diff --git a/CodeVirtualizer/Assembly.asm b/CodeVirtualizer/Assembly.asm index 92a1eb8..6bc72a9 100644 --- a/CodeVirtualizer/Assembly.asm +++ b/CodeVirtualizer/Assembly.asm @@ -1,4 +1,21 @@ .CODE +RetNum PROC + XOR EAX,EAX +ContinueLoop: + ADD RAX,1 + SUB RCX,1 + ADD RCX,1 + ADD RAX,2 + SUB RAX,2 + SUB RCX,1 + JNZ ContinueLoop + ret +RetNum ENDP + +NextFunction PROC + ret +NextFunction ENDP + END \ No newline at end of file diff --git a/CodeVirtualizer/Main.cpp b/CodeVirtualizer/Main.cpp index 7e4c23f..751b981 100644 --- a/CodeVirtualizer/Main.cpp +++ b/CodeVirtualizer/Main.cpp @@ -8,6 +8,13 @@ #include "NativeCode.h" #include "Obfuscator.h" +VOID PrintByteArr(PVOID Buff, ULONG BufSize) +{ + for (uint32_t i = 0; i < BufSize; i++) + { + std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)((PUCHAR)Buff)[i] << ' '; + } +} PVOID MakeExecutableBuffer(PVOID Buffer, ULONG BufferSize) { @@ -64,12 +71,55 @@ UCHAR meme1[] = { 0xc3, }; +UCHAR RetNumCode[] = { + 0x33, 0xC0 + , 0x48, 0x83, 0xC0, 0x01 + , 0x48, 0x83, 0xE9, 0x01 + , 0x48, 0x83, 0xC1, 0x01 + , 0x48, 0x83, 0xC0, 0x02 + , 0x48, 0x83, 0xE8, 0x02 + , 0x48, 0x83, 0xE9, 0x01 + , 0x75, 0xE6 + , 0xC3 +}; + + +EXTERN_C ULONG64 RetNum(ULONG64 Num); + int main() { XedTablesInit(); srand(time(NULL)); - NATIVE_CODE_BLOCK Block; + + NATIVE_CODE_BLOCK RetNumBlock; + NcDisassemble(&RetNumBlock, RetNumCode, sizeof(RetNumCode)); + OBFUSCATOR Obf; + Obf.Flags = 0; + Obf.MinInstCount = 4; + Obf.GlobalBlock = &RetNumBlock; + ObfObfuscate(&Obf, &RetNumBlock); + ObfObfuscate(&Obf, &RetNumBlock); + Obf.MinInstCount = 30; + ObfObfuscate(&Obf, &RetNumBlock); + + + ULONG AsmSize; + PVOID Asm = NcAssemble(&RetNumBlock, &AsmSize); + if (!Asm) + { + printf("failed to assemble\n"); + system("pause"); + return 1; + } + PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); + typedef ULONG64(*FnRetNum)(ULONG Num); + printf("\n\nObfuscated: %llu Original: %llu\n\n", ((FnRetNum)Exec)(1776), RetNum(1776)); + PutToFile(Asm, AsmSize); + system("pause"); + + + /*NATIVE_CODE_BLOCK Block; NcDisassemble(&Block, meme1, sizeof(meme1)); OBFUSCATOR Obf; Obf.Flags = 0; @@ -90,7 +140,7 @@ int main() PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); typedef ULONG(*FnGetFour)(); printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize); - PutToFile(Asm, AsmSize); + PutToFile(Asm, AsmSize);*/ //PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1)); diff --git a/CodeVirtualizer/NativeCode.cpp b/CodeVirtualizer/NativeCode.cpp index dd5d44e..4b9015d 100644 --- a/CodeVirtualizer/NativeCode.cpp +++ b/CodeVirtualizer/NativeCode.cpp @@ -401,27 +401,38 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block) { INT32 BranchDisp = 0; if (!NcGetDeltaToLabel(T, &BranchDisp)) - return FALSE; + { + printf("\n1\n"); + return NULL; + } ULONG DispWidth = XedDecodedInstGetBranchDisplacementWidthBits(&T->XedInstruction); if (log2(abs(BranchDisp)) + 1 > DispWidth) { //duh oh if (DispWidth == 32) - return FALSE; + { + printf("\n2\n"); + return NULL; + } - //Grow displacement width to required size - DispWidth *= 2; + ////Grow displacement width to required size + //DispWidth *= 2; - //Check again - if (log2(abs(BranchDisp)) + 1 > DispWidth) - { - if (DispWidth == 32) - return FALSE; + ////Check again + //if (log2(abs(BranchDisp)) + 1 > DispWidth) + //{ + // if (DispWidth == 32) + // { + // printf("\n3\n"); + // return NULL; + // } - //Grow once more if not already at 32 - DispWidth *= 2; - } + // //Grow once more if not already at 32 + // DispWidth *= 2; + //} + + DispWidth = 32; //Encode new instruction XED_STATE MachineState; @@ -437,9 +448,17 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block) XedInst1(&EncoderInstruction, MachineState, IClass, DispWidth, XedRelBr(0, DispWidth)); XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState); if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction)) - return FALSE; - if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize)) - return FALSE; + { + printf("\n4\n"); + return NULL; + } + XED_ERROR_ENUM Err = XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize); + if (XED_ERROR_NONE != Err) + { + printf("%s %s %u \n", XedErrorEnumToString(Err), XedIClassEnumToString(IClass), DispWidth); + printf("\n5\n"); + return NULL; + } //fixup T->RawData delete[] T->RawData; @@ -450,7 +469,10 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block) //Decode instruction so its proper and all that XedDecodedInstZeroSetMode(&T->XedInstruction, &MachineState); if (XED_ERROR_NONE != XedDecode(&T->XedInstruction, T->RawData, T->RawDataSize)) - return FALSE; + { + printf("\n6\n"); + return NULL; + } //Go back to the start and loop through all labels again because now this instruction is larger :)))) T = Block->Start; diff --git a/CodeVirtualizer/Obfuscator.cpp b/CodeVirtualizer/Obfuscator.cpp index f98633e..f510f65 100644 --- a/CodeVirtualizer/Obfuscator.cpp +++ b/CodeVirtualizer/Obfuscator.cpp @@ -6,7 +6,6 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block) { ULONG InstructionCount = NcCountInstructions(Block); - printf("RECIEVED INSTRUCTION COUNT: %u\n", InstructionCount); if (InstructionCount <= Obf->MinInstCount) { @@ -16,8 +15,7 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block) ULONG TargetCount = InstructionCount / 2; ULONG CurrentCount = 0; PNATIVE_CODE_LINK NewBlockStart = Block->Start; - PNATIVE_CODE_LINK RealEnd = Block->End->Next; - for (PNATIVE_CODE_LINK T = Block->Start; T && T != RealEnd;) + for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;) { if (T->Flags & CODE_FLAG_IS_LABEL) { @@ -33,11 +31,7 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block) ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken); ObfObfuscate(Obf, &NotTaken); ObfObfuscate(Obf, &Taken); - if (!ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock))) - { - printf("FAILED TO COMBINE BRANCHES.\n"); - system("pause"); - } + ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock)); ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken); T = NotTaken.End; NewBlockStart = T->Next; diff --git a/CodeVirtualizer/x64/Debug/Assembly.lst b/CodeVirtualizer/x64/Debug/Assembly.lst index a65461c..535cd68 100644 --- a/CodeVirtualizer/x64/Debug/Assembly.lst +++ b/CodeVirtualizer/x64/Debug/Assembly.lst @@ -1,15 +1,47 @@ -Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/18/21 01:00:27 +Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/18/21 14:21:08 Assembly.asm Page 1 - 1 00000000 .CODE + 00000000 RetNum PROC + 00000000 33 C0 XOR EAX,EAX + 00000002 ContinueLoop: + 00000002 48/ 83 C0 01 ADD RAX,1 + 00000006 48/ 83 E9 01 SUB RCX,1 + 0000000A 48/ 83 C1 01 ADD RCX,1 + 0000000E 48/ 83 C0 02 ADD RAX,2 + 00000012 48/ 83 E8 02 SUB RAX,2 + 00000016 48/ 83 E9 01 SUB RCX,1 + 0000001A 75 E6 JNZ ContinueLoop + 0000001C C3 ret + 0000001D RetNum ENDP + + 0000001D NextFunction PROC + 0000001D C3 ret + 0000001E NextFunction ENDP + END - Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/18/21 01:00:27 + Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/18/21 14:21:08 Assembly.asm Symbols 2 - 1 + +Procedures, parameters, and locals: + + N a m e Type Value Attr + +NextFunction . . . . . . . . . . P 0000001D _TEXT Length= 00000001 Public +RetNum . . . . . . . . . . . . . P 00000000 _TEXT Length= 0000001D Public + ContinueLoop . . . . . . . . . L 00000002 _TEXT + + +Symbols: + + N a m e Type Value Attr + + 0 Warnings 0 Errors diff --git a/CodeVirtualizer/x64/Debug/Main.cod b/CodeVirtualizer/x64/Debug/Main.cod index 0bcb8aa..1050e2c 100644 --- a/CodeVirtualizer/x64/Debug/Main.cod +++ b/CodeVirtualizer/x64/Debug/Main.cod @@ -8,6 +8,7 @@ INCLUDELIB OLDNAMES PUBLIC ?TestBuffer@@3PAEA ; TestBuffer PUBLIC ?TestBufferSize@@3KA ; TestBufferSize PUBLIC ?meme1@@3PAEA ; meme1 +PUBLIC ?RetNumCode@@3PAEA ; RetNumCode msvcjmc SEGMENT __B2D2BA86_ctype@h DB 01H __79C7FC57_basetsd@h DB 01H @@ -87,6 +88,7 @@ __528871F3_iterator DB 01H __3E6EDFAA_iosfwd DB 01H __38038D2D_xstddef DB 01H __EE19A480_xatomic@h DB 01H +__8266A2FD_iomanip DB 01H msvcjmc ENDS _DATA SEGMENT ?TestBuffer@@3PAEA DB 048H ; TestBuffer @@ -179,6 +181,35 @@ _DATA SEGMENT DB 0c0H DB 01H DB 0c3H +?RetNumCode@@3PAEA DB 033H ; RetNumCode + DB 0c0H + DB 048H + DB 083H + DB 0c0H + DB 01H + DB 048H + DB 083H + DB 0e9H + DB 01H + DB 048H + DB 083H + DB 0c1H + DB 01H + DB 048H + DB 083H + DB 0c0H + DB 02H + DB 048H + DB 083H + DB 0e8H + DB 02H + DB 048H + DB 083H + DB 0e9H + DB 01H + DB 075H + DB 0e6H + DB 0c3H _DATA ENDS PUBLIC ?__empty_global_delete@@YAXPEAX@Z ; __empty_global_delete PUBLIC ?__empty_global_delete@@YAXPEAX_K@Z ; __empty_global_delete @@ -263,6 +294,7 @@ PUBLIC ?state@?$fpos@U_Mbstatet@@@std@@QEBA?AU_Mbstatet@@XZ ; std::fpos<_Mbstate PUBLIC ??B?$fpos@U_Mbstatet@@@std@@QEBA_JXZ ; std::fpos<_Mbstatet>::operator __int64 PUBLIC ?_Maklocwcs@std@@YAPEA_WPEB_W@Z ; std::_Maklocwcs PUBLIC ??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z ; std::_Maklocstr +PUBLIC ?hex@std@@YAAEAVios_base@1@AEAV21@@Z ; std::hex PUBLIC ??$_Fgetc@D@std@@YA_NAEADPEAU_iobuf@@@Z ; std::_Fgetc PUBLIC ??$_Fputc@D@std@@YA_NDPEAU_iobuf@@@Z ; std::_Fputc PUBLIC ??$_Ungetc@D@std@@YA_NAEBDPEAU_iobuf@@@Z ; std::_Ungetc @@ -275,6 +307,12 @@ PUBLIC ?_Tidy@?$vector@KV?$allocator@K@std@@@std@@AEAAXXZ ; std::vector >::_Getal PUBLIC ?_Get_first@?$_Compressed_pair@V?$allocator@K@std@@V?$_Vector_val@U?$_Simple_types@K@std@@@2@$00@std@@QEAAAEAV?$allocator@K@2@XZ ; std::_Compressed_pair,std::_Vector_val >,1>::_Get_first PUBLIC ??1_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::~_NATIVE_CODE_BLOCK +PUBLIC ?PrintByteArr@@YAXPEAXK@Z ; PrintByteArr +PUBLIC ??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z ; std::operator<< > +PUBLIC ??$?6DU?$char_traits@D@std@@_J@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Smanip@_J@0@@Z ; std::operator<<,__int64> +PUBLIC ??$setfill@D@std@@YA?AU?$_Fillobj@D@0@D@Z ; std::setfill +PUBLIC ??0?$_Fillobj@D@std@@QEAA@D@Z ; std::_Fillobj::_Fillobj +PUBLIC ??$?6DU?$char_traits@D@std@@D@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Fillobj@D@0@@Z ; std::operator<<,char> PUBLIC ?MakeExecutableBuffer@@YAPEAXPEAXK@Z ; MakeExecutableBuffer PUBLIC ?PutToFile@@YAXPEAXK@Z ; PutToFile PUBLIC ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ofstream >::basic_ofstream > @@ -315,6 +353,11 @@ PUBLIC ?allocate@?$allocator@U_Container_proxy@std@@@std@@QEAAPEAU_Container_pro PUBLIC ??$?0K@?$allocator@U_Container_proxy@std@@@std@@QEAA@AEBV?$allocator@K@1@@Z ; std::allocator::allocator PUBLIC ??$exchange@PEAU_Container_proxy@std@@$$T@std@@YAPEAU_Container_proxy@0@AEAPEAU10@$$QEA$$T@Z ; std::exchange PUBLIC ??$_Delete_plain_internal@V?$allocator@U_Container_proxy@std@@@std@@@std@@YAXAEAV?$allocator@U_Container_proxy@std@@@0@QEAU_Container_proxy@0@@Z ; std::_Delete_plain_internal > +PUBLIC ??0_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z ; std::basic_ostream >::_Sentry_base::_Sentry_base +PUBLIC ??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ostream >::_Sentry_base::~_Sentry_base +PUBLIC ??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z ; std::basic_ostream >::sentry::sentry +PUBLIC ??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ostream >::sentry::~sentry +PUBLIC ??Bsentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEBA_NXZ ; std::basic_ostream >::sentry::operator bool PUBLIC ??$_Alloc_proxy@V?$allocator@U_Container_proxy@std@@@std@@@_Container_base12@std@@QEAAX$$QEAV?$allocator@U_Container_proxy@std@@@1@@Z ; std::_Container_base12::_Alloc_proxy > PUBLIC ??$?0D@?$allocator@U_Container_proxy@std@@@std@@QEAA@AEBV?$allocator@D@1@@Z ; std::allocator::allocator PUBLIC ??$?0$$V@?$_Compressed_pair@V?$allocator@D@std@@V?$_String_val@U?$_Simple_types@D@std@@@2@$00@std@@QEAA@U_Zero_then_variadic_args_t@1@@Z ; std::_Compressed_pair,std::_String_val >,1>::_Compressed_pair,std::_String_val >,1><> @@ -384,8 +427,9 @@ PUBLIC ??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@ ; std::basic_filebuf PUBLIC ??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@ ; std::basic_ofstream >::`vftable' PUBLIC ??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@ ; std::basic_ofstream >::`vbtable' PUBLIC ??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@ ; `string' -PUBLIC ??_C@_0CG@GOOMLDF@Bytes?3?5?$CFu?0?5Insts?3?5?$CFu?0?5FlagsMeme@ ; `string' -PUBLIC ??_C@_0BK@MMBIMAKC@numba?5is?3?5?$CFu?5size?5is?5?$CFu?6?6@ ; `string' +PUBLIC ??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ ; `string' +PUBLIC ??_C@_05PDJBBECF@pause@ ; `string' +PUBLIC ??_C@_0CH@OKHDPAIH@?6?6Obfuscated?3?5?$CFllu?5?5?5?5Original?3@ ; `string' PUBLIC ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ ; `string' PUBLIC ??_C@_0GI@GFIDMGHH@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string' PUBLIC ??_C@_1NA@LKMCOJGD@?$AAC?$AA?3?$AA?2?$AAP?$AAr?$AAo?$AAg?$AAr?$AAa?$AAm?$AA?5?$AAF?$AAi?$AAl?$AAe@ ; `string' @@ -456,6 +500,7 @@ EXTRN __imp_wcslen:PROC EXTRN strlen:PROC EXTRN __imp_VirtualAlloc:PROC EXTRN __imp_srand:PROC +EXTRN __imp_system:PROC EXTRN __imp___acrt_iob_func:PROC EXTRN __imp__get_stream_buffer_pointers:PROC EXTRN __imp_fclose:PROC @@ -479,6 +524,7 @@ EXTRN __imp_??1_Lockit@std@@QEAA@XZ:PROC EXTRN ?_Xbad_alloc@std@@YAXXZ:PROC ; std::_Xbad_alloc EXTRN ?_Xlength_error@std@@YAXPEBD@Z:PROC ; std::_Xlength_error EXTRN ?_Xout_of_range@std@@YAXPEBD@Z:PROC ; std::_Xout_of_range +EXTRN ?uncaught_exception@std@@YA_NXZ:PROC ; std::uncaught_exception EXTRN __std_exception_copy:PROC EXTRN __std_exception_destroy:PROC EXTRN ??_Eexception@std@@UEAAPEAXI@Z:PROC ; std::exception::`vector deleting destructor' @@ -499,9 +545,15 @@ EXTRN __imp_?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPE EXTRN __imp_?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z:PROC EXTRN __imp_?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z:PROC EXTRN __imp_?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z:PROC +EXTRN __imp_?good@ios_base@std@@QEBA_NXZ:PROC +EXTRN __imp_?flags@ios_base@std@@QEBAHXZ:PROC +EXTRN __imp_?setf@ios_base@std@@QEAAHHH@Z:PROC +EXTRN __imp_?width@ios_base@std@@QEBA_JXZ:PROC +EXTRN __imp_?width@ios_base@std@@QEAA_J_J@Z:PROC EXTRN __imp_??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ:PROC EXTRN __imp_??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ:PROC EXTRN __imp_?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ:PROC +EXTRN __imp_?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z:PROC EXTRN __imp_?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ:PROC EXTRN __imp_?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ:PROC EXTRN __imp_?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ:PROC @@ -522,22 +574,29 @@ EXTRN __imp_?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@ EXTRN __imp_??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ:PROC EXTRN __imp_?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z:PROC EXTRN __imp_?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z:PROC +EXTRN __imp_?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ:PROC +EXTRN __imp_?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ:PROC +EXTRN __imp_?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ:PROC +EXTRN __imp_?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z:PROC EXTRN __imp_??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ:PROC EXTRN __imp_??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z:PROC EXTRN __imp_??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ:PROC +EXTRN __imp_?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ:PROC +EXTRN __imp_??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z:PROC +EXTRN __imp_??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z:PROC EXTRN __imp_?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z:PROC +EXTRN __imp_?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ:PROC EXTRN ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z:PROC ; std::_Fiopen EXTRN __imp__time64:PROC +EXTRN ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z:PROC ; std::setw EXTRN xed_tables_init:PROC EXTRN ??0_NATIVE_CODE_BLOCK@@QEAA@XZ:PROC ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK -EXTRN ?NcCountInstructions@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; NcCountInstructions -EXTRN ?NcCalcBlockSizeInBytes@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; NcCalcBlockSizeInBytes EXTRN ?NcDisassemble@@YAHPEAU_NATIVE_CODE_BLOCK@@PEAXK@Z:PROC ; NcDisassemble EXTRN ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z:PROC ; NcAssemble -EXTRN ?NcDebugPrint@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; NcDebugPrint EXTRN ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; ObfObfuscate EXTRN ??_E?$basic_filebuf@DU?$char_traits@D@std@@@std@@UEAAPEAXI@Z:PROC ; std::basic_filebuf >::`vector deleting destructor' EXTRN ??_E?$basic_ofstream@DU?$char_traits@D@std@@@std@@UEAAPEAXI@Z:PROC ; std::basic_ofstream >::`vector deleting destructor' +EXTRN RetNum:PROC EXTRN ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ:PROC ; std::basic_streambuf >::showmanyc EXTRN _CxxThrowException:PROC EXTRN _RTC_CheckStackVars:PROC @@ -550,6 +609,7 @@ EXTRN __GSHandlerCheck_EH4:PROC EXTRN __security_check_cookie:PROC EXTRN ??_7type_info@@6B@:BYTE ; type_info::`vftable' EXTRN __imp_?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A:QWORD +EXTRN __imp_?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A:BYTE EXTRN __security_cookie:QWORD ; COMDAT ?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA _BSS SEGMENT @@ -1063,6 +1123,12 @@ $pdata$??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z DD imagerel $LN7 pdata ENDS ; COMDAT pdata pdata SEGMENT +$pdata$?hex@std@@YAAEAVios_base@1@AEAV21@@Z DD imagerel $LN3 + DD imagerel $LN3+95 + DD imagerel $unwind$?hex@std@@YAAEAVios_base@1@AEAV21@@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT $pdata$??$_Fgetc@D@std@@YA_NAEADPEAU_iobuf@@@Z DD imagerel $LN5 DD imagerel $LN5+112 DD imagerel $unwind$??$_Fgetc@D@std@@YA_NAEADPEAU_iobuf@@@Z @@ -1141,6 +1207,54 @@ $pdata$??1_NATIVE_CODE_BLOCK@@QEAA@XZ DD imagerel $LN3 pdata ENDS ; COMDAT pdata pdata SEGMENT +$pdata$?PrintByteArr@@YAXPEAXK@Z DD imagerel $LN6 + DD imagerel $LN6+278 + DD imagerel $unwind$?PrintByteArr@@YAXPEAXK@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z DD imagerel $LN23 + DD imagerel $LN23+1095 + DD imagerel $unwind$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$?dtor$0@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA DD imagerel ?dtor$0@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA + DD imagerel ?dtor$0@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA+36 + DD imagerel $unwind$?dtor$0@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$?catch$1@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA DD imagerel ?catch$1@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA + DD imagerel ?catch$1@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA+91 + DD imagerel $unwind$?catch$1@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$??$?6DU?$char_traits@D@std@@_J@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Smanip@_J@0@@Z DD imagerel $LN3 + DD imagerel $LN3+140 + DD imagerel $unwind$??$?6DU?$char_traits@D@std@@_J@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Smanip@_J@0@@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$??$setfill@D@std@@YA?AU?$_Fillobj@D@0@D@Z DD imagerel $LN3 + DD imagerel $LN3+94 + DD imagerel $unwind$??$setfill@D@std@@YA?AU?$_Fillobj@D@0@D@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$??0?$_Fillobj@D@std@@QEAA@D@Z DD imagerel $LN3 + DD imagerel $LN3+91 + DD imagerel $unwind$??0?$_Fillobj@D@std@@QEAA@D@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$??$?6DU?$char_traits@D@std@@D@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Fillobj@D@0@@Z DD imagerel $LN3 + DD imagerel $LN3+133 + DD imagerel $unwind$??$?6DU?$char_traits@D@std@@D@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Fillobj@D@0@@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT $pdata$?MakeExecutableBuffer@@YAPEAXPEAXK@Z DD imagerel $LN4 DD imagerel $LN4+136 DD imagerel $unwind$?MakeExecutableBuffer@@YAPEAXPEAXK@Z @@ -1369,8 +1483,8 @@ $pdata$??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ DD imagerel $LN pdata ENDS ; COMDAT pdata pdata SEGMENT -$pdata$main DD imagerel $LN4 - DD imagerel $LN4+406 +$pdata$main DD imagerel $LN7 + DD imagerel $LN7+461 DD imagerel $unwind$main pdata ENDS ; COMDAT pdata @@ -1435,6 +1549,42 @@ $pdata$??$_Delete_plain_internal@V?$allocator@U_Container_proxy@std@@@std@@@std@ pdata ENDS ; COMDAT pdata pdata SEGMENT +$pdata$??0_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z DD imagerel $LN4 + DD imagerel $LN4+171 + DD imagerel $unwind$??0_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ DD imagerel $LN4 + DD imagerel $LN4+143 + DD imagerel $unwind$??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z DD imagerel $LN7 + DD imagerel $LN7+284 + DD imagerel $unwind$??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$?dtor$0@?0???0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z@4HA DD imagerel ?dtor$0@?0???0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z@4HA + DD imagerel ?dtor$0@?0???0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z@4HA+39 + DD imagerel $unwind$?dtor$0@?0???0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z@4HA +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ DD imagerel $LN6 + DD imagerel $LN6+139 + DD imagerel $unwind$??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$??Bsentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEBA_NXZ DD imagerel $LN3 + DD imagerel $LN3+75 + DD imagerel $unwind$??Bsentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEBA_NXZ +pdata ENDS +; COMDAT pdata +pdata SEGMENT $pdata$??$_Alloc_proxy@V?$allocator@U_Container_proxy@std@@@std@@@_Container_base12@std@@QEAAX$$QEAV?$allocator@U_Container_proxy@std@@@1@@Z DD imagerel $LN3 DD imagerel $LN3+156 DD imagerel $unwind$??$_Alloc_proxy@V?$allocator@U_Container_proxy@std@@@std@@@_Container_base12@std@@QEAAX$$QEAV?$allocator@U_Container_proxy@std@@@1@@Z @@ -2109,15 +2259,18 @@ CONST ENDS CONST SEGMENT ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ DB ':AM:am:PM:pm', 00H ; `string' CONST ENDS -; COMDAT ??_C@_0BK@MMBIMAKC@numba?5is?3?5?$CFu?5size?5is?5?$CFu?6?6@ +; COMDAT ??_C@_0CH@OKHDPAIH@?6?6Obfuscated?3?5?$CFllu?5?5?5?5Original?3@ CONST SEGMENT -??_C@_0BK@MMBIMAKC@numba?5is?3?5?$CFu?5size?5is?5?$CFu?6?6@ DB 'numba is:' - DB ' %u size is %u', 0aH, 0aH, 00H ; `string' +??_C@_0CH@OKHDPAIH@?6?6Obfuscated?3?5?$CFllu?5?5?5?5Original?3@ DB 0aH, 0aH + DB 'Obfuscated: %llu Original: %llu', 0aH, 0aH, 00H ; `string' CONST ENDS -; COMDAT ??_C@_0CG@GOOMLDF@Bytes?3?5?$CFu?0?5Insts?3?5?$CFu?0?5FlagsMeme@ +; COMDAT ??_C@_05PDJBBECF@pause@ CONST SEGMENT -??_C@_0CG@GOOMLDF@Bytes?3?5?$CFu?0?5Insts?3?5?$CFu?0?5FlagsMeme@ DB 'Byte' - DB 's: %u, Insts: %u, FlagsMeme: %u.', 0aH, 00H ; `string' +??_C@_05PDJBBECF@pause@ DB 'pause', 00H ; `string' +CONST ENDS +; COMDAT ??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ +CONST SEGMENT +??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ DB 'failed to assemble', 0aH, 00H ; `string' CONST ENDS ; COMDAT ??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@ CONST SEGMENT @@ -2889,6 +3042,97 @@ $unwind$??$_Alloc_proxy@V?$allocator@U_Container_proxy@std@@@std@@@_Container_ba xdata ENDS ; COMDAT xdata xdata SEGMENT +$unwind$??Bsentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEBA_NXZ DD 025052a01H + DD 010e2313H + DD 07007001dH + DD 05006H +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$ip2state$??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ DB 02H + DB 00H + DB 00H +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$cppxdata$??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ DB 060H + DD imagerel $ip2state$??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ DD 025052a19H + DD 010e2313H + DD 070070021H + DD 05006H + DD imagerel __CxxFrameHandler4 + DD imagerel $cppxdata$??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$?dtor$0@?0???0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z@4HA DD 031001H + DD 0700c4210H + DD 0500bH +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$ip2state$??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z DB 06H + DB 00H + DB 00H + DB 09eH + DB 02H + DB 0f1H, 02H + DB 00H +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$stateUnwindMap$??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z DB 02H + DB 0eH + DD imagerel ?dtor$0@?0???0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z@4HA +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$cppxdata$??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z DB 028H + DD imagerel $stateUnwindMap$??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z + DD imagerel $ip2state$??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z DD 025052f11H + DD 01132318H + DD 0700c0021H + DD 0500bH + DD imagerel __CxxFrameHandler4 + DD imagerel $cppxdata$??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$ip2state$??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ DB 02H + DB 00H + DB 00H +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$cppxdata$??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ DB 060H + DD imagerel $ip2state$??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ DD 025052a19H + DD 010e2313H + DD 070070021H + DD 05006H + DD imagerel __CxxFrameHandler4 + DD imagerel $cppxdata$??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$??0_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z DD 025052f01H + DD 01132318H + DD 0700c0021H + DD 0500bH +xdata ENDS +; COMDAT xdata +xdata SEGMENT $ip2state$??$_Delete_plain_internal@V?$allocator@U_Container_proxy@std@@@std@@@std@@YAXAEAV?$allocator@U_Container_proxy@std@@@0@QEAU_Container_proxy@0@@Z DB 02H DB 00H DB 00H @@ -3097,12 +3341,16 @@ $unwind$main$dtor$0 DD 031001H xdata ENDS ; COMDAT xdata xdata SEGMENT -$ip2state$main DB 06H +$ip2state$main DB 0aH DB 00H DB 00H DB 0b2H DB 02H - DB 015H, 04H + DB 'y', 02H + DB 00H + DB '(' + DB 02H + DB 011H, 02H DB 00H xdata ENDS ; COMDAT xdata @@ -3121,26 +3369,30 @@ xdata ENDS xdata SEGMENT $unwind$main DD 025052f19H DD 010a230fH - DD 070030043H + DD 070030041H DD 05002H DD imagerel __GSHandlerCheck_EH4 DD imagerel $cppxdata$main - DD 0202H + DD 01f2H xdata ENDS ; COMDAT CONST CONST SEGMENT -main$rtcName$0 DB 042H +main$rtcName$0 DB 052H + DB 065H + DB 074H + DB 04eH + DB 075H + DB 06dH + DB 042H DB 06cH DB 06fH DB 063H DB 06bH DB 00H - ORG $+2 main$rtcName$1 DB 04fH DB 062H DB 066H DB 00H - ORG $+4 main$rtcName$2 DB 041H DB 073H DB 06dH @@ -3150,7 +3402,7 @@ main$rtcName$2 DB 041H DB 065H DB 00H ORG $+8 -main$rtcVarDesc DD 0e4H +main$rtcVarDesc DD 0a4H DD 04H DQ FLAT:main$rtcName$2 DD 078H @@ -3863,6 +4115,122 @@ $unwind$?MakeExecutableBuffer@@YAPEAXPEAXK@Z DD 025052e01H xdata ENDS ; COMDAT xdata xdata SEGMENT +$unwind$??$?6DU?$char_traits@D@std@@D@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Fillobj@D@0@@Z DD 025052f01H + DD 01132318H + DD 0700c001fH + DD 0500bH +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$??0?$_Fillobj@D@std@@QEAA@D@Z DD 025052e01H + DD 01122317H + DD 0700b001dH + DD 0500aH +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$??$setfill@D@std@@YA?AU?$_Fillobj@D@0@D@Z DD 025052e01H + DD 01122317H + DD 0700b001dH + DD 0500aH +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$??$?6DU?$char_traits@D@std@@_J@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Smanip@_J@0@@Z DD 025052f01H + DD 01132318H + DD 0700c001fH + DD 0500bH +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$?catch$1@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA DD 031001H + DD 0700c4210H + DD 0500bH +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$?dtor$0@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA DD 031001H + DD 0700c4210H + DD 0500bH +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$ip2state$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z DB 0aH + DB 00H + DB 00H + DB 0c6H + DB 02H + DB 011H, 02H + DB 04H + DB 0adH, 0aH + DB 02H + DB 0ecH + DB 00H +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$handlerMap$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z DB 02H + DB 01H + DB 080H + DD imagerel ?catch$1@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$tryMap$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z DB 02H + DB 02H + DB 02H + DB 04H + DD imagerel $handlerMap$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$stateUnwindMap$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z DB 06H + DB 0eH + DD imagerel ?dtor$0@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA + DB 028H + DB 030H +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$cppxdata$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z DB 038H + DD imagerel $stateUnwindMap$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z + DD imagerel $tryMap$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z + DD imagerel $ip2state$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z DD 025053f19H + DD 01122317H + DD 0700b004bH + DD 0500aH + DD imagerel __GSHandlerCheck_EH4 + DD imagerel $cppxdata$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z + DD 0243H +xdata ENDS +; COMDAT CONST +CONST SEGMENT +??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z$rtcName$0 DB 05fH ; std::operator<< > + DB 04fH + DB 06bH + DB 00H + ORG $+12 +??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z$rtcVarDesc DD 048H ; std::operator<< > + DD 010H + DQ FLAT:??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z$rtcName$0 + ORG $+48 +??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z$rtcFrameData DD 01H ; std::operator<< > + DD 00H + DQ FLAT:??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z$rtcVarDesc +CONST ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$?PrintByteArr@@YAXPEAXK@Z DD 025052e01H + DD 01122317H + DD 0700b0031H + DD 0500aH +xdata ENDS +; COMDAT xdata +xdata SEGMENT $unwind$??1_NATIVE_CODE_BLOCK@@QEAA@XZ DD 025052a01H DD 010e2313H DD 07007001dH @@ -4022,6 +4390,13 @@ $unwind$??$_Fgetc@D@std@@YA_NAEADPEAU_iobuf@@@Z DD 025052f01H xdata ENDS ; COMDAT xdata xdata SEGMENT +$unwind$?hex@std@@YAAEAVios_base@1@AEAV21@@Z DD 025052a01H + DD 010e2313H + DD 07007001dH + DD 05006H +xdata ENDS +; COMDAT xdata +xdata SEGMENT $unwind$??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z DD 035053401H DD 0118331dH DD 07011002bH @@ -7280,24 +7655,480 @@ $LN3: ??$_Alloc_proxy@V?$allocator@U_Container_proxy@std@@@std@@@_Container_base12@std@@QEAAX$$QEAV?$allocator@U_Container_proxy@std@@@1@@Z ENDP ; std::_Container_base12::_Alloc_proxy > _TEXT ENDS ; Function compile flags: /Odtp /RTCsu /ZI -; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\xmemory -; COMDAT ??$_Delete_plain_internal@V?$allocator@U_Container_proxy@std@@@std@@@std@@YAXAEAV?$allocator@U_Container_proxy@std@@@0@QEAU_Container_proxy@0@@Z +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\ostream +; COMDAT ??Bsentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEBA_NXZ _TEXT SEGMENT -_Al$ = 224 -_Ptr$ = 232 -??$_Delete_plain_internal@V?$allocator@U_Container_proxy@std@@@std@@@std@@YAXAEAV?$allocator@U_Container_proxy@std@@@0@QEAU_Container_proxy@0@@Z PROC ; std::_Delete_plain_internal >, COMDAT +this$ = 224 +??Bsentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEBA_NXZ PROC ; std::basic_ostream >::sentry::operator bool, COMDAT -; 1026 : void _Delete_plain_internal(_Alloc& _Al, typename _Alloc::value_type* const _Ptr) noexcept { +; 125 : explicit __CLR_OR_THIS_CALL operator bool() const { $LN3: - 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx - 00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 0000a 55 push rbp - 0000b 57 push rdi - 0000c 48 81 ec e8 00 - 00 00 sub rsp, 232 ; 000000e8H - 00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] - 00018 48 8b fc mov rdi, rsp + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 55 push rbp + 00006 57 push rdi + 00007 48 81 ec e8 00 + 00 00 sub rsp, 232 ; 000000e8H + 0000e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00013 48 8b fc mov rdi, rsp + 00016 b9 3a 00 00 00 mov ecx, 58 ; 0000003aH + 0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00020 f3 ab rep stosd + 00022 48 8b 8c 24 08 + 01 00 00 mov rcx, QWORD PTR [rsp+264] + 0002a 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__1D745195_ostream + 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + +; 126 : return _Ok; + + 00036 48 8b 85 e0 00 + 00 00 mov rax, QWORD PTR this$[rbp] + 0003d 0f b6 40 08 movzx eax, BYTE PTR [rax+8] + +; 127 : } + + 00041 48 8d a5 c8 00 + 00 00 lea rsp, QWORD PTR [rbp+200] + 00048 5f pop rdi + 00049 5d pop rbp + 0004a c3 ret 0 +??Bsentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEBA_NXZ ENDP ; std::basic_ostream >::sentry::operator bool +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\ostream +; COMDAT ??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ +_TEXT SEGMENT +_Zero_uncaught_exceptions$ = 4 +tv72 = 212 +this$ = 256 +??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ PROC ; std::basic_ostream >::sentry::~sentry, COMDAT + +; 110 : __CLR_OR_THIS_CALL ~sentry() noexcept { + +$LN6: + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 55 push rbp + 00006 57 push rdi + 00007 48 81 ec 08 01 + 00 00 sub rsp, 264 ; 00000108H + 0000e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00013 48 8b fc mov rdi, rsp + 00016 b9 42 00 00 00 mov ecx, 66 ; 00000042H + 0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00020 f3 ab rep stosd + 00022 48 8b 8c 24 28 + 01 00 00 mov rcx, QWORD PTR [rsp+296] + 0002a 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__1D745195_ostream + 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + +; 111 : #if !_HAS_EXCEPTIONS +; 112 : const bool _Zero_uncaught_exceptions = true; +; 113 : #elif _HAS_DEPRECATED_UNCAUGHT_EXCEPTION +; 114 : const bool _Zero_uncaught_exceptions = !_STD uncaught_exception(); // TRANSITION, ArchivedOS-12000909 + + 00036 e8 00 00 00 00 call ?uncaught_exception@std@@YA_NXZ ; std::uncaught_exception + 0003b 0f b6 c0 movzx eax, al + 0003e 85 c0 test eax, eax + 00040 75 09 jne SHORT $LN4@sentry + 00042 c6 85 d4 00 00 + 00 01 mov BYTE PTR tv72[rbp], 1 + 00049 eb 07 jmp SHORT $LN5@sentry +$LN4@sentry: + 0004b c6 85 d4 00 00 + 00 00 mov BYTE PTR tv72[rbp], 0 +$LN5@sentry: + 00052 0f b6 85 d4 00 + 00 00 movzx eax, BYTE PTR tv72[rbp] + 00059 88 45 04 mov BYTE PTR _Zero_uncaught_exceptions$[rbp], al + +; 115 : #else // ^^^ _HAS_DEPRECATED_UNCAUGHT_EXCEPTION / !_HAS_DEPRECATED_UNCAUGHT_EXCEPTION vvv +; 116 : const bool _Zero_uncaught_exceptions = _STD uncaught_exceptions() == 0; +; 117 : #endif // !_HAS_DEPRECATED_UNCAUGHT_EXCEPTION +; 118 : +; 119 : if (_Zero_uncaught_exceptions) { + + 0005c 0f b6 45 04 movzx eax, BYTE PTR _Zero_uncaught_exceptions$[rbp] + 00060 85 c0 test eax, eax + 00062 74 10 je SHORT $LN2@sentry + +; 120 : this->_Myostr._Osfx(); + + 00064 48 8b 85 00 01 + 00 00 mov rax, QWORD PTR this$[rbp] + 0006b 48 8b 08 mov rcx, QWORD PTR [rax] + 0006e ff 15 00 00 00 + 00 call QWORD PTR __imp_?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ +$LN2@sentry: + +; 121 : } +; 122 : } + + 00074 48 8b 8d 00 01 + 00 00 mov rcx, QWORD PTR this$[rbp] + 0007b e8 00 00 00 00 call ??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ostream >::_Sentry_base::~_Sentry_base + 00080 90 npad 1 + 00081 48 8d a5 e8 00 + 00 00 lea rsp, QWORD PTR [rbp+232] + 00088 5f pop rdi + 00089 5d pop rbp + 0008a c3 ret 0 +??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ ENDP ; std::basic_ostream >::sentry::~sentry +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\ostream +; COMDAT ??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z +_TEXT SEGMENT +_Tied$ = 8 +this$ = 256 +_Ostr$ = 264 +??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z PROC ; std::basic_ostream >::sentry::sentry, COMDAT + +; 92 : explicit __CLR_OR_THIS_CALL sentry(basic_ostream& _Ostr) : _Sentry_base(_Ostr) { + +$LN7: + 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 81 ec 08 01 + 00 00 sub rsp, 264 ; 00000108H + 00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00018 48 8b fc mov rdi, rsp + 0001b b9 42 00 00 00 mov ecx, 66 ; 00000042H + 00020 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00025 f3 ab rep stosd + 00027 48 8b 8c 24 28 + 01 00 00 mov rcx, QWORD PTR [rsp+296] + 0002f 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__1D745195_ostream + 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + 0003b 48 8b 95 08 01 + 00 00 mov rdx, QWORD PTR _Ostr$[rbp] + 00042 48 8b 8d 00 01 + 00 00 mov rcx, QWORD PTR this$[rbp] + 00049 e8 00 00 00 00 call ??0_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z ; std::basic_ostream >::_Sentry_base::_Sentry_base + 0004e 90 npad 1 + +; 93 : if (!_Ostr.good()) { + + 0004f 48 8b 85 08 01 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 00056 48 8b 00 mov rax, QWORD PTR [rax] + 00059 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 0005d 48 8b 8d 08 01 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 00064 48 03 c8 add rcx, rax + 00067 48 8b c1 mov rax, rcx + 0006a 48 8b c8 mov rcx, rax + 0006d ff 15 00 00 00 + 00 call QWORD PTR __imp_?good@ios_base@std@@QEBA_NXZ + 00073 0f b6 c0 movzx eax, al + 00076 85 c0 test eax, eax + 00078 75 10 jne SHORT $LN2@sentry + +; 94 : _Ok = false; + + 0007a 48 8b 85 00 01 + 00 00 mov rax, QWORD PTR this$[rbp] + 00081 c6 40 08 00 mov BYTE PTR [rax+8], 0 + +; 95 : return; + + 00085 e9 81 00 00 00 jmp $LN1@sentry +$LN2@sentry: + +; 96 : } +; 97 : +; 98 : const auto _Tied = _Ostr.tie(); + + 0008a 48 8b 85 08 01 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 00091 48 8b 00 mov rax, QWORD PTR [rax] + 00094 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 00098 48 8b 8d 08 01 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 0009f 48 03 c8 add rcx, rax + 000a2 48 8b c1 mov rax, rcx + 000a5 48 8b c8 mov rcx, rax + 000a8 ff 15 00 00 00 + 00 call QWORD PTR __imp_?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ + 000ae 48 89 45 08 mov QWORD PTR _Tied$[rbp], rax + +; 99 : if (!_Tied || _Tied == &_Ostr) { + + 000b2 48 83 7d 08 00 cmp QWORD PTR _Tied$[rbp], 0 + 000b7 74 0d je SHORT $LN4@sentry + 000b9 48 8b 85 08 01 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 000c0 48 39 45 08 cmp QWORD PTR _Tied$[rbp], rax + 000c4 75 0d jne SHORT $LN3@sentry +$LN4@sentry: + +; 100 : _Ok = true; + + 000c6 48 8b 85 00 01 + 00 00 mov rax, QWORD PTR this$[rbp] + 000cd c6 40 08 01 mov BYTE PTR [rax+8], 1 + +; 101 : return; + + 000d1 eb 38 jmp SHORT $LN1@sentry +$LN3@sentry: + +; 102 : } +; 103 : +; 104 : +; 105 : _Tied->flush(); + + 000d3 48 8b 4d 08 mov rcx, QWORD PTR _Tied$[rbp] + 000d7 ff 15 00 00 00 + 00 call QWORD PTR __imp_?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ + +; 106 : _Ok = _Ostr.good(); // store test only after flushing tie + + 000dd 48 8b 85 08 01 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 000e4 48 8b 00 mov rax, QWORD PTR [rax] + 000e7 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 000eb 48 8b 8d 08 01 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 000f2 48 03 c8 add rcx, rax + 000f5 48 8b c1 mov rax, rcx + 000f8 48 8b c8 mov rcx, rax + 000fb ff 15 00 00 00 + 00 call QWORD PTR __imp_?good@ios_base@std@@QEBA_NXZ + 00101 48 8b 8d 00 01 + 00 00 mov rcx, QWORD PTR this$[rbp] + 00108 88 41 08 mov BYTE PTR [rcx+8], al +$LN1@sentry: + +; 107 : } + + 0010b 48 8b 85 00 01 + 00 00 mov rax, QWORD PTR this$[rbp] + 00112 48 8d a5 e8 00 + 00 00 lea rsp, QWORD PTR [rbp+232] + 00119 5f pop rdi + 0011a 5d pop rbp + 0011b c3 ret 0 +??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z ENDP ; std::basic_ostream >::sentry::sentry +_TEXT ENDS +; COMDAT text$x +text$x SEGMENT +_Tied$ = 8 +this$ = 256 +_Ostr$ = 264 +?dtor$0@?0???0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z@4HA PROC ; `std::basic_ostream >::sentry::sentry'::`1'::dtor$0 + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H + 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] + 00014 48 8b 8d 00 01 + 00 00 mov rcx, QWORD PTR this$[rbp] + 0001b e8 00 00 00 00 call ??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ostream >::_Sentry_base::~_Sentry_base + 00020 48 83 c4 28 add rsp, 40 ; 00000028H + 00024 5f pop rdi + 00025 5d pop rbp + 00026 c3 ret 0 +?dtor$0@?0???0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z@4HA ENDP ; `std::basic_ostream >::sentry::sentry'::`1'::dtor$0 +text$x ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; COMDAT text$x +text$x SEGMENT +_Tied$ = 8 +this$ = 256 +_Ostr$ = 264 +?dtor$0@?0???0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z@4HA PROC ; `std::basic_ostream >::sentry::sentry'::`1'::dtor$0 + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H + 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] + 00014 48 8b 8d 00 01 + 00 00 mov rcx, QWORD PTR this$[rbp] + 0001b e8 00 00 00 00 call ??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ostream >::_Sentry_base::~_Sentry_base + 00020 48 83 c4 28 add rsp, 40 ; 00000028H + 00024 5f pop rdi + 00025 5d pop rbp + 00026 c3 ret 0 +?dtor$0@?0???0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z@4HA ENDP ; `std::basic_ostream >::sentry::sentry'::`1'::dtor$0 +text$x ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\ostream +; COMDAT ??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ +_TEXT SEGMENT +_Rdbuf$ = 8 +tv72 = 216 +this$ = 256 +??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ PROC ; std::basic_ostream >::_Sentry_base::~_Sentry_base, COMDAT + +; 78 : __CLR_OR_THIS_CALL ~_Sentry_base() noexcept { // destroy after unlocking + +$LN4: + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 55 push rbp + 00006 57 push rdi + 00007 48 81 ec 08 01 + 00 00 sub rsp, 264 ; 00000108H + 0000e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00013 48 8b fc mov rdi, rsp + 00016 b9 42 00 00 00 mov ecx, 66 ; 00000042H + 0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00020 f3 ab rep stosd + 00022 48 8b 8c 24 28 + 01 00 00 mov rcx, QWORD PTR [rsp+296] + 0002a 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__1D745195_ostream + 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + +; 79 : const auto _Rdbuf = _Myostr.rdbuf(); + + 00036 48 8b 85 00 01 + 00 00 mov rax, QWORD PTR this$[rbp] + 0003d 48 8b 00 mov rax, QWORD PTR [rax] + 00040 48 89 85 d8 00 + 00 00 mov QWORD PTR tv72[rbp], rax + 00047 48 8b 85 d8 00 + 00 00 mov rax, QWORD PTR tv72[rbp] + 0004e 48 8b 00 mov rax, QWORD PTR [rax] + 00051 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 00055 48 8b 8d d8 00 + 00 00 mov rcx, QWORD PTR tv72[rbp] + 0005c 48 03 c8 add rcx, rax + 0005f 48 8b c1 mov rax, rcx + 00062 48 8b c8 mov rcx, rax + 00065 ff 15 00 00 00 + 00 call QWORD PTR __imp_?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ + 0006b 48 89 45 08 mov QWORD PTR _Rdbuf$[rbp], rax + +; 80 : if (_Rdbuf) { + + 0006f 48 83 7d 08 00 cmp QWORD PTR _Rdbuf$[rbp], 0 + 00074 74 0f je SHORT $LN2@Sentry_bas + +; 81 : _Rdbuf->_Unlock(); + + 00076 48 8b 45 08 mov rax, QWORD PTR _Rdbuf$[rbp] + 0007a 48 8b 00 mov rax, QWORD PTR [rax] + 0007d 48 8b 4d 08 mov rcx, QWORD PTR _Rdbuf$[rbp] + 00081 ff 50 10 call QWORD PTR [rax+16] + 00084 90 npad 1 +$LN2@Sentry_bas: + +; 82 : } +; 83 : } + + 00085 48 8d a5 e8 00 + 00 00 lea rsp, QWORD PTR [rbp+232] + 0008c 5f pop rdi + 0008d 5d pop rbp + 0008e c3 ret 0 +??1_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ ENDP ; std::basic_ostream >::_Sentry_base::~_Sentry_base +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\ostream +; COMDAT ??0_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z +_TEXT SEGMENT +_Rdbuf$ = 8 +tv73 = 216 +this$ = 256 +_Ostr$ = 264 +??0_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z PROC ; std::basic_ostream >::_Sentry_base::_Sentry_base, COMDAT + +; 71 : __CLR_OR_THIS_CALL _Sentry_base(basic_ostream& _Ostr) : _Myostr(_Ostr) { // lock the stream buffer, if there + +$LN4: + 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 81 ec 08 01 + 00 00 sub rsp, 264 ; 00000108H + 00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00018 48 8b fc mov rdi, rsp + 0001b b9 42 00 00 00 mov ecx, 66 ; 00000042H + 00020 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00025 f3 ab rep stosd + 00027 48 8b 8c 24 28 + 01 00 00 mov rcx, QWORD PTR [rsp+296] + 0002f 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__1D745195_ostream + 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + 0003b 48 8b 85 00 01 + 00 00 mov rax, QWORD PTR this$[rbp] + 00042 48 8b 8d 08 01 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 00049 48 89 08 mov QWORD PTR [rax], rcx + +; 72 : const auto _Rdbuf = _Myostr.rdbuf(); + + 0004c 48 8b 85 00 01 + 00 00 mov rax, QWORD PTR this$[rbp] + 00053 48 8b 00 mov rax, QWORD PTR [rax] + 00056 48 89 85 d8 00 + 00 00 mov QWORD PTR tv73[rbp], rax + 0005d 48 8b 85 d8 00 + 00 00 mov rax, QWORD PTR tv73[rbp] + 00064 48 8b 00 mov rax, QWORD PTR [rax] + 00067 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 0006b 48 8b 8d d8 00 + 00 00 mov rcx, QWORD PTR tv73[rbp] + 00072 48 03 c8 add rcx, rax + 00075 48 8b c1 mov rax, rcx + 00078 48 8b c8 mov rcx, rax + 0007b ff 15 00 00 00 + 00 call QWORD PTR __imp_?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ + 00081 48 89 45 08 mov QWORD PTR _Rdbuf$[rbp], rax + +; 73 : if (_Rdbuf) { + + 00085 48 83 7d 08 00 cmp QWORD PTR _Rdbuf$[rbp], 0 + 0008a 74 0e je SHORT $LN2@Sentry_bas + +; 74 : _Rdbuf->_Lock(); + + 0008c 48 8b 45 08 mov rax, QWORD PTR _Rdbuf$[rbp] + 00090 48 8b 00 mov rax, QWORD PTR [rax] + 00093 48 8b 4d 08 mov rcx, QWORD PTR _Rdbuf$[rbp] + 00097 ff 50 08 call QWORD PTR [rax+8] +$LN2@Sentry_bas: + +; 75 : } +; 76 : } + + 0009a 48 8b 85 00 01 + 00 00 mov rax, QWORD PTR this$[rbp] + 000a1 48 8d a5 e8 00 + 00 00 lea rsp, QWORD PTR [rbp+232] + 000a8 5f pop rdi + 000a9 5d pop rbp + 000aa c3 ret 0 +??0_Sentry_base@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z ENDP ; std::basic_ostream >::_Sentry_base::_Sentry_base +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\xmemory +; COMDAT ??$_Delete_plain_internal@V?$allocator@U_Container_proxy@std@@@std@@@std@@YAXAEAV?$allocator@U_Container_proxy@std@@@0@QEAU_Container_proxy@0@@Z +_TEXT SEGMENT +_Al$ = 224 +_Ptr$ = 232 +??$_Delete_plain_internal@V?$allocator@U_Container_proxy@std@@@std@@@std@@YAXAEAV?$allocator@U_Container_proxy@std@@@0@QEAU_Container_proxy@0@@Z PROC ; std::_Delete_plain_internal >, COMDAT + +; 1026 : void _Delete_plain_internal(_Alloc& _Al, typename _Alloc::value_type* const _Ptr) noexcept { + +$LN3: + 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 81 ec e8 00 + 00 00 sub rsp, 232 ; 000000e8H + 00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00018 48 8b fc mov rdi, rsp 0001b b9 3a 00 00 00 mov ecx, 58 ; 0000003aH 00020 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH 00025 f3 ab rep stosd @@ -7902,44 +8733,44 @@ text$x ENDS ; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Main.cpp ; COMDAT main _TEXT SEGMENT -Block$ = 8 +RetNumBlock$ = 8 Obf$ = 88 -ByteSize$ = 132 -InstSize$ = 164 -AsmSize$ = 196 -Asm$ = 232 -Exec$ = 264 -tv133 = 468 -tv131 = 472 -__$ArrayPad$ = 480 +AsmSize$ = 132 +Asm$ = 168 +Exec$ = 200 +$T6 = 420 +tv134 = 440 +tv128 = 448 +tv132 = 456 +__$ArrayPad$ = 464 main PROC ; COMDAT -; 68 : { +; 90 : { -$LN4: +$LN7: 00000 40 55 push rbp 00002 57 push rdi - 00003 48 81 ec 18 02 - 00 00 sub rsp, 536 ; 00000218H + 00003 48 81 ec 08 02 + 00 00 sub rsp, 520 ; 00000208H 0000a 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] 0000f 48 8b fc mov rdi, rsp - 00012 b9 86 00 00 00 mov ecx, 134 ; 00000086H + 00012 b9 82 00 00 00 mov ecx, 130 ; 00000082H 00017 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH 0001c f3 ab rep stosd 0001e 48 8b 05 00 00 00 00 mov rax, QWORD PTR __security_cookie 00025 48 33 c5 xor rax, rbp - 00028 48 89 85 e0 01 + 00028 48 89 85 d0 01 00 00 mov QWORD PTR __$ArrayPad$[rbp], rax 0002f 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:__4031338C_Main@cpp 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 69 : XedTablesInit(); +; 91 : XedTablesInit(); 0003b e8 00 00 00 00 call xed_tables_init -; 70 : srand(time(NULL)); +; 92 : srand(time(NULL)); 00040 33 c9 xor ecx, ecx 00042 e8 00 00 00 00 call time @@ -7947,268 +8778,316 @@ $LN4: 00049 ff 15 00 00 00 00 call QWORD PTR __imp_srand -; 71 : -; 72 : NATIVE_CODE_BLOCK Block; +; 93 : +; 94 : +; 95 : NATIVE_CODE_BLOCK RetNumBlock; - 0004f 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp] + 0004f 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] 00053 e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK 00058 90 npad 1 -; 73 : NcDisassemble(&Block, meme1, sizeof(meme1)); +; 96 : NcDisassemble(&RetNumBlock, RetNumCode, sizeof(RetNumCode)); - 00059 41 b8 30 00 00 - 00 mov r8d, 48 ; 00000030H + 00059 41 b8 1d 00 00 + 00 mov r8d, 29 0005f 48 8d 15 00 00 - 00 00 lea rdx, OFFSET FLAT:?meme1@@3PAEA ; meme1 - 00066 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp] + 00 00 lea rdx, OFFSET FLAT:?RetNumCode@@3PAEA ; RetNumCode + 00066 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] 0006a e8 00 00 00 00 call ?NcDisassemble@@YAHPEAU_NATIVE_CODE_BLOCK@@PEAXK@Z ; NcDisassemble -; 74 : OBFUSCATOR Obf; -; 75 : Obf.Flags = 0; +; 97 : OBFUSCATOR Obf; +; 98 : Obf.Flags = 0; 0006f c7 45 5c 00 00 00 00 mov DWORD PTR Obf$[rbp+4], 0 -; 76 : Obf.MinInstCount = 12; +; 99 : Obf.MinInstCount = 4; - 00076 c7 45 58 0c 00 - 00 00 mov DWORD PTR Obf$[rbp], 12 + 00076 c7 45 58 04 00 + 00 00 mov DWORD PTR Obf$[rbp], 4 -; 77 : Obf.GlobalBlock = &Block; +; 100 : Obf.GlobalBlock = &RetNumBlock; - 0007d 48 8d 45 08 lea rax, QWORD PTR Block$[rbp] + 0007d 48 8d 45 08 lea rax, QWORD PTR RetNumBlock$[rbp] 00081 48 89 45 60 mov QWORD PTR Obf$[rbp+8], rax -; 78 : ObfObfuscate(&Obf, &Block); +; 101 : ObfObfuscate(&Obf, &RetNumBlock); - 00085 48 8d 55 08 lea rdx, QWORD PTR Block$[rbp] + 00085 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp] 00089 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp] 0008d e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate -; 79 : Obf.MinInstCount = 4; +; 102 : ObfObfuscate(&Obf, &RetNumBlock); - 00092 c7 45 58 04 00 - 00 00 mov DWORD PTR Obf$[rbp], 4 + 00092 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp] + 00096 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp] + 0009a e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate -; 80 : ObfObfuscate(&Obf, &Block); +; 103 : Obf.MinInstCount = 30; - 00099 48 8d 55 08 lea rdx, QWORD PTR Block$[rbp] - 0009d 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp] - 000a1 e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate + 0009f c7 45 58 1e 00 + 00 00 mov DWORD PTR Obf$[rbp], 30 -; 81 : NcDebugPrint(&Block); +; 104 : ObfObfuscate(&Obf, &RetNumBlock); - 000a6 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp] - 000aa e8 00 00 00 00 call ?NcDebugPrint@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDebugPrint + 000a6 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp] + 000aa 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp] + 000ae e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate -; 82 : -; 83 : ULONG ByteSize = NcCalcBlockSizeInBytes(&Block); +; 105 : +; 106 : +; 107 : ULONG AsmSize; +; 108 : PVOID Asm = NcAssemble(&RetNumBlock, &AsmSize); - 000af 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp] - 000b3 e8 00 00 00 00 call ?NcCalcBlockSizeInBytes@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcCalcBlockSizeInBytes - 000b8 89 85 84 00 00 - 00 mov DWORD PTR ByteSize$[rbp], eax + 000b3 48 8d 95 84 00 + 00 00 lea rdx, QWORD PTR AsmSize$[rbp] + 000ba 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] + 000be e8 00 00 00 00 call ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z ; NcAssemble + 000c3 48 89 85 a8 00 + 00 00 mov QWORD PTR Asm$[rbp], rax -; 84 : ULONG InstSize = NcCountInstructions(&Block); +; 109 : if (!Asm) - 000be 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp] - 000c2 e8 00 00 00 00 call ?NcCountInstructions@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcCountInstructions - 000c7 89 85 a4 00 00 - 00 mov DWORD PTR InstSize$[rbp], eax + 000ca 48 83 bd a8 00 + 00 00 00 cmp QWORD PTR Asm$[rbp], 0 + 000d2 75 37 jne SHORT $LN2@main -; 85 : -; 86 : printf("Bytes: %u, Insts: %u, FlagsMeme: %u.\n", ByteSize, InstSize, Obf.Flags); +; 110 : { +; 111 : printf("failed to assemble\n"); - 000cd 44 8b 4d 5c mov r9d, DWORD PTR Obf$[rbp+4] - 000d1 44 8b 85 a4 00 - 00 00 mov r8d, DWORD PTR InstSize$[rbp] - 000d8 8b 95 84 00 00 - 00 mov edx, DWORD PTR ByteSize$[rbp] - 000de 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:??_C@_0CG@GOOMLDF@Bytes?3?5?$CFu?0?5Insts?3?5?$CFu?0?5FlagsMeme@ - 000e5 e8 00 00 00 00 call printf + 000d4 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ + 000db e8 00 00 00 00 call printf -; 87 : -; 88 : ULONG AsmSize; -; 89 : PVOID Asm = NcAssemble(&Block, &AsmSize); +; 112 : system("pause"); - 000ea 48 8d 95 c4 00 - 00 00 lea rdx, QWORD PTR AsmSize$[rbp] - 000f1 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp] - 000f5 e8 00 00 00 00 call ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z ; NcAssemble - 000fa 48 89 85 e8 00 - 00 00 mov QWORD PTR Asm$[rbp], rax + 000e0 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@ + 000e7 ff 15 00 00 00 + 00 call QWORD PTR __imp_system -; 90 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); +; 113 : return 1; - 00101 8b 95 c4 00 00 + 000ed c7 85 a4 01 00 + 00 01 00 00 00 mov DWORD PTR $T6[rbp], 1 + 000f7 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] + 000fb e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ + 00100 8b 85 a4 01 00 + 00 mov eax, DWORD PTR $T6[rbp] + 00106 e9 93 00 00 00 jmp $LN5@main +$LN2@main: + +; 114 : } +; 115 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); + + 0010b 8b 95 84 00 00 00 mov edx, DWORD PTR AsmSize$[rbp] - 00107 48 8b 8d e8 00 + 00111 48 8b 8d a8 00 00 00 mov rcx, QWORD PTR Asm$[rbp] - 0010e e8 00 00 00 00 call ?MakeExecutableBuffer@@YAPEAXPEAXK@Z ; MakeExecutableBuffer - 00113 48 89 85 08 01 + 00118 e8 00 00 00 00 call ?MakeExecutableBuffer@@YAPEAXPEAXK@Z ; MakeExecutableBuffer + 0011d 48 89 85 c8 00 00 00 mov QWORD PTR Exec$[rbp], rax -; 91 : typedef ULONG(*FnGetFour)(); -; 92 : printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize); - - 0011a 8b 85 c4 00 00 - 00 mov eax, DWORD PTR AsmSize$[rbp] - 00120 89 85 d4 01 00 - 00 mov DWORD PTR tv133[rbp], eax - 00126 ff 95 08 01 00 - 00 call QWORD PTR Exec$[rbp] - 0012c 89 85 d8 01 00 - 00 mov DWORD PTR tv131[rbp], eax - 00132 44 8b 85 d4 01 - 00 00 mov r8d, DWORD PTR tv133[rbp] - 00139 8b 95 d8 01 00 - 00 mov edx, DWORD PTR tv131[rbp] - 0013f 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:??_C@_0BK@MMBIMAKC@numba?5is?3?5?$CFu?5size?5is?5?$CFu?6?6@ - 00146 e8 00 00 00 00 call printf - -; 93 : PutToFile(Asm, AsmSize); - - 0014b 8b 95 c4 00 00 +; 116 : typedef ULONG64(*FnRetNum)(ULONG Num); +; 117 : printf("\n\nObfuscated: %llu Original: %llu\n\n", ((FnRetNum)Exec)(1776), RetNum(1776)); + + 00124 b9 f0 06 00 00 mov ecx, 1776 ; 000006f0H + 00129 e8 00 00 00 00 call RetNum + 0012e 48 89 85 b8 01 + 00 00 mov QWORD PTR tv134[rbp], rax + 00135 48 8b 85 c8 00 + 00 00 mov rax, QWORD PTR Exec$[rbp] + 0013c 48 89 85 c0 01 + 00 00 mov QWORD PTR tv128[rbp], rax + 00143 b9 f0 06 00 00 mov ecx, 1776 ; 000006f0H + 00148 ff 95 c0 01 00 + 00 call QWORD PTR tv128[rbp] + 0014e 48 89 85 c8 01 + 00 00 mov QWORD PTR tv132[rbp], rax + 00155 4c 8b 85 b8 01 + 00 00 mov r8, QWORD PTR tv134[rbp] + 0015c 48 8b 95 c8 01 + 00 00 mov rdx, QWORD PTR tv132[rbp] + 00163 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_0CH@OKHDPAIH@?6?6Obfuscated?3?5?$CFllu?5?5?5?5Original?3@ + 0016a e8 00 00 00 00 call printf + +; 118 : PutToFile(Asm, AsmSize); + + 0016f 8b 95 84 00 00 00 mov edx, DWORD PTR AsmSize$[rbp] - 00151 48 8b 8d e8 00 + 00175 48 8b 8d a8 00 00 00 mov rcx, QWORD PTR Asm$[rbp] - 00158 e8 00 00 00 00 call ?PutToFile@@YAXPEAXK@Z ; PutToFile - 0015d 90 npad 1 + 0017c e8 00 00 00 00 call ?PutToFile@@YAXPEAXK@Z ; PutToFile + +; 119 : system("pause"); + + 00181 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@ + 00188 ff 15 00 00 00 + 00 call QWORD PTR __imp_system + 0018e 90 npad 1 -; 94 : -; 95 : -; 96 : //PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1)); -; 97 : //PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2)); -; 98 : //PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776); -; 99 : //PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776); -; 100 : //PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst); -; 101 : //PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst); -; 102 : -; 103 : //NcAppendToBlock(Pre1, Return1776); -; 104 : //NcInsertBlockAfter(Pre1->End, Post1, 0); -; 105 : //Pre1->End = Post1->End; -; 106 : //NcInsertBlockAfter(Pre1->End, Pre2, 0); -; 107 : //Pre1->End = Pre2->End; -; 108 : //NcAppendToBlock(Pre1, RetInst); -; 109 : //NcInsertBlockAfter(Pre1->End, Post2, 0); -; 110 : //Pre1->End = Post2->End; -; 111 : -; 112 : ///*Pre->Start = Return1776; -; 113 : //Pre->End = Return1776;*/ -; 114 : -; 115 : //for (ULONG i = 0; i < Return1776->RawDataSize; i++) -; 116 : // Return1776->RawData[i] = (UCHAR)rand(); -; 117 : //for (ULONG i = 0; i < RetInst->RawDataSize; i++) -; 118 : // RetInst->RawData[i] = (UCHAR)rand(); -; 119 : ; 120 : ; 121 : -; 122 : //ULONG AsmLen; -; 123 : //PVOID Asm = NcAssemble(Pre1, &AsmLen); -; 124 : //PUCHAR Tb = (PUCHAR)Asm; -; 125 : //for (uint32_t i = 0; i < AsmLen; i++) -; 126 : //{ -; 127 : // std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' '; -; 128 : //} -; 129 : -; 130 : //system("pause"); -; 131 : -; 132 : //typedef ULONG64(*FnGet1776)(); -; 133 : //FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen); -; 134 : //if (ExecBuffer) -; 135 : //{ -; 136 : // printf("The numba was: %X\n", ExecBuffer()); -; 137 : // printf("The numba was: %X\n", ExecBuffer()); -; 138 : -; 139 : // printf("The numba was: %X\n", ExecBuffer()); -; 140 : -; 141 : // printf("The numba was: %X\n", ExecBuffer()); -; 142 : -; 143 : //} +; 122 : /*NATIVE_CODE_BLOCK Block; +; 123 : NcDisassemble(&Block, meme1, sizeof(meme1)); +; 124 : OBFUSCATOR Obf; +; 125 : Obf.Flags = 0; +; 126 : Obf.MinInstCount = 12; +; 127 : Obf.GlobalBlock = &Block; +; 128 : ObfObfuscate(&Obf, &Block); +; 129 : Obf.MinInstCount = 4; +; 130 : ObfObfuscate(&Obf, &Block); +; 131 : NcDebugPrint(&Block); +; 132 : +; 133 : ULONG ByteSize = NcCalcBlockSizeInBytes(&Block); +; 134 : ULONG InstSize = NcCountInstructions(&Block); +; 135 : +; 136 : printf("Bytes: %u, Insts: %u, FlagsMeme: %u.\n", ByteSize, InstSize, Obf.Flags); +; 137 : +; 138 : ULONG AsmSize; +; 139 : PVOID Asm = NcAssemble(&Block, &AsmSize); +; 140 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); +; 141 : typedef ULONG(*FnGetFour)(); +; 142 : printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize); +; 143 : PutToFile(Asm, AsmSize);*/ ; 144 : ; 145 : -; 146 : //NcDebugPrint(Post); -; 147 : -; 148 : -; 149 : -; 150 : /*NATIVE_CODE_BLOCK Block; -; 151 : NcDisassemble(&Block, TestBuffer, TestBufferSize); -; 152 : PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1)); -; 153 : -; 154 : NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink); -; 155 : ULONG AssembledSize; -; 156 : PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize); -; 157 : if (!AssembledBlock || !AssembledSize) -; 158 : { -; 159 : printf("Something failed nicka.\n"); -; 160 : system("pause"); -; 161 : return -1; -; 162 : } -; 163 : PUCHAR Tb = (PUCHAR)AssembledBlock; -; 164 : for (uint32_t i = 0; i < AssembledSize; i++) -; 165 : { -; 166 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' '; -; 167 : } -; 168 : */ +; 146 : //PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1)); +; 147 : //PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2)); +; 148 : //PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776); +; 149 : //PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776); +; 150 : //PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst); +; 151 : //PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst); +; 152 : +; 153 : //NcAppendToBlock(Pre1, Return1776); +; 154 : //NcInsertBlockAfter(Pre1->End, Post1, 0); +; 155 : //Pre1->End = Post1->End; +; 156 : //NcInsertBlockAfter(Pre1->End, Pre2, 0); +; 157 : //Pre1->End = Pre2->End; +; 158 : //NcAppendToBlock(Pre1, RetInst); +; 159 : //NcInsertBlockAfter(Pre1->End, Post2, 0); +; 160 : //Pre1->End = Post2->End; +; 161 : +; 162 : ///*Pre->Start = Return1776; +; 163 : //Pre->End = Return1776;*/ +; 164 : +; 165 : //for (ULONG i = 0; i < Return1776->RawDataSize; i++) +; 166 : // Return1776->RawData[i] = (UCHAR)rand(); +; 167 : //for (ULONG i = 0; i < RetInst->RawDataSize; i++) +; 168 : // RetInst->RawData[i] = (UCHAR)rand(); ; 169 : ; 170 : -; 171 : //PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End); -; 172 : //NcDebugPrint(OpaqueBranch); -; 173 : -; 174 : -; 175 : -; 176 : /*NATIVE_CODE_LINK T; -; 177 : T.RawDataSize = 10; -; 178 : T.RawData = new UCHAR[10]; -; 179 : memset(T.RawData, 0xAA, 10); -; 180 : JIT_BITWISE_DATA Data; -; 181 : RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA)); -; 182 : PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T); -; 183 : if (NewBlock) -; 184 : { -; 185 : printf("\n"); -; 186 : NcDebugPrint(NewBlock); -; 187 : printf("\n"); -; 188 : NcPrintBlockCode(NewBlock); -; 189 : } -; 190 : system("pause");*/ -; 191 : -; 192 : } - - 0015e 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp] - 00162 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ - 00167 33 c0 xor eax, eax - 00169 8b f8 mov edi, eax - 0016b 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] - 0016f 48 8d 15 00 00 +; 171 : +; 172 : //ULONG AsmLen; +; 173 : //PVOID Asm = NcAssemble(Pre1, &AsmLen); +; 174 : //PUCHAR Tb = (PUCHAR)Asm; +; 175 : //for (uint32_t i = 0; i < AsmLen; i++) +; 176 : //{ +; 177 : // std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' '; +; 178 : //} +; 179 : +; 180 : //system("pause"); +; 181 : +; 182 : //typedef ULONG64(*FnGet1776)(); +; 183 : //FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen); +; 184 : //if (ExecBuffer) +; 185 : //{ +; 186 : // printf("The numba was: %X\n", ExecBuffer()); +; 187 : // printf("The numba was: %X\n", ExecBuffer()); +; 188 : +; 189 : // printf("The numba was: %X\n", ExecBuffer()); +; 190 : +; 191 : // printf("The numba was: %X\n", ExecBuffer()); +; 192 : +; 193 : //} +; 194 : +; 195 : +; 196 : //NcDebugPrint(Post); +; 197 : +; 198 : +; 199 : +; 200 : /*NATIVE_CODE_BLOCK Block; +; 201 : NcDisassemble(&Block, TestBuffer, TestBufferSize); +; 202 : PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1)); +; 203 : +; 204 : NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink); +; 205 : ULONG AssembledSize; +; 206 : PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize); +; 207 : if (!AssembledBlock || !AssembledSize) +; 208 : { +; 209 : printf("Something failed nicka.\n"); +; 210 : system("pause"); +; 211 : return -1; +; 212 : } +; 213 : PUCHAR Tb = (PUCHAR)AssembledBlock; +; 214 : for (uint32_t i = 0; i < AssembledSize; i++) +; 215 : { +; 216 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' '; +; 217 : } +; 218 : */ +; 219 : +; 220 : +; 221 : //PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End); +; 222 : //NcDebugPrint(OpaqueBranch); +; 223 : +; 224 : +; 225 : +; 226 : /*NATIVE_CODE_LINK T; +; 227 : T.RawDataSize = 10; +; 228 : T.RawData = new UCHAR[10]; +; 229 : memset(T.RawData, 0xAA, 10); +; 230 : JIT_BITWISE_DATA Data; +; 231 : RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA)); +; 232 : PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T); +; 233 : if (NewBlock) +; 234 : { +; 235 : printf("\n"); +; 236 : NcDebugPrint(NewBlock); +; 237 : printf("\n"); +; 238 : NcPrintBlockCode(NewBlock); +; 239 : } +; 240 : system("pause");*/ +; 241 : +; 242 : } + + 0018f 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] + 00193 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ + 00198 eb 02 jmp SHORT $LN6@main + 0019a eb 02 jmp SHORT $LN5@main +$LN6@main: + 0019c 33 c0 xor eax, eax +$LN5@main: + 0019e 48 8b f8 mov rdi, rax + 001a1 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] + 001a5 48 8d 15 00 00 00 00 lea rdx, OFFSET FLAT:main$rtcFrameData - 00176 e8 00 00 00 00 call _RTC_CheckStackVars - 0017b 8b c7 mov eax, edi - 0017d 48 8b 8d e0 01 + 001ac e8 00 00 00 00 call _RTC_CheckStackVars + 001b1 48 8b c7 mov rax, rdi + 001b4 48 8b 8d d0 01 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] - 00184 48 33 cd xor rcx, rbp - 00187 e8 00 00 00 00 call __security_check_cookie - 0018c 48 8d a5 f8 01 - 00 00 lea rsp, QWORD PTR [rbp+504] - 00193 5f pop rdi - 00194 5d pop rbp - 00195 c3 ret 0 + 001bb 48 33 cd xor rcx, rbp + 001be e8 00 00 00 00 call __security_check_cookie + 001c3 48 8d a5 e8 01 + 00 00 lea rsp, QWORD PTR [rbp+488] + 001ca 5f pop rdi + 001cb 5d pop rbp + 001cc c3 ret 0 main ENDP _TEXT ENDS ; COMDAT text$x text$x SEGMENT -Block$ = 8 +RetNumBlock$ = 8 Obf$ = 88 -ByteSize$ = 132 -InstSize$ = 164 -AsmSize$ = 196 -Asm$ = 232 -Exec$ = 264 -tv133 = 468 -tv131 = 472 -__$ArrayPad$ = 480 +AsmSize$ = 132 +Asm$ = 168 +Exec$ = 200 +$T6 = 420 +tv134 = 440 +tv128 = 448 +tv132 = 456 +__$ArrayPad$ = 464 main$dtor$0 PROC 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -8216,7 +9095,7 @@ main$dtor$0 PROC 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp] + 00014 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] 00018 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 0001d 48 83 c4 28 add rsp, 40 ; 00000028H 00021 5f pop rdi @@ -8227,16 +9106,16 @@ text$x ENDS ; Function compile flags: /Odtp /RTCsu /ZI ; COMDAT text$x text$x SEGMENT -Block$ = 8 +RetNumBlock$ = 8 Obf$ = 88 -ByteSize$ = 132 -InstSize$ = 164 -AsmSize$ = 196 -Asm$ = 232 -Exec$ = 264 -tv133 = 468 -tv131 = 472 -__$ArrayPad$ = 480 +AsmSize$ = 132 +Asm$ = 168 +Exec$ = 200 +$T6 = 420 +tv134 = 440 +tv128 = 448 +tv132 = 456 +__$ArrayPad$ = 464 main$dtor$0 PROC 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -8244,7 +9123,7 @@ main$dtor$0 PROC 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp] + 00014 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] 00018 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 0001d 48 83 c4 28 add rsp, 40 ; 00000028H 00021 5f pop rdi @@ -12414,237 +13293,1270 @@ $LN5@dtor$0: ?dtor$0@?0???0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@XZ@4HA ENDP ; `std::basic_ofstream >::basic_ofstream >'::`1'::dtor$0 text$x ENDS ; Function compile flags: /Odtp /RTCsu /ZI -; COMDAT text$x -text$x SEGMENT -$T1 = 196 -this$ = 256 -$initVBases$ = 264 -?dtor$1@?0???0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@XZ@4HA PROC ; `std::basic_ofstream >::basic_ofstream >'::`1'::dtor$1 - 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx +; COMDAT text$x +text$x SEGMENT +$T1 = 196 +this$ = 256 +$initVBases$ = 264 +?dtor$1@?0???0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@XZ@4HA PROC ; `std::basic_ofstream >::basic_ofstream >'::`1'::dtor$1 + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H + 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] + 00014 48 8b 8d 00 01 + 00 00 mov rcx, QWORD PTR this$[rbp] + 0001b 48 83 c1 10 add rcx, 16 + 0001f ff 15 00 00 00 + 00 call QWORD PTR __imp_??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ + 00025 48 83 c4 28 add rsp, 40 ; 00000028H + 00029 5f pop rdi + 0002a 5d pop rbp + 0002b c3 ret 0 +?dtor$1@?0???0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@XZ@4HA ENDP ; `std::basic_ofstream >::basic_ofstream >'::`1'::dtor$1 +text$x ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Main.cpp +; COMDAT ?PutToFile@@YAXPEAXK@Z +_TEXT SEGMENT +fout$ = 16 +__$ArrayPad$ = 488 +Buffer$ = 528 +BufferSize$ = 536 +?PutToFile@@YAXPEAXK@Z PROC ; PutToFile, COMDAT + +; 28 : { + +$LN4: + 00000 89 54 24 10 mov DWORD PTR [rsp+16], edx + 00004 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00009 55 push rbp + 0000a 57 push rdi + 0000b 48 81 ec 18 02 + 00 00 sub rsp, 536 ; 00000218H + 00012 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00017 48 8b fc mov rdi, rsp + 0001a b9 86 00 00 00 mov ecx, 134 ; 00000086H + 0001f b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00024 f3 ab rep stosd + 00026 48 8b 8c 24 38 + 02 00 00 mov rcx, QWORD PTR [rsp+568] + 0002e 48 8b 05 00 00 + 00 00 mov rax, QWORD PTR __security_cookie + 00035 48 33 c5 xor rax, rbp + 00038 48 89 85 e8 01 + 00 00 mov QWORD PTR __$ArrayPad$[rbp], rax + 0003f 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__4031338C_Main@cpp + 00046 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + +; 29 : std::ofstream fout; + + 0004b ba 08 01 00 00 mov edx, 264 ; 00000108H + 00050 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] + 00054 e8 00 00 00 00 call ?__autoclassinit2@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAX_K@Z + 00059 ba 01 00 00 00 mov edx, 1 + 0005e 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] + 00062 e8 00 00 00 00 call ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ofstream >::basic_ofstream > + 00067 90 npad 1 + +; 30 : fout.open("C:\\Users\\Iizerd\\Desktop\\Leeg Hake\\Test.m", std::ios::binary | std::ios::out); + + 00068 41 b9 40 00 00 + 00 mov r9d, 64 ; 00000040H + 0006e 41 b8 22 00 00 + 00 mov r8d, 34 ; 00000022H + 00074 48 8d 15 00 00 + 00 00 lea rdx, OFFSET FLAT:??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@ + 0007b 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] + 0007f e8 00 00 00 00 call ?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXPEBDHH@Z ; std::basic_ofstream >::open + +; 31 : fout.write((PCHAR)Buffer, BufferSize); + + 00084 8b 85 18 02 00 + 00 mov eax, DWORD PTR BufferSize$[rbp] + 0008a 44 8b c0 mov r8d, eax + 0008d 48 8b 95 10 02 + 00 00 mov rdx, QWORD PTR Buffer$[rbp] + 00094 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] + 00098 ff 15 00 00 00 + 00 call QWORD PTR __imp_?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z + +; 32 : fout.close(); + + 0009e 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] + 000a2 e8 00 00 00 00 call ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ ; std::basic_ofstream >::close + 000a7 90 npad 1 + +; 33 : } + + 000a8 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] + 000ac e8 00 00 00 00 call ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ + 000b1 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] + 000b5 48 8d 15 00 00 + 00 00 lea rdx, OFFSET FLAT:?PutToFile@@YAXPEAXK@Z$rtcFrameData + 000bc e8 00 00 00 00 call _RTC_CheckStackVars + 000c1 48 8b 8d e8 01 + 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] + 000c8 48 33 cd xor rcx, rbp + 000cb e8 00 00 00 00 call __security_check_cookie + 000d0 48 8d a5 f8 01 + 00 00 lea rsp, QWORD PTR [rbp+504] + 000d7 5f pop rdi + 000d8 5d pop rbp + 000d9 c3 ret 0 +?PutToFile@@YAXPEAXK@Z ENDP ; PutToFile +_TEXT ENDS +; COMDAT text$x +text$x SEGMENT +fout$ = 16 +__$ArrayPad$ = 488 +Buffer$ = 528 +BufferSize$ = 536 +?dtor$0@?0??PutToFile@@YAXPEAXK@Z@4HA PROC ; `PutToFile'::`1'::dtor$0 + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H + 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] + 00014 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] + 00018 e8 00 00 00 00 call ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ + 0001d 48 83 c4 28 add rsp, 40 ; 00000028H + 00021 5f pop rdi + 00022 5d pop rbp + 00023 c3 ret 0 +?dtor$0@?0??PutToFile@@YAXPEAXK@Z@4HA ENDP ; `PutToFile'::`1'::dtor$0 +text$x ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; COMDAT text$x +text$x SEGMENT +fout$ = 16 +__$ArrayPad$ = 488 +Buffer$ = 528 +BufferSize$ = 536 +?dtor$0@?0??PutToFile@@YAXPEAXK@Z@4HA PROC ; `PutToFile'::`1'::dtor$0 + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H + 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] + 00014 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] + 00018 e8 00 00 00 00 call ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ + 0001d 48 83 c4 28 add rsp, 40 ; 00000028H + 00021 5f pop rdi + 00022 5d pop rbp + 00023 c3 ret 0 +?dtor$0@?0??PutToFile@@YAXPEAXK@Z@4HA ENDP ; `PutToFile'::`1'::dtor$0 +text$x ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Main.cpp +; COMDAT ?MakeExecutableBuffer@@YAPEAXPEAXK@Z +_TEXT SEGMENT +ExecBuffer$ = 8 +Buffer$ = 256 +BufferSize$ = 264 +?MakeExecutableBuffer@@YAPEAXPEAXK@Z PROC ; MakeExecutableBuffer, COMDAT + +; 20 : { + +$LN4: + 00000 89 54 24 10 mov DWORD PTR [rsp+16], edx + 00004 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00009 55 push rbp + 0000a 57 push rdi + 0000b 48 81 ec 08 01 + 00 00 sub rsp, 264 ; 00000108H + 00012 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00017 48 8b fc mov rdi, rsp + 0001a b9 42 00 00 00 mov ecx, 66 ; 00000042H + 0001f b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00024 f3 ab rep stosd + 00026 48 8b 8c 24 28 + 01 00 00 mov rcx, QWORD PTR [rsp+296] + 0002e 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__4031338C_Main@cpp + 00035 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + +; 21 : PVOID ExecBuffer = VirtualAlloc(nullptr, BufferSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); + + 0003a 8b 85 08 01 00 + 00 mov eax, DWORD PTR BufferSize$[rbp] + 00040 41 b9 40 00 00 + 00 mov r9d, 64 ; 00000040H + 00046 41 b8 00 10 00 + 00 mov r8d, 4096 ; 00001000H + 0004c 8b d0 mov edx, eax + 0004e 33 c9 xor ecx, ecx + 00050 ff 15 00 00 00 + 00 call QWORD PTR __imp_VirtualAlloc + 00056 48 89 45 08 mov QWORD PTR ExecBuffer$[rbp], rax + +; 22 : if (!ExecBuffer) + + 0005a 48 83 7d 08 00 cmp QWORD PTR ExecBuffer$[rbp], 0 + 0005f 75 04 jne SHORT $LN2@MakeExecut + +; 23 : return NULL; + + 00061 33 c0 xor eax, eax + 00063 eb 19 jmp SHORT $LN1@MakeExecut +$LN2@MakeExecut: + +; 24 : RtlCopyMemory(ExecBuffer, Buffer, BufferSize); + + 00065 8b 85 08 01 00 + 00 mov eax, DWORD PTR BufferSize$[rbp] + 0006b 44 8b c0 mov r8d, eax + 0006e 48 8b 95 00 01 + 00 00 mov rdx, QWORD PTR Buffer$[rbp] + 00075 48 8b 4d 08 mov rcx, QWORD PTR ExecBuffer$[rbp] + 00079 e8 00 00 00 00 call memcpy +$LN1@MakeExecut: + +; 25 : } + + 0007e 48 8d a5 e8 00 + 00 00 lea rsp, QWORD PTR [rbp+232] + 00085 5f pop rdi + 00086 5d pop rbp + 00087 c3 ret 0 +?MakeExecutableBuffer@@YAPEAXPEAXK@Z ENDP ; MakeExecutableBuffer +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\iomanip +; COMDAT ??$?6DU?$char_traits@D@std@@D@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Fillobj@D@0@@Z +_TEXT SEGMENT +tv79 = 192 +_Ostr$ = 240 +_Manip$ = 248 +??$?6DU?$char_traits@D@std@@D@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Fillobj@D@0@@Z PROC ; std::operator<<,char>, COMDAT + +; 49 : const _Fillobj<_Elem2>& _Manip) { // set fill character in output stream + +$LN3: + 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 81 ec f8 00 + 00 00 sub rsp, 248 ; 000000f8H + 00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00018 48 8b fc mov rdi, rsp + 0001b b9 3e 00 00 00 mov ecx, 62 ; 0000003eH + 00020 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00025 f3 ab rep stosd + 00027 48 8b 8c 24 18 + 01 00 00 mov rcx, QWORD PTR [rsp+280] + 0002f 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__8266A2FD_iomanip + 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + +; 50 : static_assert(is_same_v<_Elem, _Elem2>, "wrong character type for setfill"); +; 51 : +; 52 : _Ostr.fill(_Manip._Fill); + + 0003b 48 8b 85 f0 00 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 00042 48 8b 00 mov rax, QWORD PTR [rax] + 00045 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 00049 48 8b 8d f0 00 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 00050 48 03 c8 add rcx, rax + 00053 48 8b c1 mov rax, rcx + 00056 48 89 85 c0 00 + 00 00 mov QWORD PTR tv79[rbp], rax + 0005d 48 8b 85 f8 00 + 00 00 mov rax, QWORD PTR _Manip$[rbp] + 00064 0f b6 10 movzx edx, BYTE PTR [rax] + 00067 48 8b 8d c0 00 + 00 00 mov rcx, QWORD PTR tv79[rbp] + 0006e ff 15 00 00 00 + 00 call QWORD PTR __imp_?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z + +; 53 : return _Ostr; + + 00074 48 8b 85 f0 00 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + +; 54 : } + + 0007b 48 8d a5 d8 00 + 00 00 lea rsp, QWORD PTR [rbp+216] + 00082 5f pop rdi + 00083 5d pop rbp + 00084 c3 ret 0 +??$?6DU?$char_traits@D@std@@D@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Fillobj@D@0@@Z ENDP ; std::operator<<,char> +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\iomanip +; COMDAT ??0?$_Fillobj@D@std@@QEAA@D@Z +_TEXT SEGMENT +this$ = 224 +_Ch$ = 232 +??0?$_Fillobj@D@std@@QEAA@D@Z PROC ; std::_Fillobj::_Fillobj, COMDAT + +; 27 : _Fillobj(_Elem _Ch) : _Fill(_Ch) {} + +$LN3: + 00000 88 54 24 10 mov BYTE PTR [rsp+16], dl + 00004 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00009 55 push rbp + 0000a 57 push rdi + 0000b 48 81 ec e8 00 + 00 00 sub rsp, 232 ; 000000e8H + 00012 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00017 48 8b fc mov rdi, rsp + 0001a b9 3a 00 00 00 mov ecx, 58 ; 0000003aH + 0001f b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00024 f3 ab rep stosd + 00026 48 8b 8c 24 08 + 01 00 00 mov rcx, QWORD PTR [rsp+264] + 0002e 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__8266A2FD_iomanip + 00035 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + 0003a 48 8b 85 e0 00 + 00 00 mov rax, QWORD PTR this$[rbp] + 00041 0f b6 8d e8 00 + 00 00 movzx ecx, BYTE PTR _Ch$[rbp] + 00048 88 08 mov BYTE PTR [rax], cl + 0004a 48 8b 85 e0 00 + 00 00 mov rax, QWORD PTR this$[rbp] + 00051 48 8d a5 c8 00 + 00 00 lea rsp, QWORD PTR [rbp+200] + 00058 5f pop rdi + 00059 5d pop rbp + 0005a c3 ret 0 +??0?$_Fillobj@D@std@@QEAA@D@Z ENDP ; std::_Fillobj::_Fillobj +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\iomanip +; COMDAT ??$setfill@D@std@@YA?AU?$_Fillobj@D@0@D@Z +_TEXT SEGMENT +__$ReturnUdt$ = 224 +_Ch$ = 232 +??$setfill@D@std@@YA?AU?$_Fillobj@D@0@D@Z PROC ; std::setfill, COMDAT + +; 34 : _NODISCARD _Fillobj<_Elem> setfill(_Elem _Ch) { + +$LN3: + 00000 88 54 24 10 mov BYTE PTR [rsp+16], dl + 00004 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00009 55 push rbp + 0000a 57 push rdi + 0000b 48 81 ec e8 00 + 00 00 sub rsp, 232 ; 000000e8H + 00012 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00017 48 8b fc mov rdi, rsp + 0001a b9 3a 00 00 00 mov ecx, 58 ; 0000003aH + 0001f b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00024 f3 ab rep stosd + 00026 48 8b 8c 24 08 + 01 00 00 mov rcx, QWORD PTR [rsp+264] + 0002e 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__8266A2FD_iomanip + 00035 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + +; 35 : return _Fillobj<_Elem>(_Ch); + + 0003a 0f b6 95 e8 00 + 00 00 movzx edx, BYTE PTR _Ch$[rbp] + 00041 48 8b 8d e0 00 + 00 00 mov rcx, QWORD PTR __$ReturnUdt$[rbp] + 00048 e8 00 00 00 00 call ??0?$_Fillobj@D@std@@QEAA@D@Z ; std::_Fillobj::_Fillobj + 0004d 48 8b 85 e0 00 + 00 00 mov rax, QWORD PTR __$ReturnUdt$[rbp] + +; 36 : } + + 00054 48 8d a5 c8 00 + 00 00 lea rsp, QWORD PTR [rbp+200] + 0005b 5f pop rdi + 0005c 5d pop rbp + 0005d c3 ret 0 +??$setfill@D@std@@YA?AU?$_Fillobj@D@0@D@Z ENDP ; std::setfill +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\iomanip +; COMDAT ??$?6DU?$char_traits@D@std@@_J@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Smanip@_J@0@@Z +_TEXT SEGMENT +tv79 = 192 +_Ostr$ = 240 +_Manip$ = 248 +??$?6DU?$char_traits@D@std@@_J@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Smanip@_J@0@@Z PROC ; std::operator<<,__int64>, COMDAT + +; 423 : const _Smanip<_Arg>& _Manip) { // insert by calling function with output stream and argument + +$LN3: + 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 0000a 55 push rbp 0000b 57 push rdi - 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H - 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8b 8d 00 01 - 00 00 mov rcx, QWORD PTR this$[rbp] - 0001b 48 83 c1 10 add rcx, 16 - 0001f ff 15 00 00 00 - 00 call QWORD PTR __imp_??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ - 00025 48 83 c4 28 add rsp, 40 ; 00000028H - 00029 5f pop rdi - 0002a 5d pop rbp - 0002b c3 ret 0 -?dtor$1@?0???0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@XZ@4HA ENDP ; `std::basic_ofstream >::basic_ofstream >'::`1'::dtor$1 -text$x ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Main.cpp -; COMDAT ?PutToFile@@YAXPEAXK@Z -_TEXT SEGMENT -fout$ = 16 -__$ArrayPad$ = 488 -Buffer$ = 528 -BufferSize$ = 536 -?PutToFile@@YAXPEAXK@Z PROC ; PutToFile, COMDAT + 0000c 48 81 ec f8 00 + 00 00 sub rsp, 248 ; 000000f8H + 00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00018 48 8b fc mov rdi, rsp + 0001b b9 3e 00 00 00 mov ecx, 62 ; 0000003eH + 00020 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00025 f3 ab rep stosd + 00027 48 8b 8c 24 18 + 01 00 00 mov rcx, QWORD PTR [rsp+280] + 0002f 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__8266A2FD_iomanip + 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 21 : { +; 424 : (*_Manip._Pfun)(_Ostr, _Manip._Manarg); -$LN4: - 00000 89 54 24 10 mov DWORD PTR [rsp+16], edx + 0003b 48 8b 85 f8 00 + 00 00 mov rax, QWORD PTR _Manip$[rbp] + 00042 48 8b 00 mov rax, QWORD PTR [rax] + 00045 48 89 85 c0 00 + 00 00 mov QWORD PTR tv79[rbp], rax + 0004c 48 8b 85 f0 00 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 00053 48 8b 00 mov rax, QWORD PTR [rax] + 00056 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 0005a 48 8b 8d f0 00 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 00061 48 03 c8 add rcx, rax + 00064 48 8b c1 mov rax, rcx + 00067 48 8b 8d f8 00 + 00 00 mov rcx, QWORD PTR _Manip$[rbp] + 0006e 48 8b 51 08 mov rdx, QWORD PTR [rcx+8] + 00072 48 8b c8 mov rcx, rax + 00075 ff 95 c0 00 00 + 00 call QWORD PTR tv79[rbp] + +; 425 : return _Ostr; + + 0007b 48 8b 85 f0 00 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + +; 426 : } + + 00082 48 8d a5 d8 00 + 00 00 lea rsp, QWORD PTR [rbp+216] + 00089 5f pop rdi + 0008a 5d pop rbp + 0008b c3 ret 0 +??$?6DU?$char_traits@D@std@@_J@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Smanip@_J@0@@Z ENDP ; std::operator<<,__int64> +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\ostream +; COMDAT ??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z +_TEXT SEGMENT +_State$ = 4 +_Ok$ = 40 +_Pad$4 = 88 +$T5 = 308 +$T6 = 340 +$T7 = 372 +$T8 = 404 +$T9 = 436 +$T10 = 468 +$T11 = 504 +tv65 = 516 +tv305 = 520 +tv303 = 520 +tv300 = 520 +tv295 = 520 +tv281 = 520 +tv266 = 520 +tv130 = 520 +tv245 = 528 +tv204 = 528 +tv179 = 528 +tv306 = 536 +tv304 = 536 +tv301 = 536 +tv243 = 537 +tv177 = 537 +tv307 = 540 +tv302 = 540 +__$ArrayPad$ = 544 +_Ostr$ = 592 +_Ch$ = 600 +??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z PROC ; std::operator<< >, COMDAT + +; 780 : basic_ostream& _Ostr, char _Ch) { // insert a char into char stream + +$LN23: + 00000 88 54 24 10 mov BYTE PTR [rsp+16], dl 00004 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00009 55 push rbp 0000a 57 push rdi - 0000b 48 81 ec 18 02 - 00 00 sub rsp, 536 ; 00000218H + 0000b 48 81 ec 58 02 + 00 00 sub rsp, 600 ; 00000258H 00012 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] 00017 48 8b fc mov rdi, rsp - 0001a b9 86 00 00 00 mov ecx, 134 ; 00000086H + 0001a b9 96 00 00 00 mov ecx, 150 ; 00000096H 0001f b8 cc cc cc cc mov eax, -858993460 ; ccccccccH 00024 f3 ab rep stosd - 00026 48 8b 8c 24 38 - 02 00 00 mov rcx, QWORD PTR [rsp+568] + 00026 48 8b 8c 24 78 + 02 00 00 mov rcx, QWORD PTR [rsp+632] 0002e 48 8b 05 00 00 00 00 mov rax, QWORD PTR __security_cookie 00035 48 33 c5 xor rax, rbp - 00038 48 89 85 e8 01 + 00038 48 89 85 20 02 00 00 mov QWORD PTR __$ArrayPad$[rbp], rax 0003f 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:__4031338C_Main@cpp + 00 00 lea rcx, OFFSET FLAT:__1D745195_ostream 00046 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 22 : std::ofstream fout; - - 0004b ba 08 01 00 00 mov edx, 264 ; 00000108H - 00050 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] - 00054 e8 00 00 00 00 call ?__autoclassinit2@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAX_K@Z - 00059 ba 01 00 00 00 mov edx, 1 - 0005e 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] - 00062 e8 00 00 00 00 call ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ofstream >::basic_ofstream > - 00067 90 npad 1 - -; 23 : fout.open("C:\\Users\\Iizerd\\Desktop\\Leeg Hake\\Test.m", std::ios::binary | std::ios::out); - - 00068 41 b9 40 00 00 - 00 mov r9d, 64 ; 00000040H - 0006e 41 b8 22 00 00 - 00 mov r8d, 34 ; 00000022H - 00074 48 8d 15 00 00 - 00 00 lea rdx, OFFSET FLAT:??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@ - 0007b 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] - 0007f e8 00 00 00 00 call ?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXPEBDHH@Z ; std::basic_ofstream >::open +; 781 : using _Elem = char; +; 782 : using _Myos = basic_ostream<_Elem, _Traits>; +; 783 : +; 784 : ios_base::iostate _State = ios_base::goodbit; -; 24 : fout.write((PCHAR)Buffer, BufferSize); + 0004b c7 45 04 00 00 + 00 00 mov DWORD PTR _State$[rbp], 0 - 00084 8b 85 18 02 00 - 00 mov eax, DWORD PTR BufferSize$[rbp] - 0008a 44 8b c0 mov r8d, eax - 0008d 48 8b 95 10 02 - 00 00 mov rdx, QWORD PTR Buffer$[rbp] - 00094 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] - 00098 ff 15 00 00 00 - 00 call QWORD PTR __imp_?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z +; 785 : const typename _Myos::sentry _Ok(_Ostr); -; 25 : fout.close(); + 00052 48 8b 95 50 02 + 00 00 mov rdx, QWORD PTR _Ostr$[rbp] + 00059 48 8d 4d 28 lea rcx, QWORD PTR _Ok$[rbp] + 0005d e8 00 00 00 00 call ??0sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@AEAV12@@Z ; std::basic_ostream >::sentry::sentry + 00062 90 npad 1 - 0009e 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] - 000a2 e8 00 00 00 00 call ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ ; std::basic_ofstream >::close - 000a7 90 npad 1 +; 786 : +; 787 : if (_Ok) { // state okay, insert -; 26 : } + 00063 48 8d 4d 28 lea rcx, QWORD PTR _Ok$[rbp] + 00067 e8 00 00 00 00 call ??Bsentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEBA_NXZ ; std::basic_ostream >::sentry::operator bool + 0006c 0f b6 c0 movzx eax, al + 0006f 85 c0 test eax, eax + 00071 0f 84 1d 03 00 + 00 je $LN8@operator + +; 788 : streamsize _Pad = _Ostr.width() <= 1 ? 0 : _Ostr.width() - 1; + + 00077 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 0007e 48 8b 00 mov rax, QWORD PTR [rax] + 00081 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 00085 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 0008c 48 03 c8 add rcx, rax + 0008f 48 8b c1 mov rax, rcx + 00092 48 8b c8 mov rcx, rax + 00095 ff 15 00 00 00 + 00 call QWORD PTR __imp_?width@ios_base@std@@QEBA_JXZ + 0009b 48 83 f8 01 cmp rax, 1 + 0009f 7f 0d jg SHORT $LN15@operator + 000a1 48 c7 85 08 02 + 00 00 00 00 00 + 00 mov QWORD PTR tv130[rbp], 0 + 000ac eb 2e jmp SHORT $LN16@operator +$LN15@operator: + 000ae 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 000b5 48 8b 00 mov rax, QWORD PTR [rax] + 000b8 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 000bc 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 000c3 48 03 c8 add rcx, rax + 000c6 48 8b c1 mov rax, rcx + 000c9 48 8b c8 mov rcx, rax + 000cc ff 15 00 00 00 + 00 call QWORD PTR __imp_?width@ios_base@std@@QEBA_JXZ + 000d2 48 ff c8 dec rax + 000d5 48 89 85 08 02 + 00 00 mov QWORD PTR tv130[rbp], rax +$LN16@operator: + 000dc 48 8b 85 08 02 + 00 00 mov rax, QWORD PTR tv130[rbp] + 000e3 48 89 45 58 mov QWORD PTR _Pad$4[rbp], rax + +; 789 : +; 790 : _TRY_IO_BEGIN +; 791 : if ((_Ostr.flags() & ios_base::adjustfield) != ios_base::left) { + + 000e7 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 000ee 48 8b 00 mov rax, QWORD PTR [rax] + 000f1 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 000f5 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 000fc 48 03 c8 add rcx, rax + 000ff 48 8b c1 mov rax, rcx + 00102 48 8b c8 mov rcx, rax + 00105 ff 15 00 00 00 + 00 call QWORD PTR __imp_?flags@ios_base@std@@QEBAHXZ + 0010b 89 85 04 02 00 + 00 mov DWORD PTR tv65[rbp], eax + 00111 8b 85 04 02 00 + 00 mov eax, DWORD PTR tv65[rbp] + 00117 25 c0 01 00 00 and eax, 448 ; 000001c0H + 0011c 83 f8 40 cmp eax, 64 ; 00000040H + 0011f 0f 84 eb 00 00 + 00 je $LN10@operator + +; 792 : for (; _State == ios_base::goodbit && 0 < _Pad; --_Pad) { // pad on left + + 00125 eb 0b jmp SHORT $LN4@operator +$LN2@operator: + 00127 48 8b 45 58 mov rax, QWORD PTR _Pad$4[rbp] + 0012b 48 ff c8 dec rax + 0012e 48 89 45 58 mov QWORD PTR _Pad$4[rbp], rax +$LN4@operator: + 00132 83 7d 04 00 cmp DWORD PTR _State$[rbp], 0 + 00136 0f 85 d4 00 00 + 00 jne $LN10@operator + 0013c 48 83 7d 58 00 cmp QWORD PTR _Pad$4[rbp], 0 + 00141 0f 8e c9 00 00 + 00 jle $LN10@operator + +; 793 : if (_Traits::eq_int_type(_Traits::eof(), _Ostr.rdbuf()->sputc(_Ostr.fill()))) { + + 00147 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 0014e 48 8b 00 mov rax, QWORD PTR [rax] + 00151 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 00155 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 0015c 48 03 c8 add rcx, rax + 0015f 48 8b c1 mov rax, rcx + 00162 48 8b c8 mov rcx, rax + 00165 ff 15 00 00 00 + 00 call QWORD PTR __imp_?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ + 0016b 48 89 85 08 02 + 00 00 mov QWORD PTR tv300[rbp], rax + 00172 48 8b 85 08 02 + 00 00 mov rax, QWORD PTR tv300[rbp] + 00179 48 89 85 10 02 + 00 00 mov QWORD PTR tv179[rbp], rax + 00180 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 00187 48 8b 00 mov rax, QWORD PTR [rax] + 0018a 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 0018e 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 00195 48 03 c8 add rcx, rax + 00198 48 8b c1 mov rax, rcx + 0019b 48 8b c8 mov rcx, rax + 0019e ff 15 00 00 00 + 00 call QWORD PTR __imp_?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ + 001a4 88 85 18 02 00 + 00 mov BYTE PTR tv301[rbp], al + 001aa 0f b6 85 18 02 + 00 00 movzx eax, BYTE PTR tv301[rbp] + 001b1 88 85 19 02 00 + 00 mov BYTE PTR tv177[rbp], al + 001b7 0f b6 95 19 02 + 00 00 movzx edx, BYTE PTR tv177[rbp] + 001be 48 8b 8d 10 02 + 00 00 mov rcx, QWORD PTR tv179[rbp] + 001c5 ff 15 00 00 00 + 00 call QWORD PTR __imp_?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z + 001cb 89 85 1c 02 00 + 00 mov DWORD PTR tv302[rbp], eax + 001d1 8b 85 1c 02 00 + 00 mov eax, DWORD PTR tv302[rbp] + 001d7 89 85 34 01 00 + 00 mov DWORD PTR $T5[rbp], eax + 001dd e8 00 00 00 00 call ?eof@?$_Narrow_char_traits@DH@std@@SAHXZ ; std::_Narrow_char_traits::eof + 001e2 89 85 54 01 00 + 00 mov DWORD PTR $T6[rbp], eax + 001e8 48 8d 95 34 01 + 00 00 lea rdx, QWORD PTR $T5[rbp] + 001ef 48 8d 8d 54 01 + 00 00 lea rcx, QWORD PTR $T6[rbp] + 001f6 e8 00 00 00 00 call ?eq_int_type@?$_Narrow_char_traits@DH@std@@SA_NAEBH0@Z ; std::_Narrow_char_traits::eq_int_type + 001fb 0f b6 c0 movzx eax, al + 001fe 85 c0 test eax, eax + 00200 74 09 je SHORT $LN11@operator + +; 794 : _State |= ios_base::badbit; + + 00202 8b 45 04 mov eax, DWORD PTR _State$[rbp] + 00205 83 c8 04 or eax, 4 + 00208 89 45 04 mov DWORD PTR _State$[rbp], eax +$LN11@operator: + +; 795 : } +; 796 : } + + 0020b e9 17 ff ff ff jmp $LN2@operator +$LN10@operator: + +; 797 : } +; 798 : +; 799 : if (_State == ios_base::goodbit && _Traits::eq_int_type(_Traits::eof(), _Ostr.rdbuf()->sputc(_Ch))) { + + 00210 83 7d 04 00 cmp DWORD PTR _State$[rbp], 0 + 00214 0f 85 8d 00 00 + 00 jne $LN12@operator + 0021a 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 00221 48 8b 00 mov rax, QWORD PTR [rax] + 00224 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 00228 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 0022f 48 03 c8 add rcx, rax + 00232 48 8b c1 mov rax, rcx + 00235 48 8b c8 mov rcx, rax + 00238 ff 15 00 00 00 + 00 call QWORD PTR __imp_?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ + 0023e 48 89 85 08 02 + 00 00 mov QWORD PTR tv303[rbp], rax + 00245 48 8b 85 08 02 + 00 00 mov rax, QWORD PTR tv303[rbp] + 0024c 48 89 85 10 02 + 00 00 mov QWORD PTR tv204[rbp], rax + 00253 0f b6 95 58 02 + 00 00 movzx edx, BYTE PTR _Ch$[rbp] + 0025a 48 8b 8d 10 02 + 00 00 mov rcx, QWORD PTR tv204[rbp] + 00261 ff 15 00 00 00 + 00 call QWORD PTR __imp_?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z + 00267 89 85 18 02 00 + 00 mov DWORD PTR tv304[rbp], eax + 0026d 8b 85 18 02 00 + 00 mov eax, DWORD PTR tv304[rbp] + 00273 89 85 74 01 00 + 00 mov DWORD PTR $T7[rbp], eax + 00279 e8 00 00 00 00 call ?eof@?$_Narrow_char_traits@DH@std@@SAHXZ ; std::_Narrow_char_traits::eof + 0027e 89 85 94 01 00 + 00 mov DWORD PTR $T8[rbp], eax + 00284 48 8d 95 74 01 + 00 00 lea rdx, QWORD PTR $T7[rbp] + 0028b 48 8d 8d 94 01 + 00 00 lea rcx, QWORD PTR $T8[rbp] + 00292 e8 00 00 00 00 call ?eq_int_type@?$_Narrow_char_traits@DH@std@@SA_NAEBH0@Z ; std::_Narrow_char_traits::eq_int_type + 00297 0f b6 c0 movzx eax, al + 0029a 85 c0 test eax, eax + 0029c 74 09 je SHORT $LN12@operator + +; 800 : _State |= ios_base::badbit; + + 0029e 8b 45 04 mov eax, DWORD PTR _State$[rbp] + 002a1 83 c8 04 or eax, 4 + 002a4 89 45 04 mov DWORD PTR _State$[rbp], eax +$LN12@operator: + +; 801 : } +; 802 : +; 803 : for (; _State == ios_base::goodbit && 0 < _Pad; --_Pad) { // pad on right + + 002a7 eb 0b jmp SHORT $LN7@operator +$LN5@operator: + 002a9 48 8b 45 58 mov rax, QWORD PTR _Pad$4[rbp] + 002ad 48 ff c8 dec rax + 002b0 48 89 45 58 mov QWORD PTR _Pad$4[rbp], rax +$LN7@operator: + 002b4 83 7d 04 00 cmp DWORD PTR _State$[rbp], 0 + 002b8 0f 85 d4 00 00 + 00 jne $LN6@operator + 002be 48 83 7d 58 00 cmp QWORD PTR _Pad$4[rbp], 0 + 002c3 0f 8e c9 00 00 + 00 jle $LN6@operator + +; 804 : if (_Traits::eq_int_type(_Traits::eof(), _Ostr.rdbuf()->sputc(_Ostr.fill()))) { + + 002c9 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 002d0 48 8b 00 mov rax, QWORD PTR [rax] + 002d3 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 002d7 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 002de 48 03 c8 add rcx, rax + 002e1 48 8b c1 mov rax, rcx + 002e4 48 8b c8 mov rcx, rax + 002e7 ff 15 00 00 00 + 00 call QWORD PTR __imp_?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ + 002ed 48 89 85 08 02 + 00 00 mov QWORD PTR tv305[rbp], rax + 002f4 48 8b 85 08 02 + 00 00 mov rax, QWORD PTR tv305[rbp] + 002fb 48 89 85 10 02 + 00 00 mov QWORD PTR tv245[rbp], rax + 00302 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 00309 48 8b 00 mov rax, QWORD PTR [rax] + 0030c 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 00310 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 00317 48 03 c8 add rcx, rax + 0031a 48 8b c1 mov rax, rcx + 0031d 48 8b c8 mov rcx, rax + 00320 ff 15 00 00 00 + 00 call QWORD PTR __imp_?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ + 00326 88 85 18 02 00 + 00 mov BYTE PTR tv306[rbp], al + 0032c 0f b6 85 18 02 + 00 00 movzx eax, BYTE PTR tv306[rbp] + 00333 88 85 19 02 00 + 00 mov BYTE PTR tv243[rbp], al + 00339 0f b6 95 19 02 + 00 00 movzx edx, BYTE PTR tv243[rbp] + 00340 48 8b 8d 10 02 + 00 00 mov rcx, QWORD PTR tv245[rbp] + 00347 ff 15 00 00 00 + 00 call QWORD PTR __imp_?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z + 0034d 89 85 1c 02 00 + 00 mov DWORD PTR tv307[rbp], eax + 00353 8b 85 1c 02 00 + 00 mov eax, DWORD PTR tv307[rbp] + 00359 89 85 b4 01 00 + 00 mov DWORD PTR $T9[rbp], eax + 0035f e8 00 00 00 00 call ?eof@?$_Narrow_char_traits@DH@std@@SAHXZ ; std::_Narrow_char_traits::eof + 00364 89 85 d4 01 00 + 00 mov DWORD PTR $T10[rbp], eax + 0036a 48 8d 95 b4 01 + 00 00 lea rdx, QWORD PTR $T9[rbp] + 00371 48 8d 8d d4 01 + 00 00 lea rcx, QWORD PTR $T10[rbp] + 00378 e8 00 00 00 00 call ?eq_int_type@?$_Narrow_char_traits@DH@std@@SA_NAEBH0@Z ; std::_Narrow_char_traits::eq_int_type + 0037d 0f b6 c0 movzx eax, al + 00380 85 c0 test eax, eax + 00382 74 09 je SHORT $LN13@operator + +; 805 : _State |= ios_base::badbit; + + 00384 8b 45 04 mov eax, DWORD PTR _State$[rbp] + 00387 83 c8 04 or eax, 4 + 0038a 89 45 04 mov DWORD PTR _State$[rbp], eax +$LN13@operator: + +; 806 : } +; 807 : } + + 0038d e9 17 ff ff ff jmp $LN5@operator +$LN6@operator: + 00392 eb 00 jmp SHORT $LN8@operator +$LN21@operator: +$LN8@operator: + +; 808 : _CATCH_IO_(ios_base, _Ostr) +; 809 : } +; 810 : +; 811 : _Ostr.width(0); + + 00394 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 0039b 48 8b 00 mov rax, QWORD PTR [rax] + 0039e 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 003a2 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 003a9 48 03 c8 add rcx, rax + 003ac 48 8b c1 mov rax, rcx + 003af 48 89 85 08 02 + 00 00 mov QWORD PTR tv281[rbp], rax + 003b6 33 d2 xor edx, edx + 003b8 48 8b 8d 08 02 + 00 00 mov rcx, QWORD PTR tv281[rbp] + 003bf ff 15 00 00 00 + 00 call QWORD PTR __imp_?width@ios_base@std@@QEAA_J_J@Z + +; 812 : _Ostr.setstate(_State); + + 003c5 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 003cc 48 8b 00 mov rax, QWORD PTR [rax] + 003cf 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 003d3 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 003da 48 03 c8 add rcx, rax + 003dd 48 8b c1 mov rax, rcx + 003e0 48 89 85 08 02 + 00 00 mov QWORD PTR tv295[rbp], rax + 003e7 45 33 c0 xor r8d, r8d + 003ea 8b 55 04 mov edx, DWORD PTR _State$[rbp] + 003ed 48 8b 8d 08 02 + 00 00 mov rcx, QWORD PTR tv295[rbp] + 003f4 ff 15 00 00 00 + 00 call QWORD PTR __imp_?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z - 000a8 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] - 000ac e8 00 00 00 00 call ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ - 000b1 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] - 000b5 48 8d 15 00 00 - 00 00 lea rdx, OFFSET FLAT:?PutToFile@@YAXPEAXK@Z$rtcFrameData - 000bc e8 00 00 00 00 call _RTC_CheckStackVars - 000c1 48 8b 8d e8 01 +; 813 : return _Ostr; + + 003fa 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 00401 48 89 85 f8 01 + 00 00 mov QWORD PTR $T11[rbp], rax + 00408 48 8d 4d 28 lea rcx, QWORD PTR _Ok$[rbp] + 0040c e8 00 00 00 00 call ??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ostream >::sentry::~sentry + 00411 48 8b 85 f8 01 + 00 00 mov rax, QWORD PTR $T11[rbp] + +; 814 : } + + 00418 48 8b f8 mov rdi, rax + 0041b 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] + 0041f 48 8d 15 00 00 + 00 00 lea rdx, OFFSET FLAT:??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z$rtcFrameData + 00426 e8 00 00 00 00 call _RTC_CheckStackVars + 0042b 48 8b c7 mov rax, rdi + 0042e 48 8b 8d 20 02 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] - 000c8 48 33 cd xor rcx, rbp - 000cb e8 00 00 00 00 call __security_check_cookie - 000d0 48 8d a5 f8 01 - 00 00 lea rsp, QWORD PTR [rbp+504] - 000d7 5f pop rdi - 000d8 5d pop rbp - 000d9 c3 ret 0 -?PutToFile@@YAXPEAXK@Z ENDP ; PutToFile + 00435 48 33 cd xor rcx, rbp + 00438 e8 00 00 00 00 call __security_check_cookie + 0043d 48 8d a5 38 02 + 00 00 lea rsp, QWORD PTR [rbp+568] + 00444 5f pop rdi + 00445 5d pop rbp + 00446 c3 ret 0 +??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z ENDP ; std::operator<< > _TEXT ENDS ; COMDAT text$x text$x SEGMENT -fout$ = 16 -__$ArrayPad$ = 488 -Buffer$ = 528 -BufferSize$ = 536 -?dtor$0@?0??PutToFile@@YAXPEAXK@Z@4HA PROC ; `PutToFile'::`1'::dtor$0 +_State$ = 4 +_Ok$ = 40 +_Pad$4 = 88 +$T5 = 308 +$T6 = 340 +$T7 = 372 +$T8 = 404 +$T9 = 436 +$T10 = 468 +$T11 = 504 +tv65 = 516 +tv305 = 520 +tv303 = 520 +tv300 = 520 +tv295 = 520 +tv281 = 520 +tv266 = 520 +tv130 = 520 +tv245 = 528 +tv204 = 528 +tv179 = 528 +tv306 = 536 +tv304 = 536 +tv301 = 536 +tv243 = 537 +tv177 = 537 +tv307 = 540 +tv302 = 540 +__$ArrayPad$ = 544 +_Ostr$ = 592 +_Ch$ = 600 +?dtor$0@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA PROC ; `std::operator<< >'::`1'::dtor$0 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx 0000a 55 push rbp 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] - 00018 e8 00 00 00 00 call ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ + 00014 48 8d 4d 28 lea rcx, QWORD PTR _Ok$[rbp] + 00018 e8 00 00 00 00 call ??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ostream >::sentry::~sentry 0001d 48 83 c4 28 add rsp, 40 ; 00000028H 00021 5f pop rdi 00022 5d pop rbp 00023 c3 ret 0 -?dtor$0@?0??PutToFile@@YAXPEAXK@Z@4HA ENDP ; `PutToFile'::`1'::dtor$0 +?dtor$0@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA ENDP ; `std::operator<< >'::`1'::dtor$0 +text$x ENDS +; COMDAT text$x +text$x SEGMENT +_State$ = 4 +_Ok$ = 40 +_Pad$4 = 88 +$T5 = 308 +$T6 = 340 +$T7 = 372 +$T8 = 404 +$T9 = 436 +$T10 = 468 +$T11 = 504 +tv65 = 516 +tv305 = 520 +tv303 = 520 +tv300 = 520 +tv295 = 520 +tv281 = 520 +tv266 = 520 +tv130 = 520 +tv245 = 528 +tv204 = 528 +tv179 = 528 +tv306 = 536 +tv304 = 536 +tv301 = 536 +tv243 = 537 +tv177 = 537 +tv307 = 540 +tv302 = 540 +__$ArrayPad$ = 544 +_Ostr$ = 592 +_Ch$ = 600 +?catch$1@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA PROC ; `std::operator<< >'::`1'::catch$1 + +; 808 : _CATCH_IO_(ios_base, _Ostr) + + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H + 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] +__catch$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z$0: + 00014 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 0001b 48 8b 00 mov rax, QWORD PTR [rax] + 0001e 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 00022 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 00029 48 03 c8 add rcx, rax + 0002c 48 8b c1 mov rax, rcx + 0002f 48 89 85 08 02 + 00 00 mov QWORD PTR tv266[rbp], rax + 00036 41 b0 01 mov r8b, 1 + 00039 ba 04 00 00 00 mov edx, 4 + 0003e 48 8b 8d 08 02 + 00 00 mov rcx, QWORD PTR tv266[rbp] + 00045 ff 15 00 00 00 + 00 call QWORD PTR __imp_?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z + 0004b 90 npad 1 + 0004c 48 8d 05 00 00 + 00 00 lea rax, $LN21@catch$1 + 00053 48 83 c4 28 add rsp, 40 ; 00000028H + 00057 5f pop rdi + 00058 5d pop rbp + 00059 c3 ret 0 + 0005a cc int 3 +?catch$1@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA ENDP ; `std::operator<< >'::`1'::catch$1 text$x ENDS ; Function compile flags: /Odtp /RTCsu /ZI ; COMDAT text$x text$x SEGMENT -fout$ = 16 -__$ArrayPad$ = 488 -Buffer$ = 528 -BufferSize$ = 536 -?dtor$0@?0??PutToFile@@YAXPEAXK@Z@4HA PROC ; `PutToFile'::`1'::dtor$0 +_State$ = 4 +_Ok$ = 40 +_Pad$4 = 88 +$T5 = 308 +$T6 = 340 +$T7 = 372 +$T8 = 404 +$T9 = 436 +$T10 = 468 +$T11 = 504 +tv65 = 516 +tv305 = 520 +tv303 = 520 +tv300 = 520 +tv295 = 520 +tv281 = 520 +tv266 = 520 +tv130 = 520 +tv245 = 528 +tv204 = 528 +tv179 = 528 +tv306 = 536 +tv304 = 536 +tv301 = 536 +tv243 = 537 +tv177 = 537 +tv307 = 540 +tv302 = 540 +__$ArrayPad$ = 544 +_Ostr$ = 592 +_Ch$ = 600 +?dtor$0@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA PROC ; `std::operator<< >'::`1'::dtor$0 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx 0000a 55 push rbp 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 4d 10 lea rcx, QWORD PTR fout$[rbp] - 00018 e8 00 00 00 00 call ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ + 00014 48 8d 4d 28 lea rcx, QWORD PTR _Ok$[rbp] + 00018 e8 00 00 00 00 call ??1sentry@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@XZ ; std::basic_ostream >::sentry::~sentry 0001d 48 83 c4 28 add rsp, 40 ; 00000028H 00021 5f pop rdi 00022 5d pop rbp 00023 c3 ret 0 -?dtor$0@?0??PutToFile@@YAXPEAXK@Z@4HA ENDP ; `PutToFile'::`1'::dtor$0 +?dtor$0@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA ENDP ; `std::operator<< >'::`1'::dtor$0 +text$x ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; COMDAT text$x +text$x SEGMENT +_State$ = 4 +_Ok$ = 40 +_Pad$4 = 88 +$T5 = 308 +$T6 = 340 +$T7 = 372 +$T8 = 404 +$T9 = 436 +$T10 = 468 +$T11 = 504 +tv65 = 516 +tv305 = 520 +tv303 = 520 +tv300 = 520 +tv295 = 520 +tv281 = 520 +tv266 = 520 +tv130 = 520 +tv245 = 528 +tv204 = 528 +tv179 = 528 +tv306 = 536 +tv304 = 536 +tv301 = 536 +tv243 = 537 +tv177 = 537 +tv307 = 540 +tv302 = 540 +__$ArrayPad$ = 544 +_Ostr$ = 592 +_Ch$ = 600 +?catch$1@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA PROC ; `std::operator<< >'::`1'::catch$1 + +; 808 : _CATCH_IO_(ios_base, _Ostr) + + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 0000a 55 push rbp + 0000b 57 push rdi + 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H + 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] +__catch$??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z$0: + 00014 48 8b 85 50 02 + 00 00 mov rax, QWORD PTR _Ostr$[rbp] + 0001b 48 8b 00 mov rax, QWORD PTR [rax] + 0001e 48 63 40 04 movsxd rax, DWORD PTR [rax+4] + 00022 48 8b 8d 50 02 + 00 00 mov rcx, QWORD PTR _Ostr$[rbp] + 00029 48 03 c8 add rcx, rax + 0002c 48 8b c1 mov rax, rcx + 0002f 48 89 85 08 02 + 00 00 mov QWORD PTR tv266[rbp], rax + 00036 41 b0 01 mov r8b, 1 + 00039 ba 04 00 00 00 mov edx, 4 + 0003e 48 8b 8d 08 02 + 00 00 mov rcx, QWORD PTR tv266[rbp] + 00045 ff 15 00 00 00 + 00 call QWORD PTR __imp_?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z + 0004b 90 npad 1 + 0004c 48 8d 05 00 00 + 00 00 lea rax, $LN21@catch$1 + 00053 48 83 c4 28 add rsp, 40 ; 00000028H + 00057 5f pop rdi + 00058 5d pop rbp + 00059 c3 ret 0 + 0005a cc int 3 +?catch$1@?0???$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z@4HA ENDP ; `std::operator<< >'::`1'::catch$1 text$x ENDS ; Function compile flags: /Odtp /RTCsu /ZI ; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Main.cpp -; COMDAT ?MakeExecutableBuffer@@YAPEAXPEAXK@Z +; COMDAT ?PrintByteArr@@YAXPEAXK@Z _TEXT SEGMENT -ExecBuffer$ = 8 -Buffer$ = 256 -BufferSize$ = 264 -?MakeExecutableBuffer@@YAPEAXPEAXK@Z PROC ; MakeExecutableBuffer, COMDAT - -; 13 : { +i$1 = 4 +$T2 = 228 +$T3 = 264 +tv83 = 296 +tv85 = 304 +tv88 = 312 +tv90 = 320 +tv133 = 328 +tv131 = 336 +Buff$ = 384 +BufSize$ = 392 +?PrintByteArr@@YAXPEAXK@Z PROC ; PrintByteArr, COMDAT + +; 12 : { -$LN4: +$LN6: 00000 89 54 24 10 mov DWORD PTR [rsp+16], edx 00004 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00009 55 push rbp 0000a 57 push rdi - 0000b 48 81 ec 08 01 - 00 00 sub rsp, 264 ; 00000108H + 0000b 48 81 ec 88 01 + 00 00 sub rsp, 392 ; 00000188H 00012 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] 00017 48 8b fc mov rdi, rsp - 0001a b9 42 00 00 00 mov ecx, 66 ; 00000042H + 0001a b9 62 00 00 00 mov ecx, 98 ; 00000062H 0001f b8 cc cc cc cc mov eax, -858993460 ; ccccccccH 00024 f3 ab rep stosd - 00026 48 8b 8c 24 28 - 01 00 00 mov rcx, QWORD PTR [rsp+296] + 00026 48 8b 8c 24 a8 + 01 00 00 mov rcx, QWORD PTR [rsp+424] 0002e 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:__4031338C_Main@cpp 00035 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 14 : PVOID ExecBuffer = VirtualAlloc(nullptr, BufferSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); - - 0003a 8b 85 08 01 00 - 00 mov eax, DWORD PTR BufferSize$[rbp] - 00040 41 b9 40 00 00 - 00 mov r9d, 64 ; 00000040H - 00046 41 b8 00 10 00 - 00 mov r8d, 4096 ; 00001000H - 0004c 8b d0 mov edx, eax - 0004e 33 c9 xor ecx, ecx - 00050 ff 15 00 00 00 - 00 call QWORD PTR __imp_VirtualAlloc - 00056 48 89 45 08 mov QWORD PTR ExecBuffer$[rbp], rax - -; 15 : if (!ExecBuffer) - - 0005a 48 83 7d 08 00 cmp QWORD PTR ExecBuffer$[rbp], 0 - 0005f 75 04 jne SHORT $LN2@MakeExecut - -; 16 : return NULL; - - 00061 33 c0 xor eax, eax - 00063 eb 19 jmp SHORT $LN1@MakeExecut -$LN2@MakeExecut: +; 13 : for (uint32_t i = 0; i < BufSize; i++) + + 0003a c7 45 04 00 00 + 00 00 mov DWORD PTR i$1[rbp], 0 + 00041 eb 08 jmp SHORT $LN4@PrintByteA +$LN2@PrintByteA: + 00043 8b 45 04 mov eax, DWORD PTR i$1[rbp] + 00046 ff c0 inc eax + 00048 89 45 04 mov DWORD PTR i$1[rbp], eax +$LN4@PrintByteA: + 0004b 8b 85 88 01 00 + 00 mov eax, DWORD PTR BufSize$[rbp] + 00051 39 45 04 cmp DWORD PTR i$1[rbp], eax + 00054 0f 83 b2 00 00 + 00 jae $LN3@PrintByteA + +; 14 : { +; 15 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)((PUCHAR)Buff)[i] << ' '; + + 0005a 48 8d 15 00 00 + 00 00 lea rdx, OFFSET FLAT:?hex@std@@YAAEAVios_base@1@AEAV21@@Z ; std::hex + 00061 48 8b 0d 00 00 + 00 00 mov rcx, QWORD PTR __imp_?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A + 00068 ff 15 00 00 00 + 00 call QWORD PTR __imp_??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z + 0006e 48 89 85 28 01 + 00 00 mov QWORD PTR tv83[rbp], rax + 00075 ba 02 00 00 00 mov edx, 2 + 0007a 48 8d 8d 08 01 + 00 00 lea rcx, QWORD PTR $T3[rbp] + 00081 e8 00 00 00 00 call ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z ; std::setw + 00086 48 89 85 30 01 + 00 00 mov QWORD PTR tv85[rbp], rax + 0008d 48 8b 95 30 01 + 00 00 mov rdx, QWORD PTR tv85[rbp] + 00094 48 8b 8d 28 01 + 00 00 mov rcx, QWORD PTR tv83[rbp] + 0009b e8 00 00 00 00 call ??$?6DU?$char_traits@D@std@@_J@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Smanip@_J@0@@Z ; std::operator<<,__int64> + 000a0 48 89 85 38 01 + 00 00 mov QWORD PTR tv88[rbp], rax + 000a7 b2 30 mov dl, 48 ; 00000030H + 000a9 48 8d 8d e4 00 + 00 00 lea rcx, QWORD PTR $T2[rbp] + 000b0 e8 00 00 00 00 call ??$setfill@D@std@@YA?AU?$_Fillobj@D@0@D@Z ; std::setfill + 000b5 48 89 85 40 01 + 00 00 mov QWORD PTR tv90[rbp], rax + 000bc 48 8b 95 40 01 + 00 00 mov rdx, QWORD PTR tv90[rbp] + 000c3 48 8b 8d 38 01 + 00 00 mov rcx, QWORD PTR tv88[rbp] + 000ca e8 00 00 00 00 call ??$?6DU?$char_traits@D@std@@D@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@AEBU?$_Fillobj@D@0@@Z ; std::operator<<,char> + 000cf 48 89 85 48 01 + 00 00 mov QWORD PTR tv133[rbp], rax + 000d6 8b 45 04 mov eax, DWORD PTR i$1[rbp] + 000d9 48 8b 8d 80 01 + 00 00 mov rcx, QWORD PTR Buff$[rbp] + 000e0 0f b6 04 01 movzx eax, BYTE PTR [rcx+rax] + 000e4 89 85 50 01 00 + 00 mov DWORD PTR tv131[rbp], eax + 000ea 8b 95 50 01 00 + 00 mov edx, DWORD PTR tv131[rbp] + 000f0 48 8b 8d 48 01 + 00 00 mov rcx, QWORD PTR tv133[rbp] + 000f7 ff 15 00 00 00 + 00 call QWORD PTR __imp_??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z + 000fd b2 20 mov dl, 32 ; 00000020H + 000ff 48 8b c8 mov rcx, rax + 00102 e8 00 00 00 00 call ??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z ; std::operator<< > -; 17 : RtlCopyMemory(ExecBuffer, Buffer, BufferSize); +; 16 : } - 00065 8b 85 08 01 00 - 00 mov eax, DWORD PTR BufferSize$[rbp] - 0006b 44 8b c0 mov r8d, eax - 0006e 48 8b 95 00 01 - 00 00 mov rdx, QWORD PTR Buffer$[rbp] - 00075 48 8b 4d 08 mov rcx, QWORD PTR ExecBuffer$[rbp] - 00079 e8 00 00 00 00 call memcpy -$LN1@MakeExecut: + 00107 e9 37 ff ff ff jmp $LN2@PrintByteA +$LN3@PrintByteA: -; 18 : } +; 17 : } - 0007e 48 8d a5 e8 00 - 00 00 lea rsp, QWORD PTR [rbp+232] - 00085 5f pop rdi - 00086 5d pop rbp - 00087 c3 ret 0 -?MakeExecutableBuffer@@YAPEAXPEAXK@Z ENDP ; MakeExecutableBuffer + 0010c 48 8d a5 68 01 + 00 00 lea rsp, QWORD PTR [rbp+360] + 00113 5f pop rdi + 00114 5d pop rbp + 00115 c3 ret 0 +?PrintByteArr@@YAXPEAXK@Z ENDP ; PrintByteArr _TEXT ENDS ; Function compile flags: /Odtp /RTCsu /ZI ; COMDAT ??1_NATIVE_CODE_BLOCK@@QEAA@XZ @@ -13645,6 +15557,56 @@ $LN1@Fgetc: ??$_Fgetc@D@std@@YA_NAEADPEAU_iobuf@@@Z ENDP ; std::_Fgetc _TEXT ENDS ; Function compile flags: /Odtp /RTCsu /ZI +; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\ios +; COMDAT ?hex@std@@YAAEAVios_base@1@AEAV21@@Z +_TEXT SEGMENT +_Iosbase$ = 224 +?hex@std@@YAAEAVios_base@1@AEAV21@@Z PROC ; std::hex, COMDAT + +; 206 : inline ios_base& __CLRCALL_OR_CDECL hex(ios_base& _Iosbase) { // set basefield to hex + +$LN3: + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 55 push rbp + 00006 57 push rdi + 00007 48 81 ec e8 00 + 00 00 sub rsp, 232 ; 000000e8H + 0000e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00013 48 8b fc mov rdi, rsp + 00016 b9 3a 00 00 00 mov ecx, 58 ; 0000003aH + 0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00020 f3 ab rep stosd + 00022 48 8b 8c 24 08 + 01 00 00 mov rcx, QWORD PTR [rsp+264] + 0002a 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__165C22CB_ios + 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + +; 207 : _Iosbase.setf(ios_base::hex, ios_base::basefield); + + 00036 41 b8 00 0e 00 + 00 mov r8d, 3584 ; 00000e00H + 0003c ba 00 08 00 00 mov edx, 2048 ; 00000800H + 00041 48 8b 8d e0 00 + 00 00 mov rcx, QWORD PTR _Iosbase$[rbp] + 00048 ff 15 00 00 00 + 00 call QWORD PTR __imp_?setf@ios_base@std@@QEAAHHH@Z + +; 208 : return _Iosbase; + + 0004e 48 8b 85 e0 00 + 00 00 mov rax, QWORD PTR _Iosbase$[rbp] + +; 209 : } + + 00055 48 8d a5 c8 00 + 00 00 lea rsp, QWORD PTR [rbp+200] + 0005c 5f pop rdi + 0005d 5d pop rbp + 0005e c3 ret 0 +?hex@std@@YAAEAVios_base@1@AEAV21@@Z ENDP ; std::hex +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI ; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\xlocale ; COMDAT ??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z _TEXT SEGMENT diff --git a/CodeVirtualizer/x64/Debug/NativeCode.cod b/CodeVirtualizer/x64/Debug/NativeCode.cod index e037e97..c96931a 100644 --- a/CodeVirtualizer/x64/Debug/NativeCode.cod +++ b/CodeVirtualizer/x64/Debug/NativeCode.cod @@ -273,6 +273,12 @@ PUBLIC ?__LINE__Var@?0??_Maklocwcs@std@@YAPEA_WPEB_W@Z@4JA ; `std::_Maklocwcs':: PUBLIC ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string' PUBLIC ??_C@_0DF@KKBEBOEB@Failed?5to?5validate?5jump?4?5Type?3?5@ ; `string' PUBLIC ??_C@_0CL@COPJALEP@XedDecode?5failed?5in?5NcDeepCopyL@ ; `string' +PUBLIC ??_C@_03GOEAKHKK@?61?6@ ; `string' +PUBLIC ??_C@_03GMAGBJPD@?62?6@ ; `string' +PUBLIC ??_C@_03GIILGFEB@?64?6@ ; `string' +PUBLIC ??_C@_0L@OECMLM@?$CFs?5?$CFs?5?$CFu?5?6@ ; `string' +PUBLIC ??_C@_03GJEJAPHG@?65?6@ ; `string' +PUBLIC ??_C@_03GLAPLBCP@?66?6@ ; `string' PUBLIC ??_C@_0CA@KDIENFLL@XedDecode?5failed?5with?5error?5?$CFs?6@ ; `string' PUBLIC ??_C@_0L@ILJOJNOL@Label?3?5?$CFu?6@ ; `string' PUBLIC ??_C@_07KNNCJAOA@?$CFs?3?5?$CFu?6@ ; `string' @@ -1098,8 +1104,8 @@ $pdata$?NcGetDeltaToLabel@@YAHPEAU_NATIVE_CODE_LINK@@PEAH@Z DD imagerel $LN13 pdata ENDS ; COMDAT pdata pdata SEGMENT -$pdata$?NcFixRelJmps@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN21 - DD imagerel $LN21+946 +$pdata$?NcFixRelJmps@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN19 + DD imagerel $LN19+1024 DD imagerel $unwind$?NcFixRelJmps@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z pdata ENDS ; COMDAT pdata @@ -1754,6 +1760,30 @@ CONST SEGMENT ??_C@_0CA@KDIENFLL@XedDecode?5failed?5with?5error?5?$CFs?6@ DB 'XedDecode' DB ' failed with error %s', 0aH, 00H ; `string' CONST ENDS +; COMDAT ??_C@_03GLAPLBCP@?66?6@ +CONST SEGMENT +??_C@_03GLAPLBCP@?66?6@ DB 0aH, '6', 0aH, 00H ; `string' +CONST ENDS +; COMDAT ??_C@_03GJEJAPHG@?65?6@ +CONST SEGMENT +??_C@_03GJEJAPHG@?65?6@ DB 0aH, '5', 0aH, 00H ; `string' +CONST ENDS +; COMDAT ??_C@_0L@OECMLM@?$CFs?5?$CFs?5?$CFu?5?6@ +CONST SEGMENT +??_C@_0L@OECMLM@?$CFs?5?$CFs?5?$CFu?5?6@ DB '%s %s %u ', 0aH, 00H ; `string' +CONST ENDS +; COMDAT ??_C@_03GIILGFEB@?64?6@ +CONST SEGMENT +??_C@_03GIILGFEB@?64?6@ DB 0aH, '4', 0aH, 00H ; `string' +CONST ENDS +; COMDAT ??_C@_03GMAGBJPD@?62?6@ +CONST SEGMENT +??_C@_03GMAGBJPD@?62?6@ DB 0aH, '2', 0aH, 00H ; `string' +CONST ENDS +; COMDAT ??_C@_03GOEAKHKK@?61?6@ +CONST SEGMENT +??_C@_03GOEAKHKK@?61?6@ DB 0aH, '1', 0aH, 00H ; `string' +CONST ENDS ; COMDAT ??_C@_0CL@COPJALEP@XedDecode?5failed?5in?5NcDeepCopyL@ CONST SEGMENT ??_C@_0CL@COPJALEP@XedDecode?5failed?5in?5NcDeepCopyL@ DB 'XedDecode fail' @@ -2799,10 +2829,10 @@ xdata ENDS xdata SEGMENT $unwind$?NcFixRelJmps@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD 035063c19H DD 010f3314H - DD 0700800e6H + DD 0700800ecH DD 050066007H DD imagerel __GSHandlerCheck - DD 0728H + DD 0758H xdata ENDS ; COMDAT CONST CONST SEGMENT @@ -9304,7 +9334,7 @@ tv142 = 368 Block$ = 416 ?NcPrintBlockCode@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; NcPrintBlockCode, COMDAT -; 579 : { +; 601 : { $LN10: 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx @@ -9323,7 +9353,7 @@ $LN10: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 580 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) +; 602 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) 00036 48 8b 85 a0 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -9346,8 +9376,8 @@ $LN4@NcPrintBlo: 0006e 0f 84 eb 00 00 00 je $LN3@NcPrintBlo -; 581 : { -; 582 : if (!(T->Flags & CODE_FLAG_IS_LABEL)) +; 603 : { +; 604 : if (!(T->Flags & CODE_FLAG_IS_LABEL)) 00074 48 8b 45 08 mov rax, QWORD PTR T$1[rbp] 00078 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -9356,8 +9386,8 @@ $LN4@NcPrintBlo: 00080 0f 85 d4 00 00 00 jne $LN8@NcPrintBlo -; 583 : { -; 584 : for (uint32_t i = 0; i < T->RawDataSize; i++) +; 605 : { +; 606 : for (uint32_t i = 0; i < T->RawDataSize; i++) 00086 c7 45 24 00 00 00 00 mov DWORD PTR i$2[rbp], 0 @@ -9373,8 +9403,8 @@ $LN7@NcPrintBlo: 000a1 0f 83 b3 00 00 00 jae $LN6@NcPrintBlo -; 585 : { -; 586 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)T->RawData[i] << ' '; +; 607 : { +; 608 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)T->RawData[i] << ' '; 000a7 48 8d 15 00 00 00 00 lea rdx, OFFSET FLAT:?hex@std@@YAAEAVios_base@1@AEAV21@@Z ; std::hex @@ -9426,19 +9456,19 @@ $LN7@NcPrintBlo: 0014d 48 8b c8 mov rcx, rax 00150 e8 00 00 00 00 call ??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z ; std::operator<< > -; 587 : } +; 609 : } 00155 e9 35 ff ff ff jmp $LN5@NcPrintBlo $LN6@NcPrintBlo: $LN8@NcPrintBlo: -; 588 : } -; 589 : } +; 610 : } +; 611 : } 0015a e9 e7 fe ff ff jmp $LN2@NcPrintBlo $LN3@NcPrintBlo: -; 590 : } +; 612 : } 0015f 48 8d a5 88 01 00 00 lea rsp, QWORD PTR [rbp+392] @@ -9459,7 +9489,7 @@ tv129 = 280 Block$ = 320 ?NcDebugPrint@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; NcDebugPrint, COMDAT -; 549 : { +; 571 : { $LN11: 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx @@ -9478,25 +9508,25 @@ $LN11: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 550 : HANDLE ConsoleHandle = GetStdHandle(STD_OUTPUT_HANDLE); +; 572 : HANDLE ConsoleHandle = GetStdHandle(STD_OUTPUT_HANDLE); 00036 b9 f5 ff ff ff mov ecx, -11 ; fffffff5H 0003b ff 15 00 00 00 00 call QWORD PTR __imp_GetStdHandle 00041 48 89 45 08 mov QWORD PTR ConsoleHandle$[rbp], rax -; 551 : if (!ConsoleHandle) +; 573 : if (!ConsoleHandle) 00045 48 83 7d 08 00 cmp QWORD PTR ConsoleHandle$[rbp], 0 0004a 75 05 jne SHORT $LN5@NcDebugPri -; 552 : return; +; 574 : return; 0004c e9 03 01 00 00 jmp $LN1@NcDebugPri $LN5@NcDebugPri: -; 553 : -; 554 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) +; 575 : +; 576 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) 00051 48 8b 85 40 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -9519,8 +9549,8 @@ $LN4@NcDebugPri: 00089 0f 84 c5 00 00 00 je $LN3@NcDebugPri -; 555 : { -; 556 : if (T->Flags & CODE_FLAG_IS_LABEL) +; 577 : { +; 578 : if (T->Flags & CODE_FLAG_IS_LABEL) 0008f 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 00093 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -9528,15 +9558,15 @@ $LN4@NcDebugPri: 00099 85 c0 test eax, eax 0009b 74 26 je SHORT $LN6@NcDebugPri -; 557 : { -; 558 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED); +; 579 : { +; 580 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED); 0009d 66 ba 06 00 mov dx, 6 000a1 48 8b 4d 08 mov rcx, QWORD PTR ConsoleHandle$[rbp] 000a5 ff 15 00 00 00 00 call QWORD PTR __imp_SetConsoleTextAttribute -; 559 : printf("Label: %u\n", T->Label); +; 581 : printf("Label: %u\n", T->Label); 000ab 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 000af 8b 50 1c mov edx, DWORD PTR [rax+28] @@ -9544,14 +9574,14 @@ $LN4@NcDebugPri: 00 00 lea rcx, OFFSET FLAT:??_C@_0L@ILJOJNOL@Label?3?5?$CFu?6@ 000b9 e8 00 00 00 00 call printf -; 560 : } +; 582 : } 000be e9 8c 00 00 00 jmp $LN7@NcDebugPri $LN6@NcDebugPri: -; 561 : else -; 562 : { -; 563 : XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInstruction); +; 583 : else +; 584 : { +; 585 : XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInstruction); 000c3 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 000c7 48 83 c0 30 add rax, 48 ; 00000030H @@ -9559,7 +9589,7 @@ $LN6@NcDebugPri: 000ce e8 00 00 00 00 call xed_decoded_inst_get_iclass 000d3 89 45 44 mov DWORD PTR IClass$2[rbp], eax -; 564 : if (T->Flags & CODE_FLAG_IS_REL_JMP) +; 586 : if (T->Flags & CODE_FLAG_IS_REL_JMP) 000d6 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 000da 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -9567,15 +9597,15 @@ $LN6@NcDebugPri: 000e0 85 c0 test eax, eax 000e2 74 46 je SHORT $LN8@NcDebugPri -; 565 : { -; 566 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED); +; 587 : { +; 588 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED); 000e4 66 ba 06 00 mov dx, 6 000e8 48 8b 4d 08 mov rcx, QWORD PTR ConsoleHandle$[rbp] 000ec ff 15 00 00 00 00 call QWORD PTR __imp_SetConsoleTextAttribute -; 567 : printf("%s: %u\n", XedIClassEnumToString(IClass), T->Label); +; 589 : printf("%s: %u\n", XedIClassEnumToString(IClass), T->Label); 000f2 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 000f6 8b 40 1c mov eax, DWORD PTR [rax+28] @@ -9593,21 +9623,21 @@ $LN6@NcDebugPri: 00 00 lea rcx, OFFSET FLAT:??_C@_07KNNCJAOA@?$CFs?3?5?$CFu?6@ 00123 e8 00 00 00 00 call printf -; 568 : } +; 590 : } 00128 eb 25 jmp SHORT $LN9@NcDebugPri $LN8@NcDebugPri: -; 569 : else -; 570 : { -; 571 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_BLUE); +; 591 : else +; 592 : { +; 593 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_BLUE); 0012a 66 ba 03 00 mov dx, 3 0012e 48 8b 4d 08 mov rcx, QWORD PTR ConsoleHandle$[rbp] 00132 ff 15 00 00 00 00 call QWORD PTR __imp_SetConsoleTextAttribute -; 572 : printf("%s\n", XedIClassEnumToString(IClass)); +; 594 : printf("%s\n", XedIClassEnumToString(IClass)); 00138 8b 4d 44 mov ecx, DWORD PTR IClass$2[rbp] 0013b e8 00 00 00 00 call xed_iclass_enum_t2str @@ -9618,15 +9648,15 @@ $LN8@NcDebugPri: $LN9@NcDebugPri: $LN7@NcDebugPri: -; 573 : } -; 574 : } -; 575 : } +; 595 : } +; 596 : } +; 597 : } 0014f e9 0d ff ff ff jmp $LN2@NcDebugPri $LN3@NcDebugPri: $LN1@NcDebugPri: -; 576 : } +; 598 : } 00154 48 8d a5 28 01 00 00 lea rsp, QWORD PTR [rbp+296] @@ -9647,7 +9677,7 @@ tv78 = 312 Block$ = 352 ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; NcDeleteBlock, COMDAT -; 534 : { +; 556 : { $LN10: 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx @@ -9666,7 +9696,7 @@ $LN10: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 535 : if (!Block->Start || !Block->End) +; 557 : if (!Block->Start || !Block->End) 00036 48 8b 85 60 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -9678,13 +9708,13 @@ $LN10: 0004f 75 05 jne SHORT $LN5@NcDeleteBl $LN6@NcDeleteBl: -; 536 : return; +; 558 : return; 00051 e9 80 00 00 00 jmp $LN1@NcDeleteBl $LN5@NcDeleteBl: -; 537 : -; 538 : PNATIVE_CODE_LINK BlockEnding = Block->End->Next; +; 559 : +; 560 : PNATIVE_CODE_LINK BlockEnding = Block->End->Next; 00056 48 8b 85 60 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -9692,8 +9722,8 @@ $LN5@NcDeleteBl: 00061 48 8b 00 mov rax, QWORD PTR [rax] 00064 48 89 45 08 mov QWORD PTR BlockEnding$[rbp], rax -; 539 : -; 540 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != BlockEnding;) +; 561 : +; 562 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != BlockEnding;) 00068 48 8b 85 60 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -9706,14 +9736,14 @@ $LN2@NcDeleteBl: 00081 48 39 45 28 cmp QWORD PTR T$1[rbp], rax 00085 74 4f je SHORT $LN3@NcDeleteBl -; 541 : { -; 542 : PNATIVE_CODE_LINK Next = T->Next; +; 563 : { +; 564 : PNATIVE_CODE_LINK Next = T->Next; 00087 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 0008b 48 8b 00 mov rax, QWORD PTR [rax] 0008e 48 89 45 48 mov QWORD PTR Next$2[rbp], rax -; 543 : delete T; +; 565 : delete T; 00092 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 00096 48 89 85 28 01 @@ -9734,18 +9764,18 @@ $LN8@NcDeleteBl: 00 mov QWORD PTR tv78[rbp], 0 $LN9@NcDeleteBl: -; 544 : T = Next; +; 566 : T = Next; 000cc 48 8b 45 48 mov rax, QWORD PTR Next$2[rbp] 000d0 48 89 45 28 mov QWORD PTR T$1[rbp], rax -; 545 : } +; 567 : } 000d4 eb a0 jmp SHORT $LN2@NcDeleteBl $LN3@NcDeleteBl: $LN1@NcDeleteBl: -; 546 : } +; 568 : } 000d6 48 8d a5 48 01 00 00 lea rsp, QWORD PTR [rbp+328] @@ -9765,7 +9795,7 @@ Block$ = 320 OutSize$ = 328 ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z PROC ; NcAssemble, COMDAT -; 509 : { +; 531 : { $LN9: 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -9785,7 +9815,7 @@ $LN9: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 510 : if (!NcFixRelJmps(Block)) +; 532 : if (!NcFixRelJmps(Block)) 0003b 48 8b 8d 40 01 00 00 mov rcx, QWORD PTR Block$[rbp] @@ -9793,14 +9823,14 @@ $LN9: 00047 85 c0 test eax, eax 00049 75 07 jne SHORT $LN5@NcAssemble -; 511 : return NULL; +; 533 : return NULL; 0004b 33 c0 xor eax, eax 0004d e9 bc 00 00 00 jmp $LN1@NcAssemble $LN5@NcAssemble: -; 512 : -; 513 : *OutSize = NcCalcBlockSizeInBytes(Block); +; 534 : +; 535 : *OutSize = NcCalcBlockSizeInBytes(Block); 00052 48 8b 8d 40 01 00 00 mov rcx, QWORD PTR Block$[rbp] @@ -9809,8 +9839,8 @@ $LN5@NcAssemble: 00 00 mov rcx, QWORD PTR OutSize$[rbp] 00065 89 01 mov DWORD PTR [rcx], eax -; 514 : -; 515 : PUCHAR Buffer = (PUCHAR)malloc(*OutSize); +; 536 : +; 537 : PUCHAR Buffer = (PUCHAR)malloc(*OutSize); 00067 48 8b 85 48 01 00 00 mov rax, QWORD PTR OutSize$[rbp] @@ -9820,25 +9850,25 @@ $LN5@NcAssemble: 00 call QWORD PTR __imp_malloc 00078 48 89 45 08 mov QWORD PTR Buffer$[rbp], rax -; 516 : if (!Buffer) +; 538 : if (!Buffer) 0007c 48 83 7d 08 00 cmp QWORD PTR Buffer$[rbp], 0 00081 75 07 jne SHORT $LN6@NcAssemble -; 517 : return NULL; +; 539 : return NULL; 00083 33 c0 xor eax, eax 00085 e9 84 00 00 00 jmp $LN1@NcAssemble $LN6@NcAssemble: -; 518 : -; 519 : PUCHAR BufferOffset = Buffer; +; 540 : +; 541 : PUCHAR BufferOffset = Buffer; 0008a 48 8b 45 08 mov rax, QWORD PTR Buffer$[rbp] 0008e 48 89 45 28 mov QWORD PTR BufferOffset$[rbp], rax -; 520 : -; 521 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) +; 542 : +; 543 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) 00092 48 8b 85 40 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -9859,8 +9889,8 @@ $LN4@NcAssemble: 000c2 48 39 45 48 cmp QWORD PTR T$1[rbp], rax 000c6 74 42 je SHORT $LN3@NcAssemble -; 522 : { -; 523 : if (T->Flags & CODE_FLAG_IS_LABEL) +; 544 : { +; 545 : if (T->Flags & CODE_FLAG_IS_LABEL) 000c8 48 8b 45 48 mov rax, QWORD PTR T$1[rbp] 000cc 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -9868,13 +9898,13 @@ $LN4@NcAssemble: 000d2 85 c0 test eax, eax 000d4 74 02 je SHORT $LN7@NcAssemble -; 524 : continue; +; 546 : continue; 000d6 eb ca jmp SHORT $LN2@NcAssemble $LN7@NcAssemble: -; 525 : -; 526 : RtlCopyMemory(BufferOffset, T->RawData, T->RawDataSize); +; 547 : +; 548 : RtlCopyMemory(BufferOffset, T->RawData, T->RawDataSize); 000d8 48 8b 45 48 mov rax, QWORD PTR T$1[rbp] 000dc 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -9884,7 +9914,7 @@ $LN7@NcAssemble: 000ea 48 8b 4d 28 mov rcx, QWORD PTR BufferOffset$[rbp] 000ee e8 00 00 00 00 call memcpy -; 527 : BufferOffset += T->RawDataSize; +; 549 : BufferOffset += T->RawDataSize; 000f3 48 8b 45 48 mov rax, QWORD PTR T$1[rbp] 000f7 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -9893,18 +9923,18 @@ $LN7@NcAssemble: 00101 48 8b c1 mov rax, rcx 00104 48 89 45 28 mov QWORD PTR BufferOffset$[rbp], rax -; 528 : } +; 550 : } 00108 eb 98 jmp SHORT $LN2@NcAssemble $LN3@NcAssemble: -; 529 : -; 530 : return Buffer; +; 551 : +; 552 : return Buffer; 0010a 48 8b 45 08 mov rax, QWORD PTR Buffer$[rbp] $LN1@NcAssemble: -; 531 : } +; 553 : } 0010e 48 8d a5 28 01 00 00 lea rsp, QWORD PTR [rbp+296] @@ -9934,7 +9964,7 @@ Buffer$ = 520 BufferSize$ = 528 ?NcDisassemble@@YAHPEAU_NATIVE_CODE_BLOCK@@PEAXK@Z PROC ; NcDisassemble, COMDAT -; 477 : { +; 499 : { $LN13: 00000 44 89 44 24 18 mov DWORD PTR [rsp+24], r8d @@ -9955,20 +9985,20 @@ $LN13: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 0003b e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 478 : PUCHAR Buf = (PUCHAR)Buffer; +; 500 : PUCHAR Buf = (PUCHAR)Buffer; 00040 48 8b 85 08 02 00 00 mov rax, QWORD PTR Buffer$[rbp] 00047 48 89 45 08 mov QWORD PTR Buf$[rbp], rax -; 479 : ULONG Offset = 0; +; 501 : ULONG Offset = 0; 0004b c7 45 24 00 00 00 00 mov DWORD PTR Offset$[rbp], 0 $LN2@NcDisassem: -; 480 : -; 481 : while (Offset < BufferSize) +; 502 : +; 503 : while (Offset < BufferSize) 00052 8b 85 10 02 00 00 mov eax, DWORD PTR BufferSize$[rbp] @@ -9976,8 +10006,8 @@ $LN2@NcDisassem: 0005b 0f 83 b8 01 00 00 jae $LN3@NcDisassem -; 482 : { -; 483 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK; +; 504 : { +; 505 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK; 00061 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H 00066 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new @@ -10005,13 +10035,13 @@ $LN7@NcDisassem: 00 00 mov rax, QWORD PTR $T4[rbp] 000b1 48 89 45 48 mov QWORD PTR Link$1[rbp], rax -; 484 : Link->Flags = CODE_FLAG_IS_INST; +; 506 : Link->Flags = CODE_FLAG_IS_INST; 000b5 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 000b9 c7 40 18 04 00 00 00 mov DWORD PTR [rax+24], 4 -; 485 : ULONG PossibleSize = min(15, BufferSize - Offset); +; 507 : ULONG PossibleSize = min(15, BufferSize - Offset); 000c0 8b 45 24 mov eax, DWORD PTR Offset$[rbp] 000c3 8b 8d 10 02 00 @@ -10036,7 +10066,7 @@ $LN9@NcDisassem: 00 mov eax, DWORD PTR tv80[rbp] 000f7 89 45 64 mov DWORD PTR PossibleSize$2[rbp], eax -; 486 : XED_ERROR_ENUM DecodeError = XedDecode(&Link->XedInstruction, (Buf + Offset), PossibleSize); +; 508 : XED_ERROR_ENUM DecodeError = XedDecode(&Link->XedInstruction, (Buf + Offset), PossibleSize); 000fa 8b 45 24 mov eax, DWORD PTR Offset$[rbp] 000fd 48 8b 4d 08 mov rcx, QWORD PTR Buf$[rbp] @@ -10050,14 +10080,14 @@ $LN9@NcDisassem: 0011b 89 85 84 00 00 00 mov DWORD PTR DecodeError$3[rbp], eax -; 487 : if (DecodeError != XED_ERROR_NONE) +; 509 : if (DecodeError != XED_ERROR_NONE) 00121 83 bd 84 00 00 00 00 cmp DWORD PTR DecodeError$3[rbp], 0 00128 74 67 je SHORT $LN4@NcDisassem -; 488 : { -; 489 : printf("XedDecode failed with error %s\n", XedErrorEnumToString(DecodeError)); +; 510 : { +; 511 : printf("XedDecode failed with error %s\n", XedErrorEnumToString(DecodeError)); 0012a 8b 8d 84 00 00 00 mov ecx, DWORD PTR DecodeError$3[rbp] @@ -10067,13 +10097,13 @@ $LN9@NcDisassem: 00 00 lea rcx, OFFSET FLAT:??_C@_0CA@KDIENFLL@XedDecode?5failed?5with?5error?5?$CFs?6@ 0013f e8 00 00 00 00 call printf -; 490 : NcDeleteBlock(Block); +; 512 : NcDeleteBlock(Block); 00144 48 8b 8d 00 02 00 00 mov rcx, QWORD PTR Block$[rbp] 0014b e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 491 : delete Link; +; 513 : delete Link; 00150 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 00154 48 89 85 a8 01 @@ -10094,14 +10124,14 @@ $LN10@NcDisassem: 00 mov QWORD PTR tv130[rbp], 0 $LN11@NcDisassem: -; 492 : return FALSE; +; 514 : return FALSE; 0018a 33 c0 xor eax, eax 0018c e9 99 00 00 00 jmp $LN1@NcDisassem $LN4@NcDisassem: -; 493 : } -; 494 : Link->RawDataSize = XedDecodedInstGetLength(&Link->XedInstruction); +; 515 : } +; 516 : Link->RawDataSize = XedDecodedInstGetLength(&Link->XedInstruction); 00191 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 00195 48 83 c0 30 add rax, 48 ; 00000030H @@ -10110,7 +10140,7 @@ $LN4@NcDisassem: 001a1 48 8b 4d 48 mov rcx, QWORD PTR Link$1[rbp] 001a5 89 41 28 mov DWORD PTR [rcx+40], eax -; 495 : Link->RawData = new UCHAR[Link->RawDataSize]; +; 517 : Link->RawData = new UCHAR[Link->RawDataSize]; 001a8 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 001ac 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -10123,7 +10153,7 @@ $LN4@NcDisassem: 00 00 mov rcx, QWORD PTR $T7[rbp] 001c8 48 89 48 20 mov QWORD PTR [rax+32], rcx -; 496 : RtlCopyMemory(Link->RawData, (Buf + Offset), Link->RawDataSize); +; 518 : RtlCopyMemory(Link->RawData, (Buf + Offset), Link->RawDataSize); 001cc 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 001d0 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -10137,16 +10167,16 @@ $LN4@NcDisassem: 001ea 48 8b 48 20 mov rcx, QWORD PTR [rax+32] 001ee e8 00 00 00 00 call memcpy -; 497 : -; 498 : NcAppendToBlock(Block, Link); +; 519 : +; 520 : NcAppendToBlock(Block, Link); 001f3 48 8b 55 48 mov rdx, QWORD PTR Link$1[rbp] 001f7 48 8b 8d 00 02 00 00 mov rcx, QWORD PTR Block$[rbp] 001fe e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock -; 499 : -; 500 : Offset += Link->RawDataSize; +; 521 : +; 522 : Offset += Link->RawDataSize; 00203 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 00207 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -10155,25 +10185,25 @@ $LN4@NcDisassem: 0020f 8b c1 mov eax, ecx 00211 89 45 24 mov DWORD PTR Offset$[rbp], eax -; 501 : } +; 523 : } 00214 e9 39 fe ff ff jmp $LN2@NcDisassem $LN3@NcDisassem: -; 502 : -; 503 : NcCreateLabels(Block); +; 524 : +; 525 : NcCreateLabels(Block); 00219 48 8b 8d 00 02 00 00 mov rcx, QWORD PTR Block$[rbp] 00220 e8 00 00 00 00 call ?NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ; NcCreateLabels -; 504 : -; 505 : return TRUE; +; 526 : +; 527 : return TRUE; 00225 b8 01 00 00 00 mov eax, 1 $LN1@NcDisassem: -; 506 : } +; 528 : } 0022a 48 8d a5 e8 01 00 00 lea rsp, QWORD PTR [rbp+488] @@ -10264,36 +10294,39 @@ EncoderRequest$14 = 592 EncodeBuffer$15 = 808 ReturnedSize$16 = 852 IClass$17 = 884 -$T18 = 1496 -$T19 = 1576 -$T20 = 1656 +Err$18 = 916 +$T19 = 1528 +$T20 = 1608 $T21 = 1688 -$T22 = 1728 -tv184 = 1780 -__$ArrayPad$ = 1784 -Block$ = 1824 +$T22 = 1720 +$T23 = 1760 +tv191 = 1812 +tv159 = 1816 +tv157 = 1824 +__$ArrayPad$ = 1832 +Block$ = 1872 ?NcFixRelJmps@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; NcFixRelJmps, COMDAT ; 397 : { -$LN21: +$LN19: 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 55 push rbp 00006 56 push rsi 00007 57 push rdi - 00008 48 81 ec 30 07 - 00 00 sub rsp, 1840 ; 00000730H + 00008 48 81 ec 60 07 + 00 00 sub rsp, 1888 ; 00000760H 0000f 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48] 00014 48 8b fc mov rdi, rsp - 00017 b9 cc 01 00 00 mov ecx, 460 ; 000001ccH + 00017 b9 d8 01 00 00 mov ecx, 472 ; 000001d8H 0001c b8 cc cc cc cc mov eax, -858993460 ; ccccccccH 00021 f3 ab rep stosd - 00023 48 8b 8c 24 58 - 07 00 00 mov rcx, QWORD PTR [rsp+1880] + 00023 48 8b 8c 24 88 + 07 00 00 mov rcx, QWORD PTR [rsp+1928] 0002b 48 8b 05 00 00 00 00 mov rax, QWORD PTR __security_cookie 00032 48 33 c5 xor rax, rbp - 00035 48 89 85 f8 06 + 00035 48 89 85 28 07 00 00 mov QWORD PTR __$ArrayPad$[rbp], rax 0003c 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp @@ -10301,20 +10334,20 @@ $LN21: ; 398 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;) - 00048 48 8b 85 20 07 + 00048 48 8b 85 50 07 00 00 mov rax, QWORD PTR Block$[rbp] 0004f 48 8b 00 mov rax, QWORD PTR [rax] 00052 48 89 45 08 mov QWORD PTR T$9[rbp], rax $LN2@NcFixRelJm: 00056 48 83 7d 08 00 cmp QWORD PTR T$9[rbp], 0 - 0005b 0f 84 1c 03 00 + 0005b 0f 84 6a 03 00 00 je $LN3@NcFixRelJm - 00061 48 8b 85 20 07 + 00061 48 8b 85 50 07 00 00 mov rax, QWORD PTR Block$[rbp] 00068 48 8b 40 08 mov rax, QWORD PTR [rax+8] 0006c 48 8b 00 mov rax, QWORD PTR [rax] 0006f 48 39 45 08 cmp QWORD PTR T$9[rbp], rax - 00073 0f 84 04 03 00 + 00073 0f 84 52 03 00 00 je $LN3@NcFixRelJm ; 399 : { @@ -10324,7 +10357,7 @@ $LN2@NcFixRelJm: 0007d 8b 40 18 mov eax, DWORD PTR [rax+24] 00080 83 e0 02 and eax, 2 00083 85 c0 test eax, eax - 00085 0f 84 e2 02 00 + 00085 0f 84 30 03 00 00 je $LN7@NcFixRelJm ; 401 : { @@ -10339,397 +10372,441 @@ $LN2@NcFixRelJm: 00096 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] 0009a e8 00 00 00 00 call ?NcGetDeltaToLabel@@YAHPEAU_NATIVE_CODE_LINK@@PEAH@Z ; NcGetDeltaToLabel 0009f 85 c0 test eax, eax - 000a1 75 07 jne SHORT $LN8@NcFixRelJm + 000a1 75 13 jne SHORT $LN8@NcFixRelJm + +; 404 : { +; 405 : printf("\n1\n"); -; 404 : return FALSE; + 000a3 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_03GOEAKHKK@?61?6@ + 000aa e8 00 00 00 00 call printf - 000a3 33 c0 xor eax, eax - 000a5 e9 d8 02 00 00 jmp $LN1@NcFixRelJm +; 406 : return NULL; + + 000af 33 c0 xor eax, eax + 000b1 e9 1a 03 00 00 jmp $LN1@NcFixRelJm $LN8@NcFixRelJm: -; 405 : -; 406 : ULONG DispWidth = XedDecodedInstGetBranchDisplacementWidthBits(&T->XedInstruction); +; 407 : } +; 408 : +; 409 : ULONG DispWidth = XedDecodedInstGetBranchDisplacementWidthBits(&T->XedInstruction); - 000aa 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 000ae 48 83 c0 30 add rax, 48 ; 00000030H - 000b2 48 8b c8 mov rcx, rax - 000b5 e8 00 00 00 00 call xed_decoded_inst_get_branch_displacement_width_bits - 000ba 89 45 44 mov DWORD PTR DispWidth$11[rbp], eax + 000b6 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 000ba 48 83 c0 30 add rax, 48 ; 00000030H + 000be 48 8b c8 mov rcx, rax + 000c1 e8 00 00 00 00 call xed_decoded_inst_get_branch_displacement_width_bits + 000c6 89 45 44 mov DWORD PTR DispWidth$11[rbp], eax -; 407 : if (log2(abs(BranchDisp)) + 1 > DispWidth) +; 410 : if (log2(abs(BranchDisp)) + 1 > DispWidth) - 000bd 8b 4d 24 mov ecx, DWORD PTR BranchDisp$10[rbp] - 000c0 e8 00 00 00 00 call abs - 000c5 8b c8 mov ecx, eax - 000c7 e8 00 00 00 00 call ??$log2@H$0A@@@YANH@Z ; log2 - 000cc f2 0f 58 05 00 + 000c9 8b 4d 24 mov ecx, DWORD PTR BranchDisp$10[rbp] + 000cc e8 00 00 00 00 call abs + 000d1 8b c8 mov ecx, eax + 000d3 e8 00 00 00 00 call ??$log2@H$0A@@@YANH@Z ; log2 + 000d8 f2 0f 58 05 00 00 00 00 addsd xmm0, QWORD PTR __real@3ff0000000000000 - 000d4 8b 45 44 mov eax, DWORD PTR DispWidth$11[rbp] - 000d7 f2 48 0f 2a c8 cvtsi2sd xmm1, rax - 000dc 66 0f 2f c1 comisd xmm0, xmm1 - 000e0 0f 86 f3 01 00 + 000e0 8b 45 44 mov eax, DWORD PTR DispWidth$11[rbp] + 000e3 f2 48 0f 2a c8 cvtsi2sd xmm1, rax + 000e8 66 0f 2f c1 comisd xmm0, xmm1 + 000ec 0f 86 35 02 00 00 jbe $LN9@NcFixRelJm -; 408 : { -; 409 : //duh oh -; 410 : if (DispWidth == 32) +; 411 : { +; 412 : //duh oh +; 413 : if (DispWidth == 32) - 000e6 83 7d 44 20 cmp DWORD PTR DispWidth$11[rbp], 32 ; 00000020H - 000ea 75 07 jne SHORT $LN11@NcFixRelJm + 000f2 83 7d 44 20 cmp DWORD PTR DispWidth$11[rbp], 32 ; 00000020H + 000f6 75 13 jne SHORT $LN11@NcFixRelJm -; 411 : return FALSE; +; 414 : { +; 415 : printf("\n2\n"); - 000ec 33 c0 xor eax, eax - 000ee e9 8f 02 00 00 jmp $LN1@NcFixRelJm -$LN11@NcFixRelJm: + 000f8 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_03GMAGBJPD@?62?6@ + 000ff e8 00 00 00 00 call printf -; 412 : -; 413 : //Grow displacement width to required size -; 414 : DispWidth *= 2; +; 416 : return NULL; - 000f3 8b 45 44 mov eax, DWORD PTR DispWidth$11[rbp] - 000f6 d1 e0 shl eax, 1 - 000f8 89 45 44 mov DWORD PTR DispWidth$11[rbp], eax - -; 415 : -; 416 : //Check again -; 417 : if (log2(abs(BranchDisp)) + 1 > DispWidth) - - 000fb 8b 4d 24 mov ecx, DWORD PTR BranchDisp$10[rbp] - 000fe e8 00 00 00 00 call abs - 00103 8b c8 mov ecx, eax - 00105 e8 00 00 00 00 call ??$log2@H$0A@@@YANH@Z ; log2 - 0010a f2 0f 58 05 00 - 00 00 00 addsd xmm0, QWORD PTR __real@3ff0000000000000 - 00112 8b 45 44 mov eax, DWORD PTR DispWidth$11[rbp] - 00115 f2 48 0f 2a c8 cvtsi2sd xmm1, rax - 0011a 66 0f 2f c1 comisd xmm0, xmm1 - 0011e 76 15 jbe SHORT $LN12@NcFixRelJm - -; 418 : { -; 419 : if (DispWidth == 32) - - 00120 83 7d 44 20 cmp DWORD PTR DispWidth$11[rbp], 32 ; 00000020H - 00124 75 07 jne SHORT $LN13@NcFixRelJm - -; 420 : return FALSE; - - 00126 33 c0 xor eax, eax - 00128 e9 55 02 00 00 jmp $LN1@NcFixRelJm -$LN13@NcFixRelJm: + 00104 33 c0 xor eax, eax + 00106 e9 c5 02 00 00 jmp $LN1@NcFixRelJm +$LN11@NcFixRelJm: +; 417 : } +; 418 : +; 419 : ////Grow displacement width to required size +; 420 : //DispWidth *= 2; ; 421 : -; 422 : //Grow once more if not already at 32 -; 423 : DispWidth *= 2; - - 0012d 8b 45 44 mov eax, DWORD PTR DispWidth$11[rbp] - 00130 d1 e0 shl eax, 1 - 00132 89 45 44 mov DWORD PTR DispWidth$11[rbp], eax -$LN12@NcFixRelJm: - -; 424 : } -; 425 : -; 426 : //Encode new instruction -; 427 : XED_STATE MachineState; -; 428 : MachineState.mmode = XED_MACHINE_MODE_LONG_64; - - 00135 c7 45 68 01 00 +; 422 : ////Check again +; 423 : //if (log2(abs(BranchDisp)) + 1 > DispWidth) +; 424 : //{ +; 425 : // if (DispWidth == 32) +; 426 : // { +; 427 : // printf("\n3\n"); +; 428 : // return NULL; +; 429 : // } +; 430 : +; 431 : // //Grow once more if not already at 32 +; 432 : // DispWidth *= 2; +; 433 : //} +; 434 : +; 435 : DispWidth = 32; + + 0010b c7 45 44 20 00 + 00 00 mov DWORD PTR DispWidth$11[rbp], 32 ; 00000020H + +; 436 : +; 437 : //Encode new instruction +; 438 : XED_STATE MachineState; +; 439 : MachineState.mmode = XED_MACHINE_MODE_LONG_64; + + 00112 c7 45 68 01 00 00 00 mov DWORD PTR MachineState$12[rbp], 1 -; 429 : MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b; +; 440 : MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b; - 0013c c7 45 6c 08 00 + 00119 c7 45 6c 08 00 00 00 mov DWORD PTR MachineState$12[rbp+4], 8 -; 430 : XED_ENCODER_INSTRUCTION EncoderInstruction; -; 431 : XED_ENCODER_REQUEST EncoderRequest; -; 432 : UCHAR EncodeBuffer[15]; -; 433 : UINT ReturnedSize; -; 434 : XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInstruction); - - 00143 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 00147 48 83 c0 30 add rax, 48 ; 00000030H - 0014b 48 8b c8 mov rcx, rax - 0014e e8 00 00 00 00 call xed_decoded_inst_get_iclass - 00153 89 85 74 03 00 +; 441 : XED_ENCODER_INSTRUCTION EncoderInstruction; +; 442 : XED_ENCODER_REQUEST EncoderRequest; +; 443 : UCHAR EncodeBuffer[15]; +; 444 : UINT ReturnedSize; +; 445 : XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInstruction); + + 00120 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 00124 48 83 c0 30 add rax, 48 ; 00000030H + 00128 48 8b c8 mov rcx, rax + 0012b e8 00 00 00 00 call xed_decoded_inst_get_iclass + 00130 89 85 74 03 00 00 mov DWORD PTR IClass$17[rbp], eax -; 435 : -; 436 : //Do the encoding -; 437 : XedInst1(&EncoderInstruction, MachineState, IClass, DispWidth, XedRelBr(0, DispWidth)); +; 446 : +; 447 : //Do the encoding +; 448 : XedInst1(&EncoderInstruction, MachineState, IClass, DispWidth, XedRelBr(0, DispWidth)); - 00159 44 8b 45 44 mov r8d, DWORD PTR DispWidth$11[rbp] - 0015d 33 d2 xor edx, edx - 0015f 48 8d 8d 28 06 + 00136 44 8b 45 44 mov r8d, DWORD PTR DispWidth$11[rbp] + 0013a 33 d2 xor edx, edx + 0013c 48 8d 8d 48 06 + 00 00 lea rcx, QWORD PTR $T20[rbp] + 00143 e8 00 00 00 00 call xed_relbr + 00148 48 8d 8d f8 05 00 00 lea rcx, QWORD PTR $T19[rbp] - 00166 e8 00 00 00 00 call xed_relbr - 0016b 48 8d 8d d8 05 - 00 00 lea rcx, QWORD PTR $T18[rbp] - 00172 48 8b f9 mov rdi, rcx - 00175 48 8b f0 mov rsi, rax - 00178 b9 30 00 00 00 mov ecx, 48 ; 00000030H - 0017d f3 a4 rep movsb - 0017f 48 8d 85 c0 06 - 00 00 lea rax, QWORD PTR $T22[rbp] - 00186 48 8d 8d d8 05 - 00 00 lea rcx, QWORD PTR $T18[rbp] - 0018d 48 8b f8 mov rdi, rax - 00190 48 8b f1 mov rsi, rcx - 00193 b9 30 00 00 00 mov ecx, 48 ; 00000030H - 00198 f3 a4 rep movsb - 0019a 48 8d 85 c0 06 - 00 00 lea rax, QWORD PTR $T22[rbp] - 001a1 48 89 44 24 20 mov QWORD PTR [rsp+32], rax - 001a6 44 8b 4d 44 mov r9d, DWORD PTR DispWidth$11[rbp] - 001aa 44 8b 85 74 03 + 0014f 48 8b f9 mov rdi, rcx + 00152 48 8b f0 mov rsi, rax + 00155 b9 30 00 00 00 mov ecx, 48 ; 00000030H + 0015a f3 a4 rep movsb + 0015c 48 8d 85 e0 06 + 00 00 lea rax, QWORD PTR $T23[rbp] + 00163 48 8d 8d f8 05 + 00 00 lea rcx, QWORD PTR $T19[rbp] + 0016a 48 8b f8 mov rdi, rax + 0016d 48 8b f1 mov rsi, rcx + 00170 b9 30 00 00 00 mov ecx, 48 ; 00000030H + 00175 f3 a4 rep movsb + 00177 48 8d 85 e0 06 + 00 00 lea rax, QWORD PTR $T23[rbp] + 0017e 48 89 44 24 20 mov QWORD PTR [rsp+32], rax + 00183 44 8b 4d 44 mov r9d, DWORD PTR DispWidth$11[rbp] + 00187 44 8b 85 74 03 00 00 mov r8d, DWORD PTR IClass$17[rbp] - 001b1 48 8b 55 68 mov rdx, QWORD PTR MachineState$12[rbp] - 001b5 48 8d 8d 90 00 + 0018e 48 8b 55 68 mov rdx, QWORD PTR MachineState$12[rbp] + 00192 48 8d 8d 90 00 00 00 lea rcx, QWORD PTR EncoderInstruction$13[rbp] - 001bc e8 00 00 00 00 call xed_inst1 + 00199 e8 00 00 00 00 call xed_inst1 -; 438 : XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState); +; 449 : XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState); - 001c1 48 8d 55 68 lea rdx, QWORD PTR MachineState$12[rbp] - 001c5 48 8d 8d 50 02 + 0019e 48 8d 55 68 lea rdx, QWORD PTR MachineState$12[rbp] + 001a2 48 8d 8d 50 02 00 00 lea rcx, QWORD PTR EncoderRequest$14[rbp] - 001cc e8 00 00 00 00 call xed_encoder_request_zero_set_mode + 001a9 e8 00 00 00 00 call xed_encoder_request_zero_set_mode -; 439 : if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction)) +; 450 : if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction)) - 001d1 48 8d 95 90 00 + 001ae 48 8d 95 90 00 00 00 lea rdx, QWORD PTR EncoderInstruction$13[rbp] - 001d8 48 8d 8d 50 02 + 001b5 48 8d 8d 50 02 00 00 lea rcx, QWORD PTR EncoderRequest$14[rbp] - 001df e8 00 00 00 00 call xed_convert_to_encoder_request - 001e4 85 c0 test eax, eax - 001e6 75 07 jne SHORT $LN14@NcFixRelJm + 001bc e8 00 00 00 00 call xed_convert_to_encoder_request + 001c1 85 c0 test eax, eax + 001c3 75 13 jne SHORT $LN12@NcFixRelJm -; 440 : return FALSE; +; 451 : { +; 452 : printf("\n4\n"); - 001e8 33 c0 xor eax, eax - 001ea e9 93 01 00 00 jmp $LN1@NcFixRelJm -$LN14@NcFixRelJm: + 001c5 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_03GIILGFEB@?64?6@ + 001cc e8 00 00 00 00 call printf + +; 453 : return NULL; -; 441 : if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize)) + 001d1 33 c0 xor eax, eax + 001d3 e9 f8 01 00 00 jmp $LN1@NcFixRelJm +$LN12@NcFixRelJm: + +; 454 : } +; 455 : XED_ERROR_ENUM Err = XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize); - 001ef 4c 8d 8d 54 03 + 001d8 4c 8d 8d 54 03 00 00 lea r9, QWORD PTR ReturnedSize$16[rbp] - 001f6 41 b8 0f 00 00 + 001df 41 b8 0f 00 00 00 mov r8d, 15 - 001fc 48 8d 95 28 03 + 001e5 48 8d 95 28 03 00 00 lea rdx, QWORD PTR EncodeBuffer$15[rbp] - 00203 48 8d 8d 50 02 + 001ec 48 8d 8d 50 02 00 00 lea rcx, QWORD PTR EncoderRequest$14[rbp] - 0020a e8 00 00 00 00 call xed_encode - 0020f 85 c0 test eax, eax - 00211 74 07 je SHORT $LN15@NcFixRelJm + 001f3 e8 00 00 00 00 call xed_encode + 001f8 89 85 94 03 00 + 00 mov DWORD PTR Err$18[rbp], eax -; 442 : return FALSE; +; 456 : if (XED_ERROR_NONE != Err) - 00213 33 c0 xor eax, eax - 00215 e9 68 01 00 00 jmp $LN1@NcFixRelJm -$LN15@NcFixRelJm: + 001fe 83 bd 94 03 00 + 00 00 cmp DWORD PTR Err$18[rbp], 0 + 00205 74 55 je SHORT $LN13@NcFixRelJm -; 443 : -; 444 : //fixup T->RawData -; 445 : delete[] T->RawData; +; 457 : { +; 458 : printf("%s %s %u \n", XedErrorEnumToString(Err), XedIClassEnumToString(IClass), DispWidth); - 0021a 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 0021e 48 8b 40 20 mov rax, QWORD PTR [rax+32] - 00222 48 89 85 78 06 - 00 00 mov QWORD PTR $T20[rbp], rax - 00229 48 8b 8d 78 06 - 00 00 mov rcx, QWORD PTR $T20[rbp] - 00230 e8 00 00 00 00 call ??_V@YAXPEAX@Z ; operator delete[] + 00207 8b 8d 74 03 00 + 00 mov ecx, DWORD PTR IClass$17[rbp] + 0020d e8 00 00 00 00 call xed_iclass_enum_t2str + 00212 48 89 85 18 07 + 00 00 mov QWORD PTR tv159[rbp], rax + 00219 8b 8d 94 03 00 + 00 mov ecx, DWORD PTR Err$18[rbp] + 0021f e8 00 00 00 00 call xed_error_enum_t2str + 00224 48 89 85 20 07 + 00 00 mov QWORD PTR tv157[rbp], rax + 0022b 44 8b 4d 44 mov r9d, DWORD PTR DispWidth$11[rbp] + 0022f 4c 8b 85 18 07 + 00 00 mov r8, QWORD PTR tv159[rbp] + 00236 48 8b 95 20 07 + 00 00 mov rdx, QWORD PTR tv157[rbp] + 0023d 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_0L@OECMLM@?$CFs?5?$CFs?5?$CFu?5?6@ + 00244 e8 00 00 00 00 call printf -; 446 : T->RawDataSize = ReturnedSize; +; 459 : printf("\n5\n"); - 00235 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 00239 8b 8d 54 03 00 - 00 mov ecx, DWORD PTR ReturnedSize$16[rbp] - 0023f 89 48 28 mov DWORD PTR [rax+40], ecx + 00249 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_03GJEJAPHG@?65?6@ + 00250 e8 00 00 00 00 call printf -; 447 : T->RawData = new UCHAR[ReturnedSize]; +; 460 : return NULL; - 00242 8b 85 54 03 00 - 00 mov eax, DWORD PTR ReturnedSize$16[rbp] - 00248 8b c8 mov ecx, eax - 0024a e8 00 00 00 00 call ??_U@YAPEAX_K@Z ; operator new[] - 0024f 48 89 85 98 06 + 00255 33 c0 xor eax, eax + 00257 e9 74 01 00 00 jmp $LN1@NcFixRelJm +$LN13@NcFixRelJm: + +; 461 : } +; 462 : +; 463 : //fixup T->RawData +; 464 : delete[] T->RawData; + + 0025c 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 00260 48 8b 40 20 mov rax, QWORD PTR [rax+32] + 00264 48 89 85 98 06 00 00 mov QWORD PTR $T21[rbp], rax - 00256 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 0025a 48 8b 8d 98 06 + 0026b 48 8b 8d 98 06 00 00 mov rcx, QWORD PTR $T21[rbp] - 00261 48 89 48 20 mov QWORD PTR [rax+32], rcx + 00272 e8 00 00 00 00 call ??_V@YAXPEAX@Z ; operator delete[] -; 448 : RtlCopyMemory(T->RawData, EncodeBuffer, ReturnedSize); +; 465 : T->RawDataSize = ReturnedSize; - 00265 8b 85 54 03 00 + 00277 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 0027b 8b 8d 54 03 00 + 00 mov ecx, DWORD PTR ReturnedSize$16[rbp] + 00281 89 48 28 mov DWORD PTR [rax+40], ecx + +; 466 : T->RawData = new UCHAR[ReturnedSize]; + + 00284 8b 85 54 03 00 + 00 mov eax, DWORD PTR ReturnedSize$16[rbp] + 0028a 8b c8 mov ecx, eax + 0028c e8 00 00 00 00 call ??_U@YAPEAX_K@Z ; operator new[] + 00291 48 89 85 b8 06 + 00 00 mov QWORD PTR $T22[rbp], rax + 00298 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 0029c 48 8b 8d b8 06 + 00 00 mov rcx, QWORD PTR $T22[rbp] + 002a3 48 89 48 20 mov QWORD PTR [rax+32], rcx + +; 467 : RtlCopyMemory(T->RawData, EncodeBuffer, ReturnedSize); + + 002a7 8b 85 54 03 00 00 mov eax, DWORD PTR ReturnedSize$16[rbp] - 0026b 44 8b c0 mov r8d, eax - 0026e 48 8d 95 28 03 + 002ad 44 8b c0 mov r8d, eax + 002b0 48 8d 95 28 03 00 00 lea rdx, QWORD PTR EncodeBuffer$15[rbp] - 00275 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 00279 48 8b 48 20 mov rcx, QWORD PTR [rax+32] - 0027d e8 00 00 00 00 call memcpy - -; 449 : -; 450 : //Decode instruction so its proper and all that -; 451 : XedDecodedInstZeroSetMode(&T->XedInstruction, &MachineState); - - 00282 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 00286 48 83 c0 30 add rax, 48 ; 00000030H - 0028a 48 8d 55 68 lea rdx, QWORD PTR MachineState$12[rbp] - 0028e 48 8b c8 mov rcx, rax - 00291 e8 00 00 00 00 call xed_decoded_inst_zero_set_mode - -; 452 : if (XED_ERROR_NONE != XedDecode(&T->XedInstruction, T->RawData, T->RawDataSize)) - - 00296 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 0029a 48 83 c0 30 add rax, 48 ; 00000030H - 0029e 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] - 002a2 44 8b 41 28 mov r8d, DWORD PTR [rcx+40] - 002a6 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] - 002aa 48 8b 51 20 mov rdx, QWORD PTR [rcx+32] - 002ae 48 8b c8 mov rcx, rax - 002b1 e8 00 00 00 00 call xed_decode - 002b6 85 c0 test eax, eax - 002b8 74 07 je SHORT $LN16@NcFixRelJm - -; 453 : return FALSE; - - 002ba 33 c0 xor eax, eax - 002bc e9 c1 00 00 00 jmp $LN1@NcFixRelJm -$LN16@NcFixRelJm: + 002b7 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 002bb 48 8b 48 20 mov rcx, QWORD PTR [rax+32] + 002bf e8 00 00 00 00 call memcpy + +; 468 : +; 469 : //Decode instruction so its proper and all that +; 470 : XedDecodedInstZeroSetMode(&T->XedInstruction, &MachineState); + + 002c4 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 002c8 48 83 c0 30 add rax, 48 ; 00000030H + 002cc 48 8d 55 68 lea rdx, QWORD PTR MachineState$12[rbp] + 002d0 48 8b c8 mov rcx, rax + 002d3 e8 00 00 00 00 call xed_decoded_inst_zero_set_mode + +; 471 : if (XED_ERROR_NONE != XedDecode(&T->XedInstruction, T->RawData, T->RawDataSize)) + + 002d8 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 002dc 48 83 c0 30 add rax, 48 ; 00000030H + 002e0 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] + 002e4 44 8b 41 28 mov r8d, DWORD PTR [rcx+40] + 002e8 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] + 002ec 48 8b 51 20 mov rdx, QWORD PTR [rcx+32] + 002f0 48 8b c8 mov rcx, rax + 002f3 e8 00 00 00 00 call xed_decode + 002f8 85 c0 test eax, eax + 002fa 74 13 je SHORT $LN14@NcFixRelJm + +; 472 : { +; 473 : printf("\n6\n"); + + 002fc 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_03GLAPLBCP@?66?6@ + 00303 e8 00 00 00 00 call printf + +; 474 : return NULL; + + 00308 33 c0 xor eax, eax + 0030a e9 c1 00 00 00 jmp $LN1@NcFixRelJm +$LN14@NcFixRelJm: -; 454 : -; 455 : //Go back to the start and loop through all labels again because now this instruction is larger :)))) -; 456 : T = Block->Start; +; 475 : } +; 476 : +; 477 : //Go back to the start and loop through all labels again because now this instruction is larger :)))) +; 478 : T = Block->Start; - 002c1 48 8b 85 20 07 + 0030f 48 8b 85 50 07 00 00 mov rax, QWORD PTR Block$[rbp] - 002c8 48 8b 00 mov rax, QWORD PTR [rax] - 002cb 48 89 45 08 mov QWORD PTR T$9[rbp], rax + 00316 48 8b 00 mov rax, QWORD PTR [rax] + 00319 48 89 45 08 mov QWORD PTR T$9[rbp], rax -; 457 : continue; +; 479 : continue; - 002cf e9 82 fd ff ff jmp $LN2@NcFixRelJm + 0031d e9 34 fd ff ff jmp $LN2@NcFixRelJm -; 458 : } +; 480 : } - 002d4 e9 94 00 00 00 jmp $LN10@NcFixRelJm + 00322 e9 94 00 00 00 jmp $LN10@NcFixRelJm $LN9@NcFixRelJm: -; 459 : else -; 460 : { -; 461 : DispWidth = XedDecodedInstGetBranchDisplacementWidth(&T->XedInstruction); - - 002d9 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 002dd 48 83 c0 30 add rax, 48 ; 00000030H - 002e1 48 8b c8 mov rcx, rax - 002e4 e8 00 00 00 00 call xed_decoded_inst_get_branch_displacement_width - 002e9 89 45 44 mov DWORD PTR DispWidth$11[rbp], eax - -; 462 : switch (DispWidth) - - 002ec 8b 45 44 mov eax, DWORD PTR DispWidth$11[rbp] - 002ef 89 85 f4 06 00 - 00 mov DWORD PTR tv184[rbp], eax - 002f5 83 bd f4 06 00 - 00 01 cmp DWORD PTR tv184[rbp], 1 - 002fc 74 14 je SHORT $LN17@NcFixRelJm - 002fe 83 bd f4 06 00 - 00 02 cmp DWORD PTR tv184[rbp], 2 - 00305 74 2a je SHORT $LN18@NcFixRelJm - 00307 83 bd f4 06 00 - 00 04 cmp DWORD PTR tv184[rbp], 4 - 0030e 74 41 je SHORT $LN19@NcFixRelJm - 00310 eb 5b jmp SHORT $LN5@NcFixRelJm +; 481 : else +; 482 : { +; 483 : DispWidth = XedDecodedInstGetBranchDisplacementWidth(&T->XedInstruction); + + 00327 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 0032b 48 83 c0 30 add rax, 48 ; 00000030H + 0032f 48 8b c8 mov rcx, rax + 00332 e8 00 00 00 00 call xed_decoded_inst_get_branch_displacement_width + 00337 89 45 44 mov DWORD PTR DispWidth$11[rbp], eax + +; 484 : switch (DispWidth) + + 0033a 8b 45 44 mov eax, DWORD PTR DispWidth$11[rbp] + 0033d 89 85 14 07 00 + 00 mov DWORD PTR tv191[rbp], eax + 00343 83 bd 14 07 00 + 00 01 cmp DWORD PTR tv191[rbp], 1 + 0034a 74 14 je SHORT $LN15@NcFixRelJm + 0034c 83 bd 14 07 00 + 00 02 cmp DWORD PTR tv191[rbp], 2 + 00353 74 2a je SHORT $LN16@NcFixRelJm + 00355 83 bd 14 07 00 + 00 04 cmp DWORD PTR tv191[rbp], 4 + 0035c 74 41 je SHORT $LN17@NcFixRelJm + 0035e eb 5b jmp SHORT $LN5@NcFixRelJm +$LN15@NcFixRelJm: + +; 485 : { +; 486 : case 1: *(PINT8)&T->RawData[T->RawDataSize - DispWidth] = (INT8)BranchDisp; break; + + 00360 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 00364 8b 4d 44 mov ecx, DWORD PTR DispWidth$11[rbp] + 00367 8b 40 28 mov eax, DWORD PTR [rax+40] + 0036a 2b c1 sub eax, ecx + 0036c 8b c0 mov eax, eax + 0036e 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] + 00372 48 8b 49 20 mov rcx, QWORD PTR [rcx+32] + 00376 0f b6 55 24 movzx edx, BYTE PTR BranchDisp$10[rbp] + 0037a 88 14 01 mov BYTE PTR [rcx+rax], dl + 0037d eb 3c jmp SHORT $LN5@NcFixRelJm +$LN16@NcFixRelJm: + +; 487 : case 2: *(PINT16)&T->RawData[T->RawDataSize - DispWidth] = (INT16)BranchDisp; break; + + 0037f 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 00383 8b 4d 44 mov ecx, DWORD PTR DispWidth$11[rbp] + 00386 8b 40 28 mov eax, DWORD PTR [rax+40] + 00389 2b c1 sub eax, ecx + 0038b 8b c0 mov eax, eax + 0038d 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] + 00391 48 8b 49 20 mov rcx, QWORD PTR [rcx+32] + 00395 0f b7 55 24 movzx edx, WORD PTR BranchDisp$10[rbp] + 00399 66 89 14 01 mov WORD PTR [rcx+rax], dx + 0039d eb 1c jmp SHORT $LN5@NcFixRelJm $LN17@NcFixRelJm: -; 463 : { -; 464 : case 1: *(PINT8)&T->RawData[T->RawDataSize - DispWidth] = (INT8)BranchDisp; break; - - 00312 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 00316 8b 4d 44 mov ecx, DWORD PTR DispWidth$11[rbp] - 00319 8b 40 28 mov eax, DWORD PTR [rax+40] - 0031c 2b c1 sub eax, ecx - 0031e 8b c0 mov eax, eax - 00320 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] - 00324 48 8b 49 20 mov rcx, QWORD PTR [rcx+32] - 00328 0f b6 55 24 movzx edx, BYTE PTR BranchDisp$10[rbp] - 0032c 88 14 01 mov BYTE PTR [rcx+rax], dl - 0032f eb 3c jmp SHORT $LN5@NcFixRelJm -$LN18@NcFixRelJm: - -; 465 : case 2: *(PINT16)&T->RawData[T->RawDataSize - DispWidth] = (INT16)BranchDisp; break; - - 00331 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 00335 8b 4d 44 mov ecx, DWORD PTR DispWidth$11[rbp] - 00338 8b 40 28 mov eax, DWORD PTR [rax+40] - 0033b 2b c1 sub eax, ecx - 0033d 8b c0 mov eax, eax - 0033f 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] - 00343 48 8b 49 20 mov rcx, QWORD PTR [rcx+32] - 00347 0f b7 55 24 movzx edx, WORD PTR BranchDisp$10[rbp] - 0034b 66 89 14 01 mov WORD PTR [rcx+rax], dx - 0034f eb 1c jmp SHORT $LN5@NcFixRelJm -$LN19@NcFixRelJm: - -; 466 : case 4: *(PINT32)&T->RawData[T->RawDataSize - DispWidth] = (INT32)BranchDisp; break; - - 00351 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 00355 8b 4d 44 mov ecx, DWORD PTR DispWidth$11[rbp] - 00358 8b 40 28 mov eax, DWORD PTR [rax+40] - 0035b 2b c1 sub eax, ecx - 0035d 8b c0 mov eax, eax - 0035f 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] - 00363 48 8b 49 20 mov rcx, QWORD PTR [rcx+32] - 00367 8b 55 24 mov edx, DWORD PTR BranchDisp$10[rbp] - 0036a 89 14 01 mov DWORD PTR [rcx+rax], edx +; 488 : case 4: *(PINT32)&T->RawData[T->RawDataSize - DispWidth] = (INT32)BranchDisp; break; + + 0039f 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 003a3 8b 4d 44 mov ecx, DWORD PTR DispWidth$11[rbp] + 003a6 8b 40 28 mov eax, DWORD PTR [rax+40] + 003a9 2b c1 sub eax, ecx + 003ab 8b c0 mov eax, eax + 003ad 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] + 003b1 48 8b 49 20 mov rcx, QWORD PTR [rcx+32] + 003b5 8b 55 24 mov edx, DWORD PTR BranchDisp$10[rbp] + 003b8 89 14 01 mov DWORD PTR [rcx+rax], edx $LN5@NcFixRelJm: $LN10@NcFixRelJm: $LN7@NcFixRelJm: -; 467 : } -; 468 : } -; 469 : } -; 470 : -; 471 : T = T->Next; +; 489 : } +; 490 : } +; 491 : } +; 492 : +; 493 : T = T->Next; - 0036d 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] - 00371 48 8b 00 mov rax, QWORD PTR [rax] - 00374 48 89 45 08 mov QWORD PTR T$9[rbp], rax + 003bb 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] + 003bf 48 8b 00 mov rax, QWORD PTR [rax] + 003c2 48 89 45 08 mov QWORD PTR T$9[rbp], rax -; 472 : } +; 494 : } - 00378 e9 d9 fc ff ff jmp $LN2@NcFixRelJm + 003c6 e9 8b fc ff ff jmp $LN2@NcFixRelJm $LN3@NcFixRelJm: -; 473 : return TRUE; +; 495 : return TRUE; - 0037d b8 01 00 00 00 mov eax, 1 + 003cb b8 01 00 00 00 mov eax, 1 $LN1@NcFixRelJm: -; 474 : } +; 496 : } - 00382 48 8b f8 mov rdi, rax - 00385 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48] - 00389 48 8d 15 00 00 + 003d0 48 8b f8 mov rdi, rax + 003d3 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48] + 003d7 48 8d 15 00 00 00 00 lea rdx, OFFSET FLAT:?NcFixRelJmps@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcFrameData - 00390 e8 00 00 00 00 call _RTC_CheckStackVars - 00395 48 8b c7 mov rax, rdi - 00398 48 8b 8d f8 06 + 003de e8 00 00 00 00 call _RTC_CheckStackVars + 003e3 48 8b c7 mov rax, rdi + 003e6 48 8b 8d 28 07 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] - 0039f 48 33 cd xor rcx, rbp - 003a2 e8 00 00 00 00 call __security_check_cookie - 003a7 48 8d a5 00 07 - 00 00 lea rsp, QWORD PTR [rbp+1792] - 003ae 5f pop rdi - 003af 5e pop rsi - 003b0 5d pop rbp - 003b1 c3 ret 0 + 003ed 48 33 cd xor rcx, rbp + 003f0 e8 00 00 00 00 call __security_check_cookie + 003f5 48 8d a5 30 07 + 00 00 lea rsp, QWORD PTR [rbp+1840] + 003fc 5f pop rdi + 003fd 5e pop rsi + 003fe 5d pop rbp + 003ff c3 ret 0 ?NcFixRelJmps@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ENDP ; NcFixRelJmps _TEXT ENDS ; Function compile flags: /Odtp /RTCsu /ZI diff --git a/CodeVirtualizer/x64/Debug/Obfuscator.cod b/CodeVirtualizer/x64/Debug/Obfuscator.cod index 355f146..7f93417 100644 --- a/CodeVirtualizer/x64/Debug/Obfuscator.cod +++ b/CodeVirtualizer/x64/Debug/Obfuscator.cod @@ -88,9 +88,6 @@ PUBLIC ?__empty_global_delete@@YAXPEAX@Z ; __empty_global_delete PUBLIC ?__empty_global_delete@@YAXPEAX_K@Z ; __empty_global_delete PUBLIC ?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z ; __empty_global_delete PUBLIC ?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z ; __empty_global_delete -PUBLIC __local_stdio_printf_options -PUBLIC _vfprintf_l -PUBLIC printf PUBLIC wmemcpy PUBLIC ?_Adjust_manually_vector_aligned@std@@YAXAEAPEAXAEA_K@Z ; std::_Adjust_manually_vector_aligned PUBLIC ?_Orphan_all@_Container_base12@std@@QEAAXXZ ; std::_Container_base12::_Orphan_all @@ -115,7 +112,6 @@ PUBLIC ??$_Deallocate@$0BA@$0A@@std@@YAXPEAX_K@Z ; std::_Deallocate<16,0> PUBLIC ??$_Deallocate_plain@V?$allocator@U_Container_proxy@std@@@std@@@std@@YAXAEAV?$allocator@U_Container_proxy@std@@@0@QEAU_Container_proxy@0@@Z ; std::_Deallocate_plain > PUBLIC ?deallocate@?$_Default_allocator_traits@V?$allocator@U_Container_proxy@std@@@std@@@std@@SAXAEAV?$allocator@U_Container_proxy@std@@@2@QEAU_Container_proxy@2@_K@Z ; std::_Default_allocator_traits >::deallocate PUBLIC __JustMyCode_Default -PUBLIC ?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA ; `__local_stdio_printf_options'::`2'::_OptionsStorage PUBLIC ?__LINE__Var@?0??_Adjust_manually_vector_aligned@std@@YAXAEAPEAXAEA_K@Z@4JA ; `std::_Adjust_manually_vector_aligned'::`1'::__LINE__Var PUBLIC ??_C@_0BB@FCMFBGOM@invalid?5argument@ ; `string' PUBLIC ??_C@_02DKCKIIND@?$CFs@ ; `string' @@ -126,9 +122,6 @@ PUBLIC ??_C@_1CG@JNLFBNGN@?$AA?$CC?$AAi?$AAn?$AAv?$AAa?$AAl?$AAi?$AAd?$AA?5?$AAa PUBLIC ??_C@_0GI@DEICPIDJ@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string' PUBLIC ?__LINE__Var@?0??_Maklocwcs@std@@YAPEA_WPEB_W@Z@4JA ; `std::_Maklocwcs'::`1'::__LINE__Var PUBLIC ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string' -PUBLIC ??_C@_0CA@CCPOCKKK@RECIEVED?5INSTRUCTION?5COUNT?3?5?$CFu?6@ ; `string' -PUBLIC ??_C@_0BN@OELJCLJM@FAILED?5TO?5COMBINE?5BRANCHES?4?6@ ; `string' -PUBLIC ??_C@_05PDJBBECF@pause@ ; `string' PUBLIC ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ ; `string' PUBLIC ??_C@_1BK@MHIKGOKE@?$AA?3?$AAA?$AAM?$AA?3?$AAa?$AAm?$AA?3?$AAP?$AAM?$AA?3?$AAp?$AAm@ ; `string' EXTRN ??3@YAXPEAX_K@Z:PROC ; operator delete @@ -136,13 +129,10 @@ EXTRN __imp__invalid_parameter:PROC EXTRN memcpy:PROC EXTRN __imp_wcslen:PROC EXTRN strlen:PROC -EXTRN __imp_system:PROC EXTRN __imp__calloc_dbg:PROC EXTRN __imp__CrtDbgReport:PROC EXTRN __imp_??0_Lockit@std@@QEAA@H@Z:PROC EXTRN __imp_??1_Lockit@std@@QEAA@XZ:PROC -EXTRN __imp___acrt_iob_func:PROC -EXTRN __imp___stdio_common_vfprintf:PROC EXTRN ?_Xbad_alloc@std@@YAXXZ:PROC ; std::_Xbad_alloc EXTRN _Mbrtowc:PROC EXTRN __imp_?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ:PROC @@ -165,10 +155,6 @@ EXTRN __GSHandlerCheck:PROC EXTRN __GSHandlerCheck_EH4:PROC EXTRN __security_check_cookie:PROC EXTRN __security_cookie:QWORD -; COMDAT ?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA -_BSS SEGMENT -?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA DQ 01H DUP (?) ; `__local_stdio_printf_options'::`2'::_OptionsStorage -_BSS ENDS ; COMDAT pdata pdata SEGMENT $pdata$?__empty_global_delete@@YAXPEAX@Z DD imagerel $LN3 @@ -195,24 +181,6 @@ $pdata$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z DD imagerel $LN3 pdata ENDS ; COMDAT pdata pdata SEGMENT -$pdata$__local_stdio_printf_options DD imagerel $LN3 - DD imagerel $LN3+59 - DD imagerel $unwind$__local_stdio_printf_options -pdata ENDS -; COMDAT pdata -pdata SEGMENT -$pdata$_vfprintf_l DD imagerel $LN3 - DD imagerel $LN3+126 - DD imagerel $unwind$_vfprintf_l -pdata ENDS -; COMDAT pdata -pdata SEGMENT -$pdata$printf DD imagerel $LN3 - DD imagerel $LN3+214 - DD imagerel $unwind$printf -pdata ENDS -; COMDAT pdata -pdata SEGMENT $pdata$wmemcpy DD imagerel $LN3 DD imagerel $LN3+106 DD imagerel $unwind$wmemcpy @@ -303,8 +271,8 @@ $pdata$??1_NATIVE_CODE_BLOCK@@QEAA@XZ DD imagerel $LN3 pdata ENDS ; COMDAT pdata pdata SEGMENT -$pdata$?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN16 - DD imagerel $LN16+874 +$pdata$?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN15 + DD imagerel $LN15+816 DD imagerel $unwind$?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z pdata ENDS ; COMDAT pdata @@ -391,20 +359,6 @@ CONST ENDS CONST SEGMENT ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ DB ':AM:am:PM:pm', 00H ; `string' CONST ENDS -; COMDAT ??_C@_05PDJBBECF@pause@ -CONST SEGMENT -??_C@_05PDJBBECF@pause@ DB 'pause', 00H ; `string' -CONST ENDS -; COMDAT ??_C@_0BN@OELJCLJM@FAILED?5TO?5COMBINE?5BRANCHES?4?6@ -CONST SEGMENT -??_C@_0BN@OELJCLJM@FAILED?5TO?5COMBINE?5BRANCHES?4?6@ DB 'FAILED TO COMBI' - DB 'NE BRANCHES.', 0aH, 00H ; `string' -CONST ENDS -; COMDAT ??_C@_0CA@CCPOCKKK@RECIEVED?5INSTRUCTION?5COUNT?3?5?$CFu?6@ -CONST SEGMENT -??_C@_0CA@CCPOCKKK@RECIEVED?5INSTRUCTION?5COUNT?3?5?$CFu?6@ DB 'RECIEVED ' - DB 'INSTRUCTION COUNT: %u', 0aH, 00H ; `string' -CONST ENDS ; COMDAT ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ CONST SEGMENT ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ DB 'C:\Pro' @@ -632,11 +586,11 @@ xdata SEGMENT $ip2state$?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z DB 012H DB 00H DB 00H - DB 0b9H, 04H + DB 'E', 04H DB 02H DB 01aH DB 04H - DB 0a1H, 03H + DB '-', 03H DB 02H DB 01aH DB 00H @@ -671,11 +625,11 @@ xdata ENDS xdata SEGMENT $unwind$?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z DD 025054019H DD 01132318H - DD 0700c005fH + DD 0700c005bH DD 0500bH DD imagerel __GSHandlerCheck_EH4 DD imagerel $cppxdata$?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z - DD 02e2H + DD 02c2H xdata ENDS ; COMDAT CONST CONST SEGMENT @@ -713,16 +667,16 @@ CONST SEGMENT DB 06eH DB 00H ORG $+6 -?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z$rtcVarDesc DD 01d8H ; ObfObfuscate +?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z$rtcVarDesc DD 01b8H ; ObfObfuscate DD 030H DQ FLAT:?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z$rtcName$3 - DD 0188H + DD 0168H DD 030H DQ FLAT:?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z$rtcName$2 - DD 0138H + DD 0118H DD 030H DQ FLAT:?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z$rtcName$1 - DD 0e8H + DD 0c8H DD 030H DQ FLAT:?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z$rtcName$0 ORG $+192 @@ -974,49 +928,6 @@ $unwind$wmemcpy DD 025053401H xdata ENDS ; COMDAT xdata xdata SEGMENT -$unwind$printf DD 025054a19H - DD 011d2322H - DD 07016002bH - DD 05015H - DD imagerel __GSHandlerCheck - DD 0148H -xdata ENDS -; COMDAT CONST -CONST SEGMENT -printf$rtcName$0 DB 05fH - DB 041H - DB 072H - DB 067H - DB 04cH - DB 069H - DB 073H - DB 074H - DB 00H - ORG $+7 -printf$rtcVarDesc DD 048H - DD 08H - DQ FLAT:printf$rtcName$0 - ORG $+48 -printf$rtcFrameData DD 01H - DD 00H - DQ FLAT:printf$rtcVarDesc -CONST ENDS -; COMDAT xdata -xdata SEGMENT -$unwind$_vfprintf_l DD 035053901H - DD 011d3322H - DD 07016001fH - DD 05015H -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$unwind$__local_stdio_printf_options DD 025051e01H - DD 010a230fH - DD 07003001dH - DD 05002H -xdata ENDS -; COMDAT xdata -xdata SEGMENT $ip2state$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z DB 02H DB 00H DB 00H @@ -1472,41 +1383,40 @@ InstructionCount$ = 4 TargetCount$7 = 36 CurrentCount$8 = 68 NewBlockStart$9 = 104 -RealEnd$10 = 136 -T$11 = 168 -NotTaken$12 = 200 -Taken$13 = 280 -NotTaken$14 = 360 -Taken$15 = 440 -tv182 = 692 -tv143 = 692 -tv180 = 696 -tv141 = 696 -__$ArrayPad$ = 704 -Obf$ = 752 -Block$ = 760 +T$10 = 136 +NotTaken$11 = 168 +Taken$12 = 248 +NotTaken$13 = 328 +Taken$14 = 408 +tv176 = 660 +tv141 = 660 +tv174 = 664 +tv139 = 664 +__$ArrayPad$ = 672 +Obf$ = 720 +Block$ = 728 ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z PROC ; ObfObfuscate, COMDAT ; 7 : { -$LN16: +$LN15: 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx 00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 0000a 55 push rbp 0000b 57 push rdi - 0000c 48 81 ec f8 02 - 00 00 sub rsp, 760 ; 000002f8H + 0000c 48 81 ec d8 02 + 00 00 sub rsp, 728 ; 000002d8H 00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] 00018 48 8b fc mov rdi, rsp - 0001b b9 be 00 00 00 mov ecx, 190 ; 000000beH + 0001b b9 b6 00 00 00 mov ecx, 182 ; 000000b6H 00020 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH 00025 f3 ab rep stosd - 00027 48 8b 8c 24 18 - 03 00 00 mov rcx, QWORD PTR [rsp+792] + 00027 48 8b 8c 24 f8 + 02 00 00 mov rcx, QWORD PTR [rsp+760] 0002f 48 8b 05 00 00 00 00 mov rax, QWORD PTR __security_cookie 00036 48 33 c5 xor rax, rbp - 00039 48 89 85 c0 02 + 00039 48 89 85 a0 02 00 00 mov QWORD PTR __$ArrayPad$[rbp], rax 00040 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:__135BC3AC_Obfuscator@cpp @@ -1514,365 +1424,333 @@ $LN16: ; 8 : ULONG InstructionCount = NcCountInstructions(Block); - 0004c 48 8b 8d f8 02 + 0004c 48 8b 8d d8 02 00 00 mov rcx, QWORD PTR Block$[rbp] 00053 e8 00 00 00 00 call ?NcCountInstructions@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcCountInstructions 00058 89 45 04 mov DWORD PTR InstructionCount$[rbp], eax -; 9 : printf("RECIEVED INSTRUCTION COUNT: %u\n", InstructionCount); - - 0005b 8b 55 04 mov edx, DWORD PTR InstructionCount$[rbp] - 0005e 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:??_C@_0CA@CCPOCKKK@RECIEVED?5INSTRUCTION?5COUNT?3?5?$CFu?6@ - 00065 e8 00 00 00 00 call printf +; 9 : if (InstructionCount <= Obf->MinInstCount) -; 10 : if (InstructionCount <= Obf->MinInstCount) - - 0006a 48 8b 85 f0 02 + 0005b 48 8b 85 d0 02 00 00 mov rax, QWORD PTR Obf$[rbp] - 00071 8b 00 mov eax, DWORD PTR [rax] - 00073 39 45 04 cmp DWORD PTR InstructionCount$[rbp], eax - 00076 77 05 ja SHORT $LN5@ObfObfusca + 00062 8b 00 mov eax, DWORD PTR [rax] + 00064 39 45 04 cmp DWORD PTR InstructionCount$[rbp], eax + 00067 77 05 ja SHORT $LN5@ObfObfusca -; 11 : { -; 12 : -; 13 : } +; 10 : { +; 11 : +; 12 : } - 00078 e9 c4 02 00 00 jmp $LN6@ObfObfusca + 00069 e9 99 02 00 00 jmp $LN6@ObfObfusca $LN5@ObfObfusca: -; 14 : else -; 15 : { -; 16 : ULONG TargetCount = InstructionCount / 2; +; 13 : else +; 14 : { +; 15 : ULONG TargetCount = InstructionCount / 2; - 0007d 33 d2 xor edx, edx - 0007f 8b 45 04 mov eax, DWORD PTR InstructionCount$[rbp] - 00082 b9 02 00 00 00 mov ecx, 2 - 00087 f7 f1 div ecx - 00089 89 45 24 mov DWORD PTR TargetCount$7[rbp], eax + 0006e 33 d2 xor edx, edx + 00070 8b 45 04 mov eax, DWORD PTR InstructionCount$[rbp] + 00073 b9 02 00 00 00 mov ecx, 2 + 00078 f7 f1 div ecx + 0007a 89 45 24 mov DWORD PTR TargetCount$7[rbp], eax -; 17 : ULONG CurrentCount = 0; +; 16 : ULONG CurrentCount = 0; - 0008c c7 45 44 00 00 + 0007d c7 45 44 00 00 00 00 mov DWORD PTR CurrentCount$8[rbp], 0 -; 18 : PNATIVE_CODE_LINK NewBlockStart = Block->Start; - - 00093 48 8b 85 f8 02 - 00 00 mov rax, QWORD PTR Block$[rbp] - 0009a 48 8b 00 mov rax, QWORD PTR [rax] - 0009d 48 89 45 68 mov QWORD PTR NewBlockStart$9[rbp], rax - -; 19 : PNATIVE_CODE_LINK RealEnd = Block->End->Next; +; 17 : PNATIVE_CODE_LINK NewBlockStart = Block->Start; - 000a1 48 8b 85 f8 02 + 00084 48 8b 85 d8 02 00 00 mov rax, QWORD PTR Block$[rbp] - 000a8 48 8b 40 08 mov rax, QWORD PTR [rax+8] - 000ac 48 8b 00 mov rax, QWORD PTR [rax] - 000af 48 89 85 88 00 - 00 00 mov QWORD PTR RealEnd$10[rbp], rax + 0008b 48 8b 00 mov rax, QWORD PTR [rax] + 0008e 48 89 45 68 mov QWORD PTR NewBlockStart$9[rbp], rax -; 20 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != RealEnd;) +; 18 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;) - 000b6 48 8b 85 f8 02 + 00092 48 8b 85 d8 02 00 00 mov rax, QWORD PTR Block$[rbp] - 000bd 48 8b 00 mov rax, QWORD PTR [rax] - 000c0 48 89 85 a8 00 - 00 00 mov QWORD PTR T$11[rbp], rax + 00099 48 8b 00 mov rax, QWORD PTR [rax] + 0009c 48 89 85 88 00 + 00 00 mov QWORD PTR T$10[rbp], rax $LN2@ObfObfusca: - 000c7 48 83 bd a8 00 - 00 00 00 cmp QWORD PTR T$11[rbp], 0 - 000cf 0f 84 7d 01 00 + 000a3 48 83 bd 88 00 + 00 00 00 cmp QWORD PTR T$10[rbp], 0 + 000ab 0f 84 67 01 00 00 je $LN3@ObfObfusca - 000d5 48 8b 85 88 00 - 00 00 mov rax, QWORD PTR RealEnd$10[rbp] - 000dc 48 39 85 a8 00 - 00 00 cmp QWORD PTR T$11[rbp], rax - 000e3 0f 84 69 01 00 + 000b1 48 8b 85 d8 02 + 00 00 mov rax, QWORD PTR Block$[rbp] + 000b8 48 8b 40 08 mov rax, QWORD PTR [rax+8] + 000bc 48 8b 00 mov rax, QWORD PTR [rax] + 000bf 48 39 85 88 00 + 00 00 cmp QWORD PTR T$10[rbp], rax + 000c6 0f 84 4c 01 00 00 je $LN3@ObfObfusca -; 21 : { -; 22 : if (T->Flags & CODE_FLAG_IS_LABEL) +; 19 : { +; 20 : if (T->Flags & CODE_FLAG_IS_LABEL) - 000e9 48 8b 85 a8 00 - 00 00 mov rax, QWORD PTR T$11[rbp] - 000f0 8b 40 18 mov eax, DWORD PTR [rax+24] - 000f3 83 e0 01 and eax, 1 - 000f6 85 c0 test eax, eax - 000f8 74 13 je SHORT $LN7@ObfObfusca + 000cc 48 8b 85 88 00 + 00 00 mov rax, QWORD PTR T$10[rbp] + 000d3 8b 40 18 mov eax, DWORD PTR [rax+24] + 000d6 83 e0 01 and eax, 1 + 000d9 85 c0 test eax, eax + 000db 74 13 je SHORT $LN7@ObfObfusca -; 23 : { -; 24 : T = T->Next; +; 21 : { +; 22 : T = T->Next; - 000fa 48 8b 85 a8 00 - 00 00 mov rax, QWORD PTR T$11[rbp] - 00101 48 8b 00 mov rax, QWORD PTR [rax] - 00104 48 89 85 a8 00 - 00 00 mov QWORD PTR T$11[rbp], rax + 000dd 48 8b 85 88 00 + 00 00 mov rax, QWORD PTR T$10[rbp] + 000e4 48 8b 00 mov rax, QWORD PTR [rax] + 000e7 48 89 85 88 00 + 00 00 mov QWORD PTR T$10[rbp], rax -; 25 : continue; +; 23 : continue; - 0010b eb ba jmp SHORT $LN2@ObfObfusca + 000ee eb b3 jmp SHORT $LN2@ObfObfusca $LN7@ObfObfusca: -; 26 : } -; 27 : -; 28 : ++CurrentCount; +; 24 : } +; 25 : +; 26 : ++CurrentCount; - 0010d 8b 45 44 mov eax, DWORD PTR CurrentCount$8[rbp] - 00110 ff c0 inc eax - 00112 89 45 44 mov DWORD PTR CurrentCount$8[rbp], eax + 000f0 8b 45 44 mov eax, DWORD PTR CurrentCount$8[rbp] + 000f3 ff c0 inc eax + 000f5 89 45 44 mov DWORD PTR CurrentCount$8[rbp], eax -; 29 : -; 30 : if (CurrentCount == TargetCount) +; 27 : +; 28 : if (CurrentCount == TargetCount) - 00115 8b 45 24 mov eax, DWORD PTR TargetCount$7[rbp] - 00118 39 45 44 cmp DWORD PTR CurrentCount$8[rbp], eax - 0011b 0f 85 1b 01 00 + 000f8 8b 45 24 mov eax, DWORD PTR TargetCount$7[rbp] + 000fb 39 45 44 cmp DWORD PTR CurrentCount$8[rbp], eax + 000fe 0f 85 fe 00 00 00 jne $LN8@ObfObfusca -; 31 : { -; 32 : NATIVE_CODE_BLOCK NotTaken, Taken; - - 00121 48 8d 8d c8 00 - 00 00 lea rcx, QWORD PTR NotTaken$12[rbp] - 00128 e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK - 0012d 90 npad 1 - 0012e 48 8d 8d 18 01 - 00 00 lea rcx, QWORD PTR Taken$13[rbp] - 00135 e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK - 0013a 90 npad 1 - -; 33 : ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken); - - 0013b 4c 8d 8d 18 01 - 00 00 lea r9, QWORD PTR Taken$13[rbp] - 00142 4c 8d 85 c8 00 - 00 00 lea r8, QWORD PTR NotTaken$12[rbp] - 00149 48 8b 95 a8 00 - 00 00 mov rdx, QWORD PTR T$11[rbp] - 00150 48 8b 4d 68 mov rcx, QWORD PTR NewBlockStart$9[rbp] - 00154 e8 00 00 00 00 call ?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z ; ObfCreateOpaqueBranches - -; 34 : ObfObfuscate(Obf, &NotTaken); - - 00159 48 8d 95 c8 00 - 00 00 lea rdx, QWORD PTR NotTaken$12[rbp] - 00160 48 8b 8d f0 02 +; 29 : { +; 30 : NATIVE_CODE_BLOCK NotTaken, Taken; + + 00104 48 8d 8d a8 00 + 00 00 lea rcx, QWORD PTR NotTaken$11[rbp] + 0010b e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK + 00110 90 npad 1 + 00111 48 8d 8d f8 00 + 00 00 lea rcx, QWORD PTR Taken$12[rbp] + 00118 e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK + 0011d 90 npad 1 + +; 31 : ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken); + + 0011e 4c 8d 8d f8 00 + 00 00 lea r9, QWORD PTR Taken$12[rbp] + 00125 4c 8d 85 a8 00 + 00 00 lea r8, QWORD PTR NotTaken$11[rbp] + 0012c 48 8b 95 88 00 + 00 00 mov rdx, QWORD PTR T$10[rbp] + 00133 48 8b 4d 68 mov rcx, QWORD PTR NewBlockStart$9[rbp] + 00137 e8 00 00 00 00 call ?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z ; ObfCreateOpaqueBranches + +; 32 : ObfObfuscate(Obf, &NotTaken); + + 0013c 48 8d 95 a8 00 + 00 00 lea rdx, QWORD PTR NotTaken$11[rbp] + 00143 48 8b 8d d0 02 00 00 mov rcx, QWORD PTR Obf$[rbp] - 00167 e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate + 0014a e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate -; 35 : ObfObfuscate(Obf, &Taken); +; 33 : ObfObfuscate(Obf, &Taken); - 0016c 48 8d 95 18 01 - 00 00 lea rdx, QWORD PTR Taken$13[rbp] - 00173 48 8b 8d f0 02 + 0014f 48 8d 95 f8 00 + 00 00 lea rdx, QWORD PTR Taken$12[rbp] + 00156 48 8b 8d d0 02 00 00 mov rcx, QWORD PTR Obf$[rbp] - 0017a e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate + 0015d e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate -; 36 : if (!ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock))) +; 34 : ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock)); - 0017f 48 8b 85 f0 02 + 00162 48 8b 85 d0 02 00 00 mov rax, QWORD PTR Obf$[rbp] - 00186 48 8b 48 08 mov rcx, QWORD PTR [rax+8] - 0018a e8 00 00 00 00 call ?NcGenUnusedLabelId@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcGenUnusedLabelId - 0018f 89 85 b4 02 00 - 00 mov DWORD PTR tv143[rbp], eax - 00195 48 8b 85 f0 02 - 00 00 mov rax, QWORD PTR Obf$[rbp] - 0019c 48 8b 48 08 mov rcx, QWORD PTR [rax+8] - 001a0 e8 00 00 00 00 call ?NcGenUnusedLabelId@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcGenUnusedLabelId - 001a5 89 85 b8 02 00 + 00169 48 8b 48 08 mov rcx, QWORD PTR [rax+8] + 0016d e8 00 00 00 00 call ?NcGenUnusedLabelId@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcGenUnusedLabelId + 00172 89 85 94 02 00 00 mov DWORD PTR tv141[rbp], eax - 001ab 44 8b 8d b4 02 - 00 00 mov r9d, DWORD PTR tv143[rbp] - 001b2 44 8b 85 b8 02 - 00 00 mov r8d, DWORD PTR tv141[rbp] - 001b9 48 8d 95 18 01 - 00 00 lea rdx, QWORD PTR Taken$13[rbp] - 001c0 48 8d 8d c8 00 - 00 00 lea rcx, QWORD PTR NotTaken$12[rbp] - 001c7 e8 00 00 00 00 call ?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z ; ObfCombineOpaqueBranches - 001cc 85 c0 test eax, eax - 001ce 75 19 jne SHORT $LN9@ObfObfusca - -; 37 : { -; 38 : printf("FAILED TO COMBINE BRANCHES.\n"); - - 001d0 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:??_C@_0BN@OELJCLJM@FAILED?5TO?5COMBINE?5BRANCHES?4?6@ - 001d7 e8 00 00 00 00 call printf - -; 39 : system("pause"); - - 001dc 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@ - 001e3 ff 15 00 00 00 - 00 call QWORD PTR __imp_system -$LN9@ObfObfusca: - -; 40 : } -; 41 : ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken); - - 001e9 4c 8d 85 c8 00 - 00 00 lea r8, QWORD PTR NotTaken$12[rbp] - 001f0 48 8b 95 a8 00 - 00 00 mov rdx, QWORD PTR T$11[rbp] - 001f7 48 8b 4d 68 mov rcx, QWORD PTR NewBlockStart$9[rbp] - 001fb e8 00 00 00 00 call ?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfInsertOpaqueBranchBlock - -; 42 : T = NotTaken.End; - - 00200 48 8b 85 d0 00 - 00 00 mov rax, QWORD PTR NotTaken$12[rbp+8] - 00207 48 89 85 a8 00 - 00 00 mov QWORD PTR T$11[rbp], rax - -; 43 : NewBlockStart = T->Next; - - 0020e 48 8b 85 a8 00 - 00 00 mov rax, QWORD PTR T$11[rbp] - 00215 48 8b 00 mov rax, QWORD PTR [rax] - 00218 48 89 45 68 mov QWORD PTR NewBlockStart$9[rbp], rax - -; 44 : CurrentCount = 0; - - 0021c c7 45 44 00 00 + 00178 48 8b 85 d0 02 + 00 00 mov rax, QWORD PTR Obf$[rbp] + 0017f 48 8b 48 08 mov rcx, QWORD PTR [rax+8] + 00183 e8 00 00 00 00 call ?NcGenUnusedLabelId@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcGenUnusedLabelId + 00188 89 85 98 02 00 + 00 mov DWORD PTR tv139[rbp], eax + 0018e 44 8b 8d 94 02 + 00 00 mov r9d, DWORD PTR tv141[rbp] + 00195 44 8b 85 98 02 + 00 00 mov r8d, DWORD PTR tv139[rbp] + 0019c 48 8d 95 f8 00 + 00 00 lea rdx, QWORD PTR Taken$12[rbp] + 001a3 48 8d 8d a8 00 + 00 00 lea rcx, QWORD PTR NotTaken$11[rbp] + 001aa e8 00 00 00 00 call ?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z ; ObfCombineOpaqueBranches + +; 35 : ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken); + + 001af 4c 8d 85 a8 00 + 00 00 lea r8, QWORD PTR NotTaken$11[rbp] + 001b6 48 8b 95 88 00 + 00 00 mov rdx, QWORD PTR T$10[rbp] + 001bd 48 8b 4d 68 mov rcx, QWORD PTR NewBlockStart$9[rbp] + 001c1 e8 00 00 00 00 call ?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfInsertOpaqueBranchBlock + +; 36 : T = NotTaken.End; + + 001c6 48 8b 85 b0 00 + 00 00 mov rax, QWORD PTR NotTaken$11[rbp+8] + 001cd 48 89 85 88 00 + 00 00 mov QWORD PTR T$10[rbp], rax + +; 37 : NewBlockStart = T->Next; + + 001d4 48 8b 85 88 00 + 00 00 mov rax, QWORD PTR T$10[rbp] + 001db 48 8b 00 mov rax, QWORD PTR [rax] + 001de 48 89 45 68 mov QWORD PTR NewBlockStart$9[rbp], rax + +; 38 : CurrentCount = 0; + + 001e2 c7 45 44 00 00 00 00 mov DWORD PTR CurrentCount$8[rbp], 0 -; 45 : } +; 39 : } - 00223 48 8d 8d 18 01 - 00 00 lea rcx, QWORD PTR Taken$13[rbp] - 0022a e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ - 0022f 90 npad 1 - 00230 48 8d 8d c8 00 - 00 00 lea rcx, QWORD PTR NotTaken$12[rbp] - 00237 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ + 001e9 48 8d 8d f8 00 + 00 00 lea rcx, QWORD PTR Taken$12[rbp] + 001f0 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ + 001f5 90 npad 1 + 001f6 48 8d 8d a8 00 + 00 00 lea rcx, QWORD PTR NotTaken$11[rbp] + 001fd e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ $LN8@ObfObfusca: -; 46 : T = T->Next; +; 40 : T = T->Next; - 0023c 48 8b 85 a8 00 - 00 00 mov rax, QWORD PTR T$11[rbp] - 00243 48 8b 00 mov rax, QWORD PTR [rax] - 00246 48 89 85 a8 00 - 00 00 mov QWORD PTR T$11[rbp], rax + 00202 48 8b 85 88 00 + 00 00 mov rax, QWORD PTR T$10[rbp] + 00209 48 8b 00 mov rax, QWORD PTR [rax] + 0020c 48 89 85 88 00 + 00 00 mov QWORD PTR T$10[rbp], rax -; 47 : } +; 41 : } - 0024d e9 75 fe ff ff jmp $LN2@ObfObfusca + 00213 e9 8b fe ff ff jmp $LN2@ObfObfusca $LN3@ObfObfusca: -; 48 : if (NewBlockStart) +; 42 : if (NewBlockStart) - 00252 48 83 7d 68 00 cmp QWORD PTR NewBlockStart$9[rbp], 0 - 00257 0f 84 e4 00 00 + 00218 48 83 7d 68 00 cmp QWORD PTR NewBlockStart$9[rbp], 0 + 0021d 0f 84 e4 00 00 00 je $LN6@ObfObfusca -; 49 : { -; 50 : NATIVE_CODE_BLOCK NotTaken, Taken; - - 0025d 48 8d 8d 68 01 - 00 00 lea rcx, QWORD PTR NotTaken$14[rbp] - 00264 e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK - 00269 90 npad 1 - 0026a 48 8d 8d b8 01 - 00 00 lea rcx, QWORD PTR Taken$15[rbp] - 00271 e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK - 00276 90 npad 1 - -; 51 : ObfCreateOpaqueBranches(NewBlockStart, Block->End, &NotTaken, &Taken); - - 00277 4c 8d 8d b8 01 - 00 00 lea r9, QWORD PTR Taken$15[rbp] - 0027e 4c 8d 85 68 01 - 00 00 lea r8, QWORD PTR NotTaken$14[rbp] - 00285 48 8b 85 f8 02 +; 43 : { +; 44 : NATIVE_CODE_BLOCK NotTaken, Taken; + + 00223 48 8d 8d 48 01 + 00 00 lea rcx, QWORD PTR NotTaken$13[rbp] + 0022a e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK + 0022f 90 npad 1 + 00230 48 8d 8d 98 01 + 00 00 lea rcx, QWORD PTR Taken$14[rbp] + 00237 e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK + 0023c 90 npad 1 + +; 45 : ObfCreateOpaqueBranches(NewBlockStart, Block->End, &NotTaken, &Taken); + + 0023d 4c 8d 8d 98 01 + 00 00 lea r9, QWORD PTR Taken$14[rbp] + 00244 4c 8d 85 48 01 + 00 00 lea r8, QWORD PTR NotTaken$13[rbp] + 0024b 48 8b 85 d8 02 00 00 mov rax, QWORD PTR Block$[rbp] - 0028c 48 8b 50 08 mov rdx, QWORD PTR [rax+8] - 00290 48 8b 4d 68 mov rcx, QWORD PTR NewBlockStart$9[rbp] - 00294 e8 00 00 00 00 call ?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z ; ObfCreateOpaqueBranches + 00252 48 8b 50 08 mov rdx, QWORD PTR [rax+8] + 00256 48 8b 4d 68 mov rcx, QWORD PTR NewBlockStart$9[rbp] + 0025a e8 00 00 00 00 call ?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z ; ObfCreateOpaqueBranches -; 52 : ObfObfuscate(Obf, &NotTaken); +; 46 : ObfObfuscate(Obf, &NotTaken); - 00299 48 8d 95 68 01 - 00 00 lea rdx, QWORD PTR NotTaken$14[rbp] - 002a0 48 8b 8d f0 02 + 0025f 48 8d 95 48 01 + 00 00 lea rdx, QWORD PTR NotTaken$13[rbp] + 00266 48 8b 8d d0 02 00 00 mov rcx, QWORD PTR Obf$[rbp] - 002a7 e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate + 0026d e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate -; 53 : ObfObfuscate(Obf, &Taken); +; 47 : ObfObfuscate(Obf, &Taken); - 002ac 48 8d 95 b8 01 - 00 00 lea rdx, QWORD PTR Taken$15[rbp] - 002b3 48 8b 8d f0 02 + 00272 48 8d 95 98 01 + 00 00 lea rdx, QWORD PTR Taken$14[rbp] + 00279 48 8b 8d d0 02 00 00 mov rcx, QWORD PTR Obf$[rbp] - 002ba e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate + 00280 e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate -; 54 : ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock)); +; 48 : ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock)); - 002bf 48 8b 85 f0 02 + 00285 48 8b 85 d0 02 00 00 mov rax, QWORD PTR Obf$[rbp] - 002c6 48 8b 48 08 mov rcx, QWORD PTR [rax+8] - 002ca e8 00 00 00 00 call ?NcGenUnusedLabelId@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcGenUnusedLabelId - 002cf 89 85 b4 02 00 - 00 mov DWORD PTR tv182[rbp], eax - 002d5 48 8b 85 f0 02 + 0028c 48 8b 48 08 mov rcx, QWORD PTR [rax+8] + 00290 e8 00 00 00 00 call ?NcGenUnusedLabelId@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcGenUnusedLabelId + 00295 89 85 94 02 00 + 00 mov DWORD PTR tv176[rbp], eax + 0029b 48 8b 85 d0 02 00 00 mov rax, QWORD PTR Obf$[rbp] - 002dc 48 8b 48 08 mov rcx, QWORD PTR [rax+8] - 002e0 e8 00 00 00 00 call ?NcGenUnusedLabelId@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcGenUnusedLabelId - 002e5 89 85 b8 02 00 - 00 mov DWORD PTR tv180[rbp], eax - 002eb 44 8b 8d b4 02 - 00 00 mov r9d, DWORD PTR tv182[rbp] - 002f2 44 8b 85 b8 02 - 00 00 mov r8d, DWORD PTR tv180[rbp] - 002f9 48 8d 95 b8 01 - 00 00 lea rdx, QWORD PTR Taken$15[rbp] - 00300 48 8d 8d 68 01 - 00 00 lea rcx, QWORD PTR NotTaken$14[rbp] - 00307 e8 00 00 00 00 call ?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z ; ObfCombineOpaqueBranches - -; 55 : ObfInsertOpaqueBranchBlock(NewBlockStart, Block->End, &NotTaken); - - 0030c 4c 8d 85 68 01 - 00 00 lea r8, QWORD PTR NotTaken$14[rbp] - 00313 48 8b 85 f8 02 + 002a2 48 8b 48 08 mov rcx, QWORD PTR [rax+8] + 002a6 e8 00 00 00 00 call ?NcGenUnusedLabelId@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcGenUnusedLabelId + 002ab 89 85 98 02 00 + 00 mov DWORD PTR tv174[rbp], eax + 002b1 44 8b 8d 94 02 + 00 00 mov r9d, DWORD PTR tv176[rbp] + 002b8 44 8b 85 98 02 + 00 00 mov r8d, DWORD PTR tv174[rbp] + 002bf 48 8d 95 98 01 + 00 00 lea rdx, QWORD PTR Taken$14[rbp] + 002c6 48 8d 8d 48 01 + 00 00 lea rcx, QWORD PTR NotTaken$13[rbp] + 002cd e8 00 00 00 00 call ?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z ; ObfCombineOpaqueBranches + +; 49 : ObfInsertOpaqueBranchBlock(NewBlockStart, Block->End, &NotTaken); + + 002d2 4c 8d 85 48 01 + 00 00 lea r8, QWORD PTR NotTaken$13[rbp] + 002d9 48 8b 85 d8 02 00 00 mov rax, QWORD PTR Block$[rbp] - 0031a 48 8b 50 08 mov rdx, QWORD PTR [rax+8] - 0031e 48 8b 4d 68 mov rcx, QWORD PTR NewBlockStart$9[rbp] - 00322 e8 00 00 00 00 call ?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfInsertOpaqueBranchBlock - 00327 90 npad 1 - -; 56 : } - - 00328 48 8d 8d b8 01 - 00 00 lea rcx, QWORD PTR Taken$15[rbp] - 0032f e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ - 00334 90 npad 1 - 00335 48 8d 8d 68 01 - 00 00 lea rcx, QWORD PTR NotTaken$14[rbp] - 0033c e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ + 002e0 48 8b 50 08 mov rdx, QWORD PTR [rax+8] + 002e4 48 8b 4d 68 mov rcx, QWORD PTR NewBlockStart$9[rbp] + 002e8 e8 00 00 00 00 call ?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfInsertOpaqueBranchBlock + 002ed 90 npad 1 + +; 50 : } + + 002ee 48 8d 8d 98 01 + 00 00 lea rcx, QWORD PTR Taken$14[rbp] + 002f5 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ + 002fa 90 npad 1 + 002fb 48 8d 8d 48 01 + 00 00 lea rcx, QWORD PTR NotTaken$13[rbp] + 00302 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ $LN6@ObfObfusca: -; 57 : } -; 58 : -; 59 : } +; 51 : } +; 52 : +; 53 : } - 00341 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] - 00345 48 8d 15 00 00 + 00307 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] + 0030b 48 8d 15 00 00 00 00 lea rdx, OFFSET FLAT:?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z$rtcFrameData - 0034c e8 00 00 00 00 call _RTC_CheckStackVars - 00351 48 8b 8d c0 02 + 00312 e8 00 00 00 00 call _RTC_CheckStackVars + 00317 48 8b 8d a0 02 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] - 00358 48 33 cd xor rcx, rbp - 0035b e8 00 00 00 00 call __security_check_cookie - 00360 48 8d a5 d8 02 - 00 00 lea rsp, QWORD PTR [rbp+728] - 00367 5f pop rdi - 00368 5d pop rbp - 00369 c3 ret 0 + 0031e 48 33 cd xor rcx, rbp + 00321 e8 00 00 00 00 call __security_check_cookie + 00326 48 8d a5 b8 02 + 00 00 lea rsp, QWORD PTR [rbp+696] + 0032d 5f pop rdi + 0032e 5d pop rbp + 0032f c3 ret 0 ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ENDP ; ObfObfuscate _TEXT ENDS ; COMDAT text$x @@ -1881,19 +1759,18 @@ InstructionCount$ = 4 TargetCount$7 = 36 CurrentCount$8 = 68 NewBlockStart$9 = 104 -RealEnd$10 = 136 -T$11 = 168 -NotTaken$12 = 200 -Taken$13 = 280 -NotTaken$14 = 360 -Taken$15 = 440 -tv182 = 692 -tv143 = 692 -tv180 = 696 -tv141 = 696 -__$ArrayPad$ = 704 -Obf$ = 752 -Block$ = 760 +T$10 = 136 +NotTaken$11 = 168 +Taken$12 = 248 +NotTaken$13 = 328 +Taken$14 = 408 +tv176 = 660 +tv141 = 660 +tv174 = 664 +tv139 = 664 +__$ArrayPad$ = 672 +Obf$ = 720 +Block$ = 728 ?dtor$0@?0??ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `ObfObfuscate'::`1'::dtor$0 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -1901,8 +1778,8 @@ Block$ = 760 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 8d c8 00 - 00 00 lea rcx, QWORD PTR NotTaken$12[rbp] + 00014 48 8d 8d a8 00 + 00 00 lea rcx, QWORD PTR NotTaken$11[rbp] 0001b e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 00020 48 83 c4 28 add rsp, 40 ; 00000028H 00024 5f pop rdi @@ -1916,19 +1793,18 @@ InstructionCount$ = 4 TargetCount$7 = 36 CurrentCount$8 = 68 NewBlockStart$9 = 104 -RealEnd$10 = 136 -T$11 = 168 -NotTaken$12 = 200 -Taken$13 = 280 -NotTaken$14 = 360 -Taken$15 = 440 -tv182 = 692 -tv143 = 692 -tv180 = 696 -tv141 = 696 -__$ArrayPad$ = 704 -Obf$ = 752 -Block$ = 760 +T$10 = 136 +NotTaken$11 = 168 +Taken$12 = 248 +NotTaken$13 = 328 +Taken$14 = 408 +tv176 = 660 +tv141 = 660 +tv174 = 664 +tv139 = 664 +__$ArrayPad$ = 672 +Obf$ = 720 +Block$ = 728 ?dtor$1@?0??ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `ObfObfuscate'::`1'::dtor$1 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -1936,8 +1812,8 @@ Block$ = 760 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 8d 18 01 - 00 00 lea rcx, QWORD PTR Taken$13[rbp] + 00014 48 8d 8d f8 00 + 00 00 lea rcx, QWORD PTR Taken$12[rbp] 0001b e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 00020 48 83 c4 28 add rsp, 40 ; 00000028H 00024 5f pop rdi @@ -1951,19 +1827,18 @@ InstructionCount$ = 4 TargetCount$7 = 36 CurrentCount$8 = 68 NewBlockStart$9 = 104 -RealEnd$10 = 136 -T$11 = 168 -NotTaken$12 = 200 -Taken$13 = 280 -NotTaken$14 = 360 -Taken$15 = 440 -tv182 = 692 -tv143 = 692 -tv180 = 696 -tv141 = 696 -__$ArrayPad$ = 704 -Obf$ = 752 -Block$ = 760 +T$10 = 136 +NotTaken$11 = 168 +Taken$12 = 248 +NotTaken$13 = 328 +Taken$14 = 408 +tv176 = 660 +tv141 = 660 +tv174 = 664 +tv139 = 664 +__$ArrayPad$ = 672 +Obf$ = 720 +Block$ = 728 ?dtor$2@?0??ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `ObfObfuscate'::`1'::dtor$2 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -1971,8 +1846,8 @@ Block$ = 760 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 8d 68 01 - 00 00 lea rcx, QWORD PTR NotTaken$14[rbp] + 00014 48 8d 8d 48 01 + 00 00 lea rcx, QWORD PTR NotTaken$13[rbp] 0001b e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 00020 48 83 c4 28 add rsp, 40 ; 00000028H 00024 5f pop rdi @@ -1986,19 +1861,18 @@ InstructionCount$ = 4 TargetCount$7 = 36 CurrentCount$8 = 68 NewBlockStart$9 = 104 -RealEnd$10 = 136 -T$11 = 168 -NotTaken$12 = 200 -Taken$13 = 280 -NotTaken$14 = 360 -Taken$15 = 440 -tv182 = 692 -tv143 = 692 -tv180 = 696 -tv141 = 696 -__$ArrayPad$ = 704 -Obf$ = 752 -Block$ = 760 +T$10 = 136 +NotTaken$11 = 168 +Taken$12 = 248 +NotTaken$13 = 328 +Taken$14 = 408 +tv176 = 660 +tv141 = 660 +tv174 = 664 +tv139 = 664 +__$ArrayPad$ = 672 +Obf$ = 720 +Block$ = 728 ?dtor$3@?0??ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `ObfObfuscate'::`1'::dtor$3 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -2006,8 +1880,8 @@ Block$ = 760 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 8d b8 01 - 00 00 lea rcx, QWORD PTR Taken$15[rbp] + 00014 48 8d 8d 98 01 + 00 00 lea rcx, QWORD PTR Taken$14[rbp] 0001b e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 00020 48 83 c4 28 add rsp, 40 ; 00000028H 00024 5f pop rdi @@ -2022,19 +1896,18 @@ InstructionCount$ = 4 TargetCount$7 = 36 CurrentCount$8 = 68 NewBlockStart$9 = 104 -RealEnd$10 = 136 -T$11 = 168 -NotTaken$12 = 200 -Taken$13 = 280 -NotTaken$14 = 360 -Taken$15 = 440 -tv182 = 692 -tv143 = 692 -tv180 = 696 -tv141 = 696 -__$ArrayPad$ = 704 -Obf$ = 752 -Block$ = 760 +T$10 = 136 +NotTaken$11 = 168 +Taken$12 = 248 +NotTaken$13 = 328 +Taken$14 = 408 +tv176 = 660 +tv141 = 660 +tv174 = 664 +tv139 = 664 +__$ArrayPad$ = 672 +Obf$ = 720 +Block$ = 728 ?dtor$0@?0??ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `ObfObfuscate'::`1'::dtor$0 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -2042,8 +1915,8 @@ Block$ = 760 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 8d c8 00 - 00 00 lea rcx, QWORD PTR NotTaken$12[rbp] + 00014 48 8d 8d a8 00 + 00 00 lea rcx, QWORD PTR NotTaken$11[rbp] 0001b e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 00020 48 83 c4 28 add rsp, 40 ; 00000028H 00024 5f pop rdi @@ -2058,19 +1931,18 @@ InstructionCount$ = 4 TargetCount$7 = 36 CurrentCount$8 = 68 NewBlockStart$9 = 104 -RealEnd$10 = 136 -T$11 = 168 -NotTaken$12 = 200 -Taken$13 = 280 -NotTaken$14 = 360 -Taken$15 = 440 -tv182 = 692 -tv143 = 692 -tv180 = 696 -tv141 = 696 -__$ArrayPad$ = 704 -Obf$ = 752 -Block$ = 760 +T$10 = 136 +NotTaken$11 = 168 +Taken$12 = 248 +NotTaken$13 = 328 +Taken$14 = 408 +tv176 = 660 +tv141 = 660 +tv174 = 664 +tv139 = 664 +__$ArrayPad$ = 672 +Obf$ = 720 +Block$ = 728 ?dtor$1@?0??ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `ObfObfuscate'::`1'::dtor$1 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -2078,8 +1950,8 @@ Block$ = 760 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 8d 18 01 - 00 00 lea rcx, QWORD PTR Taken$13[rbp] + 00014 48 8d 8d f8 00 + 00 00 lea rcx, QWORD PTR Taken$12[rbp] 0001b e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 00020 48 83 c4 28 add rsp, 40 ; 00000028H 00024 5f pop rdi @@ -2094,19 +1966,18 @@ InstructionCount$ = 4 TargetCount$7 = 36 CurrentCount$8 = 68 NewBlockStart$9 = 104 -RealEnd$10 = 136 -T$11 = 168 -NotTaken$12 = 200 -Taken$13 = 280 -NotTaken$14 = 360 -Taken$15 = 440 -tv182 = 692 -tv143 = 692 -tv180 = 696 -tv141 = 696 -__$ArrayPad$ = 704 -Obf$ = 752 -Block$ = 760 +T$10 = 136 +NotTaken$11 = 168 +Taken$12 = 248 +NotTaken$13 = 328 +Taken$14 = 408 +tv176 = 660 +tv141 = 660 +tv174 = 664 +tv139 = 664 +__$ArrayPad$ = 672 +Obf$ = 720 +Block$ = 728 ?dtor$2@?0??ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `ObfObfuscate'::`1'::dtor$2 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -2114,8 +1985,8 @@ Block$ = 760 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 8d 68 01 - 00 00 lea rcx, QWORD PTR NotTaken$14[rbp] + 00014 48 8d 8d 48 01 + 00 00 lea rcx, QWORD PTR NotTaken$13[rbp] 0001b e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 00020 48 83 c4 28 add rsp, 40 ; 00000028H 00024 5f pop rdi @@ -2130,19 +2001,18 @@ InstructionCount$ = 4 TargetCount$7 = 36 CurrentCount$8 = 68 NewBlockStart$9 = 104 -RealEnd$10 = 136 -T$11 = 168 -NotTaken$12 = 200 -Taken$13 = 280 -NotTaken$14 = 360 -Taken$15 = 440 -tv182 = 692 -tv143 = 692 -tv180 = 696 -tv141 = 696 -__$ArrayPad$ = 704 -Obf$ = 752 -Block$ = 760 +T$10 = 136 +NotTaken$11 = 168 +Taken$12 = 248 +NotTaken$13 = 328 +Taken$14 = 408 +tv176 = 660 +tv141 = 660 +tv174 = 664 +tv139 = 664 +__$ArrayPad$ = 672 +Obf$ = 720 +Block$ = 728 ?dtor$3@?0??ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `ObfObfuscate'::`1'::dtor$3 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -2150,8 +2020,8 @@ Block$ = 760 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 8d b8 01 - 00 00 lea rcx, QWORD PTR Taken$15[rbp] + 00014 48 8d 8d 98 01 + 00 00 lea rcx, QWORD PTR Taken$14[rbp] 0001b e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 00020 48 83 c4 28 add rsp, 40 ; 00000028H 00024 5f pop rdi @@ -3789,195 +3659,6 @@ $LN3: wmemcpy ENDP _TEXT ENDS ; Function compile flags: /Odtp /RTCsu /ZI -; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt\stdio.h -; COMDAT printf -_TEXT SEGMENT -_Result$ = 4 -_ArgList$ = 40 -tv77 = 280 -tv75 = 288 -__$ArrayPad$ = 296 -_Format$ = 336 -printf PROC ; COMDAT - -; 956 : { - -$LN3: - 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx - 0000a 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8 - 0000f 4c 89 4c 24 20 mov QWORD PTR [rsp+32], r9 - 00014 55 push rbp - 00015 57 push rdi - 00016 48 81 ec 58 01 - 00 00 sub rsp, 344 ; 00000158H - 0001d 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] - 00022 48 8b fc mov rdi, rsp - 00025 b9 56 00 00 00 mov ecx, 86 ; 00000056H - 0002a b8 cc cc cc cc mov eax, -858993460 ; ccccccccH - 0002f f3 ab rep stosd - 00031 48 8b 8c 24 78 - 01 00 00 mov rcx, QWORD PTR [rsp+376] - 00039 48 8b 05 00 00 - 00 00 mov rax, QWORD PTR __security_cookie - 00040 48 33 c5 xor rax, rbp - 00043 48 89 85 28 01 - 00 00 mov QWORD PTR __$ArrayPad$[rbp], rax - 0004a 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:__6DFAE8B8_stdio@h - 00051 e8 00 00 00 00 call __CheckForDebuggerJustMyCode - -; 957 : int _Result; -; 958 : va_list _ArgList; -; 959 : __crt_va_start(_ArgList, _Format); - - 00056 48 8d 85 58 01 - 00 00 lea rax, QWORD PTR _Format$[rbp+8] - 0005d 48 89 45 28 mov QWORD PTR _ArgList$[rbp], rax - -; 960 : _Result = _vfprintf_l(stdout, _Format, NULL, _ArgList); - - 00061 48 8b 45 28 mov rax, QWORD PTR _ArgList$[rbp] - 00065 48 89 85 18 01 - 00 00 mov QWORD PTR tv77[rbp], rax - 0006c b9 01 00 00 00 mov ecx, 1 - 00071 ff 15 00 00 00 - 00 call QWORD PTR __imp___acrt_iob_func - 00077 48 89 85 20 01 - 00 00 mov QWORD PTR tv75[rbp], rax - 0007e 4c 8b 8d 18 01 - 00 00 mov r9, QWORD PTR tv77[rbp] - 00085 45 33 c0 xor r8d, r8d - 00088 48 8b 95 50 01 - 00 00 mov rdx, QWORD PTR _Format$[rbp] - 0008f 48 8b 8d 20 01 - 00 00 mov rcx, QWORD PTR tv75[rbp] - 00096 e8 00 00 00 00 call _vfprintf_l - 0009b 89 45 04 mov DWORD PTR _Result$[rbp], eax - -; 961 : __crt_va_end(_ArgList); - - 0009e 48 c7 45 28 00 - 00 00 00 mov QWORD PTR _ArgList$[rbp], 0 - -; 962 : return _Result; - - 000a6 8b 45 04 mov eax, DWORD PTR _Result$[rbp] - -; 963 : } - - 000a9 8b f8 mov edi, eax - 000ab 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] - 000af 48 8d 15 00 00 - 00 00 lea rdx, OFFSET FLAT:printf$rtcFrameData - 000b6 e8 00 00 00 00 call _RTC_CheckStackVars - 000bb 8b c7 mov eax, edi - 000bd 48 8b 8d 28 01 - 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] - 000c4 48 33 cd xor rcx, rbp - 000c7 e8 00 00 00 00 call __security_check_cookie - 000cc 48 8d a5 38 01 - 00 00 lea rsp, QWORD PTR [rbp+312] - 000d3 5f pop rdi - 000d4 5d pop rbp - 000d5 c3 ret 0 -printf ENDP -_TEXT ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt\stdio.h -; COMDAT _vfprintf_l -_TEXT SEGMENT -_Stream$ = 224 -_Format$ = 232 -_Locale$ = 240 -_ArgList$ = 248 -_vfprintf_l PROC ; COMDAT - -; 644 : { - -$LN3: - 00000 4c 89 4c 24 20 mov QWORD PTR [rsp+32], r9 - 00005 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8 - 0000a 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx - 0000f 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00014 55 push rbp - 00015 57 push rdi - 00016 48 81 ec f8 00 - 00 00 sub rsp, 248 ; 000000f8H - 0001d 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48] - 00022 48 8b fc mov rdi, rsp - 00025 b9 3e 00 00 00 mov ecx, 62 ; 0000003eH - 0002a b8 cc cc cc cc mov eax, -858993460 ; ccccccccH - 0002f f3 ab rep stosd - 00031 48 8b 8c 24 18 - 01 00 00 mov rcx, QWORD PTR [rsp+280] - 00039 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:__6DFAE8B8_stdio@h - 00040 e8 00 00 00 00 call __CheckForDebuggerJustMyCode - -; 645 : return __stdio_common_vfprintf(_CRT_INTERNAL_LOCAL_PRINTF_OPTIONS, _Stream, _Format, _Locale, _ArgList); - - 00045 e8 00 00 00 00 call __local_stdio_printf_options - 0004a 48 8b 8d f8 00 - 00 00 mov rcx, QWORD PTR _ArgList$[rbp] - 00051 48 89 4c 24 20 mov QWORD PTR [rsp+32], rcx - 00056 4c 8b 8d f0 00 - 00 00 mov r9, QWORD PTR _Locale$[rbp] - 0005d 4c 8b 85 e8 00 - 00 00 mov r8, QWORD PTR _Format$[rbp] - 00064 48 8b 95 e0 00 - 00 00 mov rdx, QWORD PTR _Stream$[rbp] - 0006b 48 8b 08 mov rcx, QWORD PTR [rax] - 0006e ff 15 00 00 00 - 00 call QWORD PTR __imp___stdio_common_vfprintf - -; 646 : } - - 00074 48 8d a5 c8 00 - 00 00 lea rsp, QWORD PTR [rbp+200] - 0007b 5f pop rdi - 0007c 5d pop rbp - 0007d c3 ret 0 -_vfprintf_l ENDP -_TEXT ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt\corecrt_stdio_config.h -; COMDAT __local_stdio_printf_options -_TEXT SEGMENT -__local_stdio_printf_options PROC ; COMDAT - -; 90 : { - -$LN3: - 00000 40 55 push rbp - 00002 57 push rdi - 00003 48 81 ec e8 00 - 00 00 sub rsp, 232 ; 000000e8H - 0000a 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] - 0000f 48 8b fc mov rdi, rsp - 00012 b9 3a 00 00 00 mov ecx, 58 ; 0000003aH - 00017 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH - 0001c f3 ab rep stosd - 0001e 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:__A2143F22_corecrt_stdio_config@h - 00025 e8 00 00 00 00 call __CheckForDebuggerJustMyCode - -; 91 : static unsigned __int64 _OptionsStorage; -; 92 : return &_OptionsStorage; - - 0002a 48 8d 05 00 00 - 00 00 lea rax, OFFSET FLAT:?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA ; `__local_stdio_printf_options'::`2'::_OptionsStorage - -; 93 : } - - 00031 48 8d a5 c8 00 - 00 00 lea rsp, QWORD PTR [rbp+200] - 00038 5f pop rdi - 00039 5d pop rbp - 0003a c3 ret 0 -__local_stdio_printf_options ENDP -_TEXT ENDS -; Function compile flags: /Odtp /RTCsu /ZI ; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Obfuscator.cpp ; COMDAT ?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z _TEXT SEGMENT