You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

29 lines
3.4 KiB

5 years ago
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>IDA - llauncher_dump.i64 (llauncher_dump.exe) C:\Users\xerox\Desktop\amlegit.com\files\llauncher\llauncher_dump.i64</title>
</head>
<body bgcolor="#ffffff">
<span style="white-space: pre; font-family: Consolas; color: blue; background: #ffffff">
<span style="color:black">.text:00007FF7D93BAF36 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAF36 </span><span style="color:navy">lea rdx, aExportspoof </span><span style="color:gray">; &quot;ExportSpoof&quot;
</span><span style="color:black">.text:00007FF7D93BAF3D
.text:00007FF7D93BAF3D </span><span style="color:navy">loc_7FF7D93BAF3D: </span><span style="color:olive">; DATA XREF: sub_7FF7D95C26CF-1AD520↓o
</span><span style="color:black">.text:00007FF7D93BAF3D </span><span style="color:navy">lea rcx, hModule
</span><span style="color:black">.text:00007FF7D93BAF44 </span><span style="color:navy">push get_proc_result
</span><span style="color:black">.text:00007FF7D93BAF45 </span><span style="color:navy">call </span>GetProcAddress_Wrapper_3 ; GetProcAddress(InjectModuleHandle, &quot;ExportSpoof&quot;);
<span style="color:black">.text:00007FF7D93BAF4A </span><span style="color:navy">mov export_spoof_addr, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAF4D </span><span style="color:navy">test get_proc_result, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAF50 </span><span style="color:navy">jnz short loc_7FF7D93BAF7A </span>; if(!GetProcAddress(InjectModuleHandle, &quot;ExportSpoof&quot;))
<span style="color:black">.text:00007FF7D93BAF52 </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAF56 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAF5A </span><span style="color:navy">lea edx, [export_spoof_addr+</span><span style="color:green">15h</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAF5D </span><span style="color:navy">lea rcx, aFailedToGetExp </span><span style="color:gray">; &quot;Failed to get exports&quot;
</span><span style="color:black">.text:00007FF7D93BAF64 </span><span style="color:navy">call sub_7FF7D951A927
</span><span style="color:black">.text:00007FF7D93BAF69 </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BAF6A </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAF6A </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span></body></html>