You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29 lines
3.4 KiB
29 lines
3.4 KiB
5 years ago
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||
|
<title>IDA - llauncher_dump.i64 (llauncher_dump.exe) C:\Users\xerox\Desktop\amlegit.com\files\llauncher\llauncher_dump.i64</title>
|
||
|
</head>
|
||
|
<body bgcolor="#ffffff">
|
||
|
<span style="white-space: pre; font-family: Consolas; color: blue; background: #ffffff">
|
||
|
|
||
|
<span style="color:black">.text:00007FF7D93BAF36 </span><span style="color:gray">; ---------------------------------------------------------------------------
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF36 </span><span style="color:navy">lea rdx, aExportspoof </span><span style="color:gray">; "ExportSpoof"
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF3D
|
||
|
.text:00007FF7D93BAF3D </span><span style="color:navy">loc_7FF7D93BAF3D: </span><span style="color:olive">; DATA XREF: sub_7FF7D95C26CF-1AD520↓o
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF3D </span><span style="color:navy">lea rcx, hModule
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF44 </span><span style="color:navy">push get_proc_result
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF45 </span><span style="color:navy">call </span>GetProcAddress_Wrapper_3 ; GetProcAddress(InjectModuleHandle, "ExportSpoof");
|
||
|
<span style="color:black">.text:00007FF7D93BAF4A </span><span style="color:navy">mov export_spoof_addr, get_proc_result
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF4D </span><span style="color:navy">test get_proc_result, get_proc_result
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF50 </span><span style="color:navy">jnz short loc_7FF7D93BAF7A </span>; if(!GetProcAddress(InjectModuleHandle, "ExportSpoof"))
|
||
|
<span style="color:black">.text:00007FF7D93BAF52 </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF56 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF5A </span><span style="color:navy">lea edx, [export_spoof_addr+</span><span style="color:green">15h</span><span style="color:navy">]
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF5D </span><span style="color:navy">lea rcx, aFailedToGetExp </span><span style="color:gray">; "Failed to get exports"
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF64 </span><span style="color:navy">call sub_7FF7D951A927
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF69 </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
|
||
|
<span style="color:black">.text:00007FF7D93BAF6A </span><span style="color:gray">; ---------------------------------------------------------------------------
|
||
|
</span><span style="color:black">.text:00007FF7D93BAF6A </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
|
||
|
</span></body></html>
|