Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Unfinished source BMD (3dMesh) to SMD

NN - Nord & Noob
Loyal Member
Joined
Jul 15, 2004
Messages
1,207
Reaction score
689
I started it yesterday and today got bored of it.
To big functions, alot poop what i dont like etc + im layze

Share this crap so others no need reverse this shity big loops T_T

@0054BF20
Code:
unit Unit21;

interface

uses
  Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
  Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls;

type
  TForm21 = class(TForm)
    Button1: TButton;
    Memo1: TMemo;
    Button2: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

 TName = array [0 .. $19] of AnsiChar;
 PName = ^TName;

 T3Bytes = array [0 .. 2] of Byte;
 P3Bytes = ^T3Bytes;

 T3Words = array [0 .. 2] of Word;
 P3Words = ^T3Words;

 T5Words = array [0 .. 4] of Word;
 P5Words = ^T5Words;

 TBlock = array [0 .. $23] of Byte;
 PBlock = ^TBlock;

 TByteWord = packed record
  W: Word;
  B: Byte;
 end;
 PByteWord = ^TByteWord;

 TWordByte = packed record
  B: Byte;
  W: Word;
 end;
 PWordByte = ^TWordByte;

 TByteWordArray = array of TByteWord;
 PByteWordArray = ^TByteWordArray;

 TWordByteArray = array of TWordByte;
 PWordByteArray = ^TWordByteArray;

 TNameArray = array of TName;
 PNameArray = ^TNameArray;

 TBlockArray = array of TBlock;
 PBlockArray = ^TBlockArray;

 TBmdHdr = packed record
  Signature: array [0 .. 2] of AnsiChar;
  EncFlag: Byte;
  ContentSize: DWORD;
 end;
 PBmdHdr = ^TBmdHdr;

 TFullBlock = packed record
  FileName: TName;
  Block: TBlockArray;
 end;
 PFullBlock = ^TFullBlock;

 TFullFile = array of TFullBlock;
 PFullFile = ^TFullFile;

var
  Form21: TForm21;

implementation

{$R *.dfm}

procedure DecryptBMD (Buffer: TBytes; const HdrSize: Integer = 8);
const
 Key: array [0 .. 15] of Byte = ($D1 ,$73 ,$52 ,$F6, $D2, $9A, $CB, $27, $3E, $AF, $59, $31, $37, $B3, $E7, $A2);
 Key5E = $5E;
var
 K, E: Integer;
 NextXorKey, XoredByte: Byte;
begin
 NextXorKey := Key5E;
 E := 0;
 for K := HdrSize to Length(Buffer) do
  begin
   XoredByte := (Buffer[K] xor Key[E mod 16]) - NextXorKey;
   NextXorKey := Buffer[K] + $3D and $FF;
   Buffer[K] := XoredByte;
   Inc(E, 1);
  end;
end;

function ReadBMDFile(const FileName: TFileName): TBytes;
var
 Fs: TStream;
begin
 Result := nil;
 try
  Fs := TFileStream.Create(FileName, fmOpenRead);
   try
    SetLength(Result, Fs.Size);
    Fs.Read(Result[0], Length(Result));
   finally
    Fs.Free;
   end;
 except
  on E: Exception do
   MessageDlg('Failed to open file with error: ' + PWideChar(E.Message), mtError, [mbOK], 0);
 end;
end;

procedure TForm21.Button1Click(Sender: TObject);
const
 Bmd = 'C:\Users\Ronaldo\BMD - SMD\SkinShell.bmd';
var
 Buffer, TestBuffer: TBytes;
 Hdr: TBmdHdr;

 S: string;
 K, E, F, I, Loop: Integer;
 First3Words: T3Words;
 Next5Words: T5Words;
 ByteWord: TByteWordArray;
 WordByte: TWordByteArray;
 Blocks: TBlockArray;
 Names: TNameArray;
begin
 TestBuffer := ReadBMDFile(Bmd);
 if TestBuffer = nil then
  Exit
 else
  begin
   K := 0;
   Hdr := PBmdHdr(@TestBuffer[0])^;

   if (Hdr.EncFlag = $C) then
    DecryptBMD(TestBuffer);

   SetLength(Buffer, Length(TestBuffer) -8);
   Move(TestBuffer[8], Buffer[0], Length(Buffer));

   SetLength(Names, High(Names) +2);
   Names[High(Names)] := PName(@Buffer[K])^;
   Inc(K, $20);

   First3Words := P3Words(@Buffer[K])^;
   Inc(K, 6);

   for Loop := 0 to First3Words[0] -1 do
    begin
     Next5Words := P5Words(@Buffer[K])^;
     Next5Words[0] := Next5Words[0] shl 4;
     Next5Words[2] := Next5Words[2] shl 3;
     Inc(K, 10);

     E := Next5Words[1] * $14;
     K := K + Next5Words[0];
     E := E + K + Next5Words[2];

     SetLength(TestBuffer, E);
     Move(Buffer[0], TestBuffer[0], E);


     for F := 0 to Next5Words[3] - 1 do
      begin
       SetLength(Blocks, High(Blocks) +2);
       Blocks[High(Blocks)] := PBlock(@Buffer[E])^;

       Inc(E, $40);
      end;

     SetLength(Names, High(Names) +2);
     Names[High(Names)] := PName(@Buffer[E])^;
     Inc(E, $20);

     Next5Words[3] := Next5Words[3] shl 5;
     K := E;
    end; //finished!

   for Loop := 0 to First3Words[2] -1 do
    begin
     SetLength(ByteWord, High(ByteWord) +2);
     ByteWord[High(ByteWord)] := PByteWord(@Buffer[K])^;
     Inc(K, 3);

     if ByteWord[High(ByteWord)].B = 1 then
      begin
       E := ByteWord[High(ByteWord)].W * $C;

       Inc(K, E);
      end;
    end;

   for Loop := 0 to First3Words[1] -1 do  // need recheck
    begin
     SetLength(WordByte, High(WordByte) +2);
     WordByte[High(WordByte)].B := PByte(@Buffer[K])^;
     Inc(K, 1);

     if (WordByte[High(WordByte)].B = 1) then
      begin
       SetLength(Names, High(Names) +2);
       Names[High(Names)] := '#### Brr... skiped poop';
       Continue;
      end;

     SetLength(Names, High(Names) +2);
     Names[High(Names)] := PName(@Buffer[K])^;
     Inc(K, $20);

     WordByte[High(WordByte)].W := PWord(@Buffer[K])^;
     Inc(K, 2);

     for F := 0 to First3Words[2] -1 do
      begin
       E := (ByteWord[F].W * $C) + $C;
       K := K + E;

       S := (IntToHex(Buffer[K], 4));
       for I := 0 to ByteWord[F].W -1 do
        begin
         //
        end;
      end;
    end;
  end;

 for I := Low(Names) to High(Names) do
  Memo1.Lines.Add(Trim(Names[i]));

  Memo1.Lines.Add('');

 for I := Low(Blocks) to 3 do
  begin
   S := '';
   for E := 0 to $23 do
    S := S + ' ' + IntToHex(Blocks[I][E], 1);

   Memo1.Lines.Add(S);
  end;
end;

end.

Its decrypt all and parse by splits very well, but i cant find where is focking floats etc.. :huh: so cant do finish structs
so after 1h debug i decided to forget and delete this project :thumbup: if u can direct me right way.. u welcome :D
 
Last edited:
NN - Nord & Noob
Loyal Member
Joined
Jul 15, 2004
Messages
1,207
Reaction score
689
Sooner or later i anyway will finish it, its only mather of time ;)
The biggest problem is i dunno SMD file structure.

All i know its some text file with SMD extension :) mu loads SMD and Encrypted SMD (BMD) So i can see how its looks, but cant understand order of BMD bytes T_T

Code:
 for I := 0 to ByteWord[F].W -1 do
  begin
         //
  end;

in this loop its must convert DWORDs to Floats, but i cant understand next CALL so i quit :) Its like 95% finished func ;))
Need block or whenever is float values and convert hex2float and u`re done ;)

next step would be do struct ;)


@C:\Program Files (x86)\WEBZEN\Mu\Data\Skill\Aurora.bmd
Code:
H:\GameData\@0-1 °ų¼ŗĄü\Da
Monster81_R.jpg
Box01

 3 23 0 0 1 0 2 0 20 30 0 0 1 0 2 0 35 32 0 0 1 0 2 0 D 0 10 0 20 20 7 0 7 0 7 0
 3 20 3 0 2 0 1 0 30 30 3 0 2 0 1 0 30 30 3 0 2 0 1 0 13 0 14 0 20 20 0 0 0 0 0 0
 3 20 1 0 4 0 3 0 30 35 1 0 4 0 3 0 2D 34 1 0 4 0 3 0 12 0 14 0 2E 39 1 0 1 0 1 0
 3 2E 5 0 3 0 4 0 20 30 5 0 3 0 4 0 20 20 5 0 3 0 4 0 12 0 16 0 2E 30 2 0 2 0 2 0
 3 2E 4 0 6 0 5 0 20 30 4 0 6 0 5 0 A 20 4 0 6 0 5 0 15 0 16 0 35 20 3 0 3 0 3 0
 3 30 7 0 5 0 6 0 30 31 7 0 5 0 6 0 30 30 7 0 5 0 6 0 15 0 14 0 30 20 4 0 4 0 4 0
 3 30 6 0 8 0 7 0 39 39 6 0 8 0 7 0 30 30 6 0 8 0 7 0 17 0 14 0 72 38 5 0 5 0 5 0
 3 D 9 0 7 0 8 0 35 30 9 0 7 0 8 0 20 34 9 0 7 0 8 0 17 0 16 0 2E 38 6 0 6 0 6 0
 3 2E 8 0 A 0 9 0 20 31 8 0 A 0 9 0 20 20 8 0 A 0 9 0 13 0 16 0 2E 39 7 0 7 0 7 0
 3 2E B 0 9 0 A 0 20 20 B 0 9 0 A 0 30 34 B 0 9 0 A 0 19 0 1A 0 30 20 0 0 0 0 0 0
 3 32 A 0 C 0 B 0 30 30 A 0 C 0 B 0 30 30 A 0 C 0 B 0 18 0 1A 0 30 20 1 0 1 0 1 0
 3 35 D 0 B 0 C 0 30 30 D 0 B 0 C 0 20 20 D 0 B 0 C 0 18 0 1C 0 39 2E 2 0 2 0 2 0
 3 39 C 0 E 0 D 0 20 2D C 0 E 0 D 0 20 20 C 0 E 0 D 0 1B 0 1C 0 30 2E 3 0 3 0 3 0
 3 30 F 0 D 0 E 0 20 20 F 0 D 0 E 0 D A F 0 D 0 E 0 1B 0 1A 0 52 2E 4 0 4 0 4 0
 3 32 E 0 10 0 F 0 35 32 E 0 10 0 F 0 39 33 E 0 10 0 F 0 1D 0 1A 0 32 20 5 0 5 0 5 0
 3 30 11 0 F 0 10 0 30 30 11 0 F 0 10 0 30 30 11 0 F 0 10 0 1D 0 1C 0 35 20 6 0 6 0 6 0
 3 35 10 0 12 0 11 0 20 34 10 0 12 0 11 0 20 20 10 0 12 0 11 0 19 0 1C 0 39 2E 7 0 7 0 7 0
 3 30 13 0 11 0 12 0 20 20 13 0 11 0 12 0 20 20 13 0 11 0 12 0 1F 0 20 0 30 2E 0 0 0 0 0 0
 3 30 12 0 14 0 13 0 A 20 12 0 14 0 13 0 2E 30 12 0 14 0 13 0 1E 0 20 0 38 30 1 0 1 0 1 0
 3 36 15 0 13 0 14 0 30 30 15 0 13 0 14 0 2E 30 15 0 13 0 14 0 1E 0 22 0 30 30 2 0 2 0 2 0
 3 39 14 0 16 0 15 0 30 30 14 0 16 0 15 0 64 D 14 0 16 0 15 0 21 0 22 0 20 20 3 0 3 0 3 0
 3 20 17 0 15 0 16 0 32 20 17 0 15 0 16 0 30 30 17 0 15 0 16 0 21 0 20 0 A 20 4 0 4 0 4 0
 3 30 16 0 18 0 17 0 39 2E 16 0 18 0 17 0 34 32 16 0 18 0 17 0 23 0 20 0 39 33 5 0 5 0 5 0
 3 30 19 0 17 0 18 0 30 2E 19 0 17 0 18 0 20 30 19 0 17 0 18 0 23 0 22 0 39 39 6 0 6 0 6 0
 3 65 18 0 1A 0 19 0 52 2E 18 0 1A 0 19 0 20 30 18 0 1A 0 19 0 1F 0 22 0 20 33 7 0 7 0 7 0
 3 20 1B 0 19 0 1A 0 32 20 1B 0 19 0 1A 0 30 30 1B 0 19 0 1A 0 25 0 26 0 20 2D 0 0 0 0 0 0
 3 20 1A 0 1C 0 1B 0 35 20 1A 0 1C 0 1B 0 39 35 1A 0 1C 0 1B 0 24 0 26 0 34 34 1 0 1 0 1 0
 3 33 1D 0 1B 0 1C 0 34 2E 1D 0 1B 0 1C 0 20 30 1D 0 1B 0 1C 0 24 0 28 0 39 33 2 0 2 0 2 0
 3 33 1C 0 1E 0 1D 0 30 2E 1C 0 1E 0 1D 0 20 30 1C 0 1E 0 1D 0 27 0 28 0 20 20 3 0 3 0 3 0
 3 20 1F 0 1D 0 1E 0 36 37 1F 0 1D 0 1E 0 31 30 1F 0 1D 0 1E 0 27 0 26 0 20 20 4 0 4 0 4 0
 3 20 1E 0 20 0 1F 0 38 32 1E 0 20 0 1F 0 30 30 20 0 21 0 22 0 29 0 26 0 D A 5 0 5 0 5 0
 3 74 21 0 1F 0 20 0 67 D 21 0 1F 0 20 0 36 30 23 0 22 0 21 0 29 0 28 0 35 31 6 0 6 0 6 0
 3 39 20 0 22 0 21 0 30 2E 20 0 22 0 21 0 2D 30 21 0 24 0 23 0 25 0 28 0 33 35 7 0 7 0 7 0
 3 35 23 0 21 0 22 0 30 2E 23 0 21 0 22 0 20 20 25 0 23 0 24 0 2B 0 2C 0 20 20 0 0 0 0 0 0
 3 20 22 0 24 0 23 0 39 32 22 0 24 0 23 0 33 33 24 0 26 0 25 0 2A 0 2C 0 20 20 1 0 1 0 1 0
 3 20 25 0 23 0 24 0 30 35 25 0 23 0 24 0 39 39 27 0 25 0 26 0 2A 0 2E 0 2E 30 2 0 2 0 2 0
 3 2E 24 0 26 0 25 0 31 32 24 0 26 0 25 0 20 20 26 0 28 0 27 0 2D 0 2E 0 2E 30 3 0 3 0 3 0
 3 2E 27 0 25 0 26 0 20 30 27 0 25 0 26 0 20 20 29 0 27 0 28 0 2D 0 2C 0 77 65 4 0 4 0 4 0
 3 2E 26 0 0 0 27 0 20 30 26 0 0 0 27 0 34 37 28 0 0 0 29 0 2F 0 2C 0 20 20 5 0 5 0 5 0
 3 20 2 0 27 0 0 0 30 30 2 0 27 0 0 0 33 33 2 0 29 0 0 0 2F 0 2E 0 20 20 6 0 6 0 6 0

PS. by the way this is offset where its decrypt and parse BMD (convert BMD to SMD)
@0054BF20
 
Last edited:
Junior Spellweaver
Joined
Jun 10, 2006
Messages
136
Reaction score
100
SMD file structure + data types for C++(source: VALVE)

Webzen don't use same structure from valve... have differences... but they store a lot of informations like matrix of rotation and other shits in bmd class.

I decompiled a lot of this class sometime ago, but not finished...
 
NN - Nord & Noob
Loyal Member
Joined
Jul 15, 2004
Messages
1,207
Reaction score
689
Well for me its only 1 big function wich u need reverse ( the one i did )
u got decrypted content and all values splited into parts ;)
 
Junior Spellweaver
Joined
Jun 10, 2006
Messages
136
Reaction score
100
the function to read bmd?? You have one function that i call LoadModel and inside it have one pointer to class that read the bmd... all variables inside it is from one biiiiiiig class with 0x0F0( in 1.02 main ) and 0x0F4 in season5 mains...

00446E6B |> 6A FF PUSH -1
00446E6D |. 68 50D64700 PUSH main74.0047D650 ; ASCII "Player"
00446E72 |. 68 40D64700 PUSH main74.0047D640 ; ASCII "Data\Player\"
00446E77 |. 68 54010000 PUSH 154
00446E7C |. E8 6FF5FFFF CALL main74.004463F0 ; --> That function is that i called Load Model

004463F0 /$ 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
004463F4 |. 83EC 40 SUB ESP,40
004463F7 |. 83F8 FF CMP EAX,-1
004463FA |. 75 19 JNZ SHORT main74.00446415
004463FC |. 8B4424 4C MOV EAX,DWORD PTR SS:[ESP+4C]
00446400 |. 8D4C24 00 LEA ECX,DWORD PTR SS:[ESP]
00446404 |. 50 PUSH EAX
00446405 |. 68 6CD54700 PUSH main74.0047D56C ; ASCII "%s.bmd"
0044640A |. 51 PUSH ECX
0044640B |. E8 FA4D0200 CALL main74.0046B20A
00446410 |. 83C4 0C ADD ESP,0C
00446413 |. EB 2E JMP SHORT main74.00446443
00446415 |> 83F8 0A CMP EAX,0A
00446418 |. 50 PUSH EAX
00446419 |. 7D 11 JGE SHORT main74.0044642C
0044641B |. 8B5424 50 MOV EDX,DWORD PTR SS:[ESP+50]
0044641F |. 8D4424 04 LEA EAX,DWORD PTR SS:[ESP+4]
00446423 |. 52 PUSH EDX
00446424 |. 68 60D54700 PUSH main74.0047D560 ; ASCII "%s0%d.bmd"
00446429 |. 50 PUSH EAX
0044642A |. EB 0F JMP SHORT main74.0044643B
0044642C |> 8B4C24 50 MOV ECX,DWORD PTR SS:[ESP+50]
00446430 |. 8D5424 04 LEA EDX,DWORD PTR SS:[ESP+4]
00446434 |. 51 PUSH ECX
00446435 |. 68 54D54700 PUSH main74.0047D554 ; ASCII "%s%d.bmd"
0044643A |. 52 PUSH EDX
0044643B |> E8 CA4D0200 CALL main74.0046B20A
00446440 |. 83C4 10 ADD ESP,10
00446443 |> A0 38D54700 MOV AL,BYTE PTR DS:[47D538]
00446448 |. 84C0 TEST AL,AL
0044644A |. 75 32 JNZ SHORT main74.0044647E
0044644C |. 8B4C24 44 MOV ECX,DWORD PTR SS:[ESP+44]
00446450 |. 8D0449 LEA EAX,DWORD PTR DS:[ECX+ECX*2]
00446453 |. C1E0 03 SHL EAX,3
00446456 |. 2BC1 SUB EAX,ECX
00446458 |. C1E0 03 SHL EAX,3
0044645B |. 66:83B8 BA9372>CMP WORD PTR DS:[EAX+57293BA],0
00446463 |. 7E 3B JLE SHORT main74.004464A0
00446465 |. 8B5424 48 MOV EDX,DWORD PTR SS:[ESP+48]
00446469 |. 8D4C24 00 LEA ECX,DWORD PTR SS:[ESP]
0044646D |. 51 PUSH ECX ; /Arg2
0044646E |. 52 PUSH EDX ; |Arg1
0044646F |. 8D88 98937205 LEA ECX,DWORD PTR DS:[EAX+5729398] ; |
00446475 |. E8 A6ABFCFF CALL main74.00411020 ; \main74.00411020
0044647A |. 83C4 40 ADD ESP,40
0044647D |. C3 RETN
0044647E |> 8D4424 00 LEA EAX,DWORD PTR SS:[ESP]
00446482 |. 8B4C24 48 MOV ECX,DWORD PTR SS:[ESP+48]
00446486 |. 50 PUSH EAX ; /Arg2
00446487 |. 8B4424 48 MOV EAX,DWORD PTR SS:[ESP+48] ; |
0044648B |. 51 PUSH ECX ; |Arg1
0044648C |. 8D1440 LEA EDX,DWORD PTR DS:[EAX+EAX*2] ; |
0044648F |. C1E2 03 SHL EDX,3 ; |
00446492 |. 2BD0 SUB EDX,EAX ; |
00446494 |. 8D0CD5 9893720>LEA ECX,DWORD PTR DS:[EDX*8+5729398] ; | --> Pointer to ModelClass
0044649B |. E8 B0A6FCFF CALL main74.00410B50 ; \main74.00410B50 --> That function is from ModelClass that desencrypt and make the read of BMD
004464A0 |> 83C4 40 ADD ESP,40
004464A3 \. C3 RETN

That is from 0.74 main...

that function ---> @0054BF20, don't is to transform in smd... Search in main for triangle and nodes in this function the main write to a smd file one bmd...
 
Last edited:
NN - Nord & Noob
Loyal Member
Joined
Jul 15, 2004
Messages
1,207
Reaction score
689
Code:
006141FE  |. 6A FF          PUSH -1                                  ; /Arg4 = FFFFFFFF
00614200  |. 68 ECABD200    PUSH main_no_.00D2ABEC                   ; |Arg3 = 00D2ABEC ASCII "Player"
00614205  |. 68 F4ABD200    PUSH main_no_.00D2ABF4                   ; |Arg2 = 00D2ABF4 ASCII "Data\Player\"
0061420A  |. 68 8B040000    PUSH 48B                                 ; |Arg1 = 0000048B
0061420F  |. E8 7CFEFFFF    CALL main_no_.00614090                   ; \main_no_.00614090

Code:
00614090  /$ 55             PUSH EBP
00614091  |. 8BEC           MOV EBP,ESP
00614093  |. 81EC 50010000  SUB ESP,150
00614099  |. 837D 14 FF     CMP DWORD PTR SS:[EBP+14],-1
0061409D  |. 75 17          JNZ SHORT main_no_.006140B6
0061409F  |. 8B45 10        MOV EAX,DWORD PTR SS:[EBP+10]
006140A2  |. 50             PUSH EAX
006140A3  |. 68 90ABD200    PUSH main_no_.00D2AB90                   ;  ASCII "%s.bmd"
006140A8  |. 8D4D B8        LEA ECX,DWORD PTR SS:[EBP-48]
006140AB  |. 51             PUSH ECX
006140AC  |. E8 999E3B00    CALL main_no_.009CDF4A
006140B1  |. 83C4 0C        ADD ESP,0C
006140B4  |. EB 3A          JMP SHORT main_no_.006140F0
006140B6  |> 837D 14 0A     CMP DWORD PTR SS:[EBP+14],0A
006140BA  |. 7D 1B          JGE SHORT main_no_.006140D7
006140BC  |. 8B55 14        MOV EDX,DWORD PTR SS:[EBP+14]
006140BF  |. 52             PUSH EDX
006140C0  |. 8B45 10        MOV EAX,DWORD PTR SS:[EBP+10]
006140C3  |. 50             PUSH EAX
006140C4  |. 68 98ABD200    PUSH main_no_.00D2AB98                   ;  ASCII "%s0%d.bmd"
006140C9  |. 8D4D B8        LEA ECX,DWORD PTR SS:[EBP-48]
006140CC  |. 51             PUSH ECX
006140CD  |. E8 789E3B00    CALL main_no_.009CDF4A
006140D2  |. 83C4 10        ADD ESP,10
006140D5  |. EB 19          JMP SHORT main_no_.006140F0
006140D7  |> 8B55 14        MOV EDX,DWORD PTR SS:[EBP+14]
006140DA  |. 52             PUSH EDX
006140DB  |. 8B45 10        MOV EAX,DWORD PTR SS:[EBP+10]
006140DE  |. 50             PUSH EAX
006140DF  |. 68 A4ABD200    PUSH main_no_.00D2ABA4                   ;  ASCII "%s%d.bmd"
006140E4  |. 8D4D B8        LEA ECX,DWORD PTR SS:[EBP-48]
006140E7  |. 51             PUSH ECX
006140E8  |. E8 5D9E3B00    CALL main_no_.009CDF4A
006140ED  |. 83C4 10        ADD ESP,10
006140F0  |> C645 B7 00     MOV BYTE PTR SS:[EBP-49],0
006140F4  |. 8B55 08        MOV EDX,DWORD PTR SS:[EBP+8]
006140F7  |. 52             PUSH EDX
006140F8  |. E8 4398EBFF    CALL main_no_.004CD940
006140FD  |. 8BC8           MOV ECX,EAX
006140FF  |. E8 EC433500    CALL main_no_.009684F0
00614104  |. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
00614107  |. 837D FC 00     CMP DWORD PTR SS:[EBP-4],0
0061410B  |. 75 05          JNZ SHORT main_no_.00614112
0061410D  |. E9 C3000000    JMP main_no_.006141D5
00614112  |> 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4]
00614115  |. 8B4D 08        MOV ECX,DWORD PTR SS:[EBP+8]
00614118  |. 8988 E0000000  MOV DWORD PTR DS:[EAX+E0],ECX
0061411E  |. 6A 01          PUSH 1                                   ; /Arg3 = 00000001
00614120  |. 8D55 B8        LEA EDX,DWORD PTR SS:[EBP-48]            ; |
00614123  |. 52             PUSH EDX                                 ; |Arg2
00614124  |. 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]             ; |
00614127  |. 50             PUSH EAX                                 ; |Arg1
00614128  |. 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]             ; |
0061412B  |. E8 F07DF3FF    CALL main_no_.0054BF20                   ; \Load and conver BMD to SMD
00614130  |. 8845 B7        MOV BYTE PTR SS:[EBP-49],AL
00614133  |. 0FB64D B7      MOVZX ECX,BYTE PTR SS:[EBP-49]
00614137  |. 85C9           TEST ECX,ECX
00614139  |. 0F85 96000000  JNZ main_no_.006141D5
0061413F  |. 68 B0ABD200    PUSH main_no_.00D2ABB0                   ;  ASCII "Monster"
00614144  |. 8B55 10        MOV EDX,DWORD PTR SS:[EBP+10]
00614147  |. 52             PUSH EDX
00614148  |. E8 03B13B00    CALL main_no_.009CF250
0061414D  |. 83C4 08        ADD ESP,8
00614150  |. 85C0           TEST EAX,EAX
00614152  |. 74 3F          JE SHORT main_no_.00614193
00614154  |. 68 B8ABD200    PUSH main_no_.00D2ABB8                   ;  ASCII "Player"
00614159  |. 8B45 10        MOV EAX,DWORD PTR SS:[EBP+10]
0061415C  |. 50             PUSH EAX
0061415D  |. E8 EEB03B00    CALL main_no_.009CF250
00614162  |. 83C4 08        ADD ESP,8
00614165  |. 85C0           TEST EAX,EAX
00614167  |. 74 2A          JE SHORT main_no_.00614193
00614169  |. 68 C0ABD200    PUSH main_no_.00D2ABC0                   ;  ASCII "PlayerTest"
0061416E  |. 8B4D 10        MOV ECX,DWORD PTR SS:[EBP+10]
00614171  |. 51             PUSH ECX
00614172  |. E8 D9B03B00    CALL main_no_.009CF250
00614177  |. 83C4 08        ADD ESP,8
0061417A  |. 85C0           TEST EAX,EAX
0061417C  |. 74 15          JE SHORT main_no_.00614193
0061417E  |. 68 CCABD200    PUSH main_no_.00D2ABCC                   ;  ASCII "Angel"
00614183  |. 8B55 10        MOV EDX,DWORD PTR SS:[EBP+10]
00614186  |. 52             PUSH EDX
00614187  |. E8 C4B03B00    CALL main_no_.009CF250
0061418C  |. 83C4 08        ADD ESP,8
0061418F  |. 85C0           TEST EAX,EAX
00614191  |. 75 42          JNZ SHORT main_no_.006141D5
00614193  |> 8D45 B8        LEA EAX,DWORD PTR SS:[EBP-48]
00614196  |. 50             PUSH EAX
00614197  |. 68 D4ABD200    PUSH main_no_.00D2ABD4                   ;  ASCII "%s file does not exist."
0061419C  |. 8D8D B0FEFFFF  LEA ECX,DWORD PTR SS:[EBP-150]
006141A2  |. 51             PUSH ECX
006141A3  |. E8 A29D3B00    CALL main_no_.009CDF4A
006141A8  |. 83C4 0C        ADD ESP,0C
006141AB  |. 6A 00          PUSH 0                                   ; /Style = MB_OK|MB_APPLMODAL
006141AD  |. 6A 00          PUSH 0                                   ; |Title = NULL
006141AF  |. 8D95 B0FEFFFF  LEA EDX,DWORD PTR SS:[EBP-150]           ; |
006141B5  |. 52             PUSH EDX                                 ; |Text
006141B6  |. A1 78A5E800    MOV EAX,DWORD PTR DS:[E8A578]            ; |
006141BB  |. 50             PUSH EAX                                 ; |hOwner => 003C0CB0 ('MU',class='MU')
006141BC  |. FF15 D406D200  CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
006141C2  |. 6A 00          PUSH 0                                   ; /lParam = 0
006141C4  |. 6A 00          PUSH 0                                   ; |wParam = 0
006141C6  |. 6A 02          PUSH 2                                   ; |Message = WM_DESTROY
006141C8  |. 8B0D 78A5E800  MOV ECX,DWORD PTR DS:[E8A578]            ; |
006141CE  |. 51             PUSH ECX                                 ; |hWnd => 3C0CB0
006141CF  |. FF15 1806D200  CALL DWORD PTR DS:[<&USER32.SendMessageA>; \SendMessageA
006141D5  |> 8BE5           MOV ESP,EBP
006141D7  |. 5D             POP EBP
006141D8  \. C3             RETN

@0054BF20
Code:
0054BF20  /$ 55             PUSH EBP
0054BF21  |. 8BEC           MOV EBP,ESP
0054BF23  |. 6A FF          PUSH -1
0054BF25  |. 68 3215CD00    PUSH main_no_.00CD1532                   ;  SE handler installation
0054BF2A  |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
0054BF30  |. 50             PUSH EAX
0054BF31  |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
0054BF38  |. 81EC 0C010000  SUB ESP,10C
0054BF3E  |. 53             PUSH EBX
0054BF3F  |. 898D 04FFFFFF  MOV DWORD PTR SS:[EBP-FC],ECX
0054BF45  |. 8B85 04FFFFFF  MOV EAX,DWORD PTR SS:[EBP-FC]
0054BF4B  |. 0FB688 FF00000>MOVZX ECX,BYTE PTR DS:[EAX+FF]
0054BF52  |. 83F9 01        CMP ECX,1
0054BF55  |. 75 1D          JNZ SHORT main_no_.0054BF74
0054BF57  |. 0FB655 10      MOVZX EDX,BYTE PTR SS:[EBP+10]
0054BF5B  |. 83FA 01        CMP EDX,1
0054BF5E  |. 75 0D          JNZ SHORT main_no_.0054BF6D
0054BF60  |. 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]
0054BF66  |. E8 75EAFFFF    CALL main_no_.0054A9E0
0054BF6B  |. EB 07          JMP SHORT main_no_.0054BF74
0054BF6D  |> B0 01          MOV AL,1
0054BF6F  |. E9 1D0C0000    JMP main_no_.0054CB91
0054BF74  |> 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
0054BF77  |. 50             PUSH EAX
0054BF78  |. 8D4D A4        LEA ECX,DWORD PTR SS:[EBP-5C]
0054BF7B  |. 51             PUSH ECX
0054BF7C  |. E8 4F1E4800    CALL main_no_.009CDDD0
0054BF81  |. 83C4 08        ADD ESP,8
0054BF84  |. 8B55 0C        MOV EDX,DWORD PTR SS:[EBP+C]
0054BF87  |. 52             PUSH EDX
0054BF88  |. 8D45 A4        LEA EAX,DWORD PTR SS:[EBP-5C]
0054BF8B  |. 50             PUSH EAX
0054BF8C  |. E8 4F1E4800    CALL main_no_.009CDDE0
0054BF91  |. 83C4 08        ADD ESP,8
0054BF94  |. 68 B08FD200    PUSH main_no_.00D28FB0                   ; /Arg2 = 00D28FB0 ASCII "rb"
0054BF99  |. 8D4D A4        LEA ECX,DWORD PTR SS:[EBP-5C]            ; |
0054BF9C  |. 51             PUSH ECX                                 ; |Arg1
0054BF9D  |. E8 3E294800    CALL main_no_.009CE8E0                   ; \main_no_.009CE8E0
0054BFA2  |. 83C4 08        ADD ESP,8
0054BFA5  |. 8945 E8        MOV DWORD PTR SS:[EBP-18],EAX
0054BFA8  |. 837D E8 00     CMP DWORD PTR SS:[EBP-18],0
0054BFAC  |. 75 14          JNZ SHORT main_no_.0054BFC2
0054BFAE  |. 8B95 04FFFFFF  MOV EDX,DWORD PTR SS:[EBP-FC]
0054BFB4  |. C682 FF000000 >MOV BYTE PTR DS:[EDX+FF],0
0054BFBB  |. 32C0           XOR AL,AL
0054BFBD  |. E9 CF0B0000    JMP main_no_.0054CB91
0054BFC2  |> 6A 02          PUSH 2
0054BFC4  |. 6A 00          PUSH 0
0054BFC6  |. 8B45 E8        MOV EAX,DWORD PTR SS:[EBP-18]
0054BFC9  |. 50             PUSH EAX
0054BFCA  |. E8 24934800    CALL main_no_.009D52F3
0054BFCF  |. 83C4 0C        ADD ESP,0C
0054BFD2  |. 8B4D E8        MOV ECX,DWORD PTR SS:[EBP-18]
0054BFD5  |. 51             PUSH ECX
0054BFD6  |. E8 B5954800    CALL main_no_.009D5590
0054BFDB  |. 83C4 04        ADD ESP,4
0054BFDE  |. 8945 9C        MOV DWORD PTR SS:[EBP-64],EAX
0054BFE1  |. 6A 00          PUSH 0
0054BFE3  |. 6A 00          PUSH 0
0054BFE5  |. 8B55 E8        MOV EDX,DWORD PTR SS:[EBP-18]
0054BFE8  |. 52             PUSH EDX
0054BFE9  |. E8 05934800    CALL main_no_.009D52F3
0054BFEE  |. 83C4 0C        ADD ESP,0C
0054BFF1  |. 8B45 9C        MOV EAX,DWORD PTR SS:[EBP-64]
0054BFF4  |. 50             PUSH EAX
0054BFF5  |. E8 F8034800    CALL main_no_.009CC3F2
0054BFFA  |. 83C4 04        ADD ESP,4
0054BFFD  |. 8985 5CFFFFFF  MOV DWORD PTR SS:[EBP-A4],EAX
0054C003  |. 8B8D 5CFFFFFF  MOV ECX,DWORD PTR SS:[EBP-A4]
0054C009  |. 894D 98        MOV DWORD PTR SS:[EBP-68],ECX
0054C00C  |. 8B55 E8        MOV EDX,DWORD PTR SS:[EBP-18]
0054C00F  |. 52             PUSH EDX                                 ; /Arg4
0054C010  |. 8B45 9C        MOV EAX,DWORD PTR SS:[EBP-64]            ; |
0054C013  |. 50             PUSH EAX                                 ; |Arg3
0054C014  |. 6A 01          PUSH 1                                   ; |Arg2 = 00000001
0054C016  |. 8B4D 98        MOV ECX,DWORD PTR SS:[EBP-68]            ; |
0054C019  |. 51             PUSH ECX                                 ; |Arg1
0054C01A  |. E8 E0274800    CALL main_no_.009CE7FF                   ; \main_no_.009CE7FF
0054C01F  |. 83C4 10        ADD ESP,10
0054C022  |. 8B55 E8        MOV EDX,DWORD PTR SS:[EBP-18]
0054C025  |. 52             PUSH EDX
0054C026  |. E8 9B244800    CALL main_no_.009CE4C6
0054C02B  |. 83C4 04        ADD ESP,4
0054C02E  |. C745 A0 030000>MOV DWORD PTR SS:[EBP-60],3
0054C035  |. 8B45 98        MOV EAX,DWORD PTR SS:[EBP-68]
0054C038  |. 0345 A0        ADD EAX,DWORD PTR SS:[EBP-60]
0054C03B  |. 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]
0054C041  |. 8A10           MOV DL,BYTE PTR DS:[EAX]
0054C043  |. 8851 20        MOV BYTE PTR DS:[ECX+20],DL
0054C046  |. 8B45 A0        MOV EAX,DWORD PTR SS:[EBP-60]
0054C049  |. 83C0 01        ADD EAX,1
0054C04C  |. 8945 A0        MOV DWORD PTR SS:[EBP-60],EAX
0054C04F  |. 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]
0054C055  |. 0FBE51 20      MOVSX EDX,BYTE PTR DS:[ECX+20]
0054C059  |. 83FA 0C        CMP EDX,0C
0054C05C  |. 0F85 83000000  JNZ main_no_.0054C0E5
0054C062  |. 8B45 98        MOV EAX,DWORD PTR SS:[EBP-68]
0054C065  |. 0345 A0        ADD EAX,DWORD PTR SS:[EBP-60]
0054C068  |. 8B08           MOV ECX,DWORD PTR DS:[EAX]
0054C06A  |. 894D 8C        MOV DWORD PTR SS:[EBP-74],ECX
0054C06D  |. 8B55 A0        MOV EDX,DWORD PTR SS:[EBP-60]
0054C070  |. 83C2 04        ADD EDX,4
0054C073  |. 8955 A0        MOV DWORD PTR SS:[EBP-60],EDX
0054C076  |. 8B45 8C        MOV EAX,DWORD PTR SS:[EBP-74]
0054C079  |. 50             PUSH EAX                                 ; /Arg3
0054C07A  |. 8B4D 98        MOV ECX,DWORD PTR SS:[EBP-68]            ; |
0054C07D  |. 034D A0        ADD ECX,DWORD PTR SS:[EBP-60]            ; |
0054C080  |. 51             PUSH ECX                                 ; |Arg2
0054C081  |. 6A 00          PUSH 0                                   ; |Arg1 = 00000000
0054C083  |. E8 E8160000    CALL main_no_.0054D770                   ; \main_no_.0054D770
0054C088  |. 83C4 0C        ADD ESP,0C
0054C08B  |. 8945 94        MOV DWORD PTR SS:[EBP-6C],EAX
0054C08E  |. 8B55 94        MOV EDX,DWORD PTR SS:[EBP-6C]
0054C091  |. 52             PUSH EDX
0054C092  |. E8 5B034800    CALL main_no_.009CC3F2
0054C097  |. 83C4 04        ADD ESP,4
0054C09A  |. 8985 58FFFFFF  MOV DWORD PTR SS:[EBP-A8],EAX
0054C0A0  |. 8B85 58FFFFFF  MOV EAX,DWORD PTR SS:[EBP-A8]
0054C0A6  |. 8945 90        MOV DWORD PTR SS:[EBP-70],EAX
0054C0A9  |. 8B4D 8C        MOV ECX,DWORD PTR SS:[EBP-74]
0054C0AC  |. 51             PUSH ECX                                 ; /Arg3
0054C0AD  |. 8B55 98        MOV EDX,DWORD PTR SS:[EBP-68]            ; |
0054C0B0  |. 0355 A0        ADD EDX,DWORD PTR SS:[EBP-60]            ; |
0054C0B3  |. 52             PUSH EDX                                 ; |Arg2
0054C0B4  |. 8B45 90        MOV EAX,DWORD PTR SS:[EBP-70]            ; |
0054C0B7  |. 50             PUSH EAX                                 ; |Arg1
0054C0B8  |. E8 B3160000    CALL main_no_.0054D770                   ; \main_no_.0054D770
0054C0BD  |. 83C4 0C        ADD ESP,0C
0054C0C0  |. 8B4D 98        MOV ECX,DWORD PTR SS:[EBP-68]
0054C0C3  |. 898D 54FFFFFF  MOV DWORD PTR SS:[EBP-AC],ECX
0054C0C9  |. 8B95 54FFFFFF  MOV EDX,DWORD PTR SS:[EBP-AC]
0054C0CF  |. 52             PUSH EDX
0054C0D0  |. E8 E5184800    CALL main_no_.009CD9BA
0054C0D5  |. 83C4 04        ADD ESP,4
0054C0D8  |. 8B45 90        MOV EAX,DWORD PTR SS:[EBP-70]
0054C0DB  |. 8945 98        MOV DWORD PTR SS:[EBP-68],EAX
0054C0DE  |. C745 A0 000000>MOV DWORD PTR SS:[EBP-60],0
0054C0E5  |> 6A 20          PUSH 20
0054C0E7  |. 8B4D 98        MOV ECX,DWORD PTR SS:[EBP-68]
0054C0EA  |. 034D A0        ADD ECX,DWORD PTR SS:[EBP-60]
0054C0ED  |. 51             PUSH ECX
0054C0EE  |. 8B95 04FFFFFF  MOV EDX,DWORD PTR SS:[EBP-FC]
0054C0F4  |. 52             PUSH EDX
0054C0F5  |. E8 66194800    CALL main_no_.009CDA60
0054C0FA  |. 83C4 0C        ADD ESP,0C
0054C0FD  |. 8B45 A0        MOV EAX,DWORD PTR SS:[EBP-60]
0054C100  |. 83C0 20        ADD EAX,20
0054C103  |. 8945 A0        MOV DWORD PTR SS:[EBP-60],EAX
0054C106  |. 8B4D 98        MOV ECX,DWORD PTR SS:[EBP-68]
0054C109  |. 034D A0        ADD ECX,DWORD PTR SS:[EBP-60]
0054C10C  |. 8B95 04FFFFFF  MOV EDX,DWORD PTR SS:[EBP-FC]
0054C112  |. 66:8B01        MOV AX,WORD PTR DS:[ECX]
0054C115  |. 66:8942 24     MOV WORD PTR DS:[EDX+24],AX
0054C119  |. 8B4D A0        MOV ECX,DWORD PTR SS:[EBP-60]
0054C11C  |. 83C1 02        ADD ECX,2
0054C11F  |. 894D A0        MOV DWORD PTR SS:[EBP-60],ECX
0054C122  |. 8B55 98        MOV EDX,DWORD PTR SS:[EBP-68]
0054C125  |. 0355 A0        ADD EDX,DWORD PTR SS:[EBP-60]
0054C128  |. 8B85 04FFFFFF  MOV EAX,DWORD PTR SS:[EBP-FC]
0054C12E  |. 66:8B0A        MOV CX,WORD PTR DS:[EDX]
0054C131  |. 66:8948 22     MOV WORD PTR DS:[EAX+22],CX
0054C135  |. 8B55 A0        MOV EDX,DWORD PTR SS:[EBP-60]
0054C138  |. 83C2 02        ADD EDX,2
0054C13B  |. 8955 A0        MOV DWORD PTR SS:[EBP-60],EDX
0054C13E  |. 8B45 98        MOV EAX,DWORD PTR SS:[EBP-68]
0054C141  |. 0345 A0        ADD EAX,DWORD PTR SS:[EBP-60]
0054C144  |. 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]
0054C14A  |. 66:8B10        MOV DX,WORD PTR DS:[EAX]
0054C14D  |. 66:8951 26     MOV WORD PTR DS:[ECX+26],DX
0054C151  |. 8B45 A0        MOV EAX,DWORD PTR SS:[EBP-60]
0054C154  |. 83C0 02        ADD EAX,2
0054C157  |. 8945 A0        MOV DWORD PTR SS:[EBP-60],EAX
0054C15A  |. 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]
0054C160  |. 0FBF51 24      MOVSX EDX,WORD PTR DS:[ECX+24]
0054C164  |. 83FA 01        CMP EDX,1
0054C167  |. 7D 0C          JGE SHORT main_no_.0054C175
0054C169  |. C785 00FFFFFF >MOV DWORD PTR SS:[EBP-100],1
0054C173  |. EB 10          JMP SHORT main_no_.0054C185
0054C175  |> 8B85 04FFFFFF  MOV EAX,DWORD PTR SS:[EBP-FC]
0054C17B  |. 0FBF48 24      MOVSX ECX,WORD PTR DS:[EAX+24]
0054C17F  |. 898D 00FFFFFF  MOV DWORD PTR SS:[EBP-100],ECX
0054C185  |> 8B95 00FFFFFF  MOV EDX,DWORD PTR SS:[EBP-100]
0054C18B  |. 8995 50FFFFFF  MOV DWORD PTR SS:[EBP-B0],EDX
0054C191  |. 33C9           XOR ECX,ECX
0054C193  |. 8B85 50FFFFFF  MOV EAX,DWORD PTR SS:[EBP-B0]
0054C199  |. BA 68000000    MOV EDX,68
0054C19E  |. F7E2           MUL EDX
0054C1A0  |. 0F90C1         SETO CL
0054C1A3  |. F7D9           NEG ECX
0054C1A5  |. 0BC8           OR ECX,EAX
0054C1A7  |. 33C0           XOR EAX,EAX
0054C1A9  |. 83C1 04        ADD ECX,4
0054C1AC  |. 0F92C0         SETB AL
0054C1AF  |. F7D8           NEG EAX
0054C1B1  |. 0BC1           OR EAX,ECX
0054C1B3  |. 50             PUSH EAX
0054C1B4  |. E8 39024800    CALL main_no_.009CC3F2
0054C1B9  |. 83C4 04        ADD ESP,4
0054C1BC  |. 8985 48FFFFFF  MOV DWORD PTR SS:[EBP-B8],EAX
0054C1C2  |. C745 FC 000000>MOV DWORD PTR SS:[EBP-4],0
0054C1C9  |. 83BD 48FFFFFF >CMP DWORD PTR SS:[EBP-B8],0
0054C1D0  |. 74 41          JE SHORT main_no_.0054C213
0054C1D2  |. 8B8D 48FFFFFF  MOV ECX,DWORD PTR SS:[EBP-B8]
0054C1D8  |. 8B95 50FFFFFF  MOV EDX,DWORD PTR SS:[EBP-B0]
0054C1DE  |. 8911           MOV DWORD PTR DS:[ECX],EDX
0054C1E0  |. 68 F0285300    PUSH main_no_.005328F0                   ;  Entry address
0054C1E5  |. 68 C0295300    PUSH main_no_.005329C0
0054C1EA  |. 8B85 50FFFFFF  MOV EAX,DWORD PTR SS:[EBP-B0]
0054C1F0  |. 50             PUSH EAX
0054C1F1  |. 6A 68          PUSH 68
0054C1F3  |. 8B8D 48FFFFFF  MOV ECX,DWORD PTR SS:[EBP-B8]
0054C1F9  |. 83C1 04        ADD ECX,4
0054C1FC  |. 51             PUSH ECX
0054C1FD  |. E8 B1204800    CALL main_no_.009CE2B3
0054C202  |. 8B95 48FFFFFF  MOV EDX,DWORD PTR SS:[EBP-B8]
0054C208  |. 83C2 04        ADD EDX,4
0054C20B  |. 8995 FCFEFFFF  MOV DWORD PTR SS:[EBP-104],EDX
0054C211  |. EB 0A          JMP SHORT main_no_.0054C21D
0054C213  |> C785 FCFEFFFF >MOV DWORD PTR SS:[EBP-104],0
0054C21D  |> 8B85 FCFEFFFF  MOV EAX,DWORD PTR SS:[EBP-104]
0054C223  |. 8985 4CFFFFFF  MOV DWORD PTR SS:[EBP-B4],EAX
0054C229  |. C745 FC FFFFFF>MOV DWORD PTR SS:[EBP-4],-1
0054C230  |. 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]
0054C236  |. 8B95 4CFFFFFF  MOV EDX,DWORD PTR SS:[EBP-B4]
0054C23C  |. 8951 28        MOV DWORD PTR DS:[ECX+28],EDX
0054C23F  |. 8B85 04FFFFFF  MOV EAX,DWORD PTR SS:[EBP-FC]
0054C245  |. 0FBF48 22      MOVSX ECX,WORD PTR DS:[EAX+22]
0054C249  |. 83F9 01        CMP ECX,1
0054C24C  |. 7D 0C          JGE SHORT main_no_.0054C25A
0054C24E  |. C785 F8FEFFFF >MOV DWORD PTR SS:[EBP-108],1
0054C258  |. EB 10          JMP SHORT main_no_.0054C26A
0054C25A  |> 8B95 04FFFFFF  MOV EDX,DWORD PTR SS:[EBP-FC]
0054C260  |. 0FBF42 22      MOVSX EAX,WORD PTR DS:[EDX+22]
0054C264  |. 8985 F8FEFFFF  MOV DWORD PTR SS:[EBP-108],EAX
0054C26A  |> 33C9           XOR ECX,ECX
0054C26C  |. 8B85 F8FEFFFF  MOV EAX,DWORD PTR SS:[EBP-108]
0054C272  |. BA 8C000000    MOV EDX,8C
0054C277  |. F7E2           MUL EDX
0054C279  |. 0F90C1         SETO CL
0054C27C  |. F7D9           NEG ECX
0054C27E  |. 0BC8           OR ECX,EAX
0054C280  |. 51             PUSH ECX
0054C281  |. E8 6C014800    CALL main_no_.009CC3F2
0054C286  |. 83C4 04        ADD ESP,4
0054C289  |. 8985 44FFFFFF  MOV DWORD PTR SS:[EBP-BC],EAX
0054C28F  |. 8B85 04FFFFFF  MOV EAX,DWORD PTR SS:[EBP-FC]
0054C295  |. 8B8D 44FFFFFF  MOV ECX,DWORD PTR SS:[EBP-BC]
0054C29B  |. 8948 2C        MOV DWORD PTR DS:[EAX+2C],ECX
0054C29E  |. 8B95 04FFFFFF  MOV EDX,DWORD PTR SS:[EBP-FC]
0054C2A4  |. 0FBF42 26      MOVSX EAX,WORD PTR DS:[EDX+26]
0054C2A8  |. 83F8 01        CMP EAX,1
0054C2AB  |. 7D 0C          JGE SHORT main_no_.0054C2B9
0054C2AD  |. C785 F4FEFFFF >MOV DWORD PTR SS:[EBP-10C],1
0054C2B7  |. EB 10          JMP SHORT main_no_.0054C2C9
0054C2B9  |> 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]
0054C2BF  |. 0FBF51 26      MOVSX EDX,WORD PTR DS:[ECX+26]
0054C2C3  |. 8995 F4FEFFFF  MOV DWORD PTR SS:[EBP-10C],EDX
0054C2C9  |> 33C9           XOR ECX,ECX
0054C2CB  |. 8B85 F4FEFFFF  MOV EAX,DWORD PTR SS:[EBP-10C]
0054C2D1  |. BA 10000000    MOV EDX,10
0054C2D6  |. F7E2           MUL EDX
0054C2D8  |. 0F90C1         SETO CL
0054C2DB  |. F7D9           NEG ECX
0054C2DD  |. 0BC8           OR ECX,EAX
0054C2DF  |. 51             PUSH ECX
0054C2E0  |. E8 0D014800    CALL main_no_.009CC3F2
0054C2E5  |. 83C4 04        ADD ESP,4
0054C2E8  |. 8985 40FFFFFF  MOV DWORD PTR SS:[EBP-C0],EAX
0054C2EE  |. 8B85 04FFFFFF  MOV EAX,DWORD PTR SS:[EBP-FC]
0054C2F4  |. 8B8D 40FFFFFF  MOV ECX,DWORD PTR SS:[EBP-C0]
0054C2FA  |. 8948 30        MOV DWORD PTR DS:[EAX+30],ECX
0054C2FD  |. 8B95 04FFFFFF  MOV EDX,DWORD PTR SS:[EBP-FC]
0054C303  |. 0FBF42 24      MOVSX EAX,WORD PTR DS:[EDX+24]
0054C307  |. 83F8 01        CMP EAX,1
0054C30A  |. 7D 0C          JGE SHORT main_no_.0054C318
0054C30C  |. C785 F0FEFFFF >MOV DWORD PTR SS:[EBP-110],1
0054C316  |. EB 10          JMP SHORT main_no_.0054C328
0054C318  |> 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]
0054C31E  |. 0FBF51 24      MOVSX EDX,WORD PTR DS:[ECX+24]
0054C322  |. 8995 F0FEFFFF  MOV DWORD PTR SS:[EBP-110],EDX
0054C328  |> 33C9           XOR ECX,ECX
0054C32A  |. 8B85 F0FEFFFF  MOV EAX,DWORD PTR SS:[EBP-110]
0054C330  |. BA 20000000    MOV EDX,20
0054C335  |. F7E2           MUL EDX
0054C337  |. 0F90C1         SETO CL
0054C33A  |. F7D9           NEG ECX
0054C33C  |. 0BC8           OR ECX,EAX
0054C33E  |. 51             PUSH ECX
0054C33F  |. E8 AE004800    CALL main_no_.009CC3F2
0054C344  |. 83C4 04        ADD ESP,4
0054C347  |. 8985 3CFFFFFF  MOV DWORD PTR SS:[EBP-C4],EAX
0054C34D  |. 8B85 04FFFFFF  MOV EAX,DWORD PTR SS:[EBP-FC]
0054C353  |. 8B8D 3CFFFFFF  MOV ECX,DWORD PTR SS:[EBP-C4]
0054C359  |. 8948 34        MOV DWORD PTR DS:[EAX+34],ECX
0054C35C  |. 8B95 04FFFFFF  MOV EDX,DWORD PTR SS:[EBP-FC]
0054C362  |. 0FBF42 24      MOVSX EAX,WORD PTR DS:[EDX+24]
0054C366  |. 83F8 01        CMP EAX,1
0054C369  |. 7D 0C          JGE SHORT main_no_.0054C377
0054C36B  |. C785 ECFEFFFF >MOV DWORD PTR SS:[EBP-114],1
0054C375  |. EB 10          JMP SHORT main_no_.0054C387
0054C377  |> 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]
0054C37D  |. 0FBF51 24      MOVSX EDX,WORD PTR DS:[ECX+24]
0054C381  |. 8995 ECFEFFFF  MOV DWORD PTR SS:[EBP-114],EDX
0054C387  |> 33C9           XOR ECX,ECX
0054C389  |. 8B85 ECFEFFFF  MOV EAX,DWORD PTR SS:[EBP-114]
0054C38F  |. BA 04000000    MOV EDX,4
0054C394  |. F7E2           MUL EDX
0054C396  |. 0F90C1         SETO CL
0054C399  |. F7D9           NEG ECX
0054C39B  |. 0BC8           OR ECX,EAX
0054C39D  |. 51             PUSH ECX
0054C39E  |. E8 4F004800    CALL main_no_.009CC3F2
0054C3A3  |. 83C4 04        ADD ESP,4
0054C3A6  |. 8985 38FFFFFF  MOV DWORD PTR SS:[EBP-C8],EAX
0054C3AC  |. 8B85 04FFFFFF  MOV EAX,DWORD PTR SS:[EBP-FC]
0054C3B2  |. 8B8D 38FFFFFF  MOV ECX,DWORD PTR SS:[EBP-C8]
0054C3B8  |. 8948 38        MOV DWORD PTR DS:[EAX+38],ECX
0054C3BB  |. C745 F0 000000>MOV DWORD PTR SS:[EBP-10],0
0054C3C2  |. EB 09          JMP SHORT main_no_.0054C3CD
0054C3C4  |> 8B55 F0        /MOV EDX,DWORD PTR SS:[EBP-10]
0054C3C7  |. 83C2 01        |ADD EDX,1
0054C3CA  |. 8955 F0        |MOV DWORD PTR SS:[EBP-10],EDX
0054C3CD  |> 8B85 04FFFFFF   MOV EAX,DWORD PTR SS:[EBP-FC]
0054C3D3  |. 0FBF48 24      |MOVSX ECX,WORD PTR DS:[EAX+24]
0054C3D7  |. 394D F0        |CMP DWORD PTR SS:[EBP-10],ECX
0054C3DA  |. 0F8D 7E030000  |JGE main_no_.0054C75E
0054C3E0  |. 8B55 F0        |MOV EDX,DWORD PTR SS:[EBP-10]
0054C3E3  |. 6BD2 68        |IMUL EDX,EDX,68
0054C3E6  |. 8B85 04FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-FC]
0054C3EC  |. 0350 28        |ADD EDX,DWORD PTR DS:[EAX+28]
0054C3EF  |. 8995 7CFFFFFF  |MOV DWORD PTR SS:[EBP-84],EDX
0054C3F5  |. 8B4D 98        |MOV ECX,DWORD PTR SS:[EBP-68]
0054C3F8  |. 034D A0        |ADD ECX,DWORD PTR SS:[EBP-60]
0054C3FB  |. 8B95 7CFFFFFF  |MOV EDX,DWORD PTR SS:[EBP-84]
0054C401  |. 66:8B01        |MOV AX,WORD PTR DS:[ECX]
0054C404  |. 66:8942 04     |MOV WORD PTR DS:[EDX+4],AX
0054C408  |. 8B4D A0        |MOV ECX,DWORD PTR SS:[EBP-60]
0054C40B  |. 83C1 02        |ADD ECX,2
0054C40E  |. 894D A0        |MOV DWORD PTR SS:[EBP-60],ECX
0054C411  |. 8B55 98        |MOV EDX,DWORD PTR SS:[EBP-68]
0054C414  |. 0355 A0        |ADD EDX,DWORD PTR SS:[EBP-60]
0054C417  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]
0054C41D  |. 66:8B0A        |MOV CX,WORD PTR DS:[EDX]
0054C420  |. 66:8948 06     |MOV WORD PTR DS:[EAX+6],CX
0054C424  |. 8B55 A0        |MOV EDX,DWORD PTR SS:[EBP-60]
0054C427  |. 83C2 02        |ADD EDX,2
0054C42A  |. 8955 A0        |MOV DWORD PTR SS:[EBP-60],EDX
0054C42D  |. 8B45 98        |MOV EAX,DWORD PTR SS:[EBP-68]
0054C430  |. 0345 A0        |ADD EAX,DWORD PTR SS:[EBP-60]
0054C433  |. 8B8D 7CFFFFFF  |MOV ECX,DWORD PTR SS:[EBP-84]
0054C439  |. 66:8B10        |MOV DX,WORD PTR DS:[EAX]
0054C43C  |. 66:8951 08     |MOV WORD PTR DS:[ECX+8],DX
0054C440  |. 8B45 A0        |MOV EAX,DWORD PTR SS:[EBP-60]
0054C443  |. 83C0 02        |ADD EAX,2
0054C446  |. 8945 A0        |MOV DWORD PTR SS:[EBP-60],EAX
0054C449  |. 8B4D 98        |MOV ECX,DWORD PTR SS:[EBP-68]
0054C44C  |. 034D A0        |ADD ECX,DWORD PTR SS:[EBP-60]
0054C44F  |. 8B95 7CFFFFFF  |MOV EDX,DWORD PTR SS:[EBP-84]
0054C455  |. 66:8B01        |MOV AX,WORD PTR DS:[ECX]
0054C458  |. 66:8942 0C     |MOV WORD PTR DS:[EDX+C],AX
0054C45C  |. 8B4D A0        |MOV ECX,DWORD PTR SS:[EBP-60]
0054C45F  |. 83C1 02        |ADD ECX,2
0054C462  |. 894D A0        |MOV DWORD PTR SS:[EBP-60],ECX
0054C465  |. 8B55 98        |MOV EDX,DWORD PTR SS:[EBP-68]
0054C468  |. 0355 A0        |ADD EDX,DWORD PTR SS:[EBP-60]
0054C46B  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]
0054C471  |. 66:8B0A        |MOV CX,WORD PTR DS:[EDX]
0054C474  |. 66:8948 02     |MOV WORD PTR DS:[EAX+2],CX
0054C478  |. 8B55 A0        |MOV EDX,DWORD PTR SS:[EBP-60]
0054C47B  |. 83C2 02        |ADD EDX,2
0054C47E  |. 8955 A0        |MOV DWORD PTR SS:[EBP-60],EDX
0054C481  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]
0054C487  |. C600 00        |MOV BYTE PTR DS:[EAX],0
0054C48A  |. 8B8D 7CFFFFFF  |MOV ECX,DWORD PTR SS:[EBP-84]
0054C490  |. 0FBF41 04      |MOVSX EAX,WORD PTR DS:[ECX+4]
0054C494  |. 33C9           |XOR ECX,ECX
0054C496  |. BA 10000000    |MOV EDX,10
0054C49B  |. F7E2           |MUL EDX
0054C49D  |. 0F90C1         |SETO CL
0054C4A0  |. F7D9           |NEG ECX
0054C4A2  |. 0BC8           |OR ECX,EAX
0054C4A4  |. 51             |PUSH ECX
0054C4A5  |. E8 48FF4700    |CALL main_no_.009CC3F2
0054C4AA  |. 83C4 04        |ADD ESP,4
0054C4AD  |. 8985 34FFFFFF  |MOV DWORD PTR SS:[EBP-CC],EAX
0054C4B3  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]
0054C4B9  |. 8B8D 34FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-CC]
0054C4BF  |. 8948 14        |MOV DWORD PTR DS:[EAX+14],ECX
0054C4C2  |. 8B95 7CFFFFFF  |MOV EDX,DWORD PTR SS:[EBP-84]
0054C4C8  |. 0FBF42 06      |MOVSX EAX,WORD PTR DS:[EDX+6]
0054C4CC  |. 33C9           |XOR ECX,ECX
0054C4CE  |. BA 14000000    |MOV EDX,14
0054C4D3  |. F7E2           |MUL EDX
0054C4D5  |. 0F90C1         |SETO CL
0054C4D8  |. F7D9           |NEG ECX
0054C4DA  |. 0BC8           |OR ECX,EAX
0054C4DC  |. 51             |PUSH ECX
0054C4DD  |. E8 10FF4700    |CALL main_no_.009CC3F2
0054C4E2  |. 83C4 04        |ADD ESP,4
0054C4E5  |. 8985 30FFFFFF  |MOV DWORD PTR SS:[EBP-D0],EAX
0054C4EB  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]
0054C4F1  |. 8B8D 30FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-D0]
0054C4F7  |. 8948 18        |MOV DWORD PTR DS:[EAX+18],ECX
0054C4FA  |. 8B95 7CFFFFFF  |MOV EDX,DWORD PTR SS:[EBP-84]
0054C500  |. 0FBF42 08      |MOVSX EAX,WORD PTR DS:[EDX+8]
0054C504  |. 33C9           |XOR ECX,ECX
0054C506  |. BA 08000000    |MOV EDX,8
0054C50B  |. F7E2           |MUL EDX
0054C50D  |. 0F90C1         |SETO CL
0054C510  |. F7D9           |NEG ECX
0054C512  |. 0BC8           |OR ECX,EAX
0054C514  |. 51             |PUSH ECX
0054C515  |. E8 D8FE4700    |CALL main_no_.009CC3F2
0054C51A  |. 83C4 04        |ADD ESP,4
0054C51D  |. 8985 2CFFFFFF  |MOV DWORD PTR SS:[EBP-D4],EAX
0054C523  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]
0054C529  |. 8B8D 2CFFFFFF  |MOV ECX,DWORD PTR SS:[EBP-D4]
0054C52F  |. 8948 1C        |MOV DWORD PTR DS:[EAX+1C],ECX
0054C532  |. 8B95 7CFFFFFF  |MOV EDX,DWORD PTR SS:[EBP-84]
0054C538  |. 0FBF42 0C      |MOVSX EAX,WORD PTR DS:[EDX+C]
0054C53C  |. 33C9           |XOR ECX,ECX
0054C53E  |. BA 24000000    |MOV EDX,24
0054C543  |. F7E2           |MUL EDX
0054C545  |. 0F90C1         |SETO CL
0054C548  |. F7D9           |NEG ECX
0054C54A  |. 0BC8           |OR ECX,EAX
0054C54C  |. 51             |PUSH ECX
0054C54D  |. E8 A0FE4700    |CALL main_no_.009CC3F2
0054C552  |. 83C4 04        |ADD ESP,4
0054C555  |. 8985 28FFFFFF  |MOV DWORD PTR SS:[EBP-D8],EAX
0054C55B  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]
0054C561  |. 8B8D 28FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-D8]
0054C567  |. 8948 24        |MOV DWORD PTR DS:[EAX+24],ECX
0054C56A  |. 8B95 7CFFFFFF  |MOV EDX,DWORD PTR SS:[EBP-84]
0054C570  |. 0FBF42 04      |MOVSX EAX,WORD PTR DS:[EDX+4]
0054C574  |. C1E0 04        |SHL EAX,4
0054C577  |. 8945 EC        |MOV DWORD PTR SS:[EBP-14],EAX
0054C57A  |. 8B4D EC        |MOV ECX,DWORD PTR SS:[EBP-14]
0054C57D  |. 51             |PUSH ECX
0054C57E  |. 8B55 98        |MOV EDX,DWORD PTR SS:[EBP-68]
0054C581  |. 0355 A0        |ADD EDX,DWORD PTR SS:[EBP-60]
0054C584  |. 52             |PUSH EDX
0054C585  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]
0054C58B  |. 8B48 14        |MOV ECX,DWORD PTR DS:[EAX+14]
0054C58E  |. 51             |PUSH ECX
0054C58F  |. E8 CC144800    |CALL main_no_.009CDA60
0054C594  |. 83C4 0C        |ADD ESP,0C
0054C597  |. 8B55 A0        |MOV EDX,DWORD PTR SS:[EBP-60]
0054C59A  |. 0355 EC        |ADD EDX,DWORD PTR SS:[EBP-14]
0054C59D  |. 8955 A0        |MOV DWORD PTR SS:[EBP-60],EDX
0054C5A0  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]
0054C5A6  |. 0FBF48 06      |MOVSX ECX,WORD PTR DS:[EAX+6]
0054C5AA  |. 6BC9 14        |IMUL ECX,ECX,14
0054C5AD  |. 894D EC        |MOV DWORD PTR SS:[EBP-14],ECX
0054C5B0  |. 8B55 EC        |MOV EDX,DWORD PTR SS:[EBP-14]
0054C5B3  |. 52             |PUSH EDX
0054C5B4  |. 8B45 98        |MOV EAX,DWORD PTR SS:[EBP-68]
0054C5B7  |. 0345 A0        |ADD EAX,DWORD PTR SS:[EBP-60]
0054C5BA  |. 50             |PUSH EAX
0054C5BB  |. 8B8D 7CFFFFFF  |MOV ECX,DWORD PTR SS:[EBP-84]
0054C5C1  |. 8B51 18        |MOV EDX,DWORD PTR DS:[ECX+18]
0054C5C4  |. 52             |PUSH EDX
0054C5C5  |. E8 96144800    |CALL main_no_.009CDA60
0054C5CA  |. 83C4 0C        |ADD ESP,0C
0054C5CD  |. 8B45 A0        |MOV EAX,DWORD PTR SS:[EBP-60]
0054C5D0  |. 0345 EC        |ADD EAX,DWORD PTR SS:[EBP-14]
0054C5D3  |. 8945 A0        |MOV DWORD PTR SS:[EBP-60],EAX
0054C5D6  |. 8B8D 7CFFFFFF  |MOV ECX,DWORD PTR SS:[EBP-84]
0054C5DC  |. 0FBF51 08      |MOVSX EDX,WORD PTR DS:[ECX+8]
0054C5E0  |. C1E2 03        |SHL EDX,3
0054C5E3  |. 8955 EC        |MOV DWORD PTR SS:[EBP-14],EDX
0054C5E6  |. 8B45 EC        |MOV EAX,DWORD PTR SS:[EBP-14]
0054C5E9  |. 50             |PUSH EAX
0054C5EA  |. 8B4D 98        |MOV ECX,DWORD PTR SS:[EBP-68]
0054C5ED  |. 034D A0        |ADD ECX,DWORD PTR SS:[EBP-60]
0054C5F0  |. 51             |PUSH ECX
0054C5F1  |. 8B95 7CFFFFFF  |MOV EDX,DWORD PTR SS:[EBP-84]
0054C5F7  |. 8B42 1C        |MOV EAX,DWORD PTR DS:[EDX+1C]
0054C5FA  |. 50             |PUSH EAX
0054C5FB  |. E8 60144800    |CALL main_no_.009CDA60
0054C600  |. 83C4 0C        |ADD ESP,0C
0054C603  |. 8B4D A0        |MOV ECX,DWORD PTR SS:[EBP-60]
0054C606  |. 034D EC        |ADD ECX,DWORD PTR SS:[EBP-14]
0054C609  |. 894D A0        |MOV DWORD PTR SS:[EBP-60],ECX
0054C60C  |. C745 EC 240000>|MOV DWORD PTR SS:[EBP-14],24
0054C613  |. C745 88 400000>|MOV DWORD PTR SS:[EBP-78],40
0054C61A  |. C785 78FFFFFF >|MOV DWORD PTR SS:[EBP-88],0
0054C624  |. EB 0F          |JMP SHORT main_no_.0054C635
0054C626  |> 8B95 78FFFFFF  |/MOV EDX,DWORD PTR SS:[EBP-88]
0054C62C  |. 83C2 01        ||ADD EDX,1
0054C62F  |. 8995 78FFFFFF  ||MOV DWORD PTR SS:[EBP-88],EDX
0054C635  |> 8B85 7CFFFFFF  | MOV EAX,DWORD PTR SS:[EBP-84]
0054C63B  |. 0FBF48 0C      ||MOVSX ECX,WORD PTR DS:[EAX+C]
0054C63F  |. 398D 78FFFFFF  ||CMP DWORD PTR SS:[EBP-88],ECX
0054C645  |. 7D 31          ||JGE SHORT main_no_.0054C678
0054C647  |. 8B55 EC        ||MOV EDX,DWORD PTR SS:[EBP-14]
0054C64A  |. 52             ||PUSH EDX
0054C64B  |. 8B45 98        ||MOV EAX,DWORD PTR SS:[EBP-68]
0054C64E  |. 0345 A0        ||ADD EAX,DWORD PTR SS:[EBP-60]
0054C651  |. 50             ||PUSH EAX
0054C652  |. 8B8D 78FFFFFF  ||MOV ECX,DWORD PTR SS:[EBP-88]
0054C658  |. 6BC9 24        ||IMUL ECX,ECX,24
0054C65B  |. 8B95 7CFFFFFF  ||MOV EDX,DWORD PTR SS:[EBP-84]
0054C661  |. 034A 24        ||ADD ECX,DWORD PTR DS:[EDX+24]
0054C664  |. 51             ||PUSH ECX
0054C665  |. E8 F6134800    ||CALL main_no_.009CDA60
0054C66A  |. 83C4 0C        ||ADD ESP,0C
0054C66D  |. 8B45 A0        ||MOV EAX,DWORD PTR SS:[EBP-60]
0054C670  |. 0345 88        ||ADD EAX,DWORD PTR SS:[EBP-78]
0054C673  |. 8945 A0        ||MOV DWORD PTR SS:[EBP-60],EAX
0054C676  |.^EB AE          |\JMP SHORT main_no_.0054C626
0054C678  |> 6A 20          |PUSH 20
0054C67A  |. 8B4D 98        |MOV ECX,DWORD PTR SS:[EBP-68]
0054C67D  |. 034D A0        |ADD ECX,DWORD PTR SS:[EBP-60]
0054C680  |. 51             |PUSH ECX
0054C681  |. 8B55 F0        |MOV EDX,DWORD PTR SS:[EBP-10]
0054C684  |. C1E2 05        |SHL EDX,5
0054C687  |. 8B85 04FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-FC]
0054C68D  |. 0350 34        |ADD EDX,DWORD PTR DS:[EAX+34]
0054C690  |. 52             |PUSH EDX
0054C691  |. E8 CA134800    |CALL main_no_.009CDA60
0054C696  |. 83C4 0C        |ADD ESP,0C
0054C699  |. 8B4D A0        |MOV ECX,DWORD PTR SS:[EBP-60]
0054C69C  |. 83C1 20        |ADD ECX,20
0054C69F  |. 894D A0        |MOV DWORD PTR SS:[EBP-60],ECX
0054C6A2  |. 8D4D 80        |LEA ECX,DWORD PTR SS:[EBP-80]
0054C6A5  |. E8 C662FEFF    |CALL main_no_.00532970
0054C6AA  |. C745 FC 010000>|MOV DWORD PTR SS:[EBP-4],1
0054C6B1  |. 8B55 F0        |MOV EDX,DWORD PTR SS:[EBP-10]
0054C6B4  |. C1E2 05        |SHL EDX,5
0054C6B7  |. 8B85 04FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-FC]
0054C6BD  |. 0350 34        |ADD EDX,DWORD PTR DS:[EAX+34]
0054C6C0  |. 52             |PUSH EDX                                ; /Arg1
0054C6C1  |. 8D4D 80        |LEA ECX,DWORD PTR SS:[EBP-80]           ; |
0054C6C4  |. E8 47BDFEFF    |CALL main_no_.00538410                  ; \main_no_.00538410
0054C6C9  |. 0FB6C8         |MOVZX ECX,AL
0054C6CC  |. 85C9           |TEST ECX,ECX
0054C6CE  |. 74 6D          |JE SHORT main_no_.0054C73D
0054C6D0  |. 6A 05          |PUSH 5
0054C6D2  |. E8 8E224800    |CALL main_no_.009CE965
0054C6D7  |. 83C4 04        |ADD ESP,4
0054C6DA  |. 8985 20FFFFFF  |MOV DWORD PTR SS:[EBP-E0],EAX
0054C6E0  |. C645 FC 02     |MOV BYTE PTR SS:[EBP-4],2
0054C6E4  |. 83BD 20FFFFFF >|CMP DWORD PTR SS:[EBP-E0],0
0054C6EB  |. 74 13          |JE SHORT main_no_.0054C700
0054C6ED  |. 8B8D 20FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-E0]
0054C6F3  |. E8 4862FEFF    |CALL main_no_.00532940
0054C6F8  |. 8985 E8FEFFFF  |MOV DWORD PTR SS:[EBP-118],EAX
0054C6FE  |. EB 0A          |JMP SHORT main_no_.0054C70A
0054C700  |> C785 E8FEFFFF >|MOV DWORD PTR SS:[EBP-118],0
0054C70A  |> 8B95 E8FEFFFF  |MOV EDX,DWORD PTR SS:[EBP-118]
0054C710  |. 8995 24FFFFFF  |MOV DWORD PTR SS:[EBP-DC],EDX
0054C716  |. C645 FC 01     |MOV BYTE PTR SS:[EBP-4],1
0054C71A  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]
0054C720  |. 8B8D 24FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-DC]
0054C726  |. 8948 2C        |MOV DWORD PTR DS:[EAX+2C],ECX
0054C729  |. 8D55 80        |LEA EDX,DWORD PTR SS:[EBP-80]
0054C72C  |. 52             |PUSH EDX                                ; /Arg1
0054C72D  |. 8B85 7CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-84]           ; |
0054C733  |. 8B48 2C        |MOV ECX,DWORD PTR DS:[EAX+2C]           ; |
0054C736  |. E8 85BCFEFF    |CALL main_no_.005383C0                  ; \main_no_.005383C0
0054C73B  |. EB 0D          |JMP SHORT main_no_.0054C74A
0054C73D  |> 8B8D 7CFFFFFF  |MOV ECX,DWORD PTR SS:[EBP-84]
0054C743  |. C741 2C 000000>|MOV DWORD PTR DS:[ECX+2C],0
0054C74A  |> C745 FC FFFFFF>|MOV DWORD PTR SS:[EBP-4],-1
0054C751  |. 8D4D 80        |LEA ECX,DWORD PTR SS:[EBP-80]
0054C754  |. E8 3762FEFF    |CALL main_no_.00532990
0054C759  |.^E9 66FCFFFF    \JMP main_no_.0054C3C4
0054C75E  |> C745 F0 000000>MOV DWORD PTR SS:[EBP-10],0
0054C765  |. EB 09          JMP SHORT main_no_.0054C770
0054C767  |> 8B55 F0        /MOV EDX,DWORD PTR SS:[EBP-10]
0054C76A  |. 83C2 01        |ADD EDX,1
0054C76D  |. 8955 F0        |MOV DWORD PTR SS:[EBP-10],EDX
0054C770  |> 8B85 04FFFFFF   MOV EAX,DWORD PTR SS:[EBP-FC]
0054C776  |. 0FBF48 26      |MOVSX ECX,WORD PTR DS:[EAX+26]
0054C77A  |. 394D F0        |CMP DWORD PTR SS:[EBP-10],ECX
0054C77D  |. 0F8D FA000000  |JGE main_no_.0054C87D
0054C783  |. 8B55 F0        |MOV EDX,DWORD PTR SS:[EBP-10]
0054C786  |. C1E2 04        |SHL EDX,4
0054C789  |. 8B85 04FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-FC]
0054C78F  |. 0350 30        |ADD EDX,DWORD PTR DS:[EAX+30]
0054C792  |. 8995 74FFFFFF  |MOV DWORD PTR SS:[EBP-8C],EDX
0054C798  |. 8B8D 74FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-8C]
0054C79E  |. C601 00        |MOV BYTE PTR DS:[ECX],0
0054C7A1  |. 8B55 98        |MOV EDX,DWORD PTR SS:[EBP-68]
0054C7A4  |. 0355 A0        |ADD EDX,DWORD PTR SS:[EBP-60]
0054C7A7  |. 8B85 74FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-8C]
0054C7AD  |. 66:8B0A        |MOV CX,WORD PTR DS:[EDX]
0054C7B0  |. 66:8948 08     |MOV WORD PTR DS:[EAX+8],CX
0054C7B4  |. 8B55 A0        |MOV EDX,DWORD PTR SS:[EBP-60]
0054C7B7  |. 83C2 02        |ADD EDX,2
0054C7BA  |. 8955 A0        |MOV DWORD PTR SS:[EBP-60],EDX
0054C7BD  |. 8B45 98        |MOV EAX,DWORD PTR SS:[EBP-68]
0054C7C0  |. 0345 A0        |ADD EAX,DWORD PTR SS:[EBP-60]
0054C7C3  |. 8B8D 74FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-8C]
0054C7C9  |. 8A10           |MOV DL,BYTE PTR DS:[EAX]
0054C7CB  |. 8851 0A        |MOV BYTE PTR DS:[ECX+A],DL
0054C7CE  |. 8B45 A0        |MOV EAX,DWORD PTR SS:[EBP-60]
0054C7D1  |. 83C0 01        |ADD EAX,1
0054C7D4  |. 8945 A0        |MOV DWORD PTR SS:[EBP-60],EAX
0054C7D7  |. 8B8D 74FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-8C]
0054C7DD  |. 0FB651 0A      |MOVZX EDX,BYTE PTR DS:[ECX+A]
0054C7E1  |. 85D2           |TEST EDX,EDX
0054C7E3  |. 0F84 82000000  |JE main_no_.0054C86B
0054C7E9  |. 8B85 74FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-8C]
0054C7EF  |. 0FBF40 08      |MOVSX EAX,WORD PTR DS:[EAX+8]
0054C7F3  |. 33C9           |XOR ECX,ECX
0054C7F5  |. BA 03000000    |MOV EDX,3
0054C7FA  |. F7E2           |MUL EDX
0054C7FC  |. 0F90C1         |SETO CL
0054C7FF  |. F7D9           |NEG ECX
0054C801  |. 0BC8           |OR ECX,EAX
0054C803  |. 33DB           |XOR EBX,EBX
0054C805  |. 8BC1           |MOV EAX,ECX
0054C807  |. B9 04000000    |MOV ECX,4
0054C80C  |. F7E1           |MUL ECX
0054C80E  |. 0F90C3         |SETO BL
0054C811  |. F7DB           |NEG EBX
0054C813  |. 0BD8           |OR EBX,EAX
0054C815  |. 53             |PUSH EBX
0054C816  |. E8 D7FB4700    |CALL main_no_.009CC3F2
0054C81B  |. 83C4 04        |ADD ESP,4
0054C81E  |. 8985 1CFFFFFF  |MOV DWORD PTR SS:[EBP-E4],EAX
0054C824  |. 8B95 74FFFFFF  |MOV EDX,DWORD PTR SS:[EBP-8C]
0054C82A  |. 8B85 1CFFFFFF  |MOV EAX,DWORD PTR SS:[EBP-E4]
0054C830  |. 8942 0C        |MOV DWORD PTR DS:[EDX+C],EAX
0054C833  |. 8B8D 74FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-8C]
0054C839  |. 0FBF51 08      |MOVSX EDX,WORD PTR DS:[ECX+8]
0054C83D  |. 6BD2 0C        |IMUL EDX,EDX,0C
0054C840  |. 8955 EC        |MOV DWORD PTR SS:[EBP-14],EDX
0054C843  |. 8B45 EC        |MOV EAX,DWORD PTR SS:[EBP-14]
0054C846  |. 50             |PUSH EAX
0054C847  |. 8B4D 98        |MOV ECX,DWORD PTR SS:[EBP-68]
0054C84A  |. 034D A0        |ADD ECX,DWORD PTR SS:[EBP-60]
0054C84D  |. 51             |PUSH ECX
0054C84E  |. 8B95 74FFFFFF  |MOV EDX,DWORD PTR SS:[EBP-8C]
0054C854  |. 8B42 0C        |MOV EAX,DWORD PTR DS:[EDX+C]
0054C857  |. 50             |PUSH EAX
0054C858  |. E8 03124800    |CALL main_no_.009CDA60
0054C85D  |. 83C4 0C        |ADD ESP,0C
0054C860  |. 8B4D A0        |MOV ECX,DWORD PTR SS:[EBP-60]
0054C863  |. 034D EC        |ADD ECX,DWORD PTR SS:[EBP-14]
0054C866  |. 894D A0        |MOV DWORD PTR SS:[EBP-60],ECX
0054C869  |. EB 0D          |JMP SHORT main_no_.0054C878
0054C86B  |> 8B95 74FFFFFF  |MOV EDX,DWORD PTR SS:[EBP-8C]
0054C871  |. C742 0C 000000>|MOV DWORD PTR DS:[EDX+C],0
0054C878  |>^E9 EAFEFFFF    \JMP main_no_.0054C767
0054C87D  |> C745 F0 000000>MOV DWORD PTR SS:[EBP-10],0
0054C884  |. EB 09          JMP SHORT main_no_.0054C88F
0054C886  |> 8B45 F0        /MOV EAX,DWORD PTR SS:[EBP-10]
0054C889  |. 83C0 01        |ADD EAX,1
0054C88C  |. 8945 F0        |MOV DWORD PTR SS:[EBP-10],EAX
0054C88F  |> 8B8D 04FFFFFF   MOV ECX,DWORD PTR SS:[EBP-FC]
0054C895  |. 0FBF51 22      |MOVSX EDX,WORD PTR DS:[ECX+22]
0054C899  |. 3955 F0        |CMP DWORD PTR SS:[EBP-10],EDX
0054C89C  |. 0F8D BB020000  |JGE main_no_.0054CB5D
0054C8A2  |. 8B45 F0        |MOV EAX,DWORD PTR SS:[EBP-10]
0054C8A5  |. 69C0 8C000000  |IMUL EAX,EAX,8C
0054C8AB  |. 8B8D 04FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-FC]
0054C8B1  |. 0341 2C        |ADD EAX,DWORD PTR DS:[ECX+2C]
0054C8B4  |. 8985 70FFFFFF  |MOV DWORD PTR SS:[EBP-90],EAX
0054C8BA  |. 8B55 98        |MOV EDX,DWORD PTR SS:[EBP-68]
0054C8BD  |. 0355 A0        |ADD EDX,DWORD PTR SS:[EBP-60]
0054C8C0  |. 8B85 70FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-90]
0054C8C6  |. 8A0A           |MOV CL,BYTE PTR DS:[EDX]
0054C8C8  |. 8848 22        |MOV BYTE PTR DS:[EAX+22],CL
0054C8CB  |. 8B55 A0        |MOV EDX,DWORD PTR SS:[EBP-60]
0054C8CE  |. 83C2 01        |ADD EDX,1
0054C8D1  |. 8955 A0        |MOV DWORD PTR SS:[EBP-60],EDX
0054C8D4  |. 8B85 70FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-90]
0054C8DA  |. 0FBE48 22      |MOVSX ECX,BYTE PTR DS:[EAX+22]
0054C8DE  |. 85C9           |TEST ECX,ECX
0054C8E0  |. 0F85 72020000  |JNZ main_no_.0054CB58
0054C8E6  |. 6A 20          |PUSH 20
0054C8E8  |. 8B55 98        |MOV EDX,DWORD PTR SS:[EBP-68]
0054C8EB  |. 0355 A0        |ADD EDX,DWORD PTR SS:[EBP-60]
0054C8EE  |. 52             |PUSH EDX
0054C8EF  |. 8B85 70FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-90]
0054C8F5  |. 50             |PUSH EAX
0054C8F6  |. E8 65114800    |CALL main_no_.009CDA60
0054C8FB  |. 83C4 0C        |ADD ESP,0C
0054C8FE  |. 8B4D A0        |MOV ECX,DWORD PTR SS:[EBP-60]
0054C901  |. 83C1 20        |ADD ECX,20
0054C904  |. 894D A0        |MOV DWORD PTR SS:[EBP-60],ECX
0054C907  |. 8B55 98        |MOV EDX,DWORD PTR SS:[EBP-68]
0054C90A  |. 0355 A0        |ADD EDX,DWORD PTR SS:[EBP-60]
0054C90D  |. 8B85 70FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-90]
0054C913  |. 66:8B0A        |MOV CX,WORD PTR DS:[EDX]
0054C916  |. 66:8948 20     |MOV WORD PTR DS:[EAX+20],CX
0054C91A  |. 8B55 A0        |MOV EDX,DWORD PTR SS:[EBP-60]
0054C91D  |. 83C2 02        |ADD EDX,2
0054C920  |. 8955 A0        |MOV DWORD PTR SS:[EBP-60],EDX
0054C923  |. 8B85 04FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-FC]
0054C929  |. 0FBF40 26      |MOVSX EAX,WORD PTR DS:[EAX+26]
0054C92D  |. 33C9           |XOR ECX,ECX
0054C92F  |. BA 0C000000    |MOV EDX,0C
0054C934  |. F7E2           |MUL EDX
0054C936  |. 0F90C1         |SETO CL
0054C939  |. F7D9           |NEG ECX
0054C93B  |. 0BC8           |OR ECX,EAX
0054C93D  |. 51             |PUSH ECX
0054C93E  |. E8 AFFA4700    |CALL main_no_.009CC3F2
0054C943  |. 83C4 04        |ADD ESP,4
0054C946  |. 8985 18FFFFFF  |MOV DWORD PTR SS:[EBP-E8],EAX
0054C94C  |. 8B85 70FFFFFF  |MOV EAX,DWORD PTR SS:[EBP-90]
0054C952  |. 8B8D 18FFFFFF  |MOV ECX,DWORD PTR SS:[EBP-E8]
0054C958  |. 8948 24        |MOV DWORD PTR DS:[EAX+24],ECX
0054C95B  |. C785 6CFFFFFF >|MOV DWORD PTR SS:[EBP-94],0
0054C965  |. EB 0F          |JMP SHORT main_no_.0054C976
0054C967  |> 8B95 6CFFFFFF  |/MOV EDX,DWORD PTR SS:[EBP-94]
0054C96D  |. 83C2 01        ||ADD EDX,1
0054C970  |. 8995 6CFFFFFF  ||MOV DWORD PTR SS:[EBP-94],EDX
0054C976  |> 8B85 04FFFFFF  | MOV EAX,DWORD PTR SS:[EBP-FC]
0054C97C  |. 0FBF48 26      ||MOVSX ECX,WORD PTR DS:[EAX+26]
0054C980  |. 398D 6CFFFFFF  ||CMP DWORD PTR SS:[EBP-94],ECX
0054C986  |. 0F8D CC010000  ||JGE main_no_.0054CB58
0054C98C  |. 8B95 6CFFFFFF  ||MOV EDX,DWORD PTR SS:[EBP-94]
0054C992  |. 6BD2 0C        ||IMUL EDX,EDX,0C
0054C995  |. 8B85 70FFFFFF  ||MOV EAX,DWORD PTR SS:[EBP-90]
0054C99B  |. 0350 24        ||ADD EDX,DWORD PTR DS:[EAX+24]
0054C99E  |. 8995 64FFFFFF  ||MOV DWORD PTR SS:[EBP-9C],EDX
0054C9A4  |. 8B8D 6CFFFFFF  ||MOV ECX,DWORD PTR SS:[EBP-94]
0054C9AA  |. C1E1 04        ||SHL ECX,4
0054C9AD  |. 8B95 04FFFFFF  ||MOV EDX,DWORD PTR SS:[EBP-FC]
0054C9B3  |. 8B42 30        ||MOV EAX,DWORD PTR DS:[EDX+30]
0054C9B6  |. 0FBF4C08 08    ||MOVSX ECX,WORD PTR DS:[EAX+ECX+8]
0054C9BB  |. 6BC9 0C        ||IMUL ECX,ECX,0C
0054C9BE  |. 894D EC        ||MOV DWORD PTR SS:[EBP-14],ECX
0054C9C1  |. 8B95 6CFFFFFF  ||MOV EDX,DWORD PTR SS:[EBP-94]
0054C9C7  |. C1E2 04        ||SHL EDX,4
0054C9CA  |. 8B85 04FFFFFF  ||MOV EAX,DWORD PTR SS:[EBP-FC]
0054C9D0  |. 8B48 30        ||MOV ECX,DWORD PTR DS:[EAX+30]
0054C9D3  |. 0FBF5411 08    ||MOVSX EDX,WORD PTR DS:[ECX+EDX+8]
0054C9D8  |. 8995 68FFFFFF  ||MOV DWORD PTR SS:[EBP-98],EDX
0054C9DE  |. 33C9           ||XOR ECX,ECX
0054C9E0  |. 8B85 68FFFFFF  ||MOV EAX,DWORD PTR SS:[EBP-98]
0054C9E6  |. BA 03000000    ||MOV EDX,3
0054C9EB  |. F7E2           ||MUL EDX
0054C9ED  |. 0F90C1         ||SETO CL
0054C9F0  |. F7D9           ||NEG ECX
0054C9F2  |. 0BC8           ||OR ECX,EAX
0054C9F4  |. 33DB           ||XOR EBX,EBX
0054C9F6  |. 8BC1           ||MOV EAX,ECX
0054C9F8  |. B9 04000000    ||MOV ECX,4
0054C9FD  |. F7E1           ||MUL ECX
0054C9FF  |. 0F90C3         ||SETO BL
0054CA02  |. F7DB           ||NEG EBX
0054CA04  |. 0BD8           ||OR EBX,EAX
0054CA06  |. 53             ||PUSH EBX
0054CA07  |. E8 E6F94700    ||CALL main_no_.009CC3F2
0054CA0C  |. 83C4 04        ||ADD ESP,4
0054CA0F  |. 8985 14FFFFFF  ||MOV DWORD PTR SS:[EBP-EC],EAX
0054CA15  |. 8B95 64FFFFFF  ||MOV EDX,DWORD PTR SS:[EBP-9C]
0054CA1B  |. 8B85 14FFFFFF  ||MOV EAX,DWORD PTR SS:[EBP-EC]
0054CA21  |. 8902           ||MOV DWORD PTR DS:[EDX],EAX
0054CA23  |. 33C9           ||XOR ECX,ECX
0054CA25  |. 8B85 68FFFFFF  ||MOV EAX,DWORD PTR SS:[EBP-98]
0054CA2B  |. BA 03000000    ||MOV EDX,3
0054CA30  |. F7E2           ||MUL EDX
0054CA32  |. 0F90C1         ||SETO CL
0054CA35  |. F7D9           ||NEG ECX
0054CA37  |. 0BC8           ||OR ECX,EAX
0054CA39  |. 33DB           ||XOR EBX,EBX
0054CA3B  |. 8BC1           ||MOV EAX,ECX
0054CA3D  |. B9 04000000    ||MOV ECX,4
0054CA42  |. F7E1           ||MUL ECX
0054CA44  |. 0F90C3         ||SETO BL
0054CA47  |. F7DB           ||NEG EBX
0054CA49  |. 0BD8           ||OR EBX,EAX
0054CA4B  |. 53             ||PUSH EBX
0054CA4C  |. E8 A1F94700    ||CALL main_no_.009CC3F2
0054CA51  |. 83C4 04        ||ADD ESP,4
0054CA54  |. 8985 10FFFFFF  ||MOV DWORD PTR SS:[EBP-F0],EAX
0054CA5A  |. 8B95 64FFFFFF  ||MOV EDX,DWORD PTR SS:[EBP-9C]
0054CA60  |. 8B85 10FFFFFF  ||MOV EAX,DWORD PTR SS:[EBP-F0]
0054CA66  |. 8942 04        ||MOV DWORD PTR DS:[EDX+4],EAX
0054CA69  |. 33C9           ||XOR ECX,ECX
0054CA6B  |. 8B85 68FFFFFF  ||MOV EAX,DWORD PTR SS:[EBP-98]
0054CA71  |. BA 04000000    ||MOV EDX,4
0054CA76  |. F7E2           ||MUL EDX
0054CA78  |. 0F90C1         ||SETO CL
0054CA7B  |. F7D9           ||NEG ECX
0054CA7D  |. 0BC8           ||OR ECX,EAX
0054CA7F  |. 33DB           ||XOR EBX,EBX
0054CA81  |. 8BC1           ||MOV EAX,ECX
0054CA83  |. B9 04000000    ||MOV ECX,4
0054CA88  |. F7E1           ||MUL ECX
0054CA8A  |. 0F90C3         ||SETO BL
0054CA8D  |. F7DB           ||NEG EBX
0054CA8F  |. 0BD8           ||OR EBX,EAX
0054CA91  |. 53             ||PUSH EBX
0054CA92  |. E8 5BF94700    ||CALL main_no_.009CC3F2
0054CA97  |. 83C4 04        ||ADD ESP,4
0054CA9A  |. 8985 0CFFFFFF  ||MOV DWORD PTR SS:[EBP-F4],EAX
0054CAA0  |. 8B95 64FFFFFF  ||MOV EDX,DWORD PTR SS:[EBP-9C]
0054CAA6  |. 8B85 0CFFFFFF  ||MOV EAX,DWORD PTR SS:[EBP-F4]
0054CAAC  |. 8942 08        ||MOV DWORD PTR DS:[EDX+8],EAX
0054CAAF  |. 8B4D EC        ||MOV ECX,DWORD PTR SS:[EBP-14]
0054CAB2  |. 51             ||PUSH ECX
0054CAB3  |. 8B55 98        ||MOV EDX,DWORD PTR SS:[EBP-68]
0054CAB6  |. 0355 A0        ||ADD EDX,DWORD PTR SS:[EBP-60]
0054CAB9  |. 52             ||PUSH EDX
0054CABA  |. 8B85 64FFFFFF  ||MOV EAX,DWORD PTR SS:[EBP-9C]
0054CAC0  |. 8B08           ||MOV ECX,DWORD PTR DS:[EAX]
0054CAC2  |. 51             ||PUSH ECX
0054CAC3  |. E8 980F4800    ||CALL main_no_.009CDA60
0054CAC8  |. 83C4 0C        ||ADD ESP,0C
0054CACB  |. 8B55 A0        ||MOV EDX,DWORD PTR SS:[EBP-60]
0054CACE  |. 0355 EC        ||ADD EDX,DWORD PTR SS:[EBP-14]
0054CAD1  |. 8955 A0        ||MOV DWORD PTR SS:[EBP-60],EDX
0054CAD4  |. 8B45 EC        ||MOV EAX,DWORD PTR SS:[EBP-14]
0054CAD7  |. 50             ||PUSH EAX
0054CAD8  |. 8B4D 98        ||MOV ECX,DWORD PTR SS:[EBP-68]
0054CADB  |. 034D A0        ||ADD ECX,DWORD PTR SS:[EBP-60]
0054CADE  |. 51             ||PUSH ECX
0054CADF  |. 8B95 64FFFFFF  ||MOV EDX,DWORD PTR SS:[EBP-9C]
0054CAE5  |. 8B42 04        ||MOV EAX,DWORD PTR DS:[EDX+4]
0054CAE8  |. 50             ||PUSH EAX
0054CAE9  |. E8 720F4800    ||CALL main_no_.009CDA60
0054CAEE  |. 83C4 0C        ||ADD ESP,0C
0054CAF1  |. 8B4D A0        ||MOV ECX,DWORD PTR SS:[EBP-60]
0054CAF4  |. 034D EC        ||ADD ECX,DWORD PTR SS:[EBP-14]
0054CAF7  |. 894D A0        ||MOV DWORD PTR SS:[EBP-60],ECX
0054CAFA  |. C785 60FFFFFF >||MOV DWORD PTR SS:[EBP-A0],0
0054CB04  |. EB 0F          ||JMP SHORT main_no_.0054CB15
0054CB06  |> 8B95 60FFFFFF  ||/MOV EDX,DWORD PTR SS:[EBP-A0]
0054CB0C  |. 83C2 01        |||ADD EDX,1
0054CB0F  |. 8995 60FFFFFF  |||MOV DWORD PTR SS:[EBP-A0],EDX
0054CB15  |> 8B85 60FFFFFF  || MOV EAX,DWORD PTR SS:[EBP-A0]
0054CB1B  |. 3B85 68FFFFFF  |||CMP EAX,DWORD PTR SS:[EBP-98]
0054CB21  |. 7D 30          |||JGE SHORT main_no_.0054CB53
0054CB23  |. 8B8D 60FFFFFF  |||MOV ECX,DWORD PTR SS:[EBP-A0]
0054CB29  |. C1E1 04        |||SHL ECX,4
0054CB2C  |. 8B95 64FFFFFF  |||MOV EDX,DWORD PTR SS:[EBP-9C]
0054CB32  |. 034A 08        |||ADD ECX,DWORD PTR DS:[EDX+8]
0054CB35  |. 51             |||PUSH ECX                              ; /Arg2
0054CB36  |. 8B85 60FFFFFF  |||MOV EAX,DWORD PTR SS:[EBP-A0]         ; |
0054CB3C  |. 6BC0 0C        |||IMUL EAX,EAX,0C                       ; |
0054CB3F  |. 8B8D 64FFFFFF  |||MOV ECX,DWORD PTR SS:[EBP-9C]         ; |
0054CB45  |. 0341 04        |||ADD EAX,DWORD PTR DS:[ECX+4]          ; |
0054CB48  |. 50             |||PUSH EAX                              ; |Arg1
0054CB49  |. E8 32C14000    |||CALL main_no_.00958C80                ; \main_no_.00958C80
0054CB4E  |. 83C4 08        |||ADD ESP,8
0054CB51  |.^EB B3          ||\JMP SHORT main_no_.0054CB06
0054CB53  |>^E9 0FFEFFFF    |\JMP main_no_.0054C967
0054CB58  |>^E9 29FDFFFF    \JMP main_no_.0054C886
0054CB5D  |> 8B55 98        MOV EDX,DWORD PTR SS:[EBP-68]
0054CB60  |. 8995 08FFFFFF  MOV DWORD PTR SS:[EBP-F8],EDX
0054CB66  |. 8B85 08FFFFFF  MOV EAX,DWORD PTR SS:[EBP-F8]
0054CB6C  |. 50             PUSH EAX
0054CB6D  |. E8 480E4800    CALL main_no_.009CD9BA
0054CB72  |. 83C4 04        ADD ESP,4
0054CB75  |. 6A 00          PUSH 0                                   ; /Arg1 = 00000000
0054CB77  |. 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]            ; |
0054CB7D  |. E8 FE050000    CALL main_no_.0054D180                   ; \main_no_.0054D180
0054CB82  |. 8B8D 04FFFFFF  MOV ECX,DWORD PTR SS:[EBP-FC]
0054CB88  |. C681 FF000000 >MOV BYTE PTR DS:[ECX+FF],1
0054CB8F  |. B0 01          MOV AL,1
0054CB91  |> 8B4D F4        MOV ECX,DWORD PTR SS:[EBP-C]
0054CB94  |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
0054CB9B  |. 5B             POP EBX
0054CB9C  |. 8BE5           MOV ESP,EBP
0054CB9E  |. 5D             POP EBP
0054CB9F  \. C2 0C00        RETN 0C

I believe this is the only func needs to be reversed to be able do a BMD -> SMD converter ;) since in this call its decrypt BMD content and split it
 
Last edited:
Newbie Spellweaver
Joined
Jun 26, 2006
Messages
47
Reaction score
19
I believe this is the only func needs to be reversed to be able do a BMD -> SMD converter ;) since in this call its decrypt BMD content and split it
wrong ) this only loads a "compiled" bmd file ... wich differs a lot from a plain SMD file, if you want a true BMD<->SMD converter better research the loading of a SMD file into main.exe
 
NN - Nord & Noob
Loyal Member
Joined
Jul 15, 2004
Messages
1,207
Reaction score
689
maybe im wrong, but i started reverse this func be cause it is where main.exe loads
BMD and SMD. Depending on file hdrs flags its decrypt content or simply split it into parts.. the only func where main.exe loads them ;))
Code:
   if (Hdr.EncFlag = $C) then
    DecryptBMD(TestBuffer);
 
Last edited:
Junior Spellweaver
Joined
Jun 10, 2006
Messages
136
Reaction score
100
maybe im wrong, but i started reverse this func be cause it is where main.exe loads
BMD and SMD. Depending on file hdrs flags its decrypt content or simply split it into parts.. the only func where main.exe loads them ;))
Code:
   if (Hdr.EncFlag = $C) then
    DecryptBMD(TestBuffer);

Yes is the only one function that main uses to load bmd, but if you reasearch better you will see other functions near that who's not used, but have a good pointer to begin...
 
NN - Nord & Noob
Loyal Member
Joined
Jul 15, 2004
Messages
1,207
Reaction score
689
i dont see point reverse whole class of it, i need only decrypted content and know structure of main.exe where its load decrypted BMD ;)
After it, i see no problem 2do BMD <-> Whateva converter!

If u wanna reverse whole class u can use ReClass by Drunken Cheatah ;)
 
Junior Spellweaver
Joined
Jun 10, 2006
Messages
136
Reaction score
100
You need to know how main fix the hex values mauka... The content inside of bmd have to be fixed or you will got problems in conversion...

Thanks for the program, but i use brain to do the decompilation, of course, olly too XD
 
Last edited:
NN - Nord & Noob
Loyal Member
Joined
Jul 15, 2004
Messages
1,207
Reaction score
689
Ah.. so thats why i cant find float and other poop values... so its crypted or compressed or whatever.

at last i know that no point reversing next func @00958C80 xD
 
Hybrid
Loyal Member
Joined
Mar 15, 2006
Messages
451
Reaction score
285


haven't finished it :D
it doesn't have any ui, just classes
when i used it long ago everything worked perfect bmd <-> smd

may be will be useful, and someone will bring it alive =)
 

Attachments

You must be registered for see attachments list
Back
Top