.text:00401000                   ; ===========================================================================
.text:00401000
.text:00401000                   ; Segment type: Pure code
.text:00401000                   ; Segment permissions: Read/Execute
.text:00401000                   _text           segment para public 'CODE' use32
.text:00401000                                   assume cs:_text
.text:00401000                                   ;org 401000h
.text:00401000                                   assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
.text:00401000
.text:00401000                   loc_401000:                             ; CODE XREF: .text:00403DA4
.text:00401000 83 DA 66                          sbb     edx, 66h
.text:00401003 28 D1                             sub     cl, dl
.text:00401005 C6 05 5C 71 40 00+                mov     byte_40715C, 0F7h
.text:0040100C 01 05 F3 71 40 00                 add     dword ptr unk_4071F3, eax
.text:00401012 01 05 0F 71 40 00                 add     dword_40710E+1, eax
.text:00401018 00 E2                             add     dl, ah
.text:0040101A 29 1D EC 71 40 00                 sub     dword_4071E9+3, ebx
.text:00401020 88 2D 8E 70 40 00                 mov     byte ptr dword_40708D+1, ch
.text:00401026 C6 05 BB 70 40 00+                mov     byte ptr dword_4070BB, 0ADh
.text:0040102D 29 3D 39 70 40 00                 sub     dword ptr unk_407039, edi
.text:00401033 11 15 A8 71 40 00                 adc     dword ptr byte_4071A8, edx
.text:00401039 8A 15 A8 71 40 00                 mov     dl, byte_4071A8
.text:0040103F 31 3D 06 70 40 00                 xor     dword_407005+1, edi
.text:00401045 83 C2 A6                          add     edx, 0FFFFFFA6h
.text:00401048 83 E1 38                          and     ecx, 38h
.text:0040104B 01 1D B7 71 40 00                 add     dword ptr unk_4071B7, ebx
.text:00401051 C6 05 7E 71 40 00+                mov     byte_40717E, 2Ah
.text:00401058 6A 01                             push    1               ; sera dépilé plus bas avant un test pipeau
.text:0040105A 8B 35 50 71 40 00                 mov     esi, dword_40714F+1
.text:00401060 83 D7 4E                          adc     edi, 4Eh
.text:00401063 89 1D 17 70 40 00                 mov     dword ptr byte_407017, ebx
.text:00401069 8B 3D 21 71 40 00                 mov     edi, dword ptr unk_407121
.text:0040106F 8B 0D F5 71 40 00                 mov     ecx, dword ptr byte_4071F5
.text:00401075 29 15 E4 70 40 00                 sub     dword_4070E2+2, edx
.text:0040107B 83 C3 A4                          add     ebx, 0FFFFFFA4h
.text:0040107E 00 E8                             add     al, ch
.text:00401080 89 3D 96 71 40 00                 mov     dword_407194+2, edi
.text:00401086 19 05 9F 71 40 00                 sbb     dword_40719E+1, eax
.text:0040108C 8B 0D 9A 70 40 00                 mov     ecx, dword ptr unk_40709A
.text:00401092 8B 35 22 71 40 00                 mov     esi, dword_407122
.text:00401098 8B 15 62 70 40 00                 mov     edx, dword_40705F+3
.text:0040109E 83 C6 4D                          add     esi, 4Dh
.text:004010A1 C6 05 9E 70 40 00+                mov     byte_40709E, 5Bh
.text:004010A8 C6 05 05 71 40 00+                mov     byte ptr dword_407105, 3Ch
.text:004010AF
.text:004010AF                   loc_4010AF:                             ; CODE XREF: .text:004010FD
.text:004010AF 68 E8 03 00 00                    push    3E8h            ; On attend une seconde
.text:004010B4 6A FF                             push    0FFFFFFFFh      ; -1 = INVALID_HANDLE_VALUE = le pseudo-handle du process courant
.text:004010B6 8D 3D 1C 51 40 00                 lea     edi, WaitForSingleObject
.text:004010BC FF 17                             call    dword ptr [edi]
.text:004010BE 08 35 CC 70 40 00                 or      byte ptr dword_4070CB+1, dh
.text:004010C4 8B 1D 14 70 40 00                 mov     ebx, dword_407011+3
.text:004010CA 31 05 14 71 40 00                 xor     dword_407113+1, eax
.text:004010D0 89 15 92 71 40 00                 mov     dword ptr unk_407192, edx
.text:004010D6 01 F2                             add     edx, esi
.text:004010D8 00 CC                             add     ah, cl
.text:004010DA 8B 3D 31 71 40 00                 mov     edi, dword_407130+1
.text:004010E0 29 C6                             sub     esi, eax
.text:004010E2 01 D8                             add     eax, ebx
.text:004010E4 30 CA                             xor     dl, cl
.text:004010E6 01 F0                             add     eax, esi
.text:004010E8 01 CA                             add     edx, ecx
.text:004010EA C6 05 10 71 40 00+                mov     byte ptr dword_40710E+2, 0FCh
.text:004010F1 00 FB                             add     bl, bh
.text:004010F3 31 FA                             xor     edx, edi
.text:004010F5 A1 49 70 40 00                    mov     eax, dword_407047+2
.text:004010FA FF 0C 24                          dec     dword ptr [esp] ; On décrémente le DWORD pointé par ESP (ie le "push 1" en0x401058)
.text:004010FD 75 B0                             jnz     short loc_4010AF ; Si < 0, on retourne attendre, mais comme le DWORD pointé par ESP
.text:004010FD                                                            ; est forcément maintenant identique à 0, on continue...
.text:004010FF 83 E2 B0                          and     edx, 0FFFFFFB0h
.text:00401102 83 F1 A1                          xor     ecx, 0FFFFFFA1h
.text:00401105 C6 05 29 71 40 00+                mov     byte_407129, 0D6h
.text:0040110C 83 DB B7                          sbb     ebx, 0FFFFFFB7h
.text:0040110F A1 5F 71 40 00                    mov     eax, dword_40715D+2
.text:00401114 82 CE 21                          or      dh, 21h
.text:00401117 C6 05 1D 70 40 00+                mov     byte ptr dword_40701A+3, 2
.text:0040111E 83 E0 C0                          and     eax, 0FFFFFFC0h
.text:00401121 C6 05 28 70 40 00+                mov     byte_407028, 6Fh
.text:00401128 11 CB                             adc     ebx, ecx
.text:0040112A C6 05 15 70 40 00+                mov     byte ptr unk_407015, 31h
.text:00401131 83 DE F9                          sbb     esi, 0FFFFFFF9h
.text:00401134 00 F9                             add     cl, bh
.text:00401136 29 0D 64 71 40 00                 sub     dword_407162+2, ecx
.text:0040113C 83 C7 E8                          add     edi, 0FFFFFFE8h
.text:0040113F 8A 15 BB 70 40 00                 mov     dl, byte ptr dword_4070BB
.text:00401145 01 FA                             add     edx, edi
.text:00401147 09 05 94 71 40 00                 or      dword_407194, eax
.text:0040114D 8B 3D F5 71 40 00                 mov     edi, dword ptr byte_4071F5
.text:00401153 09 0D C6 70 40 00                 or      dword_4070C3+3, ecx
.text:00401159 83 C4 04                          add     esp, 4          ; On corrige la pile : on vire le 1 qu'on avait poussé plus haut pour rigoler
.text:0040115C 19 1D 34 71 40 00                 sbb     dword_407134, ebx
.text:00401162 83 C1 B6                          add     ecx, 0FFFFFFB6h
.text:00401165 18 35 8C 70 40 00                 sbb     byte_40708C, dh
.text:0040116B C6 05 1F 70 40 00+                mov     byte ptr dword_40701E+1, 3Ah
.text:00401172 83 CF 17                          or      edi, 17h
.text:00401175 83 C0 CA                          add     eax, 0FFFFFFCAh 
.text:00401178 29 CE                             sub     esi, ecx
.text:0040117A 8B 3D AE 70 40 00                 mov     edi, dword_4070AC+2
.text:00401180 C6 05 39 70 40 00+                mov     byte ptr unk_407039, 56h
.text:00401187 C6 05 27 71 40 00+                mov     byte_407127, 0E3h
.text:0040118E 8B 3D 43 70 40 00                 mov     edi, dword ptr byte_407043
.text:00401194 A1 0E 70 40 00                    mov     eax, dword_40700B+3
.text:00401199 29 D6                             sub     esi, edx
.text:0040119B 8B 15 56 70 40 00                 mov     edx, dword_407055+1
.text:004011A1 19 15 F1 71 40 00                 sbb     dword ptr byte_4071F1, edx
.text:004011A7 83 DF 03                          sbb     edi, 3
.text:004011AA 83 EF 60                          sub     edi, 60h
.text:004011AD 83 E8 E2                          sub     eax, 0FFFFFFE2h
.text:004011B0 A3 25 71 40 00                    mov     dword_407122+3, eax
.text:004011B5 8D 15 10 72 40 00                 lea     edx, aKernel32_dll ; EDX pointe sur "Kernel32.dll"
.text:004011BB 01 1D B3 71 40 00                 add     dword_4071B3, ebx
.text:004011C1 C6 05 90 70 40 00+                mov     byte ptr dword_40708D+3, 27h
.text:004011C8 89 0D B3 70 40 00                 mov     dword_4070B2+1, ecx
.text:004011CE 29 C6                             sub     esi, eax
.text:004011D0 31 35 BA 71 40 00                 xor     dword_4071B9+1, esi
.text:004011D6 01 DF                             add     edi, ebx
.text:004011D8 83 C0 9B                          add     eax, 0FFFFFF9Bh
.text:004011DB 83 E7 80                          and     edi, 0FFFFFF80h
.text:004011DE 83 D9 00                          sbb     ecx, 0
.text:004011E1 C6 05 75 70 40 00+                mov     byte_407075, 0ADh
.text:004011E8 C6 05 38 71 40 00+                mov     byte ptr dword_407138, 0FFh
.text:004011EF C6 05 23 71 40 00+                mov     byte ptr dword_407122+1, 65h
.text:004011F6 29 35 4B 71 40 00                 sub     dword_407149+2, esi
.text:004011FC 18 C0                             sbb     al, al
.text:004011FE 00 1D 21 70 40 00                 add     byte ptr dword_40701E+3, bl
.text:00401204 83 C1 B6                          add     ecx, 0FFFFFFB6h
.text:00401207 83 F7 8D                          xor     edi, 0FFFFFF8Dh
.text:0040120A 83 E1 80                          and     ecx, 0FFFFFF80h
.text:0040120D 52                                push    edx             ; On empile le pointeur sur "Kernel32.dll"
.text:0040120E 01 D7                             add     edi, edx
.text:00401210 01 D3                             add     ebx, edx
.text:00401212 82 E5 B5                          and     ch, 0B5h
.text:00401215 01 C9                             add     ecx, ecx
.text:00401217 31 05 CF 70 40 00                 xor     dword ptr byte_4070CF, eax
.text:0040121D 83 DE A9                          sbb     esi, 0FFFFFFA9h
.text:00401220 29 FA                             sub     edx, edi
.text:00401222 19 F1                             sbb     ecx, esi
.text:00401224 83 D1 08                          adc     ecx, 8
.text:00401227 83 C1 74                          add     ecx, 74h
.text:0040122A 09 15 CF 71 40 00                 or      dword ptr byte_4071CF, edx
.text:00401230 C6 05 F3 71 40 00+                mov     byte ptr unk_4071F3, 56h
.text:00401237 82 E2 CD                          and     dl, 0CDh
.text:0040123A 31 C6                             xor     esi, eax
.text:0040123C A1 D3 70 40 00                    mov     eax, dword ptr unk_4070D3
.text:00401241 8B 35 38 51 40 00                 mov     esi, ds:GetModuleHandleA
.text:00401247 FF D6                             call    esi ; GetModuleHandleA ; Et on va chercher le handle de Kernel32.dll
.text:00401249 50                                push    eax             ; On sauve la réponse...
.text:0040124A 5B                                pop     ebx             ; ...dans EBX
.text:0040124B 8B 0D E5 71 40 00                 mov     ecx, dword ptr byte_4071E5
.text:00401251 8B 35 C0 71 40 00                 mov     esi, dword_4071BD+3
.text:00401257 11 C1                             adc     ecx, eax
.text:00401259 A1 F3 70 40 00                    mov     eax, dword ptr byte_4070F3
.text:0040125E 01 D1                             add     ecx, edx
.text:00401260 31 15 43 70 40 00                 xor     dword ptr byte_407043, edx
.text:00401266 11 0D 30 70 40 00                 adc     dword_40702D+3, ecx
.text:0040126C 83 C7 62                          add     edi, 62h
.text:0040126F C6 05 CA 70 40 00+                mov     byte ptr dword_4070C7+3, 2Dh
.text:00401276 C6 05 98 70 40 00+                mov     byte ptr dword_407096+2, 98h
.text:0040127D 19 0D DB 71 40 00                 sbb     dword_4071DA+1, ecx
.text:00401283 19 CE                             sbb     esi, ecx
.text:00401285 89 3D 02 71 40 00                 mov     dword ptr byte_407102, edi
.text:0040128B 89 0D B2 71 40 00                 mov     dword_4071AF+3, ecx
.text:00401291 83 F0 7E                          xor     eax, 7Eh
.text:00401294 29 15 1A 70 40 00                 sub     dword_40701A, edx
.text:0040129A 8A 0D AD 70 40 00                 mov     cl, byte ptr dword_4070AC+1
.text:004012A0 21 15 81 70 40 00                 and     dword_407080+1, edx
.text:004012A6 89 1D 08 72 40 00                 mov     hKernel32dll, ebx ; On met le handle sur Kernel32 au chaud
.text:004012AC 83 C8 AC                          or      eax, 0FFFFFFACh
.text:004012AF 8B 3D 4E 70 40 00                 mov     edi, dword_40704C+2
.text:004012B5 10 35 24 70 40 00                 adc     byte ptr dword_407024, dh
.text:004012BB 29 35 4C 70 40 00                 sub     dword_40704C, esi
.text:004012C1 29 C2                             sub     edx, eax
.text:004012C3 11 D0                             adc     eax, edx
.text:004012C5 21 15 5D 70 40 00                 and     dword_40705A+3, edx
.text:004012CB 28 E0                             sub     al, ah
.text:004012CD 8B 0D 02 71 40 00                 mov     ecx, dword ptr byte_407102
.text:004012D3 01 C9                             add     ecx, ecx
.text:004012D5 8B 35 37 70 40 00                 mov     esi, dword_407035+2
.text:004012DB 19 C1                             sbb     ecx, eax
.text:004012DD C6 05 E5 70 40 00+                mov     byte ptr dword_4070E2+3, 94h
.text:004012E4 83 E7 81                          and     edi, 0FFFFFF81h
.text:004012E7 19 C6                             sbb     esi, eax
.text:004012E9 01 C6                             add     esi, eax
.text:004012EB A1 F3 70 40 00                    mov     eax, dword ptr byte_4070F3
.text:004012F0 29 0D 8C 71 40 00                 sub     dword ptr unk_40718C, ecx
.text:004012F6 31 05 D9 70 40 00                 xor     dword_4070D7+2, eax
.text:004012FC 83 C3 3C                          add     ebx, 3Ch        ; EBX va pointer vers le header PE de kernel32 (DOS Header + 0x3C)
.text:004012FF 83 E1 64                          and     ecx, 64h
.text:00401302 8A 0D E3 70 40 00                 mov     cl, byte ptr dword_4070E2+1
.text:00401308 8B 15 E1 70 40 00                 mov     edx, dword ptr unk_4070E1
.text:0040130E C6 05 6E 70 40 00+                mov     byte ptr dword_40706E, 0D8h
.text:00401315 19 0D 65 71 40 00                 sbb     dword_407162+3, ecx
.text:0040131B 30 05 61 71 40 00                 xor     byte_407161, al
.text:00401321 19 C6                             sbb     esi, eax
.text:00401323 01 CA                             add     edx, ecx
.text:00401325 C6 05 68 71 40 00+                mov     byte ptr dword_407166+2, 7Fh
.text:0040132C 29 05 85 71 40 00                 sub     dword_407184+1, eax
.text:00401332 8B 35 8E 71 40 00                 mov     esi, dword_40718D+1
.text:00401338 C6 05 F2 70 40 00+                mov     byte_4070F2, 40h
.text:0040133F C6 05 86 71 40 00+                mov     byte ptr dword_407184+2, 8Dh
.text:00401346 83 CE 5C                          or      esi, 5Ch
.text:00401349 88 15 CF 70 40 00                 mov     byte_4070CF, dl
.text:0040134F C6 05 60 71 40 00+                mov     byte ptr dword_40715D+3, 9Dh
.text:00401356 01 F9                             add     ecx, edi
.text:00401358 82 D4 16                          adc     ah, 16h
.text:0040135B 8B 1B                             mov     ebx, [ebx]      ; EBX contient maintenant l'offset du header PE de Kernel32
.text:0040135D 11 C9                             adc     ecx, ecx
.text:0040135F 29 D7                             sub     edi, edx
.text:00401361 83 DE FE                          sbb     esi, 0FFFFFFFEh
.text:00401364 01 3D 47 70 40 00                 add     dword_407047, edi
.text:0040136A C6 05 51 71 40 00+                mov     byte ptr dword_40714F+2, 8Ah
.text:00401371 C6 05 D1 70 40 00+                mov     byte_4070D1, 5Fh
.text:00401378 31 35 0D 70 40 00                 xor     dword_40700B+2, esi
.text:0040137E 29 35 1F 70 40 00                 sub     dword_40701E+1, esi
.text:00401384 C6 05 D0 71 40 00+                mov     byte ptr unk_4071D0, 3Ah
.text:0040138B 11 15 16 71 40 00                 adc     dword_407113+3, edx
.text:00401391 82 E6 67                          and     dh, 67h
.text:00401394 C6 05 7C 71 40 00+                mov     byte ptr dword_40717A+2, 33h
.text:0040139B 8A 35 D4 70 40 00                 mov     dh, byte_4070D4
.text:004013A1 C6 05 2F 71 40 00+                mov     byte_40712F, 7Bh
.text:004013A8 01 F2                             add     edx, esi
.text:004013AA C6 05 9D 70 40 00+                mov     byte_40709D, 0A3h
.text:004013B1 03 1D 08 72 40 00                 add     ebx, hKernel32dll ; EBX pointe maintenant sur le Header PE de Kernel32.dll en mémoire
.text:004013B7 83 DE EB                          sbb     esi, 0FFFFFFEBh
.text:004013BA C6 05 35 70 40 00+                mov     byte ptr dword_407035, 86h
.text:004013C1 29 0D EB 70 40 00                 sub     dword_4070EA+1, ecx
.text:004013C7 C6 05 56 71 40 00+                mov     byte ptr unk_407156, 58h
.text:004013CE C6 05 9E 71 40 00+                mov     byte ptr dword_40719E, 3Ch
.text:004013D5 8B 35 74 70 40 00                 mov     esi, dword ptr unk_407074
.text:004013DB 83 E0 E7                          and     eax, 0FFFFFFE7h
.text:004013DE 83 C0 9C                          add     eax, 0FFFFFF9Ch
.text:004013E1 C6 05 82 71 40 00+                mov     byte_407182, 4Eh
.text:004013E8 83 D2 87                          adc     edx, 0FFFFFF87h
.text:004013EB C6 05 86 70 40 00+                mov     byte ptr dword_407086, 0F0h
.text:004013F2 8B 15 95 71 40 00                 mov     edx, dword_407194+1
.text:004013F8 29 CF                             sub     edi, ecx
.text:004013FA 8B 0D 22 70 40 00                 mov     ecx, dword ptr byte_407022
.text:00401400 29 CA                             sub     edx, ecx
.text:00401402 83 D6 8A                          adc     esi, 0FFFFFF8Ah
.text:00401405 C6 05 A2 71 40 00+                mov     byte ptr dword_4071A2, 32h
.text:0040140C C6 05 43 71 40 00+                mov     byte ptr dword_407142+1, 6Eh
.text:00401413 83 F0 6A                          xor     eax, 6Ah
.text:00401416 11 35 92 71 40 00                 adc     dword ptr unk_407192, esi
.text:0040141C 81 C3 A4 00 00 00                 add     ebx, 0A4h       ; EBX va pointer 164 octets après le début de la signature 'PE'. Donc a priori sur la taille de la table de relocation de kernel32 ???
.text:00401422 19 CE                             sbb     esi, ecx
.text:00401424 11 35 17 71 40 00                 adc     dword_407117, esi
.text:0040142A C6 05 B3 70 40 00+                mov     byte ptr dword_4070B2+1, 0C2h
.text:00401431 C6 05 C2 71 40 00+                mov     byte ptr dword_4071C2, 67h
.text:00401438 8B 3D 41 71 40 00                 mov     edi, dword_40713E+3
.text:0040143E 11 05 3E 71 40 00                 adc     dword_40713E, eax
.text:00401444 8A 2D 9C 71 40 00                 mov     ch, byte ptr dword_40719A+2
.text:0040144A 83 EE FB                          sub     esi, 0FFFFFFFBh
.text:0040144D 19 35 18 71 40 00                 sbb     dword_407117+1, esi
.text:00401453 28 EE                             sub     dh, ch
.text:00401455 8B 35 26 71 40 00                 mov     esi, dword ptr byte_407126
.text:0040145B 19 0D 58 71 40 00                 sbb     dword_407158, ecx
.text:00401461 11 0D B9 71 40 00                 adc     dword_4071B9, ecx
.text:00401467 8A 35 72 71 40 00                 mov     dh, byte ptr dword_407170+2
.text:0040146D 30 CD                             xor     ch, cl
.text:0040146F 82 C6 56                          add     dh, 56h
.text:00401472 66 81 FD 00 FE                    cmp     bp, 0FE00h
.text:00401477 0F 82 38 29 00 00                 jb      endProc         ; Là on s'en va pour de vrai... Critère = valeur de BP. Pourquoi ?
.text:00401477                                                           ; [A CREUSER]
.text:0040147D 81 3B 00 60 00 00                 cmp     dword ptr [ebx], 6000h ; On compare la taille de la table de relocation de Kernel32 avec la valeur 0x6000.
.text:0040147D                                                           ; Si la taille de la table est inférieure, on va s'en aller... pourquoi ?
.text:0040147D                                                           ; [A CREUSER]
.text:00401483 0F 87 4D 14 00 00                 ja      DecodageProc    ; Là on se dit qu'on va aller déchiffrer des trucs...
.text:00401489 29 C0                             sub     eax, eax
.text:0040148B C6 05 13 70 40 00+                mov     byte ptr dword_407011+2, 45h
.text:00401492 31 35 CD 71 40 00                 xor     dword ptr byte_4071CD, esi
.text:00401498 C6 05 B1 70 40 00+                mov     byte_4070B1, 3Eh
.text:0040149F 09 0D 78 70 40 00                 or      dword_407076+2, ecx
.text:004014A5 C6 05 D4 70 40 00+                mov     byte_4070D4, 0AEh
.text:004014AC 21 1D 6B 71 40 00                 and     dword_40716B, ebx
.text:004014B2 21 35 7E 70 40 00                 and     dword_40707B+3, esi
.text:004014B8 83 DB 04                          sbb     ebx, 4
.text:004014BB 89 1D D7 71 40 00                 mov     dword_4071D5+2, ebx
.text:004014C1 8A 0D 5F 70 40 00                 mov     cl, byte ptr dword_40705F
.text:004014C7 21 15 49 70 40 00                 and     dword_407047+2, edx
.text:004014CD 8A 3D 46 71 40 00                 mov     bh, byte_407146
.text:004014D3 83 E0 A3                          and     eax, 0FFFFFFA3h
.text:004014D6 31 FB                             xor     ebx, edi
.text:004014D8 8D 35 46 63 EB 77                 lea     esi, ds:77EB6346h
.text:004014DE 83 E8 9C                          sub     eax, 0FFFFFF9Ch
.text:004014E1 00 2D 36 70 40 00                 add     byte ptr dword_407035+1, ch
.text:004014E7 83 E7 38                          and     edi, 38h
.text:004014EA 8B 15 FF 70 40 00                 mov     edx, dword_4070FD+2
.text:004014F0 19 3D 43 71 40 00                 sbb     dword_407142+1, edi
.text:004014F6 82 C3 77                          add     bl, 77h
.text:004014F9 83 C9 28                          or      ecx, 28h
.text:004014FC C6 05 A2 71 40 00+                mov     byte ptr dword_4071A2, 5Dh
.text:00401503 09 15 66 71 40 00                 or      dword_407166, edx
.text:00401509 8A 3D 73 71 40 00                 mov     bh, byte ptr dword_407170+3
.text:0040150F C6 05 C8 70 40 00+                mov     byte ptr dword_4070C7+1, 0ACh
.text:00401516 8B 3D AC 70 40 00                 mov     edi, dword_4070AC
.text:0040151C 19 D1                             sbb     ecx, edx
.text:0040151E 01 C1                             add     ecx, eax
.text:00401520 83 D8 74                          sbb     eax, 74h
.text:00401523 8B 1D 41 70 40 00                 mov     ebx, dword ptr unk_407041
.text:00401529 81 EE 91 25 AB 77                 sub     esi, 77AB2591h  ; ESI = 0x403DB5 (0x77EB6346-0x77AB2591)=> adresse d'une fin de fonction !
.text:0040152F 8B 15 A7 71 40 00                 mov     edx, dword ptr unk_4071A7
.text:00401535 20 35 4C 70 40 00                 and     byte ptr dword_40704C, dh
.text:0040153B 83 F2 6B                          xor     edx, 6Bh
.text:0040153E 83 EF 4C                          sub     edi, 4Ch
.text:00401541 C6 05 78 70 40 00+                mov     byte ptr dword_407076+2, 0C3h
.text:00401548 8B 1D DA 71 40 00                 mov     ebx, dword_4071DA
.text:0040154E 83 CB 8C                          or      ebx, 0FFFFFF8Ch
.text:00401551 8B 3D C5 70 40 00                 mov     edi, dword_4070C3+2
.text:00401557 A1 59 70 40 00                    mov     eax, dword ptr byte_407059
.text:0040155C 8B 15 09 71 40 00                 mov     edx, dword ptr byte_407109
.text:00401562 83 E8 4A                          sub     eax, 4Ah
.text:00401565 83 C0 25                          add     eax, 25h
.text:00401568 11 0D 83 70 40 00                 adc     dword_407080+3, ecx
.text:0040156E C6 05 1A 70 40 00+                mov     byte ptr dword_40701A, 0FBh
.text:00401575 19 FF                             sbb     edi, edi
.text:00401577 89 3D F8 70 40 00                 mov     dword_4070F6+2, edi
.text:0040157D C6 05 0F 71 40 00+                mov     byte ptr dword_40710E+1, 0C9h
.text:00401584 8B 1D B3 71 40 00                 mov     ebx, dword_4071B3
.text:0040158A 83 E0 59                          and     eax, 59h
.text:0040158D 56                                push    esi             ; On empile l'adresse sur laquelle on va sauter avec le retn situé un peu plus loin... donc on ira en 0x403DB5
.text:0040158E 8B 3D 3C 70 40 00                 mov     edi, dword_40703A+2
.text:00401594 01 F3                             add     ebx, esi
.text:00401596 19 35 04 71 40 00                 sbb     dword ptr byte_407104, esi
.text:0040159C 8B 3D C7 71 40 00                 mov     edi, dword_4071C7
.text:004015A2 21 1D 14 71 40 00                 and     dword_407113+1, ebx
.text:004015A8 83 D9 E7                          sbb     ecx, 0FFFFFFE7h
.text:004015AB 01 FF                             add     edi, edi
.text:004015AD 8B 1D 08 70 40 00                 mov     ebx, dword_407005+3
.text:004015B3 8B 3D B6 71 40 00                 mov     edi, dword_4071B3+3
.text:004015B9 C6 05 5C 70 40 00+                mov     byte ptr dword_40705A+2, 19h
.text:004015C0 C6 05 AE 71 40 00+                mov     byte ptr unk_4071AE, 13h
.text:004015C7 83 F3 D3                          xor     ebx, 0FFFFFFD3h
.text:004015CA 8B 15 A9 70 40 00                 mov     edx, dword_4070A7+2
.text:004015D0 8A 1D CB 70 40 00                 mov     bl, byte ptr dword_4070CB
.text:004015D6 01 C2                             add     edx, eax
.text:004015D8 29 1D 7E 70 40 00                 sub     dword_40707B+3, ebx
.text:004015DE 19 0D A6 70 40 00                 sbb     dword ptr unk_4070A6, ecx
.text:004015E4 01 D1                             add     ecx, edx
.text:004015E6 C3                                retn
.text:004015E6                   ; ---------------------------------------------------------------------------