push eax call near [DATA_007744] ; FUNC_001512 add esp,byte +0xc pop ebp ret FUNC_001046: ; Pos = 424fc push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] cmp byte [ebx+0x14e],0x0 jz JUMP_004318 push byte +0x0 lea eax,[ebx+0x3e] push eax push ebx call FUNC_000939 add esp,byte +0xc JUMP_004318: ; Pos = 4251b push ebx call FUNC_001045 pop ecx cmp byte [DATA_009030],0x0 jz near JUMP_004327 cmp dword [DATA_009116],byte +0x0 jnl near JUMP_004327 cmp word [ebx+0xb6],byte +0x0 jl JUMP_004319 movsx edx,word [ebx+0xb6] jmp short JUMP_004320 JUMP_004319: ; Pos = 4254f movsx edx,word [ebx+0xb6] neg edx JUMP_004320: ; Pos = 42558 cmp word [ebx+0xb8],byte +0x0 jl JUMP_004321 movsx eax,word [ebx+0xb8] jmp short JUMP_004322 JUMP_004321: ; Pos = 4256b movsx eax,word [ebx+0xb8] neg eax JUMP_004322: ; Pos = 42574 cmp word [ebx+0xba],byte +0x0 jl JUMP_004323 movsx ecx,word [ebx+0xba] jmp short JUMP_004324 JUMP_004323: ; Pos = 42587 movsx ecx,word [ebx+0xba] neg ecx JUMP_004324: ; Pos = 42590 cmp edx,eax jng JUMP_004325 mov eax,edx JUMP_004325: ; Pos = 42596 cmp ecx,eax jng JUMP_004326 mov eax,ecx JUMP_004326: ; Pos = 4259c sub eax,0x221 test eax,eax jl JUMP_004327 push ebx mov edx,0x1ae sub edx,eax push edx push eax push byte +0x3 call FUNC_001910_SoundModifyStationNoise add esp,byte +0x10 or word [DATA_008860],0x80 JUMP_004327: ; Pos = 425c2 pop ebx pop ebp ret FUNC_001047: ; Pos = 425c8 push ebp mov ebp,esp push byte +0x0 push byte +0xe call FUNC_000148 add esp,byte +0x8 mov byte [DATA_008870],0x34 mov byte [DATA_008880],0xff mov dword [DATA_008878],0x1 call FUNC_001119 call FUNC_001049 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc pop ebp ret FUNC_001048: ; Pos = 4260c push ebp mov ebp,esp push byte +0x0 push byte +0x5 call FUNC_000148 add esp,byte +0x8 mov byte [DATA_008870],0x30 xor eax,eax mov [DATA_008878],eax mov eax,[DATA_008862] push eax call FUNC_000653 pop ecx call FUNC_001903_SoundStopSong call FUNC_001049 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc pop ebp ret FUNC_001049: ; Pos = 42650 push ebp mov ebp,esp mov eax,[DATA_008861] push eax call FUNC_001042 pop ecx and byte [DATA_008871],0xfe call FUNC_001116 call FUNC_001050 pop ebp ret FUNC_001050: ; Pos = 42674 push ebp mov ebp,esp mov eax,[DATA_008861] mov byte [eax+0xff],0x24 movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc mov eax,[DATA_008861] push eax call FUNC_001056 pop ecx cmp byte [DATA_008630],0x0 jnl JUMP_004330 mov eax,[DATA_008894] test eax,eax jl JUMP_004328 cmp eax,0x8000 jng JUMP_004329 JUMP_004328: ; Pos = 426bc xor eax,eax mov [DATA_008894],eax JUMP_004329: ; Pos = 426c3 mov eax,[DATA_008861] push eax call FUNC_001054 pop ecx JUMP_004330: ; Pos = 426cf pop ebp ret FUNC_001051: ; Pos = 426d4 push ebp mov ebp,esp mov eax,[DATA_008861] push eax call FUNC_001056 pop ecx cmp byte [DATA_008630],0x0 jnl JUMP_004331 mov eax,[DATA_008861] push eax call FUNC_001054 pop ecx JUMP_004331: ; Pos = 426f8 pop ebp ret FUNC_001052: ; Pos = 426fc push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi mov ecx,[ebp+0x14] mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov [ebp-0x8],eax xor esi,esi test eax,eax jnl JUMP_004332 dec esi JUMP_004332: ; Pos = 4271a mov [ebp-0x4],esi mov [ebp-0x10],edx xor eax,eax test edx,edx jnl JUMP_004333 dec eax JUMP_004333: ; Pos = 42727 mov [ebp-0xc],eax mov [ebp-0x18],ecx xor eax,eax test ecx,ecx jnl JUMP_004334 dec eax JUMP_004334: ; Pos = 42734 mov [ebp-0x14],eax push dword [ebx+0x42] push dword [ebx+0x3e] push dword [ebp-0x4] push dword [ebp-0x8] lea eax,[ebx+0x3e] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [ebx+0x4a] push dword [ebx+0x46] push dword [ebp-0xc] push dword [ebp-0x10] lea eax,[ebx+0x46] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [ebx+0x52] push dword [ebx+0x4e] push dword [ebp-0x14] push dword [ebp-0x18] lea eax,[ebx+0x4e] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 cmp byte [DATA_009019],0x0 jz JUMP_004335 cmp dword [DATA_008814],byte +0x0 jnz JUMP_004335 push ebx call near [DATA_007809] ; FUNC_001775 pop ecx JUMP_004335: ; Pos = 42799 xor eax,eax mov [DATA_008814],eax push ebx mov eax,[DATA_009133] push eax call near [DATA_007760] ; FUNC_001536 add esp,byte +0x8 cmp dword [DATA_008814],byte +0x0 jnz JUMP_004336 mov byte [DATA_008815],0x0 mov byte [DATA_008816],0x0 mov al, [DATA_008804+0x3f88] mov byte [DATA_008817], al JUMP_004336: ; Pos = 427ce mov ax,[DATA_008815] mov [DATA_009136],ax mov al,[DATA_008817] mov [DATA_009137],al push dword DATA_008815 call FUNC_001575 pop ecx mov byte [DATA_008838],0x0 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001053: ; Pos = 42800 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0xc] mov eax,[ebp+0x8] movsx edx,bx mov ecx,[eax+0x18] sar ecx,0x10 imul edx,ecx movsx ecx,bx mov esi,[eax+0x1c] sar esi,0x10 imul ecx,esi movsx esi,bx mov ebx,[eax+0x20] sar ebx,0x10 imul esi,ebx cmp word [ebp+0x10],byte +0x0 jz JUMP_004337 movsx ebx,word [ebp+0x10] mov edi,[eax+0xc] sar edi,0x10 imul ebx,edi add edx,ebx movsx ebx,word [ebp+0x10] mov edi,[eax+0x10] sar edi,0x10 imul ebx,edi add ecx,ebx movsx ebx,word [ebp+0x10] mov edi,[eax+0x14] sar edi,0x10 imul ebx,edi add esi,ebx JUMP_004337: ; Pos = 42864 sar edx,0xc sar ecx,0xc sar esi,0xc push esi push ecx push edx push eax call FUNC_001052 add esp,byte +0x10 pop edi pop esi pop ebx pop ebp ret FUNC_001054: ; Pos = 42880 push ebp mov ebp,esp add esp,0xfffffcf4 push ebx push esi push edi mov esi,DATA_008804 mov eax,[esi+0xc8] push esi mov esi,eax lea edi,[ebp+0xfffffe90] mov ecx,0x54 rep movsd movsw pop esi mov eax,[ebp+0xffffff12] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov ebx,eax mov byte [ebp+0xfffffee8],0x0 movsx eax,byte [esi+0xea] cmp eax,byte +0x6 ja near JUMP_004346 jmp near [eax*4+DATA_000039] SECTION .data DATA_000039: ; Pos = 428d8 dd JUMP_004341 dd JUMP_004343 dd JUMP_004346 dd JUMP_004346 dd JUMP_004344 dd JUMP_004340 dd JUMP_004338 SECTION .text JUMP_004338: ; Pos = 428f4 mov eax,[esi+0xc8] push esi mov esi,eax lea edi,[ebp+0xfffffd3c] mov ecx,0x54 rep movsd movsw pop esi mov byte [esi+0x7e],0x0 mov byte [esi+0xc],0xfe push byte +0x0 call FUNC_000956 pop ecx cmp dword [DATA_007270],0x12c jnl JUMP_004339 mov dword [DATA_007270],0x12c JUMP_004339: ; Pos = 42933 mov eax,[DATA_007269] lea eax,[eax+eax*2] add eax,[DATA_007270] sar eax,0x2 mov [DATA_007269],eax mov eax,[esi+0xc8] movsx eax,word [eax+0xb4] sar eax,1 add [DATA_007271],eax sar dword [DATA_007271],1 push dword 0x9f5 lea eax,[ebp+0xfffffea8] push eax lea eax,[ebp+0xfffffe9c] push eax call near [DATA_007745] ; FUNC_001513 add esp,byte +0xc mov eax,[DATA_007271] push eax lea eax,[ebp+0xfffffe90] push eax lea eax,[ebp+0xfffffea8] push eax call near [DATA_007745] ; FUNC_001513 add esp,byte +0xc push byte +0x0 mov eax,[DATA_007269] shl eax,0x3 lea eax,[eax+eax*4] neg ax push eax lea eax,[ebp+0xfffffe90] push eax call FUNC_001053 add esp,byte +0xc mov dword [ebp+0xfffffdbe],0xa7 xor eax,eax mov [ebp+0xfffffd38],eax mov [ebp+0xfffffd34],eax mov [ebp+0xfffffd30],eax mov eax,[ebp+0x8] mov edx,[eax+0x18] mov [ebp+0xfffffd24],edx mov edx,[eax+0x1c] mov [ebp+0xfffffd28],edx mov edx,[eax+0x20] mov [ebp+0xfffffd2c],edx xor eax,eax mov [ebp-0x4],eax mov dword [ebp-0x8],0x7a1200 push dword 0x1a80 push dword [ebp-0x4] push dword [ebp-0x8] mov eax,[esi+0xc0] push eax lea eax,[ebp+0xfffffd24] push eax lea eax,[ebp+0xfffffd30] push eax mov eax,[DATA_009133] push eax mov eax,[ebp+0x8] push eax call near [DATA_006791] ; FUNC_000802 add esp,byte +0x20 cmp dword [DATA_008712],0x7a1200 setl al and eax,byte +0x1 mov [ebp+0xfffffdda],ax lea eax,[ebp+0xfffffe90] push eax lea eax,[ebp+0xfffffd3c] push eax call near [DATA_007805] ; FUNC_001680 add esp,byte +0x8 xor eax,eax jmp JUMP_004349 JUMP_004340: ; Pos = 42a6d mov byte [esi+0xc],0xff mov eax,[DATA_009133] push eax movsx eax,byte [esi+0xef] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 push esi mov esi,eax lea edi,[ebp+0xfffffe90] mov ecx,0x54 rep movsd movsw pop esi mov byte [ebp+0xfffffee8],0x0 mov eax,[ebp+0xffffff12] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov ebx,eax mov eax,[ebx+0x38] mov dx,[eax+0x1a] push edx mov ax,[eax+0x18] push eax lea eax,[ebp+0xfffffe90] push eax call FUNC_001053 add esp,byte +0xc xor eax,eax jmp JUMP_004349 JUMP_004341: ; Pos = 42ad5 mov byte [esi+0xc],0xff mov eax,[esi+0xc8] cmp byte [eax+0x57],0x0 jz JUMP_004342 lea eax,[ebp+0xfffffe90] push eax call near [DATA_007804] ; FUNC_001679 pop ecx JUMP_004342: ; Pos = 42af3 mov al,[esi+0xc0] mov [esi+0x7e],al mov eax,[ebx+0x38] mov dx,[eax+0x1a] push edx mov ax,[eax+0x18] push eax lea eax,[ebp+0xfffffe90] push eax call FUNC_001053 add esp,byte +0xc xor eax,eax jmp JUMP_004349 JUMP_004343: ; Pos = 42b1f mov byte [esi+0xc],0xff mov eax,[ebp+0xfffffea8] mov edx,eax neg eax mov [ebp+0xfffffea8],eax mov eax,[ebp+0xfffffeac] mov edx,eax neg eax mov [ebp+0xfffffeac],eax mov eax,[ebp+0xfffffeb0] mov edx,eax neg eax mov [ebp+0xfffffeb0],eax mov eax,[ebp+0xfffffe90] mov edx,eax neg eax mov [ebp+0xfffffe90],eax mov eax,[ebp+0xfffffe94] mov edx,eax neg eax mov [ebp+0xfffffe94],eax mov eax,[ebp+0xfffffe98] mov edx,eax neg eax mov [ebp+0xfffffe98],eax mov byte [esi+0x7e],0x0 mov eax,[ebx+0x38] mov dx,[eax+0x1a] push edx mov ax,[eax+0x18] push eax lea eax,[ebp+0xfffffe90] push eax call FUNC_001053 add esp,byte +0xc xor eax,eax jmp JUMP_004349 JUMP_004344: ; Pos = 42baa mov byte [esi+0xc],0xff cmp byte [esi+0x3f53],0x0 jz near JUMP_004345 mov byte [esi+0x7e],0x0 mov eax,[esi+0x128] push eax lea eax,[ebp+0xfffffe90] push eax lea eax,[ebp+0xfffffea8] push eax call near [DATA_007745] ; FUNC_001513 add esp,byte +0xc mov eax,[esi+0x12c] push eax lea eax,[ebp+0xfffffea8] push eax lea eax,[ebp+0xfffffe9c] push eax call near [DATA_007745] ; FUNC_001513 add esp,byte +0xc mov eax,[esi+0x130] sar eax,0x10 mov ecx,eax mov edx,[ebp+0xfffffea8] sar edx,0x10 imul ecx,edx sar ecx,0x7 mov [ebp+0xfffffd18],ecx mov ebx,eax mov ecx,[ebp+0xfffffeac] sar ecx,0x10 imul ebx,ecx sar ebx,0x7 mov [ebp+0xfffffd1c],ebx mov ebx,[ebp+0xfffffeb0] sar ebx,0x10 imul eax,ebx sar eax,0x7 mov [ebp+0xfffffd20],eax neg edx mov [ebp+0xfffffd0c],edx neg ecx mov [ebp+0xfffffd10],ecx mov eax,[ebp+0xfffffeb0] sar eax,0x10 neg eax mov [ebp+0xfffffd14],eax mov dword [ebp-0x10],0xa xor eax,eax mov [ebp-0xc],eax mov eax,[ebp+0xfffffd20] push eax mov eax,[ebp+0xfffffd1c] push eax mov eax,[ebp+0xfffffd18] push eax lea eax,[ebp+0xfffffe90] push eax call FUNC_001052 add esp,byte +0x10 xor eax,eax jmp JUMP_004349 JUMP_004345: ; Pos = 42c9f mov eax,[DATA_007272] mov [ebp-0x18],eax mov eax,[DATA_007273] mov [ebp-0x14],eax mov byte [esi+0xc],0xff mov eax,[esi+0x128] push eax lea eax,[ebp+0xfffffe90] push eax lea eax,[ebp+0xfffffea8] push eax call near [DATA_007745] ; FUNC_001513 add esp,byte +0xc mov eax,[esi+0x12c] push eax lea eax,[ebp+0xfffffea8] push eax lea eax,[ebp+0xfffffe9c] push eax call near [DATA_007745] ; FUNC_001513 add esp,byte +0xc mov byte [esi+0x7e],0x0 mov eax,[esi+0x130] sar eax,0x10 mov edx,eax mov ecx,[ebp+0x8] mov ecx,[ecx+0x18] sar ecx,0x10 imul edx,ecx sar edx,0x7 mov [ebp+0xfffffd00],edx mov edx,eax mov ecx,[ebp+0x8] mov ecx,[ecx+0x1c] sar ecx,0x10 imul edx,ecx sar edx,0x7 mov [ebp+0xfffffd04],edx mov edx,eax mov eax,[ebp+0x8] mov eax,[eax+0x20] sar eax,0x10 imul edx,eax sar edx,0x7 mov [ebp+0xfffffd08],edx mov eax,[ebp+0xfffffea8] sar eax,0x10 neg eax mov [ebp+0xfffffcf4],eax mov eax,[ebp+0xfffffeac] sar eax,0x10 neg eax mov [ebp+0xfffffcf8],eax mov eax,[ebp+0xfffffeb0] sar eax,0x10 neg eax mov [ebp+0xfffffcfc],eax mov dword [ebp-0x18],0xa push edx mov eax,[ebp+0xfffffd04] push eax mov eax,[ebp+0xfffffd00] push eax lea eax,[ebp+0xfffffe90] push eax call FUNC_001052 add esp,byte +0x10 xor eax,eax jmp JUMP_004349 JUMP_004346: ; Pos = 42da2 cmp byte [esi+0xea],0x2 jnz JUMP_004347 mov edx,[ebx+0x38] movsx eax,word [edx+0x28] movsx edx,word [edx+0x2a] add edx,byte +0x3e jmp short JUMP_004348 JUMP_004347: ; Pos = 42dbb mov edx,[ebx+0x38] movsx eax,word [edx+0x2c] movsx edx,word [edx+0x2e] add edx,byte -0x3e JUMP_004348: ; Pos = 42dc9 mov ebx,[ebp+0xfffffea8] sar ebx,0x10 imul ebx,eax mov ecx,[ebp+0xfffffe9c] sar ecx,0x10 imul ecx,edx add ebx,ecx sar ebx,0xc mov ecx,[ebp+0xfffffeac] sar ecx,0x10 imul ecx,eax mov edi,[ebp+0xfffffea0] sar edi,0x10 imul edi,edx add ecx,edi sar ecx,0xc mov [ebp-0x1c],ecx mov edi,[ebp+0xfffffeb0] sar edi,0x10 imul edi,eax mov eax,[ebp+0xfffffea4] sar eax,0x10 imul edx add edi,eax sar edi,0xc mov byte [esi+0x7e],0x0 movsx eax,word [esi+0x204] push eax lea eax,[ebp+0xfffffe90] push eax lea eax,[ebp+0xfffffea8] push eax call near [DATA_007745] ; FUNC_001513 add esp,byte +0xc movsx eax,word [esi+0x206] push eax lea eax,[ebp+0xfffffea8] push eax lea eax,[ebp+0xfffffe9c] push eax call near [DATA_007745] ; FUNC_001513 add esp,byte +0xc mov eax,[ebp+0xfffffea8] sar eax,0x10 mov [esi+0x208],ax mov eax,[ebp+0xfffffeac] sar eax,0x10 mov [esi+0x20a],ax mov eax,[ebp+0xfffffeb0] sar eax,0x10 mov [esi+0x20c],ax push edi mov eax,[ebp-0x1c] push eax push ebx lea eax,[ebp+0xfffffe90] push eax call FUNC_001052 add esp,byte +0x10 xor eax,eax JUMP_004349: ; Pos = 42eab pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001055: ; Pos = 42eb4 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_001056 pop ecx pop ebp ret FUNC_001056: ; Pos = 42ec4 push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov esi,DATA_008804 mov edx,DATA_007691 cmp byte [DATA_008630],0x0 jnl near JUMP_004366 cmp byte [esi+0xea],0x4 jnz near JUMP_004366 cmp byte [edx+0x38],0x0 jz near JUMP_004366 cmp byte [DATA_007691+0xcb], 0 jnz .nocentrex cmp byte [DATA_007691+0xcd], 0 jnz .nocentrex mov dword [esi+0x128], 0 jmp .endofxinput .nocentrex: push dword 0xcb call FUNC_CalcKeyInputNoPause pop ecx add eax, [esi+0x128] and eax, 0xffff mov [esi+0x128], eax push dword 0xcd call FUNC_CalcKeyInputNoPause pop ecx sub eax, [esi+0x128] neg eax and eax, 0xffff mov [esi+0x128], eax .endofxinput: cmp byte [DATA_007691+0xc8], 0 jnz .nocentrey cmp byte [DATA_007691+0xd0], 0 jnz .nocentrey mov dword [esi+0x12c], 0 jmp .endofyinput .nocentrey: push dword 0xc8 call FUNC_CalcKeyInputNoPause pop ecx add eax, [esi+0x12c] and eax, 0xffff mov [esi+0x12c], eax push dword 0xd0 call FUNC_CalcKeyInputNoPause pop ecx sub eax, [esi+0x12c] neg eax and eax, 0xffff mov [esi+0x12c], eax .endofyinput: mov al, byte [DATA_007691+0x4e] and al, byte [DATA_007691+0xd] test al, al jnz .nocentrez mov al, byte [DATA_007691+0x4a] and al, byte [DATA_007691+0xc] test al, al jnz .nocentrez mov dword [esi+0x130], 0xff400000 jmp JUMP_004366 .nocentrez: push byte 0x4e call FUNC_CalcKeyInputNoPause pop ecx push eax push byte 0xd call FUNC_CalcKeyInputNoPause pop ecx pop ecx add ecx, eax cmp ecx, 0 jz JUMP_004363 shl ecx,0xa push ecx mov ecx,[esi+0x130] pop ebx sub ecx,ebx mov [esi+0x130],ecx test ecx,ecx jl JUMP_004363 mov dword [esi+0x130],0x80000001 JUMP_004363: ; Pos = 4303c push byte 0x4a call FUNC_CalcKeyInputNoPause pop ecx push eax push byte 0xc call FUNC_CalcKeyInputNoPause pop ecx pop ecx add eax, ecx cmp eax, 0 jz JUMP_004366 shl eax,0xa add eax,[esi+0x130] mov [esi+0x130],eax mov eax,[esi+0xc8] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov edx,eax mov eax,[edx+0x1c] and eax,0xffff mov edx,[edx+0x14] add edx,byte +0x8 test edx,edx jz JUMP_004364 mov ecx,edx shl eax,cl JUMP_004364: ; Pos = 4307d neg eax mov edx,[esi+0x130] test edx,edx jnl JUMP_004365 cmp eax,edx jg JUMP_004366 JUMP_004365: ; Pos = 4308d mov [esi+0x130],eax JUMP_004366: ; Pos = 43093 cmp byte [esi+0xe8],0x2a jz JUMP_004367 mov eax,[ebp+0x8] push eax call FUNC_001040 pop ecx JUMP_004367: ; Pos = 430a6 call near [DATA_007672] ; FUNC_001414_GuiGetLastAction xor ebx,ebx mov bl,al test ebx,ebx setz al and eax,byte +0x1 test eax,eax jnz near JUMP_004431 mov eax,ebx cmp eax,byte +0x64 jg JUMP_004368 jz near JUMP_004379 ; 0x64 - 'd' camera, mining machine cmp eax,byte +0x3b ; 0x3b - ';' extra ECM key jz near JUMP_004375 cmp eax,byte +0x2 ; 0x2 - Insert (inc. numpad) extra ECM key jz near JUMP_004375 add eax,byte -0x10 sub eax,byte +0xa jc JUMP_004373 ; 0x10-0x19 sub eax,byte +0x15 jz near JUMP_004378 ; 0x2f - '/' radar mapper sub eax,byte +0x33 jz near JUMP_004377 ; 0x62 - 'b' energy bomb dec eax jz near JUMP_004380 ; 0x63 - 'c' centre galactic map jmp JUMP_004382 JUMP_004368: ; Pos = 430f3 cmp eax,byte +0x66 ; 0x66 - 'f' FPS counter jnz .notfps xor dword [fpsEnabled], 1 jmp JUMP_004431 .notfps: sub eax,byte +0x65 ; 0x65 - 'e' ECM jz JUMP_004375 sub eax,byte +0x8 ; 0x6d - 'm' launch missile jz JUMP_004369 sub eax,byte +0xb ; 0x78 - 'x' escape capsule jz JUMP_004376 jmp JUMP_004382 JUMP_004369: ; Pos = 43107 xor eax,eax mov edx,[esi+0xc8] add edx,0xd6 JUMP_004370: ; Pos = 43115 cmp byte [edx],0x0 jz JUMP_004371 lea ebx,[eax+0x10] jmp short JUMP_004372 JUMP_004371: ; Pos = 4311f inc eax inc edx cmp eax,byte +0xa jl JUMP_004370 JUMP_004372: ; Pos = 43126 cmp ebx,byte +0x6d jz near JUMP_004382 JUMP_004373: ; Pos = 4312f lea eax,[ebx-0xf] movsx edx,byte [esi+0xc4] cmp eax,edx jz JUMP_004374 add bl,0xf1 mov [esi+0xc4],bl JUMP_004374: ; Pos = 43146 call FUNC_001096 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx jmp JUMP_004431 JUMP_004375: ; Pos = 43158 mov eax,[ebp+0x8] push eax call FUNC_000935 pop ecx push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx jmp JUMP_004431 JUMP_004376: ; Pos = 4316f mov eax,[esi+0xc8] push eax call FUNC_001098 pop ecx push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx jmp JUMP_004431 JUMP_004377: ; Pos = 43189 mov eax,[ebp+0x8] push eax call FUNC_000937 pop ecx call FUNC_001119 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx jmp JUMP_004431 JUMP_004378: ; Pos = 431a5 xor byte [esi+0xe9],0x40 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx jmp JUMP_004431 JUMP_004379: ; Pos = 431b9 mov eax,[ebp+0x8] push eax call FUNC_001122 pop ecx push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx jmp JUMP_004431 JUMP_004380: ; Pos = 431d0 cmp byte [DATA_008630],0x0 jnl JUMP_004382 mov eax,[ebp+0x8] test byte [eax+0xc9],0x8 jz JUMP_004382 cmp word [esi+0x174],byte +0x0 jz JUMP_004382 push byte +0x20 mov eax,[esi+0xc8] push eax call FUNC_000291 add esp,byte +0x8 test eax,eax jz JUMP_004381 mov dword [eax+0x82],0xa4 xor edx,edx mov dl,[eax+0x86] mov [DATA_007253],edx mov eax,[DATA_007758] mov byte [eax+edx],0x2b push dword FUNC_001057 mov eax,[DATA_009133] push eax call FUNC_000990 add esp,byte +0x8 JUMP_004381: ; Pos = 43238 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx jmp JUMP_004431 JUMP_004382: ; Pos = 43245 cmp byte [DATA_008630],0x0 jl JUMP_004383 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx jmp JUMP_004431 JUMP_004383: ; Pos = 4325b mov eax,[esi+0xc8] test byte [eax+0xc8],0x20 jz near JUMP_004391 cmp ebx,0xd1 jl near JUMP_004391 cmp ebx,0xe2 jg near JUMP_004391 lea edi,[ebx+0xffffff30] mov ebx,0x72 mov eax,[DATA_009133] lea edx,[eax+0x9844] mov eax,[DATA_009133] add eax,byte +0x72 jmp short JUMP_004386 JUMP_004384: ; Pos = 432a6 cmp byte [eax],0x0 jz JUMP_004385 test byte [edx],0x10 jz JUMP_004385 dec edi test edi,edi jz JUMP_004387 JUMP_004385: ; Pos = 432b5 dec ebx add edx,0xfffffeae dec eax JUMP_004386: ; Pos = 432bd test ebx,ebx jng JUMP_004387 test edi,edi jnz JUMP_004384 JUMP_004387: ; Pos = 432c5 lea eax,[ebx+ebx*4] lea eax,[ebx+eax*4] lea eax,[ebx+eax*8] mov edx,[DATA_009133] mov al,[edx+eax*2+0xfa] mov [esi+0xec],al xor eax,eax mov [DATA_007246],eax mov al,[esi+0xe8] cmp al,0x2 jz JUMP_004388 cmp al,0x28 jnl JUMP_004388 call FUNC_001020 JUMP_004388: ; Pos = 432fb mov al,[esi+0xe8] cmp al,0x2 jnz JUMP_004389 cmp al,0x28 jnl JUMP_004389 mov byte [esi+0xe8],0x0 call FUNC_001020 JUMP_004389: ; Pos = 43315 push byte +0x0 push byte +0x11 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov ebx,0xd1 JUMP_004390: ; Pos = 43326 push ebx call near [DATA_007680] ; FUNC_001443_GuiRemoveHotArea pop ecx inc ebx cmp ebx,0xe3 jl JUMP_004390 mov byte [DATA_007251],0x0 mov byte [DATA_007250],0x0 jmp JUMP_004431 JUMP_004391: ; Pos = 4334a mov eax,ebx cmp eax,0xf6 jg JUMP_004393 jz near JUMP_004397 ; 0xf6 cmp eax,byte +0x74 jg JUMP_004392 jz near JUMP_004424 ; 0x74 - 't' target sub eax,byte +0x9 jz near JUMP_004417 ; 0x9 sub eax,byte +0x63 jz JUMP_004394 ; 0x6c - 'l' text labels sub eax,byte +0x2 jz near JUMP_004405 ; 0x6e - 'n' navcomp jmp JUMP_004430 JUMP_004392: ; Pos = 43380 sub eax,byte +0x75 jz near JUMP_004410 ; 0x75 - 'u' undercarriage sub eax,byte +0x5b jz near JUMP_004428 ; 0xd0 sub eax,byte +0x25 jz near JUMP_004408 ; 0xf5 jmp JUMP_004430 JUMP_004393: ; Pos = 433a0 add eax,0xffffff09 cmp eax,byte +0x8 ja near JUMP_004430 jmp near [eax*4+DATA_000040] SECTION .data DATA_000040: ; Pos = 433b5 dd JUMP_004398 ; 0xf7 dd JUMP_004399 ; 0xf8 dd JUMP_004401 ; 0xf9 dd JUMP_004402 ; 0xfa dd JUMP_004403 ; 0xfb dd JUMP_004404 ; 0xfc dd JUMP_004430 ; 0xfd dd JUMP_004430 ; 0xfe dd JUMP_004414 ; 0xff SECTION .text JUMP_004394: ; Pos = 433d9 xor byte [esi+0xe9],0x4 test byte [esi+0xe9],0x4 jz JUMP_004395 push byte +0x1 push byte +0x10 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_004396 JUMP_004395: ; Pos = 433f7 push byte +0x0 push byte +0x10 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 JUMP_004396: ; Pos = 43403 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx jmp JUMP_004431 JUMP_004397: ; Pos = 43410 push byte +0x1 push byte +0x18 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov byte [esi+0xea],0x0 jmp JUMP_004431 JUMP_004398: ; Pos = 43428 push byte +0x1 push byte +0x17 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov byte [esi+0xea],0x1 jmp JUMP_004431 JUMP_004399: ; Pos = 43440 mov eax,[esi+0xc8] cmp byte [eax+0xd1],0x2 jng near JUMP_004431 mov byte [esi+0xea],0x2 cmp word [esi+0x206],byte +0x0 jl JUMP_004400 inc byte [esi+0xea] JUMP_004400: ; Pos = 4346a push byte +0x1 push byte +0x16 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_004431 JUMP_004401: ; Pos = 4347b push byte +0x1 push byte +0x15 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov byte [esi+0xea],0x4 jmp JUMP_004431 JUMP_004402: ; Pos = 43493 cmp byte [esi+0xef],0x0 jz near JUMP_004431 mov eax,[esi+0xc8] test byte [eax+0xc9],0x2 jz near JUMP_004431 push byte +0x1 push byte +0x14 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov byte [esi+0xea],0x5 jmp JUMP_004431 JUMP_004403: ; Pos = 434cb mov eax,[esi+0xc8] test byte [eax+0xc8],0x40 jz near JUMP_004431 mov byte [esi+0xea],0x6 mov eax,0x320 mov [DATA_007270],eax mov [DATA_007269],eax xor eax,eax mov [DATA_007271],eax push byte +0x1 push byte +0x13 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_004431 JUMP_004404: ; Pos = 4350c mov eax,[esi+0xc8] push eax call FUNC_001098 pop ecx push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx jmp JUMP_004431 JUMP_004405: ; Pos = 43526 mov eax,[esi+0xc8] test byte [eax+0xc8],0x20 jz near JUMP_004431 movsx eax,byte [DATA_007250] cmp eax,byte +0x1 sbb eax,eax neg eax mov [DATA_007250],al test al,al jz JUMP_004406 push byte +0x1 push byte +0x11 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp JUMP_004431 JUMP_004406: ; Pos = 43561 push byte +0x0 push byte +0x11 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov ebx,0xd1 JUMP_004407: ; Pos = 43572 push ebx call near [DATA_007680] ; FUNC_001443_GuiRemoveHotArea pop ecx inc ebx cmp ebx,0xe3 jl JUMP_004407 mov byte [DATA_007251],0x0 jmp JUMP_004431 JUMP_004408: ; Pos = 4358f xor eax,eax mov [DATA_007246],eax xor eax,eax mov [DATA_007247],eax xor eax,eax mov [esi+0x489a],eax test byte [esi+0xe9],0x8 jnz JUMP_004409 call FUNC_001120 jmp JUMP_004431 JUMP_004409: ; Pos = 435b8 call FUNC_001117 jmp JUMP_004431 JUMP_004410: ; Pos = 435c2 mov eax,[esi+0xc8] cmp byte [eax+0xff],0x24 jz JUMP_004413 xor byte [esi+0xe9],0x2 and word [esi+0xc6],0xfffd test byte [esi+0xe9],0x2 jz JUMP_004411 push byte +0x0 push byte +0x38 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x46 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_004412 JUMP_004411: ; Pos = 43604 push byte +0x1 push byte +0x38 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x1 push byte +0x46 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 JUMP_004412: ; Pos = 4361c call FUNC_001116 push byte +0xc call FUNC_001906_SoundPlaySample pop ecx JUMP_004413: ; Pos = 43629 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx jmp JUMP_004431 JUMP_004414: ; Pos = 43636 test byte [esi+0xe9],0x8 jz JUMP_004415 call FUNC_001060 jmp JUMP_004431 JUMP_004415: ; Pos = 43649 call FUNC_001058 cmp byte [esi+0xe8],0x2 jnz JUMP_004416 mov byte [esi+0xe8],0x0 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_004416: ; Pos = 4366c call FUNC_001116 jmp JUMP_004431 JUMP_004417: ; Pos = 43676 mov al,[esi+0xe8] cmp al,0x28 jl near JUMP_004420 cmp al,0x2e jl near JUMP_004431 cmp al,0x30 jnz JUMP_004419 mov eax,[esi+0x5030] cmp eax,[esi+0x502c] jz JUMP_004418 mov dword [ebp-0x30],0x9938 mov edx,[esi+0xcc] mov [ebp-0x14],edx mov dword [ebp-0x18],0xffffffff mov [ebp-0x2c],eax lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx jmp JUMP_004431 JUMP_004418: ; Pos = 436c7 cmp dword [esi+0xf0],byte +0x0 jnz JUMP_004419 mov eax,[esi+0xcc] push eax push byte +0x1 call FUNC_000237 add esp,byte +0x8 movzx eax,word [esi+0x43c] cmp dword [esi+eax*4+0x50f8],0x1388 jng JUMP_004419 mov eax,[esi+0xcc] push eax push byte +0x2 call FUNC_000237 add esp,byte +0x8 JUMP_004419: ; Pos = 43706 mov byte [esi+0xe8],0x24 and word [esi+0xc6],0xffef call FUNC_001119 mov eax,[esi+0xc8] mov byte [eax+0xff],0x0 movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc call FUNC_001116 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp JUMP_004431 JUMP_004420: ; Pos = 4375c cmp byte [esi+0xe8],0x24 jnz JUMP_004421 mov byte [esi+0xe8],0x26 mov eax,[esi+0xc8] mov byte [eax+0xff],0x0 movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc call FUNC_001116 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp JUMP_004431 JUMP_004421: ; Pos = 437ad cmp byte [esi+0xe8],0x2 jz JUMP_004423 xor byte [esi+0xe9],0x1 test byte [esi+0xe9],0x1 jnz JUMP_004422 call FUNC_001020 jmp JUMP_004431 JUMP_004422: ; Pos = 437d0 call FUNC_001116 push byte +0x14 call FUNC_001906_SoundPlaySample pop ecx test byte [esi+0xe9],0x0 jz near JUMP_004431 call FUNC_001020 jmp JUMP_004431 JUMP_004423: ; Pos = 437f4 call FUNC_001018 jmp JUMP_004431 JUMP_004424: ; Pos = 437fe mov eax,[esi+0xc8] test byte [eax+0xc8],0x80 jz near JUMP_004431 test byte [esi+0xe9],0x8 jz JUMP_004426 cmp dword [DATA_007247],byte +0x0 jz JUMP_004425 xor eax,eax mov [DATA_007247],eax call FUNC_001120 jmp short JUMP_004431 JUMP_004425: ; Pos = 43831 mov dword [DATA_007247],0x1 mov al,[esi+0xed] mov [DATA_007249],al jmp short JUMP_004431 JUMP_004426: ; Pos = 43848 cmp dword [DATA_007246],byte +0x0 jz JUMP_004427 xor eax,eax mov [DATA_007246],eax call FUNC_001116 jmp short JUMP_004431 JUMP_004427: ; Pos = 4385f mov dword [DATA_007246],0x1 mov al,[esi+0xec] mov [DATA_007248],al cmp byte [esi+0xe8],0x2 jnz JUMP_004431 JUMP_004428: ; Pos = 4387d cmp byte [esi+0xe8],0x2 jz JUMP_004429 call FUNC_001020 jmp short JUMP_004431 JUMP_004429: ; Pos = 4388d call FUNC_001018 jmp short JUMP_004431 JUMP_004430: ; Pos = 43894 push ebx call near [DATA_007673] ; FUNC_001415_GuiSetLastAction pop ecx JUMP_004431: ; Pos = 4389c pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001057: ; Pos = 438a4 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov esi,[ebx+0x82] cmp esi,byte +0x6 jc JUMP_004432 cmp esi,byte +0xb ja JUMP_004432 xor eax,eax mov al,[ebx+0xfe] cmp eax,[DATA_008857] jnz JUMP_004432 call near [DATA_007752] ; FUNC_001530 test ah,0x10 jz JUMP_004432 mov al,[DATA_007253] mov [ebx+0xfe],al JUMP_004432: ; Pos = 438e2 pop esi pop ebx pop ebp ret FUNC_001058: ; Pos = 438e8 push ebp mov ebp,esp cmp word [DATA_008833],0x9e jnl JUMP_004433 mov byte [DATA_008876],0x0 push dword FUNC_001065 mov eax,[DATA_009133] push eax call FUNC_000989 add esp,byte +0x8 cmp byte [DATA_008876],0x0 jnz JUMP_004433 mov byte [DATA_008874],0x0 JUMP_004433: ; Pos = 43920 pop ebp ret FUNC_001059: ; Pos = 43924 push ebp mov ebp,esp push ebx push esi mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ecx,DATA_008804 cmp byte [ecx+0xee],0x0 jnz near JUMP_004438 mov ebx,eax add ebx,byte -0x3 movsx esi,word [ecx+0x6c] sub ebx,esi js JUMP_004434 mov ebx,eax add ebx,byte -0x3 movsx esi,word [ecx+0x6c] sub ebx,esi jmp short JUMP_004435 JUMP_004434: ; Pos = 4395b mov ebx,eax add ebx,byte -0x3 movsx eax,word [ecx+0x6c] sub ebx,eax neg ebx JUMP_004435: ; Pos = 43968 mov eax,edx add eax,byte +0x4 movsx esi,word [ecx+0x6e] sub eax,esi js JUMP_004436 mov eax,edx add eax,byte +0x4 movsx esi,word [ecx+0x6e] sub eax,esi jmp short JUMP_004437 JUMP_004436: ; Pos = 43982 mov eax,edx add eax,byte +0x4 movsx edx,word [ecx+0x6e] sub eax,edx neg eax JUMP_004437: ; Pos = 4398f add ebx,eax cmp ebx,byte +0x6 jg JUMP_004438 mov eax,[ebp+0x8] mov al,[eax+0x86] xor edx,edx mov dl,al movsx ebx,byte [ecx+0xed] cmp edx,ebx jz JUMP_004438 mov byte [ecx+0xee],0xff mov [ecx+0xed],al push byte +0x15 call FUNC_001906_SoundPlaySample pop ecx JUMP_004438: ; Pos = 439c3 pop esi pop ebx pop ebp ret FUNC_001060: ; Pos = 439c8 push ebp mov ebp,esp cmp word [DATA_008833],0x9e jnl JUMP_004440 mov byte [DATA_008876],0x0 push dword FUNC_001059 mov eax,[DATA_009133] push eax call FUNC_000989 add esp,byte +0x8 cmp byte [DATA_008876],0x0 jnz JUMP_004439 mov byte [DATA_008875],0x0 pop ebp ret JUMP_004439: ; Pos = 43a02 xor eax,eax mov [DATA_007247],eax JUMP_004440: ; Pos = 43a09 pop ebp ret FUNC_001061: ; Pos = 43a0c push ebp mov ebp,esp push ebx mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ecx,[ebp+0x8] cmp byte [DATA_008876],0x0 jnz JUMP_004445 mov ebx,eax add ebx,0xffffff5d test ebx,ebx jl JUMP_004441 mov ebx,eax add ebx,0xffffff5d jmp short JUMP_004442 JUMP_004441: ; Pos = 43a38 mov ebx,eax add ebx,0xffffff5d neg ebx JUMP_004442: ; Pos = 43a42 mov eax,edx add eax,byte -0x4b test eax,eax jl JUMP_004443 mov eax,edx add eax,byte -0x4b jmp short JUMP_004444 JUMP_004443: ; Pos = 43a52 mov eax,edx add eax,byte -0x4b neg eax JUMP_004444: ; Pos = 43a59 add ebx,eax cmp ebx,byte +0x6 jg JUMP_004445 mov dl,[ecx+0x86] xor eax,eax mov al,dl movsx ebx,byte [DATA_008874] cmp eax,ebx jz JUMP_004445 movsx ebx,byte [DATA_007248] cmp eax,ebx jz JUMP_004445 mov byte [DATA_008876],0xff mov [DATA_008874],dl push byte +0x15 call FUNC_001906_SoundPlaySample pop ecx JUMP_004445: ; Pos = 43a95 pop ebx pop ebp ret FUNC_001062: ; Pos = 43a98 push ebp mov ebp,esp mov byte [DATA_008876],0x0 push dword FUNC_001061 mov eax,[DATA_009133] push eax call FUNC_000989 add esp,byte +0x8 cmp byte [DATA_008876],0x0 jnz JUMP_004446 mov byte [DATA_008874],0x0 pop ebp ret JUMP_004446: ; Pos = 43ac7 xor eax,eax mov [DATA_007246],eax pop ebp ret FUNC_001063: ; Pos = 43ad0 push ebp mov ebp,esp push ebx mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ecx,[ebp+0x8] cmp byte [DATA_008876],0x0 jnz JUMP_004451 mov ebx,eax add ebx,0xffffff5d test ebx,ebx jl JUMP_004447 mov ebx,eax add ebx,0xffffff5d jmp short JUMP_004448 JUMP_004447: ; Pos = 43afc mov ebx,eax add ebx,0xffffff5d neg ebx JUMP_004448: ; Pos = 43b06 mov eax,edx add eax,byte -0x4b test eax,eax jl JUMP_004449 mov eax,edx add eax,byte -0x4b jmp short JUMP_004450 JUMP_004449: ; Pos = 43b16 mov eax,edx add eax,byte -0x4b neg eax JUMP_004450: ; Pos = 43b1d add ebx,eax cmp ebx,byte +0x6 jg JUMP_004451 mov dl,[ecx+0x86] xor eax,eax mov al,dl movsx ebx,byte [DATA_008875] cmp eax,ebx jz JUMP_004451 movsx ebx,byte [DATA_007249] cmp eax,ebx jz JUMP_004451 mov byte [DATA_008876],0xff mov [DATA_008875],dl push byte +0x15 call FUNC_001906_SoundPlaySample pop ecx JUMP_004451: ; Pos = 43b59 pop ebx pop ebp ret FUNC_001064: ; Pos = 43b5c push ebp mov ebp,esp mov byte [DATA_008876],0x0 push dword FUNC_001063 mov eax,[DATA_009133] push eax call FUNC_000989 add esp,byte +0x8 cmp byte [DATA_008876],0x0 jz JUMP_004452 xor eax,eax mov [DATA_007247],eax call FUNC_001120 JUMP_004452: ; Pos = 43b8e pop ebp ret FUNC_001065: ; Pos = 43b90 push ebp mov ebp,esp push ebx push esi mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ecx,DATA_008804 cmp byte [ecx+0xee],0x0 jnz near JUMP_004457 mov ebx,eax add ebx,byte -0x3 movsx esi,word [ecx+0x6c] sub ebx,esi js JUMP_004453 mov ebx,eax add ebx,byte -0x3 movsx esi,word [ecx+0x6c] sub ebx,esi jmp short JUMP_004454 JUMP_004453: ; Pos = 43bc7 mov ebx,eax add ebx,byte -0x3 movsx eax,word [ecx+0x6c] sub ebx,eax neg ebx JUMP_004454: ; Pos = 43bd4 mov eax,edx add eax,byte +0x4 movsx esi,word [ecx+0x6e] sub eax,esi js JUMP_004455 mov eax,edx add eax,byte +0x4 movsx esi,word [ecx+0x6e] sub eax,esi jmp short JUMP_004456 JUMP_004455: ; Pos = 43bee mov eax,edx add eax,byte +0x4 movsx edx,word [ecx+0x6e] sub eax,edx neg eax JUMP_004456: ; Pos = 43bfb add ebx,eax cmp ebx,byte +0x6 jg JUMP_004457 mov eax,[ebp+0x8] mov al,[eax+0x86] xor edx,edx mov dl,al movsx ebx,byte [ecx+0xec] cmp edx,ebx jz JUMP_004457 mov byte [ecx+0xee],0xff mov [ecx+0xec],al push byte +0x15 call FUNC_001906_SoundPlaySample pop ecx JUMP_004457: ; Pos = 43c2f pop esi pop ebx pop ebp ret FUNC_001066: ; Pos = 43c34 push ebp mov ebp,esp add esp,0xfffffe88 push ebx push esi lea ebx,[ebp+0xfffffe88] mov esi,DATA_008804 mov eax,[DATA_009155] shr eax,0x10 push eax mov eax,[esi+0x106] pop edx sub eax,edx mov [esi+0x106],eax test eax,eax jnl JUMP_004458 call FUNC_001094 jmp JUMP_004460 JUMP_004458: ; Pos = 43c70 cmp byte [DATA_008630],0x0 jg near JUMP_004460 mov al,[esi+0xea] sub al,0x1 jc JUMP_004459 mov byte [esi+0xea],0x0 call FUNC_001116 JUMP_004459: ; Pos = 43c93 push byte +0x18 push dword DATA_007274 lea eax,[esi+0x54] push eax call _memcpy add esp,byte +0xc mov byte [ebp-0x23],0x0 mov byte [ebp-0x22],0x0 mov byte [ebp-0x21],0x4 lea eax,[ebp-0x23] push eax call FUNC_001575 pop ecx mov ecx,[esi+0x532c] mov eax,ecx sub eax,[esi+0x106] mov edx,eax lea eax,[edx+eax*8] shl eax,0x4 add eax,edx cdq idiv ecx shl eax,0x8 mov [ebx+0x9c],ax mov dword [ebx+0x82],0xa5 push ebx call FUNC_001093 pop ecx mov dword [ebx+0xa4],0xffffffff mov byte [ebx+0x56],0x0 mov byte [ebx+0x25],0x0 mov byte [ebx+0x57],0x0 xor eax,eax mov [ebx+0x26],eax xor eax,eax mov [ebx+0x2a],eax xor eax,eax mov [ebx+0x2e],eax xor eax,eax mov [ebx+0x32],eax mov dword [ebx+0x36],0x14820 xor eax,eax mov [ebx+0x3a],eax push ebx call near [DATA_007807] ; FUNC_001682 pop ecx JUMP_004460: ; Pos = 43d30 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001067: ; Pos = 43d38 push ebp mov ebp,esp mov eax,[ebp+0xc] push eax push dword 0x1ffff mov eax,[ebp+0x8] push eax call FUNC_001068 add esp,byte +0xc pop ebp ret FUNC_001068: ; Pos = 43d54 push ebp mov ebp,esp mov edx,[ebp+0x10] mov eax,[DATA_008884] sub eax,[DATA_009155] mov [DATA_008884],eax test eax,eax jnl JUMP_004461 mov al,[ebp+0x8] mov [DATA_008870],al mov eax,[ebp+0xc] mov [DATA_008884],eax xor eax,eax mov [edx],eax push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_004462 JUMP_004461: ; Pos = 43d92 mov eax,[DATA_008884] mov [edx],eax JUMP_004462: ; Pos = 43d99 cmp byte [DATA_008630],0x0 jl JUMP_004463 mov eax,0x1 pop ebp ret JUMP_004463: ; Pos = 43da9 xor eax,eax pop ebp ret FUNC_001069: ; Pos = 43db0 push ebp mov ebp,esp push ecx lea eax,[ebp-0x4] push eax push dword 0x18000 push byte +0xe call FUNC_001068 add esp,byte +0xc test eax,eax jnz JUMP_004464 mov eax,[ebp-0x4] sar eax,1 push eax push dword 0x30000 call FUNC_001073 add esp,byte +0x8 JUMP_004464: ; Pos = 43dde pop ecx pop ebp ret FUNC_001070: ; Pos = 43de4 push ebp mov ebp,esp add esp,0xfffffeac push ebx push esi push edi lea ebx,[ebp+0xfffffeac] mov esi,DATA_008804 mov eax,[esi+0xc8] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx cmp byte [DATA_008630],0x0 jnl near JUMP_004468 and byte [esi+0xc],0xfe mov edx,[esi+0xcc] mov ecx,[edx+0xa0] mov [ebx+0xa0],ecx test byte [edx+0x14c],0x20 jz JUMP_004465 xor edx,edx mov [ebx+0xa4],edx jmp short JUMP_004466 JUMP_004465: ; Pos = 43e45 mov dword [ebx+0xa4],0x1 JUMP_004466: ; Pos = 43e4f mov edx,[ebp+0x10] mov [ebx+0x82],edx mov dx,[ebp+0xc] mov [ebx+0x9e],dx mov edx,[ebp+0x14] mov [ebx+0x26],edx mov edx,[eax+0x38] movsx ecx,word [edx+0x1a] shl ecx,0x3 mov edi,[ebp+0x18] sub edi,ecx mov [ebx+0x2e],edi movsx eax,word [edx+0x18] shl eax,0x3 mov edx,[ebp+0x8] sub edx,eax mov [ebx+0x36],edx xor eax,eax mov [ebx+0x2a],eax xor eax,eax mov [ebx+0x32],eax xor eax,eax mov [ebx+0x3a],eax mov eax,[DATA_008803] push eax mov eax,[DATA_008802] push eax push ebx call FUNC_001675_MatBuildYZT add esp,byte +0xc mov al,[esi+0xf4] add al,0x31 mov [ebx+0x124],al mov byte [ebx+0x125],0x0 cmp dword [ebx+0x82],0xea jnz JUMP_004467 mov eax,[esi+0xcc] add eax,0x124 push esi mov edi,eax lea esi,[ebx+0x124] xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb pop esi JUMP_004467: ; Pos = 43f01 mov eax,[esi] shr eax,0xa mov [ebx+0x9c],ax push ebx call near [DATA_007807] ; FUNC_001682 pop ecx JUMP_004468: ; Pos = 43f15 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001071: ; Pos = 43f1c push ebp mov ebp,esp xor eax,eax mov [DATA_008802],eax push byte +0x0 push byte +0x0 mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001070 add esp,byte +0x14 pop ebp ret FUNC_001072: ; Pos = 43f40 push ebp mov ebp,esp push dword 0xea mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001071 add esp,byte +0xc pop ebp ret FUNC_001073: ; Pos = 43f5c push ebp mov ebp,esp mov dword [DATA_008803],0x8000 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001072 add esp,byte +0x8 pop ebp ret FUNC_001074: ; Pos = 43f7c push ebp mov ebp,esp push ecx lea eax,[ebp-0x4] push eax push byte +0x10 call FUNC_001067 add esp,byte +0x8 test eax,eax jnz JUMP_004469 push byte +0x0 mov eax,[ebp-0x4] add eax,eax push eax call FUNC_001073 add esp,byte +0x8 JUMP_004469: ; Pos = 43fa2 pop ecx pop ebp ret FUNC_001075: ; Pos = 43fa8 push ebp mov ebp,esp push ecx lea eax,[ebp-0x4] push eax push byte +0x12 call FUNC_001067 add esp,byte +0x8 test eax,eax jnz JUMP_004470 sar dword [ebp-0x4],0x2 mov eax,[ebp-0x4] and eax,0xffff mov [DATA_008803],eax mov eax,[ebp-0x4] push eax push byte +0x0 call FUNC_001072 add esp,byte +0x8 JUMP_004470: ; Pos = 43fdd pop ecx pop ebp ret FUNC_001076: ; Pos = 43fe0 push ebp mov ebp,esp push ecx lea eax,[ebp-0x4] push eax push byte +0x14 call FUNC_001067 add esp,byte +0x8 test eax,eax jnz JUMP_004471 xor eax,eax mov [DATA_008803],eax mov eax,[ebp-0x4] sar eax,1 and eax,0xffff not eax push eax push byte +0x0 call FUNC_001072 add esp,byte +0x8 JUMP_004471: ; Pos = 44014 pop ecx pop ebp ret FUNC_001077: ; Pos = 44018 push ebp mov ebp,esp push ecx lea eax,[ebp-0x4] push eax mov eax,[ebp+0x8] push eax call FUNC_001067 add esp,byte +0x8 test eax,eax jnz JUMP_004472 xor eax,eax mov [DATA_008803],eax push dword 0xec push byte +0x0 push byte -0x1 call FUNC_001071 add esp,byte +0xc JUMP_004472: ; Pos = 44048 pop ecx pop ebp ret FUNC_001078: ; Pos = 4404c push ebp mov ebp,esp push byte +0x16 call FUNC_001077 pop ecx pop ebp ret FUNC_001079: ; Pos = 4405c push ebp mov ebp,esp xor eax,eax mov [DATA_008803],eax push dword 0xe9 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001071 add esp,byte +0xc pop ebp ret FUNC_001080: ; Pos = 44080 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] xor eax,eax mov [DATA_008803],eax push dword 0xec push ebx push byte +0x0 call FUNC_001071 add esp,byte +0xc xor eax,eax mov [DATA_008803],eax push dword 0xe9 push ebx push dword 0x2ea60 call FUNC_001071 add esp,byte +0xc pop ebx pop ebp ret FUNC_001081: ; Pos = 440bc push ebp mov ebp,esp push ecx lea eax,[ebp-0x4] push eax push dword 0x17530 push byte +0x18 call FUNC_001068 add esp,byte +0xc test eax,eax jnz JUMP_004473 sar dword [ebp-0x4],1 mov eax,[ebp-0x4] push eax call FUNC_001080 pop ecx JUMP_004473: ; Pos = 440e4 pop ecx pop ebp ret FUNC_001082: ; Pos = 440e8 push ebp mov ebp,esp push ecx lea eax,[ebp-0x4] push eax push byte +0x28 call FUNC_001067 add esp,byte +0x8 test eax,eax jnz JUMP_004474 shl dword [ebp-0x4],1 mov eax,[ebp-0x4] push eax mov eax,[ebp-0x4] push eax call FUNC_001079 add esp,byte +0x8 JUMP_004474: ; Pos = 44111 pop ecx pop ebp ret FUNC_001083: ; Pos = 44114 push ebp mov ebp,esp push ecx mov eax,[DATA_008862] mov eax,[eax+0x82] cmp eax,byte +0x45 jz JUMP_004475 cmp eax,byte +0x4f jnz JUMP_004476 JUMP_004475: ; Pos = 4412d mov byte [DATA_008870],0x22 mov dword [DATA_008884],0xffffffff call FUNC_001088 pop ecx pop ebp ret JUMP_004476: ; Pos = 44146 lea eax,[ebp-0x4] push eax push byte +0x1c call FUNC_001067 add esp,byte +0x8 test eax,eax jnz JUMP_004477 mov eax,[ebp-0x4] add eax,eax push eax mov edx,0x2ea60 sub edx,eax push edx call FUNC_001079 add esp,byte +0x8 JUMP_004477: ; Pos = 4416e pop ecx pop ebp ret FUNC_001084: ; Pos = 44174 push ebp mov ebp,esp push ecx lea eax,[ebp-0x4] push eax push byte +0x1e call FUNC_001067 add esp,byte +0x8 test eax,eax jnz JUMP_004478 mov eax,[ebp-0x4] sar eax,1 not eax push eax call FUNC_001080 pop ecx JUMP_004478: ; Pos = 44198 pop ecx pop ebp ret FUNC_001085: ; Pos = 4419c push ebp mov ebp,esp push byte +0x20 call FUNC_001077 pop ecx pop ebp ret FUNC_001086: ; Pos = 441ac push ebp mov ebp,esp mov eax,[ebp+0xc] cmp byte [DATA_008630],0x0 jz JUMP_004481 xor edx,edx mov [DATA_008803],edx test eax,eax jng JUMP_004479 add eax,eax jmp short JUMP_004480 JUMP_004479: ; Pos = 441cb xor eax,eax JUMP_004480: ; Pos = 441cd push byte +0x0 mov edx,0x30000 sub edx,eax neg edx push edx call FUNC_001072 add esp,byte +0x8 JUMP_004481: ; Pos = 441e1 pop ebp ret FUNC_001087: ; Pos = 441e4 push ebp mov ebp,esp push ecx lea eax,[ebp-0x4] push eax push dword 0x18000 push byte +0x22 call FUNC_001068 add esp,byte +0xc test eax,eax jnz JUMP_004482 xor eax,eax mov [DATA_008803],eax mov eax,[ebp-0x4] sar eax,1 push eax push byte +0x0 call FUNC_001072 add esp,byte +0x8 JUMP_004482: ; Pos = 44216 pop ecx pop ebp ret FUNC_001088: ; Pos = 4421c push ebp mov ebp,esp push ebx push esi push edi mov ebx,DATA_008804 mov eax,[ebx+0x106] sub eax,[DATA_009155] mov [ebx+0x106],eax test eax,eax jg near JUMP_004489 push byte +0x22 call FUNC_001906_SoundPlaySample pop ecx push byte +0x13 call FUNC_001906_SoundPlaySample pop ecx mov eax,[ebx+0xcc] test byte [eax+0x14c],0x20 jnz near JUMP_004487 mov byte [ebx+0xe8],0x36 mov eax,[ebx+0xc8] mov byte [eax+0xff],0x0 movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc mov eax,[ebx+0xc8] mov edx,[ebx] mov [eax+0xa8],edx mov edx,[ebx+0x4] mov [eax+0xac],edx xor edx,edx mov [eax+0x42],edx xor edx,edx mov [eax+0x4a],edx xor edx,edx mov [eax+0x52],edx xor edx,edx mov [eax+0x3e],edx xor edx,edx mov [eax+0x46],edx mov dword [eax+0x4e],0x10000 mov byte [eax+0x25],0x0 mov byte [eax+0x57],0x1 push eax call FUNC_001042 pop ecx mov eax,[ebx+0xc8] push eax call FUNC_001093 pop ecx mov eax,[ebx+0xcc] mov eax,[eax+0x82] cmp eax,byte +0x45 jz JUMP_004483 cmp eax,byte +0x4f jnz JUMP_004484 JUMP_004483: ; Pos = 442f5 mov eax,[ebx+0xc8] neg dword [eax] neg dword [eax+0x20] mov dword [ebx+0x1b8],0xfffff4a3 jmp short JUMP_004485 JUMP_004484: ; Pos = 4430c mov dword [ebx+0x1b8],0xb5d JUMP_004485: ; Pos = 44316 call near [DATA_007682] ; FUNC_001445_GuiGetXYAccum mov [ebx+0xd0],eax mov eax,[ebx+0xcc] mov byte [eax+0xc9],0xff mov word [eax+0x9e],0xffff mov edx,[ebx+0x106] push edx push eax call FUNC_001086 add esp,byte +0x8 cmp byte [DATA_008630],0x0 jnl JUMP_004486 or byte [ebx+0xc],0x1 JUMP_004486: ; Pos = 44355 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp JUMP_004488 JUMP_004487: ; Pos = 44368 mov byte [ebx+0xe8],0x38 mov eax,[ebx+0xc8] mov byte [eax+0xff],0x0 movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc mov edx,[ebx+0xcc] mov eax,[ebx+0xc8] lea esi,[edx+0x3e] lea edi,[eax+0x3e] mov ecx,0x6 rep movsd mov edx,[ebx+0xcc] mov esi,edx mov edi,eax mov ecx,0x9 rep movsd push eax call near [DATA_007719] ; FUNC_001520 pop ecx mov eax,[ebx+0xc8] push eax call FUNC_001042 pop ecx call FUNC_001116 mov eax,[ebx+0xc8] mov byte [eax+0x57],0x1 call near [DATA_007682] ; FUNC_001445_GuiGetXYAccum mov [ebx+0xd0],eax mov eax,[ebx+0xcc] mov byte [eax+0xc9],0xff mov word [eax+0x9e],0xffff mov edx,[ebx+0x106] push edx push eax call FUNC_001086 add esp,byte +0x8 cmp byte [DATA_008630],0x0 jnl JUMP_004488 or byte [ebx+0xc],0x1 JUMP_004488: ; Pos = 4441d push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc jmp short JUMP_004490 JUMP_004489: ; Pos = 4442d mov eax,[ebx+0x106] push eax mov eax,[ebx+0xcc] push eax call FUNC_001086 add esp,byte +0x8 JUMP_004490: ; Pos = 44443 pop edi pop esi pop ebx pop ebp ret FUNC_001089: ; Pos = 44448 push ebp mov ebp,esp mov eax,[DATA_008862] cmp word [eax+0x9e],byte +0x0 jnz JUMP_004491 mov byte [DATA_008870],0x26 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_004491: ; Pos = 4446f mov eax,[DATA_008861] push eax call FUNC_001056 pop ecx cmp byte [DATA_008630],0x0 jnl JUMP_004492 mov eax,[DATA_008861] push eax call FUNC_001054 pop ecx JUMP_004492: ; Pos = 44490 pop ebp ret FUNC_001090: ; Pos = 44494 push ebp mov ebp,esp mov eax,[DATA_008862] cmp word [eax+0x9e],byte +0x0 jnz JUMP_004493 mov byte [DATA_008870],0x24 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_004493: ; Pos = 444bb mov eax,[DATA_008861] push eax call FUNC_001056 pop ecx cmp byte [DATA_008630],0x0 jnl JUMP_004494 mov eax,[DATA_008861] push eax call FUNC_001054 pop ecx JUMP_004494: ; Pos = 444dc pop ebp ret FUNC_001091: ; Pos = 444e0 push ebp mov ebp,esp push byte +0x0 push byte +0x5 call FUNC_000148 add esp,byte +0x8 call FUNC_001903_SoundStopSong ; FIX: Docking => laser invulnerability ; Unfixed - actual bug in F381 mov eax,[DATA_008861] movzx eax,byte [eax+0x86] mov edx,[DATA_007758] mov byte [edx+eax],0x4b mov byte [DATA_008874],0x0 mov byte [DATA_008870],0x2a call FUNC_001116 call FUNC_001092 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc pop ebp ret FUNC_001092: ; Pos = 44534 push ebp mov ebp,esp push ebx mov ebx,DATA_008804 cmp byte [ebx+0x3f60],0x0 jz JUMP_004495 push byte +0x8 push byte +0xf call FUNC_001908_SoundPlaySampleLinVol add esp,byte +0x8 JUMP_004495: ; Pos = 44552 mov eax,[ebx+0xc8] mov byte [eax+0xff],0x24 movzx eax,byte [eax+0x86] push eax push byte +0x0 push byte +0x17 call FUNC_000048 add esp,byte +0xc mov eax,[ebx+0xc8] push eax call FUNC_001055 pop ecx cmp byte [DATA_008630],0x0 jnl JUMP_004498 xor eax,eax mov [DATA_008803],eax mov eax,[ebx+0xcc] mov eax,[eax+0x82] cmp eax,byte +0x45 jz JUMP_004496 cmp eax,byte +0x4f jnz JUMP_004497 JUMP_004496: ; Pos = 445a6 mov dword [DATA_008803],0x8000 push eax push byte +0x0 push byte +0x0 call FUNC_001071 add esp,byte +0xc pop ebx pop ebp ret JUMP_004497: ; Pos = 445c0 push dword 0xe9 push byte +0x0 push byte +0x0 call FUNC_001071 add esp,byte +0xc JUMP_004498: ; Pos = 445d1 pop ebx pop ebp ret FUNC_001093: ; Pos = 445d4 push ebp mov ebp,esp mov eax,[ebp+0x8] mov dword [eax],0x7f000000 xor edx,edx mov [eax+0xc],edx xor edx,edx mov [eax+0x18],edx xor edx,edx mov [eax+0x4],edx mov dword [eax+0x10],0x7f000000 xor edx,edx mov [eax+0x1c],edx xor edx,edx mov [eax+0x8],edx xor edx,edx mov [eax+0x14],edx mov dword [eax+0x20],0x7f000000 pop ebp ret FUNC_001094: ; Pos = 44610 push ebp mov ebp,esp add esp,byte -0x28 push ebx push esi push edi mov esi,DATA_008804 mov byte [esi+0xe8],0x0 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc call near [DATA_004920] ; FUNC_000217_SysMenuPlayTime cmp byte [DATA_008630],0x0 jnl JUMP_004499 mov ax,[DATA_007275] mov [ebp-0x27],ax mov al,[DATA_007276] mov [ebp-0x25],al lea eax,[ebp-0x27] push eax call FUNC_001575 pop ecx mov byte [esi+0xc],0xff call FUNC_001116 JUMP_004499: ; Pos = 44669 mov edi,[esi+0xc8] mov eax,[esi] mov [edi+0xa8],eax mov eax,[esi+0x4] mov [edi+0xac],eax mov byte [edi+0x57],0x0 lea eax,[ebp-0x4] push eax push dword 0x9a push byte +0xa push edi mov eax,[DATA_009133] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov ebx,eax test ebx,ebx jz near JUMP_004500 push ebx call FUNC_001093 pop ecx mov eax,[esi+0xc8] xor edx,edx mov [eax+0x8c],edx xor edx,edx mov [eax+0x90],edx mov dword [eax+0x94],0x71b7 xor edx,edx mov [eax+0xf2],edx xor edx,edx mov [eax+0xf6],edx xor edx,edx mov [eax+0xfa],edx mov dword [ebx+0x7e],0x8 mov dword [ebx+0xa4],0xffffffff mov byte [ebx+0xff],0x1e mov byte [ebx+0x87],0xb mov word [ebx+0x9e],0x1 mov eax,[esi+0x1b0] mov [ebx+0xf2],eax mov byte [ebx+0x118],0xfe mov eax,[esi+0xc8] mov ax,[eax+0x82] mov [ebx+0xe6],ax mov eax,[DATA_009133] push eax mov eax,[esi+0xc8] push eax call near [DATA_006154] ; FUNC_000606 add esp,byte +0x8 mov eax,[DATA_009133] push eax mov eax,[esi+0xc8] push eax call near [DATA_006154] ; FUNC_000606 add esp,byte +0x8 add dword [ebx+0xa8],0xff9e8e mov eax,[ebx+0xa8] cmp eax,[ebx+0xa8] jna JUMP_004500 inc dword [ebx+0xac] JUMP_004500: ; Pos = 44781 test byte [esi+0x50d9],0x40 jnz JUMP_004501 cmp dword [esi+0x10a],0xaa4b718 jz JUMP_004503 JUMP_004501: ; Pos = 44796 test byte [esi+0x50d9],0x20 jnz JUMP_004502 cmp dword [esi+0x10a],0x16a49718 jz JUMP_004503 JUMP_004502: ; Pos = 447ab test byte [esi+0x50d9],0x80 jnz JUMP_004504 cmp dword [esi+0x10a],0xaa4971a jnz JUMP_004504 JUMP_004503: ; Pos = 447c0 push byte +0x0 push byte +0x9 call FUNC_000237 add esp,byte +0x8 JUMP_004504: ; Pos = 447cc cmp byte [esi+0x3f5d],0x0 jz JUMP_004505 cmp byte [esi+0x3f5f],0x0 jz JUMP_004505 push byte -0x2 call FUNC_001902_SoundPlaySong pop ecx JUMP_004505: ; Pos = 447e6 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001095: ; Pos = 447f0 push ebp mov ebp,esp push byte -0x1 push dword 0x98c1 call FUNC_001097 add esp,byte +0x8 pop ebp ret FUNC_001096: ; Pos = 44804 push ebp mov ebp,esp mov dl,[DATA_008858] test dl,dl jz JUMP_004507 mov eax,[DATA_008861] test eax,eax jz JUMP_004507 mov cl,[DATA_008875] test cl,cl jz JUMP_004506 movsx ecx,cl push ecx movsx edx,dl push edx push eax call FUNC_000941 add esp,byte +0xc mov byte [DATA_008858],0x0 call FUNC_001119 call FUNC_000991 pop ebp ret JUMP_004506: ; Pos = 44848 call FUNC_001095 JUMP_004507: ; Pos = 4484d pop ebp ret FUNC_001097: ; Pos = 44850 push ebp mov ebp,esp add esp,byte -0x30 mov eax,[ebp+0x8] mov [ebp-0x30],eax mov eax,[ebp+0xc] mov [ebp-0x18],eax lea eax,[ebp-0x30] push eax call FUNC_000349 pop ecx mov esp,ebp pop ebp ret FUNC_001098: ; Pos = 44870 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov esi,[ebp+0x8] mov edi,DATA_008804 xor eax,eax mov edx,[esi+0xc8] test dl,0x8 jz JUMP_004508 mov eax,0x10 jmp short JUMP_004509 JUMP_004508: ; Pos = 44895 test edx,0x8000000 jz JUMP_004509 mov eax,0xe JUMP_004509: ; Pos = 448a2 test eax,eax jz near JUMP_004513 lea edx,[ebp-0x4] push edx push eax push byte +0x4f push esi mov eax,[DATA_009133] push eax call near [DATA_007219] ; FUNC_000928 add esp,byte +0x14 mov ebx,eax test ebx,ebx jnz JUMP_004510 xor eax,eax jmp JUMP_004514 JUMP_004510: ; Pos = 448ce mov [edi+0xc8],ebx mov byte [esi+0x118],0x1 mov word [esi+0xb6],0x0 mov word [esi+0xb8],0x0 mov word [esi+0xba],0x0 mov byte [ebx+0x118],0xff xor eax,eax mov al,[ebx+0x86] mov [edi+0xc0],eax mov byte [esi+0x87],0xb mov byte [esi+0xff],0x16 mov byte [edi+0xe8],0x24 mov byte [edi+0xea],0x0 push ebx call FUNC_000992 pop ecx test byte [esi+0xc8],0x8 jz JUMP_004511 mov dword [ebx+0xc8],0x40200000 mov byte [ebx+0xd2],0x88 mov byte [ebx+0xd0],0x2 mov word [edi+0x15a],0x2 mov dword [edi+0x120],0x2 jmp short JUMP_004512 JUMP_004511: ; Pos = 44964 mov dword [ebx+0xc8],0x40200000 mov byte [ebx+0xd2],0x0 JUMP_004512: ; Pos = 44975 xor eax,eax mov [ebx+0xcc],eax mov byte [ebx+0xd6],0x0 mov byte [ebx+0xd7],0x0 mov byte [ebx+0xd8],0x0 mov byte [ebx+0xd9],0x0 mov byte [ebx+0xda],0x0 mov byte [ebx+0xdb],0x0 mov byte [ebx+0xdc],0x0 mov byte [ebx+0xdd],0x0 mov byte [ebx+0xde],0x0 mov byte [ebx+0xdf],0x0 mov byte [ebx+0xd3],0x0 mov byte [ebx+0xd4],0x0 mov byte [ebx+0xd5],0x0 mov word [ebx+0xe0],0x0 mov word [ebx+0xe2],0x0 xor eax,eax mov [edi+0x502c],eax xor eax,eax mov [edi+0x5030],eax xor eax,eax mov [edi+0x4a18],eax xor eax,eax mov [edi+0x50d4],eax mov byte [edi+0x4a39],0x0 mov dword [ebx+0x11e],0x20000000 mov eax,[ebx+0xc] mov [ebp-0x10],eax mov eax,[ebx+0x10] mov [ebp-0xc],eax mov eax,[ebx+0x14] mov [ebp-0x8],eax sar dword [ebp-0x10],0x10 sar dword [ebp-0xc],0x10 sar dword [ebp-0x8],0x10 lea eax,[ebp-0x10] push eax push ebx call near [DATA_007746] ; FUNC_001514 add esp,byte +0x8 call FUNC_000250 call FUNC_001120 push byte +0x20 call FUNC_001906_SoundPlaySample pop ecx call FUNC_001116 mov byte [DATA_008647],0x0 and byte [DATA_008646],0xfe push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc or eax,byte -0x1 jmp short JUMP_004514 JUMP_004513: ; Pos = 44a7f xor eax,eax JUMP_004514: ; Pos = 44a81 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001099: ; Pos = 44a88 push ebp mov ebp,esp add esp,0xffffff38 push ebx push esi push edi mov ebx,DATA_008804 push byte +0x0 mov eax,0x5f cmp byte [ebx+0xea],0x5 jz JUMP_004515 add eax,byte -0x4f JUMP_004515: ; Pos = 44aac push eax mov al,[ebx+0xed] push eax call FUNC_001100 add esp,byte +0xc cmp byte [ebx+0xea],0x5 jz near JUMP_004541 cmp byte [DATA_007250],0x0 jz near JUMP_004519 xor eax,eax mov [ebp-0x8],eax mov dword [ebp-0x4],0xa mov edi,0x5 mov esi,0x72 JUMP_004516: ; Pos = 44aec mov eax,[DATA_009133] cmp byte [eax+esi],0x0 jz near JUMP_004518 lea eax,[esi+esi*4] lea eax,[esi+eax*4] lea eax,[esi+eax*8] mov edx,[DATA_009133] test byte [edx+eax*2+0x1c0],0x10 jz near JUMP_004518 push esi push edi mov esi,DATA_007277 lea edi,[ebp-0x30] mov ecx,0xa rep movsd pop edi pop esi cmp byte [DATA_007251],0x0 jnz JUMP_004517 mov eax,[ebp-0x4] mov [ebp-0x30],eax mov [ebp-0x2c],edi mov eax,[ebp-0x4] add eax,byte +0xa mov [ebp-0x28],eax lea eax,[edi+0xa] mov [ebp-0x24],eax mov eax,[ebp-0x8] add eax,0xd1 mov [ebp-0x20],eax lea eax,[ebp-0x30] push eax call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx inc dword [ebp-0x8] JUMP_004517: ; Pos = 44b65 push edi mov eax,[ebp-0x4] push eax push byte +0x31 call FUNC_001621_BlitIndexToBuf add esp,byte +0xc push byte +0x11 push edi mov eax,[ebp-0x4] add eax,byte +0xf push eax lea eax,[esi+esi*4] lea eax,[esi+eax*4] lea eax,[esi+eax*8] add eax,eax add eax,[DATA_009133] add eax,0x198 push eax call FUNC_001584_TextWriteDefaultClip add esp,byte +0x10 add edi,byte +0xf cmp edi,0x8c jnz JUMP_004518 mov edi,0x5 mov dword [ebp-0x4],0xe6 JUMP_004518: ; Pos = 44bb4 dec esi test esi,esi jg near JUMP_004516 mov byte [DATA_007251],0x1 JUMP_004519: ; Pos = 44bc4 push byte +0x1 push byte +0x11 mov al,[ebx+0xec] push eax call FUNC_001100 add esp,byte +0xc mov al,[ebx+0xea] cmp al,0x4 jz near JUMP_004522 cmp al,0x6 jz near JUMP_004522 movsx eax,al mov edx,[ebx+0xc8] cmp byte [edx+eax+0xd2],0x0 jz JUMP_004520 call FUNC_001111 JUMP_004520: ; Pos = 44c05 cmp byte [ebx+0xea],0x0 jnz JUMP_004521 lea edx,[ebp-0x38] push edx lea edx,[ebp-0x64] push edx mov eax,[ebx+0xc8] push eax add eax,0x8c push eax call near [DATA_006156] ; FUNC_000608 add esp,byte +0x10 add dword [ebp-0x5c],0xff lea eax,[ebp-0x64] push eax lea eax,[ebp-0x34] push eax call FUNC_001479 add esp,byte +0x8 movsx eax,word [ebp-0x32] push eax movsx eax,word [ebp-0x34] push eax call FUNC_001112 add esp,byte +0x8 JUMP_004521: ; Pos = 44c55 cmp byte [ebx+0xea],0x2 jl JUMP_004522 movsx eax,word [ebx+0x204] shl eax,0x4 lea eax,[eax+eax*4] lea eax,[eax+eax*4] lea eax,[eax+eax*8] sar eax,0x10 mov [ebp-0x78],eax movsx eax,word [ebx+0x206] shl eax,0x4 lea eax,[eax+eax*4] lea eax,[eax+eax*4] lea eax,[eax+eax*8] sar eax,0x10 neg eax mov [ebp-0x74],eax push byte +0x0 push byte +0x4c push byte +0x5 push byte +0x12 lea eax,[ebp-0x78] push eax push dword 0x8636 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_004522: ; Pos = 44cac mov eax,[ebx+0xc8] add eax,0x8c push eax lea eax,[ebp-0x44] push eax call FUNC_001475 add esp,byte +0x8 mov esi,eax mov [ebx+0xd4],esi lea eax,[ebp-0x44] push eax call FUNC_001466 pop ecx test esi,esi jng JUMP_004525 JUMP_004523: ; Pos = 44cda test eax,0x40000000 jz JUMP_004524 mov eax,0x7fffffff jmp short JUMP_004525 JUMP_004524: ; Pos = 44ce8 add eax,eax dec esi test esi,esi jg JUMP_004523 JUMP_004525: ; Pos = 44cef mov [ebx+0xd8],eax mov byte [DATA_009124],0x0 mov eax,[ebx+0xc8] cmp byte [eax+0x56],0x0 jz JUMP_004526 mov eax,[DATA_009133] push eax mov eax,[ebx+0xc8] movzx eax,byte [eax+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 add eax,0x124 mov edi,eax mov esi,DATA_009124 xor eax,eax or ecx,byte -0x1 repne scasb not ecx sub edi,ecx xchg esi,edi mov eax,edi mov edx,ecx shr ecx,0x2 rep movsd mov ecx,edx and ecx,byte +0x3 rep movsb JUMP_004526: ; Pos = 44d4b mov edi,0x8620 mov eax,[ebx+0xdc] mov [ebp-0x50],eax mov ecx,[ebx+0xdc] test ecx,ecx jl JUMP_004527 mov eax,ecx mov esi,0x3e8 cdq idiv esi cmp eax,0xea60 jg JUMP_004527 mov edi,0x8622 mov eax,ecx mov ecx,0x3e8 cdq idiv ecx mov [ebp-0x50],eax JUMP_004527: ; Pos = 44d86 test byte [ebx+0xe9],0x1 jnz JUMP_004528 cmp byte [ebx+0xe8],0x2 jnz JUMP_004529 JUMP_004528: ; Pos = 44d98 inc edi cmp byte [ebx+0xe8],0x2 jnz JUMP_004529 push byte +0x0 push dword 0x8b push byte +0x2 push byte +0xf lea eax,[ebp-0x58] push eax push dword 0x8618 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_004529: ; Pos = 44dbf mov eax,[ebx+0x1b8] mov [ebp-0x58],eax mov eax,[ebx+0xd8] mov [ebp-0x54],eax mov eax,DATA_009124 mov [ebp-0x4c],eax push byte +0x0 push dword 0x94 push byte +0x2 push byte +0xf lea eax,[ebp-0x58] push eax push edi call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 cmp byte [ebx+0xea],0x6 jnz JUMP_004530 mov dword [DATA_007270],0x320 push dword FUNC_001109 mov eax,[DATA_009133] push eax call FUNC_000990 add esp,byte +0x8 jmp short JUMP_004531 JUMP_004530: ; Pos = 44e1a test byte [ebx+0xe9],0x4 jz JUMP_004531 push dword FUNC_001108 mov eax,[DATA_009133] push eax call FUNC_000989 add esp,byte +0x8 JUMP_004531: ; Pos = 44e36 mov eax,[ebx+0xc8] mov cx,[eax+0xe0] mov si,[eax+0xe2] cmp cx,si jz JUMP_004532 movzx eax,cx shl eax,0x2 lea eax,[eax+eax*4] lea eax,[eax+eax*4] movzx edx,si mov ecx,edx cdq idiv ecx mov [ebp+0xffffff74],eax push byte +0x0 push byte +0x1 push byte +0x2 push byte +0xf lea eax,[ebp+0xffffff74] push eax push dword 0x8624 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_004532: ; Pos = 44e86 cmp dword [ebx+0x10e],byte +0x0 jz JUMP_004534 mov eax,[ebx+0xc8] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov ecx,eax mov eax,[ebx+0xc8] movzx eax,word [eax+0xe4] shl eax,0x3 lea eax,[eax+eax*4] lea eax,[eax+eax*4] lea eax,[eax+eax*4] test eax,eax jns JUMP_004533 add eax,byte +0x3 JUMP_004533: ; Pos = 44ec5 sar eax,0x2 mov edx,[ecx+0x38] movsx edx,word [edx+0x6] mov ecx,edx cdq idiv ecx mov [ebp+0xffffff60],eax push byte +0x0 push byte +0xb push byte +0x2 push byte +0xf lea eax,[ebp+0xffffff60] push eax push dword 0x8638 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_004534: ; Pos = 44ef7 test byte [ebx+0xe9],0x8 jz near JUMP_004538 mov eax,[ebx+0xc8] test byte [eax+0xca],0x40 jz near JUMP_004538 cmp byte [ebx+0xed],0x0 jz near JUMP_004538 cmp byte [ebx+0xea],0x6 jz near JUMP_004538 mov eax,[DATA_009133] push eax movsx eax,byte [ebx+0xed] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax mov eax,[esi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov ecx,eax cmp dword [esi+0x82],byte +0x50 ja near JUMP_004538 cmp dword [ecx+0x38],byte +0x0 jz near JUMP_004538 mov edi,0x8626 cmp word [esi+0xe2],byte +0x0 jz JUMP_004535 mov edi,0x8625 movzx eax,word [esi+0xe0] shl eax,0x2 lea eax,[eax+eax*4] lea eax,[eax+eax*4] movzx edx,word [esi+0xe2] push ecx mov ecx,edx cdq idiv ecx pop ecx mov [ebp+0xffffff4c],eax movzx eax,word [esi+0xe0] shl eax,0x2 lea eax,[eax+eax*4] lea eax,[eax+eax*4] sar eax,0x6 mov [ebp+0xffffff50],eax JUMP_004535: ; Pos = 44fc2 movzx eax,word [esi+0xe4] add eax,eax lea eax,[eax+eax*4] lea eax,[eax+eax*4] lea eax,[eax+eax*4] mov edx,[ecx+0x38] movsx edx,word [edx+0x6] push ecx mov ecx,edx cdq idiv ecx pop ecx mov [ebp+0xffffff54],eax mov eax,[ecx+0x38] movsx eax,word [eax+0xe] mov [ebp+0xffffff5c],eax movsx eax,byte [esi+0xd0] mov eax,[eax*4+DATA_007260] mov [ebp+0xffffff58],eax push byte +0x0 push byte +0x1 push dword 0xeb push byte +0xf lea eax,[ebp+0xffffff4c] push eax push edi call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 test byte [esi+0xcb],0x1 jz JUMP_004536 push byte +0x0 push byte +0x33 push dword 0xeb push byte +0x5f push byte +0x0 push dword 0x862f call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_004536: ; Pos = 45049 test dword [esi+0xc8],0x410 jz JUMP_004537 push byte +0x0 push byte +0x3d push dword 0xeb push byte +0x5f push byte +0x0 push dword 0x989e call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_004537: ; Pos = 45070 cmp byte [esi+0x118],0xfb jnz JUMP_004538 cmp dword [esi+0x11a],byte +0x0 jz JUMP_004538 test byte [ebx+0x1],0x80 jz JUMP_004538 mov eax,[esi+0x11a] mov [ebp+0xffffff54],eax push byte +0x0 push byte +0x47 push dword 0xeb push byte +0x10 lea eax,[ebp+0xffffff4c] push eax push dword 0x8634 call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 JUMP_004538: ; Pos = 450b4 test byte [ebx+0xe9],0x40 jz near JUMP_004541 mov eax,[ebx+0xc8] test byte [eax+0xcb],0x1 jz near JUMP_004541 cmp byte [ebx+0xed],0x0 jz near JUMP_004541 mov eax,[DATA_009133] push eax movsx eax,byte [ebx+0xed] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov esi,eax cmp dword [esi+0x82],0x9a jnz near JUMP_004541 mov edi,0x8631 mov ax,[esi+0x9e] test ax,ax jnz JUMP_004539 mov edi,0x8630 jmp short JUMP_004540 JUMP_004539: ; Pos = 45122 test ah,0x80 jnz JUMP_004540 mov edi,0x8632 JUMP_004540: ; Pos = 4512c mov eax,[esi+0xf2] mov [ebp+0xffffff38],eax mov eax,[esi+0xa8] mov [ebp+0xffffff3c],eax mov eax,[esi+0xac] mov [ebp+0xffffff40],eax movzx eax,word [esi+0xe6] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov eax,[eax+0x38] movsx eax,word [eax+0x6] mov [ebp+0xffffff44],eax push byte +0x0 push byte +0x1 push dword 0xe1 push byte +0xf lea eax,[ebp+0xffffff38] push eax push edi call near [DATA_007644] ; FUNC_001399_StringDrawWrapShadow add esp,byte +0x18 or byte [ebx+0xe9],0x40 JUMP_004541: ; Pos = 4518f pop edi pop esi pop ebx mov esp,ebp pop ebp ret SECTION .data pPosString db 'xpos = %i, ypos = %i', 0x0 SECTION .text FUNC_001100: ; Pos = 45198 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov eax,[ebp+0x8] test al,al jz near JUMP_004550 movsx edx,al mov ecx,[DATA_009133] test byte [ecx+edx],0x8 jnz JUMP_004542 push edx call FUNC_001101 pop ecx jmp JUMP_004550 JUMP_004542: ; Pos = 451c7 mov ecx,[DATA_009133] push ecx push edx call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax ; Calculate distance to target lea eax,[ebp-0x4] push eax lea eax,[ebp-0x10] push eax push ebx cmp byte [DATA_008872],0x5 jnz JUMP_004544 mov eax,[DATA_009133] push eax movsx eax,byte [DATA_008877] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 jmp short JUMP_004545 JUMP_004544: ; Pos = 45262 mov eax,[DATA_008861] JUMP_004545: ; Pos = 45267 push eax call near [DATA_006148] ; FUNC_000590 add esp,byte +0x10 lea eax,[ebp-0x10] push eax call FUNC_001466 pop ecx push eax call near [DATA_007736] ; FUNC_001489 pop ecx mov [DATA_008882],eax mov ax,[ebp-0x4] add ax,[DATA_008883] add ax,byte -0xf mov [DATA_008883],ax mov eax,[DATA_008882] push eax call near [DATA_007722] ; FUNC_001496 pop ecx mov [DATA_008882],eax ; Find a visible target cmp byte [ebx+0x8a],0x0 jz near JUMP_004543 ; test byte [ebx+0x14c],0x10 ; jz near JUMP_004543 cmp byte [ebx+0x87],0x1 jz .orbital cmp byte [ebx+0x87],0xe jnz near JUMP_004543 .orbital: mov eax,[DATA_009133] push eax xor eax,eax mov al,[ebx+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax cmp byte [ebx+0x8a],0x0 jz JUMP_004543 cmp byte [ebx+0x56],0x0 jz JUMP_004543 mov eax,[DATA_009133] push eax xor eax,eax mov al,[ebx+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax cmp byte [ebx+0x8a],0x0 jz JUMP_004543 cmp byte [ebx+0x56],0x0 jz JUMP_004543 mov eax,[DATA_009133] push eax xor eax,eax mov al,[ebx+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax cmp byte [ebx+0x8a],0x0 jz JUMP_004543 cmp byte [ebx+0x56],0x0 jz JUMP_004543 mov eax,[DATA_009133] push eax xor eax,eax mov al,[ebx+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax JUMP_004543: ; Pos = 45229 push ebx movsx esi,word [ebx+0x98] movsx edi,word [ebx+0x9a] ; Draw targeting tunnels cmp byte [DATA_008872],0x4 jz near JUMP_004548 cmp byte [DATA_008872],0x6 jz near JUMP_004548 cmp byte [DATA_009024],0x0 jz near JUMP_004548 cmp dword [ebp+0x10],byte +0x0 jnz JUMP_004546 cmp byte [DATA_008872],0x5 jnz near JUMP_004548 JUMP_004546: ; Pos = 452e9 cmp byte [DATA_009025],0x0 jnz JUMP_004547 mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx cmp dword [eax+0x38],byte +0x0 jnz near JUMP_004548 JUMP_004547: ; Pos = 4530a cmp esi,0xfffffc18 jng near JUMP_004548 cmp esi,0x3e8 jnl near JUMP_004548 cmp edi,0xfffffc18 jng near JUMP_004548 cmp edi,0x3e8 jnl near JUMP_004548 push byte +0x0 mov eax,[ebp+0xc] push eax mov eax,[DATA_008882] neg eax and eax,0x7ff sar eax,0x5 add eax,byte +0x40 push eax push edi lea ebx,[esi-0x1] push ebx call FUNC_001113 add esp,byte +0x14 push byte +0x1 mov eax,[ebp+0xc] push eax mov eax,[DATA_008882] neg eax and eax,0x7ff sar eax,0x5 add eax,byte +0x40 push eax push edi push ebx call FUNC_001113 add esp,byte +0x14 push byte +0x2 mov eax,[ebp+0xc] push eax mov eax,[DATA_008882] neg eax and eax,0x7ff sar eax,0x5 add eax,byte +0x40 push eax push edi push ebx call FUNC_001113 add esp,byte +0x14 push byte +0x3 mov eax,[ebp+0xc] push eax mov eax,[DATA_008882] neg eax and eax,0x7ff sar eax,0x5 add eax,byte +0x40 push eax push edi push ebx call FUNC_001113 add esp,byte +0x14 JUMP_004548: ; Pos = 453c9 pop ebx ; movsx eax, word [ebx+0x9a] ; push eax ; movsx eax, word [ebx+0x98] ; push eax ; push dword pPosString ; push dword pTempString ; call _sprintf ; add esp, byte 0x10 ; push byte 0xf ; push byte 30 ; push byte 30 ; push dword pTempString ; call FUNC_001589_WriteStringShadowed ; add esp, byte 0x10 cmp word [DATA_008883], byte +0x1d jg .rangeAU .rangeKM: movsx edx, word [DATA_008883] mov ecx, 0x1d sub ecx, edx movsx edx, word [DATA_008882] imul edx, edx, 0xd1d0 sar edx, cl mov [ebp-0x24],edx mov edx, 0x8604 jmp .selectstring .rangeAU: movsx edx,word [DATA_008883] mov ecx,0x35 sub ecx,edx movsx edx,word [DATA_008882] imul edx,edx,0xeb54 sar edx,cl mov [ebp-0x24],edx mov edx, 0x8605 .selectstring: sub esi, 5 sub edi, 5 cmp esi, 0x138 jnc .targetoffscreen cmp edi, 0x8e jnc .targetoffscreen jmp .writestring .targetoffscreen: mov esi, 50 mov edi, 50 cmp dword [ebp+0x10], 0 jnz .navtarget add edi, 10 .navtarget: cmp byte [ebx+0x8a], 0x0 jnz .targetoutofrange cmp word [ebx+0x98], 0x8000 jz .targetbehind cmp word [ebx+0x9a], 0x8000 jz .targetbehind cmp word [ebx+0x9a], 79 jg .targetbelow add edx, 6 jmp .checkhoriz .targetbelow: add edx, 10 .checkhoriz: cmp word [ebx+0x98], 160 jl .writestring add edx, 2 jmp .writestring .targetbehind: add edx, 2 jmp .writestring .targetoutofrange: add edx, 4 .writestring: push byte +0x0 push edi push esi mov eax,[ebp+0xc] push eax lea eax,[ebp-0x24] push eax push edx call near [DATA_007645] ; FUNC_001401_StringDrawWrap add esp,byte +0x18 JUMP_004550: ; Pos = 4546c pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001101: ; Pos = 45474 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov esi,DATA_008804 movsx eax,byte [esi+0xec] cmp ebx,eax jz JUMP_004551 movsx eax,byte [esi+0xed] cmp ebx,eax jnz JUMP_004552 JUMP_004551: ; Pos = 45497 push byte -0x1 push dword 0x98c2 call FUNC_001097 add esp,byte +0x8 JUMP_004552: ; Pos = 454a6 movsx eax,byte [esi+0xec] cmp ebx,eax jnz JUMP_004553 mov byte [esi+0xec],0x0 cmp ebx,[esi+0xc0] jz JUMP_004553 cmp byte [esi+0xe8],0x2 jnz JUMP_004553 mov byte [esi+0xe8],0x0 call FUNC_001116 push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc JUMP_004553: ; Pos = 454e3 movsx eax,byte [esi+0xed] cmp ebx,eax jnz JUMP_004554 mov byte [esi+0xed],0x0 JUMP_004554: ; Pos = 454f5 pop esi pop ebx pop ebp ret FUNC_001102: ; Pos = 454fc push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] cmp dword [ebp+0xc],byte +0x0 jnz JUMP_004558 cmp bl,[DATA_008887] jnz JUMP_004555 mov byte [DATA_008887],0x0 JUMP_004555: ; Pos = 45519 cmp bl,[DATA_008877] jnz JUMP_004557 mov byte [DATA_008877],0x0 cmp byte [DATA_008872],0x5 jnz JUMP_004556 mov byte [DATA_008872],0x0 JUMP_004556: ; Pos = 45538 push byte +0x0 push byte +0x14 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 call FUNC_000991 jmp short JUMP_004559 JUMP_004557: ; Pos = 4554b movsx esi,bl push esi call FUNC_001101 pop ecx push esi call FUNC_001104 pop ecx jmp short JUMP_004559 JUMP_004558: ; Pos = 4555e movsx eax,bl cmp eax,[DATA_008857] jnz JUMP_004559 mov dword [DATA_008886],0x1e JUMP_004559: ; Pos = 45573 pop esi pop ebx pop ebp ret FUNC_001103: ; Pos = 45578 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[eax] push edx mov al,[eax+0x8] push eax call FUNC_001102 add esp,byte +0x8 pop ebp ret FUNC_001104: ; Pos = 45590 push ebp mov ebp,esp push ebx mov eax,[ebp+0x8] cmp eax,[DATA_008857] jnz near JUMP_004563 cmp byte [DATA_008870],0x2c jz near JUMP_004563 cmp byte [DATA_008630],0x0 jl JUMP_004560 push byte +0x0 call FUNC_001002 pop ecx JUMP_004560: ; Pos = 455c1 push byte +0x1f call FUNC_001906_SoundPlaySample pop ecx mov eax,[DATA_008861] push eax call FUNC_001098 pop ecx test eax,eax jnz near JUMP_004563 mov byte [DATA_008870],0x2c push byte +0xe push byte +0x0 push byte +0x1 call FUNC_000048 add esp,byte +0xc mov ebx,0x72 JUMP_004561: ; Pos = 455f7 mov eax,[DATA_009133] cmp byte [eax+ebx],0x0 jz JUMP_004562 lea edx,[ebx+ebx*4] lea edx,[ebx+edx*4] lea edx,[ebx+edx*8] add edx,edx add edx,eax add edx,byte +0x74 push edx call FUNC_001105 pop ecx JUMP_004562: ; Pos = 45619 dec ebx test ebx,ebx jg JUMP_004561 mov byte [DATA_008872],0x4 mov dword [DATA_008895],0xf9000000 call near [DATA_004920] ; FUNC_000217_SysMenuPlayTime call FUNC_001577_ClearBuf call FUNC_001637_FlipScreen call FUNC_001577_ClearBuf mov dword [DATA_008884],0x3cae6 mov byte [DATA_008631],0x0 call near [DATA_007675] ; FUNC_001438_GuiClearHotAreas or byte [DATA_008835],0x21 push byte +0x1f call FUNC_001906_SoundPlaySample pop ecx JUMP_004563: ; Pos = 4566a pop ebx pop ebp ret FUNC_001105: ; Pos = 45670 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp byte [eax+0x87],0xb jnz JUMP_004564 cmp byte [eax+0x118],0xff jnz JUMP_004564 cmp dword [eax+0x82],0x9b jnz JUMP_004564 mov [DATA_008861],eax JUMP_004564: ; Pos = 45699 pop ebp ret FUNC_001106: ; Pos = 4569c push ebp mov ebp,esp push byte +0x1 call FUNC_000918 pop ecx pop ebp ret FUNC_001107: ; Pos = 456ac push ebp mov ebp,esp push ebx mov ebx,DATA_008804 mov eax,[ebx+0x106] sub eax,[DATA_009155] mov [ebx+0x106],eax test eax,eax jnl JUMP_004565 call FUNC_001106 JUMP_004565: ; Pos = 456d0 mov eax,[DATA_009155] shr eax,0x2 add eax,[ebx+0x128] mov [ebx+0x128],eax mov eax,[ebx+0xc8] push eax call FUNC_001054 pop ecx test eax,eax jz JUMP_004566 add dword [ebx+0x128],0x2000 mov eax,[ebx+0xc8] push eax call FUNC_001054 pop ecx test eax,eax jz JUMP_004566 add dword [ebx+0x128],0x6000 mov eax,[ebx+0xc8] push eax call FUNC_001054 pop ecx test eax,eax jz JUMP_004566 add dword [ebx+0x128],0x1000 JUMP_004566: ; Pos = 45735 pop ebx pop ebp ret FUNC_001108: ; Pos = 45738 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] cmp dword [ebx+0x82],0x9a jz near JUMP_004568 mov al,[ebx+0x56] test al,al jz near JUMP_004567 mov edx,[DATA_009133] push edx and eax,0xff push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x4],eax mov eax,[ebp-0x4] movsx eax,word [eax+0x98] sub eax,esi cdq xor eax,edx sub eax,edx mov ecx,eax mov eax,[ebp-0x4] movsx eax,word [eax+0x9a] sub eax,edi cdq xor eax,edx sub eax,edx add ecx,eax cmp ecx,byte +0xc jl JUMP_004568 cmp byte [ebx+0x87],0xb jnz JUMP_004567 cmp byte [ebx+0xff],0x24 jnz JUMP_004567 mov eax,[DATA_009133] push eax xor eax,eax mov al,[ebx+0xfe] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [ebp-0x8],eax mov eax,[ebp-0x8] movsx eax,word [eax+0x98] sub eax,esi cdq xor eax,edx sub eax,edx mov ecx,eax mov eax,[ebp-0x8] movsx eax,word [eax+0x9a] sub eax,edi cdq xor eax,edx sub eax,edx add ecx,eax cmp ecx,byte +0xc jl JUMP_004568 JUMP_004567: ; Pos = 45801 push byte +0xf push edi inc esi push esi add ebx,0x124 push ebx call FUNC_001584_TextWriteDefaultClip add esp,byte +0x10 JUMP_004568: ; Pos = 45815 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001109: ; Pos = 4581c push ebp mov ebp,esp add esp,byte -0x2c push ebx push esi push edi mov edi,[ebp+0xc] mov ebx,[ebp+0x8] cmp byte [ebx+0x87],0xb jnz near JUMP_004572 cmp byte [ebx+0x88],0x14 jg near JUMP_004572 cmp dword [ebx+0x82],byte +0xf jc near JUMP_004572 cmp dword [ebx+0x82],byte +0x3f ja near JUMP_004572 movzx eax,word [ebx+0xe2] mov [ebp-0xc],eax mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov esi,eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x2c] push eax push ebx mov eax,[DATA_008861] push eax call near [DATA_006148] ; FUNC_000590 add esp,byte +0x10 lea eax,[ebp-0x2c] push eax call FUNC_001466 pop ecx push eax call near [DATA_007736] ; FUNC_001489 pop ecx mov [ebp-0x4],eax mov ax,[ebp-0x8] add ax,[ebp-0x2] add ax,byte -0xf mov [ebp-0x2],ax mov eax,[ebp-0x4] push eax call near [DATA_007722] ; FUNC_001496 pop ecx mov [ebp-0x4],eax movsx eax,word [ebp-0x2] mov ecx,0x1d sub ecx,eax movsx eax,word [ebp-0x4] imul eax,eax,0xd1d0 sar eax,cl mov [ebp-0x20],eax movzx eax,word [ebx+0xe4] shl eax,0x2 lea eax,[eax+eax*4] lea eax,[eax+eax*4] test eax,eax jns JUMP_004569 add eax,byte +0x3 JUMP_004569: ; Pos = 458f5 sar eax,0x2 mov ecx,[esi+0x38] movsx edx,word [ecx+0x6] push ecx mov ecx,edx cdq idiv ecx pop ecx mov [ebp-0x1c],eax movsx eax,word [ecx+0xe] mov [ebp-0x14],eax mov eax,[ebp-0x20] cmp eax,[DATA_007270] jnl JUMP_004570 mov [DATA_007270],eax JUMP_004570: ; Pos = 45920 cmp edi,0x140 jnc JUMP_004572 mov eax,[ebp+0x10] add eax,byte +0x1e cmp eax,0x9e jnc JUMP_004572 cmp dword [ebp-0xc],byte +0x0 jz JUMP_004571 movzx eax,word [ebx+0xe0] shl eax,0x2 lea eax,[eax+eax*4] lea eax,[eax+eax*4] cdq idiv dword [ebp-0xc] mov [ebp-0x18],eax push byte +0x0 mov eax,[ebp+0x10] add eax,byte +0x9 push eax sub edi,byte +0x8 push edi push byte +0x5f lea eax,[ebp-0x20] push eax push dword 0x863a call near [DATA_007645] ; FUNC_001401_StringDrawWrap add esp,byte +0x18 jmp short JUMP_004572 JUMP_004571: ; Pos = 45975 push byte +0x0 mov eax,[ebp+0x10] add eax,byte +0x9 push eax sub edi,byte +0x8 push edi push byte +0x5f lea eax,[ebp-0x20] push eax push dword 0x8639 call near [DATA_007645] ; FUNC_001401_StringDrawWrap add esp,byte +0x18 JUMP_004572: ; Pos = 45996 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001110: ; Pos = 459a0 push ebp mov ebp,esp push ecx push ebx mov eax,[ebp+0x8] mov edx,[eax] cmp edx,byte +0x17 ja near JUMP_004583 mov dl,[edx+DATA_000041] jmp near [edx*4+DATA_000042] SECTION .data DATA_000041: ; Pos = 459c0 db 0x0, 0x0, 0x0, 0x5, 0x0, 0x4, 0x0, 0x0 db 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 db 0x0, 0x3, 0x1, 0x0, 0x0, 0x2, 0x1, 0x1 DATA_000042: ; Pos = 459d8 dd JUMP_004583 dd JUMP_004575 dd JUMP_004581 dd JUMP_004574 dd JUMP_004582 dd JUMP_004573 SECTION .text JUMP_004573: ; Pos = 459f0 mov eax,[DATA_009133] push eax mov eax,[DATA_008857] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [DATA_008861],eax mov eax,[DATA_009133] push eax movsx eax,byte [DATA_008859] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov [DATA_008862],eax jmp JUMP_004583 JUMP_004574: ; Pos = 45a2b mov eax,[eax+0x4] cmp eax,[DATA_008857] jnz near JUMP_004583 JUMP_004575: ; Pos = 45a3a push dword DATA_008907 lea eax,[ebp-0x4] push eax mov eax,[DATA_008861] push eax call FUNC_000900 add esp,byte +0xc mov eax,[DATA_008861] test byte [eax+0xc8],0x20 jnz JUMP_004576 push byte +0x0 push byte +0x13 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 mov byte [DATA_007250],0x0 mov byte [DATA_007251],0x0 JUMP_004576: ; Pos = 45a79 mov eax,[DATA_008861] test byte [eax+0xc8],0x80 jnz JUMP_004577 xor eax,eax mov [DATA_007246],eax xor eax,eax mov [DATA_007247],eax JUMP_004577: ; Pos = 45a95 call FUNC_001119 call FUNC_001116 test byte [DATA_008871],0x8 jz JUMP_004578 call FUNC_001120 JUMP_004578: ; Pos = 45aad mov eax,[DATA_008861] mov eax,[eax+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov edx,eax mov eax,[edx+0x1c] and eax,0xffff mov edx,[edx+0x14] add edx,byte +0x8 test edx,edx jz JUMP_004579 mov ecx,edx shl eax,cl JUMP_004579: ; Pos = 45ad8 neg eax mov edx,[DATA_008895] test edx,edx jnl JUMP_004580 cmp eax,edx jg JUMP_004583 JUMP_004580: ; Pos = 45ae8 mov [DATA_008895],eax jmp short JUMP_004583 JUMP_004581: ; Pos = 45aef cmp byte [DATA_008870],0x4 jnz JUMP_004583 call FUNC_001094 jmp short JUMP_004583 JUMP_004582: ; Pos = 45aff mov ebx,[DATA_008861] cmp dword [ebx+0x82],byte +0xe jnz JUMP_004583 call near [DATA_007752] ; FUNC_001530 push eax push byte +0x17 push ebx call FUNC_000441 add esp,byte +0xc JUMP_004583: ; Pos = 45b20 pop ebx pop ecx pop ebp ret FUNC_001111: ; Pos = 45b24 push ebp mov ebp,esp push ecx push byte +0x30 push dword 0x81 push byte +0x61 push dword DATA_007774 call FUNC_001623_BlitIndex add esp,byte +0x10 cmp dword [DATA_007246],byte +0x0 jz JUMP_004584 cmp dword [DATA_007252],byte +0x0 jz JUMP_004584 push byte +0x0 push byte +0x11 push byte +0x4 push byte +0x4f push dword 0xa0 call FUNC_001113 add esp,byte +0x14 JUMP_004584: ; Pos = 45b65 cmp dword [DATA_007247],byte +0x0 jz JUMP_004585 cmp dword [DATA_007252],byte +0x0 jz JUMP_004585 mov word [ebp-0x4],0x9f mov word [ebp-0x2],0x4f push byte +0x10 push byte +0xc lea eax,[ebp-0x4] push eax call FUNC_001612_DrawCircle add esp,byte +0xc JUMP_004585: ; Pos = 45b93 pop ecx pop ebp ret FUNC_001112: ; Pos = 45bf0 push ebp mov ebp,esp mov edx,[ebp+0xc] mov eax,[ebp+0x8] cmp eax,byte +0xe jng JUMP_004586 cmp edx,byte +0xe jng JUMP_004586 cmp eax,0x131 jg JUMP_004586 cmp edx,0x8f jg JUMP_004586 add edx,byte -0x12 push edx add eax,byte -0x13 push eax push byte +0x62 push dword DATA_007774 call FUNC_001623_BlitIndex add esp,byte +0x10 JUMP_004586: ; Pos = 45c29 pop ebp ret FUNC_001113: ; Pos = 45c2c push ebp mov ebp,esp push ebx mov eax,[ebp+0x18] mov ecx,eax shl ecx,0x5 mov edx,ecx mov ebx,0x80 sub ebx,ecx mov ecx,[ebp+0x14] push ecx mov ecx,eax mov eax,[ebp+0x10] sar eax,cl push eax mov eax,edx imul eax,[ebp+0xc] lea ecx,[ebx+ebx*4] shl ecx,0x4 sub ecx,ebx add eax,ecx sar eax,0x7 push eax imul edx,[ebp+0x8] mov eax,ebx shl eax,0x5 lea eax,[eax+eax*4] add edx,eax sar edx,0x7 push edx call FUNC_001114 add esp,byte +0x10 pop ebx pop ebp ret FUNC_001114: ; Pos = 45c80 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov ebx,[ebp+0x10] mov edi,[ebp+0xc] mov esi,[ebp+0x8] mov eax,esi sub eax,ebx test eax,eax jng JUMP_004587 mov eax,esi sub ax,bx jmp short JUMP_004588 JUMP_004587: ; Pos = 45ca1 xor eax,eax JUMP_004588: ; Pos = 45ca3 mov [ebp-0x4],ax mov [ebp-0xc],ax mov eax,edi sub eax,ebx test eax,eax jng JUMP_004589 mov eax,edi sub ax,bx jmp short JUMP_004590 JUMP_004589: ; Pos = 45cba xor eax,eax JUMP_004590: ; Pos = 45cbc mov [ebp-0x6],ax mov [ebp-0x2],ax lea eax,[ebx+esi] cmp eax,0x140 jnl JUMP_004591 mov eax,esi add ax,bx jmp short JUMP_004592 JUMP_004591: ; Pos = 45cd5 mov ax,0x13f JUMP_004592: ; Pos = 45cd9 mov [ebp-0x10],ax mov [ebp-0x8],ax lea eax,[ebx+edi] cmp eax,0x9e jnl JUMP_004593 mov eax,edi add ax,bx jmp short JUMP_004594 JUMP_004593: ; Pos = 45cf2 mov ax,0x9d JUMP_004594: ; Pos = 45cf6 mov [ebp-0xe],ax mov [ebp-0xa],ax cmp word [ebp-0xc],0x140 jg near JUMP_004598 cmp word [ebp-0x2],0x9e jg near JUMP_004598 cmp word [ebp-0x8],byte +0x0 jl near JUMP_004598 cmp word [ebp-0xa],byte +0x0 jl near JUMP_004598 mov eax,esi sub eax,ebx test eax,eax jl JUMP_004595 cmp eax,0x140 jnl JUMP_004595 mov eax,[ebp+0x14] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001616_DrawLine add esp,byte +0xc JUMP_004595: ; Pos = 45d4f lea eax,[ebx+esi] test eax,eax jl JUMP_004596 cmp eax,0x140 jnl JUMP_004596 mov eax,[ebp+0x14] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0x8] push eax call FUNC_001616_DrawLine add esp,byte +0xc JUMP_004596: ; Pos = 45d71 mov eax,edi sub eax,ebx test eax,eax jl JUMP_004597 cmp eax,0x9e jnl JUMP_004597 mov eax,[ebp+0x14] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001616_DrawLine add esp,byte +0xc JUMP_004597: ; Pos = 45d94 lea eax,[ebx+edi] test eax,eax jl JUMP_004598 cmp eax,0x9e jnl JUMP_004598 mov eax,[ebp+0x14] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax call FUNC_001616_DrawLine add esp,byte +0xc JUMP_004598: ; Pos = 45db6 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001115: ; Pos = 45dc0 push ebp mov ebp,esp push dword DATA_007257 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] and eax,0x1ff push eax mov eax,[ebp+0x10] push eax call near [DATA_007641] ; FUNC_001347_StringExpandArrayIndex add esp,byte +0x10 pop ebp ret FUNC_001116: ; Pos = 45de4 push ebp mov ebp,esp push ebx mov ebx,DATA_008804 test byte [ebx+0xe9],0x8 jnz near JUMP_004611 cmp byte [ebx+0xe8],0x2e jl JUMP_004599 cmp dword [ebx+0xf0],byte +0x0 jnz JUMP_004599 push byte +0x47 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004600 JUMP_004599: ; Pos = 45e16 push byte +0x47 call FUNC_000264_ConsoleHideButton pop ecx JUMP_004600: ; Pos = 45e1e cmp byte [ebx+0x268],0x0 jz JUMP_004601 cmp byte [ebx+0xe8],0x6 jg JUMP_004601 test byte [ebx+0xc6],0x40 jz JUMP_004601 test byte [ebx+0xc7],0x1 jz JUMP_004601 push byte +0x45 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004602 JUMP_004601: ; Pos = 45e4c push byte +0x45 call FUNC_000264_ConsoleHideButton pop ecx JUMP_004602: ; Pos = 45e54 push byte +0x46 call FUNC_000263_ConsoleShowButton pop ecx test byte [ebx+0xe9],0x2 jz JUMP_004603 push byte +0x0 push byte +0x38 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x0 push byte +0x46 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_004604 JUMP_004603: ; Pos = 45e7f push byte +0x1 push byte +0x38 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x1 push byte +0x46 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 JUMP_004604: ; Pos = 45e97 push byte +0x48 call FUNC_000263_ConsoleShowButton pop ecx cmp dword [DATA_007246],byte +0x0 jnz JUMP_004605 push byte +0x49 call FUNC_000263_ConsoleShowButton pop ecx JUMP_004605: ; Pos = 45eb0 cmp byte [ebx+0xe8],0x2 jz JUMP_004607 push byte +0x0 push byte +0x39 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 cmp byte [ebx+0xec],0x0 jz JUMP_004606 mov eax,[ebx+0xc8] test byte [eax+0xca],0x20 jz JUMP_004606 push byte +0x1 push byte +0x49 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_004608 JUMP_004606: ; Pos = 45eeb push byte +0x0 push byte +0x49 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_004608 JUMP_004607: ; Pos = 45ef9 push byte +0x1 push byte +0x39 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 JUMP_004608: ; Pos = 45f05 cmp byte [ebx+0xe8],0x28 jnl JUMP_004611 test byte [ebx+0xe9],0x1 jz JUMP_004609 test byte [ebx+0x3fb6],0x2 jz JUMP_004610 JUMP_004609: ; Pos = 45f20 push byte +0x1 push byte +0x48 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop ebx pop ebp ret JUMP_004610: ; Pos = 45f2f push byte +0x0 push byte +0x48 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 JUMP_004611: ; Pos = 45f3b pop ebx pop ebp ret FUNC_001117: ; Pos = 45f40 push ebp mov ebp,esp push ebx and byte [DATA_008871],0xf7 push byte +0x3a call FUNC_000264_ConsoleHideButton pop ecx mov ebx,0x9 JUMP_004612: ; Pos = 45f58 lea eax,[ebx+0x3b] push eax call FUNC_000264_ConsoleHideButton pop ecx dec ebx test ebx,ebx jnl JUMP_004612 push byte +0x0 push byte +0x19 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 call FUNC_001005 push byte +0x4a call FUNC_000264_ConsoleHideButton pop ecx push byte +0x4b call FUNC_000264_ConsoleHideButton pop ecx push byte +0x4c call FUNC_000264_ConsoleHideButton pop ecx push byte +0x4d call FUNC_000264_ConsoleHideButton pop ecx push byte +0x4e call FUNC_000264_ConsoleHideButton pop ecx push byte +0x4f call FUNC_000264_ConsoleHideButton pop ecx push byte +0x51 call FUNC_000264_ConsoleHideButton pop ecx call FUNC_001116 pop ebx pop ebp ret FUNC_001118: ; Pos = 45fb8 push ebp mov ebp,esp test byte [DATA_008871],0x8 jz JUMP_004613 call FUNC_001120 pop ebp ret JUMP_004613: ; Pos = 45fcb and byte [DATA_008871],0xf7 call FUNC_001117 pop ebp ret FUNC_001119: ; Pos = 46004 push ebp mov ebp,esp test byte [DATA_008871],0x8 jz JUMP_004614 call FUNC_001120 JUMP_004614: ; Pos = 46015 pop ebp ret FUNC_001120: ; Pos = 46018 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov esi,DATA_008804 push byte +0x46 call FUNC_000264_ConsoleHideButton pop ecx push byte +0x48 call FUNC_000264_ConsoleHideButton pop ecx push byte +0x49 call FUNC_000264_ConsoleHideButton pop ecx push byte +0x47 call FUNC_000264_ConsoleHideButton pop ecx push byte +0x45 call FUNC_000264_ConsoleHideButton pop ecx push byte +0x3a call FUNC_000263_ConsoleShowButton pop ecx cmp dword [DATA_007247],byte +0x0 jnz JUMP_004615 push byte +0x4f call FUNC_000263_ConsoleShowButton pop ecx JUMP_004615: ; Pos = 46067 mov ebx,0x9 JUMP_004616: ; Pos = 4606c mov eax,[esi+0xc8] cmp byte [eax+ebx+0xd6],0x0 jz JUMP_004617 lea edi,[ebx+0x3b] push edi call FUNC_000263_ConsoleShowButton pop ecx mov eax,[esi+0xc8] mov al,[eax+ebx+0xd6] and eax,byte +0xf push eax push edi call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 jmp short JUMP_004618 JUMP_004617: ; Pos = 460a2 lea eax,[ebx+0x3b] push eax call FUNC_000264_ConsoleHideButton pop ecx JUMP_004618: ; Pos = 460ac mov eax,[esi+0xc8] test byte [eax+0xc9],0x8 jz JUMP_004619 cmp word [esi+0x174],byte +0x0 jz JUMP_004619 push byte +0x51 call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004620 JUMP_004619: ; Pos = 460cf push byte +0x51 call FUNC_000264_ConsoleHideButton pop ecx JUMP_004620: ; Pos = 460d7 dec ebx test ebx,ebx jnl JUMP_004616 mov eax,[esi+0xc8] test byte [eax+0xca],0x80 jz JUMP_004621 push byte +0x1 push byte +0x4a call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x4a call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004623 JUMP_004621: ; Pos = 46101 mov eax,[esi+0xc8] test byte [eax+0xca],0x8 jz JUMP_004622 push byte +0x0 push byte +0x4a call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 push byte +0x4a call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004623 JUMP_004622: ; Pos = 46126 push byte +0x4a call FUNC_000264_ConsoleHideButton pop ecx JUMP_004623: ; Pos = 4612e mov eax,[esi+0xc8] test byte [eax+0xcb],0x4 jz JUMP_004624 push byte +0x4b call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004625 JUMP_004624: ; Pos = 46147 push byte +0x4b call FUNC_000264_ConsoleHideButton pop ecx JUMP_004625: ; Pos = 4614f mov eax,[esi+0xc8] test byte [eax+0xcb],0x1 jz JUMP_004626 push byte +0x4c call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004627 JUMP_004626: ; Pos = 46168 push byte +0x4c call FUNC_000264_ConsoleHideButton pop ecx JUMP_004627: ; Pos = 46170 mov eax,[esi+0xc8] test byte [eax+0xc8],0x4 jz JUMP_004628 push byte +0x4d call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004629 JUMP_004628: ; Pos = 46189 push byte +0x4d call FUNC_000264_ConsoleHideButton pop ecx JUMP_004629: ; Pos = 46191 cmp dword [esi+0x511e],byte +0x0 jz JUMP_004630 cmp byte [esi+0xe8],0x34 jz JUMP_004631 JUMP_004630: ; Pos = 461a3 test byte [esi+0xc6],0x10 jz JUMP_004632 JUMP_004631: ; Pos = 461ac push byte +0x4e call FUNC_000263_ConsoleShowButton pop ecx jmp short JUMP_004633 JUMP_004632: ; Pos = 461b6 push byte +0x4e call FUNC_000264_ConsoleHideButton pop ecx JUMP_004633: ; Pos = 461be push dword DATA_007259 call FUNC_001004 pop ecx test byte [esi+0xe9],0x8 jnz JUMP_004634 push dword DATA_007258 call near [DATA_007677] ; FUNC_001440_GuiAddHotAreas pop ecx JUMP_004634: ; Pos = 461de or byte [esi+0xe9],0x8 push byte +0x1 push byte +0x19 call FUNC_000262_ConsoleSetButtonImage add esp,byte +0x8 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001121: ; Pos = 461f8 push ebp mov ebp,esp mov eax,[ebp+0x8] xor edx,edx JUMP_004635: ; Pos = 46200 test eax,0x80000000 jz JUMP_004636 mov eax,0x7ffeffff jmp short JUMP_004637 JUMP_004636: ; Pos = 4620e add eax,eax inc edx cmp edx,byte +0x5 jl JUMP_004635 JUMP_004637: ; Pos = 46216 shr eax,0x10 inc eax mov edx,[DATA_007690] mov ecx,edx and ecx,0xff cmp ecx,byte +0x10 jng JUMP_004638 imul edx,eax mov eax,edx shr eax,0x4 cmp eax,0x7fff jna JUMP_004638 mov eax,0x7fff JUMP_004638: ; Pos = 46241 imul dword [DATA_009122] shr eax,0x6 pop ebp ret FUNC_001122: ; Pos = 4624c push ebp mov ebp,esp mov eax,[ebp+0x8] test byte [DATA_008860],0x10 jz JUMP_004639 push eax call FUNC_001123 pop ecx pop ebp ret JUMP_004639: ; Pos = 46264 cmp dword [DATA_009105],byte +0x0 jz JUMP_004640 cmp byte [DATA_008870],0x34 jnz JUMP_004640 push eax call FUNC_001124 pop ecx pop ebp ret JUMP_004640: ; Pos = 4627f test byte [eax+0xc8],0x4 jz JUMP_004641 call FUNC_001125 JUMP_004641: ; Pos = 4628d pop ebp ret FUNC_001123: ; Pos = 46290 push ebp mov ebp,esp call FUNC_000247 pop ebp ret FUNC_001124: ; Pos = 4629c push ebp mov ebp,esp call FUNC_000246 pop ebp ret FUNC_001125: ; Pos = 462a8 push ebp mov ebp,esp push ebx push esi mov ebx,DATA_009085 mov esi,[DATA_009084] test esi,esi jng JUMP_004645 JUMP_004642: ; Pos = 462bc mov al,[ebx+0x4] and eax,byte +0xf cmp eax,byte +0x3 jz JUMP_004643 cmp eax,byte +0x4 jnz JUMP_004644 JUMP_004643: ; Pos = 462cc mov eax,[ebx+0x6] cmp eax,[DATA_008885] jnz JUMP_004644 cmp byte [ebx+0x1a],0x0 jz JUMP_004644 mov eax,[DATA_009133] push eax movsx eax,byte [ebx+0x1a] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 cmp byte [eax+0x88],0xd jg JUMP_004644 mov byte [ebx+0x5],0xff mov dl,[eax+0x88] cmp dl,[ebx+0x1b] jg JUMP_004644 mov [ebx+0x1b],dl JUMP_004644: ; Pos = 4630c add ebx,byte +0x34 dec esi test esi,esi jg JUMP_004642 JUMP_004645: ; Pos = 46314 push byte +0x4 push byte +0x0 call FUNC_000034 add esp,byte +0x8 push byte +0x0 push byte +0x0 call FUNC_000034 add esp,byte +0x8 push byte +0x27 call FUNC_001906_SoundPlaySample pop ecx push byte -0x1 push dword 0x8633 call FUNC_001097 add esp,byte +0x8 pop esi pop ebx pop ebp ret FUNC_001326_DPal32to16: ; Pos = 4e384 push ebp mov ebp,esp xor eax,eax mov al,[ebp+0x8] shl eax,0x8 xor edx,edx mov dl,[ebp+0x9] shl edx,0x4 add ax,dx xor edx,edx mov dl,[ebp+0xa] add ax,dx movzx edx,ax cmp byte [edx+DATA_007770],0x0 jnz JUMP_005226 mov byte [edx+DATA_009139],0x1 JUMP_005226: ; Pos = 4e3b5 pop ebp ret FUNC_001327_DPal16toPal: ; Pos = 4e3b8 push ebp mov ebp,esp mov eax,[ebp+0x8] movzx edx,ax xor ecx,ecx mov cl,[edx+DATA_007770] test ecx,ecx jz JUMP_005227 lea eax,[ecx-0x1] pop ebp ret JUMP_005227: ; Pos = 4e3d2 xor eax,eax mov al,[edx+DATA_009139] movzx eax,byte [eax+DATA_009140] pop ebp ret FUNC_001328_DPalClear: ; Pos = 4e3e4 push ebp mov ebp,esp mov eax,[ebp+0x8] push dword 0x1000 push byte +0x0 push dword DATA_009139 call _memset add esp,byte +0xc pop ebp ret FUNC_001329: ; Pos = 4e400 push ebp mov ebp,esp add esp,byte -0x20 push ebx push esi push edi mov eax,[ebp+0x8] movsx edx,word [eax] movsx ecx,word [eax+0x2] mov [ebp-0x8],ecx movsx ecx,word [eax+0x4] mov [ebp-0xc],ecx movsx ecx,word [eax+0x6] mov [ebp-0x10],ecx movsx ecx,word [eax+0x8] mov [ebp-0x14],ecx movsx ecx,word [eax+0xa] mov [ebp-0x18],ecx mov cx,0x10 mov [eax+0x8],cx mov [eax+0x4],cx mov [eax],cx xor ecx,ecx mov [eax+0xa],cx mov [eax+0x6],cx mov [eax+0x2],cx xor ecx,ecx mov [ebp-0x1c],ecx mov [ebp-0x4],edx mov edx,[ebp-0x4] shl edx,0x5 lea edx,[edx*8+DATA_009139] mov [ebp-0x20],edx mov edx,[ebp-0x4] cmp edx,[ebp-0x8] jnl near JUMP_005239 JUMP_005228: ; Pos = 4e473 mov ebx,[ebp-0xc] mov edx,ebx add edx,edx mov ecx,[ebp-0x20] lea esi,[ecx+edx*8] cmp ebx,[ebp-0x10] jnl JUMP_005238 JUMP_005229: ; Pos = 4e485 mov edx,[ebp-0x14] lea ecx,[esi+edx] cmp edx,[ebp-0x18] jnl JUMP_005237 JUMP_005230: ; Pos = 4e490 cmp byte [ecx],0x0 jz JUMP_005236 inc dword [ebp-0x1c] movsx edi,word [eax] cmp edi,[ebp-0x4] jng JUMP_005231 mov di,[ebp-0x4] mov [eax],di JUMP_005231: ; Pos = 4e4a7 movsx edi,word [eax+0x2] cmp edi,[ebp-0x4] jg JUMP_005232 mov di,[ebp-0x4] inc edi mov [eax+0x2],di JUMP_005232: ; Pos = 4e4b9 movsx edi,word [eax+0x4] cmp ebx,edi jnl JUMP_005233 mov [eax+0x4],bx JUMP_005233: ; Pos = 4e4c5 movsx edi,word [eax+0x6] cmp ebx,edi jl JUMP_005234 mov edi,ebx inc edi mov [eax+0x6],di JUMP_005234: ; Pos = 4e4d4 movsx edi,word [eax+0x8] cmp edx,edi jnl JUMP_005235 mov [eax+0x8],dx JUMP_005235: ; Pos = 4e4e0 movsx edi,word [eax+0xa] cmp edx,edi jl JUMP_005236 mov edi,edx inc edi mov [eax+0xa],di JUMP_005236: ; Pos = 4e4ef inc edx inc ecx cmp edx,[ebp-0x18] jl JUMP_005230 JUMP_005237: ; Pos = 4e4f6 inc ebx add esi,byte +0x10 cmp ebx,[ebp-0x10] jl JUMP_005229 JUMP_005238: ; Pos = 4e4ff inc dword [ebp-0x4] add dword [ebp-0x20],0x100 mov edx,[ebp-0x4] cmp edx,[ebp-0x8] jl near JUMP_005228 JUMP_005239: ; Pos = 4e515 mov dx,[eax+0x2] sub dx,[eax] mov [eax+0xc],dx mov word [eax+0xe],0x0 movsx edx,word [eax+0x6] movsx ecx,word [eax+0x4] sub edx,ecx movsx ecx,word [eax+0xc] cmp edx,ecx jng JUMP_005240 mov [eax+0xc],dx mov word [eax+0xe],0x1 JUMP_005240: ; Pos = 4e542 movsx edx,word [eax+0xa] movsx ecx,word [eax+0x8] sub edx,ecx movsx ecx,word [eax+0xc] cmp edx,ecx jng JUMP_005241 mov [eax+0xc],dx mov word [eax+0xe],0x2 JUMP_005241: ; Pos = 4e55e mov eax,[ebp-0x1c] pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001330_DPalBuild: ; Pos = 4e568 push ebx push esi push edi push ebp add esp,0xfffffa94 lea edi,[esp+0x428] mov eax,[DATA_009217] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [DATA_009222],eax mov word [esp+0x28],0x0 mov word [esp+0x2a],0x10 mov word [esp+0x2c],0x0 mov word [esp+0x2e],0x10 mov word [esp+0x30],0x0 mov word [esp+0x32],0x10 lea eax,[esp+0x28] push eax call FUNC_001329 pop ecx mov [esp+0x8],eax cmp dword [esp+0x8],byte +0x40 jng near JUMP_005264 lea eax,[esp+0x28] mov [edi+0x4],eax mov ebp,0x1 lea ebx,[esp+0x3a] JUMP_005242: ; Pos = 4e5e2 mov eax,[edi+0x4] mov [esp+0xc],eax mov esi,0x1 jmp short JUMP_005246 JUMP_005243: ; Pos = 4e5f0 mov eax,esi add eax,eax cmp ebp,eax jng JUMP_005244 mov edx,[edi+eax*4] mov dx,[edx+0xc] mov ecx,[edi+eax*4+0x4] cmp dx,[ecx+0xc] jl JUMP_005245 JUMP_005244: ; Pos = 4e609 mov eax,[edi+eax*4] mov [edi+esi*4],eax add esi,esi jmp short JUMP_005246 JUMP_005245: ; Pos = 4e613 mov eax,esi add eax,eax mov edx,[edi+eax*4+0x4] mov [edi+esi*4],edx inc eax mov esi,eax JUMP_005246: ; Pos = 4e621 mov eax,esi add eax,eax cmp ebp,eax jnl JUMP_005243 mov eax,[esp+0xc] mov ax,[eax+0x2] mov [ebx],ax mov eax,[esp+0xc] mov ax,[eax+0x6] mov [ebx+0x4],ax mov eax,[esp+0xc] mov ax,[eax+0xa] mov [ebx+0x8],ax mov eax,[esp+0xc] movsx eax,word [eax+0xe] sub eax,byte +0x1 jc JUMP_005247 jz JUMP_005248 dec eax jz JUMP_005249 jmp JUMP_005250 JUMP_005247: ; Pos = 4e663 mov eax,[esp+0xc] movsx eax,word [eax] mov edx,[esp+0xc] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx-0x2],ax mov edx,[esp+0xc] mov [edx+0x2],ax mov eax,[esp+0xc] mov ax,[eax+0x4] mov [ebx+0x2],ax mov eax,[esp+0xc] mov ax,[eax+0x8] mov [ebx+0x6],ax jmp short JUMP_005250 JUMP_005248: ; Pos = 4e69c mov eax,[esp+0xc] mov ax,[eax] mov [ebx-0x2],ax mov eax,[esp+0xc] movsx eax,word [eax+0x4] mov edx,[esp+0xc] movsx edx,word [edx+0x6] add eax,edx sar eax,1 mov [ebx+0x2],ax mov edx,[esp+0xc] mov [edx+0x6],ax mov eax,[esp+0xc] mov ax,[eax+0x8] mov [ebx+0x6],ax jmp short JUMP_005250 JUMP_005249: ; Pos = 4e6d5 mov eax,[esp+0xc] mov ax,[eax] mov [ebx-0x2],ax mov eax,[esp+0xc] mov ax,[eax+0x4] mov [ebx+0x2],ax mov eax,[esp+0xc] movsx eax,word [eax+0x8] mov edx,[esp+0xc] movsx edx,word [edx+0xa] add eax,edx sar eax,1 mov [ebx+0x6],ax mov edx,[esp+0xc] mov [edx+0xa],ax JUMP_005250: ; Pos = 4e70c mov eax,[esp+0xc] push eax call FUNC_001329 pop ecx mov eax,ebp shl eax,0x4 lea edx,[esp+0x28] add eax,edx push eax call FUNC_001329 pop ecx mov eax,[esp+0xc] mov [edi+esi*4],eax jmp short JUMP_005252 JUMP_005251: ; Pos = 4e732 mov eax,esi sar eax,1 mov eax,[edi+eax*4] mov edx,[edi+esi*4] mov ecx,esi sar ecx,1 mov [edi+ecx*4],edx mov [edi+esi*4],eax sar esi,1 JUMP_005252: ; Pos = 4e748 cmp esi,byte +0x1 jng JUMP_005253 mov eax,esi sar eax,1 mov eax,[edi+eax*4] mov ax,[eax+0xc] mov edx,[edi+esi*4] cmp ax,[edx+0xc] jl JUMP_005251 JUMP_005253: ; Pos = 4e761 lea esi,[ebp+0x1] mov eax,ebp shl eax,0x4 lea edx,[esp+0x28] add eax,edx mov [edi+esi*4],eax jmp short JUMP_005255 JUMP_005254: ; Pos = 4e774 mov eax,esi sar eax,1 mov eax,[edi+eax*4] mov edx,[edi+esi*4] mov ecx,esi sar ecx,1 mov [edi+ecx*4],edx mov [edi+esi*4],eax sar esi,1 JUMP_005255: ; Pos = 4e78a cmp esi,byte +0x1 jng JUMP_005256 mov eax,esi sar eax,1 mov eax,[edi+eax*4] mov ax,[eax+0xc] mov edx,[edi+esi*4] cmp ax,[edx+0xc] jl JUMP_005254 JUMP_005256: ; Pos = 4e7a3 inc ebp add ebx,byte +0x10 cmp ebp,byte +0x40 jl near JUMP_005242 xor esi,esi lea eax,[esp+0x28] mov [esp+0x18],eax mov dword [esp+0x14],DATA_009141 JUMP_005257: ; Pos = 4e7c2 mov eax,[esp+0x14] mov byte [eax],0x0 mov eax,[esp+0x18] movsx eax,word [eax] mov [esp+0x4],eax mov eax,[esp+0x4] shl eax,0x5 lea eax,[eax*8+DATA_009139] mov [esp+0x24],eax mov eax,[esp+0x18] add eax,byte +0x2 mov [esp+0x1c],eax jmp short JUMP_005263 JUMP_005258: ; Pos = 4e7f3 mov eax,[esp+0x1c] movsx edi,word [eax+0x2] mov eax,edi add eax,eax mov edx,[esp+0x24] lea eax,[edx+eax*8] mov [esp+0x20],eax mov eax,[esp+0x1c] lea ebp,[eax+0x4] jmp short JUMP_005262 JUMP_005259: ; Pos = 4e813 movsx eax,word [ebp+0x2] mov edx,[esp+0x20] add edx,eax lea ecx,[ebp+0x4] jmp short JUMP_005261 JUMP_005260: ; Pos = 4e822 mov ebx,esi inc ebx mov [edx],bl inc eax inc edx JUMP_005261: ; Pos = 4e829 movsx ebx,word [ecx] cmp eax,ebx jl JUMP_005260 inc edi add dword [esp+0x20],byte +0x10 JUMP_005262: ; Pos = 4e836 movsx eax,word [ebp+0x0] cmp edi,eax jl JUMP_005259 inc dword [esp+0x4] add dword [esp+0x24],0x100 JUMP_005263: ; Pos = 4e84a mov eax,[esp+0x1c] movsx eax,word [eax] cmp eax,[esp+0x4] jg JUMP_005258 inc esi add dword [esp+0x18],byte +0x10 inc dword [esp+0x14] cmp esi,byte +0x40 jl near JUMP_005257 mov dword [esp],0x40 jmp JUMP_005267 JUMP_005264: ; Pos = 4e876 xor eax,eax mov [esp],eax xor esi,esi mov ebx,DATA_009141 lea eax,[esp+0x28] mov [esp+0x14],eax mov dword [esp+0x18],DATA_009139 JUMP_005265: ; Pos = 4e892 mov eax,[esp+0x18] cmp byte [eax],0x0 jz JUMP_005266 mov al,[esp] inc eax mov edx,[esp+0x18] mov [edx],al mov eax,esi sar eax,0x8 mov edx,[esp+0x14] mov [edx],ax inc eax mov edx,[esp+0x14] mov [edx+0x2],ax mov eax,esi sar eax,0x4 and ax,byte +0xf mov edx,[esp+0x14] mov [edx+0x4],ax inc eax mov edx,[esp+0x14] mov [edx+0x6],ax mov eax,esi and ax,byte +0xf mov edx,[esp+0x14] mov [edx+0x8],ax mov eax,[esp+0x14] mov ax,[eax+0x8] inc eax mov edx,[esp+0x14] mov [edx+0xa],ax mov byte [ebx],0x0 inc dword [esp] inc ebx add dword [esp+0x14],byte +0x10 JUMP_005266: ; Pos = 4e8ff inc esi inc dword [esp+0x18] cmp esi,0x1000 jl JUMP_005265 JUMP_005267: ; Pos = 4e90c xor edx,edx xor esi,esi lea ebx,[esp+0x52c] JUMP_005268: ; Pos = 4e917 mov eax,[DATA_007634] add eax,esi lea eax,[eax+eax*2] xor ecx,ecx mov cl,[eax+DATA_009145] sar ecx,0x2 shl ecx,0x4 movzx edi,byte [eax+DATA_009144] sar edi,0x2 shl edi,0x8 add edi,DATA_009139 lea ecx,[edi+ecx] movzx eax,byte [eax+DATA_009146] sar eax,0x2 movzx eax,byte [ecx+eax] test eax,eax jz JUMP_005269 cmp byte [eax+DATA_009140],0x0 jnz JUMP_005269 mov ecx,esi add cl,[DATA_007634] add cl,0x80 mov [eax+DATA_009140],cl jmp short JUMP_005270 JUMP_005269: ; Pos = 4e973 mov eax,esi mov [ebx],al inc edx inc ebx JUMP_005270: ; Pos = 4e979 inc esi cmp esi,byte +0x40 jl JUMP_005268 xor eax,eax mov [DATA_009143],eax xor esi,esi lea eax,[esp+0x2a] mov [esp+0x18],eax lea eax,[esp+edx+0x52c] mov [esp+0x14],eax mov ebx,DATA_009141 cmp esi,[esp] jnl near JUMP_005275 JUMP_005271: ; Pos = 4e9a9 cmp byte [ebx],0x0 jnz JUMP_005272 dec dword [esp+0x14] mov eax,[esp+0x14] mov al,[eax] add al,[DATA_007634] add al,0x80 mov [ebx],al JUMP_005272: ; Pos = 4e9c2 mov eax,[esp+0x18] mov al,[eax] mov edx,[esp+0x18] add al,[edx-0x2] add al,0xff add eax,eax inc eax mov [esp+0x10],al mov eax,[esp+0x18] mov al,[eax+0x4] mov edx,[esp+0x18] add al,[edx+0x2] add al,0xff add eax,eax inc eax mov [esp+0x11],al mov eax,[esp+0x18] mov al,[eax+0x8] mov edx,[esp+0x18] add al,[edx+0x6] add al,0xff add eax,eax inc eax mov [esp+0x12],al xor eax,eax mov al,[ebx] add eax,byte -0x80 lea edx,[eax+eax*2] mov cl,[edx+DATA_009144] cmp cl,[esp+0x10] jnz JUMP_005273 mov cl,[edx+DATA_009145] cmp cl,[esp+0x11] jnz JUMP_005273 mov cl,[edx+DATA_009146] cmp cl,[esp+0x12] jz JUMP_005274 JUMP_005273: ; Pos = 4ea34 mov ecx,[DATA_009143] mov [ecx+DATA_009142],al inc dword [DATA_009143] mov ax,[esp+0x10] mov [edx+DATA_009144],ax mov al,[esp+0x12] mov [edx+DATA_009146],al JUMP_005274: ; Pos = 4ea5c inc esi add dword [esp+0x18],byte +0x10 inc ebx cmp esi,[esp] jl near JUMP_005271 JUMP_005275: ; Pos = 4ea6c mov ax,[DATA_009222] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov [DATA_009222],eax add esp,0x56c pop ebp pop edi pop esi pop ebx ret FUNC_001331_DPalSet: ; Pos = 4ea8c push ebx push esi xor esi, esi mov ebx, DATA_009142 jmp short JUMP_005277 JUMP_005276: ; Pos = 4ea9e xor eax,eax mov al, [ebx] lea ecx, [eax+eax*2] add ecx, DATA_009144 push ecx add eax, 0x80 push eax call _VideoSetPalValue add esp, 8 inc esi inc ebx JUMP_005277: ; Pos = 4eb04 cmp esi, [DATA_009143] jl JUMP_005276 xor dword [DATA_007634], byte +0x40 pop esi pop ebx ret ; void F1334 (int *rval, int op1, int op2) FUNC_001332_Int64Abs: ; Pos = 4eb18 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [ebp+0x10],byte +0x0 jnl JUMP_005278 push dword [ebp+0x10] push dword [ebp+0xc] push dword [DATA_007636] push dword [DATA_007635] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 pop ebp ret JUMP_005278: ; Pos = 4eb41 mov edx,[ebp+0xc] mov [eax],edx mov edx,[ebp+0x10] mov [eax+0x4],edx pop ebp ret ; void F1333 (int *rval, int64 op1, int64 op2) FUNC_001333_Int64Add64: ; Pos = 4eb4e push ebp mov ebp,esp mov edx,[ebp+0x8] mov eax,[ebp+0xc] add eax,[ebp+0x14] mov [edx],eax mov eax,[ebp+0x10] adc eax,[ebp+0x18] mov [edx+0x4],eax pop ebp ret ; void F1334 (int *rval, int64 op1, int op2) FUNC_001334_Int64Add32: ; Pos = 4eb67 push ebp mov ebp,esp push ecx mov ecx,[ebp+0x8] mov eax,[ebp+0x14] cdq add eax,[ebp+0xc] mov [ecx],eax adc edx,[ebp+0x10] mov [ecx+0x4],edx pop ecx pop ebp ret ; void F1335 (int64 *rval, int64 op1, int64 op2) FUNC_001335_Int64Sub64: ; Pos = 4eb80 push ebp mov ebp,esp mov edx,[ebp+0x8] mov eax,[ebp+0xc] sub eax,[ebp+0x14] mov [edx],eax mov eax,[ebp+0x10] sbb eax,[ebp+0x18] mov [edx+0x4],eax pop ebp ret ; void F1336 (int64 *rval, int64 op1, int op2) FUNC_001336_Int64Sub32: ; Pos = 4eb99 push ebp mov ebp,esp push ecx mov eax,[ebp+0x14] cdq mov ecx,[ebp+0xc] sub ecx,eax mov eax,[ebp+0x8] mov [eax],ecx mov ecx,[ebp+0x10] sbb ecx,edx mov [eax+0x4],ecx pop ecx pop ebp ret ; void F1337 (int64 *rval, int64 op1, int64 op2) FUNC_001337_Int64Mul64: ; Pos = 4ebb6 push ebp mov ebp,esp push ecx mov eax,[ebp+0xc] mul dword [ebp+0x14] mov ecx,[ebp+0x8] mov [ecx],eax mov [ecx+0x4],edx mov eax,[ebp+0x10] mul dword [ebp+0x14] add [ecx+0x4],eax mov eax,[ebp+0xc] mul dword [ebp+0x18] add [ecx+0x4],eax pop ecx pop ebp ret ; void F1338 (int64 *rval, int64 op1, int op2) FUNC_001338_Int64Mul32: ; Pos = 4ebdd push ebp mov ebp,esp push ecx mov eax,[ebp+0xc] mul dword [ebp+0x14] mov ecx,[ebp+0x8] mov [ecx],eax mov [ecx+0x4],edx mov eax,[ebp+0x10] mul dword [ebp+0x14] add [ecx+0x4],eax pop ecx pop ebp ret ; void F1339 (int64 *rval, int op1, int op2) FUNC_001339_Int64MulCreate: ; Pos = 4ebfb push ebp mov ebp,esp push ecx mov eax,[ebp+0xc] imul dword [ebp+0x10] mov ecx,[ebp+0x8] mov [ecx],eax mov [ecx+0x4],edx pop ecx pop ebp ret ; void F1340 (int64 *val, int shift) FUNC_001340_Int64LogicShift: ; Pos = 4ec10 push ebp mov ebp,esp push ebx push esi mov eax,[ebp+0xc] mov edx,[ebp+0x8] test eax,eax jz JUMP_005282 test eax,eax jnl JUMP_005280 neg eax cmp eax,byte +0x20 jnl JUMP_005279 mov ecx,eax mov ebx,[edx] shr ebx,cl mov ecx,0x20 sub ecx,eax mov esi,[edx+0x4] shl esi,cl or ebx,esi mov [edx],ebx mov ecx,eax sar dword [edx+0x4],cl jmp short JUMP_005282 JUMP_005279: ; Pos = 4ec47 lea ecx,[eax-0x20] mov eax,[edx+0x4] shr eax,cl mov [edx],eax xor eax,eax mov [edx+0x4],eax jmp short JUMP_005282 JUMP_005280: ; Pos = 4ec58 test eax,eax jng JUMP_005282 cmp eax,byte +0x20 jnl JUMP_005281 mov ecx,eax mov ebx,[edx+0x4] shl ebx,cl mov ecx,0x20 sub ecx,eax mov esi,[edx] shr esi,cl or ebx,esi mov [edx+0x4],ebx mov ecx,eax shl dword [edx],cl jmp short JUMP_005282 JUMP_005281: ; Pos = 4ec7e lea ecx,[eax-0x20] mov eax,[edx] shl eax,cl mov [edx+0x4],eax xor eax,eax mov [edx],eax JUMP_005282: ; Pos = 4ec8c pop esi pop ebx pop ebp ret ; void F1341 (int64 *val, int shift) FUNC_001341_Int64ArithShift: ; Pos = 4ec90 push ebp mov ebp,esp push ebx push esi mov eax,[ebp+0xc] mov edx,[ebp+0x8] test eax,eax jz JUMP_005286 test eax,eax jnl JUMP_005284 neg eax cmp eax,byte +0x20 jnl JUMP_005283 mov ecx,eax mov ebx,[edx] shr ebx,cl mov ecx,0x20 sub ecx,eax mov esi,[edx+0x4] shl esi,cl or ebx,esi mov [edx],ebx mov ecx,eax sar dword [edx+0x4],cl jmp short JUMP_005286 JUMP_005283: ; Pos = 4ecc7 lea ecx,[eax-0x20] mov eax,[edx+0x4] sar eax,cl mov [edx],eax sar dword [edx+0x4],0x1f jmp short JUMP_005286 JUMP_005284: ; Pos = 4ecd7 test eax,eax jng JUMP_005286 cmp eax,byte +0x20 jnl JUMP_005285 mov ecx,eax mov ebx,[edx+0x4] shl ebx,cl mov ecx,0x20 sub ecx,eax mov esi,[edx] shr esi,cl or ebx,esi mov [edx+0x4],ebx mov ecx,eax shl dword [edx],cl jmp short JUMP_005286 JUMP_005285: ; Pos = 4ecfd lea ecx,[eax-0x20] mov eax,[edx] shl eax,cl mov [edx+0x4],eax xor eax,eax mov [edx],eax JUMP_005286: ; Pos = 4ed0b pop esi pop ebx pop ebp ret ; FF80 function prototype: ; char *FF80Func (int stringindex, StringVars *vars, char *dest) ; ; Listed in D7649 ; code>>9 & 0x3f = index into D7649 ; code & 0x1ff = string index ; ; StringVars - array of five vars to be used by FF30 codes ; Each FF80 func writes a string in a (function-specific) array ; indexed by stringindex to dest, with full expansion. ; ; Call [D7641] (dest, stringindex&0x1ff, vars, char **arrayptr) ; arrayptr is specific to the function. [D7641] = F1347. ; returns end of dest string. ; FF30 function prototype: ; char *FF30Func (char *dest) ; ; Listed in D7652_PLUS_52 ; code - 0x3000 = index into D7652_PLUS_52 ; ; Uses vars at [D9149], writes string using one of them. ; returns end of dest string ; FF40 codes: ; Handled by function [D7640] = F1345 ; char *F1345 (char *dest, int stringindex) ; ; code & 0x3fff = stringindex ; indexes into array at D4682 - ship strings ; Expands string into dest, returns end of dest string. ; char *F1342 (int stridx, StrVars *vars, char *dest) ; Null FF80 code function - inserts "MODULE STRING" FUNC_001342_FF80Null: ; Pos = 4ed14 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x10] push dword DATA_007655 push ebx call _strcpy add esp,byte +0x8 push dword DATA_007656 call _strlen pop ecx inc eax add ebx,eax mov eax,ebx pop ebx pop ebp ret ; char *F1343 (char *dest, int ffcode) ; ffcode is first byte after ff << 8 | second byte after ff ; Expands ffcode to dest as above, then expands '[' codes. ; returns end of dest string FUNC_001343_StringExpandFFCodeInternal: ; Pos = 4ed3c push ebp mov ebp,esp add esp,0xfffff800 push ebx push esi push edi mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov esi,ebx cmp eax,0x8000 jc JUMP_005287 push ebx push dword [DATA_009149] mov edx,eax and edx,0x1ff push edx cmp eax, 0x8462 jnz .continue ; db 0xff .continue: shr eax,0x9 and eax,byte +0x3f mov eax,[eax*4+DATA_007649] call eax add esp,byte +0xc jmp short JUMP_005289 JUMP_005287: ; Pos = 4ed7b cmp eax,0x4000 jc JUMP_005288 push eax push ebx call near [DATA_007640] ; FUNC_001345_StringExpandFF40Code add esp,byte +0x8 jmp short JUMP_005289 JUMP_005288: ; Pos = 4ed8f cmp eax,0x3000 jc JUMP_005289 push ebx sub eax,0x3000 mov eax,[eax*4+DATA_007652_PLUS_52] call eax pop ecx JUMP_005289: ; Pos = 4eda1 push byte +0x0 call FUNC_000094 pop ecx mov edi,eax cmp dword [DATA_009149],byte +0x0 jz JUMP_005290 mov eax,[DATA_009149] push dword [eax] push byte +0x0 call FUNC_000093 add esp,byte +0x8 JUMP_005290: ; Pos = 4edc5 push esi push dword 0x800 lea eax,[ebp+0xfffff800] push eax call FUNC_000077_ExpandBracketCodes add esp,byte +0xc mov ebx,eax lea eax,[ebp+0xfffff800] sub ebx,eax add ebx,esi inc ebx mov eax,ebx sub eax,esi push eax lea eax,[ebp+0xfffff800] push eax push esi call _memcpy add esp,byte +0xc push edi push byte +0x0 call FUNC_000093 add esp,byte +0x8 mov eax,ebx pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; char *F1344 (char *dest, int ffcode, StrVars *vars) ; Wrapper for F1343, stores vars in D9149 for use by FF30 codes FUNC_001344_StringExpandFFCode: ; Pos = 4ee10 push ebp mov ebp,esp mov eax,[ebp+0x10] mov [DATA_009149],eax push dword [ebp+0xc] push dword [ebp+0x8] call FUNC_001343_StringExpandFFCodeInternal add esp,byte +0x8 pop ebp ret ; char *F1345 (char *dest, int stridx) ; Writes and expands to dest the string at [stridx*4+D4682] ; Ship strings writer. FUNC_001345_StringExpandFF40Code: ; Pos = 4ee2b push ebp mov ebp,esp mov eax,[ebp+0xc] and eax,0x3fff push dword [eax*4+DATA_004682] push dword [ebp+0x8] call near [DATA_007642] ; FUNC_001348_StringExpand add esp,byte +0x8 pop ebp ret ; char *F1346 (char *dest, int ffcode, StrVars *vars) ; Expands FF80 codes only, no '[' expansion. ; Writes vars to [D9149] FUNC_001346_StringExpandFF80Code: ; Pos = 4ee4b push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,[ebp+0x10] mov [DATA_009149],edx push dword [ebp+0x8] push dword [DATA_009149] mov edx,eax and edx,0x1ff push edx shr eax,0x9 and eax,byte +0x3f mov eax,[eax*4+DATA_007649] call eax add esp,byte +0xc pop ebp ret ; char *F1347 (char *dest, int stridx, StrVars *vars, char **strarray) ; Worker function used by FF80 functions FUNC_001347_StringExpandArrayIndex: ; Pos = 4ee80 push ebp mov ebp,esp mov eax,[ebp+0x10] mov [DATA_009149],eax mov eax,[ebp+0x14] mov edx,[ebp+0xc] push dword [eax+edx*4] push dword [ebp+0x8] call near [DATA_007642] ; FUNC_001348_StringExpand add esp,byte +0x8 pop ebp ret ; char *F1348 (char *dest, char *src) ; Expands FF codes, converts FE/FD codes FUNC_001348_StringExpand: ; Pos = 4eea2 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] mov eax,[ebp+0x8] jmp short JUMP_005296 JUMP_005291: ; Pos = 4eeae test dl,0x80 jz JUMP_005296 dec eax sub dl,0xfd jz JUMP_005293 dec dl jz JUMP_005292 dec dl jz JUMP_005294 jmp short JUMP_005295 JUMP_005292: ; Pos = 4eec3 mov byte [eax],0x1f inc eax mov dl,[ebx] mov [eax],dl inc ebx inc eax mov dl,[ebx] mov [eax],dl inc ebx inc eax jmp short JUMP_005296 JUMP_005293: ; Pos = 4eed5 mov byte [eax],0x1e inc eax mov dl,[ebx] mov [eax],dl inc ebx inc eax jmp short JUMP_005296 JUMP_005294: ; Pos = 4eee1 xor edx,edx mov dl,[ebx] shl edx,0x8 inc ebx xor ecx,ecx mov cl,[ebx] add edx,ecx inc ebx push edx push eax call FUNC_001343_StringExpandFFCodeInternal add esp,byte +0x8 dec eax jmp short JUMP_005296 JUMP_005295: ; Pos = 4eefd inc eax JUMP_005296: ; Pos = 4eefe mov dl,[ebx] inc ebx inc eax mov [eax-0x1],dl test dl,dl jnz JUMP_005291 pop ebx pop ebp ret FUNC_001349_FF30Null: ; Pos = 4ef0c push ebp mov ebp,esp mov eax,[ebp+0x8] pop ebp ret FUNC_001350_FF30WriteDateV1: ; Pos = 4ef1c push ebp mov ebp,esp push byte +0x0 mov eax,[DATA_009149] push dword [eax] push dword [ebp+0x8] call FUNC_001358_StringConvertDate add esp,byte +0xc pop ebp ret FUNC_001351_FF30WriteDateV2: ; Pos = 4ef35 push ebp mov ebp,esp push byte +0x0 mov eax,[DATA_009149] push dword [eax+0x4] push dword [ebp+0x8] call FUNC_001358_StringConvertDate add esp,byte +0xc pop ebp ret FUNC_001352_FF30WriteDateV3: ; Pos = 4ef4f push ebp mov ebp,esp push byte +0x0 mov eax,[DATA_009149] push dword [eax+0x8] push dword [ebp+0x8] call FUNC_001358_StringConvertDate add esp,byte +0xc pop ebp ret FUNC_001353_FF30WriteDateYearV1: ; Pos = 4ef69 push ebp mov ebp,esp push byte +0x1 mov eax,[DATA_009149] push dword [eax] push dword [ebp+0x8] call FUNC_001358_StringConvertDate add esp,byte +0xc pop ebp ret FUNC_001354_FF30WriteDateYearV2: ; Pos = 4ef82 push ebp mov ebp,esp push byte +0x1 mov eax,[DATA_009149] push dword [eax+0x4] push dword [ebp+0x8] call FUNC_001358_StringConvertDate add esp,byte +0xc pop ebp ret FUNC_001355_FF30WriteDateYearV3: ; Pos = 4ef9c push ebp mov ebp,esp push byte +0x1 mov eax,[DATA_009149] push dword [eax+0x8] push dword [ebp+0x8] call FUNC_001358_StringConvertDate add esp,byte +0xc pop ebp ret FUNC_001356_FF30WriteDateYearD8807: ; Pos = 4efb6 push ebp mov ebp,esp push byte +0x1 push dword [DATA_008807] push dword [ebp+0x8] call FUNC_001358_StringConvertDate add esp,byte +0xc pop ebp ret ; void F1357 (int inpdays, int *day, int *month, int *year) ; Convert raw number of days to numerical day, month, year FUNC_001357_StringConvertDateNum: ; Pos = 4efce push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov word [ebp-0x2],0x16d mov ax,[ebp-0x2] inc eax mov [ebp-0x4],ax movsx eax,word [ebp-0x2] lea ebx,[eax+eax*2] add bx,[ebp-0x4] mov byte [ebp-0x5],0x1c mov al,[ebp-0x5] inc eax mov [ebp-0x6],al movsx eax,bx push eax mov eax,edi pop edx mov ecx,edx xor edx,edx div ecx mov ecx,eax mov eax,ecx shl eax,0x2 mov edx,[ebp+0x14] mov [edx],eax movsx eax,bx imul ecx push eax mov eax,edi pop edx sub eax,edx mov edx,DATA_007651 mov ecx,eax movsx ebx,word [ebp-0x4] sub eax,ebx js JUMP_005299 mov ecx,eax mov ebx,[ebp+0x14] inc dword [ebx] mov bl,[ebp-0x5] mov [edx],bl movsx edx,word [ebp-0x2] sub eax,edx js JUMP_005298 mov ecx,eax mov edx,[ebp+0x14] inc dword [edx] movsx edx,word [ebp-0x2] sub eax,edx js JUMP_005297 mov edx,[ebp+0x14] inc dword [edx] jmp short JUMP_005300 JUMP_005297: ; Pos = 4f05f mov eax,ecx jmp short JUMP_005300 JUMP_005298: ; Pos = 4f063 mov eax,ecx jmp short JUMP_005300 JUMP_005299: ; Pos = 4f067 mov al,[ebp-0x6] mov [edx],al mov eax,ecx JUMP_005300: ; Pos = 4f06e mov edx,DATA_007650 test eax,eax jl JUMP_005302 JUMP_005301: ; Pos = 4f077 mov [esi],eax movsx ecx,byte [edx] sub eax,ecx inc edx test eax,eax jnl JUMP_005301 JUMP_005302: ; Pos = 4f083 inc dword [esi] sub edx,DATA_007650 mov eax,[ebp+0x10] mov [eax],edx pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret ; char *F1358 (char *dest, int days, int yearflag) ; Converts days to textual day-month-year representation ; if yearflag = 0, don't output year. FUNC_001358_StringConvertDate: ; Pos = 4f097 push ebp mov ebp,esp add esp,byte -0xc push ebx mov ebx,[ebp+0x8] lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax push dword [ebp+0xc] call FUNC_001357_StringConvertDateNum add esp,byte +0x10 push dword [ebp-0xc] push ebx call FUNC_001544 add esp,byte +0x8 mov ebx,eax mov byte [ebx-0x1],0x2d push dword [ebp-0x8] call FUNC_001359_StringConvertMonth pop ecx mov dl,[eax] mov [ebx],dl inc eax inc ebx mov dl,[eax] mov [ebx],dl inc eax inc ebx mov al,[eax] mov [ebx],al inc ebx cmp byte [ebp+0x10],0x0 jnz JUMP_005303 mov byte [ebx],0x0 inc ebx jmp short JUMP_005304 JUMP_005303: ; Pos = 4f0f0 mov byte [ebx],0x2d inc ebx push dword [ebp-0x4] push ebx call FUNC_001544 add esp,byte +0x8 mov ebx,eax JUMP_005304: ; Pos = 4f102 mov eax,ebx pop ebx mov esp,ebp pop ebp ret ; char *F1359 (int month) ; Returns pointer to textual month string FUNC_001359_StringConvertMonth: ; Pos = 4f109 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,byte +0x1 jl JUMP_005305 cmp eax,byte +0xc jng JUMP_005306 JUMP_005305: ; Pos = 4f119 mov edx,[DATA_007652] jmp short JUMP_005307 JUMP_005306: ; Pos = 4f121 mov edx,[eax*4+DATA_007652] JUMP_005307: ; Pos = 4f128 mov eax,edx pop ebp ret FUNC_001360_FF30WriteTimeV3: ; Pos = 4f12c push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x8] push dword [ebp+0x8] call FUNC_001363_StringConvertTime add esp,byte +0x8 pop ebp ret FUNC_001361_FF30WriteTimeV2: ; Pos = 4f144 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x4] push dword [ebp+0x8] call FUNC_001363_StringConvertTime add esp,byte +0x8 pop ebp ret FUNC_001362_FF30WriteTimeV1: ; Pos = 4f15c push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax] push dword [ebp+0x8] call FUNC_001363_StringConvertTime add esp,byte +0x8 pop ebp ret ; char *F1363 (char *dest, ULONG tics) ; Converts tics to HH:MM:SS 24hr format FUNC_001363_StringConvertTime: ; Pos = 4f173 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov ecx,0xc22e mov eax,ebx xor edx,edx div ecx mov ebx,eax mov eax,ebx mov ecx,0xe10 xor edx,edx div ecx mov ecx,eax mov eax,ebx mov ebx,0xe10 xor edx,edx div ebx mov ebx,edx mov eax,ebx mov edi,0x3c xor edx,edx div edi mov edi,eax mov eax,ebx mov ebx,0x3c xor edx,edx div ebx mov eax,edx push eax push edi push ecx push dword DATA_007670 push esi call _sprintf add esp,byte +0x14 push esi call _strlen pop ecx add esi,eax mov eax,esi pop edi pop esi pop ebx pop ebp ret FUNC_001364_FF30WriteStringV4: ; Pos = 4f1e1 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0xc] push dword [ebp+0x8] call near [DATA_007642] ; FUNC_001348_StringExpand add esp,byte +0x8 pop ebp ret FUNC_001365_FF30WriteStringV5: ; Pos = 4f1fa push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x10] push dword [ebp+0x8] call near [DATA_007642] ; FUNC_001348_StringExpand add esp,byte +0x8 pop ebp ret FUNC_001366_FF30WriteHexIntV3: ; Pos = 4f213 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x8] push dword [ebp+0x8] call FUNC_001542 add esp,byte +0x8 pop ebp ret FUNC_001367_FF30WriteHexIntV2: ; Pos = 4f22b push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x4] push dword [ebp+0x8] call FUNC_001542 add esp,byte +0x8 pop ebp ret FUNC_001368_FF30WriteHexIntV1: ; Pos = 4f243 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax] push dword [ebp+0x8] call FUNC_001542 add esp,byte +0x8 pop ebp ret FUNC_001369_FF30WriteTonsV3: ; Pos = 4f25a push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov eax,[DATA_009149] mov esi,[eax+0x8] test esi,esi jz JUMP_005308 push esi push ebx call FUNC_001544 add esp,byte +0x8 dec eax mov ebx,eax mov byte [ebx],0x74 inc ebx mov byte [ebx],0x0 inc ebx jmp short JUMP_005309 JUMP_005308: ; Pos = 4f285 mov byte [ebx],0x2d inc ebx mov byte [ebx],0x0 inc ebx JUMP_005309: ; Pos = 4f28d mov eax,ebx pop esi pop ebx pop ebp ret FUNC_001370_FF30WriteTonsV2: ; Pos = 4f293 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov eax,[DATA_009149] mov esi,[eax+0x4] test esi,esi jz JUMP_005310 push esi push ebx call FUNC_001544 add esp,byte +0x8 dec eax mov ebx,eax mov byte [ebx],0x74 inc ebx mov byte [ebx],0x0 inc ebx jmp short JUMP_005311 JUMP_005310: ; Pos = 4f2be mov byte [ebx],0x2d inc ebx mov byte [ebx],0x0 inc ebx JUMP_005311: ; Pos = 4f2c6 mov eax,ebx pop esi pop ebx pop ebp ret FUNC_001371_FF30WriteTonsV1: ; Pos = 4f2cc push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] mov eax,[DATA_009149] mov esi,[eax] test esi,esi jz JUMP_005312 push esi push ebx call FUNC_001544 add esp,byte +0x8 dec eax mov ebx,eax mov byte [ebx],0x74 inc ebx mov byte [ebx],0x0 inc ebx jmp short JUMP_005313 JUMP_005312: ; Pos = 4f2f6 mov byte [ebx],0x2d inc ebx mov byte [ebx],0x0 inc ebx JUMP_005313: ; Pos = 4f2fe mov eax,ebx pop esi pop ebx pop ebp ret FUNC_001372_FF30WriteIntV4: ; Pos = 4f304 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0xc] push dword [ebp+0x8] call FUNC_001544 add esp,byte +0x8 pop ebp ret FUNC_001373_FF30WriteIntV5: ; Pos = 4f31c push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x10] push dword [ebp+0x8] call FUNC_001544 add esp,byte +0x8 pop ebp ret FUNC_001374_FF30WriteIntV3: ; Pos = 4f334 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x8] push dword [ebp+0x8] call FUNC_001544 add esp,byte +0x8 pop ebp ret FUNC_001375_FF30WriteIntV2: ; Pos = 4f34c push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x4] push dword [ebp+0x8] call FUNC_001544 add esp,byte +0x8 pop ebp ret FUNC_001376_FF30WriteIntV1: ; Pos = 4f364 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax] push dword [ebp+0x8] call FUNC_001544 add esp,byte +0x8 pop ebp ret ; char *F1377 (char *dest, int frac, int dp) ; Writes int with fractional part to dp decimal places ; '.34' etc. FUNC_001377_StringConvertFraction: ; Pos = 4f37b push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] mov edi,ebx push dword [ebp+0xc] push byte +0x0 push ebx call FUNC_001545 add esp,byte +0xc mov ebx,eax push edi call _strlen pop ecx cmp esi,eax jl JUMP_005318 lea edx,[esi+0x1] sub edx,eax add ebx,edx mov [ebp-0x4],ebx dec ebx inc eax test eax,eax jng JUMP_005315 JUMP_005314: ; Pos = 4f3b5 mov ecx,ebx sub ecx,edx mov cl,[ecx] mov [ebx],cl dec eax dec ebx test eax,eax jg JUMP_005314 JUMP_005315: ; Pos = 4f3c3 mov ebx,edi mov eax,edx test eax,eax jng JUMP_005317 JUMP_005316: ; Pos = 4f3cb mov byte [ebx],0x30 inc ebx dec eax test eax,eax jg JUMP_005316 JUMP_005317: ; Pos = 4f3d4 mov ebx,[ebp-0x4] JUMP_005318: ; Pos = 4f3d7 mov byte [ebx],0x0 dec ebx mov eax,0x1 cmp esi,eax jl JUMP_005320 JUMP_005319: ; Pos = 4f3e4 mov dl,[ebx-0x1] mov [ebx],dl dec ebx inc eax cmp esi,eax jnl JUMP_005319 JUMP_005320: ; Pos = 4f3ef mov byte [ebx],0x2e lea eax,[esi+ebx+0x2] pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001378_FF30Write1dpFracV1: ; Pos = 4f3fc push ebp mov ebp,esp push byte +0x1 mov eax,[DATA_009149] push dword [eax] push dword [ebp+0x8] call FUNC_001377_StringConvertFraction add esp,byte +0xc pop ebp ret FUNC_001379_FF30Write1dpFracV2: ; Pos = 4f415 push ebp mov ebp,esp push byte +0x1 mov eax,[DATA_009149] push dword [eax+0x4] push dword [ebp+0x8] call FUNC_001377_StringConvertFraction add esp,byte +0xc pop ebp ret FUNC_001380_FF30Write1dpFracV3: ; Pos = 4f42f push ebp mov ebp,esp push byte +0x1 mov eax,[DATA_009149] push dword [eax+0x8] push dword [ebp+0x8] call FUNC_001377_StringConvertFraction add esp,byte +0xc pop ebp ret FUNC_001381_FF30Write2dpFracV1: ; Pos = 4f449 push ebp mov ebp,esp push byte +0x2 mov eax,[DATA_009149] push dword [eax] push dword [ebp+0x8] call FUNC_001377_StringConvertFraction add esp,byte +0xc pop ebp ret FUNC_001382_FF30Write2dpFracV2: ; Pos = 4f462 push ebp mov ebp,esp push byte +0x2 mov eax,[DATA_009149] push dword [eax+0x4] push dword [ebp+0x8] call FUNC_001377_StringConvertFraction add esp,byte +0xc pop ebp ret FUNC_001383_FF30Write2dpFracV3: ; Pos = 4f47c push ebp mov ebp,esp push byte +0x2 mov eax,[DATA_009149] push dword [eax+0x8] push dword [ebp+0x8] call FUNC_001377_StringConvertFraction add esp,byte +0xc pop ebp ret FUNC_001384_FF30Write3dpFracV1: ; Pos = 4f496 push ebp mov ebp,esp push byte +0x3 mov eax,[DATA_009149] push dword [eax] push dword [ebp+0x8] call FUNC_001377_StringConvertFraction add esp,byte +0xc pop ebp ret FUNC_001385_FF30Write3dpFracV2: ; Pos = 4f4af push ebp mov ebp,esp push byte +0x3 mov eax,[DATA_009149] push dword [eax+0x4] push dword [ebp+0x8] call FUNC_001377_StringConvertFraction add esp,byte +0xc pop ebp ret FUNC_001386_FF30Write3dpFracV3: ; Pos = 4f4c9 push ebp mov ebp,esp push byte +0x3 mov eax,[DATA_009149] push dword [eax+0x8] push dword [ebp+0x8] call FUNC_001377_StringConvertFraction add esp,byte +0xc pop ebp ret FUNC_001387_FF30WriteFFCodeV5: ; Pos = 4f530 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x10] push dword [ebp+0x8] call FUNC_001343_StringExpandFFCodeInternal add esp,byte +0x8 pop ebp ret FUNC_001388_FF30WriteFFCodeV4: ; Pos = 4f548 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0xc] push dword [ebp+0x8] call FUNC_001343_StringExpandFFCodeInternal add esp,byte +0x8 pop ebp ret FUNC_001389_FF30WriteFFCodeV3: ; Pos = 4f560 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x8] push dword [ebp+0x8] call FUNC_001343_StringExpandFFCodeInternal add esp,byte +0x8 pop ebp ret FUNC_001390_FF30WriteFFCodeV2: ; Pos = 4f578 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x4] push dword [ebp+0x8] call FUNC_001343_StringExpandFFCodeInternal add esp,byte +0x8 pop ebp ret FUNC_001391_FF30WriteFFCodeV1: ; Pos = 4f590 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax] push dword [ebp+0x8] call FUNC_001343_StringExpandFFCodeInternal add esp,byte +0x8 pop ebp ret FUNC_001392_FF30WriteWrapStringV4: ; Pos = 4f5a7 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx call FUNC_001364_FF30WriteStringV4 pop ecx push byte +0x23 push ebx call near [DATA_007643] ; FUNC_001398_StringWrap add esp,byte +0x8 pop ebx pop ebp ret FUNC_001393_StringConvertSpeed: ; Pos = 4f5c4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] mov ecx,[ebp+0x8] cmp ebx,0x4705d jg JUMP_005321 push byte +0x1 imul eax,ebx,0x156 mov ebx,0x64 cdq idiv ebx push eax push ecx call FUNC_001377_StringConvertFraction add esp,byte +0xc mov ecx,eax dec ecx push dword [DATA_007646] push ecx call near [DATA_007642] ; FUNC_001348_StringExpand add esp,byte +0x8 mov ecx,eax jmp short JUMP_005322 JUMP_005321: ; Pos = 4f607 push byte +0x2 mov eax,ebx mov ebx,0x69 cdq idiv ebx push eax push ecx call FUNC_001377_StringConvertFraction add esp,byte +0xc mov ecx,eax dec ecx push dword [DATA_007647] push ecx call near [DATA_007642] ; FUNC_001348_StringExpand add esp,byte +0x8 mov ecx,eax JUMP_005322: ; Pos = 4f632 mov eax,ecx pop ebx pop ebp ret FUNC_001394_FF30WriteSpeedV3: ; Pos = 4f637 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x8] push dword [ebp+0x8] call FUNC_001393_StringConvertSpeed add esp,byte +0x8 pop ebp ret FUNC_001395_FF30WriteSpeedV2: ; Pos = 4f64f push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax+0x4] push dword [ebp+0x8] call FUNC_001393_StringConvertSpeed add esp,byte +0x8 pop ebp ret FUNC_001396_FF30WriteSpeedV1: ; Pos = 4f667 push ebp mov ebp,esp mov eax,[DATA_009149] push dword [eax] push dword [ebp+0x8] call FUNC_001393_StringConvertSpeed add esp,byte +0x8 pop ebp ret ; char *F1397 (char *dest, int ffcode, int wrapwidth) ; Expands ffcode into dest, wraps resultant string to wrapwidth FUNC_001397_StringExpandWrapFFCode: ; Pos = 4f67e push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] push dword [ebp+0xc] push ebx call FUNC_001343_StringExpandFFCodeInternal add esp,byte +0x8 test esi,esi jz JUMP_005323 push esi push ebx call near [DATA_007643] ; FUNC_001398_StringWrap add esp,byte +0x8 mov ebx,eax JUMP_005323: ; Pos = 4f6a6 mov eax,ebx pop esi pop ebx pop ebp ret ; char *F1398 (char *dest, int wrapwidth) ; Worker function, wraps string to wrapwidth FUNC_001398_StringWrap: ; Pos = 4f6ac push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov ebx,[ebp+0x8] xor edx,edx xor eax,eax mov [ebp-0xc],eax mov edi,ebx mov esi,[ebp+0xc] jmp JUMP_005336 JUMP_005324: ; Pos = 4f6c9 cmp al,0x1 jnz JUMP_005325 inc ebx jmp JUMP_005336 JUMP_005325: ; Pos = 4f6d3 cmp al,0x2 jnz JUMP_005326 mov al,[ebx] inc ebx movsx eax,al push eax call FUNC_001620_BmpIndexToPtr pop ecx xor edx,edx mov dl,[eax+0x1] mov [ebp-0x4],esi movsx eax,word [eax+0x2] add eax,byte +0xa sub esi,eax mov [ebp-0x8],esi mov esi,[ebp-0x8] xor eax,eax mov [ebp-0xc],eax jmp JUMP_005336 JUMP_005326: ; Pos = 4f705 cmp al,0x3 jz near JUMP_005336 xor ecx,ecx mov cl,al cmp byte [ecx+DATA_007648],0x0 jnl JUMP_005327 mov esi,[ebp+0xc] mov dword [ebp-0xc],0x1 test edx,edx jng JUMP_005336 sub edx,byte +0xa jmp short JUMP_005336 JUMP_005327: ; Pos = 4f72d xor ecx,ecx mov cl,al movsx ecx,byte [ecx+DATA_007648] sub esi,ecx cmp esi,[ebp-0x4] jg JUMP_005330 cmp dword [ebp-0xc],byte +0x0 jz JUMP_005330 test edx,edx jng JUMP_005330 jmp short JUMP_005329 JUMP_005328: ; Pos = 4f74b cmp edi,ebx jnz JUMP_005329 mov eax,ebx jmp short JUMP_005337 JUMP_005329: ; Pos = 4f753 dec ebx cmp byte [ebx],0x20 jnz JUMP_005328 mov byte [ebx],0x3 inc ebx mov esi,[ebp-0x8] xor ecx,ecx mov [ebp-0xc],ecx JUMP_005330: ; Pos = 4f765 test esi,esi jg JUMP_005336 cmp al,0xd jz JUMP_005336 jmp short JUMP_005334 JUMP_005331: ; Pos = 4f76f cmp edi,ebx jnz JUMP_005334 JUMP_005332: ; Pos = 4f773 mov al,[ebx] inc ebx cmp al,0x20 jz JUMP_005333 cmp byte [ebx],0x0 jnz JUMP_005332 JUMP_005333: ; Pos = 4f77f cmp byte [ebx],0x0 jnz JUMP_005334 mov eax,ebx jmp short JUMP_005337 JUMP_005334: ; Pos = 4f788 dec ebx cmp byte [ebx],0x20 jnz JUMP_005331 mov byte [ebx],0xd inc ebx mov esi,[ebp+0xc] test edx,edx jng JUMP_005335 sub edx,byte +0xa JUMP_005335: ; Pos = 4f79c mov dword [ebp-0xc],0x1 JUMP_005336: ; Pos = 4f7a3 mov al,[ebx] inc ebx test al,al jnz near JUMP_005324 mov eax,ebx JUMP_005337: ; Pos = 4f7b0 pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; char *F1399 (int ffcode, StrVars vars, COLPAL col, ; int xpos, int ypos, int wrapwidth) ; Expands and wraps to D9147 (workspace), writes string shadowed FUNC_001399_StringDrawWrapShadow: ; Pos = 4f7b7 push ebp mov ebp,esp push ebx push esi mov esi,DATA_009147 mov eax,[ebp+0xc] mov [DATA_009149],eax push dword [ebp+0x1c] push dword [ebp+0x8] push esi call FUNC_001397_StringExpandWrapFFCode add esp,byte +0xc mov ebx,0x1 xor eax,eax jmp short JUMP_005340 JUMP_005338: ; Pos = 4f7e1 cmp byte [esi+eax],0xd jnz JUMP_005339 cmp byte [esi+eax+0x1],0x0 jz JUMP_005339 inc ebx JUMP_005339: ; Pos = 4f7ef inc eax JUMP_005340: ; Pos = 4f7f0 cmp byte [esi+eax],0x0 jnz JUMP_005338 push dword [ebp+0x10] push dword [ebp+0x18] push dword [ebp+0x14] push esi call FUNC_001589_WriteStringShadowed add esp,byte +0x10 mov eax,ebx pop esi pop ebx pop ebp ret ; void F1400 (int ffcode, COLPAL col, int xpos, int ypos, int wrapwidth) FUNC_001400_StringDrawWrapNoVars: ; Pos = 4f80e push ebp mov ebp,esp push dword [ebp+0x18] push dword [ebp+0x8] push dword DATA_009147 call FUNC_001397_StringExpandWrapFFCode add esp,byte +0xc push dword [ebp+0xc] push dword [ebp+0x14] push dword [ebp+0x10] push dword DATA_009147 call FUNC_001584_TextWriteDefaultClip add esp,byte +0x10 pop ebp ret ; void F1401 (int ffcode, StrVars vars, COLPAL col, ; int xpos, int ypos, int wrapwidth) FUNC_001401_StringDrawWrap: ; Pos = 4f83c push ebp mov ebp,esp mov eax,[ebp+0xc] mov [DATA_009149],eax push dword [ebp+0x1c] push dword [ebp+0x18] push dword [ebp+0x14] push dword [ebp+0x10] push dword [ebp+0x8] call FUNC_001400_StringDrawWrapNoVars add esp,byte +0x14 pop ebp ret ; void F1402 (int ffcode, StrVars vars, COLPAL col, ; int xpos, int ypos, int wrapwidth) FUNC_001402_StringDrawWrapPersist: ; Pos = 4f860 push ebp mov ebp,esp mov eax,[ebp+0xc] mov [DATA_009149],eax push dword [ebp+0x1c] push dword [ebp+0x8] push dword DATA_009147 call FUNC_001397_StringExpandWrapFFCode add esp,byte +0xc push dword [ebp+0x10] push dword [ebp+0x18] push dword [ebp+0x14] push dword DATA_009147 call FUNC_001581_PersistTextWrite add esp,byte +0x10 pop ebp ret ; int F1406 (int ascval) ; Returns keystate FUNC_001406_KeybGetKeyState: ; Pos = 4f974 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [eax*4+DATA_007687],byte +0x0 jnl JUMP_005341 xor eax,eax pop ebp ret JUMP_005341: ; Pos = 4f988 mov eax,[eax*4+DATA_007687] movzx eax,byte [eax+DATA_007691] cmp eax,byte +0x1 sbb eax,eax neg eax pop ebp ret ; void F1407 (void) ; Stores old int 9 vector in D7686 ; Locks all memory ; Installs F1412 as new int 9 vector FUNC_001407_KeybInit: ; Pos = 4f9a0 mov dword [DATA_007690], 0 mov dword [DATA_009181], 0xff ret ; void F1408 (void) ; Unlocks all memory ; Restores original int 9 vector FUNC_001408_KeybCleanup: ; Pos = 4fa8c ret ; char F1409 (void) FUNC_001409_GuiGetLastActionInternal: ; Pos = 4fb44 mov al,[DATA_009158] ret ; void F1410 (char) FUNC_001410_GuiSetLastActionInternal: ; Pos = 4fb4c push ebp mov ebp,esp mov al,[ebp+0x8] mov [DATA_009158],al pop ebp ret SECTION .data logfile dd 0 pLogAttrib db 'wt', 0x0 pLogName db 'ffe.log', 0x0 pLogString db 0xa, 'Object index %i', 0xa, 0x0 pLogString2 db 'Name: %s, flags %x', 0xa, 0x0 SECTION .text ; char F1414 (void) ; If key is numpad '*', save screenshot ; Reset last key to zero FUNC_001414_GuiGetLastAction: ; Pos = 4fc90 push ebx call FUNC_001409_GuiGetLastActionInternal cmp al,0xfd jnz near JUMP_005347 push byte +0x0 call FUNC_001410_GuiSetLastActionInternal pop ecx cmp byte [DATA_007691+42], 0 jz .objlist call FUNC_001446_ScrnShotSave jmp JUMP_005347 .objlist: push ebx push esi push edi cmp dword [logfile], 0 jnz .endopen push dword pLogAttrib push dword pLogName call _fopen add esp,byte +0x8 mov [logfile], eax .endopen: mov ebx, 0x0 mov esi, [DATA_009133] add esi, 0x74 mov edi, [DATA_009133] .objectloop: push ebx push dword pLogString push dword [logfile] call _fprintf call _fflush add esp, 12 cmp byte [edi], 0 jz near .loopend movzx eax, byte [edi] push eax lea eax, [esi+0x124] push eax push dword pLogString2 push dword [logfile] call _fprintf call _fflush add esp, 16 ; push dword pLogString ; push dword [logfile] ; call _fprintf ; call _fflush ; add esp, .loopend: add esi, 0x152 add edi, 1 add ebx, 1 cmp ebx, 0x72 jle near .objectloop pop edi pop esi pop ebx JUMP_005347: ; Pos = 4fca7 ; call FUNC_001632_UpdatePtr call FUNC_001409_GuiGetLastActionInternal mov ebx,eax push byte +0x0 call FUNC_001410_GuiSetLastActionInternal pop ecx mov eax,ebx pop ebx ret ; void F1415 (char) FUNC_001415_GuiSetLastAction: ; Pos = 4fcc0 push ebp mov ebp,esp mov al,[ebp+0x8] push eax call FUNC_001410_GuiSetLastActionInternal pop ecx pop ebp ret SECTION .data tmLastTime dd 0 tmMinFrame dd 0 tmNext50Hz dd 0 pTmCfgStruct times 32 db 0x0 pTmCfgFile db 'jjffe.cfg', 0x0 pTmCfgSect db 'TIMER', 0x0 pTmCfgKey db 'maxfps', 0x0 SECTION .text Timer50Hz: cmp dword [DATA_007705],byte +0x0 jz .no7705 inc dword [DATA_007705] ; LMB accum .no7705: cmp byte [DATA_009160],0xff jz .no9160 inc byte [DATA_009160] ; Unknown .no9160: mov eax, 255 .accumloop: cmp dword [eax*4+DATA_KeyAccumTable], byte 0x0 jz .accumloopend inc dword [eax*4+DATA_KeyAccumTable] .accumloopend: dec eax jnl .accumloop cmp dword [splashTimeout], 0 jz .nosplash dec dword [splashTimeout] .nosplash: cmp dword [DATA_007690],byte +0x0 jz .noscanaccum inc dword [DATA_007690] ; Scancode accum .noscanaccum: ret FUNC_001416_TimerInit: push ebp mov ebp, esp ; Open config file, read max frame rate to maxrate ; Close config file push dword pTmCfgFile push dword pTmCfgStruct call _CfgOpen add esp, 8 push dword pTmCfgSect push dword pTmCfgStruct call _CfgFindSection add esp, 8 mov dword [tmMinFrame], 50 push dword tmMinFrame push dword pTmCfgKey push dword pTmCfgStruct call _CfgGetKeyVal add esp, 12 push dword pTmCfgStruct call _CfgClose pop ecx ; Convert maximum FPS to minimum time per frame ; 1000 / maxfps = minframetime mov eax, 1000 xor edx, edx mov ecx, [tmMinFrame] div ecx cmp eax, 5 jge .nocorrect mov eax, 5 .nocorrect: mov [tmMinFrame], eax ; Read timestamp, set as start time call _TimerGetTimeStamp mov [tmLastTime], eax mov [tmNext50Hz], eax pop ebp ret FUNC_001417_TimerCleanup: ret FUNC_001418_TimerAdvance: push ebp mov ebp, esp push ebx push esi call _TimerFrameUpdate .sleeploop: call _TimerGetTimeStamp mov esi, eax sub eax, [tmLastTime] mov ebx, eax cmp ebx, [tmMinFrame] jge .endsleep call _TimerSleep jmp .sleeploop .endsleep: .50hzloop: cmp esi, [tmNext50Hz] jl .end50hz add dword [tmNext50Hz], 20 call Timer50Hz jmp .50hzloop .end50hz: ; Increment system & accel counters mov [tmLastTime], esi mov ecx, 20 mov eax, ebx mov edx, 0x3e2 mul edx div ecx add [DATA_009157], eax mov eax, ebx mov edx, [DATA_007706] mul edx div ecx add [DATA_009156], eax pop esi pop ebx pop ebp ret ; void F1427 (void) ; Sets up mouse position and virtual screen size ; D7714 = mousepresent, D9208, D9209 = xpos, ypos FUNC_001427_MouseInit: ; Pos = 501e4 mov word [DATA_009208],0xa0 mov word [DATA_009209],0x64 ret ; word+word F1428 (void) ; Calls F1429, F1437 (GetMickeys, GetJoyVals) ; Checks mouse buttons, also HOME and INS ; Sets D7708/D7711 to button states ; Clears D7710/D7713 if button released ; Returns xmick/ymick, inc'd by ALT keystates FUNC_001429_GuiReadAllInput: ; Pos = 5035c push ebp mov ebp, esp sub esp, 0x8 push ebx push esi push edi push ecx mov ebx,DATA_007691 xor esi,esi xor edi,edi push ebx call _InputKeybReadStates pop ecx ; Copy key states ; Last key processing call _InputKeybGetLastKey cmp al, 0xff ; Fetch last key jz .notpress cmp dword [splashTimeout], 0 jnz .notpress ; splash screen timeout check mov cl, [DATA_009181] cmp al, cl jz .unchanged mov dword [DATA_007690], 0x1 mov [DATA_009181], al ; Last scancode accum check .unchanged: mov dl, [DATA_007693] and dl, [DATA_007694] ; Shifts and eax, 0x7f and edx, 0x80 or eax,edx mov al, [eax+DATA_007688] ; Action table cmp al, 0xff jz .notpress cmp byte [DATA_007689], 0x0 jnz .notpress mov [DATA_009158], al ; Last action update .notpress: ; Accumulator updates mov eax, [DATA_009181] cmp byte [eax+DATA_007691], 0x0 jz .noaccumclear mov dword [DATA_007690], 0 ; Old accumulator clear mov dword [DATA_009181], 0xff .noaccumclear: mov eax, 255 .accumloop: cmp byte [eax+DATA_007691], 0 jz .accumpress mov dword [eax*4+DATA_KeyAccumTable], 0 jmp .accumloopend .accumpress cmp dword [eax*4+DATA_KeyAccumTable], 0 jnz .accumloopend mov dword [eax*4+DATA_KeyAccumTable], 1 .accumloopend: dec eax jnl .accumloop ; new accumulators loop push dword 0xff call _InputKeybSetLastKey pop ecx ; Reset last keypress call _InputMouseReadButtons or esi,byte -0x1 test eax, 0x1 jnz JUMP_005371 inc esi JUMP_005371: ; Pos = 5039d or edi,byte -0x1 test eax, 0x2 jnz JUMP_005372 inc edi JUMP_005372: ; Pos = 503aa cmp dword [ptrExclusive], 0 jnz NEAR .exclusive lea eax, [ebp-0x8] push eax lea eax, [ebp-0x4] push eax call _InputMouseReadPos add esp, byte 0x8 cmp word [ebp-4], byte +0x0 jl NEAR .nonexcloutside cmp word [ebp-4], 0x13f jg NEAR .nonexcloutside cmp word [ebp-8], byte +0x0 jl NEAR .nonexcloutside cmp word [ebp-8], 0xc7 jng NEAR .exclusive ; Check whether pointer is inside window .nonexcloutside mov esi, 0 mov edi, 0 .exclusive: jmp JUMP_005374 mov al,[ebx+0x55] and al,[ebx+0x52] and al,[ebx+0xd5] and al,[ebx+0xd2] jnz JUMP_005375 or esi,byte -0x1 JUMP_005375: ; Pos = 5045b mov al,[ebx+0x58] and al,[ebx+0x47] and al,[ebx+0xd8] and al,[ebx+0xc7] jnz JUMP_005376 or edi,byte -0x1 JUMP_005376: cmp byte [ebx+0x7e],0x0 jnz JUMP_005373 or esi,byte -0x1 JUMP_005373: ; Pos = 503b4 cmp byte [ebx+0x7d],0x0 jnz JUMP_005374 or edi,byte -0x1 JUMP_005374: ; Pos = 503bd mov eax,esi mov [DATA_007708],al mov eax,edi mov [DATA_007711],al mov eax,esi and [DATA_007710],al mov eax,edi and [DATA_007713],al mov edi, [ebp+0x8] mov esi, [ebp+0xc] push esi push edi call _InputMouseReadMickeys add esp, 0x8 mov al,[ebx+0xb8] and al,[ebx+0x38] jnz JUMP_005380 mov al,[ebx+0x29] and al,[ebx+0x48] and al,[ebx+0xa9] and al,[ebx+0xc8] jnz JUMP_005377 add dword [esi],byte -0x4 JUMP_005377: ; Pos = 503f8 mov al,[ebx+0x4a] and al,[ebx+0x50] and al,[ebx+0xca] and al,[ebx+0xd0] jnz JUMP_005378 add dword [esi],byte +0x4 JUMP_005378: ; Pos = 50412 mov al,[ebx+0x2b] and al,[ebx+0x4b] and al,[ebx+0xab] and al,[ebx+0xcb] jnz JUMP_005379 add dword [edi],byte -0x4 JUMP_005379: ; Pos = 5042b mov al,[ebx+0x4e] and al,[ebx+0x4d] and al,[ebx+0xce] and al,[ebx+0xcd] jnz JUMP_005380 add dword [edi],byte +0x4 JUMP_005380: ; Pos = 50472 mov al, [ebx+29] or al, [ebx+16] test al, al jnz .noquit call FUNC_001529_SysExit .noquit: pop ecx pop edi pop esi pop ebx mov esp, ebp pop ebp ret FUNC_001430: ; Pos = 504a4 movsx eax,byte [DATA_007710] not eax and [DATA_007708],al or [DATA_007710],al ret FUNC_001431: ; Pos = 504bc movsx eax,byte [DATA_007713] not eax and [DATA_007711],al or [DATA_007713],al ret ; word+word F1432 (void) ; Calls F1429 (ReadAllSources) ; D9188/D9189 += D9191/D9192 + <>/AZ accum ; if RMB, D9188/D9189 += xmick/ymick ; else: ; D8832/D8833 = new pointer xpos/ypos clipped ; D7710 set if new LMB press ; if LMB just pressed or 0.5s passed, register GUI action ; F1410 (action), [D9160] = [D9159], [D9159] = action ; Returns new pointer xpos/ypos clipped to screen FUNC_001432_GuiProcessInput: ; Pos = 504d4 push ebp mov ebp, esp sub esp, 0xc push ebx push esi push ecx lea esi, [ebp-4] call _InputJoyReadButtons shl eax, 4 xor eax, 0xf0 mov byte [DATA_009163], al lea eax, [ebp-0xc] push eax lea eax, [ebp-0x8] push eax call _InputJoyReadPos add esp, byte 0x8 mov ax, [ebp-0x8] add [DATA_009188], ax mov ax, [ebp-0xc] add [DATA_009189], ax lea eax, [ebp-0xc] push eax lea eax, [ebp-0x8] push eax call FUNC_001429_GuiReadAllInput add esp, byte 0x8 cmp byte [DATA_007711],0x0 jz JUMP_005382 call FUNC_001631_DisablePtr mov ax, [ebp-0x8] add [DATA_009188],ax mov ax, [ebp-0xc] add [DATA_009189],ax movzx eax,word [DATA_009208] movsx edx,word [DATA_009209] shl edx,0x10 or eax,edx jmp JUMP_005395 JUMP_005382: ; Pos = 50556 cmp dword [ptrExclusive], 0 jnz NEAR .exclusive call FUNC_001630_EnablePtr lea eax, [ebp-0xc] push eax lea eax, [ebp-0x8] push eax call _InputMouseReadPos add esp, byte 0x8 mov ax, [ebp-0x8] mov [esi], ax mov ax, [ebp-0xc] mov [esi+2], ax jmp JUMP_005386 .exclusive: mov ax, [ebp-0x8] mov [esi], ax mov ax, [ebp-0xc] mov [esi+2], ax test byte [DATA_008835],0x20 jz .notintro call FUNC_001631_DisablePtr jmp .intro .notintro: ; Pos = 53803 call FUNC_001630_EnablePtr .intro: mov ax,[DATA_009208] add [esi],ax mov ax,[DATA_009209] add [esi+2],ax cmp word [esi],byte +0x0 jnl JUMP_005383 mov word [esi],0x0 JUMP_005383: ; Pos = 50574 cmp word [esi],0x13f jng JUMP_005384 mov word [esi],0x13f JUMP_005384: ; Pos = 50580 cmp word [esi+0x2],byte +0x0 jnl JUMP_005385 mov word [esi+0x2],0x0 JUMP_005385: ; Pos = 5058d cmp word [esi+0x2],0xc6 jng JUMP_005386 mov word [esi+0x2],0xc6 JUMP_005386: ; Pos = 5059b cmp byte [DATA_007708],0x0 jz near JUMP_005393 mov ax,[esi] mov [DATA_008832],ax mov ax,[esi+0x2] mov [DATA_008833],ax cmp word [esi+0x2],0x9e jnl JUMP_005387 mov ebx,0xff jmp short JUMP_005388 JUMP_005387: ; Pos = 505ca xor ebx,ebx JUMP_005388: ; Pos = 505cc mov eax,DATA_007683 jmp short JUMP_005391 JUMP_005389: ; Pos = 505d3 movsx edx,word [esi] cmp edx,[eax] jl JUMP_005390 movsx edx,word [esi] cmp edx,[eax+0x8] jg JUMP_005390 movsx edx,word [esi+0x2] cmp edx,[eax+0x4] jl JUMP_005390 movsx edx,word [esi+0x2] cmp edx,[eax+0xc] jg JUMP_005390 mov ebx,[eax+0x10] JUMP_005390: ; Pos = 505f7 add eax,byte +0x14 JUMP_005391: ; Pos = 505fa cmp dword [eax],byte -0x1 jnz JUMP_005389 movsx eax,byte [DATA_007710] not eax movsx edx,byte [DATA_007708] and eax,edx or [DATA_007710],al test eax,eax jz JUMP_005392 push ebx call FUNC_001410_GuiSetLastActionInternal pop ecx mov al,[DATA_009159] mov [DATA_009160],al mov [DATA_009159],bl mov al,[DATA_009161] mov [DATA_009162],al mov byte [DATA_009161],0x0 mov dword [DATA_007705],0x1 jmp short JUMP_005394 JUMP_005392: ; Pos = 5064f cmp dword [DATA_007705],byte +0x1a jl JUMP_005394 push ebx call FUNC_001410_GuiSetLastActionInternal pop ecx jmp short JUMP_005394 JUMP_005393: ; Pos = 50661 xor eax,eax mov [DATA_007705],eax JUMP_005394: ; Pos = 50668 movzx eax,word [esi] movsx edx,word [esi+0x2] shl edx,0x10 or eax,edx JUMP_005395: ; Pos = 50674 pop ecx pop esi pop ebx mov esp, ebp pop ebp ret SECTION .text ; struct HotArea { ; int xmin, ymin; ; int xmax, ymax; ; int actionnum; ; }; ; ; void F1438 (void) ; Truncates list of hot regions FUNC_001438_GuiClearHotAreas: ; Pos = 509e4 mov dword [DATA_007683],0xffffffff ret ; void F1439 (void) ; Sets hot area list to D7684 ; calls F263 (unknown) with p1 = 11-14, 38-43 FUNC_001439_GuiSetConsoleHotAreas: ; Pos = 509f0 push ebx mov dword [DATA_007683],0xffffffff push dword DATA_007684 call FUNC_001440_GuiAddHotAreas pop ecx mov ebx,0xb JUMP_005425: ; Pos = 50a0b push ebx call FUNC_000263_ConsoleShowButton pop ecx inc ebx cmp ebx,byte +0xe jng JUMP_005425 mov ebx,0x26 JUMP_005426: ; Pos = 50a1d push ebx call FUNC_000263_ConsoleShowButton pop ecx inc ebx cmp ebx,byte +0x2b jng JUMP_005426 pop ebx ret ; void F1440 (HotArea *arealist) ; Copies contents of p1 onto end of D7683 list FUNC_001440_GuiAddHotAreas: ; Pos = 50a2c push ebp mov ebp,esp push esi push edi mov edx,[ebp+0x8] mov eax,DATA_007683 jmp short JUMP_005428 JUMP_005427: ; Pos = 50a3b add eax,byte +0x14 JUMP_005428: ; Pos = 50a3e cmp dword [eax],byte -0x1 jnz JUMP_005427 mov esi,edx mov edi,eax jmp short JUMP_005430 JUMP_005429: ; Pos = 50a45 mov dword [edi+0x14],0xffffffff mov ecx,0x5 rep movsd JUMP_005430: ; Pos = 50a5f cmp dword [esi],byte -0x1 jnz JUMP_005429 pop edi pop esi pop ebp ret ; void F1441 (int xpos, int ypos, int halfw, int halfh, int action) ; Adds hot area to end of list. Clips to top and left. ; top left = xpos-halfw, ypos-halfh FUNC_001441_GuiAddHotRect: ; Pos = 50a68 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x14] mov ebx,[ebp+0x10] mov ecx,[ebp+0xc] mov edx,[ebp+0x8] mov eax,DATA_007683 jmp short JUMP_005432 JUMP_005431: ; Pos = 50a81 add eax,byte +0x14 JUMP_005432: ; Pos = 50a84 cmp dword [eax],byte -0x1 jnz JUMP_005431 mov dword [eax+0x14],0xffffffff mov edi,[ebp+0x18] mov [eax+0x10],edi mov edi,edx sub edi,ebx jns JUMP_005433 xor edi,edi jmp short JUMP_005434 JUMP_005433: ; Pos = 50aa1 mov edi,edx sub edi,ebx JUMP_005434: ; Pos = 50aa5 mov [eax],edi add ebx,edx mov [eax+0x8],ebx mov edx,ecx sub edx,esi jns JUMP_005435 xor edx,edx jmp short JUMP_005436 JUMP_005435: ; Pos = 50ab6 mov edx,ecx sub edx,esi JUMP_005436: ; Pos = 50aba mov [eax+0x4],edx add esi,ecx mov [eax+0xc],esi pop edi pop esi pop ebx pop ebp ret ; void F1442 (int xpos, int ypos, int halfsize, int action) ; top left is xpos-halfsize, ypos-halfsize FUNC_001442_GuiAddHotSquare: ; Pos = 50ac8 push ebp mov ebp,esp mov eax,[ebp+0x10] mov edx,[ebp+0x14] push edx push eax push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001441_GuiAddHotRect add esp,byte +0x14 pop ebp ret ; void F1443 (int action) ; Removes first hot area from list with action = p1 ; Closes gap in list FUNC_001443_GuiRemoveHotArea: ; Pos = 50ae8 push ebp mov ebp,esp push esi push edi mov edx,[ebp+0x8] mov eax,DATA_007683 jmp short JUMP_005438 JUMP_005437: ; Pos = 50af7 add eax,byte +0x14 JUMP_005438: ; Pos = 50afa cmp dword [eax],byte -0x1 jz JUMP_005440 cmp edx,[eax+0x10] jnz JUMP_005437 jmp short JUMP_005440 JUMP_005439: ; Pos = 50b06 lea esi,[eax+0x14] mov edi,eax mov ecx,0x5 rep movsd add eax,byte +0x14 JUMP_005440: ; Pos = 50b17 cmp dword [eax],byte -0x1 jnz JUMP_005439 pop edi pop esi pop ebp ret ; void F1444 (word xaccum, word yaccum) ; Sets D9188 = p1, D9189 = p2 FUNC_001444_GuiSetXYAccum: ; Pos = 50b30 push ebp mov ebp,esp mov ax,[ebp+0x8] mov [DATA_009188],ax mov ax,[ebp+0xc] mov [DATA_009189],ax pop ebp ret ; word+word F1445 (void) ; Returns D9188 + (D9189 << 0x10) FUNC_001445_GuiGetXYAccum: ; Pos = 50b4c mov eax,[DATA_009188] ret ; void F1446 (void) ; Saves screenshot to file in 8-bit BMP format FUNC_001446_ScrnShotSave: ; Pos = 50b54 push ebx push esi push edi add esp,byte -0x14 mov edi,DATA_007718 xor esi,esi JUMP_005441: ; Pos = 50b61 push esi push edi lea eax,[esp+0x8] push eax call _sprintf add esp,byte +0xc lea eax,[edi+0xc] push eax lea eax,[esp+0x4] push eax call _fopen add esp,byte +0x8 mov ebx,eax test ebx,ebx jz JUMP_005442 push ebx call _fclose pop ecx inc esi cmp esi,0x3e8 jl JUMP_005441 JUMP_005442: ; Pos = 50b97 lea eax,[edi+0xe] push eax lea eax,[esp+0x4] push eax call _fopen add esp,byte +0x8 mov ebx,eax test ebx,ebx jz JUMP_005443 push ebx call FUNC_001447_ScrnshotWriteHeader pop ecx push ebx call FUNC_001448_ScrnShotWritePalette pop ecx push ebx call FUNC_001449_ScrnshotWriteData pop ecx push ebx call _fclose pop ecx JUMP_005443: ; Pos = 50bca add esp,byte +0x14 pop edi pop esi pop ebx ret ; void F1447 (FILE *pFile) ; calls fwrite (D7717, 1, 0x36, pFile) FUNC_001447_ScrnshotWriteHeader: ; Pos = 50bd4 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax push byte +0x36 push byte +0x1 push dword DATA_007717 call _fwrite add esp,byte +0x10 pop ebp ret ; void F1448 (FILE *pFile) ; Reads palette, converts to 8:8:8, writes to pFile FUNC_001448_ScrnShotWritePalette: ; Pos = 50bf0 push ebp mov ebp, esp sub esp, 0x8 push ebx mov [ebp-8], dword 0 .loop: lea eax, [ebp-4] push dword eax push dword [ebp-8] call _VideoGetPalValue add esp, byte 0x8 mov eax, [ebp-4] mov ebx, [ebp-4] shl eax, 2 shr ebx, 4 and ebx, 0x00030303 add ebx, eax and ebx, 0x00ffffff push dword [ebp+8] mov eax, ebx shr eax, 16 ; blue push eax call _fputc add esp, byte 0x4 xor eax, eax mov al, bh ; green push eax call _fputc add esp, byte 0x4 xor eax, eax mov al, bl ; red push eax call _fputc add esp, byte 0x4 push byte 0x0 ; pad call _fputc add esp, byte 0x8 inc dword [ebp-8] cmp dword [ebp-8], 0x100 jl .loop pop ebx mov esp, ebp pop ebp ret ; void F1449 (FILE *pFile) ; Reads data straight from video memory ; Stores to pFile FUNC_001449_ScrnshotWriteData: ; Pos = 50c8c push ebp mov ebp,esp push ebx push edi push esi mov eax, 0xfa00 push eax call _malloc add esp, 4 mov edi, eax push byte 0x0 push dword 200 push dword 320 push byte 0x0 push byte 0x0 push edi call _VideoReverseBlit add esp, byte 0x18 mov esi, [ebp+0x8] mov ebx, 0xc7 JUMP_005445: ; Pos = 50c99 push dword [ebp+0x8] push dword 0x140 push byte +0x1 mov eax, ebx shl eax, 0x6 lea eax, [eax+eax*4] add eax, edi push eax call _fwrite add esp, byte +0x10 dec ebx test ebx, ebx jnl JUMP_005445 push edi call _free add esp, byte 4 pop esi pop edi pop ebx pop ebp ret ; int F1456 (char *filename, int *errno) ; Returns 1 on success, 0 on failure ; [errno] = 0 on success, stdio errno on failure FUNC_001456_FileDelete: ; Pos = 50f38 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] mov eax,[ebp+0x8] push eax call _remove pop ecx test eax,eax jnz JUMP_005471 xor eax,eax mov [ebx],eax mov eax,0x1 pop ebx pop ebp ret JUMP_005471: ; Pos = 50f59 ; mov eax,[_errno] mov eax, 0 mov [ebx],eax xor eax,eax pop ebx pop ebp ret ; void F1461 (int xpos, int ypos, int width, int height, int action) ; xpos, ypos is upper left corner of region FUNC_001461_GuiAddHotRect2: ; Pos = 510c4 push ebp mov ebp,esp push ebx mov ecx,[ebp+0xc] mov edx,[ebp+0x8] mov eax,DATA_007683 jmp short JUMP_005483 JUMP_005482: ; Pos = 510d5 add eax,byte +0x14 JUMP_005483: ; Pos = 510d8 cmp dword [eax],byte -0x1 jnz JUMP_005482 mov dword [eax+0x14],0xffffffff mov ebx,[ebp+0x18] mov [eax+0x10],ebx mov [eax],edx add edx,[ebp+0x10] mov [eax+0x8],edx mov [eax+0x4],ecx add ecx,[ebp+0x14] mov [eax+0xc],ecx pop ebx pop ebp ret FUNC_001463: ; Pos = 51194 push ebp mov ebp,esp push ebx movsx ebx,word [ebp+0x8] shl ebx,0x10 test byte [ebp+0xa],0x1 jz JUMP_005485 sar word [ebp+0xa],1 inc word [ebp+0xa] jmp short JUMP_005486 JUMP_005485: ; Pos = 511af sar word [ebp+0xa],1 add ebx,ebx JUMP_005486: ; Pos = 511b5 push ebx call near [DATA_007723] ; FUNC_001467 pop ecx shr eax,1 mov [ebp+0x8],ax mov eax,[ebp+0x8] pop ebx pop ebp ret FUNC_001464: ; Pos = 511c9 push ebp mov ebp,esp push ecx push ebx mov ebx,[ebp+0xc] test byte [ebp+0x8],0x1 jz JUMP_005487 sar dword [ebp+0x8],1 inc dword [ebp+0x8] jmp short JUMP_005488 JUMP_005487: ; Pos = 511df sar dword [ebp+0x8],1 add ebx,ebx JUMP_005488: ; Pos = 511e4 push ebx call near [DATA_007723] ; FUNC_001467 pop ecx shr eax,1 mov [ebp-0x4],ax mov ax,[ebp+0x8] mov [ebp-0x2],ax push dword [ebp-0x4] call near [DATA_007722] ; FUNC_001496 pop ecx pop ebx pop ecx pop ebp ret FUNC_001465: ; Pos = 51208 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx] imul dword [ebx] mov edx,[ebx+0x4] imul edx,[ebx+0x4] add eax,edx mov edx,[ebx+0x8] imul edx,[ebx+0x8] add eax,edx push eax call FUNC_001467 pop ecx pop ebx pop ebp ret FUNC_001466: ; Pos = 5122f push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov ebx,[ebp+0x8] lea esi,[ebp-0xc] push dword [ebx] call _abs pop ecx mov [esi],eax push dword [ebx+0x4] call _abs pop ecx mov [esi+0x4],eax push dword [ebx+0x8] call _abs pop ecx mov [esi+0x8],eax mov eax,[esi] mov [ebp-0x18],eax mov eax,[esi+0x4] mov [ebp-0x14],eax mov eax,[esi+0x8] mov [ebp-0x10],eax mov eax,[esi] or eax,[esi+0x4] or eax,[esi+0x8] push eax call FUNC_001656_FindMSB pop ecx mov ebx,0x1e sub ebx,eax mov ecx,ebx shl dword [esi],cl mov ecx,ebx shl dword [esi+0x4],cl mov ecx,ebx shl dword [esi+0x8],cl test ebx,ebx jng JUMP_005489 push dword [esi] push dword [esi] call FUNC_001521 add esp,byte +0x8 mov edi,eax sar edi,0x2 push dword [esi+0x4] push dword [esi+0x4] call FUNC_001521 add esp,byte +0x8 sar eax,0x2 add edi,eax push dword [esi+0x8] push dword [esi+0x8] call FUNC_001521 add esp,byte +0x8 sar eax,0x2 add edi,eax push edi call near [DATA_007738] ; FUNC_001502 pop ecx lea ecx,[ebx-0x1] shr eax,cl jmp short JUMP_005490 JUMP_005489: ; Pos = 512df push dword [esi] push dword [esi] call FUNC_001521 add esp,byte +0x8 mov ebx,eax sar ebx,0x2 push dword [esi+0x4] push dword [esi+0x4] call FUNC_001521 add esp,byte +0x8 sar eax,0x2 add ebx,eax push dword [esi+0x8] push dword [esi+0x8] call FUNC_001521 add esp,byte +0x8 sar eax,0x2 add ebx,eax push ebx call near [DATA_007738] ; FUNC_001502 pop ecx add eax,eax JUMP_005490: ; Pos = 51320 cmp eax,[ebp-0x18] jnc JUMP_005491 mov eax,[ebp-0x18] JUMP_005491: ; Pos = 51328 cmp eax,[ebp-0x14] jnc JUMP_005492 mov eax,[ebp-0x14] JUMP_005492: ; Pos = 51330 cmp eax,[ebp-0x10] jnc JUMP_005493 mov eax,[ebp-0x10] JUMP_005493: ; Pos = 51338 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001467: ; Pos = 5133f push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,0x4000000 jnc JUMP_005498 cmp eax,0x400000 jc JUMP_005494 shr eax,0xf movzx eax,word [eax*2+DATA_007977] sar eax,0x3 pop ebp ret JUMP_005494: ; Pos = 51363 cmp eax,0x40000 jc JUMP_005495 shr eax,0xb movzx eax,word [eax*2+DATA_007977] sar eax,0x5 pop ebp ret JUMP_005495: ; Pos = 5137a cmp eax,0x4000 jc JUMP_005496 shr eax,0x7 movzx eax,word [eax*2+DATA_007977] sar eax,0x7 pop ebp ret JUMP_005496: ; Pos = 51391 cmp eax,0x400 jc JUMP_005497 shr eax,0x3 movzx eax,word [eax*2+DATA_007977] sar eax,0x9 pop ebp ret JUMP_005497: ; Pos = 513a8 add eax,eax movzx eax,word [eax*2+DATA_007977] sar eax,0xb pop ebp ret JUMP_005498: ; Pos = 513b7 cmp eax,0x40000000 jc JUMP_005499 shr eax,0x15 movzx eax,word [eax*2+DATA_007977] pop ebp ret JUMP_005499: ; Pos = 513cb cmp eax,0x10000000 jc JUMP_005500 shr eax,0x13 movzx eax,word [eax*2+DATA_007977] sar eax,1 pop ebp ret JUMP_005500: ; Pos = 513e1 shr eax,0x11 movzx eax,word [eax*2+DATA_007977] sar eax,0x2 pop ebp ret FUNC_001468: ; Pos = 513f1 push ebx mov edx,DATA_009202 xor eax,eax JUMP_005501: ; Pos = 513f9 imul ecx,eax,byte +0xb xor ebx,ebx mov [edx+ecx*4],ebx inc eax cmp eax,0x9e jl JUMP_005501 mov dword [edx+0x1b2c],0x9e mov dword [edx+0x1b30],0xffffffff xor eax,eax mov [edx+0x1b28],eax mov eax,edx pop ebx ret FUNC_001469: ; Pos = 51429 push ebx push dword 0x9e50 call _malloc pop ecx mov edx,eax xor eax,eax JUMP_005502: ; Pos = 51439 mov ecx,eax shl ecx,0x6 sub ecx,eax xor ebx,ebx mov [edx+ecx*4+0x4c],ebx xor ecx,ecx mov [edx+eax*4+0x9bd4],ecx inc eax cmp eax,0x9e jl JUMP_005502 mov dword [edx],0x9e mov dword [edx+0x4],0xffffffff mov eax,edx pop ebx ret FUNC_001470: ; Pos = 51468 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov edi,DATA_009200 movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] cmp dword [edx+eax*4+0x14],byte +0x0 jnz JUMP_005503 push ebx push esi call FUNC_001472 add esp,byte +0x8 JUMP_005503: ; Pos = 51492 movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] mov eax,[edx+eax*4+0x18] add eax,[esi+0x4] movsx edx,bl lea edx,[edx+edx*8] mov ecx,[edi] mov [ecx+edx*4+0x4],eax movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] mov eax,[edx+eax*4+0x1c] add eax,[esi+0x8] movsx edx,bl lea edx,[edx+edx*8] mov ecx,[edi] mov [ecx+edx*4+0x8],eax movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] mov eax,[edx+eax*4+0x20] add eax,[esi+0xc] movsx edx,bl lea edx,[edx+edx*8] mov ecx,[edi] mov [ecx+edx*4+0xc],eax movsx eax,bl shl eax,0x2 lea eax,[eax+eax*8] add eax,[edi] pop edi pop esi pop ebx pop ebp ret FUNC_001471: ; Pos = 514f3 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov edi,DATA_009200 movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] cmp dword [edx+eax*4+0x14],byte +0x0 jnz JUMP_005504 push byte +0x1 push ebx push esi call FUNC_001478 add esp,byte +0xc jmp JUMP_005506 JUMP_005504: ; Pos = 51524 movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] mov eax,[edx+eax*4+0x18] add eax,[esi+0x4] movsx edx,bl lea edx,[edx+edx*8] mov ecx,[edi] mov [ecx+edx*4+0x4],eax movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] mov eax,[edx+eax*4+0x1c] add eax,[esi+0x8] movsx edx,bl lea edx,[edx+edx*8] mov ecx,[edi] mov [ecx+edx*4+0x8],eax movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] mov eax,[edx+eax*4+0x20] add eax,[esi+0xc] movsx edx,bl lea edx,[edx+edx*8] mov ecx,[edi] mov [ecx+edx*4+0xc],eax movsx eax,bl shl eax,0x2 lea eax,[eax+eax*8] add eax,[edi] add eax,byte +0x4 push eax movsx eax,bl shl eax,0x2 lea eax,[eax+eax*8] add eax,[edi] push eax call FUNC_001479 add esp,byte +0x8 test eax,eax jz JUMP_005505 movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] mov cx,0x8002 mov [edx+eax*4+0x2],cx movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] mov [edx+eax*4],cx JUMP_005505: ; Pos = 515b9 movsx eax,bl lea eax,[eax+eax*8] mov edx,[edi] mov ecx,[esi+0xf0] mov [edx+eax*4+0x14],ecx movsx eax,bl shl eax,0x2 lea eax,[eax+eax*8] add eax,[edi] JUMP_005506: ; Pos = 515d6 pop edi pop esi pop ebx pop ebp ret FUNC_001472: ; Pos = 515db push ebp mov ebp,esp push byte +0x0 mov al,[ebp+0xc] push eax push dword [ebp+0x8] call FUNC_001478 add esp,byte +0xc pop ebp ret FUNC_001473: ; Pos = 515f1 push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,eax and edx,0xc0 sub edx,byte +0x1 jc JUMP_005507 sub edx,byte +0x3f jz JUMP_005508 sub edx,byte +0x40 jz JUMP_005509 sub edx,byte +0x40 jz JUMP_005510 jmp short JUMP_005511 JUMP_005507: ; Pos = 51615 and eax,byte +0x3f pop ebp ret JUMP_005508: ; Pos = 5161a and ax,byte +0x3f movsx eax,ax shl eax,0xa pop ebp ret JUMP_005509: ; Pos = 51626 and eax,byte +0x3f mov edx,[ebp+0x8] mov edx,[edx+0x14c] movzx eax,word [edx+eax*2+0x9c] pop ebp ret JUMP_005510: ; Pos = 5163c and eax,byte +0x3f mov edx,[ebp+0x8] mov eax,[edx+eax*4+0x54] pop ebp ret JUMP_005511: ; Pos = 51648 xor eax,eax pop ebp ret FUNC_001474: ; Pos = 5164c push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,eax and edx,0xc0 sub edx,byte +0x1 jc JUMP_005512 sub edx,byte +0x3f jz JUMP_005512 sub edx,byte +0x40 jz JUMP_005513 sub edx,byte +0x40 jz JUMP_005514 jmp short JUMP_005515 JUMP_005512: ; Pos = 51670 mov edx,eax and dx,byte +0x7f shl edx,0x9 movsx edx,dx sar eax,0x7 and eax,0x1ff or edx,eax mov eax,edx pop ebp ret JUMP_005513: ; Pos = 5168a and eax,byte +0x3f mov edx,[ebp+0x8] mov edx,[edx+0x14c] movzx eax,word [edx+eax*2+0x9c] pop ebp ret JUMP_005514: ; Pos = 516a0 and eax,byte +0x3f mov edx,[ebp+0x8] mov eax,[edx+eax*4+0x54] pop ebp ret JUMP_005515: ; Pos = 516ac xor eax,eax pop ebp ret FUNC_001475: ; Pos = 516b0 push ebp mov ebp,esp push ebx push esi mov edx,[ebp+0xc] mov esi,[ebp+0x8] xor ebx,ebx cmp dword [edx],byte +0x0 jnl JUMP_005516 mov eax,[edx] neg eax jmp short JUMP_005517 JUMP_005516: ; Pos = 516c8 mov eax,[edx] JUMP_005517: ; Pos = 516ca cmp dword [edx+0x4],byte +0x0 jnl JUMP_005518 mov ecx,[edx+0x4] neg ecx or eax,ecx jmp short JUMP_005519 JUMP_005518: ; Pos = 516d9 or eax,[edx+0x4] JUMP_005519: ; Pos = 516dc cmp dword [edx+0x8],byte +0x0 jnl JUMP_005520 mov ecx,[edx+0x8] neg ecx or eax,ecx jmp short JUMP_005521 JUMP_005520: ; Pos = 516eb or eax,[edx+0x8] JUMP_005521: ; Pos = 516ee cmp eax,0x4000 jc JUMP_005523 JUMP_005522: ; Pos = 516f5 shr eax,1 inc ebx cmp eax,0x4000 jnc JUMP_005522 JUMP_005523: ; Pos = 516ff mov ecx,ebx mov eax,[edx] sar eax,cl mov [esi],eax mov ecx,ebx mov eax,[edx+0x4] sar eax,cl mov [esi+0x4],eax mov ecx,ebx mov eax,[edx+0x8] sar eax,cl mov [esi+0x8],eax mov eax,ebx pop esi pop ebx pop ebp ret FUNC_001476: ; Pos = 51721 mov eax,[DATA_008818] mov edx,[DATA_008820] add [DATA_008818],edx mov edx,eax shl edx,0x10 shr eax,0x10 or edx,eax mov [DATA_008820],edx mov eax,[DATA_008820] ret FUNC_001477: ; Pos = 51748 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov esi,[ebp+0x10] mov eax,[ebp+0x8] mov ebx,[eax+0x150] mov eax,esi sar eax,1 add eax,eax lea eax,[eax+eax*2] add ebx,eax cmp byte [ebx],0x13 jz JUMP_005524 cmp byte [ebx],0x14 jnz near JUMP_005529 JUMP_005524: ; Pos = 51776 mov eax,esi and al,0x1 xor al,[ebx+0x3] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005525 mov eax,esi and al,0x1 xor al,[ebx+0x3] movsx eax,al mov edi,eax shl edi,0x2 lea edi,[edi+edi*8] add edi,[DATA_009200] jmp short JUMP_005526 JUMP_005525: ; Pos = 517aa mov eax,esi and al,0x1 xor al,[ebx+0x3] push eax push dword [ebp+0x8] call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 mov edi,eax JUMP_005526: ; Pos = 517c0 mov eax,esi and al,0x1 xor al,[ebx+0x4] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005527 mov eax,esi and al,0x1 xor al,[ebx+0x4] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005528 JUMP_005527: ; Pos = 517f2 mov eax,esi and al,0x1 xor al,[ebx+0x4] push eax push dword [ebp+0x8] call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005528: ; Pos = 51806 mov [ebp-0x4],eax xor eax,eax mov al,[ebx+0x2] push eax push dword [ebp+0x8] call FUNC_001473 add esp,byte +0x8 add eax,[ebp+0x14] shl eax,0xe mov ebx,eax mov eax,[ebp-0x4] mov eax,[eax+0x18] mov edx,[edi+0x18] neg edx add eax,edx mov [ebp-0x18],eax mov eax,[ebp-0x4] mov eax,[eax+0x1c] mov edx,[edi+0x1c] neg edx add eax,edx mov [ebp-0x14],eax mov eax,[ebp-0x4] mov eax,[eax+0x20] mov edx,[edi+0x20] neg edx add eax,edx mov [ebp-0x10],eax push ebx push dword [ebp-0x18] call FUNC_001521 add esp,byte +0x8 add eax,eax add eax,[edi+0x18] mov edx,[ebp+0xc] mov [edx+0x18],eax push ebx push dword [ebp-0x14] call FUNC_001521 add esp,byte +0x8 add eax,eax add eax,[edi+0x1c] mov edx,[ebp+0xc] mov [edx+0x1c],eax push ebx push dword [ebp-0x10] call FUNC_001521 add esp,byte +0x8 add eax,eax add eax,[edi+0x20] mov edx,[ebp+0xc] mov [edx+0x20],eax jmp JUMP_005538 JUMP_005529: ; Pos = 5189c mov eax,esi and al,0x1 xor al,[ebx+0x3] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005530 mov eax,esi and al,0x1 xor al,[ebx+0x3] movsx eax,al mov edi,eax shl edi,0x2 lea edi,[edi+edi*8] add edi,[DATA_009200] jmp short JUMP_005531 JUMP_005530: ; Pos = 518d0 mov eax,esi and al,0x1 xor al,[ebx+0x3] push eax push dword [ebp+0x8] call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 mov edi,eax JUMP_005531: ; Pos = 518e6 mov eax,esi and al,0x1 xor al,[ebx+0x4] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005532 mov eax,esi and al,0x1 xor al,[ebx+0x4] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005533 JUMP_005532: ; Pos = 51918 mov eax,esi and al,0x1 xor al,[ebx+0x4] push eax push dword [ebp+0x8] call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005533: ; Pos = 5192c mov [ebp-0x4],eax mov al,[ebx+0x4] add al,0x2 mov edx,esi and dl,0x1 xor al,dl movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005534 mov al,[ebx+0x4] add al,0x2 mov edx,esi and dl,0x1 xor al,dl movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005535 JUMP_005534: ; Pos = 5196b mov al,[ebx+0x4] add al,0x2 mov edx,esi and dl,0x1 xor al,dl push eax push dword [ebp+0x8] call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005535: ; Pos = 51984 mov [ebp-0x8],eax mov al,[ebx+0x3] add al,0x2 mov edx,esi and dl,0x1 xor al,dl movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005536 mov al,[ebx+0x3] add al,0x2 mov edx,esi and dl,0x1 xor al,dl movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005537 JUMP_005536: ; Pos = 519c3 mov al,[ebx+0x3] add al,0x2 mov edx,esi and dl,0x1 xor al,dl push eax push dword [ebp+0x8] call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005537: ; Pos = 519dc mov [ebp-0xc],eax xor eax,eax mov al,[ebx+0x2] push eax push dword [ebp+0x8] call FUNC_001473 add esp,byte +0x8 add eax,[ebp+0x14] shl eax,0xe mov ebx,eax mov eax,[ebp+0xc] mov edx,[edi+0x18] mov [eax+0x18],edx mov edx,[edi+0x1c] mov [eax+0x1c],edx mov edx,[edi+0x20] mov [eax+0x20],edx push ebx mov eax,[ebp-0x4] mov eax,[eax+0x18] lea eax,[eax+eax*2] mov edx,[edi+0x18] mov ecx,edx neg edx lea edx,[edx+edx*2] add eax,edx push eax call FUNC_001521 add esp,byte +0x8 add eax,eax mov edx,[ebp+0xc] add [edx+0x18],eax push ebx mov eax,[ebp-0x4] mov eax,[eax+0x1c] lea eax,[eax+eax*2] mov edx,[edi+0x1c] mov ecx,edx neg edx lea edx,[edx+edx*2] add eax,edx push eax call FUNC_001521 add esp,byte +0x8 add eax,eax mov edx,[ebp+0xc] add [edx+0x1c],eax push ebx mov eax,[ebp-0x4] mov eax,[eax+0x20] lea eax,[eax+eax*2] mov edx,[edi+0x20] mov ecx,edx neg edx lea edx,[edx+edx*2] add eax,edx push eax call FUNC_001521 add esp,byte +0x8 add eax,eax mov edx,[ebp+0xc] add [edx+0x20],eax push ebx push ebx call FUNC_001521 add esp,byte +0x8 mov esi,eax push esi mov eax,[ebp-0x8] mov eax,[eax+0x18] lea eax,[eax+eax*2] mov edx,[ebp-0x4] imul edx,[edx+0x18],byte -0x6 add eax,edx mov edx,[edi+0x18] shl edx,0x2 add eax,edx push eax call FUNC_001521 add esp,byte +0x8 shl eax,0x2 mov edx,[ebp+0xc] add [edx+0x18],eax push esi mov eax,[ebp-0x8] mov eax,[eax+0x1c] lea eax,[eax+eax*2] mov edx,[ebp-0x4] imul edx,[edx+0x1c],byte -0x6 add eax,edx mov edx,[edi+0x1c] shl edx,0x2 add eax,edx push eax call FUNC_001521 add esp,byte +0x8 shl eax,0x2 mov edx,[ebp+0xc] add [edx+0x1c],eax push esi mov eax,[ebp-0x8] mov eax,[eax+0x20] lea eax,[eax+eax*2] mov edx,[ebp-0x4] imul edx,[edx+0x20],byte -0x6 add eax,edx mov edx,[edi+0x20] shl edx,0x2 add eax,edx push eax call FUNC_001521 add esp,byte +0x8 shl eax,0x2 mov edx,[ebp+0xc] add [edx+0x20],eax push ebx push esi call FUNC_001521 add esp,byte +0x8 mov esi,eax push esi mov eax,[ebp-0xc] mov eax,[eax+0x18] mov edx,[ebp-0x8] mov edx,[edx+0x18] mov ecx,edx neg edx lea edx,[edx+edx*2] add eax,edx mov edx,[ebp-0x4] mov edx,[edx+0x18] lea edx,[edx+edx*2] add eax,edx mov edx,[edi+0x18] mov ecx,edx neg edx add edx,edx add eax,edx push eax call FUNC_001521 add esp,byte +0x8 shl eax,0x3 mov edx,[ebp+0xc] add [edx+0x18],eax push esi mov eax,[ebp-0xc] mov eax,[eax+0x1c] mov edx,[ebp-0x8] mov edx,[edx+0x1c] mov ecx,edx neg edx lea edx,[edx+edx*2] add eax,edx mov edx,[ebp-0x4] mov edx,[edx+0x1c] lea edx,[edx+edx*2] add eax,edx mov edx,[edi+0x1c] mov ecx,edx neg edx add edx,edx add eax,edx push eax call FUNC_001521 add esp,byte +0x8 shl eax,0x3 mov edx,[ebp+0xc] add [edx+0x1c],eax push esi mov eax,[ebp-0xc] mov eax,[eax+0x20] mov edx,[ebp-0x8] mov edx,[edx+0x20] mov ecx,edx neg edx lea edx,[edx+edx*2] add eax,edx mov edx,[ebp-0x4] mov edx,[edx+0x20] lea edx,[edx+edx*2] add eax,edx mov edx,[edi+0x20] mov ecx,edx neg edx add edx,edx add eax,edx push eax call FUNC_001521 add esp,byte +0x8 shl eax,0x3 mov edx,[ebp+0xc] add [edx+0x20],eax JUMP_005538: ; Pos = 51bdb mov eax,[ebp+0xc] mov dword [eax+0x14],0x1 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001478: ; Pos = 51bec push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov esi,[ebp+0x8] movsx eax,byte [ebp+0xc] and eax,byte -0x2 shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] mov [ebp-0x4],eax movsx eax,byte [ebp+0xc] mov ebx,eax shl ebx,0x2 lea ebx,[ebx+ebx*8] add ebx,[DATA_009200] movsx eax,byte [ebp+0xc] sar eax,1 mov edi,eax add edi,edi lea edi,[edi+edi*2] add edi,[esi+0x150] cmp byte [ebp+0xc],0x0 jnl JUMP_005539 movsx eax,byte [ebp+0xc] neg eax mov eax,[esi+eax*4+0x6c] mov [ebp-0x8],eax mov eax,[ebp-0x8] mov eax,[eax] mov [ebx],eax mov eax,[ebp-0x8] mov edx,[eax+0x4] mov [ebx+0x4],edx mov edx,[eax+0x8] mov [ebx+0x8],edx mov edx,[eax+0xc] mov [ebx+0xc],edx mov eax,[esi+0x4] neg eax add eax,[ebx+0x4] mov [ebx+0x18],eax mov eax,[esi+0x8] neg eax add eax,[ebx+0x8] mov [ebx+0x1c],eax mov eax,[esi+0xc] neg eax add eax,[ebx+0xc] mov [ebx+0x20],eax mov eax,[ebp-0x8] mov eax,[eax+0x10] mov [ebx+0x10],eax mov eax,[esi+0xf0] mov [ebx+0x14],eax mov eax,ebx jmp JUMP_005604 JUMP_005539: ; Pos = 51c9c xor eax,eax mov al,[edi] cmp eax,byte +0x18 ja near JUMP_005599 mov al,[eax+DATA_000044] jmp near [eax*4+DATA_000045] SECTION .data DATA_000044: ; Pos = 51cb6 db 0xc, 0xc, 0xc, 0xb, 0xb, 0xa, 0xa, 0x9 db 0x9, 0x8, 0x8, 0x7, 0x7, 0x6, 0x6, 0x5 db 0x5, 0x4, 0x4, 0x3, 0x3, 0x2, 0x2, 0x1 db 0x1 DATA_000045: ; Pos = 51ccf dd JUMP_005599 dd JUMP_005600 dd JUMP_005599 dd JUMP_005598 dd JUMP_005593 dd JUMP_005586 dd JUMP_005577 dd JUMP_005569 dd JUMP_005568 dd JUMP_005563 dd JUMP_005558 dd JUMP_005541 dd JUMP_005540 SECTION .text JUMP_005540: ; Pos = 51d03 mov ecx,[esi+0x148] movsx eax,byte [edi+0x2] shl eax,cl mov [ebp-0x24],eax mov ecx,[esi+0x148] movsx eax,byte [edi+0x3] shl eax,cl mov [ebp-0x20],eax mov ecx,[esi+0x148] movsx eax,byte [edi+0x4] shl eax,cl mov [ebp-0x1c],eax lea eax,[esi+0x14] push eax lea eax,[ebp-0x24] push eax lea eax,[ebp-0x30] push eax mov eax,[ebp-0x4] add eax,byte +0x18 push eax call FUNC_001671_SpecialVecMatMul add esp,byte +0x10 mov eax,[ebp-0x4] mov eax,[eax+0x18] mov edx,[ebp-0x30] mov ecx,edx neg edx add edx,edx add eax,edx mov edx,[ebp-0x4] mov [edx+0x3c],eax mov eax,[ebp-0x4] mov eax,[eax+0x1c] mov edx,[ebp-0x2c] mov ecx,edx neg edx add edx,edx add eax,edx mov edx,[ebp-0x4] mov [edx+0x40],eax mov eax,[ebp-0x4] mov eax,[eax+0x20] mov edx,[ebp-0x28] mov ecx,edx neg edx add edx,edx add eax,edx mov edx,[ebp-0x4] mov [edx+0x44],eax mov eax,[ebp-0x4] mov edx,0x1 mov [eax+0x38],edx mov eax,[ebp-0x4] mov [eax+0x14],edx jmp JUMP_005601 JUMP_005541: ; Pos = 51da6 mov eax,[ebp-0x4] mov edx,[esi+0xf0] mov [eax+0x38],edx mov eax,[ebp-0x4] mov [eax+0x14],edx movsx eax,byte [edi+0x3] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_005542 movsx eax,byte [edi+0x3] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005543 JUMP_005542: ; Pos = 51de3 mov al,[edi+0x3] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_005543: ; Pos = 51df1 mov [ebp-0x8],eax movsx eax,byte [edi+0x4] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_005544 movsx eax,byte [edi+0x4] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005545 JUMP_005544: ; Pos = 51e1f mov al,[edi+0x4] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_005545: ; Pos = 51e2d mov [ebp-0xc],eax mov eax,[ebp-0x8] movsx eax,word [eax] mov edx,[ebp-0xc] movsx edx,word [edx] add eax,edx sar eax,1 jns JUMP_005546 adc eax,byte +0x0 JUMP_005546: ; Pos = 51e45 mov edx,[ebp-0x4] mov [edx],ax mov eax,[ebp-0x8] movsx eax,word [eax+0x2] mov edx,[ebp-0xc] movsx edx,word [edx+0x2] add eax,edx sar eax,1 jns JUMP_005547 adc eax,byte +0x0 JUMP_005547: ; Pos = 51e62 mov edx,[ebp-0x4] mov [edx+0x2],ax mov eax,[ebp-0x8] mov eax,[eax+0xc] mov edx,[ebp-0xc] cmp eax,[edx+0xc] jnl JUMP_005548 mov eax,[ebp-0x8] mov eax,[eax+0xc] jmp short JUMP_005549 JUMP_005548: ; Pos = 51e7f mov eax,[ebp-0xc] mov eax,[eax+0xc] JUMP_005549: ; Pos = 51e85 mov edx,[ebp-0x4] mov [edx+0xc],eax mov al,[edi+0x3] xor al,0x1 movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_005550 mov al,[edi+0x3] xor al,0x1 movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005551 JUMP_005550: ; Pos = 51ebe mov al,[edi+0x3] xor al,0x1 push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_005551: ; Pos = 51ece mov [ebp-0x8],eax mov al,[edi+0x4] xor al,0x1 movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_005552 mov al,[edi+0x4] xor al,0x1 movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005553 JUMP_005552: ; Pos = 51f04 mov al,[edi+0x4] xor al,0x1 push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_005553: ; Pos = 51f14 mov [ebp-0xc],eax mov eax,[ebp-0x8] movsx eax,word [eax] mov edx,[ebp-0xc] movsx edx,word [edx] add eax,edx sar eax,1 jns JUMP_005554 adc eax,byte +0x0 JUMP_005554: ; Pos = 51f2c mov edx,[ebp-0x4] mov [edx+0x24],ax mov eax,[ebp-0x8] movsx eax,word [eax+0x2] mov edx,[ebp-0xc] movsx edx,word [edx+0x2] add eax,edx sar eax,1 jns JUMP_005555 adc eax,byte +0x0 JUMP_005555: ; Pos = 51f4a mov edx,[ebp-0x4] mov [edx+0x26],ax mov eax,[ebp-0x8] mov eax,[eax+0xc] mov edx,[ebp-0xc] cmp eax,[edx+0xc] jnl JUMP_005556 mov eax,[ebp-0x8] mov eax,[eax+0xc] jmp short JUMP_005557 JUMP_005556: ; Pos = 51f67 mov eax,[ebp-0xc] mov eax,[eax+0xc] JUMP_005557: ; Pos = 51f6d mov edx,[ebp-0x4] mov [edx+0x30],eax mov eax,ebx jmp JUMP_005604 JUMP_005558: ; Pos = 51f7a movsx eax,byte [edi+0x4] lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005559 movsx eax,byte [edi+0x4] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005560 JUMP_005559: ; Pos = 51fa0 mov al,[edi+0x4] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005560: ; Pos = 51fae mov [ebp-0x8],eax mov eax,[ebp-0x8] mov eax,[eax+0x18] neg eax mov edx,[ebp-0x4] mov [edx+0x18],eax mov eax,[ebp-0x8] mov eax,[eax+0x1c] neg eax mov edx,[ebp-0x4] mov [edx+0x1c],eax mov eax,[ebp-0x8] mov eax,[eax+0x20] neg eax mov edx,[ebp-0x4] mov [edx+0x20],eax mov al,[edi+0x4] xor al,0x1 movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005561 mov al,[edi+0x4] xor al,0x1 movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005562 JUMP_005561: ; Pos = 52009 mov al,[edi+0x4] xor al,0x1 push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005562: ; Pos = 52019 mov [ebp-0x8],eax mov eax,[ebp-0x8] mov eax,[eax+0x18] neg eax mov edx,[ebp-0x4] mov [edx+0x3c],eax mov eax,[ebp-0x8] mov eax,[eax+0x1c] neg eax mov edx,[ebp-0x4] mov [edx+0x40],eax mov eax,[ebp-0x8] mov eax,[eax+0x20] neg eax mov edx,[ebp-0x4] mov [edx+0x44],eax mov eax,[ebp-0x4] mov edx,0x1 mov [eax+0x38],edx mov eax,[ebp-0x4] mov [eax+0x14],edx jmp JUMP_005601 JUMP_005563: ; Pos = 5205c movsx eax,byte [edi+0x4] lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005564 movsx eax,byte [edi+0x4] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005565 JUMP_005564: ; Pos = 52082 mov al,[edi+0x4] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005565: ; Pos = 52090 mov [ebp-0x8],eax call FUNC_001476 mov cl,[edi+0x2] sar eax,cl mov [ebp-0x10],eax mov eax,[ebp-0x8] mov eax,[eax+0x18] add eax,[ebp-0x10] mov edx,[ebp-0x4] mov [edx+0x18],eax call FUNC_001476 mov cl,[edi+0x2] sar eax,cl mov [ebp-0x14],eax mov eax,[ebp-0x8] mov eax,[eax+0x1c] add eax,[ebp-0x14] mov edx,[ebp-0x4] mov [edx+0x1c],eax call FUNC_001476 mov cl,[edi+0x2] sar eax,cl mov [ebp-0x18],eax mov eax,[ebp-0x8] mov eax,[eax+0x20] add eax,[ebp-0x18] mov edx,[ebp-0x4] mov [edx+0x20],eax mov al,[edi+0x4] xor al,0x1 movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005566 mov al,[edi+0x4] xor al,0x1 movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005567 JUMP_005566: ; Pos = 52115 mov al,[edi+0x4] xor al,0x1 push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005567: ; Pos = 52125 mov [ebp-0xc],eax mov eax,[ebp-0xc] mov eax,[eax+0x18] add eax,[ebp-0x18] mov edx,[ebp-0x4] mov [edx+0x3c],eax mov eax,[ebp-0xc] mov eax,[eax+0x1c] add eax,[ebp-0x14] mov edx,[ebp-0x4] mov [edx+0x40],eax mov eax,[ebp-0xc] mov eax,[eax+0x20] add eax,[ebp-0x10] mov edx,[ebp-0x4] mov [edx+0x44],eax mov eax,[ebp-0x4] mov edx,0x1 mov [eax+0x38],edx mov eax,[ebp-0x4] mov [eax+0x14],edx jmp JUMP_005601 JUMP_005568: ; Pos = 5216b mov eax,[ebp-0x4] mov edx,[ebp+0x10] mov [eax+0x38],edx mov eax,[ebp-0x4] mov [eax+0x14],edx mov ecx,[esi+0x148] movsx eax,byte [edi+0x2] shl eax,cl mov [ebp-0x24],eax mov ecx,[esi+0x148] movsx eax,byte [edi+0x3] shl eax,cl mov [ebp-0x20],eax mov ecx,[esi+0x148] movsx eax,byte [edi+0x4] shl eax,cl mov [ebp-0x1c],eax lea eax,[esi+0x14] push eax lea eax,[ebp-0x24] push eax lea eax,[ebp-0x30] push eax mov eax,[ebp-0x4] add eax,byte +0x18 push eax call FUNC_001671_SpecialVecMatMul add esp,byte +0x10 mov eax,[ebp-0x4] mov eax,[eax+0x18] mov edx,[ebp-0x30] neg edx add eax,edx mov edx,[ebp-0x4] mov [edx+0x3c],eax mov eax,[ebp-0x4] mov eax,[eax+0x1c] mov edx,[ebp-0x2c] neg edx add eax,edx mov edx,[ebp-0x4] mov [edx+0x40],eax mov eax,[ebp-0x4] mov eax,[eax+0x20] mov edx,[ebp-0x28] neg edx add eax,edx mov edx,[ebp-0x4] mov [edx+0x44],eax mov eax,[ebp-0x4] mov edx,0x1 mov [eax+0x38],edx mov eax,[ebp-0x4] mov [eax+0x14],edx jmp JUMP_005601 JUMP_005569: ; Pos = 52211 mov dword [ebx+0x14],0x1 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005570 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005571 JUMP_005570: ; Pos = 5224c mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005571: ; Pos = 5225f mov [ebp-0x8],eax mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005572 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005573 JUMP_005572: ; Pos = 52296 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005573: ; Pos = 522a9 mov [ebp-0xc],eax mov eax,[ebp-0x8] mov eax,[eax+0x18] mov edx,[ebp-0xc] add eax,[edx+0x18] sar eax,1 jns JUMP_005574 adc eax,byte +0x0 JUMP_005574: ; Pos = 522bf mov [ebx+0x18],eax mov eax,[ebp-0x8] mov eax,[eax+0x1c] mov edx,[ebp-0xc] add eax,[edx+0x1c] sar eax,1 jns JUMP_005575 adc eax,byte +0x0 JUMP_005575: ; Pos = 522d5 mov [ebx+0x1c],eax mov eax,[ebp-0x8] mov eax,[eax+0x20] mov edx,[ebp-0xc] add eax,[edx+0x20] sar eax,1 jns JUMP_005576 adc eax,byte +0x0 JUMP_005576: ; Pos = 522eb mov [ebx+0x20],eax jmp JUMP_005601 JUMP_005577: ; Pos = 522f3 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005578 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005579 JUMP_005578: ; Pos = 52327 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005579: ; Pos = 5233a mov [ebp-0x8],eax mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005580 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005581 JUMP_005580: ; Pos = 52371 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005581: ; Pos = 52384 mov [ebp-0xc],eax mov eax,[ebp-0x8] movsx eax,word [eax] mov edx,[ebp-0xc] movsx edx,word [edx] add eax,edx sar eax,1 jns JUMP_005582 adc eax,byte +0x0 JUMP_005582: ; Pos = 5239c mov [ebx],ax mov eax,[ebp-0x8] movsx eax,word [eax+0x2] mov edx,[ebp-0xc] movsx edx,word [edx+0x2] add eax,edx sar eax,1 jns JUMP_005583 adc eax,byte +0x0 JUMP_005583: ; Pos = 523b6 mov [ebx+0x2],ax mov eax,[ebp-0x8] mov eax,[eax+0xc] mov edx,[ebp-0xc] cmp eax,[edx+0xc] jnl JUMP_005584 mov eax,[ebp-0x8] mov eax,[eax+0xc] jmp short JUMP_005585 JUMP_005584: ; Pos = 523d0 mov eax,[ebp-0xc] mov eax,[eax+0xc] JUMP_005585: ; Pos = 523d6 mov [ebx+0xc],eax mov eax,[ebp-0x8] mov eax,[eax+0x4] mov [ebx+0x4],eax mov eax,[ebp-0x8] mov eax,[eax+0x8] mov [ebx+0x8],eax mov eax,[esi+0xf0] mov [ebx+0x14],eax mov eax,ebx jmp JUMP_005604 JUMP_005586: ; Pos = 523fb mov dword [ebx+0x14],0x1 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005587 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005588 JUMP_005587: ; Pos = 52436 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005588: ; Pos = 52449 mov [ebp-0x8],eax mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005589 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005590 JUMP_005589: ; Pos = 52480 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005590: ; Pos = 52493 mov [ebp-0xc],eax mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x2] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005591 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x2] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005592 JUMP_005591: ; Pos = 524ca mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x2] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005592: ; Pos = 524dd mov edx,[ebp-0x8] mov edx,[edx+0x18] mov ecx,[ebp-0xc] sub edx,[ecx+0x18] add edx,[eax+0x18] mov [ebx+0x18],edx mov edx,[ebp-0x8] mov edx,[edx+0x1c] mov ecx,[ebp-0xc] sub edx,[ecx+0x1c] add edx,[eax+0x1c] mov [ebx+0x1c],edx mov edx,[ebp-0x8] mov edx,[edx+0x20] mov ecx,[ebp-0xc] sub edx,[ecx+0x20] add edx,[eax+0x20] mov [ebx+0x20],edx jmp JUMP_005601 JUMP_005593: ; Pos = 52518 mov dword [ebx+0x14],0x1 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005594 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005595 JUMP_005594: ; Pos = 52553 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x3] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005595: ; Pos = 52566 mov [ebp-0x8],eax mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_005596 mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_005597 JUMP_005596: ; Pos = 5259d mov al,[ebp+0xc] and al,0x1 xor al,[edi+0x4] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_005597: ; Pos = 525b0 mov [ebp-0xc],eax mov eax,[ebp-0x8] mov eax,[eax+0x18] mov edx,[ebp-0xc] add eax,[edx+0x18] mov [ebx+0x18],eax mov eax,[ebp-0x8] mov eax,[eax+0x1c] mov edx,[ebp-0xc] add eax,[edx+0x1c] mov [ebx+0x1c],eax mov eax,[ebp-0x8] mov eax,[eax+0x20] mov edx,[ebp-0xc] add eax,[edx+0x20] mov [ebx+0x20],eax jmp short JUMP_005601 JUMP_005598: ; Pos = 525e2 push byte +0x0 movsx eax,byte [ebp+0xc] push eax push ebx push esi call FUNC_001477 add esp,byte +0x10 jmp short JUMP_005601 JUMP_005599: ; Pos = 525f5 push byte +0x0 movsx eax,byte [ebp+0xc] push eax push ebx push esi call FUNC_001477 add esp,byte +0x10 jmp short JUMP_005601 JUMP_005600: ; Pos = 52608 xor eax,eax mov al,[edi+0x3] xor edx,edx mov dl,[edi+0x4] shl edx,0x8 add eax,edx push eax push esi call FUNC_001474 add esp,byte +0x8 push eax xor eax,eax mov al,[edi+0x2] push eax push ebx push esi call FUNC_001477 add esp,byte +0x10 JUMP_005601: ; Pos = 52632 cmp dword [ebp+0x10],byte +0x0 jz JUMP_005603 mov eax,[ebx+0x18] add eax,[esi+0x4] mov [ebx+0x4],eax mov eax,[ebx+0x1c] add eax,[esi+0x8] mov [ebx+0x8],eax mov eax,[ebx+0x20] add eax,[esi+0xc] mov [ebx+0xc],eax lea eax,[ebx+0x4] push eax push ebx call FUNC_001479 add esp,byte +0x8 test eax,eax jz JUMP_005602 mov ax,0x8002 mov [ebx+0x2],ax mov [ebx],ax JUMP_005602: ; Pos = 5266f mov eax,[esi+0xf0] mov [ebx+0x14],eax JUMP_005603: ; Pos = 52678 mov eax,ebx JUMP_005604: ; Pos = 5267a pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001479: ; Pos = 52681 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] cmp dword [ebx+0x8],byte +0x40 jnl JUMP_005605 mov eax,0x1 pop ebx pop ebp ret JUMP_005605: ; Pos = 52696 cmp dword [ebx+0x8],0x10000 jng JUMP_005606 mov eax,[ebx] mov edx,[ebx+0x8] sar edx,0x8 mov ecx,edx cdq idiv ecx mov ecx,eax add ecx,0xa0 mov eax,[ebx+0x4] mov edx,[ebx+0x8] sar edx,0x8 mov ebx,edx cdq idiv ebx push eax mov eax,0x4f pop edx sub eax,edx jmp short JUMP_005607 JUMP_005606: ; Pos = 526cd mov eax,[ebx] shl eax,0x8 cdq idiv dword [ebx+0x8] mov ecx,eax add ecx,0xa0 mov eax,[ebx+0x4] shl eax,0x8 cdq idiv dword [ebx+0x8] push eax mov eax,0x4f pop edx sub eax,edx JUMP_005607: ; Pos = 526f1 test ecx,ecx jnl JUMP_005608 mov edx,ecx neg edx jmp short JUMP_005609 JUMP_005608: ; Pos = 526fb mov edx,ecx JUMP_005609: ; Pos = 526fd test eax,eax jnl JUMP_005610 mov ebx,eax neg ebx jmp short JUMP_005611 JUMP_005610: ; Pos = 52707 mov ebx,eax JUMP_005611: ; Pos = 52709 or edx,ebx cmp edx,0x1f00 jng JUMP_005613 JUMP_005612: ; Pos = 52713 sar ecx,1 sar eax,1 sar edx,1 cmp edx,0x1f00 jg JUMP_005612 JUMP_005613: ; Pos = 52721 mov edx,[ebp+0x8] mov [edx],cx mov edx,[ebp+0x8] mov [edx+0x2],ax xor eax,eax pop ebx pop ebp ret FUNC_001480: ; Pos = 52733 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov eax,[ebp+0x8] mov edx,DATA_009201 mov ecx,[edx] mov esi,ecx mov cx,[eax+0x8d] mov [esi],cx mov cl,[eax+0x8f] mov [esi+0x2],cl mov ecx,[edx] and byte [ecx+0x3],0xfe mov ecx,[edx] and byte [ecx+0x3],0xfd mov ecx,[edx] lea esi,[ecx+0x8] mov cx,[eax+0x90] mov [esi],cx mov cl,[eax+0x92] mov [esi+0x2],cl mov eax,[edx] and byte [eax+0xb],0xfe mov eax,[edx] and byte [eax+0xb],0xfd mov eax,0x2 jmp short JUMP_005615 JUMP_005614: ; Pos = 52791 mov ecx,[edx] or byte [ecx+eax*8+0x3],0x1 mov ecx,[edx] or byte [ecx+eax*8+0x3],0x2 inc eax JUMP_005615: ; Pos = 527a0 cmp eax,[ebx+0x10] jl JUMP_005614 pop esi pop ebx pop ebp ret FUNC_001481: ; Pos = 527a9 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov ebx,[ebp+0xc] mov eax,[ebp+0x8] mov edx,ebx sar edx,1 mov esi,edx add esi,esi lea esi,[esi+esi*2] add esi,[eax+0x154] add esi,byte -0x6 mov edx,ebx shl edx,0x3 add edx,[DATA_009201] xor ecx,ecx mov cl,[esi] movsx edi,byte [esi+0x2] shl edi,0x8 mov [ebp-0xc],edi test bl,0x1 jz JUMP_005616 neg dword [ebp-0xc] JUMP_005616: ; Pos = 527ed movsx edi,byte [esi+0x3] shl edi,0x8 mov [ebp-0x8],edi movsx esi,byte [esi+0x4] shl esi,0x8 mov [ebp-0x4],esi mov esi,ecx sar esi,1 lea esi,[esi+esi*2] mov edi,[eax+0x150] movsx esi,byte [edi+esi*2+0x2] mov [ebp-0x18],esi xor ebx,ecx test bl,0x1 jz JUMP_005617 neg dword [ebp-0x18] JUMP_005617: ; Pos = 52820 mov ebx,ecx sar ebx,1 lea ebx,[ebx+ebx*2] mov esi,[eax+0x150] movsx ebx,byte [esi+ebx*2+0x3] mov [ebp-0x14],ebx sar ecx,1 lea ecx,[ecx+ecx*2] mov ebx,[eax+0x150] movsx ecx,byte [ebx+ecx*2+0x4] mov [ebp-0x10],ecx mov ebx,[eax+0x148] sub ebx,[eax+0x44] test ebx,ebx jnl JUMP_005618 mov ecx,ebx neg ecx sar dword [ebp-0x18],cl mov ecx,ebx neg ecx sar dword [ebp-0x14],cl mov ecx,ebx neg ecx sar dword [ebp-0x10],cl jmp short JUMP_005619 JUMP_005618: ; Pos = 5286c test ebx,ebx jng JUMP_005619 mov ecx,ebx shl dword [ebp-0x18],cl mov ecx,ebx shl dword [ebp-0x14],cl mov ecx,ebx shl dword [ebp-0x10],cl JUMP_005619: ; Pos = 5287f mov ecx,[eax+0x48] neg ecx add [ebp-0x18],ecx mov ecx,[eax+0x4c] neg ecx add [ebp-0x14],ecx mov ecx,[eax+0x50] neg ecx add [ebp-0x10],ecx mov ebx,[eax+0x38] imul ebx,[ebp-0xc] mov ecx,[eax+0x3c] imul ecx,[ebp-0x8] add ebx,ecx mov ecx,[eax+0x40] imul ecx,[ebp-0x4] add ebx,ecx test ebx,ebx jl JUMP_005620 mov byte [edx],0x0 mov byte [edx+0x1],0x0 mov byte [edx+0x2],0x0 jmp short JUMP_005621 JUMP_005620: ; Pos = 528c1 sar ebx,0x1b and ebx,byte +0x7 lea ecx,[ebx+ebx*2] mov bx,[eax+ecx+0x84] mov [edx],bx mov bl,[eax+ecx+0x86] mov [edx+0x2],bl JUMP_005621: ; Pos = 528df mov eax,[ebp-0x18] imul eax,[ebp-0xc] mov ecx,[ebp-0x14] imul ecx,[ebp-0x8] add eax,ecx mov ecx,[ebp-0x10] imul ecx,[ebp-0x4] add eax,ecx test eax,eax jl JUMP_005622 and byte [edx+0x3],0xfd or byte [edx+0x3],0x1 mov eax,edx jmp short JUMP_005623 JUMP_005622: ; Pos = 52908 and byte [edx+0x3],0xfd and byte [edx+0x3],0xfe mov eax,edx JUMP_005623: ; Pos = 52912 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001482: ; Pos = 52919 push ebp mov ebp,esp push ecx mov ax,[ebp+0xa] add ax,[ebp+0xe] mov [ebp-0x2],ax movsx eax,word [ebp+0x8] movsx edx,word [ebp+0xc] imul edx sar eax,0xf mov [ebp-0x4],ax mov eax,[ebp-0x4] pop ecx pop ebp ret FUNC_001483: ; Pos = 52975 push ebp mov ebp,esp push ecx cmp word [ebp+0xc],byte +0x0 jnz JUMP_005624 mov word [ebp-0x2],0x7f mov word [ebp-0x4],0x7fff mov eax,[ebp-0x4] pop ecx pop ebp ret JUMP_005624: ; Pos = 52992 mov ax,[ebp+0xa] sub ax,[ebp+0xe] mov [ebp-0x2],ax movsx eax,word [ebp+0x8] shl eax,0xe movsx edx,word [ebp+0xc] mov ecx,edx cdq idiv ecx mov [ebp-0x4],ax movsx eax,word [ebp-0x4] cdq xor eax,edx sub eax,edx cmp eax,0x4000 jl JUMP_005625 inc word [ebp-0x2] jmp short JUMP_005626 JUMP_005625: ; Pos = 529c8 shl word [ebp-0x4],1 JUMP_005626: ; Pos = 529cc mov eax,[ebp-0x4] pop ecx pop ebp ret FUNC_001484: ; Pos = 529d2 push ebp mov ebp,esp mov ax,[ebp+0xe] sub [ebp+0xa],ax cmp word [ebp+0xc],byte +0x0 jz JUMP_005627 movsx eax,word [ebp+0x8] shl eax,0xe movsx edx,word [ebp+0xc] mov ecx,edx cdq idiv ecx mov [ebp+0x8],dx JUMP_005627: ; Pos = 529f8 mov eax,[ebp+0x8] pop ebp ret FUNC_001485: ; Pos = 529fd push ebp mov ebp,esp neg word [ebp+0xc] push dword [ebp+0xc] push dword [ebp+0x8] call FUNC_001486 add esp,byte +0x8 pop ebp ret FUNC_001486: ; Pos = 52a14 push ebp mov ebp,esp push ecx push ebx lea ebx,[ebp-0x4] mov ax,[ebp+0xa] cmp ax,[ebp+0xe] jng JUMP_005629 movsx eax,word [ebp+0xa] movsx edx,word [ebp+0xe] add edx,byte +0x1f cmp eax,edx jng JUMP_005628 mov eax,[ebp+0x8] jmp JUMP_005635 JUMP_005628: ; Pos = 52a3d mov ax,[ebp+0xa] mov [ebx+0x2],ax movsx ecx,word [ebp+0xa] movsx eax,word [ebp+0xe] sub ecx,eax movsx eax,word [ebp+0xc] sar eax,cl mov ecx,eax movsx eax,word [ebp+0x8] add ecx,eax jmp short JUMP_005631 JUMP_005629: ; Pos = 52a5f movsx eax,word [ebp+0xe] movsx edx,word [ebp+0xa] add edx,byte +0x1f cmp eax,edx jng JUMP_005630 mov eax,[ebp+0xc] jmp short JUMP_005635 JUMP_005630: ; Pos = 52a73 mov ax,[ebp+0xe] mov [ebx+0x2],ax movsx ecx,word [ebp+0xe] movsx eax,word [ebp+0xa] sub ecx,eax movsx eax,word [ebp+0x8] sar eax,cl mov ecx,eax movsx eax,word [ebp+0xc] add ecx,eax JUMP_005631: ; Pos = 52a93 mov eax,ecx cdq xor eax,edx sub eax,edx cmp eax,0x7fff jng JUMP_005632 sar ecx,1 mov [ebx],cx inc word [ebx+0x2] mov eax,[ebx] jmp short JUMP_005635 JUMP_005632: ; Pos = 52aae mov [ebx],cx test cx,cx jnz JUMP_005634 mov eax,[ebx] jmp short JUMP_005635 JUMP_005633: ; Pos = 52aba shl word [ebx],1 dec word [ebx+0x2] JUMP_005634: ; Pos = 52ac1 movsx eax,word [ebx] cdq xor eax,edx sub eax,edx cmp eax,0x3fff jl JUMP_005633 mov eax,[ebx] JUMP_005635: ; Pos = 52ad2 pop ebx pop ecx pop ebp ret FUNC_001487: ; Pos = 52ad6 push ebp mov ebp,esp add esp,byte -0x8 push ebx mov ebx,[ebp+0x8] neg dword [ebp+0x18] push dword [ebp+0x18] push dword [ebp+0x14] push dword [ebp+0x10] push dword [ebp+0xc] lea eax,[ebp-0x8] push eax call FUNC_001488 add esp,byte +0x14 mov eax,[ebp-0x8] mov [ebx],eax mov eax,[ebp-0x4] mov [ebx+0x4],eax mov eax,ebx pop ebx pop ecx pop ecx pop ebp ret FUNC_001488: ; Pos = 52b0d push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi mov ebx,[ebp+0x8] lea esi,[ebp-0x8] mov eax,[ebp+0xc] cmp eax,[ebp+0x14] jng JUMP_005637 mov eax,[ebp+0x14] add eax,byte +0x1f cmp eax,[ebp+0xc] jnl JUMP_005636 mov eax,[ebp+0xc] mov [ebx],eax mov eax,[ebp+0x10] mov [ebx+0x4],eax mov eax,ebx jmp JUMP_005642 JUMP_005636: ; Pos = 52b40 mov eax,[ebp+0xc] inc eax mov [esi],eax mov ecx,[esi] sub ecx,[ebp+0x14] mov eax,[ebp+0x18] sar eax,cl mov edx,[ebp+0x10] sar edx,1 add eax,edx mov [esi+0x4],eax jmp short JUMP_005639 JUMP_005637: ; Pos = 52b5c mov eax,[ebp+0xc] add eax,byte +0x1f cmp eax,[ebp+0x14] jnl JUMP_005638 mov eax,[ebp+0x14] mov [ebx],eax mov eax,[ebp+0x18] mov [ebx+0x4],eax mov eax,ebx jmp short JUMP_005642 JUMP_005638: ; Pos = 52b76 mov eax,[ebp+0x14] inc eax mov [esi],eax mov ecx,[esi] sub ecx,[ebp+0xc] mov eax,[ebp+0x10] sar eax,cl mov edx,[ebp+0x18] sar edx,1 add eax,edx mov [esi+0x4],eax JUMP_005639: ; Pos = 52b90 cmp dword [esi+0x4],byte +0x0 jnz JUMP_005641 mov eax,[esi] mov [ebx],eax mov eax,[esi+0x4] mov [ebx+0x4],eax mov eax,ebx jmp short JUMP_005642 JUMP_005640: ; Pos = 52ba4 shl dword [esi+0x4],1 dec dword [esi] JUMP_005641: ; Pos = 52ba9 mov eax,[esi+0x4] cdq xor eax,edx sub eax,edx cmp eax,0x40000000 jl JUMP_005640 mov eax,[esi] mov [ebx],eax mov eax,[esi+0x4] mov [ebx+0x4],eax mov eax,ebx JUMP_005642: ; Pos = 52bc4 pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001489: ; Pos = 52bca push ebp mov ebp,esp push ecx mov eax,[ebp+0x8] test eax,eax jnz JUMP_005643 mov word [ebp-0x2],0xfff9 mov word [ebp-0x4],0x0 mov eax,[ebp-0x4] pop ecx pop ebp ret JUMP_005643: ; Pos = 52be7 mov word [ebp-0x2],0x20 test eax,eax jng JUMP_005645 JUMP_005644: ; Pos = 52bf1 add eax,eax dec word [ebp-0x2] test eax,eax jg JUMP_005644 JUMP_005645: ; Pos = 52bfb shr eax,0x11 mov [ebp-0x4],ax mov eax,[ebp-0x4] pop ecx pop ebp ret FUNC_001490: ; Pos = 52c08 push ebp mov ebp,esp push ecx mov ecx,[ebp+0x8] test ecx,ecx jnz JUMP_005646 mov word [ebp-0x2],0xfff9 mov word [ebp-0x4],0x0 mov eax,[ebp-0x4] pop ecx pop ebp ret JUMP_005646: ; Pos = 52c25 mov word [ebp-0x2],0x1f jmp short JUMP_005648 JUMP_005647: ; Pos = 52c2d add ecx,ecx dec word [ebp-0x2] JUMP_005648: ; Pos = 52c33 mov eax,ecx cdq xor eax,edx sub eax,edx cmp eax,0x40000000 jl JUMP_005647 sar ecx,0x10 mov [ebp-0x4],cx mov eax,[ebp-0x4] pop ecx pop ebp ret FUNC_001491: ; Pos = 52c4e push ebp mov ebp,esp cmp word [ebp+0xa],byte +0x1f jg JUMP_005649 movsx eax,word [ebp+0xa] mov ecx,0x1f sub ecx,eax movsx eax,word [ebp+0x8] shl eax,0x10 sar eax,cl pop ebp ret JUMP_005649: ; Pos = 52c6e mov eax,0x80000000 cmp word [ebp+0x8],byte +0x0 jl JUMP_005650 add eax,0x80000000 JUMP_005650: ; Pos = 52c7f pop ebp ret FUNC_001492: ; Pos = 52c81 push ebp mov ebp,esp movsx eax,word [ebp+0x8] shl eax,0x10 movsx edx,word [ebp+0xa] mov ecx,0x1f sub ecx,edx sar eax,cl pop ebp ret FUNC_001493: ; Pos = 52c9a push ebp mov ebp,esp cmp word [ebp+0xa],byte +0xf jg JUMP_005651 movsx eax,word [ebp+0xa] mov ecx,0xf sub ecx,eax movsx eax,word [ebp+0x8] sar eax,cl pop ebp ret JUMP_005651: ; Pos = 52cb7 mov eax,0x80000000 cmp word [ebp+0x8],byte +0x0 jl JUMP_005652 add eax,0x80000000 JUMP_005652: ; Pos = 52cc8 pop ebp ret FUNC_001494: ; Pos = 52cca push ebp mov ebp,esp cmp word [ebp+0xa],byte +0xf jg JUMP_005653 movsx eax,word [ebp+0xa] mov ecx,0xf sub ecx,eax movsx eax,word [ebp+0x8] shr eax,cl pop ebp ret JUMP_005653: ; Pos = 52ce7 cmp word [ebp+0xa],byte +0x20 jg JUMP_005654 movsx ecx,word [ebp+0xa] add ecx,byte -0xf movsx eax,word [ebp+0x8] shl eax,cl pop ebp ret JUMP_005654: ; Pos = 52cfd or eax,byte -0x1 pop ebp ret FUNC_001495: ; Pos = 52d02 push ebp mov ebp,esp add esp,byte -0x8 push ebx mov ebx,[ebp+0x8] movsx eax,word [ebp+0xc] mov [ebp-0x8],eax movsx eax,word [ebp+0xc] sar eax,0x1f mov [ebp-0x4],eax movsx eax,word [ebp+0xe] add eax,byte -0xf push eax lea eax,[ebp-0x8] push eax call FUNC_001341_Int64ArithShift add esp,byte +0x8 mov eax,[ebp-0x8] mov [ebx],eax mov eax,[ebp-0x4] mov [ebx+0x4],eax mov eax,ebx pop ebx pop ecx pop ecx pop ebp ret FUNC_001496: ; Pos = 52d43 push ebp mov ebp,esp cmp word [ebp+0x8],byte +0x0 jz JUMP_005657 jmp short JUMP_005656 JUMP_005655: ; Pos = 52d4f shl word [ebp+0x8],1 dec word [ebp+0xa] JUMP_005656: ; Pos = 52d57 movsx eax,word [ebp+0x8] test ah,0x40 jz JUMP_005655 JUMP_005657: ; Pos = 52d60 mov eax,[ebp+0x8] pop ebp ret FUNC_001497: ; Pos = 52d65 push ebp mov ebp,esp cmp word [ebp+0x8],byte +0x0 jz JUMP_005660 jmp short JUMP_005659 JUMP_005658: ; Pos = 52d71 shl word [ebp+0x8],1 dec word [ebp+0xa] JUMP_005659: ; Pos = 52d79 movsx eax,word [ebp+0x8] movsx edx,word [ebp+0x8] add edx,edx xor eax,edx jnl JUMP_005658 JUMP_005660: ; Pos = 52d87 mov eax,[ebp+0x8] pop ebp ret FUNC_001498: ; Pos = 52d8c push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [ebp+0x10],byte +0x0 jz JUMP_005663 jmp short JUMP_005662 JUMP_005661: ; Pos = 52d9a shl dword [ebp+0x10],1 dec dword [ebp+0xc] JUMP_005662: ; Pos = 52da0 mov edx,[ebp+0x10] add edx,edx xor edx,[ebp+0x10] jnl JUMP_005661 JUMP_005663: ; Pos = 52daa mov edx,[ebp+0xc] mov [eax],edx mov edx,[ebp+0x10] mov [eax+0x4],edx pop ebp ret FUNC_001499: ; Pos = 52db7 push ebp mov ebp,esp cmp word [ebp+0x8],byte +0x0 jz JUMP_005666 jmp short JUMP_005665 JUMP_005664: ; Pos = 52dc3 shl word [ebp+0x8],1 dec word [ebp+0xa] JUMP_005665: ; Pos = 52dcb movsx eax,word [ebp+0x8] test ah,0x80 jz JUMP_005664 JUMP_005666: ; Pos = 52dd4 mov eax,[ebp+0x8] pop ebp ret FUNC_001500: ; Pos = 52dd9 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x10] mov ecx,[ebp+0xc] mov eax,ecx xor edx,edx div ebx mov eax,[ebp+0x8] mov [eax],edx mov eax,ecx xor edx,edx div ebx pop ebx pop ebp ret FUNC_001501: ; Pos = 52df7 push ebp mov ebp,esp push ebx mov ecx,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,0x1 test ebx,ebx jnl JUMP_005667 mov edx,ebx neg edx jmp short JUMP_005668 JUMP_005667: ; Pos = 52e10 mov edx,ebx JUMP_005668: ; Pos = 52e12 add edx,edx add eax,eax cmp ecx,edx ja JUMP_005669 sub edx,ecx inc eax JUMP_005669: ; Pos = 52e1d test eax,eax jg JUMP_005668 and eax,0x7fffffff test ebx,ebx jnl JUMP_005670 mov edx,eax neg edx jmp short JUMP_005671 JUMP_005670: ; Pos = 52e30 mov edx,eax JUMP_005671: ; Pos = 52e32 mov eax,edx pop ebx pop ebp ret FUNC_001502: ; Pos = 52e37 push ebp mov ebp,esp push ecx push ebx push esi xor eax,eax mov edx,0x80000000 cmp edx,[ebp+0x8] jna JUMP_005673 JUMP_005672: ; Pos = 52e49 inc eax shr edx,0x2 cmp edx,[ebp+0x8] ja JUMP_005672 JUMP_005673: ; Pos = 52e52 xor edx,edx mov [ebp-0x4],edx xor edx,edx cmp eax,byte +0xf jg JUMP_005676 JUMP_005674: ; Pos = 52e5e lea ecx,[eax-0x1] mov ebx,[ebp-0x4] shr ebx,cl add ebx,edx mov ecx,eax add ecx,ecx mov esi,0x80000000 shr esi,cl add ebx,esi mov ecx,ebx cmp ecx,[ebp+0x8] ja JUMP_005675 mov edx,ecx mov ecx,eax mov ebx,0x80000000 shr ebx,cl add [ebp-0x4],ebx JUMP_005675: ; Pos = 52e8a inc eax cmp eax,byte +0xf jng JUMP_005674 JUMP_005676: ; Pos = 52e90 cmp eax,byte +0x1f jg JUMP_005679 JUMP_005677: ; Pos = 52e95 lea ecx,[eax-0x1] mov ebx,[ebp-0x4] shr ebx,cl mov ecx,ebx add ecx,edx cmp ecx,[ebp+0x8] ja JUMP_005678 mov edx,ecx mov ecx,eax mov ebx,0x80000000 shr ebx,cl add [ebp-0x4],ebx JUMP_005678: ; Pos = 52eb4 inc eax cmp eax,byte +0x1f jng JUMP_005677 JUMP_005679: ; Pos = 52eba mov eax,[ebp-0x4] pop esi pop ebx pop ecx pop ebp ret FUNC_001503: ; Pos = 52ec2 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x8] push dword [ebx] call near [DATA_007737] ; FUNC_001522 pop ecx mov esi,eax push dword [ebx+0x4] call near [DATA_007737] ; FUNC_001522 pop ecx add esi,eax push dword [ebx+0x8] call near [DATA_007737] ; FUNC_001522 pop ecx add esi,eax push esi push dword [ebp+0xc] push ebx call FUNC_001504 add esp,byte +0xc pop esi pop ebx pop ebp ret FUNC_001504: ; Pos = 52efe push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x10] mov edi,[ebp+0xc] mov ebx,[ebp+0x8] add esi,esi push esi call near [DATA_007738] ; FUNC_001502 pop ecx mov esi,eax push edi push esi push dword [ebx] call FUNC_001501 add esp,byte +0x8 push eax call FUNC_001521 add esp,byte +0x8 mov [ebx],eax push edi push esi push dword [ebx+0x4] call FUNC_001501 add esp,byte +0x8 push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x4],eax push edi push esi push dword [ebx+0x8] call FUNC_001501 add esp,byte +0x8 push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x8],eax pop edi pop esi pop ebx pop ebp ret FUNC_001505: ; Pos = 52f67 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x10] mov edi,[ebp+0xc] mov ebx,[ebp+0x8] lea eax,[edi+0x4000] push eax call FUNC_001913_Sin16 pop ecx push eax push esi call FUNC_001913_Sin16 pop ecx pop edx imul edx,eax neg edx sar edx,0xf mov [ebx],edx push edi call FUNC_001913_Sin16 pop ecx push eax push esi call FUNC_001913_Sin16 pop ecx pop edx imul edx,eax sar edx,0xf mov [ebx+0x4],edx add esi,0x4000 push esi call FUNC_001913_Sin16 pop ecx mov [ebx+0x8],eax pop edi pop esi pop ebx pop ebp ret FUNC_001506: ; Pos = 52fc4 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x10] mov edi,[ebp+0xc] mov ebx,[ebp+0x8] push esi call FUNC_001914_Sin32 pop ecx push eax lea eax,[edi+0x4000] push eax call FUNC_001914_Sin32 pop ecx push eax call FUNC_001521 add esp,byte +0x8 neg eax mov [ebx],eax push esi call FUNC_001914_Sin32 pop ecx push eax push edi call FUNC_001914_Sin32 pop ecx push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x4],eax add esi,0x4000 push esi call FUNC_001914_Sin32 pop ecx mov [ebx+0x8],eax pop edi pop esi pop ebx pop ebp ret FUNC_001507: ; Pos = 53025 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov ebx,[ebp+0x14] mov esi,[ebp+0x8] sar ebx,0x10 and ebx,byte -0x10 push ebx push dword [ebp+0x10] lea eax,[ebp-0xc] push eax call near [DATA_007740] ; FUNC_001506 add esp,byte +0xc add ebx,byte +0x10 push ebx push dword [ebp+0x10] lea eax,[ebp-0x18] push eax call near [DATA_007740] ; FUNC_001506 add esp,byte +0xc mov eax, [ebp-0x18] sub eax, [ebp-0xc] mov [ebp-0x24],eax mov eax,[ebp-0x14] sub eax,[ebp-0x8] mov [ebp-0x20],eax mov eax,[ebp-0x10] sub eax,[ebp-0x4] mov [ebp-0x1c],eax ; TEMP mov eax, [ebp-0x24] mov [esi+0x8c], eax mov eax, [ebp-0x20] mov [esi+0x90], eax mov eax, [ebp-0x1c] mov [esi+0x94], eax movsx eax,word [ebp+0xc] imul dword [ebp-0xc] mov [esi+0x3e], eax mov [esi+0x42], edx movsx eax,word [ebp+0xc] imul dword [ebp-0x8] mov [esi+0x46], eax mov [esi+0x4a], edx movsx eax,word [ebp+0xc] imul dword [ebp-0x4] mov [esi+0x4e], eax mov [esi+0x52], edx movsx eax, word [ebp+0xe] add eax, byte -0x2e mov edi, eax push edi lea eax, [esi+0x3e] push eax call FUNC_001341_Int64ArithShift add esp, 8 push edi lea eax, [esi+0x46] push eax call FUNC_001341_Int64ArithShift add esp, 8 push edi lea eax, [esi+0x4e] push eax call FUNC_001341_Int64ArithShift add esp, 8 mov eax, [ebp+0x14] and eax, 0xfffff push eax push dword [ebp+0x8] call FUNC_001508 add esp, 0x8 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001508: ; Pos = 53121 push ebp mov ebp,esp add esp,byte -0x30 push ebx push edi push esi mov ebx,[ebp+0x8] movsx eax,word [ebx+0xb0] mov ecx, [ebp+0xc] shr ecx, 16 imul ecx mov edi, eax mov eax, [ebx+0x8c] imul edi mov [ebp-0x24], eax mov [ebp-0x20], edx mov eax, [ebx+0x90] imul edi mov [ebp-0x1c], eax mov [ebp-0x18], edx mov eax, [ebx+0x94] imul edi mov [ebp-0x14], eax mov [ebp-0x10], edx movsx eax,word [ebx+0xb2] add eax, byte -0x32 mov esi, eax push esi lea eax, [ebp-0x24] push eax call FUNC_001341_Int64ArithShift add esp, 8 push esi lea eax, [ebp-0x1c] push eax call FUNC_001341_Int64ArithShift add esp, 8 push esi lea eax, [ebp-0x14] push eax call FUNC_001341_Int64ArithShift add esp, 8 lea eax, [ebp-0x24] push eax lea eax, [ebx+0x3e] push eax call FUNC_001661_Vec64Add add esp, 8 movsx eax,word [ebx+0xb0] mov ecx, [ebp+0xc] and ecx, 0xffff imul ecx mov edi, eax mov eax, [ebx+0x8c] imul edi mov [ebp-0x24], eax mov [ebp-0x20], edx mov eax, [ebx+0x90] imul edi mov [ebp-0x1c], eax mov [ebp-0x18], edx mov eax, [ebx+0x94] imul edi mov [ebp-0x14], eax mov [ebp-0x10], edx movsx eax,word [ebx+0xb2] add eax, byte -0x42 mov esi, eax push esi lea eax, [ebp-0x24] push eax call FUNC_001341_Int64ArithShift add esp, 8 push esi lea eax, [ebp-0x1c] push eax call FUNC_001341_Int64ArithShift add esp, 8 push esi lea eax, [ebp-0x14] push eax call FUNC_001341_Int64ArithShift add esp, 8 lea eax, [ebp-0x24] push eax lea eax, [ebx+0x3e] push eax call FUNC_001661_Vec64Add add esp, 8 pop esi pop edi pop ebx mov esp,ebp pop ebp ret FUNC_001509: ; Pos = 531c8 push ebp mov ebp,esp add esp,byte -0x10 push ebx mov ebx,[ebp+0x8] mov eax,[ebp+0x10] mov [ebp-0x8],eax mov eax,[ebp+0xc] mov [ebp-0x4],eax push dword [ebp+0x14] push dword [ebp-0x4] push dword [ebp-0x8] lea eax,[ebp-0x10] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 mov eax,[ebp-0xc] shl eax,0x3 mov edx,[ebp-0x10] shr edx,0x1d or eax,edx mov [ebp-0xc],eax shl dword [ebp-0x10],0x3 mov eax,[ebp-0x10] mov [ebx],eax mov eax,[ebp-0xc] mov [ebx+0x4],eax mov eax,ebx pop ebx mov esp,ebp pop ebp ret FUNC_001510: ; Pos = 5321a push ebp mov ebp,esp add esp,byte -0x8 push ebx mov ecx,[ebp+0x1c] mov eax,[ebp+0x14] mov edx,[ebp+0x10] mov ebx,[ebp+0x8] not eax not edx inc eax test eax,eax jnz JUMP_005680 inc edx JUMP_005680: ; Pos = 53237 add eax,ecx add edx,[ebp+0x18] cmp eax,ecx jnc JUMP_005681 inc edx JUMP_005681: ; Pos = 53241 push dword [ebp+0xc] push eax push edx lea eax,[ebp-0x8] push eax call FUNC_001509 add esp,byte +0x10 mov eax,[ebp-0x8] mov [ebx],eax mov eax,[ebp-0x4] mov [ebx+0x4],eax mov eax,ebx pop ebx pop ecx pop ecx pop ebp ret FUNC_001511: ; Pos = 53264 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov ebx,[ebp+0x10] mov edi,[ebp+0xc] xor esi,esi test edi,0x80000000 setnz al and eax,byte +0x1 mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jz JUMP_005682 not ebx inc ebx not edi test ebx,ebx setz al and eax,byte +0x1 add edi,eax JUMP_005682: ; Pos = 53299 shr ebx,0x7 mov eax,edi shl eax,0x19 or ebx,eax shr edi,0x7 test edi,edi jz JUMP_005683 push edi call FUNC_001656_FindMSB pop ecx mov esi,eax inc esi mov ecx,esi shr ebx,cl mov ecx,0x20 sub ecx,esi shl edi,cl or ebx,edi JUMP_005683: ; Pos = 532c3 push ebx call FUNC_001656_FindMSB pop ecx add eax,byte -0xe test eax,eax jnl JUMP_005684 xor eax,eax JUMP_005684: ; Pos = 532d3 add esi,eax mov ecx,eax shr ebx,cl mov eax,[ebp+0x14] mov eax,[eax] mov [ebp-0xc],eax mov eax,[ebp+0x14] mov eax,[eax] sar eax,0x1f mov [ebp-0x8],eax push ebx push dword [ebp-0x8] push dword [ebp-0xc] lea eax,[ebp-0x24] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 mov eax,[ebp+0x14] mov eax,[eax+0x4] mov [ebp-0xc],eax mov eax,[ebp+0x14] mov eax,[eax+0x4] sar eax,0x1f mov [ebp-0x8],eax push ebx push dword [ebp-0x8] push dword [ebp-0xc] lea eax,[ebp-0x1c] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 mov eax,[ebp+0x14] mov eax,[eax+0x8] mov [ebp-0xc],eax mov eax,[ebp+0x14] mov eax,[eax+0x8] sar eax,0x1f mov [ebp-0x8],eax push ebx push dword [ebp-0x8] push dword [ebp-0xc] lea eax,[ebp-0x14] push eax call FUNC_001338_Int64Mul32 add esp,byte +0x10 mov eax,[ebp-0x24] shr eax,0x2 mov edx,[ebp-0x20] shl edx,0x1e or eax,edx mov [ebp-0x24],eax sar dword [ebp-0x20],0x2 mov eax,[ebp-0x1c] shr eax,0x2 mov edx,[ebp-0x18] shl edx,0x1e or eax,edx mov [ebp-0x1c],eax sar dword [ebp-0x18],0x2 mov eax,[ebp-0x14] shr eax,0x2 mov edx,[ebp-0x10] shl edx,0x1e or eax,edx mov [ebp-0x14],eax sar dword [ebp-0x10],0x2 test esi,esi jz JUMP_005685 mov ecx,esi mov eax,[ebp-0x20] shl eax,cl mov ecx,0x20 sub ecx,esi mov edx,[ebp-0x24] shr edx,cl or eax,edx mov [ebp-0x20],eax mov ecx,esi shl dword [ebp-0x24],cl mov ecx,esi mov eax,[ebp-0x18] shl eax,cl mov ecx,0x20 sub ecx,esi mov edx,[ebp-0x1c] shr edx,cl or eax,edx mov [ebp-0x18],eax mov ecx,esi shl dword [ebp-0x1c],cl mov ecx,esi mov eax,[ebp-0x10] shl eax,cl mov ecx,0x20 sub ecx,esi mov edx,[ebp-0x14] shr edx,cl or eax,edx mov [ebp-0x10],eax mov ecx,esi shl dword [ebp-0x14],cl JUMP_005685: ; Pos = 533e9 cmp dword [ebp-0x4],byte +0x0 jz JUMP_005686 mov eax,[ebp-0x24] not eax inc eax mov [ebp-0x24],eax mov eax,[ebp-0x20] not eax cmp dword [ebp-0x24],byte +0x0 setz dl and edx,byte +0x1 add eax,edx mov [ebp-0x20],eax mov eax,[ebp-0x1c] not eax inc eax mov [ebp-0x1c],eax mov eax,[ebp-0x18] not eax cmp dword [ebp-0x1c],byte +0x0 setz dl and edx,byte +0x1 add eax,edx mov [ebp-0x18],eax mov eax,[ebp-0x14] not eax inc eax mov [ebp-0x14],eax mov eax,[ebp-0x10] not eax cmp dword [ebp-0x14],byte +0x0 setz dl and edx,byte +0x1 add eax,edx mov [ebp-0x10],eax JUMP_005686: ; Pos = 53446 lea eax,[ebp-0x24] push eax push dword [ebp+0x8] call FUNC_001661_Vec64Add add esp,byte +0x8 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001512: ; Pos = 5345c push ebp mov ebp,esp mov eax,[ebp+0x8] lea edx,[eax+0x8c] push edx push dword [ebp+0x10] push dword [ebp+0xc] add eax,byte +0x3e push eax call FUNC_001511 add esp,byte +0x10 pop ebp ret FUNC_001513: ; Pos = 5347d push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov esi,[ebp+0x10] mov edi,[ebp+0x8] lea eax,[esi+0x4000] push eax call FUNC_001914_Sin32 pop ecx mov ebx,eax push esi call FUNC_001914_Sin32 pop ecx mov esi,eax mov eax,[edi] mov [ebp-0xc],eax mov eax,[edi+0x4] mov [ebp-0x8],eax mov eax,[edi+0x8] mov [ebp-0x4],eax mov eax,[ebp+0xc] mov edx,[eax] mov [ebp-0x18],edx mov edx,[eax+0x4] mov [ebp-0x14],edx mov edx,[eax+0x8] mov [ebp-0x10],edx push ebx push dword [ebp-0xc] call FUNC_001521 add esp,byte +0x8 push eax push esi push dword [ebp-0x18] call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [edi],edx push ebx push dword [ebp-0x8] call FUNC_001521 add esp,byte +0x8 push eax push esi push dword [ebp-0x14] call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [edi+0x4],edx push ebx push dword [ebp-0x4] call FUNC_001521 add esp,byte +0x8 push eax push esi push dword [ebp-0x10] call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [edi+0x8],edx push ebx push dword [ebp-0x18] call FUNC_001521 add esp,byte +0x8 mov edi,eax push esi push dword [ebp-0xc] call FUNC_001521 add esp,byte +0x8 sub edi,eax mov eax,[ebp+0xc] mov [eax],edi push ebx push dword [ebp-0x14] call FUNC_001521 add esp,byte +0x8 mov edi,eax push esi push dword [ebp-0x8] call FUNC_001521 add esp,byte +0x8 sub edi,eax mov eax,[ebp+0xc] mov [eax+0x4],edi push ebx push dword [ebp-0x10] call FUNC_001521 add esp,byte +0x8 mov ebx,eax push esi push dword [ebp-0x4] call FUNC_001521 add esp,byte +0x8 sub ebx,eax mov eax,[ebp+0xc] mov [eax+0x8],ebx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001514: ; Pos = 53591 push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,[eax+0x3e] mov ebx,[edx] add [eax+0x3e],ebx mov ebx,[edx] sar ebx,0x1f cmp ecx,[eax+0x3e] seta cl and ecx,byte +0x1 add ebx,ecx add [eax+0x42],ebx mov ecx,[eax+0x46] mov ebx,[edx+0x4] add [eax+0x46],ebx mov ebx,[edx+0x4] sar ebx,0x1f cmp ecx,[eax+0x46] seta cl and ecx,byte +0x1 add ebx,ecx add [eax+0x4a],ebx mov ecx,[eax+0x4e] mov ebx,[edx+0x8] add [eax+0x4e],ebx mov edx,[edx+0x8] sar edx,0x1f cmp ecx,[eax+0x4e] seta cl and ecx,byte +0x1 add edx,ecx add [eax+0x52],edx pop ebx pop ebp ret FUNC_001515: ; Pos = 535f3 push ebp mov ebp,esp mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,eax and ecx,0xffff imul ecx,edx shr ecx,0x10 shr eax,0x10 imul edx add ecx,eax mov eax,ecx pop ebp ret FUNC_001516: ; Pos = 53615 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] test ebx,ebx jnl JUMP_005687 neg ebx push ebx push esi call near [DATA_007747] ; FUNC_001515 add esp,byte +0x8 add eax,eax neg eax jmp short JUMP_005688 JUMP_005687: ; Pos = 53637 push ebx push esi call near [DATA_007747] ; FUNC_001515 add esp,byte +0x8 add eax,eax JUMP_005688: ; Pos = 53644 pop esi pop ebx pop ebp ret FUNC_001517: ; Pos = 53648 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x10] mov edx,[ebp+0xc] mov eax,[ebp+0x8] xor ecx,ecx mov [eax],ecx xor ecx,ecx mov [eax+0x8],ecx xor ecx,ecx mov [eax+0x10],ecx cmp ebx,byte +0x20 jl JUMP_005689 sub ebx,byte +0x20 mov ecx,ebx mov esi,[edx] shl esi,cl mov [eax+0x4],esi mov ecx,ebx mov esi,[edx+0x4] shl esi,cl mov [eax+0xc],esi mov ecx,ebx mov edx,[edx+0x8] shl edx,cl mov [eax+0x14],edx jmp short JUMP_005690 JUMP_005689: ; Pos = 5368b mov ecx,[edx] mov [eax+0x4],ecx mov ecx,[edx+0x4] mov [eax+0xc],ecx mov edx,[edx+0x8] mov [eax+0x14],edx mov edx,0x20 sub edx,ebx push edx push eax call FUNC_001660_Vec64Shift add esp,byte +0x8 JUMP_005690: ; Pos = 536ad pop esi pop ebx pop ebp ret FUNC_001518: ; Pos = 536b1 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push dword [ebp+0xc] push ebx call FUNC_001519 add esp,byte +0x8 sar dword [ebx],0x10 sar dword [ebx+0x4],0x10 sar dword [ebx+0x8],0x10 pop ebx pop ebp ret FUNC_001519: ; Pos = 536d2 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0xc] push edi call FUNC_001466 pop ecx mov ebx,eax inc ebx push ebx call FUNC_001656_FindMSB pop ecx mov esi,0x1f sub esi,eax mov ecx,esi shl ebx,cl shr ebx,1 push ebx push dword 0x3f800000 call FUNC_001523 add esp,byte +0x8 shr eax,1 mov ebx,eax mov eax,ebx dec eax push eax push dword [edi] call FUNC_001521 add esp,byte +0x8 lea ecx,[esi+0x1] shl eax,cl mov edx,[ebp+0x8] mov [edx],eax mov eax,ebx dec eax push eax push dword [edi+0x4] call FUNC_001521 add esp,byte +0x8 lea ecx,[esi+0x1] shl eax,cl mov edx,[ebp+0x8] mov [edx+0x4],eax dec ebx push ebx push dword [edi+0x8] call FUNC_001521 add esp,byte +0x8 lea ecx,[esi+0x1] shl eax,cl mov edx,[ebp+0x8] mov [edx+0x8],eax pop edi pop esi pop ebx pop ebp ret FUNC_001520: ; Pos = 5375a push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push ebx push ebx call FUNC_001519 add esp,byte +0x8 lea eax,[ebx+0x18] push eax lea eax,[ebx+0x18] push eax call FUNC_001519 add esp,byte +0x8 push ebx lea eax,[ebx+0x18] push eax lea eax,[ebx+0xc] push eax call FUNC_001552 add esp,byte +0xc lea eax,[ebx+0xc] push eax lea eax,[ebx+0xc] push eax call FUNC_001519 add esp,byte +0x8 lea eax,[ebx+0x18] push eax lea eax,[ebx+0xc] push eax push ebx call FUNC_001552 add esp,byte +0xc pop ebx pop ebp ret FUNC_001521: ; Pos = 537b0 push ebp mov ebp,esp mov eax,[ebp+0x8] imul dword [ebp+0xc] shl eax,1 rcl edx,1 mov eax,edx pop ebp ret FUNC_001522: ; Pos = 537c1 push ebp mov ebp,esp mov eax,[ebp+0x8] imul eax mov eax,edx pop ebp ret FUNC_001523: ; Pos = 537cd push ebp mov ebp,esp mov eax,[ebp+0x8] shr eax,1 cmp eax,[ebp+0xc] jc JUMP_005691 or eax,byte -0x1 pop ebp ret JUMP_005691: ; Pos = 537df mov edx,[ebp+0x8] mov eax,edx shr edx,1 shl eax,0x1f div dword [ebp+0xc] pop ebp ret FUNC_001524_TogglePtr: ; Pos = 537f4 ; test byte [DATA_008835],0x20 ; jz JUMP_005692 ; call FUNC_001631_DisablePtr ; ret ; JUMP_005692: ; Pos = 53803 ; call FUNC_001630_EnablePtr ret FUNC_001525_nothing: ; Pos = 53814 ret FUNC_001526_nothing: ; Pos = 53818 ret FUNC_001527_SysInit: ; Pos = 5381c call _SystemInit call FUNC_001407_KeybInit call FUNC_001596_DisplayInit call FUNC_001900_SoundInit call FUNC_001416_TimerInit ret FUNC_001528_SysCleanup: ; Pos = 5397c call FUNC_000117 call FUNC_001903_SoundStopSong call FUNC_001417_TimerCleanup call FUNC_001408_KeybCleanup call FUNC_001883_VideoCleanup call _SystemCleanup ret FUNC_001529_SysExit: ; Pos = 539e4 call FUNC_001528_SysCleanup push byte +0x0 call _exit pop ecx ret FUNC_001530: ; Pos = 539f4 mov edx,[DATA_008818] mov eax,[DATA_008820] xor eax,0x1234567f mov ecx,eax shl ecx,0x19 shr eax,0x7 or ecx,eax mov eax,ecx add [DATA_008818],eax mov eax,edx shl eax,0xd shr edx,0x13 or eax,edx mov edx,eax mov [DATA_008820],edx mov eax,[DATA_008818] and eax,0xffff ret FUNC_001531: ; Pos = 53a34 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,eax lea eax,[edx+eax*4] lea eax,[edx+eax*4] lea eax,[edx+eax*8] add eax,eax add eax,[DATA_007758] add eax,byte +0x74 pop ebp ret FUNC_001532: ; Pos = 53a54 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,eax lea eax,[edx+eax*4] lea eax,[edx+eax*4] lea eax,[edx+eax*8] add eax,eax add eax,[ebp+0xc] add eax,byte +0x74 pop ebp ret FUNC_001533: ; Pos = 53a70 push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0x10] mov eax,[ebp+0xc] mov ebx,[ebp+0x8] movzx edi,byte [ebx+0x86] cmp eax,ebx jz JUMP_005711 push dword 0x152 push eax push ebx call _memcpy add esp,byte +0xc test esi,esi jz JUMP_005710 mov eax,edi mov [ebx+0x86],al jmp short JUMP_005711 JUMP_005710: ; Pos = 53aa8 mov byte [ebx+0x86],0x0 JUMP_005711: ; Pos = 53aaf test esi,esi jz near JUMP_005718 mov eax,[DATA_008804] mov [ebx+0xa8],eax mov eax,[DATA_008807] mov [ebx+0xac],eax mov [ebx+0x82],esi push esi call FUNC_001538 pop ecx mov esi,eax mov ax,[esi+0x2c] mov [ebp-0x4],ax mov ax,[esi+0x14] add ax,[esi+0x18] add ax,byte +0x7 mov [ebp-0x2],ax mov eax,[ebp-0x4] push eax lea eax,[ebx+0x138] push eax call near [DATA_007734] ; FUNC_001495 add esp,byte +0x8 mov ax,[esi+0x30] mov [ebp-0x4],ax mov ax,[esi+0x14] add ax,[esi+0x18] add ax,byte +0x7 mov [ebp-0x2],ax mov eax,[ebp-0x4] push eax lea eax,[ebx+0x140] push eax call near [DATA_007734] ; FUNC_001495 add esp,byte +0x8 mov byte [ebx+0x151],0x0 mov byte [ebx+0x25],0x0 mov byte [ebx+0x124],0x0 xor edx,edx mov dl,[esi+0x24] sar edx,0x4 and dl,0x7 mov eax,[esi+0x34] test eax,eax jz JUMP_005712 cmp byte [eax],0x0 jz JUMP_005712 mov al,0x80 jmp short JUMP_005713 JUMP_005712: ; Pos = 53b61 xor eax,eax JUMP_005713: ; Pos = 53b63 or dl,al mov [ebx+0x14c],dl mov byte [ebx+0x88],0xff mov eax,[esi+0x38] test eax,eax jz near JUMP_005718 mov ax,[eax] mov [ebx+0xc4],ax mov eax,[esi+0x38] mov ax,[eax+0x2] mov [ebx+0xc6],ax mov [ebx+0xc2],ax mov [ebx+0xbe],ax neg ax mov [ebx+0xc0],ax mov edx,eax mov [ebx+0xbc],dx cmp dx,0x1329 jl JUMP_005714 mov byte [ebx+0x101],0x2 jmp short JUMP_005716 JUMP_005714: ; Pos = 53bc6 cmp word [ebx+0xbc],0xaa5 jl JUMP_005715 mov byte [ebx+0x101],0x1 jmp short JUMP_005716 JUMP_005715: ; Pos = 53bda mov byte [ebx+0x101],0x0 JUMP_005716: ; Pos = 53be1 mov eax,[esi+0x38] mov al,[eax+0x4] mov [ebx+0xd1],al mov eax,[esi+0x38] mov ax,[eax+0x6] shl eax,0x2 mov [ebx+0xe4],ax mov edx,[esi+0x38] movsx eax,word [edx+0x8] mov si,[edx+0x14] test si,si jnl JUMP_005717 mov edx,esi mov [ebx+0xd0],dl movsx edx,dl sub eax,[edx*4+DATA_007210] JUMP_005717: ; Pos = 53c20 mov [ebx+0x116],ax mov word [ebx+0xe0],0x0 mov word [ebx+0xe2],0x0 JUMP_005718: ; Pos = 53c39 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001534: ; Pos = 53c40 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov ebx,[ebp+0xc] mov edi,[ebp+0x8] mov esi,[DATA_008804] shr esi,0xa mov [DATA_007758],edi push ebx lea eax,[ebp-0x18] push eax call near [DATA_007802] ; FUNC_001677 add esp,byte +0x8 dec dword [DATA_008830] jns JUMP_005719 push ebx push edi call FUNC_001535 add esp,byte +0x8 xor eax,eax mov [DATA_008830],eax JUMP_005719: ; Pos = 53c85 push ebx push dword DATA_008827 push dword DATA_008821 call FUNC_001670_VecMatTMul add esp,byte +0xc cmp byte [ebx+0x57],0x0 jz JUMP_005720 push ebx call near [DATA_007804] ; FUNC_001679 pop ecx add ebx,byte +0x5a push ebx push dword DATA_008827 push dword DATA_008824 call FUNC_001670_VecMatTMul add esp,byte +0xc JUMP_005720: ; Pos = 53cbc mov eax,esi pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001535: ; Pos = 53cc8 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov ebx,esi JUMP_005721: ; Pos = 53cd9 cmp byte [ebx+0x56],0x0 jnz JUMP_005722 push byte +0x72 call near [DATA_007753] ; FUNC_001531 pop ecx mov ebx,eax jmp short JUMP_005723 JUMP_005722: ; Pos = 53cec push edi xor eax,eax mov al,[ebx+0x56] push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax test byte [ebx+0x14c],0x8 jz JUMP_005721 JUMP_005723: ; Pos = 53d07 cmp dword [ebx+0x82],byte +0x17 jnz JUMP_005724 push edi xor eax,eax mov al,[ebx+0x86] dec eax push eax call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax JUMP_005724: ; Pos = 53d26 push esi lea eax,[ebp-0x18] push eax call near [DATA_007802] ; FUNC_001677 add esp,byte +0x8 push byte +0xd lea eax,[ebp-0x18] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov eax,[ebp-0x18] mov [DATA_008827],eax mov eax,[ebp-0x10] mov [DATA_008828],eax mov eax,[ebp-0x8] mov [DATA_008829],eax push dword DATA_008827 push dword DATA_008827 call FUNC_001518 add esp,byte +0x8 push byte +0x18 mov al,[ebx+0x14c] and eax,byte +0x7 shl eax,0x3 lea eax,[eax+eax*2] add eax,DATA_007759 push eax push dword DATA_008831 call _memcpy add esp,byte +0xc pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001536: ; Pos = 53d98 push ebp mov ebp,esp add esp,0xfffffea4 push ebx push esi push edi or byte [DATA_008835],0x2 mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001534 add esp,byte +0x8 mov [ebp-0x4],eax mov esi,0x72 mov eax,[ebp+0x8] lea edi,[eax+0x72] JUMP_005725: ; Pos = 53dc9 test byte [edi],0x8 jz near JUMP_005730 mov eax,[ebp+0x8] push eax push esi call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 mov ebx,eax cmp byte [ebx+0x8b],0x0 jnz near JUMP_005730 mov ax,[ebp-0x4] mov [ebx+0x9c],ax cmp byte [ebx+0x151],0x0 jz near JUMP_005728 cmp byte [ebx+0x14f],0x0 jz JUMP_005726 push byte +0x0 push ebx lea eax,[ebp+0xfffffea4] push eax call FUNC_001533 add esp,byte +0xc mov dword [ebp+0xffffff26],0xa1 movsx eax,byte [ebp-0xb] mov [ebp+0xffffff42],ax call near [DATA_007752] ; FUNC_001530 push eax call near [DATA_007752] ; FUNC_001530 push eax lea eax,[ebp+0xfffffea4] push eax call FUNC_001675_MatBuildYZT add esp,byte +0xc mov eax,[ebp+0xc] push eax lea eax,[ebp+0xfffffea4] push eax call near [DATA_007805] ; FUNC_001680 add esp,byte +0x8 JUMP_005726: ; Pos = 53e68 test byte [ebx+0x151],0x2 jz JUMP_005727 and byte [ebx+0x151],0xfd mov eax,[ebp+0xc] push eax push ebx call near [DATA_007810] ; FUNC_001776 add esp,byte +0x8 JUMP_005727: ; Pos = 53e86 test byte [ebx+0x151],0x1 jz JUMP_005728 mov eax,[ebx+0x82] mov [ebp-0x8],eax and byte [ebx+0x151],0xfe mov eax,[ebx+0x82] push eax call FUNC_001538 pop ecx mov eax,[eax+0x14] mov [ebx+0x7e],eax mov dword [ebx+0x82],0x9d mov eax,[ebp+0xc] push eax push ebx call near [DATA_007805] ; FUNC_001680 add esp,byte +0x8 xor eax,eax mov [ebx+0x7e],eax mov eax,[ebp-0x8] mov [ebx+0x82],eax JUMP_005728: ; Pos = 53ed8 movsx eax,byte [DATA_008838] xor edx,edx mov dl,[ebx+0x86] cmp eax,edx jnz JUMP_005729 mov ax,0x8000 mov [ebx+0x9a],ax mov [ebx+0x98],ax jmp short JUMP_005730 JUMP_005729: ; Pos = 53eff mov eax,[ebp+0xc] push eax push ebx call near [DATA_007805] ; FUNC_001680 add esp,byte +0x8 JUMP_005730: ; Pos = 53f0d dec esi dec edi test esi,esi jg near JUMP_005725 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001537: ; Pos = 53f20 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,[ebp+0x8] mov eax,[ebp+0xc] push eax push edi call FUNC_001534 add esp,byte +0x8 mov [ebp-0x4],eax mov ebx,0x72 lea esi,[edi+0x72] JUMP_005731: ; Pos = 53f42 test byte [esi],0x8 jz JUMP_005733 push edi push ebx call near [DATA_007754] ; FUNC_001532 add esp,byte +0x8 cmp byte [eax+0x8b],0x0 jz JUMP_005732 dec byte [eax+0x8b] jmp short JUMP_005733 JUMP_005732: ; Pos = 53f63 mov dx,[ebp-0x4] mov [eax+0x9c],dx mov edx,[ebp+0xc] push edx push eax call near [DATA_007805] ; FUNC_001680 add esp,byte +0x8 JUMP_005733: ; Pos = 53f7c dec ebx dec esi test ebx,ebx jg JUMP_005731 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001538: ; Pos = 53f88 push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax*4+DATA_004681] pop ebp ret FUNC_001539: ; Pos = 53f98 push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax*4+DATA_004681] pop ebp ret FUNC_001541: ; Pos = 53fb0 push ebp mov ebp,esp call FUNC_000916 pop ebp ret FUNC_001542: ; Pos = 53ff0 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov edx,[ebp+0x8] xor ecx,ecx JUMP_005734: ; Pos = 53ffd mov eax,esi and eax,byte +0xf cmp eax,byte +0xa jnl JUMP_005735 mov ebx,eax add bl,0x30 jmp short JUMP_005736 JUMP_005735: ; Pos = 5400e mov ebx,eax add bl,0x37 JUMP_005736: ; Pos = 54013 mov [edx],bl inc edx shr esi,0x4 inc ecx cmp ecx,byte +0x8 jl JUMP_005734 mov byte [edx],0x0 mov eax,edx pop esi pop ebx pop ebp ret FUNC_001543: ; Pos = 54060 push ebp mov ebp,esp mov eax,[ebp+0xc] sar eax,1 mov [DATA_009203],al mov al,[ebp+0x10] mov [DATA_009204],al mov eax,[ebp+0x8] push eax push dword DATA_009205 call FUNC_001544 add esp,byte +0x8 pop ebp ret FUNC_001544: ; Pos = 54088 push ebp mov ebp,esp mov eax,[ebp+0xc] push eax push byte +0x0 mov eax,[ebp+0x8] push eax call FUNC_001545 add esp,byte +0xc pop ebp ret FUNC_001545: ; Pos = 540a0 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] cmp dword [ebp+0x10],byte +0x0 jnl JUMP_005737 neg dword [ebp+0x10] mov dword [ebp-0x4],0x1 jmp short JUMP_005738 JUMP_005737: ; Pos = 540c1 xor eax,eax mov [ebp-0x4],eax JUMP_005738: ; Pos = 540c6 xor edi,edi JUMP_005739: ; Pos = 540c8 mov eax,[ebp+0x10] mov ecx,0xa cdq idiv ecx add dl,0x30 mov [ebp+edi-0x10],dl inc edi mov ecx,0xa mov eax,[ebp+0x10] cdq idiv ecx mov [ebp+0x10],eax cmp dword [ebp+0x10],byte +0x0 jnz JUMP_005739 add ebx,esi cmp dword [ebp-0x4],byte +0x0 jz JUMP_005740 mov byte [ebx],0x2d inc ebx JUMP_005740: ; Pos = 540fb sub esi,edi inc esi test esi,esi jng JUMP_005742 JUMP_005741: ; Pos = 54102 mov byte [ebx],0x30 inc ebx dec esi test esi,esi jg JUMP_005741 JUMP_005742: ; Pos = 5410b dec edi mov al,[ebp+edi-0x10] mov [ebx],al inc ebx test edi,edi jg JUMP_005742 mov byte [ebx],0x0 inc ebx mov eax,ebx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001546: ; Pos = 54124 push ebp mov ebp,esp add esp,byte -0x34 push ebx push esi mov ebx,[ebp+0x18] lea esi,[ebp-0x34] mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax push esi call FUNC_001549 add esp,byte +0x14 JUMP_005743: ; Pos = 5414b mov eax,[esi] sar eax,0x10 mov [ebp-0x4],ax mov eax,[esi+0x4] sar eax,0x10 mov [ebp-0x2],ax mov eax,[esi+0x8] add [esi],eax mov eax,[esi+0xc] add [esi+0x4],eax mov eax,[esi+0x10] add [esi+0x8],eax mov eax,[esi+0x14] add [esi+0xc],eax mov eax,[esi+0x18] add [esi+0x10],eax mov eax,[esi+0x1c] add [esi+0x14],eax mov eax,[esi] sar eax,0x10 mov [ebp-0x8],ax mov eax,[esi+0x4] sar eax,0x10 mov [ebp-0x6],ax movsx eax,word [ebp-0x4] cmp eax,0x140 jnc JUMP_005744 movsx eax,word [ebp-0x2] cmp eax,0x9e jc JUMP_005745 JUMP_005744: ; Pos = 541aa movsx eax,word [ebp-0x8] cmp eax,0x140 jnc near JUMP_005748 movsx eax,word [ebp-0x6] cmp eax,0x9e jnc JUMP_005748 lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001561 add esp,byte +0x8 push ebx lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001616_DrawLine add esp,byte +0xc jmp short JUMP_005748 JUMP_005745: ; Pos = 541e3 movsx eax,word [ebp-0x8] cmp eax,0x140 jnc JUMP_005746 movsx eax,word [ebp-0x6] cmp eax,0x9e jc JUMP_005747 JUMP_005746: ; Pos = 541f9 lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_001561 add esp,byte +0x8 push ebx lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001616_DrawLine add esp,byte +0xc jmp short JUMP_005748 JUMP_005747: ; Pos = 5421c push ebx lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001616_DrawLine add esp,byte +0xc JUMP_005748: ; Pos = 5422d dec dword [esi+0x24] jns near JUMP_005743 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001547: ; Pos = 5423c push ebp mov ebp,esp add esp,byte -0x34 push ebx push esi push edi mov edi,[ebp+0x1c] mov esi,[ebp+0x18] mov ebx,[ebp+0x8] push esi mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax lea eax,[ebp-0x34] push eax call FUNC_001549 add esp,byte +0x14 mov eax,[ebp-0x34] sar eax,0x10 mov [ebp-0x8],ax mov eax,[ebp-0x30] sar eax,0x10 mov [ebp-0x6],ax JUMP_005749: ; Pos = 5427b mov eax,[ebp-0x8] mov [ebp-0x4],eax mov eax,[ebp-0x2c] add [ebp-0x34],eax mov eax,[ebp-0x28] add [ebp-0x30],eax mov eax,[ebp-0x24] add [ebp-0x2c],eax mov eax,[ebp-0x20] add [ebp-0x28],eax mov eax,[ebp-0x1c] add [ebp-0x24],eax mov eax,[ebp-0x18] add [ebp-0x20],eax mov eax,[ebp-0x34] sar eax,0x10 mov [ebp-0x8],ax mov eax,[ebp-0x30] sar eax,0x10 mov [ebp-0x6],ax mov eax,[ebp+0x20] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax push ebx call edi add esp,byte +0x10 dec dword [ebp-0x10] jns JUMP_005749 mov eax,[ebp+0x20] push eax push esi lea eax,[ebp-0x8] push eax push ebx call edi add esp,byte +0x10 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001548: ; Pos = 542e8 push ebp mov ebp,esp push byte +0x0 push dword FUNC_001560 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001547 add esp,byte +0x1c pop ebp ret FUNC_001549: ; Pos = 54310 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov edx,[ebp+0xc] mov eax,[ebp+0x8] movsx ecx,word [edx] shl ecx,0x10 mov [eax],ecx movsx ecx,word [edx+0x2] shl ecx,0x10 mov [eax+0x4],ecx movsx ecx,word [edx] mov ebx,ecx mov esi,[ebp+0x10] movsx esi,word [esi] add ebx,esi mov esi,[ebp+0x14] movsx esi,word [esi] add ebx,esi mov esi,[ebp+0x18] movsx esi,word [esi] add ebx,esi test ebx,ebx jns JUMP_005750 add ebx,byte +0x3 JUMP_005750: ; Pos = 54355 sar ebx,0x2 sub ebx,ecx mov ecx,ebx test ecx,ecx jnl JUMP_005751 neg ecx JUMP_005751: ; Pos = 54362 movsx ebx,word [edx+0x2] mov esi,[ebp+0x10] movsx esi,word [esi+0x2] add ebx,esi mov esi,[ebp+0x14] movsx esi,word [esi+0x2] add ebx,esi mov esi,[ebp+0x18] movsx esi,word [esi+0x2] add ebx,esi test ebx,ebx jns JUMP_005752 add ebx,byte +0x3 JUMP_005752: ; Pos = 54388 sar ebx,0x2 movsx esi,word [edx+0x2] sub ebx,esi test ebx,ebx jnl JUMP_005753 neg ebx JUMP_005753: ; Pos = 54397 add ebx,ecx mov [eax+0x20],ebx mov ecx,[eax+0x20] cmp ecx,byte +0x4 jnc JUMP_005754 mov ebx,0x2 jmp short JUMP_005757 JUMP_005754: ; Pos = 543ab cmp ecx,byte +0x1e jnc JUMP_005755 mov ebx,0x3 jmp short JUMP_005757 JUMP_005755: ; Pos = 543b7 cmp ecx,0x61a8 jnc JUMP_005756 mov ebx,0x4 jmp short JUMP_005757 JUMP_005756: ; Pos = 543c6 mov ebx,0x5 JUMP_005757: ; Pos = 543cb lea ecx,[ebx+ebx*2] push ecx mov ecx,0x10 pop esi sub ecx,esi mov esi,[ebp+0x18] movsx esi,word [esi] movsx edi,word [edx] sub esi,edi mov edi,[ebp+0x10] movsx edi,word [edi] lea edi,[edi+edi*2] add esi,edi mov edi,[ebp+0x14] movsx edi,word [edi] lea edi,[edi+edi*2] sub esi,edi shl esi,cl mov [ebp-0x8],esi lea ecx,[ebx+ebx*2] push ecx mov ecx,0x10 pop esi sub ecx,esi mov esi,[ebp+0x18] movsx esi,word [esi+0x2] movsx edi,word [edx+0x2] sub esi,edi mov edi,[ebp+0x10] movsx edi,word [edi+0x2] lea edi,[edi+edi*2] add esi,edi mov edi,[ebp+0x14] movsx edi,word [edi+0x2] lea edi,[edi+edi*2] sub esi,edi shl esi,cl mov [ebp-0x4],esi mov ecx,0x10 sub ecx,ebx mov esi,[ebp+0x10] movsx esi,word [esi] lea esi,[esi+esi*2] movsx edi,word [edx] lea edi,[edi+edi*2] sub esi,edi shl esi,cl mov [ebp-0x10],esi mov ecx,0x10 sub ecx,ebx mov esi,[ebp+0x10] movsx esi,word [esi+0x2] lea esi,[esi+esi*2] movsx edi,word [edx+0x2] lea edi,[edi+edi*2] sub esi,edi shl esi,cl mov [ebp-0xc],esi mov ecx,ebx add ecx,ecx push ecx mov ecx,0x10 pop esi sub ecx,esi mov esi,[ebp+0x14] movsx esi,word [esi] lea esi,[esi+esi*2] mov edi,[ebp+0x10] movsx edi,word [edi] add edi,edi lea edi,[edi+edi*2] sub esi,edi movsx edi,word [edx] lea edi,[edi+edi*2] add esi,edi shl esi,cl mov [ebp-0x18],esi mov ecx,ebx add ecx,ecx push ecx mov ecx,0x10 pop esi sub ecx,esi mov esi,[ebp+0x14] movsx esi,word [esi+0x2] lea esi,[esi+esi*2] mov edi,[ebp+0x10] movsx edi,word [edi+0x2] add edi,edi lea edi,[edi+edi*2] sub esi,edi movsx edx,word [edx+0x2] lea edx,[edx+edx*2] add esi,edx shl esi,cl mov [ebp-0x14],esi mov ecx,ebx mov edx,0x1 shl edx,cl dec edx mov [eax+0x24],edx mov edx,0x10 sub edx,ebx mov [eax+0x28],edx mov edx,[ebp-0x8] add edx,[ebp-0x10] add edx,[ebp-0x18] mov [eax+0x8],edx mov edx,[ebp-0x4] add edx,[ebp-0xc] add edx,[ebp-0x14] mov [eax+0xc],edx mov edx,[ebp-0x18] add edx,edx mov ecx,[ebp-0x8] add ecx,ecx lea ecx,[ecx+ecx*2] add edx,ecx mov [eax+0x10],edx mov edx,[ebp-0x14] add edx,edx mov ecx,[ebp-0x4] add ecx,ecx lea ecx,[ecx+ecx*2] add edx,ecx mov [eax+0x14],edx mov edx,[ebp-0x8] add edx,edx lea edx,[edx+edx*2] mov [eax+0x18],edx mov edx,[ebp-0x4] add edx,edx lea edx,[edx+edx*2] mov [eax+0x1c],edx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001550: ; Pos = 54544 push ebp mov ebp,esp add esp,byte -0x18 mov eax,[ebp+0xc] mov edx,[ebp+0x8] cmp dword [eax+0x24],byte +0x0 jl near JUMP_005759 mov ecx,[eax] mov [ebp-0x8],ecx mov ecx,[eax+0x4] mov [ebp-0x4],ecx mov ecx,[eax+0x8] mov [ebp-0x10],ecx mov ecx,[eax+0xc] mov [ebp-0xc],ecx mov ecx,[eax+0x10] mov [ebp-0x18],ecx mov ecx,[eax+0x14] mov [ebp-0x14],ecx JUMP_005758: ; Pos = 5457d mov ecx,[ebp-0x10] add [ebp-0x8],ecx mov ecx,[ebp-0xc] add [ebp-0x4],ecx mov ecx,[ebp-0x18] add [ebp-0x10],ecx mov ecx,[ebp-0x14] add [ebp-0xc],ecx mov ecx,[eax+0x18] add [ebp-0x18],ecx mov ecx,[eax+0x1c] add [ebp-0x14],ecx mov dword [edx],FUNC_001796 mov ecx,[ebp-0x8] sar ecx,0x10 mov [edx+0x4],cx mov ecx,[ebp-0x4] sar ecx,0x10 mov [edx+0x6],cx add edx,byte +0x8 dec dword [eax+0x24] mov ecx,[eax+0x24] cmp ecx,[ebp+0x10] jnl JUMP_005758 mov ecx,[ebp-0x18] mov [eax+0x10],ecx mov ecx,[ebp-0x14] mov [eax+0x14],ecx mov ecx,[ebp-0x10] mov [eax+0x8],ecx mov ecx,[ebp-0xc] mov [eax+0xc],ecx mov ecx,[ebp-0x8] mov [eax],ecx mov ecx,[ebp-0x4] mov [eax+0x4],ecx JUMP_005759: ; Pos = 545ec mov eax,edx mov esp,ebp pop ebp ret FUNC_001551: ; Pos = 545f4 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov ecx,[ebp+0x10] mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ebx,[edx] mov esi,[edx+0x4] mov [ebp-0x4],esi mov edx,[edx+0x8] mov esi,[ecx] mov [ebp-0x8],esi mov esi,[ecx+0x4] mov [ebp-0xc],esi mov ecx,[ecx+0x8] mov esi,[ebp-0x4] imul esi,ecx mov edi,edx imul edi,[ebp-0xc] sub esi,edi sar esi,0xf mov [eax],esi imul edx,[ebp-0x8] mov esi,ebx imul esi,ecx sub edx,esi sar edx,0xf mov [eax+0x4],edx imul ebx,[ebp-0xc] mov edx,[ebp-0x4] imul edx,[ebp-0x8] sub ebx,edx sar ebx,0xf mov [eax+0x8],ebx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001552: ; Pos = 54660 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov esi,[eax] mov edi,[eax+0x4] mov eax,[eax+0x8] mov [ebp-0x4],eax mov eax,[edx] mov [ebp-0x8],eax mov eax,[edx+0x4] mov [ebp-0xc],eax mov eax,[edx+0x8] mov [ebp-0x10],eax mov eax,[ebp-0x10] push eax push edi call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp-0xc] push eax mov eax,[ebp-0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx sub edx,eax mov [ebx],edx mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp-0x10] push eax push esi call FUNC_001521 add esp,byte +0x8 pop edx sub edx,eax mov [ebx+0x4],edx mov eax,[ebp-0xc] push eax push esi call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp-0x8] push eax push edi call FUNC_001521 add esp,byte +0x8 pop edx sub edx,eax mov [ebx+0x8],edx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001553: ; Pos = 54700 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov edi,[ebp+0xc] mov ebx,[ebp+0x8] push edi lea eax,[ebp-0xc] push eax call FUNC_001475 add esp,byte +0x8 mov eax,[ebp+0x10] mov edx,[eax] mov [ebx],edx mov edx,[eax+0x4] mov [ebx+0x4],edx mov edx,[eax+0x8] mov [ebx+0x8],edx mov eax,[edi] mov [ebx+0x10],eax mov eax,[edi+0x4] mov [ebx+0x14],eax mov eax,[edi+0x8] mov [ebx+0x18],eax mov eax,[ebp+0x14] mov [ebx+0x4c],eax mov eax,[ebp+0x10] push eax lea eax,[ebp-0xc] push eax lea esi,[ebx+0x1c] push esi call FUNC_001551 add esp,byte +0xc push esi call near [DATA_007724] ; FUNC_001465 pop ecx mov ecx,eax test ecx,ecx jnz JUMP_005760 mov eax,[ebp+0x14] push eax push ebx call FUNC_001556 add esp,byte +0x8 jmp short JUMP_005761 JUMP_005760: ; Pos = 54777 mov [ebx+0xc],ecx mov eax,[ebp+0x14] shl eax,0xf cdq idiv ecx mov edx,[ebx+0x1c] imul edx,eax sar edx,0xf mov [ebx+0x1c],edx mov edx,[ebx+0x20] imul edx,eax sar edx,0xf mov [ebx+0x20],edx mov edx,[ebx+0x24] imul edx,eax sar edx,0xf mov [ebx+0x24],edx mov eax,[ebp+0x10] push eax push esi lea eax,[ebx+0x40] push eax call FUNC_001551 add esp,byte +0xc imul eax,[ebx+0x40],0xaaaa sar eax,0xf mov [ebx+0x40],eax imul eax,[ebx+0x44],0xaaaa sar eax,0xf mov [ebx+0x44],eax imul eax,[ebx+0x48],0xaaaa sar eax,0xf mov [ebx+0x48],eax JUMP_005761: ; Pos = 547df push ebx call FUNC_001555 pop ecx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001554: ; Pos = 547f0 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] mov eax,[ebp+0xc] mov edx,[eax] mov [ebx+0x10],edx mov edx,[eax+0x4] mov [ebx+0x14],edx mov edx,[eax+0x8] mov [ebx+0x18],edx mov eax,[esi] mov [ebx],eax mov eax,[esi+0x4] mov [ebx+0x4],eax mov eax,[esi+0x8] mov [ebx+0x8],eax mov eax,[esi] mov edi,eax imul edi,eax mov edx,[esi+0x4] mov eax,edx imul edx add edi,eax cmp edi,byte +0x9 jnl JUMP_005762 mov eax,[ebp+0x14] push eax push ebx call FUNC_001556 add esp,byte +0x8 jmp near JUMP_005763 JUMP_005762: ; Pos = 54844 push edi call near [DATA_007723] ; FUNC_001467 pop ecx mov [ebx+0xc],eax mov ecx,eax mov eax,[esi+0x4] shl eax,0xf cdq idiv ecx imul dword [ebp+0x14] sar eax,0xf neg eax mov [ebx+0x1c],eax mov eax,[esi] shl eax,0xf cdq idiv ecx imul dword [ebp+0x14] sar eax,0xf mov [ebx+0x20],eax xor eax,eax mov [ebx+0x24],eax mov eax,[ebp+0x14] shl eax,0x2 shl eax,0x8 mov esi,0x3 cdq idiv esi mov esi,eax mov eax,[ebx] imul dword [ebx+0x8] cdq idiv ecx imul esi sar eax,0xf mov [ebx+0x40],eax mov eax,[ebx+0x4] imul dword [ebx+0x8] cdq idiv ecx imul esi sar eax,0xf mov [ebx+0x44],eax neg ecx imul ecx,esi sar ecx,0xf mov [ebx+0x48],ecx JUMP_005763: ; Pos = 548ba push ebx call FUNC_001555 pop ecx pop edi pop esi pop ebx pop ebp ret FUNC_001555: ; Pos = 548c8 push ebp mov ebp,esp add esp,byte -0xc push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0x1c] add eax,[ebx+0x10] mov [ebx+0x28],eax mov eax,[ebx+0x20] add eax,[ebx+0x14] mov [ebx+0x2c],eax mov eax,[ebx+0x24] add eax,[ebx+0x18] mov [ebx+0x30],eax lea eax,[ebx+0x28] push eax lea eax,[ebx+0x6c] push eax call FUNC_001557 add esp,byte +0x8 test eax,eax jz near JUMP_005764 mov eax,[ebx+0x6c] mov [ebx+0x7c],eax mov eax,[ebx+0x40] add eax,[ebx+0x28] mov [ebp-0xc],eax mov eax,[ebx+0x44] add eax,[ebx+0x2c] mov [ebp-0x8],eax mov eax,[ebx+0x48] add eax,[ebx+0x30] mov [ebp-0x4],eax lea eax,[ebp-0xc] push eax lea eax,[ebx+0x70] push eax call FUNC_001557 add esp,byte +0x8 test eax,eax jz near JUMP_005764 mov eax,[ebx+0x40] neg eax add eax,[ebx+0x28] mov [ebp-0xc],eax mov eax,[ebx+0x44] neg eax add eax,[ebx+0x2c] mov [ebp-0x8],eax mov eax,[ebx+0x48] neg eax add eax,[ebx+0x30] mov [ebp-0x4],eax lea eax,[ebp-0xc] push eax lea eax,[ebx+0x80] push eax call FUNC_001557 add esp,byte +0x8 test eax,eax jz near JUMP_005764 mov eax,[ebx+0x1c] neg eax add eax,[ebx+0x10] mov [ebx+0x34],eax mov eax,[ebx+0x20] neg eax add eax,[ebx+0x14] mov [ebx+0x38],eax mov eax,[ebx+0x24] neg eax add eax,[ebx+0x18] mov [ebx+0x3c],eax lea eax,[ebx+0x34] push eax lea eax,[ebx+0x78] push eax call FUNC_001557 add esp,byte +0x8 test eax,eax jz JUMP_005764 mov eax,[ebx+0x78] mov [ebx+0x88],eax mov eax,[ebx+0x40] add eax,[ebx+0x34] mov [ebp-0xc],eax mov eax,[ebx+0x44] add eax,[ebx+0x38] mov [ebp-0x8],eax mov eax,[ebx+0x48] add eax,[ebx+0x3c] mov [ebp-0x4],eax lea eax,[ebp-0xc] push eax lea eax,[ebx+0x74] push eax call FUNC_001557 add esp,byte +0x8 test eax,eax jz JUMP_005764 mov eax,[ebx+0x40] neg eax add eax,[ebx+0x34] mov [ebp-0xc],eax mov eax,[ebx+0x44] neg eax add eax,[ebx+0x38] mov [ebp-0x8],eax mov eax,[ebx+0x48] neg eax add eax,[ebx+0x3c] mov [ebp-0x4],eax lea eax,[ebp-0xc] push eax add ebx,0x84 push ebx call FUNC_001557 add esp,byte +0x8 test eax,eax jz JUMP_005764 mov eax,0x1 jmp short JUMP_005765 JUMP_005764: ; Pos = 54a26 xor eax,eax JUMP_005765: ; Pos = 54a28 pop ebx mov esp,ebp pop ebp ret FUNC_001556: ; Pos = 54a30 push ebp mov ebp,esp mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov [eax+0x1c],edx xor ecx,ecx mov [eax+0x20],ecx xor ecx,ecx mov [eax+0x24],ecx xor ecx,ecx mov [eax+0x40],ecx imul edx,edx,0xaaaa sar edx,0xf mov [eax+0x44],edx xor edx,edx mov [eax+0x48],edx xor eax,eax pop ebp ret FUNC_001557: ; Pos = 54a60 push ebp mov ebp,esp push esi push edi mov eax,[ebp+0xc] mov edx,[eax+0x8] cmp edx,byte +0x40 jnl JUMP_005766 xor eax,eax jmp JUMP_005776 JUMP_005766: ; Pos = 54a77 mov ecx,[eax] mov esi,[eax+0x4] mov edi,edx test ecx,ecx jnl JUMP_005767 mov eax,ecx neg eax jmp short JUMP_005768 JUMP_005767: ; Pos = 54a88 mov eax,ecx JUMP_005768: ; Pos = 54a8a test esi,esi jnl JUMP_005769 mov edx,esi neg edx jmp short JUMP_005770 JUMP_005769: ; Pos = 54a94 mov edx,esi JUMP_005770: ; Pos = 54a96 or eax,edx cmp eax,0x800000 jng JUMP_005772 JUMP_005771: ; Pos = 54a9f sar eax,1 sar ecx,1 sar esi,1 sar edi,1 cmp eax,0x800000 jg JUMP_005771 JUMP_005772: ; Pos = 54aae test edi,edi jnz JUMP_005773 xor eax,eax jmp short JUMP_005776 JUMP_005773: ; Pos = 54ab6 mov eax,ecx shl eax,0x8 cdq idiv edi mov ecx,eax mov eax,esi shl eax,0x8 cdq idiv edi jmp short JUMP_005775 JUMP_005774: ; Pos = 54aca sar ecx,1 sar eax,1 JUMP_005775: ; Pos = 54ace cmp ecx,0x4000 jnl JUMP_005774 cmp ecx,0xffffc000 jng JUMP_005774 cmp eax,0x4000 jnl JUMP_005774 cmp eax,0xffffc000 jng JUMP_005774 add cx,0xa0 mov edx,[ebp+0x8] mov [edx],cx mov dx,0x4f sub dx,ax mov eax,[ebp+0x8] mov [eax+0x2],dx mov eax,0x1 JUMP_005776: ; Pos = 54b0a pop edi pop esi pop ebp ret FUNC_001558: ; Pos = 54b10 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [eax],byte +0xa jnl JUMP_005777 mov edx,[eax] inc dword [eax] mov ecx,[ebp+0xc] mov [eax+edx*4+0x4],ecx JUMP_005777: ; Pos = 54b26 add eax,byte +0x2c pop ebp ret FUNC_001559: ; Pos = 54b2c push ebp mov ebp,esp push ebx push esi push edi mov eax,[ebp+0xc] mov ecx,[ebp+0x8] mov edx,[ebp+0x10] movsx ebx,word [edx+0x2] movsx edx,word [eax+0x2] sub ebx,edx test ebx,ebx jz JUMP_005781 movsx edi,word [eax] shl edi,0x10 mov edx,[ebp+0x10] movsx esi,word [edx] movsx eax,word [eax] sub esi,eax test esi,esi jng JUMP_005778 mov eax,esi shl eax,0x10 cdq idiv ebx mov esi,eax jmp short JUMP_005779 JUMP_005778: ; Pos = 54b6a mov eax,esi shl eax,0x10 neg eax cdq idiv ebx neg eax mov esi,eax JUMP_005779: ; Pos = 54b78 test ebx,ebx jng JUMP_005781 JUMP_005780: ; Pos = 54b7c mov eax,[ebp+0x18] push eax mov eax,edi sar eax,0x10 push eax push ecx call near [ebp+0x14] add esp,byte +0xc mov ecx,eax add edi,esi dec ebx test ebx,ebx jg JUMP_005780 JUMP_005781: ; Pos = 54b96 pop edi pop esi pop ebx pop ebp ret FUNC_001560: ; Pos = 54b9c push ebp mov ebp,esp add esp,byte -0xc push ebx mov eax,[ebp+0xc] mov eax,[eax] mov [ebp-0x4],eax mov eax,[ebp+0x10] mov eax,[eax] mov [ebp-0x8],eax mov ebx,[ebp+0x8] mov ax,[ebp-0x6] cmp ax,[ebp-0x2] jnl JUMP_005782 mov eax,[ebp-0x4] mov [ebp-0xc],eax mov eax,[ebp-0x8] mov [ebp-0x4],eax mov eax,[ebp-0xc] mov [ebp-0x8],eax JUMP_005782: ; Pos = 54bd2 cmp word [ebp-0x2],0x9e jnl near JUMP_005789 cmp word [ebp-0x6],byte +0x0 jng near JUMP_005789 cmp word [ebp-0x6],0x9e jng JUMP_005783 push dword 0x9e lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_001563 add esp,byte +0xc JUMP_005783: ; Pos = 54c06 cmp word [ebp-0x2],byte +0x0 jnl JUMP_005784 push dword 0x9e lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001563 add esp,byte +0xc JUMP_005784: ; Pos = 54c22 movsx eax,word [ebp-0x4] cmp eax,0x140 jnc JUMP_005785 movsx eax,word [ebp-0x8] cmp eax,0x140 jc JUMP_005786 JUMP_005785: ; Pos = 54c38 mov dword [ebx+0x1b28],0x1 JUMP_005786: ; Pos = 54c42 movsx eax,word [ebp-0x6] cmp eax,[ebx+0x1b30] jng JUMP_005787 mov [ebx+0x1b30],eax JUMP_005787: ; Pos = 54c54 movsx eax,word [ebp-0x2] cmp eax,[ebx+0x1b2c] jnl JUMP_005788 mov [ebx+0x1b2c],eax JUMP_005788: ; Pos = 54c66 mov eax,[ebp+0x14] push eax push dword FUNC_001558 lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax movsx eax,word [ebp-0x2] mov edx,eax lea eax,[edx+eax*4] lea eax,[edx+eax*2] shl eax,0x2 add ebx,eax push ebx call FUNC_001559 add esp,byte +0x14 JUMP_005789: ; Pos = 54c91 pop ebx mov esp,ebp pop ebp ret FUNC_001561: ; Pos = 54d20 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push dword 0x13f push esi push ebx call FUNC_001562 add esp,byte +0xc push dword 0x9d push esi push ebx call FUNC_001563 add esp,byte +0xc pop esi pop ebx pop ebp ret FUNC_001562: ; Pos = 54d50 push ebp mov ebp,esp push ecx push ebx push esi push edi mov eax,[ebp+0x10] mov ecx,[ebp+0xc] mov ebx,[ebp+0x8] mov dx,[ebx] movsx esi,dx cmp esi,eax jna JUMP_005800 test dx,dx jnl JUMP_005796 mov ax,[ecx] test ax,ax jnl JUMP_005795 movsx esi,ax jmp short JUMP_005798 JUMP_005795: ; Pos = 54d7c xor esi,esi jmp short JUMP_005798 JUMP_005796: ; Pos = 54d80 movsx edx,word [ecx] cmp eax,edx jnl JUMP_005797 mov esi,edx jmp short JUMP_005798 JUMP_005797: ; Pos = 54d8b mov esi,eax JUMP_005798: ; Pos = 54d8d movsx eax,word [ebx+0x2] movsx edx,word [ecx+0x2] sub eax,edx movsx edx,word [ecx] mov edi,esi sub edi,edx imul edi mov [ebp-0x4],eax mov ax,[ebx] cmp ax,[ecx] jz JUMP_005799 movsx eax,word [ebx] movsx edx,word [ecx] sub eax,edx push eax mov eax,[ebp-0x4] pop edx mov edi,edx cdq idiv edi add ax,[ecx+0x2] mov [ebx+0x2],ax JUMP_005799: ; Pos = 54dc5 mov [ebx],si JUMP_005800: ; Pos = 54dc8 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001563: ; Pos = 54dd0 push ebp mov ebp,esp push ecx push ebx push esi push edi mov eax,[ebp+0x10] mov ecx,[ebp+0xc] mov ebx,[ebp+0x8] mov dx,[ebx+0x2] movsx esi,dx cmp esi,eax jna JUMP_005806 test dx,dx jnl JUMP_005802 mov ax,[ecx+0x2] test ax,ax jnl JUMP_005801 movsx esi,ax jmp short JUMP_005804 JUMP_005801: ; Pos = 54dfe xor esi,esi jmp short JUMP_005804 JUMP_005802: ; Pos = 54e02 movsx edx,word [ecx+0x2] cmp eax,edx jnl JUMP_005803 mov esi,edx jmp short JUMP_005804 JUMP_005803: ; Pos = 54e0e mov esi,eax JUMP_005804: ; Pos = 54e10 movsx eax,word [ebx] movsx edx,word [ecx] sub eax,edx movsx edx,word [ecx+0x2] mov edi,esi sub edi,edx imul edi mov [ebp-0x4],eax mov ax,[ebx+0x2] cmp ax,[ecx+0x2] jz JUMP_005805 movsx eax,word [ebx+0x2] movsx edx,word [ecx+0x2] sub eax,edx push eax mov eax,[ebp-0x4] pop edx mov edi,edx cdq idiv edi add ax,[ecx] mov [ebx],ax JUMP_005805: ; Pos = 54e49 mov [ebx+0x2],si JUMP_005806: ; Pos = 54e4d pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001564: ; Pos = 54e54 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi mov ebx,[ebp+0xc] lea eax,[ebp-0xc] lea edx,[ebp-0x18] mov ecx,[ebx] mov [eax],ecx mov ecx,[ebx+0x4] mov [eax+0x4],ecx mov ecx,[ebx+0x8] mov [eax+0x8],ecx mov ecx,[ebp+0x10] mov ecx,[ecx] mov esi,[ebx] neg esi add ecx,esi mov [edx],ecx mov ecx,[ebp+0x10] mov ecx,[ecx+0x4] mov esi,[ebx+0x4] neg esi add ecx,esi mov [edx+0x4],ecx mov ecx,[ebp+0x10] mov ecx,[ecx+0x8] mov ebx,[ebx+0x8] neg ebx add ecx,ebx mov [edx+0x8],ecx sar dword [edx],1 sar dword [edx+0x4],1 mov ecx,[edx+0x8] shr ecx,1 mov [edx+0x8],ecx jmp short JUMP_005810 JUMP_005807: ; Pos = 54eb1 cmp dword [eax+0x8],byte +0x40 jg JUMP_005808 mov ebx,[edx] add [eax],ebx mov ebx,[edx+0x4] add [eax+0x4],ebx add [eax+0x8],ecx jmp short JUMP_005809 JUMP_005808: ; Pos = 54ec6 mov ebx,[edx] neg ebx add [eax],ebx mov ebx,[edx+0x4] neg ebx add [eax+0x4],ebx neg ecx add [eax+0x8],ecx JUMP_005809: ; Pos = 54ed9 sar dword [edx],1 sar dword [edx+0x4],1 mov ecx,[edx+0x8] shr ecx,1 mov [edx+0x8],ecx JUMP_005810: ; Pos = 54ee6 mov ecx,[edx+0x8] test ecx,ecx jnz JUMP_005807 mov edx,[eax] sar edx,0x1d mov ecx,[eax+0x4] sar ecx,0x1d test edx,edx jz JUMP_005811 inc edx jnz JUMP_005813 JUMP_005811: ; Pos = 54eff test ecx,ecx jz JUMP_005812 inc ecx jnz JUMP_005813 JUMP_005812: ; Pos = 54f06 shl dword [eax],0x2 shl dword [eax+0x4],0x2 JUMP_005813: ; Pos = 54f0d cmp dword [eax],byte +0x0 jnl JUMP_005817 jmp short JUMP_005815 JUMP_005814: ; Pos = 54f14 sar dword [eax],1 sar dword [eax+0x4],1 JUMP_005815: ; Pos = 54f19 cmp dword [eax],0xffffe100 jng JUMP_005814 jmp short JUMP_005818 JUMP_005816: ; Pos = 54f23 sar dword [eax],1 sar dword [eax+0x4],1 JUMP_005817: ; Pos = 54f28 cmp dword [eax],0x1f00 jnl JUMP_005816 JUMP_005818: ; Pos = 54f30 cmp dword [eax+0x4],byte +0x0 jnl JUMP_005822 jmp short JUMP_005820 JUMP_005819: ; Pos = 54f38 sar dword [eax],1 sar dword [eax+0x4],1 JUMP_005820: ; Pos = 54f3d cmp dword [eax+0x4],0xffffe100 jng JUMP_005819 jmp short JUMP_005823 JUMP_005821: ; Pos = 54f48 sar dword [eax],1 sar dword [eax+0x4],1 JUMP_005822: ; Pos = 54f4d cmp dword [eax+0x4],0x1f00 jnl JUMP_005821 JUMP_005823: ; Pos = 54f56 mov dx,[eax] add dx,0xa0 mov ecx,[ebp+0x8] mov [ecx],dx mov dx,0x4f sub dx,[eax+0x4] mov eax,[ebp+0x8] mov [eax+0x2],dx pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001565: ; Pos = 54f7c push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,[ebp+0x8] mov ecx,[ebp+0x10] xor [ecx+edx*4+0x9bd4],eax pop ebp ret FUNC_001566: ; Pos = 54f94 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] mov edx,[ebp+0x8] mov eax,[edx] cmp eax,byte +0x1f jnl JUMP_005827 jmp short JUMP_005825 JUMP_005824: ; Pos = 54fa7 mov ecx,[edx+eax*8-0x4] mov [edx+eax*8+0x4],ecx mov ecx,[edx+eax*8] mov [edx+eax*8+0x8],ecx dec eax JUMP_005825: ; Pos = 54fb7 test eax,eax jng JUMP_005826 cmp ebx,[edx+eax*8] jl JUMP_005824 JUMP_005826: ; Pos = 54fc0 mov [edx+eax*8+0x8],ebx mov ecx,[ebp+0x10] mov [edx+eax*8+0x4],ecx inc dword [edx] JUMP_005827: ; Pos = 54fcd lea eax,[edx+0xfc] pop ebx pop ebp ret FUNC_001567: ; Pos = 54fd8 push ebp mov ebp,esp add esp,byte -0xc push ebx mov eax,[ebp+0xc] mov eax,[eax] mov [ebp-0x4],eax mov eax,[ebp+0x10] mov eax,[eax] mov [ebp-0x8],eax mov ebx,[ebp+0x8] mov ax,[ebp-0x2] cmp ax,[ebp-0x6] jng JUMP_005828 mov eax,[ebp-0x4] mov [ebp-0xc],eax mov eax,[ebp-0x8] mov [ebp-0x4],eax mov eax,[ebp-0xc] mov [ebp-0x8],eax JUMP_005828: ; Pos = 5500e mov ax,[ebp-0x2] cmp ax,0x9e jnl near JUMP_005833 cmp word [ebp-0x6],byte +0x0 jng near JUMP_005833 test ax,ax jnl JUMP_005829 push dword 0x9e lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001563 add esp,byte +0xc JUMP_005829: ; Pos = 5503d cmp word [ebp-0x6],0x9e jng JUMP_005830 push dword 0x9e lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_001563 add esp,byte +0xc JUMP_005830: ; Pos = 5505a movsx eax,word [ebp-0x6] cmp eax,[ebx+0x4] jng JUMP_005831 mov [ebx+0x4],eax JUMP_005831: ; Pos = 55066 movsx eax,word [ebp-0x2] cmp eax,[ebx] jnl JUMP_005832 mov [ebx],eax JUMP_005832: ; Pos = 55070 mov eax,[ebp+0x14] push eax push dword FUNC_001566 lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax movsx eax,word [ebp-0x2] mov edx,eax shl eax,0x6 sub eax,edx shl eax,0x2 add ebx,eax add ebx,byte +0x4c push ebx call FUNC_001559 add esp,byte +0x14 JUMP_005833: ; Pos = 5509d pop ebx mov esp,ebp pop ebp ret FUNC_001568: ; Pos = 550a4 push ebp mov ebp,esp mov eax,[ebp+0x1c] push eax push dword FUNC_001567 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001547 add esp,byte +0x1c pop ebp ret ; F1569 (P2D pos, P2D size, COLPAL col, int clipflag) FUNC_001569_DrawScannerStalk: ; Pos = 550d0 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] test esi,esi jl JUMP_005834 mov ecx,[ebp+0x14] push ecx push edi movsx edx,word [ebx+0x2] push edx movsx eax,word [ebx] push eax sub edx,esi dec edx push edx dec eax push eax call FUNC_001570_DrawUpStalk add esp,byte +0x18 mov ecx,[ebp+0x14] push ecx push edi movsx edx,word [ebx+0x2] sub edx,esi push edx movsx eax,word [ebx] mov ecx,eax add ecx,byte +0x2 push ecx dec edx push edx inc eax push eax call FUNC_001570_DrawUpStalk add esp,byte +0x18 jmp short JUMP_005835 JUMP_005834: ; Pos = 55122 mov ecx,[ebp+0x14] push ecx push edi movsx edx,word [ebx+0x2] mov ecx,edx sub ecx,esi inc ecx push ecx movsx eax,word [ebx] push eax push edx dec eax push eax call FUNC_001571_DrawDownStalk add esp,byte +0x18 mov ecx,[ebp+0x14] push ecx push edi movsx edx,word [ebx+0x2] sub edx,esi mov ecx,edx inc ecx push ecx movsx eax,word [ebx] mov ecx,eax add ecx,byte +0x2 push ecx push edx inc eax push eax call FUNC_001571_DrawDownStalk add esp,byte +0x18 JUMP_005835: ; Pos = 55163 pop edi pop esi pop ebx pop ebp ret ; F1570 (int x1, int y1, int x2, int y2, COLPAL col, int clipflag) FUNC_001570_DrawUpStalk: ; Pos = 55168 push ebp mov ebp,esp mov edx,[ebp+0x14] mov eax,[ebp+0xc] cmp eax,0x9e jnc JUMP_005836 cmp dword [ebp+0x1c],byte +0x0 jz JUMP_005836 mov eax,0x9e JUMP_005836: ; Pos = 55183 cmp edx,0xc6 jna JUMP_005837 mov edx,0xc6 JUMP_005837: ; Pos = 55190 cmp eax,edx ja JUMP_005838 mov ecx,[ebp+0x18] push ecx push edx mov edx,[ebp+0x10] push edx push eax mov eax,[ebp+0x8] push eax call FUNC_001627_DrawBoxToBuf add esp,byte +0x14 JUMP_005838: ; Pos = 551aa pop ebp ret ; F1571 (int x1, int y1, int x2, int y2, COLPAL col, int clipflag) FUNC_001571_DrawDownStalk: ; Pos = 551ac push ebp mov ebp,esp mov edx,[ebp+0x14] mov eax,[ebp+0xc] cmp eax,0x9e jnc JUMP_005839 cmp dword [ebp+0x1c],byte +0x0 jz JUMP_005839 mov eax,0x9e JUMP_005839: ; Pos = 551c7 cmp edx,0xc6 jna JUMP_005840 mov edx,0xc6 JUMP_005840: ; Pos = 551d4 cmp eax,edx ja JUMP_005841 mov ecx,[ebp+0x18] push ecx push edx mov edx,[ebp+0x10] push edx push eax mov eax,[ebp+0x8] push eax call FUNC_001628_DrawBoxToBufMasked add esp,byte +0x14 JUMP_005841: ; Pos = 551ee pop ebp ret ; F1572 (int setallflag, COL888 *pCol) FUNC_001572: ; Pos = 551f0 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] mov eax,[ebp+0x8] ; test eax,eax ; jz JUMP_005842 ; push eax ; call FUNC_001639_SetHighPalette ; pop ecx JUMP_005842: ; Pos = 55205 mov ax,[ebx] mov [DATA_009212],ax mov al,[ebx+0x2] mov [DATA_009213],al mov ax,[ebx] mov [DATA_009214],ax mov al,[ebx+0x2] mov [DATA_009216],al call FUNC_001578 mov byte [DATA_008809],0x0 pop ebx pop ebp ret FUNC_001573: ; Pos = 55238 call FUNC_001618_ClearUpperBuf call FUNC_001574 ret FUNC_001574: ; Pos = 55244 mov ax,[DATA_009223] mov [DATA_009212],ax mov al,[DATA_009224] mov [DATA_009213],al mov eax,DATA_009212 mov dx,[eax] mov [DATA_009214],dx mov dl,[eax+0x2] mov [DATA_009216],dl mov byte [DATA_008809],0xff ret FUNC_001575: ; Pos = 5527c push ebp mov ebp,esp mov eax,[ebp+0x8] mov dx,[eax] mov [DATA_009223],dx mov dl,[eax+0x2] mov [DATA_009224],dl mov eax,DATA_009223 mov dx,[eax] mov [DATA_009212],dx mov dl,[eax+0x2] mov [DATA_009213],dl mov eax,DATA_009212 mov dx,[eax] mov [DATA_009214],dx mov dl,[eax+0x2] mov [DATA_009216],dl call FUNC_001578 pop ebp ret FUNC_001576: ; Pos = 552cc mov byte [DATA_008810],0xff ret FUNC_001577_ClearBuf: ; Pos = 552d4 mov byte [DATA_008810],0x0 push byte +0x0 push dword 0xc7 push dword 0x13f push byte +0x0 push byte +0x0 call FUNC_001627_DrawBoxToBuf add esp,byte +0x14 ret FUNC_001578: ; Pos = 552f4 mov al,[DATA_009214] cmp al,[DATA_009217] jnz JUMP_005843 mov al,[DATA_009215] cmp al,[DATA_009218] jnz JUMP_005843 mov al,[DATA_009216] cmp al,[DATA_009219] jz JUMP_005844 JUMP_005843: ; Pos = 5531b mov ax,[DATA_009214] mov [DATA_009217],ax mov al,[DATA_009216] mov [DATA_009219],al push dword DATA_009217 call FUNC_001579 pop ecx JUMP_005844: ; Pos = 5533c ret FUNC_001579: ; Pos = 55340 push ebp mov ebp,esp mov eax,[DATA_009217] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov [DATA_009222],eax pop ebp ret ; void F1580 (int bmpIndex, P2D pos) ; Writes to video and buffer FUNC_001580_PersistBlit: ; Pos = 553b4 ret push ebp mov ebp, esp mov edx, [ebp+0xc] movsx eax,word [edx+0x2] push eax movsx eax,word [edx] push eax push dword [ebp+0x8] call FUNC_001621_BlitIndexToBuf add esp,byte +0xc call FUNC_001637_FlipScreen mov esp, ebp pop ebp ret ; char *F1580 (char *pStr, int xpos, int ypos, COLPAL col) ; Writes to video and buffer ; Clipped to screen, unshadowed ; Returns end of string FUNC_001581_PersistTextWrite: ; Pos = 554a4 push ebp mov ebp,esp push ebx push dword [ebp+0x14] push dword [ebp+0x10] push dword [ebp+0xc] push dword [ebp+0x8] call FUNC_001584_TextWriteDefaultClip add esp, 0x10 mov ebx, eax call FUNC_001637_FlipScreen mov eax, ebx pop ebx mov esp,ebp pop ebp ret ; char *F1582 (char *pStr) ; Uses first two bytes as xpos/2, ypos. ; Colour 0xf, clipped to screen, unshadowed ; Returns end of string FUNC_001582_TextWriteStringOnly: ; Pos = 55524 push ebp mov ebp,esp mov eax,[ebp+0x8] xor edx,edx mov dl,[eax+0x1] push edx xor edx,edx mov dl,[eax] add edx,edx push edx add eax,byte +0x2 push eax call FUNC_001583_TextWriteDefaultColor add esp,byte +0xc pop ebp ret ; char *F1583 (char *pStr, int xpos, int ypos) ; Color 0xf, clipped to screen, unshadowed ; Returns end of string FUNC_001583_TextWriteDefaultColor: ; Pos = 55548 push ebp mov ebp,esp push byte +0xf mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001584_TextWriteDefaultClip add esp,byte +0x10 pop ebp ret ; char *F1584 (char *pStr, int xpos, int ypos, COLPAL col) ; Clipped to screen, unshadowed ; Returns end of string FUNC_001584_TextWriteDefaultClip: ; Pos = 55564 push ebp mov ebp,esp push byte +0xa push byte -0x1 push byte +0x0 push dword FUNC_001598_DrawChar mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001587_TextWriteInternal add esp,byte +0x20 pop ebp ret ; char *F1585 (char *pStr, int xpos, int ypos, COLPAL col, ; int ymin, int ymax) ; Specified y-clipping, unshadowed ; Returns end of string FUNC_001585_TextWriteDefaultHeight: ; Pos = 5558c push ebp mov ebp,esp push byte +0xa mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax push dword FUNC_001598_DrawChar mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001587_TextWriteInternal add esp,byte +0x20 pop ebp ret ; char *F1586 (char *pStr, int xpos, int ypos, COLPAL col, ; int ymin, int ymax, int height) ; Specified y-clipping, unshadowed ; Returns end of string FUNC_001586_TextWriteDetailed: ; Pos = 555b8 push ebp mov ebp,esp mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax push dword FUNC_001598_DrawChar mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001587_TextWriteInternal add esp,byte +0x20 pop ebp ret ; char *F1587 (char *pStr, int xpos, int ypos, COLPAL col, func *charfunc, ; int ymin, int ymax, int height) ; ; Returns end of string ; 0x0 0x??: Write image (bitmap index) ; 0x1 0x??: Set colour (pal colour) ; 0xd: Newline ; 0x1d 0x?? 0x??: Set position (xpos/2, ypos) ; 0x1e 0x??: Set xpos (xpos/2) ; 0xff: not sure... FUNC_001587_TextWriteInternal: ; Pos = 555e8 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov [ebp-0x4],esi xor eax,eax mov [ebp-0xc],eax xor eax,eax mov [ebp-0x10],eax xor eax,eax mov [DATA_009220],eax xor eax,eax mov [DATA_009221],eax cmp dword [ebp+0x10],0xc0 jl near JUMP_005855 mov eax,edi jmp JUMP_005856 JUMP_005845: ; Pos = 55626 add bl,0xe0 cmp bl,0xe0 jc near JUMP_005854 xor eax,eax mov al,bl cmp eax,0xed jg JUMP_005846 jz JUMP_005848 sub eax,0xe1 jz JUMP_005847 dec eax jz near JUMP_005853 dec eax jz near JUMP_005852 jmp JUMP_005855 JUMP_005846: ; Pos = 55659 sub eax,0xfe jz JUMP_005850 dec eax jz JUMP_005851 jmp JUMP_005855 JUMP_005847: ; Pos = 55668 xor eax,eax mov al,[edi] mov eax,[eax*4+DATA_007776] mov [ebp+0x14],eax inc edi jmp JUMP_005855 JUMP_005848: ; Pos = 5567c mov eax,[ebp+0x24] add [ebp+0x10],eax mov dword [ebp-0x10],0x1 mov eax,[ebp+0x24] sub [ebp-0xc],eax cmp dword [ebp+0x10],0xbf jng JUMP_005849 mov eax,edi jmp JUMP_005856 JUMP_005849: ; Pos = 5569f mov esi,[ebp-0x4] cmp dword [DATA_009221],byte +0x0 jz near JUMP_005855 mov eax,edi jmp JUMP_005856 JUMP_005850: ; Pos = 556b6 movzx esi,byte [edi] add esi,esi inc edi jmp JUMP_005855 JUMP_005851: ; Pos = 556c1 movzx esi,byte [edi] add esi,esi inc edi xor eax,eax mov al,[edi] mov [ebp+0x10],eax inc edi mov [ebp-0x4],esi jmp JUMP_005855 JUMP_005852: ; Pos = 556d7 cmp dword [ebp-0xc],byte +0x0 jng near JUMP_005855 cmp dword [ebp-0x10],byte +0x0 jz near JUMP_005855 mov esi,[ebp-0x8] xor eax,eax mov [ebp-0x10],eax jmp near JUMP_005855 JUMP_005853: ; Pos = 556f5 xor ebx,ebx mov bl,[edi] inc edi push ebx call FUNC_001620_BmpIndexToPtr pop ecx mov [ebp-0x14],eax mov eax,[ebp+0x20] push eax push byte -0x1 mov eax,[ebp+0x1c] push eax push byte +0x0 mov eax,[ebp+0x10] push eax lea eax,[esi+0x5] push eax push ebx call FUNC_001622_BlitClipIndexToBuf add esp,byte +0x1c mov edx,esi mov eax,[ebp-0x14] movsx eax,word [eax+0x2] add eax,byte +0xa lea edx,[eax+edx] mov [ebp-0x8],edx mov edx,[ebp-0x14] movzx edx,byte [edx+0x1] add edx,[ebp+0x24] mov [ebp-0xc],edx add esi,eax xor eax,eax mov [ebp-0x10],eax jmp short JUMP_005855 JUMP_005854: ; Pos = 55749 cmp esi,0x13c jnc JUMP_005855 mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x10] push eax push esi mov eax,[ebp+0x14] push eax push ebx call near [ebp+0x18] add esp,byte +0x18 add esi,eax JUMP_005855: ; Pos = 5576b mov bl,[edi] inc edi test bl,bl jnz near JUMP_005845 mov eax,edi JUMP_005856: ; Pos = 55778 pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; void F1588 (int textchar-0x20, PALCOL col, int xpos, int ypos, ; int ymin, int ymax) FUNC_001588_DrawShadowedChar: ; Pos = 55780 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x14] mov esi,[ebp+0x10] mov ebx,[ebp+0x8] mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[edi+0x1] push eax lea eax,[esi+0x1] push eax push byte +0x0 push ebx call FUNC_001598_DrawChar add esp,byte +0x18 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax push edi push esi mov eax,[ebp+0xc] push eax push ebx call FUNC_001598_DrawChar add esp,byte +0x18 pop edi pop esi pop ebx pop ebp ret ; char *F1589 (char *pStr, int xpos, int ypos, COLPAL col) ; Returns end of string FUNC_001589_WriteStringShadowed: ; Pos = 557c8 push ebp mov ebp,esp push byte +0xa push byte -0x1 push byte +0x0 push dword FUNC_001588_DrawShadowedChar mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001587_TextWriteInternal add esp,byte +0x20 pop ebp ret ; void F1596 (void) ; Initialises mouse and video FUNC_001596_DisplayInit: ; Pos = 55a28 mov byte [DATA_009210],0x4 call FUNC_001427_MouseInit call FUNC_001638_VideoInit ret ; int F1597 (int textchar) ; Returns advance width of textchar FUNC_001597_CharAdvanceWidth: ; Pos = 55a6c push ebp mov ebp,esp mov eax,[ebp+0x8] add al,0xe0 movsx edx,al cmp edx,0xe0 jnc JUMP_005884 lea eax,[edx+edx*4] movzx eax,byte [eax*2+DATA_007751] pop ebp ret JUMP_005884: ; Pos = 55a8c xor eax,eax pop ebp ret ; int F1598 (int textchar-0x20, PALCOL col, int xpos, int ypos, ; int ymin, int ymax) ; Returns advance width FUNC_001598_DrawChar: ; Pos = 55a90 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov edx,[ebp+0x1c] mov eax,[ebp+0x14] test edx,edx jnl JUMP_005885 mov ecx,[DATA_007773] add ecx,0xfb40 mov [ebp-0x4],ecx jmp short JUMP_005886 JUMP_005885: ; Pos = 55ab4 mov ecx,edx shl ecx,0x6 lea ecx,[ecx+ecx*4] add ecx,[DATA_007773] mov [ebp-0x4],ecx JUMP_005886: ; Pos = 55ac5 mov ecx,[ebp+0x18] shl ecx,0x6 lea ecx,[ecx+ecx*4] add ecx,[DATA_007773] mov [ebp-0x8],ecx mov [DATA_009225],eax cmp eax,0xc8 jl JUMP_005887 xor eax,eax jmp JUMP_005896 JUMP_005887: ; Pos = 55aea cmp edx,eax jg JUMP_005888 test edx,edx jl JUMP_005888 mov dword [DATA_009221],0xffffffff xor eax,eax jmp JUMP_005896 JUMP_005888: ; Pos = 55b03 mov edx,eax shl edx,0x6 lea edx,[edx+edx*4] add edx,[DATA_007773] add edx,[ebp+0x10] movsx eax,byte [ebp+0x8] add eax,eax lea eax,[eax+eax*4] add eax,DATA_007750 mov [ebp-0xc],eax cmp edx,[ebp-0x8] jnc JUMP_005889 mov dword [DATA_009220],0xffffffff JUMP_005889: ; Pos = 55b34 xor esi,esi mov eax,[ebp-0xc] mov [ebp-0x10],eax JUMP_005890: ; Pos = 55b3c cmp edx,[ebp-0x8] jc JUMP_005893 mov eax,[ebp-0x10] mov al,[eax] xor edi,edi mov ecx,edx test al,al jz JUMP_005893 JUMP_005891: ; Pos = 55b4e test al,al jnl JUMP_005892 mov bl,[ebp+0xc] mov [es:ecx],bl JUMP_005892: ; Pos = 55b57 add eax,eax inc ecx inc edi test al,al jnz JUMP_005891 JUMP_005893: ; Pos = 55b5f add edx,0x140 inc dword [DATA_009225] cmp edx,[ebp-0x4] jc JUMP_005894 mov dword [DATA_009221],0xffffffff jmp short JUMP_005895 JUMP_005894: ; Pos = 55b7c inc esi inc dword [ebp-0x10] cmp esi,byte +0x9 jl JUMP_005890 JUMP_005895: ; Pos = 55b85 mov eax,[ebp-0xc] movzx eax,byte [eax+0x9] JUMP_005896: ; Pos = 55b8c pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; void F1599 (int xpos, int ypos, int length, PALCOL col) ; Clips to upper screen FUNC_001599_DrawHLineConClip: ; Pos = 55b94 push ebp mov ebp,esp mov eax,[ebp+0xc] cmp eax,0x9e jnc JUMP_005897 mov edx,[ebp+0x14] push edx mov edx,[ebp+0x10] push edx push eax mov eax,[ebp+0x8] push eax call FUNC_001600_DrawHLineClip add esp,byte +0x10 JUMP_005897: ; Pos = 55bb6 pop ebp ret ; void F1600 (int xpos, int ypos, int length, PALCOL col) ; Clips to whole screen FUNC_001600_DrawHLineClip: ; Pos = 55bb8 push ebp mov ebp,esp mov edx,[ebp+0x10] mov eax,[ebp+0x8] test eax,eax jnl JUMP_005898 lea ecx,[edx+eax] test ecx,ecx jng JUMP_005900 add edx,eax xor eax,eax JUMP_005898: ; Pos = 55bd0 lea ecx,[edx+eax] cmp ecx,0x140 jng JUMP_005899 mov edx,0x140 sub edx,eax test edx,edx jng JUMP_005900 JUMP_005899: ; Pos = 55be6 mov ecx,[ebp+0x14] push ecx push edx mov edx,[ebp+0xc] push edx push eax call FUNC_001601_DrawHLine add esp,byte +0x10 JUMP_005900: ; Pos = 55bf8 pop ebp ret ; void F1601 (int xpos, int ypos, int length, PALCOL col) FUNC_001601_DrawHLine: ; Pos = 55bfc push ebp mov ebp,esp push ebx push esi mov eax,[ebp+0x10] mov esi,[ebp+0x8] test eax,eax jl JUMP_005907 mov edx,[ebp+0xc] shl edx,0x6 lea edx,[edx+edx*4] add edx,[DATA_007773] add edx,esi mov ecx,[ebp+0x14] mov ebx,ecx shl ebx,0x8 or ecx,ebx mov ebx,ecx shl ebx,0x10 or ecx,ebx jmp short JUMP_005902 JUMP_005901: ; Pos = 55c2f mov [edx],cl inc edx dec eax inc esi JUMP_005902: ; Pos = 55c34 test esi,0x3 jz JUMP_005903 test eax,eax jg JUMP_005901 JUMP_005903: ; Pos = 55c40 cmp eax,byte +0x4 jl JUMP_005905 JUMP_005904: ; Pos = 55c45 mov [edx],ecx add edx,byte +0x4 sub eax,byte +0x4 cmp eax,byte +0x4 jnl JUMP_005904 JUMP_005905: ; Pos = 55c52 test eax,eax jng JUMP_005907 JUMP_005906: ; Pos = 55c56 mov [edx],cl inc edx dec eax test eax,eax jg JUMP_005906 JUMP_005907: ; Pos = 55c5e pop esi pop ebx pop ebp ret ; void F1602 (fix *lx, fix *rx, fix ldxdy, fix rdxdy, int height, ; int *ypos, PALCOL col, func *hlinefunc) FUNC_001602_DrawPolySegment: ; Pos = 55c64 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi mov esi,[ebp+0x18] mov eax,[ebp+0x1c] mov ebx,[eax] test esi,esi jl JUMP_005908 cmp ebx,0x9e jnl JUMP_005908 lea eax,[esi+ebx] test eax,eax jg JUMP_005909 JUMP_005908: ; Pos = 55c87 mov eax,esi imul dword [ebp+0x10] mov edx,[ebp+0x8] add [edx],eax mov eax,esi imul dword [ebp+0x14] mov edx,[ebp+0xc] add [edx],eax mov eax,[ebp+0x1c] add [eax],esi jmp JUMP_005916 JUMP_005909: ; Pos = 55ca5 mov eax,[ebp+0x8] mov eax,[eax] mov [ebp-0x4],eax mov eax,[ebp+0xc] mov eax,[eax] mov [ebp-0x8],eax test ebx,ebx jnl JUMP_005910 mov eax,ebx imul dword [ebp+0x10] sub [ebp-0x4],eax mov eax,ebx imul dword [ebp+0x14] sub [ebp-0x8],eax add esi,ebx xor ebx,ebx JUMP_005910: ; Pos = 55ccd test esi,esi jz JUMP_005914 JUMP_005911: ; Pos = 55cd1 cmp ebx,0x9e jnl JUMP_005914 mov edx,[ebp-0x4] sar edx,0x10 mov eax,[ebp-0x8] sar eax,0x10 cmp eax,edx jl JUMP_005912 mov ecx,[ebp+0x20] push ecx sub eax,edx push eax push ebx push edx call near [ebp+0x24] add esp,byte +0x10 jmp short JUMP_005913 JUMP_005912: ; Pos = 55cfa mov ecx,[ebp+0x20] push ecx sub edx,eax push edx push ebx push eax call near [ebp+0x24] add esp,byte +0x10 JUMP_005913: ; Pos = 55d09 mov eax,[ebp+0x10] add [ebp-0x4],eax mov eax,[ebp+0x14] add [ebp-0x8],eax inc ebx dec esi test esi,esi jnz JUMP_005911 JUMP_005914: ; Pos = 55d1b test esi,esi jz JUMP_005915 mov eax,[ebp+0x10] imul esi add [ebp-0x4],eax mov eax,[ebp+0x14] imul esi add [ebp-0x8],eax add ebx,esi JUMP_005915: ; Pos = 55d31 mov eax,[ebp+0x8] mov edx,[ebp-0x4] mov [eax],edx mov eax,[ebp+0xc] mov edx,[ebp-0x8] mov [eax],edx mov eax,[ebp+0x1c] mov [eax],ebx JUMP_005916: ; Pos = 55d46 pop esi pop ebx pop ecx pop ecx pop ebp ret ; int F1603 (fix *dxdy, int *height, int x1, int y1, int x2, int y2) ; Returns directional height, calculates grad/height FUNC_001603_CalcLineGrad: ; Pos = 55d4c push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x1c] mov esi,[ebp+0x18] mov ebx,[ebp+0x14] mov ecx,[ebp+0x10] mov eax,edi sub eax,ebx jz JUMP_005920 mov eax,edi sub eax,ebx jns JUMP_005918 mov eax,esi sub eax,ecx js JUMP_005917 mov eax,esi sub eax,ecx shl eax,0x10 mov edx,edi sub edx,ebx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp short JUMP_005921 JUMP_005917: ; Pos = 55d88 mov eax,esi sub eax,ecx shl eax,0x10 neg eax mov edx,edi sub edx,ebx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_005921 JUMP_005918: ; Pos = 55da0 mov eax,esi sub eax,ecx js JUMP_005919 mov eax,esi sub eax,ecx shl eax,0x10 mov edx,edi sub edx,ebx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_005921 JUMP_005919: ; Pos = 55dba mov eax,esi sub eax,ecx neg eax shl eax,0x10 mov edx,edi sub edx,ebx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp short JUMP_005921 JUMP_005920: ; Pos = 55dd2 mov eax,0x7fffffff sub esi,ecx jns JUMP_005921 add eax,byte +0x2 JUMP_005921: ; Pos = 55dde mov edx,[ebp+0x8] mov [edx],eax shl ecx,0x10 mov eax,[ebp+0xc] mov [eax],ecx mov eax,edi sub eax,ebx pop edi pop esi pop ebx pop ebp ret ; void F1604 (P2D p1, P2D p2, P2D p3, COLPAL col) ; Does upper-screen clipping FUNC_001604_DrawTriangle: ; Pos = 55df4 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov edi,[ebp+0x10] mov ecx,[ebp+0x8] mov ax,[ecx+0x2] mov edx,[ebp+0xc] cmp ax,[edx+0x2] jng JUMP_005922 mov eax,ecx mov ecx,[ebp+0xc] mov [ebp+0xc],eax JUMP_005922: ; Pos = 55e18 mov ax,[ecx+0x2] cmp ax,[edi+0x2] jng JUMP_005923 mov eax,ecx mov ecx,edi mov edi,eax JUMP_005923: ; Pos = 55e28 mov eax,[ebp+0xc] mov ax,[eax+0x2] cmp ax,[edi+0x2] jng JUMP_005924 mov eax,[ebp+0xc] mov [ebp+0xc],edi mov edi,eax JUMP_005924: ; Pos = 55e3d mov ax,[ecx+0x2] movsx ebx,ax mov edx,ebx shl edx,0x6 lea edx,[edx+edx*4] add edx,[DATA_007773] mov [ebp-0x4],edx mov edx,[ebp+0xc] cmp ax,[edx+0x2] jnl near JUMP_005966 mov eax,[ebp+0xc] movsx esi,word [eax+0x2] mov eax,esi sub eax,ebx jz near JUMP_005928 mov eax,esi sub eax,ebx jns JUMP_005926 mov eax,[ebp+0xc] movsx eax,word [eax] movsx edx,word [ecx] sub eax,edx js JUMP_005925 mov eax,[ebp+0xc] movsx eax,word [eax] movsx edx,word [ecx] sub eax,edx shl eax,0x10 mov edx,esi sub edx,ebx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp near JUMP_005930 JUMP_005925: ; Pos = 55ea5 mov eax,[ebp+0xc] movsx eax,word [eax] movsx edx,word [ecx] sub eax,edx shl eax,0x10 neg eax mov edx,esi sub edx,ebx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_005930 JUMP_005926: ; Pos = 55ec4 mov eax,[ebp+0xc] movsx eax,word [eax] movsx edx,word [ecx] sub eax,edx js JUMP_005927 mov eax,[ebp+0xc] movsx eax,word [eax] movsx edx,word [ecx] sub eax,edx shl eax,0x10 mov edx,esi sub edx,ebx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_005930 JUMP_005927: ; Pos = 55eec mov eax,[ebp+0xc] movsx eax,word [eax] movsx edx,word [ecx] sub eax,edx neg eax shl eax,0x10 mov edx,esi sub edx,ebx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp short JUMP_005930 JUMP_005928: ; Pos = 55f0b mov eax,[ebp+0xc] movsx eax,word [eax] movsx edx,word [ecx] sub eax,edx js JUMP_005929 mov eax,0x7fffffff jmp short JUMP_005930 JUMP_005929: ; Pos = 55f1f mov eax,0x80000001 JUMP_005930: ; Pos = 55f24 mov [ebp-0x8],eax movsx eax,word [edi+0x2] sub eax,ebx jz near JUMP_005934 movsx eax,word [edi+0x2] sub eax,ebx jns JUMP_005932 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx js JUMP_005931 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx shl eax,0x10 movsx edx,word [edi+0x2] sub edx,ebx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp near JUMP_005936 JUMP_005931: ; Pos = 55f63 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx shl eax,0x10 neg eax movsx edx,word [edi+0x2] sub edx,ebx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_005936 JUMP_005932: ; Pos = 55f81 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx js JUMP_005933 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx shl eax,0x10 movsx edx,word [edi+0x2] sub edx,ebx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_005936 JUMP_005933: ; Pos = 55fa5 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx neg eax shl eax,0x10 movsx edx,word [edi+0x2] sub edx,ebx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp short JUMP_005936 JUMP_005934: ; Pos = 55fc3 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx js JUMP_005935 mov eax,0x7fffffff jmp short JUMP_005936 JUMP_005935: ; Pos = 55fd4 mov eax,0x80000001 JUMP_005936: ; Pos = 55fd9 mov [ebp-0xc],eax movsx eax,word [ecx] shl eax,0x10 mov [ebp-0x14],eax mov [ebp-0x10],eax mov eax,[ebp-0x8] cmp eax,[ebp-0xc] jnl near JUMP_005951 cmp esi,ebx jng JUMP_005941 JUMP_005937: ; Pos = 55ff8 cmp ebx,0x9e jnc JUMP_005940 mov eax,[ebp-0x10] sar eax,0x10 mov edx,[ebp-0x14] sar edx,0x10 test eax,eax jnl JUMP_005938 xor eax,eax JUMP_005938: ; Pos = 56012 cmp edx,0x140 jng JUMP_005939 mov edx,0x140 JUMP_005939: ; Pos = 5601f cmp edx,eax jng JUMP_005940 sub edx,eax push edx mov edx,[ebp+0x14] push edx add eax,[ebp-0x4] push eax call _memset add esp,byte +0xc JUMP_005940: ; Pos = 56036 mov eax,[ebp-0x8] add [ebp-0x10],eax mov eax,[ebp-0xc] add [ebp-0x14],eax inc ebx add dword [ebp-0x4],0x140 cmp esi,ebx jg JUMP_005937 JUMP_005941: ; Pos = 5604e movsx esi,word [edi+0x2] cmp ebx,esi jnl near JUMP_005988 mov eax,[ebp+0xc] movsx eax,word [eax] shl eax,0x10 mov [ebp-0x10],eax mov eax,esi sub eax,ebx jz near JUMP_005945 mov eax,esi sub eax,ebx jns JUMP_005943 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx js JUMP_005942 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx shl eax,0x10 mov edx,esi sub edx,ebx neg edx mov ecx,edx cdq idiv ecx neg eax jmp short JUMP_005946 JUMP_005942: ; Pos = 560a0 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx shl eax,0x10 neg eax mov edx,esi sub edx,ebx neg edx mov ecx,edx cdq idiv ecx jmp short JUMP_005946 JUMP_005943: ; Pos = 560bd movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx js JUMP_005944 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx shl eax,0x10 mov edx,esi sub edx,ebx mov ecx,edx cdq idiv ecx jmp short JUMP_005946 JUMP_005944: ; Pos = 560e3 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx neg eax shl eax,0x10 mov edx,esi sub edx,ebx mov ecx,edx cdq idiv ecx neg eax jmp short JUMP_005946 JUMP_005945: ; Pos = 56100 mov eax,0x7fffffff movsx edx,word [edi] mov ecx,[ebp+0xc] movsx ecx,word [ecx] sub edx,ecx jns JUMP_005946 add eax,byte +0x2 JUMP_005946: ; Pos = 56115 mov [ebp-0x8],eax cmp esi,ebx jng near JUMP_005988 JUMP_005947: ; Pos = 56120 cmp ebx,0x9e jnc JUMP_005950 mov eax,[ebp-0x10] sar eax,0x10 mov edx,[ebp-0x14] sar edx,0x10 test eax,eax jnl JUMP_005948 xor eax,eax JUMP_005948: ; Pos = 5613a cmp edx,0x140 jng JUMP_005949 mov edx,0x140 JUMP_005949: ; Pos = 56147 cmp edx,eax jng JUMP_005950 sub edx,eax push edx mov edx,[ebp+0x14] push edx add eax,[ebp-0x4] push eax call _memset add esp,byte +0xc JUMP_005950: ; Pos = 5615e mov eax,[ebp-0x8] add [ebp-0x10],eax mov eax,[ebp-0xc] add [ebp-0x14],eax inc ebx add dword [ebp-0x4],0x140 cmp esi,ebx jg JUMP_005947 jmp JUMP_005988 JUMP_005951: ; Pos = 5617b cmp esi,ebx jng JUMP_005956 JUMP_005952: ; Pos = 5617f cmp ebx,0x9e jnc JUMP_005955 mov eax,[ebp-0x10] sar eax,0x10 mov edx,[ebp-0x14] sar edx,0x10 test eax,eax jnl JUMP_005953 xor eax,eax JUMP_005953: ; Pos = 56199 cmp edx,0x140 jng JUMP_005954 mov edx,0x140 JUMP_005954: ; Pos = 561a6 cmp edx,eax jng JUMP_005955 sub edx,eax push edx mov edx,[ebp+0x14] push edx add eax,[ebp-0x4] push eax call _memset add esp,byte +0xc JUMP_005955: ; Pos = 561bd mov eax,[ebp-0xc] add [ebp-0x10],eax mov eax,[ebp-0x8] add [ebp-0x14],eax inc ebx add dword [ebp-0x4],0x140 cmp esi,ebx jg JUMP_005952 JUMP_005956: ; Pos = 561d5 movsx esi,word [edi+0x2] cmp ebx,esi jnl near JUMP_005988 mov eax,[ebp+0xc] movsx eax,word [eax] shl eax,0x10 mov [ebp-0x14],eax mov eax,esi sub eax,ebx jz near JUMP_005960 mov eax,esi sub eax,ebx jns JUMP_005958 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx js JUMP_005957 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx shl eax,0x10 mov edx,esi sub edx,ebx neg edx mov ecx,edx cdq idiv ecx neg eax jmp short JUMP_005961 JUMP_005957: ; Pos = 56227 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx shl eax,0x10 neg eax mov edx,esi sub edx,ebx neg edx mov ecx,edx cdq idiv ecx jmp short JUMP_005961 JUMP_005958: ; Pos = 56244 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx js JUMP_005959 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx shl eax,0x10 mov edx,esi sub edx,ebx mov ecx,edx cdq idiv ecx jmp short JUMP_005961 JUMP_005959: ; Pos = 5626a movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx neg eax shl eax,0x10 mov edx,esi sub edx,ebx mov ecx,edx cdq idiv ecx neg eax jmp short JUMP_005961 JUMP_005960: ; Pos = 56287 mov eax,0x7fffffff movsx edx,word [edi] mov ecx,[ebp+0xc] movsx ecx,word [ecx] sub edx,ecx jns JUMP_005961 add eax,byte +0x2 JUMP_005961: ; Pos = 5629c mov [ebp-0x8],eax cmp esi,ebx jng near JUMP_005988 JUMP_005962: ; Pos = 562a7 cmp ebx,0x9e jnc JUMP_005965 mov eax,[ebp-0x10] sar eax,0x10 mov edx,[ebp-0x14] sar edx,0x10 test eax,eax jnl JUMP_005963 xor eax,eax JUMP_005963: ; Pos = 562c1 cmp edx,0x140 jng JUMP_005964 mov edx,0x140 JUMP_005964: ; Pos = 562ce cmp edx,eax jng JUMP_005965 sub edx,eax push edx mov edx,[ebp+0x14] push edx add eax,[ebp-0x4] push eax call _memset add esp,byte +0xc JUMP_005965: ; Pos = 562e5 mov eax,[ebp-0xc] add [ebp-0x10],eax mov eax,[ebp-0x8] add [ebp-0x14],eax inc ebx add dword [ebp-0x4],0x140 cmp esi,ebx jg JUMP_005962 jmp JUMP_005988 JUMP_005966: ; Pos = 56302 movsx esi,word [edi+0x2] cmp ebx,esi jnl near JUMP_005988 mov eax,esi sub eax,ebx jz near JUMP_005970 mov eax,esi sub eax,ebx jns JUMP_005968 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx js JUMP_005967 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx shl eax,0x10 mov edx,esi sub edx,ebx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp near JUMP_005972 JUMP_005967: ; Pos = 5634a movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx shl eax,0x10 neg eax mov edx,esi sub edx,ebx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_005972 JUMP_005968: ; Pos = 56369 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx js JUMP_005969 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx shl eax,0x10 mov edx,esi sub edx,ebx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_005972 JUMP_005969: ; Pos = 56391 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx neg eax shl eax,0x10 mov edx,esi sub edx,ebx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp short JUMP_005972 JUMP_005970: ; Pos = 563b0 movsx eax,word [edi] mov edx,[ebp+0xc] movsx edx,word [edx] sub eax,edx js JUMP_005971 mov eax,0x7fffffff jmp short JUMP_005972 JUMP_005971: ; Pos = 563c4 mov eax,0x80000001 JUMP_005972: ; Pos = 563c9 mov [ebp-0x8],eax mov eax,esi sub eax,ebx jz near JUMP_005976 mov eax,esi sub eax,ebx jns JUMP_005974 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx js JUMP_005973 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx shl eax,0x10 mov edx,esi sub edx,ebx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp short JUMP_005978 JUMP_005973: ; Pos = 56402 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx shl eax,0x10 neg eax mov edx,esi sub edx,ebx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_005978 JUMP_005974: ; Pos = 5641e movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx js JUMP_005975 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx shl eax,0x10 mov edx,esi sub edx,ebx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_005978 JUMP_005975: ; Pos = 56440 movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx neg eax shl eax,0x10 mov edx,esi sub edx,ebx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp short JUMP_005978 JUMP_005976: ; Pos = 5645c movsx eax,word [edi] movsx edx,word [ecx] sub eax,edx js JUMP_005977 mov eax,0x7fffffff jmp short JUMP_005978 JUMP_005977: ; Pos = 5646d mov eax,0x80000001 JUMP_005978: ; Pos = 56472 mov [ebp-0xc],eax mov ax,[ecx] mov edx,[ebp+0xc] cmp ax,[edx] jnl JUMP_005983 movsx eax,ax shl eax,0x10 mov [ebp-0x10],eax mov eax,[ebp+0xc] movsx eax,word [eax] shl eax,0x10 mov [ebp-0x14],eax cmp esi,ebx jng near JUMP_005988 JUMP_005979: ; Pos = 5649d cmp ebx,0x9e jnc JUMP_005982 mov eax,[ebp-0x10] sar eax,0x10 mov edx,[ebp-0x14] sar edx,0x10 test eax,eax jnl JUMP_005980 xor eax,eax JUMP_005980: ; Pos = 564b7 cmp edx,0x140 jng JUMP_005981 mov edx,0x140 JUMP_005981: ; Pos = 564c4 cmp edx,eax jng JUMP_005982 sub edx,eax push edx mov edx,[ebp+0x14] push edx add eax,[ebp-0x4] push eax call _memset add esp,byte +0xc JUMP_005982: ; Pos = 564db mov eax,[ebp-0xc] add [ebp-0x10],eax mov eax,[ebp-0x8] add [ebp-0x14],eax inc ebx add dword [ebp-0x4],0x140 cmp esi,ebx jg JUMP_005979 jmp short JUMP_005988 JUMP_005983: ; Pos = 564f5 mov eax,[ebp+0xc] movsx eax,word [eax] shl eax,0x10 mov [ebp-0x10],eax movsx eax,word [ecx] shl eax,0x10 mov [ebp-0x14],eax cmp esi,ebx jng JUMP_005988 JUMP_005984: ; Pos = 5650e cmp ebx,0x9e jnc JUMP_005987 mov eax,[ebp-0x10] sar eax,0x10 mov edx,[ebp-0x14] sar edx,0x10 test eax,eax jnl JUMP_005985 xor eax,eax JUMP_005985: ; Pos = 56528 cmp edx,0x140 jng JUMP_005986 mov edx,0x140 JUMP_005986: ; Pos = 56535 cmp edx,eax jng JUMP_005987 sub edx,eax push edx mov edx,[ebp+0x14] push edx add eax,[ebp-0x4] push eax call _memset add esp,byte +0xc JUMP_005987: ; Pos = 5654c mov eax,[ebp-0x8] add [ebp-0x10],eax mov eax,[ebp-0xc] add [ebp-0x14],eax inc ebx add dword [ebp-0x4],0x140 cmp esi,ebx jg JUMP_005984 JUMP_005988: ; Pos = 56564 pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; void F1606 (P2D p1, P2D p2, P2D p3, P2D p4, COLPAL col) ; Clips to upper screen, vertical only FUNC_001606_DrawQuadVClip: ; Pos = 56d00 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] movsx eax,word [ebx] cmp eax,0x140 jnc JUMP_006046 movsx eax,word [ebx+0x2] cmp eax,0x9e jc JUMP_006047 JUMP_006046: ; Pos = 56d27 xor eax,eax jmp short JUMP_006048 JUMP_006047: ; Pos = 56d2b mov eax,0x1 JUMP_006048: ; Pos = 56d30 movsx edx,word [esi] cmp edx,0x140 jnc JUMP_006049 movsx edx,word [esi+0x2] cmp edx,0x9e jc JUMP_006050 JUMP_006049: ; Pos = 56d47 xor edx,edx jmp short JUMP_006051 JUMP_006050: ; Pos = 56d4b mov edx,0x1 JUMP_006051: ; Pos = 56d50 movsx ecx,word [edi] cmp ecx,0x140 jnc JUMP_006052 movsx ecx,word [edi+0x2] cmp ecx,0x9e jc JUMP_006053 JUMP_006052: ; Pos = 56d67 xor ecx,ecx jmp short JUMP_006054 JUMP_006053: ; Pos = 56d6b mov ecx,0x1 JUMP_006054: ; Pos = 56d70 mov [ebp-0x4],ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx] cmp ecx,0x140 jnc JUMP_006055 mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] cmp ecx,0x9e jc JUMP_006056 JUMP_006055: ; Pos = 56d90 xor ecx,ecx jmp short JUMP_006057 JUMP_006056: ; Pos = 56d94 mov ecx,0x1 JUMP_006057: ; Pos = 56d99 mov [ebp-0x8],ecx test eax,eax jnz JUMP_006058 test edx,edx jnz JUMP_006058 cmp dword [ebp-0x4],byte +0x0 jnz JUMP_006058 cmp dword [ebp-0x8],byte +0x0 jz JUMP_006060 JUMP_006058: ; Pos = 56db0 test eax,eax jz JUMP_006059 test edx,edx jz JUMP_006059 cmp dword [ebp-0x4],byte +0x0 jz JUMP_006059 cmp dword [ebp-0x8],byte +0x0 jz JUMP_006059 push dword FUNC_001601_DrawHLine mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax push edi push esi push ebx call FUNC_001608_DrawQuadInternal add esp,byte +0x18 JUMP_006059: ; Pos = 56ddc push dword FUNC_001599_DrawHLineConClip mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax push edi push esi push ebx call FUNC_001608_DrawQuadInternal add esp,byte +0x18 JUMP_006060: ; Pos = 56df4 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret ; void F1607 (P2D p1, P2D p2, P2D p3, P2D p4, COLPAL col) ; No clipping at all FUNC_001607_DrawQuad: ; Pos = 56dfc push ebp mov ebp,esp push dword FUNC_001601_DrawHLine mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001608_DrawQuadInternal add esp,byte +0x18 pop ebp ret ; void F1608 (P2D p1, P2D p2, P2D p3, P2D p4, COLPAL col, func *hlinefunc) FUNC_001608_DrawQuadInternal: ; Pos = 56e24 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov ebx,[ebp+0x10] mov edi,[ebp+0xc] mov esi,[ebp+0x8] movsx eax,word [esi+0x2] movsx edx,word [edi+0x2] cmp eax,edx jng JUMP_006061 mov eax,edx JUMP_006061: ; Pos = 56e44 movsx edx,word [ebx+0x2] cmp eax,edx jng JUMP_006062 mov eax,edx JUMP_006062: ; Pos = 56e4e mov edx,[ebp+0x14] movsx edx,word [edx+0x2] cmp eax,edx jng JUMP_006064 mov eax,edx jmp short JUMP_006064 JUMP_006063: ; Pos = 56e5d mov edx,esi mov esi,edi mov edi,ebx mov ebx,[ebp+0x14] mov [ebp+0x14],edx JUMP_006064: ; Pos = 56e69 movsx edx,word [esi+0x2] cmp eax,edx jl JUMP_006063 movsx eax,word [esi+0x2] mov [ebp-0x18],eax movsx eax,word [edi+0x2] push eax movsx eax,word [edi] push eax movsx eax,word [esi+0x2] push eax movsx eax,word [esi] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_001603_CalcLineGrad add esp,byte +0x18 mov [ebp-0x14],eax mov eax,[ebp+0x14] movsx eax,word [eax+0x2] push eax mov eax,[ebp+0x14] movsx eax,word [eax] push eax movsx eax,word [esi+0x2] push eax movsx eax,word [esi] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x10] push eax call FUNC_001603_CalcLineGrad add esp,byte +0x18 mov esi,eax mov eax,[ebp+0x14] mov ax,[eax+0x2] cmp ax,[edi+0x2] jng near JUMP_006066 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001602_DrawPolySegment add esp,byte +0x20 sub esi,[ebp-0x14] movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] push eax movsx eax,word [edi+0x2] push eax movsx eax,word [edi] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_001603_CalcLineGrad add esp,byte +0x18 mov [ebp-0x14],eax mov eax,[ebp+0x14] mov ax,[eax+0x2] cmp ax,[ebx+0x2] jng near JUMP_006065 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001602_DrawPolySegment add esp,byte +0x20 mov eax,[ebp+0x14] movsx eax,word [eax+0x2] push eax mov eax,[ebp+0x14] movsx eax,word [eax] push eax movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_001603_CalcLineGrad add esp,byte +0x18 mov [ebp-0x14],eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001602_DrawPolySegment add esp,byte +0x20 jmp JUMP_006068 JUMP_006065: ; Pos = 56fb9 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[ebp-0x18] push eax push esi mov eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001602_DrawPolySegment add esp,byte +0x20 movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] push eax mov eax,[ebp+0x14] movsx eax,word [eax+0x2] push eax mov eax,[ebp+0x14] movsx eax,word [eax] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x10] push eax call FUNC_001603_CalcLineGrad add esp,byte +0x18 mov esi,eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[ebp-0x18] push eax push esi mov eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001602_DrawPolySegment add esp,byte +0x20 jmp JUMP_006068 JUMP_006066: ; Pos = 57032 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[ebp-0x18] push eax push esi mov eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001602_DrawPolySegment add esp,byte +0x20 sub [ebp-0x14],esi movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] push eax mov eax,[ebp+0x14] movsx eax,word [eax+0x2] push eax mov eax,[ebp+0x14] movsx eax,word [eax] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x10] push eax call FUNC_001603_CalcLineGrad add esp,byte +0x18 mov esi,eax mov ax,[edi+0x2] cmp ax,[ebx+0x2] jnl near JUMP_006067 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001602_DrawPolySegment add esp,byte +0x20 movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] push eax movsx eax,word [edi+0x2] push eax movsx eax,word [edi] push eax lea eax,[ebp-0x4] push eax lea eax,[ebp-0x8] push eax call FUNC_001603_CalcLineGrad add esp,byte +0x18 mov [ebp-0x14],eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[ebp-0x18] push eax mov eax,[ebp-0x14] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001602_DrawPolySegment add esp,byte +0x20 jmp short JUMP_006068 JUMP_006067: ; Pos = 57105 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[ebp-0x18] push eax push esi mov eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001602_DrawPolySegment add esp,byte +0x20 movsx eax,word [edi+0x2] push eax movsx eax,word [edi] push eax movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x10] push eax call FUNC_001603_CalcLineGrad add esp,byte +0x18 mov esi,eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax lea eax,[ebp-0x18] push eax push esi mov eax,[ebp-0x10] push eax mov eax,[ebp-0x8] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x4] push eax call FUNC_001602_DrawPolySegment add esp,byte +0x20 JUMP_006068: ; Pos = 57173 pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; void F1609 (int xcent, int ycent, int imgnum, int flag, COLPAL col) ; Flag switches between set of sprites at D7784 and D7785 FUNC_001609_DrawSprite: ; Pos = 5717c push ebp mov ebp,esp push ecx push ebx push esi push edi mov eax,[ebp+0x10] mov esi,[ebp+0xc] cmp dword [ebp+0x14],byte +0x0 jz JUMP_006069 mov edx,eax add edx,edx lea edx,[edx+edx*8] add edx,DATA_007785 jmp short JUMP_006070 JUMP_006069: ; Pos = 5719e mov edx,eax add edx,edx lea edx,[edx+edx*8] add edx,DATA_007784 JUMP_006070: ; Pos = 571ab mov [ebp-0x4],edx inc dword [ebp+0x8] mov eax,[ebp-0x4] movsx ebx,byte [eax] inc dword [ebp-0x4] cmp esi,0x9e jnc JUMP_006071 mov eax,[ebp+0x18] push eax mov eax,ebx add eax,eax dec eax push eax push esi mov eax,[ebp+0x8] sub eax,ebx push eax call FUNC_001600_DrawHLineClip add esp,byte +0x10 JUMP_006071: ; Pos = 571db mov edi,esi jmp short JUMP_006074 JUMP_006072: ; Pos = 571df inc esi dec edi test ebx,ebx jng JUMP_006074 cmp esi,0x9e jnc JUMP_006073 mov eax,[ebp+0x18] push eax mov eax,ebx add eax,eax dec eax push eax push esi mov eax,[ebp+0x8] sub eax,ebx push eax call FUNC_001600_DrawHLineClip add esp,byte +0x10 JUMP_006073: ; Pos = 57206 cmp edi,0x9e jnc JUMP_006074 mov eax,[ebp+0x18] push eax mov eax,ebx add eax,eax dec eax push eax push edi mov eax,[ebp+0x8] sub eax,ebx push eax call FUNC_001600_DrawHLineClip add esp,byte +0x10 JUMP_006074: ; Pos = 57227 mov eax,[ebp-0x4] inc dword [ebp-0x4] movsx ebx,byte [eax] test ebx,ebx jnl JUMP_006072 pop edi pop esi pop ebx pop ecx pop ebp ret ; void F1610 (P2D centpos, int size, COLPAL col) ; Draws roughly circular particles FUNC_001610_DrawParticleClipped: ; Pos = 5723c push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov cx,[eax] movsx ebx,cx cmp ebx,0x140 jc JUMP_006079 test cx,cx jnl JUMP_006076 movsx ecx,word [eax] mov ebx,edx sar ebx,1 jns JUMP_006075 adc ebx,byte +0x0 JUMP_006075: ; Pos = 57265 add ecx,ebx test ecx,ecx setng cl and ecx,byte +0x1 jmp short JUMP_006078 JUMP_006076: ; Pos = 57271 movsx ecx,word [eax] mov ebx,edx sar ebx,1 jns JUMP_006077 adc ebx,byte +0x0 JUMP_006077: ; Pos = 5727d sub ecx,ebx cmp ecx,0x140 setnl cl and ecx,byte +0x1 JUMP_006078: ; Pos = 5728b test ecx,ecx jnz JUMP_006085 JUMP_006079: ; Pos = 5728f mov cx,[eax+0x2] movsx ebx,cx cmp ebx,0x9e jc JUMP_006084 test cx,cx jnl JUMP_006081 movsx ecx,word [eax+0x2] mov ebx,edx sar ebx,1 jns JUMP_006080 adc ebx,byte +0x0 JUMP_006080: ; Pos = 572b0 add ecx,ebx test ecx,ecx setng cl and ecx,byte +0x1 jmp short JUMP_006083 JUMP_006081: ; Pos = 572bc movsx ecx,word [eax+0x2] mov ebx,edx sar ebx,1 jns JUMP_006082 adc ebx,byte +0x0 JUMP_006082: ; Pos = 572c9 sub ecx,ebx cmp ecx,0x9e setnl cl and ecx,byte +0x1 JUMP_006083: ; Pos = 572d7 test ecx,ecx jnz JUMP_006085 JUMP_006084: ; Pos = 572db mov ecx,[ebp+0x10] push ecx push edx push eax call FUNC_001611_DrawParticle add esp,byte +0xc JUMP_006085: ; Pos = 572e9 pop ebx pop ebp ret ; void F1611 (P2D centpos, int size, COLPAL col) ; Draws roughly circular particles FUNC_001611_DrawParticle: ; Pos = 572ec push ebp mov ebp,esp add esp,0xfffff004 push eax add esp,0xfffff244 push ebx push esi push edi mov eax,[ebp+0xc] mov ebx,[ebp+0x8] cmp eax,0x3b4 jnc near JUMP_006107 cmp eax,byte +0x6 jnl near JUMP_006092 mov dx,[ebx] cmp dx,byte +0x2 jl near JUMP_006107 cmp dx,0x13d jg near JUMP_006107 cmp word [ebx+0x2],byte +0x2 jl near JUMP_006107 cmp word [ebx+0x2],0x9b jg near JUMP_006107 cmp eax,byte +0x5 ja near JUMP_006107 jmp near [eax*4+DATA_000046] SECTION .data DATA_000046: ; Pos = 57358 dd JUMP_006086 dd JUMP_006087 dd JUMP_006088 dd JUMP_006089 dd JUMP_006090 dd JUMP_006091 SECTION .text JUMP_006086: ; Pos = 57370 mov eax,[ebp+0x10] push eax push byte +0x1 movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp JUMP_006107 JUMP_006087: ; Pos = 5738c mov eax,[ebp+0x10] push eax push byte +0x2 movsx eax,word [ebx+0x2] dec eax push eax movsx eax,word [ebx] dec eax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x2 movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] dec eax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp JUMP_006107 JUMP_006088: ; Pos = 573c2 mov eax,[ebp+0x10] push eax push byte +0x1 movsx eax,word [ebx+0x2] dec eax push eax movsx eax,word [ebx] push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x3 movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] dec eax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x1 movsx eax,word [ebx+0x2] inc eax push eax movsx eax,word [ebx] push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp JUMP_006107 JUMP_006089: ; Pos = 5740f mov eax,[ebp+0x10] push eax push byte +0x3 movsx eax,word [ebx+0x2] dec eax push eax movsx eax,word [ebx] dec eax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x3 movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] dec eax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x3 movsx eax,word [ebx+0x2] inc eax push eax movsx eax,word [ebx] dec eax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp JUMP_006107 JUMP_006090: ; Pos = 5745e mov eax,[ebp+0x10] push eax push byte +0x2 movsx eax,word [ebx+0x2] add eax,byte -0x2 push eax movsx eax,word [ebx] dec eax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x4 movsx eax,word [ebx+0x2] dec eax push eax movsx eax,word [ebx] add eax,byte -0x2 push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x4 movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] add eax,byte -0x2 push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x2 movsx eax,word [ebx+0x2] inc eax push eax movsx eax,word [ebx] dec eax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp JUMP_006107 JUMP_006091: ; Pos = 574cc mov eax,[ebp+0x10] push eax push byte +0x1 movsx eax,word [ebx+0x2] add eax,byte -0x2 push eax movsx eax,word [ebx] push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x3 movsx eax,word [ebx+0x2] dec eax push eax movsx eax,word [ebx] dec eax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x5 movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] add eax,byte -0x2 push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x3 movsx eax,word [ebx+0x2] inc eax push eax movsx eax,word [ebx] dec eax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 mov eax,[ebp+0x10] push eax push byte +0x1 movsx eax,word [ebx+0x2] add eax,byte +0x2 push eax movsx eax,word [ebx] push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp JUMP_006107 JUMP_006092: ; Pos = 57551 mov edx,eax sar edx,1 jns JUMP_006093 adc edx,byte +0x0 JUMP_006093: ; Pos = 5755a mov [ebp-0x10],edx movsx edx,word [ebx] mov [ebp-0x4],edx movsx edx,word [ebx+0x2] mov [ebp-0x8],edx mov ebx,[ebp-0x10] lea edx,[eax-0x2] cmp edx,byte +0x5 jnz JUMP_006094 add edx,byte +0x3 JUMP_006094: ; Pos = 57578 neg edx lea eax,[ebp+0xffffe244] mov [ebp-0x14],eax mov eax,[ebp-0x10] shl eax,0x3 lea ecx,[ebp+0xffffe244] add eax,ecx mov [ebp-0x18],eax mov ecx,eax mov eax,[ebp-0x10] add eax,eax shl eax,0x3 lea esi,[ebp+0xffffe244] add eax,esi mov [ebp-0x1c],eax add edx,byte +0x6 mov eax,0x1 cmp ebx,eax jng JUMP_006098 JUMP_006095: ; Pos = 575b5 sub ecx,byte +0x8 mov esi,[ebp-0x4] sub esi,ebx mov [ecx],esi mov edi,[ebp-0x18] mov [edi],esi mov esi,ebx add esi,esi mov [ecx+0x4],esi mov edi,[ebp-0x18] mov [edi+0x4],esi add dword [ebp-0x18],byte +0x8 test edx,edx jnl JUMP_006096 mov esi,eax shl esi,0x2 add esi,byte +0x6 add edx,esi jmp short JUMP_006097 JUMP_006096: ; Pos = 575e5 sub dword [ebp-0x1c],byte +0x8 mov esi,[ebp-0x4] sub esi,eax mov edi,[ebp-0x1c] mov [edi],esi mov edi,[ebp-0x14] mov [edi],esi mov esi,eax add esi,esi mov edi,[ebp-0x1c] mov [edi+0x4],esi mov edi,[ebp-0x14] mov [edi+0x4],esi add dword [ebp-0x14],byte +0x8 mov esi,eax sub esi,ebx shl esi,0x2 add esi,byte +0xa add edx,esi dec ebx JUMP_006097: ; Pos = 57619 inc eax cmp ebx,eax jg JUMP_006095 JUMP_006098: ; Pos = 5761e cmp ebx,eax jnz JUMP_006099 sub ecx,byte +0x8 mov edx,[ebp-0x4] sub edx,eax mov [ecx],edx mov ebx,[ebp-0x18] mov [ebx],edx add eax,eax mov [ecx+0x4],eax mov edx,[ebp-0x18] mov [edx+0x4],eax JUMP_006099: ; Pos = 5763c lea esi,[ebp+0xffffe244] mov ebx,[ebp-0x8] sub ebx,[ebp-0x10] test ebx,ebx jnl JUMP_006100 shl ebx,0x3 sub esi,ebx xor ebx,ebx JUMP_006100: ; Pos = 57653 mov eax,[ebp-0x8] add eax,[ebp-0x10] cmp eax,0x9e jng JUMP_006101 mov dword [ebp-0xc],0x9e jmp short JUMP_006102 JUMP_006101: ; Pos = 57669 mov [ebp-0xc],eax JUMP_006102: ; Pos = 5766c mov eax,[ebp-0x4] sub eax,[ebp-0x10] js JUMP_006103 mov eax,[ebp-0x4] add eax,[ebp-0x10] cmp eax,0x140 jl JUMP_006104 JUMP_006103: ; Pos = 57681 mov edi,FUNC_001600_DrawHLineClip jmp short JUMP_006105 JUMP_006104: ; Pos = 57688 mov edi,FUNC_001601_DrawHLine JUMP_006105: ; Pos = 5768d cmp ebx,[ebp-0xc] jnl JUMP_006107 JUMP_006106: ; Pos = 57692 mov eax,[ebp+0x10] push eax mov eax,[esi+0x4] push eax push ebx mov eax,[esi] push eax call edi add esp,byte +0x10 add esi,byte +0x8 inc ebx cmp ebx,[ebp-0xc] jl JUMP_006106 JUMP_006107: ; Pos = 576ac pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; void F1612 (P2D centpos, int radius, COLPAL col) ; Circle always has two pixels per scanline, vclip only FUNC_001612_DrawCircle: ; Pos = 576b4 push ebp mov ebp,esp add esp,0xfffff004 push eax add esp,0xfffff248 push ebx push esi push edi mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,edx sar ecx,1 jns JUMP_006108 adc ecx,byte +0x0 JUMP_006108: ; Pos = 576d6 mov [ebp-0xc],ecx movsx ecx,word [eax] mov [ebp-0x4],ecx movsx eax,word [eax+0x2] mov [ebp-0x8],eax mov ebx,[ebp-0xc] add edx,byte -0x2 cmp edx,byte +0x5 jnz JUMP_006109 add edx,byte +0x3 JUMP_006109: ; Pos = 576f4 neg edx lea eax,[ebp+0xffffe248] mov [ebp-0x10],eax mov eax,[ebp-0xc] shl eax,0x3 lea ecx,[ebp+0xffffe248] add eax,ecx mov [ebp-0x14],eax mov ecx,eax mov eax,[ebp-0xc] add eax,eax shl eax,0x3 lea esi,[ebp+0xffffe248] add eax,esi mov [ebp-0x18],eax add edx,byte +0x6 mov eax,0x1 cmp ebx,eax jng JUMP_006113 JUMP_006110: ; Pos = 57731 sub ecx,byte +0x8 mov esi,[ebp-0x4] sub esi,ebx mov [ecx],esi mov edi,[ebp-0x14] mov [edi],esi mov esi,ebx add esi,esi mov [ecx+0x4],esi mov edi,[ebp-0x14] mov [edi+0x4],esi add dword [ebp-0x14],byte +0x8 test edx,edx jnl JUMP_006111 mov esi,eax shl esi,0x2 add esi,byte +0x6 add edx,esi jmp short JUMP_006112 JUMP_006111: ; Pos = 57761 sub dword [ebp-0x18],byte +0x8 mov esi,[ebp-0x4] sub esi,eax mov edi,[ebp-0x18] mov [edi],esi mov edi,[ebp-0x10] mov [edi],esi mov esi,eax add esi,esi mov edi,[ebp-0x18] mov [edi+0x4],esi mov edi,[ebp-0x10] mov [edi+0x4],esi add dword [ebp-0x10],byte +0x8 mov esi,eax sub esi,ebx shl esi,0x2 add esi,byte +0xa add edx,esi dec ebx JUMP_006112: ; Pos = 57795 inc eax cmp ebx,eax jg JUMP_006110 JUMP_006113: ; Pos = 5779a cmp ebx,eax jnz JUMP_006114 sub ecx,byte +0x8 mov edx,[ebp-0x4] sub edx,eax mov [ecx],edx mov ebx,[ebp-0x14] mov [ebx],edx add eax,eax mov [ecx+0x4],eax mov edx,[ebp-0x14] mov [edx+0x4],eax JUMP_006114: ; Pos = 577b8 lea esi,[ebp+0xffffe248] mov ebx,[ebp-0x8] sub ebx,[ebp-0xc] test ebx,ebx jnl JUMP_006115 shl ebx,0x3 sub esi,ebx xor ebx,ebx JUMP_006115: ; Pos = 577cf mov eax,[ebp-0x8] add eax,[ebp-0xc] cmp eax,0x9e jng JUMP_006116 mov edi,0x9e jmp short JUMP_006117 JUMP_006116: ; Pos = 577e3 mov edi,eax JUMP_006117: ; Pos = 577e5 cmp edi,ebx jng JUMP_006122 JUMP_006118: ; Pos = 577e9 mov eax,edi sub eax,ebx dec eax jz JUMP_006119 lea eax,[ebp+0xffffe248] cmp esi,eax jnz JUMP_006120 JUMP_006119: ; Pos = 577fa mov eax,[ebp+0x10] push eax mov eax,[esi+0x4] push eax push ebx mov eax,[esi] push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp short JUMP_006121 JUMP_006120: ; Pos = 57810 mov edx,ebx shl edx,0x3 lea edx,[edx+edx*4] mov ecx,[DATA_007773] lea edx,[ecx+edx*8] mov ecx,[esi] add edx,ecx push edx mov al,[ebp+0x10] pop edx mov [edx],al mov edx,ebx shl edx,0x3 lea edx,[edx+edx*4] mov ecx,[DATA_007773] lea edx,[ecx+edx*8] mov ecx,[esi] add edx,ecx mov ecx,[esi+0x4] lea edx,[edx+ecx-0x1] push edx pop edx mov [edx],al JUMP_006121: ; Pos = 5784c add esi,byte +0x8 inc ebx cmp edi,ebx jg JUMP_006118 JUMP_006122: ; Pos = 57854 pop edi pop esi pop ebx mov esp,ebp pop ebp ret ; void F1613 (SPANS data, COLPAL col) ; struct SPANS { ; SPANDATA stuff[158]; ; int needshclip; ; int ymin; ; int ymax; ; } ; struct SPANDATA { ; int numpoints; ; int xpoint[10]; ; } FUNC_001613_DrawSpans: ; Pos = 5785c push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi mov eax,[ebp+0x8] mov eax,[eax+0x1b30] mov edx,[ebp+0x8] cmp eax,[edx+0x1b2c] jl near JUMP_006134 mov eax,[ebp+0x8] cmp dword [eax+0x1b28],byte +0x0 jz JUMP_006123 mov dword [ebp-0x4],FUNC_001600_DrawHLineClip jmp short JUMP_006124 JUMP_006123: ; Pos = 57891 mov dword [ebp-0x4],FUNC_001601_DrawHLine JUMP_006124: ; Pos = 57898 mov eax,[ebp+0x8] mov eax,[eax+0x1b30] dec eax mov [ebp-0xc],eax mov eax,[ebp-0xc] mov edx,eax lea eax,[edx+eax*4] lea eax,[edx+eax*2] mov edx,[ebp+0x8] lea eax,[edx+eax*4] mov [ebp-0x14],eax jmp JUMP_006133 JUMP_006125: ; Pos = 578be mov eax,[ebp-0xc] mov edx,eax lea eax,[edx+eax*4] lea eax,[edx+eax*2] shl eax,0x2 add eax,[ebp+0x8] add eax,byte +0x4 mov [ebp-0x8],eax mov eax,[ebp-0x14] mov eax,[eax] mov [ebp-0x10],eax mov ebx,[ebp-0x10] cmp ebx,byte +0x1 jng JUMP_006130 JUMP_006126: ; Pos = 578e5 mov edx,0x1 mov eax,[ebp-0x8] cmp ebx,edx jng JUMP_006129 JUMP_006127: ; Pos = 578f1 mov ecx,[eax] mov esi,[eax+0x4] cmp ecx,esi jng JUMP_006128 mov [eax],esi mov [eax+0x4],ecx JUMP_006128: ; Pos = 578ff inc edx add eax,byte +0x4 cmp ebx,edx jg JUMP_006127 JUMP_006129: ; Pos = 57907 dec ebx cmp ebx,byte +0x1 jg JUMP_006126 JUMP_006130: ; Pos = 5790d mov ebx,[ebp-0x10] add ebx,byte -0x2 mov eax,[ebp-0x8] lea esi,[eax+ebx*4] test ebx,ebx jl JUMP_006132 JUMP_006131: ; Pos = 5791d mov edx,[ebp+0xc] push edx mov edx,[esi+0x4] mov eax,[esi] sub edx,eax push edx mov edx,[ebp-0xc] push edx push eax call near [ebp-0x4] add esp,byte +0x10 sub ebx,byte +0x2 add esi,byte -0x8 test ebx,ebx jnl JUMP_006131 JUMP_006132: ; Pos = 5793e dec dword [ebp-0xc] add dword [ebp-0x14],byte -0x2c JUMP_006133: ; Pos = 57945 mov eax,[ebp+0x8] mov eax,[eax+0x1b2c] cmp eax,[ebp-0xc] jng near JUMP_006125 JUMP_006134: ; Pos = 57957 pop esi pop ebx mov esp,ebp pop ebp ret ; void F1616 (P2D point1, P2D point2, COLPAL col) FUNC_001616_DrawLine: ; Pos = 57abc push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov dx,[edi+0x2] cmp dx,[esi+0x2] jnz JUMP_006147 mov ax,[edi] cmp ax,[esi] jg JUMP_006146 mov ecx,[ebp+0x10] push ecx movsx ecx,word [esi] movsx ebx,word [edi] sub ecx,ebx inc ecx push ecx movsx edx,dx push edx movsx eax,ax push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp JUMP_006165 JUMP_006146: ; Pos = 57afe mov edx,[ebp+0x10] push edx movsx edx,word [edi] movsx eax,word [esi] sub edx,eax inc edx push edx movsx edx,word [esi+0x2] push edx push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp JUMP_006165 JUMP_006147: ; Pos = 57b1f mov ax,[edi+0x2] cmp ax,[esi+0x2] jng JUMP_006148 mov eax,edi mov edi,esi mov esi,eax JUMP_006148: ; Pos = 57b2f movsx eax,word [esi+0x2] movsx edx,word [edi+0x2] sub eax,edx jz near JUMP_006152 movsx eax,word [esi+0x2] movsx edx,word [edi+0x2] sub eax,edx jns JUMP_006150 movsx eax,word [esi] movsx edx,word [edi] sub eax,edx js JUMP_006149 movsx eax,word [esi] movsx edx,word [edi] sub eax,edx shl eax,0x10 movsx edx,word [esi+0x2] movsx ecx,word [edi+0x2] sub edx,ecx neg edx mov ecx,edx cdq idiv ecx neg eax jmp near JUMP_006153 JUMP_006149: ; Pos = 57b75 movsx eax,word [esi] movsx edx,word [edi] sub eax,edx shl eax,0x10 neg eax movsx edx,word [esi+0x2] movsx ecx,word [edi+0x2] sub edx,ecx neg edx mov ecx,edx cdq idiv ecx jmp short JUMP_006153 JUMP_006150: ; Pos = 57b95 movsx eax,word [esi] movsx edx,word [edi] sub eax,edx js JUMP_006151 movsx eax,word [esi] movsx edx,word [edi] sub eax,edx shl eax,0x10 movsx edx,word [esi+0x2] movsx ecx,word [edi+0x2] sub edx,ecx mov ecx,edx cdq idiv ecx jmp short JUMP_006153 JUMP_006151: ; Pos = 57bbb movsx eax,word [esi] movsx edx,word [edi] sub eax,edx neg eax shl eax,0x10 movsx edx,word [esi+0x2] movsx ecx,word [edi+0x2] sub edx,ecx mov ecx,edx cdq idiv ecx neg eax jmp short JUMP_006153 JUMP_006152: ; Pos = 57bdb mov eax,0x7fffffff movsx edx,word [esi] movsx ecx,word [edi] sub edx,ecx jns JUMP_006153 add eax,byte +0x2 JUMP_006153: ; Pos = 57bed mov [ebp-0x4],eax movsx ebx,word [edi] shl ebx,0x10 cmp dword [ebp-0x4],byte +0x0 jl near JUMP_006159 cmp dword [ebp-0x4],0x10000 jg JUMP_006156 movsx eax,word [edi+0x2] mov edi,eax jmp short JUMP_006155 JUMP_006154: ; Pos = 57c11 mov eax,[ebp+0x10] push eax push byte +0x1 push edi mov eax,ebx sar eax,0x10 push eax call FUNC_001601_DrawHLine add esp,byte +0x10 add ebx,[ebp-0x4] inc edi JUMP_006155: ; Pos = 57c2a movsx eax,word [esi+0x2] cmp edi,eax jl JUMP_006154 mov eax,[ebp+0x10] push eax push byte +0x1 push edi movsx eax,word [esi] push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp JUMP_006165 JUMP_006156: ; Pos = 57c4a movsx eax,word [edi+0x2] mov edi,eax jmp short JUMP_006158 JUMP_006157: ; Pos = 57c52 mov edx,[ebp+0x10] push edx mov edx,[ebp-0x4] add edx,ebx sar edx,0x10 mov eax,ebx sar eax,0x10 sub edx,eax push edx push edi push eax call FUNC_001601_DrawHLine add esp,byte +0x10 add ebx,[ebp-0x4] inc edi JUMP_006158: ; Pos = 57c74 movsx eax,word [esi+0x2] cmp edi,eax jl JUMP_006157 mov edx,[ebp+0x10] push edx movsx edx,word [esi] mov eax,ebx sar eax,0x10 sub edx,eax inc edx push edx push edi push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp JUMP_006165 JUMP_006159: ; Pos = 57c9b cmp dword [ebp-0x4],0xffff0000 jl JUMP_006162 movsx eax,word [edi+0x2] mov edi,eax jmp short JUMP_006161 JUMP_006160: ; Pos = 57cac mov eax,[ebp+0x10] push eax push byte +0x1 push edi mov eax,ebx sar eax,0x10 push eax call FUNC_001601_DrawHLine add esp,byte +0x10 add ebx,[ebp-0x4] inc edi JUMP_006161: ; Pos = 57cc5 movsx eax,word [esi+0x2] cmp edi,eax jl JUMP_006160 mov eax,[ebp+0x10] push eax push byte +0x1 push edi movsx eax,word [esi] push eax call FUNC_001601_DrawHLine add esp,byte +0x10 jmp short JUMP_006165 JUMP_006162: ; Pos = 57ce2 mov eax,[ebp+0x10] push eax push byte +0x1 movsx eax,word [edi+0x2] push eax movsx eax,word [edi] push eax call FUNC_001601_DrawHLine add esp,byte +0x10 movsx eax,word [edi+0x2] inc eax mov edi,eax jmp short JUMP_006164 JUMP_006163: ; Pos = 57d02 mov edx,[ebp+0x10] push edx mov edx,ebx sar edx,0x10 mov eax,[ebp-0x4] add eax,ebx sar eax,0x10 sub edx,eax push edx push edi push eax call FUNC_001601_DrawHLine add esp,byte +0x10 add ebx,[ebp-0x4] inc edi JUMP_006164: ; Pos = 57d24 movsx eax,word [esi+0x2] cmp edi,eax jng JUMP_006163 JUMP_006165: ; Pos = 57d2c pop edi pop esi pop ebx pop ecx pop ebp ret ; void F1617 (void) ; Also enables mouse pointer as side effect FUNC_001617_BlitVidToBuf: ; Pos = 57d34 push byte 0x0 push dword 200 push dword 320 push byte 0x0 push byte 0x0 push dword [DATA_007773] call _VideoReverseBlit add esp, 0x18 cmp [ptrExclusive], dword 0 jz .end push dword _BufferBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword ptrSavedData call _BlitClipWrapper add esp, 0x1c .end: ret ; void F1618 (void) ; Clears buffer to [D9222] FUNC_001618_ClearUpperBuf: ; Pos = 57d88 push dword 0xc580 mov eax,[DATA_009222] push eax mov eax,[DATA_007773] push eax call _memset add esp,byte +0xc ret ; void F1619 (void) ; Clears buffer to zero FUNC_001619_ZeroUpperBuf: ; Pos = 57da4 push dword 0xc580 push byte +0x0 mov eax,[DATA_007773] push eax call _memset add esp,byte +0xc ret ; Bitmap *F1620 (int index) ; Returns pointer from D8240 FUNC_001620_BmpIndexToPtr: ; Pos = 57dbc push ebp mov ebp,esp mov eax,[ebp+0x8] mov eax,[eax*4+DATA_008240] pop ebp ret ; Bitmap *F1621 (int index, int xpos, int ypos) ; Returns bitmap pointer, clips to screen FUNC_001621_BlitIndexToBuf: ; Pos = 57dcc push ebp mov ebp,esp mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax push dword DATA_007773 call FUNC_001623_BlitIndex add esp,byte +0x10 pop ebp ret ; Bitmap *F1622 (int index, int xpos, int ypos, int xmin, int ymin, ; int xmax, int ymax) ; Returns bitmap pointer, clips to spec. coords FUNC_001622_BlitClipIndexToBuf: ; Pos = 57dec push ebp mov ebp,esp mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax push dword DATA_007773 call FUNC_001624_BlitClipIndex add esp,byte +0x20 pop ebp ret ; Bitmap *F1623 (Buffer *buf, int index, int xpos, int ypos) ; Returns bitmap pointer, clips to screen FUNC_001623_BlitIndex: ; Pos = 57e1c push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] inc dword [DATA_007786] mov eax,[ebp+0xc] push eax call FUNC_001620_BmpIndexToPtr pop ecx mov ebx,eax test esi,esi jz JUMP_006166 push byte -0x1 push byte -0x1 push byte +0x0 push byte +0x0 push ebx mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push esi call FUNC_001625_BlitClipInternal add esp,byte +0x20 JUMP_006166: ; Pos = 57e54 dec dword [DATA_007786] mov eax,ebx pop esi pop ebx pop ebp ret ; Bitmap *F1624 (Buffer *buf, int index, int xpos, int ypos, ; int xmin, int ymin, int xmax, int ymax) ; Returns bitmap pointer, clips to spec. coords FUNC_001624_BlitClipIndex: ; Pos = 57e60 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] inc dword [DATA_007786] mov eax,[ebp+0xc] push eax call FUNC_001620_BmpIndexToPtr pop ecx mov ebx,eax test esi,esi jz JUMP_006167 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax push ebx mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push esi call FUNC_001625_BlitClipInternal add esp,byte +0x20 JUMP_006167: ; Pos = 57ea0 dec dword [DATA_007786] mov eax,ebx pop esi pop ebx pop ebp ret FUNC_001625_BlitClipInternal: ; Pos = 57eac push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov edx,[ebp+0x14] mov ebx,[ebp+0x10] mov ecx,[ebp+0xc] mov eax,[ebp+0x8] lea esi,[edx+0x8] mov [ebp-0x4],esi mov esi,[eax] mov [ebp-0x8],esi movsx esi,word [edx+0x6] add ebx,esi sub ebx,[eax+0x8] movzx esi,byte [edx+0x1] mov [ebp-0xc],esi cmp dword [ebp+0x24],byte -0x1 jnz JUMP_006168 mov esi,[eax+0x10] mov [ebp+0x24],esi JUMP_006168: ; Pos = 57ee8 cmp dword [ebp+0x20],byte -0x1 jnz JUMP_006169 mov esi,[eax+0xc] mov [ebp+0x20],esi JUMP_006169: ; Pos = 57ef4 cmp ebx,[ebp+0x1c] jnl JUMP_006170 mov esi,ebx sub esi,[ebp+0x1c] add [ebp-0xc],esi cmp dword [ebp-0xc],byte +0x0 jng near JUMP_006174 movsx esi,word [edx+0x2] sub ebx,[ebp+0x1c] imul esi,ebx sub [ebp-0x4],esi mov ebx,[ebp+0x1c] JUMP_006170: ; Pos = 57f1b mov esi,[eax+0xc] add esi,[eax+0x14] imul esi,ebx add [ebp-0x8],esi mov esi,[ebp-0xc] add esi,ebx cmp esi,[ebp+0x24] jng JUMP_006171 mov esi,[ebp+0x24] sub esi,ebx mov [ebp-0xc],esi JUMP_006171: ; Pos = 57f39 cmp dword [ebp-0xc],byte +0x0 jng JUMP_006174 movsx ebx,word [edx+0x4] add ecx,ebx sub ecx,[eax+0x4] movsx ebx,word [edx+0x2] mov esi,ebx cmp ecx,[ebp+0x18] jnl JUMP_006172 mov edi,ecx sub edi,[ebp+0x18] add esi,edi test esi,esi jng JUMP_006174 sub ecx,[ebp+0x18] sub [ebp-0x4],ecx mov ecx,[ebp+0x18] JUMP_006172: ; Pos = 57f67 add [ebp-0x8],ecx lea edi,[esi+ecx] cmp edi,[ebp+0x20] jng JUMP_006173 mov esi,[ebp+0x20] sub esi,ecx test esi,esi jng JUMP_006174 JUMP_006173: ; Pos = 57f7b mov ecx,ebx add ecx,[eax+0x14] sub ecx,esi mov eax,[eax+0xc] sub eax,esi push edx push ecx push eax mov eax,[ebp-0xc] push eax push esi mov eax,[ebp-0x4] push eax mov eax,[ebp-0x8] push eax call FUNC_001626_BlitInternal add esp,byte +0x1c JUMP_006174: ; Pos = 57f9f pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001626_BlitInternal: ; Pos = 57fa8 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov eax,[ebp+0x20] test byte [eax],0x1 jnz JUMP_006176 JUMP_006175: ; Pos = 57fbf push edi push ebx push esi call _memcpy add esp,byte +0xc mov eax,[ebp+0x18] add eax,edi add esi,eax mov eax,[ebp+0x1c] add eax,edi add ebx,eax dec dword [ebp+0x14] mov eax,[ebp+0x14] test eax,eax jg JUMP_006175 jmp short JUMP_006180 JUMP_006176: ; Pos = 57fe4 mov edx,edi test edx,edx jng JUMP_006179 JUMP_006177: ; Pos = 57fea mov al,[ebx] inc ebx test al,al jz JUMP_006178 mov [es:esi],al JUMP_006178: ; Pos = 57ff3 inc esi dec edx test edx,edx jg JUMP_006177 JUMP_006179: ; Pos = 57ff9 add ebx,[ebp+0x1c] add esi,[ebp+0x18] dec dword [ebp+0x14] mov eax,[ebp+0x14] test eax,eax jg JUMP_006176 JUMP_006180: ; Pos = 58009 pop edi pop esi pop ebx pop ebp ret ; void F1627 (int x1, int y1, int x2, int y2, COLPAL col) ; Unclipped FUNC_001627_DrawBoxToBuf: ; Pos = 58010 push ebp mov ebp,esp push ebx push esi push edi mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ebx,edx shl ebx,0x6 lea ebx,[ebx+ebx*4] add ebx,[DATA_007773] add ebx,eax mov edi,[ebp+0x10] sub edi,eax inc edi mov esi,edx cmp esi,[ebp+0x14] jg JUMP_006182 JUMP_006181: ; Pos = 58039 push edi mov eax,[ebp+0x18] push eax push ebx call _memset add esp,byte +0xc add ebx,0x140 inc esi cmp esi,[ebp+0x14] jng JUMP_006181 JUMP_006182: ; Pos = 58053 pop edi pop esi pop ebx pop ebp ret ; void F1628 (int x1, int y1, int x2, int y2, COLPAL col) ; Unclipped. Skips pixels with value 0x28, 0x29, 0x2a, 0x2b FUNC_001628_DrawBoxToBufMasked: ; Pos = 58058 push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0x18] mov ecx,[ebp+0xc] mov edx,[ebp+0x8] mov eax,ecx shl eax,0x6 lea eax,[eax+eax*4] add eax,[DATA_007773] add eax,edx mov edi,[ebp+0x10] sub edi,edx inc edi mov edx,0x140 sub edx,edi mov [ebp-0x4],edx cmp ecx,[ebp+0x14] jg JUMP_006187 JUMP_006183: ; Pos = 5808d mov edx,edi test edx,edx jng JUMP_006186 JUMP_006184: ; Pos = 58093 movsx ebx,byte [eax] and ebx,byte -0x4 cmp ebx,byte +0x28 jz JUMP_006185 mov ebx,esi mov [eax],bl JUMP_006185: ; Pos = 580a2 inc eax dec edx test edx,edx jg JUMP_006184 JUMP_006186: ; Pos = 580a8 add eax,[ebp-0x4] inc ecx cmp ecx,[ebp+0x14] jng JUMP_006183 JUMP_006187: ; Pos = 580b1 pop edi pop esi pop ebx pop ecx pop ebp ret ; void F1629 (int xpos, int ypos, COLPAL col) FUNC_001629_DrawPixelToBuf: ; Pos = 580b8 push ebp mov ebp,esp mov eax,[ebp+0xc] shl eax,0x3 lea eax,[eax+eax*4] mov edx,[DATA_007773] lea eax,[edx+eax*8] mov edx,[ebp+0x8] mov cl,[ebp+0x10] mov [eax+edx],cl pop ebp ret SECTION .data ptrExclusive dd 0 ptrEnabled dd 0 ptrIndex dd -1 ptrWidth dd 0 ptrHeight dd 0 ptrData dd 0 ptrSavedData times 2048 db 0 ptrSavedX dd 0 ptrSavedY dd 0 ptrXOff dd 0 ptrYOff dd 0 SECTION .text ; void F1630 (void) ; Sets flags only, doesn't write pointer FUNC_001630_EnablePtr: ; Pos = 580d8 cmp dword [ptrIndex], -1 jz NEAR .noptrrefresh cmp dword [ptrEnabled], 1 jz NEAR .noptrrefresh mov dword [ptrEnabled], 1 cmp dword [ptrExclusive], 1 jz .exclusive call _VideoPointerEnable ret .exclusive: movzx eax, word [DATA_009208] mov [ptrSavedX], eax movzx eax, word [DATA_009209] mov [ptrSavedY], eax push dword _VideoReverseBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword ptrSavedData call _BlitClipWrapper add esp, 0x1c push dword _VideoMaskedBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword [ptrData] call _BlitClipWrapper add esp, 0x1c .noptrrefresh: ret ; void F1631 (void) ; Removes pointer from video memory FUNC_001631_DisablePtr: ; Pos = 580fc cmp dword [ptrEnabled], 0 jz .noptrrefresh mov dword [ptrEnabled], 0 cmp dword [ptrExclusive], 1 jz .exclusive call _VideoPointerDisable ret .exclusive: push dword _VideoBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword ptrSavedData call _BlitClipWrapper add esp, 0x1c .noptrrefresh: ret ; void F1632 (void) ; Updates input, moves pointer on video memory FUNC_001632_UpdatePtr: ; Pos = 5811c call FUNC_001635_CheckPtrExclusivity call near [DATA_007674] ; FUNC_001432_GuiProcessInput cmp dword [ptrExclusive], 1 jz .exclusive mov [DATA_009208], eax ret .exclusive: cmp dword [ptrEnabled], 0 jz NEAR .noptrrefresh cmp eax, [DATA_009208] jz NEAR .noptrrefresh mov [DATA_009208], eax push dword _VideoBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword ptrSavedData call _BlitClipWrapper add esp, 0x1c movzx eax, word [DATA_009208] mov [ptrSavedX], eax movzx eax, word [DATA_009209] mov [ptrSavedY], eax push dword _VideoReverseBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword ptrSavedData call _BlitClipWrapper add esp, 0x1c push dword _VideoMaskedBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword [ptrData] call _BlitClipWrapper add esp, 0x1c .noptrrefresh: ret FUNC_001635_CheckPtrExclusivity: call _VideoPointerExclusive cmp eax, [ptrExclusive] jz .end mov [ptrExclusive], eax call FUNC_001881_VideoBlitBuffer mov word [DATA_009208],0xa0 mov word [DATA_009209],0x64 cmp [ptrEnabled], dword 0 jz .end mov [ptrEnabled], dword 0 call FUNC_001630_EnablePtr .end: ret ; void F1636 (int index) ; Sets D7787 = index, calls disable/enable FUNC_001636_SetPtrImage: ; Pos = 58334 push ebp mov ebp, esp mov eax, [ebp+0x8] cmp eax, [ptrIndex] jz NEAR .sameindex mov [ptrIndex], eax call FUNC_001631_DisablePtr call _VideoPointerExclusive mov [ptrExclusive], eax push dword [ptrIndex] call FUNC_001620_BmpIndexToPtr pop ecx movzx edx, byte [eax+1] mov [ptrHeight], edx movzx edx, word [eax+2] mov [ptrWidth], edx movsx edx, word [eax+4] mov [ptrXOff], edx movsx edx, word [eax+6] mov [ptrYOff], edx lea edx, [eax+8] mov [ptrData], edx call FUNC_001630_EnablePtr .sameindex: pop ebp ret ; void F1637 (void) ; Updates input, updates pointer, ; sets dynamic palette, blits buffer to video FUNC_001637_FlipScreen: ; Pos = 58384 inc dword [flipCount] call FUNC_001578 mov eax,[DATA_009206] mov [DATA_009207],eax xor eax,eax mov [DATA_009206],eax call FUNC_001635_CheckPtrExclusivity call near [DATA_007674] ; FUNC_001432_GuiProcessInput mov [DATA_009208], eax cmp dword [ptrEnabled], 0 jz NEAR .noptrrefresh cmp dword [ptrExclusive], 0 jz NEAR .noptrrefresh movzx eax, word [DATA_009208] mov [ptrSavedX], eax movzx eax, word [DATA_009209] mov [ptrSavedY], eax push dword _BufferReverseBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword ptrSavedData call _BlitClipWrapper add esp, 0x1c push dword _BufferMaskedBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword [ptrData] call _BlitClipWrapper add esp, 0x1c call near [DATA_007633] ; FUNC_001331_DPalSet call FUNC_001881_VideoBlitBuffer push dword _BufferBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword ptrSavedData call _BlitClipWrapper add esp, 0x1c ret .noptrrefresh: call near [DATA_007633] ; FUNC_001331_DPalSet call FUNC_001881_VideoBlitBuffer ret ; void F1882 (void) ; Blits console to video memory, retaining pointer FUNC_001882_FlipScreenLow: ; Pos = 58384 inc dword [flipCount] cmp dword [ptrEnabled], 0 jz NEAR .noptrrefresh cmp dword [ptrExclusive], 0 jz NEAR .noptrrefresh mov eax, 158 sub eax, [ptrHeight] cmp [ptrSavedY], eax jl NEAR .noptrrefresh push dword _BufferReverseBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword ptrSavedData call _BlitClipWrapper add esp, 0x1c push dword _BufferMaskedBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword [ptrData] call _BlitClipWrapper add esp, 0x1c mov eax, 158*320 add eax, [DATA_007773] push byte 0x0 push dword 200-158 push dword 320 push dword 158 push byte 0x0 push eax call _VideoBlit add esp, 0x18 push dword _BufferBlit push dword 0 push dword [ptrHeight] push dword [ptrWidth] push dword [ptrSavedY] push dword [ptrSavedX] push dword ptrSavedData call _BlitClipWrapper add esp, 0x1c ret .noptrrefresh: mov eax, 158*320 add eax, [DATA_007773] push byte 0x0 push dword 200-158 push dword 320 push dword 158 push byte 0x0 push eax call _VideoBlit add esp, 0x18 ret FUNC_001881_VideoBlitBuffer: ; Pos = 6fc7a push byte 0x0 push dword 200 push dword 320 push byte 0x0 push byte 0x0 push dword [DATA_007773] call _VideoBlit add esp, 0x18 ret ; void _BufferBlit (void *pData, int xpos, int ypos, ; int width, int height, int jump) ; Blits stuff from pData to video memory _BufferBlit: ; Pos = 6fc7a push ebp mov ebp, esp push ebx push edi push esi xor edx, edx mov eax, 320 mov edi, [ebp+0x10] mul edi ; width+jump * ypos mov edi, [ebp+0xc] add edi, eax ; + xpos add edi, [DATA_007773] mov esi, [ebp+0x8] mov eax, 320 mov ebx, [ebp+0x1c] ; srcjump sub eax, [ebp+0x14] ; 320-width = destjump mov edx, [ebp+0x18] mov ecx, [ebp+0x14] ; Load width, height test edi, 3 ; Alignment tests jnz .nonaloop test esi, 3 jnz .nonaloop test ecx, 3 jnz .nonaloop shr ecx, 2 mov [ebp+0x14], ecx .aloop: rep movsd mov ecx, [ebp+0x14] add esi, ebx add edi, eax dec edx jnz .aloop jmp .end .nonaloop: rep movsb mov ecx, [ebp+0x14] add esi, ebx add edi, eax dec edx jnz .nonaloop .end: pop esi pop edi pop ebx pop ebp ret ; void _BufferMaskedBlit (void *pData, int xpos, int ypos, ; int width, int height, int jump) ; Blits stuff from pData to video memory _BufferMaskedBlit: ; Pos = 6fc7a push ebp mov ebp, esp push ebx push edi push esi xor edx, edx mov eax, 320 mov edi, [ebp+0x10] mul edi ; width+jump * ypos mov edi, [ebp+0xc] add edi, eax ; + xpos add edi, [DATA_007773] mov esi, [ebp+0x8] mov eax, 320 mov ebx, [ebp+0x1c] ; srcjump sub eax, [ebp+0x14] ; 320-width = destjump mov ecx, [ebp+0x14] ; Load width, height .lineloop: .pixelloop: mov dl, [esi] test dl, dl jz .masked mov [edi], dl .masked: inc esi inc edi dec ecx jnz .pixelloop mov ecx, [ebp+0x14] add esi, ebx add edi, eax mov edx, [ebp+0x18] dec edx mov [ebp+0x18], edx jnz .lineloop .end: pop esi pop edi pop ebx pop ebp ret ; void _BufferReverseBlit (void *pData, int xpos, int ypos, ; int width, int height, int jump) ; Blits stuff from video memory to pData _BufferReverseBlit: ; Pos = 6fc7a push ebp mov ebp, esp push ebx push edi push esi xor edx, edx mov eax, 320 mov esi, [ebp+0x10] mul esi ; width+jump * ypos mov esi, [ebp+0xc] add esi, eax ; + xpos add esi, [DATA_007773] mov edi, [ebp+0x8] mov ebx, 320 mov eax, [ebp+0x1c] ; destjump sub ebx, [ebp+0x14] ; 320-width = srcjump mov edx, [ebp+0x18] mov ecx, [ebp+0x14] ; Load width, height test edi, 3 ; Alignment tests jnz .nonaloop test esi, 3 jnz .nonaloop test ecx, 3 jnz .nonaloop shr ecx, 2 mov [ebp+0x14], ecx .aloop: rep movsd mov ecx, [ebp+0x14] add esi, ebx add edi, eax dec edx jnz .aloop jmp .end .nonaloop: rep movsb mov ecx, [ebp+0x14] add esi, ebx add edi, eax dec edx jnz .nonaloop .end: pop esi pop edi pop ebx pop ebp ret ; void F1638 (void) ; Sets video mode, low palette, pointer image, ; Clears buffer and video to zero FUNC_001638_VideoInit: ; Pos = 58424 call FUNC_001880_VideoInit dec byte [DATA_007790] push byte +0x0 call FUNC_001641_SetWholePalette pop ecx push byte +0x0 call FUNC_001636_SetPtrImage pop ecx call FUNC_001631_DisablePtr push byte +0x0 push dword 0xc7 push dword 0x13f push byte +0x0 push byte +0x0 call FUNC_001627_DrawBoxToBuf add esp,byte +0x14 call FUNC_001637_FlipScreen push byte +0x0 push dword 0xc7 push dword 0x13f push byte +0x0 push byte +0x0 call FUNC_001627_DrawBoxToBuf add esp,byte +0x14 ret ; void F1641 (int base) ; Sets all 256 palette values using [D7771], starting at base FUNC_001641_SetWholePalette: ; Pos = 58614 push ebx push esi push byte +0x1 call near [DATA_007630] ; FUNC_001328_DPalClear pop ecx mov ebx, DATA_007769 xor esi, esi .loop push ebx push esi call _VideoSetPalValue add esp, byte 0x8 add ebx, 3 inc esi cmp esi, 0x80 jl .loop pop esi pop ebx ret ; void F1642 (int side, P2D point1, P2D tex1, P2D point2, P2D tex2) ; [side*8+D9236] = t1.x << 0x10 ; [side*8+D9237] = t1.y << 0x10 ; [side*8+D9240] = (t2.x - t1.x << 0x10) / (p2.y - p1.y) ; [side*8+D9241] = (t2.y - t1.y << 0x10) / (p2.y - p1.y) ; [side*4+D9244] = p1.x << 0x10 ; [side*4+D9246] = (p2.x - p1.x << 0x10) / (p2.y - p1.y) FUNC_001642_GenerateTexSteps: ; Pos = 586c8 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x18] mov ebx,[ebp+0x10] mov edi,[ebp+0xc] mov eax,[ebp+0x14] movsx ecx,word [eax+0x2] movsx eax,word [edi+0x2] sub ecx,eax movsx eax,word [ebx] shl eax,0x10 mov edx,[ebp+0x8] mov [edx*8+DATA_009236],eax movsx eax,word [ebx+0x2] shl eax,0x10 mov edx,[ebp+0x8] mov [edx*8+DATA_009237],eax test ecx,ecx jz JUMP_006221 test ecx,ecx jnl JUMP_006219 movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx js JUMP_006218 movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx shl eax,0x10 mov edx,ecx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp short JUMP_006223 JUMP_006218: ; Pos = 58731 movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx shl eax,0x10 neg eax mov edx,ecx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_006223 JUMP_006219: ; Pos = 5874b movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx js JUMP_006220 movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx shl eax,0x10 cdq idiv ecx jmp short JUMP_006223 JUMP_006220: ; Pos = 58765 movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx neg eax shl eax,0x10 cdq idiv ecx neg eax jmp short JUMP_006223 JUMP_006221: ; Pos = 58779 movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx js JUMP_006222 mov eax,0x7fffffff jmp short JUMP_006223 JUMP_006222: ; Pos = 5878a mov eax,0x80000001 JUMP_006223: ; Pos = 5878f mov edx,[ebp+0x8] mov [edx*8+DATA_009240],eax test ecx,ecx jz near JUMP_006227 test ecx,ecx jnl JUMP_006225 movsx eax,word [esi+0x2] movsx edx,word [ebx+0x2] sub eax,edx js JUMP_006224 movsx eax,word [esi+0x2] movsx edx,word [ebx+0x2] sub eax,edx shl eax,0x10 mov edx,ecx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx neg eax jmp short JUMP_006229 JUMP_006224: ; Pos = 587c9 movsx eax,word [esi+0x2] movsx edx,word [ebx+0x2] sub eax,edx shl eax,0x10 neg eax mov edx,ecx neg edx push ecx mov ecx,edx cdq idiv ecx pop ecx jmp short JUMP_006229 JUMP_006225: ; Pos = 587e5 movsx eax,word [esi+0x2] movsx edx,word [ebx+0x2] sub eax,edx js JUMP_006226 movsx eax,word [esi+0x2] movsx edx,word [ebx+0x2] sub eax,edx shl eax,0x10 cdq idiv ecx jmp short JUMP_006229 JUMP_006226: ; Pos = 58803 movsx eax,word [esi+0x2] movsx edx,word [ebx+0x2] sub eax,edx neg eax shl eax,0x10 cdq idiv ecx neg eax jmp short JUMP_006229 JUMP_006227: ; Pos = 58819 movsx eax,word [esi+0x2] movsx edx,word [ebx+0x2] sub eax,edx js JUMP_006228 mov eax,0x7fffffff jmp short JUMP_006229 JUMP_006228: ; Pos = 5882c mov eax,0x80000001 JUMP_006229: ; Pos = 58831 mov edx,[ebp+0x8] mov [edx*8+DATA_009241],eax movsx eax,word [edi] shl eax,0x10 mov edx,[ebp+0x8] mov [edx*4+DATA_009244],eax test ecx,ecx jz near JUMP_006233 test ecx,ecx jnl JUMP_006231 mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [edi] sub eax,edx js JUMP_006230 mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [edi] sub eax,edx shl eax,0x10 mov edx,ecx neg edx mov ebx,edx cdq idiv ebx neg eax jmp short JUMP_006234 JUMP_006230: ; Pos = 5887b mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [edi] sub eax,edx shl eax,0x10 neg eax mov edx,ecx neg edx mov ebx,edx cdq idiv ebx jmp short JUMP_006234 JUMP_006231: ; Pos = 58896 mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [edi] sub eax,edx js JUMP_006232 mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [edi] sub eax,edx shl eax,0x10 cdq idiv ecx jmp short JUMP_006234 JUMP_006232: ; Pos = 588b6 mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [edi] sub eax,edx neg eax shl eax,0x10 cdq idiv ecx neg eax jmp short JUMP_006234 JUMP_006233: ; Pos = 588cd mov eax,0x7fffffff mov edx,[ebp+0x14] movsx edx,word [edx] movsx ecx,word [edi] sub edx,ecx jns JUMP_006234 add eax,byte +0x2 JUMP_006234: ; Pos = 588e2 mov edx,[ebp+0x8] mov [edx*4+DATA_009246],eax pop edi pop esi pop ebx pop ebp ret ; F1643 (int texindex) ; Selects one of four texmap funcs, trans/nontrans, 0x40/0x80 ; Sets [D9235] to texture data pointer FUNC_001643_SelectTexFunc: ; Pos = 588f4 push ebp mov ebp,esp mov eax,[ebp+0x8] push eax call FUNC_001620_BmpIndexToPtr pop ecx cmp word [eax+0x2],byte +0x40 jnz JUMP_006237 test byte [eax],0x1 jz JUMP_006235 mov dword [DATA_009250],FUNC_001651_Tex64Trans jmp short JUMP_006236 JUMP_006235: ; Pos = 58919 mov dword [DATA_009250],FUNC_001650_Tex64NonTrans JUMP_006236: ; Pos = 58923 mov dword [DATA_009249],DATA_007791 jmp short JUMP_006240 JUMP_006237: ; Pos = 5892f test byte [eax],0x1 jz JUMP_006238 mov dword [DATA_009250],FUNC_001653_Tex128Trans jmp short JUMP_006239 JUMP_006238: ; Pos = 58940 mov dword [DATA_009250],FUNC_001652_Tex128NonTrans JUMP_006239: ; Pos = 5894a mov dword [DATA_009249],DATA_007792 JUMP_006240: ; Pos = 58954 add eax,byte +0x8 mov [DATA_009235],eax pop ebp ret ; void F1644 (P2D p1, P2D p2, P2D p3, int tex) ; Sets u/v coords to fit points FUNC_001644_DrawTexTriangle: ; Pos = 58960 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x14] mov eax,ebx and eax,0xfff push eax call FUNC_001643_SelectTexFunc pop ecx push ebx mov eax,[DATA_009249] mov edx,eax add edx,byte +0x8 push edx mov edx,eax add edx,byte +0x4 push edx push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001645_DrawTexTriangleDet add esp,byte +0x1c pop ebx pop ebp ret ; void F1645 (P2D p1, P2D p2, P2D p3, P2D t1, P2D t2, P2D t3, int tex) ; Specified texture coords FUNC_001645_DrawTexTriangleDet: ; Pos = 589a0 push ebp mov ebp,esp mov eax,[ebp+0x20] and eax,0xfff push eax call FUNC_001643_SelectTexFunc pop ecx mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001646_DrawTexTriangleInternal add esp,byte +0x18 pop ebp ret ; void F1646 (P2D p1, P2D p2, P2D p3, P2D t1, P2D t2, P2D t3) ; Specified texture coords FUNC_001646_DrawTexTriangleInternal: ; Pos = 589d4 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x10] mov edi,[ebp+0xc] mov ebx,[ebp+0x8] jmp short JUMP_006242 JUMP_006241: ; Pos = 589e5 mov eax,ebx mov ebx,edi mov edi,esi mov esi,eax mov eax,[ebp+0x14] mov edx,[ebp+0x18] mov [ebp+0x14],edx mov edx,[ebp+0x1c] mov [ebp+0x18],edx mov [ebp+0x1c],eax JUMP_006242: ; Pos = 589ff mov ax,[ebx+0x2] cmp ax,[edi+0x2] jg JUMP_006241 cmp ax,[esi+0x2] jg JUMP_006241 mov eax,[ebp+0x18] push eax push edi mov eax,[ebp+0x14] push eax push ebx push byte +0x0 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 mov eax,[ebp+0x1c] push eax push esi mov eax,[ebp+0x14] push eax push ebx push byte +0x1 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 movsx eax,word [ebx+0x2] mov [DATA_009248],eax inc dword [DATA_007786] mov ax,[edi+0x2] cmp ax,[esi+0x2] jnl JUMP_006243 movsx eax,ax movsx edx,word [ebx+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx mov eax,[ebp+0x1c] push eax push esi mov eax,[ebp+0x18] push eax push edi push byte +0x0 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 movsx eax,word [esi+0x2] movsx edx,word [edi+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx jmp short JUMP_006244 JUMP_006243: ; Pos = 58a89 movsx eax,word [esi+0x2] movsx edx,word [ebx+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx mov eax,[ebp+0x18] push eax push edi mov eax,[ebp+0x1c] push eax push esi push byte +0x1 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 movsx eax,word [edi+0x2] movsx edx,word [esi+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx JUMP_006244: ; Pos = 58ac1 dec dword [DATA_007786] pop edi pop esi pop ebx pop ebp ret ; void F1647 (P2D p1, P2D p2, P2D p3, P2D p4, int tex) ; Tex coords set to edges FUNC_001647_DrawTexQuad: ; Pos = 58acc push ebp mov ebp,esp push ebx mov ebx,[ebp+0x18] mov eax,ebx and eax,0xfff push eax call FUNC_001643_SelectTexFunc pop ecx sar ebx,0xc and ebx,byte +0x7 cmp ebx,byte +0x7 ja near JUMP_006253 jmp near [ebx*4+DATA_000047] SECTION .data DATA_000047: ; Pos = 58af7 dd JUMP_006245 dd JUMP_006246 dd JUMP_006247 dd JUMP_006248 dd JUMP_006249 dd JUMP_006250 dd JUMP_006251 dd JUMP_006252 SECTION .text JUMP_006245: ; Pos = 58b17 mov eax,[DATA_009249] mov edx,eax add edx,byte +0x8 push edx mov edx,eax add edx,byte +0xc push edx mov edx,eax add edx,byte +0x4 push edx push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001649_DrawTexQuadInternal add esp,byte +0x20 pop ebx pop ebp ret JUMP_006246: ; Pos = 58b4a mov eax,[DATA_009249] push eax mov edx,eax add edx,byte +0x8 push edx mov edx,eax add edx,byte +0xc push edx add eax,byte +0x4 push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001649_DrawTexQuadInternal add esp,byte +0x20 pop ebx pop ebp ret JUMP_006247: ; Pos = 58b7b mov eax,[DATA_009249] mov edx,eax add edx,byte +0x4 push edx push eax mov edx,eax add edx,byte +0x8 push edx add eax,byte +0xc push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001649_DrawTexQuadInternal add esp,byte +0x20 pop ebx pop ebp ret JUMP_006248: ; Pos = 58bac mov eax,[DATA_009249] mov edx,eax add edx,byte +0xc push edx mov edx,eax add edx,byte +0x4 push edx push eax add eax,byte +0x8 push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001649_DrawTexQuadInternal add esp,byte +0x20 pop ebx pop ebp ret JUMP_006249: ; Pos = 58bdd mov eax,[DATA_009249] mov edx,eax add edx,byte +0x4 push edx mov edx,eax add edx,byte +0xc push edx mov edx,eax add edx,byte +0x8 push edx push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001649_DrawTexQuadInternal add esp,byte +0x20 pop ebx pop ebp ret JUMP_006250: ; Pos = 58c10 mov eax,[DATA_009249] push eax mov edx,eax add edx,byte +0x4 push edx mov edx,eax add edx,byte +0xc push edx add eax,byte +0x8 push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001649_DrawTexQuadInternal add esp,byte +0x20 pop ebx pop ebp ret JUMP_006251: ; Pos = 58c41 mov eax,[DATA_009249] mov edx,eax add edx,byte +0x8 push edx push eax mov edx,eax add edx,byte +0x4 push edx add eax,byte +0xc push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001649_DrawTexQuadInternal add esp,byte +0x20 pop ebx pop ebp ret JUMP_006252: ; Pos = 58c72 mov eax,[DATA_009249] mov edx,eax add edx,byte +0xc push edx mov edx,eax add edx,byte +0x8 push edx push eax add eax,byte +0x4 push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001649_DrawTexQuadInternal add esp,byte +0x20 JUMP_006253: ; Pos = 58ca0 pop ebx pop ebp ret ; void F1648 (P2D p1, P2D p2, P2D p3, P2D p4, ; P2D t1, P2D t2, P2D t3, P2D t4, int tex) ; Specified texture coords FUNC_001648_DrawTexQuadDet: ; Pos = 58ca4 push ebp mov ebp,esp mov eax,[ebp+0x28] and eax,0xfff push eax call FUNC_001643_SelectTexFunc pop ecx mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001649_DrawTexQuadInternal add esp,byte +0x20 pop ebp ret ; void F1649 (P2D p1, P2D p2, P2D p3, P2D p4, ; P2D t1, P2D t2, P2D t3, P2D t4) FUNC_001649_DrawTexQuadInternal: ; Pos = 58ce0 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x10] mov edi,[ebp+0xc] mov ebx,[ebp+0x8] jmp short JUMP_006255 JUMP_006254: ; Pos = 58cf1 mov eax,ebx mov ebx,edi mov edi,esi mov esi,[ebp+0x14] mov [ebp+0x14],eax mov eax,[ebp+0x18] mov edx,[ebp+0x1c] mov [ebp+0x18],edx mov edx,[ebp+0x20] mov [ebp+0x1c],edx mov edx,[ebp+0x24] mov [ebp+0x20],edx mov [ebp+0x24],eax JUMP_006255: ; Pos = 58d15 mov ax,[ebx+0x2] cmp ax,[edi+0x2] jg JUMP_006254 cmp ax,[esi+0x2] jg JUMP_006254 mov edx,[ebp+0x14] cmp ax,[edx+0x2] jg JUMP_006254 mov eax,[ebp+0x1c] push eax push edi mov eax,[ebp+0x18] push eax push ebx push byte +0x0 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x18] push eax push ebx push byte +0x1 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 movsx eax,word [ebx+0x2] mov [DATA_009248],eax inc dword [DATA_007786] mov edx,[ebp+0x14] mov dx,[edx+0x2] mov ax,[edi+0x2] cmp dx,ax jng near JUMP_006257 movsx eax,ax movsx edx,word [ebx+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0x1c] push eax push edi push byte +0x0 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 mov edx,[ebp+0x14] mov dx,[edx+0x2] mov ax,[esi+0x2] cmp dx,ax jng JUMP_006256 movsx eax,ax movsx edx,word [edi+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx mov eax,[ebp+0x24] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x20] push eax push esi push byte +0x0 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 mov eax,[ebp+0x14] movsx eax,word [eax+0x2] movsx edx,word [esi+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx jmp JUMP_006259 JUMP_006256: ; Pos = 58df3 mov eax,[ebp+0x14] movsx eax,word [eax+0x2] movsx edx,word [edi+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0x24] push eax mov eax,[ebp+0x14] push eax push byte +0x1 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 movsx eax,word [esi+0x2] mov edx,[ebp+0x14] movsx edx,word [edx+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx jmp JUMP_006259 JUMP_006257: ; Pos = 58e39 mov eax,[ebp+0x14] movsx eax,word [eax+0x2] movsx edx,word [ebx+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0x24] push eax mov eax,[ebp+0x14] push eax push byte +0x1 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 mov ax,[edi+0x2] cmp ax,[esi+0x2] jnl JUMP_006258 movsx eax,ax mov edx,[ebp+0x14] movsx edx,word [edx+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0x1c] push eax push edi push byte +0x0 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 movsx eax,word [esi+0x2] movsx edx,word [edi+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx jmp short JUMP_006259 JUMP_006258: ; Pos = 58eab movsx eax,word [esi+0x2] mov edx,[ebp+0x14] movsx edx,word [edx+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx mov eax,[ebp+0x1c] push eax push edi mov eax,[ebp+0x20] push eax push esi push byte +0x1 call FUNC_001642_GenerateTexSteps add esp,byte +0x14 movsx eax,word [edi+0x2] movsx edx,word [esi+0x2] sub eax,edx push eax call near [DATA_009250] pop ecx JUMP_006259: ; Pos = 58ee6 dec dword [DATA_007786] pop edi pop esi pop ebx pop ebp ret FUNC_001650_Tex64NonTrans: ; Pos = 58ef4 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi cmp dword [ebp+0x8],byte +0x0 jng JUMP_006260 cmp dword [DATA_009248],0x9e jnl JUMP_006260 mov eax,[DATA_009248] add eax,[ebp+0x8] test eax,eax jg JUMP_006261 JUMP_006260: ; Pos = 58f1b mov eax,[ebp+0x8] imul dword [DATA_009246] add [DATA_009244],eax mov eax,[ebp+0x8] imul dword [DATA_009240] add [DATA_009236],eax mov eax,[ebp+0x8] imul dword [DATA_009241] add [DATA_009237],eax mov eax,[ebp+0x8] imul dword [DATA_009247] add [DATA_009245],eax mov eax,[ebp+0x8] imul dword [DATA_009242] add [DATA_009238],eax mov eax,[ebp+0x8] imul dword [DATA_009243] add [DATA_009239],eax mov eax,[ebp+0x8] add [DATA_009248],eax jmp near JUMP_006275 JUMP_006261: ; Pos = 58f83 mov eax,[DATA_009248] test eax,eax jnl JUMP_006262 mov edx,[DATA_009246] imul edx,eax sub [DATA_009244],edx mov edx,eax neg edx mov ecx,edx imul ecx,[DATA_009240] add [DATA_009236],ecx mov ecx,[DATA_009248] neg ecx mov ecx,edx imul ecx,[DATA_009241] add [DATA_009237],ecx mov ecx,[DATA_009247] imul ecx,eax sub [DATA_009245],ecx mov ecx,[DATA_009248] neg ecx mov ecx,edx imul ecx,[DATA_009242] add [DATA_009238],ecx mov ecx,[DATA_009248] neg ecx imul edx,[DATA_009243] add [DATA_009239],edx add [ebp+0x8],eax xor eax,eax mov [DATA_009248],eax JUMP_006262: ; Pos = 5900a cmp dword [ebp+0x8],byte +0x0 jz near JUMP_006274 JUMP_006263: ; Pos = 59014 cmp dword [DATA_009248],0x9e jnl near JUMP_006274 mov eax,[DATA_009244] mov edx,[DATA_009245] cmp eax,edx jnl JUMP_006264 sar eax,0x10 mov [ebp-0xc],eax mov esi,[DATA_009236] mov edi,[DATA_009237] sar edx,0x10 mov [ebp-0x10],edx mov eax,[DATA_009238] mov edx,[DATA_009239] mov [ebp-0x14],edx jmp short JUMP_006265 JUMP_006264: ; Pos = 5905b sar edx,0x10 mov [ebp-0xc],edx mov esi,[DATA_009238] mov edi,[DATA_009239] sar eax,0x10 mov [ebp-0x10],eax mov eax,[DATA_009236] mov edx,[DATA_009237] mov [ebp-0x14],edx JUMP_006265: ; Pos = 59081 mov ebx,[ebp-0x10] sub ebx,[ebp-0xc] cmp dword [ebp-0xc],0x140 jnl near JUMP_006273 cmp dword [ebp-0x10],byte +0x0 jng near JUMP_006273 test ebx,ebx jng near JUMP_006273 sub eax,esi mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jng JUMP_006266 mov eax,[ebp-0x4] cdq idiv ebx mov [ebp-0x4],eax jmp short JUMP_006267 JUMP_006266: ; Pos = 590bc mov eax,[ebp-0x4] neg eax cdq idiv ebx neg eax mov [ebp-0x4],eax JUMP_006267: ; Pos = 590c9 mov eax,[ebp-0x14] sub eax,edi mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jng JUMP_006268 mov eax,[ebp-0x8] cdq idiv ebx mov [ebp-0x8],eax jmp short JUMP_006269 JUMP_006268: ; Pos = 590e2 mov eax,[ebp-0x8] neg eax cdq idiv ebx neg eax mov [ebp-0x8],eax JUMP_006269: ; Pos = 590ef cmp dword [ebp-0xc],byte +0x0 jnl JUMP_006270 mov eax,[ebp-0xc] imul dword [ebp-0x4] sub esi,eax mov eax,[ebp-0xc] imul dword [ebp-0x8] sub edi,eax add ebx,[ebp-0xc] xor eax,eax mov [ebp-0xc],eax JUMP_006270: ; Pos = 5910d cmp dword [ebp-0x10],0x140 jng JUMP_006271 mov ebx,0x140 sub ebx,[ebp-0xc] JUMP_006271: ; Pos = 5911e mov eax,[DATA_009248] shl eax,0x6 lea eax,[eax+eax*4] add eax,[DATA_007773] add eax,[ebp-0xc] test ebx,ebx jng JUMP_006273 JUMP_006272: ; Pos = 59136 mov edx,esi sar edx,0x10 mov ecx,[DATA_009235] lea ecx,[ecx+edx] mov edx,edi sar edx,0xa and edx,byte -0x40 mov dl,[ecx+edx] and edx,0xff mov dl,[edx+DATA_009252] mov [eax],dl inc eax add esi,[ebp-0x4] add edi,[ebp-0x8] dec ebx jnz JUMP_006272 JUMP_006273: ; Pos = 59167 mov eax,[DATA_009246] add [DATA_009244],eax mov eax,[DATA_009247] add [DATA_009245],eax mov eax,[DATA_009240] add [DATA_009236],eax mov eax,[DATA_009241] add [DATA_009237],eax mov eax,[DATA_009242] add [DATA_009238],eax mov eax,[DATA_009243] add [DATA_009239],eax inc dword [DATA_009248] dec dword [ebp+0x8] cmp dword [ebp+0x8],byte +0x0 jnz near JUMP_006263 JUMP_006274: ; Pos = 591bc cmp dword [ebp+0x8],byte +0x0 jng JUMP_006275 mov eax,[ebp+0x8] imul dword [DATA_009246] add [DATA_009244],eax mov eax,[ebp+0x8] imul dword [DATA_009240] add [DATA_009236],eax mov eax,[ebp+0x8] imul dword [DATA_009241] add [DATA_009237],eax mov eax,[ebp+0x8] imul dword [DATA_009247] add [DATA_009245],eax mov eax,[ebp+0x8] imul dword [DATA_009242] add [DATA_009238],eax mov eax,[ebp+0x8] imul dword [DATA_009243] add [DATA_009239],eax mov eax,[ebp+0x8] add [DATA_009248],eax JUMP_006275: ; Pos = 59225 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001651_Tex64Trans: ; Pos = 5922c push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi cmp dword [ebp+0x8],byte +0x0 jng JUMP_006276 cmp dword [DATA_009248],0x9e jnl JUMP_006276 mov eax,[DATA_009248] add eax,[ebp+0x8] test eax,eax jg JUMP_006277 JUMP_006276: ; Pos = 59253 mov eax,[ebp+0x8] imul dword [DATA_009246] add [DATA_009244],eax mov eax,[ebp+0x8] imul dword [DATA_009240] add [DATA_009236],eax mov eax,[ebp+0x8] imul dword [DATA_009241] add [DATA_009237],eax mov eax,[ebp+0x8] imul dword [DATA_009247] add [DATA_009245],eax mov eax,[ebp+0x8] imul dword [DATA_009242] add [DATA_009238],eax mov eax,[ebp+0x8] imul dword [DATA_009243] add [DATA_009239],eax mov eax,[ebp+0x8] add [DATA_009248],eax jmp JUMP_006292 JUMP_006277: ; Pos = 592bb mov eax,[DATA_009248] test eax,eax jnl near JUMP_006278 mov edx,[DATA_009246] imul edx,eax sub [DATA_009244],edx mov edx,eax neg edx mov ecx,edx imul ecx,[DATA_009240] add [DATA_009236],ecx mov ecx,[DATA_009248] neg ecx mov ecx,edx imul ecx,[DATA_009241] add [DATA_009237],ecx mov ecx,[DATA_009247] imul ecx,eax sub [DATA_009245],ecx mov ecx,[DATA_009248] neg ecx mov ecx,edx imul ecx,[DATA_009242] add [DATA_009238],ecx mov ecx,[DATA_009248] neg ecx imul edx,[DATA_009243] add [DATA_009239],edx add [ebp+0x8],eax xor eax,eax mov [DATA_009248],eax JUMP_006278: ; Pos = 59342 cmp dword [ebp+0x8],byte +0x0 jz near JUMP_006291 JUMP_006279: ; Pos = 5934c cmp dword [DATA_009248],0x9e jnl near JUMP_006291 mov eax,[DATA_009244] mov edx,[DATA_009245] cmp eax,edx jnl JUMP_006280 sar eax,0x10 mov [ebp-0xc],eax mov esi,[DATA_009236] mov edi,[DATA_009237] sar edx,0x10 mov [ebp-0x10],edx mov eax,[DATA_009238] mov edx,[DATA_009239] mov [ebp-0x14],edx jmp short JUMP_006281 JUMP_006280: ; Pos = 59393 sar edx,0x10 mov [ebp-0xc],edx mov esi,[DATA_009238] mov edi,[DATA_009239] sar eax,0x10 mov [ebp-0x10],eax mov eax,[DATA_009236] mov edx,[DATA_009237] mov [ebp-0x14],edx JUMP_006281: ; Pos = 593b9 mov ebx,[ebp-0x10] sub ebx,[ebp-0xc] cmp dword [ebp-0xc],0x140 jnl near JUMP_006290 cmp dword [ebp-0x10],byte +0x0 jng near JUMP_006290 test ebx,ebx jng near JUMP_006290 sub eax,esi mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jng JUMP_006282 mov eax,[ebp-0x4] cdq idiv ebx mov [ebp-0x4],eax jmp short JUMP_006283 JUMP_006282: ; Pos = 593f4 mov eax,[ebp-0x4] neg eax cdq idiv ebx neg eax mov [ebp-0x4],eax JUMP_006283: ; Pos = 59401 mov eax,[ebp-0x14] sub eax,edi mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jng JUMP_006284 mov eax,[ebp-0x8] cdq idiv ebx mov [ebp-0x8],eax jmp short JUMP_006285 JUMP_006284: ; Pos = 5941a mov eax,[ebp-0x8] neg eax cdq idiv ebx neg eax mov [ebp-0x8],eax JUMP_006285: ; Pos = 59427 cmp dword [ebp-0xc],byte +0x0 jnl JUMP_006286 mov eax,[ebp-0xc] imul dword [ebp-0x4] sub esi,eax mov eax,[ebp-0xc] imul dword [ebp-0x8] sub edi,eax add ebx,[ebp-0xc] xor eax,eax mov [ebp-0xc],eax JUMP_006286: ; Pos = 59445 cmp dword [ebp-0x10],0x140 jng JUMP_006287 mov ebx,0x140 sub ebx,[ebp-0xc] JUMP_006287: ; Pos = 59456 mov eax,[DATA_009248] shl eax,0x6 lea eax,[eax+eax*4] add eax,[DATA_007773] add eax,[ebp-0xc] test ebx,ebx jng JUMP_006290 JUMP_006288: ; Pos = 5946e mov edx,esi sar edx,0x10 mov ecx,[DATA_009235] lea ecx,[ecx+edx] mov edx,edi sar edx,0xa and edx,byte -0x40 mov dl,[ecx+edx] test dl,dl jz JUMP_006289 and edx,0xff mov dl,[edx+DATA_009252] mov [eax],dl JUMP_006289: ; Pos = 59499 inc eax add esi,[ebp-0x4] add edi,[ebp-0x8] dec ebx jnz JUMP_006288 JUMP_006290: ; Pos = 594a3 mov eax,[DATA_009246] add [DATA_009244],eax mov eax,[DATA_009247] add [DATA_009245],eax mov eax,[DATA_009240] add [DATA_009236],eax mov eax,[DATA_009241] add [DATA_009237],eax mov eax,[DATA_009242] add [DATA_009238],eax mov eax,[DATA_009243] add [DATA_009239],eax inc dword [DATA_009248] dec dword [ebp+0x8] cmp dword [ebp+0x8],byte +0x0 jnz near JUMP_006279 JUMP_006291: ; Pos = 594f8 cmp dword [ebp+0x8],byte +0x0 jng JUMP_006292 mov eax,[ebp+0x8] imul dword [DATA_009246] add [DATA_009244],eax mov eax,[ebp+0x8] imul dword [DATA_009240] add [DATA_009236],eax mov eax,[ebp+0x8] imul dword [DATA_009241] add [DATA_009237],eax mov eax,[ebp+0x8] imul dword [DATA_009247] add [DATA_009245],eax mov eax,[ebp+0x8] imul dword [DATA_009242] add [DATA_009238],eax mov eax,[ebp+0x8] imul dword [DATA_009243] add [DATA_009239],eax mov eax,[ebp+0x8] add [DATA_009248],eax JUMP_006292: ; Pos = 59561 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001652_Tex128NonTrans: ; Pos = 59568 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi cmp dword [ebp+0x8],byte +0x0 jng JUMP_006293 cmp dword [DATA_009248],0x9e jnl JUMP_006293 mov eax,[DATA_009248] add eax,[ebp+0x8] test eax,eax jg JUMP_006294 JUMP_006293: ; Pos = 5958f mov eax,[ebp+0x8] imul dword [DATA_009246] add [DATA_009244],eax mov eax,[ebp+0x8] imul dword [DATA_009240] add [DATA_009236],eax mov eax,[ebp+0x8] imul dword [DATA_009241] add [DATA_009237],eax mov eax,[ebp+0x8] imul dword [DATA_009247] add [DATA_009245],eax mov eax,[ebp+0x8] imul dword [DATA_009242] add [DATA_009238],eax mov eax,[ebp+0x8] imul dword [DATA_009243] add [DATA_009239],eax mov eax,[ebp+0x8] add [DATA_009248],eax jmp JUMP_006308 JUMP_006294: ; Pos = 595f7 mov eax,[DATA_009248] test eax,eax jnl near JUMP_006295 mov edx,[DATA_009246] imul edx,eax sub [DATA_009244],edx mov edx,eax neg edx mov ecx,edx imul ecx,[DATA_009240] add [DATA_009236],ecx mov ecx,[DATA_009248] neg ecx mov ecx,edx imul ecx,[DATA_009241] add [DATA_009237],ecx mov ecx,[DATA_009247] imul ecx,eax sub [DATA_009245],ecx mov ecx,[DATA_009248] neg ecx mov ecx,edx imul ecx,[DATA_009242] add [DATA_009238],ecx mov ecx,[DATA_009248] neg ecx imul edx,[DATA_009243] add [DATA_009239],edx add [ebp+0x8],eax xor eax,eax mov [DATA_009248],eax JUMP_006295: ; Pos = 5967e cmp dword [ebp+0x8],byte +0x0 jz near JUMP_006307 JUMP_006296: ; Pos = 59688 cmp dword [DATA_009248],0x9e jnl near JUMP_006307 mov eax,[DATA_009244] mov edx,[DATA_009245] cmp eax,edx jnl JUMP_006297 sar eax,0x10 mov [ebp-0xc],eax mov esi,[DATA_009236] mov edi,[DATA_009237] sar edx,0x10 mov [ebp-0x10],edx mov eax,[DATA_009238] mov edx,[DATA_009239] mov [ebp-0x14],edx jmp short JUMP_006298 JUMP_006297: ; Pos = 596cf sar edx,0x10 mov [ebp-0xc],edx mov esi,[DATA_009238] mov edi,[DATA_009239] sar eax,0x10 mov [ebp-0x10],eax mov eax,[DATA_009236] mov edx,[DATA_009237] mov [ebp-0x14],edx JUMP_006298: ; Pos = 596f5 mov ebx,[ebp-0x10] sub ebx,[ebp-0xc] cmp dword [ebp-0xc],0x140 jnl near JUMP_006306 cmp dword [ebp-0x10],byte +0x0 jng near JUMP_006306 test ebx,ebx jng near JUMP_006306 sub eax,esi mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jng JUMP_006299 mov eax,[ebp-0x4] cdq idiv ebx mov [ebp-0x4],eax jmp short JUMP_006300 JUMP_006299: ; Pos = 59730 mov eax,[ebp-0x4] neg eax cdq idiv ebx neg eax mov [ebp-0x4],eax JUMP_006300: ; Pos = 5973d mov eax,[ebp-0x14] sub eax,edi mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jng JUMP_006301 mov eax,[ebp-0x8] cdq idiv ebx mov [ebp-0x8],eax jmp short JUMP_006302 JUMP_006301: ; Pos = 59756 mov eax,[ebp-0x8] neg eax cdq idiv ebx neg eax mov [ebp-0x8],eax JUMP_006302: ; Pos = 59763 cmp dword [ebp-0xc],byte +0x0 jnl JUMP_006303 mov eax,[ebp-0xc] imul dword [ebp-0x4] sub esi,eax mov eax,[ebp-0xc] imul dword [ebp-0x8] sub edi,eax add ebx,[ebp-0xc] xor eax,eax mov [ebp-0xc],eax JUMP_006303: ; Pos = 59781 cmp dword [ebp-0x10],0x140 jng JUMP_006304 mov ebx,0x140 sub ebx,[ebp-0xc] JUMP_006304: ; Pos = 59792 mov eax,[DATA_009248] shl eax,0x6 lea eax,[eax+eax*4] add eax,[DATA_007773] add eax,[ebp-0xc] test ebx,ebx jng JUMP_006306 JUMP_006305: ; Pos = 597aa mov edx,esi sar edx,0x10 mov ecx,[DATA_009235] lea ecx,[ecx+edx] mov edx,edi sar edx,0x9 and edx,byte -0x80 mov dl,[ecx+edx] and edx,0xff mov dl,[edx+DATA_009252] mov [eax],dl inc eax add esi,[ebp-0x4] add edi,[ebp-0x8] dec ebx jnz JUMP_006305 JUMP_006306: ; Pos = 597db mov eax,[DATA_009246] add [DATA_009244],eax mov eax,[DATA_009247] add [DATA_009245],eax mov eax,[DATA_009240] add [DATA_009236],eax mov eax,[DATA_009241] add [DATA_009237],eax mov eax,[DATA_009242] add [DATA_009238],eax mov eax,[DATA_009243] add [DATA_009239],eax inc dword [DATA_009248] dec dword [ebp+0x8] cmp dword [ebp+0x8],byte +0x0 jnz near JUMP_006296 JUMP_006307: ; Pos = 59830 cmp dword [ebp+0x8],byte +0x0 jng JUMP_006308 mov eax,[ebp+0x8] imul dword [DATA_009246] add [DATA_009244],eax mov eax,[ebp+0x8] imul dword [DATA_009240] add [DATA_009236],eax mov eax,[ebp+0x8] imul dword [DATA_009241] add [DATA_009237],eax mov eax,[ebp+0x8] imul dword [DATA_009247] add [DATA_009245],eax mov eax,[ebp+0x8] imul dword [DATA_009242] add [DATA_009238],eax mov eax,[ebp+0x8] imul dword [DATA_009243] add [DATA_009239],eax mov eax,[ebp+0x8] add [DATA_009248],eax JUMP_006308: ; Pos = 59899 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001653_Tex128Trans: ; Pos = 598a0 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi cmp dword [ebp+0x8],byte +0x0 jng JUMP_006309 cmp dword [DATA_009248],0x9e jnl JUMP_006309 mov eax,[DATA_009248] add eax,[ebp+0x8] test eax,eax jg JUMP_006310 JUMP_006309: ; Pos = 598c7 mov eax,[ebp+0x8] imul dword [DATA_009246] add [DATA_009244],eax mov eax,[ebp+0x8] imul dword [DATA_009240] add [DATA_009236],eax mov eax,[ebp+0x8] imul dword [DATA_009241] add [DATA_009237],eax mov eax,[ebp+0x8] imul dword [DATA_009247] add [DATA_009245],eax mov eax,[ebp+0x8] imul dword [DATA_009242] add [DATA_009238],eax mov eax,[ebp+0x8] imul dword [DATA_009243] add [DATA_009239],eax mov eax,[ebp+0x8] add [DATA_009248],eax jmp JUMP_006325 JUMP_006310: ; Pos = 5992f mov eax,[DATA_009248] test eax,eax jnl near JUMP_006311 mov edx,[DATA_009246] imul edx,eax sub [DATA_009244],edx mov edx,eax neg edx mov ecx,edx imul ecx,[DATA_009240] add [DATA_009236],ecx mov ecx,[DATA_009248] neg ecx mov ecx,edx imul ecx,[DATA_009241] add [DATA_009237],ecx mov ecx,[DATA_009247] imul ecx,eax sub [DATA_009245],ecx mov ecx,[DATA_009248] neg ecx mov ecx,edx imul ecx,[DATA_009242] add [DATA_009238],ecx mov ecx,[DATA_009248] neg ecx imul edx,[DATA_009243] add [DATA_009239],edx add [ebp+0x8],eax xor eax,eax mov [DATA_009248],eax JUMP_006311: ; Pos = 599b6 cmp dword [ebp+0x8],byte +0x0 jz near JUMP_006324 JUMP_006312: ; Pos = 599c0 cmp dword [DATA_009248],0x9e jnl near JUMP_006324 mov eax,[DATA_009244] mov edx,[DATA_009245] cmp eax,edx jnl JUMP_006313 sar eax,0x10 mov [ebp-0xc],eax mov esi,[DATA_009236] mov edi,[DATA_009237] sar edx,0x10 mov [ebp-0x10],edx mov eax,[DATA_009238] mov edx,[DATA_009239] mov [ebp-0x14],edx jmp short JUMP_006314 JUMP_006313: ; Pos = 59a07 sar edx,0x10 mov [ebp-0xc],edx mov esi,[DATA_009238] mov edi,[DATA_009239] sar eax,0x10 mov [ebp-0x10],eax mov eax,[DATA_009236] mov edx,[DATA_009237] mov [ebp-0x14],edx JUMP_006314: ; Pos = 59a2d mov ebx,[ebp-0x10] sub ebx,[ebp-0xc] cmp dword [ebp-0xc],0x140 jnl near JUMP_006323 cmp dword [ebp-0x10],byte +0x0 jng near JUMP_006323 test ebx,ebx jng near JUMP_006323 sub eax,esi mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jng JUMP_006315 mov eax,[ebp-0x4] cdq idiv ebx mov [ebp-0x4],eax jmp short JUMP_006316 JUMP_006315: ; Pos = 59a68 mov eax,[ebp-0x4] neg eax cdq idiv ebx neg eax mov [ebp-0x4],eax JUMP_006316: ; Pos = 59a75 mov eax,[ebp-0x14] sub eax,edi mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jng JUMP_006317 mov eax,[ebp-0x8] cdq idiv ebx mov [ebp-0x8],eax jmp short JUMP_006318 JUMP_006317: ; Pos = 59a8e mov eax,[ebp-0x8] neg eax cdq idiv ebx neg eax mov [ebp-0x8],eax JUMP_006318: ; Pos = 59a9b cmp dword [ebp-0xc],byte +0x0 jnl JUMP_006319 mov eax,[ebp-0xc] imul dword [ebp-0x4] sub esi,eax mov eax,[ebp-0xc] imul dword [ebp-0x8] sub edi,eax add ebx,[ebp-0xc] xor eax,eax mov [ebp-0xc],eax JUMP_006319: ; Pos = 59ab9 cmp dword [ebp-0x10],0x140 jng JUMP_006320 mov ebx,0x140 sub ebx,[ebp-0xc] JUMP_006320: ; Pos = 59aca mov eax,[DATA_009248] shl eax,0x6 lea eax,[eax+eax*4] add eax,[DATA_007773] add eax,[ebp-0xc] test ebx,ebx jng JUMP_006323 JUMP_006321: ; Pos = 59ae2 mov edx,esi sar edx,0x10 mov ecx,[DATA_009235] lea ecx,[ecx+edx] mov edx,edi sar edx,0x9 and edx,byte -0x80 mov dl,[ecx+edx] test dl,dl jz JUMP_006322 and edx,0xff mov dl,[edx+DATA_009252] mov [eax],dl JUMP_006322: ; Pos = 59b0d inc eax add esi,[ebp-0x4] add edi,[ebp-0x8] dec ebx jnz JUMP_006321 JUMP_006323: ; Pos = 59b17 mov eax,[DATA_009246] add [DATA_009244],eax mov eax,[DATA_009247] add [DATA_009245],eax mov eax,[DATA_009240] add [DATA_009236],eax mov eax,[DATA_009241] add [DATA_009237],eax mov eax,[DATA_009242] add [DATA_009238],eax mov eax,[DATA_009243] add [DATA_009239],eax inc dword [DATA_009248] dec dword [ebp+0x8] cmp dword [ebp+0x8],byte +0x0 jnz near JUMP_006312 JUMP_006324: ; Pos = 59b6c cmp dword [ebp+0x8],byte +0x0 jng JUMP_006325 mov eax,[ebp+0x8] imul dword [DATA_009246] add [DATA_009244],eax mov eax,[ebp+0x8] imul dword [DATA_009240] add [DATA_009236],eax mov eax,[ebp+0x8] imul dword [DATA_009241] add [DATA_009237],eax mov eax,[ebp+0x8] imul dword [DATA_009247] add [DATA_009245],eax mov eax,[ebp+0x8] imul dword [DATA_009242] add [DATA_009238],eax mov eax,[ebp+0x8] imul dword [DATA_009243] add [DATA_009239],eax mov eax,[ebp+0x8] add [DATA_009248],eax JUMP_006325: ; Pos = 59bd5 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001656_FindMSB: ; Pos = 59cec push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,0x10000 jc JUMP_006329 shr eax,0x10 mov edx,0x10 jmp short JUMP_006330 JUMP_006329: ; Pos = 59d03 xor edx,edx JUMP_006330: ; Pos = 59d05 cmp eax,0x100 jc JUMP_006331 shr eax,0x8 add edx,byte +0x8 JUMP_006331: ; Pos = 59d12 cmp eax,byte +0x10 jc JUMP_006332 shr eax,0x4 add edx,byte +0x4 JUMP_006332: ; Pos = 59d1d cmp eax,byte +0x4 jc JUMP_006333 shr eax,0x2 add edx,byte +0x2 JUMP_006333: ; Pos = 59d28 cmp eax,byte +0x2 jc JUMP_006334 lea eax,[edx+0x1] pop ebp ret JUMP_006334: ; Pos = 59d32 mov eax,edx pop ebp ret FUNC_001657_Vec64FindMSB: ; Pos = 59d38 push ebp mov ebp,esp push esi mov eax,[ebp+0x8] mov edx,[eax+0x4] test edx,edx jz JUMP_006335 inc edx jnz JUMP_006337 JUMP_006335: ; Pos = 59d49 mov ecx,[eax+0xc] test ecx,ecx jz JUMP_006336 inc ecx jnz JUMP_006337 JUMP_006336: ; Pos = 59d53 mov esi,[eax+0x14] test esi,esi jz JUMP_006344 inc esi jz JUMP_006344 JUMP_006337: ; Pos = 59d5d cmp dword [eax+0x4],byte +0x0 jnl JUMP_006338 mov edx,[eax+0x4] neg edx jmp short JUMP_006339 JUMP_006338: ; Pos = 59d6a mov edx,[eax+0x4] JUMP_006339: ; Pos = 59d6d cmp dword [eax+0xc],byte +0x0 jnl JUMP_006340 mov ecx,[eax+0xc] neg ecx jmp short JUMP_006341 JUMP_006340: ; Pos = 59d7a mov ecx,[eax+0xc] JUMP_006341: ; Pos = 59d7d or edx,ecx cmp dword [eax+0x14],byte +0x0 jnl JUMP_006342 mov ecx,[eax+0x14] neg ecx jmp short JUMP_006343 JUMP_006342: ; Pos = 59d8c mov ecx,[eax+0x14] JUMP_006343: ; Pos = 59d8f or edx,ecx mov eax,0x20 jmp short JUMP_006351 JUMP_006344: ; Pos = 59d98 cmp dword [eax+0x4],byte +0x0 jnl JUMP_006345 mov edx,[eax] neg edx jmp short JUMP_006346 JUMP_006345: ; Pos = 59da4 mov edx,[eax] JUMP_006346: ; Pos = 59da6 cmp dword [eax+0xc],byte +0x0 jnl JUMP_006347 mov ecx,[eax+0x8] neg ecx jmp short JUMP_006348 JUMP_006347: ; Pos = 59db3 mov ecx,[eax+0x8] JUMP_006348: ; Pos = 59db6 or edx,ecx cmp dword [eax+0x14],byte +0x0 jnl JUMP_006349 mov ecx,[eax+0x10] neg ecx jmp short JUMP_006350 JUMP_006349: ; Pos = 59dc5 mov ecx,[eax+0x10] JUMP_006350: ; Pos = 59dc8 or edx,ecx xor eax,eax JUMP_006351: ; Pos = 59dcc cmp edx,0xffff jna JUMP_006352 shr edx,0x10 add eax,byte +0x10 JUMP_006352: ; Pos = 59dda cmp edx,0xff jna JUMP_006353 shr edx,0x8 add eax,byte +0x8 JUMP_006353: ; Pos = 59de8 cmp edx,byte +0xf jna JUMP_006354 shr edx,0x4 add eax,byte +0x4 JUMP_006354: ; Pos = 59df3 cmp edx,byte +0x3 jna JUMP_006355 shr edx,0x2 add eax,byte +0x2 JUMP_006355: ; Pos = 59dfe cmp edx,byte +0x1 jna JUMP_006356 inc eax JUMP_006356: ; Pos = 59e04 pop esi pop ebp ret FUNC_001658_Vec64Truncate: ; Pos = 59e08 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] push esi call FUNC_001657_Vec64FindMSB pop ecx mov ebx,eax sub ebx,[ebp+0xc] test ebx,ebx jg JUMP_006357 xor eax,eax jmp short JUMP_006358 JUMP_006357: ; Pos = 59e24 push ebx push esi call FUNC_001660_Vec64Shift add esp,byte +0x8 mov eax,ebx JUMP_006358: ; Pos = 59e30 pop esi pop ebx pop ebp ret FUNC_001659: ; Pos = 59ea4 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ecx,[ebp+0x8] mov ebx,[eax] mov esi,ebx imul esi,[edx] mov edi,[eax+0x4] imul edi,[edx+0xc] add esi,edi mov edi,[eax+0x8] imul edi,[edx+0x18] add esi,edi mov [ebp-0x4],esi mov esi,ebx imul esi,[edx+0x4] mov edi,[eax+0x4] imul edi,[edx+0x10] add esi,edi mov edi,[eax+0x8] imul edi,[edx+0x1c] add esi,edi mov [ebp-0x8],esi imul ebx,[edx+0x8] mov esi,[eax+0x4] imul esi,[edx+0x14] add ebx,esi mov eax,[eax+0x8] imul dword [edx+0x20] add ebx,eax mov [ecx+0x8],ebx mov eax,[ebp-0x4] mov [ecx],eax mov eax,[ebp-0x8] mov [ecx+0x4],eax pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001660_Vec64Shift: ; Pos = 59f90 push ebp mov ebp,esp push ebx push esi push edi mov edx,[ebp+0xc] mov eax,[ebp+0x8] test edx,edx jz near JUMP_006362 cmp edx,byte +0x20 jnl JUMP_006359 mov ebx,0x20 sub ebx,edx mov ecx,ebx mov esi,[eax+0x4] shl esi,cl mov ecx,edx mov edi,[eax] shr edi,cl or esi,edi mov [eax],esi mov ecx,edx sar dword [eax+0x4],cl mov ecx,ebx mov esi,[eax+0xc] shl esi,cl mov ecx,edx mov edi,[eax+0x8] shr edi,cl or esi,edi mov [eax+0x8],esi mov ecx,edx sar dword [eax+0xc],cl mov ecx,ebx mov ebx,[eax+0x14] shl ebx,cl mov ecx,edx mov esi,[eax+0x10] shr esi,cl or ebx,esi mov [eax+0x10],ebx mov ecx,edx sar dword [eax+0x14],cl jmp short JUMP_006362 JUMP_006359: ; Pos = 59ff8 cmp edx,byte +0x20 jng JUMP_006360 lea ebx,[edx-0x20] mov ecx,ebx mov esi,[eax+0x4] sar esi,cl mov [eax],esi mov ecx,ebx mov esi,[eax+0xc] sar esi,cl mov [eax+0x8],esi mov ecx,ebx mov edx,[eax+0x14] sar edx,cl mov [eax+0x10],edx jmp short JUMP_006361 JUMP_006360: ; Pos = 5a01f mov edx,[eax+0x4] mov [eax],edx mov edx,[eax+0xc] mov [eax+0x8],edx mov edx,[eax+0x14] mov [eax+0x10],edx JUMP_006361: ; Pos = 5a030 sar dword [eax+0x4],0x1f sar dword [eax+0xc],0x1f sar dword [eax+0x14],0x1f JUMP_006362: ; Pos = 5a03c pop edi pop esi pop ebx pop ebp ret FUNC_001661_Vec64Add: ; Pos = 5a044 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push dword [esi+0x4] push dword [esi] push dword [ebx+0x4] push dword [ebx] push ebx call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [esi+0xc] push dword [esi+0x8] push dword [ebx+0xc] push dword [ebx+0x8] lea eax,[ebx+0x8] push eax call FUNC_001333_Int64Add64 add esp,byte +0x14 push dword [esi+0x14] push dword [esi+0x10] push dword [ebx+0x14] push dword [ebx+0x10] add ebx,byte +0x10 push ebx call FUNC_001333_Int64Add64 add esp,byte +0x14 pop esi pop ebx pop ebp ret FUNC_001662_Vec64Sub: ; Pos = 5a098 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push dword [esi+0x4] push dword [esi] push dword [ebx+0x4] push dword [ebx] push ebx call FUNC_001335_Int64Sub64 add esp,byte +0x14 push dword [esi+0xc] push dword [esi+0x8] push dword [ebx+0xc] push dword [ebx+0x8] lea eax,[ebx+0x8] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 push dword [esi+0x14] push dword [esi+0x10] push dword [ebx+0x14] push dword [ebx+0x10] add ebx,byte +0x10 push ebx call FUNC_001335_Int64Sub64 add esp,byte +0x14 pop esi pop ebx pop ebp ret FUNC_001663_Vec64NegAssign: ; Pos = 5a0ec push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push dword [esi+0x4] push dword [esi] push dword [DATA_007801] push dword [DATA_007800] push ebx call FUNC_001335_Int64Sub64 add esp,byte +0x14 push dword [esi+0xc] push dword [esi+0x8] push dword [DATA_007801] push dword [DATA_007800] lea eax,[ebx+0x8] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 push dword [esi+0x14] push dword [esi+0x10] push dword [DATA_007801] push dword [DATA_007800] add ebx,byte +0x10 push ebx call FUNC_001335_Int64Sub64 add esp,byte +0x14 pop esi pop ebx pop ebp ret FUNC_001664_Vec64Abs: ; Pos = 5a154 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push dword [esi+0x4] push dword [esi] push ebx call FUNC_001332_Int64Abs add esp,byte +0xc push dword [esi+0xc] push dword [esi+0x8] lea eax,[ebx+0x8] push eax call FUNC_001332_Int64Abs add esp,byte +0xc push dword [esi+0x14] push dword [esi+0x10] add ebx,byte +0x10 push ebx call FUNC_001332_Int64Abs add esp,byte +0xc pop esi pop ebx pop ebp ret FUNC_001665_MatAssign: ; Pos = 5a198 push ebp mov ebp,esp push ebx mov edx,[ebp+0xc] mov eax,[ebp+0x8] mov ecx,[edx] mov [eax],ecx mov ecx,[edx+0x10] mov [eax+0x10],ecx mov ecx,[edx+0x20] mov [eax+0x20],ecx mov ecx,[edx+0x4] mov ebx,[edx+0xc] mov [eax+0x4],ebx mov [eax+0xc],ecx mov ecx,[edx+0x8] mov ebx,[edx+0x18] mov [eax+0x8],ebx mov [eax+0x18],ecx mov ecx,[edx+0x14] mov edx,[edx+0x1c] mov [eax+0x14],edx mov [eax+0x1c],ecx pop ebx pop ebp ret FUNC_001666_SpecialDiv: ; Pos = 5a51c push ebp mov ebp,esp push ebx mov ecx,[ebp+0xc] mov ebx,[ebp+0x8] test ecx,ecx jng JUMP_006364 cmp ecx,0x7fff jng JUMP_006364 JUMP_006363: ; Pos = 5a532 sar ecx,1 sar ebx,1 cmp ecx,0x7fff jg JUMP_006363 JUMP_006364: ; Pos = 5a53e test ecx,ecx jz JUMP_006365 mov eax,ebx shl eax,0x8 cdq idiv ecx pop ebx pop ebp ret JUMP_006365: ; Pos = 5a54d mov eax,ebx pop ebx pop ebp ret FUNC_001667: ; Pos = 5a554 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push esi call FUNC_001913_Sin16 pop ecx mov [ebx+0x18],eax push edi call FUNC_001913_Sin16 pop ecx mov [ebx+0x10],eax add esi,0x4000 push esi call FUNC_001913_Sin16 pop ecx mov [ebx+0x20],eax add edi,0x4000 push edi call FUNC_001913_Sin16 pop ecx mov [ebx+0x4],eax xor eax,eax mov [ebx+0x1c],eax mov eax,[ebx+0x18] imul dword [ebx+0x10] sar eax,0xf mov [ebx+0x8],eax mov eax,[ebx+0x20] imul dword [ebx+0x4] sar eax,0xf mov [ebx+0xc],eax mov eax,[ebx+0x18] imul dword [ebx+0x4] sar eax,0xf neg eax mov [ebx+0x14],eax mov eax,[ebx+0x10] imul dword [ebx+0x20] sar eax,0xf neg eax mov [ebx],eax neg dword [ebx+0x20] neg dword [ebx+0x18] pop edi pop esi pop ebx pop ebp ret FUNC_001668: ; Pos = 5a5dc push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push esi call FUNC_001913_Sin16 pop ecx mov [ebx+0x4],eax push edi call FUNC_001913_Sin16 pop ecx mov [ebx+0x18],eax add esi,0x4000 push esi call FUNC_001913_Sin16 pop ecx mov [ebx+0x10],eax add edi,0x4000 push edi call FUNC_001913_Sin16 pop ecx mov [ebx+0x20],eax xor eax,eax mov [ebx+0x1c],eax mov eax,[ebx+0x4] imul dword [ebx+0x18] sar eax,0xf mov [ebx+0x14],eax mov eax,[ebx+0x10] imul dword [ebx+0x20] sar eax,0xf mov [ebx],eax mov eax,[ebx+0x4] imul dword [ebx+0x20] sar eax,0xf neg eax mov [ebx+0xc],eax mov eax,[ebx+0x18] imul dword [ebx+0x10] sar eax,0xf neg eax mov [ebx+0x8],eax pop edi pop esi pop ebx pop ebp ret FUNC_001669_VecMatMul: ; Pos = 5a7a8 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[esi] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0xc] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[esi+0x18] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebp-0x4],edx mov eax,[esi+0x4] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0x10] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[esi+0x1c] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebp-0x8],edx mov eax,[esi+0x8] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0x14] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[esi+0x20] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [edi+0x8],edx mov eax,[ebp-0x4] mov [edi],eax mov eax,[ebp-0x8] mov [edi+0x4],eax pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001670_VecMatTMul: ; Pos = 5a968 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[esi] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0x4] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[esi+0x8] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebp-0x4],edx mov eax,[esi+0xc] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0x10] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[esi+0x14] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebp-0x8],edx mov eax,[esi+0x18] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[esi+0x1c] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[esi+0x20] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [edi+0x8],edx mov eax,[ebp-0x4] mov [edi],eax mov eax,[ebp-0x8] mov [edi+0x4],eax pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001671_SpecialVecMatMul: ; Pos = 5aa3c push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x14] mov ebx,[ebp+0x10] mov edi,[ebp+0xc] mov eax,[esi] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 mov [edi],eax mov eax,[esi+0xc] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 add eax,[edi] push eax mov eax,[esi+0x18] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov eax,[ebp+0x8] mov [eax],edx mov eax,[esi+0x4] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 mov [edi+0x4],eax mov eax,[esi+0x10] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 add eax,[edi+0x4] push eax mov eax,[esi+0x1c] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov eax,[ebp+0x8] mov [eax+0x4],edx mov eax,[esi+0x8] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 mov [edi+0x8],eax mov eax,[esi+0x14] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 add eax,[edi+0x8] push eax mov eax,[esi+0x20] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov eax,[ebp+0x8] mov [eax+0x8],edx pop edi pop esi pop ebx pop ebp ret FUNC_001672_MatMatMul: ; Pos = 5ab0c push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] mov eax,[esi] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0xc] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x18] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x24],edi mov eax,[esi+0x4] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x10] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x1c] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x20],edi mov eax,[esi+0x8] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x14] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x20] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x1c],edi mov eax,[esi] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0xc] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x18] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x18],edi mov eax,[esi+0x4] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x10] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x1c] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x14],edi mov eax,[esi+0x8] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x14] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x20] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x10],edi mov eax,[esi] push eax mov eax,[ebx+0x18] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0xc] push eax mov eax,[ebx+0x1c] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x18] push eax mov eax,[ebx+0x20] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0xc],edi mov eax,[esi+0x4] push eax mov eax,[ebx+0x18] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x10] push eax mov eax,[ebx+0x1c] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x1c] push eax mov eax,[ebx+0x20] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x8],edi mov eax,[esi+0x8] push eax mov eax,[ebx+0x18] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x14] push eax mov eax,[ebx+0x1c] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x20] push eax mov eax,[ebx+0x20] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x4],edi mov eax,[ebp+0x8] lea esi,[ebp-0x24] mov edi,eax mov ecx,0x9 rep movsd pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001673_MatMatTMul: ; Pos = 5ad2c push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] mov eax,[esi] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x4] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x8] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x24],edi mov eax,[esi+0xc] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x10] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x14] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x20],edi mov eax,[esi+0x18] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x1c] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x20] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x1c],edi mov eax,[esi] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x4] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x8] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x18],edi mov eax,[esi+0xc] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x10] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x14] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x14],edi mov eax,[esi+0x18] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x1c] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x20] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x10],edi mov eax,[esi] push eax mov eax,[ebx+0x18] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x4] push eax mov eax,[ebx+0x1c] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x8] push eax mov eax,[ebx+0x20] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0xc],edi mov eax,[esi+0xc] push eax mov eax,[ebx+0x18] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x10] push eax mov eax,[ebx+0x1c] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x14] push eax mov eax,[ebx+0x20] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x8],edi mov eax,[esi+0x18] push eax mov eax,[ebx+0x18] push eax call FUNC_001521 add esp,byte +0x8 mov edi,eax mov eax,[esi+0x1c] push eax mov eax,[ebx+0x1c] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov eax,[esi+0x20] push eax mov eax,[ebx+0x20] push eax call FUNC_001521 add esp,byte +0x8 add edi,eax mov [ebp-0x4],edi mov eax,[ebp+0x8] lea esi,[ebp-0x24] mov edi,eax mov ecx,0x9 rep movsd pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001674_MatBuildOdd: ; Pos = 5af4c push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push esi call FUNC_001914_Sin32 pop ecx mov [ebx+0x18],eax push edi call FUNC_001914_Sin32 pop ecx mov [ebx+0x10],eax add esi,0x4000 push esi call FUNC_001914_Sin32 pop ecx mov [ebx+0x20],eax add edi,0x4000 push edi call FUNC_001914_Sin32 pop ecx mov [ebx+0x4],eax xor eax,eax mov [ebx+0x1c],eax mov eax,[ebx+0x10] push eax mov eax,[ebx+0x18] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x8],eax mov eax,[ebx+0x4] push eax mov eax,[ebx+0x20] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0xc],eax mov eax,[ebx+0x4] push eax mov eax,[ebx+0x18] push eax call FUNC_001521 add esp,byte +0x8 neg eax mov [ebx+0x14],eax mov eax,[ebx+0x20] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 neg eax mov [ebx],eax neg dword [ebx+0x20] neg dword [ebx+0x18] pop edi pop esi pop ebx pop ebp ret FUNC_001675_MatBuildYZT: ; Pos = 5aff0 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push esi call FUNC_001914_Sin32 pop ecx mov [ebx+0x4],eax push edi call FUNC_001914_Sin32 pop ecx mov [ebx+0x18],eax add esi,0x4000 push esi call FUNC_001914_Sin32 pop ecx mov [ebx+0x10],eax add edi,0x4000 push edi call FUNC_001914_Sin32 pop ecx mov [ebx+0x20],eax xor eax,eax mov [ebx+0x1c],eax mov eax,[ebx+0x18] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x14],eax mov eax,[ebx+0x20] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx],eax mov eax,[ebx+0x20] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 neg eax mov [ebx+0xc],eax mov eax,[ebx+0x10] push eax mov eax,[ebx+0x18] push eax call FUNC_001521 add esp,byte +0x8 neg eax mov [ebx+0x8],eax pop edi pop esi pop ebx pop ebp ret FUNC_001676_MatBuildYZ: ; Pos = 5b08c push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] push esi call FUNC_001914_Sin32 pop ecx mov [ebx+0xc],eax push edi call FUNC_001914_Sin32 pop ecx mov [ebx+0x8],eax add esi,0x4000 push esi call FUNC_001914_Sin32 pop ecx mov [ebx+0x10],eax add edi,0x4000 push edi call FUNC_001914_Sin32 pop ecx mov [ebx+0x20],eax xor eax,eax mov [ebx+0x14],eax mov eax,[ebx+0x8] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x1c],eax mov eax,[ebx+0x20] push eax mov eax,[ebx+0x10] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx],eax mov eax,[ebx+0x20] push eax mov eax,[ebx+0xc] push eax call FUNC_001521 add esp,byte +0x8 neg eax mov [ebx+0x4],eax mov eax,[ebx+0x10] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 neg eax mov [ebx+0x18],eax pop edi pop esi pop ebx pop ebp ret FUNC_001677: ; Pos = 5b128 push ebp mov ebp,esp add esp,byte -0x28 push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] cmp byte [ebx+0x56],0x0 jz near JUMP_006368 mov al,[ebx+0x25] cmp al,[DATA_008811] jnz JUMP_006366 push esi mov edi,esi lea esi,[ebx+0x26] mov ecx,0x6 rep movsd pop esi jmp JUMP_006370 JUMP_006366: ; Pos = 5b15f xor eax,eax mov al,[ebx+0x56] push eax call near [DATA_007753] ; FUNC_001531 pop ecx mov edi,eax push edi push esi call FUNC_001677 add esp,byte +0x8 cmp byte [ebx+0x57],0x0 jz JUMP_006367 push esi push edi lea esi,[ebx+0x3e] lea edi,[ebp-0x1c] mov ecx,0x6 rep movsd pop edi pop esi push byte +0x1c lea eax,[ebp-0x1c] push eax call FUNC_001658_Vec64Truncate add esp,byte +0x8 mov [ebp-0x4],eax mov eax,[ebp-0x1c] mov [ebp-0x28],eax mov eax,[ebp-0x14] mov [ebp-0x24],eax mov eax,[ebp-0xc] mov [ebp-0x20],eax push edi lea eax,[ebp-0x28] push eax lea eax,[ebp-0x28] push eax call FUNC_001669_VecMatMul add esp,byte +0xc mov eax,[ebp-0x4] push eax lea eax,[ebp-0x28] push eax lea eax,[ebp-0x1c] push eax call near [DATA_007749] ; FUNC_001517 add esp,byte +0xc lea eax,[ebp-0x1c] push eax push esi call FUNC_001661_Vec64Add add esp,byte +0x8 jmp short JUMP_006369 JUMP_006367: ; Pos = 5b1e7 lea eax,[ebx+0x3e] push eax push esi call FUNC_001661_Vec64Add add esp,byte +0x8 jmp short JUMP_006369 JUMP_006368: ; Pos = 5b1f6 push esi mov edi,esi lea esi,[ebx+0x3e] mov ecx,0x6 rep movsd pop esi JUMP_006369: ; Pos = 5b204 push esi lea edi,[ebx+0x26] mov ecx,0x6 rep movsd pop esi mov al,[DATA_008811] mov [ebx+0x25],al JUMP_006370: ; Pos = 5b218 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001678: ; Pos = 5b220 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x10] mov eax,[ebp+0xc] mov esi,[ebp+0x8] mov dl,[eax+0x56] cmp dl,[ebx+0x56] jnz JUMP_006371 mov dl,[eax+0x57] cmp dl,[ebx+0x57] jnz JUMP_006372 push esi mov edi,esi lea esi,[eax+0x3e] mov ecx,0x6 rep movsd pop esi add ebx,byte +0x3e push ebx push esi call FUNC_001662_Vec64Sub add esp,byte +0x8 jmp short JUMP_006373 JUMP_006371: ; Pos = 5b25c mov dl,[ebx+0x56] cmp dl,[eax+0x86] jnz JUMP_006372 add ebx,byte +0x3e push ebx push esi call FUNC_001663_Vec64NegAssign add esp,byte +0x8 jmp short JUMP_006373 JUMP_006372: ; Pos = 5b276 push eax push esi call near [DATA_007802] ; FUNC_001677 add esp,byte +0x8 add ebx,byte +0x26 push ebx push esi call FUNC_001662_Vec64Sub add esp,byte +0x8 JUMP_006373: ; Pos = 5b28e pop edi pop esi pop ebx pop ebp ret FUNC_001679: ; Pos = 5b294 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov al,[ebx+0x58] cmp al,[DATA_008811] jz JUMP_006374 xor eax,eax mov al,[ebx+0x56] push eax call near [DATA_007753] ; FUNC_001531 pop ecx push eax push ebx lea eax,[ebx+0x5a] push eax call FUNC_001672_MatMatMul add esp,byte +0xc mov al,[DATA_008811] mov [ebx+0x58],al JUMP_006374: ; Pos = 5b2c9 pop ebx pop ebp ret FUNC_001680: ; Pos = 5b2cc push ebp mov ebp,esp add esp,0xfffffe64 push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov edi,eax mov eax,[ebp+0xc] push eax push ebx lea eax,[ebp+0xfffffe80] push eax call near [DATA_007803] ; FUNC_001678 add esp,byte +0xc lea eax,[ebp+0xfffffe80] push eax call FUNC_001657_Vec64FindMSB pop ecx mov esi,eax lea eax,[esi-0x1c] mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jng JUMP_006375 mov eax,[ebp-0x8] push eax lea eax,[ebp+0xfffffe80] push eax call FUNC_001660_Vec64Shift add esp,byte +0x8 jmp short JUMP_006376 JUMP_006375: ; Pos = 5b330 xor eax,eax mov [ebp-0x8],eax JUMP_006376: ; Pos = 5b335 sub esi,byte +0xd test esi,esi jnl JUMP_006377 xor esi,esi JUMP_006377: ; Pos = 5b33e sub esi,[ebx+0x7e] mov eax,esi mov [ebx+0x88],al mov eax,[edi+0x20] cmp esi,eax jl JUMP_006380 sub esi,eax cmp esi,byte +0x5 jng JUMP_006378 mov al,0x3f jmp short JUMP_006379 JUMP_006378: ; Pos = 5b35b mov ecx,esi mov al,0x1 shl al,cl JUMP_006379: ; Pos = 5b361 mov [ebx+0x8a],al mov word [ebx+0x98],0x8000 mov word [ebx+0x9a],0x8000 jmp JUMP_006394 JUMP_006380: ; Pos = 5b37e mov [ebp-0x1c],ebx xor eax,eax mov [ebp-0x70],eax mov byte [ebx+0x8a],0x0 mov eax,[ebp+0xc] cmp byte [eax+0x57],0x0 jnz JUMP_006381 mov eax,[DATA_008821] mov [ebp-0x34],eax mov eax,[DATA_008822] mov [ebp-0x30],eax mov eax,[DATA_008823] mov [ebp-0x2c],eax mov eax,[ebp+0xc] mov [ebp-0x4],eax jmp short JUMP_006384 JUMP_006381: ; Pos = 5b3b9 mov eax,[DATA_008824] mov [ebp-0x34],eax mov eax,[DATA_008825] mov [ebp-0x30],eax mov eax,[DATA_008826] mov [ebp-0x2c],eax mov eax,[ebp+0xc] mov al,[eax+0x56] cmp al,[ebx+0x86] jz JUMP_006382 cmp byte [ebx+0x57],0x0 jz JUMP_006383 mov eax,[ebp+0xc] mov al,[eax+0x56] cmp al,[ebx+0x56] jnz JUMP_006383 JUMP_006382: ; Pos = 5b3f3 mov eax,[ebp+0xc] mov [ebp-0x4],eax jmp short JUMP_006384 JUMP_006383: ; Pos = 5b3fb mov eax,[ebp+0xc] add eax,byte +0x5a mov [ebp-0x4],eax JUMP_006384: ; Pos = 5b404 push byte +0x18 push dword DATA_008831 lea eax,[ebp+0xffffff1c] push eax call _memcpy add esp,byte +0xc mov eax,[ebp+0xfffffe80] mov [ebp+0xfffffe74],eax mov eax,[ebp+0xfffffe88] mov [ebp+0xfffffe78],eax mov eax,[ebp+0xfffffe90] mov [ebp+0xfffffe7c],eax mov eax,[ebp-0x4] push eax lea eax,[ebp+0xfffffe74] push eax lea eax,[ebp+0xfffffe9c] push eax call FUNC_001670_VecMatTMul add esp,byte +0xc mov eax,[edi+0x14] mov [ebp-0x20],eax mov eax,[edi+0x18] mov [ebp-0x38],eax add eax,[ebx+0x7e] sub eax,[ebp-0x8] test eax,eax jnl JUMP_006385 sub [ebp-0x38],eax add [ebp-0x20],eax cmp dword [ebp-0x20],byte +0x0 jnl JUMP_006386 xor eax,eax mov [ebp-0x20],eax jmp short JUMP_006386 JUMP_006385: ; Pos = 5b481 mov ecx,eax sar dword [ebp+0xfffffe9c],cl mov ecx,eax sar dword [ebp+0xfffffea0],cl mov ecx,eax sar dword [ebp+0xfffffea4],cl JUMP_006386: ; Pos = 5b499 lea eax,[ebp+0xfffffe9c] push eax lea eax,[ebx+0x98] push eax call FUNC_001479 add esp,byte +0x8 test eax, eax jz .onscreen mov word [ebx+0x98],0x8000 mov word [ebx+0x9a],0x8000 .onscreen push edi lea eax,[ebp+0xfffffe98] push eax call FUNC_001686 add esp,byte +0x8 test eax,eax jz JUMP_006387 ; mov word [ebx+0x98],0x8000 ; mov word [ebx+0x9a],0x8000 jmp JUMP_006394 JUMP_006387: ; Pos = 5b4c4 mov al,0x1 mov [ebp-0x72],al mov [ebp-0x73],al mov [ebp-0x74],al ; lea eax,[ebp+0xfffffe9c] ; push eax ; lea eax,[ebx+0x98] ; push eax ; call FUNC_001479 ; add esp,byte +0x8 mov eax, [ebp+0xfffffea4] cmp eax, 0x40 jnl JUMP_006388 ; mov word [ebx+0x98],0x8000 ; mov word [ebx+0x9a],0x8000 jmp JUMP_006389 JUMP_006388: ; Pos = 5b500 cmp esi,[edi+0x28] jl near JUMP_006389 mov ax,[edi+0x24] mov [ebp+0xfffffe64],ax mov al,[edi+0x26] mov [ebp+0xfffffe66],al test byte [ebp+0xfffffe64],0x80 setnz al and eax,byte +0x1 mov [ebp+0xfffffe6c],eax xor eax,eax mov [ebp+0xfffffe70],eax xor eax,eax mov [ebp+0xfffffe68],eax and byte [ebp+0xfffffe64],0xf and byte [ebp+0xfffffe65],0xf and byte [ebp+0xfffffe66],0xf mov ecx,[ebp-0x20] mov esi,[edi+0x1c] shl esi,cl lea eax,[ebp+0xfffffe9c] push eax push byte +0x1 push dword [ebp+0xfffffe70] push dword [ebp+0xfffffe6c] push dword [ebp+0xfffffe68] push dword [ebp+0xfffffe64] push esi mov eax,[ebp+0xfffffea4] push eax push esi call FUNC_001666_SpecialDiv add esp,byte +0x8 push eax add ebx,0x98 push ebx lea eax,[ebp+0xfffffe98] push eax call FUNC_001700 add esp,byte +0x28 jmp JUMP_006394 JUMP_006389: ; Pos = 5b5ab mov [ebp-0xc],ebx mov esi,[ebp+0xc] mov eax,[ebp+0xc] cmp byte [eax+0x57],0x0 jz JUMP_006391 cmp byte [ebx+0x57],0x0 jnz JUMP_006392 mov eax,[ebp+0xc] mov al,[eax+0x56] cmp al,[ebx+0x86] jnz JUMP_006390 mov eax,[ebp+0xc] push eax lea eax,[ebp+0xfffffeac] push eax call FUNC_001665_MatAssign add esp,byte +0x8 xor esi,esi jmp short JUMP_006392 JUMP_006390: ; Pos = 5b5e5 mov esi,[ebp+0xc] add esi,byte +0x5a jmp short JUMP_006392 JUMP_006391: ; Pos = 5b5ed cmp byte [ebx+0x57],0x0 jz JUMP_006392 push ebx call near [DATA_007804] ; FUNC_001679 pop ecx add ebx,byte +0x5a mov [ebp-0xc],ebx JUMP_006392: ; Pos = 5b601 test esi,esi jz JUMP_006393 push esi mov eax,[ebp-0xc] push eax lea eax,[ebp+0xfffffeac] push eax call FUNC_001673_MatMatTMul add esp,byte +0xc JUMP_006393: ; Pos = 5b619 xor eax,eax mov [ebp+0xfffffeec],eax lea eax,[ebp+0xfffffe98] push eax call FUNC_001685 pop ecx push edi lea eax,[ebp+0xfffffe98] push eax call FUNC_001773 add esp,byte +0x8 push byte +0x0 push byte +0x0 call FUNC_001780 add esp,byte +0x8 JUMP_006394: ; Pos = 5b64a pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001681: ; Pos = 5b654 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0x82] push eax call near [DATA_007757] ; FUNC_001539 pop ecx push eax push ebx call FUNC_001683 add esp,byte +0x8 pop ebx pop ebp ret FUNC_001682: ; Pos = 5b678 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx push eax push ebx call FUNC_001683 add esp,byte +0x8 pop ebx pop ebp ret FUNC_001683: ; Pos = 5b69c push ebp mov ebp,esp add esp,0xfffffea4 push ebx push esi push edi mov ebx,[ebp+0xc] mov eax,[ebp+0x8] lea esi,[ebp+0xfffffea4] mov [esi+0x14c],eax xor edx,edx mov [esi+0xf8],edx push esi lea edi,[esi+0x14] mov esi,eax mov ecx,0x9 rep movsd pop esi mov edx,[eax+0x26] mov [esi+0x4],edx mov edx,[eax+0x2e] mov [esi+0x8],edx mov eax,[eax+0x36] mov [esi+0xc],eax mov eax,[ebx+0x14] mov [esi+0x148],eax xor eax,eax mov [esi+0x130],eax push ebx push esi call FUNC_001686 add esp,byte +0x8 test eax,eax jnz JUMP_006395 xor eax,eax mov [esi+0x54],eax mov al,0x1 mov [esi+0xf6],al mov [esi+0xf5],al mov [esi+0xf4],al mov eax,[DATA_008821] mov [esi+0x134],eax mov eax,[DATA_008822] mov [esi+0x138],eax mov eax,[DATA_008823] mov [esi+0x13c],eax push byte +0x18 push dword DATA_008831 lea eax,[esi+0x84] push eax call _memcpy add esp,byte +0xc push esi call FUNC_001685 pop ecx push ebx push esi call FUNC_001773 add esp,byte +0x8 push byte +0x0 push byte +0x0 call FUNC_001780 add esp,byte +0x8 JUMP_006395: ; Pos = 5b771 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001684: ; Pos = 5b778 push ebp mov ebp,esp add esp,0xfffffea4 push ebx push esi push edi mov ebx,[ebp+0x8] lea edi,[ebp+0xfffffea4] mov eax,[ebx+0x82] push eax call near [DATA_007757] ; FUNC_001539 pop ecx mov esi,eax mov [edi+0x14c],ebx xor eax,eax mov [edi+0xf8],eax push esi push edi mov esi,ebx add edi,byte +0x14 mov ecx,0x9 rep movsd pop edi pop esi mov eax,[ebx+0x26] mov [edi+0x4],eax mov eax,[ebx+0x2e] mov [edi+0x8],eax mov eax,[ebx+0x36] mov [edi+0xc],eax mov eax,[esi+0x14] mov [edi+0x148],eax xor eax,eax mov [edi+0x130],eax push esi push edi call FUNC_001686 add esp,byte +0x8 test eax,eax jnz near JUMP_006396 xor eax,eax mov [edi+0x54],eax mov al,0x1 mov [edi+0xf6],al mov [edi+0xf5],al mov [edi+0xf4],al mov eax,[DATA_008821] mov [edi+0x134],eax mov eax,[DATA_008822] mov [edi+0x138],eax mov eax,[DATA_008823] mov [edi+0x13c],eax push byte +0x18 push dword DATA_008831 lea eax,[edi+0x84] push eax call _memcpy add esp,byte +0xc push edi call FUNC_001685 pop ecx movzx eax,word [ebx+0xa4] add eax,eax push eax mov eax,[ebp+0xc] push eax push esi push edi call FUNC_001774 add esp,byte +0x10 push byte +0x0 push byte +0x0 call FUNC_001780 add esp,byte +0x8 JUMP_006396: ; Pos = 5b86a pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001685: ; Pos = 5b874 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi mov ebx,[ebp+0x8] lea eax,[ebx+0x4] push eax lea eax,[ebp-0xc] push eax call FUNC_001475 add esp,byte +0x8 mov esi,eax mov [ebx+0x44],esi mov eax,esi add eax,byte +0x7 sub eax,[ebx+0x148] test eax,eax jnl JUMP_006397 neg eax add [ebx+0x44],eax mov ecx,eax sar dword [ebp-0xc],cl mov ecx,eax sar dword [ebp-0x8],cl mov ecx,eax sar dword [ebp-0x4],cl JUMP_006397: ; Pos = 5b8b7 neg dword [ebp-0xc] neg dword [ebp-0x8] neg dword [ebp-0x4] lea esi,[ebx+0x14] push esi lea eax,[ebp-0xc] push eax lea eax,[ebx+0x48] push eax call FUNC_001670_VecMatTMul add esp,byte +0xc push esi lea eax,[ebx+0x134] push eax add ebx,byte +0x38 push ebx call FUNC_001670_VecMatTMul add esp,byte +0xc pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001686: ; Pos = 5b8f0 push ebp mov ebp,esp mov eax,[ebp+0x8] mov ecx,[eax+0x148] mov edx,[ebp+0xc] mov edx,[edx+0x1c] shl edx,cl push edx add eax,byte +0x4 push eax call FUNC_001687 add esp,byte +0x8 pop ebp ret FUNC_001687: ; Pos = 5b914 push ebp mov ebp,esp push ebx mov ecx,[ebp+0xc] mov eax,[ebp+0x8] mov edx,[eax+0x8] add edx,ecx cmp edx,byte +0x40 jnl JUMP_006398 mov eax,0x1 pop ebx pop ebp ret JUMP_006398: ; Pos = 5b930 cmp dword [eax],byte +0x0 jnl JUMP_006399 mov ebx,[eax] neg ebx jmp short JUMP_006400 JUMP_006399: ; Pos = 5b93b mov ebx,[eax] JUMP_006400: ; Pos = 5b93d sub ebx,ecx cmp edx,ebx jl JUMP_006403 cmp dword [eax+0x4],byte +0x0 jnl JUMP_006401 mov ebx,[eax+0x4] neg ebx jmp short JUMP_006402 JUMP_006401: ; Pos = 5b950 mov ebx,[eax+0x4] JUMP_006402: ; Pos = 5b953 sub ebx,ecx cmp edx,ebx jnl JUMP_006404 JUMP_006403: ; Pos = 5b959 mov eax,0x1 pop ebx pop ebp ret JUMP_006404: ; Pos = 5b961 xor eax,eax pop ebx pop ebp ret FUNC_001688: ; Pos = 5b968 push ebp mov ebp,esp push byte +0x0 mov eax,[ebp+0x8] mov eax,[eax+0x8] push eax call FUNC_001690 add esp,byte +0x8 pop ebp ret FUNC_001689: ; Pos = 5b980 push ebp mov ebp,esp mov edx,DATA_009200 mov eax,[edx] xor ecx,ecx mov [eax+0xffffff3c],ecx xor ecx,ecx mov [eax+0xffffff60],ecx xor ecx,ecx mov [eax-0x7c],ecx xor ecx,ecx mov [eax-0x58],ecx xor ecx,ecx mov [eax-0x34],ecx xor edx,edx mov [eax-0x10],edx push byte +0x0 mov eax,[ebp+0x8] push eax call FUNC_001690 add esp,byte +0x8 pop ebp ret FUNC_001690: ; Pos = 5b9c0 push ebp mov ebp,esp push ebx push esi mov ecx,[ebp+0xc] mov edx,[ebp+0x8] xor eax,eax cmp edx,eax jng JUMP_006406 JUMP_006405: ; Pos = 5b9d1 lea ebx,[eax+eax*8] mov esi,[DATA_009200] mov [esi+ebx*4+0x14],ecx inc eax cmp edx,eax jg JUMP_006405 JUMP_006406: ; Pos = 5b9e3 pop esi pop ebx pop ebp ret FUNC_001691: ; Pos = 5b9e8 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,[ebp+0x10] test edx,edx jz JUMP_006407 mov ecx,edx shl edx,0x4 sub edx,ecx mov dl,[edx*2+DATA_007812] add [ebp+0xc],dl mov edx,[ebp+0x10] mov ecx,edx shl edx,0x4 sub edx,ecx mov dl,[edx*2+DATA_007813] add [ebp+0xd],dl mov edx,[ebp+0x10] mov ecx,edx shl edx,0x4 sub edx,ecx mov dl,[edx*2+DATA_007814] add [ebp+0xe],dl mov dx,[ebp+0xc] mov [eax],dx mov dl,[ebp+0xe] mov [eax+0x2],dl pop ebp ret JUMP_006407: ; Pos = 5ba3d mov dx,[ebp+0xc] mov [eax],dx mov dl,[ebp+0xe] mov [eax+0x2],dl pop ebp ret FUNC_001692: ; Pos = 5ba4c push ebp mov ebp,esp add esp,byte -0x10 push esi push edi mov eax,[ebp+0xc] mov edx,[ebp+0x8] mov ecx,eax shr ecx,0xe jz JUMP_006408 mov ecx,eax and ecx,0xfff mov [ebp-0xc],ecx mov byte [ebp-0x10],0x0 mov byte [ebp-0xf],0x0 mov byte [ebp-0xe],0x0 mov ecx,eax and ecx,0x2000 mov [ebp-0x8],ecx jmp short JUMP_006409 JUMP_006408: ; Pos = 5ba85 mov ecx,eax shr ecx,0x8 and cl,0xf mov [ebp-0x10],cl mov ecx,eax shr ecx,0x4 and cl,0xf mov [ebp-0xf],cl mov ecx,eax and cl,0xf mov [ebp-0xe],cl mov ecx,eax and ecx,0x2000 mov [ebp-0x8],ecx xor ecx,ecx mov [ebp-0xc],ecx JUMP_006409: ; Pos = 5bab3 and eax,0x1000 mov [ebp-0x4],eax lea esi,[ebp-0x10] mov edi,edx mov ecx,0x4 rep movsd mov eax,edx pop edi pop esi mov esp,ebp pop ebp ret FUNC_001693: ; Pos = 5bad0 push ebp mov ebp,esp push esi push edi mov edx,[ebp+0xc] mov eax,[ebp+0x8] cmp dword [ebp+0x1c],byte +0x0 jz JUMP_006410 mov cl,[edx+0xf4] add [ebp+0x10],cl mov cl,[edx+0xf5] add [ebp+0x11],cl mov dl,[edx+0xf6] add [ebp+0x12],dl JUMP_006410: ; Pos = 5bafc cmp dword [ebp+0x18],byte +0x0 jnz JUMP_006411 mov dl,[ebp+0x20] add [ebp+0x10],dl mov dl,[ebp+0x21] add [ebp+0x11],dl mov dl,[ebp+0x22] add [ebp+0x12],dl JUMP_006411: ; Pos = 5bb14 lea esi,[ebp+0x10] mov edi,eax mov ecx,0x4 rep movsd pop edi pop esi pop ebp ret FUNC_001694: ; Pos = 5bb24 push ebp mov ebp,esp push esi push edi mov edx,[ebp+0xc] mov eax,[ebp+0x8] xor ecx,ecx mov [ebp+0x18],ecx cmp dword [ebp+0x1c],byte +0x0 jz JUMP_006412 xor ecx,ecx mov [ebp+0x1c],ecx mov cl,[edx+0xf4] add [ebp+0x10],cl mov cl,[edx+0xf5] add [ebp+0x11],cl mov dl,[edx+0xf6] add [ebp+0x12],dl JUMP_006412: ; Pos = 5bb5a lea esi,[ebp+0x10] mov edi,eax mov ecx,0x4 rep movsd pop edi pop esi pop ebp ret FUNC_001695: ; Pos = 5bb6c push ebp mov ebp,esp push esi push edi mov edx,[ebp+0xc] mov eax,[ebp+0x8] cmp dword [ebp+0x1c],byte +0x0 jz JUMP_006413 xor ecx,ecx mov [ebp+0x1c],ecx mov cl,[edx+0xf4] add [ebp+0x10],cl mov cl,[edx+0xf5] add [ebp+0x11],cl mov dl,[edx+0xf6] add [ebp+0x12],dl JUMP_006413: ; Pos = 5bb9d lea esi,[ebp+0x10] mov edi,eax mov ecx,0x4 rep movsd pop edi pop esi pop ebp ret FUNC_001696: ; Pos = 5bbb0 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,edi shr eax,0xd cmp eax,byte +0x7 ja near JUMP_006437 jmp near [eax*4+DATA_000048] SECTION .data DATA_000048: ; Pos = 5bbd7 dd JUMP_006437 dd JUMP_006414 dd JUMP_006421 dd JUMP_006424 dd JUMP_006437 dd JUMP_006437 dd JUMP_006437 dd JUMP_006431 SECTION .text JUMP_006414: ; Pos = 5bbf7 mov eax,edi shr eax,0x5 and al,0xff movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006415 mov eax,edi shr eax,0x5 and al,0xff movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006416 JUMP_006415: ; Pos = 5bc2e mov eax,edi shr eax,0x5 and al,0xff push eax push ebx call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006416: ; Pos = 5bc40 add eax,byte +0x4 push eax push ebx call FUNC_001777 add esp,byte +0x8 mov edi,eax JUMP_006417: ; Pos = 5bc4f movsx eax,byte [esi] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006418 movsx eax,byte [esi] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006419 JUMP_006418: ; Pos = 5bc78 mov al,[esi] push eax push ebx call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006419: ; Pos = 5bc85 add eax,byte +0x4 push eax push ebx call FUNC_001777 add esp,byte +0x8 cmp eax,edi jng JUMP_006420 mov edi,eax JUMP_006420: ; Pos = 5bc98 add esi,byte +0x2 cmp byte [esi-0x1],0xff jz JUMP_006417 push edi push byte +0x1 call FUNC_001780 add esp,byte +0x8 jmp JUMP_006438 JUMP_006421: ; Pos = 5bcb1 mov eax,edi shr eax,0x5 and al,0xff movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006422 mov eax,edi shr eax,0x5 and al,0xff movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006423 JUMP_006422: ; Pos = 5bce8 mov eax,edi shr eax,0x5 and al,0xff push eax push ebx call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006423: ; Pos = 5bcfa add eax,byte +0x4 push eax push ebx call FUNC_001777 add esp,byte +0x8 push eax push byte +0x1 call FUNC_001780 add esp,byte +0x8 jmp JUMP_006438 JUMP_006424: ; Pos = 5bd17 mov eax,edi shr eax,0x5 and al,0xff movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006425 mov eax,edi shr eax,0x5 and al,0xff movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006426 JUMP_006425: ; Pos = 5bd4e mov eax,edi shr eax,0x5 and al,0xff push eax push ebx call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006426: ; Pos = 5bd60 add eax,byte +0x4 push eax push ebx call FUNC_001777 add esp,byte +0x8 mov edi,eax JUMP_006427: ; Pos = 5bd6f movsx eax,byte [esi] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006428 movsx eax,byte [esi] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006429 JUMP_006428: ; Pos = 5bd98 mov al,[esi] push eax push ebx call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006429: ; Pos = 5bda5 add eax,byte +0x4 push eax push ebx call FUNC_001777 add esp,byte +0x8 cmp eax,edi jnl JUMP_006430 mov edi,eax JUMP_006430: ; Pos = 5bdb8 add esi,byte +0x2 cmp byte [esi-0x1],0xff jz JUMP_006427 push edi push byte +0x1 call FUNC_001780 add esp,byte +0x8 jmp JUMP_006438 JUMP_006431: ; Pos = 5bdd1 mov eax,edi shr eax,0x5 sub eax,0x7fd jz JUMP_006433 dec eax jz JUMP_006432 dec eax jnz JUMP_006434 lea eax,[ebx+0x4] push eax push ebx call FUNC_001777 add esp,byte +0x8 push eax push byte +0x1 call FUNC_001780 add esp,byte +0x8 jmp JUMP_006438 JUMP_006432: ; Pos = 5be00 push byte -0x1 push byte +0x1 call FUNC_001780 add esp,byte +0x8 jmp JUMP_006438 JUMP_006433: ; Pos = 5be11 xor eax,eax mov [ebp-0xc],eax xor eax,eax mov [ebp-0x8],eax mov ecx,[ebx+0x148] movsx eax,word [esi] shl eax,cl mov [ebp-0x4],eax add esi,byte +0x2 lea eax,[ebp-0xc] push eax push ebx call FUNC_001777 add esp,byte +0x8 push eax push byte +0x1 call FUNC_001780 add esp,byte +0x8 jmp JUMP_006438 JUMP_006434: ; Pos = 5be49 mov eax,edi shr eax,0x5 and al,0xff movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006435 mov eax,edi shr eax,0x5 and al,0xff movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006436 JUMP_006435: ; Pos = 5be80 mov eax,edi shr eax,0x5 and al,0xff push eax push ebx call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006436: ; Pos = 5be92 mov edx,[eax+0x4] mov [ebp-0xc],edx mov edx,[eax+0x8] mov [ebp-0x8],edx mov edx,[eax+0xc] mov [ebp-0x4],edx mov ecx,[ebx+0x148] movsx eax,word [esi] shl eax,cl add [ebp-0x4],eax add esi,byte +0x2 lea eax,[ebp-0xc] push eax push ebx call FUNC_001777 add esp,byte +0x8 push eax push byte +0x1 call FUNC_001780 add esp,byte +0x8 jmp short JUMP_006438 JUMP_006437: ; Pos = 5becf push byte +0x0 push byte +0x0 call FUNC_001780 add esp,byte +0x8 JUMP_006438: ; Pos = 5bedb mov eax,esi pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001697: ; Pos = 5bee4 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0x10] mov esi,[ebp+0x8] test bx,bx jnl JUMP_006439 call FUNC_001782 jmp short JUMP_006442 JUMP_006439: ; Pos = 5befb mov eax,ebx shr eax,0x5 movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006440 mov eax,ebx shr eax,0x5 movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006441 JUMP_006440: ; Pos = 5bf2e shr ebx,0x5 push ebx push esi call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006441: ; Pos = 5bf3c add eax,byte +0x4 push eax push esi call FUNC_001777 add esp,byte +0x8 push eax call FUNC_001781 pop ecx JUMP_006442: ; Pos = 5bf50 mov eax,[ebp+0xc] pop esi pop ebx pop ebp ret FUNC_001698: ; Pos = 5bf58 push ebp mov ebp,esp push ebx mov eax,[ebp+0x10] mov ebx,[ebp+0xc] mov al,[ebx+0x4] and eax,0x80 push eax xor eax,eax mov al,[ebx+0x5] push eax movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] push eax mov eax,[ebp+0x8] push eax call FUNC_001699 add esp,byte +0x14 lea eax,[ebx+0x6] pop ebx pop ebp ret FUNC_001699: ; Pos = 5bf8c push ebp mov ebp,esp add esp,byte -0x34 push ebx push esi push edi mov esi,[ebp+0x14] mov ebx,[ebp+0x10] mov eax,[ebp+0xc] push eax lea eax,[ebp-0x10] push eax call FUNC_001692 add esp,byte +0x8 push esi lea esi,[ebp-0x10] lea edi,[ebp-0x34] mov ecx,0x4 rep movsd pop esi mov eax,esi movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] mov edx,[ebp+0x8] cmp eax,[edx+0xf0] jnz JUMP_006443 mov eax,esi movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006444 JUMP_006443: ; Pos = 5bfea mov eax,esi push eax mov eax,[ebp+0x8] push eax call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006444: ; Pos = 5bffa mov esi,eax push ebx mov eax,[ebp+0x8] push eax call FUNC_001474 add esp,byte +0x8 mov ebx,eax mov eax,[ebp+0x8] mov eax,[eax+0x148] add eax,byte -0x8 test eax,eax jnl JUMP_006445 mov ecx,eax neg ecx shr ebx,cl jmp short JUMP_006446 JUMP_006445: ; Pos = 5c023 mov ecx,eax shl ebx,cl JUMP_006446: ; Pos = 5c027 mov edi,[esi+0xc] cmp edi,byte +0x40 jl near JUMP_006457 mov eax,[ebp+0x8] mov [eax+0xd4],ebx mov edx,ebx shl edx,0x3 mov eax,edi cmp edx,eax jna near JUMP_006456 xor edx,edx mov [ebp-0x1c],edx cmp ebx,eax jnc near JUMP_006457 or eax,ebx cmp dword [esi+0x4],byte +0x0 jnl JUMP_006447 mov edx,[esi+0x4] neg edx jmp short JUMP_006448 JUMP_006447: ; Pos = 5c067 mov edx,[esi+0x4] JUMP_006448: ; Pos = 5c06a or eax,edx cmp dword [esi+0x8],byte +0x0 jnl JUMP_006449 mov edx,[esi+0x8] neg edx jmp short JUMP_006450 JUMP_006449: ; Pos = 5c079 mov edx,[esi+0x8] JUMP_006450: ; Pos = 5c07c or eax,edx cmp eax,0x4000000 jl JUMP_006451 add dword [ebp-0x1c],byte +0x10 sar eax,0x10 JUMP_006451: ; Pos = 5c08c cmp eax,0x40000 jl JUMP_006452 add dword [ebp-0x1c],byte +0x8 sar eax,0x8 JUMP_006452: ; Pos = 5c09a cmp eax,0x4000 jl JUMP_006453 add dword [ebp-0x1c],byte +0x4 sar eax,0x4 JUMP_006453: ; Pos = 5c0a8 cmp eax,0x1000 jl JUMP_006454 add dword [ebp-0x1c],byte +0x2 sar eax,0x2 JUMP_006454: ; Pos = 5c0b6 cmp eax,0x800 jl JUMP_006455 inc dword [ebp-0x1c] JUMP_006455: ; Pos = 5c0c0 mov ecx,[ebp-0x1c] mov eax,ebx shr eax,cl mov edx,eax imul edx,eax mov eax,edx mov ecx,[ebp-0x1c] mov edx,edi sar edx,cl mov [ebp-0x14],edx mov edx,[ebp-0x14] imul edx,[ebp-0x14] sub edx,eax mov [ebp-0x14],edx cmp dword [ebp-0x14],byte +0x0 jz near JUMP_006457 mov ecx,[ebp-0x1c] mov eax,[esi+0x4] sar eax,cl mov [ebp-0x20],eax mov ecx,[ebp-0x1c] mov eax,edi sar eax,cl imul dword [ebp-0x20] shl eax,0x8 cdq idiv dword [ebp-0x14] add ax,0xa0 mov [ebp-0x18],ax mov ecx,[ebp-0x1c] mov eax,[esi+0x8] sar eax,cl mov [ebp-0x24],eax mov ecx,[ebp-0x1c] mov eax,edi sar eax,cl imul dword [ebp-0x24] shl eax,0x8 cdq idiv dword [ebp-0x14] mov dx,0x4f sub dx,ax mov [ebp-0x16],dx add esi,byte +0x4 push esi mov eax,[ebp+0x18] push eax push dword [ebp-0x28] push dword [ebp-0x2c] push dword [ebp-0x30] push dword [ebp-0x34] push ebx mov eax,[ebp-0x20] imul dword [ebp-0x20] mov edx,[ebp-0x24] imul edx,[ebp-0x24] add eax,edx add eax,[ebp-0x14] push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov ecx,[ebp-0x1c] shr ebx,cl shl ebx,0x8 imul ebx xor edx,edx div dword [ebp-0x14] push eax lea eax,[ebp-0x18] push eax mov eax,[ebp+0x8] push eax call FUNC_001700 add esp,byte +0x28 jmp short JUMP_006457 JUMP_006456: ; Pos = 5c18a lea eax,[esi+0x4] push eax mov eax,[ebp+0x18] push eax push dword [ebp-0x28] push dword [ebp-0x2c] push dword [ebp-0x30] push dword [ebp-0x34] push ebx push edi push ebx call FUNC_001666_SpecialDiv add esp,byte +0x8 push eax push esi mov eax,[ebp+0x8] push eax call FUNC_001700 add esp,byte +0x28 JUMP_006457: ; Pos = 5c1b7 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001700: ; Pos = 5c1c0 push ebp mov ebp,esp add esp,byte -0x24 push ebx push esi push edi mov ebx,[ebp+0x2c] mov edi,[ebp+0xc] mov esi,[ebp+0x8] mov ax,[edi] movsx edx,ax cmp edx,0x140 jc JUMP_006462 test ax,ax jnl JUMP_006459 movsx eax,word [edi] mov edx,[ebp+0x10] sar edx,1 jns JUMP_006458 adc edx,byte +0x0 JUMP_006458: ; Pos = 5c1f2 add eax,edx jmp short JUMP_006461 JUMP_006459: ; Pos = 5c1f6 movsx eax,word [edi] mov edx,[ebp+0x10] sar edx,1 jns JUMP_006460 adc edx,byte +0x0 JUMP_006460: ; Pos = 5c203 sub eax,edx JUMP_006461: ; Pos = 5c205 cmp eax,0x140 jnc near JUMP_006478 JUMP_006462: ; Pos = 5c210 mov ax,[edi+0x2] movsx edx,ax cmp edx,0x9e jc JUMP_006467 test ax,ax jnl JUMP_006464 movsx eax,word [edi+0x2] mov edx,[ebp+0x10] sar edx,1 jns JUMP_006463 adc edx,byte +0x0 JUMP_006463: ; Pos = 5c232 add eax,edx jmp short JUMP_006466 JUMP_006464: ; Pos = 5c236 movsx eax,word [edi+0x2] mov edx,[ebp+0x10] sar edx,1 jns JUMP_006465 adc edx,byte +0x0 JUMP_006465: ; Pos = 5c244 sub eax,edx JUMP_006466: ; Pos = 5c246 cmp eax,0x9e jnc near JUMP_006478 JUMP_006467: ; Pos = 5c251 push dword [ebp+0x24] push dword [ebp+0x20] push dword [ebp+0x1c] push dword [ebp+0x18] push esi lea eax,[ebp-0x1c] push eax call FUNC_001694 add esp,byte +0x18 lea eax,[ebp-0x1c] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x7] push eax call FUNC_001691 add esp,byte +0x14 cmp dword [ebp+0x20],byte +0x0 jnz near JUMP_006471 cmp dword [ebp+0x10],byte +0x9 jnl JUMP_006469 cmp dword [esi+0x13c],0xffff9000 jnl JUMP_006468 cmp dword [ebp+0x28],byte +0x0 jz near JUMP_006471 JUMP_006468: ; Pos = 5c2aa mov al,[esi+0x84] add [ebp-0x7],al mov al,[esi+0x85] add [ebp-0x6],al mov al,[esi+0x86] add [ebp-0x5],al jmp JUMP_006471 JUMP_006469: ; Pos = 5c2ca mov eax,[esi+0x13c] cmp eax,0xffff8300 jl near JUMP_006471 cmp eax,0x7d00 jng JUMP_006470 mov al,[esi+0x84] add [ebp-0x7],al mov al,[esi+0x85] add [ebp-0x6],al mov al,[esi+0x86] add [ebp-0x5],al jmp JUMP_006471 JUMP_006470: ; Pos = 5c302 push byte +0x0 push ebx push esi call FUNC_001777 add esp,byte +0x8 push eax push byte +0x19 call FUNC_001778 add esp,byte +0xc mov ebx,eax mov dword [ebx],FUNC_001794 mov dword [ebx+0x4],FUNC_001797 mov dword [ebx+0x18],FUNC_001797 mov dword [ebx+0x2c],FUNC_001791 mov eax,[ebp-0x7] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [esi+0xcc],eax mov [ebx+0x30],eax mov dword [ebx+0x34],FUNC_001797 mov dword [ebx+0x48],FUNC_001797 mov dword [ebx+0x5c],FUNC_001799 mov al,[esi+0x84] add [ebp-0x7],al mov al,[esi+0x85] add [ebp-0x6],al mov al,[esi+0x86] add [ebp-0x5],al mov eax,[ebp-0x7] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x60],eax mov eax,[esi+0x134] imul dword [esi+0x134] mov edx,[esi+0x138] imul edx,[esi+0x138] add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx add eax,byte +0x8 mov [ebp-0xc],eax mov eax,[esi+0x134] shl eax,0xf cdq idiv dword [ebp-0xc] mov ecx,eax imul ecx,[ebp+0x10] sar ecx,0x10 mov eax,ecx neg ax mov [ebp-0x1e],ax mov eax,ecx shl eax,0x11 mov ecx,0x3 cdq idiv ecx sar eax,0xf mov [ebp-0x24],ax mov eax,[esi+0x138] neg eax shl eax,0xf cdq idiv dword [ebp-0xc] mov ecx,eax imul ecx,[ebp+0x10] sar ecx,0x10 mov [ebp-0x20],cx mov eax,ecx shl eax,0x11 mov ecx,0x3 cdq idiv ecx sar eax,0xf mov [ebp-0x22],ax mov ax,[edi] add ax,[ebp-0x20] mov [ebx+0x8],ax mov ax,[edi+0x2] add ax,[ebp-0x1e] mov [ebx+0xa],ax mov eax,[ebx+0x8] mov [ebx+0x58],eax mov [ebx+0x38],eax mov [ebx+0x28],eax mov ax,[ebp-0x24] neg ax add ax,[ebx+0x8] mov [ebx+0xc],ax mov ax,[ebp-0x22] neg ax add ax,[ebx+0xa] mov [ebx+0xe],ax mov ax,[ebx+0x8] add ax,[ebp-0x24] mov [ebx+0x3c],ax mov ax,[ebx+0xa] add ax,[ebp-0x22] mov [ebx+0x3e],ax mov ax,[ebp-0x20] neg ax add ax,[edi] mov [ebx+0x14],ax mov ax,[ebp-0x1e] neg ax add ax,[edi+0x2] mov [ebx+0x16],ax mov eax,[ebx+0x14] mov [ebx+0x4c],eax mov [ebx+0x44],eax mov [ebx+0x1c],eax mov ax,[ebp-0x24] neg ax add ax,[ebx+0x14] mov [ebx+0x10],ax mov ax,[ebp-0x22] neg ax add ax,[ebx+0x16] mov [ebx+0x12],ax mov ax,[ebx+0x14] add ax,[ebp-0x24] mov [ebx+0x40],ax mov ax,[ebx+0x16] add ax,[ebp-0x22] mov [ebx+0x42],ax mov eax,[esi+0x13c] neg eax mov edx,eax movsx ecx,word [ebp-0x24] imul edx,ecx sar edx,0xf mov [ebp-0x24],dx mov edx,[esi+0x13c] neg edx movsx edx,word [ebp-0x22] imul edx sar eax,0xf mov [ebp-0x22],ax mov ax,[ebx+0x8] add ax,[ebp-0x24] mov [ebx+0x24],ax mov ax,[ebx+0xa] add ax,[ebp-0x22] mov [ebx+0x26],ax mov eax,[ebx+0x24] mov [ebx+0x54],eax mov ax,[ebx+0x14] add ax,[ebp-0x24] mov [ebx+0x20],ax mov ax,[ebx+0x16] add ax,[ebp-0x22] mov [ebx+0x22],ax mov eax,[ebx+0x20] mov [ebx+0x50],eax jmp JUMP_006478 JUMP_006471: ; Pos = 5c540 mov ax,[edi] mov [ebp-0x4],ax mov ax,[edi+0x2] mov [ebp-0x2],ax cmp dword [ebp+0x10],byte +0x0 jnz JUMP_006474 cmp dword [ebp+0x28],byte +0x0 jz JUMP_006473 mov eax,[ebx+0x8] sar eax,0x8 push eax mov eax,[ebp+0x14] push eax call FUNC_001666_SpecialDiv add esp,byte +0x8 mov [ebp+0x10],eax cmp dword [ebp+0x10],byte +0x0 jnz JUMP_006472 push ebx mov eax,[ebp-0x7] push eax push byte +0x0 lea eax,[ebp-0x4] push eax push esi call FUNC_001701 add esp,byte +0x14 jmp JUMP_006478 JUMP_006472: ; Pos = 5c590 mov eax,[ebp+0x10] sar eax,0x3 movsx eax,byte [eax+DATA_007825] mov [ebp+0x10],eax jmp short JUMP_006475 JUMP_006473: ; Pos = 5c5a2 push ebx mov eax,[ebp-0x7] push eax mov eax,[ebp+0x10] push eax lea eax,[ebp-0x4] push eax push esi call FUNC_001701 add esp,byte +0x14 jmp JUMP_006478 JUMP_006474: ; Pos = 5c5bd cmp dword [ebp+0x10],byte +0x9 jng JUMP_006475 push ebx mov eax,[ebp-0x7] push eax mov eax,[ebp+0x10] push eax lea eax,[ebp-0x4] push eax push esi call FUNC_001701 add esp,byte +0x14 jmp JUMP_006478 JUMP_006475: ; Pos = 5c5de movsx eax,word [ebp-0x4] cmp eax,0x140 jnc near JUMP_006478 movsx eax,word [ebp-0x2] cmp eax,0x9e jnc near JUMP_006478 push byte +0x0 push ebx push esi call FUNC_001777 add esp,byte +0x8 push eax push byte +0x6 call FUNC_001778 add esp,byte +0xc mov ebx,eax cmp dword [ebp+0x28],byte +0x0 jz JUMP_006476 mov dword [ebx],FUNC_001802 dec word [ebp-0x4] dec word [ebp-0x2] jmp short JUMP_006477 JUMP_006476: ; Pos = 5c62b mov dword [ebx],FUNC_001801 JUMP_006477: ; Pos = 5c631 movsx eax,word [ebp-0x4] mov [ebx+0x8],eax movsx eax,word [ebp-0x2] mov [ebx+0xc],eax mov eax,[ebp+0x10] mov [ebx+0x10],eax mov eax,[ebp-0x7] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x4],eax xor eax,eax mov al,[ebp-0x7] add eax,eax xor edx,edx mov dl,[DATA_008815] add eax,edx inc eax mov ecx,0x3 cdq idiv ecx mov [ebp-0x7],al xor eax,eax mov al,[ebp-0x6] add eax,eax xor edx,edx mov dl,[DATA_008816] add eax,edx inc eax mov ecx,0x3 cdq idiv ecx mov [ebp-0x6],al xor eax,eax mov al,[ebp-0x5] add eax,eax xor edx,edx mov dl,[DATA_008817] add eax,edx inc eax mov ecx,0x3 cdq idiv ecx mov [ebp-0x5],al mov eax,[ebp-0x7] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x14],eax JUMP_006478: ; Pos = 5c6be pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001701: ; Pos = 5c6c8 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0xc] push byte +0x0 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x8] push eax call FUNC_001777 add esp,byte +0x8 push eax push byte +0x5 call FUNC_001778 add esp,byte +0xc mov ebx,eax mov dword [ebx],FUNC_001800 movsx eax,word [esi] mov [ebx+0x8],eax movsx eax,word [esi+0x2] mov [ebx+0xc],eax mov eax,[ebp+0x10] mov [ebx+0x10],eax mov eax,[ebp+0x14] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x4],eax pop esi pop ebx pop ebp ret FUNC_001702: ; Pos = 5c720 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] xor eax,eax mov al,[ebx+0x3] push eax xor eax,eax mov al,[ebx+0x2] push eax movsx eax,word [ebx] push eax mov eax,[ebp+0x8] push eax call FUNC_001703 add esp,byte +0x10 lea eax,[ebx+0x4] pop ebx pop ebp ret FUNC_001703: ; Pos = 5c74c push ebp mov ebp,esp add esp,byte -0x28 push ebx push esi push edi mov edi,[ebp+0x14] mov esi,[ebp+0x10] mov ebx,[ebp+0x8] mov ax,[DATA_007826] mov [ebp-0x3],ax mov al,[DATA_007827] mov [ebp-0x1],al mov eax,[ebp-0x3] push eax mov eax,[ebp+0xc] push eax lea eax,[ebp-0x28] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x28] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push ebx lea eax,[ebp-0x18] push eax call FUNC_001693 add esp,byte +0x1c lea eax,[ebp-0x18] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x6] push eax call FUNC_001691 add esp,byte +0x14 lea eax,[ebp-0x6] mov eax,[eax] push eax mov eax,edi movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006479 mov eax,edi movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006480 JUMP_006479: ; Pos = 5c7ee mov eax,edi push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006480: ; Pos = 5c7fb push eax mov eax,esi movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006481 mov eax,esi movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006482 JUMP_006481: ; Pos = 5c829 mov eax,esi push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006482: ; Pos = 5c836 push eax push ebx call FUNC_001704 add esp,byte +0x10 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001704: ; Pos = 5c848 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] mov eax,[ebx] mov [ebp-0x4],eax mov eax,[esi] mov [ebp-0x8],eax movsx eax,word [ebp-0x4] cmp eax,0x140 jnc JUMP_006484 movsx eax,word [ebp-0x2] cmp eax,0x9e jnc JUMP_006484 movsx eax,word [ebp-0x8] cmp eax,0x140 jnc JUMP_006483 movsx eax,word [ebp-0x6] cmp eax,0x9e jc near JUMP_006486 JUMP_006483: ; Pos = 5c891 push ebx push esi lea eax,[ebp-0x8] push eax call FUNC_001705 add esp,byte +0xc test eax,eax jz near JUMP_006486 jmp JUMP_006491 JUMP_006484: ; Pos = 5c8ac movsx eax,word [ebp-0x8] cmp eax,0x140 jnc JUMP_006485 movsx eax,word [ebp-0x6] cmp eax,0x9e jnc JUMP_006485 push esi push ebx lea eax,[ebp-0x4] push eax call FUNC_001705 add esp,byte +0xc test eax,eax jz near JUMP_006486 jmp JUMP_006491 JUMP_006485: ; Pos = 5c8d9 movsx eax,word [ebp-0x4] push eax call FUNC_001715 pop ecx mov edi,eax movsx eax,word [ebp-0x8] push eax call FUNC_001715 pop ecx or edi,eax cmp dword [edi*4+DATA_007818],byte +0x0 jnz near JUMP_006491 movsx eax,word [ebp-0x2] push eax call FUNC_001716 pop ecx mov edi,eax movsx eax,word [ebp-0x6] push eax call FUNC_001716 pop ecx or edi,eax cmp dword [edi*4+DATA_007818],byte +0x0 jnz near JUMP_006491 push esi push ebx lea eax,[ebp-0x4] push eax call FUNC_001705 add esp,byte +0xc test eax,eax jnz near JUMP_006491 push ebx push esi lea eax,[ebp-0x8] push eax call FUNC_001705 add esp,byte +0xc test eax,eax jnz JUMP_006491 JUMP_006486: ; Pos = 5c94d push byte +0x0 add ebx,byte +0x4 push ebx mov eax,[ebp+0x8] push eax call FUNC_001777 add esp,byte +0x8 push eax push byte +0x6 call FUNC_001778 add esp,byte +0xc mov ebx,eax mov dword [ebx],FUNC_001803 cmp word [ebp-0x4],byte +0x0 jng JUMP_006487 movsx eax,word [ebp-0x4] dec eax jmp short JUMP_006488 JUMP_006487: ; Pos = 5c980 xor eax,eax JUMP_006488: ; Pos = 5c982 mov [ebx+0x4],eax movsx eax,word [ebp-0x2] mov [ebx+0x8],eax cmp word [ebp-0x8],byte +0x0 jng JUMP_006489 movsx eax,word [ebp-0x8] dec eax jmp short JUMP_006490 JUMP_006489: ; Pos = 5c99a xor eax,eax JUMP_006490: ; Pos = 5c99c mov [ebx+0xc],eax movsx eax,word [ebp-0x6] mov [ebx+0x10],eax mov eax,[ebp+0x14] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x14],eax JUMP_006491: ; Pos = 5c9b7 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001705: ; Pos = 5c9c0 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] mov eax,[ebp+0xc] mov ebx,[ebp+0x8] cmp dword [eax+0xc],byte +0x40 jnl JUMP_006493 cmp dword [esi+0xc],byte +0x40 jnl JUMP_006492 mov eax,0x1 jmp short JUMP_006496 JUMP_006492: ; Pos = 5c9e1 lea edx,[esi+0x4] push edx add eax,byte +0x4 push eax push ebx call FUNC_001564 add esp,byte +0xc JUMP_006493: ; Pos = 5c9f2 push esi push ebx call FUNC_001561 add esp,byte +0x8 movsx eax,word [ebx] cmp eax,0x140 jnc JUMP_006494 movsx eax,word [ebx+0x2] cmp eax,0x9e jc JUMP_006495 JUMP_006494: ; Pos = 5ca11 mov eax,0x1 jmp short JUMP_006496 JUMP_006495: ; Pos = 5ca18 xor eax,eax JUMP_006496: ; Pos = 5ca1a pop esi pop ebx pop ebp ret FUNC_001706: ; Pos = 5ca20 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] mov edi,[ebp+0x8] xor eax,eax mov al,[ebx+0x4] xor eax,byte +0x1 push eax xor eax,eax mov al,[ebx+0x5] xor eax,byte +0x1 push eax xor eax,eax mov al,[ebx+0x2] xor eax,byte +0x1 push eax xor eax,eax mov al,[ebx+0x3] xor eax,byte +0x1 push eax movsx eax,word [ebx] push eax push edi call FUNC_001708 add esp,byte +0x18 push esi push ebx push edi call FUNC_001707 add esp,byte +0xc pop edi pop esi pop ebx pop ebp ret FUNC_001707: ; Pos = 5ca70 push ebp mov ebp,esp push ebx mov eax,[ebp+0x10] mov ebx,[ebp+0xc] xor eax,eax mov al,[ebx+0x4] push eax xor eax,eax mov al,[ebx+0x5] push eax xor eax,eax mov al,[ebx+0x2] push eax xor eax,eax mov al,[ebx+0x3] push eax movsx eax,word [ebx] push eax mov eax,[ebp+0x8] push eax call FUNC_001708 add esp,byte +0x18 lea eax,[ebx+0x6] pop ebx pop ebp ret FUNC_001708: ; Pos = 5caa8 push ebp mov ebp,esp add esp,byte -0x48 push ebx push esi push edi mov edi,[ebp+0x14] mov esi,[ebp+0x10] mov ebx,[ebp+0x8] mov eax,[DATA_009201] mov edx,[ebp+0x1c] mov al,[eax+edx*8+0x3] shr eax,1 test al,0x1 jz JUMP_006497 mov eax,[ebp+0x1c] push eax push ebx call near [DATA_007721] ; FUNC_001481 add esp,byte +0x8 jmp short JUMP_006498 JUMP_006497: ; Pos = 5cadc mov eax,[ebp+0x1c] shl eax,0x3 add eax,[DATA_009201] JUMP_006498: ; Pos = 5cae8 mov [ebp-0x10],eax mov eax,[ebp+0xc] push eax lea eax,[ebp-0x20] push eax call FUNC_001692 add esp,byte +0x8 push esi push edi lea esi,[ebp-0x20] lea edi,[ebp-0x48] mov ecx,0x4 rep movsd pop edi pop esi mov eax,[ebp-0x10] test byte [eax+0x3],0x1 jz JUMP_006499 mov eax,0x1 jmp JUMP_006526 JUMP_006499: ; Pos = 5cb1f mov eax,edi movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006500 mov eax,edi movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006501 JUMP_006500: ; Pos = 5cb4c mov eax,edi push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006501: ; Pos = 5cb59 mov edi,eax movsx eax,byte [ebp+0x18] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006502 movsx eax,byte [ebp+0x18] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006503 JUMP_006502: ; Pos = 5cb86 mov al,[ebp+0x18] push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006503: ; Pos = 5cb94 mov [ebp-0xc],eax mov eax,esi movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006504 mov eax,esi movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006505 JUMP_006504: ; Pos = 5cbc4 mov eax,esi push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006505: ; Pos = 5cbd1 mov esi,eax cmp dword [DATA_008812],byte +0x0 jl near JUMP_006525 cmp word [esi],0xf830 jl near JUMP_006525 cmp word [esi],0x910 jg near JUMP_006525 cmp word [esi+0x2],0xf830 jl near JUMP_006525 cmp word [esi+0x2],0x86e jg near JUMP_006525 cmp word [edi],0xf830 jl near JUMP_006525 cmp word [edi],0x910 jg near JUMP_006525 cmp word [edi+0x2],0xf830 jl near JUMP_006525 cmp word [edi+0x2],0x86e jg near JUMP_006525 mov eax,[ebp-0xc] cmp word [eax],0xf830 jl near JUMP_006525 mov eax,[ebp-0xc] cmp word [eax],0x910 jg near JUMP_006525 mov eax,[ebp-0xc] cmp word [eax+0x2],0xf830 jl near JUMP_006525 mov eax,[ebp-0xc] cmp word [eax+0x2],0x86e jg near JUMP_006525 push dword [ebp-0x3c] push dword [ebp-0x40] push dword [ebp-0x44] push dword [ebp-0x48] push ebx lea eax,[ebp-0x48] push eax call FUNC_001695 add esp,byte +0x18 cmp dword [ebp-0x44],byte +0x0 jz near JUMP_006525 movsx eax,word [esi] movsx edx,word [edi] sub eax,edx js JUMP_006506 movsx eax,word [esi] movsx edx,word [edi] sub eax,edx jmp short JUMP_006507 JUMP_006506: ; Pos = 5ccad movsx eax,word [esi] movsx edx,word [edi] sub eax,edx neg eax JUMP_006507: ; Pos = 5ccb7 movsx edx,word [edi] mov ecx,[ebp-0xc] movsx ecx,word [ecx] sub edx,ecx js JUMP_006508 movsx edx,word [edi] mov ecx,[ebp-0xc] movsx ecx,word [ecx] sub edx,ecx jmp short JUMP_006509 JUMP_006508: ; Pos = 5ccd1 movsx edx,word [edi] mov ecx,[ebp-0xc] movsx ecx,word [ecx] sub edx,ecx neg edx JUMP_006509: ; Pos = 5ccde add eax,edx mov edx,[ebp-0xc] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx js JUMP_006510 mov edx,[ebp-0xc] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx jmp short JUMP_006511 JUMP_006510: ; Pos = 5ccfa mov edx,[ebp-0xc] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx neg edx JUMP_006511: ; Pos = 5cd07 add eax,edx movsx edx,word [esi+0x2] movsx ecx,word [edi+0x2] sub edx,ecx js JUMP_006512 movsx edx,word [esi+0x2] movsx ecx,word [edi+0x2] sub edx,ecx jmp short JUMP_006513 JUMP_006512: ; Pos = 5cd21 movsx edx,word [esi+0x2] movsx ecx,word [edi+0x2] sub edx,ecx neg edx JUMP_006513: ; Pos = 5cd2d add eax,edx movsx edx,word [edi+0x2] mov ecx,[ebp-0xc] movsx ecx,word [ecx+0x2] sub edx,ecx js JUMP_006514 movsx edx,word [edi+0x2] mov ecx,[ebp-0xc] movsx ecx,word [ecx+0x2] sub edx,ecx jmp short JUMP_006515 JUMP_006514: ; Pos = 5cd4d movsx edx,word [edi+0x2] mov ecx,[ebp-0xc] movsx ecx,word [ecx+0x2] sub edx,ecx neg edx JUMP_006515: ; Pos = 5cd5c add eax,edx mov edx,[ebp-0xc] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx js JUMP_006516 mov edx,[ebp-0xc] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx jmp short JUMP_006517 JUMP_006516: ; Pos = 5cd7c mov edx,[ebp-0xc] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx neg edx JUMP_006517: ; Pos = 5cd8b add eax,edx cmp eax,byte +0x6 jl near JUMP_006525 push esi call FUNC_001717 pop ecx push eax push edi call FUNC_001717 pop ecx pop edx or edx,eax push edx mov eax,[ebp-0xc] push eax call FUNC_001717 pop ecx pop edx or edx,eax shl edx,0x3 add edx,DATA_007815 test edx,edx jnz JUMP_006518 mov eax,0x1 jmp JUMP_006526 JUMP_006518: ; Pos = 5cdcd push byte +0x0 lea eax,[esi+0x4] push eax push ebx call FUNC_001777 add esp,byte +0x8 push eax push byte +0xc call FUNC_001778 add esp,byte +0xc mov dword [eax],FUNC_001807 mov edx,[esi] mov [eax+0x4],edx mov edx,[edi] mov [eax+0x8],edx mov edx,[ebp-0xc] mov edx,[edx] mov [eax+0xc],edx mov dx,[ebp-0x48] mov [ebp-0x23],dx mov dl,[ebp-0x46] mov [ebp-0x21],dl cmp dword [ebp-0x40],byte +0x0 jnz JUMP_006519 mov edx,[ebp-0x10] mov dl,[edx] add [ebp-0x23],dl mov edx,[ebp-0x10] mov dl,[edx+0x1] add [ebp-0x22],dl mov edx,[ebp-0x10] mov dl,[edx+0x2] add [ebp-0x21],dl JUMP_006519: ; Pos = 5ce2d mov edx,[ebp-0x44] add edx,edx lea edx,[edx+edx*2] lea edx,[edx+edx*4] add edx,DATA_007811 mov [ebp-0x28],edx mov edx,[ebp-0x28] mov edx,[edx] mov [eax+0x10],edx xor edi,edi lea esi,[eax+0x14] mov eax,[ebp-0x28] lea ebx,[eax+0x8] jmp short JUMP_006524 JUMP_006520: ; Pos = 5ce56 mov ax,[ebx] mov [ebp-0x6],ax mov al,[ebx+0x2] mov [ebp-0x4],al mov al,[ebp-0x23] add [ebp-0x6],al mov al,[ebp-0x22] add [ebp-0x5],al mov al,[ebp-0x21] add [ebp-0x4],al cmp byte [ebp-0x6],0xf jna JUMP_006521 mov byte [ebp-0x6],0xf JUMP_006521: ; Pos = 5ce7f cmp byte [ebp-0x5],0xf jna JUMP_006522 mov byte [ebp-0x5],0xf JUMP_006522: ; Pos = 5ce89 cmp byte [ebp-0x4],0xf jna JUMP_006523 mov byte [ebp-0x4],0xf JUMP_006523: ; Pos = 5ce93 mov eax,[ebp-0x6] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [esi],eax inc edi add esi,byte +0x4 add ebx,byte +0x3 JUMP_006524: ; Pos = 5ceaa mov eax,[ebp-0x28] cmp edi,[eax+0x4] jl JUMP_006520 xor eax,eax jmp short JUMP_006526 JUMP_006525: ; Pos = 5ceb6 mov eax,[ebp-0x10] mov eax,[eax] push eax push dword [ebp-0x3c] push dword [ebp-0x40] push dword [ebp-0x44] push dword [ebp-0x48] push ebx lea eax,[ebp-0x38] push eax call FUNC_001693 add esp,byte +0x1c lea eax,[ebp-0x38] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x3] push eax call FUNC_001691 add esp,byte +0x14 mov eax,[ebp-0x3] push eax mov eax,[ebp-0xc] push eax push edi push esi push ebx call FUNC_001709 add esp,byte +0x14 JUMP_006526: ; Pos = 5cf02 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001709: ; Pos = 5cf0c push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0x14] mov esi,[ebp+0x10] mov edi,[ebp+0xc] movsx eax,word [edi] cmp eax,0x140 jnc near JUMP_006527 movsx eax,word [edi+0x2] cmp eax,0x9e jnc near JUMP_006527 movsx eax,word [esi] cmp eax,0x140 jnc near JUMP_006530 movsx eax,word [esi+0x2] cmp eax,0x9e jnc near JUMP_006530 movsx eax,word [ebx] cmp eax,0x140 jnc near JUMP_006530 movsx eax,word [ebx+0x2] cmp eax,0x9e jnc near JUMP_006530 push byte +0x0 lea eax,[edi+0x4] push eax mov eax,[ebp+0x8] push eax call FUNC_001777 add esp,byte +0x8 push eax push byte +0x5 call FUNC_001778 add esp,byte +0xc mov [ebp-0x4],eax mov eax,[ebp-0x4] mov dword [eax],FUNC_001804 mov eax,[ebp-0x4] mov edx,[edi] mov [eax+0x4],edx mov eax,[ebp-0x4] mov edx,[esi] mov [eax+0x8],edx mov eax,[ebp-0x4] mov edx,[ebx] mov [eax+0xc],edx mov eax,[ebp+0x18] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov edx,[ebp-0x4] mov [edx+0x10],eax xor eax,eax jmp short JUMP_006531 JUMP_006527: ; Pos = 5cfcc movsx eax,word [esi] cmp eax,0x140 jnc JUMP_006528 movsx eax,word [esi+0x2] cmp eax,0x9e jc JUMP_006530 JUMP_006528: ; Pos = 5cfe1 movsx eax,word [ebx] cmp eax,0x140 jnc JUMP_006529 movsx eax,word [ebx+0x2] cmp eax,0x9e jc JUMP_006530 JUMP_006529: ; Pos = 5cff6 mov eax,[ebp+0x18] push eax push ebx push ebx push esi push edi mov eax,[ebp+0x8] push eax call FUNC_001713 add esp,byte +0x18 jmp short JUMP_006531 JUMP_006530: ; Pos = 5d00c mov eax,[ebp+0x18] push eax push ebx push ebx push esi push edi mov eax,[ebp+0x8] push eax call FUNC_001714 add esp,byte +0x18 xor eax,eax JUMP_006531: ; Pos = 5d022 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001710: ; Pos = 5d028 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0xc] mov edi,[ebp+0x8] movsx eax,word [ebx+0x6] xor eax,byte +0x1 push eax xor eax,eax mov al,[ebx+0x3] xor eax,byte +0x1 push eax xor eax,eax mov al,[ebx+0x5] xor eax,byte +0x1 push eax xor eax,eax mov al,[ebx+0x2] xor eax,byte +0x1 push eax xor eax,eax mov al,[ebx+0x4] xor eax,byte +0x1 push eax movsx eax,word [ebx] push eax push edi call FUNC_001712 add esp,byte +0x1c push esi push ebx push edi call FUNC_001711 add esp,byte +0xc pop edi pop esi pop ebx pop ebp ret FUNC_001711: ; Pos = 5d080 push ebp mov ebp,esp push ebx mov eax,[ebp+0x10] mov ebx,[ebp+0xc] movsx eax,word [ebx+0x6] push eax xor eax,eax mov al,[ebx+0x3] push eax xor eax,eax mov al,[ebx+0x5] push eax xor eax,eax mov al,[ebx+0x2] push eax xor eax,eax mov al,[ebx+0x4] push eax movsx eax,word [ebx] push eax mov eax,[ebp+0x8] push eax call FUNC_001712 add esp,byte +0x1c lea eax,[ebx+0x8] pop ebx pop ebp ret FUNC_001712: ; Pos = 5d0c0 push ebp mov ebp,esp add esp,byte -0x3c push ebx push esi push edi mov edi,[ebp+0x1c] mov esi,[ebp+0x18] mov ebx,[ebp+0x14] mov eax,[DATA_009201] mov edx,[ebp+0x20] mov al,[eax+edx*8+0x3] shr eax,1 test al,0x1 jz JUMP_006532 mov eax,[ebp+0x20] push eax mov eax,[ebp+0x8] push eax call near [DATA_007721] ; FUNC_001481 add esp,byte +0x8 jmp short JUMP_006533 JUMP_006532: ; Pos = 5d0f7 mov eax,[ebp+0x20] shl eax,0x3 add eax,[DATA_009201] JUMP_006533: ; Pos = 5d103 mov [ebp-0x10],eax mov eax,[ebp-0x10] test byte [eax+0x3],0x1 jz JUMP_006534 mov eax,0x1 jmp JUMP_006572 JUMP_006534: ; Pos = 5d119 mov eax,[ebp+0xc] push eax lea eax,[ebp-0x3c] push eax call FUNC_001692 add esp,byte +0x8 movsx eax,bl lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] mov edx,[ebp+0x8] cmp eax,[edx+0xf0] jnz JUMP_006535 movsx eax,bl shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006536 JUMP_006535: ; Pos = 5d155 push ebx mov eax,[ebp+0x8] push eax call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006536: ; Pos = 5d163 mov ebx,eax mov eax,esi movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] mov edx,[ebp+0x8] cmp eax,[edx+0xf0] jnz JUMP_006537 mov eax,esi movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006538 JUMP_006537: ; Pos = 5d195 mov eax,esi push eax mov eax,[ebp+0x8] push eax call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006538: ; Pos = 5d1a5 mov esi,eax mov eax,edi movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] mov edx,[ebp+0x8] cmp eax,[edx+0xf0] jnz JUMP_006539 mov eax,edi movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006540 JUMP_006539: ; Pos = 5d1d7 mov eax,edi push eax mov eax,[ebp+0x8] push eax call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006540: ; Pos = 5d1e7 mov edi,eax movsx eax,byte [ebp+0x10] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] mov edx,[ebp+0x8] cmp eax,[edx+0xf0] jnz JUMP_006541 movsx eax,byte [ebp+0x10] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006542 JUMP_006541: ; Pos = 5d217 mov al,[ebp+0x10] push eax mov eax,[ebp+0x8] push eax call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006542: ; Pos = 5d228 mov [ebp-0xc],eax cmp dword [DATA_008812],byte +0x0 jl near JUMP_006566 mov eax,[ebp-0xc] cmp word [eax],0xf830 jl near JUMP_006566 mov eax,[ebp-0xc] cmp word [eax],0x910 jg near JUMP_006566 mov eax,[ebp-0xc] cmp word [eax+0x2],0xf830 jl near JUMP_006566 mov eax,[ebp-0xc] cmp word [eax+0x2],0x86e jg near JUMP_006566 cmp word [ebx],0xf830 jl near JUMP_006566 cmp word [ebx],0x910 jg near JUMP_006566 cmp word [ebx+0x2],0xf830 jl near JUMP_006566 cmp word [ebx+0x2],0x86e jg near JUMP_006566 cmp word [esi],0xf830 jl near JUMP_006566 cmp word [esi],0x910 jg near JUMP_006566 cmp word [esi+0x2],0xf830 jl near JUMP_006566 cmp word [esi+0x2],0x86e jg near JUMP_006566 cmp word [edi],0xf830 jl near JUMP_006566 cmp word [edi],0x910 jg near JUMP_006566 cmp word [edi+0x2],0xf830 jl near JUMP_006566 cmp word [edi+0x2],0x86e jg near JUMP_006566 push dword [ebp-0x30] push dword [ebp-0x34] push dword [ebp-0x38] push dword [ebp-0x3c] mov eax,[ebp+0x8] push eax lea eax,[ebp-0x3c] push eax call FUNC_001695 add esp,byte +0x18 cmp dword [ebp-0x38],byte +0x0 jz near JUMP_006566 mov eax,[ebp-0xc] movsx eax,word [eax] movsx edx,word [ebx] sub eax,edx js JUMP_006543 mov eax,[ebp-0xc] movsx eax,word [eax] movsx edx,word [ebx] sub eax,edx jmp short JUMP_006544 JUMP_006543: ; Pos = 5d33c mov eax,[ebp-0xc] movsx eax,word [eax] movsx edx,word [ebx] sub eax,edx neg eax JUMP_006544: ; Pos = 5d349 movsx edx,word [ebx] movsx ecx,word [esi] sub edx,ecx js JUMP_006545 movsx edx,word [ebx] movsx ecx,word [esi] sub edx,ecx jmp short JUMP_006546 JUMP_006545: ; Pos = 5d35d movsx edx,word [ebx] movsx ecx,word [esi] sub edx,ecx neg edx JUMP_006546: ; Pos = 5d367 add eax,edx movsx edx,word [esi] movsx ecx,word [edi] sub edx,ecx js JUMP_006547 movsx edx,word [esi] movsx ecx,word [edi] sub edx,ecx jmp short JUMP_006548 JUMP_006547: ; Pos = 5d37d movsx edx,word [esi] movsx ecx,word [edi] sub edx,ecx neg edx JUMP_006548: ; Pos = 5d387 add eax,edx movsx edx,word [edi] mov ecx,[ebp-0xc] movsx ecx,word [ecx] sub edx,ecx js JUMP_006549 movsx edx,word [edi] mov ecx,[ebp-0xc] movsx ecx,word [ecx] sub edx,ecx jmp short JUMP_006550 JUMP_006549: ; Pos = 5d3a3 movsx edx,word [edi] mov ecx,[ebp-0xc] movsx ecx,word [ecx] sub edx,ecx neg edx JUMP_006550: ; Pos = 5d3b0 add eax,edx mov edx,[ebp-0xc] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx js JUMP_006551 mov edx,[ebp-0xc] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx jmp short JUMP_006552 JUMP_006551: ; Pos = 5d3d0 mov edx,[ebp-0xc] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx neg edx JUMP_006552: ; Pos = 5d3df add eax,edx movsx edx,word [ebx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx js JUMP_006553 movsx edx,word [ebx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx jmp short JUMP_006554 JUMP_006553: ; Pos = 5d3f9 movsx edx,word [ebx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx neg edx JUMP_006554: ; Pos = 5d405 add eax,edx movsx edx,word [esi+0x2] movsx ecx,word [edi+0x2] sub edx,ecx js JUMP_006555 movsx edx,word [esi+0x2] movsx ecx,word [edi+0x2] sub edx,ecx jmp short JUMP_006556 JUMP_006555: ; Pos = 5d41f movsx edx,word [esi+0x2] movsx ecx,word [edi+0x2] sub edx,ecx neg edx JUMP_006556: ; Pos = 5d42b add eax,edx movsx edx,word [edi+0x2] mov ecx,[ebp-0xc] movsx ecx,word [ecx+0x2] sub edx,ecx js JUMP_006557 movsx edx,word [edi+0x2] mov ecx,[ebp-0xc] movsx ecx,word [ecx+0x2] sub edx,ecx jmp short JUMP_006558 JUMP_006557: ; Pos = 5d44b movsx edx,word [edi+0x2] mov ecx,[ebp-0xc] movsx ecx,word [ecx+0x2] sub edx,ecx neg edx JUMP_006558: ; Pos = 5d45a add eax,edx cmp eax,byte +0x6 jl near JUMP_006566 mov eax,[ebp-0xc] push eax call FUNC_001717 pop ecx push eax push ebx call FUNC_001717 pop ecx pop edx or edx,eax push edx push esi call FUNC_001717 pop ecx pop edx or edx,eax push edx push edi call FUNC_001717 pop ecx pop edx or edx,eax shl edx,0x3 add edx,DATA_007815 test edx,edx jnz JUMP_006559 mov eax,0x1 jmp JUMP_006572 JUMP_006559: ; Pos = 5d4a7 push byte +0x0 mov eax,[ebp-0xc] add eax,byte +0x4 push eax mov eax,[ebp+0x8] push eax call FUNC_001777 add esp,byte +0x8 push eax push byte +0xd call FUNC_001778 add esp,byte +0xc mov [ebp-0x14],eax mov eax,[ebp-0x14] mov dword [eax],FUNC_001805 mov eax,[ebp-0xc] mov eax,[eax] mov edx,[ebp-0x14] mov [edx+0x4],eax mov eax,[ebp-0x14] mov edx,[ebx] mov [eax+0x8],edx mov eax,[ebp-0x14] mov edx,[esi] mov [eax+0xc],edx mov eax,[ebp-0x14] mov edx,[edi] mov [eax+0x10],edx mov ax,[ebp-0x3c] mov [ebp-0x17],ax mov al,[ebp-0x3a] mov [ebp-0x15],al cmp dword [ebp-0x34],byte +0x0 jnz JUMP_006560 mov eax,[ebp-0x10] mov al,[eax] add [ebp-0x17],al mov eax,[ebp-0x10] mov al,[eax+0x1] add [ebp-0x16],al mov eax,[ebp-0x10] mov al,[eax+0x2] add [ebp-0x15],al JUMP_006560: ; Pos = 5d524 mov eax,[ebp-0x38] add eax,eax lea eax,[eax+eax*2] lea eax,[eax+eax*4] add eax,DATA_007811 mov [ebp-0x1c],eax mov eax,[ebp-0x1c] mov eax,[eax] mov edx,[ebp-0x14] mov [edx+0x14],eax xor edi,edi mov eax,[ebp-0x14] lea esi,[eax+0x18] mov eax,[ebp-0x1c] lea ebx,[eax+0x8] jmp short JUMP_006565 JUMP_006561: ; Pos = 5d553 mov ax,[ebx] mov [ebp-0x6],ax mov al,[ebx+0x2] mov [ebp-0x4],al mov al,[ebp-0x17] add [ebp-0x6],al mov al,[ebp-0x16] add [ebp-0x5],al mov al,[ebp-0x15] add [ebp-0x4],al cmp byte [ebp-0x6],0xf jna JUMP_006562 mov byte [ebp-0x6],0xf JUMP_006562: ; Pos = 5d57c cmp byte [ebp-0x5],0xf jna JUMP_006563 mov byte [ebp-0x5],0xf JUMP_006563: ; Pos = 5d586 cmp byte [ebp-0x4],0xf jna JUMP_006564 mov byte [ebp-0x4],0xf JUMP_006564: ; Pos = 5d590 mov eax,[ebp-0x6] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [esi],eax inc edi add esi,byte +0x4 add ebx,byte +0x3 JUMP_006565: ; Pos = 5d5a7 mov eax,[ebp-0x1c] cmp edi,[eax+0x4] jl JUMP_006561 xor eax,eax jmp JUMP_006572 JUMP_006566: ; Pos = 5d5b6 mov eax,[ebp-0x10] mov eax,[eax] push eax push dword [ebp-0x30] push dword [ebp-0x34] push dword [ebp-0x38] push dword [ebp-0x3c] mov eax,[ebp+0x8] push eax lea eax,[ebp-0x2c] push eax call FUNC_001693 add esp,byte +0x1c lea eax,[ebp-0x2c] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x3] push eax call FUNC_001691 add esp,byte +0x14 mov eax,[ebp-0xc] movsx eax,word [eax] cmp eax,0x140 jnc near JUMP_006567 mov eax,[ebp-0xc] movsx eax,word [eax+0x2] cmp eax,0x9e jnc near JUMP_006567 movsx eax,word [ebx] cmp eax,0x140 jnc near JUMP_006571 movsx eax,word [ebx+0x2] cmp eax,0x9e jnc near JUMP_006571 movsx eax,word [esi] cmp eax,0x140 jnc near JUMP_006571 movsx eax,word [esi+0x2] cmp eax,0x9e jnc near JUMP_006571 movsx eax,word [edi] cmp eax,0x140 jnc near JUMP_006571 movsx eax,word [edi+0x2] cmp eax,0x9e jnc near JUMP_006571 push byte +0x0 mov eax,[ebp-0xc] add eax,byte +0x4 push eax mov eax,[ebp+0x8] push eax call FUNC_001777 add esp,byte +0x8 push eax push byte +0x6 call FUNC_001778 add esp,byte +0xc mov [ebp-0x14],eax mov eax,[ebp-0x14] mov dword [eax],FUNC_001809 mov eax,[ebp-0xc] mov eax,[eax] mov edx,[ebp-0x14] mov [edx+0x4],eax mov eax,[ebp-0x14] mov edx,[ebx] mov [eax+0x8],edx mov eax,[ebp-0x14] mov edx,[esi] mov [eax+0xc],edx mov eax,[ebp-0x14] mov edx,[edi] mov [eax+0x10],edx mov eax,[ebp-0x3] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov edx,[ebp-0x14] mov [edx+0x14],eax xor eax,eax jmp short JUMP_006572 JUMP_006567: ; Pos = 5d6d3 movsx eax,word [ebx] cmp eax,0x140 jnc JUMP_006568 movsx eax,word [ebx+0x2] cmp eax,0x9e jc JUMP_006571 JUMP_006568: ; Pos = 5d6e8 movsx eax,word [esi] cmp eax,0x140 jnc JUMP_006569 movsx eax,word [esi+0x2] cmp eax,0x9e jc JUMP_006571 JUMP_006569: ; Pos = 5d6fd movsx eax,word [edi] cmp eax,0x140 jnc JUMP_006570 movsx eax,word [edi+0x2] cmp eax,0x9e jc JUMP_006571 JUMP_006570: ; Pos = 5d712 mov eax,[ebp-0x3] push eax push edi push esi push ebx mov eax,[ebp-0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001713 add esp,byte +0x18 jmp short JUMP_006572 JUMP_006571: ; Pos = 5d72b mov eax,[ebp-0x3] push eax push edi push esi push ebx mov eax,[ebp-0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001714 add esp,byte +0x18 xor eax,eax JUMP_006572: ; Pos = 5d744 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001713: ; Pos = 5d74c push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x14] mov esi,[ebp+0x10] mov ebx,[ebp+0xc] movsx eax,word [ebx] push eax call FUNC_001715 pop ecx push eax movsx eax,word [esi] push eax call FUNC_001715 pop ecx pop edx or edx,eax push edx movsx eax,word [edi] push eax call FUNC_001715 pop ecx pop edx or edx,eax push edx mov eax,[ebp+0x18] movsx eax,word [eax] push eax call FUNC_001715 pop ecx pop edx or edx,eax cmp dword [edx*4+DATA_007818],byte +0x0 jnz JUMP_006573 movsx eax,word [ebx+0x2] push eax call FUNC_001716 pop ecx push eax movsx eax,word [esi+0x2] push eax call FUNC_001716 pop ecx pop edx or edx,eax push edx movsx eax,word [edi+0x2] push eax call FUNC_001716 pop ecx pop edx or edx,eax push edx mov eax,[ebp+0x18] movsx eax,word [eax+0x2] push eax call FUNC_001716 pop ecx pop edx or edx,eax cmp dword [edx*4+DATA_007818],byte +0x0 jz JUMP_006574 JUMP_006573: ; Pos = 5d7e1 mov eax,0x1 jmp short JUMP_006575 JUMP_006574: ; Pos = 5d7e8 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax push edi push esi push ebx mov eax,[ebp+0x8] push eax call FUNC_001714 add esp,byte +0x18 xor eax,eax JUMP_006575: ; Pos = 5d801 pop edi pop esi pop ebx pop ebp ret FUNC_001714: ; Pos = 5d808 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0xc] push byte +0x0 lea eax,[esi+0x4] push eax mov eax,[ebp+0x8] push eax call FUNC_001777 add esp,byte +0x8 push eax push byte +0x0 call FUNC_001778 add esp,byte +0xc mov edi,eax xor ebx,ebx mov dword [edi],FUNC_001794 mov dword [edi+0x4],FUNC_001795 add ebx,byte +0x2 jmp short JUMP_006577 JUMP_006576: ; Pos = 5d844 mov eax,esi mov esi,[ebp+0x10] mov edx,[ebp+0x14] mov [ebp+0x10],edx mov edx,[ebp+0x18] mov [ebp+0x14],edx mov [ebp+0x18],eax JUMP_006577: ; Pos = 5d858 cmp dword [esi+0xc],byte +0x40 jl JUMP_006576 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_006579 mov eax,[esi] mov [edi+ebx*4],eax inc ebx lea eax,[esi+0x4] push eax mov eax,[ebp+0x10] add eax,byte +0x4 push eax mov eax,ebx inc ebx shl eax,0x2 add eax,edi push eax call FUNC_001564 add esp,byte +0xc mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jl JUMP_006578 mov dword [edi+ebx*4],FUNC_001796 inc ebx mov eax,[ebp+0x14] add eax,byte +0x4 push eax mov eax,[ebp+0x10] add eax,byte +0x4 push eax mov eax,ebx inc ebx shl eax,0x2 add eax,edi push eax call FUNC_001564 add esp,byte +0xc mov eax,0x1 jmp short JUMP_006581 JUMP_006578: ; Pos = 5d8c0 xor eax,eax jmp short JUMP_006581 JUMP_006579: ; Pos = 5d8c4 mov eax,[esi] mov [edi+ebx*4],eax inc ebx mov eax,[ebp+0x10] mov eax,[eax] mov [edi+ebx*4],eax inc ebx mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jnl JUMP_006580 mov dword [edi+ebx*4],FUNC_001796 inc ebx mov eax,[ebp+0x10] add eax,byte +0x4 push eax mov eax,[ebp+0x14] add eax,byte +0x4 push eax mov eax,ebx inc ebx shl eax,0x2 add eax,edi push eax call FUNC_001564 add esp,byte +0xc xor eax,eax jmp short JUMP_006581 JUMP_006580: ; Pos = 5d907 mov eax,0x1 JUMP_006581: ; Pos = 5d90c mov edx,eax sub edx,byte +0x1 jc JUMP_006582 jz JUMP_006584 jmp JUMP_006586 JUMP_006582: ; Pos = 5d91a mov eax,[ebp+0x18] cmp dword [eax+0xc],byte +0x40 jl JUMP_006583 mov dword [edi+ebx*4],FUNC_001796 inc ebx mov eax,[ebp+0x18] add eax,byte +0x4 push eax mov eax,[ebp+0x14] add eax,byte +0x4 push eax mov eax,ebx inc ebx shl eax,0x2 add eax,edi push eax call FUNC_001564 add esp,byte +0xc mov eax,0x1 jmp short JUMP_006586 JUMP_006583: ; Pos = 5d951 xor eax,eax jmp short JUMP_006586 JUMP_006584: ; Pos = 5d955 mov dword [edi+ebx*4],FUNC_001796 inc ebx mov eax,[ebp+0x14] mov eax,[eax] mov [edi+ebx*4],eax inc ebx mov eax,[ebp+0x18] cmp dword [eax+0xc],byte +0x40 jnl JUMP_006585 mov dword [edi+ebx*4],FUNC_001796 inc ebx mov eax,[ebp+0x14] add eax,byte +0x4 push eax mov eax,[ebp+0x18] add eax,byte +0x4 push eax mov eax,ebx inc ebx shl eax,0x2 add eax,edi push eax call FUNC_001564 add esp,byte +0xc xor eax,eax jmp short JUMP_006586 JUMP_006585: ; Pos = 5d99a mov eax,0x1 JUMP_006586: ; Pos = 5d99f sub eax,byte +0x1 jc JUMP_006587 jz JUMP_006588 jmp short JUMP_006589 JUMP_006587: ; Pos = 5d9a8 mov dword [edi+ebx*4],FUNC_001796 inc ebx lea eax,[esi+0x4] push eax mov eax,[ebp+0x18] add eax,byte +0x4 push eax mov eax,ebx inc ebx shl eax,0x2 add eax,edi push eax call FUNC_001564 add esp,byte +0xc jmp short JUMP_006589 JUMP_006588: ; Pos = 5d9ce mov dword [edi+ebx*4],FUNC_001796 inc ebx mov eax,[ebp+0x18] mov eax,[eax] mov [edi+ebx*4],eax inc ebx JUMP_006589: ; Pos = 5d9df mov dword [edi+ebx*4],FUNC_001796 inc ebx mov eax,[esi] mov [edi+ebx*4],eax inc ebx mov dword [edi+ebx*4],FUNC_001799 inc ebx mov eax,[ebp+0x1c] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [edi+ebx*4],eax inc ebx push ebx call FUNC_001787 pop ecx pop edi pop esi pop ebx pop ebp ret FUNC_001715: ; Pos = 5da14 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,0xffff8002 jnz JUMP_006590 mov eax,0x8 pop ebp ret JUMP_006590: ; Pos = 5da28 cmp eax,0x140 jnc JUMP_006591 mov eax,0x2 pop ebp ret JUMP_006591: ; Pos = 5da36 mov edx,0x1 test eax,eax jl JUMP_006592 add edx,byte +0x3 JUMP_006592: ; Pos = 5da42 mov eax,edx pop ebp ret FUNC_001716: ; Pos = 5da48 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,0xffff8002 jnz JUMP_006593 mov eax,0x8 pop ebp ret JUMP_006593: ; Pos = 5da5c cmp eax,0x9e jnc JUMP_006594 mov eax,0x2 pop ebp ret JUMP_006594: ; Pos = 5da6a mov edx,0x1 test eax,eax jl JUMP_006595 add edx,byte +0x3 JUMP_006595: ; Pos = 5da76 mov eax,edx pop ebp ret FUNC_001717: ; Pos = 5da7c push ebp mov ebp,esp mov edx,[ebp+0x8] xor eax,eax mov cx,[edx] test cx,cx jnl JUMP_006596 or eax,byte +0x1 jmp short JUMP_006598 JUMP_006596: ; Pos = 5da91 cmp cx,0x140 jl JUMP_006597 or eax,byte +0x4 jmp short JUMP_006598 JUMP_006597: ; Pos = 5da9d or eax,byte +0x2 JUMP_006598: ; Pos = 5daa0 mov cx,[edx+0x2] test cx,cx jnl JUMP_006599 or eax,byte +0x8 jmp short JUMP_006601 JUMP_006599: ; Pos = 5daae cmp cx,0x9e jl JUMP_006600 or eax,byte +0x20 jmp short JUMP_006601 JUMP_006600: ; Pos = 5daba or eax,byte +0x10 JUMP_006601: ; Pos = 5dabd pop ebp ret FUNC_001718: ; Pos = 5dac0 push ebp mov ebp,esp push byte +0x2 call FUNC_001787 pop ecx mov dword [eax],FUNC_001796 mov edx,[ebp+0x8] mov edx,[edx] mov [eax+0x4],edx pop ebp ret FUNC_001719: ; Pos = 5dadc push ebp mov ebp,esp push byte +0x3 call FUNC_001787 pop ecx mov dword [eax],FUNC_001795 mov edx,[ebp+0x8] mov edx,[edx] mov [eax+0x4],edx mov edx,[ebp+0xc] mov edx,[edx] mov [eax+0x8],edx pop ebp ret FUNC_001720: ; Pos = 5db00 push ebp mov ebp,esp push byte +0x5 call FUNC_001787 pop ecx mov dword [eax],FUNC_001797 mov edx,[ebp+0x8] mov edx,[edx] mov [eax+0x4],edx mov edx,[ebp+0xc] mov edx,[edx] mov [eax+0x8],edx mov edx,[ebp+0x10] mov edx,[edx] mov [eax+0xc],edx mov edx,[ebp+0x14] mov edx,[edx] mov [eax+0x10],edx pop ebp ret FUNC_001721: ; Pos = 5db34 push ebp mov ebp,esp add esp,byte -0x28 push ebx push esi push edi mov edi,[ebp+0x10] mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov al,[ebx+0x2] and eax,byte +0x7f mov edx,[DATA_009201] mov al,[edx+eax*8+0x3] shr eax,1 test al,0x1 jz JUMP_006602 mov al,[ebx+0x2] and eax,byte +0x7f push eax push esi call near [DATA_007721] ; FUNC_001481 add esp,byte +0x8 jmp short JUMP_006603 JUMP_006602: ; Pos = 5db6f mov al,[ebx+0x2] and eax,byte +0x7f shl eax,0x3 add eax,[DATA_009201] JUMP_006603: ; Pos = 5db7e mov [ebp-0x8],eax movsx edi,word [ebx] add ebx,byte +0x2 add ebx,byte +0x2 mov eax,[ebp-0x8] test byte [eax+0x3],0x1 jz JUMP_006604 xor eax,eax mov al,[ebx-0x1] add eax,ebx jmp JUMP_006612 JUMP_006604: ; Pos = 5db9f mov eax,[ebp-0x8] mov eax,[eax] push eax push edi lea eax,[ebp-0x28] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x28] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push esi lea eax,[ebp-0x18] push eax call FUNC_001693 add esp,byte +0x1c lea eax,[ebp-0x18] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x3] push eax call FUNC_001691 add esp,byte +0x14 xor eax,eax mov [esi+0x118],eax mov al,[ebx-0x2] and eax,0x80 mov [esi+0x128],eax push byte +0x0 mov al,[ebx] and al,0x7f movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006605 mov al,[ebx] and al,0x7f movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006606 JUMP_006605: ; Pos = 5dc30 mov al,[ebx] and al,0x7f push eax push esi call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006606: ; Pos = 5dc3f add eax,byte +0x4 push eax push esi call FUNC_001777 add esp,byte +0x8 push eax push byte +0x1 call FUNC_001778 add esp,byte +0xc mov [esi+0x12c],eax mov dword [eax],FUNC_001794 JUMP_006607: ; Pos = 5dc63 movsx edi,word [ebx] add ebx,byte +0x2 mov eax,edi shr eax,0x9 mov eax,[eax*4+DATA_007817] cmp eax,FUNC_001722 jz JUMP_006608 push edi push ebx push esi call eax add esp,byte +0xc mov ebx,eax jmp short JUMP_006607 JUMP_006608: ; Pos = 5dc88 cmp dword [esi+0x128],byte -0x1 jnz JUMP_006609 mov eax,[esi+0x12c] push eax call FUNC_001779 pop ecx push byte +0x1 call FUNC_001787 pop ecx mov dword [eax],FUNC_001813 jmp short JUMP_006611 JUMP_006609: ; Pos = 5dcae cmp dword [esi+0x104],byte +0x0 jz JUMP_006610 mov eax,[esi+0x110] push eax push ebx push esi call FUNC_001731 add esp,byte +0xc mov ebx,eax cmp dword [esi+0x10c],byte +0x0 jz JUMP_006610 add esi,0x108 push esi call FUNC_001718 pop ecx JUMP_006610: ; Pos = 5dce0 push byte +0x2 call FUNC_001787 pop ecx mov esi,eax mov dword [esi],FUNC_001799 mov eax,[ebp-0x3] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [esi+0x4],eax JUMP_006611: ; Pos = 5dd01 mov eax,ebx JUMP_006612: ; Pos = 5dd03 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001722: ; Pos = 5dd0c push ebp mov ebp,esp mov edx,[ebp+0x10] mov eax,[ebp+0x8] mov eax,[ebp+0xc] pop ebp ret FUNC_001723: ; Pos = 5dd1c push ebp mov ebp,esp push ebx push esi mov eax,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] cmp dword [ebx+0x104],byte +0x0 jz JUMP_006613 mov eax,[ebx+0x110] push eax push esi push ebx call FUNC_001731 add esp,byte +0xc mov esi,eax cmp dword [ebx+0x10c],byte +0x0 jz JUMP_006613 add ebx,0x108 push ebx call FUNC_001718 pop ecx JUMP_006613: ; Pos = 5dd5c mov eax,esi pop esi pop ebx pop ebp ret FUNC_001724: ; Pos = 5dd64 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,edi and al,0xff movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006614 mov eax,edi and al,0xff movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006615 JUMP_006614: ; Pos = 5dda4 mov eax,edi and al,0xff push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006615: ; Pos = 5ddb3 mov edi,eax mov [ebx+0x110],edi movsx eax,byte [esi] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006616 movsx eax,byte [esi] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006617 JUMP_006616: ; Pos = 5dde4 mov al,[esi] push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006617: ; Pos = 5ddf1 push eax push edi add esi,byte +0x2 push esi push ebx call FUNC_001725 add esp,byte +0x10 pop edi pop esi pop ebx pop ebp ret FUNC_001725: ; Pos = 5de08 push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0x14] mov edi,[ebp+0x10] mov ebx,[ebp+0x8] mov [ebx+0x114],esi mov dword [ebx+0x104],0xffffffff cmp dword [edi+0xc],byte +0x40 jnl JUMP_006619 cmp dword [ebx+0x128],byte +0x0 jnz near JUMP_006621 cmp dword [esi+0xc],byte +0x40 jnl JUMP_006618 xor eax,eax mov [ebx+0x104],eax mov dword [ebx+0x10c],0xffffffff mov eax,[ebp+0xc] jmp JUMP_006622 JUMP_006618: ; Pos = 5de5b lea eax,[esi+0x4] push eax add edi,byte +0x4 push edi lea eax,[ebx+0x108] push eax call FUNC_001564 add esp,byte +0xc xor eax,eax mov [ebx+0x10c],eax push esi add ebx,0x108 push ebx call FUNC_001719 add esp,byte +0x8 mov eax,[ebp+0xc] jmp short JUMP_006622 JUMP_006619: ; Pos = 5de8f cmp dword [esi+0xc],byte +0x40 jnl JUMP_006620 cmp dword [ebx+0x128],byte +0x0 jnz JUMP_006621 lea eax,[edi+0x4] push eax add esi,byte +0x4 push esi lea eax,[ebp-0x4] push eax call FUNC_001564 add esp,byte +0xc mov dword [ebx+0x10c],0xffffffff lea eax,[ebp-0x4] push eax push edi call FUNC_001719 add esp,byte +0x8 mov eax,[ebp+0xc] jmp short JUMP_006622 JUMP_006620: ; Pos = 5dece xor eax,eax mov [ebx+0x10c],eax push esi push edi call FUNC_001719 add esp,byte +0x8 mov eax,[ebp+0xc] jmp short JUMP_006622 JUMP_006621: ; Pos = 5dee5 mov eax,[ebp+0xc] push eax push ebx call FUNC_001726 add esp,byte +0x8 JUMP_006622: ; Pos = 5def2 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001726: ; Pos = 5def8 push ebp mov ebp,esp push esi mov eax,[ebp+0xc] mov esi,[ebp+0x8] JUMP_006623: ; Pos = 5df02 movsx edx,word [eax] add eax,byte +0x2 mov ecx,edx shr ecx,0x9 mov ecx,[ecx*4+DATA_007819] cmp ecx,FUNC_001722 jz JUMP_006624 push edx push eax push esi call ecx add esp,byte +0xc jmp short JUMP_006623 JUMP_006624: ; Pos = 5df26 mov dword [esi+0x128],0xffffffff add eax,byte -0x2 pop esi pop ebp ret FUNC_001727: ; Pos = 5df38 push ebp mov ebp,esp mov edx,[ebp+0x10] mov eax,[ebp+0x8] mov eax,[ebp+0xc] add eax,byte +0x2 pop ebp ret FUNC_001728: ; Pos = 5df4c push ebp mov ebp,esp mov edx,[ebp+0x10] mov eax,[ebp+0x8] mov eax,[ebp+0xc] pop ebp ret FUNC_001729: ; Pos = 5df5c push ebp mov ebp,esp mov edx,[ebp+0x10] mov eax,[ebp+0x8] mov eax,[ebp+0xc] add eax,byte +0x4 pop ebp ret FUNC_001730: ; Pos = 5df70 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] mov eax,esi and al,0xff movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006625 mov eax,esi and al,0xff movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006626 JUMP_006625: ; Pos = 5dfac mov eax,esi and al,0xff push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006626: ; Pos = 5dfbb push eax mov eax,[ebp+0xc] push eax push ebx call FUNC_001731 add esp,byte +0xc pop esi pop ebx pop ebp ret FUNC_001731: ; Pos = 5dfd0 push ebp mov ebp,esp push ecx push ebx push esi push edi mov esi,[ebp+0x10] mov edi,[ebp+0xc] mov ebx,[ebp+0x8] cmp dword [ebx+0x10c],byte +0x0 jnz JUMP_006629 cmp dword [esi+0xc],byte +0x40 jl JUMP_006627 mov [ebx+0x114],esi push esi call FUNC_001718 pop ecx jmp short JUMP_006631 JUMP_006627: ; Pos = 5dffe cmp dword [ebx+0x128],byte +0x0 jz JUMP_006628 push edi push ebx call FUNC_001726 add esp,byte +0x8 jmp short JUMP_006632 JUMP_006628: ; Pos = 5e013 mov eax,[ebx+0x114] add eax,byte +0x4 push eax lea eax,[esi+0x4] push eax lea eax,[ebp-0x4] push eax call FUNC_001564 add esp,byte +0xc mov [ebx+0x114],esi mov dword [ebx+0x10c],0xffffffff lea eax,[ebp-0x4] push eax call FUNC_001718 pop ecx jmp short JUMP_006631 JUMP_006629: ; Pos = 5e049 cmp dword [esi+0xc],byte +0x40 jl JUMP_006630 push esi push ebx call FUNC_001732 add esp,byte +0x8 jmp short JUMP_006631 JUMP_006630: ; Pos = 5e05b mov [ebx+0x114],esi JUMP_006631: ; Pos = 5e061 mov eax,edi JUMP_006632: ; Pos = 5e063 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001732: ; Pos = 5e06c push ebp mov ebp,esp push ecx push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[ebx+0x114] mov [ebx+0x114],esi xor edx,edx mov [ebx+0x10c],edx lea edx,[esi+0x4] push edx add eax,byte +0x4 push eax lea eax,[ebp-0x4] push eax call FUNC_001564 add esp,byte +0xc cmp dword [ebx+0x104],byte +0x0 jz JUMP_006633 lea eax,[ebp-0x4] push eax call FUNC_001718 pop ecx push esi call FUNC_001718 pop ecx jmp short JUMP_006634 JUMP_006633: ; Pos = 5e0bc mov dword [ebx+0x104],0xffffffff mov eax,[ebp-0x4] mov [ebx+0x108],eax push esi lea eax,[ebp-0x4] push eax call FUNC_001719 add esp,byte +0x8 JUMP_006634: ; Pos = 5e0dc pop esi pop ebx pop ecx pop ebp ret FUNC_001733: ; Pos = 5e0e4 push ebp mov ebp,esp push ebx push esi push edi mov esi,[ebp+0x10] mov edi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[ebx+0x114] cmp dword [eax+0xc],byte +0x40 jnl JUMP_006638 mov eax,esi and al,0xff movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006635 mov eax,esi and al,0xff movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006636 JUMP_006635: ; Pos = 5e130 mov eax,esi and al,0xff push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006636: ; Pos = 5e13f cmp dword [eax+0xc],byte +0x40 jnl JUMP_006637 mov [ebx+0x114],eax lea eax,[edi+0x2] jmp short JUMP_006639 JUMP_006637: ; Pos = 5e150 push eax push ebx call FUNC_001732 add esp,byte +0x8 lea eax,[edi+0x2] jmp short JUMP_006639 JUMP_006638: ; Pos = 5e15f push eax push esi push edi push ebx call FUNC_001735 add esp,byte +0x10 JUMP_006639: ; Pos = 5e16b pop edi pop esi pop ebx pop ebp ret FUNC_001734: ; Pos = 5e170 push ebp mov ebp,esp push ebx push esi push edi mov eax,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] movsx eax,byte [esi+0x1] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006640 movsx eax,byte [esi+0x1] mov edi,eax shl edi,0x2 lea edi,[edi+edi*8] add edi,[DATA_009200] jmp short JUMP_006641 JUMP_006640: ; Pos = 5e1ac mov al,[esi+0x1] push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 mov edi,eax JUMP_006641: ; Pos = 5e1bc mov [ebx+0x110],edi push edi xor eax,eax mov al,[esi] push eax add esi,byte +0x2 push esi push ebx call FUNC_001735 add esp,byte +0x10 pop edi pop esi pop ebx pop ebp ret FUNC_001735: ; Pos = 5e1dc push ebp mov ebp,esp push ecx push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,edi and al,0xff movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006642 mov eax,edi and al,0xff movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006643 JUMP_006642: ; Pos = 5e21d mov eax,edi and al,0xff push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006643: ; Pos = 5e22c mov edi,eax movsx eax,byte [esi+0x1] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006644 movsx eax,byte [esi+0x1] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006645 JUMP_006644: ; Pos = 5e259 mov al,[esi+0x1] push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006645: ; Pos = 5e267 mov [ebp-0x4],eax movsx eax,byte [esi] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006646 movsx eax,byte [esi] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006647 JUMP_006646: ; Pos = 5e293 mov al,[esi] push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006647: ; Pos = 5e2a0 cmp dword [eax+0xc],byte +0x40 jl JUMP_006648 mov edx,[ebp+0x14] cmp dword [edx+0xc],byte +0x40 jl JUMP_006648 cmp dword [edi+0xc],byte +0x40 jl JUMP_006648 mov edx,[ebp-0x4] cmp dword [edx+0xc],byte +0x40 jnl JUMP_006649 JUMP_006648: ; Pos = 5e2be push eax mov eax,[ebp+0x14] push eax add esi,byte +0x2 push esi push ebx call FUNC_001725 add esp,byte +0x10 jmp short JUMP_006650 JUMP_006649: ; Pos = 5e2d2 mov [ebx+0x114],eax xor edx,edx mov [ebx+0x10c],edx mov dword [ebx+0x104],0xffffffff push eax mov eax,[ebp-0x4] push eax push edi mov eax,[ebp+0x14] push eax call FUNC_001720 add esp,byte +0x10 lea eax,[esi+0x2] JUMP_006650: ; Pos = 5e2ff pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001736: ; Pos = 5e308 push ebp mov ebp,esp add esp,0xffffff68 push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,edi and al,0xff movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006651 mov eax,edi and al,0xff movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006652 JUMP_006651: ; Pos = 5e34e mov eax,edi and al,0xff push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006652: ; Pos = 5e35d mov edi,eax cmp dword [edi+0xc],byte +0x40 jng near JUMP_006655 xor eax,eax mov al,[esi] cmp eax,[ebx+0x118] jz near JUMP_006654 mov [ebx+0x118],eax xor eax,eax mov al,[esi] sar eax,1 lea eax,[eax+eax*2] mov edx,[ebx+0x154] movsx edx,byte [edx+eax*2-0x4] mov [ebp-0xc],edx mov edx,[ebx+0x154] movsx edx,byte [edx+eax*2-0x3] mov [ebp-0x8],edx mov edx,[ebx+0x154] movsx eax,byte [edx+eax*2-0x2] mov [ebp-0x4],eax test byte [esi],0x1 jz JUMP_006653 neg dword [ebp-0xc] JUMP_006653: ; Pos = 5e3ba mov eax,[ebp-0xc] push eax mov eax,[ebx+0x14] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp-0x8] push eax mov eax,[ebx+0x20] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[ebp-0x4] push eax mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebx+0x11c],edx mov eax,[ebp-0xc] push eax mov eax,[ebx+0x18] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp-0x8] push eax mov eax,[ebx+0x24] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[ebp-0x4] push eax mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebx+0x120],edx mov eax,[ebp-0xc] push eax mov eax,[ebx+0x1c] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp-0x8] push eax mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[ebp-0x4] push eax mov eax,[ebx+0x34] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebx+0x124],edx JUMP_006654: ; Pos = 5e474 mov ecx,[ebx+0x148] xor eax,eax mov al,[esi+0x1] shl eax,cl push eax lea eax,[ebx+0x11c] push eax add edi,byte +0x4 push edi lea eax,[ebp+0xffffff68] push eax call FUNC_001554 add esp,byte +0x10 test eax,eax jz JUMP_006656 lea eax,[ebp-0x20] push eax lea eax,[ebp-0x24] push eax lea eax,[ebp-0x28] push eax lea eax,[ebp-0x2c] push eax call FUNC_001720 add esp,byte +0x10 lea eax,[ebp-0x10] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0x1c] push eax call FUNC_001720 add esp,byte +0x10 jmp short JUMP_006656 JUMP_006655: ; Pos = 5e4d2 cmp dword [ebx+0x128],byte +0x0 jz JUMP_006656 push esi push ebx call FUNC_001726 add esp,byte +0x8 jmp short JUMP_006657 JUMP_006656: ; Pos = 5e4e7 xor eax,eax mov [ebx+0x104],eax lea eax,[esi+0x2] JUMP_006657: ; Pos = 5e4f2 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001737: ; Pos = 5e4fc push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] xor eax,eax mov al,[ebx+0x6] mov edx,[DATA_009201] mov al,[edx+eax*8+0x3] shr eax,1 test al,0x1 jz JUMP_006658 xor eax,eax mov al,[ebx+0x6] push eax push esi call near [DATA_007721] ; FUNC_001481 add esp,byte +0x8 mov edi,eax jmp short JUMP_006659 JUMP_006658: ; Pos = 5e534 movzx edi,byte [ebx+0x6] shl edi,0x3 add edi,[DATA_009201] JUMP_006659: ; Pos = 5e541 test byte [edi+0x3],0x1 jz JUMP_006660 lea eax,[ebx+0x8] jmp JUMP_006670 JUMP_006660: ; Pos = 5e54f mov eax,[edi] push eax movsx eax,word [ebx] push eax lea eax,[ebp-0x30] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x30] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push esi lea eax,[ebp-0x20] push eax call FUNC_001693 add esp,byte +0x1c lea eax,[ebp-0x20] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x3] push eax call FUNC_001691 add esp,byte +0x14 movsx eax,byte [ebx+0x5] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006661 movsx eax,byte [ebx+0x5] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006662 JUMP_006661: ; Pos = 5e5c2 mov al,[ebx+0x5] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006662: ; Pos = 5e5d0 mov [ebp-0xc],eax movsx eax,byte [ebx+0x4] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006663 movsx eax,byte [ebx+0x4] mov edi,eax shl edi,0x2 lea edi,[edi+edi*8] add edi,[DATA_009200] jmp short JUMP_006664 JUMP_006663: ; Pos = 5e600 mov al,[ebx+0x4] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 mov edi,eax JUMP_006664: ; Pos = 5e610 movsx eax,byte [ebx+0x3] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006665 movsx eax,byte [ebx+0x3] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006666 JUMP_006665: ; Pos = 5e63b mov al,[ebx+0x3] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006666: ; Pos = 5e649 mov [ebp-0x10],eax movsx eax,byte [ebx+0x2] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006667 movsx eax,byte [ebx+0x2] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006668 JUMP_006667: ; Pos = 5e677 mov al,[ebx+0x2] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006668: ; Pos = 5e685 mov [ebp-0x8],eax cmp dword [edi+0xc],byte +0x40 jl near JUMP_006669 mov eax,[ebp-0x8] cmp dword [eax+0xc],byte +0x40 jl near JUMP_006669 mov eax,[ebp-0xc] cmp dword [eax+0xc],byte +0x40 jl near JUMP_006669 mov eax,[ebp-0x10] cmp dword [eax+0xc],byte +0x40 jl near JUMP_006669 push byte +0x0 lea eax,[edi+0x4] push eax push esi call FUNC_001777 add esp,byte +0x8 push eax push byte +0xa call FUNC_001778 add esp,byte +0xc mov esi,eax mov dword [esi],FUNC_001811 movsx eax,word [edi] mov [esi+0x4],eax movsx eax,word [edi+0x2] mov [esi+0x8],eax mov eax,[ebp-0x8] movsx eax,word [eax] mov [esi+0xc],eax mov eax,[ebp-0x8] movsx eax,word [eax+0x2] mov [esi+0x10],eax mov eax,[ebp-0xc] movsx eax,word [eax] mov [esi+0x14],eax mov eax,[ebp-0xc] movsx eax,word [eax+0x2] mov [esi+0x18],eax mov eax,[ebp-0x10] movsx eax,word [eax] mov [esi+0x1c],eax mov eax,[ebp-0x10] movsx eax,word [eax+0x2] mov [esi+0x20],eax mov eax,[ebp-0x3] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [esi+0x24],eax JUMP_006669: ; Pos = 5e72e lea eax,[ebx+0x8] JUMP_006670: ; Pos = 5e731 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001738: ; Pos = 5e738 push ebp mov ebp,esp add esp,byte -0x48 push ebx push esi push edi mov eax,[ebp+0x10] mov esi,[ebp+0xc] movsx eax,word [esi] push eax lea eax,[ebp-0x34] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x34] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] mov eax,[ebp+0x8] push eax lea eax,[ebp-0x48] push eax call FUNC_001694 add esp,byte +0x18 push dword [ebp-0x3c] push dword [ebp-0x40] push dword [ebp-0x44] push dword [ebp-0x48] lea eax,[ebp-0x3] push eax call FUNC_001691 add esp,byte +0x14 add esi,byte +0x2 movsx eax,word [esi+0x2] mov [ebp-0x8],eax movsx eax,byte [esi] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] mov edx,[ebp+0x8] cmp eax,[edx+0xf0] jnz JUMP_006671 movsx eax,byte [esi] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006672 JUMP_006671: ; Pos = 5e7c3 mov al,[esi] push eax mov eax,[ebp+0x8] push eax call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006672: ; Pos = 5e7d3 mov [ebp-0x18],eax mov eax,[ebp-0x18] cmp dword [eax+0xc],0x200 jg JUMP_006673 lea eax,[esi+0x4] jmp JUMP_006684 JUMP_006673: ; Pos = 5e7ea movsx eax,byte [esi+0x1] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] mov edx,[ebp+0x8] cmp eax,[edx+0xf0] jnz JUMP_006674 movsx eax,byte [esi+0x1] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006675 JUMP_006674: ; Pos = 5e818 mov al,[esi+0x1] push eax mov eax,[ebp+0x8] push eax call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006675: ; Pos = 5e829 mov [ebp-0x14],eax mov eax,[ebp-0x14] cmp dword [eax+0xc],0x200 jg JUMP_006676 lea eax,[esi+0x4] jmp JUMP_006684 JUMP_006676: ; Pos = 5e840 mov eax,[ebp+0x8] mov eax,[eax+0x148] add eax,byte -0x6 test eax,eax jnl JUMP_006677 mov ecx,eax neg ecx sar dword [ebp-0x8],cl jmp short JUMP_006678 JUMP_006677: ; Pos = 5e859 mov ecx,eax shl dword [ebp-0x8],cl JUMP_006678: ; Pos = 5e85e mov eax,[ebp-0x18] mov eax,[eax+0xc] push eax mov eax,[ebp-0x8] push eax call FUNC_001666_SpecialDiv add esp,byte +0x8 mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x0 jnz JUMP_006679 lea eax,[esi+0x4] jmp JUMP_006684 JUMP_006679: ; Pos = 5e882 cmp dword [ebp-0x8],byte +0x4 jg JUMP_006680 mov eax,[ebp-0x3] push eax mov eax,[ebp-0x14] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp+0x8] push eax call FUNC_001704 add esp,byte +0x10 lea eax,[esi+0x4] jmp JUMP_006684 JUMP_006680: ; Pos = 5e8a8 mov eax,[ebp-0x18] movsx eax,word [eax] mov edx,[ebp-0x14] movsx edx,word [edx] sub eax,edx mov [ebp-0x1c],eax mov eax,[ebp-0x18] movsx eax,word [eax+0x2] mov edx,[ebp-0x14] movsx edx,word [edx+0x2] sub eax,edx mov [ebp-0x20],eax mov eax,[ebp-0x1c] imul dword [ebp-0x1c] mov edx,[ebp-0x20] imul edx,[ebp-0x20] add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov [ebp-0x24],eax mov eax,[ebp-0x24] cmp eax,[ebp-0x8] jnl near JUMP_006682 push byte +0x0 mov eax,[ebp-0x18] add eax,byte +0x4 push eax mov eax,[ebp+0x8] push eax call FUNC_001777 add esp,byte +0x8 push eax push byte +0xd call FUNC_001778 add esp,byte +0xc mov ecx,eax mov dword [ecx],FUNC_001805 mov eax,[ebp-0x14] movsx eax,word [eax] mov edx,[ebp-0x18] movsx edx,word [edx] add edx,edx add eax,edx mov ebx,0x3 cdq idiv ebx mov [ebp-0x38],ax mov eax,[ebp-0x14] movsx eax,word [eax+0x2] mov edx,[ebp-0x18] movsx edx,word [edx+0x2] add edx,edx add eax,edx mov ebx,0x3 cdq idiv ebx mov [ebp-0x36],ax mov eax,[ebp-0x8] sar eax,0x2 mov [ebp-0xc],ax mov eax,[ebp-0x8] sar eax,0x2 mov [ebp-0xa],ax mov eax,[ebp-0x8] neg eax sar eax,0x2 mov [ebp-0x10],ax mov eax,[ebp-0x8] sar eax,0x2 mov [ebp-0xe],ax mov ax,[ebp-0x38] add ax,[ebp-0x10] mov [ecx+0x4],ax mov ax,[ebp-0x36] add ax,[ebp-0xe] mov [ecx+0x6],ax mov ax,[ebp-0x38] add ax,[ebp-0xc] mov [ecx+0x8],ax mov ax,[ebp-0x36] add ax,[ebp-0xa] mov [ecx+0xa],ax mov ax,[ebp-0x10] neg ax add ax,[ebp-0x38] mov [ecx+0xc],ax mov ax,[ebp-0xe] neg ax add ax,[ebp-0x36] mov [ecx+0xe],ax mov ax,[ebp-0xc] neg ax add ax,[ebp-0x38] mov [ecx+0x10],ax mov ax,[ebp-0xa] neg ax add ax,[ebp-0x36] mov [ecx+0x12],ax mov dword [ecx+0x14],0x123 mov ebx,0x1 lea edi,[ecx+0x1c] JUMP_006681: ; Pos = 5e9f9 xor eax,eax mov al,[ebp-0x48] lea ecx,[ebx+0x1] imul ecx push ecx mov ecx,0x7 cdq idiv ecx pop ecx mov [ebp-0x3],al xor eax,eax mov al,[ebp-0x47] imul ecx push ecx mov ecx,0x7 cdq idiv ecx pop ecx mov [ebp-0x2],al xor eax,eax mov al,[ebp-0x46] imul ecx mov ecx,0x7 cdq idiv ecx mov [ebp-0x1],al mov eax,[ebp-0x3] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [edi],eax inc ebx add edi,byte +0x4 cmp ebx,byte +0x7 jl JUMP_006681 mov eax,[ebp-0x24] shl eax,0x3 cmp eax,[ebp-0x8] jnl JUMP_006682 lea eax,[esi+0x4] jmp JUMP_006684 JUMP_006682: ; Pos = 5ea62 push byte +0x0 mov eax,[ebp-0x18] add eax,byte +0x4 push eax mov eax,[ebp+0x8] push eax call FUNC_001777 add esp,byte +0x8 push eax push byte +0xd call FUNC_001778 add esp,byte +0xc mov ecx,eax mov dword [ecx],FUNC_001805 mov eax,[ebp-0x1c] shl eax,0xf cdq idiv dword [ebp-0x24] mov [ebp-0xc],ax mov eax,[ebp-0x20] shl eax,0xf cdq idiv dword [ebp-0x24] mov ebx,eax mov [ebp-0xa],bx movsx eax,bx imul dword [ebp-0x8] sar eax,0x11 mov [ebp-0x10],ax movsx eax,word [ebp-0xc] imul dword [ebp-0x8] neg eax sar eax,0x11 mov [ebp-0xe],ax mov eax,[ebp-0x18] mov ax,[eax] add ax,[ebp-0x10] mov [ecx+0x4],ax mov eax,[ebp-0x18] mov ax,[eax+0x2] add ax,[ebp-0xe] mov [ecx+0x6],ax mov eax,[ebp-0x14] mov ax,[eax] add ax,[ebp-0x10] mov [ecx+0x8],ax mov eax,[ebp-0x14] mov ax,[eax+0x2] add ax,[ebp-0xe] mov [ecx+0xa],ax mov eax,[ebp-0x14] mov ax,[eax] mov dx,[ebp-0x10] neg dx add ax,dx mov [ecx+0xc],ax mov eax,[ebp-0x14] mov ax,[eax+0x2] mov dx,[ebp-0xe] neg dx add ax,dx mov [ecx+0xe],ax mov eax,[ebp-0x18] mov ax,[eax] mov dx,[ebp-0x10] neg dx add ax,dx mov [ecx+0x10],ax mov eax,[ebp-0x18] mov ax,[eax+0x2] mov dx,[ebp-0xe] neg dx add ax,dx mov [ecx+0x12],ax mov dword [ecx+0x14],0x65 mov ebx,0x1 lea edi,[ecx+0x1c] JUMP_006683: ; Pos = 5eb60 xor eax,eax mov al,[ebp-0x48] lea ecx,[ebx+0x1] imul ecx push ecx mov ecx,0x7 cdq idiv ecx pop ecx mov [ebp-0x3],al xor eax,eax mov al,[ebp-0x47] imul ecx push ecx mov ecx,0x7 cdq idiv ecx pop ecx mov [ebp-0x2],al xor eax,eax mov al,[ebp-0x46] imul ecx mov ecx,0x7 cdq idiv ecx mov [ebp-0x1],al mov eax,[ebp-0x3] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [edi],eax inc ebx add edi,byte +0x4 cmp ebx,byte +0x7 jl JUMP_006683 lea eax,[esi+0x4] JUMP_006684: ; Pos = 5ebb9 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001739: ; Pos = 5ebc0 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi mov ebx,[ebp+0x18] mov edx,[ebp+0x14] mov eax,[ebp+0x10] mov ecx,[ebp+0x8] mov esi,ebx sar esi,0x8 and esi,byte +0x7 cmp esi,byte +0x6 ja near JUMP_006691 jmp near [esi*4+DATA_000049] SECTION .data DATA_000049: ; Pos = 5ebec dd JUMP_006685 dd JUMP_006686 dd JUMP_006687 dd JUMP_006688 dd JUMP_006689 dd JUMP_006690 dd JUMP_006685 SECTION .text JUMP_006685: ; Pos = 5ec08 mov [ebp-0x4],ecx lea esi,[ecx+0xc] mov [ebp-0x8],esi add ecx,byte +0x18 mov [ebp-0xc],ecx jmp short JUMP_006691 JUMP_006686: ; Pos = 5ec19 lea esi,[ecx+0xc] mov [ebp-0x4],esi lea esi,[ecx+0x18] mov [ebp-0x8],esi mov [ebp-0xc],ecx jmp short JUMP_006691 JUMP_006687: ; Pos = 5ec2a lea esi,[ecx+0x18] mov [ebp-0x4],esi mov [ebp-0x8],ecx add ecx,byte +0xc mov [ebp-0xc],ecx jmp short JUMP_006691 JUMP_006688: ; Pos = 5ec3b xor edx,byte -0x1 lea esi,[ecx+0x18] mov [ebp-0x4],esi lea esi,[ecx+0xc] mov [ebp-0x8],esi mov [ebp-0xc],ecx jmp short JUMP_006691 JUMP_006689: ; Pos = 5ec4f xor edx,byte -0x1 lea esi,[ecx+0xc] mov [ebp-0x4],esi mov [ebp-0x8],ecx add ecx,byte +0x18 mov [ebp-0xc],ecx jmp short JUMP_006691 JUMP_006690: ; Pos = 5ec63 xor edx,byte -0x1 mov [ebp-0x4],ecx lea esi,[ecx+0x18] mov [ebp-0x8],esi add ecx,byte +0xc mov [ebp-0xc],ecx JUMP_006691: ; Pos = 5ec75 test bh,0x20 jz JUMP_006692 mov ecx,[eax] neg ecx mov esi,[ebp-0x4] mov [esi],ecx mov ecx,[eax+0x4] neg ecx mov esi,[ebp-0x4] mov [esi+0x4],ecx mov ecx,[eax+0x8] neg ecx mov esi,[ebp-0x4] mov [esi+0x8],ecx not edx jmp short JUMP_006693 JUMP_006692: ; Pos = 5ec9d mov ecx,[ebp-0x4] mov esi,[eax] mov [ecx],esi mov esi,[eax+0x4] mov [ecx+0x4],esi mov esi,[eax+0x8] mov [ecx+0x8],esi JUMP_006693: ; Pos = 5ecb0 test bh,0x10 jz JUMP_006694 mov ecx,[eax+0xc] neg ecx mov esi,[ebp-0x8] mov [esi],ecx mov ecx,[eax+0x10] neg ecx mov esi,[ebp-0x8] mov [esi+0x4],ecx mov ecx,[eax+0x14] neg ecx mov esi,[ebp-0x8] mov [esi+0x8],ecx not edx jmp short JUMP_006695 JUMP_006694: ; Pos = 5ecd9 mov ecx,[ebp-0x8] mov esi,[eax+0xc] mov [ecx],esi mov esi,[eax+0x10] mov [ecx+0x4],esi mov esi,[eax+0x14] mov [ecx+0x8],esi JUMP_006695: ; Pos = 5eced test bh,0x8 jz JUMP_006696 mov ecx,[eax+0x18] neg ecx mov ebx,[ebp-0xc] mov [ebx],ecx mov ecx,[eax+0x1c] neg ecx mov ebx,[ebp-0xc] mov [ebx+0x4],ecx mov eax,[eax+0x20] neg eax mov ecx,[ebp-0xc] mov [ecx+0x8],eax not edx jmp short JUMP_006697 JUMP_006696: ; Pos = 5ed16 mov ecx,[ebp-0xc] mov ebx,[eax+0x18] mov [ecx],ebx mov ebx,[eax+0x1c] mov [ecx+0x4],ebx mov ebx,[eax+0x20] mov [ecx+0x8],ebx JUMP_006697: ; Pos = 5ed2a mov eax,[ebp+0xc] mov [eax],edx pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001740: ; Pos = 5ed38 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,edi sar eax,0x8 and eax,byte +0x7 cmp eax,byte +0x6 jnz JUMP_006698 push esi push edi add esi,0x9c lea edi,[ebx+0x14] mov ecx,0x9 rep movsd pop edi pop esi mov eax,[esi+0xfc] mov [ebx+0xf8],eax jmp short JUMP_006699 JUMP_006698: ; Pos = 5ed76 push edi mov eax,[esi+0xf8] push eax lea eax,[esi+0x14] push eax lea eax,[ebx+0xf8] push eax lea eax,[ebx+0x14] push eax call FUNC_001739 add esp,byte +0x14 JUMP_006699: ; Pos = 5ed95 push byte +0x18 push dword DATA_008831 lea eax,[ebx+0x84] push eax call _memcpy add esp,byte +0xc test edi,0x4000 jnz JUMP_006700 mov eax,[esi+0x134] mov [ebx+0x134],eax mov eax,[esi+0x138] mov [ebx+0x138],eax mov eax,[esi+0x13c] mov [ebx+0x13c],eax push ebx call FUNC_001685 pop ecx JUMP_006700: ; Pos = 5edde pop edi pop esi pop ebx pop ebp ret FUNC_001741: ; Pos = 5ede4 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov esi,[ebp+0x10] mov edi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,esi and eax,0xc000 sub eax,0x8000 jz JUMP_006701 sub eax,0x4000 jz JUMP_006702 jmp JUMP_006721 JUMP_006701: ; Pos = 5ee10 push esi push edi push ebx call FUNC_001742 add esp,byte +0xc jmp JUMP_006723 JUMP_006702: ; Pos = 5ee20 movsx eax,byte [edi] lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_006703 movsx eax,byte [edi] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006704 JUMP_006703: ; Pos = 5ee44 mov al,[edi] push eax push ebx call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_006704: ; Pos = 5ee51 mov [ebp-0x4],eax movsx eax,byte [edi+0x1] lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_006705 movsx eax,byte [edi+0x1] mov esi,eax shl esi,0x2 lea esi,[esi+esi*8] add esi,[DATA_009200] jmp short JUMP_006706 JUMP_006705: ; Pos = 5ee7c mov al,[edi+0x1] push eax push ebx call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 mov esi,eax JUMP_006706: ; Pos = 5ee8c movsx eax,byte [edi+0x2] lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_006707 movsx eax,byte [edi+0x2] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006708 JUMP_006707: ; Pos = 5eeb2 mov al,[edi+0x2] push eax push ebx call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_006708: ; Pos = 5eec0 mov [ebp-0x8],eax mov eax,[esi+0x18] mov edx,[ebp-0x4] mov edx,[edx+0x18] neg edx add eax,edx mov [ebx+0xb4],eax mov eax,[esi+0x1c] mov edx,[ebp-0x4] mov edx,[edx+0x1c] neg edx add eax,edx mov [ebx+0xb8],eax mov eax,[esi+0x20] mov edx,[ebp-0x4] mov edx,[edx+0x20] neg edx add eax,edx mov [ebx+0xbc],eax lea eax,[ebx+0xb4] push eax call FUNC_001466 pop ecx mov esi,eax inc esi cmp dword [ebx+0xb4],byte +0x0 jnl JUMP_006709 push esi mov eax,[ebx+0xb4] neg eax push eax call FUNC_001523 add esp,byte +0x8 neg eax jmp short JUMP_006710 JUMP_006709: ; Pos = 5ef2b push esi mov eax,[ebx+0xb4] push eax call FUNC_001523 add esp,byte +0x8 JUMP_006710: ; Pos = 5ef3b mov [ebx+0xb4],eax cmp dword [ebx+0xb8],byte +0x0 jnl JUMP_006711 push esi mov eax,[ebx+0xb8] neg eax push eax call FUNC_001523 add esp,byte +0x8 neg eax jmp short JUMP_006712 JUMP_006711: ; Pos = 5ef60 push esi mov eax,[ebx+0xb8] push eax call FUNC_001523 add esp,byte +0x8 JUMP_006712: ; Pos = 5ef70 mov [ebx+0xb8],eax cmp dword [ebx+0xbc],byte +0x0 jnl JUMP_006713 push esi mov eax,[ebx+0xbc] neg eax push eax call FUNC_001523 add esp,byte +0x8 neg eax jmp short JUMP_006714 JUMP_006713: ; Pos = 5ef95 push esi mov eax,[ebx+0xbc] push eax call FUNC_001523 add esp,byte +0x8 JUMP_006714: ; Pos = 5efa5 mov [ebx+0xbc],eax mov eax,[ebp-0x8] mov eax,[eax+0x18] mov edx,[ebp-0x4] mov edx,[edx+0x18] neg edx add eax,edx mov [ebp-0x14],eax mov eax,[ebp-0x8] mov eax,[eax+0x1c] mov edx,[ebp-0x4] mov edx,[edx+0x1c] neg edx add eax,edx mov [ebp-0x10],eax mov eax,[ebp-0x8] mov eax,[eax+0x20] mov edx,[ebp-0x4] mov edx,[edx+0x20] neg edx add eax,edx mov [ebp-0xc],eax mov eax,[ebx+0xbc] push eax mov eax,[ebp-0x10] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebx+0xb8] push eax mov eax,[ebp-0xc] push eax call FUNC_001521 add esp,byte +0x8 sub esi,eax mov [ebx+0x9c],esi mov eax,[ebx+0xb4] push eax mov eax,[ebp-0xc] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebx+0xbc] push eax mov eax,[ebp-0x14] push eax call FUNC_001521 add esp,byte +0x8 sub esi,eax mov [ebx+0xa0],esi mov eax,[ebx+0xb8] push eax mov eax,[ebp-0x14] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebx+0xb4] push eax mov eax,[ebp-0x10] push eax call FUNC_001521 add esp,byte +0x8 sub esi,eax mov [ebx+0xa4],esi lea eax,[ebx+0x9c] push eax call FUNC_001466 pop ecx mov esi,eax inc esi cmp dword [ebx+0x9c],byte +0x0 jnl JUMP_006715 push esi mov eax,[ebx+0x9c] neg eax push eax call FUNC_001523 add esp,byte +0x8 neg eax jmp short JUMP_006716 JUMP_006715: ; Pos = 5f0a3 push esi mov eax,[ebx+0x9c] push eax call FUNC_001523 add esp,byte +0x8 JUMP_006716: ; Pos = 5f0b3 mov [ebx+0x9c],eax cmp dword [ebx+0xa0],byte +0x0 jnl JUMP_006717 push esi mov eax,[ebx+0xa0] neg eax push eax call FUNC_001523 add esp,byte +0x8 neg eax jmp short JUMP_006718 JUMP_006717: ; Pos = 5f0d8 push esi mov eax,[ebx+0xa0] push eax call FUNC_001523 add esp,byte +0x8 JUMP_006718: ; Pos = 5f0e8 mov [ebx+0xa0],eax cmp dword [ebx+0xa4],byte +0x0 jnl JUMP_006719 push esi mov eax,[ebx+0xa4] neg eax push eax call FUNC_001523 add esp,byte +0x8 neg eax jmp short JUMP_006720 JUMP_006719: ; Pos = 5f10d push esi mov eax,[ebx+0xa4] push eax call FUNC_001523 add esp,byte +0x8 JUMP_006720: ; Pos = 5f11d mov [ebx+0xa4],eax mov eax,[ebx+0xa4] push eax mov eax,[ebx+0xb8] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebx+0xa0] push eax mov eax,[ebx+0xbc] push eax call FUNC_001521 add esp,byte +0x8 sub esi,eax mov [ebx+0xa8],esi mov eax,[ebx+0x9c] push eax mov eax,[ebx+0xbc] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebx+0xa4] push eax mov eax,[ebx+0xb4] push eax call FUNC_001521 add esp,byte +0x8 sub esi,eax mov [ebx+0xac],esi mov eax,[ebx+0xa0] push eax mov eax,[ebx+0xb4] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebx+0x9c] push eax mov eax,[ebx+0xb8] push eax call FUNC_001521 add esp,byte +0x8 sub esi,eax mov [ebx+0xb0],esi lea eax,[edi+0x4] jmp short JUMP_006723 JUMP_006721: ; Pos = 5f1ca mov eax,esi add eax,eax push eax mov eax,[ebx+0xf8] push eax lea eax,[ebx+0x14] push eax lea eax,[ebx+0xfc] push eax lea eax,[ebx+0x9c] push eax call FUNC_001739 add esp,byte +0x14 movsx eax,word [edi] test eax,eax jz JUMP_006722 push eax shr esi,0x5 and esi,byte +0x3 push esi push ebx call FUNC_001743 add esp,byte +0xc JUMP_006722: ; Pos = 5f208 lea eax,[edi+0x2] JUMP_006723: ; Pos = 5f20b pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001742: ; Pos = 5f214 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] movsx eax,word [ebx] push eax mov eax,[ebp+0x10] shr eax,0x5 and eax,byte +0x3 push eax mov eax,[ebp+0x8] push eax call FUNC_001743 add esp,byte +0xc lea eax,[ebx+0x2] pop ebx pop ebp ret FUNC_001743: ; Pos = 5f23c push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] mov eax,[ebp+0x10] push eax push esi call FUNC_001474 add esp,byte +0x8 mov ebx,eax push ebx call FUNC_001914_Sin32 pop ecx push eax add ebx,0x4000 push ebx call FUNC_001914_Sin32 pop ecx push eax mov eax,[ebp+0xc] push eax push esi call FUNC_001744 add esp,byte +0x10 pop esi pop ebx pop ebp ret FUNC_001744: ; Pos = 5f27c push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov edi,[ebp+0x10] mov eax,[ebp+0x8] mov edx,[ebp+0xc] sub edx,byte +0x1 jc JUMP_006724 jz JUMP_006725 dec edx jz JUMP_006726 jmp short JUMP_006727 JUMP_006724: ; Pos = 5f29a lea esi,[eax+0xa8] lea ebx,[eax+0xb4] jmp short JUMP_006727 JUMP_006725: ; Pos = 5f2a8 lea esi,[eax+0xb4] lea ebx,[eax+0x9c] jmp short JUMP_006727 JUMP_006726: ; Pos = 5f2b6 lea esi,[eax+0x9c] lea ebx,[eax+0xa8] JUMP_006727: ; Pos = 5f2c2 push edi mov eax,[esi] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp+0x14] push eax mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebp-0xc],edx push edi mov eax,[esi+0x4] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp+0x14] push eax mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebp-0x8],edx push edi mov eax,[esi+0x8] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp+0x14] push eax mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebp-0x4],edx mov eax,[ebp+0x14] push eax mov eax,[esi] neg eax push eax call FUNC_001521 add esp,byte +0x8 push eax push edi mov eax,[ebx] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebx],edx mov eax,[ebp+0x14] push eax mov eax,[esi+0x4] neg eax push eax call FUNC_001521 add esp,byte +0x8 push eax push edi mov eax,[ebx+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebx+0x4],edx mov eax,[ebp+0x14] push eax mov eax,[esi+0x8] neg eax push eax call FUNC_001521 add esp,byte +0x8 push eax push edi mov eax,[ebx+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [ebx+0x8],edx mov eax,[ebp-0xc] mov [esi],eax mov eax,[ebp-0x8] mov [esi+0x4],eax mov eax,[ebp-0x4] mov [esi+0x8],eax pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001745: ; Pos = 5f3b4 push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0xc] mov ecx,[ebp+0x8] mov eax,DATA_007823 lea edx,[ebx+ecx] mov esi,edx shl esi,0x2 lea esi,[esi+esi*8] mov edx,[ebp+0x10] shl edx,0x3 add esi,edx add esi,byte +0xc mov edx,[eax] add esi,edx cmp esi,0x8000 jng JUMP_006728 mov eax,0x1 jmp near JUMP_006729 JUMP_006728: ; Pos = 5f3ef mov esi,[eax] mov edi,[DATA_009200] mov [esi+DATA_009251],edi add edx,byte +0x4 mov [eax],edx mov edx,[eax] mov esi,[DATA_009201] mov [edx+DATA_009251],esi mov edx,[eax] add edx,byte +0x4 mov [eax],edx mov [ebp-0x4],edx mov esi,ebx shl esi,0x2 lea esi,[esi+esi*8] add esi,edx mov [eax],esi mov edx,DATA_009251 add edx,[eax] mov [DATA_009200],edx mov ebx,ecx shl ebx,0x2 lea ebx,[ebx+ebx*8] add ebx,esi mov [eax],ebx mov edx,DATA_009251 add edx,[eax] mov [DATA_009201],edx mov edx,[ebp+0x10] shl edx,0x3 add edx,ebx mov [eax],edx mov ecx,[eax] mov ebx,[ebp-0x4] mov [ecx+DATA_009251],ebx add edx,byte +0x4 mov [eax],edx xor eax,eax JUMP_006729: ; Pos = 5f468 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001746: ; Pos = 5f470 mov eax,DATA_007823 mov edx,[eax] test edx,edx jz JUMP_006730 sub edx,byte +0x4 mov [eax],edx mov edx,[eax] mov edx,[edx+DATA_009251] mov [eax],edx mov ecx,edx sub ecx,byte +0x4 mov [eax],ecx mov edx,[eax] mov edx,[edx+DATA_009251] mov [DATA_009201],edx sub ecx,byte +0x4 mov [eax],ecx mov eax,[eax] mov eax,[eax+DATA_009251] mov [DATA_009200],eax JUMP_006730: ; Pos = 5f4b1 ret FUNC_001747: ; Pos = 5f4b4 push ebp mov ebp,esp add esp,0xfffffd64 push ebx push esi push edi mov ebx,[ebp+0x10] mov esi,[ebp+0x8] mov eax,[ebp+0xc] movzx eax,byte [eax+0x2] mov edx,[DATA_009201] mov al,[edx+eax*8+0x3] shr eax,1 test al,0x1 jz JUMP_006731 mov eax,[ebp+0xc] movzx eax,byte [eax+0x2] push eax push esi call near [DATA_007721] ; FUNC_001481 add esp,byte +0x8 jmp short JUMP_006732 JUMP_006731: ; Pos = 5f4f1 mov eax,[ebp+0xc] movzx eax,byte [eax+0x2] shl eax,0x3 add eax,[DATA_009201] JUMP_006732: ; Pos = 5f501 mov [ebp-0x4],eax mov eax,[ebp-0x4] test byte [eax+0x3],0x1 jz JUMP_006733 mov eax,[ebp+0xc] add eax,byte +0x8 jmp JUMP_006748 JUMP_006733: ; Pos = 5f518 mov eax,[ebp-0x4] mov eax,[eax] push eax mov eax,[ebp+0xc] movsx eax,word [eax] push eax lea eax,[ebp-0x2c] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x2c] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push esi lea eax,[ebp-0x1c] push eax call FUNC_001693 add esp,byte +0x1c lea eax,[ebp-0x1c] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x7] push eax call FUNC_001691 add esp,byte +0x14 mov ax,[ebp-0x7] mov [ebp+0xffffff6c],ax mov al,[ebp-0x5] mov [ebp+0xffffff6e],al mov eax,[ebp+0xc] movsx eax,byte [eax+0x4] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006734 mov eax,[ebp+0xc] movsx eax,byte [eax+0x4] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006735 JUMP_006734: ; Pos = 5f5ab mov eax,[ebp+0xc] mov al,[eax+0x4] push eax push esi call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006735: ; Pos = 5f5bc mov edx,[esi+0x130] mov [ebp-0x58],edx mov edx,[esi+0x14c] mov [ebp-0x3c],edx mov edx,[eax+0x4] mov [ebp+0xffffff38],edx mov edx,[eax+0x8] mov [ebp+0xffffff3c],edx mov edx,[eax+0xc] mov [ebp+0xffffff40],edx lea eax,[ebp+0xffffff38] mov edx,[eax] mov [ebp+0xfffffe7c],edx mov edx,[eax+0x4] mov [ebp+0xfffffe80],edx mov edx,[eax+0x8] mov [ebp+0xfffffe84],edx mov eax,[ebp+0xc] movzx eax,byte [eax+0x3] mov edx,eax and edx,byte +0xf mov [ebp-0x40],edx sar eax,0x4 push eax call near [DATA_007757] ; FUNC_001539 pop ecx mov ebx,eax mov eax,[ebp+0xc] movzx eax,word [eax+0x4] push eax push esi lea eax,[ebp+0xfffffe78] push eax call FUNC_001740 add esp,byte +0xc cmp dword [ebp+0xffffff70],byte +0x0 jnl JUMP_006736 neg dword [ebp+0xfffffe8c] neg dword [ebp+0xfffffe90] neg dword [ebp+0xfffffe94] JUMP_006736: ; Pos = 5f658 push byte +0x4 push byte +0x0 mov eax,[ebx+0x8] push eax call FUNC_001745 add esp,byte +0xc test eax,eax jz JUMP_006737 mov eax,[ebp+0xc] add eax,byte +0x8 jmp JUMP_006748 JUMP_006737: ; Pos = 5f677 mov [ebp+0xfffffe78],ebx mov eax,[ebx+0x4] mov [ebp-0x38],eax mov eax,[ebp-0x3c] add eax,0x124 mov [ebp+0xfffffd70],eax lea eax,[ebp+0xfffffd64] push eax mov eax,[ebp+0xc] movsx eax,word [eax+0x6] push eax lea eax,[ebp+0xfffffd78] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc push ebx call FUNC_001688 pop ecx mov edi,[DATA_009201] lea esi,[edi+0x3] and byte [edi+0x3],0xfd xor edx,edx and dl,0x1 mov cl,[esi] and cl,0xfe or dl,cl mov [esi],dl mov dl,[esi] and edx,byte +0x1 mov eax,[DATA_009201] mov [eax+0x2],dl mov [eax+0x1],dl mov [eax],dl mov edx,[eax] mov [eax+0x8],edx mov edx,[eax+0x4] mov [eax+0xc],edx mov edx,[ebp-0x4] mov ecx,[edx] mov [eax+0x18],ecx mov ecx,[edx+0x4] mov [eax+0x1c],ecx lea edx,[eax+0x18] mov ecx,[edx] mov [eax+0x10],ecx mov ecx,[edx+0x4] mov [eax+0x14],ecx mov dword [ebp+0xffffff68],0x2 lea eax,[ebp+0xfffffd78] mov [ebp-0xc],eax jmp JUMP_006747 JUMP_006738: ; Pos = 5f723 cmp edi,byte +0x20 jnl near JUMP_006741 mov eax,[ebp+0xffffff38] mov [ebp+0xfffffe7c],eax mov eax,[ebp+0xffffff3c] mov [ebp+0xfffffe80],eax mov eax,[ebp+0xffffff40] mov [ebp+0xfffffe84],eax inc dword [ebp+0xffffff68] movsx eax,byte [ebx+0x3c] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebp+0xffffff68] jnz JUMP_006739 movsx eax,byte [ebx+0x3c] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006740 JUMP_006739: ; Pos = 5f781 mov al,[ebx+0x3c] push eax lea eax,[ebp+0xfffffe78] push eax call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006740: ; Pos = 5f795 mov edx,[eax+0x4] mov [ebp+0xffffff38],edx mov edx,[eax+0x8] mov [ebp+0xffffff3c],edx mov edx,[eax+0xc] mov [ebp+0xffffff40],edx lea eax,[ebp+0xffffff38] mov edx,[eax] mov [ebp+0xfffffe7c],edx mov edx,[eax+0x4] mov [ebp+0xfffffe80],edx mov edx,[eax+0x8] mov [ebp+0xfffffe84],edx inc dword [ebp+0xffffff68] jmp JUMP_006746 JUMP_006741: ; Pos = 5f7db mov esi,[ebx+edi*4-0x40] push ebx lea eax,[ebp+0xfffffe78] push eax call FUNC_001686 add esp,byte +0x8 test eax,eax jnz JUMP_006742 push esi lea eax,[ebp+0xfffffe78] push eax call FUNC_001772 add esp,byte +0x8 add eax,byte -0x2 mov esi,eax jmp short JUMP_006743 JUMP_006742: ; Pos = 5f80a mov esi,[ebx+edi*4-0x3c] add esi,byte -0x2 JUMP_006743: ; Pos = 5f811 mov di,[esi] test di,di jz JUMP_006746 movsx eax,di sar eax,0x6 movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebp+0xffffff68] jnz JUMP_006744 movsx eax,word [esi] sar eax,0x6 movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006745 JUMP_006744: ; Pos = 5f84e movsx eax,word [esi] sar eax,0x6 push eax lea eax,[ebp+0xfffffe78] push eax call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 JUMP_006745: ; Pos = 5f865 mov edx,[eax+0x4] mov [ebp+0xfffffe7c],edx mov edx,[eax+0x8] mov [ebp+0xfffffe80],edx mov edx,[eax+0xc] mov [ebp+0xfffffe84],edx inc dword [ebp+0xffffff68] JUMP_006746: ; Pos = 5f886 inc dword [ebp-0xc] JUMP_006747: ; Pos = 5f889 mov eax,[ebp-0xc] movzx edi,byte [eax] test edi,edi jnz near JUMP_006738 call FUNC_001746 mov eax,[ebp+0xc] add eax,byte +0x8 JUMP_006748: ; Pos = 5f8a2 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001748: ; Pos = 5f8ac push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] movsx eax,byte [ebx] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006749 movsx eax,byte [ebx] mov edi,eax shl edi,0x2 lea edi,[edi+edi*8] add edi,[DATA_009200] jmp short JUMP_006750 JUMP_006749: ; Pos = 5f8e6 mov al,[ebx] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 mov edi,eax JUMP_006750: ; Pos = 5f8f5 movsx eax,word [ebx+0x4] push eax lea eax,[ebp-0x20] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x20] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push esi lea eax,[ebp-0x10] push eax call FUNC_001694 add esp,byte +0x18 push esi push edi lea esi,[ebp-0x10] lea edi,[ebp-0x30] mov ecx,0x4 rep movsd pop edi pop esi mov al,[ebx+0x3] test al,0x8 jz JUMP_006751 movzx edx,word [ebx] push edx mov edx,[ebp+0x10] shr edx,0x5 push edx and eax,0xff sar eax,0x4 mov eax,[esi+eax*4+0x54] push eax mov eax,[ebp-0x30] push eax push edi add ebx,byte +0x6 push ebx push esi call FUNC_001750 add esp,byte +0x1c mov ebx,eax jmp short JUMP_006752 JUMP_006751: ; Pos = 5f967 movzx eax,word [ebx] push eax mov eax,[ebp+0x10] shr eax,0x5 push eax movsx eax,byte [ebx+0x3] sar eax,0x4 push eax mov eax,[ebp-0x30] push eax push edi add ebx,byte +0x6 push ebx push esi call FUNC_001750 add esp,byte +0x1c mov ebx,eax JUMP_006752: ; Pos = 5f98e mov eax,ebx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001749: ; Pos = 5f998 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] movzx eax,word [ebx] push eax mov eax,[ebp+0x10] shr eax,0x5 push eax push byte +0x0 mov eax,[esi+0xf4] push eax movsx eax,byte [ebx] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006753 movsx eax,byte [ebx] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006754 JUMP_006753: ; Pos = 5f9e0 mov al,[ebx] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006754: ; Pos = 5f9ed push eax add ebx,byte +0x2 push ebx push esi call FUNC_001750 add esp,byte +0x1c pop esi pop ebx pop ebp ret FUNC_001750: ; Pos = 5fa00 push ebp mov ebp,esp add esp,0xfffffe8c push ebx push esi push edi mov edi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[ebp+0x1c] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov esi,eax mov eax,[ebp+0x18] add eax,[esi+0x14] add eax,[esi+0x18] sub eax,[ebx+0x130] mov [ebp-0x4],eax mov ecx,[ebp-0x4] mov eax,[esi+0x1c] shl eax,cl push eax mov eax,[ebp+0x10] add eax,byte +0x4 push eax call FUNC_001687 add esp,byte +0x8 test eax,eax jz JUMP_006756 test byte [ebp+0x21],0x80 jz JUMP_006755 add edi,byte +0x4 JUMP_006755: ; Pos = 5fa56 mov eax,edi jmp JUMP_006766 JUMP_006756: ; Pos = 5fa5d test byte [ebp+0x21],0x80 jz near JUMP_006765 add edi,byte +0x4 movsx eax,byte [edi-0x2] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006757 movsx eax,byte [edi-0x2] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006758 JUMP_006757: ; Pos = 5fa95 mov al,[edi-0x2] push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006758: ; Pos = 5faa3 mov [ebp-0xc],eax xor eax,eax mov al,[edi-0x4] mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x7f jz near JUMP_006765 movsx eax,byte [ebp-0x8] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006759 movsx eax,byte [ebp-0x8] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006760 JUMP_006759: ; Pos = 5fae3 mov al,[ebp-0x8] push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006760: ; Pos = 5faf1 mov [ebp-0x10],eax xor eax,eax mov al,[edi-0x3] mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x7f jz near JUMP_006765 movsx eax,byte [ebp-0x8] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006761 movsx eax,byte [ebp-0x8] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006762 JUMP_006761: ; Pos = 5fb31 mov al,[ebp-0x8] push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006762: ; Pos = 5fb3f mov [ebp-0x14],eax xor eax,eax mov al,[edi-0x1] mov [ebp-0x8],eax cmp dword [ebp-0x8],byte +0x7f jz JUMP_006765 movsx eax,byte [ebp-0x8] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[ebx+0xf0] jnz JUMP_006763 movsx eax,byte [ebp-0x8] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006764 JUMP_006763: ; Pos = 5fb7b mov al,[ebp-0x8] push eax push ebx call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006764: ; Pos = 5fb89 mov [ebp-0x18],eax JUMP_006765: ; Pos = 5fb8c mov eax,[ebp+0x10] mov edx,[eax+0x4] mov [ebp+0xfffffe90],edx mov edx,[eax+0x8] mov [ebp+0xfffffe94],edx mov edx,[eax+0xc] mov [ebp+0xfffffe98],edx mov eax,[ebx+0x14c] mov [ebp-0x28],eax mov eax,[ebx+0x130] mov [ebp-0x44],eax mov eax,[ebp+0x10] mov [ebp+0xfffffefc],eax mov eax,[ebp-0xc] mov [ebp+0xffffff00],eax mov eax,[ebp-0x10] mov [ebp+0xffffff04],eax mov eax,[ebp-0x14] mov [ebp+0xffffff08],eax mov eax,[ebp-0x18] mov [ebp+0xffffff0c],eax mov eax,[ebp-0x4] mov [ebp-0x2c],eax mov eax,[ebx+0x54] inc eax mov [ebp+0xfffffee0],eax mov eax,[ebx+0x58] mov [ebp+0xfffffee4],eax mov eax,[ebx+0x5c] mov [ebp+0xfffffee8],eax mov ax,[ebp+0x14] mov [ebp-0x80],ax mov al,[ebp+0x16] mov [ebp-0x7e],al mov eax,[ebp+0x20] push eax push ebx lea eax,[ebp+0xfffffe8c] push eax call FUNC_001740 add esp,byte +0xc push esi lea eax,[ebp+0xfffffe8c] push eax call FUNC_001773 add esp,byte +0x8 mov eax,edi JUMP_006766: ; Pos = 5fc3f pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001751: ; Pos = 5fc48 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] test bx,bx jnl JUMP_006769 mov eax,ebx and eax,0x7fff mov edx,[DATA_009201] mov al,[edx+eax*8+0x3] shr eax,1 test al,0x1 jz JUMP_006767 mov eax,ebx and eax,0x7fff push eax push esi call near [DATA_007721] ; FUNC_001481 add esp,byte +0x8 jmp short JUMP_006768 JUMP_006767: ; Pos = 5fc83 mov eax,ebx and eax,0x7fff shl eax,0x3 add eax,[DATA_009201] JUMP_006768: ; Pos = 5fc93 mov al,[eax+0x3] and eax,byte +0x1 jmp short JUMP_006775 JUMP_006769: ; Pos = 5fc9b cmp dword [esi+0xc],byte +0x0 jnl JUMP_006770 xor eax,eax jmp short JUMP_006775 JUMP_006770: ; Pos = 5fca5 mov eax,[DATA_008812] test al,0x1 jz JUMP_006771 mov eax,[DATA_008813] JUMP_006771: ; Pos = 5fcb3 mov edx,[esi+0x148] add edx,eax test edx,edx jng JUMP_006772 mov ecx,[esi+0x148] add ecx,eax mov edx,ebx shl edx,cl mov ecx,[esi+0x148] add ecx,eax mov eax,edx sar eax,cl cmp ebx,eax jz JUMP_006773 xor eax,eax jmp short JUMP_006775 JUMP_006772: ; Pos = 5fcdf mov edx,ebx JUMP_006773: ; Pos = 5fce1 cmp edx,[esi+0xc] jl JUMP_006774 xor eax,eax jmp short JUMP_006775 JUMP_006774: ; Pos = 5fcea mov eax,0x1 JUMP_006775: ; Pos = 5fcef pop esi pop ebx pop ebp ret FUNC_001752: ; Pos = 5fcf4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] mov eax,[ebp+0x10] push eax lea eax,[ebx+0x2] push eax movsx eax,word [ebx] push eax mov eax,[ebp+0x8] push eax call FUNC_001751 add esp,byte +0x8 push eax call FUNC_001753 add esp,byte +0xc pop ebx pop ebp ret FUNC_001753: ; Pos = 5fd20 push ebp mov ebp,esp mov edx,[ebp+0x10] mov eax,[ebp+0xc] cmp dword [ebp+0x8],byte +0x0 jz JUMP_006777 mov ecx,edx shr ecx,0x5 jz JUMP_006776 movsx edx,dx sar edx,0x5 add edx,edx add eax,edx pop ebp ret JUMP_006776: ; Pos = 5fd42 xor edx,edx mov [DATA_007824],edx JUMP_006777: ; Pos = 5fd4a pop ebp ret FUNC_001754: ; Pos = 5fd4c push ebp mov ebp,esp mov ecx,[ebp+0x10] mov eax,[ebp+0xc] mov edx,[ebp+0x8] xor edx,edx mov [DATA_007824],edx pop ebp ret FUNC_001755: ; Pos = 5fd64 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] mov eax,[ebp+0x10] push eax lea eax,[ebx+0x2] push eax movsx eax,word [ebx] push eax mov eax,[ebp+0x8] push eax call FUNC_001751 add esp,byte +0x8 cmp eax,byte +0x1 sbb eax,eax neg eax push eax call FUNC_001753 add esp,byte +0xc pop ebx pop ebp ret FUNC_001756: ; Pos = 5fd98 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] xor eax,eax mov al,[ebx] push eax mov eax,[ebp+0x8] push eax call FUNC_001473 add esp,byte +0x8 mov edx,[ebp+0x10] push edx lea edx,[ebx+0x2] push edx cmp byte [ebx+0x1],0x0 jnz JUMP_006778 or edx,byte -0x1 jmp short JUMP_006779 JUMP_006778: ; Pos = 5fdc3 xor ecx,ecx mov cl,[ebx+0x1] dec ecx mov edx,0x1 shl edx,cl JUMP_006779: ; Pos = 5fdd0 test edx,eax setz al and eax,byte +0x1 push eax call FUNC_001753 add esp,byte +0xc pop ebx pop ebp ret FUNC_001757: ; Pos = 5fde4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0xc] xor eax,eax mov al,[ebx] push eax mov eax,[ebp+0x8] push eax call FUNC_001473 add esp,byte +0x8 mov edx,[ebp+0x10] push edx lea edx,[ebx+0x2] push edx cmp byte [ebx+0x1],0x0 jnz JUMP_006780 or edx,byte -0x1 jmp short JUMP_006781 JUMP_006780: ; Pos = 5fe0f xor ecx,ecx mov cl,[ebx+0x1] dec ecx mov edx,0x1 shl edx,cl JUMP_006781: ; Pos = 5fe1c test edx,eax setnz al and eax,byte +0x1 push eax call FUNC_001753 add esp,byte +0xc pop ebx pop ebp ret FUNC_001758: ; Pos = 5fe30 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] xor eax,eax mov al,[esi] push eax push ebx call FUNC_001473 add esp,byte +0x8 mov edi,eax xor eax,eax mov al,[esi+0x1] push eax push ebx call FUNC_001473 add esp,byte +0x8 mov [ebp-0x4],eax mov eax,[ebp+0x10] shr eax,0x4 and eax,byte +0xf cmp eax,byte +0xf ja near JUMP_006803 jmp near [eax*4+DATA_000050] SECTION .data DATA_000050: ; Pos = 5fe7a dd JUMP_006782 dd JUMP_006783 dd JUMP_006784 dd JUMP_006785 dd JUMP_006787 dd JUMP_006788 dd JUMP_006789 dd JUMP_006791 dd JUMP_006793 dd JUMP_006794 dd JUMP_006795 dd JUMP_006796 dd JUMP_006798 dd JUMP_006800 dd JUMP_006801 dd JUMP_006802 SECTION .text JUMP_006782: ; Pos = 5feba add edi,[ebp-0x4] mov [ebp-0x8],edi jmp JUMP_006803 JUMP_006783: ; Pos = 5fec5 sub edi,[ebp-0x4] mov [ebp-0x8],edi jmp JUMP_006803 JUMP_006784: ; Pos = 5fed0 imul edi,[ebp-0x4] mov [ebp-0x8],edi jmp JUMP_006803 JUMP_006785: ; Pos = 5fedc cmp dword [ebp-0x4],byte +0x0 jnz JUMP_006786 mov [ebp-0x8],edi jmp JUMP_006803 JUMP_006786: ; Pos = 5feea mov eax,edi cdq idiv dword [ebp-0x4] mov [ebp-0x8],eax jmp JUMP_006803 JUMP_006787: ; Pos = 5fef8 mov ecx,[ebp-0x4] shr edi,cl mov [ebp-0x8],edi jmp JUMP_006803 JUMP_006788: ; Pos = 5ff05 mov ecx,[ebp-0x4] shl edi,cl mov [ebp-0x8],edi jmp JUMP_006803 JUMP_006789: ; Pos = 5ff12 mov eax,[ebp-0x4] cmp eax,edi jc JUMP_006790 mov edi,[ebp-0x4] JUMP_006790: ; Pos = 5ff1c mov [ebp-0x8],edi jmp JUMP_006803 JUMP_006791: ; Pos = 5ff24 mov eax,[ebp-0x4] cmp eax,edi ja JUMP_006792 mov edi,[ebp-0x4] dec edi JUMP_006792: ; Pos = 5ff2f mov [ebp-0x8],edi jmp JUMP_006803 JUMP_006793: ; Pos = 5ff37 mov eax,edi shl eax,0x10 xor edx,edx div dword [ebp-0x4] mov [ebp-0x8],eax jmp near JUMP_006803 JUMP_006794: ; Pos = 5ff46 mov ecx,[ebp-0x4] sar edi,cl mov [ebp-0x8],edi jmp short JUMP_006803 JUMP_006795: ; Pos = 5ff50 add edi,[ebp-0x4] mov eax,[ebx+0x14c] movzx eax,word [eax+edi*2+0x9c] mov [ebp-0x8],eax jmp short JUMP_006803 JUMP_006796: ; Pos = 5ff66 mov eax,[ebp-0x4] cmp eax,edi jna JUMP_006797 xor edi,edi JUMP_006797: ; Pos = 5ff6f mov [ebp-0x8],edi jmp short JUMP_006803 JUMP_006798: ; Pos = 5ff74 mov eax,[ebp-0x4] cmp eax,edi jnc JUMP_006799 xor edi,edi JUMP_006799: ; Pos = 5ff7d mov [ebp-0x8],edi jmp short JUMP_006803 JUMP_006800: ; Pos = 5ff82 push edi mov eax,[ebp-0x4] push eax call FUNC_001914_Sin32 pop ecx push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x8],eax jmp short JUMP_006803 JUMP_006801: ; Pos = 5ff9b push edi mov eax,[ebp-0x4] add eax,0x4000 push eax call FUNC_001914_Sin32 pop ecx push eax call FUNC_001521 add esp,byte +0x8 mov [ebp-0x8],eax jmp short JUMP_006803 JUMP_006802: ; Pos = 5ffb9 and edi,[ebp-0x4] mov [ebp-0x8],edi JUMP_006803: ; Pos = 5ffbf mov eax,[ebp-0x8] and eax,0xffff mov edx,[ebp+0x10] shr edx,0x8 and edx,byte +0x7 mov [ebx+edx*4+0x54],eax lea eax,[esi+0x2] pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001759: ; Pos = 5ffe0 push ebp mov ebp,esp push ebx mov eax,[ebp+0x8] cmp dword [eax+0x4],byte +0x0 jnl JUMP_006804 mov ebx,[eax+0x4] neg ebx jmp short JUMP_006805 JUMP_006804: ; Pos = 5fff4 mov ebx,[eax+0x4] JUMP_006805: ; Pos = 5fff7 cmp dword [eax+0x8],byte +0x0 jnl JUMP_006806 mov edx,[eax+0x8] neg edx jmp short JUMP_006807 JUMP_006806: ; Pos = 60004 mov edx,[eax+0x8] JUMP_006807: ; Pos = 60007 add ebx,edx cmp dword [eax+0xc],byte +0x0 jnl JUMP_006808 mov edx,[eax+0xc] neg edx jmp short JUMP_006809 JUMP_006808: ; Pos = 60016 mov edx,[eax+0xc] JUMP_006809: ; Pos = 60019 add ebx,edx mov ecx,0x20000 mov eax,ebx xor edx,edx div ecx mov ebx,eax cmp ebx,byte +0x3f jnc JUMP_006810 mov eax,0x3f sub eax,ebx push eax mov eax,[ebp+0x10] shr eax,0x5 and eax,byte +0xf push eax call FUNC_001908_SoundPlaySampleLinVol add esp,byte +0x8 JUMP_006810: ; Pos = 60047 mov eax,[ebp+0xc] pop ebx pop ebp ret FUNC_001760: ; Pos = 60050 push ebp mov ebp,esp push ebx mov eax,[ebp+0x10] mov ebx,[ebp+0xc] movsx eax,word [ebx+0xa] push eax movsx eax,word [ebx+0x8] push eax movsx eax,word [ebx+0x6] push eax movsx eax,word [ebx+0x4] push eax movsx eax,word [ebx+0x2] push eax movsx eax,word [ebx] push eax mov eax,[ebp+0x8] push eax call FUNC_001761 add esp,byte +0x1c lea eax,[ebx+0xc] pop ebx pop ebp ret FUNC_001761: ; Pos = 6008c push ebp mov ebp,esp add esp,0xfffffdb0 push ebx push esi push edi mov edi,[ebp+0x14] mov ebx,[ebp+0x10] mov esi,[ebp+0x8] mov eax,ebx and al,0xff movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006811 mov eax,ebx and al,0xff movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006812 JUMP_006811: ; Pos = 600d2 mov eax,ebx and al,0xff push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006812: ; Pos = 600e1 mov [ebp-0x4],eax mov eax,[ebp-0x4] cmp dword [eax+0xc],byte +0x40 jng near JUMP_006829 mov eax,ebx shr eax,0x8 movsx eax,al lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006813 mov eax,ebx shr eax,0x8 movsx eax,al shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006814 JUMP_006813: ; Pos = 60124 shr ebx,0x8 push ebx push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006814: ; Pos = 60132 mov ebx,eax cmp dword [ebx+0xc],byte +0x40 jng near JUMP_006829 mov ecx,[esi+0x148] mov eax,edi shr eax,0x8 shl eax,cl mov [ebp-0x8],eax mov eax,edi and eax,byte +0x7e shr eax,1 lea eax,[eax+eax*2] mov edx,[esi+0x154] movsx edx,byte [edx+eax*2-0x4] shl edx,0x8 mov [ebp+0xffffff44],edx mov edx,[esi+0x154] movsx edx,byte [edx+eax*2-0x3] shl edx,0x8 mov [ebp+0xffffff48],edx mov edx,[esi+0x154] movsx eax,byte [edx+eax*2-0x2] shl eax,0x8 mov [ebp+0xffffff4c],eax test edi,0x1 jz JUMP_006815 neg dword [ebp+0xffffff44] JUMP_006815: ; Pos = 601a2 lea eax,[esi+0x14] push eax lea eax,[ebp+0xffffff44] push eax lea eax,[ebp+0xffffff38] push eax call FUNC_001669_VecMatMul add esp,byte +0xc mov eax,[ebp-0x8] push eax lea eax,[ebp+0xffffff38] push eax mov eax,[ebp-0x4] add eax,byte +0x4 push eax lea eax,[ebp+0xfffffe94] push eax call FUNC_001553 add esp,byte +0x10 test eax,eax jz near JUMP_006829 mov ecx,[esi+0x148] mov eax,[ebp+0x18] shr eax,0x8 shl eax,cl mov [ebp-0xc],eax mov eax,[ebp-0xc] push eax lea eax,[ebp+0xffffff38] push eax lea eax,[ebx+0x4] push eax lea eax,[ebp+0xfffffddc] push eax call FUNC_001553 add esp,byte +0x10 test eax,eax jz near JUMP_006829 mov eax,[ebp-0x4] mov eax,[eax+0x4] add eax,[ebx+0x4] mov [ebp+0xffffff2c],eax mov eax,[ebp-0x4] mov eax,[eax+0x8] add eax,[ebx+0x8] mov [ebp+0xffffff30],eax mov eax,[ebp-0x4] mov eax,[eax+0xc] add eax,[ebx+0xc] mov [ebp+0xffffff34],eax mov ecx,0x2 mov eax,[ebp+0xffffff2c] cdq idiv ecx mov [ebp+0xffffff2c],eax mov ecx,0x2 mov eax,[ebp+0xffffff30] cdq idiv ecx mov [ebp+0xffffff30],eax mov ecx,0x2 mov eax,[ebp+0xffffff34] cdq idiv ecx mov [ebp+0xffffff34],eax push byte +0x0 lea eax,[ebp+0xffffff2c] push eax push esi call FUNC_001777 add esp,byte +0x8 push eax push byte +0x0 call FUNC_001778 add esp,byte +0xc mov ebx,eax mov [ebp-0x1c],ebx mov eax,[ebp+0xc] push eax lea eax,[ebp+0xffffff50] push eax call FUNC_001692 add esp,byte +0x8 cmp dword [ebp+0xffffff58],byte +0x0 jz JUMP_006816 xor eax,eax jmp short JUMP_006818 JUMP_006816: ; Pos = 602c7 lea eax,[esi+0x134] push eax lea eax,[ebp+0xffffff38] push eax lea eax,[ebp+0xffffff20] push eax call FUNC_001551 add esp,byte +0xc lea eax,[ebp+0xffffff20] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax cmp dword [ebp-0x20],0x1000 jl JUMP_006817 xor eax,eax jmp short JUMP_006818 JUMP_006817: ; Pos = 60302 mov eax,0x1 JUMP_006818: ; Pos = 60307 test eax,eax jz near JUMP_006820 push dword [ebp+0xffffff5c] push dword [ebp+0xffffff58] push dword [ebp+0xffffff54] push dword [ebp+0xffffff50] push esi lea eax,[ebp-0x34] push eax call FUNC_001694 add esp,byte +0x18 lea eax,[ebp-0x34] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0xf] push eax call FUNC_001691 add esp,byte +0x14 mov eax,[ebp-0x20] sar eax,0xc xor eax,byte +0x7 lea eax,[eax+eax*2] mov dx,[esi+eax+0x84] mov [ebp-0x12],dx mov dl,[esi+eax+0x86] mov [ebp-0x10],dl mov al,[ebp-0xf] add [ebp-0x12],al mov al,[ebp-0xe] add [ebp-0x11],al mov al,[ebp-0xd] add [ebp-0x10],al mov eax,[ebp+0xffffff38] imul dword [ebp+0xfffffeb0] mov edx,[ebp+0xffffff3c] imul edx,[ebp+0xfffffeb4] add eax,edx mov edx,[ebp+0xffffff40] imul edx,[ebp+0xfffffeb8] add eax,edx mov edx,[ebp-0x20] imul edx,[ebp+0xfffffee0] sar edx,0xf add edx,byte +0x3 mov ecx,edx cdq idiv ecx sar eax,0x9 movsx eax,word [eax*2+DATA_007976] add eax,eax mov [ebp-0x24],eax mov eax,[ebp+0xfffffeb0] imul dword [esi+0x134] mov edx,[ebp+0xfffffeb4] imul edx,[esi+0x138] add eax,edx mov edx,[ebp+0xfffffeb8] imul edx,[esi+0x13c] add eax,edx test eax,eax jnl JUMP_006819 neg dword [ebp-0x24] mov ax,[ebp-0xf] mov [ebp-0x15],ax mov al,[ebp-0xd] mov [ebp-0x13],al mov ax,[ebp-0x12] mov [ebp-0xf],ax mov al,[ebp-0x10] mov [ebp-0xd],al mov ax,[ebp-0x15] mov [ebp-0x12],ax mov al,[ebp-0x13] mov [ebp-0x10],al JUMP_006819: ; Pos = 6042c mov dword [ebx],FUNC_001794 mov dword [ebx+0x4],FUNC_001795 mov eax,[ebp+0xffffff00] mov [ebx+0x8],eax mov eax,[ebp+0xfffffe48] mov [ebx+0xc],eax lea eax,[ebp+0xfffffe54] push eax lea eax,[ebp+0xfffffe50] push eax lea eax,[ebp+0xfffffe4c] push eax lea eax,[ebp+0xfffffe48] push eax lea eax,[ebp+0xfffffe68] push eax call FUNC_001549 add esp,byte +0x14 mov ecx,[ebp+0xfffffe90] mov eax,[ebp-0x24] sar eax,cl push eax lea eax,[ebp+0xfffffe68] push eax add ebx,byte +0x10 push ebx call FUNC_001550 add esp,byte +0xc mov ebx,eax mov dword [ebx],FUNC_001798 mov eax,[ebp+0xffffff00] mov [ebx+0x4],eax lea eax,[ebp+0xffffff0c] push eax lea eax,[ebp+0xffffff08] push eax lea eax,[ebp+0xffffff04] push eax lea eax,[ebp+0xffffff00] push eax lea eax,[ebp+0xfffffdb0] push eax call FUNC_001549 add esp,byte +0x14 mov ecx,[ebp+0xfffffdd8] mov eax,[ebp-0x24] sar eax,cl push eax lea eax,[ebp+0xfffffdb0] push eax add ebx,byte +0x8 push ebx call FUNC_001550 add esp,byte +0xc mov ebx,eax mov dword [ebx],FUNC_001796 mov eax,[ebp+0xfffffe68] sar eax,0x10 mov [ebx+0x4],ax mov eax,[ebp+0xfffffe6c] sar eax,0x10 mov [ebx+0x6],ax mov dword [ebx+0x8],FUNC_001791 mov eax,[ebp-0xf] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0xc],eax mov dword [ebx+0x10],FUNC_001795 mov eax,[ebp+0xfffffe68] sar eax,0x10 mov [ebx+0x14],ax mov eax,[ebp+0xfffffe6c] sar eax,0x10 mov [ebx+0x16],ax mov eax,[ebp+0xfffffdb0] sar eax,0x10 mov [ebx+0x18],ax mov eax,[ebp+0xfffffdb4] sar eax,0x10 mov [ebx+0x1a],ax push byte +0x0 lea eax,[ebp+0xfffffdb0] push eax add ebx,byte +0x1c push ebx call FUNC_001550 add esp,byte +0xc mov ebx,eax mov dword [ebx],FUNC_001796 mov eax,[ebp+0xfffffe54] mov [ebx+0x4],eax mov dword [ebx+0x8],FUNC_001798 mov eax,[ebp+0xfffffe68] sar eax,0x10 mov [ebx+0xc],ax mov eax,[ebp+0xfffffe6c] sar eax,0x10 mov [ebx+0xe],ax push byte +0x0 lea eax,[ebp+0xfffffe68] push eax add ebx,byte +0x10 push ebx call FUNC_001550 add esp,byte +0xc mov ebx,eax mov dword [ebx],FUNC_001799 mov eax,[ebp-0x12] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x4],eax add ebx,byte +0x8 jmp JUMP_006821 JUMP_006820: ; Pos = 605e2 mov dword [ebx],FUNC_001794 mov eax,FUNC_001797 mov [ebx+0x20],eax mov [ebx+0x4],eax mov eax,[ebp+0xffffff00] mov [ebx+0x38],eax mov [ebx+0x8],eax mov eax,[ebp+0xffffff04] mov [ebx+0xc],eax mov eax,[ebp+0xffffff08] mov [ebx+0x10],eax mov eax,[ebp+0xffffff0c] mov [ebx+0x14],eax mov eax,FUNC_001796 mov [ebx+0x34],eax mov [ebx+0x18],eax mov eax,[ebp+0xfffffe54] mov [ebx+0x1c],eax mov [ebx+0x24],eax mov eax,[ebp+0xfffffe50] mov [ebx+0x28],eax mov eax,[ebp+0xfffffe4c] mov [ebx+0x2c],eax mov eax,[ebp+0xfffffe48] mov [ebx+0x30],eax mov dword [ebx+0x3c],FUNC_001799 mov eax,[ebp+0xc] push eax lea eax,[ebp-0x58] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x58] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push esi lea eax,[ebp-0x48] push eax call FUNC_001694 add esp,byte +0x18 lea eax,[ebp-0x48] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x37] push eax call FUNC_001691 add esp,byte +0x14 lea eax,[ebp-0x37] mov eax,[eax] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x40],eax add ebx,byte +0x44 JUMP_006821: ; Pos = 606ae test edi,0x80 jz near JUMP_006824 mov eax,edi and eax,byte +0x7f mov edx,[DATA_009201] mov al,[edx+eax*8+0x3] shr eax,1 test al,0x1 jz JUMP_006822 mov eax,edi and eax,byte +0x7f push eax push esi call near [DATA_007721] ; FUNC_001481 add esp,byte +0x8 jmp short JUMP_006823 JUMP_006822: ; Pos = 606e1 mov eax,edi and eax,byte +0x7f shl eax,0x3 add eax,[DATA_009201] JUMP_006823: ; Pos = 606ef mov edi,eax test byte [edi+0x3],0x1 jnz near JUMP_006824 mov dword [ebx-0x8],FUNC_001791 mov dword [ebx],FUNC_001797 mov eax,[ebp+0xffffff00] mov [ebx+0x4],eax mov eax,[ebp+0xffffff04] mov [ebx+0x8],eax mov eax,[ebp+0xffffff08] mov [ebx+0xc],eax mov eax,[ebp+0xffffff0c] mov [ebx+0x10],eax mov dword [ebx+0x14],FUNC_001797 mov eax,[ebp+0xffffff10] mov [ebx+0x18],eax mov eax,[ebp+0xffffff14] mov [ebx+0x1c],eax mov eax,[ebp+0xffffff18] mov [ebx+0x20],eax mov eax,[ebp+0xffffff1c] mov [ebx+0x24],eax mov dword [ebx+0x28],FUNC_001799 mov eax,[edi] push eax mov eax,[ebp+0x1c] push eax lea eax,[ebp-0x7c] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x7c] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push esi lea eax,[ebp-0x6c] push eax call FUNC_001693 add esp,byte +0x1c lea eax,[ebp-0x6c] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x5b] push eax call FUNC_001691 add esp,byte +0x14 lea eax,[ebp-0x5b] mov eax,[eax] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x2c],eax add ebx,byte +0x30 JUMP_006824: ; Pos = 607bc test byte [ebp+0x18],0x80 jz near JUMP_006827 mov eax,[ebp+0x18] and eax,byte +0x7f mov edx,[DATA_009201] mov al,[edx+eax*8+0x3] shr eax,1 test al,0x1 jz JUMP_006825 mov eax,[ebp+0x18] and eax,byte +0x7f push eax push esi call near [DATA_007721] ; FUNC_001481 add esp,byte +0x8 mov edi,eax jmp short JUMP_006826 JUMP_006825: ; Pos = 607f1 mov edi,[ebp+0x18] and edi,byte +0x7f shl edi,0x3 add edi,[DATA_009201] JUMP_006826: ; Pos = 60800 test byte [edi+0x3],0x1 jnz near JUMP_006827 mov dword [ebx-0x8],FUNC_001791 mov dword [ebx],FUNC_001797 mov eax,[ebp+0xfffffe48] mov [ebx+0x4],eax mov eax,[ebp+0xfffffe4c] mov [ebx+0x8],eax mov eax,[ebp+0xfffffe50] mov [ebx+0xc],eax mov eax,[ebp+0xfffffe54] mov [ebx+0x10],eax mov dword [ebx+0x14],FUNC_001797 mov eax,[ebp+0xfffffe58] mov [ebx+0x18],eax mov eax,[ebp+0xfffffe5c] mov [ebx+0x1c],eax mov eax,[ebp+0xfffffe60] mov [ebx+0x20],eax mov eax,[ebp+0xfffffe64] mov [ebx+0x24],eax mov dword [ebx+0x28],FUNC_001799 mov eax,[edi] push eax mov eax,[ebp+0x20] push eax lea eax,[ebp+0xffffff60] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp+0xffffff60] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push esi lea eax,[ebp+0xffffff70] push eax call FUNC_001693 add esp,byte +0x1c lea eax,[ebp+0xffffff70] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x7f] push eax call FUNC_001691 add esp,byte +0x14 lea eax,[ebp-0x7f] mov eax,[eax] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x2c],eax add ebx,byte +0x30 JUMP_006827: ; Pos = 608d7 sub ebx,[ebp-0x1c] test ebx,ebx jns JUMP_006828 add ebx,byte +0x3 JUMP_006828: ; Pos = 608e1 sar ebx,0x2 push ebx call FUNC_001787 pop ecx JUMP_006829: ; Pos = 608eb pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001762: ; Pos = 608f4 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov ebx,[ebp+0xc] mov edi,[ebp+0x8] movzx esi,byte [ebx+0x2] mov eax,esi and eax,byte +0x7f mov edx,[DATA_009201] mov al,[edx+eax*8+0x3] shr eax,1 test al,0x1 jz JUMP_006830 mov eax,esi and eax,byte +0x7f push eax push edi call near [DATA_007721] ; FUNC_001481 add esp,byte +0x8 jmp short JUMP_006831 JUMP_006830: ; Pos = 6092e mov eax,esi and eax,byte +0x7f shl eax,0x3 add eax,[DATA_009201] JUMP_006831: ; Pos = 6093c mov [ebp-0x4],eax movsx eax,word [ebx] mov [ebp+0x10],eax cmp byte [ebx+0x3],0x0 jz JUMP_006833 xor eax,eax mov al,[ebx+0x3] push eax push edi call FUNC_001473 add esp,byte +0x8 and eax,byte +0x7 test eax,eax jz JUMP_006832 movsx eax,word [ebx+eax*2+0x2] mov [ebp+0x10],eax JUMP_006832: ; Pos = 60969 add ebx,byte +0x12 jmp short JUMP_006834 JUMP_006833: ; Pos = 6096e add ebx,byte +0x4 JUMP_006834: ; Pos = 60971 mov eax,[ebp+0x10] push eax lea eax,[ebp-0x14] push eax call FUNC_001692 add esp,byte +0x8 cmp dword [ebp-0x10],byte +0x0 jz JUMP_006835 mov dword [ebp-0xc],0x1 JUMP_006835: ; Pos = 6098e mov eax,[ebp-0x4] mov eax,[eax] push eax push dword [ebp-0x8] push dword [ebp-0xc] push dword [ebp-0x10] push dword [ebp-0x14] push edi lea eax,[ebp-0x14] push eax call FUNC_001693 add esp,byte +0x1c test esi,0x80 jz JUMP_006836 push dword [ebp-0x8] push dword [ebp-0xc] push dword [ebp-0x10] push dword [ebp-0x14] mov eax,[DATA_009201] push eax call FUNC_001691 add esp,byte +0x14 jmp short JUMP_006837 JUMP_006836: ; Pos = 609d1 mov ax,[ebp-0x14] mov [edi+0xf4],ax mov al,[ebp-0x12] mov [edi+0xf6],al JUMP_006837: ; Pos = 609e5 mov eax,ebx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001763: ; Pos = 609f0 push ebp mov ebp,esp push ecx push ebx mov ebx,[ebp+0xc] xor eax,eax mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax movzx eax,word [ebx] push eax mov eax,[ebp+0x10] shr eax,0x5 and eax,0xff push eax mov eax,[ebp+0x8] push eax call FUNC_001764 add esp,byte +0x10 lea eax,[ebx+0x2] pop ebx pop ecx pop ebp ret FUNC_001764: ; Pos = 60a24 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] movsx eax,bl lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006838 movsx eax,bl shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006839 JUMP_006838: ; Pos = 60a58 push ebx push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006839: ; Pos = 60a63 mov ebx,eax movsx eax,word [ebx+0x2] add eax,byte -0x4 cmp eax,0x91 ja JUMP_006840 movsx eax,word [ebx] add eax,byte -0x2 cmp eax,0x13b ja JUMP_006840 push byte +0x0 lea eax,[ebx+0x4] push eax push esi call FUNC_001777 add esp,byte +0x8 push eax push byte +0x4 call FUNC_001778 add esp,byte +0xc mov dword [eax],FUNC_001812 mov edx,[ebp+0x10] mov [eax+0x4],edx mov edx,[ebx] mov [eax+0x8],edx mov edx,[ebp+0x14] mov [eax+0xc],edx JUMP_006840: ; Pos = 60ab1 test byte [DATA_008949],0x2 jz JUMP_006845 movsx eax,word [DATA_008832] movsx edx,word [ebx] sub eax,edx js JUMP_006841 movsx eax,word [DATA_008832] movsx edx,word [ebx] sub eax,edx jmp short JUMP_006842 JUMP_006841: ; Pos = 60ad6 movsx eax,word [DATA_008832] movsx edx,word [ebx] sub eax,edx neg eax JUMP_006842: ; Pos = 60ae4 movsx edx,word [DATA_008833] movsx ecx,word [ebx+0x2] sub edx,ecx js JUMP_006843 movsx edx,word [DATA_008833] movsx ecx,word [ebx+0x2] sub edx,ecx jmp short JUMP_006844 JUMP_006843: ; Pos = 60b02 movsx edx,word [DATA_008833] movsx ecx,word [ebx+0x2] sub edx,ecx neg edx JUMP_006844: ; Pos = 60b11 add eax,edx cmp eax,byte +0x8 jnl JUMP_006845 mov eax,[ebp+0x14] mov [DATA_008967],eax JUMP_006845: ; Pos = 60b20 pop esi pop ebx pop ebp ret FUNC_001765: ; Pos = 60b24 push ebp mov ebp,esp push ecx push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] add ebx,byte +0x4 movsx eax,byte [ebx-0x2] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006846 movsx eax,byte [ebx-0x2] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006847 JUMP_006846: ; Pos = 60b5e mov al,[ebx-0x2] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006847: ; Pos = 60b6c mov [ebp-0x4],eax mov eax,[ebp-0x4] cmp dword [eax+0xc],byte +0x40 jnl JUMP_006848 mov eax,ebx jmp JUMP_006857 JUMP_006848: ; Pos = 60b7f movsx eax,byte [ebx-0x1] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006849 movsx eax,byte [ebx-0x1] mov edx,eax shl edx,0x2 lea edx,[edx+edx*8] add edx,[DATA_009200] jmp short JUMP_006850 JUMP_006849: ; Pos = 60bac mov al,[ebx-0x1] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 mov edx,eax JUMP_006850: ; Pos = 60bbc cmp dword [edx+0xc],byte +0x40 jnl JUMP_006851 mov eax,ebx jmp short JUMP_006857 JUMP_006851: ; Pos = 60bc6 movsx eax,word [edx] mov ecx,[ebp-0x4] movsx ecx,word [ecx] sub eax,ecx test eax,eax jnl JUMP_006852 mov ecx,eax neg ecx jmp short JUMP_006853 JUMP_006852: ; Pos = 60bdb mov ecx,eax JUMP_006853: ; Pos = 60bdd movsx eax,word [edx+0x2] mov edx,[ebp-0x4] movsx edx,word [edx+0x2] sub eax,edx test eax,eax jnl JUMP_006854 mov edx,eax neg edx jmp short JUMP_006855 JUMP_006854: ; Pos = 60bf4 mov edx,eax JUMP_006855: ; Pos = 60bf6 add ecx,edx mov dx,[ebx-0x4] movsx eax,dx and eax,0x7fff cmp ecx,eax setnc al and eax,byte +0x1 test dx,dx jnl JUMP_006856 cmp eax,byte +0x1 sbb eax,eax neg eax JUMP_006856: ; Pos = 60c18 mov edx,[ebp+0x10] push edx push ebx push eax call FUNC_001753 add esp,byte +0xc JUMP_006857: ; Pos = 60c26 pop esi pop ebx pop ecx pop ebp ret FUNC_001766: ; Pos = 60c2c push ebp mov ebp,esp add esp,byte -0x30 push ebx push esi push edi mov edi,[ebp+0x10] mov ebx,[ebp+0xc] mov esi,[ebp+0x8] movsx eax,word [ebx] push eax lea eax,[ebp-0x28] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x28] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push esi lea eax,[ebp-0x18] push eax call FUNC_001694 add esp,byte +0x18 lea eax,[ebp-0x18] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] lea eax,[ebp-0x6] push eax call FUNC_001691 add esp,byte +0x14 mov ax,[ebp-0x6] mov [ebp-0x3],ax mov al,[ebp-0x4] mov [ebp-0x1],al movzx eax,word [ebx+0x2] push eax push esi call FUNC_001474 add esp,byte +0x8 mov [ebp-0x2c],eax add ebx,byte +0x4 test byte [ebp-0x2b],0x80 jz JUMP_006858 and dword [ebp-0x2c],0x7fff jmp short JUMP_006865 JUMP_006858: ; Pos = 60cb4 mov eax,[esi+0x148] cmp eax,byte +0x7 jg JUMP_006859 mov ecx,0x7 sub ecx,eax shr dword [ebp-0x2c],cl jmp short JUMP_006860 JUMP_006859: ; Pos = 60ccb mov ecx,eax add ecx,byte -0x7 shl dword [ebp-0x2c],cl JUMP_006860: ; Pos = 60cd3 cmp dword [esi+0xc],byte +0x0 jg JUMP_006864 jmp short JUMP_006862 JUMP_006861: ; Pos = 60cdb add ebx,byte +0x2 JUMP_006862: ; Pos = 60cde cmp byte [ebx+0x1],0x7f jz JUMP_006863 cmp byte [ebx],0x7f jnz JUMP_006861 JUMP_006863: ; Pos = 60ce9 lea eax,[ebx+0x2] jmp JUMP_006876 JUMP_006864: ; Pos = 60cf1 mov eax,[esi+0xc] push eax mov eax,[ebp-0x2c] push eax call FUNC_001666_SpecialDiv add esp,byte +0x8 mov [ebp-0x2c],eax JUMP_006865: ; Pos = 60d04 push byte +0x0 lea eax,[esi+0x4] push eax push esi call FUNC_001777 add esp,byte +0x8 push eax push byte +0x0 call FUNC_001778 add esp,byte +0xc mov edi,eax mov [ebp-0x30],edi mov dword [edi],FUNC_001814 mov eax,[ebp-0x2c] mov [edi+0x4],eax mov eax,[ebp-0x3] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [edi+0x8],eax add edi,byte +0xc jmp JUMP_006873 JUMP_006866: ; Pos = 60d48 movsx eax,byte [ebx+0x1] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006867 movsx eax,byte [ebx+0x1] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006868 JUMP_006867: ; Pos = 60d73 mov al,[ebx+0x1] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006868: ; Pos = 60d81 cmp dword [eax+0xc],byte +0x40 jl JUMP_006869 movsx edx,word [eax+0x2] dec edx cmp edx,0x9d jnc JUMP_006869 movsx edx,word [eax] dec edx cmp edx,0x13f jnc JUMP_006869 movsx edx,word [eax] dec edx mov [edi],edx movsx eax,word [eax+0x2] dec eax mov [edi+0x4],eax add edi,byte +0x8 JUMP_006869: ; Pos = 60db1 cmp byte [ebx],0x7f jz JUMP_006874 movsx eax,byte [ebx] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006870 movsx eax,byte [ebx] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_006871 JUMP_006870: ; Pos = 60ddf mov al,[ebx] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006871: ; Pos = 60dec cmp dword [eax+0xc],byte +0x40 jl JUMP_006872 movsx edx,word [eax+0x2] dec edx cmp edx,0x9d jnc JUMP_006872 movsx edx,word [eax] dec edx cmp edx,0x13f jnc JUMP_006872 movsx edx,word [eax] dec edx mov [edi],edx movsx eax,word [eax+0x2] dec eax mov [edi+0x4],eax add edi,byte +0x8 JUMP_006872: ; Pos = 60e1c add ebx,byte +0x2 JUMP_006873: ; Pos = 60e1f cmp byte [ebx+0x1],0x7f jnz near JUMP_006866 JUMP_006874: ; Pos = 60e29 mov dword [edi],0xffffffff add edi,byte +0x4 sub edi,[ebp-0x30] test edi,edi jns JUMP_006875 add edi,byte +0x3 JUMP_006875: ; Pos = 60e3c sar edi,0x2 push edi call FUNC_001787 pop ecx lea eax,[ebx+0x2] JUMP_006876: ; Pos = 60e49 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001767: ; Pos = 60e50 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x10] mov edi,[ebp+0xc] mov esi,[ebp+0x8] mov eax,ebx test ax,ax jnl JUMP_006877 movsx eax,ax sar eax,0x4 push eax push edi push esi call FUNC_001768 add esp,byte +0xc jmp short JUMP_006878 JUMP_006877: ; Pos = 60e79 shr ebx,0x5 and ebx,0xff push ebx push esi call FUNC_001473 add esp,byte +0x8 mov ebx,eax mov eax,ebx add eax,eax lea eax,[eax+eax*2] add [esi+0x150],eax add ebx,ebx mov eax,ebx shl eax,0x2 lea eax,[eax+eax*8] add [DATA_009200],eax mov eax,edi JUMP_006878: ; Pos = 60ead pop edi pop esi pop ebx pop ebp ret FUNC_001768: ; Pos = 60eb4 push ebp mov ebp,esp push esi push edi mov ecx,[ebp+0x10] mov edx,[ebp+0xc] mov eax,[ebp+0x8] cmp cx,0xf801 jnz JUMP_006879 push ecx push edx push eax call FUNC_001769 add esp,byte +0xc jmp short JUMP_006880 JUMP_006879: ; Pos = 60ed6 lea esi,[eax+0x9c] lea edi,[eax+0x14] mov ecx,0x9 rep movsd mov eax,edx JUMP_006880: ; Pos = 60ee8 pop edi pop esi pop ebp ret FUNC_001769: ; Pos = 60eec push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov edx,[ebp+0x10] mov eax,[ebp+0x8] mov eax,[eax+0x14c] movzx ecx,word [eax+0xa4] mov [ebp-0x8],ecx mov ecx,eax add ecx,0xa6 movzx ebx,word [eax+0x9e] mov [ebp-0xc],ebx mov eax,[eax+0xa0] mov [ebp-0x4],eax xor esi,esi mov eax,ecx mov [ebp-0x10],eax cmp esi,[ebp-0x8] jnl near JUMP_006884 JUMP_006881: ; Pos = 60f36 mov edi,esi add edi,edi mov eax,[ebp-0x10] mov bl,[eax] and ebx,byte +0xf test byte [ebp-0xc],0x20 jz JUMP_006882 lea eax,[edi+0x1] push eax push edi mov eax,[ebx*4+DATA_007828] push eax mov eax,[ebp+0x8] push eax call FUNC_001703 add esp,byte +0x10 JUMP_006882: ; Pos = 60f61 push byte +0x0 push edi mov eax,[ebx*4+DATA_007821] sar eax,0x7 push eax mov eax,[ebx*4+DATA_007820] push eax mov eax,[ebp+0x8] push eax call FUNC_001699 add esp,byte +0x14 mov eax,[DATA_009200] mov eax,[eax+0xc] cmp eax,[ebx*4+DATA_007822] jg JUMP_006883 mov eax,esi and al,0x3f shl eax,0x2 mov dl,[ebp-0x1] and dl,0x3 or al,dl mov [ebp-0x1],al mov eax,[ebp-0x4] push eax push dword 0x8400 push edi mov eax,[ebp+0x8] push eax call FUNC_001764 add esp,byte +0x10 JUMP_006883: ; Pos = 60fbc inc esi add dword [ebp-0x10],byte +0x2 cmp esi,[ebp-0x8] jl near JUMP_006881 JUMP_006884: ; Pos = 60fca mov eax,[ebp+0xc] pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001770: ; Pos = 60fd4 push ebp mov ebp,esp mov edx,[ebp+0x10] mov eax,[ebp+0x8] mov edx,0x7fffffff mov [eax+0xbc],edx mov [eax+0xac],edx mov [eax+0x9c],edx xor edx,edx mov [eax+0xb8],edx mov [eax+0xb4],edx mov [eax+0xb0],edx mov [eax+0xa8],edx mov [eax+0xa4],edx mov [eax+0xa0],edx mov eax,[ebp+0xc] pop ebp ret FUNC_001771: ; Pos = 61020 push ebp mov ebp,esp push ecx push ebx push esi push edi mov eax,[ebp+0x10] test ax,ax jnl JUMP_006885 push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x8] push eax call FUNC_001770 add esp,byte +0xc jmp JUMP_006895 JUMP_006885: ; Pos = 61045 shr eax,0x5 and eax,byte +0x3 mov [ebp-0x4],eax mov eax,[ebp-0x4] sub eax,byte +0x1 jc JUMP_006886 jz JUMP_006887 dec eax jz JUMP_006888 jmp short JUMP_006889 JUMP_006886: ; Pos = 6105d mov eax,[ebp+0x8] mov ebx,[eax+0x3c] mov eax,[ebp+0x8] mov esi,[eax+0x40] jmp short JUMP_006889 JUMP_006887: ; Pos = 6106b mov eax,[ebp+0x8] mov ebx,[eax+0x40] mov eax,[ebp+0x8] mov esi,[eax+0x38] jmp short JUMP_006889 JUMP_006888: ; Pos = 61079 mov eax,[ebp+0x8] mov ebx,[eax+0x38] mov eax,[ebp+0x8] mov esi,[eax+0x3c] JUMP_006889: ; Pos = 61085 mov eax,ebx imul ebx mov edx,esi imul edx,esi add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov edi,eax test edi,edi jz JUMP_006894 test ebx,ebx jnl JUMP_006890 push edi neg ebx push ebx call FUNC_001523 add esp,byte +0x8 neg eax mov ebx,eax jmp short JUMP_006891 JUMP_006890: ; Pos = 610b4 push edi push ebx call FUNC_001523 add esp,byte +0x8 mov ebx,eax JUMP_006891: ; Pos = 610c0 test esi,esi jnl JUMP_006892 push edi neg esi push esi call FUNC_001523 add esp,byte +0x8 neg eax jmp short JUMP_006893 JUMP_006892: ; Pos = 610d4 push edi push esi call FUNC_001523 add esp,byte +0x8 JUMP_006893: ; Pos = 610de push eax push ebx mov eax,[ebp-0x4] push eax mov eax,[ebp+0x8] push eax call FUNC_001744 add esp,byte +0x10 JUMP_006894: ; Pos = 610f0 mov eax,[ebp+0xc] JUMP_006895: ; Pos = 610f3 pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001772: ; Pos = 610fc push ebp mov ebp,esp push ebx mov eax,[ebp+0xc] mov ebx,[ebp+0x8] jmp short JUMP_006897 JUMP_006896: ; Pos = 61108 movzx edx,word [eax] push edx add eax,byte +0x2 push eax push ebx and edx,byte +0x1f mov eax,[edx*4+DATA_007816] call eax add esp,byte +0xc JUMP_006897: ; Pos = 61120 cmp dword [DATA_007824],byte +0x0 jnz JUMP_006896 mov dword [DATA_007824],0x1 pop ebx pop ebp ret FUNC_001773: ; Pos = 61138 push ebp mov ebp,esp mov eax,[ebp+0xc] mov edx,[eax+0x8] push edx mov edx,[eax+0x4] push edx push eax mov eax,[ebp+0x8] push eax call FUNC_001774 add esp,byte +0x10 pop ebp ret FUNC_001774: ; Pos = 61158 push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0x14] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[esi+0x10] push eax push byte +0x6 push edi call FUNC_001745 add esp,byte +0xc test eax,eax jnz JUMP_006899 mov eax,[ebp+0x10] mov [ebx+0x150],eax mov [ebx],esi mov eax,[esi+0xc] mov [ebx+0x154],eax mov eax,[ebx+0x148] add eax,byte -0x8 sub eax,[ebx+0x44] test eax,eax jng JUMP_006898 add [ebx+0x44],eax mov ecx,eax shl dword [ebx+0x48],cl mov ecx,eax shl dword [ebx+0x4c],cl mov ecx,eax shl dword [ebx+0x50],cl JUMP_006898: ; Pos = 611b0 push edi call FUNC_001689 pop ecx push esi push ebx call near [DATA_007720] ; FUNC_001480 add esp,byte +0x8 mov dword [ebx+0xf0],0x2 mov eax,[esi] push eax push ebx call FUNC_001772 add esp,byte +0x8 call FUNC_001746 JUMP_006899: ; Pos = 611dd pop edi pop esi pop ebx pop ebp ret FUNC_001775: ; Pos = 611e4 push ebp mov ebp,esp add esp,0xfffffeac push ebx mov ebx,[ebp+0x8] cmp byte [ebx+0x57],0x0 jnz JUMP_006900 push ebx lea eax,[ebp+0xfffffeac] push eax call FUNC_001665_MatAssign add esp,byte +0x8 jmp short JUMP_006901 JUMP_006900: ; Pos = 61209 push ebx call near [DATA_007804] ; FUNC_001679 pop ecx add ebx,byte +0x5a push ebx lea eax,[ebp+0xfffffeac] push eax call FUNC_001665_MatAssign add esp,byte +0x8 JUMP_006901: ; Pos = 61224 xor eax,eax mov [ebp+0xfffffed2],eax xor eax,eax mov [ebp+0xfffffeda],eax mov dword [ebp+0xfffffee2],0x200 mov dword [ebp+0xffffff2e],0x13b lea eax,[ebp+0xfffffeac] push eax call near [DATA_007807] ; FUNC_001682 pop ecx pop ebx mov esp,ebp pop ebp ret FUNC_001776: ; Pos = 6125c push ebp mov ebp,esp add esp,0xfffffe94 push ebx push esi mov ebx,[ebp+0x8] lea esi,[ebp+0xfffffeac] push byte +0x0 push ebx push esi call near [DATA_007755] ; FUNC_001533 add esp,byte +0xc mov eax,[esi+0x82] push eax call near [DATA_007756] ; FUNC_001538 pop ecx mov edx,eax mov eax,[edx+0x38] test eax,eax jz near JUMP_006909 test byte [ebx+0x151],0x4 jz JUMP_006902 and byte [ebx+0x151],0xfb xor ecx,ecx mov cl,[esi+0xd2] movsx edx,word [eax+0x20] movsx eax,word [eax+0x22] xor ebx,ebx jmp short JUMP_006906 JUMP_006902: ; Pos = 612bc test byte [ebx+0x151],0x8 jz JUMP_006903 and byte [ebx+0x151],0xf7 xor ecx,ecx mov cl,[esi+0xd3] movsx edx,word [eax+0x24] neg edx movsx eax,word [eax+0x26] neg dword [esi+0x18] neg dword [esi+0x1c] neg dword [esi+0x20] xor ebx,ebx jmp short JUMP_006906 JUMP_006903: ; Pos = 612eb and byte [ebx+0x151],0xef cmp word [DATA_008928],byte +0x0 jnl JUMP_006904 xor ecx,ecx mov cl,[esi+0xd4] movsx edx,word [eax+0x28] movsx eax,word [eax+0x2a] jmp short JUMP_006905 JUMP_006904: ; Pos = 6130e xor ecx,ecx mov cl,[esi+0xd5] movsx edx,word [eax+0x2c] movsx eax,word [eax+0x2e] JUMP_006905: ; Pos = 6131e mov ebx,0x1 JUMP_006906: ; Pos = 61323 mov [esi+0xa4],ecx mov ecx,[esi+0x18] sar ecx,0x10 imul ecx,edx mov [ebp+0xfffffe94],ecx mov ecx,[esi+0x1c] sar ecx,0x10 imul ecx,edx mov [ebp+0xfffffe9c],ecx mov ecx,[esi+0x20] sar ecx,0x10 imul ecx,edx mov [ebp+0xfffffea4],ecx test eax,eax jz JUMP_006907 mov edx,[esi+0xc] sar edx,0x10 imul edx,eax add [ebp+0xfffffe94],edx mov edx,[esi+0x10] sar edx,0x10 imul edx,eax add [ebp+0xfffffe9c],edx mov edx,[esi+0x14] sar edx,0x10 imul edx,eax add [ebp+0xfffffea4],edx JUMP_006907: ; Pos = 61387 test ebx,ebx jz JUMP_006908 movsx eax,word [DATA_008927] push eax push esi lea eax,[esi+0x18] push eax call near [DATA_007745] ; FUNC_001513 add esp,byte +0xc movsx eax,word [DATA_008928] push eax lea eax,[esi+0x18] push eax lea eax,[esi+0xc] push eax call near [DATA_007745] ; FUNC_001513 add esp,byte +0xc JUMP_006908: ; Pos = 613ba sar dword [ebp+0xfffffe94],0xc sar dword [ebp+0xfffffe9c],0xc sar dword [ebp+0xfffffea4],0xc mov eax,[ebp+0xfffffe94] sar eax,0x1f mov [ebp+0xfffffe98],eax mov eax,[ebp+0xfffffe9c] sar eax,0x1f mov [ebp+0xfffffea0],eax mov eax,[ebp+0xfffffea4] sar eax,0x1f mov [ebp+0xfffffea8],eax lea eax,[ebp+0xfffffe94] push eax lea eax,[esi+0x3e] push eax call FUNC_001661_Vec64Add add esp,byte +0x8 mov dword [esi+0x82],0x9c mov eax,[ebp+0xc] push eax push esi call near [DATA_007805] ; FUNC_001680 add esp,byte +0x8 JUMP_006909: ; Pos = 61427 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001777: ; Pos = 61430 push ebp mov ebp,esp push ebx push esi mov eax,[ebp+0xc] cmp dword [eax+0x8],byte +0x0 jg JUMP_006910 mov eax,0x1 jmp short JUMP_006917 JUMP_006910: ; Pos = 61445 cmp dword [eax],byte +0x0 jnl JUMP_006911 mov ebx,[eax] neg ebx jmp short JUMP_006912 JUMP_006911: ; Pos = 61450 mov ebx,[eax] JUMP_006912: ; Pos = 61452 cmp dword [eax+0x4],byte +0x0 jnl JUMP_006913 mov edx,[eax+0x4] neg edx jmp short JUMP_006914 JUMP_006913: ; Pos = 6145f mov edx,[eax+0x4] JUMP_006914: ; Pos = 61462 add ebx,edx sar ebx,0x3 add ebx,[eax+0x8] mov edx,[ebp+0x8] push dword [edx+0x130] mov edx,0x3 pop ecx sub edx,ecx test edx,edx jl JUMP_006915 mov ecx,edx mov eax,ebx shr eax,cl jmp short JUMP_006917 JUMP_006915: ; Pos = 61487 neg edx mov ecx,edx mov esi,0x80000000 shr esi,cl cmp ebx,esi jnc JUMP_006916 mov ecx,edx mov eax,ebx shl eax,cl jmp short JUMP_006917 JUMP_006916: ; Pos = 6149e shl edx,0x19 or edx,0x80000000 mov eax,[eax+0x8] sar eax,0x7 or edx,eax mov eax,edx JUMP_006917: ; Pos = 614b1 pop esi pop ebx pop ebp ret FUNC_001778: ; Pos = 614b8 push ebp mov ebp,esp push ebx mov ebx,[DATA_007830] cmp dword [ebp+0x10],byte +0x0 jnz JUMP_006918 cmp dword [DATA_007833],byte +0x0 jnz JUMP_006919 JUMP_006918: ; Pos = 614d1 mov eax,[ebp+0xc] mov [ebx],eax mov eax,[DATA_007832] mov eax,[eax] mov [ebx+0x4],eax mov eax,[DATA_007832] mov [eax],ebx add ebx,byte +0x8 JUMP_006919: ; Pos = 614ea mov eax,[ebp+0x8] shl eax,0x2 add eax,ebx mov [DATA_007830],eax sub eax,[DATA_007829] test eax,eax jns JUMP_006920 add eax,byte +0x3 JUMP_006920: ; Pos = 61504 sar eax,0x2 cmp eax,0xc350 jng JUMP_006921 call FUNC_001529_SysExit JUMP_006921: ; Pos = 61513 mov eax,ebx pop ebx pop ebp ret FUNC_001779: ; Pos = 61518 push ebp mov ebp,esp mov eax,[ebp+0x8] mov [DATA_007830],eax pop ebp ret FUNC_001780: ; Pos = 61528 push ebp mov ebp,esp cmp dword [DATA_007833],byte +0x0 jz JUMP_006922 push byte +0x1 call FUNC_001787 pop ecx mov dword [eax],FUNC_001793 JUMP_006922: ; Pos = 61542 mov eax,[ebp+0x8] mov [DATA_007833],eax test eax,eax jz JUMP_006923 push byte +0x1 mov eax,[ebp+0xc] push eax push byte +0x1 call FUNC_001778 add esp,byte +0xc mov dword [eax],FUNC_001792 JUMP_006923: ; Pos = 61564 pop ebp ret FUNC_001781: ; Pos = 61568 push ebp mov ebp,esp push byte +0x0 push byte +0x0 call FUNC_001780 add esp,byte +0x8 push byte +0x0 mov eax,[ebp+0x8] push eax push byte +0x3 call FUNC_001778 add esp,byte +0xc mov dword [eax],FUNC_001790 add eax,byte +0x4 push eax call FUNC_001783 pop ecx pop ebp ret FUNC_001782: ; Pos = 6159c push byte +0x0 push byte +0x0 call FUNC_001780 add esp,byte +0x8 call FUNC_001784 add eax,byte +0x4 push eax push byte +0x0 call FUNC_001787 pop ecx pop edx mov [edx],eax ret FUNC_001783: ; Pos = 615c0 push ebp mov ebp,esp mov eax,[DATA_007831] mov edx,[DATA_007832] mov [eax*4+DATA_009254],edx inc dword [DATA_007831] mov eax,[ebp+0x8] mov [DATA_007832],eax xor edx,edx mov [eax],edx pop ebp ret FUNC_001784: ; Pos = 615ec mov eax,[DATA_007832] dec dword [DATA_007831] mov edx,[DATA_007831] mov edx,[edx*4+DATA_009254] mov [DATA_007832],edx mov edx,[DATA_007831] xor ecx,ecx mov [edx*4+DATA_009254],ecx ret FUNC_001785: ; Pos = 6161c push ebp mov ebp,esp xor eax,eax mov [DATA_009255],eax mov dword [DATA_007832],DATA_009255 xor eax,eax mov [DATA_007831],eax mov eax,[ebp+0x8] mov [DATA_007830],eax pop ebp ret FUNC_001786: ; Pos = 61644 mov eax,[DATA_007829] push eax call FUNC_001785 pop ecx push byte +0x0 call near [DATA_007630] ; FUNC_001328_DPalClear pop ecx mov ax,[DATA_009212] mov [DATA_009214],ax mov al,[DATA_009213] mov [DATA_009216],al ret FUNC_001787: ; Pos = 61674 push ebp mov ebp,esp push ebx mov ebx,[DATA_007830] mov eax,[ebp+0x8] shl eax,0x2 add [DATA_007830],eax mov eax,[DATA_007830] sub eax,[DATA_007829] test eax,eax jns JUMP_006924 add eax,byte +0x3 JUMP_006924: ; Pos = 6169c sar eax,0x2 cmp eax,0xc350 jng JUMP_006925 call FUNC_001529_SysExit JUMP_006925: ; Pos = 616ab mov eax,ebx pop ebx pop ebp ret FUNC_001788: ; Pos = 616b0 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi xor eax,eax mov [ebp-0x4],eax mov eax,[ebp+0x8] mov eax,[eax] test eax,eax jz JUMP_006927 JUMP_006926: ; Pos = 616c7 inc dword [ebp-0x4] mov eax,[eax+0x4] test eax,eax jnz JUMP_006926 JUMP_006927: ; Pos = 616d1 mov esi,0x1 cmp esi,[ebp-0x4] jnl near JUMP_006942 JUMP_006928: ; Pos = 616df mov ecx,[ebp+0x8] mov eax,[ebp-0x4] mov [ebp-0x8],eax JUMP_006929: ; Pos = 616e8 mov eax,ecx mov edx,esi test edx,edx jng JUMP_006931 JUMP_006930: ; Pos = 616f0 mov eax,[eax] add eax,byte +0x4 dec edx test edx,edx jg JUMP_006930 JUMP_006931: ; Pos = 616fa mov [ebp-0x10],esi mov edx,[ebp-0x8] sub edx,esi cmp esi,edx jnl JUMP_006932 mov edx,esi JUMP_006932: ; Pos = 61708 mov ebx,[ecx] mov ebx,[ebx] mov [ebp-0xc],ebx mov ebx,[eax] mov ebx,[ebx] mov [ebp-0x14],ebx JUMP_006933: ; Pos = 61716 mov ebx,[ebp-0xc] cmp ebx,[ebp-0x14] ja JUMP_006934 mov ebx,[ebp-0xc] cmp ebx,[ebp-0x14] jnz JUMP_006935 mov ebx,[ecx] cmp ebx,[eax] jnc JUMP_006935 JUMP_006934: ; Pos = 6172c mov ecx,[ecx] add ecx,byte +0x4 mov ebx,[ecx] mov ebx,[ebx] mov [ebp-0xc],ebx dec dword [ebp-0x10] jmp short JUMP_006938 JUMP_006935: ; Pos = 6173d mov ebx,[eax] mov [ebp-0x18],ebx mov ebx,[ebp-0x18] mov ebx,[ebx+0x4] mov [eax],ebx test ebx,ebx jz JUMP_006936 mov ebx,[eax] mov ebx,[ebx] jmp short JUMP_006937 JUMP_006936: ; Pos = 61754 xor ebx,ebx JUMP_006937: ; Pos = 61756 mov [ebp-0x14],ebx mov ebx,[ecx] mov edi,[ebp-0x18] mov [edi+0x4],ebx mov ebx,[ebp-0x18] mov [ecx],ebx mov ecx,[ebp-0x18] add ecx,byte +0x4 dec edx JUMP_006938: ; Pos = 6176d cmp dword [ebp-0x10],byte +0x0 jng JUMP_006939 test edx,edx jg JUMP_006933 JUMP_006939: ; Pos = 61777 test edx,edx jz JUMP_006941 JUMP_006940: ; Pos = 6177b mov eax,[eax] add eax,byte +0x4 dec edx test edx,edx jnz JUMP_006940 JUMP_006941: ; Pos = 61785 mov ecx,eax mov eax,esi add eax,eax sub [ebp-0x8],eax cmp esi,[ebp-0x8] jl near JUMP_006929 mov eax,esi add eax,eax mov esi,eax cmp esi,[ebp-0x4] jl near JUMP_006928 JUMP_006942: ; Pos = 617a6 mov eax,[ebp+0x8] mov eax,[eax] mov [ebp+0x8],eax cmp dword [ebp+0x8],byte +0x0 jz JUMP_006946 JUMP_006943: ; Pos = 617b4 mov eax,[ebp+0x8] add eax,byte +0x8 jmp short JUMP_006945 JUMP_006944: ; Pos = 617bc push eax call near [eax] pop ecx JUMP_006945: ; Pos = 617c0 cmp dword [DATA_007834],byte +0x0 jz JUMP_006944 xor eax,eax mov [DATA_007834],eax mov eax,[ebp+0x8] mov eax,[eax+0x4] mov [ebp+0x8],eax cmp dword [ebp+0x8],byte +0x0 jnz JUMP_006943 JUMP_006946: ; Pos = 617df pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001789: ; Pos = 617e8 push dword DATA_009255 call FUNC_001788 pop ecx ret FUNC_001790: ; Pos = 617f4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] lea eax,[ebx+0x4] push eax call FUNC_001788 pop ecx mov dword [DATA_007834],0x1 mov eax,[ebx+0x8] pop ebx pop ebp ret FUNC_001791: ; Pos = 61818 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov ax,[ebx+0x4] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax mov eax,[DATA_009256] push eax call FUNC_001613_DrawSpans add esp,byte +0x8 call near [DATA_007725] ; FUNC_001468 mov [DATA_009256],eax lea eax,[ebx+0x8] pop ebx pop ebp ret FUNC_001792: ; Pos = 61864 push ebp mov ebp,esp mov eax,[ebp+0x8] add eax,byte +0x4 jmp short JUMP_006948 JUMP_006947: ; Pos = 6186f push eax call near [eax] pop ecx JUMP_006948: ; Pos = 61873 cmp dword [DATA_007834],byte +0x2 jnz JUMP_006947 mov dword [DATA_007834],0x1 pop ebp ret FUNC_001793: ; Pos = 61888 push ebp mov ebp,esp mov dword [DATA_007834],0x2 mov eax,[ebp+0x8] add eax,byte +0x4 pop ebp ret FUNC_001794: ; Pos = 618a0 push ebp mov ebp,esp call near [DATA_007725] ; FUNC_001468 mov [DATA_009256],eax mov eax,[ebp+0x8] add eax,byte +0x4 pop ebp ret FUNC_001795: ; Pos = 618b8 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push byte +0x0 lea eax,[ebx+0x8] push eax lea eax,[ebx+0x4] push eax mov eax,[DATA_009256] push eax call FUNC_001560 add esp,byte +0x10 lea eax,[ebx+0xc] pop ebx pop ebp ret FUNC_001796: ; Pos = 618e0 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] push byte +0x0 lea eax,[ebx+0x4] push eax lea eax,[ebx-0x4] push eax mov eax,[DATA_009256] push eax call FUNC_001560 add esp,byte +0x10 lea eax,[ebx+0x8] pop ebx pop ebp ret FUNC_001797: ; Pos = 61908 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] lea eax,[ebx+0x10] push eax lea eax,[ebx+0xc] push eax lea eax,[ebx+0x8] push eax lea eax,[ebx+0x4] push eax mov eax,[DATA_009256] push eax call FUNC_001548 add esp,byte +0x14 lea eax,[ebx+0x14] pop ebx pop ebp ret FUNC_001798: ; Pos = 61934 push ebp mov ebp,esp mov eax,[ebp+0x8] add eax,byte +0x8 pop ebp ret FUNC_001799: ; Pos = 61940 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov ax,[ebx+0x4] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax mov eax,[DATA_009256] push eax call FUNC_001613_DrawSpans add esp,byte +0x8 mov dword [DATA_007834],0x1 lea eax,[ebx+0x8] pop ebx pop ebp ret FUNC_001800: ; Pos = 61b20 push ebp mov ebp,esp push ecx push ebx mov ebx,[ebp+0x8] mov ax,[ebx+0x8] mov [ebp-0x4],ax mov ax,[ebx+0xc] mov [ebp-0x2],ax mov ax,[ebx+0x4] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax mov eax,[ebx+0x10] push eax lea eax,[ebp-0x4] push eax call FUNC_001610_DrawParticleClipped add esp,byte +0xc mov dword [DATA_007834],0x1 lea eax,[ebx+0x14] pop ebx pop ecx pop ebp ret FUNC_001801: ; Pos = 61b68 push ebp mov ebp,esp push ecx push ebx push esi mov ebx,[ebp+0x8] mov ax,[ebx+0x8] mov [ebp-0x4],ax mov ax,[ebx+0xc] mov [ebp-0x2],ax mov esi,[ebx+0x10] dec esi mov ax,[ebx+0x14] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax movsx eax,byte [esi+DATA_007836] push eax lea eax,[ebp-0x4] push eax call FUNC_001610_DrawParticleClipped add esp,byte +0xc mov ax,[ebx+0x4] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax movsx eax,byte [esi+DATA_007835] push eax lea eax,[ebp-0x4] push eax call FUNC_001610_DrawParticleClipped add esp,byte +0xc mov dword [DATA_007834],0x1 lea eax,[ebx+0x18] pop esi pop ebx pop ecx pop ebp ret FUNC_001802: ; Pos = 61bdc push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,[ebx+0x8] mov edi,[ebx+0xc] mov eax,[ebx+0x10] mov [ebp-0x4],eax mov ax,[ebx+0x14] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax push byte +0x0 mov eax,[ebp-0x4] push eax push edi push esi call FUNC_001609_DrawSprite add esp,byte +0x14 mov ax,[ebx+0x4] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax push byte +0x1 mov eax,[ebp-0x4] push eax push edi push esi call FUNC_001609_DrawSprite add esp,byte +0x14 mov dword [DATA_007834],0x1 lea eax,[ebx+0x18] pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001803: ; Pos = 61c40 push ebp mov ebp,esp add esp,byte -0x8 push ebx mov ebx,[ebp+0x8] mov ax,[ebx+0x4] mov [ebp-0x4],ax mov ax,[ebx+0x8] mov [ebp-0x2],ax mov ax,[ebx+0xc] mov [ebp-0x8],ax mov ax,[ebx+0x10] mov [ebp-0x6],ax mov ax,[ebx+0x14] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001616_DrawLine add esp,byte +0xc mov dword [DATA_007834],0x1 lea eax,[ebx+0x18] pop ebx pop ecx pop ecx pop ebp ret FUNC_001804: ; Pos = 61cd4 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov ax,[ebx+0x10] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax lea eax,[ebx+0xc] push eax lea eax,[ebx+0x8] push eax lea eax,[ebx+0x4] push eax call FUNC_001604_DrawTriangle add esp,byte +0x10 mov dword [DATA_007834],0x1 lea eax,[ebx+0x14] pop ebx pop ebp ret FUNC_001805: ; Pos = 61d0c push ebp mov ebp,esp push ebx push esi push edi xor edi,edi mov esi,DATA_009252 mov eax,[ebp+0x8] lea ebx,[eax+0x18] JUMP_006951: ; Pos = 61d1f mov ax,[ebx] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov [esi],al inc edi inc esi add ebx,byte +0x4 cmp edi,byte +0x7 jl JUMP_006951 mov eax,[ebp+0x8] mov eax,[eax+0x14] push eax mov eax,[ebp+0x8] add eax,byte +0x10 push eax mov eax,[ebp+0x8] add eax,byte +0xc push eax mov eax,[ebp+0x8] add eax,byte +0x8 push eax mov eax,[ebp+0x8] add eax,byte +0x4 push eax call FUNC_001647_DrawTexQuad add esp,byte +0x14 mov dword [DATA_007834],0x1 mov eax,[ebp+0x8] add eax,byte +0x34 pop edi pop esi pop ebx pop ebp ret FUNC_001806: ; Pos = 61e00 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov edi,[ebp+0x8] movsx esi,word [edi+0x26] add esi,DATA_009252 mov eax,[edi+0x28] sar eax,1 mov [ebp-0x8],eax xor eax,eax mov [ebp-0x4],eax lea ebx,[edi+0x2c] mov eax,[ebp-0x4] cmp eax,[ebp-0x8] jnl JUMP_006954 JUMP_006953: ; Pos = 61e2e mov ax,[ebx] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov [esi],al inc esi mov ax,[ebx+0x2] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov [esi],al inc esi inc dword [ebp-0x4] add ebx,byte +0x4 mov eax,[ebp-0x4] cmp eax,[ebp-0x8] jl JUMP_006953 JUMP_006954: ; Pos = 61e59 movsx eax,word [edi+0x24] push eax lea eax,[edi+0x20] push eax lea eax,[edi+0x1c] push eax lea eax,[edi+0x18] push eax lea eax,[edi+0x14] push eax lea eax,[edi+0x10] push eax lea eax,[edi+0xc] push eax lea eax,[edi+0x8] push eax lea eax,[edi+0x4] push eax call FUNC_001648_DrawTexQuadDet add esp,byte +0x24 mov dword [DATA_007834],0x1 mov eax,[ebp-0x8] shl eax,0x2 add eax,edi add eax,byte +0x2c pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001807: ; Pos = 61ea4 push ebp mov ebp,esp push ebx push esi push edi xor edi,edi mov esi,DATA_009252 mov eax,[ebp+0x8] lea ebx,[eax+0x14] JUMP_006955: ; Pos = 61eb7 mov ax,[ebx] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov [esi],al inc edi inc esi add ebx,byte +0x4 cmp edi,byte +0x7 jl JUMP_006955 mov eax,[ebp+0x8] mov eax,[eax+0x10] push eax mov eax,[ebp+0x8] add eax,byte +0xc push eax mov eax,[ebp+0x8] add eax,byte +0x8 push eax mov eax,[ebp+0x8] add eax,byte +0x4 push eax call FUNC_001644_DrawTexTriangle add esp,byte +0x10 mov dword [DATA_007834],0x1 mov eax,[ebp+0x8] add eax,byte +0x30 pop edi pop esi pop ebx pop ebp ret FUNC_001808: ; Pos = 61f88 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov edi,[ebp+0x8] movsx esi,word [edi+0x1e] add esi,DATA_009252 mov eax,[edi+0x20] sar eax,1 mov [ebp-0x8],eax xor eax,eax mov [ebp-0x4],eax lea ebx,[edi+0x24] mov eax,[ebp-0x4] cmp eax,[ebp-0x8] jnl JUMP_006958 JUMP_006957: ; Pos = 61fb6 mov ax,[ebx] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov [esi],al inc esi mov ax,[ebx+0x2] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov [esi],al inc esi inc dword [ebp-0x4] add ebx,byte +0x4 mov eax,[ebp-0x4] cmp eax,[ebp-0x8] jl JUMP_006957 JUMP_006958: ; Pos = 61fe1 movsx eax,word [edi+0x1c] push eax lea eax,[edi+0x18] push eax lea eax,[edi+0x14] push eax lea eax,[edi+0x10] push eax lea eax,[edi+0xc] push eax lea eax,[edi+0x8] push eax lea eax,[edi+0x4] push eax call FUNC_001645_DrawTexTriangleDet add esp,byte +0x1c mov dword [DATA_007834],0x1 mov eax,[ebp-0x8] shl eax,0x2 add eax,edi add eax,byte +0x24 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001809: ; Pos = 62024 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov ax,[ebx+0x14] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax lea eax,[ebx+0x10] push eax lea eax,[ebx+0xc] push eax lea eax,[ebx+0x8] push eax lea eax,[ebx+0x4] push eax call FUNC_001607_DrawQuad add esp,byte +0x14 mov dword [DATA_007834],0x1 lea eax,[ebx+0x18] pop ebx pop ebp ret FUNC_001810: ; Pos = 62060 push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] mov ax,[ebx+0x14] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax lea eax,[ebx+0x10] push eax lea eax,[ebx+0xc] push eax lea eax,[ebx+0x8] push eax lea eax,[ebx+0x4] push eax call FUNC_001606_DrawQuadVClip add esp,byte +0x14 mov dword [DATA_007834],0x1 lea eax,[ebx+0x18] pop ebx pop ebp ret FUNC_001811: ; Pos = 6209c push ebp mov ebp,esp add esp,byte -0x10 push ebx mov ebx,[ebp+0x8] mov ax,[ebx+0x4] mov [ebp-0x4],ax mov ax,[ebx+0x8] mov [ebp-0x2],ax mov ax,[ebx+0xc] mov [ebp-0x8],ax mov ax,[ebx+0x10] mov [ebp-0x6],ax mov ax,[ebx+0x14] mov [ebp-0xc],ax mov ax,[ebx+0x18] mov [ebp-0xa],ax mov ax,[ebx+0x1c] mov [ebp-0x10],ax mov ax,[ebx+0x20] mov [ebp-0xe],ax mov ax,[ebx+0x24] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax call FUNC_001546 add esp,byte +0x14 mov dword [DATA_007834],0x1 lea eax,[ebx+0x28] pop ebx mov esp,ebp pop ebp ret FUNC_001812: ; Pos = 62120 push ebp mov ebp,esp add esp,0xfffffeec push ebx mov ebx,[ebp+0x8] mov eax,[ebx+0xc] mov [ebp+0xfffffef4],eax lea eax,[ebp+0xfffffeec] push eax mov eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff00] push eax call near [DATA_007639] ; FUNC_001344_StringExpandFFCode add esp,byte +0xc movsx eax,word [ebx+0xa] push eax movsx eax,word [ebx+0x8] push eax lea eax,[ebp+0xffffff00] push eax call FUNC_001583_TextWriteDefaultColor add esp,byte +0xc mov dword [DATA_007834],0x1 lea eax,[ebx+0x10] pop ebx mov esp,ebp pop ebp ret FUNC_001813: ; Pos = 6217c push ebp mov ebp,esp mov dword [DATA_007834],0x1 mov eax,[ebp+0x8] add eax,byte +0x4 pop ebp ret FUNC_001814: ; Pos = 62194 push ebp mov ebp,esp push ecx push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,[ebx+0x4] mov ax,[ebx+0x8] push eax call near [DATA_007631] ; FUNC_001327_DPal16toPal pop ecx mov edi,eax add ebx,byte +0xc mov ax,[ebx] mov [ebp-0x4],ax jmp short JUMP_006960 JUMP_006959: ; Pos = 621bb mov ax,[ebx+0x4] mov [ebp-0x2],ax push edi push esi lea eax,[ebp-0x4] push eax call FUNC_001611_DrawParticle add esp,byte +0xc add ebx,byte +0x8 mov ax,[ebx] mov [ebp-0x4],ax JUMP_006960: ; Pos = 621db cmp word [ebp-0x4],byte +0x0 jnl JUMP_006959 mov dword [DATA_007834],0x1 lea eax,[ebx+0x4] pop edi pop esi pop ebx pop ecx pop ebp ret FUNC_001815: ; Pos = 621f8 push ebp mov ebp,esp add esp,byte -0x2c push ebx push esi push edi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] mov edi,DATA_009200 movsx eax,word [ebx] push eax lea eax,[ebp-0x2c] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x2c] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push dword DATA_009259 call FUNC_001691 add esp,byte +0x14 movsx eax,byte [ebx+0x2] lea eax,[eax+eax*8] mov edx,[edi] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006961 movsx eax,byte [ebx+0x2] shl eax,0x2 lea eax,[eax+eax*8] add eax,[edi] jmp short JUMP_006962 JUMP_006961: ; Pos = 6225a mov al,[ebx+0x2] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006962: ; Pos = 62268 mov [ebp-0x4],eax movsx eax,byte [ebx+0x3] lea eax,[eax+eax*8] mov edx,[edi] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_006963 movsx eax,byte [ebx+0x3] shl eax,0x2 lea eax,[eax+eax*8] add eax,[edi] jmp short JUMP_006964 JUMP_006963: ; Pos = 62289 mov al,[ebx+0x3] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_006964: ; Pos = 62297 mov [ebp-0x8],eax movsx eax,byte [ebx+0x4] lea eax,[eax+eax*8] mov edx,[edi] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006965 movsx eax,byte [ebx+0x4] shl eax,0x2 lea eax,[eax+eax*8] add eax,[edi] jmp short JUMP_006966 JUMP_006965: ; Pos = 622bd mov al,[ebx+0x4] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006966: ; Pos = 622cb mov [ebp-0xc],eax movsx eax,byte [ebx+0x5] lea eax,[eax+eax*8] mov edx,[edi] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_006967 movsx eax,byte [ebx+0x5] shl eax,0x2 lea eax,[eax+eax*8] add eax,[edi] jmp short JUMP_006968 JUMP_006967: ; Pos = 622ec mov al,[ebx+0x5] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_006968: ; Pos = 622fa mov [ebp-0x10],eax movsx eax,byte [ebx+0x6] lea eax,[eax+eax*8] mov edx,[edi] mov eax,[edx+eax*4+0x14] cmp eax,[esi+0xf0] jnz JUMP_006969 movsx eax,byte [ebx+0x6] shl eax,0x2 lea eax,[eax+eax*8] add eax,[edi] jmp short JUMP_006970 JUMP_006969: ; Pos = 62320 mov al,[ebx+0x6] push eax push esi call near [DATA_007727] ; FUNC_001471 add esp,byte +0x8 JUMP_006970: ; Pos = 6232e mov [ebp-0x14],eax movsx eax,byte [ebx+0x7] lea eax,[eax+eax*8] mov edx,[edi] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_006971 movsx eax,byte [ebx+0x7] shl eax,0x2 lea eax,[eax+eax*8] add eax,[edi] jmp short JUMP_006972 JUMP_006971: ; Pos = 6234f mov al,[ebx+0x7] push eax push esi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_006972: ; Pos = 6235d mov edi,eax movsx eax,word [ebx+0x8] mov [ebp-0x18],eax add ebx,byte +0xa push ebx lea eax,[ebp-0x1c] push eax call FUNC_001823 add esp,byte +0x8 mov ebx,eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x1c] mov eax,[eax+0x8] push eax push edi mov eax,[ebp-0x14] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] push eax push esi call FUNC_001828 add esp,byte +0x24 mov eax,ebx pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001816: ; Pos = 623ac push ebx push esi push edi mov ecx,DATA_009274 mov ebx,DATA_009277 cmp dword [DATA_009272],byte +0x0 jnz JUMP_006975 mov [DATA_009272],ecx xor eax,eax mov edx,ecx JUMP_006973: ; Pos = 623cc mov esi,eax shl esi,0x3 lea esi,[esi+esi*8] lea edi,[ecx+0x48] add esi,edi mov [edx],esi inc eax add edx,byte +0x48 cmp eax,0x5db jl JUMP_006973 xor eax,eax mov [ecx+0x1a598],eax mov [DATA_009275],ebx xor eax,eax mov edx,ebx JUMP_006974: ; Pos = 623f8 mov ecx,eax shl ecx,0x4 lea esi,[ebx+0x10] add ecx,esi mov [edx],ecx inc eax add edx,byte +0x10 cmp eax,0xbb7 jl JUMP_006974 xor eax,eax mov [ebx+0xbb70],eax xor eax,eax mov [DATA_009273],eax xor eax,eax mov [DATA_009276],eax JUMP_006975: ; Pos = 62425 pop edi pop esi pop ebx ret FUNC_001817: ; Pos = 6242c xor eax,eax mov [DATA_009272],eax ret FUNC_001818: ; Pos = 62434 push ebx mov ebx,[DATA_009272] inc dword [DATA_009273] cmp dword [DATA_009273],0x5dc jl JUMP_006976 push byte +0x1 push dword DATA_009271 call _LongJmp add esp,byte +0x8 JUMP_006976: ; Pos = 6245c mov eax,[DATA_009272] mov eax,[eax] mov [DATA_009272],eax mov eax,ebx pop ebx ret FUNC_001819: ; Pos = 6246c push ebp mov ebp,esp mov eax,[ebp+0x8] dec dword [DATA_009273] mov edx,[DATA_009272] mov [eax],edx mov [DATA_009272],eax pop ebp ret FUNC_001820: ; Pos = 62488 push ebx mov eax,[DATA_009275] mov ebx,eax mov eax,[eax] mov [DATA_009275],eax inc dword [DATA_009276] cmp dword [DATA_009276],0xbb8 jl JUMP_006977 push byte +0x2 push dword DATA_009271 call _LongJmp add esp,byte +0x8 JUMP_006977: ; Pos = 624b8 xor eax,eax mov [ebx+0x4],eax xor eax,eax mov [ebx+0xc],eax xor eax,eax mov [ebx+0x8],eax mov eax,ebx pop ebx ret nop FUNC_001821: ; Pos = 624cc push ebp mov ebp,esp push ebx mov ebx,[ebp+0x8] JUMP_006978: ; Pos = 624d3 mov eax,[ebx+0x4] test eax,eax jz JUMP_006979 push eax call FUNC_001821 pop ecx JUMP_006979: ; Pos = 624e1 mov eax,[ebx+0x8] test eax,eax jz JUMP_006980 push eax call FUNC_001819 pop ecx JUMP_006980: ; Pos = 624ef dec dword [DATA_009276] mov eax,[DATA_009275] mov [ebx],eax mov [DATA_009275],ebx mov ebx,[ebx+0xc] test ebx,ebx jnz JUMP_006978 pop ebx pop ebp ret FUNC_001822: ; Pos = 6250c push ebp mov ebp,esp mov eax,[ebp+0x8] movsx edx,word [eax] test edx,edx jz JUMP_006982 JUMP_006981: ; Pos = 62519 add eax,byte +0x10 movsx edx,word [eax] test edx,edx jnz JUMP_006981 JUMP_006982: ; Pos = 62523 add eax,byte +0x2 pop ebp ret FUNC_001823: ; Pos = 62528 push ebp mov ebp,esp add esp,byte -0x1c push ebx push esi mov dword [ebp-0x10],0x58 mov dword [ebp-0x14],DATA_009258 xor edx,edx mov eax,[ebp-0x14] add eax,byte +0x8 JUMP_006983: ; Pos = 62546 xor ecx,ecx mov [eax],ecx inc edx add eax,byte +0x4 cmp edx,byte +0x14 jl JUMP_006983 xor edx,edx mov eax,[ebp-0x14] JUMP_006984: ; Pos = 62558 xor ecx,ecx mov [eax],ecx inc edx add eax,byte +0x4 cmp edx,byte +0x2 jl JUMP_006984 mov eax,[ebp+0xc] movsx eax,word [eax] mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jz near JUMP_006998 JUMP_006985: ; Pos = 62578 mov eax,[ebp+0xc] movsx eax,word [eax+0x2] mov [ebp-0xc],eax mov eax,[ebp-0x4] push eax call FUNC_001656_FindMSB pop ecx mov [ebp-0x18],eax mov ecx,0x10 sub ecx,[ebp-0x18] mov eax,[ebp-0x4] shl eax,cl and eax,0xffff mov [ebp-0x4],eax mov ebx,[ebp-0x14] mov eax,[ebp-0x18] add eax,byte -0x3 sar eax,1 jns JUMP_006986 adc eax,byte +0x0 JUMP_006986: ; Pos = 625b4 mov [ebp-0x18],eax cmp dword [ebp-0x18],byte +0x0 jng near JUMP_006994 JUMP_006987: ; Pos = 625c1 mov eax,[ebp-0x4] shr eax,0xb mov [ebp-0x8],eax mov [ebp-0x1c],ebx mov eax,[ebp-0x1c] mov edx,[ebp-0x8] mov ebx,[eax+edx*4+0x8] test ebx,ebx jnz JUMP_006993 mov ebx,DATA_009258 add ebx,[ebp-0x10] mov eax,[ebp-0x10] add eax,byte +0x18 mov [ebp-0x10],eax xor edx,edx lea eax,[ebx+0x8] JUMP_006988: ; Pos = 625f1 xor ecx,ecx mov [eax],ecx inc edx add eax,byte +0x4 cmp edx,byte +0x4 jl JUMP_006988 xor edx,edx mov ecx,ebx mov eax,[ebp-0x1c] JUMP_006989: ; Pos = 62605 mov esi,[eax] test esi,esi jng JUMP_006990 lea esi,[esi+esi*2] mov esi,[esi*4+DATA_007842] dec esi neg esi mov [ecx],esi jmp short JUMP_006992 JUMP_006990: ; Pos = 6261c mov esi,[eax] test esi,esi jnl JUMP_006991 inc esi mov [ecx],esi jmp short JUMP_006992 JUMP_006991: ; Pos = 62627 xor esi,esi mov [ecx],esi JUMP_006992: ; Pos = 6262b inc edx add ecx,byte +0x4 add eax,byte +0x4 cmp edx,byte +0x2 jl JUMP_006989 mov eax,[ebp-0x1c] mov edx,[ebp-0x8] mov [eax+edx*4+0x8],ebx JUMP_006993: ; Pos = 62641 mov eax,[ebp-0x4] shl eax,0x2 and eax,0x1fff mov [ebp-0x4],eax dec dword [ebp-0x18] cmp dword [ebp-0x18],byte +0x0 jg near JUMP_006987 JUMP_006994: ; Pos = 6265c xor edx,edx mov eax,ebx JUMP_006995: ; Pos = 62660 cmp dword [eax],byte +0x0 jz JUMP_006996 inc edx add eax,byte +0x4 cmp edx,byte +0x2 jl JUMP_006995 JUMP_006996: ; Pos = 6266e cmp edx,byte +0x2 jnl JUMP_006997 mov eax,DATA_009258 add eax,[ebp-0x10] mov ecx,[ebp-0x10] add ecx,byte +0x10 mov [ebp-0x10],ecx mov [ebx+edx*4],eax mov edx,[ebp-0xc] mov [eax],edx mov edx,[ebp+0xc] mov dx,[edx+0x4] mov [eax+0x4],dx mov edx,[ebp+0xc] mov dx,[edx+0x6] mov [eax+0x6],dx mov edx,[ebp+0xc] mov dx,[edx+0x8] mov [eax+0x8],dx mov edx,[ebp+0xc] mov dx,[edx+0xa] mov [eax+0xa],dx mov edx,[ebp+0xc] mov dx,[edx+0xc] mov [eax+0xc],dx mov edx,[ebp+0xc] mov dx,[edx+0xe] mov [eax+0xe],dx JUMP_006997: ; Pos = 626ce add dword [ebp+0xc],byte +0x10 mov eax,[ebp+0xc] movsx eax,word [eax] mov [ebp-0x4],eax cmp dword [ebp-0x4],byte +0x0 jnz near JUMP_006985 JUMP_006998: ; Pos = 626e5 mov eax,[ebp+0x8] mov edx,[ebp-0x14] mov [eax],edx mov eax,[ebp+0xc] add eax,byte +0x2 pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001824: ; Pos = 626fc push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,eax shr edx,0x1b mov ecx,eax shl ecx,0x5 or edx,ecx add edx,eax mov ecx,edx shr ecx,0x10 shl edx,0x10 or ecx,edx add eax,ecx pop ebp ret FUNC_001825: ; Pos = 62720 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [eax],byte +0x0 jnl JUMP_006999 mov edx,[eax] neg edx jmp short JUMP_007000 JUMP_006999: ; Pos = 62731 mov edx,[eax] JUMP_007000: ; Pos = 62733 cmp dword [eax+0x4],byte +0x0 jnl JUMP_007001 mov ecx,[eax+0x4] neg ecx jmp short JUMP_007002 JUMP_007001: ; Pos = 62740 mov ecx,[eax+0x4] JUMP_007002: ; Pos = 62743 or edx,ecx cmp dword [eax+0x8],byte +0x0 jnl JUMP_007003 mov ecx,[eax+0x8] neg ecx jmp short JUMP_007004 JUMP_007003: ; Pos = 62752 mov ecx,[eax+0x8] JUMP_007004: ; Pos = 62755 or edx,ecx push edx call FUNC_001656_FindMSB pop ecx pop ebp ret FUNC_001826: ; Pos = 62760 push ebp mov ebp,esp push ebx push esi mov ebx,[ebp+0xc] mov esi,[ebp+0x8] cmp dword [ebx],byte +0x0 jnl JUMP_007005 mov eax,[ebx] neg eax jmp short JUMP_007006 JUMP_007005: ; Pos = 62776 mov eax,[ebx] JUMP_007006: ; Pos = 62778 cmp dword [ebx+0x4],byte +0x0 jnl JUMP_007007 mov edx,[ebx+0x4] neg edx jmp short JUMP_007008 JUMP_007007: ; Pos = 62785 mov edx,[ebx+0x4] JUMP_007008: ; Pos = 62788 or eax,edx cmp dword [ebx+0x8],byte +0x0 jnl JUMP_007009 mov edx,[ebx+0x8] neg edx jmp short JUMP_007010 JUMP_007009: ; Pos = 62797 mov edx,[ebx+0x8] JUMP_007010: ; Pos = 6279a or eax,edx push eax call FUNC_001656_FindMSB pop ecx add eax,byte -0xd test eax,eax jl JUMP_007011 mov ecx,eax mov edx,[ebx] sar edx,cl mov [esi],edx mov ecx,eax mov edx,[ebx+0x4] sar edx,cl mov [esi+0x4],edx mov ecx,eax mov eax,[ebx+0x8] sar eax,cl mov [esi+0x8],eax jmp short JUMP_007012 JUMP_007011: ; Pos = 627c8 mov eax,[ebx] mov [esi],eax mov eax,[ebx+0x4] mov [esi+0x4],eax mov eax,[ebx+0x8] mov [esi+0x8],eax JUMP_007012: ; Pos = 627d8 pop esi pop ebx pop ebp ret FUNC_001827: ; Pos = 627dc push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov ecx,[ebp+0x14] mov edx,[ebp+0x10] mov eax,[ebp+0xc] mov ebx,[ebp+0x8] mov esi,[edx] mov edi,[eax] neg edi add esi,edi mov [ebp-0xc],esi mov esi,[edx+0x4] mov edi,[eax+0x4] neg edi add esi,edi mov [ebp-0x8],esi mov edx,[edx+0x8] mov esi,[eax+0x8] neg esi add edx,esi mov [ebp-0x4],edx mov edx,[ecx] mov esi,[eax] neg esi add edx,esi mov [ebp-0x18],edx mov edx,[ecx+0x4] mov esi,[eax+0x4] neg esi add edx,esi mov [ebp-0x14],edx mov edx,[ecx+0x8] mov eax,[eax+0x8] neg eax add edx,eax mov [ebp-0x10],edx lea eax,[ebp-0xc] push eax call FUNC_001825 pop ecx add eax,byte -0x6 test eax,eax jng JUMP_007013 mov ecx,eax sar dword [ebp-0xc],cl mov ecx,eax sar dword [ebp-0x8],cl mov ecx,eax sar dword [ebp-0x4],cl JUMP_007013: ; Pos = 6285b lea eax,[ebp-0x18] push eax call FUNC_001825 pop ecx add eax,byte -0x6 test eax,eax jng JUMP_007014 mov ecx,eax sar dword [ebp-0x18],cl mov ecx,eax sar dword [ebp-0x14],cl mov ecx,eax sar dword [ebp-0x10],cl JUMP_007014: ; Pos = 6287b mov eax,[ebp-0x8] imul dword [ebp-0x10] mov edx,[ebp-0x4] imul edx,[ebp-0x14] sub eax,edx mov [ebx],eax mov eax,[ebp-0x4] imul dword [ebp-0x18] mov edx,[ebp-0xc] imul edx,[ebp-0x10] sub eax,edx mov [ebx+0x4],eax mov eax,[ebp-0xc] imul dword [ebp-0x14] mov edx,[ebp-0x8] imul edx,[ebp-0x18] sub eax,edx mov [ebx+0x8],eax push ebx call near [DATA_007724] ; FUNC_001465 pop ecx mov ecx,eax inc ecx mov eax,[ebx] shl eax,0xf cdq idiv ecx mov [ebx],eax mov eax,[ebx+0x4] shl eax,0xf cdq idiv ecx mov [ebx+0x4],eax mov eax,[ebx+0x8] shl eax,0xf cdq idiv ecx mov [ebx+0x8],eax pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001828: ; Pos = 628e4 push ebp mov ebp,esp add esp,0xffffff28 push ebx push esi mov ebx,[ebp+0x14] mov edx,[ebp+0xc] cmp dword [edx+0xc],byte +0x40 jnl JUMP_007015 cmp dword [ebx+0xc],byte +0x40 jnl JUMP_007015 mov eax,[ebp+0x1c] cmp dword [eax+0xc],byte +0x40 jl near JUMP_007016 JUMP_007015: ; Pos = 6290e mov eax,[ebp+0x8] mov eax,[eax+0x14c] mov eax,[eax+0xa0] mov ecx,[ebp+0x10] mov esi,[ecx+0x18] mov [ebp-0x20],esi mov esi,[ecx+0x1c] mov [ebp-0x1c],esi mov esi,[ecx+0x20] mov [ebp-0x18],esi mov ecx,[edx+0x4] mov [ebp-0x44],ecx mov ecx,[edx+0x8] mov [ebp-0x40],ecx mov ecx,[edx+0xc] mov [ebp-0x3c],ecx mov edx,[edx] mov [ebp-0x48],edx push eax call FUNC_001824 pop ecx mov edx,eax sar edx,0x4 mov [ebp-0xc],edx mov edx,[ebp+0x18] mov ecx,[edx+0x18] mov [ebp-0x68],ecx mov ecx,[edx+0x1c] mov [ebp-0x64],ecx mov ecx,[edx+0x20] mov [ebp-0x60],ecx mov edx,[ebx+0x4] mov [ebp+0xffffff74],edx mov edx,[ebx+0x8] mov [ebp+0xffffff78],edx mov edx,[ebx+0xc] mov [ebp+0xffffff7c],edx mov edx,[ebx] mov [ebp+0xffffff70],edx push eax call FUNC_001824 pop ecx mov edx,eax sar edx,0x4 mov [ebp-0x54],edx mov edx,[ebp+0x20] mov ecx,[edx+0x18] mov [ebp+0xffffff50],ecx mov ecx,[edx+0x1c] mov [ebp+0xffffff54],ecx mov ecx,[edx+0x20] mov [ebp+0xffffff58],ecx mov edx,[ebp+0x1c] mov ecx,[edx+0x4] mov [ebp+0xffffff2c],ecx mov ecx,[edx+0x8] mov [ebp+0xffffff30],ecx mov ecx,[edx+0xc] mov [ebp+0xffffff34],ecx mov edx,[ebp+0x1c] mov edx,[edx] mov [ebp+0xffffff28],edx push eax call FUNC_001824 pop ecx sar eax,0x4 mov [ebp+0xffffff64],eax xor eax,eax mov [DATA_009262],eax mov dword [DATA_009268],0x1 mov eax,[ebp+0x28] push eax mov eax,[ebp+0x24] push eax lea eax,[ebp+0xffffff28] push eax lea eax,[ebp+0xffffff70] push eax lea eax,[ebp-0x48] push eax mov eax,[ebp+0x8] push eax call FUNC_001830 add esp,byte +0x18 JUMP_007016: ; Pos = 62a2d pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001829: ; Pos = 62a34 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x8] mov esi,[ebx+0xc] cmp esi,0x400 jnl JUMP_007017 mov esi,0x400 JUMP_007017: ; Pos = 62a4d push esi call FUNC_001656_FindMSB pop ecx mov edi,[DATA_009269] sub edi,eax mov [ebx+0x44],edi dec edi jnl JUMP_007018 mov dword [ebx+0x44],0x1 JUMP_007018: ; Pos = 62a69 pop edi pop esi pop ebx pop ebp ret FUNC_001830: ; Pos = 62a70 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov ebx,[ebp+0x14] mov esi,[ebp+0x10] call FUNC_001816 mov eax,[ebp+0xc] mov edx,[eax+0x4] mov eax,edx mov ecx,[esi+0x4] cmp eax,ecx jng JUMP_007019 mov eax,ecx jmp short JUMP_007020 JUMP_007019: ; Pos = 62a97 mov edx,ecx JUMP_007020: ; Pos = 62a99 mov ecx,[ebx+0x4] cmp eax,ecx jng JUMP_007021 mov eax,ecx JUMP_007021: ; Pos = 62aa2 cmp ecx,edx jng JUMP_007022 mov edx,ecx JUMP_007022: ; Pos = 62aa8 sub edx,eax mov [ebp-0x4],edx mov eax,[ebp+0xc] mov edx,[eax+0x8] mov eax,edx mov ecx,[esi+0x8] cmp eax,ecx jng JUMP_007023 mov eax,ecx jmp short JUMP_007024 JUMP_007023: ; Pos = 62ac0 mov edx,ecx JUMP_007024: ; Pos = 62ac2 mov ecx,[ebx+0x8] cmp eax,ecx jng JUMP_007025 mov eax,ecx JUMP_007025: ; Pos = 62acb cmp ecx,edx jng JUMP_007026 mov edx,ecx JUMP_007026: ; Pos = 62ad1 sub edx,eax mov [ebp-0x8],edx mov eax,[ebp+0xc] mov edx,[eax+0xc] mov eax,edx mov ecx,[esi+0xc] cmp eax,ecx jng JUMP_007027 mov eax,ecx jmp short JUMP_007028 JUMP_007027: ; Pos = 62ae9 mov edx,ecx JUMP_007028: ; Pos = 62aeb mov ecx,[ebx+0xc] cmp eax,ecx jng JUMP_007029 mov eax,ecx JUMP_007029: ; Pos = 62af4 cmp ecx,edx jng JUMP_007030 mov edx,ecx JUMP_007030: ; Pos = 62afa mov ecx,edx sub ecx,eax mov eax,ecx mov edi,[ebp-0x4] cmp edi,[ebp-0x8] jnl JUMP_007031 mov edi,[ebp-0x8] JUMP_007031: ; Pos = 62b0b cmp edi,eax jnl JUMP_007032 mov edi,eax JUMP_007032: ; Pos = 62b11 lea eax,[edi+edx] cmp eax,byte +0x40 jl near JUMP_007033 mov eax,[ebp-0x4] add eax,[ebp-0x8] push eax call FUNC_001656_FindMSB pop ecx add eax,[DATA_007837] mov [DATA_009269],eax call FUNC_001820 mov [ebp-0xc],eax mov eax,[ebp-0xc] mov edx,[ebp+0xc] mov [eax],edx call FUNC_001820 mov [ebp-0x10],eax mov eax,[ebp-0x10] mov [eax],esi call FUNC_001820 mov [ebp-0x14],eax mov eax,[ebp-0x14] mov [eax],ebx push byte +0x0 mov eax,[ebp+0x1c] push eax push edi mov eax,[ebp+0x8] push eax call FUNC_001833 add esp,byte +0x10 push byte +0x0 push eax push byte +0x0 mov eax,[ebp+0x18] push eax push edi mov eax,[ebp-0x14] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax push ebx push esi mov eax,[ebp+0xc] push eax call FUNC_001835 add esp,byte +0x2c mov eax,[ebp-0xc] push eax call FUNC_001821 pop ecx mov eax,[ebp-0x10] push eax call FUNC_001821 pop ecx mov eax,[ebp-0x14] push eax call FUNC_001821 pop ecx JUMP_007033: ; Pos = 62bb4 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001831: ; Pos = 62bbc push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,0xffff8002 jnz JUMP_007034 mov eax,0x8 pop ebp ret JUMP_007034: ; Pos = 62bd0 cmp eax,0xa0 jnz JUMP_007035 mov eax,0x2 pop ebp ret JUMP_007035: ; Pos = 62bde mov edx,0x1 cmp eax,0xa0 jl JUMP_007036 add edx,byte +0x3 JUMP_007036: ; Pos = 62bed mov eax,edx pop ebp ret FUNC_001832: ; Pos = 62bf4 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp eax,0xffff8002 jnz JUMP_007037 mov eax,0x8 pop ebp ret JUMP_007037: ; Pos = 62c08 cmp eax,byte +0x4f jnz JUMP_007038 mov eax,0x2 pop ebp ret JUMP_007038: ; Pos = 62c14 mov edx,0x1 cmp eax,byte +0x4f jl JUMP_007039 add edx,byte +0x3 JUMP_007039: ; Pos = 62c21 mov eax,edx pop ebp ret FUNC_001833: ; Pos = 62c28 push ebp mov ebp,esp push ebx push esi mov esi,[ebp+0x8] mov ebx,[ebp+0x10] shl ebx,0x4 lea ebx,[ebx+ebx*2] add ebx,DATA_007843 cmp dword [ebp+0x14],byte +0x0 jz JUMP_007040 mov dword [DATA_009280],FUNC_001831 mov dword [DATA_009281],FUNC_001832 mov dword [DATA_009282],FUNC_001848 jmp short JUMP_007041 JUMP_007040: ; Pos = 62c65 mov dword [DATA_009280],FUNC_001715 mov dword [DATA_009281],FUNC_001716 mov dword [DATA_009282],FUNC_001847 JUMP_007041: ; Pos = 62c83 test esi,esi jz JUMP_007042 mov ecx,[esi+0x130] jmp short JUMP_007043 JUMP_007042: ; Pos = 62c8f xor ecx,ecx JUMP_007043: ; Pos = 62c91 mov eax,0x1dcd6500 sar eax,cl mov [DATA_009264],eax mov eax,[ebx] mov [DATA_009270],eax push ebx call near [ebx+0x4] pop ecx mov [DATA_009261],esi mov eax,[ebx+0x8] pop esi pop ebx pop ebp ret FUNC_001834: ; Pos = 62cb8 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov eax,[ebp+0x1c] mov edi,[ebp+0x10] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] cmp dword [ebp+0x14],byte +0x0 jz JUMP_007044 add eax,byte +0x8 JUMP_007044: ; Pos = 62cd6 cmp dword [ebp+0x18],byte +0x0 jnz JUMP_007045 add eax,byte +0x2 JUMP_007045: ; Pos = 62cdf mov edx,[eax*4+DATA_007844] mov [DATA_009279],edx mov eax,[eax*4+DATA_007845] mov [DATA_009278],eax push ebx call FUNC_001829 pop ecx movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax push esi call FUNC_001829 pop ecx movsx eax,word [esi] push eax call near [DATA_009280] pop ecx mov [esi+0x24],ax movsx eax,word [esi+0x2] push eax call near [DATA_009281] pop ecx mov [esi+0x26],ax push edi call FUNC_001829 pop ecx movsx eax,word [edi] push eax call near [DATA_009280] pop ecx mov [edi+0x24],ax movsx eax,word [edi+0x2] push eax call near [DATA_009281] pop ecx mov [edi+0x26],ax cmp dword [ebp+0x14],byte +0x0 jz near JUMP_007053 xor eax,eax mov [ebp-0x4],eax mov eax,[ebp+0x14] mov [ebp-0x10],eax JUMP_007046: ; Pos = 62d7f mov eax,[ebp-0x10] cmp dword [eax],byte +0x0 jng near JUMP_007052 mov eax,[ebp-0x10] mov eax,[eax] mov edx,[eax] shl edx,0x2 lea edx,[edx+edx*2] add edx,DATA_007841 mov [ebp-0xc],edx add eax,byte +0x4 movsx edx,word [eax] cmp edx,0x80 jnc JUMP_007048 movsx edx,word [eax+0x2] cmp edx,0x80 jnc JUMP_007048 movsx edx,word [eax] movsx ecx,word [eax+0x2] shl ecx,0x7 add edx,ecx mov [ebp-0x8],edx sar dword [ebx+0x3c],0x7 mov edx,[ebp-0xc] cmp dword [edx+0x4],byte +0x0 jz JUMP_007047 mov edx,[ebp-0xc] mov edx,[edx+0x4] mov ecx,[ebp-0x8] movzx edx,byte [edx+ecx] imul edx,[ebx+0x3c] mov [ebx+0x3c],edx JUMP_007047: ; Pos = 62deb mov edx,[ebp-0xc] mov edx,[edx] mov ecx,[ebp-0x8] movsx edx,byte [edx+ecx] shl edx,0x15 add [ebx+0x3c],edx JUMP_007048: ; Pos = 62dfd movsx edx,word [eax+0x4] cmp edx,0x80 jnc JUMP_007050 movsx edx,word [eax+0x6] cmp edx,0x80 jnc JUMP_007050 movsx edx,word [eax+0x4] movsx ecx,word [eax+0x6] shl ecx,0x7 add edx,ecx mov [ebp-0x8],edx sar dword [esi+0x3c],0x7 mov edx,[ebp-0xc] cmp dword [edx+0x4],byte +0x0 jz JUMP_007049 mov edx,[ebp-0xc] mov edx,[edx+0x4] mov ecx,[ebp-0x8] movzx edx,byte [edx+ecx] imul edx,[esi+0x3c] mov [esi+0x3c],edx JUMP_007049: ; Pos = 62e46 mov edx,[ebp-0xc] mov edx,[edx] mov ecx,[ebp-0x8] movsx edx,byte [edx+ecx] shl edx,0x15 add [esi+0x3c],edx JUMP_007050: ; Pos = 62e58 movsx edx,word [eax+0x8] cmp edx,0x80 jnc JUMP_007052 movsx edx,word [eax+0xa] cmp edx,0x80 jnc JUMP_007052 movsx edx,word [eax+0x8] movsx eax,word [eax+0xa] shl eax,0x7 add edx,eax mov [ebp-0x8],edx sar dword [edi+0x3c],0x7 mov eax,[ebp-0xc] mov eax,[eax+0x4] test eax,eax jz JUMP_007051 mov edx,[ebp-0x8] movzx eax,byte [eax+edx] imul eax,[edi+0x3c] mov [edi+0x3c],eax JUMP_007051: ; Pos = 62e9c mov eax,[ebp-0xc] mov eax,[eax] mov edx,[ebp-0x8] movsx eax,byte [eax+edx] shl eax,0x15 add [edi+0x3c],eax JUMP_007052: ; Pos = 62eae inc dword [ebp-0x4] add dword [ebp-0x10],byte +0x4 cmp dword [ebp-0x4],byte +0x2 jl near JUMP_007046 JUMP_007053: ; Pos = 62ebf cmp dword [ebx+0x3c],byte +0x0 jnl JUMP_007054 xor eax,eax jmp short JUMP_007055 JUMP_007054: ; Pos = 62ec9 mov eax,[ebx+0x3c] JUMP_007055: ; Pos = 62ecc mov [ebx+0x40],eax cmp dword [esi+0x3c],byte +0x0 jnl JUMP_007056 xor eax,eax jmp short JUMP_007057 JUMP_007056: ; Pos = 62ed9 mov eax,[esi+0x3c] JUMP_007057: ; Pos = 62edc mov [esi+0x40],eax cmp dword [edi+0x3c],byte +0x0 jnl JUMP_007058 xor eax,eax jmp short JUMP_007059 JUMP_007058: ; Pos = 62ee9 mov eax,[edi+0x3c] JUMP_007059: ; Pos = 62eec mov [edi+0x40],eax pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001835: ; Pos = 62ef8 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x2c] mov edi,[ebp+0xc] mov esi,[ebp+0x8] push ebx mov eax,[ebp+0x28] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x10] push eax push edi push esi call FUNC_001834 add esp,byte +0x18 test bl,0x1 jz near JUMP_007063 cmp ebx,byte +0x8 jl near JUMP_007063 mov eax,[ebp+0x30] sub eax,byte +0x1 jc JUMP_007060 jz JUMP_007061 dec eax jz JUMP_007062 jmp JUMP_007067 JUMP_007060: ; Pos = 62f42 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax push byte +0x0 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi push esi call FUNC_001869 add esp,byte +0x24 jmp JUMP_007067 JUMP_007061: ; Pos = 62f6b mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax push byte +0x0 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi push esi call FUNC_001871 add esp,byte +0x24 jmp JUMP_007067 JUMP_007062: ; Pos = 62f94 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax push byte +0x0 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi push esi call FUNC_001873 add esp,byte +0x24 jmp near JUMP_007067 JUMP_007063: ; Pos = 62fba mov eax,[ebp+0x30] sub eax,byte +0x1 jc JUMP_007064 jz JUMP_007065 dec eax jz JUMP_007066 jmp short JUMP_007067 JUMP_007064: ; Pos = 62fc9 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax push byte +0x0 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi push esi call FUNC_001868 add esp,byte +0x24 jmp short JUMP_007067 JUMP_007065: ; Pos = 62fef mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax push byte +0x0 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi push esi call FUNC_001870 add esp,byte +0x24 jmp short JUMP_007067 JUMP_007066: ; Pos = 63015 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax push byte +0x0 mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x14] push eax mov eax,[ebp+0x10] push eax push edi push esi call FUNC_001872 add esp,byte +0x24 JUMP_007067: ; Pos = 63039 pop edi pop esi pop ebx pop ebp ret FUNC_001836: ; Pos = 63040 push ebp mov ebp,esp mov eax,[ebp+0x8] pop ebp ret FUNC_001837: ; Pos = 63048 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov ebx,[ebp+0x10] mov esi,[ebx+0x3c] mov eax,esi sar eax,0x3 mov [ebp-0x4],eax mov eax,[ebp+0xc] mov edx,esi sub edx,[eax+0x3c] push edx push esi call FUNC_001523 add esp,byte +0x8 mov esi,eax test esi,esi jnl JUMP_007068 xor esi,esi JUMP_007068: ; Pos = 63079 mov edi,0x7fffffff sub edi,esi mov eax,[ebp-0x4] push eax mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebx+0x4] sub edx,eax mov [ebp-0x10],edx mov eax,[ebp-0x4] push eax mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebx+0x8] sub edx,eax mov [ebp-0xc],edx mov eax,[ebp-0x4] push eax mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebx+0xc] sub edx,eax mov [ebp-0x8],edx push edi mov eax,[ebp+0xc] mov eax,[eax+0x4] push eax call FUNC_001521 add esp,byte +0x8 mov ebx,eax push esi mov eax,[ebp-0x10] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax mov [ebp-0x10],ebx push edi mov eax,[ebp+0xc] mov eax,[eax+0x8] push eax call FUNC_001521 add esp,byte +0x8 mov ebx,eax push esi mov eax,[ebp-0xc] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax mov [ebp-0xc],ebx push edi mov eax,[ebp+0xc] mov eax,[eax+0xc] push eax call FUNC_001521 add esp,byte +0x8 mov ebx,eax push esi mov eax,[ebp-0x8] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax mov [ebp-0x8],ebx lea eax,[ebp-0x10] push eax mov eax,[ebp+0x8] push eax call FUNC_001479 add esp,byte +0x8 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_001838: ; Pos = 6314c push ebp mov ebp,esp push ecx push ebx push esi push edi mov edx,[ebp+0x14] mov eax,[ebp+0x8] cmp dword [ebp+0xc],byte +0x0 jz JUMP_007070 mov ecx,[ebp+0x10] shl ecx,0x3 mov ebx,[DATA_009265] imul ebx,[ebp+0xc] add ecx,ebx mov [ebp+0x10],ecx xor ebx,ebx mov edi,eax mov esi,edx JUMP_007069: ; Pos = 6317a mov eax,[esi] mov edx,0x8 sub edx,[ebp+0xc] imul edx add eax,[ebp+0x10] sar eax,0x3 and eax,0xf0f0f mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [edi],eax inc ebx add edi,byte +0x4 add esi,byte +0x4 cmp ebx,byte +0x7 jl JUMP_007069 jmp short JUMP_007072 JUMP_007070: ; Pos = 631b2 xor ebx,ebx mov edi,eax mov esi,edx JUMP_007071: ; Pos = 631b8 mov eax,[esi] add eax,[ebp+0x10] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [edi],eax inc ebx add edi,byte +0x4 add esi,byte +0x4 cmp ebx,byte +0x7 jl JUMP_007071 JUMP_007072: ; Pos = 631dc pop edi pop esi pop ebx pop ecx pop ebp ret nop nop FUNC_001839: ; Pos = 631e4 push ebp mov ebp,esp push ecx push ebx push esi push edi mov edx,[ebp+0x14] mov eax,[ebp+0x8] sar dword [ebp+0x18],1 cmp dword [ebp+0xc],byte +0x0 jz near JUMP_007074 mov ecx,[ebp+0x10] shl ecx,0x3 mov ebx,[DATA_009265] imul ebx,[ebp+0xc] add ecx,ebx mov [ebp+0x10],ecx xor edi,edi mov esi,eax mov ebx,edx cmp edi,[ebp+0x18] jnl near JUMP_007076 JUMP_007073: ; Pos = 63222 mov eax,[ebx] mov edx,0x8 sub edx,[ebp+0xc] imul edx add eax,[ebp+0x10] sar eax,0x3 and eax,0xf0f0f mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx mov [esi],ax mov eax,[ebx+0x4] mov edx,0x8 sub edx,[ebp+0xc] imul edx add eax,[ebp+0x10] sar eax,0x3 and eax,0xf0f0f mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx mov [esi+0x2],ax inc edi add esi,byte +0x4 add ebx,byte +0x8 cmp edi,[ebp+0x18] jl JUMP_007073 jmp short JUMP_007076 JUMP_007074: ; Pos = 63282 xor edi,edi mov esi,eax mov ebx,edx cmp edi,[ebp+0x18] jnl JUMP_007076 JUMP_007075: ; Pos = 6328d mov eax,[ebx] add eax,[ebp+0x10] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx mov [esi],ax mov eax,[ebx+0x4] add eax,[ebp+0x10] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx mov [esi+0x2],ax inc edi add esi,byte +0x4 add ebx,byte +0x8 cmp edi,[ebp+0x18] jl JUMP_007075 JUMP_007076: ; Pos = 632c7 pop edi pop esi pop ebx pop ecx pop ebp ret nop nop nop FUNC_001840: ; Pos = 632d0 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov esi,[ebp+0x18] mov eax,[ebp+0x14] mov edi,[ebp+0x8] mov edx,[DATA_009261] mov ebx,[edx+0x134] imul ebx,[eax] mov edx,[DATA_009261] mov edx,[edx+0x138] imul edx,[eax+0x4] add ebx,edx mov edx,[DATA_009261] mov edx,[edx+0x13c] imul edx,[eax+0x8] add ebx,edx neg ebx test ebx,ebx jnl JUMP_007078 shr ebx,0x1b cmp ebx,byte +0x18 jnl JUMP_007077 xor ebx,ebx JUMP_007077: ; Pos = 63325 and ebx,byte +0x7 lea eax,[ebx+ebx*2] mov edx,[DATA_009261] mov cx,[edx+eax+0x84] mov [ebp-0x4],cx mov cl,[edx+eax+0x86] mov [ebp-0x2],cl jmp short JUMP_007079 JUMP_007078: ; Pos = 63349 xor eax,eax mov [ebp-0x4],eax JUMP_007079: ; Pos = 6334e mov eax,[ebp+0xc] mov eax,[eax+0x3c] cmp eax,[edi+0x3c] jng JUMP_007080 mov eax,edi mov edi,[ebp+0xc] mov [ebp+0xc],eax JUMP_007080: ; Pos = 63361 mov eax,[ebp+0x10] mov eax,[eax+0x3c] cmp eax,[edi+0x3c] jng JUMP_007081 mov eax,edi mov edi,[ebp+0x10] mov [ebp+0x10],eax JUMP_007081: ; Pos = 63374 mov eax,[ebp+0xc] mov eax,[eax+0x3c] mov edx,[ebp+0x10] cmp eax,[edx+0x3c] jnl JUMP_007082 mov eax,[ebp+0xc] mov edx,[ebp+0x10] mov [ebp+0xc],edx mov [ebp+0x10],eax JUMP_007082: ; Pos = 6338e cmp dword [DATA_009262],byte +0x0 jz JUMP_007086 mov eax,[edi+0x4] push eax call _abs pop ecx mov ebx,eax mov eax,[edi+0x8] push eax call _abs pop ecx add ebx,eax sar ebx,0x3 add ebx,[edi+0xc] mov ecx,[DATA_009263] test ecx,ecx jz JUMP_007083 mov eax,ebx sub eax,ecx cdq idiv dword [DATA_009267] mov ebx,eax jmp short JUMP_007084 JUMP_007083: ; Pos = 633ce mov ecx,[DATA_009267] mov eax,ebx cdq idiv ecx mov ebx,eax JUMP_007084: ; Pos = 633db test ebx,ebx jnl JUMP_007085 xor ebx,ebx JUMP_007085: ; Pos = 633e1 cmp ebx,byte +0x8 jng JUMP_007087 mov ebx,0x8 jmp short JUMP_007087 JUMP_007086: ; Pos = 633ed xor ebx,ebx JUMP_007087: ; Pos = 633ef cmp dword [edi+0x3c],byte +0x0 setng al and eax,byte +0x1 mov edx,[ebp+0xc] cmp dword [edx+0x3c],byte +0x0 setng dl and edx,byte +0x1 add eax,edx mov edx,[ebp+0x10] cmp dword [edx+0x3c],byte +0x0 setng dl and edx,byte +0x1 add eax,edx cmp dword [DATA_008812],byte +0x0 jl JUMP_007089 cmp esi,0x1fffffff jna JUMP_007088 cmp eax,byte +0x3 jz JUMP_007089 JUMP_007088: ; Pos = 6342d cmp esi,0x7fffffff jna near JUMP_007097 mov edx,[ebp+0x10] mov ecx,[edi+0x3c] sub ecx,[edx+0x3c] cmp ecx,0x1fffffff jnl near JUMP_007097 JUMP_007089: ; Pos = 6344e mov eax,[edi+0x3c] mov edx,eax sar edx,0x12 mov ecx,edx shl edx,0x3 sub edx,ecx lea edx,[edx+edx*2] test edx,edx jns JUMP_007090 add edx,0x1ff JUMP_007090: ; Pos = 6346a sar edx,0x9 mov [ebp-0x10],edx test eax,eax jg JUMP_007093 add dword [ebp-0x10],byte +0x3 cmp dword [ebp-0x10],byte +0x0 jnl JUMP_007091 xor eax,eax mov [ebp-0x10],eax JUMP_007091: ; Pos = 63483 test ebx,ebx jz JUMP_007092 mov eax,[ebp-0x10] shl eax,0x5 mov eax,[eax+DATA_007846] mov edx,0x8 sub edx,ebx imul edx mov edx,[DATA_009265] imul edx,ebx add eax,edx sar eax,0x3 and eax,0xf0f0f add [ebp-0x4],eax jmp short JUMP_007096 JUMP_007092: ; Pos = 634b4 mov eax,[ebp-0x10] shl eax,0x5 mov eax,[eax+DATA_007846] add [ebp-0x4],eax jmp short JUMP_007096 JUMP_007093: ; Pos = 634c5 cmp dword [ebp-0x10],byte +0x14 jng JUMP_007094 mov dword [ebp-0x10],0x14 JUMP_007094: ; Pos = 634d2 test ebx,ebx jz JUMP_007095 mov eax,[ebp-0x10] mov edx,eax shl eax,0x3 sub eax,edx mov eax,[eax*4+DATA_007849] mov edx,0x8 sub edx,ebx imul edx mov edx,[DATA_009265] imul edx,ebx add eax,edx sar eax,0x3 and eax,0xf0f0f add [ebp-0x4],eax jmp short JUMP_007096 JUMP_007095: ; Pos = 63508 mov eax,[ebp-0x10] mov edx,eax shl eax,0x3 sub eax,edx mov eax,[eax*4+DATA_007849] add [ebp-0x4],eax JUMP_007096: ; Pos = 6351c push byte +0x0 push esi push byte +0x5 call FUNC_001778 add esp,byte +0xc mov esi,eax mov dword [esi],FUNC_001804 mov eax,[edi] mov [esi+0x4],eax mov eax,[ebp+0xc] mov eax,[eax] mov [esi+0x8],eax mov eax,[ebp+0x10] mov eax,[eax] mov [esi+0xc],eax mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [esi+0x10],eax jmp JUMP_007114 JUMP_007097: ; Pos = 6355c sub eax,byte +0x1 jc near JUMP_007107 jz near JUMP_007102 dec eax jz near JUMP_007099 dec eax jnz near JUMP_007114 mov eax,[ebp+0xc] mov eax,[eax+0x3c] add eax,[edi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,0x19 add eax,byte +0x3 mov [ebp-0x10],eax cmp dword [ebp-0x10],byte +0x0 jnl JUMP_007098 xor eax,eax mov [ebp-0x10],eax JUMP_007098: ; Pos = 63598 push byte +0x0 push esi push byte +0xc call FUNC_001778 add esp,byte +0xc mov esi,eax mov dword [esi],FUNC_001807 mov eax,[edi] mov [esi+0x4],eax mov eax,[ebp+0xc] mov eax,[eax] mov [esi+0x8],eax mov eax,[ebp+0x10] mov eax,[eax] mov [esi+0xc],eax mov dword [esi+0x10],0x121 mov eax,[ebp-0x10] shl eax,0x5 add eax,DATA_007846 push eax mov eax,[ebp-0x4] push eax push ebx add esi,byte +0x14 push esi call FUNC_001838 add esp,byte +0x10 jmp JUMP_007114 JUMP_007099: ; Pos = 635ec push byte +0x0 push esi push byte +0xd call FUNC_001778 add esp,byte +0xc mov [ebp-0xc],eax mov eax,[ebp-0xc] mov dword [eax],FUNC_001805 mov eax,[ebp+0x10] mov eax,[eax] mov edx,[ebp-0xc] mov [edx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax] mov edx,[ebp-0xc] mov [edx+0x8],eax push edi mov eax,[ebp+0xc] push eax mov eax,[ebp-0xc] add eax,byte +0xc push eax call FUNC_001837 add esp,byte +0xc push edi mov eax,[ebp+0x10] push eax mov eax,[ebp-0xc] add eax,byte +0x10 push eax call FUNC_001837 add esp,byte +0xc mov eax,[ebp-0xc] mov dword [eax+0x14],0x121 push dword DATA_007847 mov eax,[ebp-0x4] push eax push ebx mov eax,[ebp-0xc] add eax,byte +0x18 push eax call FUNC_001838 add esp,byte +0x10 cmp dword [edi+0x3c],0x400000 jnl JUMP_007100 push byte +0x0 push esi push byte +0xc call FUNC_001778 add esp,byte +0xc mov esi,eax mov dword [esi],FUNC_001807 mov eax,[ebp-0xc] mov eax,[eax+0xc] mov [esi+0x4],eax mov eax,[ebp-0xc] mov eax,[eax+0x10] mov [esi+0x8],eax mov eax,[edi] mov [esi+0xc],eax mov dword [esi+0x10],0x40 push dword DATA_007849 mov eax,[ebp-0x4] push eax push ebx add esi,byte +0x14 push esi call FUNC_001838 add esp,byte +0x10 jmp JUMP_007114 JUMP_007100: ; Pos = 636bd push byte +0x0 push esi push byte +0x14 call FUNC_001778 add esp,byte +0xc mov esi,eax mov dword [esi],FUNC_001808 mov eax,[ebp-0xc] mov eax,[eax+0xc] mov [esi+0x4],eax mov eax,[ebp-0xc] mov eax,[eax+0x10] mov [esi+0x8],eax mov eax,[edi] mov [esi+0xc],eax mov word [esi+0x10],0x0 mov word [esi+0x12],0x0 mov word [esi+0x14],0x3f mov word [esi+0x16],0x0 mov word [esi+0x18],0x0 mov eax,[edi+0x3c] sar eax,0x12 mov [esi+0x1a],ax cmp ax,0x1ff jng JUMP_007101 mov word [esi+0x1a],0x1ff JUMP_007101: ; Pos = 6371d mov word [esi+0x1c],0x5e mov word [esi+0x1e],0x0 mov dword [esi+0x20],0x16 push byte +0x16 push dword DATA_007848 mov eax,[ebp-0x4] push eax push ebx add esi,byte +0x24 push esi call FUNC_001839 add esp,byte +0x14 jmp JUMP_007114 JUMP_007102: ; Pos = 6374d cmp dword [edi+0x3c],0x400000 jnl near JUMP_007103 push byte +0x0 push esi push byte +0xd call FUNC_001778 add esp,byte +0xc mov [ebp-0xc],eax mov eax,[ebp-0xc] mov dword [eax],FUNC_001805 mov eax,[ebp-0xc] mov edx,[edi] mov [eax+0x4],edx mov eax,[ebp+0xc] mov eax,[eax] mov edx,[ebp-0xc] mov [edx+0x8],eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp-0xc] add eax,byte +0xc push eax call FUNC_001837 add esp,byte +0xc push edi mov eax,[ebp+0x10] push eax mov eax,[ebp-0xc] add eax,byte +0x10 push eax call FUNC_001837 add esp,byte +0xc mov eax,[ebp-0xc] mov dword [eax+0x14],0x40 push dword DATA_007849 mov eax,[ebp-0x4] push eax push ebx mov eax,[ebp-0xc] add eax,byte +0x18 push eax call FUNC_001838 add esp,byte +0x10 jmp JUMP_007106 JUMP_007103: ; Pos = 637d5 push byte +0x0 push esi push byte +0x16 call FUNC_001778 add esp,byte +0xc mov [ebp-0xc],eax mov eax,[ebp-0xc] mov dword [eax],FUNC_001806 mov eax,[ebp-0xc] mov edx,[edi] mov [eax+0x4],edx mov eax,[ebp+0xc] mov eax,[eax] mov edx,[ebp-0xc] mov [edx+0x8],eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp-0xc] add eax,byte +0xc push eax call FUNC_001837 add esp,byte +0xc push edi mov eax,[ebp+0x10] push eax mov eax,[ebp-0xc] add eax,byte +0x10 push eax call FUNC_001837 add esp,byte +0xc mov eax,[ebp-0xc] mov word [eax+0x14],0x0 mov eax,[edi+0x3c] sar eax,0x12 mov edx,[ebp-0xc] mov [edx+0x16],ax mov eax,[ebp-0xc] mov word [eax+0x18],0x3f mov eax,[ebp+0xc] mov eax,[eax+0x3c] sar eax,0x12 mov edx,[ebp-0xc] mov [edx+0x1a],ax mov eax,[ebp-0xc] mov word [eax+0x1c],0x3f mov eax,[ebp-0xc] mov word [eax+0x1e],0x0 mov eax,[ebp-0xc] mov word [eax+0x20],0x0 mov eax,[ebp-0xc] mov word [eax+0x22],0x0 mov eax,[ebp-0xc] cmp word [eax+0x16],0x1ff jng JUMP_007104 mov eax,[ebp-0xc] mov word [eax+0x16],0x1ff JUMP_007104: ; Pos = 63893 mov eax,[ebp-0xc] cmp word [eax+0x1a],0x1ff jng JUMP_007105 mov eax,[ebp-0xc] mov word [eax+0x1a],0x1ff JUMP_007105: ; Pos = 638a7 mov eax,[ebp-0xc] mov word [eax+0x24],0x5e mov eax,[ebp-0xc] mov word [eax+0x26],0x0 mov eax,[ebp-0xc] mov dword [eax+0x28],0x16 push byte +0x16 push dword DATA_007848 mov eax,[ebp-0x4] push eax push ebx mov eax,[ebp-0xc] add eax,byte +0x2c push eax call FUNC_001839 add esp,byte +0x14 JUMP_007106: ; Pos = 638de push byte +0x0 push esi push byte +0xc call FUNC_001778 add esp,byte +0xc mov esi,eax mov dword [esi],FUNC_001807 mov eax,[ebp+0x10] mov eax,[eax] mov [esi+0x4],eax mov eax,[ebp-0xc] mov eax,[eax+0xc] mov [esi+0x8],eax mov eax,[ebp-0xc] mov eax,[eax+0x10] mov [esi+0xc],eax mov dword [esi+0x10],0x121 push dword DATA_007847 mov eax,[ebp-0x4] push eax push ebx add esi,byte +0x14 push esi call FUNC_001838 add esp,byte +0x10 jmp JUMP_007114 JUMP_007107: ; Pos = 6392f mov eax,[ebp+0x10] mov edx,[edi+0x3c] sub edx,[eax+0x3c] cmp edx,0x400000 jnl near JUMP_007110 push byte +0x0 push esi push byte +0xc call FUNC_001778 add esp,byte +0xc mov esi,eax mov dword [esi],FUNC_001807 mov eax,[edi] mov [esi+0x4],eax mov eax,[ebp+0xc] mov eax,[eax] mov [esi+0x8],eax mov eax,[ebp+0x10] mov eax,[eax] mov [esi+0xc],eax mov dword [esi+0x10],0x40 mov eax,[ebp+0x10] mov eax,[eax+0x3c] sar eax,0x12 mov edx,eax shl eax,0x3 sub eax,edx lea eax,[eax+eax*2] test eax,eax jns JUMP_007108 add eax,0x1ff JUMP_007108: ; Pos = 63991 sar eax,0x9 mov [ebp-0x10],eax cmp dword [ebp-0x10],byte +0x14 jng JUMP_007109 mov dword [ebp-0x10],0x14 JUMP_007109: ; Pos = 639a4 mov eax,[ebp-0x10] mov edx,eax shl eax,0x3 sub eax,edx shl eax,0x2 add eax,DATA_007849 push eax mov eax,[ebp-0x4] push eax push ebx add esi,byte +0x14 push esi call FUNC_001838 add esp,byte +0x10 jmp JUMP_007114 JUMP_007110: ; Pos = 639ce push byte +0x0 push esi push byte +0x14 call FUNC_001778 add esp,byte +0xc mov esi,eax mov dword [esi],FUNC_001808 mov eax,[edi] mov [esi+0x4],eax mov eax,[ebp+0xc] mov eax,[eax] mov [esi+0x8],eax mov eax,[ebp+0x10] mov eax,[eax] mov [esi+0xc],eax mov word [esi+0x10],0x0 mov eax,[edi+0x3c] sar eax,0x12 mov [esi+0x12],ax mov word [esi+0x14],0x3f mov eax,[ebp+0xc] mov eax,[eax+0x3c] sar eax,0x12 mov [esi+0x16],ax mov word [esi+0x18],0x0 mov eax,[ebp+0x10] mov eax,[eax+0x3c] sar eax,0x12 mov [esi+0x1a],ax cmp word [esi+0x12],0x1ff jng JUMP_007111 mov word [esi+0x12],0x1ff JUMP_007111: ; Pos = 63a3c cmp word [esi+0x16],0x1ff jng JUMP_007112 mov word [esi+0x16],0x1ff JUMP_007112: ; Pos = 63a4a cmp word [esi+0x1a],0x1ff jng JUMP_007113 mov word [esi+0x1a],0x1ff JUMP_007113: ; Pos = 63a58 mov word [esi+0x1c],0x5e mov word [esi+0x1e],0x0 mov dword [esi+0x20],0x16 push byte +0x16 push dword DATA_007848 mov eax,[ebp-0x4] push eax push ebx add esi,byte +0x24 push esi call FUNC_001839 add esp,byte +0x14 JUMP_007114: ; Pos = 63a83 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop FUNC_001841: ; Pos = 63a8c push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov ebx,[ebp+0x8] xor eax,eax mov [ebp-0x4],eax mov edx,DATA_007848 mov eax,DATA_007850 JUMP_007115: ; Pos = 63aa7 mov ecx,[eax] mov ecx,[ebx+ecx*4+0xc] imul ecx,[eax+0x4] mov esi,[eax+0x8] mov esi,[ebx+esi*4+0xc] imul esi,[eax+0xc] add ecx,esi sar ecx,0x4 and ecx,0xf0f0f mov [edx],ecx inc dword [ebp-0x4] add edx,byte +0x4 add eax,byte +0x10 cmp dword [ebp-0x4],byte +0x16 jl JUMP_007115 xor eax,eax mov [ebp-0x4],eax mov dword [ebp-0x14],DATA_007851 mov dword [ebp-0x10],DATA_007849 JUMP_007116: ; Pos = 63aeb xor ecx,ecx mov eax,[ebp-0x10] mov edx,eax mov eax,[ebp-0x14] JUMP_007117: ; Pos = 63af5 mov esi,[eax] mov esi,[ebx+esi*4+0xc] imul esi,[eax+0x4] mov edi,[eax+0x8] mov edi,[ebx+edi*4+0xc] imul edi,[eax+0xc] add esi,edi sar esi,0x4 and esi,0xf0f0f mov [edx],esi inc ecx add edx,byte +0x4 add eax,byte +0x10 cmp ecx,byte +0x7 jl JUMP_007117 inc dword [ebp-0x4] add dword [ebp-0x14],byte +0x70 add dword [ebp-0x10],byte +0x1c cmp dword [ebp-0x4],byte +0x15 jl JUMP_007116 xor eax,eax mov [ebp-0x4],eax mov dword [ebp-0x18],DATA_007846 JUMP_007118: ; Pos = 63b40 mov eax,[ebp-0x4] shl eax,0x2 inc eax mov ecx,0x3 cdq idiv ecx mov edx,0x4 sub edx,eax mov ecx,edx imul ecx,[ebx+0xc] mov esi,[ebx+0x10] imul esi,eax add ecx,esi sar ecx,0x2 and ecx,0xf0f0f mov [ebp-0x8],ecx imul edx,[ebx+0x14] mov ecx,[ebx+0x18] imul ecx,eax add edx,ecx sar edx,0x2 and edx,0xf0f0f mov [ebp-0xc],edx xor ecx,ecx mov eax,[ebp-0x18] mov esi,eax JUMP_007119: ; Pos = 63b8f mov eax,ecx shl eax,0x3 add eax,byte +0x3 mov edi,0x6 cdq idiv edi mov edx,0x8 sub edx,eax imul edx,[ebp-0x8] mov edi,[ebp-0xc] imul edi,eax add edx,edi sar edx,0x3 and edx,0xf0f0f mov [esi],edx inc ecx add esi,byte +0x4 cmp ecx,byte +0x7 jl JUMP_007119 inc dword [ebp-0x4] add dword [ebp-0x18],byte +0x20 cmp dword [ebp-0x4],byte +0x4 jl near JUMP_007118 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop FUNC_001842: ; Pos = 63be0 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi mov eax,[ebp+0x14] mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov edx,[DATA_009261] mov edx,[edx+0x134] imul edx,[eax] mov ecx,[DATA_009261] mov ecx,[ecx+0x138] imul ecx,[eax+0x4] add edx,ecx mov ecx,[DATA_009261] mov ecx,[ecx+0x13c] imul ecx,[eax+0x8] add edx,ecx mov eax,edx neg eax test eax,eax jnl JUMP_007121 shr eax,0x1b cmp eax,byte +0x18 jnl JUMP_007120 xor eax,eax JUMP_007120: ; Pos = 63c36 and eax,byte +0x7 lea eax,[eax+eax*2] mov edx,[DATA_009261] mov cx,[edx+eax+0x84] mov [ebp-0x4],cx mov cl,[edx+eax+0x86] mov [ebp-0x2],cl jmp short JUMP_007122 JUMP_007121: ; Pos = 63c5a xor eax,eax mov [ebp-0x4],eax JUMP_007122: ; Pos = 63c5f mov eax,[esi+0x3c] cmp eax,[ebx+0x3c] jng JUMP_007123 mov eax,ebx mov ebx,esi mov esi,eax JUMP_007123: ; Pos = 63c6d mov eax,[ebp+0x10] mov eax,[eax+0x3c] cmp eax,[ebx+0x3c] jng JUMP_007124 mov eax,ebx mov ebx,[ebp+0x10] mov [ebp+0x10],eax JUMP_007124: ; Pos = 63c80 mov eax,[esi+0x3c] mov edx,[ebp+0x10] cmp eax,[edx+0x3c] jnl JUMP_007125 mov eax,esi mov esi,[ebp+0x10] mov [ebp+0x10],eax JUMP_007125: ; Pos = 63c93 push byte +0x0 mov eax,[ebp+0x18] push eax push byte +0x19 call FUNC_001778 add esp,byte +0xc mov dword [eax],FUNC_001808 mov edx,[ebx] mov [eax+0x4],edx mov edx,[esi] mov [eax+0x8],edx mov edx,[ebp+0x10] mov edx,[edx] mov [eax+0xc],edx mov word [eax+0x10],0x0 mov edx,[ebx+0x3c] sar edx,0x12 mov [eax+0x12],dx mov word [eax+0x14],0x3f mov edx,[esi+0x3c] sar edx,0x12 mov [eax+0x16],dx mov word [eax+0x18],0x0 mov edx,[ebp+0x10] mov edx,[edx+0x3c] sar edx,0x12 mov [eax+0x1a],dx movsx ecx,word [eax+0x12] movsx edx,dx sub ecx,edx cmp ecx,byte +0x10 jnl JUMP_007127 add word [eax+0x1a],byte -0x8 cmp word [eax+0x1a],byte +0x0 jnl JUMP_007126 mov word [eax+0x1a],0x0 mov word [eax+0x12],0x10 jmp short JUMP_007127 JUMP_007126: ; Pos = 63d16 mov dx,[eax+0x1a] add dx,byte +0x10 mov [eax+0x12],dx cmp dx,0x1ff jng JUMP_007127 mov word [eax+0x12],0x1ff mov word [eax+0x1a],0x1ef JUMP_007127: ; Pos = 63d35 mov word [eax+0x1c],0x5f mov word [eax+0x1e],0x0 mov dword [eax+0x20],0x20 push byte +0x20 push dword DATA_007852 mov edx,[ebp-0x4] push edx push byte +0x0 add eax,byte +0x24 push eax call FUNC_001839 add esp,byte +0x14 pop esi pop ebx pop ecx pop ecx pop ebp ret nop FUNC_001843: ; Pos = 63d68 push ebp mov ebp,esp push ebx push esi push edi xor ecx,ecx mov edx,DATA_007852 mov eax,DATA_007853 JUMP_007128: ; Pos = 63d7a mov ebx,[ebp+0x8] mov esi,[eax] mov ebx,[ebx+esi*4+0xc] imul ebx,[eax+0x4] mov esi,[ebp+0x8] mov edi,[eax+0x8] mov esi,[esi+edi*4+0xc] imul esi,[eax+0xc] add ebx,esi sar ebx,0x4 and ebx,0xf0f0f mov [edx],ebx inc ecx add edx,byte +0x4 add eax,byte +0x10 cmp ecx,byte +0x20 jl JUMP_007128 pop edi pop esi pop ebx pop ebp ret nop FUNC_001844: ; Pos = 63db4 push ebp mov ebp,esp push ecx push ebx mov eax,[ebp+0x14] mov edx,[DATA_009261] mov ecx,[edx+0x134] imul ecx,[eax] mov ebx,[edx+0x138] imul ebx,[eax+0x4] add ecx,ebx mov ebx,[edx+0x13c] imul ebx,[eax+0x8] add ecx,ebx mov eax,ecx neg eax test eax,eax jnl JUMP_007130 shr eax,0x1b cmp eax,byte +0x18 jnl JUMP_007129 xor eax,eax JUMP_007129: ; Pos = 63df5 and eax,byte +0x7 lea eax,[eax+eax*2] mov cx,[edx+eax+0x84] mov [ebp-0x4],cx mov cl,[edx+eax+0x86] mov [ebp-0x2],cl jmp short JUMP_007131 JUMP_007130: ; Pos = 63e13 xor eax,eax mov [ebp-0x4],eax JUMP_007131: ; Pos = 63e18 push byte +0x0 mov eax,[ebp+0x18] push eax push byte +0x5 call FUNC_001778 add esp,byte +0xc mov ebx,eax mov dword [ebx],FUNC_001804 mov eax,[ebp+0x8] mov eax,[eax] mov [ebx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax] mov [ebx+0x8],eax mov eax,[ebp+0x10] mov eax,[eax] mov [ebx+0xc],eax mov eax,[DATA_009259] add [ebp-0x4],eax mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x10],eax pop ebx pop ecx pop ebp ret nop nop nop FUNC_001845: ; Pos = 63e68 push ebp mov ebp,esp push ecx push ebx push byte +0x0 mov eax,[ebp+0x18] push eax push byte +0x5 call FUNC_001778 add esp,byte +0xc mov ebx,eax mov dword [ebx],FUNC_001804 mov eax,[ebp+0x8] mov eax,[eax] mov [ebx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax] mov [ebx+0x8],eax mov eax,[ebp+0x10] mov eax,[eax] mov [ebx+0xc],eax mov eax,[DATA_009259] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebx+0x10],eax pop ebx pop ecx pop ebp ret nop nop FUNC_001846: ; Pos = 63ebc push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0xc] mov esi,[ebp+0x8] cmp dword [ebp+0x10],byte +0x1 jg JUMP_007132 xor esi,edi push esi call FUNC_001824 pop ecx sar eax,0x4 jmp short JUMP_007134 JUMP_007132: ; Pos = 63edc mov ebx,esi sub ebx,edi test ebx,ebx jnl JUMP_007133 neg ebx JUMP_007133: ; Pos = 63ee6 push ebx xor esi,edi push esi call FUNC_001824 pop ecx push eax call FUNC_001521 add esp,byte +0x8 sar eax,1 JUMP_007134: ; Pos = 63efb pop edi pop esi pop ebx pop ebp ret FUNC_001847: ; Pos = 63f00 push ebp mov ebp,esp push ebx push esi mov ecx,[ebp+0x8] mov ebx,[ecx+0xc] cmp ebx,byte +0x40 jnl JUMP_007135 mov ax,0x8 mov [ecx+0x26],ax mov [ecx+0x24],ax jmp JUMP_007144 JUMP_007135: ; Pos = 63f21 cmp ebx,0x10000 jng JUMP_007136 sar ebx,0x8 mov eax,[ecx+0x4] cdq idiv ebx mov esi,eax add esi,0xa0 mov eax,[ecx+0x8] cdq idiv ebx push eax mov eax,0x4f pop edx sub eax,edx jmp short JUMP_007137 JUMP_007136: ; Pos = 63f4b mov eax,[ecx+0x4] shl eax,0x8 cdq idiv ebx mov esi,eax add esi,0xa0 mov eax,[ecx+0x8] shl eax,0x8 cdq idiv ebx push eax mov eax,0x4f pop edx sub eax,edx JUMP_007137: ; Pos = 63f6e cmp esi,0x140 ja JUMP_007138 mov word [ecx+0x24],0x2 jmp short JUMP_007140 JUMP_007138: ; Pos = 63f7e mov dx,0x1 test esi,esi jl JUMP_007139 add edx,byte +0x3 JUMP_007139: ; Pos = 63f89 mov [ecx+0x24],dx JUMP_007140: ; Pos = 63f8d cmp eax,0x9e jnc JUMP_007141 mov word [ecx+0x26],0x2 jmp short JUMP_007143 JUMP_007141: ; Pos = 63f9c mov dx,0x1 test eax,eax jl JUMP_007142 add edx,byte +0x3 JUMP_007142: ; Pos = 63fa7 mov [ecx+0x26],dx JUMP_007143: ; Pos = 63fab mov [ecx],si mov [ecx+0x2],ax JUMP_007144: ; Pos = 63fb2 pop esi pop ebx pop ebp ret nop nop FUNC_001848: ; Pos = 63fb8 push ebp mov ebp,esp mov eax,[ebp+0x8] cmp dword [eax+0x4],byte +0x0 jnz JUMP_007145 mov word [eax+0x24],0x2 jmp short JUMP_007147 JUMP_007145: ; Pos = 63fcc mov dx,0x1 cmp dword [eax+0x4],byte +0x0 jl JUMP_007146 add edx,byte +0x3 JUMP_007146: ; Pos = 63fd9 mov [eax+0x24],dx JUMP_007147: ; Pos = 63fdd cmp dword [eax+0x8],byte +0x0 jnz JUMP_007148 mov word [eax+0x26],0x2 pop ebp ret JUMP_007148: ; Pos = 63feb mov dx,0x1 cmp dword [eax+0x8],byte +0x0 jl JUMP_007149 add edx,byte +0x3 JUMP_007149: ; Pos = 63ff8 mov [eax+0x26],dx pop ebp ret nop nop FUNC_001849: ; Pos = 64000 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[edi+0x8] test eax,eax jnz near JUMP_007157 call FUNC_001818 mov [edi+0x8],eax mov ebx,eax cmp esi,[edi] jnz JUMP_007150 call FUNC_001820 mov [edi+0x4],eax mov [eax],esi call FUNC_001820 mov [edi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007151 JUMP_007150: ; Pos = 64041 call FUNC_001820 mov [edi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [edi+0xc],eax mov [eax],esi JUMP_007151: ; Pos = 64058 mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x28] mov edx,[ebp+0x10] add eax,[edx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x28],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x2c] mov edx,[ebp+0x10] add eax,[edx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x2c],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x30] mov edx,[ebp+0x10] add eax,[edx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x30],eax mov eax,[ebp+0x18] mov edi,[eax*4+DATA_007839] mov eax,[ebp+0x18] cmp eax,[esi+0x44] jng near JUMP_007155 mov eax,[ebp+0x18] mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007155 mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007152 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007153 JUMP_007152: ; Pos = 64116 push ebx call near [DATA_009282] pop ecx jmp JUMP_007156 JUMP_007153: ; Pos = 64123 movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007154 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0x4],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0x8],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0x4] shl edx,0x4 lea ecx,[edx+DATA_007854] mov esi,[ebp-0x8] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007855 mov ecx,[ebp-0x8] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007154: ; Pos = 641e3 movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp short JUMP_007156 JUMP_007155: ; Pos = 64204 push edi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push edi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push edi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007156: ; Pos = 64263 push ebx call FUNC_001829 pop ecx JUMP_007157: ; Pos = 6426a pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret nop nop nop FUNC_001850: ; Pos = 64274 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[edi+0x8] test eax,eax jnz near JUMP_007165 call FUNC_001818 mov [edi+0x8],eax mov ebx,eax cmp esi,[edi] jnz JUMP_007158 call FUNC_001820 mov [edi+0x4],eax mov [eax],esi call FUNC_001820 mov [edi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007159 JUMP_007158: ; Pos = 642b5 call FUNC_001820 mov [edi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [edi+0xc],eax mov [eax],esi JUMP_007159: ; Pos = 642cc mov eax,[esi+0x28] mov [ebx+0x28],eax mov eax,[esi+0x2c] mov [ebx+0x2c],eax mov eax,[esi+0x30] mov [ebx+0x30],eax xor edi,edi mov eax,[ebp+0x18] cmp eax,[esi+0x44] jng near JUMP_007163 mov eax,[ebp+0x18] mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007163 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007160 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007161 JUMP_007160: ; Pos = 64342 push ebx call near [DATA_009282] pop ecx jmp JUMP_007164 JUMP_007161: ; Pos = 6434f movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007162 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0x8],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0xc],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0x8] shl edx,0x4 lea ecx,[edx+DATA_007856] mov esi,[ebp-0xc] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007857 mov ecx,[ebp-0xc] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007162: ; Pos = 6440f movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp JUMP_007164 JUMP_007163: ; Pos = 64433 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebp-0x4],eax mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] mov eax,[eax+0x3c] push eax mov eax,[esi+0x3c] push eax call FUNC_001846 add esp,byte +0xc add eax,[ebp-0x4] mov [ebx+0x3c],eax push edi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push edi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push edi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007164: ; Pos = 644bd push ebx call FUNC_001829 pop ecx JUMP_007165: ; Pos = 644c4 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_001851: ; Pos = 644cc push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[edi+0x8] test eax,eax jnz near JUMP_007175 call FUNC_001818 mov [edi+0x8],eax mov ebx,eax cmp esi,[edi] jnz JUMP_007166 call FUNC_001820 mov [edi+0x4],eax mov [eax],esi call FUNC_001820 mov [edi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007167 JUMP_007166: ; Pos = 6450d call FUNC_001820 mov [edi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [edi+0xc],eax mov [eax],esi JUMP_007167: ; Pos = 64524 mov eax,[esi+0x28] mov [ebx+0x28],eax mov eax,[esi+0x2c] mov [ebx+0x2c],eax mov eax,[esi+0x30] mov [ebx+0x30],eax xor edi,edi mov eax,[esi+0x3c] dec eax mov edx,[ebp+0x10] mov edx,[edx+0x3c] dec edx xor eax,edx jnl JUMP_007168 mov eax,[ebp+0x18] dec eax jmp short JUMP_007169 JUMP_007168: ; Pos = 6454d mov eax,[ebp+0x18] JUMP_007169: ; Pos = 64550 cmp eax,[esi+0x44] jng near JUMP_007173 mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007173 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007170 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007171 JUMP_007170: ; Pos = 645ac push ebx call near [DATA_009282] pop ecx jmp JUMP_007174 JUMP_007171: ; Pos = 645b9 movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007172 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0x4],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0x8],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0x4] shl edx,0x4 lea ecx,[edx+DATA_007858] mov esi,[ebp-0x8] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007859 mov ecx,[ebp-0x8] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007172: ; Pos = 64679 movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp JUMP_007174 JUMP_007173: ; Pos = 6469d mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] mov eax,[eax+0x3c] push eax mov eax,[esi+0x3c] push eax call FUNC_001846 add esp,byte +0xc mov edx,[esi+0x3c] mov ecx,[ebp+0x10] add edx,[ecx+0x3c] sar edx,1 add eax,edx mov [ebx+0x3c],eax push edi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push edi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push edi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007174: ; Pos = 64723 push ebx call FUNC_001829 pop ecx JUMP_007175: ; Pos = 6472a pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret nop nop nop FUNC_001852: ; Pos = 64734 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[edi+0x8] test eax,eax jnz near JUMP_007183 call FUNC_001818 mov [edi+0x8],eax mov ebx,eax cmp esi,[edi] jnz JUMP_007176 call FUNC_001820 mov [edi+0x4],eax mov [eax],esi call FUNC_001820 mov [edi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007177 JUMP_007176: ; Pos = 64775 call FUNC_001820 mov [edi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [edi+0xc],eax mov [eax],esi JUMP_007177: ; Pos = 6478c mov eax,[esi+0x28] mov [ebx+0x28],eax mov eax,[esi+0x2c] mov [ebx+0x2c],eax mov eax,[esi+0x30] mov [ebx+0x30],eax xor eax,eax mov [ebp-0x4],eax mov eax,[ebp+0x18] cmp eax,[esi+0x44] jng near JUMP_007181 mov eax,[ebp+0x18] mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007181 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007178 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007179 JUMP_007178: ; Pos = 64805 push ebx call near [DATA_009282] pop ecx jmp JUMP_007182 JUMP_007179: ; Pos = 64812 movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007180 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0x8],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0xc],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0x8] shl edx,0x4 lea ecx,[edx+DATA_007860] mov esi,[ebp-0xc] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007861 mov ecx,[ebp-0xc] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007180: ; Pos = 648d2 movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp JUMP_007182 JUMP_007181: ; Pos = 648f6 mov edi,[esi+0x3c] mov eax,[ebp+0x10] add edi,[eax+0x3c] sar edi,1 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] mov eax,[eax+0x3c] push eax mov eax,[esi+0x3c] push eax call FUNC_001846 add esp,byte +0xc add eax,edi mov [ebx+0x3c],eax mov eax,[ebx+0x3c] sub eax,edi sar eax,0x3 add eax,[ebp-0x4] mov edi,eax push edi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push edi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push edi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007182: ; Pos = 64989 push ebx call FUNC_001829 pop ecx JUMP_007183: ; Pos = 64990 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_001853: ; Pos = 64998 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[edi+0x8] test eax,eax jnz near JUMP_007198 call FUNC_001818 mov [edi+0x8],eax mov ebx,eax cmp esi,[edi] jnz JUMP_007184 call FUNC_001820 mov [edi+0x4],eax mov [eax],esi call FUNC_001820 mov [edi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007185 JUMP_007184: ; Pos = 649d9 call FUNC_001820 mov [edi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [edi+0xc],eax mov [eax],esi JUMP_007185: ; Pos = 649f0 mov eax,[esi+0x28] mov [ebx+0x28],eax mov eax,[esi+0x2c] mov [ebx+0x2c],eax mov eax,[esi+0x30] mov [ebx+0x30],eax xor edi,edi mov eax,[esi+0x3c] dec eax mov edx,[ebp+0x10] mov edx,[edx+0x3c] dec edx xor eax,edx jnl JUMP_007186 mov eax,[ebp+0x18] dec eax jmp short JUMP_007187 JUMP_007186: ; Pos = 64a19 mov eax,[ebp+0x18] JUMP_007187: ; Pos = 64a1c cmp eax,[esi+0x44] jng near JUMP_007194 mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007194 mov eax,[esi+0x40] test eax,eax jnz JUMP_007188 mov edx,[ebp+0x10] cmp dword [edx+0x40],byte +0x0 jz JUMP_007189 JUMP_007188: ; Pos = 64a41 mov edx,[ebp+0x10] add eax,[edx+0x40] sar eax,1 mov [ebx+0x40],eax mov [ebx+0x3c],eax jmp short JUMP_007190 JUMP_007189: ; Pos = 64a51 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax xor eax,eax mov [ebx+0x40],eax JUMP_007190: ; Pos = 64a64 mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007191 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007192 JUMP_007191: ; Pos = 64a9d push ebx call near [DATA_009282] pop ecx jmp JUMP_007197 JUMP_007192: ; Pos = 64aaa movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007193 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0x4],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0x8],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0x4] shl edx,0x4 lea ecx,[edx+DATA_007862] mov esi,[ebp-0x8] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007863 mov ecx,[ebp-0x8] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007193: ; Pos = 64b6a movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp JUMP_007197 JUMP_007194: ; Pos = 64b8e mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] mov eax,[eax+0x3c] push eax mov eax,[esi+0x3c] push eax call FUNC_001846 add esp,byte +0xc mov edx,[esi+0x3c] mov ecx,[ebp+0x10] add edx,[ecx+0x3c] sar edx,1 add eax,edx mov [ebx+0x3c],eax cmp dword [ebx+0x3c],byte +0x0 jl JUMP_007195 mov eax,[ebx+0x3c] jmp short JUMP_007196 JUMP_007195: ; Pos = 64bc0 xor eax,eax JUMP_007196: ; Pos = 64bc2 mov [ebx+0x40],eax mov edx,[esi+0x40] mov ecx,[ebp+0x10] add edx,[ecx+0x40] sar edx,1 sub eax,edx sar eax,0x3 add edi,eax push edi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push edi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push edi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007197: ; Pos = 64c36 push ebx call FUNC_001829 pop ecx JUMP_007198: ; Pos = 64c3d pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret FUNC_001854: ; Pos = 64c44 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov edi,[ebp+0x18] mov esi,[ebp+0xc] mov eax,[ebp+0x8] mov eax,[eax+0x8] test eax,eax jnz near JUMP_007206 call FUNC_001818 mov edx,[ebp+0x8] mov [edx+0x8],eax mov ebx,eax mov eax,[ebp+0x8] cmp esi,[eax] jnz JUMP_007199 call FUNC_001820 mov edx,[ebp+0x8] mov [edx+0x4],eax mov [eax],esi call FUNC_001820 mov edx,[ebp+0x8] mov [edx+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007200 JUMP_007199: ; Pos = 64c94 call FUNC_001820 mov edx,[ebp+0x8] mov [edx+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov edx,[ebp+0x8] mov [edx+0xc],eax mov [eax],esi JUMP_007200: ; Pos = 64cb1 mov eax,[edi*4+DATA_007840] push eax mov eax,[esi+0x28] mov edx,[ebp+0x10] add eax,[edx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x28],eax mov eax,[edi*4+DATA_007840] push eax mov eax,[esi+0x2c] mov edx,[ebp+0x10] add eax,[edx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x2c],eax mov eax,[edi*4+DATA_007840] push eax mov eax,[esi+0x30] mov edx,[ebp+0x10] add eax,[edx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x30],eax mov eax,[edi*4+DATA_007839] mov [ebp-0x4],eax cmp edi,[esi+0x44] jng near JUMP_007204 mov eax,[ebp+0x10] cmp edi,[eax+0x44] jng near JUMP_007204 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007201 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007202 JUMP_007201: ; Pos = 64d6e push ebx call near [DATA_009282] pop ecx jmp JUMP_007205 JUMP_007202: ; Pos = 64d7b movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007203 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0xc],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0x10],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0xc] shl edx,0x4 lea ecx,[edx+DATA_007864] mov esi,[ebp-0x10] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007865 mov ecx,[ebp-0x10] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007203: ; Pos = 64e3b movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp JUMP_007205 JUMP_007204: ; Pos = 64e5f mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebp-0x8],eax push edi mov eax,[ebp+0x10] mov eax,[eax+0x3c] push eax mov eax,[esi+0x3c] push eax call FUNC_001846 add esp,byte +0xc add eax,[ebp-0x8] mov [ebx+0x3c],eax mov eax,[ebp-0x4] push eax mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax mov eax,[ebp-0x4] push eax mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax mov eax,[ebp-0x4] push eax mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007205: ; Pos = 64eef push ebx call FUNC_001829 pop ecx JUMP_007206: ; Pos = 64ef6 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001855: ; Pos = 64f00 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[edi+0x8] test eax,eax jnz near JUMP_007216 call FUNC_001818 mov [edi+0x8],eax mov ebx,eax cmp esi,[edi] jnz JUMP_007207 call FUNC_001820 mov [edi+0x4],eax mov [eax],esi call FUNC_001820 mov [edi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007208 JUMP_007207: ; Pos = 64f41 call FUNC_001820 mov [edi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [edi+0xc],eax mov [eax],esi JUMP_007208: ; Pos = 64f58 mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x28] mov edx,[ebp+0x10] add eax,[edx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x28],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x2c] mov edx,[ebp+0x10] add eax,[edx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x2c],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x30] mov edx,[ebp+0x10] add eax,[edx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x30],eax mov eax,[ebp+0x18] mov edi,[eax*4+DATA_007839] mov eax,[esi+0x3c] dec eax mov edx,[ebp+0x10] mov edx,[edx+0x3c] dec edx xor eax,edx jnl JUMP_007209 mov eax,[ebp+0x18] dec eax jmp short JUMP_007210 JUMP_007209: ; Pos = 64fd7 mov eax,[ebp+0x18] JUMP_007210: ; Pos = 64fda cmp eax,[esi+0x44] jng near JUMP_007214 mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007214 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007211 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007212 JUMP_007211: ; Pos = 65036 push ebx call near [DATA_009282] pop ecx jmp JUMP_007215 JUMP_007212: ; Pos = 65043 movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007213 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0x4],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0x8],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0x4] shl edx,0x4 lea ecx,[edx+DATA_007866] mov esi,[ebp-0x8] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007867 mov ecx,[ebp-0x8] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007213: ; Pos = 65103 movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp JUMP_007215 JUMP_007214: ; Pos = 65127 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] mov eax,[eax+0x3c] push eax mov eax,[esi+0x3c] push eax call FUNC_001846 add esp,byte +0xc mov edx,[esi+0x3c] mov ecx,[ebp+0x10] add edx,[ecx+0x3c] sar edx,1 add eax,edx mov [ebx+0x3c],eax push edi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push edi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push edi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007215: ; Pos = 651ad push ebx call FUNC_001829 pop ecx JUMP_007216: ; Pos = 651b4 pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret nop FUNC_001856: ; Pos = 651bc push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov edi,[ebp+0x18] mov esi,[ebp+0xc] mov eax,[ebp+0x8] mov eax,[eax+0x8] test eax,eax jnz near JUMP_007224 call FUNC_001818 mov edx,[ebp+0x8] mov [edx+0x8],eax mov ebx,eax mov eax,[ebp+0x8] cmp esi,[eax] jnz JUMP_007217 call FUNC_001820 mov edx,[ebp+0x8] mov [edx+0x4],eax mov [eax],esi call FUNC_001820 mov edx,[ebp+0x8] mov [edx+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007218 JUMP_007217: ; Pos = 6520c call FUNC_001820 mov edx,[ebp+0x8] mov [edx+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov edx,[ebp+0x8] mov [edx+0xc],eax mov [eax],esi JUMP_007218: ; Pos = 65229 mov eax,[edi*4+DATA_007840] push eax mov eax,[esi+0x28] mov edx,[ebp+0x10] add eax,[edx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x28],eax mov eax,[edi*4+DATA_007840] push eax mov eax,[esi+0x2c] mov edx,[ebp+0x10] add eax,[edx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x2c],eax mov eax,[edi*4+DATA_007840] push eax mov eax,[esi+0x30] mov edx,[ebp+0x10] add eax,[edx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x30],eax mov eax,[edi*4+DATA_007839] mov [ebp-0x4],eax cmp edi,[esi+0x44] jng near JUMP_007222 mov eax,[ebp+0x10] cmp edi,[eax+0x44] jng near JUMP_007222 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007219 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007220 JUMP_007219: ; Pos = 652e6 push ebx call near [DATA_009282] pop ecx jmp JUMP_007223 JUMP_007220: ; Pos = 652f3 movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007221 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0xc],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0x10],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0xc] shl edx,0x4 lea ecx,[edx+DATA_007868] mov esi,[ebp-0x10] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007869 mov ecx,[ebp-0x10] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007221: ; Pos = 653b3 movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp JUMP_007223 JUMP_007222: ; Pos = 653d7 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebp-0x8],eax push edi mov eax,[ebp+0x10] mov eax,[eax+0x3c] push eax mov eax,[esi+0x3c] push eax call FUNC_001846 add esp,byte +0xc add eax,[ebp-0x8] mov [ebx+0x3c],eax mov eax,[ebx+0x3c] sub eax,[ebp-0x8] sar eax,0x3 add eax,[ebp-0x4] mov [ebp-0x8],eax mov eax,[ebp-0x8] push eax mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax mov eax,[ebp-0x8] push eax mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax mov eax,[ebp-0x8] push eax mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007223: ; Pos = 65476 push ebx call FUNC_001829 pop ecx JUMP_007224: ; Pos = 6547d pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001857: ; Pos = 65484 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[edi+0x8] test eax,eax jnz near JUMP_007239 call FUNC_001818 mov [edi+0x8],eax mov ebx,eax cmp esi,[edi] jnz JUMP_007225 call FUNC_001820 mov [edi+0x4],eax mov [eax],esi call FUNC_001820 mov [edi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007226 JUMP_007225: ; Pos = 654c5 call FUNC_001820 mov [edi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [edi+0xc],eax mov [eax],esi JUMP_007226: ; Pos = 654dc mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x28] mov edx,[ebp+0x10] add eax,[edx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x28],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x2c] mov edx,[ebp+0x10] add eax,[edx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x2c],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x30] mov edx,[ebp+0x10] add eax,[edx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x30],eax mov eax,[ebp+0x18] mov edi,[eax*4+DATA_007839] mov eax,[esi+0x3c] dec eax mov edx,[ebp+0x10] mov edx,[edx+0x3c] dec edx xor eax,edx jnl JUMP_007227 mov eax,[ebp+0x18] dec eax jmp short JUMP_007228 JUMP_007227: ; Pos = 6555b mov eax,[ebp+0x18] JUMP_007228: ; Pos = 6555e cmp eax,[esi+0x44] jng near JUMP_007235 mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007235 mov eax,[esi+0x40] test eax,eax jnz JUMP_007229 mov edx,[ebp+0x10] cmp dword [edx+0x40],byte +0x0 jz JUMP_007230 JUMP_007229: ; Pos = 65583 mov edx,[ebp+0x10] add eax,[edx+0x40] sar eax,1 mov [ebx+0x40],eax mov [ebx+0x3c],eax jmp short JUMP_007231 JUMP_007230: ; Pos = 65593 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax xor eax,eax mov [ebx+0x40],eax JUMP_007231: ; Pos = 655a6 mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007232 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007233 JUMP_007232: ; Pos = 655df push ebx call near [DATA_009282] pop ecx jmp JUMP_007238 JUMP_007233: ; Pos = 655ec movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007234 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0x4],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0x8],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0x4] shl edx,0x4 lea ecx,[edx+DATA_007870] mov esi,[ebp-0x8] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007871 mov ecx,[ebp-0x8] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007234: ; Pos = 656ac movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp JUMP_007238 JUMP_007235: ; Pos = 656d0 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] mov eax,[eax+0x3c] push eax mov eax,[esi+0x3c] push eax call FUNC_001846 add esp,byte +0xc mov edx,[esi+0x3c] mov ecx,[ebp+0x10] add edx,[ecx+0x3c] sar edx,1 add eax,edx mov [ebx+0x3c],eax cmp dword [ebx+0x3c],byte +0x0 jl JUMP_007236 mov eax,[ebx+0x3c] jmp short JUMP_007237 JUMP_007236: ; Pos = 65702 xor eax,eax JUMP_007237: ; Pos = 65704 mov [ebx+0x40],eax mov edx,[esi+0x40] mov ecx,[ebp+0x10] add edx,[ecx+0x40] sar edx,1 sub eax,edx sar eax,0x3 add edi,eax push edi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push edi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push edi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007238: ; Pos = 65778 push ebx call FUNC_001829 pop ecx JUMP_007239: ; Pos = 6577f pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret nop nop FUNC_001858: ; Pos = 65788 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx+0x8] test eax,eax jz JUMP_007242 mov [ebp-0x4],eax xor esi,esi mov eax,[ebp-0x4] lea ecx,[eax+0x34] mov eax,[ebp+0x10] lea edx,[eax+0x34] mov eax,[ebp+0xc] add eax,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0xc],ebx JUMP_007240: ; Pos = 657bf mov ebx,[ebp-0xc] cmp dword [ebx],byte +0x0 jz JUMP_007241 movsx ebx,word [eax] movsx edi,word [edx] add ebx,edi sar ebx,1 mov [ecx],bx movsx ebx,word [eax+0x2] movsx edi,word [edx+0x2] add ebx,edi sar ebx,1 mov [ecx+0x2],bx JUMP_007241: ; Pos = 657e4 inc esi add ecx,byte +0x4 add edx,byte +0x4 add eax,byte +0x4 add dword [ebp-0xc],0x100 cmp esi,byte +0x2 jl JUMP_007240 jmp JUMP_007255 JUMP_007242: ; Pos = 657ff call FUNC_001818 mov [ebx+0x8],eax mov [ebp-0x4],eax mov eax,[ebx] cmp eax,[ebp+0xc] jnz JUMP_007243 call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0xc] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007244 JUMP_007243: ; Pos = 6582d call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0xc] mov [eax],edx JUMP_007244: ; Pos = 65847 xor esi,esi mov eax,[ebp-0x4] lea edx,[eax+0x34] mov eax,[ebp+0x10] add eax,byte +0x34 mov ecx,[ebp+0xc] add ecx,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x10],ebx JUMP_007245: ; Pos = 65868 mov ebx,[ebp-0x10] cmp dword [ebx],byte +0x0 jz JUMP_007246 movsx ebx,word [ecx] movsx edi,word [eax] add ebx,edi sar ebx,1 mov [edx],bx movsx ebx,word [ecx+0x2] movsx edi,word [eax+0x2] add ebx,edi sar ebx,1 mov [edx+0x2],bx JUMP_007246: ; Pos = 6588d inc esi add edx,byte +0x4 add eax,byte +0x4 add ecx,byte +0x4 add dword [ebp-0x10],0x100 cmp esi,byte +0x2 jl JUMP_007245 mov eax,[ebp+0xc] mov edx,[ebp-0x4] mov ecx,[eax+0x28] mov [edx+0x28],ecx mov ecx,[eax+0x2c] mov [edx+0x2c],ecx mov ecx,[eax+0x30] mov [edx+0x30],ecx xor eax,eax mov [ebp-0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0x44] cmp eax,[ebp+0x18] jnl near JUMP_007250 mov eax,[ebp+0x10] mov eax,[eax+0x44] cmp eax,[ebp+0x18] jnl near JUMP_007250 mov eax,[ebp+0xc] mov eax,[eax+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x3c],eax mov eax,[ebp+0xc] mov eax,[eax+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov edx,[ebp-0x4] mov [edx+0xc],eax mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl JUMP_007247 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007248 JUMP_007247: ; Pos = 65940 mov eax,[ebp-0x4] push eax call near [DATA_009282] pop ecx jmp JUMP_007254 JUMP_007248: ; Pos = 65950 mov eax,[ebp+0xc] movsx eax,word [eax] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov edx,[ebp-0x4] mov [edx],ax mov eax,[ebp+0xc] movsx eax,word [eax+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov edx,[ebp-0x4] mov [edx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007249 mov eax,[ebp+0xc] mov ax,[eax+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov edx,[ebp+0xc] mov dx,[edx] mov ecx,[ebp+0x10] cmp dx,[ecx] setg dl and edx,byte +0x1 mov ecx,[ebp+0x14] movsx ecx,word [ecx] mov ebx,[ebp+0xc] movsx ebx,word [ebx] sub ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx+0x2] mov esi,[ebp+0xc] movsx esi,word [esi+0x2] sub ebx,esi imul ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx] mov esi,[ebp+0xc] movsx esi,word [esi] sub ebx,esi mov esi,[ebp+0x14] movsx esi,word [esi+0x2] mov edi,[ebp+0xc] movsx edi,word [edi+0x2] sub esi,edi imul ebx,esi cmp ecx,ebx setg cl and ecx,byte +0x1 mov ebx,eax shl ebx,0x4 add ebx,DATA_007872 lea ebx,[ebx+edx*8] mov bx,[ebx+ecx*4] mov esi,[ebp-0x4] add [esi],bx shl eax,0x4 add eax,DATA_007873 lea eax,[eax+edx*8] mov ax,[eax+ecx*4] mov edx,[ebp-0x4] add [edx+0x2],ax JUMP_007249: ; Pos = 65a2a mov eax,[ebp-0x4] movsx eax,word [eax] push eax call near [DATA_009280] pop ecx mov edx,[ebp-0x4] mov [edx+0x24],ax mov eax,[ebp-0x4] movsx eax,word [eax+0x2] push eax call near [DATA_009281] pop ecx mov edx,[ebp-0x4] mov [edx+0x26],ax jmp JUMP_007254 JUMP_007250: ; Pos = 65a5a mov eax,[ebp+0xc] mov ebx,[eax+0x3c] mov edi,ebx mov eax,[ebp+0x10] mov esi,[eax+0x3c] add edi,esi sar edi,1 mov eax,[ebp+0x18] push eax push esi push ebx call FUNC_001846 add esp,byte +0xc add edi,eax mov eax,[ebp-0x4] mov [eax+0x3c],edi xor esi,esi mov eax,[ebp-0x4] add eax,byte +0x34 mov edx,[ebp+0x18] lea edx,[edx*8+DATA_009260] JUMP_007251: ; Pos = 65a94 cmp dword [edx],byte +0x0 jz JUMP_007253 movsx ecx,word [eax] cmp ecx,0x80 jnc JUMP_007253 movsx ecx,word [eax+0x2] cmp ecx,0x80 jnc JUMP_007253 mov ecx,[ebp-0x4] sar dword [ecx+0x3c],0x7 movsx ecx,word [eax] movsx ebx,word [eax+0x2] shl ebx,0x7 add ecx,ebx cmp dword [edx+0x4],byte +0x0 jz JUMP_007252 mov ebx,[edx+0x4] movzx ebx,byte [ebx+ecx] mov edi,[ebp-0x4] imul ebx,[edi+0x3c] mov [edi+0x3c],ebx JUMP_007252: ; Pos = 65ada mov ebx,[edx] movsx ecx,byte [ebx+ecx] shl ecx,0x15 mov ebx,[ebp-0x4] add [ebx+0x3c],ecx JUMP_007253: ; Pos = 65ae9 inc esi add eax,byte +0x4 add edx,0x100 cmp esi,byte +0x2 jl JUMP_007251 mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0x4],eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0x8],eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0xc],eax mov eax,[ebp-0x4] push eax call near [DATA_009282] pop ecx JUMP_007254: ; Pos = 65b7e mov eax,[ebp-0x4] push eax call FUNC_001829 pop ecx JUMP_007255: ; Pos = 65b88 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_001859: ; Pos = 65b90 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx+0x8] test eax,eax jz JUMP_007258 mov [ebp-0x4],eax xor esi,esi mov eax,[ebp-0x4] lea ecx,[eax+0x34] mov eax,[ebp+0x10] lea edx,[eax+0x34] mov eax,[ebp+0xc] add eax,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x10],ebx JUMP_007256: ; Pos = 65bc7 mov ebx,[ebp-0x10] cmp dword [ebx],byte +0x0 jz JUMP_007257 movsx ebx,word [eax] movsx edi,word [edx] add ebx,edi sar ebx,1 mov [ecx],bx movsx ebx,word [eax+0x2] movsx edi,word [edx+0x2] add ebx,edi sar ebx,1 mov [ecx+0x2],bx JUMP_007257: ; Pos = 65bec inc esi add ecx,byte +0x4 add edx,byte +0x4 add eax,byte +0x4 add dword [ebp-0x10],0x100 cmp esi,byte +0x2 jl JUMP_007256 jmp JUMP_007273 JUMP_007258: ; Pos = 65c07 call FUNC_001818 mov [ebx+0x8],eax mov [ebp-0x4],eax mov eax,[ebx] cmp eax,[ebp+0xc] jnz JUMP_007259 call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0xc] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007260 JUMP_007259: ; Pos = 65c35 call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0xc] mov [eax],edx JUMP_007260: ; Pos = 65c4f xor esi,esi mov eax,[ebp-0x4] lea edx,[eax+0x34] mov eax,[ebp+0x10] add eax,byte +0x34 mov ecx,[ebp+0xc] add ecx,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x14],ebx JUMP_007261: ; Pos = 65c70 mov ebx,[ebp-0x14] cmp dword [ebx],byte +0x0 jz JUMP_007262 movsx ebx,word [ecx] movsx edi,word [eax] add ebx,edi sar ebx,1 mov [edx],bx movsx ebx,word [ecx+0x2] movsx edi,word [eax+0x2] add ebx,edi sar ebx,1 mov [edx+0x2],bx JUMP_007262: ; Pos = 65c95 inc esi add edx,byte +0x4 add eax,byte +0x4 add ecx,byte +0x4 add dword [ebp-0x14],0x100 cmp esi,byte +0x2 jl JUMP_007261 mov eax,[ebp+0xc] mov edx,[ebp-0x4] mov ecx,[eax+0x28] mov [edx+0x28],ecx mov ecx,[eax+0x2c] mov [edx+0x2c],ecx mov ecx,[eax+0x30] mov [edx+0x30],ecx xor eax,eax mov [ebp-0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0x3c] dec eax mov edx,[ebp+0x10] mov edx,[edx+0x3c] dec edx xor eax,edx jnl JUMP_007263 mov eax,[ebp+0x18] dec eax jmp short JUMP_007264 JUMP_007263: ; Pos = 65ce0 mov eax,[ebp+0x18] JUMP_007264: ; Pos = 65ce3 mov edx,[ebp+0xc] cmp eax,[edx+0x44] jng near JUMP_007268 mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007268 mov eax,[ebp+0xc] mov eax,[eax+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x3c],eax mov eax,[ebp+0xc] mov eax,[eax+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov edx,[ebp-0x4] mov [edx+0xc],eax mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl JUMP_007265 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007266 JUMP_007265: ; Pos = 65d5d mov eax,[ebp-0x4] push eax call near [DATA_009282] pop ecx jmp JUMP_007272 JUMP_007266: ; Pos = 65d6d mov eax,[ebp+0xc] movsx eax,word [eax] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov edx,[ebp-0x4] mov [edx],ax mov eax,[ebp+0xc] movsx eax,word [eax+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov edx,[ebp-0x4] mov [edx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007267 mov eax,[ebp+0xc] mov ax,[eax+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov edx,[ebp+0xc] mov dx,[edx] mov ecx,[ebp+0x10] cmp dx,[ecx] setg dl and edx,byte +0x1 mov ecx,[ebp+0x14] movsx ecx,word [ecx] mov ebx,[ebp+0xc] movsx ebx,word [ebx] sub ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx+0x2] mov esi,[ebp+0xc] movsx esi,word [esi+0x2] sub ebx,esi imul ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx] mov esi,[ebp+0xc] movsx esi,word [esi] sub ebx,esi mov esi,[ebp+0x14] movsx esi,word [esi+0x2] mov edi,[ebp+0xc] movsx edi,word [edi+0x2] sub esi,edi imul ebx,esi cmp ecx,ebx setg cl and ecx,byte +0x1 mov ebx,eax shl ebx,0x4 add ebx,DATA_007874 lea ebx,[ebx+edx*8] mov bx,[ebx+ecx*4] mov esi,[ebp-0x4] add [esi],bx shl eax,0x4 add eax,DATA_007875 lea eax,[eax+edx*8] mov ax,[eax+ecx*4] mov edx,[ebp-0x4] add [edx+0x2],ax JUMP_007267: ; Pos = 65e47 mov eax,[ebp-0x4] movsx eax,word [eax] push eax call near [DATA_009280] pop ecx mov edx,[ebp-0x4] mov [edx+0x24],ax mov eax,[ebp-0x4] movsx eax,word [eax+0x2] push eax call near [DATA_009281] pop ecx mov edx,[ebp-0x4] mov [edx+0x26],ax jmp JUMP_007272 JUMP_007268: ; Pos = 65e77 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] mov edi,[eax+0x3c] push edi mov eax,[ebp+0xc] mov esi,[eax+0x3c] push esi call FUNC_001846 add esp,byte +0xc add esi,edi sar esi,1 add eax,esi mov edx,[ebp-0x4] mov [edx+0x3c],eax xor esi,esi mov eax,[ebp-0x4] add eax,byte +0x34 mov edx,[ebp+0x18] lea edx,[edx*8+DATA_009260] JUMP_007269: ; Pos = 65eaf cmp dword [edx],byte +0x0 jz JUMP_007271 movsx ecx,word [eax] cmp ecx,0x80 jnc JUMP_007271 movsx ecx,word [eax+0x2] cmp ecx,0x80 jnc JUMP_007271 mov ecx,[ebp-0x4] sar dword [ecx+0x3c],0x7 movsx ecx,word [eax] movsx ebx,word [eax+0x2] shl ebx,0x7 add ecx,ebx cmp dword [edx+0x4],byte +0x0 jz JUMP_007270 mov ebx,[edx+0x4] movzx ebx,byte [ebx+ecx] mov edi,[ebp-0x4] imul ebx,[edi+0x3c] mov [edi+0x3c],ebx JUMP_007270: ; Pos = 65ef5 mov ebx,[edx] movsx ecx,byte [ebx+ecx] shl ecx,0x15 mov ebx,[ebp-0x4] add [ebx+0x3c],ecx JUMP_007271: ; Pos = 65f04 inc esi add eax,byte +0x4 add edx,0x100 cmp esi,byte +0x2 jl JUMP_007269 mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0x4],eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0x8],eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0xc],eax mov eax,[ebp-0x4] push eax call near [DATA_009282] pop ecx JUMP_007272: ; Pos = 65f99 mov eax,[ebp-0x4] push eax call FUNC_001829 pop ecx JUMP_007273: ; Pos = 65fa3 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop FUNC_001860: ; Pos = 65fac push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx+0x8] test eax,eax jz JUMP_007276 mov [ebp-0x8],eax xor esi,esi mov eax,[ebp-0x8] lea ecx,[eax+0x34] mov eax,[ebp+0x10] lea edx,[eax+0x34] mov eax,[ebp+0xc] add eax,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x10],ebx JUMP_007274: ; Pos = 65fe3 mov ebx,[ebp-0x10] cmp dword [ebx],byte +0x0 jz JUMP_007275 movsx ebx,word [eax] movsx edi,word [edx] add ebx,edi sar ebx,1 mov [ecx],bx movsx ebx,word [eax+0x2] movsx edi,word [edx+0x2] add ebx,edi sar ebx,1 mov [ecx+0x2],bx JUMP_007275: ; Pos = 66008 inc esi add ecx,byte +0x4 add edx,byte +0x4 add eax,byte +0x4 add dword [ebp-0x10],0x100 cmp esi,byte +0x2 jl JUMP_007274 jmp JUMP_007289 JUMP_007276: ; Pos = 66023 call FUNC_001818 mov [ebx+0x8],eax mov [ebp-0x8],eax mov eax,[ebx] cmp eax,[ebp+0xc] jnz JUMP_007277 call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0xc] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007278 JUMP_007277: ; Pos = 66051 call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0xc] mov [eax],edx JUMP_007278: ; Pos = 6606b xor esi,esi mov eax,[ebp-0x8] lea edx,[eax+0x34] mov eax,[ebp+0x10] add eax,byte +0x34 mov ecx,[ebp+0xc] add ecx,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x14],ebx JUMP_007279: ; Pos = 6608c mov ebx,[ebp-0x14] cmp dword [ebx],byte +0x0 jz JUMP_007280 movsx ebx,word [ecx] movsx edi,word [eax] add ebx,edi sar ebx,1 mov [edx],bx movsx ebx,word [ecx+0x2] movsx edi,word [eax+0x2] add ebx,edi sar ebx,1 mov [edx+0x2],bx JUMP_007280: ; Pos = 660b1 inc esi add edx,byte +0x4 add eax,byte +0x4 add ecx,byte +0x4 add dword [ebp-0x14],0x100 cmp esi,byte +0x2 jl JUMP_007279 mov eax,[ebp+0xc] mov edx,[ebp-0x8] mov ecx,[eax+0x28] mov [edx+0x28],ecx mov ecx,[eax+0x2c] mov [edx+0x2c],ecx mov ecx,[eax+0x30] mov [edx+0x30],ecx xor eax,eax mov [ebp-0xc],eax mov eax,[ebp+0xc] mov eax,[eax+0x44] cmp eax,[ebp+0x18] jnl near JUMP_007284 mov eax,[ebp+0x10] mov eax,[eax+0x44] cmp eax,[ebp+0x18] jnl near JUMP_007284 mov eax,[ebp+0xc] mov eax,[eax+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov edx,[ebp-0x8] mov [edx+0x3c],eax mov eax,[ebp+0xc] mov eax,[eax+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov edx,[ebp-0x8] mov [edx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov edx,[ebp-0x8] mov [edx+0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov edx,[ebp-0x8] mov [edx+0xc],eax mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl JUMP_007281 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007282 JUMP_007281: ; Pos = 66164 mov eax,[ebp-0x8] push eax call near [DATA_009282] pop ecx jmp JUMP_007288 JUMP_007282: ; Pos = 66174 mov eax,[ebp+0xc] movsx eax,word [eax] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov edx,[ebp-0x8] mov [edx],ax mov eax,[ebp+0xc] movsx eax,word [eax+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov edx,[ebp-0x8] mov [edx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007283 mov eax,[ebp+0xc] mov ax,[eax+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov edx,[ebp+0xc] mov dx,[edx] mov ecx,[ebp+0x10] cmp dx,[ecx] setg dl and edx,byte +0x1 mov ecx,[ebp+0x14] movsx ecx,word [ecx] mov ebx,[ebp+0xc] movsx ebx,word [ebx] sub ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx+0x2] mov esi,[ebp+0xc] movsx esi,word [esi+0x2] sub ebx,esi imul ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx] mov esi,[ebp+0xc] movsx esi,word [esi] sub ebx,esi mov esi,[ebp+0x14] movsx esi,word [esi+0x2] mov edi,[ebp+0xc] movsx edi,word [edi+0x2] sub esi,edi imul ebx,esi cmp ecx,ebx setg cl and ecx,byte +0x1 mov ebx,eax shl ebx,0x4 add ebx,DATA_007876 lea ebx,[ebx+edx*8] mov bx,[ebx+ecx*4] mov esi,[ebp-0x8] add [esi],bx shl eax,0x4 add eax,DATA_007877 lea eax,[eax+edx*8] mov ax,[eax+ecx*4] mov edx,[ebp-0x8] add [edx+0x2],ax JUMP_007283: ; Pos = 6624e mov eax,[ebp-0x8] movsx eax,word [eax] push eax call near [DATA_009280] pop ecx mov edx,[ebp-0x8] mov [edx+0x24],ax mov eax,[ebp-0x8] movsx eax,word [eax+0x2] push eax call near [DATA_009281] pop ecx mov edx,[ebp-0x8] mov [edx+0x26],ax jmp JUMP_007288 JUMP_007284: ; Pos = 6627e mov eax,[ebp+0xc] mov esi,[eax+0x3c] mov ebx,esi mov eax,[ebp+0x10] mov edi,[eax+0x3c] add ebx,edi sar ebx,1 mov eax,[ebp+0x18] push eax push edi push esi call FUNC_001846 add esp,byte +0xc add eax,ebx mov edx,[ebp-0x8] mov [edx+0x3c],eax xor esi,esi mov eax,[ebp-0x8] add eax,byte +0x34 mov edx,[ebp+0x18] lea edx,[edx*8+DATA_009260] JUMP_007285: ; Pos = 662b8 cmp dword [edx],byte +0x0 jz JUMP_007287 movsx ecx,word [eax] cmp ecx,0x80 jnc JUMP_007287 movsx ecx,word [eax+0x2] cmp ecx,0x80 jnc JUMP_007287 mov ecx,[ebp-0x8] sar dword [ecx+0x3c],0x7 movsx ecx,word [eax] movsx edi,word [eax+0x2] shl edi,0x7 add ecx,edi mov [ebp-0x4],ecx cmp dword [edx+0x4],byte +0x0 jz JUMP_007286 mov ecx,[edx+0x4] mov edi,[ebp-0x4] movzx ecx,byte [ecx+edi] mov edi,[ebp-0x8] imul ecx,[edi+0x3c] mov [edi+0x3c],ecx JUMP_007286: ; Pos = 66304 mov ecx,[edx] mov edi,[ebp-0x4] movsx ecx,byte [ecx+edi] shl ecx,0x15 mov edi,[ebp-0x8] add [edi+0x3c],ecx JUMP_007287: ; Pos = 66316 inc esi add eax,byte +0x4 add edx,0x100 cmp esi,byte +0x2 jl JUMP_007285 mov eax,[ebp-0x8] mov eax,[eax+0x3c] sub eax,ebx sar eax,0x3 add eax,[ebp-0xc] mov ebx,eax push ebx mov eax,[ebp-0x8] mov eax,[eax+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov edx,[ebp-0x8] mov [edx+0x4],eax push ebx mov eax,[ebp-0x8] mov eax,[eax+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov edx,[ebp-0x8] mov [edx+0x8],eax push ebx mov eax,[ebp-0x8] mov eax,[eax+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov edx,[ebp-0x8] mov [edx+0xc],eax mov eax,[ebp-0x8] push eax call near [DATA_009282] pop ecx JUMP_007288: ; Pos = 663b2 mov eax,[ebp-0x8] push eax call FUNC_001829 pop ecx JUMP_007289: ; Pos = 663bc pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_001861: ; Pos = 663c4 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov esi,[ebp+0x8] mov eax,[esi+0x8] test eax,eax jz JUMP_007292 mov ebx,eax xor esi,esi lea ecx,[ebx+0x34] mov eax,[ebp+0x10] lea edx,[eax+0x34] mov eax,[ebp+0xc] add eax,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x10],ebx JUMP_007290: ; Pos = 663f7 mov ebx,[ebp-0x10] cmp dword [ebx],byte +0x0 jz JUMP_007291 movsx ebx,word [eax] movsx edi,word [edx] add ebx,edi sar ebx,1 mov [ecx],bx movsx ebx,word [eax+0x2] movsx edi,word [edx+0x2] add ebx,edi sar ebx,1 mov [ecx+0x2],bx JUMP_007291: ; Pos = 6641c inc esi add ecx,byte +0x4 add edx,byte +0x4 add eax,byte +0x4 add dword [ebp-0x10],0x100 cmp esi,byte +0x2 jl JUMP_007290 jmp JUMP_007312 JUMP_007292: ; Pos = 66437 call FUNC_001818 mov [esi+0x8],eax mov ebx,eax mov eax,[esi] cmp eax,[ebp+0xc] jnz JUMP_007293 call FUNC_001820 mov [esi+0x4],eax mov edx,[ebp+0xc] mov [eax],edx call FUNC_001820 mov [esi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007294 JUMP_007293: ; Pos = 66464 call FUNC_001820 mov [esi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [esi+0xc],eax mov edx,[ebp+0xc] mov [eax],edx JUMP_007294: ; Pos = 6647e xor esi,esi lea edx,[ebx+0x34] mov eax,[ebp+0x10] add eax,byte +0x34 mov ecx,[ebp+0xc] add ecx,byte +0x34 mov [ebp-0x18],ecx mov ecx,[ebp+0x18] lea ecx,[ecx*8+DATA_009260] mov [ebp-0x14],ecx JUMP_007295: ; Pos = 6649f mov ecx,[ebp-0x14] cmp dword [ecx],byte +0x0 jz JUMP_007296 mov ecx,[ebp-0x18] movsx ecx,word [ecx] movsx edi,word [eax] add ecx,edi sar ecx,1 mov [edx],cx mov ecx,[ebp-0x18] movsx ecx,word [ecx+0x2] movsx edi,word [eax+0x2] add ecx,edi sar ecx,1 mov [edx+0x2],cx JUMP_007296: ; Pos = 664ca inc esi add edx,byte +0x4 add eax,byte +0x4 add dword [ebp-0x18],byte +0x4 add dword [ebp-0x14],0x100 cmp esi,byte +0x2 jl JUMP_007295 mov eax,[ebp+0xc] mov edx,[eax+0x28] mov [ebx+0x28],edx mov edx,[eax+0x2c] mov [ebx+0x2c],edx mov edx,[eax+0x30] mov [ebx+0x30],edx xor eax,eax mov [ebp-0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0x3c] dec eax mov edx,[ebp+0x10] mov edx,[edx+0x3c] dec edx xor eax,edx jnl JUMP_007297 mov eax,[ebp+0x18] dec eax jmp short JUMP_007298 JUMP_007297: ; Pos = 66513 mov eax,[ebp+0x18] JUMP_007298: ; Pos = 66516 mov edx,[ebp+0xc] cmp eax,[edx+0x44] jng near JUMP_007305 mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007305 mov eax,[ebp+0xc] mov eax,[eax+0x40] test eax,eax jnz JUMP_007299 mov edx,[ebp+0x10] cmp dword [edx+0x40],byte +0x0 jz JUMP_007300 JUMP_007299: ; Pos = 66541 mov edx,[ebp+0x10] add eax,[edx+0x40] sar eax,1 mov [ebx+0x40],eax mov [ebx+0x3c],eax jmp short JUMP_007301 JUMP_007300: ; Pos = 66551 mov eax,[ebp+0xc] mov eax,[eax+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax xor eax,eax mov [ebx+0x40],eax JUMP_007301: ; Pos = 66567 mov eax,[ebp+0xc] mov eax,[eax+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl JUMP_007302 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007303 JUMP_007302: ; Pos = 665ac push ebx call near [DATA_009282] pop ecx jmp JUMP_007311 JUMP_007303: ; Pos = 665b9 mov eax,[ebp+0xc] movsx eax,word [eax] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax mov eax,[ebp+0xc] movsx eax,word [eax+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007304 mov eax,[ebp+0xc] mov ax,[eax+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov edx,[ebp+0xc] mov dx,[edx] mov ecx,[ebp+0x10] cmp dx,[ecx] setg dl and edx,byte +0x1 mov [ebp-0xc],edx mov edx,[ebp+0x14] movsx edx,word [edx] mov ecx,[ebp+0xc] movsx ecx,word [ecx] sub edx,ecx mov ecx,[ebp+0x10] movsx ecx,word [ecx+0x2] mov esi,[ebp+0xc] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx mov ecx,[ebp+0x10] movsx ecx,word [ecx] mov esi,[ebp+0xc] movsx esi,word [esi] sub ecx,esi mov esi,[ebp+0x14] movsx esi,word [esi+0x2] mov edi,[ebp+0xc] movsx edi,word [edi+0x2] sub esi,edi imul ecx,esi cmp edx,ecx setg dl and edx,byte +0x1 mov ecx,eax shl ecx,0x4 add ecx,DATA_007878 mov esi,[ebp-0xc] lea ecx,[ecx+esi*8] mov cx,[ecx+edx*4] add [ebx],cx shl eax,0x4 add eax,DATA_007879 mov ecx,[ebp-0xc] lea eax,[eax+ecx*8] mov ax,[eax+edx*4] add [ebx+0x2],ax JUMP_007304: ; Pos = 66690 movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp JUMP_007311 JUMP_007305: ; Pos = 666b4 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] mov edi,[eax+0x3c] push edi mov eax,[ebp+0xc] mov esi,[eax+0x3c] push esi call FUNC_001846 add esp,byte +0xc add esi,edi sar esi,1 add eax,esi mov [ebx+0x3c],eax xor esi,esi lea eax,[ebx+0x34] mov edx,[ebp+0x18] lea edx,[edx*8+DATA_009260] JUMP_007306: ; Pos = 666e6 cmp dword [edx],byte +0x0 jz JUMP_007308 movsx ecx,word [eax] cmp ecx,0x80 jnc JUMP_007308 movsx ecx,word [eax+0x2] cmp ecx,0x80 jnc JUMP_007308 sar dword [ebx+0x3c],0x7 movsx ecx,word [eax] movsx edi,word [eax+0x2] shl edi,0x7 add ecx,edi mov [ebp-0x4],ecx cmp dword [edx+0x4],byte +0x0 jz JUMP_007307 mov ecx,[edx+0x4] mov edi,[ebp-0x4] movzx ecx,byte [ecx+edi] imul ecx,[ebx+0x3c] mov [ebx+0x3c],ecx JUMP_007307: ; Pos = 6672c mov ecx,[edx] mov edi,[ebp-0x4] movsx ecx,byte [ecx+edi] shl ecx,0x15 add [ebx+0x3c],ecx JUMP_007308: ; Pos = 6673b inc esi add eax,byte +0x4 add edx,0x100 cmp esi,byte +0x2 jl JUMP_007306 cmp dword [ebx+0x3c],byte +0x0 jl JUMP_007309 mov eax,[ebx+0x3c] jmp short JUMP_007310 JUMP_007309: ; Pos = 66755 xor eax,eax JUMP_007310: ; Pos = 66757 mov [ebx+0x40],eax mov edx,[ebp+0xc] mov edx,[edx+0x40] mov ecx,[ebp+0x10] add edx,[ecx+0x40] sar edx,1 mov esi,eax sub esi,edx sar esi,0x3 add esi,[ebp-0x8] push esi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push esi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push esi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007311: ; Pos = 667da push ebx call FUNC_001829 pop ecx JUMP_007312: ; Pos = 667e1 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001862: ; Pos = 667e8 push ebp mov ebp,esp add esp,byte -0x10 push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx+0x8] test eax,eax jz JUMP_007315 mov [ebp-0x4],eax xor esi,esi mov eax,[ebp-0x4] lea ecx,[eax+0x34] mov eax,[ebp+0x10] lea edx,[eax+0x34] mov eax,[ebp+0xc] add eax,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0xc],ebx JUMP_007313: ; Pos = 6681f mov ebx,[ebp-0xc] cmp dword [ebx],byte +0x0 jz JUMP_007314 movsx ebx,word [eax] movsx edi,word [edx] add ebx,edi sar ebx,1 mov [ecx],bx movsx ebx,word [eax+0x2] movsx edi,word [edx+0x2] add ebx,edi sar ebx,1 mov [ecx+0x2],bx JUMP_007314: ; Pos = 66844 inc esi add ecx,byte +0x4 add edx,byte +0x4 add eax,byte +0x4 add dword [ebp-0xc],0x100 cmp esi,byte +0x2 jl JUMP_007313 jmp JUMP_007328 JUMP_007315: ; Pos = 6685f call FUNC_001818 mov [ebx+0x8],eax mov [ebp-0x4],eax mov eax,[ebx] cmp eax,[ebp+0xc] jnz JUMP_007316 call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0xc] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007317 JUMP_007316: ; Pos = 6688d call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0xc] mov [eax],edx JUMP_007317: ; Pos = 668a7 xor esi,esi mov eax,[ebp-0x4] lea edx,[eax+0x34] mov eax,[ebp+0x10] add eax,byte +0x34 mov ecx,[ebp+0xc] add ecx,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x10],ebx JUMP_007318: ; Pos = 668c8 mov ebx,[ebp-0x10] cmp dword [ebx],byte +0x0 jz JUMP_007319 movsx ebx,word [ecx] movsx edi,word [eax] add ebx,edi sar ebx,1 mov [edx],bx movsx ebx,word [ecx+0x2] movsx edi,word [eax+0x2] add ebx,edi sar ebx,1 mov [edx+0x2],bx JUMP_007319: ; Pos = 668ed inc esi add edx,byte +0x4 add eax,byte +0x4 add ecx,byte +0x4 add dword [ebp-0x10],0x100 cmp esi,byte +0x2 jl JUMP_007318 mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x28] mov edx,[ebp+0x10] add eax,[edx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp-0x4] mov [edx+0x28],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x2c] mov edx,[ebp+0x10] add eax,[edx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp-0x4] mov [edx+0x2c],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x30] mov edx,[ebp+0x10] add eax,[edx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp-0x4] mov [edx+0x30],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007839] mov [ebp-0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0x44] cmp eax,[ebp+0x18] jnl near JUMP_007323 mov eax,[ebp+0x10] mov eax,[eax+0x44] cmp eax,[ebp+0x18] jnl near JUMP_007323 mov eax,[ebp+0xc] mov eax,[eax+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x3c],eax mov eax,[ebp+0xc] mov eax,[eax+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov edx,[ebp-0x4] mov [edx+0xc],eax mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl JUMP_007320 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007321 JUMP_007320: ; Pos = 66a02 mov eax,[ebp-0x4] push eax call near [DATA_009282] pop ecx jmp JUMP_007327 JUMP_007321: ; Pos = 66a12 mov eax,[ebp+0xc] movsx eax,word [eax] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov edx,[ebp-0x4] mov [edx],ax mov eax,[ebp+0xc] movsx eax,word [eax+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov edx,[ebp-0x4] mov [edx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007322 mov eax,[ebp+0xc] mov ax,[eax+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov edx,[ebp+0xc] mov dx,[edx] mov ecx,[ebp+0x10] cmp dx,[ecx] setg dl and edx,byte +0x1 mov ecx,[ebp+0x14] movsx ecx,word [ecx] mov ebx,[ebp+0xc] movsx ebx,word [ebx] sub ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx+0x2] mov esi,[ebp+0xc] movsx esi,word [esi+0x2] sub ebx,esi imul ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx] mov esi,[ebp+0xc] movsx esi,word [esi] sub ebx,esi mov esi,[ebp+0x14] movsx esi,word [esi+0x2] mov edi,[ebp+0xc] movsx edi,word [edi+0x2] sub esi,edi imul ebx,esi cmp ecx,ebx setg cl and ecx,byte +0x1 mov ebx,eax shl ebx,0x4 add ebx,DATA_007880 lea ebx,[ebx+edx*8] mov bx,[ebx+ecx*4] mov esi,[ebp-0x4] add [esi],bx shl eax,0x4 add eax,DATA_007881 lea eax,[eax+edx*8] mov ax,[eax+ecx*4] mov edx,[ebp-0x4] add [edx+0x2],ax JUMP_007322: ; Pos = 66aec mov eax,[ebp-0x4] movsx eax,word [eax] push eax call near [DATA_009280] pop ecx mov edx,[ebp-0x4] mov [edx+0x24],ax mov eax,[ebp-0x4] movsx eax,word [eax+0x2] push eax call near [DATA_009281] pop ecx mov edx,[ebp-0x4] mov [edx+0x26],ax jmp JUMP_007327 JUMP_007323: ; Pos = 66b1c mov eax,[ebp+0xc] mov ebx,[eax+0x3c] mov edi,ebx mov eax,[ebp+0x10] mov esi,[eax+0x3c] add edi,esi sar edi,1 mov eax,[ebp+0x18] push eax push esi push ebx call FUNC_001846 add esp,byte +0xc add edi,eax mov eax,[ebp-0x4] mov [eax+0x3c],edi xor esi,esi mov eax,[ebp-0x4] add eax,byte +0x34 mov edx,[ebp+0x18] lea edx,[edx*8+DATA_009260] JUMP_007324: ; Pos = 66b56 cmp dword [edx],byte +0x0 jz JUMP_007326 movsx ecx,word [eax] cmp ecx,0x80 jnc JUMP_007326 movsx ecx,word [eax+0x2] cmp ecx,0x80 jnc JUMP_007326 mov ecx,[ebp-0x4] sar dword [ecx+0x3c],0x7 movsx ecx,word [eax] movsx ebx,word [eax+0x2] shl ebx,0x7 add ecx,ebx cmp dword [edx+0x4],byte +0x0 jz JUMP_007325 mov ebx,[edx+0x4] movzx ebx,byte [ebx+ecx] mov edi,[ebp-0x4] imul ebx,[edi+0x3c] mov [edi+0x3c],ebx JUMP_007325: ; Pos = 66b9c mov ebx,[edx] movsx ecx,byte [ebx+ecx] shl ecx,0x15 mov ebx,[ebp-0x4] add [ebx+0x3c],ecx JUMP_007326: ; Pos = 66bab inc esi add eax,byte +0x4 add edx,0x100 cmp esi,byte +0x2 jl JUMP_007324 mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0x4],eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0x8],eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0xc],eax mov eax,[ebp-0x4] push eax call near [DATA_009282] pop ecx JUMP_007327: ; Pos = 66c40 mov eax,[ebp-0x4] push eax call FUNC_001829 pop ecx JUMP_007328: ; Pos = 66c4a pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_001863: ; Pos = 66c54 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx+0x8] test eax,eax jz JUMP_007331 mov [ebp-0x4],eax xor esi,esi mov eax,[ebp-0x4] lea ecx,[eax+0x34] mov eax,[ebp+0x10] lea edx,[eax+0x34] mov eax,[ebp+0xc] add eax,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x10],ebx JUMP_007329: ; Pos = 66c8b mov ebx,[ebp-0x10] cmp dword [ebx],byte +0x0 jz JUMP_007330 movsx ebx,word [eax] movsx edi,word [edx] add ebx,edi sar ebx,1 mov [ecx],bx movsx ebx,word [eax+0x2] movsx edi,word [edx+0x2] add ebx,edi sar ebx,1 mov [ecx+0x2],bx JUMP_007330: ; Pos = 66cb0 inc esi add ecx,byte +0x4 add edx,byte +0x4 add eax,byte +0x4 add dword [ebp-0x10],0x100 cmp esi,byte +0x2 jl JUMP_007329 jmp JUMP_007346 JUMP_007331: ; Pos = 66ccb call FUNC_001818 mov [ebx+0x8],eax mov [ebp-0x4],eax mov eax,[ebx] cmp eax,[ebp+0xc] jnz JUMP_007332 call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0xc] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007333 JUMP_007332: ; Pos = 66cf9 call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0xc] mov [eax],edx JUMP_007333: ; Pos = 66d13 xor esi,esi mov eax,[ebp-0x4] lea edx,[eax+0x34] mov eax,[ebp+0x10] add eax,byte +0x34 mov ecx,[ebp+0xc] add ecx,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x14],ebx JUMP_007334: ; Pos = 66d34 mov ebx,[ebp-0x14] cmp dword [ebx],byte +0x0 jz JUMP_007335 movsx ebx,word [ecx] movsx edi,word [eax] add ebx,edi sar ebx,1 mov [edx],bx movsx ebx,word [ecx+0x2] movsx edi,word [eax+0x2] add ebx,edi sar ebx,1 mov [edx+0x2],bx JUMP_007335: ; Pos = 66d59 inc esi add edx,byte +0x4 add eax,byte +0x4 add ecx,byte +0x4 add dword [ebp-0x14],0x100 cmp esi,byte +0x2 jl JUMP_007334 mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x28] mov edx,[ebp+0x10] add eax,[edx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp-0x4] mov [edx+0x28],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x2c] mov edx,[ebp+0x10] add eax,[edx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp-0x4] mov [edx+0x2c],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x30] mov edx,[ebp+0x10] add eax,[edx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp-0x4] mov [edx+0x30],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007839] mov [ebp-0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0x3c] dec eax mov edx,[ebp+0x10] mov edx,[edx+0x3c] dec edx xor eax,edx jnl JUMP_007336 mov eax,[ebp+0x18] dec eax jmp short JUMP_007337 JUMP_007336: ; Pos = 66e06 mov eax,[ebp+0x18] JUMP_007337: ; Pos = 66e09 mov edx,[ebp+0xc] cmp eax,[edx+0x44] jng near JUMP_007341 mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007341 mov eax,[ebp+0xc] mov eax,[eax+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x3c],eax mov eax,[ebp+0xc] mov eax,[eax+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov edx,[ebp-0x4] mov [edx+0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov edx,[ebp-0x4] mov [edx+0xc],eax mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl JUMP_007338 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007339 JUMP_007338: ; Pos = 66e83 mov eax,[ebp-0x4] push eax call near [DATA_009282] pop ecx jmp JUMP_007345 JUMP_007339: ; Pos = 66e93 mov eax,[ebp+0xc] movsx eax,word [eax] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov edx,[ebp-0x4] mov [edx],ax mov eax,[ebp+0xc] movsx eax,word [eax+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov edx,[ebp-0x4] mov [edx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007340 mov eax,[ebp+0xc] mov ax,[eax+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov edx,[ebp+0xc] mov dx,[edx] mov ecx,[ebp+0x10] cmp dx,[ecx] setg dl and edx,byte +0x1 mov ecx,[ebp+0x14] movsx ecx,word [ecx] mov ebx,[ebp+0xc] movsx ebx,word [ebx] sub ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx+0x2] mov esi,[ebp+0xc] movsx esi,word [esi+0x2] sub ebx,esi imul ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx] mov esi,[ebp+0xc] movsx esi,word [esi] sub ebx,esi mov esi,[ebp+0x14] movsx esi,word [esi+0x2] mov edi,[ebp+0xc] movsx edi,word [edi+0x2] sub esi,edi imul ebx,esi cmp ecx,ebx setg cl and ecx,byte +0x1 mov ebx,eax shl ebx,0x4 add ebx,DATA_007882 lea ebx,[ebx+edx*8] mov bx,[ebx+ecx*4] mov esi,[ebp-0x4] add [esi],bx shl eax,0x4 add eax,DATA_007883 lea eax,[eax+edx*8] mov ax,[eax+ecx*4] mov edx,[ebp-0x4] add [edx+0x2],ax JUMP_007340: ; Pos = 66f6d mov eax,[ebp-0x4] movsx eax,word [eax] push eax call near [DATA_009280] pop ecx mov edx,[ebp-0x4] mov [edx+0x24],ax mov eax,[ebp-0x4] movsx eax,word [eax+0x2] push eax call near [DATA_009281] pop ecx mov edx,[ebp-0x4] mov [edx+0x26],ax jmp JUMP_007345 JUMP_007341: ; Pos = 66f9d mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] mov edi,[eax+0x3c] push edi mov eax,[ebp+0xc] mov esi,[eax+0x3c] push esi call FUNC_001846 add esp,byte +0xc add esi,edi sar esi,1 add eax,esi mov edx,[ebp-0x4] mov [edx+0x3c],eax xor esi,esi mov eax,[ebp-0x4] add eax,byte +0x34 mov edx,[ebp+0x18] lea edx,[edx*8+DATA_009260] JUMP_007342: ; Pos = 66fd5 cmp dword [edx],byte +0x0 jz JUMP_007344 movsx ecx,word [eax] cmp ecx,0x80 jnc JUMP_007344 movsx ecx,word [eax+0x2] cmp ecx,0x80 jnc JUMP_007344 mov ecx,[ebp-0x4] sar dword [ecx+0x3c],0x7 movsx ecx,word [eax] movsx ebx,word [eax+0x2] shl ebx,0x7 add ecx,ebx cmp dword [edx+0x4],byte +0x0 jz JUMP_007343 mov ebx,[edx+0x4] movzx ebx,byte [ebx+ecx] mov edi,[ebp-0x4] imul ebx,[edi+0x3c] mov [edi+0x3c],ebx JUMP_007343: ; Pos = 6701b mov ebx,[edx] movsx ecx,byte [ebx+ecx] shl ecx,0x15 mov ebx,[ebp-0x4] add [ebx+0x3c],ecx JUMP_007344: ; Pos = 6702a inc esi add eax,byte +0x4 add edx,0x100 cmp esi,byte +0x2 jl JUMP_007342 mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0x4],eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0x8],eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x4] mov eax,[eax+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov edx,[ebp-0x4] mov [edx+0xc],eax mov eax,[ebp-0x4] push eax call near [DATA_009282] pop ecx JUMP_007345: ; Pos = 670bf mov eax,[ebp-0x4] push eax call FUNC_001829 pop ecx JUMP_007346: ; Pos = 670c9 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001864: ; Pos = 670d0 push ebp mov ebp,esp add esp,byte -0x14 push ebx push esi push edi mov ebx,[ebp+0x8] mov eax,[ebx+0x8] test eax,eax jz JUMP_007349 mov [ebp-0x8],eax xor esi,esi mov eax,[ebp-0x8] lea ecx,[eax+0x34] mov eax,[ebp+0x10] lea edx,[eax+0x34] mov eax,[ebp+0xc] add eax,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x10],ebx JUMP_007347: ; Pos = 67107 mov ebx,[ebp-0x10] cmp dword [ebx],byte +0x0 jz JUMP_007348 movsx ebx,word [eax] movsx edi,word [edx] add ebx,edi sar ebx,1 mov [ecx],bx movsx ebx,word [eax+0x2] movsx edi,word [edx+0x2] add ebx,edi sar ebx,1 mov [ecx+0x2],bx JUMP_007348: ; Pos = 6712c inc esi add ecx,byte +0x4 add edx,byte +0x4 add eax,byte +0x4 add dword [ebp-0x10],0x100 cmp esi,byte +0x2 jl JUMP_007347 jmp JUMP_007362 JUMP_007349: ; Pos = 67147 call FUNC_001818 mov [ebx+0x8],eax mov [ebp-0x8],eax mov eax,[ebx] cmp eax,[ebp+0xc] jnz JUMP_007350 call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0xc] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007351 JUMP_007350: ; Pos = 67175 call FUNC_001820 mov [ebx+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [ebx+0xc],eax mov edx,[ebp+0xc] mov [eax],edx JUMP_007351: ; Pos = 6718f xor esi,esi mov eax,[ebp-0x8] lea edx,[eax+0x34] mov eax,[ebp+0x10] add eax,byte +0x34 mov ecx,[ebp+0xc] add ecx,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x14],ebx JUMP_007352: ; Pos = 671b0 mov ebx,[ebp-0x14] cmp dword [ebx],byte +0x0 jz JUMP_007353 movsx ebx,word [ecx] movsx edi,word [eax] add ebx,edi sar ebx,1 mov [edx],bx movsx ebx,word [ecx+0x2] movsx edi,word [eax+0x2] add ebx,edi sar ebx,1 mov [edx+0x2],bx JUMP_007353: ; Pos = 671d5 inc esi add edx,byte +0x4 add eax,byte +0x4 add ecx,byte +0x4 add dword [ebp-0x14],0x100 cmp esi,byte +0x2 jl JUMP_007352 mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x28] mov edx,[ebp+0x10] add eax,[edx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp-0x8] mov [edx+0x28],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x2c] mov edx,[ebp+0x10] add eax,[edx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp-0x8] mov [edx+0x2c],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x30] mov edx,[ebp+0x10] add eax,[edx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp-0x8] mov [edx+0x30],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007839] mov [ebp-0xc],eax mov eax,[ebp+0xc] mov eax,[eax+0x44] cmp eax,[ebp+0x18] jnl near JUMP_007357 mov eax,[ebp+0x10] mov eax,[eax+0x44] cmp eax,[ebp+0x18] jnl near JUMP_007357 mov eax,[ebp+0xc] mov eax,[eax+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov edx,[ebp-0x8] mov [edx+0x3c],eax mov eax,[ebp+0xc] mov eax,[eax+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov edx,[ebp-0x8] mov [edx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov edx,[ebp-0x8] mov [edx+0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov edx,[ebp-0x8] mov [edx+0xc],eax mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl JUMP_007354 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007355 JUMP_007354: ; Pos = 672ea mov eax,[ebp-0x8] push eax call near [DATA_009282] pop ecx jmp JUMP_007361 JUMP_007355: ; Pos = 672fa mov eax,[ebp+0xc] movsx eax,word [eax] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov edx,[ebp-0x8] mov [edx],ax mov eax,[ebp+0xc] movsx eax,word [eax+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov edx,[ebp-0x8] mov [edx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007356 mov eax,[ebp+0xc] mov ax,[eax+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov edx,[ebp+0xc] mov dx,[edx] mov ecx,[ebp+0x10] cmp dx,[ecx] setg dl and edx,byte +0x1 mov ecx,[ebp+0x14] movsx ecx,word [ecx] mov ebx,[ebp+0xc] movsx ebx,word [ebx] sub ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx+0x2] mov esi,[ebp+0xc] movsx esi,word [esi+0x2] sub ebx,esi imul ecx,ebx mov ebx,[ebp+0x10] movsx ebx,word [ebx] mov esi,[ebp+0xc] movsx esi,word [esi] sub ebx,esi mov esi,[ebp+0x14] movsx esi,word [esi+0x2] mov edi,[ebp+0xc] movsx edi,word [edi+0x2] sub esi,edi imul ebx,esi cmp ecx,ebx setg cl and ecx,byte +0x1 mov ebx,eax shl ebx,0x4 add ebx,DATA_007884 lea ebx,[ebx+edx*8] mov bx,[ebx+ecx*4] mov esi,[ebp-0x8] add [esi],bx shl eax,0x4 add eax,DATA_007885 lea eax,[eax+edx*8] mov ax,[eax+ecx*4] mov edx,[ebp-0x8] add [edx+0x2],ax JUMP_007356: ; Pos = 673d4 mov eax,[ebp-0x8] movsx eax,word [eax] push eax call near [DATA_009280] pop ecx mov edx,[ebp-0x8] mov [edx+0x24],ax mov eax,[ebp-0x8] movsx eax,word [eax+0x2] push eax call near [DATA_009281] pop ecx mov edx,[ebp-0x8] mov [edx+0x26],ax jmp JUMP_007361 JUMP_007357: ; Pos = 67404 mov eax,[ebp+0xc] mov esi,[eax+0x3c] mov ebx,esi mov eax,[ebp+0x10] mov edi,[eax+0x3c] add ebx,edi sar ebx,1 mov eax,[ebp+0x18] push eax push edi push esi call FUNC_001846 add esp,byte +0xc add eax,ebx mov edx,[ebp-0x8] mov [edx+0x3c],eax xor esi,esi mov eax,[ebp-0x8] add eax,byte +0x34 mov edx,[ebp+0x18] lea edx,[edx*8+DATA_009260] JUMP_007358: ; Pos = 6743e cmp dword [edx],byte +0x0 jz JUMP_007360 movsx ecx,word [eax] cmp ecx,0x80 jnc JUMP_007360 movsx ecx,word [eax+0x2] cmp ecx,0x80 jnc JUMP_007360 mov ecx,[ebp-0x8] sar dword [ecx+0x3c],0x7 movsx ecx,word [eax] movsx edi,word [eax+0x2] shl edi,0x7 add ecx,edi mov [ebp-0x4],ecx cmp dword [edx+0x4],byte +0x0 jz JUMP_007359 mov ecx,[edx+0x4] mov edi,[ebp-0x4] movzx ecx,byte [ecx+edi] mov edi,[ebp-0x8] imul ecx,[edi+0x3c] mov [edi+0x3c],ecx JUMP_007359: ; Pos = 6748a mov ecx,[edx] mov edi,[ebp-0x4] movsx ecx,byte [ecx+edi] shl ecx,0x15 mov edi,[ebp-0x8] add [edi+0x3c],ecx JUMP_007360: ; Pos = 6749c inc esi add eax,byte +0x4 add edx,0x100 cmp esi,byte +0x2 jl JUMP_007358 mov eax,[ebp-0x8] mov eax,[eax+0x3c] sub eax,ebx sar eax,0x3 add eax,[ebp-0xc] mov ebx,eax push ebx mov eax,[ebp-0x8] mov eax,[eax+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov edx,[ebp-0x8] mov [edx+0x4],eax push ebx mov eax,[ebp-0x8] mov eax,[eax+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov edx,[ebp-0x8] mov [edx+0x8],eax push ebx mov eax,[ebp-0x8] mov eax,[eax+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov edx,[ebp-0x8] mov [edx+0xc],eax mov eax,[ebp-0x8] push eax call near [DATA_009282] pop ecx JUMP_007361: ; Pos = 67538 mov eax,[ebp-0x8] push eax call FUNC_001829 pop ecx JUMP_007362: ; Pos = 67542 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop nop FUNC_001865: ; Pos = 6754c push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi push edi mov esi,[ebp+0x8] mov eax,[esi+0x8] test eax,eax jz JUMP_007365 mov ebx,eax xor esi,esi lea ecx,[ebx+0x34] mov eax,[ebp+0x10] lea edx,[eax+0x34] mov eax,[ebp+0xc] add eax,byte +0x34 mov ebx,[ebp+0x18] lea ebx,[ebx*8+DATA_009260] mov [ebp-0x10],ebx JUMP_007363: ; Pos = 6757f mov ebx,[ebp-0x10] cmp dword [ebx],byte +0x0 jz JUMP_007364 movsx ebx,word [eax] movsx edi,word [edx] add ebx,edi sar ebx,1 mov [ecx],bx movsx ebx,word [eax+0x2] movsx edi,word [edx+0x2] add ebx,edi sar ebx,1 mov [ecx+0x2],bx JUMP_007364: ; Pos = 675a4 inc esi add ecx,byte +0x4 add edx,byte +0x4 add eax,byte +0x4 add dword [ebp-0x10],0x100 cmp esi,byte +0x2 jl JUMP_007363 jmp JUMP_007385 JUMP_007365: ; Pos = 675bf call FUNC_001818 mov [esi+0x8],eax mov ebx,eax mov eax,[esi] cmp eax,[ebp+0xc] jnz JUMP_007366 call FUNC_001820 mov [esi+0x4],eax mov edx,[ebp+0xc] mov [eax],edx call FUNC_001820 mov [esi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007367 JUMP_007366: ; Pos = 675ec call FUNC_001820 mov [esi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [esi+0xc],eax mov edx,[ebp+0xc] mov [eax],edx JUMP_007367: ; Pos = 67606 xor esi,esi lea edx,[ebx+0x34] mov eax,[ebp+0x10] add eax,byte +0x34 mov ecx,[ebp+0xc] add ecx,byte +0x34 mov [ebp-0x18],ecx mov ecx,[ebp+0x18] lea ecx,[ecx*8+DATA_009260] mov [ebp-0x14],ecx JUMP_007368: ; Pos = 67627 mov ecx,[ebp-0x14] cmp dword [ecx],byte +0x0 jz JUMP_007369 mov ecx,[ebp-0x18] movsx ecx,word [ecx] movsx edi,word [eax] add ecx,edi sar ecx,1 mov [edx],cx mov ecx,[ebp-0x18] movsx ecx,word [ecx+0x2] movsx edi,word [eax+0x2] add ecx,edi sar ecx,1 mov [edx+0x2],cx JUMP_007369: ; Pos = 67652 inc esi add edx,byte +0x4 add eax,byte +0x4 add dword [ebp-0x18],byte +0x4 add dword [ebp-0x14],0x100 cmp esi,byte +0x2 jl JUMP_007368 mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x28] mov edx,[ebp+0x10] add eax,[edx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x28],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x2c] mov edx,[ebp+0x10] add eax,[edx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x2c],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[ebp+0xc] mov eax,[eax+0x30] mov edx,[ebp+0x10] add eax,[edx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x30],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007839] mov [ebp-0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0x3c] dec eax mov edx,[ebp+0x10] mov edx,[edx+0x3c] dec edx xor eax,edx jnl JUMP_007370 mov eax,[ebp+0x18] dec eax jmp short JUMP_007371 JUMP_007370: ; Pos = 676f7 mov eax,[ebp+0x18] JUMP_007371: ; Pos = 676fa mov edx,[ebp+0xc] cmp eax,[edx+0x44] jng near JUMP_007378 mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007378 mov eax,[ebp+0xc] mov eax,[eax+0x40] test eax,eax jnz JUMP_007372 mov edx,[ebp+0x10] cmp dword [edx+0x40],byte +0x0 jz JUMP_007373 JUMP_007372: ; Pos = 67725 mov edx,[ebp+0x10] add eax,[edx+0x40] sar eax,1 mov [ebx+0x40],eax mov [ebx+0x3c],eax jmp short JUMP_007374 JUMP_007373: ; Pos = 67735 mov eax,[ebp+0xc] mov eax,[eax+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax xor eax,eax mov [ebx+0x40],eax JUMP_007374: ; Pos = 6774b mov eax,[ebp+0xc] mov eax,[eax+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[ebp+0xc] mov eax,[eax+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl JUMP_007375 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007376 JUMP_007375: ; Pos = 67790 push ebx call near [DATA_009282] pop ecx jmp JUMP_007384 JUMP_007376: ; Pos = 6779d mov eax,[ebp+0xc] movsx eax,word [eax] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax mov eax,[ebp+0xc] movsx eax,word [eax+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007377 mov eax,[ebp+0xc] mov ax,[eax+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov edx,[ebp+0xc] mov dx,[edx] mov ecx,[ebp+0x10] cmp dx,[ecx] setg dl and edx,byte +0x1 mov [ebp-0xc],edx mov edx,[ebp+0x14] movsx edx,word [edx] mov ecx,[ebp+0xc] movsx ecx,word [ecx] sub edx,ecx mov ecx,[ebp+0x10] movsx ecx,word [ecx+0x2] mov esi,[ebp+0xc] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx mov ecx,[ebp+0x10] movsx ecx,word [ecx] mov esi,[ebp+0xc] movsx esi,word [esi] sub ecx,esi mov esi,[ebp+0x14] movsx esi,word [esi+0x2] mov edi,[ebp+0xc] movsx edi,word [edi+0x2] sub esi,edi imul ecx,esi cmp edx,ecx setg dl and edx,byte +0x1 mov ecx,eax shl ecx,0x4 add ecx,DATA_007886 mov esi,[ebp-0xc] lea ecx,[ecx+esi*8] mov cx,[ecx+edx*4] add [ebx],cx shl eax,0x4 add eax,DATA_007887 mov ecx,[ebp-0xc] lea eax,[eax+ecx*8] mov ax,[eax+edx*4] add [ebx+0x2],ax JUMP_007377: ; Pos = 67874 movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp JUMP_007384 JUMP_007378: ; Pos = 67898 mov eax,[ebp+0x18] push eax mov eax,[ebp+0x10] mov edi,[eax+0x3c] push edi mov eax,[ebp+0xc] mov esi,[eax+0x3c] push esi call FUNC_001846 add esp,byte +0xc add esi,edi sar esi,1 add eax,esi mov [ebx+0x3c],eax xor esi,esi lea eax,[ebx+0x34] mov edx,[ebp+0x18] lea edx,[edx*8+DATA_009260] JUMP_007379: ; Pos = 678ca cmp dword [edx],byte +0x0 jz JUMP_007381 movsx ecx,word [eax] cmp ecx,0x80 jnc JUMP_007381 movsx ecx,word [eax+0x2] cmp ecx,0x80 jnc JUMP_007381 sar dword [ebx+0x3c],0x7 movsx ecx,word [eax] movsx edi,word [eax+0x2] shl edi,0x7 add ecx,edi mov [ebp-0x4],ecx cmp dword [edx+0x4],byte +0x0 jz JUMP_007380 mov ecx,[edx+0x4] mov edi,[ebp-0x4] movzx ecx,byte [ecx+edi] imul ecx,[ebx+0x3c] mov [ebx+0x3c],ecx JUMP_007380: ; Pos = 67910 mov ecx,[edx] mov edi,[ebp-0x4] movsx ecx,byte [ecx+edi] shl ecx,0x15 add [ebx+0x3c],ecx JUMP_007381: ; Pos = 6791f inc esi add eax,byte +0x4 add edx,0x100 cmp esi,byte +0x2 jl JUMP_007379 cmp dword [ebx+0x3c],byte +0x0 jl JUMP_007382 mov eax,[ebx+0x3c] jmp short JUMP_007383 JUMP_007382: ; Pos = 67939 xor eax,eax JUMP_007383: ; Pos = 6793b mov [ebx+0x40],eax mov edx,[ebp+0xc] mov edx,[edx+0x40] mov ecx,[ebp+0x10] add edx,[ecx+0x40] sar edx,1 mov esi,eax sub esi,edx sar esi,0x3 add esi,[ebp-0x8] push esi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push esi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push esi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[ebp+0xc] mov edx,[edx+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007384: ; Pos = 679be push ebx call FUNC_001829 pop ecx JUMP_007385: ; Pos = 679c5 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001866: ; Pos = 679cc push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[edi+0x8] test eax,eax jnz near JUMP_007393 call FUNC_001818 mov [edi+0x8],eax mov ebx,eax cmp esi,[edi] jnz JUMP_007386 call FUNC_001820 mov [edi+0x4],eax mov [eax],esi call FUNC_001820 mov [edi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007387 JUMP_007386: ; Pos = 67a0d call FUNC_001820 mov [edi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [edi+0xc],eax mov [eax],esi JUMP_007387: ; Pos = 67a24 mov eax,[esi+0x28] mov [ebx+0x28],eax mov eax,[esi+0x2c] mov [ebx+0x2c],eax mov eax,[esi+0x30] mov [ebx+0x30],eax xor edi,edi mov eax,[ebp+0x18] cmp eax,[esi+0x44] jng near JUMP_007391 mov eax,[ebp+0x18] mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007391 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007388 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007389 JUMP_007388: ; Pos = 67a9a push ebx call near [DATA_009282] pop ecx jmp JUMP_007392 JUMP_007389: ; Pos = 67aa7 movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007390 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0x4],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0x8],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0x4] shl edx,0x4 lea ecx,[edx+DATA_007888] mov esi,[ebp-0x8] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007889 mov ecx,[ebp-0x8] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007390: ; Pos = 67b67 movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp short JUMP_007392 JUMP_007391: ; Pos = 67b88 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax push edi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push edi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push edi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007392: ; Pos = 67bf5 push ebx call FUNC_001829 pop ecx JUMP_007393: ; Pos = 67bfc pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret nop FUNC_001867: ; Pos = 67c04 push ebp mov ebp,esp add esp,byte -0x8 push ebx push esi push edi mov esi,[ebp+0xc] mov edi,[ebp+0x8] mov eax,[edi+0x8] test eax,eax jnz near JUMP_007401 call FUNC_001818 mov [edi+0x8],eax mov ebx,eax cmp esi,[edi] jnz JUMP_007394 call FUNC_001820 mov [edi+0x4],eax mov [eax],esi call FUNC_001820 mov [edi+0xc],eax mov edx,[ebp+0x10] mov [eax],edx jmp short JUMP_007395 JUMP_007394: ; Pos = 67c45 call FUNC_001820 mov [edi+0x4],eax mov edx,[ebp+0x10] mov [eax],edx call FUNC_001820 mov [edi+0xc],eax mov [eax],esi JUMP_007395: ; Pos = 67c5c mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x28] mov edx,[ebp+0x10] add eax,[edx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x28],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x2c] mov edx,[ebp+0x10] add eax,[edx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x2c],eax mov eax,[ebp+0x18] mov eax,[eax*4+DATA_007840] push eax mov eax,[esi+0x30] mov edx,[ebp+0x10] add eax,[edx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov [ebx+0x30],eax mov eax,[ebp+0x18] mov edi,[eax*4+DATA_007839] mov eax,[ebp+0x18] cmp eax,[esi+0x44] jng near JUMP_007399 mov eax,[ebp+0x18] mov edx,[ebp+0x10] cmp eax,[edx+0x44] jng near JUMP_007399 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax mov eax,[esi+0x4] mov edx,[ebp+0x10] add eax,[edx+0x4] sar eax,1 mov [ebx+0x4],eax mov eax,[esi+0x8] mov edx,[ebp+0x10] add eax,[edx+0x8] sar eax,1 mov [ebx+0x8],eax mov eax,[esi+0xc] mov edx,[ebp+0x10] add eax,[edx+0xc] sar eax,1 mov [ebx+0xc],eax cmp dword [esi+0xc],byte +0x40 jl JUMP_007396 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jnl JUMP_007397 JUMP_007396: ; Pos = 67d28 push ebx call near [DATA_009282] pop ecx jmp JUMP_007400 JUMP_007397: ; Pos = 67d35 movsx eax,word [esi] mov edx,[ebp+0x10] movsx edx,word [edx] add eax,edx sar eax,1 mov [ebx],ax movsx eax,word [esi+0x2] mov edx,[ebp+0x10] movsx edx,word [edx+0x2] add eax,edx sar eax,1 mov [ebx+0x2],ax mov eax,[ebp+0x14] cmp dword [eax+0xc],byte +0x40 jng near JUMP_007398 mov ax,[esi+0x2] mov edx,[ebp+0x10] cmp ax,[edx+0x2] setg al and eax,byte +0x1 mov [ebp-0x4],eax mov ax,[esi] mov edx,[ebp+0x10] cmp ax,[edx] setg al and eax,byte +0x1 mov [ebp-0x8],eax mov eax,[ebp+0x14] movsx eax,word [eax] movsx edx,word [esi] sub eax,edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [esi+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx] movsx ecx,word [esi] sub edx,ecx mov ecx,[ebp+0x14] movsx ecx,word [ecx+0x2] movsx esi,word [esi+0x2] sub ecx,esi imul edx,ecx cmp eax,edx setg al and eax,byte +0x1 mov edx,[ebp-0x4] shl edx,0x4 lea ecx,[edx+DATA_007890] mov esi,[ebp-0x8] lea ecx,[ecx+esi*8] mov cx,[ecx+eax*4] add [ebx],cx add edx,DATA_007891 mov ecx,[ebp-0x8] lea edx,[edx+ecx*8] mov ax,[edx+eax*4] add [ebx+0x2],ax JUMP_007398: ; Pos = 67df5 movsx eax,word [ebx] push eax call near [DATA_009280] pop ecx mov [ebx+0x24],ax movsx eax,word [ebx+0x2] push eax call near [DATA_009281] pop ecx mov [ebx+0x26],ax jmp short JUMP_007400 JUMP_007399: ; Pos = 67e16 mov eax,[esi+0x3c] mov edx,[ebp+0x10] add eax,[edx+0x3c] sar eax,1 mov [ebx+0x3c],eax push edi mov eax,[ebx+0x28] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x4] mov ecx,[ebp+0x10] add edx,[ecx+0x4] sar edx,1 add eax,edx mov [ebx+0x4],eax push edi mov eax,[ebx+0x2c] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0x8] mov ecx,[ebp+0x10] add edx,[ecx+0x8] sar edx,1 add eax,edx mov [ebx+0x8],eax push edi mov eax,[ebx+0x30] push eax call FUNC_001521 add esp,byte +0x8 mov edx,[esi+0xc] mov ecx,[ebp+0x10] add edx,[ecx+0xc] sar edx,1 add eax,edx mov [ebx+0xc],eax push ebx call near [DATA_009282] pop ecx JUMP_007400: ; Pos = 67e83 push ebx call FUNC_001829 pop ecx JUMP_007401: ; Pos = 67e8a pop edi pop esi pop ebx pop ecx pop ecx pop ebp ret nop nop nop FUNC_001868: ; Pos = 67e94 push ebp mov ebp,esp add esp,0xffffff70 push ebx push esi push edi mov esi,[ebp+0x20] mov ebx,[ebp+0x8] cmp esi,byte +0xa jnl JUMP_007402 mov edi,[ebp+0x24] jmp JUMP_007407 JUMP_007402: ; Pos = 67eb3 mov eax,[ebp+0xc] mov eax,[eax+0x40] cmp eax,[ebx+0x40] jng JUMP_007403 mov eax,[ebx+0x40] mov [ebp-0x24],eax mov eax,[ebp+0xc] mov edi,[eax+0x40] jmp short JUMP_007404 JUMP_007403: ; Pos = 67ecc mov eax,[ebp+0xc] mov eax,[eax+0x40] mov [ebp-0x24],eax mov edi,[ebx+0x40] JUMP_007404: ; Pos = 67ed8 mov eax,[ebp+0x10] mov eax,[eax+0x40] cmp eax,[ebp-0x24] jnl JUMP_007405 mov eax,[ebp+0x10] mov eax,[eax+0x40] mov [ebp-0x24],eax jmp short JUMP_007406 JUMP_007405: ; Pos = 67eee mov eax,[ebp+0x10] cmp edi,[eax+0x40] jnl JUMP_007406 mov eax,[ebp+0x10] mov edi,[eax+0x40] JUMP_007406: ; Pos = 67efc sub edi,[ebp-0x24] sar edi,0x3 push edi mov eax,[ebx+0x28] push eax call _abs pop ecx mov edi,eax mov eax,[ebx+0x2c] push eax call _abs pop ecx add edi,eax mov eax,[ebx+0x30] push eax call _abs pop ecx add edi,eax push edi call FUNC_001521 add esp,byte +0x8 add eax,[ebp+0x24] mov edi,eax JUMP_007407: ; Pos = 67f35 mov eax,[ebx+0xc] add eax,edi mov [ebp-0x1c],eax cmp dword [ebp-0x1c],byte +0x40 jl near JUMP_007453 mov eax,[ebx+0x4] push eax call _abs pop ecx sub eax,edi cmp eax,[ebp-0x1c] jg near JUMP_007453 mov eax,[ebx+0x8] push eax call _abs pop ecx sub eax,edi cmp eax,[ebp-0x1c] jg near JUMP_007453 cmp dword [ebx+0xc],byte +0x40 jl near JUMP_007411 mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl near JUMP_007411 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jl near JUMP_007411 mov eax,[ebp+0x10] movsx eax,word [eax] movsx edx,word [ebx] sub eax,edx mov edx,[ebp+0xc] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx mov ecx,[ebp+0xc] movsx ecx,word [ecx] movsx edi,word [ebx] sub ecx,edi imul edx,ecx sub eax,edx mov [ebp-0x44],eax cmp esi,byte +0xd jg JUMP_007409 cmp esi,[ebx+0x44] jng JUMP_007408 mov eax,[ebp+0xc] cmp esi,[eax+0x44] jng JUMP_007408 mov eax,[ebp+0x10] cmp esi,[eax+0x44] jg JUMP_007409 JUMP_007408: ; Pos = 67fe9 cmp dword [ebp-0x44],0x96 jnl near JUMP_007410 cmp dword [ebp-0x44],byte +0x0 jl near JUMP_007410 cmp esi,byte +0x8 jng near JUMP_007410 JUMP_007409: ; Pos = 68009 mov eax,[ebp+0xc] mov ax,[eax+0x24] or ax,[ebx+0x24] mov edx,[ebp+0x10] or ax,[edx+0x24] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007453 mov eax,[ebp+0xc] mov ax,[eax+0x26] or ax,[ebx+0x26] mov edx,[ebp+0x10] or ax,[edx+0x26] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007453 cmp dword [ebp-0x44],byte +0x0 jng near JUMP_007453 mov eax,[ebx+0x4] mov [ebp+0xffffff7c],eax mov eax,[ebx+0x8] mov [ebp-0x80],eax mov eax,[ebx+0xc] mov [ebp-0x7c],eax mov eax,[DATA_009264] add [ebp-0x7c],eax lea eax,[ebp+0xffffff7c] push eax mov eax,[DATA_009261] push eax call FUNC_001777 add esp,byte +0x8 mov [ebp-0x48],eax mov [DATA_009286],esi mov eax,[ebp+0x10] add eax,byte +0x4 push eax mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff7c] push eax call FUNC_001827 add esp,byte +0x10 mov eax,[ebp-0x48] push eax lea eax,[ebp+0xffffff7c] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push ebx call near [DATA_009270] add esp,byte +0x14 jmp JUMP_007453 JUMP_007410: ; Pos = 680d7 cmp esi,byte +0x2 jnl near JUMP_007415 mov eax,[ebp+0x10] add eax,byte +0x4 push eax mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff7c] push eax call FUNC_001827 add esp,byte +0x10 lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff70] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff70] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,esi mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff7c] imul edx,[ebp+0xffffff70] mov ecx,[ebp-0x80] imul ecx,[ebp+0xffffff74] add edx,ecx mov ecx,[ebp-0x7c] imul ecx,[ebp+0xffffff78] add edx,ecx cmp eax,edx jng near JUMP_007415 mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebp+0xffffff70] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff70] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,esi mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff7c] imul edx,[ebp+0xffffff70] mov ecx,[ebp-0x80] imul ecx,[ebp+0xffffff74] add edx,ecx mov ecx,[ebp-0x7c] imul ecx,[ebp+0xffffff78] add edx,ecx cmp eax,edx jng near JUMP_007415 mov eax,[ebp+0x10] add eax,byte +0x4 push eax lea eax,[ebp+0xffffff70] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff70] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,esi mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff7c] imul edx,[ebp+0xffffff70] mov ecx,[ebp-0x80] imul ecx,[ebp+0xffffff74] add edx,ecx mov ecx,[ebp-0x7c] imul ecx,[ebp+0xffffff78] add edx,ecx cmp eax,edx jg near JUMP_007453 jmp JUMP_007415 JUMP_007411: ; Pos = 68223 cmp dword [ebp+0x24],0x1f4 jl near JUMP_007453 mov eax,[ebx+0xc] push eax call _abs pop ecx mov edi,eax mov eax,[ebp+0xc] mov eax,[eax+0xc] push eax call _abs pop ecx mov [ebp-0x4c],eax mov eax,[ebp+0x10] mov eax,[eax+0xc] push eax call _abs pop ecx cmp edi,[ebx+0x4] jnl JUMP_007412 mov edx,[ebp+0xc] mov edx,[edx+0x4] cmp edx,[ebp-0x4c] jng JUMP_007412 mov edx,[ebp+0x10] cmp eax,[edx+0x4] jl near JUMP_007453 JUMP_007412: ; Pos = 68275 mov edx,edi neg edx cmp edx,[ebx+0x4] jng JUMP_007413 mov edx,[ebp+0xc] mov edx,[edx+0x4] mov ecx,[ebp-0x4c] neg ecx cmp edx,ecx jnl JUMP_007413 mov edx,eax neg edx mov ecx,[ebp+0x10] cmp edx,[ecx+0x4] jg near JUMP_007453 JUMP_007413: ; Pos = 6829d cmp edi,[ebx+0x8] jnl JUMP_007414 mov edx,[ebp+0xc] mov edx,[edx+0x8] cmp edx,[ebp-0x4c] jng JUMP_007414 mov edx,[ebp+0x10] cmp eax,[edx+0x8] jl near JUMP_007453 JUMP_007414: ; Pos = 682b9 neg edi cmp edi,[ebx+0x8] jng JUMP_007415 mov edx,[ebp+0xc] mov edx,[edx+0x8] mov ecx,[ebp-0x4c] neg ecx cmp edx,ecx jnl JUMP_007415 neg eax mov edx,[ebp+0x10] cmp eax,[edx+0x8] jg near JUMP_007453 JUMP_007415: ; Pos = 682dd cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007420 xor eax,eax mov [ebp-0x24],eax lea eax,[ebp-0x40] mov [ebp-0x78],eax mov eax,[ebp+0x10] add eax,byte +0x34 mov [ebp-0x74],eax lea eax,[ebp-0x38] mov [ebp-0x70],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp-0x6c],eax lea eax,[ebp-0x30] mov [ebp-0x68],eax lea eax,[ebx+0x34] mov [ebp-0x64],eax mov dword [ebp-0x60],DATA_009260 mov eax,[ebp+0x28] mov [ebp-0x5c],eax JUMP_007416: ; Pos = 68323 mov eax,[ebp-0x5c] cmp dword [eax],byte +0x0 jng near JUMP_007419 mov eax,[ebp-0x5c] mov eax,[eax] mov [ebp-0x50],eax mov eax,[ebp-0x50] mov eax,[eax] shl eax,0x2 lea eax,[eax+eax*2] add eax,DATA_007841 mov [ebp-0x54],eax mov eax,[ebp-0x54] mov edi,[eax+0x8] add edi,esi dec edi mov eax,[ebp-0x60] lea eax,[eax+edi*8] cmp esi,edi jg JUMP_007418 JUMP_007417: ; Pos = 6835e mov edx,[ebp-0x54] mov edx,[edx] mov [eax],edx mov edx,[ebp-0x54] mov edx,[edx+0x4] mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp esi,edi jng JUMP_007417 JUMP_007418: ; Pos = 68376 mov eax,[ebp-0x64] mov eax,[eax] mov edx,[ebp-0x68] mov [edx],eax mov eax,[ebp-0x6c] mov eax,[eax] mov edx,[ebp-0x70] mov [edx],eax mov eax,[ebp-0x74] mov eax,[eax] mov edx,[ebp-0x78] mov [edx],eax mov eax,[ebp-0x50] mov eax,[eax+0x4] mov edx,[ebp-0x64] mov [edx],eax mov eax,[ebp-0x50] mov eax,[eax+0x8] mov edx,[ebp-0x6c] mov [edx],eax mov eax,[ebp-0x50] mov eax,[eax+0xc] mov edx,[ebp-0x74] mov [edx],eax JUMP_007419: ; Pos = 683b5 inc dword [ebp-0x24] add dword [ebp-0x78],byte +0x4 add dword [ebp-0x74],byte +0x4 add dword [ebp-0x70],byte +0x4 add dword [ebp-0x6c],byte +0x4 add dword [ebp-0x68],byte +0x4 add dword [ebp-0x64],byte +0x4 add dword [ebp-0x60],0x100 add dword [ebp-0x5c],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007416 JUMP_007420: ; Pos = 683e5 cmp esi,byte +0x5 jnl JUMP_007421 push esi push ebx mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009278] add esp,byte +0x14 push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x10] push eax mov eax,[ebp+0x1c] push eax call near [DATA_009278] add esp,byte +0x14 push esi mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009278] add esp,byte +0x14 jmp short JUMP_007422 JUMP_007421: ; Pos = 68431 push esi push ebx mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009279] add esp,byte +0x14 push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x10] push eax mov eax,[ebp+0x1c] push eax call near [DATA_009279] add esp,byte +0x14 push esi mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009279] add esp,byte +0x14 JUMP_007422: ; Pos = 68476 call FUNC_001820 mov [ebp-0x8],eax mov eax,[ebp+0x18] mov eax,[eax+0x8] mov edx,[ebp-0x8] mov [edx],eax call FUNC_001820 mov [ebp-0xc],eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] mov edx,[ebp-0xc] mov [edx],eax call FUNC_001820 mov [ebp-0x10],eax mov eax,[ebp+0x14] mov eax,[eax+0x8] mov edx,[ebp-0x10] mov [edx],eax inc esi sar dword [ebp+0x24],1 cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007439 mov eax,[ebp+0x28] mov eax,[eax+0x8] push eax mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007423 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007424 JUMP_007423: ; Pos = 684d8 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007424: ; Pos = 684de push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007425 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007426 JUMP_007425: ; Pos = 684f2 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007426: ; Pos = 684f8 push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001868 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0xc] push eax mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007427 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007428 JUMP_007427: ; Pos = 6852e mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007428: ; Pos = 68534 push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007429 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007430 JUMP_007429: ; Pos = 6854b mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007430: ; Pos = 68551 push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001868 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x10] push eax mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0x10] jnz JUMP_007431 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007432 JUMP_007431: ; Pos = 6858a mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007432: ; Pos = 68590 push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] mov eax,[eax] cmp eax,[ebp+0x10] jnz JUMP_007433 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007434 JUMP_007433: ; Pos = 685a7 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007434: ; Pos = 685ad push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x10] push eax call FUNC_001868 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x14] push eax mov eax,[ebp+0x24] push eax push esi mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001868 add esp,byte +0x24 dec esi xor eax,eax mov [ebp-0x24],eax mov eax,[ebp+0x10] add eax,byte +0x34 mov [ebp-0x5c],eax lea eax,[ebp-0x40] mov [ebp-0x60],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp-0x64],eax lea eax,[ebp-0x38] mov [ebp-0x68],eax lea eax,[ebx+0x34] mov [ebp-0x6c],eax lea eax,[ebp-0x30] mov [ebp-0x70],eax mov dword [ebp-0x74],DATA_009260 mov eax,[ebp+0x28] mov [ebp-0x78],eax JUMP_007435: ; Pos = 6863a mov eax,[ebp-0x78] cmp dword [eax],byte +0x0 jng JUMP_007438 mov eax,[ebp-0x78] mov eax,[eax] mov [ebp-0x58],eax mov eax,[ebp-0x58] mov eax,[eax] lea eax,[eax+eax*2] mov edi,[eax*4+DATA_007842] add edi,esi dec edi mov eax,[ebp-0x74] lea eax,[eax+edi*8] cmp esi,edi jg JUMP_007437 JUMP_007436: ; Pos = 68666 xor edx,edx mov [eax],edx xor edx,edx mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp esi,edi jng JUMP_007436 JUMP_007437: ; Pos = 68677 mov eax,[ebp-0x70] mov eax,[eax] mov edx,[ebp-0x6c] mov [edx],eax mov eax,[ebp-0x68] mov eax,[eax] mov edx,[ebp-0x64] mov [edx],eax mov eax,[ebp-0x60] mov eax,[eax] mov edx,[ebp-0x5c] mov [edx],eax JUMP_007438: ; Pos = 68695 inc dword [ebp-0x24] add dword [ebp-0x5c],byte +0x4 add dword [ebp-0x60],byte +0x4 add dword [ebp-0x64],byte +0x4 add dword [ebp-0x68],byte +0x4 add dword [ebp-0x6c],byte +0x4 add dword [ebp-0x70],byte +0x4 add dword [ebp-0x74],0x100 add dword [ebp-0x78],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007435 jmp JUMP_007452 JUMP_007439: ; Pos = 686ca push byte +0x0 mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007440 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007441 JUMP_007440: ; Pos = 686e0 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007441: ; Pos = 686e6 push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007442 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007443 JUMP_007442: ; Pos = 686fa mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007443: ; Pos = 68700 push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001868 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007444 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007445 JUMP_007444: ; Pos = 68731 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007445: ; Pos = 68737 push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007446 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007447 JUMP_007446: ; Pos = 6874e mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007447: ; Pos = 68754 push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001868 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0x10] jnz JUMP_007448 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007449 JUMP_007448: ; Pos = 68788 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007449: ; Pos = 6878e push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] mov eax,[eax] cmp eax,[ebp+0x10] jnz JUMP_007450 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007451 JUMP_007450: ; Pos = 687a5 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007451: ; Pos = 687ab push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x10] push eax call FUNC_001868 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax push esi mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001868 add esp,byte +0x24 JUMP_007452: ; Pos = 687f6 mov eax,[ebp-0x8] push eax call FUNC_001821 pop ecx mov eax,[ebp-0xc] push eax call FUNC_001821 pop ecx mov eax,[ebp-0x10] push eax call FUNC_001821 pop ecx JUMP_007453: ; Pos = 68814 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_001869: ; Pos = 6881c push ebp mov ebp,esp add esp,0xffffff6c push ebx push esi push edi mov esi,[ebp+0x20] mov ebx,[ebp+0x8] cmp esi,byte +0xa jnl JUMP_007454 mov edi,[ebp+0x24] jmp JUMP_007459 JUMP_007454: ; Pos = 6883b mov eax,[ebp+0xc] mov eax,[eax+0x40] cmp eax,[ebx+0x40] jng JUMP_007455 mov eax,[ebx+0x40] mov [ebp-0x24],eax mov eax,[ebp+0xc] mov edi,[eax+0x40] jmp short JUMP_007456 JUMP_007455: ; Pos = 68854 mov eax,[ebp+0xc] mov eax,[eax+0x40] mov [ebp-0x24],eax mov edi,[ebx+0x40] JUMP_007456: ; Pos = 68860 mov eax,[ebp+0x10] mov eax,[eax+0x40] cmp eax,[ebp-0x24] jnl JUMP_007457 mov eax,[ebp+0x10] mov eax,[eax+0x40] mov [ebp-0x24],eax jmp short JUMP_007458 JUMP_007457: ; Pos = 68876 mov eax,[ebp+0x10] cmp edi,[eax+0x40] jnl JUMP_007458 mov eax,[ebp+0x10] mov edi,[eax+0x40] JUMP_007458: ; Pos = 68884 sub edi,[ebp-0x24] sar edi,0x3 push edi mov eax,[ebx+0x28] push eax call _abs pop ecx mov edi,eax mov eax,[ebx+0x2c] push eax call _abs pop ecx add edi,eax mov eax,[ebx+0x30] push eax call _abs pop ecx add edi,eax push edi call FUNC_001521 add esp,byte +0x8 add eax,[ebp+0x24] mov edi,eax JUMP_007459: ; Pos = 688bd mov eax,[ebx+0xc] add eax,edi mov [ebp-0x1c],eax cmp dword [ebp-0x1c],byte +0x40 jl near JUMP_007508 mov eax,[ebx+0x4] push eax call _abs pop ecx sub eax,edi cmp eax,[ebp-0x1c] jg near JUMP_007508 mov eax,[ebx+0x8] push eax call _abs pop ecx sub eax,edi cmp eax,[ebp-0x1c] jg near JUMP_007508 cmp dword [ebx+0xc],byte +0x40 jl near JUMP_007466 mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl near JUMP_007466 mov eax,[ebp+0x10] cmp dword [eax+0xc],byte +0x40 jl near JUMP_007466 mov eax,[ebp+0x10] movsx eax,word [eax] movsx edx,word [ebx] sub eax,edx mov edx,[ebp+0xc] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx imul edx mov edx,[ebp+0x10] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx mov ecx,[ebp+0xc] movsx ecx,word [ecx] movsx edi,word [ebx] sub ecx,edi imul edx,ecx sub eax,edx mov [ebp-0x44],eax cmp dword [ebx+0x3c],byte +0x0 setng al and eax,byte +0x1 mov edx,[ebp+0xc] cmp dword [edx+0x3c],byte +0x0 setng dl and edx,byte +0x1 add eax,edx mov edx,[ebp+0x10] cmp dword [edx+0x3c],byte +0x0 setng dl and edx,byte +0x1 add eax,edx test eax,eax jz JUMP_007460 cmp eax,byte +0x3 jz JUMP_007460 lea eax,[esi-0x1] jmp short JUMP_007461 JUMP_007460: ; Pos = 6898d mov eax,esi JUMP_007461: ; Pos = 6898f cmp esi,byte +0xd jg JUMP_007463 cmp eax,[ebx+0x44] jng JUMP_007462 mov edx,[ebp+0xc] cmp eax,[edx+0x44] jng JUMP_007462 mov edx,[ebp+0x10] cmp eax,[edx+0x44] jg JUMP_007463 JUMP_007462: ; Pos = 689a9 cmp dword [ebp-0x44],0x96 jnl near JUMP_007465 cmp dword [ebp-0x44],byte +0x0 jl near JUMP_007465 cmp eax,byte +0x8 jng near JUMP_007465 JUMP_007463: ; Pos = 689c9 mov eax,[ebp+0xc] mov ax,[eax+0x24] or ax,[ebx+0x24] mov edx,[ebp+0x10] or ax,[edx+0x24] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007508 mov eax,[ebp+0xc] mov ax,[eax+0x26] or ax,[ebx+0x26] mov edx,[ebp+0x10] or ax,[edx+0x26] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007508 cmp dword [ebx+0x3c],byte +0x0 setng al and eax,byte +0x1 mov edx,[ebp+0xc] cmp dword [edx+0x3c],byte +0x0 setng dl and edx,byte +0x1 add eax,edx mov edx,[ebp+0x10] cmp dword [edx+0x3c],byte +0x0 setng dl and edx,byte +0x1 add eax,edx mov [ebp-0x48],eax cmp dword [ebp-0x48],byte +0x1 jz JUMP_007464 cmp dword [ebp-0x48],byte +0x2 jz JUMP_007464 cmp dword [ebp-0x44],byte +0x0 jng near JUMP_007508 JUMP_007464: ; Pos = 68a50 mov eax,[ebx+0x4] mov [ebp+0xffffff78],eax mov eax,[ebx+0x8] mov [ebp+0xffffff7c],eax mov eax,[ebx+0xc] mov [ebp-0x80],eax mov eax,[DATA_009264] add [ebp-0x80],eax lea eax,[ebp+0xffffff78] push eax mov eax,[DATA_009261] push eax call FUNC_001777 add esp,byte +0x8 mov [ebp-0x4c],eax mov [DATA_009286],esi mov eax,[ebp+0x10] add eax,byte +0x4 push eax mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff78] push eax call FUNC_001827 add esp,byte +0x10 mov eax,[ebp-0x4c] push eax lea eax,[ebp+0xffffff78] push eax mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push ebx call near [DATA_009270] add esp,byte +0x14 jmp JUMP_007508 JUMP_007465: ; Pos = 68ad1 cmp esi,byte +0x2 jnl near JUMP_007470 mov eax,[ebp+0x10] add eax,byte +0x4 push eax mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff78] push eax call FUNC_001827 add esp,byte +0x10 lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff6c] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff6c] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,esi mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff78] imul edx,[ebp+0xffffff6c] mov ecx,[ebp+0xffffff7c] imul ecx,[ebp+0xffffff70] add edx,ecx mov ecx,[ebp-0x80] imul ecx,[ebp+0xffffff74] add edx,ecx cmp eax,edx jng near JUMP_007470 mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebp+0xffffff6c] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff6c] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,esi mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff78] imul edx,[ebp+0xffffff6c] mov ecx,[ebp+0xffffff7c] imul ecx,[ebp+0xffffff70] add edx,ecx mov ecx,[ebp-0x80] imul ecx,[ebp+0xffffff74] add edx,ecx cmp eax,edx jng near JUMP_007470 mov eax,[ebp+0x10] add eax,byte +0x4 push eax lea eax,[ebp+0xffffff6c] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff6c] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,esi mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff78] imul edx,[ebp+0xffffff6c] mov ecx,[ebp+0xffffff7c] imul ecx,[ebp+0xffffff70] add edx,ecx mov ecx,[ebp-0x80] imul ecx,[ebp+0xffffff74] add edx,ecx cmp eax,edx jg near JUMP_007508 jmp JUMP_007470 JUMP_007466: ; Pos = 68c26 cmp dword [ebp+0x24],0x1f4 jl near JUMP_007508 mov eax,[ebx+0xc] push eax call _abs pop ecx mov edi,eax mov eax,[ebp+0xc] mov eax,[eax+0xc] push eax call _abs pop ecx mov [ebp-0x50],eax mov eax,[ebp+0x10] mov eax,[eax+0xc] push eax call _abs pop ecx cmp edi,[ebx+0x4] jnl JUMP_007467 mov edx,[ebp+0xc] mov edx,[edx+0x4] cmp edx,[ebp-0x50] jng JUMP_007467 mov edx,[ebp+0x10] cmp eax,[edx+0x4] jl near JUMP_007508 JUMP_007467: ; Pos = 68c78 mov edx,edi neg edx cmp edx,[ebx+0x4] jng JUMP_007468 mov edx,[ebp+0xc] mov edx,[edx+0x4] mov ecx,[ebp-0x50] neg ecx cmp edx,ecx jnl JUMP_007468 mov edx,eax neg edx mov ecx,[ebp+0x10] cmp edx,[ecx+0x4] jg near JUMP_007508 JUMP_007468: ; Pos = 68ca0 cmp edi,[ebx+0x8] jnl JUMP_007469 mov edx,[ebp+0xc] mov edx,[edx+0x8] cmp edx,[ebp-0x50] jng JUMP_007469 mov edx,[ebp+0x10] cmp eax,[edx+0x8] jl near JUMP_007508 JUMP_007469: ; Pos = 68cbc neg edi cmp edi,[ebx+0x8] jng JUMP_007470 mov edx,[ebp+0xc] mov edx,[edx+0x8] mov ecx,[ebp-0x50] neg ecx cmp edx,ecx jnl JUMP_007470 neg eax mov edx,[ebp+0x10] cmp eax,[edx+0x8] jg near JUMP_007508 JUMP_007470: ; Pos = 68ce0 cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007475 xor eax,eax mov [ebp-0x24],eax lea eax,[ebp-0x40] mov [ebp-0x7c],eax mov eax,[ebp+0x10] add eax,byte +0x34 mov [ebp-0x78],eax lea eax,[ebp-0x38] mov [ebp-0x74],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp-0x70],eax lea eax,[ebp-0x30] mov [ebp-0x6c],eax lea eax,[ebx+0x34] mov [ebp-0x68],eax mov dword [ebp-0x64],DATA_009260 mov eax,[ebp+0x28] mov [ebp-0x60],eax JUMP_007471: ; Pos = 68d26 mov eax,[ebp-0x60] cmp dword [eax],byte +0x0 jng near JUMP_007474 mov eax,[ebp-0x60] mov eax,[eax] mov [ebp-0x54],eax mov eax,[ebp-0x54] mov eax,[eax] shl eax,0x2 lea eax,[eax+eax*2] add eax,DATA_007841 mov [ebp-0x58],eax mov eax,[ebp-0x58] mov edi,[eax+0x8] add edi,esi dec edi mov eax,[ebp-0x64] lea eax,[eax+edi*8] cmp esi,edi jg JUMP_007473 JUMP_007472: ; Pos = 68d61 mov edx,[ebp-0x58] mov edx,[edx] mov [eax],edx mov edx,[ebp-0x58] mov edx,[edx+0x4] mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp esi,edi jng JUMP_007472 JUMP_007473: ; Pos = 68d79 mov eax,[ebp-0x68] mov eax,[eax] mov edx,[ebp-0x6c] mov [edx],eax mov eax,[ebp-0x70] mov eax,[eax] mov edx,[ebp-0x74] mov [edx],eax mov eax,[ebp-0x78] mov eax,[eax] mov edx,[ebp-0x7c] mov [edx],eax mov eax,[ebp-0x54] mov eax,[eax+0x4] mov edx,[ebp-0x68] mov [edx],eax mov eax,[ebp-0x54] mov eax,[eax+0x8] mov edx,[ebp-0x70] mov [edx],eax mov eax,[ebp-0x54] mov eax,[eax+0xc] mov edx,[ebp-0x78] mov [edx],eax JUMP_007474: ; Pos = 68db8 inc dword [ebp-0x24] add dword [ebp-0x7c],byte +0x4 add dword [ebp-0x78],byte +0x4 add dword [ebp-0x74],byte +0x4 add dword [ebp-0x70],byte +0x4 add dword [ebp-0x6c],byte +0x4 add dword [ebp-0x68],byte +0x4 add dword [ebp-0x64],0x100 add dword [ebp-0x60],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007471 JUMP_007475: ; Pos = 68de8 cmp esi,byte +0x5 jnl JUMP_007476 push esi push ebx mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009278] add esp,byte +0x14 push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x10] push eax mov eax,[ebp+0x1c] push eax call near [DATA_009278] add esp,byte +0x14 push esi mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009278] add esp,byte +0x14 jmp short JUMP_007477 JUMP_007476: ; Pos = 68e34 push esi push ebx mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009279] add esp,byte +0x14 push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x10] push eax mov eax,[ebp+0x1c] push eax call near [DATA_009279] add esp,byte +0x14 push esi mov eax,[ebp+0x10] push eax mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009279] add esp,byte +0x14 JUMP_007477: ; Pos = 68e79 call FUNC_001820 mov [ebp-0x8],eax mov eax,[ebp+0x18] mov eax,[eax+0x8] mov edx,[ebp-0x8] mov [edx],eax call FUNC_001820 mov [ebp-0xc],eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] mov edx,[ebp-0xc] mov [edx],eax call FUNC_001820 mov [ebp-0x10],eax mov eax,[ebp+0x14] mov eax,[eax+0x8] mov edx,[ebp-0x10] mov [edx],eax inc esi sar dword [ebp+0x24],1 cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007494 mov eax,[ebp+0x28] mov eax,[eax+0x8] push eax mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007478 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007479 JUMP_007478: ; Pos = 68edb mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007479: ; Pos = 68ee1 push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007480 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007481 JUMP_007480: ; Pos = 68ef5 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007481: ; Pos = 68efb push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001869 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0xc] push eax mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007482 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007483 JUMP_007482: ; Pos = 68f31 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007483: ; Pos = 68f37 push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007484 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007485 JUMP_007484: ; Pos = 68f4e mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007485: ; Pos = 68f54 push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001869 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x10] push eax mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0x10] jnz JUMP_007486 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007487 JUMP_007486: ; Pos = 68f8d mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007487: ; Pos = 68f93 push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] mov eax,[eax] cmp eax,[ebp+0x10] jnz JUMP_007488 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007489 JUMP_007488: ; Pos = 68faa mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007489: ; Pos = 68fb0 push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x10] push eax call FUNC_001869 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x14] push eax mov eax,[ebp+0x24] push eax push esi mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001869 add esp,byte +0x24 dec esi xor eax,eax mov [ebp-0x24],eax mov eax,[ebp+0x10] add eax,byte +0x34 mov [ebp-0x60],eax lea eax,[ebp-0x40] mov [ebp-0x64],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp-0x68],eax lea eax,[ebp-0x38] mov [ebp-0x6c],eax lea eax,[ebx+0x34] mov [ebp-0x70],eax lea eax,[ebp-0x30] mov [ebp-0x74],eax mov dword [ebp-0x78],DATA_009260 mov eax,[ebp+0x28] mov [ebp-0x7c],eax JUMP_007490: ; Pos = 6903d mov eax,[ebp-0x7c] cmp dword [eax],byte +0x0 jng JUMP_007493 mov eax,[ebp-0x7c] mov eax,[eax] mov [ebp-0x5c],eax mov eax,[ebp-0x5c] mov eax,[eax] lea eax,[eax+eax*2] mov edi,[eax*4+DATA_007842] add edi,esi dec edi mov eax,[ebp-0x78] lea eax,[eax+edi*8] cmp esi,edi jg JUMP_007492 JUMP_007491: ; Pos = 69069 xor edx,edx mov [eax],edx xor edx,edx mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp esi,edi jng JUMP_007491 JUMP_007492: ; Pos = 6907a mov eax,[ebp-0x74] mov eax,[eax] mov edx,[ebp-0x70] mov [edx],eax mov eax,[ebp-0x6c] mov eax,[eax] mov edx,[ebp-0x68] mov [edx],eax mov eax,[ebp-0x64] mov eax,[eax] mov edx,[ebp-0x60] mov [edx],eax JUMP_007493: ; Pos = 69098 inc dword [ebp-0x24] add dword [ebp-0x60],byte +0x4 add dword [ebp-0x64],byte +0x4 add dword [ebp-0x68],byte +0x4 add dword [ebp-0x6c],byte +0x4 add dword [ebp-0x70],byte +0x4 add dword [ebp-0x74],byte +0x4 add dword [ebp-0x78],0x100 add dword [ebp-0x7c],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007490 jmp JUMP_007507 JUMP_007494: ; Pos = 690cd push byte +0x0 mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007495 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007496 JUMP_007495: ; Pos = 690e3 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007496: ; Pos = 690e9 push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007497 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007498 JUMP_007497: ; Pos = 690fd mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007498: ; Pos = 69103 push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001869 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007499 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007500 JUMP_007499: ; Pos = 69134 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007500: ; Pos = 6913a push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007501 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007502 JUMP_007501: ; Pos = 69151 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007502: ; Pos = 69157 push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001869 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax push esi mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0x10] jnz JUMP_007503 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007504 JUMP_007503: ; Pos = 6918b mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007504: ; Pos = 69191 push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] mov eax,[eax] cmp eax,[ebp+0x10] jnz JUMP_007505 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007506 JUMP_007505: ; Pos = 691a8 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007506: ; Pos = 691ae push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x10] push eax call FUNC_001869 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax push esi mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001869 add esp,byte +0x24 JUMP_007507: ; Pos = 691f9 mov eax,[ebp-0x8] push eax call FUNC_001821 pop ecx mov eax,[ebp-0xc] push eax call FUNC_001821 pop ecx mov eax,[ebp-0x10] push eax call FUNC_001821 pop ecx JUMP_007508: ; Pos = 69217 pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop FUNC_001870: ; Pos = 69220 push ebp mov ebp,esp add esp,0xfffffef0 push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] cmp dword [ebp+0x20],byte +0xa jnl JUMP_007509 mov eax,[ebp+0x24] mov [ebp-0x44],eax jmp near JUMP_007514 JUMP_007509: ; Pos = 69240 mov eax,[ebx+0x40] mov edx,[ebp+0xc] cmp eax,[edx+0x40] jnl JUMP_007510 mov eax,[ebx+0x40] mov [ebp-0x24],eax mov eax,[ebp+0xc] mov edi,[eax+0x40] jmp short JUMP_007511 JUMP_007510: ; Pos = 69259 mov eax,[ebp+0xc] mov eax,[eax+0x40] mov [ebp-0x24],eax mov edi,[ebx+0x40] JUMP_007511: ; Pos = 69265 mov eax,[esi+0x40] cmp eax,[ebp-0x24] jnl JUMP_007512 mov eax,[esi+0x40] mov [ebp-0x24],eax jmp short JUMP_007513 JUMP_007512: ; Pos = 69275 cmp edi,[esi+0x40] jnl JUMP_007513 mov edi,[esi+0x40] JUMP_007513: ; Pos = 6927d sub edi,[ebp-0x24] sar edi,0x3 push edi mov eax,[ebx+0x28] push eax call _abs pop ecx mov edi,eax mov eax,[ebx+0x2c] push eax call _abs pop ecx add edi,eax mov eax,[ebx+0x30] push eax call _abs pop ecx add edi,eax push edi call FUNC_001521 add esp,byte +0x8 add eax,[ebp+0x24] mov [ebp-0x44],eax JUMP_007514: ; Pos = 692b7 mov eax,[ebx+0xc] add eax,[ebp-0x44] mov [ebp-0x1c],eax cmp dword [ebp-0x1c],byte +0x40 jnl near JUMP_007548 mov ax,[ebx+0x24] mov edx,[ebp+0xc] or ax,[edx+0x24] or ax,[esi+0x24] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007634 mov ax,[ebx+0x26] mov edx,[ebp+0xc] or ax,[edx+0x26] or ax,[esi+0x26] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007634 cmp dword [ebx+0x4],byte +0x0 jnl JUMP_007515 mov eax,[ebx+0x4] neg eax jmp short JUMP_007516 JUMP_007515: ; Pos = 69317 mov eax,[ebx+0x4] JUMP_007516: ; Pos = 6931a cmp dword [ebx+0x8],byte +0x0 jnl JUMP_007517 mov edx,[ebx+0x8] neg edx jmp short JUMP_007518 JUMP_007517: ; Pos = 69327 mov edx,[ebx+0x8] JUMP_007518: ; Pos = 6932a or eax,edx cmp dword [ebx+0xc],byte +0x0 jnl JUMP_007519 mov edx,[ebx+0xc] neg edx jmp short JUMP_007520 JUMP_007519: ; Pos = 69339 mov edx,[ebx+0xc] JUMP_007520: ; Pos = 6933c or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x4],byte +0x0 jnl JUMP_007521 mov edx,[ebp+0xc] mov edx,[edx+0x4] neg edx jmp short JUMP_007522 JUMP_007521: ; Pos = 69351 mov edx,[ebp+0xc] mov edx,[edx+0x4] JUMP_007522: ; Pos = 69357 or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x8],byte +0x0 jnl JUMP_007523 mov edx,[ebp+0xc] mov edx,[edx+0x8] neg edx jmp short JUMP_007524 JUMP_007523: ; Pos = 6936c mov edx,[ebp+0xc] mov edx,[edx+0x8] JUMP_007524: ; Pos = 69372 or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0xc],byte +0x0 jnl JUMP_007525 mov edx,[ebp+0xc] mov edx,[edx+0xc] neg edx jmp short JUMP_007526 JUMP_007525: ; Pos = 69387 mov edx,[ebp+0xc] mov edx,[edx+0xc] JUMP_007526: ; Pos = 6938d or eax,edx cmp dword [esi+0x4],byte +0x0 jnl JUMP_007527 mov edx,[esi+0x4] neg edx jmp short JUMP_007528 JUMP_007527: ; Pos = 6939c mov edx,[esi+0x4] JUMP_007528: ; Pos = 6939f or eax,edx cmp dword [esi+0x8],byte +0x0 jnl JUMP_007529 mov edx,[esi+0x8] neg edx jmp short JUMP_007530 JUMP_007529: ; Pos = 693ae mov edx,[esi+0x8] JUMP_007530: ; Pos = 693b1 or eax,edx cmp dword [esi+0xc],byte +0x0 jnl JUMP_007531 mov edx,[esi+0xc] neg edx jmp short JUMP_007532 JUMP_007531: ; Pos = 693c0 mov edx,[esi+0xc] JUMP_007532: ; Pos = 693c3 or eax,edx push eax call FUNC_001656_FindMSB pop ecx mov edi,eax add edi,byte -0xd test edi,edi jng near JUMP_007533 mov ecx,edi mov eax,[ebx+0x4] sar eax,cl mov [ebp+0xffffff2c],eax mov ecx,edi mov eax,[ebx+0x8] sar eax,cl mov [ebp+0xffffff30],eax mov ecx,edi mov eax,[ebx+0xc] sar eax,cl mov [ebp+0xffffff34],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x4] sar eax,cl mov [ebp+0xffffff20],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x8] sar eax,cl mov [ebp+0xffffff24],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0xc] sar eax,cl mov [ebp+0xffffff28],eax mov ecx,edi mov eax,[esi+0x4] sar eax,cl mov [ebp+0xffffff14],eax mov ecx,edi mov eax,[esi+0x8] sar eax,cl mov [ebp+0xffffff18],eax mov ecx,edi mov eax,[esi+0xc] sar eax,cl mov [ebp+0xffffff1c],eax jmp short JUMP_007534 JUMP_007533: ; Pos = 69459 mov eax,[ebx+0x4] mov [ebp+0xffffff2c],eax mov eax,[ebx+0x8] mov [ebp+0xffffff30],eax mov eax,[ebx+0xc] mov [ebp+0xffffff34],eax mov eax,[ebp+0xc] mov edx,[eax+0x4] mov [ebp+0xffffff20],edx mov edx,[eax+0x8] mov [ebp+0xffffff24],edx mov edx,[eax+0xc] mov [ebp+0xffffff28],edx mov eax,[esi+0x4] mov [ebp+0xffffff14],eax mov eax,[esi+0x8] mov [ebp+0xffffff18],eax mov eax,[esi+0xc] mov [ebp+0xffffff1c],eax xor edi,edi JUMP_007534: ; Pos = 694af mov eax,[ebp+0xffffff2c] sub eax,[ebp+0xffffff14] imul dword [ebp+0xffffff24] mov edx,[ebp+0xffffff20] sub edx,[ebp+0xffffff2c] imul edx,[ebp+0xffffff18] add eax,edx mov edx,[ebp+0xffffff14] sub edx,[ebp+0xffffff20] imul edx,[ebp+0xffffff30] add eax,edx mov [ebp-0x48],eax mov eax,[ebp+0xffffff2c] sub eax,[ebp+0xffffff20] imul dword [ebp+0xffffff18] mov edx,[ebp+0xffffff14] sub edx,[ebp+0xffffff2c] imul edx,[ebp+0xffffff24] add eax,edx mov edx,[ebp+0xffffff20] sub edx,[ebp+0xffffff14] imul edx,[ebp+0xffffff30] add eax,edx mov [ebp-0x4c],eax cmp dword [ebp-0x48],byte +0x0 jz near JUMP_007634 cmp dword [ebp-0x4c],byte +0x0 jz near JUMP_007634 mov eax,[ebp+0xffffff2c] imul dword [ebp+0xffffff24] mov edx,[ebp+0xffffff20] imul edx,[ebp+0xffffff30] sub eax,edx mov [ebp-0x50],eax mov eax,[ebp+0xffffff2c] imul dword [ebp+0xffffff18] mov edx,[ebp+0xffffff14] imul edx,[ebp+0xffffff30] sub eax,edx mov [ebp-0x54],eax cmp dword [ebp-0x54],byte +0x0 jnl JUMP_007535 mov eax,[ebp-0x54] neg eax jmp short JUMP_007536 JUMP_007535: ; Pos = 6958a mov eax,[ebp-0x54] JUMP_007536: ; Pos = 6958d push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007537 xor esi,esi JUMP_007537: ; Pos = 695a1 cmp esi,byte +0xf jng JUMP_007538 mov esi,0xf JUMP_007538: ; Pos = 695ab cmp esi,byte +0xf jnl JUMP_007539 mov ecx,0xf sub ecx,esi sar dword [ebp-0x4c],cl cmp dword [ebp-0x4c],byte +0x0 jz near JUMP_007634 cmp dword [ebp-0x4c],byte -0x1 jz near JUMP_007634 JUMP_007539: ; Pos = 695ce mov ecx,esi mov eax,[ebp-0x54] shl eax,cl cdq idiv dword [ebp-0x4c] mov [ebp-0x58],eax cmp dword [ebp-0x50],byte +0x0 jnl JUMP_007540 mov eax,[ebp-0x50] neg eax jmp short JUMP_007541 JUMP_007540: ; Pos = 695e9 mov eax,[ebp-0x50] JUMP_007541: ; Pos = 695ec push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007542 xor esi,esi JUMP_007542: ; Pos = 69600 cmp esi,byte +0xf jng JUMP_007543 mov esi,0xf JUMP_007543: ; Pos = 6960a cmp esi,byte +0xf jnl JUMP_007544 mov ecx,0xf sub ecx,esi sar dword [ebp-0x48],cl cmp dword [ebp-0x48],byte +0x0 jz near JUMP_007634 cmp dword [ebp-0x48],byte -0x1 jz near JUMP_007634 JUMP_007544: ; Pos = 6962d mov ecx,esi mov eax,[ebp-0x50] shl eax,cl cdq idiv dword [ebp-0x48] mov [ebp-0x5c],eax cmp dword [ebp-0x58],byte +0x0 jl near JUMP_007634 cmp dword [ebp-0x5c],byte +0x0 jl near JUMP_007634 mov eax,[ebp-0x58] add eax,[ebp-0x5c] cmp eax,0x8000 jg near JUMP_007634 cmp edi,byte +0xf jnl JUMP_007545 mov ecx,0xf sub ecx,edi mov eax,[ebp+0xffffff28] sub eax,[ebp+0xffffff34] imul dword [ebp-0x58] mov edx,[ebp+0xffffff1c] sub edx,[ebp+0xffffff34] imul edx,[ebp-0x5c] add eax,edx sar eax,cl add eax,[ebx+0xc] mov [ebp-0x60],eax jmp short JUMP_007546 JUMP_007545: ; Pos = 69697 lea ecx,[edi-0xf] mov eax,[ebp+0xffffff28] sub eax,[ebp+0xffffff34] imul dword [ebp-0x58] mov edx,[ebp+0xffffff1c] sub edx,[ebp+0xffffff34] imul edx,[ebp-0x5c] add eax,edx shl eax,cl add eax,[ebx+0xc] mov [ebp-0x60],eax JUMP_007546: ; Pos = 696c3 mov eax,[ebp-0x60] cmp eax,[DATA_009283] jl JUMP_007547 cmp dword [DATA_009284],byte +0x0 jz near JUMP_007634 JUMP_007547: ; Pos = 696db mov eax,[ebp-0x60] mov [DATA_009283],eax xor eax,eax mov [DATA_009284],eax jmp JUMP_007634 JUMP_007548: ; Pos = 696ef mov eax,[ebx+0xc] sub eax,[ebp-0x44] cmp eax,[DATA_009285] jg near JUMP_007634 mov eax,[ebx+0x4] push eax call _abs pop ecx sub eax,[ebp-0x44] test eax,eax jg near JUMP_007634 mov eax,[ebx+0x8] push eax call _abs pop ecx sub eax,[ebp-0x44] test eax,eax jg near JUMP_007634 cmp dword [ebx+0xc],byte +0x40 jl near JUMP_007592 mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl near JUMP_007592 cmp dword [esi+0xc],byte +0x40 jl near JUMP_007592 movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx mov edx,[ebp+0xc] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx imul edx movsx edx,word [esi+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx mov ecx,[ebp+0xc] movsx ecx,word [ecx] movsx edi,word [ebx] sub ecx,edi imul edx,ecx sub eax,edx mov [ebp-0x64],eax cmp dword [ebp+0x20],byte +0x9 jg JUMP_007550 mov eax,[ebp+0x20] cmp eax,[ebx+0x44] jng JUMP_007549 mov eax,[ebp+0x20] mov edx,[ebp+0xc] cmp eax,[edx+0x44] jng JUMP_007549 mov eax,[ebp+0x20] cmp eax,[esi+0x44] jg JUMP_007550 JUMP_007549: ; Pos = 697a1 cmp dword [ebp-0x64],0x96 jnl near JUMP_007591 cmp dword [ebp-0x64],byte +0x0 jl near JUMP_007591 cmp dword [ebp+0x20],byte +0x8 jng near JUMP_007591 JUMP_007550: ; Pos = 697c2 mov ax,[ebx+0x24] mov edx,[ebp+0xc] or ax,[edx+0x24] or ax,[esi+0x24] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007634 mov ax,[ebx+0x26] mov edx,[ebp+0xc] or ax,[edx+0x26] or ax,[esi+0x26] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007634 cmp dword [ebx+0x4],byte +0x0 jnl JUMP_007551 mov eax,[ebx+0x4] neg eax jmp short JUMP_007552 JUMP_007551: ; Pos = 6980f mov eax,[ebx+0x4] JUMP_007552: ; Pos = 69812 cmp dword [ebx+0x8],byte +0x0 jnl JUMP_007553 mov edx,[ebx+0x8] neg edx jmp short JUMP_007554 JUMP_007553: ; Pos = 6981f mov edx,[ebx+0x8] JUMP_007554: ; Pos = 69822 or eax,edx cmp dword [ebx+0xc],byte +0x0 jnl JUMP_007555 mov edx,[ebx+0xc] neg edx jmp short JUMP_007556 JUMP_007555: ; Pos = 69831 mov edx,[ebx+0xc] JUMP_007556: ; Pos = 69834 or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x4],byte +0x0 jnl JUMP_007557 mov edx,[ebp+0xc] mov edx,[edx+0x4] neg edx jmp short JUMP_007558 JUMP_007557: ; Pos = 69849 mov edx,[ebp+0xc] mov edx,[edx+0x4] JUMP_007558: ; Pos = 6984f or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x8],byte +0x0 jnl JUMP_007559 mov edx,[ebp+0xc] mov edx,[edx+0x8] neg edx jmp short JUMP_007560 JUMP_007559: ; Pos = 69864 mov edx,[ebp+0xc] mov edx,[edx+0x8] JUMP_007560: ; Pos = 6986a or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0xc],byte +0x0 jnl JUMP_007561 mov edx,[ebp+0xc] mov edx,[edx+0xc] neg edx jmp short JUMP_007562 JUMP_007561: ; Pos = 6987f mov edx,[ebp+0xc] mov edx,[edx+0xc] JUMP_007562: ; Pos = 69885 or eax,edx cmp dword [esi+0x4],byte +0x0 jnl JUMP_007563 mov edx,[esi+0x4] neg edx jmp short JUMP_007564 JUMP_007563: ; Pos = 69894 mov edx,[esi+0x4] JUMP_007564: ; Pos = 69897 or eax,edx cmp dword [esi+0x8],byte +0x0 jnl JUMP_007565 mov edx,[esi+0x8] neg edx jmp short JUMP_007566 JUMP_007565: ; Pos = 698a6 mov edx,[esi+0x8] JUMP_007566: ; Pos = 698a9 or eax,edx cmp dword [esi+0xc],byte +0x0 jnl JUMP_007567 mov edx,[esi+0xc] neg edx jmp short JUMP_007568 JUMP_007567: ; Pos = 698b8 mov edx,[esi+0xc] JUMP_007568: ; Pos = 698bb or eax,edx push eax call FUNC_001656_FindMSB pop ecx mov edi,eax add edi,byte -0xd test edi,edi jng near JUMP_007569 mov ecx,edi mov eax,[ebx+0x4] sar eax,cl mov [ebp+0xffffff08],eax mov ecx,edi mov eax,[ebx+0x8] sar eax,cl mov [ebp+0xffffff0c],eax mov ecx,edi mov eax,[ebx+0xc] sar eax,cl mov [ebp+0xffffff10],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x4] sar eax,cl mov [ebp+0xfffffefc],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x8] sar eax,cl mov [ebp+0xffffff00],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0xc] sar eax,cl mov [ebp+0xffffff04],eax mov ecx,edi mov eax,[esi+0x4] sar eax,cl mov [ebp+0xfffffef0],eax mov ecx,edi mov eax,[esi+0x8] sar eax,cl mov [ebp+0xfffffef4],eax mov ecx,edi mov eax,[esi+0xc] sar eax,cl mov [ebp+0xfffffef8],eax jmp short JUMP_007570 JUMP_007569: ; Pos = 69951 mov eax,[ebx+0x4] mov [ebp+0xffffff08],eax mov eax,[ebx+0x8] mov [ebp+0xffffff0c],eax mov eax,[ebx+0xc] mov [ebp+0xffffff10],eax mov eax,[ebp+0xc] mov edx,[eax+0x4] mov [ebp+0xfffffefc],edx mov edx,[eax+0x8] mov [ebp+0xffffff00],edx mov edx,[eax+0xc] mov [ebp+0xffffff04],edx mov eax,[esi+0x4] mov [ebp+0xfffffef0],eax mov eax,[esi+0x8] mov [ebp+0xfffffef4],eax mov eax,[esi+0xc] mov [ebp+0xfffffef8],eax xor edi,edi JUMP_007570: ; Pos = 699a7 mov eax,[ebp+0xffffff08] sub eax,[ebp+0xfffffef0] imul dword [ebp+0xffffff00] mov edx,[ebp+0xfffffefc] sub edx,[ebp+0xffffff08] imul edx,[ebp+0xfffffef4] add eax,edx mov edx,[ebp+0xfffffef0] sub edx,[ebp+0xfffffefc] imul edx,[ebp+0xffffff0c] add eax,edx mov [ebp-0x68],eax mov eax,[ebp+0xffffff08] sub eax,[ebp+0xfffffefc] imul dword [ebp+0xfffffef4] mov edx,[ebp+0xfffffef0] sub edx,[ebp+0xffffff08] imul edx,[ebp+0xffffff00] add eax,edx mov edx,[ebp+0xfffffefc] sub edx,[ebp+0xfffffef0] imul edx,[ebp+0xffffff0c] add eax,edx mov [ebp-0x6c],eax cmp dword [ebp-0x68],byte +0x0 jz near JUMP_007634 cmp dword [ebp-0x6c],byte +0x0 jz near JUMP_007634 mov eax,[ebp+0xffffff08] imul dword [ebp+0xffffff00] mov edx,[ebp+0xfffffefc] imul edx,[ebp+0xffffff0c] sub eax,edx mov [ebp-0x70],eax mov eax,[ebp+0xffffff08] imul dword [ebp+0xfffffef4] mov edx,[ebp+0xfffffef0] imul edx,[ebp+0xffffff0c] sub eax,edx mov [ebp-0x74],eax cmp dword [ebp-0x74],byte +0x0 jnl JUMP_007571 mov eax,[ebp-0x74] neg eax jmp short JUMP_007572 JUMP_007571: ; Pos = 69a82 mov eax,[ebp-0x74] JUMP_007572: ; Pos = 69a85 push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007573 xor esi,esi JUMP_007573: ; Pos = 69a99 cmp esi,byte +0xf jng JUMP_007574 mov esi,0xf JUMP_007574: ; Pos = 69aa3 cmp esi,byte +0xf jnl JUMP_007575 mov ecx,0xf sub ecx,esi sar dword [ebp-0x6c],cl cmp dword [ebp-0x6c],byte +0x0 jz near JUMP_007634 cmp dword [ebp-0x6c],byte -0x1 jz near JUMP_007634 JUMP_007575: ; Pos = 69ac6 mov ecx,esi mov eax,[ebp-0x74] shl eax,cl cdq idiv dword [ebp-0x6c] mov [ebp-0x78],eax cmp dword [ebp-0x70],byte +0x0 jnl JUMP_007576 mov eax,[ebp-0x70] neg eax jmp short JUMP_007577 JUMP_007576: ; Pos = 69ae1 mov eax,[ebp-0x70] JUMP_007577: ; Pos = 69ae4 push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007578 xor esi,esi JUMP_007578: ; Pos = 69af8 cmp esi,byte +0xf jng JUMP_007579 mov esi,0xf JUMP_007579: ; Pos = 69b02 cmp esi,byte +0xf jnl JUMP_007580 mov ecx,0xf sub ecx,esi sar dword [ebp-0x68],cl cmp dword [ebp-0x68],byte +0x0 jz near JUMP_007634 cmp dword [ebp-0x68],byte -0x1 jz near JUMP_007634 JUMP_007580: ; Pos = 69b25 mov ecx,esi mov eax,[ebp-0x70] shl eax,cl cdq idiv dword [ebp-0x68] cmp dword [ebp-0x78],byte +0x0 jl near JUMP_007584 test eax,eax jl near JUMP_007584 mov edx,[ebp-0x78] add edx,eax cmp edx,0x8000 jg near JUMP_007584 cmp edi,byte +0xf jnl JUMP_007581 mov ecx,0xf sub ecx,edi mov edx,[ebp+0xffffff04] sub edx,[ebp+0xffffff10] imul edx,[ebp-0x78] mov esi,[ebp+0xfffffef8] sub esi,[ebp+0xffffff10] imul esi,eax add edx,esi sar edx,cl add edx,[ebx+0xc] mov eax,edx jmp short JUMP_007582 JUMP_007581: ; Pos = 69b89 lea ecx,[edi-0xf] mov edx,[ebp+0xffffff04] sub edx,[ebp+0xffffff10] imul edx,[ebp-0x78] mov esi,[ebp+0xfffffef8] sub esi,[ebp+0xffffff10] imul esi,eax add edx,esi shl edx,cl add edx,[ebx+0xc] mov eax,edx JUMP_007582: ; Pos = 69bb4 cmp eax,[DATA_009283] jl JUMP_007583 cmp dword [DATA_009284],byte +0x0 jz near JUMP_007634 JUMP_007583: ; Pos = 69bc9 mov [DATA_009283],eax xor eax,eax mov [DATA_009284],eax jmp JUMP_007634 JUMP_007584: ; Pos = 69bda cmp dword [ebp-0x78],byte +0x0 jnl JUMP_007586 mov edx,[ebp-0x78] neg edx cmp eax,[ebp-0x78] jnl JUMP_007585 mov edx,eax neg edx jmp short JUMP_007588 JUMP_007585: ; Pos = 69bf0 mov ecx,[ebp-0x78] add ecx,eax add ecx,0xffff8000 cmp edx,ecx jnl JUMP_007588 mov edx,[ebp-0x78] add edx,eax add edx,0xffff8000 jmp short JUMP_007588 JUMP_007586: ; Pos = 69c0c test eax,eax jnl JUMP_007587 mov edx,eax neg edx mov ecx,[ebp-0x78] add ecx,eax add ecx,0xffff8000 cmp edx,ecx jnl JUMP_007588 mov edx,[ebp-0x78] add edx,eax add edx,0xffff8000 jmp short JUMP_007588 JUMP_007587: ; Pos = 69c30 mov edx,[ebp-0x78] add edx,eax add edx,0xffff8000 JUMP_007588: ; Pos = 69c3b cmp edx,[DATA_009284] jnl near JUMP_007634 cmp edi,byte +0xf jnl JUMP_007589 mov esi,[ebp+0xffffff04] sub esi,[ebp+0xffffff10] imul esi,[ebp-0x78] mov ecx,[ebp+0xfffffef8] sub ecx,[ebp+0xffffff10] imul ecx,eax add esi,ecx mov ecx,0xf sub ecx,edi sar esi,cl add esi,[ebx+0xc] mov eax,esi jmp short JUMP_007590 JUMP_007589: ; Pos = 69c7d mov esi,[ebp+0xffffff04] sub esi,[ebp+0xffffff10] imul esi,[ebp-0x78] mov ecx,[ebp+0xfffffef8] sub ecx,[ebp+0xffffff10] imul ecx,eax add esi,ecx lea ecx,[edi-0xf] shl esi,cl add esi,[ebx+0xc] mov eax,esi JUMP_007590: ; Pos = 69ca8 test eax,eax jng near JUMP_007634 mov [DATA_009283],eax mov [DATA_009284],edx jmp JUMP_007634 JUMP_007591: ; Pos = 69cc0 cmp dword [ebp+0x20],byte +0x2 jnl near JUMP_007596 lea eax,[esi+0x4] push eax mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff44] push eax call FUNC_001827 add esp,byte +0x10 lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff38] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff38] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff44] imul edx,[ebp+0xffffff38] mov ecx,[ebp+0xffffff48] imul ecx,[ebp+0xffffff3c] add edx,ecx mov ecx,[ebp+0xffffff4c] imul ecx,[ebp+0xffffff40] add edx,ecx cmp eax,edx jng near JUMP_007596 mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebp+0xffffff38] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff38] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff44] imul edx,[ebp+0xffffff38] mov ecx,[ebp+0xffffff48] imul ecx,[ebp+0xffffff3c] add edx,ecx mov ecx,[ebp+0xffffff4c] imul ecx,[ebp+0xffffff40] add edx,ecx cmp eax,edx jng near JUMP_007596 lea eax,[esi+0x4] push eax lea eax,[ebp+0xffffff38] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff38] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff44] imul edx,[ebp+0xffffff38] mov ecx,[ebp+0xffffff48] imul ecx,[ebp+0xffffff3c] add edx,ecx mov ecx,[ebp+0xffffff4c] imul ecx,[ebp+0xffffff40] add edx,ecx cmp eax,edx jg near JUMP_007634 jmp JUMP_007596 JUMP_007592: ; Pos = 69e1c cmp dword [ebp+0x24],0x1f4 jl near JUMP_007634 mov eax,[ebx+0xc] push eax call _abs pop ecx mov [ebp-0x7c],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] push eax call _abs pop ecx mov [ebp-0x80],eax mov eax,[esi+0xc] push eax call _abs pop ecx mov [ebp+0xffffff7c],eax mov eax,[ebx+0x4] cmp eax,[ebp-0x7c] jng JUMP_007593 mov eax,[ebp+0xc] mov eax,[eax+0x4] cmp eax,[ebp-0x80] jng JUMP_007593 mov eax,[esi+0x4] cmp eax,[ebp+0xffffff7c] jg near JUMP_007634 JUMP_007593: ; Pos = 69e78 mov eax,[ebp-0x7c] neg eax cmp eax,[ebx+0x4] jng JUMP_007594 mov eax,[ebp-0x80] neg eax mov edx,[ebp+0xc] cmp eax,[edx+0x4] jng JUMP_007594 mov eax,[ebp+0xffffff7c] neg eax cmp eax,[esi+0x4] jg near JUMP_007634 JUMP_007594: ; Pos = 69ea0 mov eax,[ebx+0x8] cmp eax,[ebp-0x7c] jng JUMP_007595 mov eax,[ebp+0xc] mov eax,[eax+0x8] cmp eax,[ebp-0x80] jng JUMP_007595 mov eax,[esi+0x8] cmp eax,[ebp+0xffffff7c] jg near JUMP_007634 JUMP_007595: ; Pos = 69ec2 mov eax,[ebp-0x7c] neg eax cmp eax,[ebx+0x8] jng JUMP_007596 mov eax,[ebp-0x80] neg eax mov edx,[ebp+0xc] cmp eax,[edx+0x8] jng JUMP_007596 mov eax,[ebp+0xffffff7c] neg eax cmp eax,[esi+0x8] jg near JUMP_007634 JUMP_007596: ; Pos = 69eea cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007601 xor eax,eax mov [ebp-0x24],eax lea eax,[ebp-0x40] mov [ebp+0xffffff50],eax lea eax,[esi+0x34] mov [ebp+0xffffff54],eax lea eax,[ebp-0x38] mov [ebp+0xffffff58],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp+0xffffff5c],eax lea eax,[ebp-0x30] mov [ebp+0xffffff60],eax lea eax,[ebx+0x34] mov [ebp+0xffffff64],eax mov dword [ebp+0xffffff68],DATA_009260 mov eax,[ebp+0x28] mov [ebp+0xffffff6c],eax JUMP_007597: ; Pos = 69f45 mov eax,[ebp+0xffffff6c] cmp dword [eax],byte +0x0 jng near JUMP_007600 mov eax,[ebp+0xffffff6c] mov eax,[eax] mov [ebp+0xffffff78],eax mov eax,[ebp+0xffffff78] mov eax,[eax] shl eax,0x2 lea eax,[eax+eax*2] add eax,DATA_007841 mov [ebp+0xffffff74],eax mov eax,[ebp+0xffffff74] mov edi,[eax+0x8] add edi,[ebp+0x20] dec edi mov eax,[ebp+0xffffff68] lea eax,[eax+edi*8] cmp edi,[ebp+0x20] jl JUMP_007599 JUMP_007598: ; Pos = 69f97 mov edx,[ebp+0xffffff74] mov edx,[edx] mov [eax],edx mov edx,[ebp+0xffffff74] mov edx,[edx+0x4] mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp edi,[ebp+0x20] jnl JUMP_007598 JUMP_007599: ; Pos = 69fb6 mov eax,[ebp+0xffffff64] mov eax,[eax] mov edx,[ebp+0xffffff60] mov [edx],eax mov eax,[ebp+0xffffff5c] mov eax,[eax] mov edx,[ebp+0xffffff58] mov [edx],eax mov eax,[ebp+0xffffff54] mov eax,[eax] mov edx,[ebp+0xffffff50] mov [edx],eax mov eax,[ebp+0xffffff78] mov eax,[eax+0x4] mov edx,[ebp+0xffffff64] mov [edx],eax mov eax,[ebp+0xffffff78] mov eax,[eax+0x8] mov edx,[ebp+0xffffff5c] mov [edx],eax mov eax,[ebp+0xffffff78] mov eax,[eax+0xc] mov edx,[ebp+0xffffff54] mov [edx],eax JUMP_007600: ; Pos = 6a019 inc dword [ebp-0x24] add dword [ebp+0xffffff50],byte +0x4 add dword [ebp+0xffffff54],byte +0x4 add dword [ebp+0xffffff58],byte +0x4 add dword [ebp+0xffffff5c],byte +0x4 add dword [ebp+0xffffff60],byte +0x4 add dword [ebp+0xffffff64],byte +0x4 add dword [ebp+0xffffff68],0x100 add dword [ebp+0xffffff6c],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007597 JUMP_007601: ; Pos = 6a061 cmp dword [ebp+0x20],byte +0x5 jnl JUMP_007602 mov eax,[ebp+0x20] push eax push ebx push esi mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009278] add esp,byte +0x14 mov eax,[ebp+0x20] push eax mov eax,[ebp+0xc] push eax push ebx push esi mov eax,[ebp+0x1c] push eax call near [DATA_009278] add esp,byte +0x14 mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009278] add esp,byte +0x14 jmp short JUMP_007603 JUMP_007602: ; Pos = 6a0ae mov eax,[ebp+0x20] push eax push ebx push esi mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009279] add esp,byte +0x14 mov eax,[ebp+0x20] push eax mov eax,[ebp+0xc] push eax push ebx push esi mov eax,[ebp+0x1c] push eax call near [DATA_009279] add esp,byte +0x14 mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009279] add esp,byte +0x14 JUMP_007603: ; Pos = 6a0f3 call FUNC_001820 mov [ebp-0x8],eax mov eax,[ebp+0x18] mov eax,[eax+0x8] mov edx,[ebp-0x8] mov [edx],eax call FUNC_001820 mov [ebp-0xc],eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] mov edx,[ebp-0xc] mov [edx],eax call FUNC_001820 mov [ebp-0x10],eax mov eax,[ebp+0x14] mov eax,[eax+0x8] mov edx,[ebp-0x10] mov [edx],eax inc dword [ebp+0x20] sar dword [ebp+0x24],1 cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007620 mov eax,[ebp+0x28] mov eax,[eax+0x8] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007604 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007605 JUMP_007604: ; Pos = 6a15a mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007605: ; Pos = 6a160 push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007606 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007607 JUMP_007606: ; Pos = 6a174 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007607: ; Pos = 6a17a push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001870 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0xc] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007608 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007609 JUMP_007608: ; Pos = 6a1b3 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007609: ; Pos = 6a1b9 push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007610 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007611 JUMP_007610: ; Pos = 6a1d0 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007611: ; Pos = 6a1d6 push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001870 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x10] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x18] cmp esi,[eax] jnz JUMP_007612 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007613 JUMP_007612: ; Pos = 6a20f mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007613: ; Pos = 6a215 push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] cmp esi,[eax] jnz JUMP_007614 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007615 JUMP_007614: ; Pos = 6a229 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007615: ; Pos = 6a22f push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax push esi call FUNC_001870 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x14] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001870 add esp,byte +0x24 dec dword [ebp+0x20] xor eax,eax mov [ebp-0x24],eax lea eax,[esi+0x34] mov [ebp+0xffffff6c],eax lea eax,[ebp-0x40] mov [ebp+0xffffff68],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp+0xffffff64],eax lea eax,[ebp-0x38] mov [ebp+0xffffff60],eax lea eax,[ebx+0x34] mov [ebp+0xffffff5c],eax lea eax,[ebp-0x30] mov [ebp+0xffffff58],eax mov dword [ebp+0xffffff54],DATA_009260 mov eax,[ebp+0x28] mov [ebp+0xffffff50],eax JUMP_007616: ; Pos = 6a2d3 mov eax,[ebp+0xffffff50] cmp dword [eax],byte +0x0 jng JUMP_007619 mov eax,[ebp+0xffffff50] mov eax,[eax] mov [ebp+0xffffff70],eax mov eax,[ebp+0xffffff70] mov eax,[eax] lea eax,[eax+eax*2] mov edi,[eax*4+DATA_007842] add edi,[ebp+0x20] dec edi mov eax,[ebp+0xffffff54] lea eax,[eax+edi*8] cmp edi,[ebp+0x20] jl JUMP_007618 JUMP_007617: ; Pos = 6a310 xor edx,edx mov [eax],edx xor edx,edx mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp edi,[ebp+0x20] jnl JUMP_007617 JUMP_007618: ; Pos = 6a322 mov eax,[ebp+0xffffff58] mov eax,[eax] mov edx,[ebp+0xffffff5c] mov [edx],eax mov eax,[ebp+0xffffff60] mov eax,[eax] mov edx,[ebp+0xffffff64] mov [edx],eax mov eax,[ebp+0xffffff68] mov eax,[eax] mov edx,[ebp+0xffffff6c] mov [edx],eax JUMP_007619: ; Pos = 6a352 inc dword [ebp-0x24] add dword [ebp+0xffffff6c],byte +0x4 add dword [ebp+0xffffff68],byte +0x4 add dword [ebp+0xffffff64],byte +0x4 add dword [ebp+0xffffff60],byte +0x4 add dword [ebp+0xffffff5c],byte +0x4 add dword [ebp+0xffffff58],byte +0x4 add dword [ebp+0xffffff54],0x100 add dword [ebp+0xffffff50],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007616 jmp JUMP_007633 JUMP_007620: ; Pos = 6a39f push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007621 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007622 JUMP_007621: ; Pos = 6a3b8 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007622: ; Pos = 6a3be push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007623 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007624 JUMP_007623: ; Pos = 6a3d2 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007624: ; Pos = 6a3d8 push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001870 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007625 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007626 JUMP_007625: ; Pos = 6a40c mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007626: ; Pos = 6a412 push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007627 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007628 JUMP_007627: ; Pos = 6a429 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007628: ; Pos = 6a42f push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001870 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x18] cmp esi,[eax] jnz JUMP_007629 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007630 JUMP_007629: ; Pos = 6a463 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007630: ; Pos = 6a469 push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] cmp esi,[eax] jnz JUMP_007631 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007632 JUMP_007631: ; Pos = 6a47d mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007632: ; Pos = 6a483 push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax push esi call FUNC_001870 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001870 add esp,byte +0x24 JUMP_007633: ; Pos = 6a4ce mov eax,[ebp-0x8] push eax call FUNC_001821 pop ecx mov eax,[ebp-0xc] push eax call FUNC_001821 pop ecx mov eax,[ebp-0x10] push eax call FUNC_001821 pop ecx JUMP_007634: ; Pos = 6a4ec pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop FUNC_001871: ; Pos = 6a4f4 push ebp mov ebp,esp add esp,0xfffffeec push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] cmp dword [ebp+0x20],byte +0xa jnl JUMP_007635 mov eax,[ebp+0x24] mov [ebp-0x48],eax jmp near JUMP_007640 JUMP_007635: ; Pos = 6a514 mov eax,[ebx+0x40] mov edx,[ebp+0xc] cmp eax,[edx+0x40] jnl JUMP_007636 mov eax,[ebx+0x40] mov [ebp-0x24],eax mov eax,[ebp+0xc] mov edi,[eax+0x40] jmp short JUMP_007637 JUMP_007636: ; Pos = 6a52d mov eax,[ebp+0xc] mov eax,[eax+0x40] mov [ebp-0x24],eax mov edi,[ebx+0x40] JUMP_007637: ; Pos = 6a539 mov eax,[esi+0x40] cmp eax,[ebp-0x24] jnl JUMP_007638 mov eax,[esi+0x40] mov [ebp-0x24],eax jmp short JUMP_007639 JUMP_007638: ; Pos = 6a549 cmp edi,[esi+0x40] jnl JUMP_007639 mov edi,[esi+0x40] JUMP_007639: ; Pos = 6a551 sub edi,[ebp-0x24] sar edi,0x3 push edi mov eax,[ebx+0x28] push eax call _abs pop ecx mov edi,eax mov eax,[ebx+0x2c] push eax call _abs pop ecx add edi,eax mov eax,[ebx+0x30] push eax call _abs pop ecx add edi,eax push edi call FUNC_001521 add esp,byte +0x8 add eax,[ebp+0x24] mov [ebp-0x48],eax JUMP_007640: ; Pos = 6a58b mov eax,[ebx+0xc] add eax,[ebp-0x48] mov [ebp-0x1c],eax cmp dword [ebp-0x1c],byte +0x40 jnl near JUMP_007674 mov ax,[ebx+0x24] mov edx,[ebp+0xc] or ax,[edx+0x24] or ax,[esi+0x24] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007760 mov ax,[ebx+0x26] mov edx,[ebp+0xc] or ax,[edx+0x26] or ax,[esi+0x26] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007760 cmp dword [ebx+0x4],byte +0x0 jnl JUMP_007641 mov eax,[ebx+0x4] neg eax jmp short JUMP_007642 JUMP_007641: ; Pos = 6a5eb mov eax,[ebx+0x4] JUMP_007642: ; Pos = 6a5ee cmp dword [ebx+0x8],byte +0x0 jnl JUMP_007643 mov edx,[ebx+0x8] neg edx jmp short JUMP_007644 JUMP_007643: ; Pos = 6a5fb mov edx,[ebx+0x8] JUMP_007644: ; Pos = 6a5fe or eax,edx cmp dword [ebx+0xc],byte +0x0 jnl JUMP_007645 mov edx,[ebx+0xc] neg edx jmp short JUMP_007646 JUMP_007645: ; Pos = 6a60d mov edx,[ebx+0xc] JUMP_007646: ; Pos = 6a610 or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x4],byte +0x0 jnl JUMP_007647 mov edx,[ebp+0xc] mov edx,[edx+0x4] neg edx jmp short JUMP_007648 JUMP_007647: ; Pos = 6a625 mov edx,[ebp+0xc] mov edx,[edx+0x4] JUMP_007648: ; Pos = 6a62b or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x8],byte +0x0 jnl JUMP_007649 mov edx,[ebp+0xc] mov edx,[edx+0x8] neg edx jmp short JUMP_007650 JUMP_007649: ; Pos = 6a640 mov edx,[ebp+0xc] mov edx,[edx+0x8] JUMP_007650: ; Pos = 6a646 or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0xc],byte +0x0 jnl JUMP_007651 mov edx,[ebp+0xc] mov edx,[edx+0xc] neg edx jmp short JUMP_007652 JUMP_007651: ; Pos = 6a65b mov edx,[ebp+0xc] mov edx,[edx+0xc] JUMP_007652: ; Pos = 6a661 or eax,edx cmp dword [esi+0x4],byte +0x0 jnl JUMP_007653 mov edx,[esi+0x4] neg edx jmp short JUMP_007654 JUMP_007653: ; Pos = 6a670 mov edx,[esi+0x4] JUMP_007654: ; Pos = 6a673 or eax,edx cmp dword [esi+0x8],byte +0x0 jnl JUMP_007655 mov edx,[esi+0x8] neg edx jmp short JUMP_007656 JUMP_007655: ; Pos = 6a682 mov edx,[esi+0x8] JUMP_007656: ; Pos = 6a685 or eax,edx cmp dword [esi+0xc],byte +0x0 jnl JUMP_007657 mov edx,[esi+0xc] neg edx jmp short JUMP_007658 JUMP_007657: ; Pos = 6a694 mov edx,[esi+0xc] JUMP_007658: ; Pos = 6a697 or eax,edx push eax call FUNC_001656_FindMSB pop ecx mov edi,eax add edi,byte -0xd test edi,edi jng near JUMP_007659 mov ecx,edi mov eax,[ebx+0x4] sar eax,cl mov [ebp+0xffffff28],eax mov ecx,edi mov eax,[ebx+0x8] sar eax,cl mov [ebp+0xffffff2c],eax mov ecx,edi mov eax,[ebx+0xc] sar eax,cl mov [ebp+0xffffff30],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x4] sar eax,cl mov [ebp+0xffffff1c],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x8] sar eax,cl mov [ebp+0xffffff20],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0xc] sar eax,cl mov [ebp+0xffffff24],eax mov ecx,edi mov eax,[esi+0x4] sar eax,cl mov [ebp+0xffffff10],eax mov ecx,edi mov eax,[esi+0x8] sar eax,cl mov [ebp+0xffffff14],eax mov ecx,edi mov eax,[esi+0xc] sar eax,cl mov [ebp+0xffffff18],eax jmp short JUMP_007660 JUMP_007659: ; Pos = 6a72d mov eax,[ebx+0x4] mov [ebp+0xffffff28],eax mov eax,[ebx+0x8] mov [ebp+0xffffff2c],eax mov eax,[ebx+0xc] mov [ebp+0xffffff30],eax mov eax,[ebp+0xc] mov edx,[eax+0x4] mov [ebp+0xffffff1c],edx mov edx,[eax+0x8] mov [ebp+0xffffff20],edx mov edx,[eax+0xc] mov [ebp+0xffffff24],edx mov eax,[esi+0x4] mov [ebp+0xffffff10],eax mov eax,[esi+0x8] mov [ebp+0xffffff14],eax mov eax,[esi+0xc] mov [ebp+0xffffff18],eax xor edi,edi JUMP_007660: ; Pos = 6a783 mov eax,[ebp+0xffffff28] sub eax,[ebp+0xffffff10] imul dword [ebp+0xffffff20] mov edx,[ebp+0xffffff1c] sub edx,[ebp+0xffffff28] imul edx,[ebp+0xffffff14] add eax,edx mov edx,[ebp+0xffffff10] sub edx,[ebp+0xffffff1c] imul edx,[ebp+0xffffff2c] add eax,edx mov [ebp-0x4c],eax mov eax,[ebp+0xffffff28] sub eax,[ebp+0xffffff1c] imul dword [ebp+0xffffff14] mov edx,[ebp+0xffffff10] sub edx,[ebp+0xffffff28] imul edx,[ebp+0xffffff20] add eax,edx mov edx,[ebp+0xffffff1c] sub edx,[ebp+0xffffff10] imul edx,[ebp+0xffffff2c] add eax,edx mov [ebp-0x50],eax cmp dword [ebp-0x4c],byte +0x0 jz near JUMP_007760 cmp dword [ebp-0x50],byte +0x0 jz near JUMP_007760 mov eax,[ebp+0xffffff28] imul dword [ebp+0xffffff20] mov edx,[ebp+0xffffff1c] imul edx,[ebp+0xffffff2c] sub eax,edx mov [ebp-0x54],eax mov eax,[ebp+0xffffff28] imul dword [ebp+0xffffff14] mov edx,[ebp+0xffffff10] imul edx,[ebp+0xffffff2c] sub eax,edx mov [ebp-0x58],eax cmp dword [ebp-0x58],byte +0x0 jnl JUMP_007661 mov eax,[ebp-0x58] neg eax jmp short JUMP_007662 JUMP_007661: ; Pos = 6a85e mov eax,[ebp-0x58] JUMP_007662: ; Pos = 6a861 push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007663 xor esi,esi JUMP_007663: ; Pos = 6a875 cmp esi,byte +0xf jng JUMP_007664 mov esi,0xf JUMP_007664: ; Pos = 6a87f cmp esi,byte +0xf jnl JUMP_007665 mov ecx,0xf sub ecx,esi sar dword [ebp-0x50],cl cmp dword [ebp-0x50],byte +0x0 jz near JUMP_007760 cmp dword [ebp-0x50],byte -0x1 jz near JUMP_007760 JUMP_007665: ; Pos = 6a8a2 mov ecx,esi mov eax,[ebp-0x58] shl eax,cl cdq idiv dword [ebp-0x50] mov [ebp-0x5c],eax cmp dword [ebp-0x54],byte +0x0 jnl JUMP_007666 mov eax,[ebp-0x54] neg eax jmp short JUMP_007667 JUMP_007666: ; Pos = 6a8bd mov eax,[ebp-0x54] JUMP_007667: ; Pos = 6a8c0 push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007668 xor esi,esi JUMP_007668: ; Pos = 6a8d4 cmp esi,byte +0xf jng JUMP_007669 mov esi,0xf JUMP_007669: ; Pos = 6a8de cmp esi,byte +0xf jnl JUMP_007670 mov ecx,0xf sub ecx,esi sar dword [ebp-0x4c],cl cmp dword [ebp-0x4c],byte +0x0 jz near JUMP_007760 cmp dword [ebp-0x4c],byte -0x1 jz near JUMP_007760 JUMP_007670: ; Pos = 6a901 mov ecx,esi mov eax,[ebp-0x54] shl eax,cl cdq idiv dword [ebp-0x4c] mov [ebp-0x60],eax cmp dword [ebp-0x5c],byte +0x0 jl near JUMP_007760 cmp dword [ebp-0x60],byte +0x0 jl near JUMP_007760 mov eax,[ebp-0x5c] add eax,[ebp-0x60] cmp eax,0x8000 jg near JUMP_007760 cmp edi,byte +0xf jnl JUMP_007671 mov ecx,0xf sub ecx,edi mov eax,[ebp+0xffffff24] sub eax,[ebp+0xffffff30] imul dword [ebp-0x5c] mov edx,[ebp+0xffffff18] sub edx,[ebp+0xffffff30] imul edx,[ebp-0x60] add eax,edx sar eax,cl add eax,[ebx+0xc] mov [ebp-0x64],eax jmp short JUMP_007672 JUMP_007671: ; Pos = 6a96b lea ecx,[edi-0xf] mov eax,[ebp+0xffffff24] sub eax,[ebp+0xffffff30] imul dword [ebp-0x5c] mov edx,[ebp+0xffffff18] sub edx,[ebp+0xffffff30] imul edx,[ebp-0x60] add eax,edx shl eax,cl add eax,[ebx+0xc] mov [ebp-0x64],eax JUMP_007672: ; Pos = 6a997 mov eax,[ebp-0x64] cmp eax,[DATA_009283] jl JUMP_007673 cmp dword [DATA_009284],byte +0x0 jz near JUMP_007760 JUMP_007673: ; Pos = 6a9af mov eax,[ebp-0x64] mov [DATA_009283],eax xor eax,eax mov [DATA_009284],eax jmp JUMP_007760 JUMP_007674: ; Pos = 6a9c3 mov eax,[ebx+0xc] sub eax,[ebp-0x48] cmp eax,[DATA_009285] jg near JUMP_007760 mov eax,[ebx+0x4] push eax call _abs pop ecx sub eax,[ebp-0x48] test eax,eax jg near JUMP_007760 mov eax,[ebx+0x8] push eax call _abs pop ecx sub eax,[ebp-0x48] test eax,eax jg near JUMP_007760 cmp dword [ebx+0xc],byte +0x40 jl near JUMP_007718 mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl near JUMP_007718 cmp dword [esi+0xc],byte +0x40 jl near JUMP_007718 movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx mov edx,[ebp+0xc] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx imul edx movsx edx,word [esi+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx mov ecx,[ebp+0xc] movsx ecx,word [ecx] movsx edi,word [ebx] sub ecx,edi imul edx,ecx sub eax,edx mov [ebp-0x68],eax cmp dword [ebp+0x20],byte +0x9 jg JUMP_007676 mov eax,[ebp+0x20] cmp eax,[ebx+0x44] jng JUMP_007675 mov eax,[ebp+0x20] mov edx,[ebp+0xc] cmp eax,[edx+0x44] jng JUMP_007675 mov eax,[ebp+0x20] cmp eax,[esi+0x44] jg JUMP_007676 JUMP_007675: ; Pos = 6aa75 cmp dword [ebp-0x68],0x96 jnl near JUMP_007717 cmp dword [ebp-0x68],byte +0x0 jl near JUMP_007717 cmp dword [ebp+0x20],byte +0x8 jng near JUMP_007717 JUMP_007676: ; Pos = 6aa96 mov ax,[ebx+0x24] mov edx,[ebp+0xc] or ax,[edx+0x24] or ax,[esi+0x24] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007760 mov ax,[ebx+0x26] mov edx,[ebp+0xc] or ax,[edx+0x26] or ax,[esi+0x26] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007760 cmp dword [ebx+0x4],byte +0x0 jnl JUMP_007677 mov eax,[ebx+0x4] neg eax jmp short JUMP_007678 JUMP_007677: ; Pos = 6aae3 mov eax,[ebx+0x4] JUMP_007678: ; Pos = 6aae6 cmp dword [ebx+0x8],byte +0x0 jnl JUMP_007679 mov edx,[ebx+0x8] neg edx jmp short JUMP_007680 JUMP_007679: ; Pos = 6aaf3 mov edx,[ebx+0x8] JUMP_007680: ; Pos = 6aaf6 or eax,edx cmp dword [ebx+0xc],byte +0x0 jnl JUMP_007681 mov edx,[ebx+0xc] neg edx jmp short JUMP_007682 JUMP_007681: ; Pos = 6ab05 mov edx,[ebx+0xc] JUMP_007682: ; Pos = 6ab08 or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x4],byte +0x0 jnl JUMP_007683 mov edx,[ebp+0xc] mov edx,[edx+0x4] neg edx jmp short JUMP_007684 JUMP_007683: ; Pos = 6ab1d mov edx,[ebp+0xc] mov edx,[edx+0x4] JUMP_007684: ; Pos = 6ab23 or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x8],byte +0x0 jnl JUMP_007685 mov edx,[ebp+0xc] mov edx,[edx+0x8] neg edx jmp short JUMP_007686 JUMP_007685: ; Pos = 6ab38 mov edx,[ebp+0xc] mov edx,[edx+0x8] JUMP_007686: ; Pos = 6ab3e or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0xc],byte +0x0 jnl JUMP_007687 mov edx,[ebp+0xc] mov edx,[edx+0xc] neg edx jmp short JUMP_007688 JUMP_007687: ; Pos = 6ab53 mov edx,[ebp+0xc] mov edx,[edx+0xc] JUMP_007688: ; Pos = 6ab59 or eax,edx cmp dword [esi+0x4],byte +0x0 jnl JUMP_007689 mov edx,[esi+0x4] neg edx jmp short JUMP_007690 JUMP_007689: ; Pos = 6ab68 mov edx,[esi+0x4] JUMP_007690: ; Pos = 6ab6b or eax,edx cmp dword [esi+0x8],byte +0x0 jnl JUMP_007691 mov edx,[esi+0x8] neg edx jmp short JUMP_007692 JUMP_007691: ; Pos = 6ab7a mov edx,[esi+0x8] JUMP_007692: ; Pos = 6ab7d or eax,edx cmp dword [esi+0xc],byte +0x0 jnl JUMP_007693 mov edx,[esi+0xc] neg edx jmp short JUMP_007694 JUMP_007693: ; Pos = 6ab8c mov edx,[esi+0xc] JUMP_007694: ; Pos = 6ab8f or eax,edx push eax call FUNC_001656_FindMSB pop ecx mov edi,eax add edi,byte -0xd test edi,edi jng near JUMP_007695 mov ecx,edi mov eax,[ebx+0x4] sar eax,cl mov [ebp+0xffffff04],eax mov ecx,edi mov eax,[ebx+0x8] sar eax,cl mov [ebp+0xffffff08],eax mov ecx,edi mov eax,[ebx+0xc] sar eax,cl mov [ebp+0xffffff0c],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x4] sar eax,cl mov [ebp+0xfffffef8],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x8] sar eax,cl mov [ebp+0xfffffefc],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0xc] sar eax,cl mov [ebp+0xffffff00],eax mov ecx,edi mov eax,[esi+0x4] sar eax,cl mov [ebp+0xfffffeec],eax mov ecx,edi mov eax,[esi+0x8] sar eax,cl mov [ebp+0xfffffef0],eax mov ecx,edi mov eax,[esi+0xc] sar eax,cl mov [ebp+0xfffffef4],eax jmp short JUMP_007696 JUMP_007695: ; Pos = 6ac25 mov eax,[ebx+0x4] mov [ebp+0xffffff04],eax mov eax,[ebx+0x8] mov [ebp+0xffffff08],eax mov eax,[ebx+0xc] mov [ebp+0xffffff0c],eax mov eax,[ebp+0xc] mov edx,[eax+0x4] mov [ebp+0xfffffef8],edx mov edx,[eax+0x8] mov [ebp+0xfffffefc],edx mov edx,[eax+0xc] mov [ebp+0xffffff00],edx mov eax,[esi+0x4] mov [ebp+0xfffffeec],eax mov eax,[esi+0x8] mov [ebp+0xfffffef0],eax mov eax,[esi+0xc] mov [ebp+0xfffffef4],eax xor edi,edi JUMP_007696: ; Pos = 6ac7b mov eax,[ebp+0xffffff04] sub eax,[ebp+0xfffffeec] imul dword [ebp+0xfffffefc] mov edx,[ebp+0xfffffef8] sub edx,[ebp+0xffffff04] imul edx,[ebp+0xfffffef0] add eax,edx mov edx,[ebp+0xfffffeec] sub edx,[ebp+0xfffffef8] imul edx,[ebp+0xffffff08] add eax,edx mov [ebp-0x6c],eax mov eax,[ebp+0xffffff04] sub eax,[ebp+0xfffffef8] imul dword [ebp+0xfffffef0] mov edx,[ebp+0xfffffeec] sub edx,[ebp+0xffffff04] imul edx,[ebp+0xfffffefc] add eax,edx mov edx,[ebp+0xfffffef8] sub edx,[ebp+0xfffffeec] imul edx,[ebp+0xffffff08] add eax,edx mov [ebp-0x70],eax cmp dword [ebp-0x6c],byte +0x0 jz near JUMP_007760 cmp dword [ebp-0x70],byte +0x0 jz near JUMP_007760 mov eax,[ebp+0xffffff04] imul dword [ebp+0xfffffefc] mov edx,[ebp+0xfffffef8] imul edx,[ebp+0xffffff08] sub eax,edx mov [ebp-0x74],eax mov eax,[ebp+0xffffff04] imul dword [ebp+0xfffffef0] mov edx,[ebp+0xfffffeec] imul edx,[ebp+0xffffff08] sub eax,edx mov [ebp-0x78],eax cmp dword [ebp-0x78],byte +0x0 jnl JUMP_007697 mov eax,[ebp-0x78] neg eax jmp short JUMP_007698 JUMP_007697: ; Pos = 6ad56 mov eax,[ebp-0x78] JUMP_007698: ; Pos = 6ad59 push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007699 xor esi,esi JUMP_007699: ; Pos = 6ad6d cmp esi,byte +0xf jng JUMP_007700 mov esi,0xf JUMP_007700: ; Pos = 6ad77 cmp esi,byte +0xf jnl JUMP_007701 mov ecx,0xf sub ecx,esi sar dword [ebp-0x70],cl cmp dword [ebp-0x70],byte +0x0 jz near JUMP_007760 cmp dword [ebp-0x70],byte -0x1 jz near JUMP_007760 JUMP_007701: ; Pos = 6ad9a mov ecx,esi mov eax,[ebp-0x78] shl eax,cl cdq idiv dword [ebp-0x70] mov [ebp-0x7c],eax cmp dword [ebp-0x74],byte +0x0 jnl JUMP_007702 mov eax,[ebp-0x74] neg eax jmp short JUMP_007703 JUMP_007702: ; Pos = 6adb5 mov eax,[ebp-0x74] JUMP_007703: ; Pos = 6adb8 push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007704 xor esi,esi JUMP_007704: ; Pos = 6adcc cmp esi,byte +0xf jng JUMP_007705 mov esi,0xf JUMP_007705: ; Pos = 6add6 cmp esi,byte +0xf jnl JUMP_007706 mov ecx,0xf sub ecx,esi sar dword [ebp-0x6c],cl cmp dword [ebp-0x6c],byte +0x0 jz near JUMP_007760 cmp dword [ebp-0x6c],byte -0x1 jz near JUMP_007760 JUMP_007706: ; Pos = 6adf9 mov ecx,esi mov eax,[ebp-0x74] shl eax,cl cdq idiv dword [ebp-0x6c] cmp dword [ebp-0x7c],byte +0x0 jl near JUMP_007710 test eax,eax jl near JUMP_007710 mov edx,[ebp-0x7c] add edx,eax cmp edx,0x8000 jg near JUMP_007710 cmp edi,byte +0xf jnl JUMP_007707 mov ecx,0xf sub ecx,edi mov edx,[ebp+0xffffff00] sub edx,[ebp+0xffffff0c] imul edx,[ebp-0x7c] mov esi,[ebp+0xfffffef4] sub esi,[ebp+0xffffff0c] imul esi,eax add edx,esi sar edx,cl add edx,[ebx+0xc] mov eax,edx jmp short JUMP_007708 JUMP_007707: ; Pos = 6ae5d lea ecx,[edi-0xf] mov edx,[ebp+0xffffff00] sub edx,[ebp+0xffffff0c] imul edx,[ebp-0x7c] mov esi,[ebp+0xfffffef4] sub esi,[ebp+0xffffff0c] imul esi,eax add edx,esi shl edx,cl add edx,[ebx+0xc] mov eax,edx JUMP_007708: ; Pos = 6ae88 cmp eax,[DATA_009283] jl JUMP_007709 cmp dword [DATA_009284],byte +0x0 jz near JUMP_007760 JUMP_007709: ; Pos = 6ae9d mov [DATA_009283],eax xor eax,eax mov [DATA_009284],eax jmp JUMP_007760 JUMP_007710: ; Pos = 6aeae cmp dword [ebp-0x7c],byte +0x0 jnl JUMP_007712 mov edx,[ebp-0x7c] neg edx cmp eax,[ebp-0x7c] jnl JUMP_007711 mov edx,eax neg edx jmp short JUMP_007714 JUMP_007711: ; Pos = 6aec4 mov ecx,[ebp-0x7c] add ecx,eax add ecx,0xffff8000 cmp edx,ecx jnl JUMP_007714 mov edx,[ebp-0x7c] add edx,eax add edx,0xffff8000 jmp short JUMP_007714 JUMP_007712: ; Pos = 6aee0 test eax,eax jnl JUMP_007713 mov edx,eax neg edx mov ecx,[ebp-0x7c] add ecx,eax add ecx,0xffff8000 cmp edx,ecx jnl JUMP_007714 mov edx,[ebp-0x7c] add edx,eax add edx,0xffff8000 jmp short JUMP_007714 JUMP_007713: ; Pos = 6af04 mov edx,[ebp-0x7c] add edx,eax add edx,0xffff8000 JUMP_007714: ; Pos = 6af0f cmp edx,[DATA_009284] jnl near JUMP_007760 cmp edi,byte +0xf jnl JUMP_007715 mov esi,[ebp+0xffffff00] sub esi,[ebp+0xffffff0c] imul esi,[ebp-0x7c] mov ecx,[ebp+0xfffffef4] sub ecx,[ebp+0xffffff0c] imul ecx,eax add esi,ecx mov ecx,0xf sub ecx,edi sar esi,cl add esi,[ebx+0xc] mov eax,esi jmp short JUMP_007716 JUMP_007715: ; Pos = 6af51 mov esi,[ebp+0xffffff00] sub esi,[ebp+0xffffff0c] imul esi,[ebp-0x7c] mov ecx,[ebp+0xfffffef4] sub ecx,[ebp+0xffffff0c] imul ecx,eax add esi,ecx lea ecx,[edi-0xf] shl esi,cl add esi,[ebx+0xc] mov eax,esi JUMP_007716: ; Pos = 6af7c test eax,eax jng near JUMP_007760 mov [DATA_009283],eax mov [DATA_009284],edx jmp JUMP_007760 JUMP_007717: ; Pos = 6af94 cmp dword [ebp+0x20],byte +0x2 jnl near JUMP_007722 lea eax,[esi+0x4] push eax mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff40] push eax call FUNC_001827 add esp,byte +0x10 lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff34] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff34] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff40] imul edx,[ebp+0xffffff34] mov ecx,[ebp+0xffffff44] imul ecx,[ebp+0xffffff38] add edx,ecx mov ecx,[ebp+0xffffff48] imul ecx,[ebp+0xffffff3c] add edx,ecx cmp eax,edx jng near JUMP_007722 mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebp+0xffffff34] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff34] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff40] imul edx,[ebp+0xffffff34] mov ecx,[ebp+0xffffff44] imul ecx,[ebp+0xffffff38] add edx,ecx mov ecx,[ebp+0xffffff48] imul ecx,[ebp+0xffffff3c] add edx,ecx cmp eax,edx jng near JUMP_007722 lea eax,[esi+0x4] push eax lea eax,[ebp+0xffffff34] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff34] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff40] imul edx,[ebp+0xffffff34] mov ecx,[ebp+0xffffff44] imul ecx,[ebp+0xffffff38] add edx,ecx mov ecx,[ebp+0xffffff48] imul ecx,[ebp+0xffffff3c] add edx,ecx cmp eax,edx jg near JUMP_007760 jmp JUMP_007722 JUMP_007718: ; Pos = 6b0f0 cmp dword [ebp+0x24],0x1f4 jl near JUMP_007760 mov eax,[ebx+0xc] push eax call _abs pop ecx mov [ebp-0x80],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] push eax call _abs pop ecx mov [ebp+0xffffff7c],eax mov eax,[esi+0xc] push eax call _abs pop ecx mov [ebp+0xffffff78],eax mov eax,[ebx+0x4] cmp eax,[ebp-0x80] jng JUMP_007719 mov eax,[ebp+0xc] mov eax,[eax+0x4] cmp eax,[ebp+0xffffff7c] jng JUMP_007719 mov eax,[esi+0x4] cmp eax,[ebp+0xffffff78] jg near JUMP_007760 JUMP_007719: ; Pos = 6b152 mov eax,[ebp-0x80] neg eax cmp eax,[ebx+0x4] jng JUMP_007720 mov eax,[ebp+0xffffff7c] neg eax mov edx,[ebp+0xc] cmp eax,[edx+0x4] jng JUMP_007720 mov eax,[ebp+0xffffff78] neg eax cmp eax,[esi+0x4] jg near JUMP_007760 JUMP_007720: ; Pos = 6b17d mov eax,[ebx+0x8] cmp eax,[ebp-0x80] jng JUMP_007721 mov eax,[ebp+0xc] mov eax,[eax+0x8] cmp eax,[ebp+0xffffff7c] jng JUMP_007721 mov eax,[esi+0x8] cmp eax,[ebp+0xffffff78] jg near JUMP_007760 JUMP_007721: ; Pos = 6b1a2 mov eax,[ebp-0x80] neg eax cmp eax,[ebx+0x8] jng JUMP_007722 mov eax,[ebp+0xffffff7c] neg eax mov edx,[ebp+0xc] cmp eax,[edx+0x8] jng JUMP_007722 mov eax,[ebp+0xffffff78] neg eax cmp eax,[esi+0x8] jg near JUMP_007760 JUMP_007722: ; Pos = 6b1cd cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007727 xor eax,eax mov [ebp-0x24],eax lea eax,[ebp-0x40] mov [ebp+0xffffff4c],eax lea eax,[esi+0x34] mov [ebp+0xffffff50],eax lea eax,[ebp-0x38] mov [ebp+0xffffff54],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp+0xffffff58],eax lea eax,[ebp-0x30] mov [ebp+0xffffff5c],eax lea eax,[ebx+0x34] mov [ebp+0xffffff60],eax mov dword [ebp+0xffffff64],DATA_009260 mov eax,[ebp+0x28] mov [ebp+0xffffff68],eax JUMP_007723: ; Pos = 6b228 mov eax,[ebp+0xffffff68] cmp dword [eax],byte +0x0 jng near JUMP_007726 mov eax,[ebp+0xffffff68] mov eax,[eax] mov [ebp+0xffffff74],eax mov eax,[ebp+0xffffff74] mov eax,[eax] shl eax,0x2 lea eax,[eax+eax*2] add eax,DATA_007841 mov [ebp+0xffffff70],eax mov eax,[ebp+0xffffff70] mov edi,[eax+0x8] add edi,[ebp+0x20] dec edi mov eax,[ebp+0xffffff64] lea eax,[eax+edi*8] cmp edi,[ebp+0x20] jl JUMP_007725 JUMP_007724: ; Pos = 6b27a mov edx,[ebp+0xffffff70] mov edx,[edx] mov [eax],edx mov edx,[ebp+0xffffff70] mov edx,[edx+0x4] mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp edi,[ebp+0x20] jnl JUMP_007724 JUMP_007725: ; Pos = 6b299 mov eax,[ebp+0xffffff60] mov eax,[eax] mov edx,[ebp+0xffffff5c] mov [edx],eax mov eax,[ebp+0xffffff58] mov eax,[eax] mov edx,[ebp+0xffffff54] mov [edx],eax mov eax,[ebp+0xffffff50] mov eax,[eax] mov edx,[ebp+0xffffff4c] mov [edx],eax mov eax,[ebp+0xffffff74] mov eax,[eax+0x4] mov edx,[ebp+0xffffff60] mov [edx],eax mov eax,[ebp+0xffffff74] mov eax,[eax+0x8] mov edx,[ebp+0xffffff58] mov [edx],eax mov eax,[ebp+0xffffff74] mov eax,[eax+0xc] mov edx,[ebp+0xffffff50] mov [edx],eax JUMP_007726: ; Pos = 6b2fc inc dword [ebp-0x24] add dword [ebp+0xffffff4c],byte +0x4 add dword [ebp+0xffffff50],byte +0x4 add dword [ebp+0xffffff54],byte +0x4 add dword [ebp+0xffffff58],byte +0x4 add dword [ebp+0xffffff5c],byte +0x4 add dword [ebp+0xffffff60],byte +0x4 add dword [ebp+0xffffff64],0x100 add dword [ebp+0xffffff68],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007723 JUMP_007727: ; Pos = 6b344 cmp dword [ebp+0x20],byte +0x5 jnl JUMP_007728 mov eax,[ebp+0x20] push eax push ebx push esi mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009278] add esp,byte +0x14 mov eax,[ebp+0x20] push eax mov eax,[ebp+0xc] push eax push ebx push esi mov eax,[ebp+0x1c] push eax call near [DATA_009278] add esp,byte +0x14 mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009278] add esp,byte +0x14 jmp short JUMP_007729 JUMP_007728: ; Pos = 6b391 mov eax,[ebp+0x20] push eax push ebx push esi mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009279] add esp,byte +0x14 mov eax,[ebp+0x20] push eax mov eax,[ebp+0xc] push eax push ebx push esi mov eax,[ebp+0x1c] push eax call near [DATA_009279] add esp,byte +0x14 mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009279] add esp,byte +0x14 JUMP_007729: ; Pos = 6b3d6 call FUNC_001820 mov [ebp-0x8],eax mov eax,[ebp+0x18] mov eax,[eax+0x8] mov edx,[ebp-0x8] mov [edx],eax call FUNC_001820 mov [ebp-0xc],eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] mov edx,[ebp-0xc] mov [edx],eax call FUNC_001820 mov [ebp-0x10],eax mov eax,[ebp+0x14] mov eax,[eax+0x8] mov edx,[ebp-0x10] mov [edx],eax inc dword [ebp+0x20] sar dword [ebp+0x24],1 cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007746 mov eax,[ebp+0x28] mov eax,[eax+0x8] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007730 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007731 JUMP_007730: ; Pos = 6b43d mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007731: ; Pos = 6b443 push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007732 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007733 JUMP_007732: ; Pos = 6b457 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007733: ; Pos = 6b45d push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001871 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0xc] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007734 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007735 JUMP_007734: ; Pos = 6b496 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007735: ; Pos = 6b49c push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007736 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007737 JUMP_007736: ; Pos = 6b4b3 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007737: ; Pos = 6b4b9 push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001871 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x10] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x18] cmp esi,[eax] jnz JUMP_007738 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007739 JUMP_007738: ; Pos = 6b4f2 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007739: ; Pos = 6b4f8 push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] cmp esi,[eax] jnz JUMP_007740 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007741 JUMP_007740: ; Pos = 6b50c mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007741: ; Pos = 6b512 push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax push esi call FUNC_001871 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x14] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001871 add esp,byte +0x24 dec dword [ebp+0x20] xor eax,eax mov [ebp-0x24],eax lea eax,[esi+0x34] mov [ebp+0xffffff68],eax lea eax,[ebp-0x40] mov [ebp+0xffffff64],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp+0xffffff60],eax lea eax,[ebp-0x38] mov [ebp+0xffffff5c],eax lea eax,[ebx+0x34] mov [ebp+0xffffff58],eax lea eax,[ebp-0x30] mov [ebp+0xffffff54],eax mov dword [ebp+0xffffff50],DATA_009260 mov eax,[ebp+0x28] mov [ebp+0xffffff4c],eax JUMP_007742: ; Pos = 6b5b6 mov eax,[ebp+0xffffff4c] cmp dword [eax],byte +0x0 jng JUMP_007745 mov eax,[ebp+0xffffff4c] mov eax,[eax] mov [ebp+0xffffff6c],eax mov eax,[ebp+0xffffff6c] mov eax,[eax] lea eax,[eax+eax*2] mov edi,[eax*4+DATA_007842] add edi,[ebp+0x20] dec edi mov eax,[ebp+0xffffff50] lea eax,[eax+edi*8] cmp edi,[ebp+0x20] jl JUMP_007744 JUMP_007743: ; Pos = 6b5f3 xor edx,edx mov [eax],edx xor edx,edx mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp edi,[ebp+0x20] jnl JUMP_007743 JUMP_007744: ; Pos = 6b605 mov eax,[ebp+0xffffff54] mov eax,[eax] mov edx,[ebp+0xffffff58] mov [edx],eax mov eax,[ebp+0xffffff5c] mov eax,[eax] mov edx,[ebp+0xffffff60] mov [edx],eax mov eax,[ebp+0xffffff64] mov eax,[eax] mov edx,[ebp+0xffffff68] mov [edx],eax JUMP_007745: ; Pos = 6b635 inc dword [ebp-0x24] add dword [ebp+0xffffff68],byte +0x4 add dword [ebp+0xffffff64],byte +0x4 add dword [ebp+0xffffff60],byte +0x4 add dword [ebp+0xffffff5c],byte +0x4 add dword [ebp+0xffffff58],byte +0x4 add dword [ebp+0xffffff54],byte +0x4 add dword [ebp+0xffffff50],0x100 add dword [ebp+0xffffff4c],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007742 jmp JUMP_007759 JUMP_007746: ; Pos = 6b682 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007747 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007748 JUMP_007747: ; Pos = 6b69b mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007748: ; Pos = 6b6a1 push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007749 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007750 JUMP_007749: ; Pos = 6b6b5 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007750: ; Pos = 6b6bb push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001871 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007751 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007752 JUMP_007751: ; Pos = 6b6ef mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007752: ; Pos = 6b6f5 push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007753 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007754 JUMP_007753: ; Pos = 6b70c mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007754: ; Pos = 6b712 push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001871 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x18] cmp esi,[eax] jnz JUMP_007755 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007756 JUMP_007755: ; Pos = 6b746 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007756: ; Pos = 6b74c push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] cmp esi,[eax] jnz JUMP_007757 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007758 JUMP_007757: ; Pos = 6b760 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007758: ; Pos = 6b766 push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax push esi call FUNC_001871 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001871 add esp,byte +0x24 JUMP_007759: ; Pos = 6b7b1 mov eax,[ebp-0x8] push eax call FUNC_001821 pop ecx mov eax,[ebp-0xc] push eax call FUNC_001821 pop ecx mov eax,[ebp-0x10] push eax call FUNC_001821 pop ecx JUMP_007760: ; Pos = 6b7cf pop edi pop esi pop ebx mov esp,ebp pop ebp ret nop nop FUNC_001872: ; Pos = 6b7d8 push ebp mov ebp,esp add esp,0xffffff34 push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] cmp dword [ebp+0x20],byte +0xa jnl JUMP_007761 mov edi,[ebp+0x24] jmp near JUMP_007766 JUMP_007761: ; Pos = 6b7f5 mov eax,[ebx+0x40] mov edx,[ebp+0xc] cmp eax,[edx+0x40] jnl JUMP_007762 mov eax,[ebx+0x40] mov [ebp-0x24],eax mov eax,[ebp+0xc] mov edi,[eax+0x40] jmp short JUMP_007763 JUMP_007762: ; Pos = 6b80e mov eax,[ebp+0xc] mov eax,[eax+0x40] mov [ebp-0x24],eax mov edi,[ebx+0x40] JUMP_007763: ; Pos = 6b81a mov eax,[esi+0x40] cmp eax,[ebp-0x24] jnl JUMP_007764 mov eax,[esi+0x40] mov [ebp-0x24],eax jmp short JUMP_007765 JUMP_007764: ; Pos = 6b82a cmp edi,[esi+0x40] jnl JUMP_007765 mov edi,[esi+0x40] JUMP_007765: ; Pos = 6b832 sub edi,[ebp-0x24] sar edi,0x3 push edi mov eax,[ebx+0x28] push eax call _abs pop ecx mov edi,eax mov eax,[ebx+0x2c] push eax call _abs pop ecx add edi,eax mov eax,[ebx+0x30] push eax call _abs pop ecx add edi,eax push edi call FUNC_001521 add esp,byte +0x8 add eax,[ebp+0x24] mov edi,eax JUMP_007766: ; Pos = 6b86b mov eax,[ebx+0xc] add eax,edi mov [ebp-0x1c],eax cmp dword [ebp-0x1c],byte +0x40 jl near JUMP_007852 mov eax,[ebx+0xc] sub eax,edi cmp eax,[DATA_009285] jg near JUMP_007852 mov eax,[ebx+0x4] push eax call _abs pop ecx sub eax,edi test eax,eax jg near JUMP_007852 mov eax,[ebx+0x8] push eax call _abs pop ecx sub eax,edi test eax,eax jg near JUMP_007852 cmp dword [ebx+0xc],byte +0x40 jl near JUMP_007810 mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl near JUMP_007810 cmp dword [esi+0xc],byte +0x40 jl near JUMP_007810 movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx mov edx,[ebp+0xc] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx imul edx movsx edx,word [esi+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx mov ecx,[ebp+0xc] movsx ecx,word [ecx] movsx edi,word [ebx] sub ecx,edi imul edx,ecx sub eax,edx mov [ebp-0x44],eax cmp dword [ebp+0x20],byte +0x9 jg JUMP_007768 mov eax,[ebp+0x20] cmp eax,[ebx+0x44] jng JUMP_007767 mov eax,[ebp+0x20] mov edx,[ebp+0xc] cmp eax,[edx+0x44] jng JUMP_007767 mov eax,[ebp+0x20] cmp eax,[esi+0x44] jg JUMP_007768 JUMP_007767: ; Pos = 6b92c cmp dword [ebp-0x44],0x96 jnl near JUMP_007809 cmp dword [ebp-0x44],byte +0x0 jl near JUMP_007809 cmp dword [ebp+0x20],byte +0x8 jng near JUMP_007809 JUMP_007768: ; Pos = 6b94d mov ax,[ebx+0x24] mov edx,[ebp+0xc] or ax,[edx+0x24] or ax,[esi+0x24] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007852 mov ax,[ebx+0x26] mov edx,[ebp+0xc] or ax,[edx+0x26] or ax,[esi+0x26] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007852 cmp dword [ebx+0x4],byte +0x0 jnl JUMP_007769 mov eax,[ebx+0x4] neg eax jmp short JUMP_007770 JUMP_007769: ; Pos = 6b99a mov eax,[ebx+0x4] JUMP_007770: ; Pos = 6b99d cmp dword [ebx+0x8],byte +0x0 jnl JUMP_007771 mov edx,[ebx+0x8] neg edx jmp short JUMP_007772 JUMP_007771: ; Pos = 6b9aa mov edx,[ebx+0x8] JUMP_007772: ; Pos = 6b9ad or eax,edx cmp dword [ebx+0xc],byte +0x0 jnl JUMP_007773 mov edx,[ebx+0xc] neg edx jmp short JUMP_007774 JUMP_007773: ; Pos = 6b9bc mov edx,[ebx+0xc] JUMP_007774: ; Pos = 6b9bf or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x4],byte +0x0 jnl JUMP_007775 mov edx,[ebp+0xc] mov edx,[edx+0x4] neg edx jmp short JUMP_007776 JUMP_007775: ; Pos = 6b9d4 mov edx,[ebp+0xc] mov edx,[edx+0x4] JUMP_007776: ; Pos = 6b9da or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x8],byte +0x0 jnl JUMP_007777 mov edx,[ebp+0xc] mov edx,[edx+0x8] neg edx jmp short JUMP_007778 JUMP_007777: ; Pos = 6b9ef mov edx,[ebp+0xc] mov edx,[edx+0x8] JUMP_007778: ; Pos = 6b9f5 or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0xc],byte +0x0 jnl JUMP_007779 mov edx,[ebp+0xc] mov edx,[edx+0xc] neg edx jmp short JUMP_007780 JUMP_007779: ; Pos = 6ba0a mov edx,[ebp+0xc] mov edx,[edx+0xc] JUMP_007780: ; Pos = 6ba10 or eax,edx cmp dword [esi+0x4],byte +0x0 jnl JUMP_007781 mov edx,[esi+0x4] neg edx jmp short JUMP_007782 JUMP_007781: ; Pos = 6ba1f mov edx,[esi+0x4] JUMP_007782: ; Pos = 6ba22 or eax,edx cmp dword [esi+0x8],byte +0x0 jnl JUMP_007783 mov edx,[esi+0x8] neg edx jmp short JUMP_007784 JUMP_007783: ; Pos = 6ba31 mov edx,[esi+0x8] JUMP_007784: ; Pos = 6ba34 or eax,edx cmp dword [esi+0xc],byte +0x0 jnl JUMP_007785 mov edx,[esi+0xc] neg edx jmp short JUMP_007786 JUMP_007785: ; Pos = 6ba43 mov edx,[esi+0xc] JUMP_007786: ; Pos = 6ba46 or eax,edx push eax call FUNC_001656_FindMSB pop ecx mov edi,eax add edi,byte -0xd test edi,edi jng near JUMP_007787 mov ecx,edi mov eax,[ebx+0x4] sar eax,cl mov [ebp+0xffffff4c],eax mov ecx,edi mov eax,[ebx+0x8] sar eax,cl mov [ebp+0xffffff50],eax mov ecx,edi mov eax,[ebx+0xc] sar eax,cl mov [ebp+0xffffff54],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x4] sar eax,cl mov [ebp+0xffffff40],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x8] sar eax,cl mov [ebp+0xffffff44],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0xc] sar eax,cl mov [ebp+0xffffff48],eax mov ecx,edi mov eax,[esi+0x4] sar eax,cl mov [ebp+0xffffff34],eax mov ecx,edi mov eax,[esi+0x8] sar eax,cl mov [ebp+0xffffff38],eax mov ecx,edi mov eax,[esi+0xc] sar eax,cl mov [ebp+0xffffff3c],eax jmp short JUMP_007788 JUMP_007787: ; Pos = 6badc mov eax,[ebx+0x4] mov [ebp+0xffffff4c],eax mov eax,[ebx+0x8] mov [ebp+0xffffff50],eax mov eax,[ebx+0xc] mov [ebp+0xffffff54],eax mov eax,[ebp+0xc] mov edx,[eax+0x4] mov [ebp+0xffffff40],edx mov edx,[eax+0x8] mov [ebp+0xffffff44],edx mov edx,[eax+0xc] mov [ebp+0xffffff48],edx mov eax,[esi+0x4] mov [ebp+0xffffff34],eax mov eax,[esi+0x8] mov [ebp+0xffffff38],eax mov eax,[esi+0xc] mov [ebp+0xffffff3c],eax xor edi,edi JUMP_007788: ; Pos = 6bb32 mov eax,[ebp+0xffffff4c] sub eax,[ebp+0xffffff34] imul dword [ebp+0xffffff44] mov edx,[ebp+0xffffff40] sub edx,[ebp+0xffffff4c] imul edx,[ebp+0xffffff38] add eax,edx mov edx,[ebp+0xffffff34] sub edx,[ebp+0xffffff40] imul edx,[ebp+0xffffff50] add eax,edx mov [ebp-0x48],eax mov eax,[ebp+0xffffff4c] sub eax,[ebp+0xffffff40] imul dword [ebp+0xffffff38] mov edx,[ebp+0xffffff34] sub edx,[ebp+0xffffff4c] imul edx,[ebp+0xffffff44] add eax,edx mov edx,[ebp+0xffffff40] sub edx,[ebp+0xffffff34] imul edx,[ebp+0xffffff50] add eax,edx mov [ebp-0x4c],eax cmp dword [ebp-0x48],byte +0x0 jz near JUMP_007852 cmp dword [ebp-0x4c],byte +0x0 jz near JUMP_007852 mov eax,[ebp+0xffffff4c] imul dword [ebp+0xffffff44] mov edx,[ebp+0xffffff40] imul edx,[ebp+0xffffff50] sub eax,edx mov [ebp-0x50],eax mov eax,[ebp+0xffffff4c] imul dword [ebp+0xffffff38] mov edx,[ebp+0xffffff34] imul edx,[ebp+0xffffff50] sub eax,edx mov [ebp-0x54],eax cmp dword [ebp-0x54],byte +0x0 jnl JUMP_007789 mov eax,[ebp-0x54] neg eax jmp short JUMP_007790 JUMP_007789: ; Pos = 6bc0d mov eax,[ebp-0x54] JUMP_007790: ; Pos = 6bc10 push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007791 xor esi,esi JUMP_007791: ; Pos = 6bc24 cmp esi,byte +0xf jng JUMP_007792 mov esi,0xf JUMP_007792: ; Pos = 6bc2e cmp esi,byte +0xf jnl JUMP_007793 mov ecx,0xf sub ecx,esi sar dword [ebp-0x4c],cl cmp dword [ebp-0x4c],byte +0x0 jz near JUMP_007852 cmp dword [ebp-0x4c],byte -0x1 jz near JUMP_007852 JUMP_007793: ; Pos = 6bc51 mov ecx,esi mov eax,[ebp-0x54] shl eax,cl cdq idiv dword [ebp-0x4c] mov [ebp-0x58],eax cmp dword [ebp-0x50],byte +0x0 jnl JUMP_007794 mov eax,[ebp-0x50] neg eax jmp short JUMP_007795 JUMP_007794: ; Pos = 6bc6c mov eax,[ebp-0x50] JUMP_007795: ; Pos = 6bc6f push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007796 xor esi,esi JUMP_007796: ; Pos = 6bc83 cmp esi,byte +0xf jng JUMP_007797 mov esi,0xf JUMP_007797: ; Pos = 6bc8d cmp esi,byte +0xf jnl JUMP_007798 mov ecx,0xf sub ecx,esi sar dword [ebp-0x48],cl cmp dword [ebp-0x48],byte +0x0 jz near JUMP_007852 cmp dword [ebp-0x48],byte -0x1 jz near JUMP_007852 JUMP_007798: ; Pos = 6bcb0 mov ecx,esi mov eax,[ebp-0x50] shl eax,cl cdq idiv dword [ebp-0x48] cmp dword [ebp-0x58],byte +0x0 jl near JUMP_007802 test eax,eax jl near JUMP_007802 mov edx,[ebp-0x58] add edx,eax cmp edx,0x8000 jg near JUMP_007802 cmp edi,byte +0xf jnl JUMP_007799 mov ecx,0xf sub ecx,edi mov edx,[ebp+0xffffff48] sub edx,[ebp+0xffffff54] imul edx,[ebp-0x58] mov esi,[ebp+0xffffff3c] sub esi,[ebp+0xffffff54] imul esi,eax add edx,esi sar edx,cl add edx,[ebx+0xc] mov eax,edx jmp short JUMP_007800 JUMP_007799: ; Pos = 6bd14 lea ecx,[edi-0xf] mov edx,[ebp+0xffffff48] sub edx,[ebp+0xffffff54] imul edx,[ebp-0x58] mov esi,[ebp+0xffffff3c] sub esi,[ebp+0xffffff54] imul esi,eax add edx,esi shl edx,cl add edx,[ebx+0xc] mov eax,edx JUMP_007800: ; Pos = 6bd3f cmp eax,[DATA_009283] jl JUMP_007801 cmp dword [DATA_009284],byte +0x0 jz near JUMP_007852 JUMP_007801: ; Pos = 6bd54 mov [DATA_009283],eax xor eax,eax mov [DATA_009284],eax jmp JUMP_007852 JUMP_007802: ; Pos = 6bd65 cmp dword [ebp-0x58],byte +0x0 jnl JUMP_007804 mov edx,[ebp-0x58] neg edx cmp eax,[ebp-0x58] jnl JUMP_007803 mov edx,eax neg edx jmp short JUMP_007806 JUMP_007803: ; Pos = 6bd7b mov ecx,[ebp-0x58] add ecx,eax add ecx,0xffff8000 cmp edx,ecx jnl JUMP_007806 mov edx,[ebp-0x58] add edx,eax add edx,0xffff8000 jmp short JUMP_007806 JUMP_007804: ; Pos = 6bd97 test eax,eax jnl JUMP_007805 mov edx,eax neg edx mov ecx,[ebp-0x58] add ecx,eax add ecx,0xffff8000 cmp edx,ecx jnl JUMP_007806 mov edx,[ebp-0x58] add edx,eax add edx,0xffff8000 jmp short JUMP_007806 JUMP_007805: ; Pos = 6bdbb mov edx,[ebp-0x58] add edx,eax add edx,0xffff8000 JUMP_007806: ; Pos = 6bdc6 cmp edx,[DATA_009284] jnl near JUMP_007852 cmp edi,byte +0xf jnl JUMP_007807 mov esi,[ebp+0xffffff48] sub esi,[ebp+0xffffff54] imul esi,[ebp-0x58] mov ecx,[ebp+0xffffff3c] sub ecx,[ebp+0xffffff54] imul ecx,eax add esi,ecx mov ecx,0xf sub ecx,edi sar esi,cl add esi,[ebx+0xc] mov eax,esi jmp short JUMP_007808 JUMP_007807: ; Pos = 6be08 mov esi,[ebp+0xffffff48] sub esi,[ebp+0xffffff54] imul esi,[ebp-0x58] mov ecx,[ebp+0xffffff3c] sub ecx,[ebp+0xffffff54] imul ecx,eax add esi,ecx lea ecx,[edi-0xf] shl esi,cl add esi,[ebx+0xc] mov eax,esi JUMP_007808: ; Pos = 6be33 test eax,eax jng near JUMP_007852 mov [DATA_009283],eax mov [DATA_009284],edx jmp JUMP_007852 JUMP_007809: ; Pos = 6be4b cmp dword [ebp+0x20],byte +0x2 jnl near JUMP_007814 lea eax,[esi+0x4] push eax mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff64] push eax call FUNC_001827 add esp,byte +0x10 lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff58] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff58] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff64] imul edx,[ebp+0xffffff58] mov ecx,[ebp+0xffffff68] imul ecx,[ebp+0xffffff5c] add edx,ecx mov ecx,[ebp+0xffffff6c] imul ecx,[ebp+0xffffff60] add edx,ecx cmp eax,edx jng near JUMP_007814 mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebp+0xffffff58] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff58] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff64] imul edx,[ebp+0xffffff58] mov ecx,[ebp+0xffffff68] imul ecx,[ebp+0xffffff5c] add edx,ecx mov ecx,[ebp+0xffffff6c] imul ecx,[ebp+0xffffff60] add edx,ecx cmp eax,edx jng near JUMP_007814 lea eax,[esi+0x4] push eax lea eax,[ebp+0xffffff58] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff58] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff64] imul edx,[ebp+0xffffff58] mov ecx,[ebp+0xffffff68] imul ecx,[ebp+0xffffff5c] add edx,ecx mov ecx,[ebp+0xffffff6c] imul ecx,[ebp+0xffffff60] add edx,ecx cmp eax,edx jg near JUMP_007852 jmp JUMP_007814 JUMP_007810: ; Pos = 6bfa7 cmp dword [ebp+0x24],0x1f4 jl near JUMP_007852 mov eax,[ebx+0xc] push eax call _abs pop ecx mov [ebp-0x5c],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] push eax call _abs pop ecx mov [ebp-0x60],eax mov eax,[esi+0xc] push eax call _abs pop ecx mov [ebp-0x64],eax mov eax,[ebx+0x4] cmp eax,[ebp-0x5c] jng JUMP_007811 mov eax,[ebp+0xc] mov eax,[eax+0x4] cmp eax,[ebp-0x60] jng JUMP_007811 mov eax,[esi+0x4] cmp eax,[ebp-0x64] jg near JUMP_007852 JUMP_007811: ; Pos = 6bffd mov eax,[ebp-0x5c] neg eax cmp eax,[ebx+0x4] jng JUMP_007812 mov eax,[ebp-0x60] neg eax mov edx,[ebp+0xc] cmp eax,[edx+0x4] jng JUMP_007812 mov eax,[ebp-0x64] neg eax cmp eax,[esi+0x4] jg near JUMP_007852 JUMP_007812: ; Pos = 6c022 mov eax,[ebx+0x8] cmp eax,[ebp-0x5c] jng JUMP_007813 mov eax,[ebp+0xc] mov eax,[eax+0x8] cmp eax,[ebp-0x60] jng JUMP_007813 mov eax,[esi+0x8] cmp eax,[ebp-0x64] jg near JUMP_007852 JUMP_007813: ; Pos = 6c041 mov eax,[ebp-0x5c] neg eax cmp eax,[ebx+0x8] jng JUMP_007814 mov eax,[ebp-0x60] neg eax mov edx,[ebp+0xc] cmp eax,[edx+0x8] jng JUMP_007814 mov eax,[ebp-0x64] neg eax cmp eax,[esi+0x8] jg near JUMP_007852 JUMP_007814: ; Pos = 6c066 cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007819 xor eax,eax mov [ebp-0x24],eax lea eax,[ebp-0x40] mov [ebp+0xffffff70],eax lea eax,[esi+0x34] mov [ebp+0xffffff74],eax lea eax,[ebp-0x38] mov [ebp+0xffffff78],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp+0xffffff7c],eax lea eax,[ebp-0x30] mov [ebp-0x80],eax lea eax,[ebx+0x34] mov [ebp-0x7c],eax mov dword [ebp-0x78],DATA_009260 mov eax,[ebp+0x28] mov [ebp-0x74],eax JUMP_007815: ; Pos = 6c0b5 mov eax,[ebp-0x74] cmp dword [eax],byte +0x0 jng near JUMP_007818 mov eax,[ebp-0x74] mov eax,[eax] mov [ebp-0x68],eax mov eax,[ebp-0x68] mov eax,[eax] shl eax,0x2 lea eax,[eax+eax*2] add eax,DATA_007841 mov [ebp-0x6c],eax mov eax,[ebp-0x6c] mov edi,[eax+0x8] add edi,[ebp+0x20] dec edi mov eax,[ebp-0x78] lea eax,[eax+edi*8] cmp edi,[ebp+0x20] jl JUMP_007817 JUMP_007816: ; Pos = 6c0f2 mov edx,[ebp-0x6c] mov edx,[edx] mov [eax],edx mov edx,[ebp-0x6c] mov edx,[edx+0x4] mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp edi,[ebp+0x20] jnl JUMP_007816 JUMP_007817: ; Pos = 6c10b mov eax,[ebp-0x7c] mov eax,[eax] mov edx,[ebp-0x80] mov [edx],eax mov eax,[ebp+0xffffff7c] mov eax,[eax] mov edx,[ebp+0xffffff78] mov [edx],eax mov eax,[ebp+0xffffff74] mov eax,[eax] mov edx,[ebp+0xffffff70] mov [edx],eax mov eax,[ebp-0x68] mov eax,[eax+0x4] mov edx,[ebp-0x7c] mov [edx],eax mov eax,[ebp-0x68] mov eax,[eax+0x8] mov edx,[ebp+0xffffff7c] mov [edx],eax mov eax,[ebp-0x68] mov eax,[eax+0xc] mov edx,[ebp+0xffffff74] mov [edx],eax JUMP_007818: ; Pos = 6c15c inc dword [ebp-0x24] add dword [ebp+0xffffff70],byte +0x4 add dword [ebp+0xffffff74],byte +0x4 add dword [ebp+0xffffff78],byte +0x4 add dword [ebp+0xffffff7c],byte +0x4 add dword [ebp-0x80],byte +0x4 add dword [ebp-0x7c],byte +0x4 add dword [ebp-0x78],0x100 add dword [ebp-0x74],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007815 JUMP_007819: ; Pos = 6c198 cmp dword [ebp+0x20],byte +0x5 jnl JUMP_007820 mov eax,[ebp+0x20] push eax push ebx push esi mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009278] add esp,byte +0x14 mov eax,[ebp+0x20] push eax mov eax,[ebp+0xc] push eax push ebx push esi mov eax,[ebp+0x1c] push eax call near [DATA_009278] add esp,byte +0x14 mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009278] add esp,byte +0x14 jmp short JUMP_007821 JUMP_007820: ; Pos = 6c1e5 mov eax,[ebp+0x20] push eax push ebx push esi mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009279] add esp,byte +0x14 mov eax,[ebp+0x20] push eax mov eax,[ebp+0xc] push eax push ebx push esi mov eax,[ebp+0x1c] push eax call near [DATA_009279] add esp,byte +0x14 mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009279] add esp,byte +0x14 JUMP_007821: ; Pos = 6c22a call FUNC_001820 mov [ebp-0x8],eax mov eax,[ebp+0x18] mov eax,[eax+0x8] mov edx,[ebp-0x8] mov [edx],eax call FUNC_001820 mov [ebp-0xc],eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] mov edx,[ebp-0xc] mov [edx],eax call FUNC_001820 mov [ebp-0x10],eax mov eax,[ebp+0x14] mov eax,[eax+0x8] mov edx,[ebp-0x10] mov [edx],eax inc dword [ebp+0x20] sar dword [ebp+0x24],1 cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007838 mov eax,[ebp+0x28] mov eax,[eax+0x8] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007822 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007823 JUMP_007822: ; Pos = 6c291 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007823: ; Pos = 6c297 push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007824 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007825 JUMP_007824: ; Pos = 6c2ab mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007825: ; Pos = 6c2b1 push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001872 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0xc] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007826 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007827 JUMP_007826: ; Pos = 6c2ea mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007827: ; Pos = 6c2f0 push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007828 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007829 JUMP_007828: ; Pos = 6c307 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007829: ; Pos = 6c30d push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001872 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x10] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x18] cmp esi,[eax] jnz JUMP_007830 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007831 JUMP_007830: ; Pos = 6c346 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007831: ; Pos = 6c34c push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] cmp esi,[eax] jnz JUMP_007832 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007833 JUMP_007832: ; Pos = 6c360 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007833: ; Pos = 6c366 push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax push esi call FUNC_001872 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x14] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001872 add esp,byte +0x24 dec dword [ebp+0x20] xor eax,eax mov [ebp-0x24],eax lea eax,[esi+0x34] mov [ebp-0x74],eax lea eax,[ebp-0x40] mov [ebp-0x78],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp-0x7c],eax lea eax,[ebp-0x38] mov [ebp-0x80],eax lea eax,[ebx+0x34] mov [ebp+0xffffff7c],eax lea eax,[ebp-0x30] mov [ebp+0xffffff78],eax mov dword [ebp+0xffffff74],DATA_009260 mov eax,[ebp+0x28] mov [ebp+0xffffff70],eax JUMP_007834: ; Pos = 6c3fe mov eax,[ebp+0xffffff70] cmp dword [eax],byte +0x0 jng JUMP_007837 mov eax,[ebp+0xffffff70] mov eax,[eax] mov [ebp-0x70],eax mov eax,[ebp-0x70] mov eax,[eax] lea eax,[eax+eax*2] mov edi,[eax*4+DATA_007842] add edi,[ebp+0x20] dec edi mov eax,[ebp+0xffffff74] lea eax,[eax+edi*8] cmp edi,[ebp+0x20] jl JUMP_007836 JUMP_007835: ; Pos = 6c435 xor edx,edx mov [eax],edx xor edx,edx mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp edi,[ebp+0x20] jnl JUMP_007835 JUMP_007836: ; Pos = 6c447 mov eax,[ebp+0xffffff78] mov eax,[eax] mov edx,[ebp+0xffffff7c] mov [edx],eax mov eax,[ebp-0x80] mov eax,[eax] mov edx,[ebp-0x7c] mov [edx],eax mov eax,[ebp-0x78] mov eax,[eax] mov edx,[ebp-0x74] mov [edx],eax JUMP_007837: ; Pos = 6c46b inc dword [ebp-0x24] add dword [ebp-0x74],byte +0x4 add dword [ebp-0x78],byte +0x4 add dword [ebp-0x7c],byte +0x4 add dword [ebp-0x80],byte +0x4 add dword [ebp+0xffffff7c],byte +0x4 add dword [ebp+0xffffff78],byte +0x4 add dword [ebp+0xffffff74],0x100 add dword [ebp+0xffffff70],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007834 jmp JUMP_007851 JUMP_007838: ; Pos = 6c4ac push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007839 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007840 JUMP_007839: ; Pos = 6c4c5 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007840: ; Pos = 6c4cb push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007841 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007842 JUMP_007841: ; Pos = 6c4df mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007842: ; Pos = 6c4e5 push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001872 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007843 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007844 JUMP_007843: ; Pos = 6c519 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007844: ; Pos = 6c51f push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007845 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007846 JUMP_007845: ; Pos = 6c536 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007846: ; Pos = 6c53c push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001872 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x18] cmp esi,[eax] jnz JUMP_007847 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007848 JUMP_007847: ; Pos = 6c570 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007848: ; Pos = 6c576 push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] cmp esi,[eax] jnz JUMP_007849 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007850 JUMP_007849: ; Pos = 6c58a mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007850: ; Pos = 6c590 push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax push esi call FUNC_001872 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001872 add esp,byte +0x24 JUMP_007851: ; Pos = 6c5db mov eax,[ebp-0x8] push eax call FUNC_001821 pop ecx mov eax,[ebp-0xc] push eax call FUNC_001821 pop ecx mov eax,[ebp-0x10] push eax call FUNC_001821 pop ecx JUMP_007852: ; Pos = 6c5f9 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001873: ; Pos = 6c600 push ebp mov ebp,esp add esp,0xffffff30 push ebx push esi push edi mov esi,[ebp+0x10] mov ebx,[ebp+0x8] cmp dword [ebp+0x20],byte +0xa jnl JUMP_007853 mov edi,[ebp+0x24] jmp near JUMP_007858 JUMP_007853: ; Pos = 6c61d mov eax,[ebx+0x40] mov edx,[ebp+0xc] cmp eax,[edx+0x40] jnl JUMP_007854 mov eax,[ebx+0x40] mov [ebp-0x24],eax mov eax,[ebp+0xc] mov edi,[eax+0x40] jmp short JUMP_007855 JUMP_007854: ; Pos = 6c636 mov eax,[ebp+0xc] mov eax,[eax+0x40] mov [ebp-0x24],eax mov edi,[ebx+0x40] JUMP_007855: ; Pos = 6c642 mov eax,[esi+0x40] cmp eax,[ebp-0x24] jnl JUMP_007856 mov eax,[esi+0x40] mov [ebp-0x24],eax jmp short JUMP_007857 JUMP_007856: ; Pos = 6c652 cmp edi,[esi+0x40] jnl JUMP_007857 mov edi,[esi+0x40] JUMP_007857: ; Pos = 6c65a sub edi,[ebp-0x24] sar edi,0x3 push edi mov eax,[ebx+0x28] push eax call _abs pop ecx mov edi,eax mov eax,[ebx+0x2c] push eax call _abs pop ecx add edi,eax mov eax,[ebx+0x30] push eax call _abs pop ecx add edi,eax push edi call FUNC_001521 add esp,byte +0x8 add eax,[ebp+0x24] mov edi,eax JUMP_007858: ; Pos = 6c693 mov eax,[ebx+0xc] add eax,edi mov [ebp-0x1c],eax cmp dword [ebp-0x1c],byte +0x40 jl near JUMP_007944 mov eax,[ebx+0xc] sub eax,edi cmp eax,[DATA_009285] jg near JUMP_007944 mov eax,[ebx+0x4] push eax call _abs pop ecx sub eax,edi test eax,eax jg near JUMP_007944 mov eax,[ebx+0x8] push eax call _abs pop ecx sub eax,edi test eax,eax jg near JUMP_007944 cmp dword [ebx+0xc],byte +0x40 jl near JUMP_007902 mov eax,[ebp+0xc] cmp dword [eax+0xc],byte +0x40 jl near JUMP_007902 cmp dword [esi+0xc],byte +0x40 jl near JUMP_007902 movsx eax,word [esi] movsx edx,word [ebx] sub eax,edx mov edx,[ebp+0xc] movsx edx,word [edx+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx imul edx movsx edx,word [esi+0x2] movsx ecx,word [ebx+0x2] sub edx,ecx mov ecx,[ebp+0xc] movsx ecx,word [ecx] movsx edi,word [ebx] sub ecx,edi imul edx,ecx sub eax,edx mov [ebp-0x48],eax cmp dword [ebp+0x20],byte +0x9 jg JUMP_007860 mov eax,[ebp+0x20] cmp eax,[ebx+0x44] jng JUMP_007859 mov eax,[ebp+0x20] mov edx,[ebp+0xc] cmp eax,[edx+0x44] jng JUMP_007859 mov eax,[ebp+0x20] cmp eax,[esi+0x44] jg JUMP_007860 JUMP_007859: ; Pos = 6c754 cmp dword [ebp-0x48],0x96 jnl near JUMP_007901 cmp dword [ebp-0x48],byte +0x0 jl near JUMP_007901 cmp dword [ebp+0x20],byte +0x8 jng near JUMP_007901 JUMP_007860: ; Pos = 6c775 mov ax,[ebx+0x24] mov edx,[ebp+0xc] or ax,[edx+0x24] or ax,[esi+0x24] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007944 mov ax,[ebx+0x26] mov edx,[ebp+0xc] or ax,[edx+0x26] or ax,[esi+0x26] movsx eax,ax cmp dword [eax*4+DATA_007838],byte +0x0 jnz near JUMP_007944 cmp dword [ebx+0x4],byte +0x0 jnl JUMP_007861 mov eax,[ebx+0x4] neg eax jmp short JUMP_007862 JUMP_007861: ; Pos = 6c7c2 mov eax,[ebx+0x4] JUMP_007862: ; Pos = 6c7c5 cmp dword [ebx+0x8],byte +0x0 jnl JUMP_007863 mov edx,[ebx+0x8] neg edx jmp short JUMP_007864 JUMP_007863: ; Pos = 6c7d2 mov edx,[ebx+0x8] JUMP_007864: ; Pos = 6c7d5 or eax,edx cmp dword [ebx+0xc],byte +0x0 jnl JUMP_007865 mov edx,[ebx+0xc] neg edx jmp short JUMP_007866 JUMP_007865: ; Pos = 6c7e4 mov edx,[ebx+0xc] JUMP_007866: ; Pos = 6c7e7 or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x4],byte +0x0 jnl JUMP_007867 mov edx,[ebp+0xc] mov edx,[edx+0x4] neg edx jmp short JUMP_007868 JUMP_007867: ; Pos = 6c7fc mov edx,[ebp+0xc] mov edx,[edx+0x4] JUMP_007868: ; Pos = 6c802 or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0x8],byte +0x0 jnl JUMP_007869 mov edx,[ebp+0xc] mov edx,[edx+0x8] neg edx jmp short JUMP_007870 JUMP_007869: ; Pos = 6c817 mov edx,[ebp+0xc] mov edx,[edx+0x8] JUMP_007870: ; Pos = 6c81d or eax,edx mov edx,[ebp+0xc] cmp dword [edx+0xc],byte +0x0 jnl JUMP_007871 mov edx,[ebp+0xc] mov edx,[edx+0xc] neg edx jmp short JUMP_007872 JUMP_007871: ; Pos = 6c832 mov edx,[ebp+0xc] mov edx,[edx+0xc] JUMP_007872: ; Pos = 6c838 or eax,edx cmp dword [esi+0x4],byte +0x0 jnl JUMP_007873 mov edx,[esi+0x4] neg edx jmp short JUMP_007874 JUMP_007873: ; Pos = 6c847 mov edx,[esi+0x4] JUMP_007874: ; Pos = 6c84a or eax,edx cmp dword [esi+0x8],byte +0x0 jnl JUMP_007875 mov edx,[esi+0x8] neg edx jmp short JUMP_007876 JUMP_007875: ; Pos = 6c859 mov edx,[esi+0x8] JUMP_007876: ; Pos = 6c85c or eax,edx cmp dword [esi+0xc],byte +0x0 jnl JUMP_007877 mov edx,[esi+0xc] neg edx jmp short JUMP_007878 JUMP_007877: ; Pos = 6c86b mov edx,[esi+0xc] JUMP_007878: ; Pos = 6c86e or eax,edx push eax call FUNC_001656_FindMSB pop ecx mov edi,eax add edi,byte -0xd test edi,edi jng near JUMP_007879 mov ecx,edi mov eax,[ebx+0x4] sar eax,cl mov [ebp+0xffffff48],eax mov ecx,edi mov eax,[ebx+0x8] sar eax,cl mov [ebp+0xffffff4c],eax mov ecx,edi mov eax,[ebx+0xc] sar eax,cl mov [ebp+0xffffff50],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x4] sar eax,cl mov [ebp+0xffffff3c],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0x8] sar eax,cl mov [ebp+0xffffff40],eax mov ecx,edi mov eax,[ebp+0xc] mov eax,[eax+0xc] sar eax,cl mov [ebp+0xffffff44],eax mov ecx,edi mov eax,[esi+0x4] sar eax,cl mov [ebp+0xffffff30],eax mov ecx,edi mov eax,[esi+0x8] sar eax,cl mov [ebp+0xffffff34],eax mov ecx,edi mov eax,[esi+0xc] sar eax,cl mov [ebp+0xffffff38],eax jmp short JUMP_007880 JUMP_007879: ; Pos = 6c904 mov eax,[ebx+0x4] mov [ebp+0xffffff48],eax mov eax,[ebx+0x8] mov [ebp+0xffffff4c],eax mov eax,[ebx+0xc] mov [ebp+0xffffff50],eax mov eax,[ebp+0xc] mov edx,[eax+0x4] mov [ebp+0xffffff3c],edx mov edx,[eax+0x8] mov [ebp+0xffffff40],edx mov edx,[eax+0xc] mov [ebp+0xffffff44],edx mov eax,[esi+0x4] mov [ebp+0xffffff30],eax mov eax,[esi+0x8] mov [ebp+0xffffff34],eax mov eax,[esi+0xc] mov [ebp+0xffffff38],eax xor edi,edi JUMP_007880: ; Pos = 6c95a mov eax,[ebp+0xffffff48] sub eax,[ebp+0xffffff30] imul dword [ebp+0xffffff40] mov edx,[ebp+0xffffff3c] sub edx,[ebp+0xffffff48] imul edx,[ebp+0xffffff34] add eax,edx mov edx,[ebp+0xffffff30] sub edx,[ebp+0xffffff3c] imul edx,[ebp+0xffffff4c] add eax,edx mov [ebp-0x4c],eax mov eax,[ebp+0xffffff48] sub eax,[ebp+0xffffff3c] imul dword [ebp+0xffffff34] mov edx,[ebp+0xffffff30] sub edx,[ebp+0xffffff48] imul edx,[ebp+0xffffff40] add eax,edx mov edx,[ebp+0xffffff3c] sub edx,[ebp+0xffffff30] imul edx,[ebp+0xffffff4c] add eax,edx mov [ebp-0x50],eax cmp dword [ebp-0x4c],byte +0x0 jz near JUMP_007944 cmp dword [ebp-0x50],byte +0x0 jz near JUMP_007944 mov eax,[ebp+0xffffff48] imul dword [ebp+0xffffff40] mov edx,[ebp+0xffffff3c] imul edx,[ebp+0xffffff4c] sub eax,edx mov [ebp-0x54],eax mov eax,[ebp+0xffffff48] imul dword [ebp+0xffffff34] mov edx,[ebp+0xffffff30] imul edx,[ebp+0xffffff4c] sub eax,edx mov [ebp-0x58],eax cmp dword [ebp-0x58],byte +0x0 jnl JUMP_007881 mov eax,[ebp-0x58] neg eax jmp short JUMP_007882 JUMP_007881: ; Pos = 6ca35 mov eax,[ebp-0x58] JUMP_007882: ; Pos = 6ca38 push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007883 xor esi,esi JUMP_007883: ; Pos = 6ca4c cmp esi,byte +0xf jng JUMP_007884 mov esi,0xf JUMP_007884: ; Pos = 6ca56 cmp esi,byte +0xf jnl JUMP_007885 mov ecx,0xf sub ecx,esi sar dword [ebp-0x50],cl cmp dword [ebp-0x50],byte +0x0 jz near JUMP_007944 cmp dword [ebp-0x50],byte -0x1 jz near JUMP_007944 JUMP_007885: ; Pos = 6ca79 mov ecx,esi mov eax,[ebp-0x58] shl eax,cl cdq idiv dword [ebp-0x50] mov [ebp-0x5c],eax cmp dword [ebp-0x54],byte +0x0 jnl JUMP_007886 mov eax,[ebp-0x54] neg eax jmp short JUMP_007887 JUMP_007886: ; Pos = 6ca94 mov eax,[ebp-0x54] JUMP_007887: ; Pos = 6ca97 push eax call FUNC_001656_FindMSB pop ecx mov esi,0x1e sub esi,eax test esi,esi jnl JUMP_007888 xor esi,esi JUMP_007888: ; Pos = 6caab cmp esi,byte +0xf jng JUMP_007889 mov esi,0xf JUMP_007889: ; Pos = 6cab5 cmp esi,byte +0xf jnl JUMP_007890 mov ecx,0xf sub ecx,esi sar dword [ebp-0x4c],cl cmp dword [ebp-0x4c],byte +0x0 jz near JUMP_007944 cmp dword [ebp-0x4c],byte -0x1 jz near JUMP_007944 JUMP_007890: ; Pos = 6cad8 mov ecx,esi mov eax,[ebp-0x54] shl eax,cl cdq idiv dword [ebp-0x4c] cmp dword [ebp-0x5c],byte +0x0 jl near JUMP_007894 test eax,eax jl near JUMP_007894 mov edx,[ebp-0x5c] add edx,eax cmp edx,0x8000 jg near JUMP_007894 cmp edi,byte +0xf jnl JUMP_007891 mov ecx,0xf sub ecx,edi mov edx,[ebp+0xffffff44] sub edx,[ebp+0xffffff50] imul edx,[ebp-0x5c] mov esi,[ebp+0xffffff38] sub esi,[ebp+0xffffff50] imul esi,eax add edx,esi sar edx,cl add edx,[ebx+0xc] mov eax,edx jmp short JUMP_007892 JUMP_007891: ; Pos = 6cb3c lea ecx,[edi-0xf] mov edx,[ebp+0xffffff44] sub edx,[ebp+0xffffff50] imul edx,[ebp-0x5c] mov esi,[ebp+0xffffff38] sub esi,[ebp+0xffffff50] imul esi,eax add edx,esi shl edx,cl add edx,[ebx+0xc] mov eax,edx JUMP_007892: ; Pos = 6cb67 cmp eax,[DATA_009283] jl JUMP_007893 cmp dword [DATA_009284],byte +0x0 jz near JUMP_007944 JUMP_007893: ; Pos = 6cb7c mov [DATA_009283],eax xor eax,eax mov [DATA_009284],eax jmp JUMP_007944 JUMP_007894: ; Pos = 6cb8d cmp dword [ebp-0x5c],byte +0x0 jnl JUMP_007896 mov edx,[ebp-0x5c] neg edx cmp eax,[ebp-0x5c] jnl JUMP_007895 mov edx,eax neg edx jmp short JUMP_007898 JUMP_007895: ; Pos = 6cba3 mov ecx,[ebp-0x5c] add ecx,eax add ecx,0xffff8000 cmp edx,ecx jnl JUMP_007898 mov edx,[ebp-0x5c] add edx,eax add edx,0xffff8000 jmp short JUMP_007898 JUMP_007896: ; Pos = 6cbbf test eax,eax jnl JUMP_007897 mov edx,eax neg edx mov ecx,[ebp-0x5c] add ecx,eax add ecx,0xffff8000 cmp edx,ecx jnl JUMP_007898 mov edx,[ebp-0x5c] add edx,eax add edx,0xffff8000 jmp short JUMP_007898 JUMP_007897: ; Pos = 6cbe3 mov edx,[ebp-0x5c] add edx,eax add edx,0xffff8000 JUMP_007898: ; Pos = 6cbee cmp edx,[DATA_009284] jnl near JUMP_007944 cmp edi,byte +0xf jnl JUMP_007899 mov esi,[ebp+0xffffff44] sub esi,[ebp+0xffffff50] imul esi,[ebp-0x5c] mov ecx,[ebp+0xffffff38] sub ecx,[ebp+0xffffff50] imul ecx,eax add esi,ecx mov ecx,0xf sub ecx,edi sar esi,cl add esi,[ebx+0xc] mov eax,esi jmp short JUMP_007900 JUMP_007899: ; Pos = 6cc30 mov esi,[ebp+0xffffff44] sub esi,[ebp+0xffffff50] imul esi,[ebp-0x5c] mov ecx,[ebp+0xffffff38] sub ecx,[ebp+0xffffff50] imul ecx,eax add esi,ecx lea ecx,[edi-0xf] shl esi,cl add esi,[ebx+0xc] mov eax,esi JUMP_007900: ; Pos = 6cc5b test eax,eax jng near JUMP_007944 mov [DATA_009283],eax mov [DATA_009284],edx jmp JUMP_007944 JUMP_007901: ; Pos = 6cc73 cmp dword [ebp+0x20],byte +0x2 jnl near JUMP_007906 lea eax,[esi+0x4] push eax mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff60] push eax call FUNC_001827 add esp,byte +0x10 lea eax,[ebx+0x4] push eax lea eax,[ebp+0xffffff54] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff54] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff60] imul edx,[ebp+0xffffff54] mov ecx,[ebp+0xffffff64] imul ecx,[ebp+0xffffff58] add edx,ecx mov ecx,[ebp+0xffffff68] imul ecx,[ebp+0xffffff5c] add edx,ecx cmp eax,edx jng near JUMP_007906 mov eax,[ebp+0xc] add eax,byte +0x4 push eax lea eax,[ebp+0xffffff54] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff54] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff60] imul edx,[ebp+0xffffff54] mov ecx,[ebp+0xffffff64] imul ecx,[ebp+0xffffff58] add edx,ecx mov ecx,[ebp+0xffffff68] imul ecx,[ebp+0xffffff5c] add edx,ecx cmp eax,edx jng near JUMP_007906 lea eax,[esi+0x4] push eax lea eax,[ebp+0xffffff54] push eax call FUNC_001826 add esp,byte +0x8 lea eax,[ebp+0xffffff54] push eax call near [DATA_007724] ; FUNC_001465 pop ecx mov [ebp-0x20],eax mov ecx,[ebp+0x20] mov eax,0xffffb000 sar eax,cl imul dword [ebp-0x20] mov edx,[ebp+0xffffff60] imul edx,[ebp+0xffffff54] mov ecx,[ebp+0xffffff64] imul ecx,[ebp+0xffffff58] add edx,ecx mov ecx,[ebp+0xffffff68] imul ecx,[ebp+0xffffff5c] add edx,ecx cmp eax,edx jg near JUMP_007944 jmp JUMP_007906 JUMP_007902: ; Pos = 6cdcf cmp dword [ebp+0x24],0x1f4 jl near JUMP_007944 mov eax,[ebx+0xc] push eax call _abs pop ecx mov [ebp-0x60],eax mov eax,[ebp+0xc] mov eax,[eax+0xc] push eax call _abs pop ecx mov [ebp-0x64],eax mov eax,[esi+0xc] push eax call _abs pop ecx mov [ebp-0x68],eax mov eax,[ebx+0x4] cmp eax,[ebp-0x60] jng JUMP_007903 mov eax,[ebp+0xc] mov eax,[eax+0x4] cmp eax,[ebp-0x64] jng JUMP_007903 mov eax,[esi+0x4] cmp eax,[ebp-0x68] jg near JUMP_007944 JUMP_007903: ; Pos = 6ce25 mov eax,[ebp-0x60] neg eax cmp eax,[ebx+0x4] jng JUMP_007904 mov eax,[ebp-0x64] neg eax mov edx,[ebp+0xc] cmp eax,[edx+0x4] jng JUMP_007904 mov eax,[ebp-0x68] neg eax cmp eax,[esi+0x4] jg near JUMP_007944 JUMP_007904: ; Pos = 6ce4a mov eax,[ebx+0x8] cmp eax,[ebp-0x60] jng JUMP_007905 mov eax,[ebp+0xc] mov eax,[eax+0x8] cmp eax,[ebp-0x64] jng JUMP_007905 mov eax,[esi+0x8] cmp eax,[ebp-0x68] jg near JUMP_007944 JUMP_007905: ; Pos = 6ce69 mov eax,[ebp-0x60] neg eax cmp eax,[ebx+0x8] jng JUMP_007906 mov eax,[ebp-0x64] neg eax mov edx,[ebp+0xc] cmp eax,[edx+0x8] jng JUMP_007906 mov eax,[ebp-0x68] neg eax cmp eax,[esi+0x8] jg near JUMP_007944 JUMP_007906: ; Pos = 6ce8e cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007911 xor eax,eax mov [ebp-0x24],eax lea eax,[ebp-0x40] mov [ebp+0xffffff6c],eax lea eax,[esi+0x34] mov [ebp+0xffffff70],eax lea eax,[ebp-0x38] mov [ebp+0xffffff74],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp+0xffffff78],eax lea eax,[ebp-0x30] mov [ebp+0xffffff7c],eax lea eax,[ebx+0x34] mov [ebp-0x80],eax mov dword [ebp-0x7c],DATA_009260 mov eax,[ebp+0x28] mov [ebp-0x78],eax JUMP_007907: ; Pos = 6cee0 mov eax,[ebp-0x78] cmp dword [eax],byte +0x0 jng near JUMP_007910 mov eax,[ebp-0x78] mov eax,[eax] mov [ebp-0x6c],eax mov eax,[ebp-0x6c] mov eax,[eax] shl eax,0x2 lea eax,[eax+eax*2] add eax,DATA_007841 mov [ebp-0x70],eax mov eax,[ebp-0x70] mov edi,[eax+0x8] add edi,[ebp+0x20] dec edi mov eax,[ebp-0x7c] lea eax,[eax+edi*8] cmp edi,[ebp+0x20] jl JUMP_007909 JUMP_007908: ; Pos = 6cf1d mov edx,[ebp-0x70] mov edx,[edx] mov [eax],edx mov edx,[ebp-0x70] mov edx,[edx+0x4] mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp edi,[ebp+0x20] jnl JUMP_007908 JUMP_007909: ; Pos = 6cf36 mov eax,[ebp-0x80] mov eax,[eax] mov edx,[ebp+0xffffff7c] mov [edx],eax mov eax,[ebp+0xffffff78] mov eax,[eax] mov edx,[ebp+0xffffff74] mov [edx],eax mov eax,[ebp+0xffffff70] mov eax,[eax] mov edx,[ebp+0xffffff6c] mov [edx],eax mov eax,[ebp-0x6c] mov eax,[eax+0x4] mov edx,[ebp-0x80] mov [edx],eax mov eax,[ebp-0x6c] mov eax,[eax+0x8] mov edx,[ebp+0xffffff78] mov [edx],eax mov eax,[ebp-0x6c] mov eax,[eax+0xc] mov edx,[ebp+0xffffff70] mov [edx],eax JUMP_007910: ; Pos = 6cf8a inc dword [ebp-0x24] add dword [ebp+0xffffff6c],byte +0x4 add dword [ebp+0xffffff70],byte +0x4 add dword [ebp+0xffffff74],byte +0x4 add dword [ebp+0xffffff78],byte +0x4 add dword [ebp+0xffffff7c],byte +0x4 add dword [ebp-0x80],byte +0x4 add dword [ebp-0x7c],0x100 add dword [ebp-0x78],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007907 JUMP_007911: ; Pos = 6cfc9 cmp dword [ebp+0x20],byte +0x5 jnl JUMP_007912 mov eax,[ebp+0x20] push eax push ebx push esi mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009278] add esp,byte +0x14 mov eax,[ebp+0x20] push eax mov eax,[ebp+0xc] push eax push ebx push esi mov eax,[ebp+0x1c] push eax call near [DATA_009278] add esp,byte +0x14 mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009278] add esp,byte +0x14 jmp short JUMP_007913 JUMP_007912: ; Pos = 6d016 mov eax,[ebp+0x20] push eax push ebx push esi mov eax,[ebp+0xc] push eax mov eax,[ebp+0x18] push eax call near [DATA_009279] add esp,byte +0x14 mov eax,[ebp+0x20] push eax mov eax,[ebp+0xc] push eax push ebx push esi mov eax,[ebp+0x1c] push eax call near [DATA_009279] add esp,byte +0x14 mov eax,[ebp+0x20] push eax push esi mov eax,[ebp+0xc] push eax push ebx mov eax,[ebp+0x14] push eax call near [DATA_009279] add esp,byte +0x14 JUMP_007913: ; Pos = 6d05b call FUNC_001820 mov [ebp-0x8],eax mov eax,[ebp+0x18] mov eax,[eax+0x8] mov edx,[ebp-0x8] mov [edx],eax call FUNC_001820 mov [ebp-0xc],eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] mov edx,[ebp-0xc] mov [edx],eax call FUNC_001820 mov [ebp-0x10],eax mov eax,[ebp+0x14] mov eax,[eax+0x8] mov edx,[ebp-0x10] mov [edx],eax inc dword [ebp+0x20] sar dword [ebp+0x24],1 cmp dword [ebp+0x28],byte +0x0 jz near JUMP_007930 mov eax,[ebp+0x28] mov eax,[eax+0x8] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007914 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007915 JUMP_007914: ; Pos = 6d0c2 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007915: ; Pos = 6d0c8 push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007916 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007917 JUMP_007916: ; Pos = 6d0dc mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007917: ; Pos = 6d0e2 push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001873 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0xc] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007918 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007919 JUMP_007918: ; Pos = 6d11b mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007919: ; Pos = 6d121 push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007920 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007921 JUMP_007920: ; Pos = 6d138 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007921: ; Pos = 6d13e push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001873 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x10] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x18] cmp esi,[eax] jnz JUMP_007922 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007923 JUMP_007922: ; Pos = 6d177 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007923: ; Pos = 6d17d push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] cmp esi,[eax] jnz JUMP_007924 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007925 JUMP_007924: ; Pos = 6d191 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007925: ; Pos = 6d197 push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax push esi call FUNC_001873 add esp,byte +0x24 mov eax,[ebp+0x28] mov eax,[eax+0x14] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001873 add esp,byte +0x24 dec dword [ebp+0x20] xor eax,eax mov [ebp-0x24],eax lea eax,[esi+0x34] mov [ebp-0x78],eax lea eax,[ebp-0x40] mov [ebp-0x7c],eax mov eax,[ebp+0xc] add eax,byte +0x34 mov [ebp-0x80],eax lea eax,[ebp-0x38] mov [ebp+0xffffff7c],eax lea eax,[ebx+0x34] mov [ebp+0xffffff78],eax lea eax,[ebp-0x30] mov [ebp+0xffffff74],eax mov dword [ebp+0xffffff70],DATA_009260 mov eax,[ebp+0x28] mov [ebp+0xffffff6c],eax JUMP_007926: ; Pos = 6d232 mov eax,[ebp+0xffffff6c] cmp dword [eax],byte +0x0 jng JUMP_007929 mov eax,[ebp+0xffffff6c] mov eax,[eax] mov [ebp-0x74],eax mov eax,[ebp-0x74] mov eax,[eax] lea eax,[eax+eax*2] mov edi,[eax*4+DATA_007842] add edi,[ebp+0x20] dec edi mov eax,[ebp+0xffffff70] lea eax,[eax+edi*8] cmp edi,[ebp+0x20] jl JUMP_007928 JUMP_007927: ; Pos = 6d269 xor edx,edx mov [eax],edx xor edx,edx mov [eax+0x4],edx dec edi add eax,byte -0x8 cmp edi,[ebp+0x20] jnl JUMP_007927 JUMP_007928: ; Pos = 6d27b mov eax,[ebp+0xffffff74] mov eax,[eax] mov edx,[ebp+0xffffff78] mov [edx],eax mov eax,[ebp+0xffffff7c] mov eax,[eax] mov edx,[ebp-0x80] mov [edx],eax mov eax,[ebp-0x7c] mov eax,[eax] mov edx,[ebp-0x78] mov [edx],eax JUMP_007929: ; Pos = 6d2a2 inc dword [ebp-0x24] add dword [ebp-0x78],byte +0x4 add dword [ebp-0x7c],byte +0x4 add dword [ebp-0x80],byte +0x4 add dword [ebp+0xffffff7c],byte +0x4 add dword [ebp+0xffffff78],byte +0x4 add dword [ebp+0xffffff74],byte +0x4 add dword [ebp+0xffffff70],0x100 add dword [ebp+0xffffff6c],byte +0x4 cmp dword [ebp-0x24],byte +0x2 jl near JUMP_007926 jmp JUMP_007943 JUMP_007930: ; Pos = 6d2e6 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] cmp ebx,[eax] jnz JUMP_007931 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007932 JUMP_007931: ; Pos = 6d2ff mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007932: ; Pos = 6d305 push eax mov eax,[ebp-0x10] push eax mov eax,[ebp+0x14] cmp ebx,[eax] jnz JUMP_007933 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007934 JUMP_007933: ; Pos = 6d319 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007934: ; Pos = 6d31f push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax push ebx call FUNC_001873 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x14] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007935 mov eax,[ebp+0x14] mov eax,[eax+0x4] jmp short JUMP_007936 JUMP_007935: ; Pos = 6d353 mov eax,[ebp+0x14] mov eax,[eax+0xc] JUMP_007936: ; Pos = 6d359 push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x18] mov eax,[eax] cmp eax,[ebp+0xc] jnz JUMP_007937 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007938 JUMP_007937: ; Pos = 6d370 mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007938: ; Pos = 6d376 push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0xc] push eax call FUNC_001873 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x18] cmp esi,[eax] jnz JUMP_007939 mov eax,[ebp+0x18] mov eax,[eax+0x4] jmp short JUMP_007940 JUMP_007939: ; Pos = 6d3aa mov eax,[ebp+0x18] mov eax,[eax+0xc] JUMP_007940: ; Pos = 6d3b0 push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x1c] cmp esi,[eax] jnz JUMP_007941 mov eax,[ebp+0x1c] mov eax,[eax+0x4] jmp short JUMP_007942 JUMP_007941: ; Pos = 6d3c4 mov eax,[ebp+0x1c] mov eax,[eax+0xc] JUMP_007942: ; Pos = 6d3ca push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax push esi call FUNC_001873 add esp,byte +0x24 push byte +0x0 mov eax,[ebp+0x24] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp-0x10] push eax mov eax,[ebp-0xc] push eax mov eax,[ebp+0x14] mov eax,[eax+0x8] push eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] push eax mov eax,[ebp+0x18] mov eax,[eax+0x8] push eax call FUNC_001873 add esp,byte +0x24 JUMP_007943: ; Pos = 6d415 mov eax,[ebp-0x8] push eax call FUNC_001821 pop ecx mov eax,[ebp-0xc] push eax call FUNC_001821 pop ecx mov eax,[ebp-0x10] push eax call FUNC_001821 pop ecx JUMP_007944: ; Pos = 6d433 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001874: ; Pos = 6d43c push ebp mov ebp,esp add esp,byte -0x2c push ebx push esi push edi mov ebx,[ebp+0xc] mov edi,[ebp+0x8] movsx eax,byte [ebx+0x2] lea eax,[eax+eax*8] mov edx,[DATA_009200] mov eax,[edx+eax*4+0x14] cmp eax,[edi+0xf0] jnz JUMP_007945 movsx eax,byte [ebx+0x2] mov esi,eax shl esi,0x2 lea esi,[esi+esi*8] add esi,[DATA_009200] jmp short JUMP_007946 JUMP_007945: ; Pos = 6d478 mov al,[ebx+0x2] push eax push edi call near [DATA_007729] ; FUNC_001470 add esp,byte +0x8 mov esi,eax JUMP_007946: ; Pos = 6d488 movsx eax,byte [ebx+0x3] lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_007947 movsx eax,byte [ebx+0x3] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_007948 JUMP_007947: ; Pos = 6d4ae mov al,[ebx+0x3] push eax push edi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_007948: ; Pos = 6d4bc mov [ebp-0x4],eax movsx eax,byte [ebx+0x4] lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_007949 movsx eax,byte [ebx+0x4] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_007950 JUMP_007949: ; Pos = 6d4e5 mov al,[ebx+0x4] push eax push edi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_007950: ; Pos = 6d4f3 mov [ebp-0x8],eax movsx eax,byte [ebx+0x5] lea eax,[eax+eax*8] mov edx,[DATA_009200] cmp dword [edx+eax*4+0x14],byte +0x0 jz JUMP_007951 movsx eax,byte [ebx+0x5] shl eax,0x2 lea eax,[eax+eax*8] add eax,[DATA_009200] jmp short JUMP_007952 JUMP_007951: ; Pos = 6d51c mov al,[ebx+0x5] push eax push edi call near [DATA_007728] ; FUNC_001472 add esp,byte +0x8 JUMP_007952: ; Pos = 6d52a mov edx,[ebp-0x4] mov edx,[edx+0x18] mov ecx,[esi+0x18] neg ecx add edx,ecx mov [ebp-0x2c],edx mov edx,[ebp-0x4] mov edx,[edx+0x1c] mov ecx,[esi+0x1c] neg ecx add edx,ecx mov [ebp-0x28],edx mov edx,[ebp-0x4] mov edx,[edx+0x20] mov ecx,[esi+0x20] neg ecx add edx,ecx mov [ebp-0x24],edx mov edx,[ebp-0x8] mov edx,[edx+0x18] mov ecx,[esi+0x18] neg ecx add edx,ecx mov [ebp-0x20],edx mov edx,[ebp-0x8] mov edx,[edx+0x1c] mov ecx,[esi+0x1c] neg ecx add edx,ecx mov [ebp-0x1c],edx mov edx,[ebp-0x8] mov edx,[edx+0x20] mov ecx,[esi+0x20] neg ecx add edx,ecx mov [ebp-0x18],edx mov edx,[eax+0x18] mov ecx,[esi+0x18] neg ecx add edx,ecx mov [ebp-0x14],edx mov edx,[eax+0x1c] mov ecx,[esi+0x1c] neg ecx add edx,ecx mov [ebp-0x10],edx mov eax,[eax+0x20] mov edx,[esi+0x20] neg edx add eax,edx mov [ebp-0xc],eax push byte +0x0 movsx eax,word [ebx] push eax movsx eax,word [ebx+0x8] shl eax,0x10 push eax movsx eax,word [ebx+0xa] push eax movsx eax,word [ebx+0x6] push eax lea eax,[ebp-0x2c] push eax add esi,byte +0x4 push esi add ebx,byte +0xc push ebx push edi mov eax,[edi+0x14c] push eax push byte +0x0 push byte +0x0 call FUNC_001876 add esp,byte +0x30 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001875: ; Pos = 6d5f0 push ebp mov ebp,esp add esp,byte -0x18 push ebx push esi mov esi,[ebp+0xc] mov ebx,[ebp+0x8] mov eax,[esi+0x4] push eax mov eax,[ebx] push eax lea eax,[ebp-0x8] push eax call FUNC_001339_Int64MulCreate add esp,byte +0xc mov eax,[esi] push eax mov eax,[ebx+0x4] push eax lea eax,[ebp-0x10] push eax call FUNC_001339_Int64MulCreate add esp,byte +0xc push dword [ebp-0xc] push dword [ebp-0x10] push dword [ebp-0x4] push dword [ebp-0x8] lea eax,[ebp-0x18] push eax call FUNC_001335_Int64Sub64 add esp,byte +0x14 mov eax,[ebp-0x14] sar eax,0x1f pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001876: ; Pos = 6d648 push ebp mov ebp,esp add esp,0xfffff658 push ebx push esi push edi mov esi,DATA_007893 lea edi,[ebp+0xfffffd84] mov ecx,0x78 rep movsd mov esi,DATA_007894 lea edi,[ebp+0xfffff6f4] mov ecx,0x3c rep movsd mov eax,[ebp+0x10] mov eax,[eax+0xa0] mov [ebp-0x4],eax cmp dword [ebp+0x34],byte +0x0 jz JUMP_007953 mov dword [DATA_009283],0x7fffffff mov eax,[ebp+0xc] mov [DATA_009285],eax mov dword [DATA_009284],0x4000 jmp short JUMP_007956 JUMP_007953: ; Pos = 6d6a8 mov eax,[ebp+0x14] mov eax,[eax+0x148] add eax,byte -0x8 mov [ebp-0x10],eax cmp dword [ebp-0x10],byte +0x0 jnl JUMP_007954 mov ecx,[ebp-0x10] neg ecx sar dword [ebp+0x28],cl jmp short JUMP_007955 JUMP_007954: ; Pos = 6d6c7 mov ecx,[ebp-0x10] shl dword [ebp+0x28],cl JUMP_007955: ; Pos = 6d6cd mov eax,[ebp+0x30] push eax lea eax,[ebp-0x30] push eax call FUNC_001692 add esp,byte +0x8 lea eax,[ebp-0x30] push dword [eax+0xc] push dword [eax+0x8] push dword [eax+0x4] push dword [eax] push dword DATA_009259 call FUNC_001691 add esp,byte +0x14 mov eax,[ebp+0x28] push eax mov eax,[ebp+0x2c] push eax mov eax,[DATA_009259] push eax mov eax,[ebp+0x20] push eax mov eax,[ebp+0x1c] push eax mov eax,[ebp+0x14] push eax call FUNC_001877 add esp,byte +0x18 JUMP_007956: ; Pos = 6d71a mov eax,[ebp+0x20] push eax call FUNC_001825 pop ecx add eax,byte -0xe mov [ebp-0x10],eax cmp dword [ebp-0x10],byte +0x0 jng JUMP_007957 mov ecx,[ebp-0x10] mov eax,[ebp+0x20] mov eax,[eax] sar eax,cl mov ecx,[ebp-0x10] mov edx,[ebp+0x20] mov edx,[edx] sar edx,cl imul edx mov ecx,[ebp-0x10] mov edx,[ebp+0x20] mov edx,[edx+0x4] sar edx,cl mov ecx,[ebp-0x10] mov ebx,[ebp+0x20] mov ebx,[ebx+0x4] sar ebx,cl imul edx,ebx add eax,edx mov ecx,[ebp-0x10] mov edx,[ebp+0x20] mov edx,[edx+0x8] sar edx,cl mov ecx,[ebp-0x10] mov ebx,[ebp+0x20] mov ebx,[ebx+0x8] sar ebx,cl imul edx,ebx add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov ecx,[ebp-0x10] shl eax,cl mov [ebp-0xc],eax jmp short JUMP_007958 JUMP_007957: ; Pos = 6d78e mov eax,[ebp+0x20] mov eax,[eax] mov edx,[ebp+0x20] imul dword [edx] mov edx,[ebp+0x20] mov edx,[edx+0x4] mov ecx,[ebp+0x20] imul edx,[ecx+0x4] add eax,edx mov edx,[ebp+0x20] mov edx,[edx+0x8] mov ecx,[ebp+0x20] imul edx,[ecx+0x8] add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov [ebp-0xc],eax JUMP_007958: ; Pos = 6d7c1 mov eax,[ebp+0x20] add eax,byte +0xc push eax call FUNC_001825 pop ecx add eax,byte -0xe mov [ebp-0x10],eax cmp dword [ebp-0x10],byte +0x0 jng JUMP_007959 mov ecx,[ebp-0x10] mov eax,[ebp+0x20] mov eax,[eax+0xc] sar eax,cl mov ecx,[ebp-0x10] mov edx,[ebp+0x20] mov edx,[edx+0xc] sar edx,cl imul edx mov ecx,[ebp-0x10] mov edx,[ebp+0x20] mov edx,[edx+0x10] sar edx,cl mov ecx,[ebp-0x10] mov ebx,[ebp+0x20] mov ebx,[ebx+0x10] sar ebx,cl imul edx,ebx add eax,edx mov ecx,[ebp-0x10] mov edx,[ebp+0x20] mov edx,[edx+0x14] sar edx,cl mov ecx,[ebp-0x10] mov ebx,[ebp+0x20] mov ebx,[ebx+0x14] sar ebx,cl imul edx,ebx add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov ecx,[ebp-0x10] shl eax,cl mov [ebp-0x8],eax jmp short JUMP_007960 JUMP_007959: ; Pos = 6d83a mov eax,[ebp+0x20] mov eax,[eax+0xc] mov edx,[ebp+0x20] imul dword [edx+0xc] mov edx,[ebp+0x20] mov edx,[edx+0x10] mov ecx,[ebp+0x20] imul edx,[ecx+0x10] add eax,edx mov edx,[ebp+0x20] mov edx,[edx+0x14] mov ecx,[ebp+0x20] imul edx,[ecx+0x14] add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov [ebp-0x8],eax JUMP_007960: ; Pos = 6d86f mov eax,[ebp-0x8] cmp eax,[ebp-0xc] jng JUMP_007961 mov eax,[ebp-0x8] mov [ebp-0xc],eax JUMP_007961: ; Pos = 6d87d mov eax,[ebp+0x20] add eax,byte +0x18 push eax call FUNC_001825 pop ecx add eax,byte -0xe mov [ebp-0x10],eax cmp dword [ebp-0x10],byte +0x0 jng JUMP_007962 mov ecx,[ebp-0x10] mov eax,[ebp+0x20] mov eax,[eax+0x18] sar eax,cl mov ecx,[ebp-0x10] mov edx,[ebp+0x20] mov edx,[edx+0x18] sar edx,cl imul edx mov ecx,[ebp-0x10] mov edx,[ebp+0x20] mov edx,[edx+0x1c] sar edx,cl mov ecx,[ebp-0x10] mov ebx,[ebp+0x20] mov ebx,[ebx+0x1c] sar ebx,cl imul edx,ebx add eax,edx mov ecx,[ebp-0x10] mov edx,[ebp+0x20] mov edx,[edx+0x20] sar edx,cl mov ecx,[ebp-0x10] mov ebx,[ebp+0x20] mov ebx,[ebx+0x20] sar ebx,cl imul edx,ebx add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov ecx,[ebp-0x10] shl eax,cl mov [ebp-0x8],eax jmp short JUMP_007963 JUMP_007962: ; Pos = 6d8f6 mov eax,[ebp+0x20] mov eax,[eax+0x18] mov edx,[ebp+0x20] imul dword [edx+0x18] mov edx,[ebp+0x20] mov edx,[edx+0x1c] mov ecx,[ebp+0x20] imul edx,[ecx+0x1c] add eax,edx mov edx,[ebp+0x20] mov edx,[edx+0x20] mov ecx,[ebp+0x20] imul edx,[ecx+0x20] add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov [ebp-0x8],eax JUMP_007963: ; Pos = 6d92b mov eax,[ebp-0x8] cmp eax,[ebp-0xc] jng JUMP_007964 mov eax,[ebp-0x8] mov [ebp-0xc],eax JUMP_007964: ; Pos = 6d939 push dword 0x54000000 mov eax,[ebp-0xc] push eax call FUNC_001521 add esp,byte +0x8 add eax,eax mov [ebp-0x8],eax cmp dword [ebp+0x34],byte +0x0 jnz near JUMP_007966 mov eax,[DATA_008812] dec eax mov [DATA_007837],eax mov eax,[ebp+0x1c] push eax call FUNC_001825 pop ecx add eax,byte -0xe mov [ebp-0x38],eax cmp dword [ebp-0x38],byte +0x0 jnl JUMP_007965 xor eax,eax mov [ebp-0x38],eax JUMP_007965: ; Pos = 6d97f mov ecx,[ebp-0x38] mov eax,[ebp+0x1c] mov eax,[eax] sar eax,cl mov ecx,[ebp-0x38] mov edx,[ebp+0x1c] mov edx,[edx] sar edx,cl imul edx mov ecx,[ebp-0x38] mov edx,[ebp+0x1c] mov edx,[edx+0x4] sar edx,cl mov ecx,[ebp-0x38] mov ebx,[ebp+0x1c] mov ebx,[ebx+0x4] sar ebx,cl imul edx,ebx add eax,edx mov ecx,[ebp-0x38] mov edx,[ebp+0x1c] mov edx,[edx+0x8] sar edx,cl mov ecx,[ebp-0x38] mov ebx,[ebp+0x1c] mov ebx,[ebx+0x8] sar ebx,cl imul edx,ebx add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov ecx,[ebp-0x38] shl eax,cl mov [ebp-0x34],eax mov eax,[ebp-0xc] sar eax,0x4 add eax,[ebp-0xc] cmp eax,[ebp-0x34] jnc JUMP_007967 inc dword [DATA_007837] mov eax,[ebp-0xc] sar eax,0x3 add eax,[ebp-0xc] cmp eax,[ebp-0x34] jnc JUMP_007967 inc dword [DATA_007837] jmp short JUMP_007967 JUMP_007966: ; Pos = 6da05 mov eax,[DATA_008812] dec eax mov [DATA_007837],eax JUMP_007967: ; Pos = 6da10 mov eax,[ebp-0x8] push eax call FUNC_001656_FindMSB pop ecx add eax,[DATA_007837] mov [DATA_009269],eax xor ebx,ebx lea edi,[ebp+0xfffff7e8] mov esi,DATA_007892 JUMP_007968: ; Pos = 6da32 mov eax,[ebp+0x20] mov eax,[eax] push eax mov eax,[esi] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp+0x20] mov eax,[eax+0xc] push eax mov eax,[esi+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[ebp+0x20] mov eax,[eax+0x18] push eax mov eax,[esi+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [edi],edx mov eax,[ebp+0x20] mov eax,[eax+0x4] push eax mov eax,[esi] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp+0x20] mov eax,[eax+0x10] push eax mov eax,[esi+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[ebp+0x20] mov eax,[eax+0x1c] push eax mov eax,[esi+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [edi+0x4],edx mov eax,[ebp+0x20] mov eax,[eax+0x8] push eax mov eax,[esi] push eax call FUNC_001521 add esp,byte +0x8 push eax mov eax,[ebp+0x20] mov eax,[eax+0x14] push eax mov eax,[esi+0x4] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax push edx mov eax,[ebp+0x20] mov eax,[eax+0x20] push eax mov eax,[esi+0x8] push eax call FUNC_001521 add esp,byte +0x8 pop edx add edx,eax mov [edi+0x8],edx mov eax,[edi] mov [edi+0x24],eax mov eax,[edi+0x4] mov [edi+0x28],eax mov eax,[edi+0x8] mov [edi+0x2c],eax mov eax,[ebp+0x1c] mov eax,[eax] add [edi],eax mov eax,[ebp+0x1c] mov eax,[eax+0x4] add [edi+0x4],eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] add [edi+0x8],eax cmp dword [ebp+0x34],byte +0x1 jz JUMP_007969 mov eax,ebx shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e8] add eax,edx push eax mov eax,ebx shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx push eax call FUNC_001479 add esp,byte +0x8 JUMP_007969: ; Pos = 6db53 mov eax,[ebp-0x4] push eax call FUNC_001824 pop ecx mov [ebp-0x4],eax mov eax,[ebp+0x24] add eax,eax lea eax,[eax+eax*2] mov eax,[eax*8+DATA_007843] cmp eax,FUNC_001842 jz JUMP_007970 mov eax,[ebp-0x4] sar eax,0x4 mov [edi+0x38],eax jmp short JUMP_007971 JUMP_007970: ; Pos = 6db81 mov eax,[esi+0x4] sar eax,0x5 add eax,0x4000000 mov [edi+0x38],eax JUMP_007971: ; Pos = 6db8f inc ebx add edi,byte +0x48 add esi,byte +0xc cmp ebx,byte +0xc jl near JUMP_007968 mov eax,[ebp+0x18] push eax lea eax,[ebp-0x14] push eax call FUNC_001823 add esp,byte +0x8 mov [ebp+0x18],eax mov eax,[ebp+0x1c] mov eax,[eax+0x8] mov edx,[ebp-0xc] add edx,edx cmp eax,edx jng JUMP_007972 mov dword [ebp-0x18],0x1 jmp short JUMP_007973 JUMP_007972: ; Pos = 6dbca xor eax,eax mov [ebp-0x18],eax JUMP_007973: ; Pos = 6dbcf push dword DATA_009271 call _SetJmp pop ecx mov [ebp-0x20],eax test eax,eax jz JUMP_007974 call FUNC_001817 mov eax,[ebp+0x18] jmp JUMP_008044 JUMP_007974: ; Pos = 6dbee call FUNC_001816 xor ebx,ebx lea esi,[ebp+0xfffff6f4] lea edi,[ebp+0xfffff67c] JUMP_007975: ; Pos = 6dc01 call FUNC_001820 mov [edi],eax mov eax,[esi] shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx mov edx,[edi] mov [edx],eax inc ebx add esi,byte +0x8 add edi,byte +0x4 cmp ebx,byte +0x1e jl JUMP_007975 mov eax,[ebp+0x34] push eax mov eax,[ebp+0x24] push eax mov eax,[ebp-0x8] push eax mov eax,[ebp+0x14] push eax call FUNC_001833 add esp,byte +0x10 mov [ebp-0x1c],eax cmp dword [ebp+0x34],byte +0x1 jnz near JUMP_008038 xor ebx,ebx JUMP_007976: ; Pos = 6dc4f mov eax,[ebp-0x14] mov eax,[eax+ebx*4+0x8] mov [ebp-0x60],eax mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x60] push eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd8c] shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx push eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd88] shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx push eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd84] shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx push eax call FUNC_001834 add esp,byte +0x18 lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd84] lea eax,[eax+eax*8] mov eax,[ebp+eax*8+0xfffff7e8] mov edx,[ebp+0x1c] mov edx,[edx] neg edx add eax,edx mov [ebp+0xfffff670],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd84] lea eax,[eax+eax*8] mov eax,[ebp+eax*8+0xfffff7ec] mov edx,[ebp+0x1c] mov edx,[edx+0x4] neg edx add eax,edx mov [ebp+0xfffff674],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd84] lea eax,[eax+eax*8] mov eax,[ebp+eax*8+0xfffff7f0] mov edx,[ebp+0x1c] mov edx,[edx+0x8] neg edx add eax,edx mov [ebp+0xfffff678],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd88] lea eax,[eax+eax*8] mov eax,[ebp+eax*8+0xfffff7e8] mov edx,[ebp+0x1c] mov edx,[edx] neg edx add eax,edx mov [ebp+0xfffff664],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd88] lea eax,[eax+eax*8] mov eax,[ebp+eax*8+0xfffff7ec] mov edx,[ebp+0x1c] mov edx,[edx+0x4] neg edx add eax,edx mov [ebp+0xfffff668],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd88] lea eax,[eax+eax*8] mov eax,[ebp+eax*8+0xfffff7f0] mov edx,[ebp+0x1c] mov edx,[edx+0x8] neg edx add eax,edx mov [ebp+0xfffff66c],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd8c] lea eax,[eax+eax*8] mov eax,[ebp+eax*8+0xfffff7e8] mov edx,[ebp+0x1c] mov edx,[edx] neg edx add eax,edx mov [ebp+0xfffff658],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd8c] lea eax,[eax+eax*8] mov eax,[ebp+eax*8+0xfffff7ec] mov edx,[ebp+0x1c] mov edx,[edx+0x4] neg edx add eax,edx mov [ebp+0xfffff65c],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd8c] lea eax,[eax+eax*8] mov eax,[ebp+eax*8+0xfffff7f0] mov edx,[ebp+0x1c] mov edx,[edx+0x8] neg edx add eax,edx mov [ebp+0xfffff660],eax lea eax,[ebp+0xfffff664] push eax lea eax,[ebp+0xfffff670] push eax call FUNC_001875 add esp,byte +0x8 mov [ebp-0x3c],eax lea eax,[ebp+0xfffff658] push eax lea eax,[ebp+0xfffff664] push eax call FUNC_001875 add esp,byte +0x8 mov [ebp-0x40],eax lea eax,[ebp+0xfffff670] push eax lea eax,[ebp+0xfffff658] push eax call FUNC_001875 add esp,byte +0x8 mov [ebp-0x44],eax cmp dword [ebp-0x3c],byte +0x0 jl near JUMP_008037 cmp dword [ebp-0x40],byte +0x0 jl near JUMP_008037 cmp dword [ebp-0x44],byte +0x0 jl near JUMP_008037 lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd84] shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx mov [ebp-0x48],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd88] shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx mov [ebp-0x4c],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd8c] shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx mov [ebp-0x50],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd90] mov eax,[ebp+eax*4+0xfffff67c] mov [ebp-0x54],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd94] mov eax,[ebp+eax*4+0xfffff67c] mov [ebp-0x58],eax lea eax,[ebx+ebx*2] mov eax,[ebp+eax*8+0xfffffd98] mov eax,[ebp+eax*4+0xfffff67c] mov [ebp-0x5c],eax xor eax,eax mov [ebp-0x10],eax jmp JUMP_008001 JUMP_007977: ; Pos = 6def9 cmp dword [ebp-0x60],byte +0x0 jz near JUMP_007982 xor ebx,ebx mov eax,[ebp-0x50] add eax,byte +0x34 mov [ebp+0xffffff64],eax mov eax,[ebp-0x4c] add eax,byte +0x34 mov [ebp+0xffffff68],eax mov eax,[ebp-0x48] add eax,byte +0x34 mov [ebp+0xffffff6c],eax mov dword [ebp+0xffffff70],DATA_009260 mov eax,[ebp-0x60] mov [ebp+0xffffff74],eax JUMP_007978: ; Pos = 6df3c mov eax,[ebp+0xffffff74] cmp dword [eax],byte +0x0 jng JUMP_007981 mov eax,[ebp+0xffffff74] mov eax,[eax] mov [ebp-0x68],eax mov eax,[ebp-0x68] mov ecx,[eax] shl ecx,0x2 lea ecx,[ecx+ecx*2] add ecx,DATA_007841 mov eax,[ecx+0x8] add eax,[ebp-0x10] dec eax mov edx,[ebp+0xffffff70] lea edx,[edx+eax*8] cmp eax,[ebp-0x10] jl JUMP_007980 JUMP_007979: ; Pos = 6df78 mov esi,[ecx] mov [edx],esi mov esi,[ecx+0x4] mov [edx+0x4],esi dec eax add edx,byte -0x8 cmp eax,[ebp-0x10] jnl JUMP_007979 JUMP_007980: ; Pos = 6df8b mov eax,[ebp-0x68] mov eax,[eax+0x4] mov edx,[ebp+0xffffff6c] mov [edx],eax mov eax,[ebp-0x68] mov eax,[eax+0x8] mov edx,[ebp+0xffffff68] mov [edx],eax mov eax,[ebp-0x68] mov eax,[eax+0xc] mov edx,[ebp+0xffffff64] mov [edx],eax JUMP_007981: ; Pos = 6dfb5 inc ebx add dword [ebp+0xffffff64],byte +0x4 add dword [ebp+0xffffff68],byte +0x4 add dword [ebp+0xffffff6c],byte +0x4 add dword [ebp+0xffffff70],0x100 add dword [ebp+0xffffff74],byte +0x4 cmp ebx,byte +0x2 jl near JUMP_007978 JUMP_007982: ; Pos = 6dfe5 cmp dword [ebp-0x10],byte +0x5 jnl JUMP_007983 mov eax,[ebp-0x10] push eax mov eax,[ebp-0x48] push eax mov eax,[ebp-0x50] push eax mov eax,[ebp-0x4c] push eax mov eax,[ebp-0x58] push eax call near [DATA_009278] add esp,byte +0x14 mov eax,[ebp-0x10] push eax mov eax,[ebp-0x4c] push eax mov eax,[ebp-0x48] push eax mov eax,[ebp-0x50] push eax mov eax,[ebp-0x5c] push eax call near [DATA_009278] add esp,byte +0x14 mov eax,[ebp-0x10] push eax mov eax,[ebp-0x50] push eax mov eax,[ebp-0x4c] push eax mov eax,[ebp-0x48] push eax mov eax,[ebp-0x54] push eax call near [DATA_009278] add esp,byte +0x14 jmp short JUMP_007984 JUMP_007983: ; Pos = 6e044 mov eax,[ebp-0x10] push eax mov eax,[ebp-0x48] push eax mov eax,[ebp-0x50] push eax mov eax,[ebp-0x4c] push eax mov eax,[ebp-0x58] push eax call near [DATA_009279] add esp,byte +0x14 mov eax,[ebp-0x10] push eax mov eax,[ebp-0x4c] push eax mov eax,[ebp-0x48] push eax mov eax,[ebp-0x50] push eax mov eax,[ebp-0x5c] push eax call near [DATA_009279] add esp,byte +0x14 mov eax,[ebp-0x10] push eax mov eax,[ebp-0x50] push eax mov eax,[ebp-0x4c] push eax mov eax,[ebp-0x48] push eax mov eax,[ebp-0x54] push eax call near [DATA_009279] add esp,byte +0x14 JUMP_007984: ; Pos = 6e09b mov eax,[ebp-0x58] mov eax,[eax+0x8] mov ecx,[eax+0x4] mov edx,[ebp+0x1c] mov edx,[edx] neg edx add ecx,edx mov [ebp+0xfffff670],ecx mov ebx,[eax+0x8] mov ecx,[ebp+0x1c] mov ecx,[ecx+0x4] neg ecx add ebx,ecx mov [ebp+0xfffff674],ebx mov eax,[eax+0xc] mov ebx,[ebp+0x1c] mov ebx,[ebx+0x8] neg ebx add eax,ebx mov [ebp+0xfffff678],eax mov eax,[ebp-0x5c] mov eax,[eax+0x8] mov ebx,[eax+0x4] mov esi,[ebp+0x1c] mov esi,[esi] neg esi add ebx,edx mov [ebp+0xfffff664],ebx mov ebx,[eax+0x8] mov esi,[ebp+0x1c] mov esi,[esi+0x4] neg esi add ebx,ecx mov [ebp+0xfffff668],ebx mov eax,[eax+0xc] mov ebx,[ebp+0x1c] mov ebx,[ebx+0x8] neg ebx add eax,ebx mov [ebp+0xfffff66c],eax mov eax,[ebp-0x54] mov eax,[eax+0x8] mov eax,[eax+0x4] mov ebx,[ebp+0x1c] mov ebx,[ebx] neg ebx add eax,edx mov [ebp+0xfffff658],eax mov eax,[ebp-0x54] mov eax,[eax+0x8] mov eax,[eax+0x8] mov edx,[ebp+0x1c] mov edx,[edx+0x4] neg edx add eax,ecx mov [ebp+0xfffff65c],eax mov eax,[ebp-0x54] mov eax,[eax+0x8] mov eax,[eax+0xc] mov edx,[ebp+0x1c] mov edx,[edx+0x8] neg edx add eax,edx mov [ebp+0xfffff660],eax lea eax,[ebp+0xfffff664] push eax lea eax,[ebp+0xfffff658] push eax call FUNC_001875 add esp,byte +0x8 test eax,eax jl JUMP_007989 mov eax,[ebp-0x54] mov eax,[eax] cmp eax,[ebp-0x48] jnz JUMP_007985 mov eax,[ebp-0x54] mov esi,[eax+0x4] jmp short JUMP_007986 JUMP_007985: ; Pos = 6e18d mov eax,[ebp-0x54] mov esi,[eax+0xc] JUMP_007986: ; Pos = 6e193 call FUNC_001820 mov ebx,eax mov eax,[ebp-0x54] mov eax,[eax+0x8] mov [ebx],eax mov eax,[ebp-0x5c] mov eax,[eax] cmp eax,[ebp-0x48] jnz JUMP_007987 mov eax,[ebp-0x5c] mov eax,[eax+0x4] jmp short JUMP_007988 JUMP_007987: ; Pos = 6e1b4 mov eax,[ebp-0x5c] mov eax,[eax+0xc] JUMP_007988: ; Pos = 6e1ba mov edx,[ebp-0x48] mov [ebp-0x48],edx mov edx,[ebp-0x54] mov edx,[edx+0x8] mov [ebp-0x4c],edx mov edx,[ebp-0x5c] mov edx,[edx+0x8] mov [ebp-0x50],edx cmp dword [ebp-0x60],byte +0x0 jz near JUMP_008000 mov edx,[ebp-0x60] mov edx,[edx+0x8] mov [ebp-0x60],edx jmp JUMP_008000 JUMP_007989: ; Pos = 6e1ea lea eax,[ebp+0xfffff658] push eax lea eax,[ebp+0xfffff670] push eax call FUNC_001875 add esp,byte +0x8 test eax,eax jl JUMP_007994 mov eax,[ebp-0x58] mov eax,[eax] cmp eax,[ebp-0x4c] jnz JUMP_007990 mov eax,[ebp-0x58] mov esi,[eax+0x4] jmp short JUMP_007991 JUMP_007990: ; Pos = 6e216 mov eax,[ebp-0x58] mov esi,[eax+0xc] JUMP_007991: ; Pos = 6e21c call FUNC_001820 mov ebx,eax mov eax,[ebp-0x58] mov eax,[eax+0x8] mov [ebx],eax mov eax,[ebp-0x54] mov eax,[eax] cmp eax,[ebp-0x4c] jnz JUMP_007992 mov eax,[ebp-0x54] mov eax,[eax+0x4] jmp short JUMP_007993 JUMP_007992: ; Pos = 6e23d mov eax,[ebp-0x54] mov eax,[eax+0xc] JUMP_007993: ; Pos = 6e243 mov edx,[ebp-0x4c] mov [ebp-0x48],edx mov edx,[ebp-0x58] mov edx,[edx+0x8] mov [ebp-0x4c],edx mov edx,[ebp-0x54] mov edx,[edx+0x8] mov [ebp-0x50],edx cmp dword [ebp-0x60],byte +0x0 jz near JUMP_008000 mov edx,[ebp-0x60] mov edx,[edx+0xc] mov [ebp-0x60],edx jmp JUMP_008000 JUMP_007994: ; Pos = 6e273 lea eax,[ebp+0xfffff670] push eax lea eax,[ebp+0xfffff664] push eax call FUNC_001875 add esp,byte +0x8 test eax,eax jl JUMP_007999 mov eax,[ebp-0x5c] mov eax,[eax] cmp eax,[ebp-0x50] jnz JUMP_007995 mov eax,[ebp-0x5c] mov esi,[eax+0x4] jmp short JUMP_007996 JUMP_007995: ; Pos = 6e29f mov eax,[ebp-0x5c] mov esi,[eax+0xc] JUMP_007996: ; Pos = 6e2a5 call FUNC_001820 mov ebx,eax mov eax,[ebp-0x5c] mov eax,[eax+0x8] mov [ebx],eax mov eax,[ebp-0x58] mov eax,[eax] cmp eax,[ebp-0x50] jnz JUMP_007997 mov eax,[ebp-0x58] mov eax,[eax+0x4] jmp short JUMP_007998 JUMP_007997: ; Pos = 6e2c6 mov eax,[ebp-0x58] mov eax,[eax+0xc] JUMP_007998: ; Pos = 6e2cc mov edx,[ebp-0x50] mov [ebp-0x48],edx mov edx,[ebp-0x5c] mov edx,[edx+0x8] mov [ebp-0x4c],edx mov edx,[ebp-0x58] mov edx,[edx+0x8] mov [ebp-0x50],edx cmp dword [ebp-0x60],byte +0x0 jz JUMP_008000 mov edx,[ebp-0x60] mov edx,[edx+0x10] mov [ebp-0x60],edx jmp short JUMP_008000 JUMP_007999: ; Pos = 6e2f5 call FUNC_001820 mov esi,eax mov eax,[ebp-0x5c] mov eax,[eax+0x8] mov [esi],eax call FUNC_001820 mov ebx,eax mov eax,[ebp-0x54] mov eax,[eax+0x8] mov [ebx],eax call FUNC_001820 mov edx,[ebp-0x58] mov edx,[edx+0x8] mov [eax],edx mov edx,[ebp-0x58] mov edx,[edx+0x8] mov [ebp-0x48],edx mov edx,[ebp-0x5c] mov edx,[edx+0x8] mov [ebp-0x4c],edx mov edx,[ebp-0x54] mov edx,[edx+0x8] mov [ebp-0x50],edx cmp dword [ebp-0x60],byte +0x0 jz JUMP_008000 mov edx,[ebp-0x60] mov edx,[edx+0x14] mov [ebp-0x60],edx JUMP_008000: ; Pos = 6e34a mov [ebp-0x54],esi mov [ebp-0x58],ebx mov [ebp-0x5c],eax inc dword [ebp-0x10] JUMP_008001: ; Pos = 6e356 cmp dword [ebp-0x10],byte +0x9 jg JUMP_008002 mov eax,[ebp-0x48] mov eax,[eax+0x44] cmp eax,[ebp-0x10] jnl near JUMP_007977 mov eax,[ebp-0x4c] mov eax,[eax+0x44] cmp eax,[ebp-0x10] jnl near JUMP_007977 mov eax,[ebp-0x50] mov eax,[eax+0x44] cmp eax,[ebp-0x10] jnl near JUMP_007977 JUMP_008002: ; Pos = 6e389 mov eax,[ebp-0x48] cmp dword [eax+0x4],byte +0x0 jnl JUMP_008003 mov eax,[ebp-0x48] mov eax,[eax+0x4] neg eax jmp short JUMP_008004 JUMP_008003: ; Pos = 6e39c mov eax,[ebp-0x48] mov eax,[eax+0x4] JUMP_008004: ; Pos = 6e3a2 mov edx,[ebp-0x48] cmp dword [edx+0x8],byte +0x0 jnl JUMP_008005 mov edx,[ebp-0x48] mov edx,[edx+0x8] neg edx jmp short JUMP_008006 JUMP_008005: ; Pos = 6e3b5 mov edx,[ebp-0x48] mov edx,[edx+0x8] JUMP_008006: ; Pos = 6e3bb or eax,edx mov edx,[ebp-0x48] cmp dword [edx+0xc],byte +0x0 jnl JUMP_008007 mov edx,[ebp-0x48] mov edx,[edx+0xc] neg edx jmp short JUMP_008008 JUMP_008007: ; Pos = 6e3d0 mov edx,[ebp-0x48] mov edx,[edx+0xc] JUMP_008008: ; Pos = 6e3d6 or eax,edx mov edx,[ebp-0x4c] cmp dword [edx+0x4],byte +0x0 jnl JUMP_008009 mov edx,[ebp-0x4c] mov edx,[edx+0x4] neg edx jmp short JUMP_008010 JUMP_008009: ; Pos = 6e3eb mov edx,[ebp-0x4c] mov edx,[edx+0x4] JUMP_008010: ; Pos = 6e3f1 or eax,edx mov edx,[ebp-0x4c] cmp dword [edx+0x8],byte +0x0 jnl JUMP_008011 mov edx,[ebp-0x4c] mov edx,[edx+0x8] neg edx jmp short JUMP_008012 JUMP_008011: ; Pos = 6e406 mov edx,[ebp-0x4c] mov edx,[edx+0x8] JUMP_008012: ; Pos = 6e40c or eax,edx mov edx,[ebp-0x4c] cmp dword [edx+0xc],byte +0x0 jnl JUMP_008013 mov edx,[ebp-0x4c] mov edx,[edx+0xc] neg edx jmp short JUMP_008014 JUMP_008013: ; Pos = 6e421 mov edx,[ebp-0x4c] mov edx,[edx+0xc] JUMP_008014: ; Pos = 6e427 or eax,edx mov edx,[ebp-0x50] cmp dword [edx+0x4],byte +0x0 jnl JUMP_008015 mov edx,[ebp-0x50] mov edx,[edx+0x4] neg edx jmp short JUMP_008016 JUMP_008015: ; Pos = 6e43c mov edx,[ebp-0x50] mov edx,[edx+0x4] JUMP_008016: ; Pos = 6e442 or eax,edx mov edx,[ebp-0x50] cmp dword [edx+0x8],byte +0x0 jnl JUMP_008017 mov edx,[ebp-0x50] mov edx,[edx+0x8] neg edx jmp short JUMP_008018 JUMP_008017: ; Pos = 6e457 mov edx,[ebp-0x50] mov edx,[edx+0x8] JUMP_008018: ; Pos = 6e45d or eax,edx mov edx,[ebp-0x50] cmp dword [edx+0xc],byte +0x0 jnl JUMP_008019 mov edx,[ebp-0x50] mov edx,[edx+0xc] neg edx jmp short JUMP_008020 JUMP_008019: ; Pos = 6e472 mov edx,[ebp-0x50] mov edx,[edx+0xc] JUMP_008020: ; Pos = 6e478 or eax,edx push eax call FUNC_001656_FindMSB pop ecx add eax,byte -0xd mov [ebp-0x6c],eax cmp dword [ebp-0x6c],byte +0x0 jng near JUMP_008021 mov ecx,[ebp-0x6c] mov eax,[ebp-0x48] mov eax,[eax+0x4] sar eax,cl mov [ebp+0xfffff670],eax mov ecx,[ebp-0x6c] mov eax,[ebp-0x48] mov eax,[eax+0x8] sar eax,cl mov [ebp+0xfffff674],eax mov ecx,[ebp-0x6c] mov eax,[ebp-0x48] mov eax,[eax+0xc] sar eax,cl mov [ebp+0xfffff678],eax mov ecx,[ebp-0x6c] mov eax,[ebp-0x4c] mov eax,[eax+0x4] sar eax,cl mov [ebp+0xfffff664],eax mov ecx,[ebp-0x6c] mov eax,[ebp-0x4c] mov eax,[eax+0x8] sar eax,cl mov [ebp+0xfffff668],eax mov ecx,[ebp-0x6c] mov eax,[ebp-0x4c] mov eax,[eax+0xc] sar eax,cl mov [ebp+0xfffff66c],eax mov ecx,[ebp-0x6c] mov eax,[ebp-0x50] mov eax,[eax+0x4] sar eax,cl mov [ebp+0xfffff658],eax mov ecx,[ebp-0x6c] mov eax,[ebp-0x50] mov eax,[eax+0x8] sar eax,cl mov [ebp+0xfffff65c],eax mov ecx,[ebp-0x6c] mov eax,[ebp-0x50] mov eax,[eax+0xc] sar eax,cl mov [ebp+0xfffff660],eax jmp short JUMP_008022 JUMP_008021: ; Pos = 6e52c mov eax,[ebp-0x48] mov edx,[eax+0x4] mov [ebp+0xfffff670],edx mov edx,[eax+0x8] mov [ebp+0xfffff674],edx mov edx,[eax+0xc] mov [ebp+0xfffff678],edx mov eax,[ebp-0x4c] mov edx,[eax+0x4] mov [ebp+0xfffff664],edx mov edx,[eax+0x8] mov [ebp+0xfffff668],edx mov edx,[eax+0xc] mov [ebp+0xfffff66c],edx mov eax,[ebp-0x50] mov edx,[eax+0x4] mov [ebp+0xfffff658],edx mov edx,[eax+0x8] mov [ebp+0xfffff65c],edx mov edx,[eax+0xc] mov [ebp+0xfffff660],edx xor eax,eax mov [ebp-0x6c],eax JUMP_008022: ; Pos = 6e58b mov eax,[ebp+0xfffff670] sub eax,[ebp+0xfffff658] imul dword [ebp+0xfffff668] mov edx,[ebp+0xfffff664] sub edx,[ebp+0xfffff670] imul edx,[ebp+0xfffff65c] add eax,edx mov edx,[ebp+0xfffff658] sub edx,[ebp+0xfffff664] imul edx,[ebp+0xfffff674] add eax,edx mov [ebp-0x70],eax mov eax,[ebp+0xfffff670] sub eax,[ebp+0xfffff664] imul dword [ebp+0xfffff65c] mov edx,[ebp+0xfffff658] sub edx,[ebp+0xfffff670] imul edx,[ebp+0xfffff668] add eax,edx mov edx,[ebp+0xfffff664] sub edx,[ebp+0xfffff658] imul edx,[ebp+0xfffff674] add eax,edx mov [ebp-0x74],eax mov eax,[ebp+0xfffff670] imul dword [ebp+0xfffff668] mov edx,[ebp+0xfffff664] imul edx,[ebp+0xfffff674] sub eax,edx mov [ebp-0x78],eax mov eax,[ebp+0xfffff670] imul dword [ebp+0xfffff65c] mov edx,[ebp+0xfffff658] imul edx,[ebp+0xfffff674] sub eax,edx mov [ebp-0x7c],eax cmp dword [ebp-0x7c],byte +0x0 jnl JUMP_008023 mov eax,[ebp-0x7c] neg eax jmp short JUMP_008024 JUMP_008023: ; Pos = 6e652 mov eax,[ebp-0x7c] JUMP_008024: ; Pos = 6e655 push eax call FUNC_001656_FindMSB pop ecx mov ebx,0x1e sub ebx,eax test ebx,ebx jnl JUMP_008025 xor ebx,ebx JUMP_008025: ; Pos = 6e669 cmp ebx,byte +0xf jng JUMP_008026 mov ebx,0xf JUMP_008026: ; Pos = 6e673 cmp ebx,byte +0xf jnl JUMP_008027 mov ecx,0xf sub ecx,ebx sar dword [ebp-0x74],cl cmp dword [ebp-0x74],byte +0x0 jnz JUMP_008027 mov dword [ebp-0x74],0x1 JUMP_008027: ; Pos = 6e68f mov ecx,ebx mov eax,[ebp-0x7c] shl eax,cl cdq idiv dword [ebp-0x74] mov [ebp-0x80],eax cmp dword [ebp-0x78],byte +0x0 jnl JUMP_008028 mov eax,[ebp-0x78] neg eax jmp short JUMP_008029 JUMP_008028: ; Pos = 6e6aa mov eax,[ebp-0x78] JUMP_008029: ; Pos = 6e6ad push eax call FUNC_001656_FindMSB pop ecx mov ebx,0x1e sub ebx,eax test ebx,ebx jnl JUMP_008030 xor ebx,ebx JUMP_008030: ; Pos = 6e6c1 cmp ebx,byte +0xf jng JUMP_008031 mov ebx,0xf JUMP_008031: ; Pos = 6e6cb cmp ebx,byte +0xf jnl JUMP_008032 mov ecx,0xf sub ecx,ebx sar dword [ebp-0x70],cl cmp dword [ebp-0x70],byte +0x0 jnz JUMP_008032 mov dword [ebp-0x70],0x1 JUMP_008032: ; Pos = 6e6e7 mov ecx,ebx mov eax,[ebp-0x78] shl eax,cl cdq idiv dword [ebp-0x70] mov [ebp+0xffffff7c],eax cmp dword [ebp-0x6c],byte +0xf jnl JUMP_008033 mov ecx,0xf sub ecx,[ebp-0x6c] mov eax,[ebp+0xfffff66c] sub eax,[ebp+0xfffff678] imul dword [ebp-0x80] mov edx,[ebp+0xfffff660] sub edx,[ebp+0xfffff678] imul edx,[ebp+0xffffff7c] add eax,edx sar eax,cl mov edx,[ebp-0x48] add eax,[edx+0xc] mov [ebp+0xffffff78],eax jmp short JUMP_008034 JUMP_008033: ; Pos = 6e73a mov ecx,[ebp-0x6c] add ecx,byte -0xf mov eax,[ebp+0xfffff66c] sub eax,[ebp+0xfffff678] imul dword [ebp-0x80] mov edx,[ebp+0xfffff660] sub edx,[ebp+0xfffff678] imul edx,[ebp+0xffffff7c] add eax,edx shl eax,cl mov edx,[ebp-0x48] add eax,[edx+0xc] mov [ebp+0xffffff78],eax JUMP_008034: ; Pos = 6e772 mov eax,[ebp+0xffffff78] mov [DATA_009283],eax xor eax,eax mov [DATA_009284],eax xor ebx,ebx mov dword [ebp+0xffffff64],DATA_009260 JUMP_008035: ; Pos = 6e790 xor eax,eax mov edx,[ebp+0xffffff64] JUMP_008036: ; Pos = 6e798 xor ecx,ecx mov [edx],ecx xor ecx,ecx mov [edx+0x4],ecx inc eax add edx,byte +0x8 cmp eax,byte +0x20 jl JUMP_008036 inc ebx add dword [ebp+0xffffff64],0x100 cmp ebx,byte +0x2 jl JUMP_008035 jmp JUMP_008040 JUMP_008037: ; Pos = 6e7bf inc ebx cmp ebx,byte +0x14 jl near JUMP_007976 jmp JUMP_008040 JUMP_008038: ; Pos = 6e7ce xor ebx,ebx lea esi,[ebp+0xfffffd84] JUMP_008039: ; Pos = 6e7d6 mov eax,[ebp+0x34] push eax mov eax,[ebp-0x1c] push eax mov eax,[ebp-0x18] push eax mov eax,[ebp-0x14] mov eax,[eax+ebx*4+0x8] push eax mov eax,[ebp-0x8] push eax mov eax,[esi+0x14] mov eax,[ebp+eax*4+0xfffff67c] push eax mov eax,[esi+0x10] mov eax,[ebp+eax*4+0xfffff67c] push eax mov eax,[esi+0xc] mov eax,[ebp+eax*4+0xfffff67c] push eax mov eax,[esi+0x8] shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx push eax mov eax,[esi+0x4] shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx push eax mov eax,[esi] shl eax,0x3 lea eax,[eax+eax*8] lea edx,[ebp+0xfffff7e4] add eax,edx push eax call FUNC_001835 add esp,byte +0x2c inc ebx add esi,byte +0x18 cmp ebx,byte +0x14 jl JUMP_008039 JUMP_008040: ; Pos = 6e855 call FUNC_001817 cmp dword [ebp+0x34],byte +0x0 jz JUMP_008043 cmp dword [DATA_009283],0x7fffffff jz JUMP_008041 mov eax,[DATA_009283] cmp eax,[ebp+0xc] jng JUMP_008042 JUMP_008041: ; Pos = 6e876 mov eax,[ebp+0x8] mov edx,[ebp+0xc] mov [eax],edx jmp short JUMP_008043 JUMP_008042: ; Pos = 6e880 mov eax,[ebp+0x8] mov edx,[DATA_009283] mov [eax],edx JUMP_008043: ; Pos = 6e88b mov eax,[ebp+0x18] JUMP_008044: ; Pos = 6e88e pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001877: ; Pos = 6e898 push ebp mov ebp,esp add esp,0xfffffedc push ebx push esi push edi mov edi,[ebp+0xc] mov eax,[ebp+0x18] mov [DATA_009262],eax mov eax,[ebp+0x1c] mov [DATA_009267],eax cmp dword [ebp+0x18],byte +0x0 jz near JUMP_008075 mov ax,[ebp+0x14] mov [DATA_009265],ax mov al,[ebp+0x16] mov [DATA_009266],al mov dword [ebp-0x30],0xffffffff push byte +0x24 push byte +0x0 lea eax,[ebp-0x64] push eax call _memset add esp,byte +0xc mov eax,[ebp+0x10] mov [ebp-0x2c],eax xor ebx,ebx mov esi,DATA_007895 JUMP_008045: ; Pos = 6e8f9 mov eax,[esi] lea eax,[eax+eax*2] mov edx,[ebp-0x2c] mov eax,[edx+eax*4] push eax call _abs pop ecx push eax mov eax,[ebp-0x64] push eax call _abs pop ecx pop edx cmp edx,eax jng near JUMP_008046 mov eax,[esi+0x4] lea eax,[eax+eax*2] mov edx,[ebp-0x2c] mov eax,[edx+eax*4+0x4] push eax call _abs pop ecx push eax mov eax,[ebp-0x54] push eax call _abs pop ecx pop edx cmp edx,eax jng near JUMP_008046 mov eax,[esi+0x8] lea eax,[eax+eax*2] mov edx,[ebp-0x2c] mov eax,[edx+eax*4+0x8] push eax call _abs pop ecx push eax mov eax,[ebp-0x44] push eax call _abs pop ecx pop edx cmp edx,eax jng JUMP_008046 mov eax,[esi] lea eax,[eax+eax*2] mov edx,[ebp-0x2c] mov ecx,[edx+eax*4] mov [ebp-0x64],ecx mov ecx,[edx+eax*4+0x4] mov [ebp-0x60],ecx mov ecx,[edx+eax*4+0x8] mov [ebp-0x5c],ecx mov eax,[esi+0x4] lea eax,[eax+eax*2] mov edx,[ebp-0x2c] mov ecx,[edx+eax*4] mov [ebp-0x58],ecx mov ecx,[edx+eax*4+0x4] mov [ebp-0x54],ecx mov ecx,[edx+eax*4+0x8] mov [ebp-0x50],ecx mov eax,[esi+0x8] lea eax,[eax+eax*2] mov edx,[ebp-0x2c] mov ecx,[edx+eax*4] mov [ebp-0x4c],ecx mov ecx,[edx+eax*4+0x4] mov [ebp-0x48],ecx mov ecx,[edx+eax*4+0x8] mov [ebp-0x44],ecx JUMP_008046: ; Pos = 6e9bd inc ebx add esi,byte +0xc cmp ebx,byte +0x6 jl near JUMP_008045 mov eax,[edi] neg eax mov [ebp+0xffffff48],eax mov eax,[edi+0x4] neg eax mov [ebp+0xffffff4c],eax mov eax,[edi+0x8] neg eax mov [ebp+0xffffff50],eax cmp dword [ebp-0x64],byte +0x0 jz near JUMP_008075 push edi lea esi,[ebp-0x64] lea edi,[ebp+0xffffff54] mov ecx,0x9 rep movsd pop edi fild dword [ebp-0x64] fstp dword [ebp+0xffffff78] fild dword [ebp-0x60] fstp dword [ebp+0xffffff7c] fild dword [ebp-0x5c] fstp dword [ebp-0x80] fild dword [ebp-0x58] fstp dword [ebp-0x7c] fild dword [ebp-0x54] fstp dword [ebp-0x78] fild dword [ebp-0x50] fstp dword [ebp-0x74] fild dword [ebp-0x4c] fstp dword [ebp-0x70] fild dword [ebp-0x48] fstp dword [ebp-0x6c] fild dword [ebp-0x44] fstp dword [ebp-0x68] fild dword [ebp+0xffffff48] fstp dword [ebp+0xffffff3c] fild dword [ebp+0xffffff4c] fstp dword [ebp+0xffffff40] fild dword [ebp+0xffffff50] fstp dword [ebp+0xffffff44] fld dword [ebp-0x80] fdiv dword [ebp-0x68] fstp dword [ebp-0x80] fld dword [ebp-0x74] fdiv dword [ebp-0x68] fstp dword [ebp-0x74] fld dword [ebp+0xffffff44] fdiv dword [ebp-0x68] fstp dword [ebp+0xffffff44] fld dword [ebp-0x80] fmul dword [ebp-0x6c] fsubr dword [ebp+0xffffff7c] fstp dword [ebp+0xffffff7c] fld dword [ebp-0x80] fmul dword [ebp-0x70] fsubr dword [ebp+0xffffff78] fstp dword [ebp+0xffffff78] fld dword [ebp-0x74] fmul dword [ebp-0x6c] fsubr dword [ebp-0x78] fstp dword [ebp-0x78] fld dword [ebp-0x74] fmul dword [ebp-0x70] fsubr dword [ebp-0x7c] fstp dword [ebp-0x7c] fld dword [ebp+0xffffff44] fmul dword [ebp-0x6c] fsubr dword [ebp+0xffffff40] fstp dword [ebp+0xffffff40] fld dword [ebp+0xffffff44] fmul dword [ebp-0x70] fsubr dword [ebp+0xffffff3c] fstp dword [ebp+0xffffff3c] fld dword [ebp+0xffffff7c] fdiv dword [ebp-0x78] fstp dword [ebp+0xffffff7c] fld dword [ebp+0xffffff40] fdiv dword [ebp-0x78] fstp dword [ebp+0xffffff40] fld dword [ebp+0xffffff7c] fmul dword [ebp-0x7c] fsubr dword [ebp+0xffffff78] fstp dword [ebp+0xffffff78] fld dword [ebp+0xffffff40] fmul dword [ebp-0x7c] fsubr dword [ebp+0xffffff3c] fstp dword [ebp+0xffffff3c] fld dword [ebp+0xffffff3c] fdiv dword [ebp+0xffffff78] fstp dword [ebp+0xffffff3c] fld dword [ebp+0xffffff3c] fmul dword [ebp+0xffffff7c] fsubr dword [ebp+0xffffff40] fstp dword [ebp+0xffffff40] fld dword [ebp+0xffffff3c] fmul dword [ebp-0x80] fsubr dword [ebp+0xffffff44] fstp dword [ebp+0xffffff44] fld dword [ebp+0xffffff40] fmul dword [ebp-0x74] fsubr dword [ebp+0xffffff44] fstp dword [ebp+0xffffff44] fld dword [ebp+0xffffff3c] fmul dword [DATA_000051] call FUNC_002095_fstore mov [ebp+0xffffff48],eax fld dword [ebp+0xffffff40] fmul dword [DATA_000051] call FUNC_002095_fstore mov [ebp+0xffffff4c],eax fld dword [ebp+0xffffff44] fmul dword [DATA_000051] call FUNC_002095_fstore mov [ebp+0xffffff50],eax mov eax,[ebp+0xffffff48] push eax call _abs pop ecx mov ebx,eax mov eax,[ebp+0xffffff4c] push eax call _abs pop ecx add ebx,eax mov eax,[ebp+0xffffff50] push eax call _abs pop ecx add ebx,eax cmp ebx,0x800000 jl JUMP_008047 xor eax,eax mov [DATA_009262],eax jmp JUMP_008075 JUMP_008047: ; Pos = 6ec0f lea eax,[ebp+0xffffff48] push eax call FUNC_001825 pop ecx add eax,byte -0xd mov [ebp-0x34],eax cmp dword [ebp-0x34],byte +0x0 jng JUMP_008048 mov ecx,[ebp-0x34] sar dword [ebp+0xffffff48],cl mov ecx,[ebp-0x34] sar dword [ebp+0xffffff4c],cl mov ecx,[ebp-0x34] sar dword [ebp+0xffffff50],cl jmp short JUMP_008049 JUMP_008048: ; Pos = 6ec45 xor eax,eax mov [DATA_009262],eax jmp JUMP_008075 JUMP_008049: ; Pos = 6ec51 mov eax,[ebp+0xffffff48] imul dword [ebp+0xffffff48] mov edx,[ebp+0xffffff4c] imul edx,[ebp+0xffffff4c] add eax,edx mov edx,[ebp+0xffffff50] imul edx,[ebp+0xffffff50] add eax,edx mov [ebp-0x28],eax mov eax,[ebp-0x28] push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov esi,eax mov ecx,[ebp-0x34] mov eax,esi shl eax,cl cmp eax,0x8800 jnl JUMP_008050 mov ecx,[ebp-0x34] shl esi,cl mov eax,[ebp+0xffffff48] mov edx,eax shl eax,0x4 add eax,edx shl eax,0xb cdq idiv esi mov [ebp+0xffffff48],eax mov eax,[ebp+0xffffff4c] mov edx,eax shl eax,0x4 add eax,edx shl eax,0xb cdq idiv esi mov [ebp+0xffffff4c],eax mov eax,[ebp+0xffffff50] mov edx,eax shl eax,0x4 add eax,edx shl eax,0xb cdq idiv esi mov [ebp+0xffffff50],eax mov ecx,[ebp-0x34] add ecx,ecx mov eax,0x48400000 sar eax,cl mov [ebp-0x28],eax mov ecx,[ebp-0x34] mov esi,0x8800 sar esi,cl JUMP_008050: ; Pos = 6ed02 mov eax,[ebp+0xffffff48] push eax call _abs pop ecx mov ebx,eax mov eax,[ebp+0xffffff4c] push eax call _abs pop ecx add ebx,eax cmp ebx,0x1f4 jng JUMP_008051 mov eax,[ebp+0xffffff4c] imul dword [ebp+0xffffff4c] mov edx,[ebp+0xffffff48] imul edx,[ebp+0xffffff48] add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov ebx,eax mov eax,[ebp+0xffffff4c] shl eax,0xf cdq idiv ebx mov [ebp+0xffffff30],eax mov eax,[ebp+0xffffff48] neg eax shl eax,0xf cdq idiv ebx mov [ebp+0xffffff34],eax xor eax,eax mov [ebp+0xffffff38],eax jmp short JUMP_008052 JUMP_008051: ; Pos = 6ed7d mov dword [ebp+0xffffff30],0x8000 xor eax,eax mov [ebp+0xffffff34],eax xor eax,eax mov [ebp+0xffffff38],eax JUMP_008052: ; Pos = 6ed97 mov eax,[ebp+0xffffff34] imul dword [ebp+0xffffff50] mov edx,[ebp+0xffffff38] imul edx,[ebp+0xffffff4c] sub eax,edx sar eax,0xf mov [ebp+0xffffff24],eax mov eax,[ebp+0xffffff38] imul dword [ebp+0xffffff48] mov edx,[ebp+0xffffff30] imul edx,[ebp+0xffffff50] sub eax,edx sar eax,0xf mov [ebp+0xffffff28],eax mov eax,[ebp+0xffffff30] imul dword [ebp+0xffffff4c] mov edx,[ebp+0xffffff34] imul edx,[ebp+0xffffff48] sub eax,edx sar eax,0xf mov [ebp+0xffffff2c],eax mov ecx,[ebp-0x34] add ecx,ecx mov eax,0x40000000 sar eax,cl mov ebx,[ebp-0x28] sub ebx,eax test ebx,ebx jl near JUMP_008075 push ebx call near [DATA_007723] ; FUNC_001467 pop ecx mov ebx,eax mov eax,[ebp+0xffffff30] imul ebx lea ecx,[esi+0x1] cdq idiv ecx mov [ebp+0xffffff30],eax mov eax,[ebp+0xffffff34] imul ebx cdq idiv ecx mov [ebp+0xffffff34],eax mov eax,[ebp+0xffffff38] imul ebx cdq idiv ecx mov [ebp+0xffffff38],eax mov eax,[ebp+0xffffff24] imul ebx mov edx,[ebp-0x28] sar edx,0xf inc edx mov ecx,edx cdq idiv ecx mov [ebp+0xffffff24],eax mov eax,[ebp+0xffffff28] imul ebx mov edx,[ebp-0x28] sar edx,0xf inc edx mov ecx,edx cdq idiv ecx mov [ebp+0xffffff28],eax mov eax,[ebp+0xffffff2c] imul ebx mov edx,[ebp-0x28] sar edx,0xf inc edx mov ecx,edx cdq idiv ecx mov [ebp+0xffffff2c],eax mov ecx,[ebp-0x34] mov eax,esi shl eax,cl mov edx,[ebp+0x18] sar edx,0x10 add edx,0x8000 cmp eax,edx jng near JUMP_008058 mov eax,[ebp+0x18] sar eax,1 add eax,0x40000000 push eax mov eax,[ebp+0xffffff48] shl eax,0xf cdq idiv esi push eax call FUNC_001521 add esp,byte +0x8 shl eax,0x10 mov [ebp+0xffffff18],eax mov eax,[ebp+0x18] sar eax,1 add eax,0x40000000 push eax mov eax,[ebp+0xffffff4c] shl eax,0xf cdq idiv esi push eax call FUNC_001521 add esp,byte +0x8 shl eax,0x10 mov [ebp+0xffffff1c],eax mov eax,[ebp+0x18] sar eax,1 add eax,0x40000000 push eax mov eax,[ebp+0xffffff50] shl eax,0xf cdq idiv esi push eax call FUNC_001521 add esp,byte +0x8 shl eax,0x10 mov [ebp+0xffffff20],eax mov eax,[ebp+0xffffff18] push eax mov eax,[ebp+0xffffff54] push eax call FUNC_001521 add esp,byte +0x8 mov ebx,eax mov eax,[ebp+0xffffff1c] push eax mov eax,[ebp+0xffffff60] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax mov eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff6c] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax add ebx,ebx add ebx,[edi] mov [ebp+0xffffff0c],ebx mov eax,[ebp+0xffffff18] push eax mov eax,[ebp+0xffffff58] push eax call FUNC_001521 add esp,byte +0x8 mov ebx,eax mov eax,[ebp+0xffffff1c] push eax mov eax,[ebp+0xffffff64] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax mov eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff70] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax add ebx,ebx add ebx,[edi+0x4] mov [ebp+0xffffff10],ebx mov eax,[ebp+0xffffff18] push eax mov eax,[ebp+0xffffff5c] push eax call FUNC_001521 add esp,byte +0x8 mov ebx,eax mov eax,[ebp+0xffffff1c] push eax mov eax,[ebp+0xffffff68] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax mov eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff74] push eax call FUNC_001521 add esp,byte +0x8 add ebx,eax add ebx,ebx add ebx,[edi+0x8] mov [ebp+0xffffff14],ebx lea eax,[ebp+0xffffff0c] push eax call FUNC_001825 pop ecx mov ebx,eax add ebx,byte -0xd test ebx,ebx jng JUMP_008053 mov ecx,ebx sar dword [ebp+0xffffff0c],cl mov ecx,ebx sar dword [ebp+0xffffff10],cl mov ecx,ebx sar dword [ebp+0xffffff14],cl jmp short JUMP_008054 JUMP_008053: ; Pos = 6f068 xor ebx,ebx JUMP_008054: ; Pos = 6f06a mov eax,[ebp+0xffffff0c] imul dword [ebp+0xffffff0c] mov edx,[ebp+0xffffff10] imul edx,[ebp+0xffffff10] add eax,edx mov edx,[ebp+0xffffff14] imul edx,[ebp+0xffffff14] add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov ecx,ebx shl eax,cl mov [DATA_009263],eax mov eax,[edi] mov [ebp+0xffffff0c],eax mov eax,[edi+0x4] mov [ebp+0xffffff10],eax mov eax,[edi+0x8] mov [ebp+0xffffff14],eax lea eax,[ebp+0xffffff0c] push eax call FUNC_001825 pop ecx mov ebx,eax add ebx,byte -0xd test ebx,ebx jng JUMP_008055 mov ecx,ebx sar dword [ebp+0xffffff0c],cl mov ecx,ebx sar dword [ebp+0xffffff10],cl mov ecx,ebx sar dword [ebp+0xffffff14],cl jmp short JUMP_008056 JUMP_008055: ; Pos = 6f0ef xor ebx,ebx JUMP_008056: ; Pos = 6f0f1 mov eax,[ebp+0xffffff0c] imul dword [ebp+0xffffff0c] mov edx,[ebp+0xffffff10] imul edx,[ebp+0xffffff10] add eax,edx mov edx,[ebp+0xffffff14] imul edx,[ebp+0xffffff14] add eax,edx push eax call near [DATA_007723] ; FUNC_001467 pop ecx mov ecx,ebx shl eax,cl mov ebx,eax fild dword [DATA_009267] mov [ebp+0xfffffee0],ebx fild dword [ebp+0xfffffee0] fmulp st1 mov eax,ebx sub eax,[DATA_009263] mov [ebp+0xfffffedc],eax fild dword [ebp+0xfffffedc] fdivp st1,st0 call FUNC_002095_fstore mov [DATA_009267],eax cmp dword [DATA_009267],byte +0x1 jnl JUMP_008057 mov dword [DATA_009267],0x1 JUMP_008057: ; Pos = 6f170 mov ax,[DATA_008815] mov [ebp-0x40],ax mov al,[DATA_008817] mov [ebp-0x3e],al jmp short JUMP_008059 JUMP_008058: ; Pos = 6f186 xor eax,eax mov [DATA_009263],eax mov ecx,[ebp-0x34] mov eax,esi shl eax,cl add eax,0xffff8000 shl eax,0xf mov edx,[ebp+0x18] sar edx,0x10 mov ecx,edx cdq idiv ecx mov ebx,eax mov eax,0x8000 sub eax,ebx xor edx,edx mov dl,[ebp+0x14] imul edx lea eax,[eax+eax*2] sar eax,0xf mov [ebp-0x40],al mov eax,0x8000 sub eax,ebx xor edx,edx mov dl,[ebp+0x15] imul edx lea eax,[eax+eax*2] sar eax,0xf mov [ebp-0x3f],al mov eax,0x8000 sub eax,ebx xor edx,edx mov dl,[ebp+0x16] imul edx lea eax,[eax+eax*2] mov edx,ebx shl edx,0x2 add eax,edx sar eax,0xf mov [ebp-0x3e],al JUMP_008059: ; Pos = 6f1f5 mov ecx,0xf sub ecx,[ebp-0x34] mov eax,[ebp-0x28] sar eax,cl inc eax push eax mov eax,[ebp+0xffffff48] shl eax,0xf pop edx mov ecx,edx cdq idiv ecx mov [ebp+0xffffff48],eax mov ecx,0xf sub ecx,[ebp-0x34] mov eax,[ebp-0x28] sar eax,cl inc eax push eax mov eax,[ebp+0xffffff4c] shl eax,0xf pop edx mov ecx,edx cdq idiv ecx mov [ebp+0xffffff4c],eax mov ecx,0xf sub ecx,[ebp-0x34] mov eax,[ebp-0x28] sar eax,cl inc eax push eax mov eax,[ebp+0xffffff50] shl eax,0xf pop edx mov ecx,edx cdq idiv ecx mov [ebp+0xffffff50],eax cmp dword [DATA_009263],byte +0x0 jnz near JUMP_008067 mov eax,[ebp+0xffffff48] shl eax,0xf mov [ebp+0xffffff18],eax mov eax,[ebp+0xffffff4c] shl eax,0xf mov [ebp+0xffffff1c],eax mov eax,[ebp+0xffffff50] shl eax,0xf mov [ebp+0xffffff20],eax mov eax,[ebp+0xffffff18] push eax mov eax,[ebp+0xffffff54] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebp+0xffffff1c] push eax mov eax,[ebp+0xffffff60] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff6c] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax add esi,esi mov [ebp+0xffffff00],esi mov eax,[ebp+0xffffff18] push eax mov eax,[ebp+0xffffff58] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebp+0xffffff1c] push eax mov eax,[ebp+0xffffff64] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff70] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax add esi,esi mov [ebp+0xffffff04],esi mov eax,[ebp+0xffffff18] push eax mov eax,[ebp+0xffffff5c] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebp+0xffffff1c] push eax mov eax,[ebp+0xffffff68] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff74] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax add esi,esi mov [ebp+0xffffff08],esi lea eax,[ebp+0xffffff00] push eax mov eax,[ebp+0x8] push eax call FUNC_001878 add esp,byte +0x8 mov [ebp-0x38],eax cmp dword [ebp-0x38],byte +0x0 jnz JUMP_008060 mov ax,[DATA_008815] mov [ebp-0x40],ax mov al,[DATA_008817] mov [ebp-0x3e],al jmp JUMP_008067 JUMP_008060: ; Pos = 6f3c0 xor eax,eax mov al,[ebp-0x38] mov edx,0x8000 sub edx,ebx imul edx test eax,eax jns JUMP_008061 add eax,0x3fff JUMP_008061: ; Pos = 6f3d7 sar eax,0xe add [ebp-0x40],al xor eax,eax mov al,[ebp-0x37] mov edx,0x8000 sub edx,ebx imul edx test eax,eax jns JUMP_008062 add eax,0x3fff JUMP_008062: ; Pos = 6f3f4 sar eax,0xe add [ebp-0x3f],al xor eax,eax mov al,[ebp-0x36] mov edx,0x8000 sub edx,ebx imul edx test eax,eax jns JUMP_008063 add eax,0x3fff JUMP_008063: ; Pos = 6f411 sar eax,0xe add [ebp-0x3e],al cmp byte [ebp-0x40],0xf jna JUMP_008064 mov byte [ebp-0x40],0xf JUMP_008064: ; Pos = 6f421 cmp byte [ebp-0x3f],0xf jna JUMP_008065 mov byte [ebp-0x3f],0xf JUMP_008065: ; Pos = 6f42b cmp byte [ebp-0x3e],0xf jna JUMP_008066 mov byte [ebp-0x3e],0xf JUMP_008066: ; Pos = 6f435 mov dword [DATA_008814],0xffffffff mov ax,[ebp-0x40] mov [DATA_008815],ax mov al,[ebp-0x3e] mov [DATA_008817],al JUMP_008067: ; Pos = 6f453 mov eax,[ebp-0x30] push eax push byte +0x1 call FUNC_001780 add esp,byte +0x8 xor ebx,ebx lea esi,[ebp+0xfffffee4] JUMP_008068: ; Pos = 6f469 xor eax,eax mov al,[ebp+0x14] mov ecx,0x6 sub ecx,ebx imul ecx xor edx,edx mov dl,[ebp-0x40] imul edx,ebx add eax,edx push ecx mov ecx,0x6 cdq idiv ecx pop ecx mov [esi],al xor eax,eax mov al,[ebp+0x15] imul ecx xor edx,edx mov dl,[ebp-0x3f] imul edx,ebx add eax,edx push ecx mov ecx,0x6 cdq idiv ecx pop ecx mov [esi+0x1],al xor eax,eax mov al,[ebp+0x16] imul ecx xor edx,edx mov dl,[ebp-0x3e] imul edx,ebx add eax,edx mov ecx,0x6 cdq idiv ecx mov [esi+0x2],al inc ebx add esi,byte +0x4 cmp ebx,byte +0x7 jl JUMP_008068 xor ebx,ebx JUMP_008069: ; Pos = 6f4d2 lea esi,[ebx+0x4000] push esi call FUNC_001913_Sin16 pop ecx imul dword [ebp+0xffffff30] push eax push ebx call FUNC_001913_Sin16 pop ecx imul dword [ebp+0xffffff24] pop edx add edx,eax mov eax,[ebp+0xffffff48] shl eax,0xf add edx,eax mov [ebp+0xffffff18],edx push esi call FUNC_001913_Sin16 pop ecx imul dword [ebp+0xffffff34] push eax push ebx call FUNC_001913_Sin16 pop ecx imul dword [ebp+0xffffff28] pop edx add edx,eax mov eax,[ebp+0xffffff4c] shl eax,0xf add edx,eax mov [ebp+0xffffff1c],edx push esi call FUNC_001913_Sin16 pop ecx imul dword [ebp+0xffffff38] push eax push ebx call FUNC_001913_Sin16 pop ecx imul dword [ebp+0xffffff2c] pop edx add edx,eax mov eax,[ebp+0xffffff50] shl eax,0xf add edx,eax mov [ebp+0xffffff20],edx mov eax,[ebp+0xffffff18] push eax mov eax,[ebp+0xffffff54] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebp+0xffffff1c] push eax mov eax,[ebp+0xffffff60] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff6c] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax add esi,esi mov [ebp+0xffffff00],esi mov eax,[ebp+0xffffff18] push eax mov eax,[ebp+0xffffff58] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebp+0xffffff1c] push eax mov eax,[ebp+0xffffff64] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff70] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax add esi,esi mov [ebp+0xffffff04],esi mov eax,[ebp+0xffffff18] push eax mov eax,[ebp+0xffffff5c] push eax call FUNC_001521 add esp,byte +0x8 mov esi,eax mov eax,[ebp+0xffffff1c] push eax mov eax,[ebp+0xffffff68] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax mov eax,[ebp+0xffffff20] push eax mov eax,[ebp+0xffffff74] push eax call FUNC_001521 add esp,byte +0x8 add esi,eax add esi,esi mov [ebp+0xffffff08],esi mov eax,[ebp+0xffffff00] add eax,[edi] mov [ebp+0xffffff0c],eax mov eax,[ebp+0xffffff04] add eax,[edi+0x4] mov [ebp+0xffffff10],eax add esi,[edi+0x8] mov [ebp+0xffffff14],esi lea eax,[ebp+0xffffff0c] push eax lea eax,[ebp-0x20] push eax call FUNC_001479 add esp,byte +0x8 test eax,eax jz JUMP_008070 mov ax,0x8002 mov [ebp-0x1e],ax mov [ebp-0x20],ax JUMP_008070: ; Pos = 6f69e mov eax,[ebp+0x18] push eax mov esi,[ebp+0xffffff00] push esi call FUNC_001521 add esp,byte +0x8 add eax,esi add eax,[edi] mov [ebp+0xffffff0c],eax mov eax,[ebp+0x18] push eax mov esi,[ebp+0xffffff04] push esi call FUNC_001521 add esp,byte +0x8 add eax,esi add eax,[edi+0x4] mov [ebp+0xffffff10],eax mov eax,[ebp+0x18] push eax mov esi,[ebp+0xffffff08] push esi call FUNC_001521 add esp,byte +0x8 add eax,esi add eax,[edi+0x8] mov [ebp+0xffffff14],eax lea eax,[ebp+0xffffff0c] push eax lea eax,[ebp-0x24] push eax call FUNC_001479 add esp,byte +0x8 test eax,eax jz JUMP_008071 mov ax,0x8002 mov [ebp-0x22],ax mov [ebp-0x24],ax JUMP_008071: ; Pos = 6f71a mov eax,[ebp+0xffffff00] mov edx,eax sar edx,0x3 sub eax,edx add eax,[edi] mov [ebp+0xffffff0c],eax mov eax,[ebp+0xffffff04] mov edx,eax sar edx,0x3 sub eax,edx add eax,[edi+0x4] mov [ebp+0xffffff10],eax mov eax,[ebp+0xffffff08] mov edx,eax sar edx,0x3 sub eax,edx add eax,[edi+0x8] mov [ebp+0xffffff14],eax lea eax,[ebp+0xffffff0c] push eax lea eax,[ebp-0x1c] push eax call FUNC_001479 add esp,byte +0x8 test eax,eax jz JUMP_008072 mov ax,0x8002 mov [ebp-0x1a],ax mov [ebp-0x1c],ax JUMP_008072: ; Pos = 6f77e test ebx,ebx jnz JUMP_008073 mov eax,[ebp-0x1c] mov [ebp-0x4],eax mov eax,[ebp-0x20] mov [ebp-0x8],eax mov eax,[ebp-0x24] mov [ebp-0xc],eax jmp short JUMP_008074 JUMP_008073: ; Pos = 6f796 lea eax,[ebp+0xffffff00] push eax lea eax,[ebp+0xfffffee4] push eax lea eax,[ebp-0x24] push eax lea eax,[ebp-0x20] push eax lea eax,[ebp-0x1c] push eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x10] push eax mov eax,[ebp+0x8] push eax call FUNC_001879 add esp,byte +0x24 JUMP_008074: ; Pos = 6f7c8 mov eax,[ebp-0x1c] mov [ebp-0x10],eax mov eax,[ebp-0x20] mov [ebp-0x14],eax mov eax,[ebp-0x24] mov [ebp-0x18],eax add ebx,0x800 cmp ebx,0x10000 jl near JUMP_008069 lea eax,[ebp+0xffffff00] push eax lea eax,[ebp+0xfffffee4] push eax lea eax,[ebp-0x18] push eax lea eax,[ebp-0x14] push eax lea eax,[ebp-0x10] push eax lea eax,[ebp-0xc] push eax lea eax,[ebp-0x8] push eax lea eax,[ebp-0x4] push eax mov eax,[ebp+0x8] push eax call FUNC_001879 add esp,byte +0x24 push byte +0x0 push byte +0x0 call FUNC_001780 add esp,byte +0x8 JUMP_008075: ; Pos = 6f82a pop edi pop esi pop ebx mov esp,ebp pop ebp ret add [eax],al SECTION .data DATA_000051: ; Pos = 6f834 db 0x0, 0x0, 0x0, 0x47 SECTION .text FUNC_001878: ; Pos = 6f838 push ebp mov ebp,esp push ecx push ebx push esi mov ebx,[ebp+0xc] push ebx call FUNC_001825 pop ecx mov esi,eax add esi,byte -0xe test esi,esi jng JUMP_008076 mov ecx,esi sar dword [ebx],cl mov ecx,esi sar dword [ebx+0x4],cl mov ecx,esi sar dword [ebx+0x8],cl JUMP_008076: ; Pos = 6f85f push ebx call near [DATA_007724] ; FUNC_001465 pop ecx mov esi,eax inc esi mov eax,[ebx] shl eax,0xf cdq idiv esi mov [ebx],eax mov eax,[ebx+0x4] shl eax,0xf cdq idiv esi mov [ebx+0x4],eax mov eax,[ebx+0x8] shl eax,0xf cdq idiv esi mov ecx,eax mov [ebx+0x8],ecx mov eax,[ebp+0x8] mov eax,[eax+0x134] imul dword [ebx] mov edx,[ebp+0x8] mov edx,[edx+0x138] imul edx,[ebx+0x4] add eax,edx mov edx,[ebp+0x8] mov edx,[edx+0x13c] imul edx,ecx add eax,edx test eax,eax jnl JUMP_008078 shr eax,0x1b cmp eax,byte +0x18 jnl JUMP_008077 xor eax,eax JUMP_008077: ; Pos = 6f8c4 and eax,byte +0x7 lea eax,[eax+eax*2] mov edx,[ebp+0x8] mov cx,[edx+eax+0x84] mov [ebp-0x4],cx mov cl,[edx+eax+0x86] mov [ebp-0x2],cl jmp short JUMP_008079 JUMP_008078: ; Pos = 6f8e5 xor eax,eax mov [ebp-0x4],eax JUMP_008079: ; Pos = 6f8ea mov eax,[ebp-0x4] pop esi pop ebx pop ecx pop ebp ret FUNC_001879: ; Pos = 6f8f4 push ebp mov ebp,esp add esp,byte -0xc push ebx push esi push edi mov ebx,[ebp+0x24] mov esi,[ebp+0x14] mov eax,[ebp+0x10] cmp word [eax],0x8002 jz near JUMP_008085 mov eax,[ebp+0x1c] cmp word [eax],0x8002 jz near JUMP_008085 cmp byte [ebx+0x4],0x8 ja JUMP_008080 cmp byte [ebx+0x5],0x8 ja JUMP_008080 cmp byte [ebx+0x6],0x8 jna JUMP_008081 JUMP_008080: ; Pos = 6f931 xor eax,eax mov [ebp-0x8],eax jmp short JUMP_008082 JUMP_008081: ; Pos = 6f938 mov eax,[ebp+0x28] push eax mov eax,[ebp+0x8] push eax call FUNC_001878 add esp,byte +0x8 mov [ebp-0x8],eax JUMP_008082: ; Pos = 6f94b mov eax,[ebx] add eax,[ebp-0x8] mov [ebp-0x4],eax mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [ebp-0xc],eax mov eax,[ebp+0x10] movsx eax,word [eax] push eax call FUNC_001715 pop ecx mov edi,eax movsx eax,word [esi] push eax call FUNC_001715 pop ecx or edi,eax mov eax,[ebp+0x20] movsx eax,word [eax] push eax call FUNC_001715 pop ecx or edi,eax mov eax,[ebp+0x1c] movsx eax,word [eax] push eax call FUNC_001715 pop ecx or edi,eax cmp dword [edi*4+DATA_007838],byte +0x0 jnz near JUMP_008084 mov eax,[ebp+0x10] movsx eax,word [eax+0x2] push eax call FUNC_001716 pop ecx mov edi,eax movsx eax,word [esi+0x2] push eax call FUNC_001716 pop ecx or edi,eax mov eax,[ebp+0x20] movsx eax,word [eax+0x2] push eax call FUNC_001716 pop ecx or edi,eax mov eax,[ebp+0x1c] movsx eax,word [eax+0x2] push eax call FUNC_001716 pop ecx or edi,eax cmp dword [edi*4+DATA_007838],byte +0x0 jnz near JUMP_008084 push byte +0x0 push byte +0x0 push byte +0xd call FUNC_001778 add esp,byte +0xc mov dword [eax],FUNC_001805 mov edx,[esi] mov [eax+0x4],edx mov edx,[ebp+0x10] mov edx,[edx] mov [eax+0x8],edx mov edx,[ebp+0x1c] mov edx,[edx] mov [eax+0xc],edx mov edx,[ebp+0x20] mov edx,[edx] mov [eax+0x10],edx mov dword [eax+0x14],0x43 mov edx,[ebp-0xc] mov [eax+0x18],edx mov esi,0x1 lea edi,[eax+0x1c] lea eax,[ebx+0x4] mov ebx,eax JUMP_008083: ; Pos = 6fa41 xor eax,eax mov al,[ebp-0x8] mov ecx,0x6 sub ecx,esi imul ecx push ecx mov ecx,0x6 cdq idiv ecx pop ecx add al,[ebx] mov [ebp-0x4],al xor eax,eax mov al,[ebp-0x7] imul ecx push ecx mov ecx,0x6 cdq idiv ecx pop ecx add al,[ebx+0x1] mov [ebp-0x3],al xor eax,eax mov al,[ebp-0x6] imul ecx mov ecx,0x6 cdq idiv ecx add al,[ebx+0x2] mov [ebp-0x2],al mov eax,[ebp-0x4] push eax call near [DATA_007629] ; FUNC_001326_DPal32to16 pop ecx movzx eax,ax mov [edi],eax inc esi add edi,byte +0x4 add ebx,byte +0x4 cmp esi,byte +0x7 jl JUMP_008083 JUMP_008084: ; Pos = 6faa6 mov eax,[ebp+0x10] movsx eax,word [eax] push eax call FUNC_001715 pop ecx mov ebx,eax mov eax,[ebp+0xc] movsx eax,word [eax] push eax call FUNC_001715 pop ecx or ebx,eax mov eax,[ebp+0x18] movsx eax,word [eax] push eax call FUNC_001715 pop ecx or ebx,eax mov eax,[ebp+0x1c] movsx eax,word [eax] push eax call FUNC_001715 pop ecx or ebx,eax cmp dword [ebx*4+DATA_007838],byte +0x0 jnz near JUMP_008085 mov eax,[ebp+0x10] movsx eax,word [eax+0x2] push eax call FUNC_001716 pop ecx mov ebx,eax mov eax,[ebp+0xc] movsx eax,word [eax+0x2] push eax call FUNC_001716 pop ecx or ebx,eax mov eax,[ebp+0x18] movsx eax,word [eax+0x2] push eax call FUNC_001716 pop ecx or ebx,eax mov eax,[ebp+0x1c] movsx eax,word [eax+0x2] push eax call FUNC_001716 pop ecx or ebx,eax cmp dword [ebx*4+DATA_007838],byte +0x0 jnz JUMP_008085 push byte +0x0 push byte +0x0 push byte +0x6 call FUNC_001778 add esp,byte +0xc mov dword [eax],FUNC_001810 mov edx,[ebp+0x10] mov edx,[edx] mov [eax+0x4],edx mov edx,[ebp+0xc] mov edx,[edx] mov [eax+0x8],edx mov edx,[ebp+0x18] mov edx,[edx] mov [eax+0xc],edx mov edx,[ebp+0x1c] mov edx,[edx] mov [eax+0x10],edx mov edx,[ebp-0xc] mov [eax+0x14],edx JUMP_008085: ; Pos = 6fb74 pop edi pop esi pop ebx mov esp,ebp pop ebp ret FUNC_001880_VideoInit: ; Pos = 6fb7c ret FUNC_001883_VideoCleanup: ; Pos = 6fcce ret ; int F1900 (void) ; Reads drive letter from firstenc.cfg, ; Initialises HMI digi and midi, loads samples, ; Clears channel array, sets midi volume ; Returns 1 FUNC_001900_SoundInit: ; Pos = 6fecf mov dword [DATA_009116], 0xffffffff push dword DATA_007901 push dword DATA_007902 push dword DATA_007900 call _SoundCheckInit add esp, byte 0xc mov eax, 0x1 ret ; void F1902 (int songindex) ; Plays specified song. if songindex==-1, ; plays random song from selection. FUNC_001902_SoundPlaySong: ; Pos = 700b4 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x8] mov edi,DATA_008804 cmp byte [edi+0x3f5d],0x0 jz near JUMP_008104 cmp dword [DATA_007901],byte +0x0 jz near JUMP_008104 cmp dword [DATA_007900],byte +0x0 jz near JUMP_008104 cmp ebx,byte +0x11 jnl near JUMP_008104 test ebx,ebx jnl JUMP_008102 xor esi,esi push byte +0x10 call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax jmp short JUMP_008100 JUMP_008098: ; Pos = 70105 cmp byte [edi+ebx+0x3f66],0x0 jz JUMP_008099 cmp ebx,[edi+0x5334] jnz JUMP_008101 JUMP_008099: ; Pos = 70117 push byte +0x10 call near [DATA_007217] ; FUNC_000922 pop ecx mov ebx,eax inc esi JUMP_008100: ; Pos = 70123 cmp ebx,byte +0x10 jnl JUMP_008101 cmp esi,byte +0xa jl JUMP_008098 JUMP_008101: ; Pos = 7012d cmp esi,byte +0xa jnl JUMP_008104 JUMP_008102: ; Pos = 70132 cmp byte [edi+ebx+0x3f66],0x0 jz JUMP_008104 cmp ebx, [edi+0x5334] jz JUMP_008104 push ebx call _SoundPlaySong pop ecx mov [edi+0x5334],ebx JUMP_008104: ; Pos = 70178 pop edi pop esi pop ebx pop ebp ret ; void F1903 (void) ; Stops and unloads current song FUNC_001903_SoundStopSong: ; Pos = 7017d cmp dword [DATA_007901],byte +0x0 jz JUMP_008105 cmp dword [DATA_009116],byte +0x0 jl JUMP_008105 call _SoundStopSong mov dword [DATA_009116],0xffffffff JUMP_008105: ; Pos = 701bc ret ; int F1904 (void) ; Kills if song if not currently playing ; Returns 1 if song was finished FUNC_001904_SoundSongDone: ; Pos = 70a94 push ebx cmp dword [DATA_009116],byte -0x1 jnz JUMP_008159 mov eax,0x1 pop ebx ret JUMP_008159: ; Pos = 70aa5 cmp dword [DATA_007900],byte +0x0 jz JUMP_008160 cmp dword [DATA_007901],byte +0x0 jnz JUMP_008161 JUMP_008160: ; Pos = 70ab7 mov eax,0x1 pop ebx ret JUMP_008161: ; Pos = 70abe call _SoundSongDone cmp eax, 1 jnz .end mov dword [DATA_009116], -1 .end: pop ebx ret FUNC_001905_nothing: ; Pos = 701bd ret ; void F1906 (int sampleindex) ; Plays specified sound at default volume ; Checks whether beep, station, wind and engine noises are enabled ; If wind, randomize sound/pitch/volume ; If boom, always use first channel and kill station sound ; If siren, station, ecm, necm or wind, return if already playing ; Otherwise kill old and start new FUNC_001906_SoundPlaySample: ; Pos = 701be push ebp mov ebp,esp push dword 0x3f push dword [ebp+0x8] call FUNC_001908_SoundPlaySampleLinVol add esp, byte 8 pop ebp ret ; void F1907 (int sampleindex, int logvol) ; Plays specified sound at specified volume ; Checks whether station, wind and engine noises are enabled ; If boom, kill station sound ; If siren, station, ecm, necm or wind, modify volume only ; if already playing, else kill old and start new FUNC_001907_SoundPlaySampleLogVol: ; Pos = 703c0 push ebp mov ebp,esp mov ecx, [ebp+0xc] test ecx, ecx jnl .positive xor ecx, ecx; .positive: sar ecx, 2 mov eax, 0x3f sar eax, cl push eax push dword [ebp+0x8] call FUNC_001908_SoundPlaySampleLinVol add esp, byte 8 pop ebp ret ; void F1908 (int sampleindex, int linvol) ; Plays specified sound at specified volume ; Checks whether station, wind and engine noises are enabled ; If siren, station, ecm, necm or wind, modify volume only ; if already playing, else kill old and start new FUNC_001908_SoundPlaySampleLinVol: ; Pos = 70592 push ebp mov ebp,esp push ebx push esi push edi mov ebx,[ebp+0x8] cmp byte [DATA_009028],0x0 jz near JUMP_008122 cmp dword [DATA_007902],byte +0x0 jz near JUMP_008122 cmp dword [DATA_007900],byte +0x0 jz near JUMP_008122 cmp ebx,byte +0x14 jnz JUMP_008106 cmp byte [DATA_009036],0x0 jz near JUMP_008122 JUMP_008106: ; Pos = 70205 cmp ebx,byte +0x10 jnz JUMP_008107 cmp byte [DATA_009030],0x0 jz near JUMP_008122 JUMP_008107: ; Pos = 70217 cmp ebx,byte +0xf jnz JUMP_008108 cmp byte [DATA_009032],0x0 jz near JUMP_008122 JUMP_008108: ; Pos = 70229 cmp ebx,byte +0xe jz JUMP_008109 cmp ebx,byte +0x25 jnz JUMP_008120 JUMP_008109: ; Pos = 70233 cmp byte [DATA_009034],0x0 jz near JUMP_008122 mov ebx,0xe push byte +0x4 call near [DATA_007217] ; FUNC_000922 pop ecx cmp eax,byte +0x1 jc JUMP_008118 add ebx,byte +0x17 JUMP_008118: push dword 0x3fff call near [DATA_007217] ; FUNC_000922 pop ecx mov esi, eax push dword 0x4000 call near [DATA_007217] ; FUNC_000922 pop ecx add eax,0x6000 push eax push esi push ebx call _SoundPlaySample add esp, byte 0xc JUMP_008120: ; Pos = 70390 mov eax, [ebp+0xc] shl eax, 9 cmp eax, 0x7fff jng JUMP_008121 mov eax, 0x7fff JUMP_008121: push dword -1 push eax push ebx call _SoundPlaySample add esp,byte +0xc JUMP_008122: ; Pos = 703bb pop edi pop esi pop ebx pop ebp ret ; void F1909 (void) ; Stops all samples playing, clears channel array FUNC_001909_SoundStopAllSamples: ; Pos = 706d4 cmp dword [DATA_007902],byte +0x0 jz JUMP_008146 cmp dword [DATA_007900],byte +0x0 jz JUMP_008146 call _SoundStopAllSamples JUMP_008146: ret ; void F1910 (?, int volpitch, ?, ?) ; Modifies volume pitch etc. of station noise FUNC_001910_SoundModifyStationNoise: ; Pos = 70711 push ebp mov ebp,esp cmp byte [DATA_009028],0x0 jz near JUMP_008151 cmp dword [DATA_007902],byte +0x0 jz near JUMP_008151 cmp dword [DATA_007900],byte +0x0 jz near JUMP_008151 cmp byte [DATA_009030],0x0 jz near JUMP_008151 mov eax, [ebp+0xc] add eax, 0x10000 push eax push dword [ebp+0xc] push dword 0x10 call _SoundPlaySample add esp, byte 0xc JUMP_008151: pop ebp ret FUNC_001913_Sin16: ; Pos = 70adc push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,eax and edx,0x3fff shr eax,0xe and eax,byte +0x3 sub eax,byte +0x1 jc JUMP_008163 jz JUMP_008164 dec eax jz JUMP_008165 dec eax jz JUMP_008166 pop ebp ret JUMP_008163: ; Pos = 70aff mov eax,[edx*4+DATA_007975] sar eax,0x10 pop ebp ret JUMP_008164: ; Pos = 70b0b mov eax,0x3fff sub eax,edx mov eax,[eax*4+DATA_007975] sar eax,0x10 pop ebp ret JUMP_008165: ; Pos = 70b1e mov eax,[edx*4+DATA_007975] sar eax,0x10 neg eax pop ebp ret JUMP_008166: ; Pos = 70b2c mov eax,0x3fff sub eax,edx mov eax,[eax*4+DATA_007975] sar eax,0x10 neg eax pop ebp ret FUNC_001914_Sin32: ; Pos = 70b41 push ebp mov ebp,esp mov eax,[ebp+0x8] mov edx,eax and edx,0x3fff shr eax,0xe and eax,byte +0x3 sub eax,byte +0x1 jc JUMP_008167 jz JUMP_008168 dec eax jz JUMP_008169 dec eax jz JUMP_008170 pop ebp ret JUMP_008167: ; Pos = 70b64 mov eax,[edx*4+DATA_007975] pop ebp ret JUMP_008168: ; Pos = 70b6d mov eax,0x3fff sub eax,edx mov eax,[eax*4+DATA_007975] pop ebp ret JUMP_008169: ; Pos = 70b7d mov eax,[edx*4+DATA_007975] neg eax pop ebp ret JUMP_008170: ; Pos = 70b88 mov eax,0x3fff sub eax,edx mov eax,[eax*4+DATA_007975] neg eax pop ebp ret _strncpyfill: ; Pos = 713ac push ebp mov ebp,esp push ebx push esi push edi mov edi,[ebp+0xc] mov esi,[ebp+0x8] push edi call _strlen pop ecx mov ebx,eax cmp ebx,[ebp+0x10] jna JUMP_008187 mov eax,[ebp+0x10] push eax push edi push esi call _memcpy add esp,byte +0xc jmp short JUMP_008188 JUMP_008187: ; Pos = 713d6 push ebx push edi push esi call _memcpy add esp,byte +0xc mov eax,[ebp+0x10] sub eax,ebx push eax push byte +0x0 add ebx,esi push ebx call _memset add esp,byte +0xc JUMP_008188: ; Pos = 713f4 mov eax,esi pop edi pop esi pop ebx pop ebp ret FUNC_002095_fstore: ; Pos = 76414 push ebp mov ebp,esp lea esp,[ebp-0xc] wait fnstcw [ebp-0x4] wait mov al,[ebp-0x3] or byte [ebp-0x3],0xc fldcw [ebp-0x4] fistp qword [ebp-0xc] mov [ebp-0x3],al fldcw [ebp-0x4] mov eax,[ebp-0xc] mov esp,ebp pop ebp ret FUNC_002110: ; Pos = 76320 push ebp mov ebp,esp lea esp,[ebp-0x4] fld qword [ebp+0x10] mov ax,[ebp+0x16] shl ax,1 jz JUMP_008987 cmp ax,0xffe0 jnc JUMP_008985 fld qword [ebp+0x8] mov ax,[ebp+0xe] shl ax,1 jz JUMP_008986 cmp ax,0xffe0 jnc JUMP_008986 JUMP_008983: ; Pos = 7634a fprem wait fnstsw [ebp-0x4] wait mov ax,[ebp-0x4] sahf jpe JUMP_008983 fstp st1 JUMP_008984: ; Pos = 7635a mov esp,ebp pop ebp ret JUMP_008985: ; Pos = 7635e fstp st0 fld qword [ebp+0x8] jmp short JUMP_008984 JUMP_008986: ; Pos = 76365 fstp st0 JUMP_008987: ; Pos = 76367 fstp st0 fldz jmp short JUMP_008984 _SetJmp: push ebp mov ebp,esp push edi mov edi,[ebp+0x8] mov [edi],eax mov [edi+0x4],ebx mov [edi+0x8],ecx mov [edi+0xc],edx mov [edi+0x10],esi mov eax,[ebp-0x4] mov [edi+0x14],eax mov eax,[ebp+0x0] mov [edi+0x18],eax mov eax,esp add eax,byte +0xc mov [edi+0x1c],eax mov eax,[ebp+0x4] mov [edi+0x20],eax pushf pop dword [edi+0x24] mov [edi+0x28],cs mov [edi+0x2a],ds mov [edi+0x2c],es mov [edi+0x2e],fs mov [edi+0x30],gs mov [edi+0x32],ss ; mov eax,[0x2b64] ; mov [edi+0x3c],eax pop edi xor eax,eax pop ebp ret _LongJmp: mov edi,[esp+0x4] mov eax,[esp+0x8] mov [edi+0x0],eax mov fs,[edi+0x2e] mov gs,[edi+0x30] mov ebx,[edi+0x4] mov ecx,[edi+0x8] mov edx,[edi+0xc] mov ebp,[edi+0x18] mov es,[edi+0x32] mov esi,[edi+0x1c] sub esi,byte +0x1c mov eax,[edi+0x3c] mov [es:esi],eax movzx eax,word [edi+0x2a] mov [es:esi+0x4],eax mov eax,[edi+0x14] mov [es:esi+0x8],eax mov eax,[edi+0x10] mov [es:esi+0xc],eax mov eax,[edi+0x20] mov [es:esi+0x10],eax mov eax,[edi+0x28] mov [es:esi+0x14],eax mov eax,[edi+0x24] mov [es:esi+0x18],eax mov eax,[edi+0x0] mov es,[edi+0x2c] mov ss,[edi+0x32] mov esp,esi ; pop dword [0x2b64] pop edi pop ds pop edi pop esi iret