From 51b61d400b0324c06dd7bbc405b832a253004902 Mon Sep 17 00:00:00 2001 From: Iizerd Date: Sun, 31 Oct 2021 18:40:27 -0700 Subject: [PATCH] improved reassembly speed can now preemptively promote jmps to 32 bit so reassembly is faster --- CodeVirtualizer/Assembly.asm | 30 +- CodeVirtualizer/Code.h | 2 +- CodeVirtualizer/CodeVirtualizer.vcxproj | 5 +- .../CodeVirtualizer.vcxproj.filters | 31 +- CodeVirtualizer/Flags.cpp | 10 +- CodeVirtualizer/Jit.cpp | 117 +- CodeVirtualizer/Jit.h | 10 +- CodeVirtualizer/Jit2.cpp | 50 + CodeVirtualizer/Jit2.h | 28 + CodeVirtualizer/Main.cpp | 89 +- CodeVirtualizer/NativeCode.cpp | 86 +- CodeVirtualizer/NativeCode.h | 6 +- CodeVirtualizer/Obfuscator.cpp | 3 +- CodeVirtualizer/OpaqueBranching.cpp | 3 +- CodeVirtualizer/VMDefs.h | 18 + CodeVirtualizer/VirtualMachine.h | 11 + CodeVirtualizer/Windas.h | 1 + CodeVirtualizer/x64/Debug/Assembly.lst | 41 +- CodeVirtualizer/x64/Debug/Jit.cod | 3313 +++++------------ CodeVirtualizer/x64/Debug/Junk.cod | 1 + CodeVirtualizer/x64/Debug/Main.cod | 1099 ++++-- CodeVirtualizer/x64/Debug/NativeCode.cod | 1095 +++--- CodeVirtualizer/x64/Debug/Nop.cod | 1 + CodeVirtualizer/x64/Debug/Obfuscator.cod | 54 +- CodeVirtualizer/x64/Debug/OpaqueBranching.cod | 1 + CodeVirtualizer/x64/Debug/RipAndInst.cod | 1 + CodeVirtualizer/x64/Debug/RipMovInst.cod | 1 + CodeVirtualizer/x64/Debug/RipOrInst.cod | 1 + CodeVirtualizer/x64/Debug/RipXorInst.cod | 1 + CodeVirtualizer/x64/Debug/VirtualMachine.cod | 1 + CodeVirtualizer/x64/Debug/Virtualizer.cod | 1 + CodeVirtualizer/x64/Debug/VmCode.cod | 1 + CodeVirtualizer/x64/Debug/XedWrap.cod | 1 + 33 files changed, 2711 insertions(+), 3402 deletions(-) create mode 100644 CodeVirtualizer/Jit2.cpp create mode 100644 CodeVirtualizer/Jit2.h create mode 100644 CodeVirtualizer/VMDefs.h diff --git a/CodeVirtualizer/Assembly.asm b/CodeVirtualizer/Assembly.asm index 6bc72a9..71656cf 100644 --- a/CodeVirtualizer/Assembly.asm +++ b/CodeVirtualizer/Assembly.asm @@ -1,21 +1,19 @@ .CODE +;Machine structure +;REGISTER = Register file(32 8 byte registers) +;REGISTER = Instruction Pointer +;REGISTER = Handler Table +; -RetNum PROC - XOR EAX,EAX -ContinueLoop: - ADD RAX,1 - SUB RCX,1 - ADD RCX,1 - ADD RAX,2 - SUB RAX,2 - SUB RCX,1 - JNZ ContinueLoop - ret -RetNum ENDP - -NextFunction PROC - ret -NextFunction ENDP + +ViSx0 proc + +ViSx0 endp + + +ViZx0 proc + +ViZx0 endp END \ No newline at end of file diff --git a/CodeVirtualizer/Code.h b/CodeVirtualizer/Code.h index 99b57cb..5fe39ea 100644 --- a/CodeVirtualizer/Code.h +++ b/CodeVirtualizer/Code.h @@ -9,6 +9,6 @@ #define CODE_FLAG_GROUP_END (1<<5) #define CODE_FLAG_HAS_ASM_OP (1<<6) //Call all of the pre assembly operations #define CODE_FLAG_IS_RIP_REL (1<<7) //Figure out how to deal with this... - +#define CODE_FLAG_DOESNT_READ_FLAGS (1<<8) #endif \ No newline at end of file diff --git a/CodeVirtualizer/CodeVirtualizer.vcxproj b/CodeVirtualizer/CodeVirtualizer.vcxproj index 4a26dd0..e79c987 100644 --- a/CodeVirtualizer/CodeVirtualizer.vcxproj +++ b/CodeVirtualizer/CodeVirtualizer.vcxproj @@ -138,7 +138,7 @@ - Level3 + Level1 true true true @@ -160,6 +160,7 @@ + @@ -180,6 +181,7 @@ + @@ -192,6 +194,7 @@ + diff --git a/CodeVirtualizer/CodeVirtualizer.vcxproj.filters b/CodeVirtualizer/CodeVirtualizer.vcxproj.filters index b08ce5f..bf20acb 100644 --- a/CodeVirtualizer/CodeVirtualizer.vcxproj.filters +++ b/CodeVirtualizer/CodeVirtualizer.vcxproj.filters @@ -17,9 +17,6 @@ Virtualizer - - VirtualMachine - Obfuscator\Jit\RipXorInst @@ -53,6 +50,15 @@ Obfuscator\Flags + + Virtualizer\VM + + + Virtualizer\VM + + + Obfuscator\Jit + @@ -68,9 +74,6 @@ Virtualizer - - VirtualMachine - Obfuscator\Jit\RipXorInst @@ -104,6 +107,12 @@ Obfuscator\Flags + + Virtualizer\VM + + + Obfuscator\Jit + @@ -115,9 +124,6 @@ {f74192e7-2064-44d2-983c-fac92f468c0a} - - {d784ddc8-2452-41ff-bc20-582ec03b3eb5} - {cc5b78db-cdf7-4b83-9652-2722cbdec89e} @@ -154,8 +160,13 @@ {296c0b55-edbb-45ab-b946-ec83e5441678} + + {28de0895-3bf5-45ef-8293-92032c466572} + - + + Virtualizer + \ No newline at end of file diff --git a/CodeVirtualizer/Flags.cpp b/CodeVirtualizer/Flags.cpp index e301232..5b54539 100644 --- a/CodeVirtualizer/Flags.cpp +++ b/CodeVirtualizer/Flags.cpp @@ -33,10 +33,14 @@ BOOL FlgAreFlagsClobbered(PNATIVE_CODE_LINK Inst, PNATIVE_CODE_LINK Stop) continue; CONST XED_SIMPLE_FLAG* InstFlags = XedDecodedInstGetRflagsInfo(&T->XedInstruction); - CONST XED_FLAG_SET* FlagsRead = XedSimpleFlagGetReadFlagSet(InstFlags); - if (FlagsRead->flat & Ledger.flat) - return FALSE; + if (!(T->Flags & CODE_FLAG_DOESNT_READ_FLAGS)) + { + CONST XED_FLAG_SET* FlagsRead = XedSimpleFlagGetReadFlagSet(InstFlags); + + if (FlagsRead->flat & Ledger.flat) + return FALSE; + } CONST XED_FLAG_SET* FlagsWritten = XedSimpleFlagGetWrittenFlagSet(InstFlags); CONST XED_FLAG_SET* FlagsUndefined = XedSimpleFlagGetUndefinedFlagSet(InstFlags); diff --git a/CodeVirtualizer/Jit.cpp b/CodeVirtualizer/Jit.cpp index 335a5ef..e6fc19f 100644 --- a/CodeVirtualizer/Jit.cpp +++ b/CodeVirtualizer/Jit.cpp @@ -6,102 +6,29 @@ #include "RipMovInst.h" - -BOOL JitCheckFlagCollisions(CONST XED_FLAG_SET* FlagsRead, XED_FLAG_SET Ledger) -{ - return ((FlagsRead->s.zf && FlagsRead->s.zf == Ledger.s.zf) || - (FlagsRead->s.sf && FlagsRead->s.sf == Ledger.s.sf) || - (FlagsRead->s.pf && FlagsRead->s.pf == Ledger.s.pf) || - (FlagsRead->s.of && FlagsRead->s.of == Ledger.s.of) || - (FlagsRead->s.cf && FlagsRead->s.cf == Ledger.s.cf) || - (FlagsRead->s.af && FlagsRead->s.af == Ledger.s.af) - ); -} - -VOID JitUpdateConFlagsLedger(CONST XED_FLAG_SET* FlagsWritten, XED_FLAG_SET* Ledger) -{ - if (FlagsWritten->s.zf) - Ledger->s.zf = FALSE; - if (FlagsWritten->s.sf) - Ledger->s.sf = FALSE; - if (FlagsWritten->s.pf) - Ledger->s.pf = FALSE; - if (FlagsWritten->s.of) - Ledger->s.of = FALSE; - if (FlagsWritten->s.cf) - Ledger->s.cf = FALSE; - if (FlagsWritten->s.af) - Ledger->s.af = FALSE; -} - -BOOL JitDoesInstOverriteConditionFlags(PNATIVE_CODE_LINK Link) -{ - CONST XED_SIMPLE_FLAG* SimpleFlags = XedDecodedInstGetRflagsInfo(&Link->XedInstruction); - CONST XED_FLAG_SET* FlagsWritten = XedSimpleFlagGetWrittenFlagSet(SimpleFlags); - CONST XED_FLAG_SET* FlagsUndefined = XedSimpleFlagGetUndefinedFlagSet(SimpleFlags); - - return (FlagsWritten->s.zf && - FlagsWritten->s.sf && - FlagsWritten->s.pf && - FlagsWritten->s.of && - FlagsWritten->s.cf && - FlagsUndefined->s.af - ); -} - -BOOL JitAreFlagsClobberedBeforeUse(PNATIVE_CODE_LINK Link) -{ - XED_FLAG_SET Ledger; - Ledger.s.zf = TRUE; - Ledger.s.sf = TRUE; - Ledger.s.pf = TRUE; - Ledger.s.of = TRUE; - Ledger.s.cf = TRUE; - Ledger.s.af = TRUE; - - for (PNATIVE_CODE_LINK T = Link->Next; T; T = T->Next) - { - if (T->Flags & CODE_FLAG_IS_LABEL) - continue; - - CONST XED_SIMPLE_FLAG* SimpleFlags = XedDecodedInstGetRflagsInfo(&T->XedInstruction); - CONST XED_FLAG_SET* FlagsRead = XedSimpleFlagGetReadFlagSet(SimpleFlags); - CONST XED_FLAG_SET* FlagsWritten = XedSimpleFlagGetWrittenFlagSet(SimpleFlags); - - if (JitCheckFlagCollisions(FlagsRead, Ledger)) - return FALSE; - - JitUpdateConFlagsLedger(FlagsWritten, &Ledger); - - if (Ledger.flat == 0) - return TRUE; - } - return FALSE; -} - -VOID JitMutateInstForXor(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA JitData) +BOOL JitMutateInstForXor(PNATIVE_CODE_LINK Link, PUCHAR ToMutate, PJIT_BITWISE_DATA JitData) { ULONG FourByte = Link->RawDataSize / 4; ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); - PUCHAR Buffer = Link->RawData; while (FourByte) { - *(PULONG)Buffer ^= JitData->Data[2 - FourByte]; - Buffer += 4; + *(PULONG)ToMutate ^= JitData->Data[2 - FourByte]; + ToMutate += 4; FourByte--; } if (TwoByte) { - *(PUSHORT)Buffer ^= (USHORT)JitData->Data[3]; - Buffer += 2; + *(PUSHORT)ToMutate ^= (USHORT)JitData->Data[3]; + ToMutate += 2; } if (OneByte) - *(PUCHAR)Buffer ^= (UCHAR)JitData->Data[3]; + *(PUCHAR)ToMutate ^= (UCHAR)JitData->Data[3]; + return TRUE; } VOID JitMutateInstForOr(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA JitData) @@ -286,8 +213,12 @@ PNATIVE_CODE_BLOCK JitEmitPreRipBitwiseOp(PNATIVE_CODE_LINK Link, PJIT_BITWISE_D if (!Block) return NULL; - if (SaveFlags) - NcAppendToBlock(Block, FlgEmitPushfqInst()); + if (SaveFlags) + { + PNATIVE_CODE_LINK PushF = FlgEmitPushfqInst(); + PushF->Flags |= CODE_FLAG_DO_NOT_DIVIDE; + NcAppendToBlock(Block, PushF); + } ULONG Count = FourByte; while (Count) @@ -337,7 +268,11 @@ PNATIVE_CODE_BLOCK JitEmitPreRipBitwiseOp(PNATIVE_CODE_LINK Link, PJIT_BITWISE_D } if (SaveFlags) - NcAppendToBlock(Block, FlgEmitPopfqInst()); + { + PNATIVE_CODE_LINK PopF = FlgEmitPopfqInst(); + PopF->Flags |= CODE_FLAG_DO_NOT_DIVIDE; + NcAppendToBlock(Block, PopF); + } return Block; } @@ -352,8 +287,12 @@ PNATIVE_CODE_BLOCK JitEmitPostRipBitwiseOp(PNATIVE_CODE_LINK Link, PJIT_BITWISE_ if (!Block) return NULL; - if (SaveFlags) - NcAppendToBlock(Block, FlgEmitPushfqInst()); + if (SaveFlags) + { + PNATIVE_CODE_LINK PushF = FlgEmitPushfqInst(); + PushF->Flags |= CODE_FLAG_DO_NOT_DIVIDE; + NcAppendToBlock(Block, PushF); + } ULONG Count = FourByte; while (Count) @@ -408,8 +347,12 @@ PNATIVE_CODE_BLOCK JitEmitPostRipBitwiseOp(PNATIVE_CODE_LINK Link, PJIT_BITWISE_ } } - if (SaveFlags) - NcAppendToBlock(Block, FlgEmitPopfqInst()); + if (SaveFlags) + { + PNATIVE_CODE_LINK PopF = FlgEmitPopfqInst(); + PopF->Flags |= CODE_FLAG_DO_NOT_DIVIDE; + NcAppendToBlock(Block, PopF); + } return Block; } diff --git a/CodeVirtualizer/Jit.h b/CodeVirtualizer/Jit.h index 4b35d7a..14f22a2 100644 --- a/CodeVirtualizer/Jit.h +++ b/CodeVirtualizer/Jit.h @@ -22,15 +22,7 @@ typedef struct _JIT_BITWISE_DATA ULONG Data[5]; }JIT_BITWISE_DATA, *PJIT_BITWISE_DATA; -BOOL JitCheckFlagCollisions(CONST XED_FLAG_SET* FlagsRead, XED_FLAG_SET Ledger); - -VOID JitUpdateConFlagsLedger(CONST XED_FLAG_SET* FlagsWritten, XED_FLAG_SET* Ledger); - -BOOL JitDoesInstOverriteConditionFlags(PNATIVE_CODE_LINK Link); - -BOOL JitAreFlagsClobberedBeforeUse(PNATIVE_CODE_LINK Link); - -VOID JitMutateInstForXor(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA JitData); +BOOL JitMutateInstForXor(PNATIVE_CODE_LINK Link, PUCHAR ToMutate, PJIT_BITWISE_DATA JitData); VOID JitMutateInstForOr(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA JitData); diff --git a/CodeVirtualizer/Jit2.cpp b/CodeVirtualizer/Jit2.cpp new file mode 100644 index 0000000..0382550 --- /dev/null +++ b/CodeVirtualizer/Jit2.cpp @@ -0,0 +1,50 @@ +#include "Jit2.h" + + +PNATIVE_CODE_LINK JitEmitDwordOp(); + +BOOL JitMutateInstruction(PNATIVE_CODE_LINK Link, PUCHAR ToMutate, PJIT_MUTATE_DATA JitData) +{ + ULONG FourByte = Link->RawDataSize / 4; + ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; + ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); + + switch (JitData->Operation) + { + case JIT_XOR: + { + + break; + } + case JIT_OR: + { + + break; + } + case JIT_AND: + { + + break; + } + case JIT_MOV: + { + for (ULONG i = 0; i < Link->RawDataSize; i++) + ToMutate[i] = (rand() % 255); + break; + } + } + return TRUE; +} + + +PNATIVE_CODE_BLOCK JitEmitPreOp(PNATIVE_CODE_LINK Link, PJIT_MUTATE_DATA Data, UCHAR OpType, BOOL SaveFlags, INT32 Delta) +{ + return NULL; +} + +PNATIVE_CODE_BLOCK JitEmitPostOp(PNATIVE_CODE_LINK Link, PJIT_MUTATE_DATA Data, UCHAR OpType, BOOL SaveFlags, INT32 Delta) +{ + return NULL; +} + + diff --git a/CodeVirtualizer/Jit2.h b/CodeVirtualizer/Jit2.h new file mode 100644 index 0000000..802614b --- /dev/null +++ b/CodeVirtualizer/Jit2.h @@ -0,0 +1,28 @@ +#ifndef __JIT2_H +#define __JIT2_H + +#include "Windas.h" +#include "XedWrap.h" +#include "NativeCode.h" + +#define JIT_XOR 0 +#define JIT_OR 1 +#define JIT_AND 2 +#define JIT_MOV 3 + +typedef struct _JIT_MUTATE_DATA +{ + ULONG Part1[3]; + USHORT Part2; + UCHAR Part3; + UCHAR Operation; +}JIT_MUTATE_DATA, *PJIT_MUTATE_DATA; + + +BOOL JitMutateInstruction(PNATIVE_CODE_LINK Link, PUCHAR ToMutate, PJIT_MUTATE_DATA JitData); + +PNATIVE_CODE_BLOCK JitEmitPreOp(PNATIVE_CODE_LINK Link, PJIT_MUTATE_DATA Data, UCHAR OpType, BOOL SaveFlags = FALSE, INT32 Delta = 0); + +PNATIVE_CODE_BLOCK JitEmitPostOp(PNATIVE_CODE_LINK Link, PJIT_MUTATE_DATA Data, UCHAR OpType, BOOL SaveFlags = FALSE, INT32 Delta = 0); + +#endif \ No newline at end of file diff --git a/CodeVirtualizer/Main.cpp b/CodeVirtualizer/Main.cpp index bc4093b..a7c511c 100644 --- a/CodeVirtualizer/Main.cpp +++ b/CodeVirtualizer/Main.cpp @@ -20,8 +20,12 @@ PVOID MakeExecutableBuffer(PVOID Buffer, ULONG BufferSize) { PVOID ExecBuffer = VirtualAlloc(nullptr, BufferSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (!ExecBuffer) + { + printf("allocate failed.\n"); return NULL; + } RtlCopyMemory(ExecBuffer, Buffer, BufferSize); + return ExecBuffer; } VOID PutToFile(PVOID Buffer, ULONG BufferSize) @@ -34,6 +38,28 @@ VOID PutToFile(PVOID Buffer, ULONG BufferSize) fout.close(); } +ULONG64 TestShelcode(ULONG64 v1, ULONG64 v2, ULONG64 v3, ULONG64 v4) +{ + if (v4 == 0) + v4 = 2; + + ULONG64 Value = 1; + for (int i = 1; i <= v1; i++) + { + Value *= i; + Value += v3; + Value /= v4; + for (int i = 1; i <= v4; i++) + Value += v2 = i; + } + return Value; +} + +ULONG64 Nextfunction(ULONG64 v1) +{ + return v1 + 1; +} + UCHAR TestBuffer[] = { 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, @@ -85,39 +111,59 @@ UCHAR RetNumCode[] = { , 0xC3 }; +UCHAR IsEvenCode[]{ + 0xF6, 0xC1, 0x01, + 0x75, 0x05, + 0x66, 0xB8, 0x01, 0x00, + 0xC3, + 0x33, 0xC0, + 0xC3, +}; -EXTERN_C ULONG64 RetNum(ULONG64 Num); +//EXTERN_C ULONG64 RetNum(ULONG64 Num); +//EXTERN_C BOOL IsEven(ULONG64 Num); int main() { XedTablesInit(); srand(time(NULL)); + //ULONG Delta = (*((PULONG)((PUCHAR)TestShelcode + 1))) + 5; + //printf("Delta: %X\n", Delta); + PVOID ActualFunction = TestShelcode; // (PVOID)((ULONG64)TestShelcode + Delta); - //system("pause"); + printf("%llu %llu %llu %llu\n", TestShelcode(1, 2, 3, 4), TestShelcode(20, 20, 20, 4), TestShelcode(50, 50, 50, 0), Nextfunction(12)); + system("pause"); + + PUCHAR MemeBlock = new UCHAR[110]; + memcpy(MemeBlock, ActualFunction, 110); + + PrintByteArr(MemeBlock, 110); + system("pause"); NATIVE_CODE_BLOCK RetNumBlock; - NcDisassemble(&RetNumBlock, RetNumCode, sizeof(RetNumCode)); + //NcDisassemble(&RetNumBlock, RetNumCode, sizeof(RetNumCode)); + NcDisassemble(&RetNumBlock, MemeBlock, 110); + if (!NcPromoteAllRelJmpTo32(&RetNumBlock)) + { + printf("failed to promote all jmps.\n"); + } OPBR_SETS Obf; Obf.Flags = 0; Obf.ParentBlock = &RetNumBlock; Obf.Divisor = 1.3F; Obf.MaxDepth = 10; - Obf.MinBranchSize = 1; - Obf.ChanceForBranch = 50; + Obf.MinBranchSize = 5; + Obf.ChanceForBranch = 100; Obf.MinDepthForBranch = 0; ObfGenerateOpaqueBranches(&Obf, &RetNumBlock); INSTMUT_SETS Obf2; Obf2.MutateChance = 100; ObfMutateInstructions(&Obf2, &RetNumBlock); - - Obf.MinBranchSize = 27; - ObfGenerateOpaqueBranches(&Obf, &RetNumBlock); - /*Obf.MinBranchSize = 27; + Obf.MinBranchSize = 100; + printf("Size = %u\n", NcCountInstructions(&RetNumBlock, TRUE)); ObfGenerateOpaqueBranches(&Obf, &RetNumBlock); - Obf.MinBranchSize = 27; - ObfGenerateOpaqueBranches(&Obf, &RetNumBlock);*/ - //NcDebugPrint(&RetNumBlock); + printf("Assembling %u %u", NcCountInstructions(&RetNumBlock), NcCalcBlockSizeInBytes(&RetNumBlock)); ULONG AsmSize; PVOID Asm = NcAssemble(&RetNumBlock, &AsmSize); if (!Asm) @@ -129,11 +175,24 @@ int main() PutToFile(Asm, AsmSize); system("pause"); - PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); + typedef ULONG64(*FnTestShelcode)(ULONG64, ULONG64, ULONG64, ULONG64); + PVOID Exec = NULL; + Exec = MakeExecutableBuffer(Asm, AsmSize); + if (!Exec) + { + printf("Failed to make buffer\n"); + return 1; + } + printf("%llu %llu %llu %llu\n", ((FnTestShelcode)Exec)(1, 2, 3, 4), ((FnTestShelcode)Exec)(20, 20, 20, 4), ((FnTestShelcode)Exec)(50, 50, 50, 0), Nextfunction(12)); + + + + /*PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); typedef ULONG64(*FnRetNum)(ULONG Num); - printf("\n\nSize: %u Obfuscated: %llu Original: %llu\n\n", NcCountInstructions(&RetNumBlock), ((FnRetNum)Exec)(1776), RetNum(1776)); + + printf("\n\nSize: %u Obfuscated: %llu Original: %llu\n\n", NcCountInstructions(&RetNumBlock), ((FnRetNum)Exec)(1776), ((FnRetNum)Exec)(1776)); NcDeleteBlock(&RetNumBlock); - system("pause"); + system("pause");*/ /*NATIVE_CODE_BLOCK Block; diff --git a/CodeVirtualizer/NativeCode.cpp b/CodeVirtualizer/NativeCode.cpp index 87a5299..69c4d64 100644 --- a/CodeVirtualizer/NativeCode.cpp +++ b/CodeVirtualizer/NativeCode.cpp @@ -253,6 +253,7 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block) INT32 BranchDisplacement = XedDecodedInstGetBranchDisplacement(&T->XedInstruction); PNATIVE_CODE_LINK JmpPos = NcValidateJmp(T, BranchDisplacement); + printf("Ended.\n"); if (!JmpPos) { printf("Failed to validate jump. Type: %s, Displacement: %d\n", XedCategoryEnumToString(Category), BranchDisplacement); @@ -277,15 +278,15 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block) PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta) { + printf("Started.\n"); PNATIVE_CODE_LINK T; if (Delta > 0) { T = Jmp->Next; while (Delta > 0 && T) { - if (T->Flags & CODE_FLAG_IS_LABEL) - continue; - Delta -= XedDecodedInstGetLength(&T->XedInstruction); + if (!(T->Flags & CODE_FLAG_IS_LABEL)) + Delta -= XedDecodedInstGetLength(&T->XedInstruction); T = T->Next; } if (Delta != 0 || !T) @@ -299,11 +300,12 @@ PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta) T = Jmp; while (T) { - if (T->Flags & CODE_FLAG_IS_LABEL) - continue; - Delta += XedDecodedInstGetLength(&T->XedInstruction); - if (Delta >= 0) - break; + if (!(T->Flags & CODE_FLAG_IS_LABEL)) + { + Delta += XedDecodedInstGetLength(&T->XedInstruction); + if (Delta >= 0) + break; + } T = T->Prev; } if (Delta != 0 || !T) @@ -312,7 +314,7 @@ PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta) T = T->Next; return T; } - return Jmp; + return Jmp->Next; } PNATIVE_CODE_LINK NcDeepCopyLink(PNATIVE_CODE_LINK Link) @@ -373,6 +375,58 @@ BOOL NcDeepCopyBlock(PNATIVE_CODE_BLOCK Block, PNATIVE_CODE_BLOCK BlockCopy) return NcDeepCopyPartialBlock(Block->Start, Block->End, BlockCopy); } +BOOL NcPromoteRelJmpTo32(PNATIVE_CODE_LINK Link) +{ + ULONG OldSize = Link->RawDataSize; + if (XedDecodedInstGetBranchDisplacementWidth(&Link->XedInstruction) == 32) + return TRUE; + + XED_STATE MachineState; + MachineState.mmode = XED_MACHINE_MODE_LONG_64; + MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b; + XED_ENCODER_INSTRUCTION EncoderInstruction; + XED_ENCODER_REQUEST EncoderRequest; + UCHAR EncodeBuffer[15]; + UINT ReturnedSize; + XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&Link->XedInstruction); + + //Do the encoding + XedInst1(&EncoderInstruction, MachineState, IClass, 32, XedRelBr(0, 32)); + XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState); + if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction)) + return FALSE; + + XED_ERROR_ENUM Err = XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize); + if (XED_ERROR_NONE != Err) + return FALSE; + + //fixup T->RawData + delete[] Link->RawData; + Link->RawDataSize = ReturnedSize; + Link->RawData = new UCHAR[ReturnedSize]; + RtlCopyMemory(Link->RawData, EncodeBuffer, ReturnedSize); + + //Decode instruction so its proper and all that + XedDecodedInstZeroSetMode(&Link->XedInstruction, &MachineState); + if (XED_ERROR_NONE != XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize)) + return FALSE; + + return TRUE; +} + +BOOL NcPromoteAllRelJmpTo32(PNATIVE_CODE_BLOCK Block) +{ + for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) + { + if (T->Flags & CODE_FLAG_IS_REL_JMP) + { + if (!NcPromoteRelJmpTo32(T)) + return FALSE; + } + } + return TRUE; +} + BOOL NcGetDeltaToLabel(PNATIVE_CODE_LINK Link, PINT32 DeltaOut) { INT32 Delta = 0; @@ -426,19 +480,6 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block) if (DispWidth == 32) return FALSE; - ////Grow displacement width to required size - //DispWidth *= 2; - - ////Check again - //if (log2(abs(BranchDisp)) + 1 > DispWidth) - //{ - // if (DispWidth == 32) - // return FALSE; - - // //Grow once more if not already at 32 - // DispWidth *= 2; - //} - DispWidth = 32; //Encode new instruction @@ -548,6 +589,7 @@ PVOID NcAssemble(PNATIVE_CODE_BLOCK Block, PULONG OutSize) Op.first(T, BufferOffset, Op.second); } BufferOffset += T->RawDataSize; + } return Buffer; diff --git a/CodeVirtualizer/NativeCode.h b/CodeVirtualizer/NativeCode.h index 6a730e8..26616ab 100644 --- a/CodeVirtualizer/NativeCode.h +++ b/CodeVirtualizer/NativeCode.h @@ -20,7 +20,7 @@ typedef struct _NATIVE_CODE_LINK PUCHAR RawData; ULONG RawDataSize; XED_DECODED_INST XedInstruction; - STDVECTOR> AsmOperations; + STDVECTOR> AsmOperations; _NATIVE_CODE_LINK(); _NATIVE_CODE_LINK(ULONG LabelId, _NATIVE_CODE_BLOCK* B); _NATIVE_CODE_LINK(ULONG F, PVOID Rd, ULONG Rds, BOOL Decode = FALSE); @@ -69,6 +69,10 @@ BOOL NcDeepCopyPartialBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End, PNAT BOOL NcDeepCopyBlock(PNATIVE_CODE_BLOCK Block, PNATIVE_CODE_BLOCK BlockCopy); +BOOL NcPromoteRelJmpTo32(PNATIVE_CODE_LINK Link); + +BOOL NcPromoteAllRelJmpTo32(PNATIVE_CODE_BLOCK Block); + BOOL NcGetDeltaToLabel(PNATIVE_CODE_LINK Link, PINT32 DeltaOut); BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block); diff --git a/CodeVirtualizer/Obfuscator.cpp b/CodeVirtualizer/Obfuscator.cpp index a52f241..a734606 100644 --- a/CodeVirtualizer/Obfuscator.cpp +++ b/CodeVirtualizer/Obfuscator.cpp @@ -14,7 +14,7 @@ VOID ObfGenerateOpaqueBranches(POPBR_SETS Obf, PNATIVE_CODE_BLOCK Block, ULONG D return; ULONG InstructionCount = NcCountInstructions(Block, TRUE); - if (InstructionCount > Obf->MinBranchSize) + if (InstructionCount >= Obf->MinBranchSize) { ULONG TargetCount = (ULONG)((FLOAT)InstructionCount / Obf->Divisor); ULONG CurrentCount = 0; @@ -94,6 +94,7 @@ VOID ObfMutateInstructions(PINSTMUT_SETS Obf, PNATIVE_CODE_BLOCK Block) { PNATIVE_CODE_BLOCK PreOp = JitEmitPreRipMov(T); PNATIVE_CODE_BLOCK PostOp = JitEmitPostRipMov(T); + PreOp->Start->Flags |= CODE_FLAG_GROUP_START; PostOp->End->Flags |= CODE_FLAG_GROUP_END; T->Flags |= CODE_FLAG_DO_NOT_DIVIDE; diff --git a/CodeVirtualizer/OpaqueBranching.cpp b/CodeVirtualizer/OpaqueBranching.cpp index 42a071c..deb4b74 100644 --- a/CodeVirtualizer/OpaqueBranching.cpp +++ b/CodeVirtualizer/OpaqueBranching.cpp @@ -140,4 +140,5 @@ BOOL ObfInsertOpaqueBranchBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End, T = RealNext; } return TRUE; -} \ No newline at end of file +} + diff --git a/CodeVirtualizer/VMDefs.h b/CodeVirtualizer/VMDefs.h new file mode 100644 index 0000000..b8904b6 --- /dev/null +++ b/CodeVirtualizer/VMDefs.h @@ -0,0 +1,18 @@ +#ifndef __VMDEFS_H +#define __VMDEFS_H + + +enum VM_ICLASS_ENUM : UCHAR +{ + VM_ICLASS_ENTER, + VM_ICLASS_EXIT, + VM_ICLASS_MOV, + VM_ICLASS_SX, + VM_ICLASS_ZX, + VM_ICLASS_ADD, + VM_ICLASS_SUB, + VM_ICLASS_MUL, + VM_ICLASS_DIV, +}; + +#endif \ No newline at end of file diff --git a/CodeVirtualizer/VirtualMachine.h b/CodeVirtualizer/VirtualMachine.h index 92d4369..7dcf5f3 100644 --- a/CodeVirtualizer/VirtualMachine.h +++ b/CodeVirtualizer/VirtualMachine.h @@ -3,12 +3,18 @@ #include "Windas.h" #include "XedWrap.h" +#include "VMDefs.h" typedef struct _VM_DATA { PVOID RegisterFile[32]; }VM_DATA, *PVM_DATA; +typedef struct _VM_EMITTER +{ + +}VM_EMITTER, *PVM_EMITTER; + /* * VmEnter: * Move all x86 8 byte registers into storage inside of VM_DATA structure. @@ -18,4 +24,9 @@ typedef struct _VM_DATA PUCHAR VmEmitVmEnter(PULONG Size); PUCHAR VmEmitVmExit(PULONG Size); +PUCHAR VmEmitMove(); + +PUCHAR VmEmitSignExtend(PVM_EMITTER Emitter, UCHAR StartSize, UCHAR FinalSize, PULONG Size); +PUCHAR VmEmitZeroExtend(PVM_EMITTER Emitter, UCHAR StartSize, UCHAR FinalSize, PULONG Size); + #endif \ No newline at end of file diff --git a/CodeVirtualizer/Windas.h b/CodeVirtualizer/Windas.h index 68b21e7..ee185c9 100644 --- a/CodeVirtualizer/Windas.h +++ b/CodeVirtualizer/Windas.h @@ -6,6 +6,7 @@ #include #include #include +#include #define INLINE inline #define STDSTRING std::string diff --git a/CodeVirtualizer/x64/Debug/Assembly.lst b/CodeVirtualizer/x64/Debug/Assembly.lst index cb9a350..af01c20 100644 --- a/CodeVirtualizer/x64/Debug/Assembly.lst +++ b/CodeVirtualizer/x64/Debug/Assembly.lst @@ -1,47 +1,38 @@ -Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/26/21 20:35:01 +Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/30/21 17:19:32 Assembly.asm Page 1 - 1 00000000 .CODE + ;Machine structure + ;REGISTER = Register file(32 8 byte registers) + ;REGISTER = Instruction Pointer + ;REGISTER = Handler Table + ; - 00000000 RetNum PROC - 00000000 33 C0 XOR EAX,EAX - 00000002 ContinueLoop: - 00000002 48/ 83 C0 01 ADD RAX,1 - 00000006 48/ 83 E9 01 SUB RCX,1 - 0000000A 48/ 83 C1 01 ADD RCX,1 - 0000000E 48/ 83 C0 02 ADD RAX,2 - 00000012 48/ 83 E8 02 SUB RAX,2 - 00000016 48/ 83 E9 01 SUB RCX,1 - 0000001A 75 E6 JNZ ContinueLoop - 0000001C C3 ret - 0000001D RetNum ENDP - 0000001D NextFunction PROC - 0000001D C3 ret - 0000001E NextFunction ENDP + 00000000 ViSx0 proc - END - Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/26/21 20:35:01 -Assembly.asm Symbols 2 - 1 + 00000000 ViSx0 endp + 00000000 ViZx0 proc + 00000000 ViZx0 endp -Procedures, parameters, and locals: + END + Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/30/21 17:19:32 +Assembly.asm Symbols 2 - 1 - N a m e Type Value Attr -NextFunction . . . . . . . . . . P 0000001D _TEXT Length= 00000001 Public -RetNum . . . . . . . . . . . . . P 00000000 _TEXT Length= 0000001D Public - ContinueLoop . . . . . . . . . L 00000002 _TEXT -Symbols: +Procedures, parameters, and locals: N a m e Type Value Attr +ViSx0 . . . . . . . . . . . . . P 00000000 _TEXT Length= 00000000 Public +ViZx0 . . . . . . . . . . . . . P 00000000 _TEXT Length= 00000000 Public 0 Warnings 0 Errors diff --git a/CodeVirtualizer/x64/Debug/Jit.cod b/CodeVirtualizer/x64/Debug/Jit.cod index aacb141..68501cc 100644 --- a/CodeVirtualizer/x64/Debug/Jit.cod +++ b/CodeVirtualizer/x64/Debug/Jit.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H @@ -105,13 +106,7 @@ PUBLIC ?_Getal@?$vector@KV?$allocator@K@std@@@std@@AEAAAEAV?$allocator@K@2@XZ ; PUBLIC ?_Get_first@?$_Compressed_pair@V?$allocator@K@std@@V?$_Vector_val@U?$_Simple_types@K@std@@@2@$00@std@@QEAAAEAV?$allocator@K@2@XZ ; std::_Compressed_pair,std::_Vector_val >,1>::_Get_first PUBLIC ??1_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::~_NATIVE_CODE_BLOCK PUBLIC ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z ; _NATIVE_CODE_BLOCK::`scalar deleting destructor' -PUBLIC ?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ; JitEmitPushfqInst -PUBLIC ?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ; JitEmitPopfqInst -PUBLIC ?JitCheckFlagCollisions@@YAHPEBTxed_flag_set_s@@T1@@Z ; JitCheckFlagCollisions -PUBLIC ?JitUpdateConFlagsLedger@@YAXPEBTxed_flag_set_s@@PEAT1@@Z ; JitUpdateConFlagsLedger -PUBLIC ?JitDoesInstOverriteConditionFlags@@YAHPEAU_NATIVE_CODE_LINK@@@Z ; JitDoesInstOverriteConditionFlags -PUBLIC ?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z ; JitAreFlagsClobberedBeforeUse -PUBLIC ?JitMutateInstForXor@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z ; JitMutateInstForXor +PUBLIC ?JitMutateInstForXor@@YAHPEAU_NATIVE_CODE_LINK@@PEAEPEAU_JIT_BITWISE_DATA@@@Z ; JitMutateInstForXor PUBLIC ?JitMutateInstForOr@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z ; JitMutateInstForOr PUBLIC ?JitMutateInstForAnd@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z ; JitMutateInstForAnd PUBLIC ?JitEmitPreRipMov@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@H@Z ; JitEmitPreRipMov @@ -159,17 +154,13 @@ EXTRN __imp_?_Getdays@_Locinfo@std@@QEBAPEBDXZ:PROC EXTRN __imp_?_Getmonths@_Locinfo@std@@QEBAPEBDXZ:PROC EXTRN __imp_?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ:PROC EXTRN __imp_?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ:PROC -EXTRN xed_simple_flag_get_read_flag_set:PROC -EXTRN xed_simple_flag_get_written_flag_set:PROC -EXTRN xed_simple_flag_get_undefined_flag_set:PROC -EXTRN xed_decode:PROC -EXTRN xed_decoded_inst_get_rflags_info:PROC EXTRN ??0_NATIVE_CODE_LINK@@QEAA@XZ:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK -EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK EXTRN ??1_NATIVE_CODE_LINK@@QEAA@XZ:PROC ; _NATIVE_CODE_LINK::~_NATIVE_CODE_LINK EXTRN ??0_NATIVE_CODE_BLOCK@@QEAA@XZ:PROC ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK EXTRN ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z:PROC ; NcAppendToBlock EXTRN ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; NcDeleteBlock +EXTRN ?FlgEmitPushfqInst@@YAPEAU_NATIVE_CODE_LINK@@XZ:PROC ; FlgEmitPushfqInst +EXTRN ?FlgEmitPopfqInst@@YAPEAU_NATIVE_CODE_LINK@@XZ:PROC ; FlgEmitPopfqInst EXTRN ?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z:PROC ; JitEmitRipRelativeXorD EXTRN ?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z:PROC ; JitEmitRipRelativeXorW EXTRN ?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z:PROC ; JitEmitRipRelativeXorB @@ -319,57 +310,9 @@ $pdata$??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z DD imagerel $LN4 pdata ENDS ; COMDAT pdata pdata SEGMENT -$pdata$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN6 - DD imagerel $LN6+278 - DD imagerel $unwind$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z -pdata ENDS -; COMDAT pdata -pdata SEGMENT -$pdata$?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA DD imagerel ?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA - DD imagerel ?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA+44 - DD imagerel $unwind$?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA -pdata ENDS -; COMDAT pdata -pdata SEGMENT -$pdata$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN6 - DD imagerel $LN6+278 - DD imagerel $unwind$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z -pdata ENDS -; COMDAT pdata -pdata SEGMENT -$pdata$?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA DD imagerel ?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA - DD imagerel ?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA+44 - DD imagerel $unwind$?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA -pdata ENDS -; COMDAT pdata -pdata SEGMENT -$pdata$?JitCheckFlagCollisions@@YAHPEBTxed_flag_set_s@@T1@@Z DD imagerel $LN11 - DD imagerel $LN11+399 - DD imagerel $unwind$?JitCheckFlagCollisions@@YAHPEBTxed_flag_set_s@@T1@@Z -pdata ENDS -; COMDAT pdata -pdata SEGMENT -$pdata$?JitUpdateConFlagsLedger@@YAXPEBTxed_flag_set_s@@PEAT1@@Z DD imagerel $LN9 - DD imagerel $LN9+308 - DD imagerel $unwind$?JitUpdateConFlagsLedger@@YAXPEBTxed_flag_set_s@@PEAT1@@Z -pdata ENDS -; COMDAT pdata -pdata SEGMENT -$pdata$?JitDoesInstOverriteConditionFlags@@YAHPEAU_NATIVE_CODE_LINK@@@Z DD imagerel $LN5 - DD imagerel $LN5+234 - DD imagerel $unwind$?JitDoesInstOverriteConditionFlags@@YAHPEAU_NATIVE_CODE_LINK@@@Z -pdata ENDS -; COMDAT pdata -pdata SEGMENT -$pdata$?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z DD imagerel $LN9 - DD imagerel $LN9+329 - DD imagerel $unwind$?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z -pdata ENDS -; COMDAT pdata -pdata SEGMENT -$pdata$?JitMutateInstForXor@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z DD imagerel $LN7 - DD imagerel $LN7+331 - DD imagerel $unwind$?JitMutateInstForXor@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z +$pdata$?JitMutateInstForXor@@YAHPEAU_NATIVE_CODE_LINK@@PEAEPEAU_JIT_BITWISE_DATA@@@Z DD imagerel $LN7 + DD imagerel $LN7+356 + DD imagerel $unwind$?JitMutateInstForXor@@YAHPEAU_NATIVE_CODE_LINK@@PEAEPEAU_JIT_BITWISE_DATA@@@Z pdata ENDS ; COMDAT pdata pdata SEGMENT @@ -421,8 +364,8 @@ $pdata$?dtor$1@?0??JitEmitPostRipMov@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE pdata ENDS ; COMDAT pdata pdata SEGMENT -$pdata$?JitEmitPreRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@KHH@Z DD imagerel $LN29 - DD imagerel $LN29+1132 +$pdata$?JitEmitPreRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@KHH@Z DD imagerel $LN25 + DD imagerel $LN25+1063 DD imagerel $unwind$?JitEmitPreRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@KHH@Z pdata ENDS ; COMDAT pdata @@ -433,8 +376,8 @@ $pdata$?dtor$0@?0??JitEmitPreRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE pdata ENDS ; COMDAT pdata pdata SEGMENT -$pdata$?JitEmitPostRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@KHH@Z DD imagerel $LN29 - DD imagerel $LN29+1266 +$pdata$?JitEmitPostRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@KHH@Z DD imagerel $LN25 + DD imagerel $LN25+1197 DD imagerel $unwind$?JitEmitPostRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@KHH@Z pdata ENDS ; COMDAT pdata @@ -950,173 +893,11 @@ $unwind$?JitMutateInstForOr@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z xdata ENDS ; COMDAT xdata xdata SEGMENT -$unwind$?JitMutateInstForXor@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z DD 025052f01H - DD 01132318H - DD 0700c002dH - DD 0500bH -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$unwind$?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z DD 025053b19H - DD 010e2313H - DD 070070031H - DD 05006H - DD imagerel __GSHandlerCheck - DD 0178H -xdata ENDS -; COMDAT CONST -CONST SEGMENT -?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z$rtcName$0 DB 04cH ; JitAreFlagsClobberedBeforeUse - DB 065H - DB 064H - DB 067H - DB 065H - DB 072H - DB 00H - ORG $+9 -?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z$rtcVarDesc DD 024H ; JitAreFlagsClobberedBeforeUse - DD 04H - DQ FLAT:?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z$rtcName$0 - ORG $+48 -?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z$rtcFrameData DD 01H ; JitAreFlagsClobberedBeforeUse - DD 00H - DQ FLAT:?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z$rtcVarDesc -CONST ENDS -; COMDAT xdata -xdata SEGMENT -$unwind$?JitDoesInstOverriteConditionFlags@@YAHPEAU_NATIVE_CODE_LINK@@@Z DD 025052a01H - DD 010e2313H - DD 070070029H - DD 05006H -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$unwind$?JitUpdateConFlagsLedger@@YAXPEBTxed_flag_set_s@@PEAT1@@Z DD 025052f01H - DD 01132318H - DD 0700c001dH - DD 0500bH -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$unwind$?JitCheckFlagCollisions@@YAHPEBTxed_flag_set_s@@T1@@Z DD 025052e01H - DD 01122317H - DD 0700b001fH - DD 0500aH -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$unwind$?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA DD 031001H - DD 0700c4210H - DD 0500bH -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$ip2state$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 06H - DB 00H - DB 00H - DB 0b8H - DB 02H - DB 09eH - DB 00H -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$stateUnwindMap$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 02H - DB 0eH - DD imagerel ?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$cppxdata$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 028H - DD imagerel $stateUnwindMap$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z - DD imagerel $ip2state$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$unwind$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD 035053b19H - DD 010e3313H - DD 070070031H - DD 05006H - DD imagerel __GSHandlerCheck_EH4 - DD imagerel $cppxdata$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z - DD 0172H -xdata ENDS -; COMDAT CONST -CONST SEGMENT -?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcName$0 DB 052H ; JitEmitPopfqInst - DB 061H - DB 077H - DB 044H - DB 061H - DB 074H - DB 061H - DB 00H - ORG $+8 -?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcVarDesc DD 034H ; JitEmitPopfqInst - DD 01H - DQ FLAT:?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcName$0 - ORG $+48 -?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcFrameData DD 01H ; JitEmitPopfqInst - DD 00H - DQ FLAT:?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcVarDesc -CONST ENDS -; COMDAT xdata -xdata SEGMENT -$unwind$?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA DD 031001H - DD 0700c4210H - DD 0500bH -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$ip2state$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 06H - DB 00H - DB 00H - DB 0b8H - DB 02H - DB 09eH - DB 00H -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$stateUnwindMap$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 02H - DB 0eH - DD imagerel ?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$cppxdata$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 028H - DD imagerel $stateUnwindMap$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z - DD imagerel $ip2state$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z -xdata ENDS -; COMDAT xdata -xdata SEGMENT -$unwind$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD 035053b19H - DD 010e3313H - DD 070070031H - DD 05006H - DD imagerel __GSHandlerCheck_EH4 - DD imagerel $cppxdata$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z - DD 0172H +$unwind$?JitMutateInstForXor@@YAHPEAU_NATIVE_CODE_LINK@@PEAEPEAU_JIT_BITWISE_DATA@@@Z DD 025053401H + DD 0118231dH + DD 070110029H + DD 05010H xdata ENDS -; COMDAT CONST -CONST SEGMENT -?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcName$0 DB 052H ; JitEmitPushfqInst - DB 061H - DB 077H - DB 044H - DB 061H - DB 074H - DB 061H - DB 00H - ORG $+8 -?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcVarDesc DD 034H ; JitEmitPushfqInst - DD 01H - DQ FLAT:?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcName$0 - ORG $+48 -?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcFrameData DD 01H ; JitEmitPushfqInst - DD 00H - DQ FLAT:?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcVarDesc -CONST ENDS ; COMDAT xdata xdata SEGMENT $unwind$??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z DD 025052e01H @@ -1833,7 +1614,7 @@ RipDelta$ = 256 Value$ = 264 ?JitiEmitWrapperB@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z PROC ; JitiEmitWrapperB, COMDAT -; 286 : { +; 197 : { $LN8: 00000 44 89 4c 24 20 mov DWORD PTR [rsp+32], r9d @@ -1855,7 +1636,7 @@ $LN8: 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp 0003e e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 287 : switch (OpType) +; 198 : switch (OpType) 00043 8b 85 f0 00 00 00 mov eax, DWORD PTR OpType$[rbp] @@ -1873,8 +1654,8 @@ $LN8: 0006a eb 4f jmp SHORT $LN2@JitiEmitWr $LN4@JitiEmitWr: -; 288 : { -; 289 : case JIT_BITWISE_XOR: return JitEmitRipRelativeXorB(Block, RipDelta, Value); +; 199 : { +; 200 : case JIT_BITWISE_XOR: return JitEmitRipRelativeXorB(Block, RipDelta, Value); 0006c 44 8b 85 08 01 00 00 mov r8d, DWORD PTR Value$[rbp] @@ -1886,7 +1667,7 @@ $LN4@JitiEmitWr: 00085 eb 34 jmp SHORT $LN1@JitiEmitWr $LN5@JitiEmitWr: -; 290 : case JIT_BITWISE_AND: return JitEmitRipRelativeAndB(Block, RipDelta, Value); +; 201 : case JIT_BITWISE_AND: return JitEmitRipRelativeAndB(Block, RipDelta, Value); 00087 44 8b 85 08 01 00 00 mov r8d, DWORD PTR Value$[rbp] @@ -1898,7 +1679,7 @@ $LN5@JitiEmitWr: 000a0 eb 19 jmp SHORT $LN1@JitiEmitWr $LN6@JitiEmitWr: -; 291 : case JIT_BITWISE_OR: return JitEmitRipRelativeOrB(Block, RipDelta, Value); +; 202 : case JIT_BITWISE_OR: return JitEmitRipRelativeOrB(Block, RipDelta, Value); 000a2 44 8b 85 08 01 00 00 mov r8d, DWORD PTR Value$[rbp] @@ -1910,8 +1691,8 @@ $LN6@JitiEmitWr: $LN2@JitiEmitWr: $LN1@JitiEmitWr: -; 292 : } -; 293 : } +; 203 : } +; 204 : } 000bb 48 8d a5 d8 00 00 00 lea rsp, QWORD PTR [rbp+216] @@ -1931,7 +1712,7 @@ RipDelta$ = 256 Value$ = 264 ?JitiEmitWrapperW@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z PROC ; JitiEmitWrapperW, COMDAT -; 277 : { +; 188 : { $LN8: 00000 44 89 4c 24 20 mov DWORD PTR [rsp+32], r9d @@ -1953,7 +1734,7 @@ $LN8: 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp 0003e e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 278 : switch (OpType) +; 189 : switch (OpType) 00043 8b 85 f0 00 00 00 mov eax, DWORD PTR OpType$[rbp] @@ -1971,8 +1752,8 @@ $LN8: 0006a eb 4f jmp SHORT $LN2@JitiEmitWr $LN4@JitiEmitWr: -; 279 : { -; 280 : case JIT_BITWISE_XOR: return JitEmitRipRelativeXorW(Block, RipDelta, Value); +; 190 : { +; 191 : case JIT_BITWISE_XOR: return JitEmitRipRelativeXorW(Block, RipDelta, Value); 0006c 44 8b 85 08 01 00 00 mov r8d, DWORD PTR Value$[rbp] @@ -1984,7 +1765,7 @@ $LN4@JitiEmitWr: 00085 eb 34 jmp SHORT $LN1@JitiEmitWr $LN5@JitiEmitWr: -; 281 : case JIT_BITWISE_AND: return JitEmitRipRelativeAndW(Block, RipDelta, Value); +; 192 : case JIT_BITWISE_AND: return JitEmitRipRelativeAndW(Block, RipDelta, Value); 00087 44 8b 85 08 01 00 00 mov r8d, DWORD PTR Value$[rbp] @@ -1996,7 +1777,7 @@ $LN5@JitiEmitWr: 000a0 eb 19 jmp SHORT $LN1@JitiEmitWr $LN6@JitiEmitWr: -; 282 : case JIT_BITWISE_OR: return JitEmitRipRelativeOrW(Block, RipDelta, Value); +; 193 : case JIT_BITWISE_OR: return JitEmitRipRelativeOrW(Block, RipDelta, Value); 000a2 44 8b 85 08 01 00 00 mov r8d, DWORD PTR Value$[rbp] @@ -2008,8 +1789,8 @@ $LN6@JitiEmitWr: $LN2@JitiEmitWr: $LN1@JitiEmitWr: -; 283 : } -; 284 : } +; 194 : } +; 195 : } 000bb 48 8d a5 d8 00 00 00 lea rsp, QWORD PTR [rbp+216] @@ -2029,7 +1810,7 @@ RipDelta$ = 256 Value$ = 264 ?JitiEmitWrapperD@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z PROC ; JitiEmitWrapperD, COMDAT -; 268 : { +; 179 : { $LN8: 00000 44 89 4c 24 20 mov DWORD PTR [rsp+32], r9d @@ -2051,7 +1832,7 @@ $LN8: 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp 0003e e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 269 : switch (OpType) +; 180 : switch (OpType) 00043 8b 85 f0 00 00 00 mov eax, DWORD PTR OpType$[rbp] @@ -2069,8 +1850,8 @@ $LN8: 0006a eb 4f jmp SHORT $LN2@JitiEmitWr $LN4@JitiEmitWr: -; 270 : { -; 271 : case JIT_BITWISE_XOR: return JitEmitRipRelativeXorD(Block, RipDelta, Value); +; 181 : { +; 182 : case JIT_BITWISE_XOR: return JitEmitRipRelativeXorD(Block, RipDelta, Value); 0006c 44 8b 85 08 01 00 00 mov r8d, DWORD PTR Value$[rbp] @@ -2082,7 +1863,7 @@ $LN4@JitiEmitWr: 00085 eb 34 jmp SHORT $LN1@JitiEmitWr $LN5@JitiEmitWr: -; 272 : case JIT_BITWISE_AND: return JitEmitRipRelativeAndD(Block, RipDelta, Value); +; 183 : case JIT_BITWISE_AND: return JitEmitRipRelativeAndD(Block, RipDelta, Value); 00087 44 8b 85 08 01 00 00 mov r8d, DWORD PTR Value$[rbp] @@ -2094,7 +1875,7 @@ $LN5@JitiEmitWr: 000a0 eb 19 jmp SHORT $LN1@JitiEmitWr $LN6@JitiEmitWr: -; 273 : case JIT_BITWISE_OR: return JitEmitRipRelativeOrD(Block, RipDelta, Value); +; 184 : case JIT_BITWISE_OR: return JitEmitRipRelativeOrD(Block, RipDelta, Value); 000a2 44 8b 85 08 01 00 00 mov r8d, DWORD PTR Value$[rbp] @@ -2106,8 +1887,8 @@ $LN6@JitiEmitWr: $LN2@JitiEmitWr: $LN1@JitiEmitWr: -; 274 : } -; 275 : } +; 185 : } +; 186 : } 000bb 48 8d a5 d8 00 00 00 lea rsp, QWORD PTR [rbp+216] @@ -2124,22 +1905,20 @@ FourByte$ = 4 TwoByte$ = 36 OneByte$ = 68 Block$ = 104 -Count$ = 132 -RipDelta$1 = 164 +PushF$1 = 136 +Count$ = 164 RipDelta$2 = 196 RipDelta$3 = 228 -$T4 = 456 -$T5 = 488 +RipDelta$4 = 260 +PopF$5 = 296 $T6 = 520 $T7 = 552 $T8 = 584 $T9 = 616 $T10 = 648 -tv224 = 664 -tv214 = 664 -tv185 = 664 -tv158 = 664 -tv128 = 664 +tv211 = 664 +tv182 = 664 +tv155 = 664 tv86 = 664 Link$ = 704 JitData$ = 712 @@ -2148,9 +1927,9 @@ SaveFlags$ = 728 Delta$ = 736 ?JitEmitPostRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@KHH@Z PROC ; JitEmitPostRipBitwiseOp, COMDAT -; 370 : { +; 281 : { -$LN29: +$LN25: 00000 44 89 4c 24 20 mov DWORD PTR [rsp+32], r9d 00005 44 89 44 24 18 mov DWORD PTR [rsp+24], r8d 0000a 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -2170,7 +1949,7 @@ $LN29: 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp 00040 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 371 : ULONG FourByte = Link->RawDataSize / 4; +; 282 : ULONG FourByte = Link->RawDataSize / 4; 00045 33 d2 xor edx, edx 00047 48 8b 85 c0 02 @@ -2180,7 +1959,7 @@ $LN29: 00056 f7 f1 div ecx 00058 89 45 04 mov DWORD PTR FourByte$[rbp], eax -; 372 : ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; +; 283 : ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; 0005b 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 0005e c1 e0 02 shl eax, 2 @@ -2194,7 +1973,7 @@ $LN29: 00076 f7 f1 div ecx 00078 89 45 24 mov DWORD PTR TwoByte$[rbp], eax -; 373 : ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); +; 284 : ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); 0007b 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 0007e c1 e0 02 shl eax, 2 @@ -2208,18 +1987,18 @@ $LN29: 00094 2b c1 sub eax, ecx 00096 89 45 44 mov DWORD PTR OneByte$[rbp], eax -; 374 : -; 375 : PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK; +; 285 : +; 286 : PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK; 00099 b9 30 00 00 00 mov ecx, 48 ; 00000030H 0009e e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new - 000a3 48 89 85 e8 01 - 00 00 mov QWORD PTR $T5[rbp], rax - 000aa 48 83 bd e8 01 - 00 00 00 cmp QWORD PTR $T5[rbp], 0 + 000a3 48 89 85 28 02 + 00 00 mov QWORD PTR $T7[rbp], rax + 000aa 48 83 bd 28 02 + 00 00 00 cmp QWORD PTR $T7[rbp], 0 000b2 74 15 je SHORT $LN16@JitEmitPos - 000b4 48 8b 8d e8 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] + 000b4 48 8b 8d 28 02 + 00 00 mov rcx, QWORD PTR $T7[rbp] 000bb e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK 000c0 48 89 85 98 02 00 00 mov QWORD PTR tv86[rbp], rax @@ -2231,529 +2010,505 @@ $LN16@JitEmitPos: $LN17@JitEmitPos: 000d4 48 8b 85 98 02 00 00 mov rax, QWORD PTR tv86[rbp] - 000db 48 89 85 c8 01 - 00 00 mov QWORD PTR $T4[rbp], rax - 000e2 48 8b 85 c8 01 - 00 00 mov rax, QWORD PTR $T4[rbp] + 000db 48 89 85 08 02 + 00 00 mov QWORD PTR $T6[rbp], rax + 000e2 48 8b 85 08 02 + 00 00 mov rax, QWORD PTR $T6[rbp] 000e9 48 89 45 68 mov QWORD PTR Block$[rbp], rax -; 376 : if (!Block) +; 287 : if (!Block) 000ed 48 83 7d 68 00 cmp QWORD PTR Block$[rbp], 0 000f2 75 07 jne SHORT $LN4@JitEmitPos -; 377 : return NULL; +; 288 : return NULL; 000f4 33 c0 xor eax, eax - 000f6 e9 ed 03 00 00 jmp $LN1@JitEmitPos + 000f6 e9 a8 03 00 00 jmp $LN1@JitEmitPos $LN4@JitEmitPos: -; 378 : -; 379 : if (SaveFlags && !JitEmitPushfqInst(Block)) +; 289 : +; 290 : if (SaveFlags) 000fb 83 bd d8 02 00 00 00 cmp DWORD PTR SaveFlags$[rbp], 0 - 00102 74 57 je SHORT $LN5@JitEmitPos - 00104 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 00108 e8 00 00 00 00 call ?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ; JitEmitPushfqInst - 0010d 85 c0 test eax, eax - 0010f 75 4a jne SHORT $LN5@JitEmitPos + 00102 74 33 je SHORT $LN5@JitEmitPos -; 380 : { -; 381 : NcDeleteBlock(Block); +; 291 : { +; 292 : PNATIVE_CODE_LINK PushF = FlgEmitPushfqInst(); - 00111 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 00115 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock + 00104 e8 00 00 00 00 call ?FlgEmitPushfqInst@@YAPEAU_NATIVE_CODE_LINK@@XZ ; FlgEmitPushfqInst + 00109 48 89 85 88 00 + 00 00 mov QWORD PTR PushF$1[rbp], rax -; 382 : delete Block; +; 293 : PushF->Flags |= CODE_FLAG_DO_NOT_DIVIDE; - 0011a 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] - 0011e 48 89 85 08 02 - 00 00 mov QWORD PTR $T6[rbp], rax - 00125 48 83 bd 08 02 - 00 00 00 cmp QWORD PTR $T6[rbp], 0 - 0012d 74 1a je SHORT $LN18@JitEmitPos - 0012f ba 01 00 00 00 mov edx, 1 - 00134 48 8b 8d 08 02 - 00 00 mov rcx, QWORD PTR $T6[rbp] - 0013b e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z - 00140 48 89 85 98 02 - 00 00 mov QWORD PTR tv128[rbp], rax - 00147 eb 0b jmp SHORT $LN19@JitEmitPos -$LN18@JitEmitPos: - 00149 48 c7 85 98 02 - 00 00 00 00 00 - 00 mov QWORD PTR tv128[rbp], 0 -$LN19@JitEmitPos: + 00110 48 8b 85 88 00 + 00 00 mov rax, QWORD PTR PushF$1[rbp] + 00117 8b 40 18 mov eax, DWORD PTR [rax+24] + 0011a 83 c8 08 or eax, 8 + 0011d 48 8b 8d 88 00 + 00 00 mov rcx, QWORD PTR PushF$1[rbp] + 00124 89 41 18 mov DWORD PTR [rcx+24], eax -; 383 : return NULL; +; 294 : NcAppendToBlock(Block, PushF); - 00154 33 c0 xor eax, eax - 00156 e9 8d 03 00 00 jmp $LN1@JitEmitPos + 00127 48 8b 95 88 00 + 00 00 mov rdx, QWORD PTR PushF$1[rbp] + 0012e 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] + 00132 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock $LN5@JitEmitPos: -; 384 : } -; 385 : -; 386 : ULONG Count = FourByte; +; 295 : } +; 296 : +; 297 : ULONG Count = FourByte; - 0015b 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] - 0015e 89 85 84 00 00 + 00137 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] + 0013a 89 85 a4 00 00 00 mov DWORD PTR Count$[rbp], eax $LN2@JitEmitPos: -; 387 : while (Count) +; 298 : while (Count) - 00164 83 bd 84 00 00 + 00140 83 bd a4 00 00 00 00 cmp DWORD PTR Count$[rbp], 0 - 0016b 0f 84 11 01 00 + 00147 0f 84 11 01 00 00 je $LN3@JitEmitPos -; 388 : { -; 389 : INT32 RipDelta = Link->RawDataSize - ((FourByte - Count) * 4); +; 299 : { +; 300 : INT32 RipDelta = Link->RawDataSize - ((FourByte - Count) * 4); - 00171 8b 85 84 00 00 + 0014d 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] - 00177 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] - 0017a 2b c8 sub ecx, eax - 0017c 8b c1 mov eax, ecx - 0017e c1 e0 02 shl eax, 2 - 00181 48 8b 8d c0 02 + 00153 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] + 00156 2b c8 sub ecx, eax + 00158 8b c1 mov eax, ecx + 0015a c1 e0 02 shl eax, 2 + 0015d 48 8b 8d c0 02 00 00 mov rcx, QWORD PTR Link$[rbp] - 00188 8b 49 28 mov ecx, DWORD PTR [rcx+40] - 0018b 2b c8 sub ecx, eax - 0018d 8b c1 mov eax, ecx - 0018f 89 85 a4 00 00 - 00 mov DWORD PTR RipDelta$1[rbp], eax + 00164 8b 49 28 mov ecx, DWORD PTR [rcx+40] + 00167 2b c8 sub ecx, eax + 00169 8b c1 mov eax, ecx + 0016b 89 85 c4 00 00 + 00 mov DWORD PTR RipDelta$2[rbp], eax -; 390 : if (SaveFlags) +; 301 : if (SaveFlags) - 00195 83 bd d8 02 00 + 00171 83 bd d8 02 00 00 00 cmp DWORD PTR SaveFlags$[rbp], 0 - 0019c 74 0e je SHORT $LN6@JitEmitPos + 00178 74 0e je SHORT $LN6@JitEmitPos -; 391 : RipDelta += 1; +; 302 : RipDelta += 1; - 0019e 8b 85 a4 00 00 - 00 mov eax, DWORD PTR RipDelta$1[rbp] - 001a4 ff c0 inc eax - 001a6 89 85 a4 00 00 - 00 mov DWORD PTR RipDelta$1[rbp], eax + 0017a 8b 85 c4 00 00 + 00 mov eax, DWORD PTR RipDelta$2[rbp] + 00180 ff c0 inc eax + 00182 89 85 c4 00 00 + 00 mov DWORD PTR RipDelta$2[rbp], eax $LN6@JitEmitPos: -; 392 : RipDelta += (FourByte - (Count - 1)) * DWORD_RIP_INST_LENGTH; +; 303 : RipDelta += (FourByte - (Count - 1)) * DWORD_RIP_INST_LENGTH; - 001ac 8b 85 84 00 00 + 00188 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] - 001b2 ff c8 dec eax - 001b4 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] - 001b7 2b c8 sub ecx, eax - 001b9 8b c1 mov eax, ecx - 001bb 6b c0 0a imul eax, eax, 10 - 001be 8b 8d a4 00 00 - 00 mov ecx, DWORD PTR RipDelta$1[rbp] - 001c4 03 c8 add ecx, eax - 001c6 8b c1 mov eax, ecx - 001c8 89 85 a4 00 00 - 00 mov DWORD PTR RipDelta$1[rbp], eax + 0018e ff c8 dec eax + 00190 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] + 00193 2b c8 sub ecx, eax + 00195 8b c1 mov eax, ecx + 00197 6b c0 0a imul eax, eax, 10 + 0019a 8b 8d c4 00 00 + 00 mov ecx, DWORD PTR RipDelta$2[rbp] + 001a0 03 c8 add ecx, eax + 001a2 8b c1 mov eax, ecx + 001a4 89 85 c4 00 00 + 00 mov DWORD PTR RipDelta$2[rbp], eax -; 393 : RipDelta *= (-1); +; 304 : RipDelta *= (-1); - 001ce 6b 85 a4 00 00 - 00 ff imul eax, DWORD PTR RipDelta$1[rbp], -1 - 001d5 89 85 a4 00 00 - 00 mov DWORD PTR RipDelta$1[rbp], eax + 001aa 6b 85 c4 00 00 + 00 ff imul eax, DWORD PTR RipDelta$2[rbp], -1 + 001b1 89 85 c4 00 00 + 00 mov DWORD PTR RipDelta$2[rbp], eax -; 394 : RipDelta += Delta; +; 305 : RipDelta += Delta; - 001db 8b 85 e0 02 00 + 001b7 8b 85 e0 02 00 00 mov eax, DWORD PTR Delta$[rbp] - 001e1 8b 8d a4 00 00 - 00 mov ecx, DWORD PTR RipDelta$1[rbp] - 001e7 03 c8 add ecx, eax - 001e9 8b c1 mov eax, ecx - 001eb 89 85 a4 00 00 - 00 mov DWORD PTR RipDelta$1[rbp], eax + 001bd 8b 8d c4 00 00 + 00 mov ecx, DWORD PTR RipDelta$2[rbp] + 001c3 03 c8 add ecx, eax + 001c5 8b c1 mov eax, ecx + 001c7 89 85 c4 00 00 + 00 mov DWORD PTR RipDelta$2[rbp], eax -; 395 : if (!JitiEmitWrapperD(OpType, Block, RipDelta, JitData->Data[FourByte - Count])) +; 306 : if (!JitiEmitWrapperD(OpType, Block, RipDelta, JitData->Data[FourByte - Count])) - 001f1 8b 85 84 00 00 + 001cd 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] - 001f7 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] - 001fa 2b c8 sub ecx, eax - 001fc 8b c1 mov eax, ecx - 001fe 8b c0 mov eax, eax - 00200 48 8b 8d c8 02 + 001d3 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] + 001d6 2b c8 sub ecx, eax + 001d8 8b c1 mov eax, ecx + 001da 8b c0 mov eax, eax + 001dc 48 8b 8d c8 02 00 00 mov rcx, QWORD PTR JitData$[rbp] - 00207 44 8b 0c 81 mov r9d, DWORD PTR [rcx+rax*4] - 0020b 44 8b 85 a4 00 - 00 00 mov r8d, DWORD PTR RipDelta$1[rbp] - 00212 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] - 00216 8b 8d d0 02 00 + 001e3 44 8b 0c 81 mov r9d, DWORD PTR [rcx+rax*4] + 001e7 44 8b 85 c4 00 + 00 00 mov r8d, DWORD PTR RipDelta$2[rbp] + 001ee 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] + 001f2 8b 8d d0 02 00 00 mov ecx, DWORD PTR OpType$[rbp] - 0021c e8 00 00 00 00 call ?JitiEmitWrapperD@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperD - 00221 85 c0 test eax, eax - 00223 75 4a jne SHORT $LN7@JitEmitPos + 001f8 e8 00 00 00 00 call ?JitiEmitWrapperD@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperD + 001fd 85 c0 test eax, eax + 001ff 75 4a jne SHORT $LN7@JitEmitPos -; 396 : { -; 397 : NcDeleteBlock(Block); +; 307 : { +; 308 : NcDeleteBlock(Block); - 00225 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 00229 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock + 00201 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] + 00205 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 398 : delete Block; +; 309 : delete Block; - 0022e 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] - 00232 48 89 85 28 02 - 00 00 mov QWORD PTR $T7[rbp], rax - 00239 48 83 bd 28 02 - 00 00 00 cmp QWORD PTR $T7[rbp], 0 - 00241 74 1a je SHORT $LN20@JitEmitPos - 00243 ba 01 00 00 00 mov edx, 1 - 00248 48 8b 8d 28 02 - 00 00 mov rcx, QWORD PTR $T7[rbp] - 0024f e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z - 00254 48 89 85 98 02 - 00 00 mov QWORD PTR tv158[rbp], rax - 0025b eb 0b jmp SHORT $LN21@JitEmitPos -$LN20@JitEmitPos: - 0025d 48 c7 85 98 02 + 0020a 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] + 0020e 48 89 85 48 02 + 00 00 mov QWORD PTR $T8[rbp], rax + 00215 48 83 bd 48 02 + 00 00 00 cmp QWORD PTR $T8[rbp], 0 + 0021d 74 1a je SHORT $LN18@JitEmitPos + 0021f ba 01 00 00 00 mov edx, 1 + 00224 48 8b 8d 48 02 + 00 00 mov rcx, QWORD PTR $T8[rbp] + 0022b e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z + 00230 48 89 85 98 02 + 00 00 mov QWORD PTR tv155[rbp], rax + 00237 eb 0b jmp SHORT $LN19@JitEmitPos +$LN18@JitEmitPos: + 00239 48 c7 85 98 02 00 00 00 00 00 - 00 mov QWORD PTR tv158[rbp], 0 -$LN21@JitEmitPos: + 00 mov QWORD PTR tv155[rbp], 0 +$LN19@JitEmitPos: -; 399 : return NULL; +; 310 : return NULL; - 00268 33 c0 xor eax, eax - 0026a e9 79 02 00 00 jmp $LN1@JitEmitPos + 00244 33 c0 xor eax, eax + 00246 e9 58 02 00 00 jmp $LN1@JitEmitPos $LN7@JitEmitPos: -; 400 : } -; 401 : --Count; +; 311 : } +; 312 : --Count; - 0026f 8b 85 84 00 00 + 0024b 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] - 00275 ff c8 dec eax - 00277 89 85 84 00 00 + 00251 ff c8 dec eax + 00253 89 85 a4 00 00 00 mov DWORD PTR Count$[rbp], eax -; 402 : } +; 313 : } - 0027d e9 e2 fe ff ff jmp $LN2@JitEmitPos + 00259 e9 e2 fe ff ff jmp $LN2@JitEmitPos $LN3@JitEmitPos: -; 403 : -; 404 : if (TwoByte) +; 314 : +; 315 : if (TwoByte) - 00282 83 7d 24 00 cmp DWORD PTR TwoByte$[rbp], 0 - 00286 0f 84 ef 00 00 + 0025e 83 7d 24 00 cmp DWORD PTR TwoByte$[rbp], 0 + 00262 0f 84 ef 00 00 00 je $LN8@JitEmitPos -; 405 : { -; 406 : INT32 RipDelta = Link->RawDataSize - (FourByte * 4); +; 316 : { +; 317 : INT32 RipDelta = Link->RawDataSize - (FourByte * 4); - 0028c 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] - 0028f c1 e0 02 shl eax, 2 - 00292 48 8b 8d c0 02 + 00268 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] + 0026b c1 e0 02 shl eax, 2 + 0026e 48 8b 8d c0 02 00 00 mov rcx, QWORD PTR Link$[rbp] - 00299 8b 49 28 mov ecx, DWORD PTR [rcx+40] - 0029c 2b c8 sub ecx, eax - 0029e 8b c1 mov eax, ecx - 002a0 89 85 c4 00 00 - 00 mov DWORD PTR RipDelta$2[rbp], eax + 00275 8b 49 28 mov ecx, DWORD PTR [rcx+40] + 00278 2b c8 sub ecx, eax + 0027a 8b c1 mov eax, ecx + 0027c 89 85 e4 00 00 + 00 mov DWORD PTR RipDelta$3[rbp], eax -; 407 : if (SaveFlags) +; 318 : if (SaveFlags) - 002a6 83 bd d8 02 00 + 00282 83 bd d8 02 00 00 00 cmp DWORD PTR SaveFlags$[rbp], 0 - 002ad 74 0e je SHORT $LN9@JitEmitPos + 00289 74 0e je SHORT $LN9@JitEmitPos -; 408 : RipDelta += 1; +; 319 : RipDelta += 1; - 002af 8b 85 c4 00 00 - 00 mov eax, DWORD PTR RipDelta$2[rbp] - 002b5 ff c0 inc eax - 002b7 89 85 c4 00 00 - 00 mov DWORD PTR RipDelta$2[rbp], eax + 0028b 8b 85 e4 00 00 + 00 mov eax, DWORD PTR RipDelta$3[rbp] + 00291 ff c0 inc eax + 00293 89 85 e4 00 00 + 00 mov DWORD PTR RipDelta$3[rbp], eax $LN9@JitEmitPos: -; 409 : RipDelta += (FourByte * DWORD_RIP_INST_LENGTH); +; 320 : RipDelta += (FourByte * DWORD_RIP_INST_LENGTH); - 002bd 6b 45 04 0a imul eax, DWORD PTR FourByte$[rbp], 10 - 002c1 8b 8d c4 00 00 - 00 mov ecx, DWORD PTR RipDelta$2[rbp] - 002c7 03 c8 add ecx, eax - 002c9 8b c1 mov eax, ecx - 002cb 89 85 c4 00 00 - 00 mov DWORD PTR RipDelta$2[rbp], eax + 00299 6b 45 04 0a imul eax, DWORD PTR FourByte$[rbp], 10 + 0029d 8b 8d e4 00 00 + 00 mov ecx, DWORD PTR RipDelta$3[rbp] + 002a3 03 c8 add ecx, eax + 002a5 8b c1 mov eax, ecx + 002a7 89 85 e4 00 00 + 00 mov DWORD PTR RipDelta$3[rbp], eax -; 410 : RipDelta += WORD_RIP_INST_LENGTH; +; 321 : RipDelta += WORD_RIP_INST_LENGTH; - 002d1 8b 85 c4 00 00 - 00 mov eax, DWORD PTR RipDelta$2[rbp] - 002d7 83 c0 09 add eax, 9 - 002da 89 85 c4 00 00 - 00 mov DWORD PTR RipDelta$2[rbp], eax + 002ad 8b 85 e4 00 00 + 00 mov eax, DWORD PTR RipDelta$3[rbp] + 002b3 83 c0 09 add eax, 9 + 002b6 89 85 e4 00 00 + 00 mov DWORD PTR RipDelta$3[rbp], eax -; 411 : RipDelta *= (-1); +; 322 : RipDelta *= (-1); - 002e0 6b 85 c4 00 00 - 00 ff imul eax, DWORD PTR RipDelta$2[rbp], -1 - 002e7 89 85 c4 00 00 - 00 mov DWORD PTR RipDelta$2[rbp], eax + 002bc 6b 85 e4 00 00 + 00 ff imul eax, DWORD PTR RipDelta$3[rbp], -1 + 002c3 89 85 e4 00 00 + 00 mov DWORD PTR RipDelta$3[rbp], eax -; 412 : RipDelta += Delta; +; 323 : RipDelta += Delta; - 002ed 8b 85 e0 02 00 + 002c9 8b 85 e0 02 00 00 mov eax, DWORD PTR Delta$[rbp] - 002f3 8b 8d c4 00 00 - 00 mov ecx, DWORD PTR RipDelta$2[rbp] - 002f9 03 c8 add ecx, eax - 002fb 8b c1 mov eax, ecx - 002fd 89 85 c4 00 00 - 00 mov DWORD PTR RipDelta$2[rbp], eax + 002cf 8b 8d e4 00 00 + 00 mov ecx, DWORD PTR RipDelta$3[rbp] + 002d5 03 c8 add ecx, eax + 002d7 8b c1 mov eax, ecx + 002d9 89 85 e4 00 00 + 00 mov DWORD PTR RipDelta$3[rbp], eax -; 413 : if (!JitiEmitWrapperW(OpType, Block, RipDelta, JitData->Data[3])) +; 324 : if (!JitiEmitWrapperW(OpType, Block, RipDelta, JitData->Data[3])) - 00303 b8 04 00 00 00 mov eax, 4 - 00308 48 6b c0 03 imul rax, rax, 3 - 0030c 48 8b 8d c8 02 + 002df b8 04 00 00 00 mov eax, 4 + 002e4 48 6b c0 03 imul rax, rax, 3 + 002e8 48 8b 8d c8 02 00 00 mov rcx, QWORD PTR JitData$[rbp] - 00313 44 8b 0c 01 mov r9d, DWORD PTR [rcx+rax] - 00317 44 8b 85 c4 00 - 00 00 mov r8d, DWORD PTR RipDelta$2[rbp] - 0031e 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] - 00322 8b 8d d0 02 00 + 002ef 44 8b 0c 01 mov r9d, DWORD PTR [rcx+rax] + 002f3 44 8b 85 e4 00 + 00 00 mov r8d, DWORD PTR RipDelta$3[rbp] + 002fa 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] + 002fe 8b 8d d0 02 00 00 mov ecx, DWORD PTR OpType$[rbp] - 00328 e8 00 00 00 00 call ?JitiEmitWrapperW@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperW - 0032d 85 c0 test eax, eax - 0032f 75 4a jne SHORT $LN8@JitEmitPos + 00304 e8 00 00 00 00 call ?JitiEmitWrapperW@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperW + 00309 85 c0 test eax, eax + 0030b 75 4a jne SHORT $LN8@JitEmitPos -; 414 : { -; 415 : NcDeleteBlock(Block); +; 325 : { +; 326 : NcDeleteBlock(Block); - 00331 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 00335 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock + 0030d 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] + 00311 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 416 : delete Block; +; 327 : delete Block; - 0033a 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] - 0033e 48 89 85 48 02 - 00 00 mov QWORD PTR $T8[rbp], rax - 00345 48 83 bd 48 02 - 00 00 00 cmp QWORD PTR $T8[rbp], 0 - 0034d 74 1a je SHORT $LN22@JitEmitPos - 0034f ba 01 00 00 00 mov edx, 1 - 00354 48 8b 8d 48 02 - 00 00 mov rcx, QWORD PTR $T8[rbp] - 0035b e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z - 00360 48 89 85 98 02 - 00 00 mov QWORD PTR tv185[rbp], rax - 00367 eb 0b jmp SHORT $LN23@JitEmitPos -$LN22@JitEmitPos: - 00369 48 c7 85 98 02 + 00316 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] + 0031a 48 89 85 68 02 + 00 00 mov QWORD PTR $T9[rbp], rax + 00321 48 83 bd 68 02 + 00 00 00 cmp QWORD PTR $T9[rbp], 0 + 00329 74 1a je SHORT $LN20@JitEmitPos + 0032b ba 01 00 00 00 mov edx, 1 + 00330 48 8b 8d 68 02 + 00 00 mov rcx, QWORD PTR $T9[rbp] + 00337 e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z + 0033c 48 89 85 98 02 + 00 00 mov QWORD PTR tv182[rbp], rax + 00343 eb 0b jmp SHORT $LN21@JitEmitPos +$LN20@JitEmitPos: + 00345 48 c7 85 98 02 00 00 00 00 00 - 00 mov QWORD PTR tv185[rbp], 0 -$LN23@JitEmitPos: + 00 mov QWORD PTR tv182[rbp], 0 +$LN21@JitEmitPos: -; 417 : return NULL; +; 328 : return NULL; - 00374 33 c0 xor eax, eax - 00376 e9 6d 01 00 00 jmp $LN1@JitEmitPos + 00350 33 c0 xor eax, eax + 00352 e9 4c 01 00 00 jmp $LN1@JitEmitPos $LN8@JitEmitPos: -; 418 : } -; 419 : } -; 420 : -; 421 : if (OneByte) +; 329 : } +; 330 : } +; 331 : +; 332 : if (OneByte) - 0037b 83 7d 44 00 cmp DWORD PTR OneByte$[rbp], 0 - 0037f 0f 84 02 01 00 + 00357 83 7d 44 00 cmp DWORD PTR OneByte$[rbp], 0 + 0035b 0f 84 02 01 00 00 je $LN11@JitEmitPos -; 422 : { -; 423 : INT32 RipDelta = Link->RawDataSize - (FourByte * 4) - (TwoByte * 2); +; 333 : { +; 334 : INT32 RipDelta = Link->RawDataSize - (FourByte * 4) - (TwoByte * 2); - 00385 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] - 00388 c1 e0 02 shl eax, 2 - 0038b 48 8b 8d c0 02 + 00361 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] + 00364 c1 e0 02 shl eax, 2 + 00367 48 8b 8d c0 02 00 00 mov rcx, QWORD PTR Link$[rbp] - 00392 8b 49 28 mov ecx, DWORD PTR [rcx+40] - 00395 2b c8 sub ecx, eax - 00397 8b c1 mov eax, ecx - 00399 8b 4d 24 mov ecx, DWORD PTR TwoByte$[rbp] - 0039c d1 e1 shl ecx, 1 - 0039e 2b c1 sub eax, ecx - 003a0 89 85 e4 00 00 - 00 mov DWORD PTR RipDelta$3[rbp], eax + 0036e 8b 49 28 mov ecx, DWORD PTR [rcx+40] + 00371 2b c8 sub ecx, eax + 00373 8b c1 mov eax, ecx + 00375 8b 4d 24 mov ecx, DWORD PTR TwoByte$[rbp] + 00378 d1 e1 shl ecx, 1 + 0037a 2b c1 sub eax, ecx + 0037c 89 85 04 01 00 + 00 mov DWORD PTR RipDelta$4[rbp], eax -; 424 : if (SaveFlags) +; 335 : if (SaveFlags) - 003a6 83 bd d8 02 00 + 00382 83 bd d8 02 00 00 00 cmp DWORD PTR SaveFlags$[rbp], 0 - 003ad 74 0e je SHORT $LN12@JitEmitPos + 00389 74 0e je SHORT $LN12@JitEmitPos -; 425 : RipDelta += 1; +; 336 : RipDelta += 1; - 003af 8b 85 e4 00 00 - 00 mov eax, DWORD PTR RipDelta$3[rbp] - 003b5 ff c0 inc eax - 003b7 89 85 e4 00 00 - 00 mov DWORD PTR RipDelta$3[rbp], eax + 0038b 8b 85 04 01 00 + 00 mov eax, DWORD PTR RipDelta$4[rbp] + 00391 ff c0 inc eax + 00393 89 85 04 01 00 + 00 mov DWORD PTR RipDelta$4[rbp], eax $LN12@JitEmitPos: -; 426 : RipDelta += (FourByte * DWORD_RIP_INST_LENGTH); +; 337 : RipDelta += (FourByte * DWORD_RIP_INST_LENGTH); - 003bd 6b 45 04 0a imul eax, DWORD PTR FourByte$[rbp], 10 - 003c1 8b 8d e4 00 00 - 00 mov ecx, DWORD PTR RipDelta$3[rbp] - 003c7 03 c8 add ecx, eax - 003c9 8b c1 mov eax, ecx - 003cb 89 85 e4 00 00 - 00 mov DWORD PTR RipDelta$3[rbp], eax + 00399 6b 45 04 0a imul eax, DWORD PTR FourByte$[rbp], 10 + 0039d 8b 8d 04 01 00 + 00 mov ecx, DWORD PTR RipDelta$4[rbp] + 003a3 03 c8 add ecx, eax + 003a5 8b c1 mov eax, ecx + 003a7 89 85 04 01 00 + 00 mov DWORD PTR RipDelta$4[rbp], eax -; 427 : RipDelta += WORD_RIP_INST_LENGTH; +; 338 : RipDelta += WORD_RIP_INST_LENGTH; - 003d1 8b 85 e4 00 00 - 00 mov eax, DWORD PTR RipDelta$3[rbp] - 003d7 83 c0 09 add eax, 9 - 003da 89 85 e4 00 00 - 00 mov DWORD PTR RipDelta$3[rbp], eax + 003ad 8b 85 04 01 00 + 00 mov eax, DWORD PTR RipDelta$4[rbp] + 003b3 83 c0 09 add eax, 9 + 003b6 89 85 04 01 00 + 00 mov DWORD PTR RipDelta$4[rbp], eax -; 428 : RipDelta += BYTE_RIP_INST_LENGTH; +; 339 : RipDelta += BYTE_RIP_INST_LENGTH; - 003e0 8b 85 e4 00 00 - 00 mov eax, DWORD PTR RipDelta$3[rbp] - 003e6 83 c0 07 add eax, 7 - 003e9 89 85 e4 00 00 - 00 mov DWORD PTR RipDelta$3[rbp], eax + 003bc 8b 85 04 01 00 + 00 mov eax, DWORD PTR RipDelta$4[rbp] + 003c2 83 c0 07 add eax, 7 + 003c5 89 85 04 01 00 + 00 mov DWORD PTR RipDelta$4[rbp], eax -; 429 : RipDelta *= (-1); +; 340 : RipDelta *= (-1); - 003ef 6b 85 e4 00 00 - 00 ff imul eax, DWORD PTR RipDelta$3[rbp], -1 - 003f6 89 85 e4 00 00 - 00 mov DWORD PTR RipDelta$3[rbp], eax + 003cb 6b 85 04 01 00 + 00 ff imul eax, DWORD PTR RipDelta$4[rbp], -1 + 003d2 89 85 04 01 00 + 00 mov DWORD PTR RipDelta$4[rbp], eax -; 430 : RipDelta += Delta; +; 341 : RipDelta += Delta; - 003fc 8b 85 e0 02 00 + 003d8 8b 85 e0 02 00 00 mov eax, DWORD PTR Delta$[rbp] - 00402 8b 8d e4 00 00 - 00 mov ecx, DWORD PTR RipDelta$3[rbp] - 00408 03 c8 add ecx, eax - 0040a 8b c1 mov eax, ecx - 0040c 89 85 e4 00 00 - 00 mov DWORD PTR RipDelta$3[rbp], eax + 003de 8b 8d 04 01 00 + 00 mov ecx, DWORD PTR RipDelta$4[rbp] + 003e4 03 c8 add ecx, eax + 003e6 8b c1 mov eax, ecx + 003e8 89 85 04 01 00 + 00 mov DWORD PTR RipDelta$4[rbp], eax -; 431 : if (!JitiEmitWrapperB(OpType, Block, RipDelta, JitData->Data[4])) +; 342 : if (!JitiEmitWrapperB(OpType, Block, RipDelta, JitData->Data[4])) - 00412 b8 04 00 00 00 mov eax, 4 - 00417 48 6b c0 04 imul rax, rax, 4 - 0041b 48 8b 8d c8 02 + 003ee b8 04 00 00 00 mov eax, 4 + 003f3 48 6b c0 04 imul rax, rax, 4 + 003f7 48 8b 8d c8 02 00 00 mov rcx, QWORD PTR JitData$[rbp] - 00422 44 8b 0c 01 mov r9d, DWORD PTR [rcx+rax] - 00426 44 8b 85 e4 00 - 00 00 mov r8d, DWORD PTR RipDelta$3[rbp] - 0042d 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] - 00431 8b 8d d0 02 00 + 003fe 44 8b 0c 01 mov r9d, DWORD PTR [rcx+rax] + 00402 44 8b 85 04 01 + 00 00 mov r8d, DWORD PTR RipDelta$4[rbp] + 00409 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] + 0040d 8b 8d d0 02 00 00 mov ecx, DWORD PTR OpType$[rbp] - 00437 e8 00 00 00 00 call ?JitiEmitWrapperB@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperB - 0043c 85 c0 test eax, eax - 0043e 75 47 jne SHORT $LN11@JitEmitPos + 00413 e8 00 00 00 00 call ?JitiEmitWrapperB@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperB + 00418 85 c0 test eax, eax + 0041a 75 47 jne SHORT $LN11@JitEmitPos -; 432 : { -; 433 : NcDeleteBlock(Block); +; 343 : { +; 344 : NcDeleteBlock(Block); - 00440 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 00444 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock + 0041c 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] + 00420 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 434 : delete Block; +; 345 : delete Block; - 00449 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] - 0044d 48 89 85 68 02 - 00 00 mov QWORD PTR $T9[rbp], rax - 00454 48 83 bd 68 02 - 00 00 00 cmp QWORD PTR $T9[rbp], 0 - 0045c 74 1a je SHORT $LN24@JitEmitPos - 0045e ba 01 00 00 00 mov edx, 1 - 00463 48 8b 8d 68 02 - 00 00 mov rcx, QWORD PTR $T9[rbp] - 0046a e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z - 0046f 48 89 85 98 02 - 00 00 mov QWORD PTR tv214[rbp], rax - 00476 eb 0b jmp SHORT $LN25@JitEmitPos -$LN24@JitEmitPos: - 00478 48 c7 85 98 02 + 00425 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] + 00429 48 89 85 88 02 + 00 00 mov QWORD PTR $T10[rbp], rax + 00430 48 83 bd 88 02 + 00 00 00 cmp QWORD PTR $T10[rbp], 0 + 00438 74 1a je SHORT $LN22@JitEmitPos + 0043a ba 01 00 00 00 mov edx, 1 + 0043f 48 8b 8d 88 02 + 00 00 mov rcx, QWORD PTR $T10[rbp] + 00446 e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z + 0044b 48 89 85 98 02 + 00 00 mov QWORD PTR tv211[rbp], rax + 00452 eb 0b jmp SHORT $LN23@JitEmitPos +$LN22@JitEmitPos: + 00454 48 c7 85 98 02 00 00 00 00 00 - 00 mov QWORD PTR tv214[rbp], 0 -$LN25@JitEmitPos: + 00 mov QWORD PTR tv211[rbp], 0 +$LN23@JitEmitPos: -; 435 : return NULL; +; 346 : return NULL; - 00483 33 c0 xor eax, eax - 00485 eb 61 jmp SHORT $LN1@JitEmitPos + 0045f 33 c0 xor eax, eax + 00461 eb 40 jmp SHORT $LN1@JitEmitPos $LN11@JitEmitPos: -; 436 : } -; 437 : } -; 438 : -; 439 : if (SaveFlags && !JitEmitPopfqInst(Block)) +; 347 : } +; 348 : } +; 349 : +; 350 : if (SaveFlags) - 00487 83 bd d8 02 00 + 00463 83 bd d8 02 00 00 00 cmp DWORD PTR SaveFlags$[rbp], 0 - 0048e 74 54 je SHORT $LN14@JitEmitPos - 00490 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 00494 e8 00 00 00 00 call ?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ; JitEmitPopfqInst - 00499 85 c0 test eax, eax - 0049b 75 47 jne SHORT $LN14@JitEmitPos + 0046a 74 33 je SHORT $LN14@JitEmitPos -; 440 : { -; 441 : NcDeleteBlock(Block); +; 351 : { +; 352 : PNATIVE_CODE_LINK PopF = FlgEmitPopfqInst(); - 0049d 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 004a1 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock + 0046c e8 00 00 00 00 call ?FlgEmitPopfqInst@@YAPEAU_NATIVE_CODE_LINK@@XZ ; FlgEmitPopfqInst + 00471 48 89 85 28 01 + 00 00 mov QWORD PTR PopF$5[rbp], rax -; 442 : delete Block; +; 353 : PopF->Flags |= CODE_FLAG_DO_NOT_DIVIDE; - 004a6 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] - 004aa 48 89 85 88 02 - 00 00 mov QWORD PTR $T10[rbp], rax - 004b1 48 83 bd 88 02 - 00 00 00 cmp QWORD PTR $T10[rbp], 0 - 004b9 74 1a je SHORT $LN26@JitEmitPos - 004bb ba 01 00 00 00 mov edx, 1 - 004c0 48 8b 8d 88 02 - 00 00 mov rcx, QWORD PTR $T10[rbp] - 004c7 e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z - 004cc 48 89 85 98 02 - 00 00 mov QWORD PTR tv224[rbp], rax - 004d3 eb 0b jmp SHORT $LN27@JitEmitPos -$LN26@JitEmitPos: - 004d5 48 c7 85 98 02 - 00 00 00 00 00 - 00 mov QWORD PTR tv224[rbp], 0 -$LN27@JitEmitPos: + 00478 48 8b 85 28 01 + 00 00 mov rax, QWORD PTR PopF$5[rbp] + 0047f 8b 40 18 mov eax, DWORD PTR [rax+24] + 00482 83 c8 08 or eax, 8 + 00485 48 8b 8d 28 01 + 00 00 mov rcx, QWORD PTR PopF$5[rbp] + 0048c 89 41 18 mov DWORD PTR [rcx+24], eax -; 443 : return NULL; +; 354 : NcAppendToBlock(Block, PopF); - 004e0 33 c0 xor eax, eax - 004e2 eb 04 jmp SHORT $LN1@JitEmitPos + 0048f 48 8b 95 28 01 + 00 00 mov rdx, QWORD PTR PopF$5[rbp] + 00496 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] + 0049a e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock $LN14@JitEmitPos: -; 444 : } -; 445 : -; 446 : return Block; +; 355 : } +; 356 : +; 357 : return Block; - 004e4 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] + 0049f 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] $LN1@JitEmitPos: -; 447 : } +; 358 : } - 004e8 48 8d a5 a8 02 + 004a3 48 8d a5 a8 02 00 00 lea rsp, QWORD PTR [rbp+680] - 004ef 5f pop rdi - 004f0 5d pop rbp - 004f1 c3 ret 0 + 004aa 5f pop rdi + 004ab 5d pop rbp + 004ac c3 ret 0 ?JitEmitPostRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@KHH@Z ENDP ; JitEmitPostRipBitwiseOp _TEXT ENDS ; COMDAT text$x @@ -2762,22 +2517,20 @@ FourByte$ = 4 TwoByte$ = 36 OneByte$ = 68 Block$ = 104 -Count$ = 132 -RipDelta$1 = 164 +PushF$1 = 136 +Count$ = 164 RipDelta$2 = 196 RipDelta$3 = 228 -$T4 = 456 -$T5 = 488 +RipDelta$4 = 260 +PopF$5 = 296 $T6 = 520 $T7 = 552 $T8 = 584 $T9 = 616 $T10 = 648 -tv224 = 664 -tv214 = 664 -tv185 = 664 -tv158 = 664 -tv128 = 664 +tv211 = 664 +tv182 = 664 +tv155 = 664 tv86 = 664 Link$ = 704 JitData$ = 712 @@ -2792,8 +2545,8 @@ Delta$ = 736 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] 00014 ba 30 00 00 00 mov edx, 48 ; 00000030H - 00019 48 8b 8d e8 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] + 00019 48 8b 8d 28 02 + 00 00 mov rcx, QWORD PTR $T7[rbp] 00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete 00025 48 83 c4 28 add rsp, 40 ; 00000028H 00029 5f pop rdi @@ -2808,22 +2561,20 @@ FourByte$ = 4 TwoByte$ = 36 OneByte$ = 68 Block$ = 104 -Count$ = 132 -RipDelta$1 = 164 +PushF$1 = 136 +Count$ = 164 RipDelta$2 = 196 RipDelta$3 = 228 -$T4 = 456 -$T5 = 488 +RipDelta$4 = 260 +PopF$5 = 296 $T6 = 520 $T7 = 552 $T8 = 584 $T9 = 616 $T10 = 648 -tv224 = 664 -tv214 = 664 -tv185 = 664 -tv158 = 664 -tv128 = 664 +tv211 = 664 +tv182 = 664 +tv155 = 664 tv86 = 664 Link$ = 704 JitData$ = 712 @@ -2838,8 +2589,8 @@ Delta$ = 736 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] 00014 ba 30 00 00 00 mov edx, 48 ; 00000030H - 00019 48 8b 8d e8 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] + 00019 48 8b 8d 28 02 + 00 00 mov rcx, QWORD PTR $T7[rbp] 00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete 00025 48 83 c4 28 add rsp, 40 ; 00000028H 00029 5f pop rdi @@ -2855,22 +2606,20 @@ FourByte$ = 4 TwoByte$ = 36 OneByte$ = 68 Block$ = 104 -Count$ = 132 -RipDelta$1 = 164 +PushF$1 = 136 +Count$ = 164 RipDelta$2 = 196 RipDelta$3 = 228 -$T4 = 456 -$T5 = 488 +RipDelta$4 = 260 +PopF$5 = 296 $T6 = 520 $T7 = 552 $T8 = 584 $T9 = 616 $T10 = 648 -tv214 = 664 -tv204 = 664 -tv181 = 664 -tv158 = 664 -tv128 = 664 +tv201 = 664 +tv178 = 664 +tv155 = 664 tv86 = 664 Link$ = 704 JitData$ = 712 @@ -2879,9 +2628,9 @@ SaveFlags$ = 728 Delta$ = 736 ?JitEmitPreRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@KHH@Z PROC ; JitEmitPreRipBitwiseOp, COMDAT -; 296 : { +; 207 : { -$LN29: +$LN25: 00000 44 89 4c 24 20 mov DWORD PTR [rsp+32], r9d 00005 44 89 44 24 18 mov DWORD PTR [rsp+24], r8d 0000a 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -2901,7 +2650,7 @@ $LN29: 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp 00040 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 297 : ULONG FourByte = Link->RawDataSize / 4; +; 208 : ULONG FourByte = Link->RawDataSize / 4; 00045 33 d2 xor edx, edx 00047 48 8b 85 c0 02 @@ -2911,7 +2660,7 @@ $LN29: 00056 f7 f1 div ecx 00058 89 45 04 mov DWORD PTR FourByte$[rbp], eax -; 298 : ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; +; 209 : ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; 0005b 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 0005e c1 e0 02 shl eax, 2 @@ -2925,7 +2674,7 @@ $LN29: 00076 f7 f1 div ecx 00078 89 45 24 mov DWORD PTR TwoByte$[rbp], eax -; 299 : ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); +; 210 : ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); 0007b 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 0007e c1 e0 02 shl eax, 2 @@ -2939,18 +2688,18 @@ $LN29: 00094 2b c1 sub eax, ecx 00096 89 45 44 mov DWORD PTR OneByte$[rbp], eax -; 300 : -; 301 : PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK; +; 211 : +; 212 : PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK; 00099 b9 30 00 00 00 mov ecx, 48 ; 00000030H 0009e e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new - 000a3 48 89 85 e8 01 - 00 00 mov QWORD PTR $T5[rbp], rax - 000aa 48 83 bd e8 01 - 00 00 00 cmp QWORD PTR $T5[rbp], 0 + 000a3 48 89 85 28 02 + 00 00 mov QWORD PTR $T7[rbp], rax + 000aa 48 83 bd 28 02 + 00 00 00 cmp QWORD PTR $T7[rbp], 0 000b2 74 15 je SHORT $LN16@JitEmitPre - 000b4 48 8b 8d e8 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] + 000b4 48 8b 8d 28 02 + 00 00 mov rcx, QWORD PTR $T7[rbp] 000bb e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK 000c0 48 89 85 98 02 00 00 mov QWORD PTR tv86[rbp], rax @@ -2962,462 +2711,438 @@ $LN16@JitEmitPre: $LN17@JitEmitPre: 000d4 48 8b 85 98 02 00 00 mov rax, QWORD PTR tv86[rbp] - 000db 48 89 85 c8 01 - 00 00 mov QWORD PTR $T4[rbp], rax - 000e2 48 8b 85 c8 01 - 00 00 mov rax, QWORD PTR $T4[rbp] + 000db 48 89 85 08 02 + 00 00 mov QWORD PTR $T6[rbp], rax + 000e2 48 8b 85 08 02 + 00 00 mov rax, QWORD PTR $T6[rbp] 000e9 48 89 45 68 mov QWORD PTR Block$[rbp], rax -; 302 : if (!Block) +; 213 : if (!Block) 000ed 48 83 7d 68 00 cmp QWORD PTR Block$[rbp], 0 000f2 75 07 jne SHORT $LN4@JitEmitPre -; 303 : return NULL; +; 214 : return NULL; 000f4 33 c0 xor eax, eax - 000f6 e9 67 03 00 00 jmp $LN1@JitEmitPre + 000f6 e9 22 03 00 00 jmp $LN1@JitEmitPre $LN4@JitEmitPre: -; 304 : -; 305 : if (SaveFlags && !JitEmitPushfqInst(Block)) +; 215 : +; 216 : if (SaveFlags) 000fb 83 bd d8 02 00 00 00 cmp DWORD PTR SaveFlags$[rbp], 0 - 00102 74 57 je SHORT $LN5@JitEmitPre - 00104 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 00108 e8 00 00 00 00 call ?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ; JitEmitPushfqInst - 0010d 85 c0 test eax, eax - 0010f 75 4a jne SHORT $LN5@JitEmitPre + 00102 74 33 je SHORT $LN5@JitEmitPre -; 306 : { -; 307 : NcDeleteBlock(Block); +; 217 : { +; 218 : PNATIVE_CODE_LINK PushF = FlgEmitPushfqInst(); - 00111 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 00115 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock + 00104 e8 00 00 00 00 call ?FlgEmitPushfqInst@@YAPEAU_NATIVE_CODE_LINK@@XZ ; FlgEmitPushfqInst + 00109 48 89 85 88 00 + 00 00 mov QWORD PTR PushF$1[rbp], rax -; 308 : delete Block; +; 219 : PushF->Flags |= CODE_FLAG_DO_NOT_DIVIDE; - 0011a 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] - 0011e 48 89 85 08 02 - 00 00 mov QWORD PTR $T6[rbp], rax - 00125 48 83 bd 08 02 - 00 00 00 cmp QWORD PTR $T6[rbp], 0 - 0012d 74 1a je SHORT $LN18@JitEmitPre - 0012f ba 01 00 00 00 mov edx, 1 - 00134 48 8b 8d 08 02 - 00 00 mov rcx, QWORD PTR $T6[rbp] - 0013b e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z - 00140 48 89 85 98 02 - 00 00 mov QWORD PTR tv128[rbp], rax - 00147 eb 0b jmp SHORT $LN19@JitEmitPre -$LN18@JitEmitPre: - 00149 48 c7 85 98 02 - 00 00 00 00 00 - 00 mov QWORD PTR tv128[rbp], 0 -$LN19@JitEmitPre: + 00110 48 8b 85 88 00 + 00 00 mov rax, QWORD PTR PushF$1[rbp] + 00117 8b 40 18 mov eax, DWORD PTR [rax+24] + 0011a 83 c8 08 or eax, 8 + 0011d 48 8b 8d 88 00 + 00 00 mov rcx, QWORD PTR PushF$1[rbp] + 00124 89 41 18 mov DWORD PTR [rcx+24], eax -; 309 : return NULL; +; 220 : NcAppendToBlock(Block, PushF); - 00154 33 c0 xor eax, eax - 00156 e9 07 03 00 00 jmp $LN1@JitEmitPre + 00127 48 8b 95 88 00 + 00 00 mov rdx, QWORD PTR PushF$1[rbp] + 0012e 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] + 00132 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock $LN5@JitEmitPre: -; 310 : } -; 311 : -; 312 : ULONG Count = FourByte; +; 221 : } +; 222 : +; 223 : ULONG Count = FourByte; - 0015b 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] - 0015e 89 85 84 00 00 + 00137 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] + 0013a 89 85 a4 00 00 00 mov DWORD PTR Count$[rbp], eax $LN2@JitEmitPre: -; 313 : while (Count) +; 224 : while (Count) - 00164 83 bd 84 00 00 + 00140 83 bd a4 00 00 00 00 cmp DWORD PTR Count$[rbp], 0 - 0016b 0f 84 f7 00 00 + 00147 0f 84 f7 00 00 00 je $LN3@JitEmitPre -; 314 : { -; 315 : INT32 RipDelta = (((Count - 1) * DWORD_RIP_INST_LENGTH) + (TwoByte * WORD_RIP_INST_LENGTH) + (OneByte * BYTE_RIP_INST_LENGTH)); +; 225 : { +; 226 : INT32 RipDelta = (((Count - 1) * DWORD_RIP_INST_LENGTH) + (TwoByte * WORD_RIP_INST_LENGTH) + (OneByte * BYTE_RIP_INST_LENGTH)); - 00171 8b 85 84 00 00 + 0014d 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] - 00177 ff c8 dec eax - 00179 6b c0 0a imul eax, eax, 10 - 0017c 6b 4d 24 09 imul ecx, DWORD PTR TwoByte$[rbp], 9 - 00180 03 c1 add eax, ecx - 00182 6b 4d 44 07 imul ecx, DWORD PTR OneByte$[rbp], 7 - 00186 03 c1 add eax, ecx - 00188 89 85 a4 00 00 - 00 mov DWORD PTR RipDelta$1[rbp], eax + 00153 ff c8 dec eax + 00155 6b c0 0a imul eax, eax, 10 + 00158 6b 4d 24 09 imul ecx, DWORD PTR TwoByte$[rbp], 9 + 0015c 03 c1 add eax, ecx + 0015e 6b 4d 44 07 imul ecx, DWORD PTR OneByte$[rbp], 7 + 00162 03 c1 add eax, ecx + 00164 89 85 c4 00 00 + 00 mov DWORD PTR RipDelta$2[rbp], eax -; 316 : if (SaveFlags) +; 227 : if (SaveFlags) - 0018e 83 bd d8 02 00 + 0016a 83 bd d8 02 00 00 00 cmp DWORD PTR SaveFlags$[rbp], 0 - 00195 74 0e je SHORT $LN6@JitEmitPre + 00171 74 0e je SHORT $LN6@JitEmitPre -; 317 : RipDelta += 1; +; 228 : RipDelta += 1; - 00197 8b 85 a4 00 00 - 00 mov eax, DWORD PTR RipDelta$1[rbp] - 0019d ff c0 inc eax - 0019f 89 85 a4 00 00 - 00 mov DWORD PTR RipDelta$1[rbp], eax + 00173 8b 85 c4 00 00 + 00 mov eax, DWORD PTR RipDelta$2[rbp] + 00179 ff c0 inc eax + 0017b 89 85 c4 00 00 + 00 mov DWORD PTR RipDelta$2[rbp], eax $LN6@JitEmitPre: -; 318 : RipDelta += ((FourByte - Count) * 4); +; 229 : RipDelta += ((FourByte - Count) * 4); - 001a5 8b 85 84 00 00 + 00181 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] - 001ab 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] - 001ae 2b c8 sub ecx, eax - 001b0 8b c1 mov eax, ecx - 001b2 8b 8d a4 00 00 - 00 mov ecx, DWORD PTR RipDelta$1[rbp] - 001b8 8d 04 81 lea eax, DWORD PTR [rcx+rax*4] - 001bb 89 85 a4 00 00 - 00 mov DWORD PTR RipDelta$1[rbp], eax + 00187 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] + 0018a 2b c8 sub ecx, eax + 0018c 8b c1 mov eax, ecx + 0018e 8b 8d c4 00 00 + 00 mov ecx, DWORD PTR RipDelta$2[rbp] + 00194 8d 04 81 lea eax, DWORD PTR [rcx+rax*4] + 00197 89 85 c4 00 00 + 00 mov DWORD PTR RipDelta$2[rbp], eax -; 319 : RipDelta += Delta; +; 230 : RipDelta += Delta; - 001c1 8b 85 e0 02 00 + 0019d 8b 85 e0 02 00 00 mov eax, DWORD PTR Delta$[rbp] - 001c7 8b 8d a4 00 00 - 00 mov ecx, DWORD PTR RipDelta$1[rbp] - 001cd 03 c8 add ecx, eax - 001cf 8b c1 mov eax, ecx - 001d1 89 85 a4 00 00 - 00 mov DWORD PTR RipDelta$1[rbp], eax + 001a3 8b 8d c4 00 00 + 00 mov ecx, DWORD PTR RipDelta$2[rbp] + 001a9 03 c8 add ecx, eax + 001ab 8b c1 mov eax, ecx + 001ad 89 85 c4 00 00 + 00 mov DWORD PTR RipDelta$2[rbp], eax -; 320 : if (!JitiEmitWrapperD(OpType, Block, RipDelta, JitData->Data[FourByte - Count])) +; 231 : if (!JitiEmitWrapperD(OpType, Block, RipDelta, JitData->Data[FourByte - Count])) - 001d7 8b 85 84 00 00 + 001b3 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] - 001dd 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] - 001e0 2b c8 sub ecx, eax - 001e2 8b c1 mov eax, ecx - 001e4 8b c0 mov eax, eax - 001e6 48 8b 8d c8 02 + 001b9 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] + 001bc 2b c8 sub ecx, eax + 001be 8b c1 mov eax, ecx + 001c0 8b c0 mov eax, eax + 001c2 48 8b 8d c8 02 00 00 mov rcx, QWORD PTR JitData$[rbp] - 001ed 44 8b 0c 81 mov r9d, DWORD PTR [rcx+rax*4] - 001f1 44 8b 85 a4 00 - 00 00 mov r8d, DWORD PTR RipDelta$1[rbp] - 001f8 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] - 001fc 8b 8d d0 02 00 + 001c9 44 8b 0c 81 mov r9d, DWORD PTR [rcx+rax*4] + 001cd 44 8b 85 c4 00 + 00 00 mov r8d, DWORD PTR RipDelta$2[rbp] + 001d4 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] + 001d8 8b 8d d0 02 00 00 mov ecx, DWORD PTR OpType$[rbp] - 00202 e8 00 00 00 00 call ?JitiEmitWrapperD@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperD - 00207 85 c0 test eax, eax - 00209 75 4a jne SHORT $LN7@JitEmitPre + 001de e8 00 00 00 00 call ?JitiEmitWrapperD@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperD + 001e3 85 c0 test eax, eax + 001e5 75 4a jne SHORT $LN7@JitEmitPre -; 321 : { -; 322 : NcDeleteBlock(Block); +; 232 : { +; 233 : NcDeleteBlock(Block); - 0020b 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 0020f e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock + 001e7 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] + 001eb e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 323 : delete Block; +; 234 : delete Block; - 00214 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] - 00218 48 89 85 28 02 - 00 00 mov QWORD PTR $T7[rbp], rax - 0021f 48 83 bd 28 02 - 00 00 00 cmp QWORD PTR $T7[rbp], 0 - 00227 74 1a je SHORT $LN20@JitEmitPre - 00229 ba 01 00 00 00 mov edx, 1 - 0022e 48 8b 8d 28 02 - 00 00 mov rcx, QWORD PTR $T7[rbp] - 00235 e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z - 0023a 48 89 85 98 02 - 00 00 mov QWORD PTR tv158[rbp], rax - 00241 eb 0b jmp SHORT $LN21@JitEmitPre -$LN20@JitEmitPre: - 00243 48 c7 85 98 02 + 001f0 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] + 001f4 48 89 85 48 02 + 00 00 mov QWORD PTR $T8[rbp], rax + 001fb 48 83 bd 48 02 + 00 00 00 cmp QWORD PTR $T8[rbp], 0 + 00203 74 1a je SHORT $LN18@JitEmitPre + 00205 ba 01 00 00 00 mov edx, 1 + 0020a 48 8b 8d 48 02 + 00 00 mov rcx, QWORD PTR $T8[rbp] + 00211 e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z + 00216 48 89 85 98 02 + 00 00 mov QWORD PTR tv155[rbp], rax + 0021d eb 0b jmp SHORT $LN19@JitEmitPre +$LN18@JitEmitPre: + 0021f 48 c7 85 98 02 00 00 00 00 00 - 00 mov QWORD PTR tv158[rbp], 0 -$LN21@JitEmitPre: + 00 mov QWORD PTR tv155[rbp], 0 +$LN19@JitEmitPre: -; 324 : return NULL; +; 235 : return NULL; - 0024e 33 c0 xor eax, eax - 00250 e9 0d 02 00 00 jmp $LN1@JitEmitPre + 0022a 33 c0 xor eax, eax + 0022c e9 ec 01 00 00 jmp $LN1@JitEmitPre $LN7@JitEmitPre: -; 325 : } -; 326 : --Count; +; 236 : } +; 237 : --Count; - 00255 8b 85 84 00 00 + 00231 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] - 0025b ff c8 dec eax - 0025d 89 85 84 00 00 + 00237 ff c8 dec eax + 00239 89 85 a4 00 00 00 mov DWORD PTR Count$[rbp], eax -; 327 : } +; 238 : } - 00263 e9 fc fe ff ff jmp $LN2@JitEmitPre + 0023f e9 fc fe ff ff jmp $LN2@JitEmitPre $LN3@JitEmitPre: -; 328 : -; 329 : if (TwoByte) +; 239 : +; 240 : if (TwoByte) - 00268 83 7d 24 00 cmp DWORD PTR TwoByte$[rbp], 0 - 0026c 0f 84 c1 00 00 + 00244 83 7d 24 00 cmp DWORD PTR TwoByte$[rbp], 0 + 00248 0f 84 c1 00 00 00 je $LN8@JitEmitPre -; 330 : { -; 331 : INT32 RipDelta = (OneByte * BYTE_RIP_INST_LENGTH); +; 241 : { +; 242 : INT32 RipDelta = (OneByte * BYTE_RIP_INST_LENGTH); - 00272 6b 45 44 07 imul eax, DWORD PTR OneByte$[rbp], 7 - 00276 89 85 c4 00 00 - 00 mov DWORD PTR RipDelta$2[rbp], eax + 0024e 6b 45 44 07 imul eax, DWORD PTR OneByte$[rbp], 7 + 00252 89 85 e4 00 00 + 00 mov DWORD PTR RipDelta$3[rbp], eax -; 332 : if (SaveFlags) +; 243 : if (SaveFlags) - 0027c 83 bd d8 02 00 + 00258 83 bd d8 02 00 00 00 cmp DWORD PTR SaveFlags$[rbp], 0 - 00283 74 0e je SHORT $LN9@JitEmitPre + 0025f 74 0e je SHORT $LN9@JitEmitPre -; 333 : RipDelta += 1; +; 244 : RipDelta += 1; - 00285 8b 85 c4 00 00 - 00 mov eax, DWORD PTR RipDelta$2[rbp] - 0028b ff c0 inc eax - 0028d 89 85 c4 00 00 - 00 mov DWORD PTR RipDelta$2[rbp], eax + 00261 8b 85 e4 00 00 + 00 mov eax, DWORD PTR RipDelta$3[rbp] + 00267 ff c0 inc eax + 00269 89 85 e4 00 00 + 00 mov DWORD PTR RipDelta$3[rbp], eax $LN9@JitEmitPre: -; 334 : RipDelta += (FourByte * 4); +; 245 : RipDelta += (FourByte * 4); - 00293 8b 85 c4 00 00 - 00 mov eax, DWORD PTR RipDelta$2[rbp] - 00299 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] - 0029c 8d 04 88 lea eax, DWORD PTR [rax+rcx*4] - 0029f 89 85 c4 00 00 - 00 mov DWORD PTR RipDelta$2[rbp], eax + 0026f 8b 85 e4 00 00 + 00 mov eax, DWORD PTR RipDelta$3[rbp] + 00275 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] + 00278 8d 04 88 lea eax, DWORD PTR [rax+rcx*4] + 0027b 89 85 e4 00 00 + 00 mov DWORD PTR RipDelta$3[rbp], eax -; 335 : RipDelta += Delta; +; 246 : RipDelta += Delta; - 002a5 8b 85 e0 02 00 + 00281 8b 85 e0 02 00 00 mov eax, DWORD PTR Delta$[rbp] - 002ab 8b 8d c4 00 00 - 00 mov ecx, DWORD PTR RipDelta$2[rbp] - 002b1 03 c8 add ecx, eax - 002b3 8b c1 mov eax, ecx - 002b5 89 85 c4 00 00 - 00 mov DWORD PTR RipDelta$2[rbp], eax + 00287 8b 8d e4 00 00 + 00 mov ecx, DWORD PTR RipDelta$3[rbp] + 0028d 03 c8 add ecx, eax + 0028f 8b c1 mov eax, ecx + 00291 89 85 e4 00 00 + 00 mov DWORD PTR RipDelta$3[rbp], eax -; 336 : if (!JitiEmitWrapperW(OpType, Block, RipDelta, JitData->Data[3])) +; 247 : if (!JitiEmitWrapperW(OpType, Block, RipDelta, JitData->Data[3])) - 002bb b8 04 00 00 00 mov eax, 4 - 002c0 48 6b c0 03 imul rax, rax, 3 - 002c4 48 8b 8d c8 02 + 00297 b8 04 00 00 00 mov eax, 4 + 0029c 48 6b c0 03 imul rax, rax, 3 + 002a0 48 8b 8d c8 02 00 00 mov rcx, QWORD PTR JitData$[rbp] - 002cb 44 8b 0c 01 mov r9d, DWORD PTR [rcx+rax] - 002cf 44 8b 85 c4 00 - 00 00 mov r8d, DWORD PTR RipDelta$2[rbp] - 002d6 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] - 002da 8b 8d d0 02 00 + 002a7 44 8b 0c 01 mov r9d, DWORD PTR [rcx+rax] + 002ab 44 8b 85 e4 00 + 00 00 mov r8d, DWORD PTR RipDelta$3[rbp] + 002b2 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] + 002b6 8b 8d d0 02 00 00 mov ecx, DWORD PTR OpType$[rbp] - 002e0 e8 00 00 00 00 call ?JitiEmitWrapperW@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperW - 002e5 85 c0 test eax, eax - 002e7 75 4a jne SHORT $LN8@JitEmitPre + 002bc e8 00 00 00 00 call ?JitiEmitWrapperW@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperW + 002c1 85 c0 test eax, eax + 002c3 75 4a jne SHORT $LN8@JitEmitPre -; 337 : { -; 338 : NcDeleteBlock(Block); +; 248 : { +; 249 : NcDeleteBlock(Block); - 002e9 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 002ed e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock + 002c5 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] + 002c9 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 339 : delete Block; +; 250 : delete Block; - 002f2 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] - 002f6 48 89 85 48 02 - 00 00 mov QWORD PTR $T8[rbp], rax - 002fd 48 83 bd 48 02 - 00 00 00 cmp QWORD PTR $T8[rbp], 0 - 00305 74 1a je SHORT $LN22@JitEmitPre - 00307 ba 01 00 00 00 mov edx, 1 - 0030c 48 8b 8d 48 02 - 00 00 mov rcx, QWORD PTR $T8[rbp] - 00313 e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z - 00318 48 89 85 98 02 - 00 00 mov QWORD PTR tv181[rbp], rax - 0031f eb 0b jmp SHORT $LN23@JitEmitPre -$LN22@JitEmitPre: - 00321 48 c7 85 98 02 + 002ce 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] + 002d2 48 89 85 68 02 + 00 00 mov QWORD PTR $T9[rbp], rax + 002d9 48 83 bd 68 02 + 00 00 00 cmp QWORD PTR $T9[rbp], 0 + 002e1 74 1a je SHORT $LN20@JitEmitPre + 002e3 ba 01 00 00 00 mov edx, 1 + 002e8 48 8b 8d 68 02 + 00 00 mov rcx, QWORD PTR $T9[rbp] + 002ef e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z + 002f4 48 89 85 98 02 + 00 00 mov QWORD PTR tv178[rbp], rax + 002fb eb 0b jmp SHORT $LN21@JitEmitPre +$LN20@JitEmitPre: + 002fd 48 c7 85 98 02 00 00 00 00 00 - 00 mov QWORD PTR tv181[rbp], 0 -$LN23@JitEmitPre: + 00 mov QWORD PTR tv178[rbp], 0 +$LN21@JitEmitPre: -; 340 : return NULL; +; 251 : return NULL; - 0032c 33 c0 xor eax, eax - 0032e e9 2f 01 00 00 jmp $LN1@JitEmitPre + 00308 33 c0 xor eax, eax + 0030a e9 0e 01 00 00 jmp $LN1@JitEmitPre $LN8@JitEmitPre: -; 341 : } -; 342 : } -; 343 : -; 344 : if (OneByte) +; 252 : } +; 253 : } +; 254 : +; 255 : if (OneByte) - 00333 83 7d 44 00 cmp DWORD PTR OneByte$[rbp], 0 - 00337 0f 84 c4 00 00 + 0030f 83 7d 44 00 cmp DWORD PTR OneByte$[rbp], 0 + 00313 0f 84 c4 00 00 00 je $LN11@JitEmitPre -; 345 : { -; 346 : INT32 RipDelta = 0; +; 256 : { +; 257 : INT32 RipDelta = 0; - 0033d c7 85 e4 00 00 - 00 00 00 00 00 mov DWORD PTR RipDelta$3[rbp], 0 + 00319 c7 85 04 01 00 + 00 00 00 00 00 mov DWORD PTR RipDelta$4[rbp], 0 -; 347 : if (SaveFlags) +; 258 : if (SaveFlags) - 00347 83 bd d8 02 00 + 00323 83 bd d8 02 00 00 00 cmp DWORD PTR SaveFlags$[rbp], 0 - 0034e 74 0e je SHORT $LN12@JitEmitPre + 0032a 74 0e je SHORT $LN12@JitEmitPre -; 348 : RipDelta += 1; +; 259 : RipDelta += 1; - 00350 8b 85 e4 00 00 - 00 mov eax, DWORD PTR RipDelta$3[rbp] - 00356 ff c0 inc eax - 00358 89 85 e4 00 00 - 00 mov DWORD PTR RipDelta$3[rbp], eax + 0032c 8b 85 04 01 00 + 00 mov eax, DWORD PTR RipDelta$4[rbp] + 00332 ff c0 inc eax + 00334 89 85 04 01 00 + 00 mov DWORD PTR RipDelta$4[rbp], eax $LN12@JitEmitPre: -; 349 : RipDelta += (FourByte * 4) + (TwoByte * 2); +; 260 : RipDelta += (FourByte * 4) + (TwoByte * 2); - 0035e 8b 85 e4 00 00 - 00 mov eax, DWORD PTR RipDelta$3[rbp] - 00364 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] - 00367 8d 04 88 lea eax, DWORD PTR [rax+rcx*4] - 0036a 8b 4d 24 mov ecx, DWORD PTR TwoByte$[rbp] - 0036d 8d 04 48 lea eax, DWORD PTR [rax+rcx*2] - 00370 89 85 e4 00 00 - 00 mov DWORD PTR RipDelta$3[rbp], eax + 0033a 8b 85 04 01 00 + 00 mov eax, DWORD PTR RipDelta$4[rbp] + 00340 8b 4d 04 mov ecx, DWORD PTR FourByte$[rbp] + 00343 8d 04 88 lea eax, DWORD PTR [rax+rcx*4] + 00346 8b 4d 24 mov ecx, DWORD PTR TwoByte$[rbp] + 00349 8d 04 48 lea eax, DWORD PTR [rax+rcx*2] + 0034c 89 85 04 01 00 + 00 mov DWORD PTR RipDelta$4[rbp], eax -; 350 : RipDelta += Delta; +; 261 : RipDelta += Delta; - 00376 8b 85 e0 02 00 + 00352 8b 85 e0 02 00 00 mov eax, DWORD PTR Delta$[rbp] - 0037c 8b 8d e4 00 00 - 00 mov ecx, DWORD PTR RipDelta$3[rbp] - 00382 03 c8 add ecx, eax - 00384 8b c1 mov eax, ecx - 00386 89 85 e4 00 00 - 00 mov DWORD PTR RipDelta$3[rbp], eax + 00358 8b 8d 04 01 00 + 00 mov ecx, DWORD PTR RipDelta$4[rbp] + 0035e 03 c8 add ecx, eax + 00360 8b c1 mov eax, ecx + 00362 89 85 04 01 00 + 00 mov DWORD PTR RipDelta$4[rbp], eax -; 351 : if (!JitiEmitWrapperB(OpType, Block, RipDelta, JitData->Data[4])) +; 262 : if (!JitiEmitWrapperB(OpType, Block, RipDelta, JitData->Data[4])) - 0038c b8 04 00 00 00 mov eax, 4 - 00391 48 6b c0 04 imul rax, rax, 4 - 00395 48 8b 8d c8 02 + 00368 b8 04 00 00 00 mov eax, 4 + 0036d 48 6b c0 04 imul rax, rax, 4 + 00371 48 8b 8d c8 02 00 00 mov rcx, QWORD PTR JitData$[rbp] - 0039c 44 8b 0c 01 mov r9d, DWORD PTR [rcx+rax] - 003a0 44 8b 85 e4 00 - 00 00 mov r8d, DWORD PTR RipDelta$3[rbp] - 003a7 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] - 003ab 8b 8d d0 02 00 + 00378 44 8b 0c 01 mov r9d, DWORD PTR [rcx+rax] + 0037c 44 8b 85 04 01 + 00 00 mov r8d, DWORD PTR RipDelta$4[rbp] + 00383 48 8b 55 68 mov rdx, QWORD PTR Block$[rbp] + 00387 8b 8d d0 02 00 00 mov ecx, DWORD PTR OpType$[rbp] - 003b1 e8 00 00 00 00 call ?JitiEmitWrapperB@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperB - 003b6 85 c0 test eax, eax - 003b8 75 47 jne SHORT $LN11@JitEmitPre + 0038d e8 00 00 00 00 call ?JitiEmitWrapperB@@YAHKPEAU_NATIVE_CODE_BLOCK@@HK@Z ; JitiEmitWrapperB + 00392 85 c0 test eax, eax + 00394 75 47 jne SHORT $LN11@JitEmitPre -; 352 : { -; 353 : NcDeleteBlock(Block); +; 263 : { +; 264 : NcDeleteBlock(Block); - 003ba 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 003be e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock + 00396 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] + 0039a e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 354 : delete Block; +; 265 : delete Block; - 003c3 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] - 003c7 48 89 85 68 02 - 00 00 mov QWORD PTR $T9[rbp], rax - 003ce 48 83 bd 68 02 - 00 00 00 cmp QWORD PTR $T9[rbp], 0 - 003d6 74 1a je SHORT $LN24@JitEmitPre - 003d8 ba 01 00 00 00 mov edx, 1 - 003dd 48 8b 8d 68 02 - 00 00 mov rcx, QWORD PTR $T9[rbp] - 003e4 e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z - 003e9 48 89 85 98 02 - 00 00 mov QWORD PTR tv204[rbp], rax - 003f0 eb 0b jmp SHORT $LN25@JitEmitPre -$LN24@JitEmitPre: - 003f2 48 c7 85 98 02 + 0039f 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] + 003a3 48 89 85 88 02 + 00 00 mov QWORD PTR $T10[rbp], rax + 003aa 48 83 bd 88 02 + 00 00 00 cmp QWORD PTR $T10[rbp], 0 + 003b2 74 1a je SHORT $LN22@JitEmitPre + 003b4 ba 01 00 00 00 mov edx, 1 + 003b9 48 8b 8d 88 02 + 00 00 mov rcx, QWORD PTR $T10[rbp] + 003c0 e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z + 003c5 48 89 85 98 02 + 00 00 mov QWORD PTR tv201[rbp], rax + 003cc eb 0b jmp SHORT $LN23@JitEmitPre +$LN22@JitEmitPre: + 003ce 48 c7 85 98 02 00 00 00 00 00 - 00 mov QWORD PTR tv204[rbp], 0 -$LN25@JitEmitPre: + 00 mov QWORD PTR tv201[rbp], 0 +$LN23@JitEmitPre: -; 355 : return NULL; +; 266 : return NULL; - 003fd 33 c0 xor eax, eax - 003ff eb 61 jmp SHORT $LN1@JitEmitPre + 003d9 33 c0 xor eax, eax + 003db eb 40 jmp SHORT $LN1@JitEmitPre $LN11@JitEmitPre: -; 356 : } -; 357 : } -; 358 : -; 359 : if (SaveFlags && !JitEmitPopfqInst(Block)) +; 267 : } +; 268 : } +; 269 : +; 270 : if (SaveFlags) - 00401 83 bd d8 02 00 + 003dd 83 bd d8 02 00 00 00 cmp DWORD PTR SaveFlags$[rbp], 0 - 00408 74 54 je SHORT $LN14@JitEmitPre - 0040a 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 0040e e8 00 00 00 00 call ?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ; JitEmitPopfqInst - 00413 85 c0 test eax, eax - 00415 75 47 jne SHORT $LN14@JitEmitPre + 003e4 74 33 je SHORT $LN14@JitEmitPre -; 360 : { -; 361 : NcDeleteBlock(Block); +; 271 : { +; 272 : PNATIVE_CODE_LINK PopF = FlgEmitPopfqInst(); - 00417 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] - 0041b e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock + 003e6 e8 00 00 00 00 call ?FlgEmitPopfqInst@@YAPEAU_NATIVE_CODE_LINK@@XZ ; FlgEmitPopfqInst + 003eb 48 89 85 28 01 + 00 00 mov QWORD PTR PopF$5[rbp], rax -; 362 : delete Block; +; 273 : PopF->Flags |= CODE_FLAG_DO_NOT_DIVIDE; - 00420 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] - 00424 48 89 85 88 02 - 00 00 mov QWORD PTR $T10[rbp], rax - 0042b 48 83 bd 88 02 - 00 00 00 cmp QWORD PTR $T10[rbp], 0 - 00433 74 1a je SHORT $LN26@JitEmitPre - 00435 ba 01 00 00 00 mov edx, 1 - 0043a 48 8b 8d 88 02 - 00 00 mov rcx, QWORD PTR $T10[rbp] - 00441 e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z - 00446 48 89 85 98 02 - 00 00 mov QWORD PTR tv214[rbp], rax - 0044d eb 0b jmp SHORT $LN27@JitEmitPre -$LN26@JitEmitPre: - 0044f 48 c7 85 98 02 - 00 00 00 00 00 - 00 mov QWORD PTR tv214[rbp], 0 -$LN27@JitEmitPre: + 003f2 48 8b 85 28 01 + 00 00 mov rax, QWORD PTR PopF$5[rbp] + 003f9 8b 40 18 mov eax, DWORD PTR [rax+24] + 003fc 83 c8 08 or eax, 8 + 003ff 48 8b 8d 28 01 + 00 00 mov rcx, QWORD PTR PopF$5[rbp] + 00406 89 41 18 mov DWORD PTR [rcx+24], eax -; 363 : return NULL; +; 274 : NcAppendToBlock(Block, PopF); - 0045a 33 c0 xor eax, eax - 0045c eb 04 jmp SHORT $LN1@JitEmitPre + 00409 48 8b 95 28 01 + 00 00 mov rdx, QWORD PTR PopF$5[rbp] + 00410 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] + 00414 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock $LN14@JitEmitPre: -; 364 : } -; 365 : -; 366 : return Block; +; 275 : } +; 276 : +; 277 : return Block; - 0045e 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] + 00419 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] $LN1@JitEmitPre: -; 367 : } +; 278 : } - 00462 48 8d a5 a8 02 + 0041d 48 8d a5 a8 02 00 00 lea rsp, QWORD PTR [rbp+680] - 00469 5f pop rdi - 0046a 5d pop rbp - 0046b c3 ret 0 + 00424 5f pop rdi + 00425 5d pop rbp + 00426 c3 ret 0 ?JitEmitPreRipBitwiseOp@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@KHH@Z ENDP ; JitEmitPreRipBitwiseOp _TEXT ENDS ; COMDAT text$x @@ -3426,22 +3151,20 @@ FourByte$ = 4 TwoByte$ = 36 OneByte$ = 68 Block$ = 104 -Count$ = 132 -RipDelta$1 = 164 +PushF$1 = 136 +Count$ = 164 RipDelta$2 = 196 RipDelta$3 = 228 -$T4 = 456 -$T5 = 488 +RipDelta$4 = 260 +PopF$5 = 296 $T6 = 520 $T7 = 552 $T8 = 584 $T9 = 616 $T10 = 648 -tv214 = 664 -tv204 = 664 -tv181 = 664 -tv158 = 664 -tv128 = 664 +tv201 = 664 +tv178 = 664 +tv155 = 664 tv86 = 664 Link$ = 704 JitData$ = 712 @@ -3456,8 +3179,8 @@ Delta$ = 736 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] 00014 ba 30 00 00 00 mov edx, 48 ; 00000030H - 00019 48 8b 8d e8 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] + 00019 48 8b 8d 28 02 + 00 00 mov rcx, QWORD PTR $T7[rbp] 00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete 00025 48 83 c4 28 add rsp, 40 ; 00000028H 00029 5f pop rdi @@ -3472,22 +3195,20 @@ FourByte$ = 4 TwoByte$ = 36 OneByte$ = 68 Block$ = 104 -Count$ = 132 -RipDelta$1 = 164 +PushF$1 = 136 +Count$ = 164 RipDelta$2 = 196 RipDelta$3 = 228 -$T4 = 456 -$T5 = 488 +RipDelta$4 = 260 +PopF$5 = 296 $T6 = 520 $T7 = 552 $T8 = 584 $T9 = 616 $T10 = 648 -tv214 = 664 -tv204 = 664 -tv181 = 664 -tv158 = 664 -tv128 = 664 +tv201 = 664 +tv178 = 664 +tv155 = 664 tv86 = 664 Link$ = 704 JitData$ = 712 @@ -3502,8 +3223,8 @@ Delta$ = 736 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] 00014 ba 30 00 00 00 mov edx, 48 ; 00000030H - 00019 48 8b 8d e8 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] + 00019 48 8b 8d 28 02 + 00 00 mov rcx, QWORD PTR $T7[rbp] 00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete 00025 48 83 c4 28 add rsp, 40 ; 00000028H 00029 5f pop rdi @@ -3544,7 +3265,7 @@ Link$ = 1008 Delta$ = 1016 ?JitEmitPostRipMov@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@H@Z PROC ; JitEmitPostRipMov, COMDAT -; 199 : { +; 110 : { $LN25: 00000 89 54 24 10 mov DWORD PTR [rsp+16], edx @@ -3569,7 +3290,7 @@ $LN25: 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp 00046 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 200 : ULONG FourByte = Link->RawDataSize / 4; +; 111 : ULONG FourByte = Link->RawDataSize / 4; 0004b 33 d2 xor edx, edx 0004d 48 8b 85 f0 03 @@ -3579,7 +3300,7 @@ $LN25: 0005c f7 f1 div ecx 0005e 89 45 04 mov DWORD PTR FourByte$[rbp], eax -; 201 : ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; +; 112 : ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; 00061 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 00064 c1 e0 02 shl eax, 2 @@ -3593,7 +3314,7 @@ $LN25: 0007c f7 f1 div ecx 0007e 89 45 24 mov DWORD PTR TwoByte$[rbp], eax -; 202 : ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); +; 113 : ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); 00081 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 00084 c1 e0 02 shl eax, 2 @@ -3607,8 +3328,8 @@ $LN25: 0009a 2b c1 sub eax, ecx 0009c 89 45 44 mov DWORD PTR OneByte$[rbp], eax -; 203 : -; 204 : PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK; +; 114 : +; 115 : PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK; 0009f b9 30 00 00 00 mov ecx, 48 ; 00000030H 000a4 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new @@ -3636,8 +3357,8 @@ $LN12@JitEmitPos: 00 00 mov rax, QWORD PTR $T7[rbp] 000ef 48 89 45 68 mov QWORD PTR Block$[rbp], rax -; 205 : -; 206 : Block->Start = Block->End = new NATIVE_CODE_LINK; +; 116 : +; 117 : Block->Start = Block->End = new NATIVE_CODE_LINK; 000f3 b9 10 01 00 00 mov ecx, 272 ; 00000110H 000f8 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new @@ -3670,27 +3391,27 @@ $LN14@JitEmitPos: 00 00 mov rcx, QWORD PTR $T9[rbp] 00156 48 89 08 mov QWORD PTR [rax], rcx -; 207 : ULONG ZeroValue = 0; +; 118 : ULONG ZeroValue = 0; 00159 c7 85 84 00 00 00 00 00 00 00 mov DWORD PTR ZeroValue$[rbp], 0 -; 208 : ULONG Count = FourByte; +; 119 : ULONG Count = FourByte; 00163 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 00166 89 85 a4 00 00 00 mov DWORD PTR Count$[rbp], eax $LN2@JitEmitPos: -; 209 : while (Count) +; 120 : while (Count) 0016c 83 bd a4 00 00 00 00 cmp DWORD PTR Count$[rbp], 0 00173 0f 84 ec 00 00 00 je $LN3@JitEmitPos -; 210 : { -; 211 : INT32 RipDelta = Link->RawDataSize - ((FourByte - Count) * 4); +; 121 : { +; 122 : INT32 RipDelta = Link->RawDataSize - ((FourByte - Count) * 4); 00179 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] @@ -3706,7 +3427,7 @@ $LN2@JitEmitPos: 00197 89 85 c4 00 00 00 mov DWORD PTR RipDelta$4[rbp], eax -; 212 : RipDelta += (FourByte - (Count - 1)) * DWORD_MOV_INST_LENGTH; +; 123 : RipDelta += (FourByte - (Count - 1)) * DWORD_MOV_INST_LENGTH; 0019d 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] @@ -3722,14 +3443,14 @@ $LN2@JitEmitPos: 001b9 89 85 c4 00 00 00 mov DWORD PTR RipDelta$4[rbp], eax -; 213 : RipDelta *= (-1); +; 124 : RipDelta *= (-1); 001bf 6b 85 c4 00 00 00 ff imul eax, DWORD PTR RipDelta$4[rbp], -1 001c6 89 85 c4 00 00 00 mov DWORD PTR RipDelta$4[rbp], eax -; 214 : RipDelta += Delta; +; 125 : RipDelta += Delta; 001cc 8b 85 f8 03 00 00 mov eax, DWORD PTR Delta$[rbp] @@ -3740,14 +3461,14 @@ $LN2@JitEmitPos: 001dc 89 85 c4 00 00 00 mov DWORD PTR RipDelta$4[rbp], eax -; 215 : ZeroValue = rand(); +; 126 : ZeroValue = rand(); 001e2 ff 15 00 00 00 00 call QWORD PTR __imp_rand 001e8 89 85 84 00 00 00 mov DWORD PTR ZeroValue$[rbp], eax -; 216 : if (!JitEmitRipRelativeMovD(Block, RipDelta, (PUCHAR)&ZeroValue)) +; 127 : if (!JitEmitRipRelativeMovD(Block, RipDelta, (PUCHAR)&ZeroValue)) 001ee 4c 8d 85 84 00 00 00 lea r8, QWORD PTR ZeroValue$[rbp] @@ -3758,13 +3479,13 @@ $LN2@JitEmitPos: 00204 85 c0 test eax, eax 00206 75 4a jne SHORT $LN4@JitEmitPos -; 217 : { -; 218 : NcDeleteBlock(Block); +; 128 : { +; 129 : NcDeleteBlock(Block); 00208 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] 0020c e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 219 : delete Block; +; 130 : delete Block; 00211 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 00215 48 89 85 48 03 @@ -3785,14 +3506,14 @@ $LN15@JitEmitPos: 00 mov QWORD PTR tv153[rbp], 0 $LN16@JitEmitPos: -; 220 : return NULL; +; 131 : return NULL; 0024b 33 c0 xor eax, eax 0024d e9 58 02 00 00 jmp $LN1@JitEmitPos $LN4@JitEmitPos: -; 221 : } -; 222 : --Count; +; 132 : } +; 133 : --Count; 00252 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] @@ -3800,20 +3521,20 @@ $LN4@JitEmitPos: 0025a 89 85 a4 00 00 00 mov DWORD PTR Count$[rbp], eax -; 223 : } +; 134 : } 00260 e9 07 ff ff ff jmp $LN2@JitEmitPos $LN3@JitEmitPos: -; 224 : -; 225 : if (TwoByte) +; 135 : +; 136 : if (TwoByte) 00265 83 7d 24 00 cmp DWORD PTR TwoByte$[rbp], 0 00269 0f 84 d0 00 00 00 je $LN5@JitEmitPos -; 226 : { -; 227 : INT32 RipDelta = Link->RawDataSize - (FourByte * 4); +; 137 : { +; 138 : INT32 RipDelta = Link->RawDataSize - (FourByte * 4); 0026f 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 00272 c1 e0 02 shl eax, 2 @@ -3825,7 +3546,7 @@ $LN3@JitEmitPos: 00283 89 85 e4 00 00 00 mov DWORD PTR RipDelta$5[rbp], eax -; 228 : RipDelta += (FourByte * DWORD_MOV_INST_LENGTH); +; 139 : RipDelta += (FourByte * DWORD_MOV_INST_LENGTH); 00289 6b 45 04 0a imul eax, DWORD PTR FourByte$[rbp], 10 0028d 8b 8d e4 00 00 @@ -3835,7 +3556,7 @@ $LN3@JitEmitPos: 00297 89 85 e4 00 00 00 mov DWORD PTR RipDelta$5[rbp], eax -; 229 : RipDelta += WORD_MOV_INST_LENGTH; +; 140 : RipDelta += WORD_MOV_INST_LENGTH; 0029d 8b 85 e4 00 00 00 mov eax, DWORD PTR RipDelta$5[rbp] @@ -3843,14 +3564,14 @@ $LN3@JitEmitPos: 002a6 89 85 e4 00 00 00 mov DWORD PTR RipDelta$5[rbp], eax -; 230 : RipDelta *= (-1); +; 141 : RipDelta *= (-1); 002ac 6b 85 e4 00 00 00 ff imul eax, DWORD PTR RipDelta$5[rbp], -1 002b3 89 85 e4 00 00 00 mov DWORD PTR RipDelta$5[rbp], eax -; 231 : RipDelta += Delta; +; 142 : RipDelta += Delta; 002b9 8b 85 f8 03 00 00 mov eax, DWORD PTR Delta$[rbp] @@ -3861,14 +3582,14 @@ $LN3@JitEmitPos: 002c9 89 85 e4 00 00 00 mov DWORD PTR RipDelta$5[rbp], eax -; 232 : ZeroValue = rand(); +; 143 : ZeroValue = rand(); 002cf ff 15 00 00 00 00 call QWORD PTR __imp_rand 002d5 89 85 84 00 00 00 mov DWORD PTR ZeroValue$[rbp], eax -; 233 : if (!JitEmitRipRelativeMovW(Block, RipDelta, (PUCHAR)&ZeroValue)) +; 144 : if (!JitEmitRipRelativeMovW(Block, RipDelta, (PUCHAR)&ZeroValue)) 002db 4c 8d 85 84 00 00 00 lea r8, QWORD PTR ZeroValue$[rbp] @@ -3879,13 +3600,13 @@ $LN3@JitEmitPos: 002f1 85 c0 test eax, eax 002f3 75 4a jne SHORT $LN5@JitEmitPos -; 234 : { -; 235 : NcDeleteBlock(Block); +; 145 : { +; 146 : NcDeleteBlock(Block); 002f5 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] 002f9 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 236 : delete Block; +; 147 : delete Block; 002fe 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 00302 48 89 85 68 03 @@ -3906,23 +3627,23 @@ $LN17@JitEmitPos: 00 mov QWORD PTR tv175[rbp], 0 $LN18@JitEmitPos: -; 237 : return NULL; +; 148 : return NULL; 00338 33 c0 xor eax, eax 0033a e9 6b 01 00 00 jmp $LN1@JitEmitPos $LN5@JitEmitPos: -; 238 : } -; 239 : } -; 240 : -; 241 : if (OneByte) +; 149 : } +; 150 : } +; 151 : +; 152 : if (OneByte) 0033f 83 7d 44 00 cmp DWORD PTR OneByte$[rbp], 0 00343 0f 84 e8 00 00 00 je $LN7@JitEmitPos -; 242 : { -; 243 : INT32 RipDelta = Link->RawDataSize - (FourByte * 4) - (TwoByte * 2); +; 153 : { +; 154 : INT32 RipDelta = Link->RawDataSize - (FourByte * 4) - (TwoByte * 2); 00349 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 0034c c1 e0 02 shl eax, 2 @@ -3937,7 +3658,7 @@ $LN5@JitEmitPos: 00364 89 85 04 01 00 00 mov DWORD PTR RipDelta$6[rbp], eax -; 244 : RipDelta += (FourByte * DWORD_MOV_INST_LENGTH); +; 155 : RipDelta += (FourByte * DWORD_MOV_INST_LENGTH); 0036a 6b 45 04 0a imul eax, DWORD PTR FourByte$[rbp], 10 0036e 8b 8d 04 01 00 @@ -3947,7 +3668,7 @@ $LN5@JitEmitPos: 00378 89 85 04 01 00 00 mov DWORD PTR RipDelta$6[rbp], eax -; 245 : RipDelta += (TwoByte * WORD_MOV_INST_LENGTH); +; 156 : RipDelta += (TwoByte * WORD_MOV_INST_LENGTH); 0037e 6b 45 24 09 imul eax, DWORD PTR TwoByte$[rbp], 9 00382 8b 8d 04 01 00 @@ -3957,7 +3678,7 @@ $LN5@JitEmitPos: 0038c 89 85 04 01 00 00 mov DWORD PTR RipDelta$6[rbp], eax -; 246 : RipDelta += BYTE_MOV_INST_LENGTH; +; 157 : RipDelta += BYTE_MOV_INST_LENGTH; 00392 8b 85 04 01 00 00 mov eax, DWORD PTR RipDelta$6[rbp] @@ -3965,14 +3686,14 @@ $LN5@JitEmitPos: 0039b 89 85 04 01 00 00 mov DWORD PTR RipDelta$6[rbp], eax -; 247 : RipDelta *= (-1); +; 158 : RipDelta *= (-1); 003a1 6b 85 04 01 00 00 ff imul eax, DWORD PTR RipDelta$6[rbp], -1 003a8 89 85 04 01 00 00 mov DWORD PTR RipDelta$6[rbp], eax -; 248 : RipDelta += Delta; +; 159 : RipDelta += Delta; 003ae 8b 85 f8 03 00 00 mov eax, DWORD PTR Delta$[rbp] @@ -3983,14 +3704,14 @@ $LN5@JitEmitPos: 003be 89 85 04 01 00 00 mov DWORD PTR RipDelta$6[rbp], eax -; 249 : ZeroValue = rand(); +; 160 : ZeroValue = rand(); 003c4 ff 15 00 00 00 00 call QWORD PTR __imp_rand 003ca 89 85 84 00 00 00 mov DWORD PTR ZeroValue$[rbp], eax -; 250 : if (!JitEmitRipRelativeMovB(Block, RipDelta, (PUCHAR)&ZeroValue)) +; 161 : if (!JitEmitRipRelativeMovB(Block, RipDelta, (PUCHAR)&ZeroValue)) 003d0 4c 8d 85 84 00 00 00 lea r8, QWORD PTR ZeroValue$[rbp] @@ -4001,13 +3722,13 @@ $LN5@JitEmitPos: 003e6 85 c0 test eax, eax 003e8 75 47 jne SHORT $LN7@JitEmitPos -; 251 : { -; 252 : NcDeleteBlock(Block); +; 162 : { +; 163 : NcDeleteBlock(Block); 003ea 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] 003ee e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 253 : delete Block; +; 164 : delete Block; 003f3 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 003f7 48 89 85 88 03 @@ -4028,23 +3749,23 @@ $LN19@JitEmitPos: 00 mov QWORD PTR tv200[rbp], 0 $LN20@JitEmitPos: -; 254 : return NULL; +; 165 : return NULL; 0042d 33 c0 xor eax, eax 0042f eb 79 jmp SHORT $LN1@JitEmitPos $LN7@JitEmitPos: -; 255 : } -; 256 : } -; 257 : -; 258 : PNATIVE_CODE_LINK StartLink = Block->Start; +; 166 : } +; 167 : } +; 168 : +; 169 : PNATIVE_CODE_LINK StartLink = Block->Start; 00431 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 00435 48 8b 00 mov rax, QWORD PTR [rax] 00438 48 89 85 28 01 00 00 mov QWORD PTR StartLink$[rbp], rax -; 259 : Block->Start = Block->Start->Next; +; 170 : Block->Start = Block->Start->Next; 0043f 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 00443 48 8b 00 mov rax, QWORD PTR [rax] @@ -4052,13 +3773,13 @@ $LN7@JitEmitPos: 0044a 48 8b 00 mov rax, QWORD PTR [rax] 0044d 48 89 01 mov QWORD PTR [rcx], rax -; 260 : if (Block->Start) +; 171 : if (Block->Start) 00450 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 00454 48 83 38 00 cmp QWORD PTR [rax], 0 00458 74 0f je SHORT $LN9@JitEmitPos -; 261 : Block->Start->Prev = NULL; +; 172 : Block->Start->Prev = NULL; 0045a 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 0045e 48 8b 00 mov rax, QWORD PTR [rax] @@ -4066,7 +3787,7 @@ $LN7@JitEmitPos: 00 00 00 mov QWORD PTR [rax+8], 0 $LN9@JitEmitPos: -; 262 : delete StartLink; +; 173 : delete StartLink; 00469 48 8b 85 28 01 00 00 mov rax, QWORD PTR StartLink$[rbp] @@ -4088,13 +3809,13 @@ $LN21@JitEmitPos: 00 mov QWORD PTR tv213[rbp], 0 $LN22@JitEmitPos: -; 263 : -; 264 : return Block; +; 174 : +; 175 : return Block; 004a6 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] $LN1@JitEmitPos: -; 265 : } +; 176 : } 004aa 48 8b f8 mov rdi, rax 004ad 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] @@ -4331,7 +4052,7 @@ Link$ = 992 Delta$ = 1000 ?JitEmitPreRipMov@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@H@Z PROC ; JitEmitPreRipMov, COMDAT -; 134 : { +; 45 : { $LN25: 00000 89 54 24 10 mov DWORD PTR [rsp+16], edx @@ -4351,7 +4072,7 @@ $LN25: 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp 00035 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 135 : ULONG FourByte = Link->RawDataSize / 4; +; 46 : ULONG FourByte = Link->RawDataSize / 4; 0003a 33 d2 xor edx, edx 0003c 48 8b 85 e0 03 @@ -4361,7 +4082,7 @@ $LN25: 0004b f7 f1 div ecx 0004d 89 45 04 mov DWORD PTR FourByte$[rbp], eax -; 136 : ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; +; 47 : ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; 00050 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 00053 c1 e0 02 shl eax, 2 @@ -4375,7 +4096,7 @@ $LN25: 0006b f7 f1 div ecx 0006d 89 45 24 mov DWORD PTR TwoByte$[rbp], eax -; 137 : ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); +; 48 : ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); 00070 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 00073 c1 e0 02 shl eax, 2 @@ -4389,8 +4110,8 @@ $LN25: 00089 2b c1 sub eax, ecx 0008b 89 45 44 mov DWORD PTR OneByte$[rbp], eax -; 138 : -; 139 : PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK; +; 49 : +; 50 : PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK; 0008e b9 30 00 00 00 mov ecx, 48 ; 00000030H 00093 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new @@ -4418,8 +4139,8 @@ $LN12@JitEmitPre: 00 00 mov rax, QWORD PTR $T4[rbp] 000de 48 89 45 68 mov QWORD PTR Block$[rbp], rax -; 140 : -; 141 : Block->Start = Block->End = new NATIVE_CODE_LINK; +; 51 : +; 52 : Block->Start = Block->End = new NATIVE_CODE_LINK; 000e2 b9 10 01 00 00 mov ecx, 272 ; 00000110H 000e7 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new @@ -4452,7 +4173,7 @@ $LN14@JitEmitPre: 00 00 mov rcx, QWORD PTR $T6[rbp] 00145 48 89 08 mov QWORD PTR [rax], rcx -; 142 : PUCHAR DataOffset = Link->RawData; +; 53 : PUCHAR DataOffset = Link->RawData; 00148 48 8b 85 e0 03 00 00 mov rax, QWORD PTR Link$[rbp] @@ -4460,23 +4181,23 @@ $LN14@JitEmitPre: 00153 48 89 85 88 00 00 00 mov QWORD PTR DataOffset$[rbp], rax -; 143 : ULONG Count = FourByte; +; 54 : ULONG Count = FourByte; 0015a 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] 0015d 89 85 a4 00 00 00 mov DWORD PTR Count$[rbp], eax $LN2@JitEmitPre: -; 144 : while (Count) +; 55 : while (Count) 00163 83 bd a4 00 00 00 00 cmp DWORD PTR Count$[rbp], 0 0016a 0f 84 d8 00 00 00 je $LN3@JitEmitPre -; 145 : { -; 146 : //Account for remaining MOVs -; 147 : INT32 RipDelta = (((Count - 1) * DWORD_MOV_INST_LENGTH) + (TwoByte * WORD_MOV_INST_LENGTH) + (OneByte * BYTE_MOV_INST_LENGTH)); +; 56 : { +; 57 : //Account for remaining MOVs +; 58 : INT32 RipDelta = (((Count - 1) * DWORD_MOV_INST_LENGTH) + (TwoByte * WORD_MOV_INST_LENGTH) + (OneByte * BYTE_MOV_INST_LENGTH)); 00170 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] @@ -4489,8 +4210,8 @@ $LN2@JitEmitPre: 00187 89 85 c4 00 00 00 mov DWORD PTR RipDelta$1[rbp], eax -; 148 : //Account for already MOVd instructions -; 149 : RipDelta += ((FourByte - Count) * 4); +; 59 : //Account for already MOVd instructions +; 60 : RipDelta += ((FourByte - Count) * 4); 0018d 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] @@ -4503,7 +4224,7 @@ $LN2@JitEmitPre: 001a3 89 85 c4 00 00 00 mov DWORD PTR RipDelta$1[rbp], eax -; 150 : RipDelta += Delta; +; 61 : RipDelta += Delta; 001a9 8b 85 e8 03 00 00 mov eax, DWORD PTR Delta$[rbp] @@ -4514,8 +4235,8 @@ $LN2@JitEmitPre: 001b9 89 85 c4 00 00 00 mov DWORD PTR RipDelta$1[rbp], eax -; 151 : //Add the actual instruction -; 152 : if (!JitEmitRipRelativeMovD(Block, RipDelta, DataOffset)) +; 62 : //Add the actual instruction +; 63 : if (!JitEmitRipRelativeMovD(Block, RipDelta, DataOffset)) 001bf 4c 8b 85 88 00 00 00 mov r8, QWORD PTR DataOffset$[rbp] @@ -4526,13 +4247,13 @@ $LN2@JitEmitPre: 001d5 85 c0 test eax, eax 001d7 75 4a jne SHORT $LN4@JitEmitPre -; 153 : { -; 154 : NcDeleteBlock(Block); +; 64 : { +; 65 : NcDeleteBlock(Block); 001d9 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] 001dd e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 155 : delete Block; +; 66 : delete Block; 001e2 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 001e6 48 89 85 48 03 @@ -4553,14 +4274,14 @@ $LN15@JitEmitPre: 00 mov QWORD PTR tv153[rbp], 0 $LN16@JitEmitPre: -; 156 : return NULL; +; 67 : return NULL; 0021c 33 c0 xor eax, eax 0021e e9 f3 01 00 00 jmp $LN1@JitEmitPre $LN4@JitEmitPre: -; 157 : } -; 158 : DataOffset += 4; +; 68 : } +; 69 : DataOffset += 4; 00223 48 8b 85 88 00 00 00 mov rax, QWORD PTR DataOffset$[rbp] @@ -4568,7 +4289,7 @@ $LN4@JitEmitPre: 0022e 48 89 85 88 00 00 00 mov QWORD PTR DataOffset$[rbp], rax -; 159 : --Count; +; 70 : --Count; 00235 8b 85 a4 00 00 00 mov eax, DWORD PTR Count$[rbp] @@ -4576,26 +4297,26 @@ $LN4@JitEmitPre: 0023d 89 85 a4 00 00 00 mov DWORD PTR Count$[rbp], eax -; 160 : } +; 71 : } 00243 e9 1b ff ff ff jmp $LN2@JitEmitPre $LN3@JitEmitPre: -; 161 : -; 162 : if (TwoByte) +; 72 : +; 73 : if (TwoByte) 00248 83 7d 24 00 cmp DWORD PTR TwoByte$[rbp], 0 0024c 0f 84 a8 00 00 00 je $LN5@JitEmitPre -; 163 : { -; 164 : INT32 RipDelta = (OneByte * BYTE_MOV_INST_LENGTH); +; 74 : { +; 75 : INT32 RipDelta = (OneByte * BYTE_MOV_INST_LENGTH); 00252 6b 45 44 07 imul eax, DWORD PTR OneByte$[rbp], 7 00256 89 85 e4 00 00 00 mov DWORD PTR RipDelta$2[rbp], eax -; 165 : RipDelta += (FourByte * 4); +; 76 : RipDelta += (FourByte * 4); 0025c 8b 85 e4 00 00 00 mov eax, DWORD PTR RipDelta$2[rbp] @@ -4604,7 +4325,7 @@ $LN3@JitEmitPre: 00268 89 85 e4 00 00 00 mov DWORD PTR RipDelta$2[rbp], eax -; 166 : RipDelta += Delta; +; 77 : RipDelta += Delta; 0026e 8b 85 e8 03 00 00 mov eax, DWORD PTR Delta$[rbp] @@ -4615,7 +4336,7 @@ $LN3@JitEmitPre: 0027e 89 85 e4 00 00 00 mov DWORD PTR RipDelta$2[rbp], eax -; 167 : if (!JitEmitRipRelativeMovW(Block, RipDelta, DataOffset)) +; 78 : if (!JitEmitRipRelativeMovW(Block, RipDelta, DataOffset)) 00284 4c 8b 85 88 00 00 00 mov r8, QWORD PTR DataOffset$[rbp] @@ -4626,13 +4347,13 @@ $LN3@JitEmitPre: 0029a 85 c0 test eax, eax 0029c 75 4a jne SHORT $LN6@JitEmitPre -; 168 : { -; 169 : NcDeleteBlock(Block); +; 79 : { +; 80 : NcDeleteBlock(Block); 0029e 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] 002a2 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 170 : delete Block; +; 81 : delete Block; 002a7 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 002ab 48 89 85 68 03 @@ -4653,14 +4374,14 @@ $LN17@JitEmitPre: 00 mov QWORD PTR tv171[rbp], 0 $LN18@JitEmitPre: -; 171 : return NULL; +; 82 : return NULL; 002e1 33 c0 xor eax, eax 002e3 e9 2e 01 00 00 jmp $LN1@JitEmitPre $LN6@JitEmitPre: -; 172 : } -; 173 : DataOffset += 2; +; 83 : } +; 84 : DataOffset += 2; 002e8 48 8b 85 88 00 00 00 mov rax, QWORD PTR DataOffset$[rbp] @@ -4669,21 +4390,21 @@ $LN6@JitEmitPre: 00 00 mov QWORD PTR DataOffset$[rbp], rax $LN5@JitEmitPre: -; 174 : } -; 175 : -; 176 : if (OneByte) +; 85 : } +; 86 : +; 87 : if (OneByte) 002fa 83 7d 44 00 cmp DWORD PTR OneByte$[rbp], 0 002fe 0f 84 99 00 00 00 je $LN7@JitEmitPre -; 177 : { -; 178 : INT32 RipDelta = 0; +; 88 : { +; 89 : INT32 RipDelta = 0; 00304 c7 85 04 01 00 00 00 00 00 00 mov DWORD PTR RipDelta$3[rbp], 0 -; 179 : RipDelta += (FourByte * 4) + (TwoByte * 2); +; 90 : RipDelta += (FourByte * 4) + (TwoByte * 2); 0030e 8b 85 04 01 00 00 mov eax, DWORD PTR RipDelta$3[rbp] @@ -4694,7 +4415,7 @@ $LN5@JitEmitPre: 00320 89 85 04 01 00 00 mov DWORD PTR RipDelta$3[rbp], eax -; 180 : RipDelta += Delta; +; 91 : RipDelta += Delta; 00326 8b 85 e8 03 00 00 mov eax, DWORD PTR Delta$[rbp] @@ -4705,7 +4426,7 @@ $LN5@JitEmitPre: 00336 89 85 04 01 00 00 mov DWORD PTR RipDelta$3[rbp], eax -; 181 : if (!JitEmitRipRelativeMovB(Block, RipDelta, DataOffset)) +; 92 : if (!JitEmitRipRelativeMovB(Block, RipDelta, DataOffset)) 0033c 4c 8b 85 88 00 00 00 mov r8, QWORD PTR DataOffset$[rbp] @@ -4716,13 +4437,13 @@ $LN5@JitEmitPre: 00352 85 c0 test eax, eax 00354 75 47 jne SHORT $LN7@JitEmitPre -; 182 : { -; 183 : NcDeleteBlock(Block); +; 93 : { +; 94 : NcDeleteBlock(Block); 00356 48 8b 4d 68 mov rcx, QWORD PTR Block$[rbp] 0035a e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 184 : delete Block; +; 95 : delete Block; 0035f 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 00363 48 89 85 88 03 @@ -4743,23 +4464,23 @@ $LN19@JitEmitPre: 00 mov QWORD PTR tv189[rbp], 0 $LN20@JitEmitPre: -; 185 : return NULL; +; 96 : return NULL; 00399 33 c0 xor eax, eax 0039b eb 79 jmp SHORT $LN1@JitEmitPre $LN7@JitEmitPre: -; 186 : } -; 187 : } -; 188 : -; 189 : PNATIVE_CODE_LINK StartLink = Block->Start; +; 97 : } +; 98 : } +; 99 : +; 100 : PNATIVE_CODE_LINK StartLink = Block->Start; 0039d 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 003a1 48 8b 00 mov rax, QWORD PTR [rax] 003a4 48 89 85 28 01 00 00 mov QWORD PTR StartLink$[rbp], rax -; 190 : Block->Start = Block->Start->Next; +; 101 : Block->Start = Block->Start->Next; 003ab 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 003af 48 8b 00 mov rax, QWORD PTR [rax] @@ -4767,13 +4488,13 @@ $LN7@JitEmitPre: 003b6 48 8b 00 mov rax, QWORD PTR [rax] 003b9 48 89 01 mov QWORD PTR [rcx], rax -; 191 : if (Block->Start) +; 102 : if (Block->Start) 003bc 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 003c0 48 83 38 00 cmp QWORD PTR [rax], 0 003c4 74 0f je SHORT $LN9@JitEmitPre -; 192 : Block->Start->Prev = NULL; +; 103 : Block->Start->Prev = NULL; 003c6 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] 003ca 48 8b 00 mov rax, QWORD PTR [rax] @@ -4781,7 +4502,7 @@ $LN7@JitEmitPre: 00 00 00 mov QWORD PTR [rax+8], 0 $LN9@JitEmitPre: -; 193 : delete StartLink; +; 104 : delete StartLink; 003d5 48 8b 85 28 01 00 00 mov rax, QWORD PTR StartLink$[rbp] @@ -4803,13 +4524,13 @@ $LN21@JitEmitPre: 00 mov QWORD PTR tv202[rbp], 0 $LN22@JitEmitPre: -; 194 : -; 195 : return Block; +; 105 : +; 106 : return Block; 00412 48 8b 45 68 mov rax, QWORD PTR Block$[rbp] $LN1@JitEmitPre: -; 196 : } +; 107 : } 00416 48 8d a5 c8 03 00 00 lea rsp, QWORD PTR [rbp+968] @@ -5008,7 +4729,7 @@ Link$ = 224 JitData$ = 232 ?JitMutateInstForAnd@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z PROC ; JitMutateInstForAnd, COMDAT -; 129 : { +; 40 : { $LN3: 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -5028,8 +4749,8 @@ $LN3: 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 130 : -; 131 : } +; 41 : +; 42 : } 0003b 48 8d a5 c8 00 00 00 lea rsp, QWORD PTR [rbp+200] @@ -5046,7 +4767,7 @@ Link$ = 224 JitData$ = 232 ?JitMutateInstForOr@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z PROC ; JitMutateInstForOr, COMDAT -; 124 : { +; 35 : { $LN3: 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -5066,8 +4787,8 @@ $LN3: 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 125 : -; 126 : } +; 36 : +; 37 : } 0003b 48 8d a5 c8 00 00 00 lea rsp, QWORD PTR [rbp+200] @@ -5078,1155 +4799,189 @@ $LN3: _TEXT ENDS ; Function compile flags: /Odtp /RTCsu /ZI ; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Jit.cpp -; COMDAT ?JitMutateInstForXor@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z +; COMDAT ?JitMutateInstForXor@@YAHPEAU_NATIVE_CODE_LINK@@PEAEPEAU_JIT_BITWISE_DATA@@@Z _TEXT SEGMENT FourByte$ = 4 TwoByte$ = 36 OneByte$ = 68 -Buffer$ = 104 -Link$ = 352 -JitData$ = 360 -?JitMutateInstForXor@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z PROC ; JitMutateInstForXor, COMDAT +Link$ = 320 +ToMutate$ = 328 +JitData$ = 336 +?JitMutateInstForXor@@YAHPEAU_NATIVE_CODE_LINK@@PEAEPEAU_JIT_BITWISE_DATA@@@Z PROC ; JitMutateInstForXor, COMDAT -; 99 : { +; 10 : { $LN7: - 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx - 00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 0000a 55 push rbp - 0000b 57 push rdi - 0000c 48 81 ec 68 01 - 00 00 sub rsp, 360 ; 00000168H - 00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] - 00018 48 8b fc mov rdi, rsp - 0001b b9 5a 00 00 00 mov ecx, 90 ; 0000005aH - 00020 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH - 00025 f3 ab rep stosd - 00027 48 8b 8c 24 88 - 01 00 00 mov rcx, QWORD PTR [rsp+392] - 0002f 48 8d 0d 00 00 + 00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8 + 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 0000a 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 0000f 55 push rbp + 00010 57 push rdi + 00011 48 81 ec 48 01 + 00 00 sub rsp, 328 ; 00000148H + 00018 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 0001d 48 8b fc mov rdi, rsp + 00020 b9 52 00 00 00 mov ecx, 82 ; 00000052H + 00025 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 0002a f3 ab rep stosd + 0002c 48 8b 8c 24 68 + 01 00 00 mov rcx, QWORD PTR [rsp+360] + 00034 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp - 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + 0003b e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 100 : ULONG FourByte = Link->RawDataSize / 4; +; 11 : ULONG FourByte = Link->RawDataSize / 4; - 0003b 33 d2 xor edx, edx - 0003d 48 8b 85 60 01 + 00040 33 d2 xor edx, edx + 00042 48 8b 85 40 01 00 00 mov rax, QWORD PTR Link$[rbp] - 00044 8b 40 28 mov eax, DWORD PTR [rax+40] - 00047 b9 04 00 00 00 mov ecx, 4 - 0004c f7 f1 div ecx - 0004e 89 45 04 mov DWORD PTR FourByte$[rbp], eax + 00049 8b 40 28 mov eax, DWORD PTR [rax+40] + 0004c b9 04 00 00 00 mov ecx, 4 + 00051 f7 f1 div ecx + 00053 89 45 04 mov DWORD PTR FourByte$[rbp], eax -; 101 : ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; +; 12 : ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; - 00051 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] - 00054 c1 e0 02 shl eax, 2 - 00057 48 8b 8d 60 01 + 00056 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] + 00059 c1 e0 02 shl eax, 2 + 0005c 48 8b 8d 40 01 00 00 mov rcx, QWORD PTR Link$[rbp] - 0005e 8b 49 28 mov ecx, DWORD PTR [rcx+40] - 00061 2b c8 sub ecx, eax - 00063 8b c1 mov eax, ecx - 00065 33 d2 xor edx, edx - 00067 b9 02 00 00 00 mov ecx, 2 - 0006c f7 f1 div ecx - 0006e 89 45 24 mov DWORD PTR TwoByte$[rbp], eax - -; 102 : ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); - - 00071 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] - 00074 c1 e0 02 shl eax, 2 - 00077 48 8b 8d 60 01 + 00063 8b 49 28 mov ecx, DWORD PTR [rcx+40] + 00066 2b c8 sub ecx, eax + 00068 8b c1 mov eax, ecx + 0006a 33 d2 xor edx, edx + 0006c b9 02 00 00 00 mov ecx, 2 + 00071 f7 f1 div ecx + 00073 89 45 24 mov DWORD PTR TwoByte$[rbp], eax + +; 13 : ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2)); + + 00076 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] + 00079 c1 e0 02 shl eax, 2 + 0007c 48 8b 8d 40 01 00 00 mov rcx, QWORD PTR Link$[rbp] - 0007e 8b 49 28 mov ecx, DWORD PTR [rcx+40] - 00081 2b c8 sub ecx, eax - 00083 8b c1 mov eax, ecx - 00085 8b 4d 24 mov ecx, DWORD PTR TwoByte$[rbp] - 00088 d1 e1 shl ecx, 1 - 0008a 2b c1 sub eax, ecx - 0008c 89 45 44 mov DWORD PTR OneByte$[rbp], eax - -; 103 : -; 104 : PUCHAR Buffer = Link->RawData; - - 0008f 48 8b 85 60 01 - 00 00 mov rax, QWORD PTR Link$[rbp] - 00096 48 8b 40 20 mov rax, QWORD PTR [rax+32] - 0009a 48 89 45 68 mov QWORD PTR Buffer$[rbp], rax + 00083 8b 49 28 mov ecx, DWORD PTR [rcx+40] + 00086 2b c8 sub ecx, eax + 00088 8b c1 mov eax, ecx + 0008a 8b 4d 24 mov ecx, DWORD PTR TwoByte$[rbp] + 0008d d1 e1 shl ecx, 1 + 0008f 2b c1 sub eax, ecx + 00091 89 45 44 mov DWORD PTR OneByte$[rbp], eax $LN2@JitMutateI: -; 105 : while (FourByte) +; 14 : +; 15 : while (FourByte) - 0009e 83 7d 04 00 cmp DWORD PTR FourByte$[rbp], 0 - 000a2 74 3a je SHORT $LN3@JitMutateI + 00094 83 7d 04 00 cmp DWORD PTR FourByte$[rbp], 0 + 00098 74 46 je SHORT $LN3@JitMutateI -; 106 : { -; 107 : *(PULONG)Buffer ^= JitData->Data[2 - FourByte]; +; 16 : { +; 17 : *(PULONG)ToMutate ^= JitData->Data[2 - FourByte]; - 000a4 b8 02 00 00 00 mov eax, 2 - 000a9 2b 45 04 sub eax, DWORD PTR FourByte$[rbp] - 000ac 8b c0 mov eax, eax - 000ae 48 8b 4d 68 mov rcx, QWORD PTR Buffer$[rbp] - 000b2 48 8b 95 68 01 + 0009a b8 02 00 00 00 mov eax, 2 + 0009f 2b 45 04 sub eax, DWORD PTR FourByte$[rbp] + 000a2 8b c0 mov eax, eax + 000a4 48 8b 8d 48 01 + 00 00 mov rcx, QWORD PTR ToMutate$[rbp] + 000ab 48 8b 95 50 01 00 00 mov rdx, QWORD PTR JitData$[rbp] - 000b9 8b 04 82 mov eax, DWORD PTR [rdx+rax*4] - 000bc 8b 09 mov ecx, DWORD PTR [rcx] - 000be 33 c8 xor ecx, eax - 000c0 8b c1 mov eax, ecx - 000c2 48 8b 4d 68 mov rcx, QWORD PTR Buffer$[rbp] - 000c6 89 01 mov DWORD PTR [rcx], eax + 000b2 8b 04 82 mov eax, DWORD PTR [rdx+rax*4] + 000b5 8b 09 mov ecx, DWORD PTR [rcx] + 000b7 33 c8 xor ecx, eax + 000b9 8b c1 mov eax, ecx + 000bb 48 8b 8d 48 01 + 00 00 mov rcx, QWORD PTR ToMutate$[rbp] + 000c2 89 01 mov DWORD PTR [rcx], eax -; 108 : Buffer += 4; +; 18 : ToMutate += 4; - 000c8 48 8b 45 68 mov rax, QWORD PTR Buffer$[rbp] - 000cc 48 83 c0 04 add rax, 4 - 000d0 48 89 45 68 mov QWORD PTR Buffer$[rbp], rax + 000c4 48 8b 85 48 01 + 00 00 mov rax, QWORD PTR ToMutate$[rbp] + 000cb 48 83 c0 04 add rax, 4 + 000cf 48 89 85 48 01 + 00 00 mov QWORD PTR ToMutate$[rbp], rax -; 109 : FourByte--; +; 19 : FourByte--; - 000d4 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] - 000d7 ff c8 dec eax - 000d9 89 45 04 mov DWORD PTR FourByte$[rbp], eax + 000d6 8b 45 04 mov eax, DWORD PTR FourByte$[rbp] + 000d9 ff c8 dec eax + 000db 89 45 04 mov DWORD PTR FourByte$[rbp], eax -; 110 : } +; 20 : } - 000dc eb c0 jmp SHORT $LN2@JitMutateI + 000de eb b4 jmp SHORT $LN2@JitMutateI $LN3@JitMutateI: -; 111 : -; 112 : if (TwoByte) +; 21 : +; 22 : if (TwoByte) - 000de 83 7d 24 00 cmp DWORD PTR TwoByte$[rbp], 0 - 000e2 74 32 je SHORT $LN4@JitMutateI + 000e0 83 7d 24 00 cmp DWORD PTR TwoByte$[rbp], 0 + 000e4 74 3e je SHORT $LN4@JitMutateI -; 113 : { -; 114 : *(PUSHORT)Buffer ^= (USHORT)JitData->Data[3]; +; 23 : { +; 24 : *(PUSHORT)ToMutate ^= (USHORT)JitData->Data[3]; - 000e4 b8 04 00 00 00 mov eax, 4 - 000e9 48 6b c0 03 imul rax, rax, 3 - 000ed 48 8b 8d 68 01 + 000e6 b8 04 00 00 00 mov eax, 4 + 000eb 48 6b c0 03 imul rax, rax, 3 + 000ef 48 8b 8d 50 01 00 00 mov rcx, QWORD PTR JitData$[rbp] - 000f4 0f b7 04 01 movzx eax, WORD PTR [rcx+rax] - 000f8 48 8b 4d 68 mov rcx, QWORD PTR Buffer$[rbp] - 000fc 0f b7 09 movzx ecx, WORD PTR [rcx] - 000ff 33 c8 xor ecx, eax - 00101 8b c1 mov eax, ecx - 00103 48 8b 4d 68 mov rcx, QWORD PTR Buffer$[rbp] - 00107 66 89 01 mov WORD PTR [rcx], ax - -; 115 : Buffer += 2; - - 0010a 48 8b 45 68 mov rax, QWORD PTR Buffer$[rbp] - 0010e 48 83 c0 02 add rax, 2 - 00112 48 89 45 68 mov QWORD PTR Buffer$[rbp], rax + 000f6 0f b7 04 01 movzx eax, WORD PTR [rcx+rax] + 000fa 48 8b 8d 48 01 + 00 00 mov rcx, QWORD PTR ToMutate$[rbp] + 00101 0f b7 09 movzx ecx, WORD PTR [rcx] + 00104 33 c8 xor ecx, eax + 00106 8b c1 mov eax, ecx + 00108 48 8b 8d 48 01 + 00 00 mov rcx, QWORD PTR ToMutate$[rbp] + 0010f 66 89 01 mov WORD PTR [rcx], ax + +; 25 : ToMutate += 2; + + 00112 48 8b 85 48 01 + 00 00 mov rax, QWORD PTR ToMutate$[rbp] + 00119 48 83 c0 02 add rax, 2 + 0011d 48 89 85 48 01 + 00 00 mov QWORD PTR ToMutate$[rbp], rax $LN4@JitMutateI: -; 116 : } -; 117 : -; 118 : if (OneByte) +; 26 : } +; 27 : +; 28 : if (OneByte) - 00116 83 7d 44 00 cmp DWORD PTR OneByte$[rbp], 0 - 0011a 74 25 je SHORT $LN5@JitMutateI + 00124 83 7d 44 00 cmp DWORD PTR OneByte$[rbp], 0 + 00128 74 2b je SHORT $LN5@JitMutateI -; 119 : *(PUCHAR)Buffer ^= (UCHAR)JitData->Data[3]; +; 29 : *(PUCHAR)ToMutate ^= (UCHAR)JitData->Data[3]; - 0011c b8 04 00 00 00 mov eax, 4 - 00121 48 6b c0 03 imul rax, rax, 3 - 00125 48 8b 8d 68 01 + 0012a b8 04 00 00 00 mov eax, 4 + 0012f 48 6b c0 03 imul rax, rax, 3 + 00133 48 8b 8d 50 01 00 00 mov rcx, QWORD PTR JitData$[rbp] - 0012c 0f b6 04 01 movzx eax, BYTE PTR [rcx+rax] - 00130 48 8b 4d 68 mov rcx, QWORD PTR Buffer$[rbp] - 00134 0f b6 09 movzx ecx, BYTE PTR [rcx] - 00137 33 c8 xor ecx, eax - 00139 8b c1 mov eax, ecx - 0013b 48 8b 4d 68 mov rcx, QWORD PTR Buffer$[rbp] - 0013f 88 01 mov BYTE PTR [rcx], al + 0013a 0f b6 04 01 movzx eax, BYTE PTR [rcx+rax] + 0013e 48 8b 8d 48 01 + 00 00 mov rcx, QWORD PTR ToMutate$[rbp] + 00145 0f b6 09 movzx ecx, BYTE PTR [rcx] + 00148 33 c8 xor ecx, eax + 0014a 8b c1 mov eax, ecx + 0014c 48 8b 8d 48 01 + 00 00 mov rcx, QWORD PTR ToMutate$[rbp] + 00153 88 01 mov BYTE PTR [rcx], al $LN5@JitMutateI: -; 120 : -; 121 : } - - 00141 48 8d a5 48 01 - 00 00 lea rsp, QWORD PTR [rbp+328] - 00148 5f pop rdi - 00149 5d pop rbp - 0014a c3 ret 0 -?JitMutateInstForXor@@YAXPEAU_NATIVE_CODE_LINK@@PEAU_JIT_BITWISE_DATA@@@Z ENDP ; JitMutateInstForXor -_TEXT ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Jit.cpp -; COMDAT ?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z -_TEXT SEGMENT -Ledger$ = 4 -T$4 = 40 -SimpleFlags$5 = 72 -FlagsRead$6 = 104 -FlagsWritten$7 = 136 -__$ArrayPad$ = 344 -Link$ = 384 -?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z PROC ; JitAreFlagsClobberedBeforeUse, COMDAT - -; 69 : { - -$LN9: - 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00005 55 push rbp - 00006 57 push rdi - 00007 48 81 ec 88 01 - 00 00 sub rsp, 392 ; 00000188H - 0000e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] - 00013 48 8b fc mov rdi, rsp - 00016 b9 62 00 00 00 mov ecx, 98 ; 00000062H - 0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH - 00020 f3 ab rep stosd - 00022 48 8b 8c 24 a8 - 01 00 00 mov rcx, QWORD PTR [rsp+424] - 0002a 48 8b 05 00 00 - 00 00 mov rax, QWORD PTR __security_cookie - 00031 48 33 c5 xor rax, rbp - 00034 48 89 85 58 01 - 00 00 mov QWORD PTR __$ArrayPad$[rbp], rax - 0003b 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp - 00042 e8 00 00 00 00 call __CheckForDebuggerJustMyCode - -; 70 : XED_FLAG_SET Ledger; -; 71 : Ledger.s.zf = TRUE; - - 00047 8b 45 04 mov eax, DWORD PTR Ledger$[rbp] - 0004a 83 c8 40 or eax, 64 ; 00000040H - 0004d 89 45 04 mov DWORD PTR Ledger$[rbp], eax - -; 72 : Ledger.s.sf = TRUE; - - 00050 8b 45 04 mov eax, DWORD PTR Ledger$[rbp] - 00053 0f ba e8 07 bts eax, 7 - 00057 89 45 04 mov DWORD PTR Ledger$[rbp], eax - -; 73 : Ledger.s.pf = TRUE; +; 30 : +; 31 : return TRUE; - 0005a 8b 45 04 mov eax, DWORD PTR Ledger$[rbp] - 0005d 83 c8 04 or eax, 4 - 00060 89 45 04 mov DWORD PTR Ledger$[rbp], eax - -; 74 : Ledger.s.of = TRUE; - - 00063 8b 45 04 mov eax, DWORD PTR Ledger$[rbp] - 00066 0f ba e8 0b bts eax, 11 - 0006a 89 45 04 mov DWORD PTR Ledger$[rbp], eax - -; 75 : Ledger.s.cf = TRUE; - - 0006d 8b 45 04 mov eax, DWORD PTR Ledger$[rbp] - 00070 83 c8 01 or eax, 1 - 00073 89 45 04 mov DWORD PTR Ledger$[rbp], eax - -; 76 : Ledger.s.af = TRUE; - - 00076 8b 45 04 mov eax, DWORD PTR Ledger$[rbp] - 00079 83 c8 10 or eax, 16 - 0007c 89 45 04 mov DWORD PTR Ledger$[rbp], eax - -; 77 : -; 78 : for (PNATIVE_CODE_LINK T = Link->Next; T; T = T->Next) - - 0007f 48 8b 85 80 01 - 00 00 mov rax, QWORD PTR Link$[rbp] - 00086 48 8b 00 mov rax, QWORD PTR [rax] - 00089 48 89 45 28 mov QWORD PTR T$4[rbp], rax - 0008d eb 0b jmp SHORT $LN4@JitAreFlag -$LN2@JitAreFlag: - 0008f 48 8b 45 28 mov rax, QWORD PTR T$4[rbp] - 00093 48 8b 00 mov rax, QWORD PTR [rax] - 00096 48 89 45 28 mov QWORD PTR T$4[rbp], rax -$LN4@JitAreFlag: - 0009a 48 83 7d 28 00 cmp QWORD PTR T$4[rbp], 0 - 0009f 74 77 je SHORT $LN3@JitAreFlag - -; 79 : { -; 80 : if (T->Flags & CODE_FLAG_IS_LABEL) - - 000a1 48 8b 45 28 mov rax, QWORD PTR T$4[rbp] - 000a5 8b 40 18 mov eax, DWORD PTR [rax+24] - 000a8 83 e0 01 and eax, 1 - 000ab 85 c0 test eax, eax - 000ad 74 02 je SHORT $LN5@JitAreFlag - -; 81 : continue; - - 000af eb de jmp SHORT $LN2@JitAreFlag -$LN5@JitAreFlag: - -; 82 : -; 83 : CONST XED_SIMPLE_FLAG* SimpleFlags = XedDecodedInstGetRflagsInfo(&T->XedInstruction); - - 000b1 48 8b 45 28 mov rax, QWORD PTR T$4[rbp] - 000b5 48 83 c0 30 add rax, 48 ; 00000030H - 000b9 48 8b c8 mov rcx, rax - 000bc e8 00 00 00 00 call xed_decoded_inst_get_rflags_info - 000c1 48 89 45 48 mov QWORD PTR SimpleFlags$5[rbp], rax - -; 84 : CONST XED_FLAG_SET* FlagsRead = XedSimpleFlagGetReadFlagSet(SimpleFlags); - - 000c5 48 8b 4d 48 mov rcx, QWORD PTR SimpleFlags$5[rbp] - 000c9 e8 00 00 00 00 call xed_simple_flag_get_read_flag_set - 000ce 48 89 45 68 mov QWORD PTR FlagsRead$6[rbp], rax - -; 85 : CONST XED_FLAG_SET* FlagsWritten = XedSimpleFlagGetWrittenFlagSet(SimpleFlags); - - 000d2 48 8b 4d 48 mov rcx, QWORD PTR SimpleFlags$5[rbp] - 000d6 e8 00 00 00 00 call xed_simple_flag_get_written_flag_set - 000db 48 89 85 88 00 - 00 00 mov QWORD PTR FlagsWritten$7[rbp], rax - -; 86 : -; 87 : if (JitCheckFlagCollisions(FlagsRead, Ledger)) - - 000e2 8b 55 04 mov edx, DWORD PTR Ledger$[rbp] - 000e5 48 8b 4d 68 mov rcx, QWORD PTR FlagsRead$6[rbp] - 000e9 e8 00 00 00 00 call ?JitCheckFlagCollisions@@YAHPEBTxed_flag_set_s@@T1@@Z ; JitCheckFlagCollisions - 000ee 85 c0 test eax, eax - 000f0 74 04 je SHORT $LN6@JitAreFlag - -; 88 : return FALSE; - - 000f2 33 c0 xor eax, eax - 000f4 eb 24 jmp SHORT $LN1@JitAreFlag -$LN6@JitAreFlag: - -; 89 : -; 90 : JitUpdateConFlagsLedger(FlagsWritten, &Ledger); - - 000f6 48 8d 55 04 lea rdx, QWORD PTR Ledger$[rbp] - 000fa 48 8b 8d 88 00 - 00 00 mov rcx, QWORD PTR FlagsWritten$7[rbp] - 00101 e8 00 00 00 00 call ?JitUpdateConFlagsLedger@@YAXPEBTxed_flag_set_s@@PEAT1@@Z ; JitUpdateConFlagsLedger - -; 91 : -; 92 : if (Ledger.flat == 0) - - 00106 83 7d 04 00 cmp DWORD PTR Ledger$[rbp], 0 - 0010a 75 07 jne SHORT $LN7@JitAreFlag - -; 93 : return TRUE; - - 0010c b8 01 00 00 00 mov eax, 1 - 00111 eb 07 jmp SHORT $LN1@JitAreFlag -$LN7@JitAreFlag: - -; 94 : } - - 00113 e9 77 ff ff ff jmp $LN2@JitAreFlag -$LN3@JitAreFlag: - -; 95 : return FALSE; - - 00118 33 c0 xor eax, eax -$LN1@JitAreFlag: - -; 96 : } - - 0011a 48 8b f8 mov rdi, rax - 0011d 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] - 00121 48 8d 15 00 00 - 00 00 lea rdx, OFFSET FLAT:?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z$rtcFrameData - 00128 e8 00 00 00 00 call _RTC_CheckStackVars - 0012d 48 8b c7 mov rax, rdi - 00130 48 8b 8d 58 01 - 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] - 00137 48 33 cd xor rcx, rbp - 0013a e8 00 00 00 00 call __security_check_cookie - 0013f 48 8d a5 68 01 - 00 00 lea rsp, QWORD PTR [rbp+360] - 00146 5f pop rdi - 00147 5d pop rbp - 00148 c3 ret 0 -?JitAreFlagsClobberedBeforeUse@@YAHPEAU_NATIVE_CODE_LINK@@@Z ENDP ; JitAreFlagsClobberedBeforeUse -_TEXT ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Jit.cpp -; COMDAT ?JitDoesInstOverriteConditionFlags@@YAHPEAU_NATIVE_CODE_LINK@@@Z -_TEXT SEGMENT -SimpleFlags$ = 8 -FlagsWritten$ = 40 -FlagsUndefined$ = 72 -tv132 = 276 -Link$ = 320 -?JitDoesInstOverriteConditionFlags@@YAHPEAU_NATIVE_CODE_LINK@@@Z PROC ; JitDoesInstOverriteConditionFlags, COMDAT - -; 54 : { - -$LN5: - 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00005 55 push rbp - 00006 57 push rdi - 00007 48 81 ec 48 01 - 00 00 sub rsp, 328 ; 00000148H - 0000e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] - 00013 48 8b fc mov rdi, rsp - 00016 b9 52 00 00 00 mov ecx, 82 ; 00000052H - 0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH - 00020 f3 ab rep stosd - 00022 48 8b 8c 24 68 - 01 00 00 mov rcx, QWORD PTR [rsp+360] - 0002a 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp - 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + 00155 b8 01 00 00 00 mov eax, 1 -; 55 : CONST XED_SIMPLE_FLAG* SimpleFlags = XedDecodedInstGetRflagsInfo(&Link->XedInstruction); +; 32 : } - 00036 48 8b 85 40 01 - 00 00 mov rax, QWORD PTR Link$[rbp] - 0003d 48 83 c0 30 add rax, 48 ; 00000030H - 00041 48 8b c8 mov rcx, rax - 00044 e8 00 00 00 00 call xed_decoded_inst_get_rflags_info - 00049 48 89 45 08 mov QWORD PTR SimpleFlags$[rbp], rax - -; 56 : CONST XED_FLAG_SET* FlagsWritten = XedSimpleFlagGetWrittenFlagSet(SimpleFlags); - - 0004d 48 8b 4d 08 mov rcx, QWORD PTR SimpleFlags$[rbp] - 00051 e8 00 00 00 00 call xed_simple_flag_get_written_flag_set - 00056 48 89 45 28 mov QWORD PTR FlagsWritten$[rbp], rax - -; 57 : CONST XED_FLAG_SET* FlagsUndefined = XedSimpleFlagGetUndefinedFlagSet(SimpleFlags); - - 0005a 48 8b 4d 08 mov rcx, QWORD PTR SimpleFlags$[rbp] - 0005e e8 00 00 00 00 call xed_simple_flag_get_undefined_flag_set - 00063 48 89 45 48 mov QWORD PTR FlagsUndefined$[rbp], rax - -; 58 : -; 59 : return (FlagsWritten->s.zf && - - 00067 48 8b 45 28 mov rax, QWORD PTR FlagsWritten$[rbp] - 0006b 8b 00 mov eax, DWORD PTR [rax] - 0006d c1 e8 06 shr eax, 6 - 00070 83 e0 01 and eax, 1 - 00073 85 c0 test eax, eax - 00075 74 59 je SHORT $LN3@JitDoesIns - 00077 48 8b 45 28 mov rax, QWORD PTR FlagsWritten$[rbp] - 0007b 8b 00 mov eax, DWORD PTR [rax] - 0007d c1 e8 07 shr eax, 7 - 00080 83 e0 01 and eax, 1 - 00083 85 c0 test eax, eax - 00085 74 49 je SHORT $LN3@JitDoesIns - 00087 48 8b 45 28 mov rax, QWORD PTR FlagsWritten$[rbp] - 0008b 8b 00 mov eax, DWORD PTR [rax] - 0008d c1 e8 02 shr eax, 2 - 00090 83 e0 01 and eax, 1 - 00093 85 c0 test eax, eax - 00095 74 39 je SHORT $LN3@JitDoesIns - 00097 48 8b 45 28 mov rax, QWORD PTR FlagsWritten$[rbp] - 0009b 8b 00 mov eax, DWORD PTR [rax] - 0009d c1 e8 0b shr eax, 11 - 000a0 83 e0 01 and eax, 1 - 000a3 85 c0 test eax, eax - 000a5 74 29 je SHORT $LN3@JitDoesIns - 000a7 48 8b 45 28 mov rax, QWORD PTR FlagsWritten$[rbp] - 000ab 8b 00 mov eax, DWORD PTR [rax] - 000ad 83 e0 01 and eax, 1 - 000b0 85 c0 test eax, eax - 000b2 74 1c je SHORT $LN3@JitDoesIns - 000b4 48 8b 45 48 mov rax, QWORD PTR FlagsUndefined$[rbp] - 000b8 8b 00 mov eax, DWORD PTR [rax] - 000ba c1 e8 04 shr eax, 4 - 000bd 83 e0 01 and eax, 1 - 000c0 85 c0 test eax, eax - 000c2 74 0c je SHORT $LN3@JitDoesIns - 000c4 c7 85 14 01 00 - 00 01 00 00 00 mov DWORD PTR tv132[rbp], 1 - 000ce eb 0a jmp SHORT $LN4@JitDoesIns -$LN3@JitDoesIns: - 000d0 c7 85 14 01 00 - 00 00 00 00 00 mov DWORD PTR tv132[rbp], 0 -$LN4@JitDoesIns: - 000da 8b 85 14 01 00 - 00 mov eax, DWORD PTR tv132[rbp] - -; 60 : FlagsWritten->s.sf && -; 61 : FlagsWritten->s.pf && -; 62 : FlagsWritten->s.of && -; 63 : FlagsWritten->s.cf && -; 64 : FlagsUndefined->s.af -; 65 : ); -; 66 : } - - 000e0 48 8d a5 28 01 + 0015a 48 8d a5 28 01 00 00 lea rsp, QWORD PTR [rbp+296] - 000e7 5f pop rdi - 000e8 5d pop rbp - 000e9 c3 ret 0 -?JitDoesInstOverriteConditionFlags@@YAHPEAU_NATIVE_CODE_LINK@@@Z ENDP ; JitDoesInstOverriteConditionFlags -_TEXT ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Jit.cpp -; COMDAT ?JitUpdateConFlagsLedger@@YAXPEBTxed_flag_set_s@@PEAT1@@Z -_TEXT SEGMENT -FlagsWritten$ = 224 -Ledger$ = 232 -?JitUpdateConFlagsLedger@@YAXPEBTxed_flag_set_s@@PEAT1@@Z PROC ; JitUpdateConFlagsLedger, COMDAT - -; 38 : { - -$LN9: - 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx - 00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 0000a 55 push rbp - 0000b 57 push rdi - 0000c 48 81 ec e8 00 - 00 00 sub rsp, 232 ; 000000e8H - 00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] - 00018 48 8b fc mov rdi, rsp - 0001b b9 3a 00 00 00 mov ecx, 58 ; 0000003aH - 00020 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH - 00025 f3 ab rep stosd - 00027 48 8b 8c 24 08 - 01 00 00 mov rcx, QWORD PTR [rsp+264] - 0002f 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp - 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode - -; 39 : if (FlagsWritten->s.zf) - - 0003b 48 8b 85 e0 00 - 00 00 mov rax, QWORD PTR FlagsWritten$[rbp] - 00042 8b 00 mov eax, DWORD PTR [rax] - 00044 c1 e8 06 shr eax, 6 - 00047 83 e0 01 and eax, 1 - 0004a 85 c0 test eax, eax - 0004c 74 15 je SHORT $LN2@JitUpdateC - -; 40 : Ledger->s.zf = FALSE; - - 0004e 48 8b 85 e8 00 - 00 00 mov rax, QWORD PTR Ledger$[rbp] - 00055 8b 00 mov eax, DWORD PTR [rax] - 00057 83 e0 bf and eax, -65 ; ffffffbfH - 0005a 48 8b 8d e8 00 - 00 00 mov rcx, QWORD PTR Ledger$[rbp] - 00061 89 01 mov DWORD PTR [rcx], eax -$LN2@JitUpdateC: - -; 41 : if (FlagsWritten->s.sf) - - 00063 48 8b 85 e0 00 - 00 00 mov rax, QWORD PTR FlagsWritten$[rbp] - 0006a 8b 00 mov eax, DWORD PTR [rax] - 0006c c1 e8 07 shr eax, 7 - 0006f 83 e0 01 and eax, 1 - 00072 85 c0 test eax, eax - 00074 74 16 je SHORT $LN3@JitUpdateC - -; 42 : Ledger->s.sf = FALSE; - - 00076 48 8b 85 e8 00 - 00 00 mov rax, QWORD PTR Ledger$[rbp] - 0007d 8b 00 mov eax, DWORD PTR [rax] - 0007f 0f ba f0 07 btr eax, 7 - 00083 48 8b 8d e8 00 - 00 00 mov rcx, QWORD PTR Ledger$[rbp] - 0008a 89 01 mov DWORD PTR [rcx], eax -$LN3@JitUpdateC: - -; 43 : if (FlagsWritten->s.pf) - - 0008c 48 8b 85 e0 00 - 00 00 mov rax, QWORD PTR FlagsWritten$[rbp] - 00093 8b 00 mov eax, DWORD PTR [rax] - 00095 c1 e8 02 shr eax, 2 - 00098 83 e0 01 and eax, 1 - 0009b 85 c0 test eax, eax - 0009d 74 15 je SHORT $LN4@JitUpdateC - -; 44 : Ledger->s.pf = FALSE; - - 0009f 48 8b 85 e8 00 - 00 00 mov rax, QWORD PTR Ledger$[rbp] - 000a6 8b 00 mov eax, DWORD PTR [rax] - 000a8 83 e0 fb and eax, -5 ; fffffffbH - 000ab 48 8b 8d e8 00 - 00 00 mov rcx, QWORD PTR Ledger$[rbp] - 000b2 89 01 mov DWORD PTR [rcx], eax -$LN4@JitUpdateC: - -; 45 : if (FlagsWritten->s.of) - - 000b4 48 8b 85 e0 00 - 00 00 mov rax, QWORD PTR FlagsWritten$[rbp] - 000bb 8b 00 mov eax, DWORD PTR [rax] - 000bd c1 e8 0b shr eax, 11 - 000c0 83 e0 01 and eax, 1 - 000c3 85 c0 test eax, eax - 000c5 74 16 je SHORT $LN5@JitUpdateC - -; 46 : Ledger->s.of = FALSE; - - 000c7 48 8b 85 e8 00 - 00 00 mov rax, QWORD PTR Ledger$[rbp] - 000ce 8b 00 mov eax, DWORD PTR [rax] - 000d0 0f ba f0 0b btr eax, 11 - 000d4 48 8b 8d e8 00 - 00 00 mov rcx, QWORD PTR Ledger$[rbp] - 000db 89 01 mov DWORD PTR [rcx], eax -$LN5@JitUpdateC: - -; 47 : if (FlagsWritten->s.cf) - - 000dd 48 8b 85 e0 00 - 00 00 mov rax, QWORD PTR FlagsWritten$[rbp] - 000e4 8b 00 mov eax, DWORD PTR [rax] - 000e6 83 e0 01 and eax, 1 - 000e9 85 c0 test eax, eax - 000eb 74 15 je SHORT $LN6@JitUpdateC - -; 48 : Ledger->s.cf = FALSE; - - 000ed 48 8b 85 e8 00 - 00 00 mov rax, QWORD PTR Ledger$[rbp] - 000f4 8b 00 mov eax, DWORD PTR [rax] - 000f6 83 e0 fe and eax, -2 ; fffffffeH - 000f9 48 8b 8d e8 00 - 00 00 mov rcx, QWORD PTR Ledger$[rbp] - 00100 89 01 mov DWORD PTR [rcx], eax -$LN6@JitUpdateC: - -; 49 : if (FlagsWritten->s.af) - - 00102 48 8b 85 e0 00 - 00 00 mov rax, QWORD PTR FlagsWritten$[rbp] - 00109 8b 00 mov eax, DWORD PTR [rax] - 0010b c1 e8 04 shr eax, 4 - 0010e 83 e0 01 and eax, 1 - 00111 85 c0 test eax, eax - 00113 74 15 je SHORT $LN7@JitUpdateC - -; 50 : Ledger->s.af = FALSE; - - 00115 48 8b 85 e8 00 - 00 00 mov rax, QWORD PTR Ledger$[rbp] - 0011c 8b 00 mov eax, DWORD PTR [rax] - 0011e 83 e0 ef and eax, -17 ; ffffffefH - 00121 48 8b 8d e8 00 - 00 00 mov rcx, QWORD PTR Ledger$[rbp] - 00128 89 01 mov DWORD PTR [rcx], eax -$LN7@JitUpdateC: - -; 51 : } - - 0012a 48 8d a5 c8 00 - 00 00 lea rsp, QWORD PTR [rbp+200] - 00131 5f pop rdi - 00132 5d pop rbp - 00133 c3 ret 0 -?JitUpdateConFlagsLedger@@YAXPEBTxed_flag_set_s@@PEAT1@@Z ENDP ; JitUpdateConFlagsLedger -_TEXT ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Jit.cpp -; COMDAT ?JitCheckFlagCollisions@@YAHPEBTxed_flag_set_s@@T1@@Z -_TEXT SEGMENT -tv165 = 192 -FlagsRead$ = 240 -Ledger$ = 248 -?JitCheckFlagCollisions@@YAHPEBTxed_flag_set_s@@T1@@Z PROC ; JitCheckFlagCollisions, COMDAT - -; 27 : { - -$LN11: - 00000 89 54 24 10 mov DWORD PTR [rsp+16], edx - 00004 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00009 55 push rbp - 0000a 57 push rdi - 0000b 48 81 ec f8 00 - 00 00 sub rsp, 248 ; 000000f8H - 00012 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] - 00017 48 8b fc mov rdi, rsp - 0001a b9 3e 00 00 00 mov ecx, 62 ; 0000003eH - 0001f b8 cc cc cc cc mov eax, -858993460 ; ccccccccH - 00024 f3 ab rep stosd - 00026 48 8b 8c 24 18 - 01 00 00 mov rcx, QWORD PTR [rsp+280] - 0002e 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp - 00035 e8 00 00 00 00 call __CheckForDebuggerJustMyCode - -; 28 : return ((FlagsRead->s.zf && FlagsRead->s.zf == Ledger.s.zf) || - - 0003a 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 00041 8b 00 mov eax, DWORD PTR [rax] - 00043 c1 e8 06 shr eax, 6 - 00046 83 e0 01 and eax, 1 - 00049 85 c0 test eax, eax - 0004b 74 23 je SHORT $LN3@JitCheckFl - 0004d 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 00054 8b 00 mov eax, DWORD PTR [rax] - 00056 c1 e8 06 shr eax, 6 - 00059 83 e0 01 and eax, 1 - 0005c 8b 8d f8 00 00 - 00 mov ecx, DWORD PTR Ledger$[rbp] - 00062 c1 e9 06 shr ecx, 6 - 00065 83 e1 01 and ecx, 1 - 00068 3b c1 cmp eax, ecx - 0006a 0f 84 05 01 00 - 00 je $LN5@JitCheckFl -$LN3@JitCheckFl: - 00070 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 00077 8b 00 mov eax, DWORD PTR [rax] - 00079 c1 e8 07 shr eax, 7 - 0007c 83 e0 01 and eax, 1 - 0007f 85 c0 test eax, eax - 00081 74 23 je SHORT $LN4@JitCheckFl - 00083 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 0008a 8b 00 mov eax, DWORD PTR [rax] - 0008c c1 e8 07 shr eax, 7 - 0008f 83 e0 01 and eax, 1 - 00092 8b 8d f8 00 00 - 00 mov ecx, DWORD PTR Ledger$[rbp] - 00098 c1 e9 07 shr ecx, 7 - 0009b 83 e1 01 and ecx, 1 - 0009e 3b c1 cmp eax, ecx - 000a0 0f 84 cf 00 00 - 00 je $LN5@JitCheckFl -$LN4@JitCheckFl: - 000a6 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 000ad 8b 00 mov eax, DWORD PTR [rax] - 000af c1 e8 02 shr eax, 2 - 000b2 83 e0 01 and eax, 1 - 000b5 85 c0 test eax, eax - 000b7 74 23 je SHORT $LN6@JitCheckFl - 000b9 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 000c0 8b 00 mov eax, DWORD PTR [rax] - 000c2 c1 e8 02 shr eax, 2 - 000c5 83 e0 01 and eax, 1 - 000c8 8b 8d f8 00 00 - 00 mov ecx, DWORD PTR Ledger$[rbp] - 000ce c1 e9 02 shr ecx, 2 - 000d1 83 e1 01 and ecx, 1 - 000d4 3b c1 cmp eax, ecx - 000d6 0f 84 99 00 00 - 00 je $LN5@JitCheckFl -$LN6@JitCheckFl: - 000dc 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 000e3 8b 00 mov eax, DWORD PTR [rax] - 000e5 c1 e8 0b shr eax, 11 - 000e8 83 e0 01 and eax, 1 - 000eb 85 c0 test eax, eax - 000ed 74 1f je SHORT $LN7@JitCheckFl - 000ef 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 000f6 8b 00 mov eax, DWORD PTR [rax] - 000f8 c1 e8 0b shr eax, 11 - 000fb 83 e0 01 and eax, 1 - 000fe 8b 8d f8 00 00 - 00 mov ecx, DWORD PTR Ledger$[rbp] - 00104 c1 e9 0b shr ecx, 11 - 00107 83 e1 01 and ecx, 1 - 0010a 3b c1 cmp eax, ecx - 0010c 74 67 je SHORT $LN5@JitCheckFl -$LN7@JitCheckFl: - 0010e 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 00115 8b 00 mov eax, DWORD PTR [rax] - 00117 83 e0 01 and eax, 1 - 0011a 85 c0 test eax, eax - 0011c 74 19 je SHORT $LN8@JitCheckFl - 0011e 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 00125 8b 00 mov eax, DWORD PTR [rax] - 00127 83 e0 01 and eax, 1 - 0012a 8b 8d f8 00 00 - 00 mov ecx, DWORD PTR Ledger$[rbp] - 00130 83 e1 01 and ecx, 1 - 00133 3b c1 cmp eax, ecx - 00135 74 3e je SHORT $LN5@JitCheckFl -$LN8@JitCheckFl: - 00137 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 0013e 8b 00 mov eax, DWORD PTR [rax] - 00140 c1 e8 04 shr eax, 4 - 00143 83 e0 01 and eax, 1 - 00146 85 c0 test eax, eax - 00148 74 1f je SHORT $LN9@JitCheckFl - 0014a 48 8b 85 f0 00 - 00 00 mov rax, QWORD PTR FlagsRead$[rbp] - 00151 8b 00 mov eax, DWORD PTR [rax] - 00153 c1 e8 04 shr eax, 4 - 00156 83 e0 01 and eax, 1 - 00159 8b 8d f8 00 00 - 00 mov ecx, DWORD PTR Ledger$[rbp] - 0015f c1 e9 04 shr ecx, 4 - 00162 83 e1 01 and ecx, 1 - 00165 3b c1 cmp eax, ecx - 00167 74 0c je SHORT $LN5@JitCheckFl -$LN9@JitCheckFl: - 00169 c7 85 c0 00 00 - 00 00 00 00 00 mov DWORD PTR tv165[rbp], 0 - 00173 eb 0a jmp SHORT $LN10@JitCheckFl -$LN5@JitCheckFl: - 00175 c7 85 c0 00 00 - 00 01 00 00 00 mov DWORD PTR tv165[rbp], 1 -$LN10@JitCheckFl: - 0017f 8b 85 c0 00 00 - 00 mov eax, DWORD PTR tv165[rbp] - -; 29 : (FlagsRead->s.sf && FlagsRead->s.sf == Ledger.s.sf) || -; 30 : (FlagsRead->s.pf && FlagsRead->s.pf == Ledger.s.pf) || -; 31 : (FlagsRead->s.of && FlagsRead->s.of == Ledger.s.of) || -; 32 : (FlagsRead->s.cf && FlagsRead->s.cf == Ledger.s.cf) || -; 33 : (FlagsRead->s.af && FlagsRead->s.af == Ledger.s.af) -; 34 : ); -; 35 : } - - 00185 48 8d a5 d8 00 - 00 00 lea rsp, QWORD PTR [rbp+216] - 0018c 5f pop rdi - 0018d 5d pop rbp - 0018e c3 ret 0 -?JitCheckFlagCollisions@@YAHPEBTxed_flag_set_s@@T1@@Z ENDP ; JitCheckFlagCollisions -_TEXT ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Jit.cpp -; COMDAT ?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z -_TEXT SEGMENT -RawData$ = 4 -Link$ = 40 -$T4 = 264 -$T5 = 296 -tv79 = 312 -__$ArrayPad$ = 320 -Block$ = 368 -?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; JitEmitPopfqInst, COMDAT - -; 18 : { - -$LN6: - 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00005 55 push rbp - 00006 57 push rdi - 00007 48 81 ec 88 01 - 00 00 sub rsp, 392 ; 00000188H - 0000e 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48] - 00013 48 8b fc mov rdi, rsp - 00016 b9 62 00 00 00 mov ecx, 98 ; 00000062H - 0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH - 00020 f3 ab rep stosd - 00022 48 8b 8c 24 a8 - 01 00 00 mov rcx, QWORD PTR [rsp+424] - 0002a 48 8b 05 00 00 - 00 00 mov rax, QWORD PTR __security_cookie - 00031 48 33 c5 xor rax, rbp - 00034 48 89 85 40 01 - 00 00 mov QWORD PTR __$ArrayPad$[rbp], rax - 0003b 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp - 00042 e8 00 00 00 00 call __CheckForDebuggerJustMyCode - -; 19 : UCHAR RawData[] = { 0x9D }; - - 00047 c6 45 04 9d mov BYTE PTR RawData$[rbp], 157 ; 0000009dH - -; 20 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, 1); - - 0004b b9 10 01 00 00 mov ecx, 272 ; 00000110H - 00050 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new - 00055 48 89 85 28 01 - 00 00 mov QWORD PTR $T5[rbp], rax - 0005c 48 83 bd 28 01 - 00 00 00 cmp QWORD PTR $T5[rbp], 0 - 00064 74 2c je SHORT $LN3@JitEmitPop - 00066 c7 44 24 20 00 - 00 00 00 mov DWORD PTR [rsp+32], 0 - 0006e 41 b9 01 00 00 - 00 mov r9d, 1 - 00074 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp] - 00078 ba 0c 00 00 00 mov edx, 12 - 0007d 48 8b 8d 28 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] - 00084 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK - 00089 48 89 85 38 01 - 00 00 mov QWORD PTR tv79[rbp], rax - 00090 eb 0b jmp SHORT $LN4@JitEmitPop -$LN3@JitEmitPop: - 00092 48 c7 85 38 01 - 00 00 00 00 00 - 00 mov QWORD PTR tv79[rbp], 0 -$LN4@JitEmitPop: - 0009d 48 8b 85 38 01 - 00 00 mov rax, QWORD PTR tv79[rbp] - 000a4 48 89 85 08 01 - 00 00 mov QWORD PTR $T4[rbp], rax - 000ab 48 8b 85 08 01 - 00 00 mov rax, QWORD PTR $T4[rbp] - 000b2 48 89 45 28 mov QWORD PTR Link$[rbp], rax - -; 21 : XedDecode(&Link->XedInstruction, Link->RawData, 1); - - 000b6 48 8b 45 28 mov rax, QWORD PTR Link$[rbp] - 000ba 48 83 c0 30 add rax, 48 ; 00000030H - 000be 41 b8 01 00 00 - 00 mov r8d, 1 - 000c4 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp] - 000c8 48 8b 51 20 mov rdx, QWORD PTR [rcx+32] - 000cc 48 8b c8 mov rcx, rax - 000cf e8 00 00 00 00 call xed_decode - -; 22 : NcAppendToBlock(Block, Link); - - 000d4 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp] - 000d8 48 8b 8d 70 01 - 00 00 mov rcx, QWORD PTR Block$[rbp] - 000df e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock - -; 23 : return TRUE; - - 000e4 b8 01 00 00 00 mov eax, 1 - -; 24 : } - - 000e9 8b f8 mov edi, eax - 000eb 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48] - 000ef 48 8d 15 00 00 - 00 00 lea rdx, OFFSET FLAT:?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcFrameData - 000f6 e8 00 00 00 00 call _RTC_CheckStackVars - 000fb 8b c7 mov eax, edi - 000fd 48 8b 8d 40 01 - 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] - 00104 48 33 cd xor rcx, rbp - 00107 e8 00 00 00 00 call __security_check_cookie - 0010c 48 8d a5 58 01 - 00 00 lea rsp, QWORD PTR [rbp+344] - 00113 5f pop rdi - 00114 5d pop rbp - 00115 c3 ret 0 -?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ENDP ; JitEmitPopfqInst -_TEXT ENDS -; COMDAT text$x -text$x SEGMENT -RawData$ = 4 -Link$ = 40 -$T4 = 264 -$T5 = 296 -tv79 = 312 -__$ArrayPad$ = 320 -Block$ = 368 -?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `JitEmitPopfqInst'::`1'::dtor$0 - 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx - 0000a 55 push rbp - 0000b 57 push rdi - 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H - 00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48] - 00014 ba 10 01 00 00 mov edx, 272 ; 00000110H - 00019 48 8b 8d 28 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] - 00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete - 00025 48 83 c4 28 add rsp, 40 ; 00000028H - 00029 5f pop rdi - 0002a 5d pop rbp - 0002b c3 ret 0 -?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA ENDP ; `JitEmitPopfqInst'::`1'::dtor$0 -text$x ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; COMDAT text$x -text$x SEGMENT -RawData$ = 4 -Link$ = 40 -$T4 = 264 -$T5 = 296 -tv79 = 312 -__$ArrayPad$ = 320 -Block$ = 368 -?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `JitEmitPopfqInst'::`1'::dtor$0 - 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx - 0000a 55 push rbp - 0000b 57 push rdi - 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H - 00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48] - 00014 ba 10 01 00 00 mov edx, 272 ; 00000110H - 00019 48 8b 8d 28 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] - 00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete - 00025 48 83 c4 28 add rsp, 40 ; 00000028H - 00029 5f pop rdi - 0002a 5d pop rbp - 0002b c3 ret 0 -?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA ENDP ; `JitEmitPopfqInst'::`1'::dtor$0 -text$x ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Jit.cpp -; COMDAT ?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z -_TEXT SEGMENT -RawData$ = 4 -Link$ = 40 -$T4 = 264 -$T5 = 296 -tv79 = 312 -__$ArrayPad$ = 320 -Block$ = 368 -?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; JitEmitPushfqInst, COMDAT - -; 9 : { - -$LN6: - 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00005 55 push rbp - 00006 57 push rdi - 00007 48 81 ec 88 01 - 00 00 sub rsp, 392 ; 00000188H - 0000e 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48] - 00013 48 8b fc mov rdi, rsp - 00016 b9 62 00 00 00 mov ecx, 98 ; 00000062H - 0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH - 00020 f3 ab rep stosd - 00022 48 8b 8c 24 a8 - 01 00 00 mov rcx, QWORD PTR [rsp+424] - 0002a 48 8b 05 00 00 - 00 00 mov rax, QWORD PTR __security_cookie - 00031 48 33 c5 xor rax, rbp - 00034 48 89 85 40 01 - 00 00 mov QWORD PTR __$ArrayPad$[rbp], rax - 0003b 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:__DD050276_Jit@cpp - 00042 e8 00 00 00 00 call __CheckForDebuggerJustMyCode - -; 10 : UCHAR RawData[] = { 0x9C }; - - 00047 c6 45 04 9c mov BYTE PTR RawData$[rbp], 156 ; 0000009cH - -; 11 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, 1); - - 0004b b9 10 01 00 00 mov ecx, 272 ; 00000110H - 00050 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new - 00055 48 89 85 28 01 - 00 00 mov QWORD PTR $T5[rbp], rax - 0005c 48 83 bd 28 01 - 00 00 00 cmp QWORD PTR $T5[rbp], 0 - 00064 74 2c je SHORT $LN3@JitEmitPus - 00066 c7 44 24 20 00 - 00 00 00 mov DWORD PTR [rsp+32], 0 - 0006e 41 b9 01 00 00 - 00 mov r9d, 1 - 00074 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp] - 00078 ba 0c 00 00 00 mov edx, 12 - 0007d 48 8b 8d 28 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] - 00084 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK - 00089 48 89 85 38 01 - 00 00 mov QWORD PTR tv79[rbp], rax - 00090 eb 0b jmp SHORT $LN4@JitEmitPus -$LN3@JitEmitPus: - 00092 48 c7 85 38 01 - 00 00 00 00 00 - 00 mov QWORD PTR tv79[rbp], 0 -$LN4@JitEmitPus: - 0009d 48 8b 85 38 01 - 00 00 mov rax, QWORD PTR tv79[rbp] - 000a4 48 89 85 08 01 - 00 00 mov QWORD PTR $T4[rbp], rax - 000ab 48 8b 85 08 01 - 00 00 mov rax, QWORD PTR $T4[rbp] - 000b2 48 89 45 28 mov QWORD PTR Link$[rbp], rax - -; 12 : XedDecode(&Link->XedInstruction, Link->RawData, 1); - - 000b6 48 8b 45 28 mov rax, QWORD PTR Link$[rbp] - 000ba 48 83 c0 30 add rax, 48 ; 00000030H - 000be 41 b8 01 00 00 - 00 mov r8d, 1 - 000c4 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp] - 000c8 48 8b 51 20 mov rdx, QWORD PTR [rcx+32] - 000cc 48 8b c8 mov rcx, rax - 000cf e8 00 00 00 00 call xed_decode - -; 13 : NcAppendToBlock(Block, Link); - - 000d4 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp] - 000d8 48 8b 8d 70 01 - 00 00 mov rcx, QWORD PTR Block$[rbp] - 000df e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock - -; 14 : return TRUE; - - 000e4 b8 01 00 00 00 mov eax, 1 - -; 15 : } - - 000e9 8b f8 mov edi, eax - 000eb 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48] - 000ef 48 8d 15 00 00 - 00 00 lea rdx, OFFSET FLAT:?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcFrameData - 000f6 e8 00 00 00 00 call _RTC_CheckStackVars - 000fb 8b c7 mov eax, edi - 000fd 48 8b 8d 40 01 - 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] - 00104 48 33 cd xor rcx, rbp - 00107 e8 00 00 00 00 call __security_check_cookie - 0010c 48 8d a5 58 01 - 00 00 lea rsp, QWORD PTR [rbp+344] - 00113 5f pop rdi - 00114 5d pop rbp - 00115 c3 ret 0 -?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ENDP ; JitEmitPushfqInst + 00161 5f pop rdi + 00162 5d pop rbp + 00163 c3 ret 0 +?JitMutateInstForXor@@YAHPEAU_NATIVE_CODE_LINK@@PEAEPEAU_JIT_BITWISE_DATA@@@Z ENDP ; JitMutateInstForXor _TEXT ENDS -; COMDAT text$x -text$x SEGMENT -RawData$ = 4 -Link$ = 40 -$T4 = 264 -$T5 = 296 -tv79 = 312 -__$ArrayPad$ = 320 -Block$ = 368 -?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `JitEmitPushfqInst'::`1'::dtor$0 - 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx - 0000a 55 push rbp - 0000b 57 push rdi - 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H - 00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48] - 00014 ba 10 01 00 00 mov edx, 272 ; 00000110H - 00019 48 8b 8d 28 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] - 00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete - 00025 48 83 c4 28 add rsp, 40 ; 00000028H - 00029 5f pop rdi - 0002a 5d pop rbp - 0002b c3 ret 0 -?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA ENDP ; `JitEmitPushfqInst'::`1'::dtor$0 -text$x ENDS -; Function compile flags: /Odtp /RTCsu /ZI -; COMDAT text$x -text$x SEGMENT -RawData$ = 4 -Link$ = 40 -$T4 = 264 -$T5 = 296 -tv79 = 312 -__$ArrayPad$ = 320 -Block$ = 368 -?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `JitEmitPushfqInst'::`1'::dtor$0 - 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx - 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx - 0000a 55 push rbp - 0000b 57 push rdi - 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H - 00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48] - 00014 ba 10 01 00 00 mov edx, 272 ; 00000110H - 00019 48 8b 8d 28 01 - 00 00 mov rcx, QWORD PTR $T5[rbp] - 00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete - 00025 48 83 c4 28 add rsp, 40 ; 00000028H - 00029 5f pop rdi - 0002a 5d pop rbp - 0002b c3 ret 0 -?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA ENDP ; `JitEmitPushfqInst'::`1'::dtor$0 -text$x ENDS ; Function compile flags: /Odtp /RTCsu /ZI ; COMDAT ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z _TEXT SEGMENT diff --git a/CodeVirtualizer/x64/Debug/Junk.cod b/CodeVirtualizer/x64/Debug/Junk.cod index 91469f3..20aeb21 100644 --- a/CodeVirtualizer/x64/Debug/Junk.cod +++ b/CodeVirtualizer/x64/Debug/Junk.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H diff --git a/CodeVirtualizer/x64/Debug/Main.cod b/CodeVirtualizer/x64/Debug/Main.cod index 2bb9921..908979d 100644 --- a/CodeVirtualizer/x64/Debug/Main.cod +++ b/CodeVirtualizer/x64/Debug/Main.cod @@ -9,6 +9,7 @@ PUBLIC ?TestBuffer@@3PAEA ; TestBuffer PUBLIC ?TestBufferSize@@3KA ; TestBufferSize PUBLIC ?meme1@@3PAEA ; meme1 PUBLIC ?RetNumCode@@3PAEA ; RetNumCode +PUBLIC ?IsEvenCode@@3PAEA ; IsEvenCode msvcjmc SEGMENT __B2D2BA86_ctype@h DB 01H __79C7FC57_basetsd@h DB 01H @@ -69,6 +70,7 @@ __3AFA803E_string DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H @@ -210,6 +212,20 @@ _DATA SEGMENT DB 075H DB 0e6H DB 0c3H + ORG $+3 +?IsEvenCode@@3PAEA DB 0f6H ; IsEvenCode + DB 0c1H + DB 01H + DB 075H + DB 05H + DB 066H + DB 0b8H + DB 01H + DB 00H + DB 0c3H + DB 033H + DB 0c0H + DB 0c3H _DATA ENDS PUBLIC ?__empty_global_delete@@YAXPEAX@Z ; __empty_global_delete PUBLIC ?__empty_global_delete@@YAXPEAX_K@Z ; __empty_global_delete @@ -345,6 +361,8 @@ PUBLIC ??_G?$basic_filebuf@DU?$char_traits@D@std@@@std@@UEAAPEAXI@Z ; std::basic PUBLIC ?__autoclassinit2@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAX_K@Z ; std::basic_ofstream >::__autoclassinit2 PUBLIC ??_G?$basic_ofstream@DU?$char_traits@D@std@@@std@@UEAAPEAXI@Z ; std::basic_ofstream >::`scalar deleting destructor' PUBLIC ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ ; std::basic_ofstream >::`vbase destructor' +PUBLIC ?TestShelcode@@YA_K_K000@Z ; TestShelcode +PUBLIC ?Nextfunction@@YA_K_K@Z ; Nextfunction PUBLIC main PUBLIC ??$use_facet@V?$codecvt@DDU_Mbstatet@@@std@@@std@@YAAEBV?$codecvt@DDU_Mbstatet@@@0@AEBVlocale@0@@Z ; std::use_facet > PUBLIC ??$min@_K@std@@YAAEB_KAEB_K0@Z ; std::min @@ -427,9 +445,11 @@ PUBLIC ??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@ ; std::basic_filebuf PUBLIC ??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@ ; std::basic_ofstream >::`vftable' PUBLIC ??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@ ; std::basic_ofstream >::`vbtable' PUBLIC ??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@ ; `string' -PUBLIC ??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ ; `string' +PUBLIC ??_C@_0L@BBCHICIA@Delta?3?5?$CFX?6@ ; `string' +PUBLIC ??_C@_0BF@NMPFEPIG@?$CFllu?5?$CFllu?5?$CFllu?5?$CFllu?6@ ; `string' PUBLIC ??_C@_05PDJBBECF@pause@ ; `string' -PUBLIC ??_C@_0DC@MEGCPGB@?6?6Size?3?5?$CFu?5?5?5Obfuscated?3?5?$CFllu?5?5@ ; `string' +PUBLIC ??_C@_06MJLDIBBJ@Done?4?6@ ; `string' +PUBLIC ??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ ; `string' PUBLIC ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ ; `string' PUBLIC ??_C@_0GI@GFIDMGHH@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string' PUBLIC ??_C@_1NA@LKMCOJGD@?$AAC?$AA?3?$AA?2?$AAP?$AAr?$AAo?$AAg?$AAr?$AAa?$AAm?$AA?5?$AAF?$AAi?$AAl?$AAe@ ; `string' @@ -494,6 +514,7 @@ PUBLIC ??_R1A@?0A@EA@bad_cast@std@@8 ; std::bad_cast::`RTTI Base Class Descrip PUBLIC __real@3fa66666 EXTRN ??2@YAPEAX_K@Z:PROC ; operator new EXTRN ??3@YAXPEAX_K@Z:PROC ; operator delete +EXTRN ??_U@YAPEAX_K@Z:PROC ; operator new[] EXTRN __imp__invalid_parameter:PROC EXTRN memcpy:PROC EXTRN memmove:PROC @@ -592,15 +613,10 @@ EXTRN __imp__time64:PROC EXTRN ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z:PROC ; std::setw EXTRN xed_tables_init:PROC EXTRN ??0_NATIVE_CODE_BLOCK@@QEAA@XZ:PROC ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK -EXTRN ?NcCountInstructions@@YAKPEAU_NATIVE_CODE_BLOCK@@H@Z:PROC ; NcCountInstructions EXTRN ?NcDisassemble@@YAHPEAU_NATIVE_CODE_BLOCK@@PEAXK@Z:PROC ; NcDisassemble EXTRN ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z:PROC ; NcAssemble -EXTRN ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; NcDeleteBlock -EXTRN ?ObfGenerateOpaqueBranches@@YAXPEAU_OPBR_SETS@@PEAU_NATIVE_CODE_BLOCK@@K@Z:PROC ; ObfGenerateOpaqueBranches -EXTRN ?ObfMutateInstructions@@YAXPEAU_INSTMUT_SETS@@PEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; ObfMutateInstructions EXTRN ??_E?$basic_filebuf@DU?$char_traits@D@std@@@std@@UEAAPEAXI@Z:PROC ; std::basic_filebuf >::`vector deleting destructor' EXTRN ??_E?$basic_ofstream@DU?$char_traits@D@std@@@std@@UEAAPEAXI@Z:PROC ; std::basic_ofstream >::`vector deleting destructor' -EXTRN RetNum:PROC EXTRN ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ:PROC ; std::basic_streambuf >::showmanyc EXTRN _CxxThrowException:PROC EXTRN _RTC_CheckStackVars:PROC @@ -1488,8 +1504,20 @@ $pdata$??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ DD imagerel $LN pdata ENDS ; COMDAT pdata pdata SEGMENT +$pdata$?TestShelcode@@YA_K_K000@Z DD imagerel $LN10 + DD imagerel $LN10+268 + DD imagerel $unwind$?TestShelcode@@YA_K_K000@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT +$pdata$?Nextfunction@@YA_K_K@Z DD imagerel $LN3 + DD imagerel $LN3+74 + DD imagerel $unwind$?Nextfunction@@YA_K_K@Z +pdata ENDS +; COMDAT pdata +pdata SEGMENT $pdata$main DD imagerel $LN7 - DD imagerel $LN7+559 + DD imagerel $LN7+911 DD imagerel $unwind$main pdata ENDS ; COMDAT pdata @@ -2268,19 +2296,26 @@ CONST ENDS CONST SEGMENT ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ DB ':AM:am:PM:pm', 00H ; `string' CONST ENDS -; COMDAT ??_C@_0DC@MEGCPGB@?6?6Size?3?5?$CFu?5?5?5Obfuscated?3?5?$CFllu?5?5@ +; COMDAT ??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ CONST SEGMENT -??_C@_0DC@MEGCPGB@?6?6Size?3?5?$CFu?5?5?5Obfuscated?3?5?$CFllu?5?5@ DB 0aH - DB 0aH, 'Size: %u Obfuscated: %llu Original: %llu', 0aH, 0aH - DB 00H ; `string' +??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ DB 'failed to assemble', 0aH, 00H ; `string' +CONST ENDS +; COMDAT ??_C@_06MJLDIBBJ@Done?4?6@ +CONST SEGMENT +??_C@_06MJLDIBBJ@Done?4?6@ DB 'Done.', 0aH, 00H ; `string' CONST ENDS ; COMDAT ??_C@_05PDJBBECF@pause@ CONST SEGMENT ??_C@_05PDJBBECF@pause@ DB 'pause', 00H ; `string' CONST ENDS -; COMDAT ??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ +; COMDAT ??_C@_0BF@NMPFEPIG@?$CFllu?5?$CFllu?5?$CFllu?5?$CFllu?6@ CONST SEGMENT -??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ DB 'failed to assemble', 0aH, 00H ; `string' +??_C@_0BF@NMPFEPIG@?$CFllu?5?$CFllu?5?$CFllu?5?$CFllu?6@ DB '%llu %llu %l' + DB 'lu %llu', 0aH, 00H ; `string' +CONST ENDS +; COMDAT ??_C@_0L@BBCHICIA@Delta?3?5?$CFX?6@ +CONST SEGMENT +??_C@_0L@BBCHICIA@Delta?3?5?$CFX?6@ DB 'Delta: %X', 0aH, 00H ; `string' CONST ENDS ; COMDAT ??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@ CONST SEGMENT @@ -3354,13 +3389,13 @@ xdata SEGMENT $ip2state$main DB 0aH DB 00H DB 00H - DB 0b2H + DB 019H, 06H DB 02H - DB 'M', 03H + DB 0c1H, 02H DB 00H DB '(' DB 02H - DB 0c5H, 02H + DB 01dH, 04H DB 00H xdata ENDS ; COMDAT xdata @@ -3377,13 +3412,13 @@ $cppxdata$main DB 028H xdata ENDS ; COMDAT xdata xdata SEGMENT -$unwind$main DD 025052f19H - DD 010a230fH - DD 070030047H +$unwind$main DD 035052f19H + DD 010a330fH + DD 070030059H DD 05002H DD imagerel __GSHandlerCheck_EH4 DD imagerel $cppxdata$main - DD 022aH + DD 02b2H xdata ENDS ; COMDAT CONST CONST SEGMENT @@ -3403,13 +3438,7 @@ main$rtcName$1 DB 04fH DB 062H DB 066H DB 00H -main$rtcName$2 DB 04fH - DB 062H - DB 066H - DB 032H - DB 00H - ORG $+3 -main$rtcName$3 DB 041H +main$rtcName$2 DB 041H DB 073H DB 06dH DB 053H @@ -3417,25 +3446,37 @@ main$rtcName$3 DB 041H DB 07aH DB 065H DB 00H -main$rtcVarDesc DD 0d4H + ORG $+8 +main$rtcVarDesc DD 0124H DD 04H - DQ FLAT:main$rtcName$3 - DD 0b8H - DD 08H DQ FLAT:main$rtcName$2 - DD 078H + DD 0e8H DD 020H DQ FLAT:main$rtcName$1 - DD 028H + DD 098H DD 030H DQ FLAT:main$rtcName$0 - ORG $+192 -main$rtcFrameData DD 04H + ORG $+144 +main$rtcFrameData DD 03H DD 00H DQ FLAT:main$rtcVarDesc CONST ENDS ; COMDAT xdata xdata SEGMENT +$unwind$?Nextfunction@@YA_K_K@Z DD 025052a01H + DD 010e2313H + DD 07007001dH + DD 05006H +xdata ENDS +; COMDAT xdata +xdata SEGMENT +$unwind$?TestShelcode@@YA_K_K000@Z DD 025053901H + DD 011d2322H + DD 070160029H + DD 05015H +xdata ENDS +; COMDAT xdata +xdata SEGMENT $unwind$??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ DD 025052a01H DD 010e2313H DD 07007001dH @@ -8751,46 +8792,56 @@ text$x ENDS ; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Main.cpp ; COMDAT main _TEXT SEGMENT -RetNumBlock$ = 8 -Obf$ = 88 -Obf2$ = 152 -AsmSize$ = 180 -Asm$ = 216 -Exec$ = 248 -$T7 = 468 -tv145 = 488 -tv133 = 496 -tv143 = 504 -tv141 = 512 -__$ArrayPad$ = 520 +Delta$ = 4 +ActualFunction$ = 40 +MemeBlock$ = 72 +RetNumBlock$ = 104 +Obf$ = 184 +AsmSize$ = 244 +Asm$ = 280 +Exec$ = 312 +$T6 = 536 +$T7 = 564 +tv203 = 584 +tv136 = 584 +tv177 = 592 +tv134 = 592 +tv201 = 600 +tv132 = 600 +tv185 = 608 +tv130 = 608 +tv199 = 616 +tv193 = 624 +tv197 = 632 +__$ArrayPad$ = 640 main PROC ; COMDAT -; 92 : { +; 123 : { $LN7: 00000 40 55 push rbp 00002 57 push rdi - 00003 48 81 ec 38 02 - 00 00 sub rsp, 568 ; 00000238H - 0000a 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00003 48 81 ec c8 02 + 00 00 sub rsp, 712 ; 000002c8H + 0000a 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48] 0000f 48 8b fc mov rdi, rsp - 00012 b9 8e 00 00 00 mov ecx, 142 ; 0000008eH + 00012 b9 b2 00 00 00 mov ecx, 178 ; 000000b2H 00017 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH 0001c f3 ab rep stosd 0001e 48 8b 05 00 00 00 00 mov rax, QWORD PTR __security_cookie 00025 48 33 c5 xor rax, rbp - 00028 48 89 85 08 02 + 00028 48 89 85 80 02 00 00 mov QWORD PTR __$ArrayPad$[rbp], rax 0002f 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:__4031338C_Main@cpp 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 93 : XedTablesInit(); +; 124 : XedTablesInit(); 0003b e8 00 00 00 00 call xed_tables_init -; 94 : srand(time(NULL)); +; 125 : srand(time(NULL)); 00040 33 c9 xor ecx, ecx 00042 e8 00 00 00 00 call time @@ -8798,382 +8849,505 @@ $LN7: 00049 ff 15 00 00 00 00 call QWORD PTR __imp_srand -; 95 : -; 96 : //system("pause"); -; 97 : -; 98 : NATIVE_CODE_BLOCK RetNumBlock; +; 126 : ULONG Delta = (*((PULONG)((PUCHAR)TestShelcode + 1))) + 5; + + 0004f 48 8d 05 00 00 + 00 00 lea rax, OFFSET FLAT:?TestShelcode@@YA_K_K000@Z ; TestShelcode + 00056 48 ff c0 inc rax + 00059 8b 00 mov eax, DWORD PTR [rax] + 0005b 83 c0 05 add eax, 5 + 0005e 89 45 04 mov DWORD PTR Delta$[rbp], eax + +; 127 : printf("Delta: %X\n", Delta); + + 00061 8b 55 04 mov edx, DWORD PTR Delta$[rbp] + 00064 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_0L@BBCHICIA@Delta?3?5?$CFX?6@ + 0006b e8 00 00 00 00 call printf + +; 128 : PVOID ActualFunction = (PVOID)((ULONG64)TestShelcode + Delta); + + 00070 8b 45 04 mov eax, DWORD PTR Delta$[rbp] + 00073 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:?TestShelcode@@YA_K_K000@Z ; TestShelcode + 0007a 48 03 c8 add rcx, rax + 0007d 48 8b c1 mov rax, rcx + 00080 48 89 45 28 mov QWORD PTR ActualFunction$[rbp], rax + +; 129 : +; 130 : printf("%llu %llu %llu %llu\n", TestShelcode(1, 2, 3, 4), TestShelcode(20, 20, 20, 4), TestShelcode(50, 50, 50, 0), Nextfunction(12)); + + 00084 b9 0c 00 00 00 mov ecx, 12 + 00089 e8 00 00 00 00 call ?Nextfunction@@YA_K_K@Z ; Nextfunction + 0008e 48 89 85 48 02 + 00 00 mov QWORD PTR tv136[rbp], rax + 00095 45 33 c9 xor r9d, r9d + 00098 41 b8 32 00 00 + 00 mov r8d, 50 ; 00000032H + 0009e ba 32 00 00 00 mov edx, 50 ; 00000032H + 000a3 b9 32 00 00 00 mov ecx, 50 ; 00000032H + 000a8 e8 00 00 00 00 call ?TestShelcode@@YA_K_K000@Z ; TestShelcode + 000ad 48 89 85 50 02 + 00 00 mov QWORD PTR tv134[rbp], rax + 000b4 41 b9 04 00 00 + 00 mov r9d, 4 + 000ba 41 b8 14 00 00 + 00 mov r8d, 20 + 000c0 ba 14 00 00 00 mov edx, 20 + 000c5 b9 14 00 00 00 mov ecx, 20 + 000ca e8 00 00 00 00 call ?TestShelcode@@YA_K_K000@Z ; TestShelcode + 000cf 48 89 85 58 02 + 00 00 mov QWORD PTR tv132[rbp], rax + 000d6 41 b9 04 00 00 + 00 mov r9d, 4 + 000dc 41 b8 03 00 00 + 00 mov r8d, 3 + 000e2 ba 02 00 00 00 mov edx, 2 + 000e7 b9 01 00 00 00 mov ecx, 1 + 000ec e8 00 00 00 00 call ?TestShelcode@@YA_K_K000@Z ; TestShelcode + 000f1 48 89 85 60 02 + 00 00 mov QWORD PTR tv130[rbp], rax + 000f8 48 8b 85 48 02 + 00 00 mov rax, QWORD PTR tv136[rbp] + 000ff 48 89 44 24 20 mov QWORD PTR [rsp+32], rax + 00104 4c 8b 8d 50 02 + 00 00 mov r9, QWORD PTR tv134[rbp] + 0010b 4c 8b 85 58 02 + 00 00 mov r8, QWORD PTR tv132[rbp] + 00112 48 8b 95 60 02 + 00 00 mov rdx, QWORD PTR tv130[rbp] + 00119 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_0BF@NMPFEPIG@?$CFllu?5?$CFllu?5?$CFllu?5?$CFllu?6@ + 00120 e8 00 00 00 00 call printf + +; 131 : system("pause"); + + 00125 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@ + 0012c ff 15 00 00 00 + 00 call QWORD PTR __imp_system - 0004f 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] - 00053 e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK - 00058 90 npad 1 +; 132 : +; 133 : PUCHAR MemeBlock = new UCHAR[268]; -; 99 : NcDisassemble(&RetNumBlock, RetNumCode, sizeof(RetNumCode)); + 00132 b9 0c 01 00 00 mov ecx, 268 ; 0000010cH + 00137 e8 00 00 00 00 call ??_U@YAPEAX_K@Z ; operator new[] + 0013c 48 89 85 18 02 + 00 00 mov QWORD PTR $T6[rbp], rax + 00143 48 8b 85 18 02 + 00 00 mov rax, QWORD PTR $T6[rbp] + 0014a 48 89 45 48 mov QWORD PTR MemeBlock$[rbp], rax - 00059 41 b8 1d 00 00 - 00 mov r8d, 29 - 0005f 48 8d 15 00 00 - 00 00 lea rdx, OFFSET FLAT:?RetNumCode@@3PAEA ; RetNumCode - 00066 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] - 0006a e8 00 00 00 00 call ?NcDisassemble@@YAHPEAU_NATIVE_CODE_BLOCK@@PEAXK@Z ; NcDisassemble +; 134 : memcpy(MemeBlock, ActualFunction, 268); -; 100 : OPBR_SETS Obf; -; 101 : Obf.Flags = 0; + 0014e 41 b8 0c 01 00 + 00 mov r8d, 268 ; 0000010cH + 00154 48 8b 55 28 mov rdx, QWORD PTR ActualFunction$[rbp] + 00158 48 8b 4d 48 mov rcx, QWORD PTR MemeBlock$[rbp] + 0015c e8 00 00 00 00 call memcpy - 0006f c7 45 64 00 00 - 00 00 mov DWORD PTR Obf$[rbp+12], 0 +; 135 : +; 136 : PrintByteArr(MemeBlock, 268); -; 102 : Obf.ParentBlock = &RetNumBlock; + 00161 ba 0c 01 00 00 mov edx, 268 ; 0000010cH + 00166 48 8b 4d 48 mov rcx, QWORD PTR MemeBlock$[rbp] + 0016a e8 00 00 00 00 call ?PrintByteArr@@YAXPEAXK@Z ; PrintByteArr - 00076 48 8d 45 08 lea rax, QWORD PTR RetNumBlock$[rbp] - 0007a 48 89 45 70 mov QWORD PTR Obf$[rbp+24], rax +; 137 : system("pause"); -; 103 : Obf.Divisor = 1.3F; + 0016f 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@ + 00176 ff 15 00 00 00 + 00 call QWORD PTR __imp_system - 0007e f3 0f 10 05 00 - 00 00 00 movss xmm0, DWORD PTR __real@3fa66666 - 00086 f3 0f 11 45 60 movss DWORD PTR Obf$[rbp+8], xmm0 +; 138 : +; 139 : NATIVE_CODE_BLOCK RetNumBlock; + + 0017c 48 8d 4d 68 lea rcx, QWORD PTR RetNumBlock$[rbp] + 00180 e8 00 00 00 00 call ??0_NATIVE_CODE_BLOCK@@QEAA@XZ ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK + 00185 90 npad 1 -; 104 : Obf.MaxDepth = 10; +; 140 : //NcDisassemble(&RetNumBlock, RetNumCode, sizeof(RetNumCode)); +; 141 : NcDisassemble(&RetNumBlock, MemeBlock, 268); - 0008b c7 45 58 0a 00 - 00 00 mov DWORD PTR Obf$[rbp], 10 + 00186 41 b8 0c 01 00 + 00 mov r8d, 268 ; 0000010cH + 0018c 48 8b 55 48 mov rdx, QWORD PTR MemeBlock$[rbp] + 00190 48 8d 4d 68 lea rcx, QWORD PTR RetNumBlock$[rbp] + 00194 e8 00 00 00 00 call ?NcDisassemble@@YAHPEAU_NATIVE_CODE_BLOCK@@PEAXK@Z ; NcDisassemble -; 105 : Obf.MinBranchSize = 1; +; 142 : printf("Done.\n"); - 00092 c7 45 5c 01 00 - 00 00 mov DWORD PTR Obf$[rbp+4], 1 + 00199 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_06MJLDIBBJ@Done?4?6@ + 001a0 e8 00 00 00 00 call printf -; 106 : Obf.ChanceForBranch = 50; +; 143 : OPBR_SETS Obf; +; 144 : Obf.Flags = 0; - 00099 c7 45 6c 32 00 - 00 00 mov DWORD PTR Obf$[rbp+20], 50 ; 00000032H + 001a5 c7 85 c4 00 00 + 00 00 00 00 00 mov DWORD PTR Obf$[rbp+12], 0 -; 107 : Obf.MinDepthForBranch = 0; +; 145 : Obf.ParentBlock = &RetNumBlock; - 000a0 c7 45 68 00 00 - 00 00 mov DWORD PTR Obf$[rbp+16], 0 + 001af 48 8d 45 68 lea rax, QWORD PTR RetNumBlock$[rbp] + 001b3 48 89 85 d0 00 + 00 00 mov QWORD PTR Obf$[rbp+24], rax -; 108 : ObfGenerateOpaqueBranches(&Obf, &RetNumBlock); +; 146 : Obf.Divisor = 1.3F; - 000a7 45 33 c0 xor r8d, r8d - 000aa 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp] - 000ae 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp] - 000b2 e8 00 00 00 00 call ?ObfGenerateOpaqueBranches@@YAXPEAU_OPBR_SETS@@PEAU_NATIVE_CODE_BLOCK@@K@Z ; ObfGenerateOpaqueBranches + 001ba f3 0f 10 05 00 + 00 00 00 movss xmm0, DWORD PTR __real@3fa66666 + 001c2 f3 0f 11 85 c0 + 00 00 00 movss DWORD PTR Obf$[rbp+8], xmm0 -; 109 : INSTMUT_SETS Obf2; -; 110 : Obf2.MutateChance = 100; +; 147 : Obf.MaxDepth = 10; - 000b7 c7 85 9c 00 00 - 00 64 00 00 00 mov DWORD PTR Obf2$[rbp+4], 100 ; 00000064H + 001ca c7 85 b8 00 00 + 00 0a 00 00 00 mov DWORD PTR Obf$[rbp], 10 -; 111 : ObfMutateInstructions(&Obf2, &RetNumBlock); +; 148 : Obf.MinBranchSize = 20; - 000c1 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp] - 000c5 48 8d 8d 98 00 - 00 00 lea rcx, QWORD PTR Obf2$[rbp] - 000cc e8 00 00 00 00 call ?ObfMutateInstructions@@YAXPEAU_INSTMUT_SETS@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfMutateInstructions + 001d4 c7 85 bc 00 00 + 00 14 00 00 00 mov DWORD PTR Obf$[rbp+4], 20 -; 112 : -; 113 : Obf.MinBranchSize = 27; +; 149 : Obf.ChanceForBranch = 100; - 000d1 c7 45 5c 1b 00 - 00 00 mov DWORD PTR Obf$[rbp+4], 27 + 001de c7 85 cc 00 00 + 00 64 00 00 00 mov DWORD PTR Obf$[rbp+20], 100 ; 00000064H -; 114 : ObfGenerateOpaqueBranches(&Obf, &RetNumBlock); +; 150 : Obf.MinDepthForBranch = 0; - 000d8 45 33 c0 xor r8d, r8d - 000db 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp] - 000df 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp] - 000e3 e8 00 00 00 00 call ?ObfGenerateOpaqueBranches@@YAXPEAU_OPBR_SETS@@PEAU_NATIVE_CODE_BLOCK@@K@Z ; ObfGenerateOpaqueBranches + 001e8 c7 85 c8 00 00 + 00 00 00 00 00 mov DWORD PTR Obf$[rbp+16], 0 -; 115 : /*Obf.MinBranchSize = 27; -; 116 : ObfGenerateOpaqueBranches(&Obf, &RetNumBlock); -; 117 : Obf.MinBranchSize = 27; -; 118 : ObfGenerateOpaqueBranches(&Obf, &RetNumBlock);*/ -; 119 : //NcDebugPrint(&RetNumBlock); -; 120 : -; 121 : ULONG AsmSize; -; 122 : PVOID Asm = NcAssemble(&RetNumBlock, &AsmSize); +; 151 : //ObfGenerateOpaqueBranches(&Obf, &RetNumBlock); +; 152 : /* +; 153 : INSTMUT_SETS Obf2; +; 154 : Obf2.MutateChance = 100; +; 155 : ObfMutateInstructions(&Obf2, &RetNumBlock); +; 156 : Obf.MinBranchSize = 27; +; 157 : ObfGenerateOpaqueBranches(&Obf, &RetNumBlock);*/ +; 158 : +; 159 : ULONG AsmSize; +; 160 : PVOID Asm = NcAssemble(&RetNumBlock, &AsmSize); - 000e8 48 8d 95 b4 00 + 001f2 48 8d 95 f4 00 00 00 lea rdx, QWORD PTR AsmSize$[rbp] - 000ef 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] - 000f3 e8 00 00 00 00 call ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z ; NcAssemble - 000f8 48 89 85 d8 00 + 001f9 48 8d 4d 68 lea rcx, QWORD PTR RetNumBlock$[rbp] + 001fd e8 00 00 00 00 call ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z ; NcAssemble + 00202 48 89 85 18 01 00 00 mov QWORD PTR Asm$[rbp], rax -; 123 : if (!Asm) +; 161 : if (!Asm) - 000ff 48 83 bd d8 00 + 00209 48 83 bd 18 01 00 00 00 cmp QWORD PTR Asm$[rbp], 0 - 00107 75 37 jne SHORT $LN2@main + 00211 75 37 jne SHORT $LN2@main -; 124 : { -; 125 : printf("failed to assemble\n"); +; 162 : { +; 163 : printf("failed to assemble\n"); - 00109 48 8d 0d 00 00 + 00213 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ - 00110 e8 00 00 00 00 call printf + 0021a e8 00 00 00 00 call printf -; 126 : system("pause"); +; 164 : system("pause"); - 00115 48 8d 0d 00 00 + 0021f 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@ - 0011c ff 15 00 00 00 + 00226 ff 15 00 00 00 00 call QWORD PTR __imp_system -; 127 : return 1; +; 165 : return 1; - 00122 c7 85 d4 01 00 + 0022c c7 85 34 02 00 00 01 00 00 00 mov DWORD PTR $T7[rbp], 1 - 0012c 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] - 00130 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ - 00135 8b 85 d4 01 00 + 00236 48 8d 4d 68 lea rcx, QWORD PTR RetNumBlock$[rbp] + 0023a e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ + 0023f 8b 85 34 02 00 00 mov eax, DWORD PTR $T7[rbp] - 0013b e9 c0 00 00 00 jmp $LN5@main + 00245 e9 16 01 00 00 jmp $LN5@main $LN2@main: -; 128 : } -; 129 : PutToFile(Asm, AsmSize); +; 166 : } +; 167 : PutToFile(Asm, AsmSize); - 00140 8b 95 b4 00 00 + 0024a 8b 95 f4 00 00 00 mov edx, DWORD PTR AsmSize$[rbp] - 00146 48 8b 8d d8 00 + 00250 48 8b 8d 18 01 00 00 mov rcx, QWORD PTR Asm$[rbp] - 0014d e8 00 00 00 00 call ?PutToFile@@YAXPEAXK@Z ; PutToFile + 00257 e8 00 00 00 00 call ?PutToFile@@YAXPEAXK@Z ; PutToFile -; 130 : system("pause"); +; 168 : system("pause"); - 00152 48 8d 0d 00 00 + 0025c 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@ - 00159 ff 15 00 00 00 + 00263 ff 15 00 00 00 00 call QWORD PTR __imp_system -; 131 : -; 132 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); +; 169 : +; 170 : typedef ULONG64(*FnTestShelcode)(ULONG64, ULONG64, ULONG64, ULONG64); +; 171 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); - 0015f 8b 95 b4 00 00 + 00269 8b 95 f4 00 00 00 mov edx, DWORD PTR AsmSize$[rbp] - 00165 48 8b 8d d8 00 + 0026f 48 8b 8d 18 01 00 00 mov rcx, QWORD PTR Asm$[rbp] - 0016c e8 00 00 00 00 call ?MakeExecutableBuffer@@YAPEAXPEAXK@Z ; MakeExecutableBuffer - 00171 48 89 85 f8 00 + 00276 e8 00 00 00 00 call ?MakeExecutableBuffer@@YAPEAXPEAXK@Z ; MakeExecutableBuffer + 0027b 48 89 85 38 01 00 00 mov QWORD PTR Exec$[rbp], rax -; 133 : typedef ULONG64(*FnRetNum)(ULONG Num); -; 134 : printf("\n\nSize: %u Obfuscated: %llu Original: %llu\n\n", NcCountInstructions(&RetNumBlock), ((FnRetNum)Exec)(1776), RetNum(1776)); +; 172 : printf("%llu %llu %llu %llu\n", ((FnTestShelcode)Exec)(1, 2, 3, 4), ((FnTestShelcode)Exec)(20, 20, 20, 4), ((FnTestShelcode)Exec)(50, 50, 50, 0), Nextfunction(12)); - 00178 b9 f0 06 00 00 mov ecx, 1776 ; 000006f0H - 0017d e8 00 00 00 00 call RetNum - 00182 48 89 85 e8 01 - 00 00 mov QWORD PTR tv145[rbp], rax - 00189 48 8b 85 f8 00 + 00282 b9 0c 00 00 00 mov ecx, 12 + 00287 e8 00 00 00 00 call ?Nextfunction@@YA_K_K@Z ; Nextfunction + 0028c 48 89 85 48 02 + 00 00 mov QWORD PTR tv203[rbp], rax + 00293 48 8b 85 38 01 00 00 mov rax, QWORD PTR Exec$[rbp] - 00190 48 89 85 f0 01 - 00 00 mov QWORD PTR tv133[rbp], rax - 00197 b9 f0 06 00 00 mov ecx, 1776 ; 000006f0H - 0019c ff 95 f0 01 00 - 00 call QWORD PTR tv133[rbp] - 001a2 48 89 85 f8 01 - 00 00 mov QWORD PTR tv143[rbp], rax - 001a9 33 d2 xor edx, edx - 001ab 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] - 001af e8 00 00 00 00 call ?NcCountInstructions@@YAKPEAU_NATIVE_CODE_BLOCK@@H@Z ; NcCountInstructions - 001b4 89 85 00 02 00 - 00 mov DWORD PTR tv141[rbp], eax - 001ba 4c 8b 8d e8 01 - 00 00 mov r9, QWORD PTR tv145[rbp] - 001c1 4c 8b 85 f8 01 - 00 00 mov r8, QWORD PTR tv143[rbp] - 001c8 8b 95 00 02 00 - 00 mov edx, DWORD PTR tv141[rbp] - 001ce 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:??_C@_0DC@MEGCPGB@?6?6Size?3?5?$CFu?5?5?5Obfuscated?3?5?$CFllu?5?5@ - 001d5 e8 00 00 00 00 call printf - -; 135 : NcDeleteBlock(&RetNumBlock); - - 001da 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] - 001de e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock - -; 136 : system("pause"); - - 001e3 48 8d 0d 00 00 - 00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@ - 001ea ff 15 00 00 00 - 00 call QWORD PTR __imp_system - 001f0 90 npad 1 - -; 137 : -; 138 : -; 139 : /*NATIVE_CODE_BLOCK Block; -; 140 : NcDisassemble(&Block, meme1, sizeof(meme1)); -; 141 : OBFUSCATOR Obf; -; 142 : Obf.Flags = 0; -; 143 : Obf.MinSizeForOpaqueBranch = 12; -; 144 : Obf.GlobalBlock = &Block; -; 145 : ObfObfuscate(&Obf, &Block); -; 146 : Obf.MinSizeForOpaqueBranch = 4; -; 147 : ObfObfuscate(&Obf, &Block); -; 148 : NcDebugPrint(&Block); -; 149 : -; 150 : ULONG ByteSize = NcCalcBlockSizeInBytes(&Block); -; 151 : ULONG InstSize = NcCountInstructions(&Block); -; 152 : -; 153 : printf("Bytes: %u, Insts: %u, FlagsMeme: %u.\n", ByteSize, InstSize, Obf.Flags); -; 154 : -; 155 : ULONG AsmSize; -; 156 : PVOID Asm = NcAssemble(&Block, &AsmSize); -; 157 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); -; 158 : typedef ULONG(*FnGetFour)(); -; 159 : printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize); -; 160 : PutToFile(Asm, AsmSize);*/ -; 161 : -; 162 : -; 163 : //PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1)); -; 164 : //PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2)); -; 165 : //PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776); -; 166 : //PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776); -; 167 : //PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst); -; 168 : //PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst); -; 169 : -; 170 : //NcAppendToBlock(Pre1, Return1776); -; 171 : //NcInsertBlockAfter(Pre1->End, Post1, 0); -; 172 : //Pre1->End = Post1->End; -; 173 : //NcInsertBlockAfter(Pre1->End, Pre2, 0); -; 174 : //Pre1->End = Pre2->End; -; 175 : //NcAppendToBlock(Pre1, RetInst); -; 176 : //NcInsertBlockAfter(Pre1->End, Post2, 0); -; 177 : //Pre1->End = Post2->End; + 0029a 48 89 85 50 02 + 00 00 mov QWORD PTR tv177[rbp], rax + 002a1 45 33 c9 xor r9d, r9d + 002a4 41 b8 32 00 00 + 00 mov r8d, 50 ; 00000032H + 002aa ba 32 00 00 00 mov edx, 50 ; 00000032H + 002af b9 32 00 00 00 mov ecx, 50 ; 00000032H + 002b4 ff 95 50 02 00 + 00 call QWORD PTR tv177[rbp] + 002ba 48 89 85 58 02 + 00 00 mov QWORD PTR tv201[rbp], rax + 002c1 48 8b 85 38 01 + 00 00 mov rax, QWORD PTR Exec$[rbp] + 002c8 48 89 85 60 02 + 00 00 mov QWORD PTR tv185[rbp], rax + 002cf 41 b9 04 00 00 + 00 mov r9d, 4 + 002d5 41 b8 14 00 00 + 00 mov r8d, 20 + 002db ba 14 00 00 00 mov edx, 20 + 002e0 b9 14 00 00 00 mov ecx, 20 + 002e5 ff 95 60 02 00 + 00 call QWORD PTR tv185[rbp] + 002eb 48 89 85 68 02 + 00 00 mov QWORD PTR tv199[rbp], rax + 002f2 48 8b 85 38 01 + 00 00 mov rax, QWORD PTR Exec$[rbp] + 002f9 48 89 85 70 02 + 00 00 mov QWORD PTR tv193[rbp], rax + 00300 41 b9 04 00 00 + 00 mov r9d, 4 + 00306 41 b8 03 00 00 + 00 mov r8d, 3 + 0030c ba 02 00 00 00 mov edx, 2 + 00311 b9 01 00 00 00 mov ecx, 1 + 00316 ff 95 70 02 00 + 00 call QWORD PTR tv193[rbp] + 0031c 48 89 85 78 02 + 00 00 mov QWORD PTR tv197[rbp], rax + 00323 48 8b 85 48 02 + 00 00 mov rax, QWORD PTR tv203[rbp] + 0032a 48 89 44 24 20 mov QWORD PTR [rsp+32], rax + 0032f 4c 8b 8d 58 02 + 00 00 mov r9, QWORD PTR tv201[rbp] + 00336 4c 8b 85 68 02 + 00 00 mov r8, QWORD PTR tv199[rbp] + 0033d 48 8b 95 78 02 + 00 00 mov rdx, QWORD PTR tv197[rbp] + 00344 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_0BF@NMPFEPIG@?$CFllu?5?$CFllu?5?$CFllu?5?$CFllu?6@ + 0034b e8 00 00 00 00 call printf + 00350 90 npad 1 + +; 173 : +; 174 : +; 175 : +; 176 : /*PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); +; 177 : typedef ULONG64(*FnRetNum)(ULONG Num); ; 178 : -; 179 : ///*Pre->Start = Return1776; -; 180 : //Pre->End = Return1776;*/ -; 181 : -; 182 : //for (ULONG i = 0; i < Return1776->RawDataSize; i++) -; 183 : // Return1776->RawData[i] = (UCHAR)rand(); -; 184 : //for (ULONG i = 0; i < RetInst->RawDataSize; i++) -; 185 : // RetInst->RawData[i] = (UCHAR)rand(); -; 186 : -; 187 : -; 188 : -; 189 : //ULONG AsmLen; -; 190 : //PVOID Asm = NcAssemble(Pre1, &AsmLen); -; 191 : //PUCHAR Tb = (PUCHAR)Asm; -; 192 : //for (uint32_t i = 0; i < AsmLen; i++) -; 193 : //{ -; 194 : // std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' '; -; 195 : //} -; 196 : -; 197 : //system("pause"); -; 198 : -; 199 : //typedef ULONG64(*FnGet1776)(); -; 200 : //FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen); -; 201 : //if (ExecBuffer) -; 202 : //{ -; 203 : // printf("The numba was: %X\n", ExecBuffer()); -; 204 : // printf("The numba was: %X\n", ExecBuffer()); -; 205 : -; 206 : // printf("The numba was: %X\n", ExecBuffer()); +; 179 : printf("\n\nSize: %u Obfuscated: %llu Original: %llu\n\n", NcCountInstructions(&RetNumBlock), ((FnRetNum)Exec)(1776), ((FnRetNum)Exec)(1776)); +; 180 : NcDeleteBlock(&RetNumBlock); +; 181 : system("pause");*/ +; 182 : +; 183 : +; 184 : /*NATIVE_CODE_BLOCK Block; +; 185 : NcDisassemble(&Block, meme1, sizeof(meme1)); +; 186 : OBFUSCATOR Obf; +; 187 : Obf.Flags = 0; +; 188 : Obf.MinSizeForOpaqueBranch = 12; +; 189 : Obf.GlobalBlock = &Block; +; 190 : ObfObfuscate(&Obf, &Block); +; 191 : Obf.MinSizeForOpaqueBranch = 4; +; 192 : ObfObfuscate(&Obf, &Block); +; 193 : NcDebugPrint(&Block); +; 194 : +; 195 : ULONG ByteSize = NcCalcBlockSizeInBytes(&Block); +; 196 : ULONG InstSize = NcCountInstructions(&Block); +; 197 : +; 198 : printf("Bytes: %u, Insts: %u, FlagsMeme: %u.\n", ByteSize, InstSize, Obf.Flags); +; 199 : +; 200 : ULONG AsmSize; +; 201 : PVOID Asm = NcAssemble(&Block, &AsmSize); +; 202 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize); +; 203 : typedef ULONG(*FnGetFour)(); +; 204 : printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize); +; 205 : PutToFile(Asm, AsmSize);*/ +; 206 : ; 207 : -; 208 : // printf("The numba was: %X\n", ExecBuffer()); -; 209 : -; 210 : //} -; 211 : -; 212 : -; 213 : //NcDebugPrint(Post); +; 208 : //PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1)); +; 209 : //PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2)); +; 210 : //PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776); +; 211 : //PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776); +; 212 : //PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst); +; 213 : //PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst); ; 214 : -; 215 : -; 216 : -; 217 : /*NATIVE_CODE_BLOCK Block; -; 218 : NcDisassemble(&Block, TestBuffer, TestBufferSize); -; 219 : PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1)); -; 220 : -; 221 : NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink); -; 222 : ULONG AssembledSize; -; 223 : PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize); -; 224 : if (!AssembledBlock || !AssembledSize) -; 225 : { -; 226 : printf("Something failed nicka.\n"); -; 227 : system("pause"); -; 228 : return -1; -; 229 : } -; 230 : PUCHAR Tb = (PUCHAR)AssembledBlock; -; 231 : for (uint32_t i = 0; i < AssembledSize; i++) -; 232 : { -; 233 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' '; -; 234 : } -; 235 : */ -; 236 : -; 237 : -; 238 : //PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End); -; 239 : //NcDebugPrint(OpaqueBranch); -; 240 : +; 215 : //NcAppendToBlock(Pre1, Return1776); +; 216 : //NcInsertBlockAfter(Pre1->End, Post1, 0); +; 217 : //Pre1->End = Post1->End; +; 218 : //NcInsertBlockAfter(Pre1->End, Pre2, 0); +; 219 : //Pre1->End = Pre2->End; +; 220 : //NcAppendToBlock(Pre1, RetInst); +; 221 : //NcInsertBlockAfter(Pre1->End, Post2, 0); +; 222 : //Pre1->End = Post2->End; +; 223 : +; 224 : ///*Pre->Start = Return1776; +; 225 : //Pre->End = Return1776;*/ +; 226 : +; 227 : //for (ULONG i = 0; i < Return1776->RawDataSize; i++) +; 228 : // Return1776->RawData[i] = (UCHAR)rand(); +; 229 : //for (ULONG i = 0; i < RetInst->RawDataSize; i++) +; 230 : // RetInst->RawData[i] = (UCHAR)rand(); +; 231 : +; 232 : +; 233 : +; 234 : //ULONG AsmLen; +; 235 : //PVOID Asm = NcAssemble(Pre1, &AsmLen); +; 236 : //PUCHAR Tb = (PUCHAR)Asm; +; 237 : //for (uint32_t i = 0; i < AsmLen; i++) +; 238 : //{ +; 239 : // std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' '; +; 240 : //} ; 241 : -; 242 : -; 243 : /*NATIVE_CODE_LINK T; -; 244 : T.RawDataSize = 10; -; 245 : T.RawData = new UCHAR[10]; -; 246 : memset(T.RawData, 0xAA, 10); -; 247 : JIT_BITWISE_DATA Data; -; 248 : RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA)); -; 249 : PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T); -; 250 : if (NewBlock) -; 251 : { -; 252 : printf("\n"); -; 253 : NcDebugPrint(NewBlock); -; 254 : printf("\n"); -; 255 : NcPrintBlockCode(NewBlock); -; 256 : } -; 257 : system("pause");*/ -; 258 : -; 259 : } - - 001f1 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] - 001f5 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ - 001fa eb 02 jmp SHORT $LN6@main - 001fc eb 02 jmp SHORT $LN5@main +; 242 : //system("pause"); +; 243 : +; 244 : //typedef ULONG64(*FnGet1776)(); +; 245 : //FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen); +; 246 : //if (ExecBuffer) +; 247 : //{ +; 248 : // printf("The numba was: %X\n", ExecBuffer()); +; 249 : // printf("The numba was: %X\n", ExecBuffer()); +; 250 : +; 251 : // printf("The numba was: %X\n", ExecBuffer()); +; 252 : +; 253 : // printf("The numba was: %X\n", ExecBuffer()); +; 254 : +; 255 : //} +; 256 : +; 257 : +; 258 : //NcDebugPrint(Post); +; 259 : +; 260 : +; 261 : +; 262 : /*NATIVE_CODE_BLOCK Block; +; 263 : NcDisassemble(&Block, TestBuffer, TestBufferSize); +; 264 : PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1)); +; 265 : +; 266 : NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink); +; 267 : ULONG AssembledSize; +; 268 : PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize); +; 269 : if (!AssembledBlock || !AssembledSize) +; 270 : { +; 271 : printf("Something failed nicka.\n"); +; 272 : system("pause"); +; 273 : return -1; +; 274 : } +; 275 : PUCHAR Tb = (PUCHAR)AssembledBlock; +; 276 : for (uint32_t i = 0; i < AssembledSize; i++) +; 277 : { +; 278 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' '; +; 279 : } +; 280 : */ +; 281 : +; 282 : +; 283 : //PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End); +; 284 : //NcDebugPrint(OpaqueBranch); +; 285 : +; 286 : +; 287 : +; 288 : /*NATIVE_CODE_LINK T; +; 289 : T.RawDataSize = 10; +; 290 : T.RawData = new UCHAR[10]; +; 291 : memset(T.RawData, 0xAA, 10); +; 292 : JIT_BITWISE_DATA Data; +; 293 : RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA)); +; 294 : PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T); +; 295 : if (NewBlock) +; 296 : { +; 297 : printf("\n"); +; 298 : NcDebugPrint(NewBlock); +; 299 : printf("\n"); +; 300 : NcPrintBlockCode(NewBlock); +; 301 : } +; 302 : system("pause");*/ +; 303 : +; 304 : } + + 00351 48 8d 4d 68 lea rcx, QWORD PTR RetNumBlock$[rbp] + 00355 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ + 0035a eb 02 jmp SHORT $LN6@main + 0035c eb 02 jmp SHORT $LN5@main $LN6@main: - 001fe 33 c0 xor eax, eax + 0035e 33 c0 xor eax, eax $LN5@main: - 00200 48 8b f8 mov rdi, rax - 00203 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] - 00207 48 8d 15 00 00 + 00360 48 8b f8 mov rdi, rax + 00363 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48] + 00367 48 8d 15 00 00 00 00 lea rdx, OFFSET FLAT:main$rtcFrameData - 0020e e8 00 00 00 00 call _RTC_CheckStackVars - 00213 48 8b c7 mov rax, rdi - 00216 48 8b 8d 08 02 + 0036e e8 00 00 00 00 call _RTC_CheckStackVars + 00373 48 8b c7 mov rax, rdi + 00376 48 8b 8d 80 02 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] - 0021d 48 33 cd xor rcx, rbp - 00220 e8 00 00 00 00 call __security_check_cookie - 00225 48 8d a5 18 02 - 00 00 lea rsp, QWORD PTR [rbp+536] - 0022c 5f pop rdi - 0022d 5d pop rbp - 0022e c3 ret 0 + 0037d 48 33 cd xor rcx, rbp + 00380 e8 00 00 00 00 call __security_check_cookie + 00385 48 8d a5 98 02 + 00 00 lea rsp, QWORD PTR [rbp+664] + 0038c 5f pop rdi + 0038d 5d pop rbp + 0038e c3 ret 0 main ENDP _TEXT ENDS ; COMDAT text$x text$x SEGMENT -RetNumBlock$ = 8 -Obf$ = 88 -Obf2$ = 152 -AsmSize$ = 180 -Asm$ = 216 -Exec$ = 248 -$T7 = 468 -tv145 = 488 -tv133 = 496 -tv143 = 504 -tv141 = 512 -__$ArrayPad$ = 520 +Delta$ = 4 +ActualFunction$ = 40 +MemeBlock$ = 72 +RetNumBlock$ = 104 +Obf$ = 184 +AsmSize$ = 244 +Asm$ = 280 +Exec$ = 312 +$T6 = 536 +$T7 = 564 +tv203 = 584 +tv136 = 584 +tv177 = 592 +tv134 = 592 +tv201 = 600 +tv132 = 600 +tv185 = 608 +tv130 = 608 +tv199 = 616 +tv193 = 624 +tv197 = 632 +__$ArrayPad$ = 640 main$dtor$0 PROC 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx 0000a 55 push rbp 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H - 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] + 00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48] + 00014 48 8d 4d 68 lea rcx, QWORD PTR RetNumBlock$[rbp] 00018 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 0001d 48 83 c4 28 add rsp, 40 ; 00000028H 00021 5f pop rdi @@ -9184,26 +9358,36 @@ text$x ENDS ; Function compile flags: /Odtp /RTCsu /ZI ; COMDAT text$x text$x SEGMENT -RetNumBlock$ = 8 -Obf$ = 88 -Obf2$ = 152 -AsmSize$ = 180 -Asm$ = 216 -Exec$ = 248 -$T7 = 468 -tv145 = 488 -tv133 = 496 -tv143 = 504 -tv141 = 512 -__$ArrayPad$ = 520 +Delta$ = 4 +ActualFunction$ = 40 +MemeBlock$ = 72 +RetNumBlock$ = 104 +Obf$ = 184 +AsmSize$ = 244 +Asm$ = 280 +Exec$ = 312 +$T6 = 536 +$T7 = 564 +tv203 = 584 +tv136 = 584 +tv177 = 592 +tv134 = 592 +tv201 = 600 +tv132 = 600 +tv185 = 608 +tv130 = 608 +tv199 = 616 +tv193 = 624 +tv197 = 632 +__$ArrayPad$ = 640 main$dtor$0 PROC 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx 0000a 55 push rbp 0000b 57 push rdi 0000c 48 83 ec 28 sub rsp, 40 ; 00000028H - 00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32] - 00014 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp] + 00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48] + 00014 48 8d 4d 68 lea rcx, QWORD PTR RetNumBlock$[rbp] 00018 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ 0001d 48 83 c4 28 add rsp, 40 ; 00000028H 00021 5f pop rdi @@ -9212,6 +9396,189 @@ main$dtor$0 PROC main$dtor$0 ENDP text$x ENDS ; Function compile flags: /Odtp /RTCsu /ZI +; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Main.cpp +; COMDAT ?Nextfunction@@YA_K_K@Z +_TEXT SEGMENT +v1$ = 224 +?Nextfunction@@YA_K_K@Z PROC ; Nextfunction, COMDAT + +; 55 : { + +$LN3: + 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00005 55 push rbp + 00006 57 push rdi + 00007 48 81 ec e8 00 + 00 00 sub rsp, 232 ; 000000e8H + 0000e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00013 48 8b fc mov rdi, rsp + 00016 b9 3a 00 00 00 mov ecx, 58 ; 0000003aH + 0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 00020 f3 ab rep stosd + 00022 48 8b 8c 24 08 + 01 00 00 mov rcx, QWORD PTR [rsp+264] + 0002a 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__4031338C_Main@cpp + 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + +; 56 : return v1 + 1; + + 00036 48 8b 85 e0 00 + 00 00 mov rax, QWORD PTR v1$[rbp] + 0003d 48 ff c0 inc rax + +; 57 : } + + 00040 48 8d a5 c8 00 + 00 00 lea rsp, QWORD PTR [rbp+200] + 00047 5f pop rdi + 00048 5d pop rbp + 00049 c3 ret 0 +?Nextfunction@@YA_K_K@Z ENDP ; Nextfunction +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI +; File C:\$Fanta\code-virtualizer\CodeVirtualizer\Main.cpp +; COMDAT ?TestShelcode@@YA_K_K000@Z +_TEXT SEGMENT +Value$ = 8 +i$1 = 36 +i$2 = 68 +v1$ = 320 +v2$ = 328 +v3$ = 336 +v4$ = 344 +?TestShelcode@@YA_K_K000@Z PROC ; TestShelcode, COMDAT + +; 38 : { + +$LN10: + 00000 4c 89 4c 24 20 mov QWORD PTR [rsp+32], r9 + 00005 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8 + 0000a 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx + 0000f 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx + 00014 55 push rbp + 00015 57 push rdi + 00016 48 81 ec 48 01 + 00 00 sub rsp, 328 ; 00000148H + 0001d 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32] + 00022 48 8b fc mov rdi, rsp + 00025 b9 52 00 00 00 mov ecx, 82 ; 00000052H + 0002a b8 cc cc cc cc mov eax, -858993460 ; ccccccccH + 0002f f3 ab rep stosd + 00031 48 8b 8c 24 68 + 01 00 00 mov rcx, QWORD PTR [rsp+360] + 00039 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:__4031338C_Main@cpp + 00040 e8 00 00 00 00 call __CheckForDebuggerJustMyCode + +; 39 : if (v4 == 0) + + 00045 48 83 bd 58 01 + 00 00 00 cmp QWORD PTR v4$[rbp], 0 + 0004d 75 0b jne SHORT $LN8@TestShelco + +; 40 : v4 = 2; + + 0004f 48 c7 85 58 01 + 00 00 02 00 00 + 00 mov QWORD PTR v4$[rbp], 2 +$LN8@TestShelco: + +; 41 : +; 42 : ULONG64 Value = 1; + + 0005a 48 c7 45 08 01 + 00 00 00 mov QWORD PTR Value$[rbp], 1 + +; 43 : for (int i = 1; i <= v1; i++) + + 00062 c7 45 24 01 00 + 00 00 mov DWORD PTR i$1[rbp], 1 + 00069 eb 08 jmp SHORT $LN4@TestShelco +$LN2@TestShelco: + 0006b 8b 45 24 mov eax, DWORD PTR i$1[rbp] + 0006e ff c0 inc eax + 00070 89 45 24 mov DWORD PTR i$1[rbp], eax +$LN4@TestShelco: + 00073 48 63 45 24 movsxd rax, DWORD PTR i$1[rbp] + 00077 48 3b 85 40 01 + 00 00 cmp rax, QWORD PTR v1$[rbp] + 0007e 77 7e ja SHORT $LN3@TestShelco + +; 44 : { +; 45 : Value *= i; + + 00080 48 63 45 24 movsxd rax, DWORD PTR i$1[rbp] + 00084 48 8b 4d 08 mov rcx, QWORD PTR Value$[rbp] + 00088 48 0f af c8 imul rcx, rax + 0008c 48 8b c1 mov rax, rcx + 0008f 48 89 45 08 mov QWORD PTR Value$[rbp], rax + +; 46 : Value += v3; + + 00093 48 8b 85 50 01 + 00 00 mov rax, QWORD PTR v3$[rbp] + 0009a 48 8b 4d 08 mov rcx, QWORD PTR Value$[rbp] + 0009e 48 03 c8 add rcx, rax + 000a1 48 8b c1 mov rax, rcx + 000a4 48 89 45 08 mov QWORD PTR Value$[rbp], rax + +; 47 : Value /= v4; + + 000a8 33 d2 xor edx, edx + 000aa 48 8b 45 08 mov rax, QWORD PTR Value$[rbp] + 000ae 48 f7 b5 58 01 + 00 00 div QWORD PTR v4$[rbp] + 000b5 48 89 45 08 mov QWORD PTR Value$[rbp], rax + +; 48 : for (int i = 1; i <= v4; i++) + + 000b9 c7 45 44 01 00 + 00 00 mov DWORD PTR i$2[rbp], 1 + 000c0 eb 08 jmp SHORT $LN7@TestShelco +$LN5@TestShelco: + 000c2 8b 45 44 mov eax, DWORD PTR i$2[rbp] + 000c5 ff c0 inc eax + 000c7 89 45 44 mov DWORD PTR i$2[rbp], eax +$LN7@TestShelco: + 000ca 48 63 45 44 movsxd rax, DWORD PTR i$2[rbp] + 000ce 48 3b 85 58 01 + 00 00 cmp rax, QWORD PTR v4$[rbp] + 000d5 77 22 ja SHORT $LN6@TestShelco + +; 49 : Value += v2 = i; + + 000d7 48 63 45 44 movsxd rax, DWORD PTR i$2[rbp] + 000db 48 89 85 48 01 + 00 00 mov QWORD PTR v2$[rbp], rax + 000e2 48 8b 85 48 01 + 00 00 mov rax, QWORD PTR v2$[rbp] + 000e9 48 8b 4d 08 mov rcx, QWORD PTR Value$[rbp] + 000ed 48 03 c8 add rcx, rax + 000f0 48 8b c1 mov rax, rcx + 000f3 48 89 45 08 mov QWORD PTR Value$[rbp], rax + 000f7 eb c9 jmp SHORT $LN5@TestShelco +$LN6@TestShelco: + +; 50 : } + + 000f9 e9 6d ff ff ff jmp $LN2@TestShelco +$LN3@TestShelco: + +; 51 : return Value; + + 000fe 48 8b 45 08 mov rax, QWORD PTR Value$[rbp] + +; 52 : } + + 00102 48 8d a5 28 01 + 00 00 lea rsp, QWORD PTR [rbp+296] + 00109 5f pop rdi + 0010a 5d pop rbp + 0010b c3 ret 0 +?TestShelcode@@YA_K_K000@Z ENDP ; TestShelcode +_TEXT ENDS +; Function compile flags: /Odtp /RTCsu /ZI ; COMDAT ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QEAAXXZ _TEXT SEGMENT this$ = 224 diff --git a/CodeVirtualizer/x64/Debug/NativeCode.cod b/CodeVirtualizer/x64/Debug/NativeCode.cod index cd096e8..7d90066 100644 --- a/CodeVirtualizer/x64/Debug/NativeCode.cod +++ b/CodeVirtualizer/x64/Debug/NativeCode.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H @@ -322,7 +323,9 @@ PUBLIC ??_C@_1DG@PLBPCAEM@?$AA?$CC?$AAI?$AAT?$AAE?$AAR?$AAA?$AAT?$AAO?$AAR?$AA?5 PUBLIC ??_C@_0GI@DEICPIDJ@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string' PUBLIC ?__LINE__Var@?0??_Maklocwcs@std@@YAPEA_WPEB_W@Z@4JA ; `std::_Maklocwcs'::`1'::__LINE__Var PUBLIC ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string' +PUBLIC ??_C@_07JOOGINOC@Ended?4?6@ ; `string' PUBLIC ??_C@_0DF@KKBEBOEB@Failed?5to?5validate?5jump?4?5Type?3?5@ ; `string' +PUBLIC ??_C@_09DJLGANOC@Started?4?6@ ; `string' PUBLIC ??_C@_0CL@COPJALEP@XedDecode?5failed?5in?5NcDeepCopyL@ ; `string' PUBLIC ??_C@_0CA@KDIENFLL@XedDecode?5failed?5with?5error?5?$CFs?6@ ; `string' PUBLIC ??_C@_0L@ILJOJNOL@Label?3?5?$CFu?6@ ; `string' @@ -1246,7 +1249,7 @@ pdata ENDS ; COMDAT pdata pdata SEGMENT $pdata$?NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN18 - DD imagerel $LN18+687 + DD imagerel $LN18+699 DD imagerel $unwind$?NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z pdata ENDS ; COMDAT pdata @@ -1257,8 +1260,8 @@ $pdata$?dtor$0@?0??NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA DD imagerel pdata ENDS ; COMDAT pdata pdata SEGMENT -$pdata$?NcValidateJmp@@YAPEAU_NATIVE_CODE_LINK@@PEAU1@H@Z DD imagerel $LN23 - DD imagerel $LN23+414 +$pdata$?NcValidateJmp@@YAPEAU_NATIVE_CODE_LINK@@PEAU1@H@Z DD imagerel $LN21 + DD imagerel $LN21+425 DD imagerel $unwind$?NcValidateJmp@@YAPEAU_NATIVE_CODE_LINK@@PEAU1@H@Z pdata ENDS ; COMDAT pdata @@ -2128,11 +2131,19 @@ CONST SEGMENT ??_C@_0CL@COPJALEP@XedDecode?5failed?5in?5NcDeepCopyL@ DB 'XedDecode fail' DB 'ed in NcDeepCopyLink: %s %u', 0aH, 00H ; `string' CONST ENDS +; COMDAT ??_C@_09DJLGANOC@Started?4?6@ +CONST SEGMENT +??_C@_09DJLGANOC@Started?4?6@ DB 'Started.', 0aH, 00H ; `string' +CONST ENDS ; COMDAT ??_C@_0DF@KKBEBOEB@Failed?5to?5validate?5jump?4?5Type?3?5@ CONST SEGMENT ??_C@_0DF@KKBEBOEB@Failed?5to?5validate?5jump?4?5Type?3?5@ DB 'Failed to ' DB 'validate jump. Type: %s, Displacement: %d', 0aH, 00H ; `string' CONST ENDS +; COMDAT ??_C@_07JOOGINOC@Ended?4?6@ +CONST SEGMENT +??_C@_07JOOGINOC@Ended?4?6@ DB 'Ended.', 0aH, 00H ; `string' +CONST ENDS ; COMDAT ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ CONST SEGMENT ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ DB 'C:\Pro' @@ -3839,7 +3850,7 @@ xdata SEGMENT $ip2state$?NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 06H DB 00H DB 00H - DB 'q', 07H + DB 0a1H, 07H DB 02H DB 084H DB 00H @@ -12449,7 +12460,7 @@ tv142 = 368 Block$ = 416 ?NcPrintBlockCode@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; NcPrintBlockCode, COMDAT -; 607 : { +; 610 : { $LN10: 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx @@ -12468,7 +12479,7 @@ $LN10: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 608 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) +; 611 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) 00036 48 8b 85 a0 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -12491,8 +12502,8 @@ $LN4@NcPrintBlo: 0006e 0f 84 eb 00 00 00 je $LN3@NcPrintBlo -; 609 : { -; 610 : if (!(T->Flags & CODE_FLAG_IS_LABEL)) +; 612 : { +; 613 : if (!(T->Flags & CODE_FLAG_IS_LABEL)) 00074 48 8b 45 08 mov rax, QWORD PTR T$1[rbp] 00078 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -12501,8 +12512,8 @@ $LN4@NcPrintBlo: 00080 0f 85 d4 00 00 00 jne $LN8@NcPrintBlo -; 611 : { -; 612 : for (uint32_t i = 0; i < T->RawDataSize; i++) +; 614 : { +; 615 : for (uint32_t i = 0; i < T->RawDataSize; i++) 00086 c7 45 24 00 00 00 00 mov DWORD PTR i$2[rbp], 0 @@ -12518,8 +12529,8 @@ $LN7@NcPrintBlo: 000a1 0f 83 b3 00 00 00 jae $LN6@NcPrintBlo -; 613 : { -; 614 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)T->RawData[i] << ' '; +; 616 : { +; 617 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)T->RawData[i] << ' '; 000a7 48 8d 15 00 00 00 00 lea rdx, OFFSET FLAT:?hex@std@@YAAEAVios_base@1@AEAV21@@Z ; std::hex @@ -12571,19 +12582,19 @@ $LN7@NcPrintBlo: 0014d 48 8b c8 mov rcx, rax 00150 e8 00 00 00 00 call ??$?6U?$char_traits@D@std@@@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@0@AEAV10@D@Z ; std::operator<< > -; 615 : } +; 618 : } 00155 e9 35 ff ff ff jmp $LN5@NcPrintBlo $LN6@NcPrintBlo: $LN8@NcPrintBlo: -; 616 : } -; 617 : } +; 619 : } +; 620 : } 0015a e9 e7 fe ff ff jmp $LN2@NcPrintBlo $LN3@NcPrintBlo: -; 618 : } +; 621 : } 0015f 48 8d a5 88 01 00 00 lea rsp, QWORD PTR [rbp+392] @@ -12604,7 +12615,7 @@ tv129 = 280 Block$ = 320 ?NcDebugPrint@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; NcDebugPrint, COMDAT -; 577 : { +; 580 : { $LN11: 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx @@ -12623,25 +12634,25 @@ $LN11: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 578 : HANDLE ConsoleHandle = GetStdHandle(STD_OUTPUT_HANDLE); +; 581 : HANDLE ConsoleHandle = GetStdHandle(STD_OUTPUT_HANDLE); 00036 b9 f5 ff ff ff mov ecx, -11 ; fffffff5H 0003b ff 15 00 00 00 00 call QWORD PTR __imp_GetStdHandle 00041 48 89 45 08 mov QWORD PTR ConsoleHandle$[rbp], rax -; 579 : if (!ConsoleHandle) +; 582 : if (!ConsoleHandle) 00045 48 83 7d 08 00 cmp QWORD PTR ConsoleHandle$[rbp], 0 0004a 75 05 jne SHORT $LN5@NcDebugPri -; 580 : return; +; 583 : return; 0004c e9 03 01 00 00 jmp $LN1@NcDebugPri $LN5@NcDebugPri: -; 581 : -; 582 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) +; 584 : +; 585 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) 00051 48 8b 85 40 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -12664,8 +12675,8 @@ $LN4@NcDebugPri: 00089 0f 84 c5 00 00 00 je $LN3@NcDebugPri -; 583 : { -; 584 : if (T->Flags & CODE_FLAG_IS_LABEL) +; 586 : { +; 587 : if (T->Flags & CODE_FLAG_IS_LABEL) 0008f 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 00093 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -12673,15 +12684,15 @@ $LN4@NcDebugPri: 00099 85 c0 test eax, eax 0009b 74 26 je SHORT $LN6@NcDebugPri -; 585 : { -; 586 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED); +; 588 : { +; 589 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED); 0009d 66 ba 06 00 mov dx, 6 000a1 48 8b 4d 08 mov rcx, QWORD PTR ConsoleHandle$[rbp] 000a5 ff 15 00 00 00 00 call QWORD PTR __imp_SetConsoleTextAttribute -; 587 : printf("Label: %u\n", T->Label); +; 590 : printf("Label: %u\n", T->Label); 000ab 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 000af 8b 50 1c mov edx, DWORD PTR [rax+28] @@ -12689,14 +12700,14 @@ $LN4@NcDebugPri: 00 00 lea rcx, OFFSET FLAT:??_C@_0L@ILJOJNOL@Label?3?5?$CFu?6@ 000b9 e8 00 00 00 00 call printf -; 588 : } +; 591 : } 000be e9 8c 00 00 00 jmp $LN7@NcDebugPri $LN6@NcDebugPri: -; 589 : else -; 590 : { -; 591 : XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInstruction); +; 592 : else +; 593 : { +; 594 : XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInstruction); 000c3 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 000c7 48 83 c0 30 add rax, 48 ; 00000030H @@ -12704,7 +12715,7 @@ $LN6@NcDebugPri: 000ce e8 00 00 00 00 call xed_decoded_inst_get_iclass 000d3 89 45 44 mov DWORD PTR IClass$2[rbp], eax -; 592 : if (T->Flags & CODE_FLAG_IS_REL_JMP) +; 595 : if (T->Flags & CODE_FLAG_IS_REL_JMP) 000d6 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 000da 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -12712,15 +12723,15 @@ $LN6@NcDebugPri: 000e0 85 c0 test eax, eax 000e2 74 46 je SHORT $LN8@NcDebugPri -; 593 : { -; 594 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED); +; 596 : { +; 597 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_RED); 000e4 66 ba 06 00 mov dx, 6 000e8 48 8b 4d 08 mov rcx, QWORD PTR ConsoleHandle$[rbp] 000ec ff 15 00 00 00 00 call QWORD PTR __imp_SetConsoleTextAttribute -; 595 : printf("%s: %u\n", XedIClassEnumToString(IClass), T->Label); +; 598 : printf("%s: %u\n", XedIClassEnumToString(IClass), T->Label); 000f2 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 000f6 8b 40 1c mov eax, DWORD PTR [rax+28] @@ -12738,21 +12749,21 @@ $LN6@NcDebugPri: 00 00 lea rcx, OFFSET FLAT:??_C@_07KNNCJAOA@?$CFs?3?5?$CFu?6@ 00123 e8 00 00 00 00 call printf -; 596 : } +; 599 : } 00128 eb 25 jmp SHORT $LN9@NcDebugPri $LN8@NcDebugPri: -; 597 : else -; 598 : { -; 599 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_BLUE); +; 600 : else +; 601 : { +; 602 : SetConsoleTextAttribute(ConsoleHandle, FOREGROUND_GREEN | FOREGROUND_BLUE); 0012a 66 ba 03 00 mov dx, 3 0012e 48 8b 4d 08 mov rcx, QWORD PTR ConsoleHandle$[rbp] 00132 ff 15 00 00 00 00 call QWORD PTR __imp_SetConsoleTextAttribute -; 600 : printf("%s\n", XedIClassEnumToString(IClass)); +; 603 : printf("%s\n", XedIClassEnumToString(IClass)); 00138 8b 4d 44 mov ecx, DWORD PTR IClass$2[rbp] 0013b e8 00 00 00 00 call xed_iclass_enum_t2str @@ -12763,15 +12774,15 @@ $LN8@NcDebugPri: $LN9@NcDebugPri: $LN7@NcDebugPri: -; 601 : } -; 602 : } -; 603 : } +; 604 : } +; 605 : } +; 606 : } 0014f e9 0d ff ff ff jmp $LN2@NcDebugPri $LN3@NcDebugPri: $LN1@NcDebugPri: -; 604 : } +; 607 : } 00154 48 8d a5 28 01 00 00 lea rsp, QWORD PTR [rbp+296] @@ -12792,7 +12803,7 @@ tv78 = 312 Block$ = 352 ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; NcDeleteBlock, COMDAT -; 562 : { +; 565 : { $LN10: 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx @@ -12811,7 +12822,7 @@ $LN10: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 563 : if (!Block->Start || !Block->End) +; 566 : if (!Block->Start || !Block->End) 00036 48 8b 85 60 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -12823,13 +12834,13 @@ $LN10: 0004f 75 05 jne SHORT $LN5@NcDeleteBl $LN6@NcDeleteBl: -; 564 : return; +; 567 : return; 00051 e9 80 00 00 00 jmp $LN1@NcDeleteBl $LN5@NcDeleteBl: -; 565 : -; 566 : PNATIVE_CODE_LINK BlockEnding = Block->End->Next; +; 568 : +; 569 : PNATIVE_CODE_LINK BlockEnding = Block->End->Next; 00056 48 8b 85 60 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -12837,8 +12848,8 @@ $LN5@NcDeleteBl: 00061 48 8b 00 mov rax, QWORD PTR [rax] 00064 48 89 45 08 mov QWORD PTR BlockEnding$[rbp], rax -; 567 : -; 568 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != BlockEnding;) +; 570 : +; 571 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != BlockEnding;) 00068 48 8b 85 60 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -12851,14 +12862,14 @@ $LN2@NcDeleteBl: 00081 48 39 45 28 cmp QWORD PTR T$1[rbp], rax 00085 74 4f je SHORT $LN3@NcDeleteBl -; 569 : { -; 570 : PNATIVE_CODE_LINK Next = T->Next; +; 572 : { +; 573 : PNATIVE_CODE_LINK Next = T->Next; 00087 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 0008b 48 8b 00 mov rax, QWORD PTR [rax] 0008e 48 89 45 48 mov QWORD PTR Next$2[rbp], rax -; 571 : delete T; +; 574 : delete T; 00092 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 00096 48 89 85 28 01 @@ -12879,18 +12890,18 @@ $LN8@NcDeleteBl: 00 mov QWORD PTR tv78[rbp], 0 $LN9@NcDeleteBl: -; 572 : T = Next; +; 575 : T = Next; 000cc 48 8b 45 48 mov rax, QWORD PTR Next$2[rbp] 000d0 48 89 45 28 mov QWORD PTR T$1[rbp], rax -; 573 : } +; 576 : } 000d4 eb a0 jmp SHORT $LN2@NcDeleteBl $LN3@NcDeleteBl: $LN1@NcDeleteBl: -; 574 : } +; 577 : } 000d6 48 8d a5 48 01 00 00 lea rsp, QWORD PTR [rbp+328] @@ -12908,7 +12919,7 @@ OutSize$ = 232 ChooseRandomDuplicateLabel$ = 240 ?NcAssembleEx@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAKH@Z PROC ; NcAssembleEx, COMDAT -; 557 : { +; 560 : { $LN3: 00000 44 89 44 24 18 mov DWORD PTR [rsp+24], r8d @@ -12929,11 +12940,11 @@ $LN3: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 0003b e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 558 : return NULL; +; 561 : return NULL; 00040 33 c0 xor eax, eax -; 559 : } +; 562 : } 00042 48 8d a5 c8 00 00 00 lea rsp, QWORD PTR [rbp+200] @@ -12958,7 +12969,7 @@ Block$ = 448 OutSize$ = 456 ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z PROC ; NcAssemble, COMDAT -; 528 : { +; 530 : { $LN13: 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -12978,7 +12989,7 @@ $LN13: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 529 : if (!NcFixRelJmps(Block)) +; 531 : if (!NcFixRelJmps(Block)) 0003b 48 8b 8d c0 01 00 00 mov rcx, QWORD PTR Block$[rbp] @@ -12986,14 +12997,14 @@ $LN13: 00047 85 c0 test eax, eax 00049 75 07 jne SHORT $LN8@NcAssemble -; 530 : return NULL; +; 532 : return NULL; 0004b 33 c0 xor eax, eax 0004d e9 65 01 00 00 jmp $LN1@NcAssemble $LN8@NcAssemble: -; 531 : -; 532 : *OutSize = NcCalcBlockSizeInBytes(Block); +; 533 : +; 534 : *OutSize = NcCalcBlockSizeInBytes(Block); 00052 48 8b 8d c0 01 00 00 mov rcx, QWORD PTR Block$[rbp] @@ -13002,8 +13013,8 @@ $LN8@NcAssemble: 00 00 mov rcx, QWORD PTR OutSize$[rbp] 00065 89 01 mov DWORD PTR [rcx], eax -; 533 : -; 534 : PUCHAR Buffer = (PUCHAR)malloc(*OutSize); +; 535 : +; 536 : PUCHAR Buffer = (PUCHAR)malloc(*OutSize); 00067 48 8b 85 c8 01 00 00 mov rax, QWORD PTR OutSize$[rbp] @@ -13013,25 +13024,25 @@ $LN8@NcAssemble: 00 call QWORD PTR __imp_malloc 00078 48 89 45 08 mov QWORD PTR Buffer$[rbp], rax -; 535 : if (!Buffer) +; 537 : if (!Buffer) 0007c 48 83 7d 08 00 cmp QWORD PTR Buffer$[rbp], 0 00081 75 07 jne SHORT $LN9@NcAssemble -; 536 : return NULL; +; 538 : return NULL; 00083 33 c0 xor eax, eax 00085 e9 2d 01 00 00 jmp $LN1@NcAssemble $LN9@NcAssemble: -; 537 : -; 538 : PUCHAR BufferOffset = Buffer; +; 539 : +; 540 : PUCHAR BufferOffset = Buffer; 0008a 48 8b 45 08 mov rax, QWORD PTR Buffer$[rbp] 0008e 48 89 45 28 mov QWORD PTR BufferOffset$[rbp], rax -; 539 : -; 540 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) +; 541 : +; 542 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) 00092 48 8b 85 c0 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -13054,8 +13065,8 @@ $LN4@NcAssemble: 000ca 0f 84 e3 00 00 00 je $LN3@NcAssemble -; 541 : { -; 542 : if (T->Flags & CODE_FLAG_IS_LABEL) +; 543 : { +; 544 : if (T->Flags & CODE_FLAG_IS_LABEL) 000d0 48 8b 45 48 mov rax, QWORD PTR T$1[rbp] 000d4 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -13063,12 +13074,12 @@ $LN4@NcAssemble: 000da 85 c0 test eax, eax 000dc 74 02 je SHORT $LN10@NcAssemble -; 543 : continue; +; 545 : continue; 000de eb c2 jmp SHORT $LN2@NcAssemble $LN10@NcAssemble: -; 544 : RtlCopyMemory(BufferOffset, T->RawData, T->RawDataSize); +; 546 : RtlCopyMemory(BufferOffset, T->RawData, T->RawDataSize); 000e0 48 8b 45 48 mov rax, QWORD PTR T$1[rbp] 000e4 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -13078,7 +13089,7 @@ $LN10@NcAssemble: 000f2 48 8b 4d 28 mov rcx, QWORD PTR BufferOffset$[rbp] 000f6 e8 00 00 00 00 call memcpy -; 545 : if (T->Flags & CODE_FLAG_HAS_ASM_OP) +; 547 : if (T->Flags & CODE_FLAG_HAS_ASM_OP) 000fb 48 8b 45 48 mov rax, QWORD PTR T$1[rbp] 000ff 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -13087,8 +13098,8 @@ $LN10@NcAssemble: 00107 0f 84 8c 00 00 00 je $LN11@NcAssemble -; 546 : { -; 547 : for (STDPAIR CONST& Op : T->AsmOperations) +; 548 : { +; 549 : for (STDPAIR CONST& Op : T->AsmOperations) 0010d 48 8b 45 48 mov rax, QWORD PTR T$1[rbp] 00111 48 05 f0 00 00 @@ -13120,7 +13131,7 @@ $LN7@NcAssemble: 00166 48 89 85 c8 00 00 00 mov QWORD PTR Op$5[rbp], rax -; 548 : Op.first(T, BufferOffset, Op.second); +; 550 : Op.first(T, BufferOffset, Op.second); 0016d 48 8b 85 c8 00 00 00 mov rax, QWORD PTR Op$5[rbp] @@ -13138,8 +13149,8 @@ $LN7@NcAssemble: $LN6@NcAssemble: $LN11@NcAssemble: -; 549 : } -; 550 : BufferOffset += T->RawDataSize; +; 551 : } +; 552 : BufferOffset += T->RawDataSize; 00199 48 8b 45 48 mov rax, QWORD PTR T$1[rbp] 0019d 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -13148,18 +13159,19 @@ $LN11@NcAssemble: 001a7 48 8b c1 mov rax, rcx 001aa 48 89 45 28 mov QWORD PTR BufferOffset$[rbp], rax -; 551 : } +; 553 : +; 554 : } 001ae e9 ef fe ff ff jmp $LN2@NcAssemble $LN3@NcAssemble: -; 552 : -; 553 : return Buffer; +; 555 : +; 556 : return Buffer; 001b3 48 8b 45 08 mov rax, QWORD PTR Buffer$[rbp] $LN1@NcAssemble: -; 554 : } +; 557 : } 001b7 48 8d a5 a8 01 00 00 lea rsp, QWORD PTR [rbp+424] @@ -13189,7 +13201,7 @@ Buffer$ = 520 BufferSize$ = 528 ?NcDisassemble@@YAHPEAU_NATIVE_CODE_BLOCK@@PEAXK@Z PROC ; NcDisassemble, COMDAT -; 496 : { +; 498 : { $LN13: 00000 44 89 44 24 18 mov DWORD PTR [rsp+24], r8d @@ -13210,20 +13222,20 @@ $LN13: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 0003b e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 497 : PUCHAR Buf = (PUCHAR)Buffer; +; 499 : PUCHAR Buf = (PUCHAR)Buffer; 00040 48 8b 85 08 02 00 00 mov rax, QWORD PTR Buffer$[rbp] 00047 48 89 45 08 mov QWORD PTR Buf$[rbp], rax -; 498 : ULONG Offset = 0; +; 500 : ULONG Offset = 0; 0004b c7 45 24 00 00 00 00 mov DWORD PTR Offset$[rbp], 0 $LN2@NcDisassem: -; 499 : -; 500 : while (Offset < BufferSize) +; 501 : +; 502 : while (Offset < BufferSize) 00052 8b 85 10 02 00 00 mov eax, DWORD PTR BufferSize$[rbp] @@ -13231,8 +13243,8 @@ $LN2@NcDisassem: 0005b 0f 83 b8 01 00 00 jae $LN3@NcDisassem -; 501 : { -; 502 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK; +; 503 : { +; 504 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK; 00061 b9 10 01 00 00 mov ecx, 272 ; 00000110H 00066 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new @@ -13260,13 +13272,13 @@ $LN7@NcDisassem: 00 00 mov rax, QWORD PTR $T4[rbp] 000b1 48 89 45 48 mov QWORD PTR Link$1[rbp], rax -; 503 : Link->Flags = CODE_FLAG_IS_INST; +; 505 : Link->Flags = CODE_FLAG_IS_INST; 000b5 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 000b9 c7 40 18 04 00 00 00 mov DWORD PTR [rax+24], 4 -; 504 : ULONG PossibleSize = min(15, BufferSize - Offset); +; 506 : ULONG PossibleSize = min(15, BufferSize - Offset); 000c0 8b 45 24 mov eax, DWORD PTR Offset$[rbp] 000c3 8b 8d 10 02 00 @@ -13291,7 +13303,7 @@ $LN9@NcDisassem: 00 mov eax, DWORD PTR tv80[rbp] 000f7 89 45 64 mov DWORD PTR PossibleSize$2[rbp], eax -; 505 : XED_ERROR_ENUM DecodeError = XedDecode(&Link->XedInstruction, (Buf + Offset), PossibleSize); +; 507 : XED_ERROR_ENUM DecodeError = XedDecode(&Link->XedInstruction, (Buf + Offset), PossibleSize); 000fa 8b 45 24 mov eax, DWORD PTR Offset$[rbp] 000fd 48 8b 4d 08 mov rcx, QWORD PTR Buf$[rbp] @@ -13305,14 +13317,14 @@ $LN9@NcDisassem: 0011b 89 85 84 00 00 00 mov DWORD PTR DecodeError$3[rbp], eax -; 506 : if (DecodeError != XED_ERROR_NONE) +; 508 : if (DecodeError != XED_ERROR_NONE) 00121 83 bd 84 00 00 00 00 cmp DWORD PTR DecodeError$3[rbp], 0 00128 74 67 je SHORT $LN4@NcDisassem -; 507 : { -; 508 : printf("XedDecode failed with error %s\n", XedErrorEnumToString(DecodeError)); +; 509 : { +; 510 : printf("XedDecode failed with error %s\n", XedErrorEnumToString(DecodeError)); 0012a 8b 8d 84 00 00 00 mov ecx, DWORD PTR DecodeError$3[rbp] @@ -13322,13 +13334,13 @@ $LN9@NcDisassem: 00 00 lea rcx, OFFSET FLAT:??_C@_0CA@KDIENFLL@XedDecode?5failed?5with?5error?5?$CFs?6@ 0013f e8 00 00 00 00 call printf -; 509 : NcDeleteBlock(Block); +; 511 : NcDeleteBlock(Block); 00144 48 8b 8d 00 02 00 00 mov rcx, QWORD PTR Block$[rbp] 0014b e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 510 : delete Link; +; 512 : delete Link; 00150 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 00154 48 89 85 a8 01 @@ -13349,14 +13361,14 @@ $LN10@NcDisassem: 00 mov QWORD PTR tv130[rbp], 0 $LN11@NcDisassem: -; 511 : return FALSE; +; 513 : return FALSE; 0018a 33 c0 xor eax, eax 0018c e9 99 00 00 00 jmp $LN1@NcDisassem $LN4@NcDisassem: -; 512 : } -; 513 : Link->RawDataSize = XedDecodedInstGetLength(&Link->XedInstruction); +; 514 : } +; 515 : Link->RawDataSize = XedDecodedInstGetLength(&Link->XedInstruction); 00191 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 00195 48 83 c0 30 add rax, 48 ; 00000030H @@ -13365,7 +13377,7 @@ $LN4@NcDisassem: 001a1 48 8b 4d 48 mov rcx, QWORD PTR Link$1[rbp] 001a5 89 41 28 mov DWORD PTR [rcx+40], eax -; 514 : Link->RawData = new UCHAR[Link->RawDataSize]; +; 516 : Link->RawData = new UCHAR[Link->RawDataSize]; 001a8 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 001ac 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -13378,7 +13390,7 @@ $LN4@NcDisassem: 00 00 mov rcx, QWORD PTR $T7[rbp] 001c8 48 89 48 20 mov QWORD PTR [rax+32], rcx -; 515 : RtlCopyMemory(Link->RawData, (Buf + Offset), Link->RawDataSize); +; 517 : RtlCopyMemory(Link->RawData, (Buf + Offset), Link->RawDataSize); 001cc 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 001d0 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -13392,16 +13404,16 @@ $LN4@NcDisassem: 001ea 48 8b 48 20 mov rcx, QWORD PTR [rax+32] 001ee e8 00 00 00 00 call memcpy -; 516 : -; 517 : NcAppendToBlock(Block, Link); +; 518 : +; 519 : NcAppendToBlock(Block, Link); 001f3 48 8b 55 48 mov rdx, QWORD PTR Link$1[rbp] 001f7 48 8b 8d 00 02 00 00 mov rcx, QWORD PTR Block$[rbp] 001fe e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock -; 518 : -; 519 : Offset += Link->RawDataSize; +; 520 : +; 521 : Offset += Link->RawDataSize; 00203 48 8b 45 48 mov rax, QWORD PTR Link$1[rbp] 00207 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -13410,25 +13422,25 @@ $LN4@NcDisassem: 0020f 8b c1 mov eax, ecx 00211 89 45 24 mov DWORD PTR Offset$[rbp], eax -; 520 : } +; 522 : } 00214 e9 39 fe ff ff jmp $LN2@NcDisassem $LN3@NcDisassem: -; 521 : -; 522 : NcCreateLabels(Block); +; 523 : +; 524 : NcCreateLabels(Block); 00219 48 8b 8d 00 02 00 00 mov rcx, QWORD PTR Block$[rbp] 00220 e8 00 00 00 00 call ?NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ; NcCreateLabels -; 523 : -; 524 : return TRUE; +; 525 : +; 526 : return TRUE; 00225 b8 01 00 00 00 mov eax, 1 $LN1@NcDisassem: -; 525 : } +; 527 : } 0022a 48 8d a5 e8 01 00 00 lea rsp, QWORD PTR [rbp+488] @@ -13530,7 +13542,7 @@ __$ArrayPad$ = 1816 Block$ = 1856 ?NcFixRelJmps@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; NcFixRelJmps, COMDAT -; 413 : { +; 415 : { $LN19: 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx @@ -13555,7 +13567,7 @@ $LN19: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00043 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 414 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;) +; 416 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;) 00048 48 8b 85 40 07 00 00 mov rax, QWORD PTR Block$[rbp] @@ -13573,8 +13585,8 @@ $LN2@NcFixRelJm: 00073 0f 84 d4 02 00 00 je $LN3@NcFixRelJm -; 415 : { -; 416 : if (T->Flags & CODE_FLAG_IS_REL_JMP) +; 417 : { +; 418 : if (T->Flags & CODE_FLAG_IS_REL_JMP) 00079 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 0007d 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -13583,13 +13595,13 @@ $LN2@NcFixRelJm: 00085 0f 84 b2 02 00 00 je $LN7@NcFixRelJm -; 417 : { -; 418 : INT32 BranchDisp = 0; +; 419 : { +; 420 : INT32 BranchDisp = 0; 0008b c7 45 24 00 00 00 00 mov DWORD PTR BranchDisp$10[rbp], 0 -; 419 : if (!NcGetDeltaToLabel(T, &BranchDisp)) +; 421 : if (!NcGetDeltaToLabel(T, &BranchDisp)) 00092 48 8d 55 24 lea rdx, QWORD PTR BranchDisp$10[rbp] 00096 48 8b 4d 08 mov rcx, QWORD PTR T$9[rbp] @@ -13597,14 +13609,14 @@ $LN2@NcFixRelJm: 0009f 85 c0 test eax, eax 000a1 75 07 jne SHORT $LN8@NcFixRelJm -; 420 : return FALSE; +; 422 : return FALSE; 000a3 33 c0 xor eax, eax 000a5 e9 a8 02 00 00 jmp $LN1@NcFixRelJm $LN8@NcFixRelJm: -; 421 : -; 422 : ULONG DispWidth = XedDecodedInstGetBranchDisplacementWidthBits(&T->XedInstruction); +; 423 : +; 424 : ULONG DispWidth = XedDecodedInstGetBranchDisplacementWidthBits(&T->XedInstruction); 000aa 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 000ae 48 83 c0 30 add rax, 48 ; 00000030H @@ -13612,7 +13624,7 @@ $LN8@NcFixRelJm: 000b5 e8 00 00 00 00 call xed_decoded_inst_get_branch_displacement_width_bits 000ba 89 45 44 mov DWORD PTR DispWidth$11[rbp], eax -; 423 : if (log2(abs(BranchDisp)) + 1 > DispWidth) +; 425 : if (log2(abs(BranchDisp)) + 1 > DispWidth) 000bd 8b 4d 24 mov ecx, DWORD PTR BranchDisp$10[rbp] 000c0 e8 00 00 00 00 call abs @@ -13626,56 +13638,56 @@ $LN8@NcFixRelJm: 000e0 0f 86 c3 01 00 00 jbe $LN9@NcFixRelJm -; 424 : { -; 425 : //duh oh -; 426 : if (DispWidth == 32) +; 426 : { +; 427 : //duh oh +; 428 : if (DispWidth == 32) 000e6 83 7d 44 20 cmp DWORD PTR DispWidth$11[rbp], 32 ; 00000020H 000ea 75 07 jne SHORT $LN11@NcFixRelJm -; 427 : return FALSE; +; 429 : return FALSE; 000ec 33 c0 xor eax, eax 000ee e9 5f 02 00 00 jmp $LN1@NcFixRelJm $LN11@NcFixRelJm: -; 428 : -; 429 : ////Grow displacement width to required size -; 430 : //DispWidth *= 2; -; 431 : -; 432 : ////Check again -; 433 : //if (log2(abs(BranchDisp)) + 1 > DispWidth) -; 434 : //{ -; 435 : // if (DispWidth == 32) -; 436 : // return FALSE; -; 437 : -; 438 : // //Grow once more if not already at 32 -; 439 : // DispWidth *= 2; -; 440 : //} -; 441 : -; 442 : DispWidth = 32; +; 430 : +; 431 : ////Grow displacement width to required size +; 432 : //DispWidth *= 2; +; 433 : +; 434 : ////Check again +; 435 : //if (log2(abs(BranchDisp)) + 1 > DispWidth) +; 436 : //{ +; 437 : // if (DispWidth == 32) +; 438 : // return FALSE; +; 439 : +; 440 : // //Grow once more if not already at 32 +; 441 : // DispWidth *= 2; +; 442 : //} +; 443 : +; 444 : DispWidth = 32; 000f3 c7 45 44 20 00 00 00 mov DWORD PTR DispWidth$11[rbp], 32 ; 00000020H -; 443 : -; 444 : //Encode new instruction -; 445 : XED_STATE MachineState; -; 446 : MachineState.mmode = XED_MACHINE_MODE_LONG_64; +; 445 : +; 446 : //Encode new instruction +; 447 : XED_STATE MachineState; +; 448 : MachineState.mmode = XED_MACHINE_MODE_LONG_64; 000fa c7 45 68 01 00 00 00 mov DWORD PTR MachineState$12[rbp], 1 -; 447 : MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b; +; 449 : MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b; 00101 c7 45 6c 08 00 00 00 mov DWORD PTR MachineState$12[rbp+4], 8 -; 448 : XED_ENCODER_INSTRUCTION EncoderInstruction; -; 449 : XED_ENCODER_REQUEST EncoderRequest; -; 450 : UCHAR EncodeBuffer[15]; -; 451 : UINT ReturnedSize; -; 452 : XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInstruction); +; 450 : XED_ENCODER_INSTRUCTION EncoderInstruction; +; 451 : XED_ENCODER_REQUEST EncoderRequest; +; 452 : UCHAR EncodeBuffer[15]; +; 453 : UINT ReturnedSize; +; 454 : XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&T->XedInstruction); 00108 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 0010c 48 83 c0 30 add rax, 48 ; 00000030H @@ -13684,9 +13696,9 @@ $LN11@NcFixRelJm: 00118 89 85 74 03 00 00 mov DWORD PTR IClass$17[rbp], eax -; 453 : -; 454 : //Do the encoding -; 455 : XedInst1(&EncoderInstruction, MachineState, IClass, DispWidth, XedRelBr(0, DispWidth)); +; 455 : +; 456 : //Do the encoding +; 457 : XedInst1(&EncoderInstruction, MachineState, IClass, DispWidth, XedRelBr(0, DispWidth)); 0011e 44 8b 45 44 mov r8d, DWORD PTR DispWidth$11[rbp] 00122 33 d2 xor edx, edx @@ -13718,14 +13730,14 @@ $LN11@NcFixRelJm: 00 00 lea rcx, QWORD PTR EncoderInstruction$13[rbp] 00181 e8 00 00 00 00 call xed_inst1 -; 456 : XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState); +; 458 : XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState); 00186 48 8d 55 68 lea rdx, QWORD PTR MachineState$12[rbp] 0018a 48 8d 8d 50 02 00 00 lea rcx, QWORD PTR EncoderRequest$14[rbp] 00191 e8 00 00 00 00 call xed_encoder_request_zero_set_mode -; 457 : if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction)) +; 459 : if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction)) 00196 48 8d 95 90 00 00 00 lea rdx, QWORD PTR EncoderInstruction$13[rbp] @@ -13735,13 +13747,13 @@ $LN11@NcFixRelJm: 001a9 85 c0 test eax, eax 001ab 75 07 jne SHORT $LN12@NcFixRelJm -; 458 : return FALSE; +; 460 : return FALSE; 001ad 33 c0 xor eax, eax 001af e9 9e 01 00 00 jmp $LN1@NcFixRelJm $LN12@NcFixRelJm: -; 459 : XED_ERROR_ENUM Err = XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize); +; 461 : XED_ERROR_ENUM Err = XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize); 001b4 4c 8d 8d 54 03 00 00 lea r9, QWORD PTR ReturnedSize$16[rbp] @@ -13755,21 +13767,21 @@ $LN12@NcFixRelJm: 001d4 89 85 94 03 00 00 mov DWORD PTR Err$18[rbp], eax -; 460 : if (XED_ERROR_NONE != Err) +; 462 : if (XED_ERROR_NONE != Err) 001da 83 bd 94 03 00 00 00 cmp DWORD PTR Err$18[rbp], 0 001e1 74 07 je SHORT $LN13@NcFixRelJm -; 461 : return FALSE; +; 463 : return FALSE; 001e3 33 c0 xor eax, eax 001e5 e9 68 01 00 00 jmp $LN1@NcFixRelJm $LN13@NcFixRelJm: -; 462 : -; 463 : //fixup T->RawData -; 464 : delete[] T->RawData; +; 464 : +; 465 : //fixup T->RawData +; 466 : delete[] T->RawData; 001ea 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 001ee 48 8b 40 20 mov rax, QWORD PTR [rax+32] @@ -13779,14 +13791,14 @@ $LN13@NcFixRelJm: 00 00 mov rcx, QWORD PTR $T21[rbp] 00200 e8 00 00 00 00 call ??_V@YAXPEAX@Z ; operator delete[] -; 465 : T->RawDataSize = ReturnedSize; +; 467 : T->RawDataSize = ReturnedSize; 00205 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 00209 8b 8d 54 03 00 00 mov ecx, DWORD PTR ReturnedSize$16[rbp] 0020f 89 48 28 mov DWORD PTR [rax+40], ecx -; 466 : T->RawData = new UCHAR[ReturnedSize]; +; 468 : T->RawData = new UCHAR[ReturnedSize]; 00212 8b 85 54 03 00 00 mov eax, DWORD PTR ReturnedSize$16[rbp] @@ -13799,7 +13811,7 @@ $LN13@NcFixRelJm: 00 00 mov rcx, QWORD PTR $T22[rbp] 00231 48 89 48 20 mov QWORD PTR [rax+32], rcx -; 467 : RtlCopyMemory(T->RawData, EncodeBuffer, ReturnedSize); +; 469 : RtlCopyMemory(T->RawData, EncodeBuffer, ReturnedSize); 00235 8b 85 54 03 00 00 mov eax, DWORD PTR ReturnedSize$16[rbp] @@ -13810,9 +13822,9 @@ $LN13@NcFixRelJm: 00249 48 8b 48 20 mov rcx, QWORD PTR [rax+32] 0024d e8 00 00 00 00 call memcpy -; 468 : -; 469 : //Decode instruction so its proper and all that -; 470 : XedDecodedInstZeroSetMode(&T->XedInstruction, &MachineState); +; 470 : +; 471 : //Decode instruction so its proper and all that +; 472 : XedDecodedInstZeroSetMode(&T->XedInstruction, &MachineState); 00252 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 00256 48 83 c0 30 add rax, 48 ; 00000030H @@ -13820,7 +13832,7 @@ $LN13@NcFixRelJm: 0025e 48 8b c8 mov rcx, rax 00261 e8 00 00 00 00 call xed_decoded_inst_zero_set_mode -; 471 : if (XED_ERROR_NONE != XedDecode(&T->XedInstruction, T->RawData, T->RawDataSize)) +; 473 : if (XED_ERROR_NONE != XedDecode(&T->XedInstruction, T->RawData, T->RawDataSize)) 00266 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 0026a 48 83 c0 30 add rax, 48 ; 00000030H @@ -13833,33 +13845,33 @@ $LN13@NcFixRelJm: 00286 85 c0 test eax, eax 00288 74 07 je SHORT $LN14@NcFixRelJm -; 472 : return FALSE; +; 474 : return FALSE; 0028a 33 c0 xor eax, eax 0028c e9 c1 00 00 00 jmp $LN1@NcFixRelJm $LN14@NcFixRelJm: -; 473 : -; 474 : //Go back to the start and loop through all labels again because now this instruction is larger :)))) -; 475 : T = Block->Start; +; 475 : +; 476 : //Go back to the start and loop through all labels again because now this instruction is larger :)))) +; 477 : T = Block->Start; 00291 48 8b 85 40 07 00 00 mov rax, QWORD PTR Block$[rbp] 00298 48 8b 00 mov rax, QWORD PTR [rax] 0029b 48 89 45 08 mov QWORD PTR T$9[rbp], rax -; 476 : continue; +; 478 : continue; 0029f e9 b2 fd ff ff jmp $LN2@NcFixRelJm -; 477 : } +; 479 : } 002a4 e9 94 00 00 00 jmp $LN10@NcFixRelJm $LN9@NcFixRelJm: -; 478 : else -; 479 : { -; 480 : DispWidth = XedDecodedInstGetBranchDisplacementWidth(&T->XedInstruction); +; 480 : else +; 481 : { +; 482 : DispWidth = XedDecodedInstGetBranchDisplacementWidth(&T->XedInstruction); 002a9 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 002ad 48 83 c0 30 add rax, 48 ; 00000030H @@ -13867,7 +13879,7 @@ $LN9@NcFixRelJm: 002b4 e8 00 00 00 00 call xed_decoded_inst_get_branch_displacement_width 002b9 89 45 44 mov DWORD PTR DispWidth$11[rbp], eax -; 481 : switch (DispWidth) +; 483 : switch (DispWidth) 002bc 8b 45 44 mov eax, DWORD PTR DispWidth$11[rbp] 002bf 89 85 14 07 00 @@ -13884,8 +13896,8 @@ $LN9@NcFixRelJm: 002e0 eb 5b jmp SHORT $LN5@NcFixRelJm $LN15@NcFixRelJm: -; 482 : { -; 483 : case 1: *(PINT8)&T->RawData[T->RawDataSize - DispWidth] = (INT8)BranchDisp; break; +; 484 : { +; 485 : case 1: *(PINT8)&T->RawData[T->RawDataSize - DispWidth] = (INT8)BranchDisp; break; 002e2 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 002e6 8b 4d 44 mov ecx, DWORD PTR DispWidth$11[rbp] @@ -13899,7 +13911,7 @@ $LN15@NcFixRelJm: 002ff eb 3c jmp SHORT $LN5@NcFixRelJm $LN16@NcFixRelJm: -; 484 : case 2: *(PINT16)&T->RawData[T->RawDataSize - DispWidth] = (INT16)BranchDisp; break; +; 486 : case 2: *(PINT16)&T->RawData[T->RawDataSize - DispWidth] = (INT16)BranchDisp; break; 00301 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 00305 8b 4d 44 mov ecx, DWORD PTR DispWidth$11[rbp] @@ -13913,7 +13925,7 @@ $LN16@NcFixRelJm: 0031f eb 1c jmp SHORT $LN5@NcFixRelJm $LN17@NcFixRelJm: -; 485 : case 4: *(PINT32)&T->RawData[T->RawDataSize - DispWidth] = (INT32)BranchDisp; break; +; 487 : case 4: *(PINT32)&T->RawData[T->RawDataSize - DispWidth] = (INT32)BranchDisp; break; 00321 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 00325 8b 4d 44 mov ecx, DWORD PTR DispWidth$11[rbp] @@ -13928,27 +13940,27 @@ $LN5@NcFixRelJm: $LN10@NcFixRelJm: $LN7@NcFixRelJm: -; 486 : } -; 487 : } -; 488 : } -; 489 : -; 490 : T = T->Next; +; 488 : } +; 489 : } +; 490 : } +; 491 : +; 492 : T = T->Next; 0033d 48 8b 45 08 mov rax, QWORD PTR T$9[rbp] 00341 48 8b 00 mov rax, QWORD PTR [rax] 00344 48 89 45 08 mov QWORD PTR T$9[rbp], rax -; 491 : } +; 493 : } 00348 e9 09 fd ff ff jmp $LN2@NcFixRelJm $LN3@NcFixRelJm: -; 492 : return TRUE; +; 494 : return TRUE; 0034d b8 01 00 00 00 mov eax, 1 $LN1@NcFixRelJm: -; 493 : } +; 495 : } 00352 48 8b f8 mov rdi, rax 00355 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48] @@ -13979,7 +13991,7 @@ Link$ = 320 DeltaOut$ = 328 ?NcGetDeltaToLabel@@YAHPEAU_NATIVE_CODE_LINK@@PEAH@Z PROC ; NcGetDeltaToLabel, COMDAT -; 377 : { +; 379 : { $LN13: 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -13999,13 +14011,13 @@ $LN13: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 378 : INT32 Delta = 0; +; 380 : INT32 Delta = 0; 0003b c7 45 04 00 00 00 00 mov DWORD PTR Delta$[rbp], 0 -; 379 : //First checking backwards because I feel like thats the direction most jmps are in -; 380 : for (PNATIVE_CODE_LINK T = Link; T; T = T->Prev) +; 381 : //First checking backwards because I feel like thats the direction most jmps are in +; 382 : for (PNATIVE_CODE_LINK T = Link; T; T = T->Prev) 00042 48 8b 85 40 01 00 00 mov rax, QWORD PTR Link$[rbp] @@ -14019,8 +14031,8 @@ $LN4@NcGetDelta: 0005b 48 83 7d 28 00 cmp QWORD PTR T$1[rbp], 0 00060 74 4c je SHORT $LN3@NcGetDelta -; 381 : { -; 382 : if (T->Flags & CODE_FLAG_IS_LABEL) +; 383 : { +; 384 : if (T->Flags & CODE_FLAG_IS_LABEL) 00062 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 00066 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -14028,8 +14040,8 @@ $LN4@NcGetDelta: 0006c 85 c0 test eax, eax 0006e 74 2b je SHORT $LN8@NcGetDelta -; 383 : { -; 384 : if (T->Label == Link->Label) +; 385 : { +; 386 : if (T->Label == Link->Label) 00070 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 00074 48 8b 8d 40 01 @@ -14038,28 +14050,28 @@ $LN4@NcGetDelta: 0007e 39 48 1c cmp DWORD PTR [rax+28], ecx 00081 75 16 jne SHORT $LN9@NcGetDelta -; 385 : { -; 386 : *DeltaOut = Delta; +; 387 : { +; 388 : *DeltaOut = Delta; 00083 48 8b 85 48 01 00 00 mov rax, QWORD PTR DeltaOut$[rbp] 0008a 8b 4d 04 mov ecx, DWORD PTR Delta$[rbp] 0008d 89 08 mov DWORD PTR [rax], ecx -; 387 : return TRUE; +; 389 : return TRUE; 0008f b8 01 00 00 00 mov eax, 1 00094 e9 89 00 00 00 jmp $LN1@NcGetDelta $LN9@NcGetDelta: -; 388 : } -; 389 : continue; +; 390 : } +; 391 : continue; 00099 eb b4 jmp SHORT $LN2@NcGetDelta $LN8@NcGetDelta: -; 390 : } -; 391 : Delta -= T->RawDataSize; +; 392 : } +; 393 : Delta -= T->RawDataSize; 0009b 48 8b 45 28 mov rax, QWORD PTR T$1[rbp] 0009f 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -14068,19 +14080,19 @@ $LN8@NcGetDelta: 000a7 8b c1 mov eax, ecx 000a9 89 45 04 mov DWORD PTR Delta$[rbp], eax -; 392 : } +; 394 : } 000ac eb a1 jmp SHORT $LN2@NcGetDelta $LN3@NcGetDelta: -; 393 : -; 394 : //Now check forwards -; 395 : Delta = 0; +; 395 : +; 396 : //Now check forwards +; 397 : Delta = 0; 000ae c7 45 04 00 00 00 00 mov DWORD PTR Delta$[rbp], 0 -; 396 : for (PNATIVE_CODE_LINK T = Link->Next; T; T = T->Next) +; 398 : for (PNATIVE_CODE_LINK T = Link->Next; T; T = T->Next) 000b5 48 8b 85 40 01 00 00 mov rax, QWORD PTR Link$[rbp] @@ -14095,8 +14107,8 @@ $LN7@NcGetDelta: 000d0 48 83 7d 48 00 cmp QWORD PTR T$2[rbp], 0 000d5 74 49 je SHORT $LN6@NcGetDelta -; 397 : { -; 398 : if (T->Flags & CODE_FLAG_IS_LABEL) +; 399 : { +; 400 : if (T->Flags & CODE_FLAG_IS_LABEL) 000d7 48 8b 45 48 mov rax, QWORD PTR T$2[rbp] 000db 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -14104,8 +14116,8 @@ $LN7@NcGetDelta: 000e1 85 c0 test eax, eax 000e3 74 28 je SHORT $LN10@NcGetDelta -; 399 : { -; 400 : if (T->Label == Link->Label) +; 401 : { +; 402 : if (T->Label == Link->Label) 000e5 48 8b 45 48 mov rax, QWORD PTR T$2[rbp] 000e9 48 8b 8d 40 01 @@ -14114,28 +14126,28 @@ $LN7@NcGetDelta: 000f3 39 48 1c cmp DWORD PTR [rax+28], ecx 000f6 75 13 jne SHORT $LN11@NcGetDelta -; 401 : { -; 402 : *DeltaOut = Delta; +; 403 : { +; 404 : *DeltaOut = Delta; 000f8 48 8b 85 48 01 00 00 mov rax, QWORD PTR DeltaOut$[rbp] 000ff 8b 4d 04 mov ecx, DWORD PTR Delta$[rbp] 00102 89 08 mov DWORD PTR [rax], ecx -; 403 : return TRUE; +; 405 : return TRUE; 00104 b8 01 00 00 00 mov eax, 1 00109 eb 17 jmp SHORT $LN1@NcGetDelta $LN11@NcGetDelta: -; 404 : } -; 405 : continue; +; 406 : } +; 407 : continue; 0010b eb b8 jmp SHORT $LN5@NcGetDelta $LN10@NcGetDelta: -; 406 : } -; 407 : Delta += T->RawDataSize; +; 408 : } +; 409 : Delta += T->RawDataSize; 0010d 48 8b 45 48 mov rax, QWORD PTR T$2[rbp] 00111 8b 40 28 mov eax, DWORD PTR [rax+40] @@ -14144,17 +14156,17 @@ $LN10@NcGetDelta: 00119 8b c1 mov eax, ecx 0011b 89 45 04 mov DWORD PTR Delta$[rbp], eax -; 408 : } +; 410 : } 0011e eb a5 jmp SHORT $LN5@NcGetDelta $LN6@NcGetDelta: -; 409 : return FALSE; +; 411 : return FALSE; 00120 33 c0 xor eax, eax $LN1@NcGetDelta: -; 410 : } +; 412 : } 00122 48 8d a5 28 01 00 00 lea rsp, QWORD PTR [rbp+296] @@ -14171,7 +14183,7 @@ Block$ = 224 BlockCopy$ = 232 ?NcDeepCopyBlock@@YAHPEAU_NATIVE_CODE_BLOCK@@0@Z PROC ; NcDeepCopyBlock, COMDAT -; 372 : { +; 374 : { $LN3: 00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx @@ -14191,7 +14203,7 @@ $LN3: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 373 : return NcDeepCopyPartialBlock(Block->Start, Block->End, BlockCopy); +; 375 : return NcDeepCopyPartialBlock(Block->Start, Block->End, BlockCopy); 0003b 4c 8b 85 e8 00 00 00 mov r8, QWORD PTR BlockCopy$[rbp] @@ -14203,7 +14215,7 @@ $LN3: 00054 48 8b 08 mov rcx, QWORD PTR [rax] 00057 e8 00 00 00 00 call ?NcDeepCopyPartialBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeepCopyPartialBlock -; 374 : } +; 376 : } 0005c 48 8d a5 c8 00 00 00 lea rsp, QWORD PTR [rbp+200] @@ -14229,7 +14241,7 @@ End$ = 440 Block$ = 448 ?NcDeepCopyPartialBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z PROC ; NcDeepCopyPartialBlock, COMDAT -; 347 : { +; 349 : { $LN12: 00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8 @@ -14255,7 +14267,7 @@ $LN12: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 0004c e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 348 : if (!Start || !End || !Start->Block || Start->Block != End->Block || !Block) +; 350 : if (!Start || !End || !Start->Block || Start->Block != End->Block || !Block) 00051 48 83 bd b0 01 00 00 00 cmp QWORD PTR Start$[rbp], 0 @@ -14279,14 +14291,14 @@ $LN12: 00093 75 07 jne SHORT $LN8@NcDeepCopy $LN9@NcDeepCopy: -; 349 : return FALSE; +; 351 : return FALSE; 00095 33 c0 xor eax, eax 00097 e9 27 01 00 00 jmp $LN1@NcDeepCopy $LN8@NcDeepCopy: -; 350 : -; 351 : Block->LabelIds.clear(); +; 352 : +; 353 : Block->LabelIds.clear(); 0009c 48 8b 85 c0 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -14294,7 +14306,7 @@ $LN8@NcDeepCopy: 000a7 48 8b c8 mov rcx, rax 000aa e8 00 00 00 00 call ?clear@?$vector@KV?$allocator@K@std@@@std@@QEAAXXZ ; std::vector >::clear -; 352 : Block->Start = Block->End = NULL; +; 354 : Block->Start = Block->End = NULL; 000af 48 8b 85 c0 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -14305,8 +14317,8 @@ $LN8@NcDeepCopy: 000c5 48 c7 00 00 00 00 00 mov QWORD PTR [rax], 0 -; 353 : -; 354 : for (ULONG L : Start->Block->LabelIds) +; 355 : +; 356 : for (ULONG L : Start->Block->LabelIds) 000cc 48 8b 85 b0 01 00 00 mov rax, QWORD PTR Start$[rbp] @@ -14332,7 +14344,7 @@ $LN4@NcDeepCopy: 00115 8b 00 mov eax, DWORD PTR [rax] 00117 89 45 64 mov DWORD PTR L$7[rbp], eax -; 355 : Block->LabelIds.push_back(L); +; 357 : Block->LabelIds.push_back(L); 0011a 48 8b 85 c0 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -14346,8 +14358,8 @@ $LN4@NcDeepCopy: 0013c eb bd jmp SHORT $LN2@NcDeepCopy $LN3@NcDeepCopy: -; 356 : -; 357 : for (PNATIVE_CODE_LINK CurLink = Start; CurLink && CurLink != End->Next; CurLink = CurLink->Next) +; 358 : +; 359 : for (PNATIVE_CODE_LINK CurLink = Start; CurLink && CurLink != End->Next; CurLink = CurLink->Next) 0013e 48 8b 85 b0 01 00 00 mov rax, QWORD PTR Start$[rbp] @@ -14371,8 +14383,8 @@ $LN7@NcDeepCopy: 00 00 cmp QWORD PTR CurLink$8[rbp], rax 0017a 74 42 je SHORT $LN6@NcDeepCopy -; 358 : { -; 359 : PNATIVE_CODE_LINK Temp = NcDeepCopyLink(CurLink); +; 360 : { +; 361 : PNATIVE_CODE_LINK Temp = NcDeepCopyLink(CurLink); 0017c 48 8b 8d 88 00 00 00 mov rcx, QWORD PTR CurLink$8[rbp] @@ -14380,27 +14392,27 @@ $LN7@NcDeepCopy: 00188 48 89 85 a8 00 00 00 mov QWORD PTR Temp$9[rbp], rax -; 360 : if (!Temp) +; 362 : if (!Temp) 0018f 48 83 bd a8 00 00 00 00 cmp QWORD PTR Temp$9[rbp], 0 00197 75 10 jne SHORT $LN10@NcDeepCopy -; 361 : { -; 362 : NcDeleteBlock(Block); +; 363 : { +; 364 : NcDeleteBlock(Block); 00199 48 8b 8d c0 01 00 00 mov rcx, QWORD PTR Block$[rbp] 001a0 e8 00 00 00 00 call ?NcDeleteBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeleteBlock -; 363 : return FALSE; +; 365 : return FALSE; 001a5 33 c0 xor eax, eax 001a7 eb 1a jmp SHORT $LN1@NcDeepCopy $LN10@NcDeepCopy: -; 364 : } -; 365 : NcAppendToBlock(Block, Temp); +; 366 : } +; 367 : NcAppendToBlock(Block, Temp); 001a9 48 8b 95 a8 00 00 00 mov rdx, QWORD PTR Temp$9[rbp] @@ -14408,18 +14420,18 @@ $LN10@NcDeepCopy: 00 00 mov rcx, QWORD PTR Block$[rbp] 001b7 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock -; 366 : } +; 368 : } 001bc eb 90 jmp SHORT $LN5@NcDeepCopy $LN6@NcDeepCopy: -; 367 : -; 368 : return TRUE; +; 369 : +; 370 : return TRUE; 001be b8 01 00 00 00 mov eax, 1 $LN1@NcDeepCopy: -; 369 : } +; 371 : } 001c3 48 8b f8 mov rdi, rax 001c6 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] @@ -14462,7 +14474,7 @@ tv81 = 536 Link$ = 576 ?NcDeepCopyLink@@YAPEAU_NATIVE_CODE_LINK@@PEAU1@@Z PROC ; NcDeepCopyLink, COMDAT -; 319 : { +; 321 : { $LN18: 00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx @@ -14481,7 +14493,7 @@ $LN18: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 320 : if (Link->Flags & CODE_FLAG_IS_LABEL) +; 322 : if (Link->Flags & CODE_FLAG_IS_LABEL) 00036 48 8b 85 40 02 00 00 mov rax, QWORD PTR Link$[rbp] @@ -14490,8 +14502,8 @@ $LN18: 00043 85 c0 test eax, eax 00045 74 67 je SHORT $LN5@NcDeepCopy -; 321 : { -; 322 : return new NATIVE_CODE_LINK(Link->Label, NULL); +; 323 : { +; 324 : return new NATIVE_CODE_LINK(Link->Label, NULL); 00047 b9 10 01 00 00 mov ecx, 272 ; 00000110H 0004c e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new @@ -14523,14 +14535,14 @@ $LN11@NcDeepCopy: 00 00 mov rax, QWORD PTR $T7[rbp] 000a4 e9 df 01 00 00 jmp $LN1@NcDeepCopy -; 323 : } +; 325 : } 000a9 e9 da 01 00 00 jmp $LN1@NcDeepCopy $LN5@NcDeepCopy: -; 324 : else -; 325 : { -; 326 : PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(Link->Flags, Link->RawData, Link->RawDataSize); +; 326 : else +; 327 : { +; 328 : PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(Link->Flags, Link->RawData, Link->RawDataSize); 000ae b9 10 01 00 00 mov ecx, 272 ; 00000110H 000b3 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new @@ -14569,7 +14581,7 @@ $LN13@NcDeepCopy: 00 00 mov rax, QWORD PTR $T9[rbp] 00126 48 89 45 08 mov QWORD PTR NewLink$1[rbp], rax -; 327 : NewLink->Label = Link->Label; +; 329 : NewLink->Label = Link->Label; 0012a 48 8b 45 08 mov rax, QWORD PTR NewLink$1[rbp] 0012e 48 8b 8d 40 02 @@ -14577,7 +14589,7 @@ $LN13@NcDeepCopy: 00135 8b 49 1c mov ecx, DWORD PTR [rcx+28] 00138 89 48 1c mov DWORD PTR [rax+28], ecx -; 328 : XED_ERROR_ENUM DecodeError = XedDecode(&NewLink->XedInstruction, Link->RawData, Link->RawDataSize); +; 330 : XED_ERROR_ENUM DecodeError = XedDecode(&NewLink->XedInstruction, Link->RawData, Link->RawDataSize); 0013b 48 8b 45 08 mov rax, QWORD PTR NewLink$1[rbp] 0013f 48 83 c0 30 add rax, 48 ; 00000030H @@ -14591,13 +14603,13 @@ $LN13@NcDeepCopy: 0015c e8 00 00 00 00 call xed_decode 00161 89 45 24 mov DWORD PTR DecodeError$2[rbp], eax -; 329 : if (DecodeError != XED_ERROR_NONE) +; 331 : if (DecodeError != XED_ERROR_NONE) 00164 83 7d 24 00 cmp DWORD PTR DecodeError$2[rbp], 0 00168 74 7a je SHORT $LN7@NcDeepCopy -; 330 : { -; 331 : printf("XedDecode failed in NcDeepCopyLink: %s %u\n", XedErrorEnumToString(DecodeError), Link->RawDataSize); +; 332 : { +; 333 : printf("XedDecode failed in NcDeepCopyLink: %s %u\n", XedErrorEnumToString(DecodeError), Link->RawDataSize); 0016a 48 8b 85 40 02 00 00 mov rax, QWORD PTR Link$[rbp] @@ -14616,7 +14628,7 @@ $LN13@NcDeepCopy: 00 00 lea rcx, OFFSET FLAT:??_C@_0CL@COPJALEP@XedDecode?5failed?5in?5NcDeepCopyL@ 0019e e8 00 00 00 00 call printf -; 332 : delete NewLink; +; 334 : delete NewLink; 001a3 48 8b 45 08 mov rax, QWORD PTR NewLink$1[rbp] 001a7 48 89 85 08 02 @@ -14637,14 +14649,14 @@ $LN14@NcDeepCopy: 00 mov QWORD PTR tv155[rbp], 0 $LN15@NcDeepCopy: -; 333 : return NULL; +; 335 : return NULL; 001dd 33 c0 xor eax, eax 001df e9 a4 00 00 00 jmp $LN1@NcDeepCopy $LN7@NcDeepCopy: -; 334 : } -; 335 : if (Link->Flags & CODE_FLAG_HAS_ASM_OP) +; 336 : } +; 337 : if (Link->Flags & CODE_FLAG_HAS_ASM_OP) 001e4 48 8b 85 40 02 00 00 mov rax, QWORD PTR Link$[rbp] @@ -14654,8 +14666,8 @@ $LN7@NcDeepCopy: 001f3 0f 84 8b 00 00 00 je $LN8@NcDeepCopy -; 336 : { -; 337 : for (STDPAIR CONST& Op : Link->AsmOperations) +; 338 : { +; 339 : for (STDPAIR CONST& Op : Link->AsmOperations) 001f9 48 8b 85 40 02 00 00 mov rax, QWORD PTR Link$[rbp] @@ -14683,8 +14695,8 @@ $LN4@NcDeepCopy: 00246 48 89 85 a8 00 00 00 mov QWORD PTR Op$6[rbp], rax -; 338 : { -; 339 : NewLink->AsmOperations.emplace_back(Op.first, Op.second); +; 340 : { +; 341 : NewLink->AsmOperations.emplace_back(Op.first, Op.second); 0024d 48 8b 45 08 mov rax, QWORD PTR NewLink$1[rbp] 00251 48 05 f0 00 00 @@ -14702,19 +14714,19 @@ $LN4@NcDeepCopy: 00 00 mov rcx, QWORD PTR tv174[rbp] 0027d e8 00 00 00 00 call ??$emplace_back@AEBQ6AHPEAU_NATIVE_CODE_LINK@@PEAEPEAX@ZAEBQEAX@?$vector@U?$pair@P6AHPEAU_NATIVE_CODE_LINK@@PEAEPEAX@ZPEAX@std@@V?$allocator@U?$pair@P6AHPEAU_NATIVE_CODE_LINK@@PEAEPEAX@ZPEAX@std@@@2@@std@@QEAA@AEBQ6AHPEAU_NATIVE_CODE_LINK@@PEAEPEAX@ZAEBQEAX@Z ; std::vector,std::allocator > >::emplace_back -; 340 : } +; 342 : } 00282 eb a5 jmp SHORT $LN2@NcDeepCopy $LN8@NcDeepCopy: -; 341 : } -; 342 : return NewLink; +; 343 : } +; 344 : return NewLink; 00284 48 8b 45 08 mov rax, QWORD PTR NewLink$1[rbp] $LN1@NcDeepCopy: -; 343 : } -; 344 : } +; 345 : } +; 346 : } 00288 48 8d a5 28 02 00 00 lea rsp, QWORD PTR [rbp+552] @@ -14882,9 +14894,9 @@ Jmp$ = 256 Delta$ = 264 ?NcValidateJmp@@YAPEAU_NATIVE_CODE_LINK@@PEAU1@H@Z PROC ; NcValidateJmp, COMDAT -; 279 : { +; 280 : { -$LN23: +$LN21: 00000 89 54 24 10 mov DWORD PTR [rsp+16], edx 00004 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx 00009 55 push rbp @@ -14902,239 +14914,238 @@ $LN23: 00 00 lea rcx, OFFSET FLAT:__84EFCFFB_NativeCode@cpp 00035 e8 00 00 00 00 call __CheckForDebuggerJustMyCode -; 280 : PNATIVE_CODE_LINK T; -; 281 : if (Delta > 0) +; 281 : printf("Started.\n"); + + 0003a 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_09DJLGANOC@Started?4?6@ + 00041 e8 00 00 00 00 call printf - 0003a 83 bd 08 01 00 +; 282 : PNATIVE_CODE_LINK T; +; 283 : if (Delta > 0) + + 00046 83 bd 08 01 00 00 00 cmp DWORD PTR Delta$[rbp], 0 - 00041 0f 8e a2 00 00 + 0004d 0f 8e a0 00 00 00 jle $LN10@NcValidate -; 282 : { -; 283 : T = Jmp->Next; +; 284 : { +; 285 : T = Jmp->Next; - 00047 48 8b 85 00 01 + 00053 48 8b 85 00 01 00 00 mov rax, QWORD PTR Jmp$[rbp] - 0004e 48 8b 00 mov rax, QWORD PTR [rax] - 00051 48 89 45 08 mov QWORD PTR T$[rbp], rax -$LN21@NcValidate: + 0005a 48 8b 00 mov rax, QWORD PTR [rax] + 0005d 48 89 45 08 mov QWORD PTR T$[rbp], rax $LN2@NcValidate: -; 284 : while (Delta > 0 && T) +; 286 : while (Delta > 0 && T) - 00055 83 bd 08 01 00 + 00061 83 bd 08 01 00 00 00 cmp DWORD PTR Delta$[rbp], 0 - 0005c 7e 44 jle SHORT $LN3@NcValidate - 0005e 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 - 00063 74 3d je SHORT $LN3@NcValidate - -; 285 : { -; 286 : if (T->Flags & CODE_FLAG_IS_LABEL) - - 00065 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 00069 8b 40 18 mov eax, DWORD PTR [rax+24] - 0006c 83 e0 01 and eax, 1 - 0006f 85 c0 test eax, eax - 00071 74 02 je SHORT $LN12@NcValidate - -; 287 : continue; - - 00073 eb e0 jmp SHORT $LN2@NcValidate -$LN12@NcValidate: - -; 288 : Delta -= XedDecodedInstGetLength(&T->XedInstruction); - - 00075 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 00079 48 83 c0 30 add rax, 48 ; 00000030H - 0007d 48 8b c8 mov rcx, rax - 00080 e8 00 00 00 00 call xed_decoded_inst_get_length - 00085 8b 8d 08 01 00 + 00068 7e 42 jle SHORT $LN3@NcValidate + 0006a 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 + 0006f 74 3b je SHORT $LN3@NcValidate + +; 287 : { +; 288 : if (!(T->Flags & CODE_FLAG_IS_LABEL)) + + 00071 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 00075 8b 40 18 mov eax, DWORD PTR [rax+24] + 00078 83 e0 01 and eax, 1 + 0007b 85 c0 test eax, eax + 0007d 75 20 jne SHORT $LN12@NcValidate + +; 289 : Delta -= XedDecodedInstGetLength(&T->XedInstruction); + + 0007f 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 00083 48 83 c0 30 add rax, 48 ; 00000030H + 00087 48 8b c8 mov rcx, rax + 0008a e8 00 00 00 00 call xed_decoded_inst_get_length + 0008f 8b 8d 08 01 00 00 mov ecx, DWORD PTR Delta$[rbp] - 0008b 2b c8 sub ecx, eax - 0008d 8b c1 mov eax, ecx - 0008f 89 85 08 01 00 + 00095 2b c8 sub ecx, eax + 00097 8b c1 mov eax, ecx + 00099 89 85 08 01 00 00 mov DWORD PTR Delta$[rbp], eax +$LN12@NcValidate: -; 289 : T = T->Next; +; 290 : T = T->Next; - 00095 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 00099 48 8b 00 mov rax, QWORD PTR [rax] - 0009c 48 89 45 08 mov QWORD PTR T$[rbp], rax + 0009f 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 000a3 48 8b 00 mov rax, QWORD PTR [rax] + 000a6 48 89 45 08 mov QWORD PTR T$[rbp], rax -; 290 : } +; 291 : } - 000a0 eb b3 jmp SHORT $LN21@NcValidate + 000aa eb b5 jmp SHORT $LN2@NcValidate $LN3@NcValidate: -; 291 : if (Delta != 0 || !T) +; 292 : if (Delta != 0 || !T) - 000a2 83 bd 08 01 00 + 000ac 83 bd 08 01 00 00 00 cmp DWORD PTR Delta$[rbp], 0 - 000a9 75 07 jne SHORT $LN14@NcValidate - 000ab 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 - 000b0 75 07 jne SHORT $LN13@NcValidate + 000b3 75 07 jne SHORT $LN14@NcValidate + 000b5 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 + 000ba 75 07 jne SHORT $LN13@NcValidate $LN14@NcValidate: -; 292 : return NULL; +; 293 : return NULL; - 000b2 33 c0 xor eax, eax - 000b4 e9 db 00 00 00 jmp $LN1@NcValidate + 000bc 33 c0 xor eax, eax + 000be e9 dc 00 00 00 jmp $LN1@NcValidate $LN13@NcValidate: $LN4@NcValidate: -; 293 : while (T && (T->Flags & CODE_FLAG_IS_LABEL)) +; 294 : while (T && (T->Flags & CODE_FLAG_IS_LABEL)) - 000b9 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 - 000be 74 1b je SHORT $LN5@NcValidate - 000c0 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 000c4 8b 40 18 mov eax, DWORD PTR [rax+24] - 000c7 83 e0 01 and eax, 1 - 000ca 85 c0 test eax, eax - 000cc 74 0d je SHORT $LN5@NcValidate + 000c3 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 + 000c8 74 1b je SHORT $LN5@NcValidate + 000ca 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 000ce 8b 40 18 mov eax, DWORD PTR [rax+24] + 000d1 83 e0 01 and eax, 1 + 000d4 85 c0 test eax, eax + 000d6 74 0d je SHORT $LN5@NcValidate -; 294 : T = T->Next; +; 295 : T = T->Next; - 000ce 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 000d2 48 8b 00 mov rax, QWORD PTR [rax] - 000d5 48 89 45 08 mov QWORD PTR T$[rbp], rax - 000d9 eb de jmp SHORT $LN4@NcValidate + 000d8 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 000dc 48 8b 00 mov rax, QWORD PTR [rax] + 000df 48 89 45 08 mov QWORD PTR T$[rbp], rax + 000e3 eb de jmp SHORT $LN4@NcValidate $LN5@NcValidate: -; 295 : return T; +; 296 : return T; - 000db 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 000df e9 b0 00 00 00 jmp $LN1@NcValidate + 000e5 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 000e9 e9 b1 00 00 00 jmp $LN1@NcValidate -; 296 : } +; 297 : } - 000e4 e9 a4 00 00 00 jmp $LN11@NcValidate + 000ee e9 a2 00 00 00 jmp $LN11@NcValidate $LN10@NcValidate: -; 297 : else if (Delta < 0) +; 298 : else if (Delta < 0) - 000e9 83 bd 08 01 00 + 000f3 83 bd 08 01 00 00 00 cmp DWORD PTR Delta$[rbp], 0 - 000f0 0f 8d 97 00 00 + 000fa 0f 8d 95 00 00 00 jge $LN15@NcValidate -; 298 : { -; 299 : T = Jmp; +; 299 : { +; 300 : T = Jmp; - 000f6 48 8b 85 00 01 + 00100 48 8b 85 00 01 00 00 mov rax, QWORD PTR Jmp$[rbp] - 000fd 48 89 45 08 mov QWORD PTR T$[rbp], rax -$LN22@NcValidate: + 00107 48 89 45 08 mov QWORD PTR T$[rbp], rax $LN6@NcValidate: -; 300 : while (T) - - 00101 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 - 00106 74 49 je SHORT $LN7@NcValidate +; 301 : while (T) -; 301 : { -; 302 : if (T->Flags & CODE_FLAG_IS_LABEL) + 0010b 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 + 00110 74 47 je SHORT $LN7@NcValidate - 00108 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 0010c 8b 40 18 mov eax, DWORD PTR [rax+24] - 0010f 83 e0 01 and eax, 1 - 00112 85 c0 test eax, eax - 00114 74 02 je SHORT $LN16@NcValidate +; 302 : { +; 303 : if (!(T->Flags & CODE_FLAG_IS_LABEL)) -; 303 : continue; - - 00116 eb e9 jmp SHORT $LN6@NcValidate -$LN16@NcValidate: + 00112 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 00116 8b 40 18 mov eax, DWORD PTR [rax+24] + 00119 83 e0 01 and eax, 1 + 0011c 85 c0 test eax, eax + 0011e 75 2b jne SHORT $LN16@NcValidate -; 304 : Delta += XedDecodedInstGetLength(&T->XedInstruction); +; 304 : { +; 305 : Delta += XedDecodedInstGetLength(&T->XedInstruction); - 00118 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 0011c 48 83 c0 30 add rax, 48 ; 00000030H - 00120 48 8b c8 mov rcx, rax - 00123 e8 00 00 00 00 call xed_decoded_inst_get_length - 00128 8b 8d 08 01 00 + 00120 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 00124 48 83 c0 30 add rax, 48 ; 00000030H + 00128 48 8b c8 mov rcx, rax + 0012b e8 00 00 00 00 call xed_decoded_inst_get_length + 00130 8b 8d 08 01 00 00 mov ecx, DWORD PTR Delta$[rbp] - 0012e 03 c8 add ecx, eax - 00130 8b c1 mov eax, ecx - 00132 89 85 08 01 00 + 00136 03 c8 add ecx, eax + 00138 8b c1 mov eax, ecx + 0013a 89 85 08 01 00 00 mov DWORD PTR Delta$[rbp], eax -; 305 : if (Delta >= 0) +; 306 : if (Delta >= 0) - 00138 83 bd 08 01 00 + 00140 83 bd 08 01 00 00 00 cmp DWORD PTR Delta$[rbp], 0 - 0013f 7c 02 jl SHORT $LN17@NcValidate + 00147 7c 02 jl SHORT $LN17@NcValidate -; 306 : break; +; 307 : break; - 00141 eb 0e jmp SHORT $LN7@NcValidate + 00149 eb 0e jmp SHORT $LN7@NcValidate $LN17@NcValidate: +$LN16@NcValidate: -; 307 : T = T->Prev; +; 308 : } +; 309 : T = T->Prev; - 00143 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 00147 48 8b 40 08 mov rax, QWORD PTR [rax+8] - 0014b 48 89 45 08 mov QWORD PTR T$[rbp], rax + 0014b 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 0014f 48 8b 40 08 mov rax, QWORD PTR [rax+8] + 00153 48 89 45 08 mov QWORD PTR T$[rbp], rax -; 308 : } +; 310 : } - 0014f eb b0 jmp SHORT $LN22@NcValidate + 00157 eb b2 jmp SHORT $LN6@NcValidate $LN7@NcValidate: -; 309 : if (Delta != 0 || !T) +; 311 : if (Delta != 0 || !T) - 00151 83 bd 08 01 00 + 00159 83 bd 08 01 00 00 00 cmp DWORD PTR Delta$[rbp], 0 - 00158 75 07 jne SHORT $LN19@NcValidate - 0015a 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 - 0015f 75 04 jne SHORT $LN18@NcValidate + 00160 75 07 jne SHORT $LN19@NcValidate + 00162 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 + 00167 75 04 jne SHORT $LN18@NcValidate $LN19@NcValidate: -; 310 : return NULL; +; 312 : return NULL; - 00161 33 c0 xor eax, eax - 00163 eb 2f jmp SHORT $LN1@NcValidate + 00169 33 c0 xor eax, eax + 0016b eb 32 jmp SHORT $LN1@NcValidate $LN18@NcValidate: $LN8@NcValidate: -; 311 : while (T && (T->Flags & CODE_FLAG_IS_LABEL)) +; 313 : while (T && (T->Flags & CODE_FLAG_IS_LABEL)) - 00165 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 - 0016a 74 1b je SHORT $LN9@NcValidate - 0016c 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 00170 8b 40 18 mov eax, DWORD PTR [rax+24] - 00173 83 e0 01 and eax, 1 - 00176 85 c0 test eax, eax - 00178 74 0d je SHORT $LN9@NcValidate + 0016d 48 83 7d 08 00 cmp QWORD PTR T$[rbp], 0 + 00172 74 1b je SHORT $LN9@NcValidate + 00174 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 00178 8b 40 18 mov eax, DWORD PTR [rax+24] + 0017b 83 e0 01 and eax, 1 + 0017e 85 c0 test eax, eax + 00180 74 0d je SHORT $LN9@NcValidate -; 312 : T = T->Next; +; 314 : T = T->Next; - 0017a 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 0017e 48 8b 00 mov rax, QWORD PTR [rax] - 00181 48 89 45 08 mov QWORD PTR T$[rbp], rax - 00185 eb de jmp SHORT $LN8@NcValidate + 00182 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 00186 48 8b 00 mov rax, QWORD PTR [rax] + 00189 48 89 45 08 mov QWORD PTR T$[rbp], rax + 0018d eb de jmp SHORT $LN8@NcValidate $LN9@NcValidate: -; 313 : return T; +; 315 : return T; - 00187 48 8b 45 08 mov rax, QWORD PTR T$[rbp] - 0018b eb 07 jmp SHORT $LN1@NcValidate + 0018f 48 8b 45 08 mov rax, QWORD PTR T$[rbp] + 00193 eb 0a jmp SHORT $LN1@NcValidate $LN15@NcValidate: $LN11@NcValidate: -; 314 : } -; 315 : return Jmp; +; 316 : } +; 317 : return Jmp->Next; - 0018d 48 8b 85 00 01 + 00195 48 8b 85 00 01 00 00 mov rax, QWORD PTR Jmp$[rbp] + 0019c 48 8b 00 mov rax, QWORD PTR [rax] $LN1@NcValidate: -; 316 : } +; 318 : } - 00194 48 8d a5 e8 00 + 0019f 48 8d a5 e8 00 00 00 lea rsp, QWORD PTR [rbp+232] - 0019b 5f pop rdi - 0019c 5d pop rbp - 0019d c3 ret 0 + 001a6 5f pop rdi + 001a7 5d pop rbp + 001a8 c3 ret 0 ?NcValidateJmp@@YAPEAU_NATIVE_CODE_LINK@@PEAU1@H@Z ENDP ; NcValidateJmp _TEXT ENDS ; Function compile flags: /Odtp /RTCsu /ZI @@ -15152,8 +15163,8 @@ BranchDisplacement$10 = 228 JmpPos$11 = 264 $T12 = 488 $T13 = 520 -tv163 = 536 -tv157 = 536 +tv164 = 536 +tv158 = 536 __$ArrayPad$ = 544 Block$ = 592 ?NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; NcCreateLabels, COMDAT @@ -15200,7 +15211,7 @@ $LN2@NcCreateLa: 00065 48 89 45 28 mov QWORD PTR T$4[rbp], rax $LN4@NcCreateLa: 00069 48 83 7d 28 00 cmp QWORD PTR T$4[rbp], 0 - 0006e 0f 84 07 02 00 + 0006e 0f 84 13 02 00 00 je $LN3@NcCreateLa ; 230 : { @@ -15341,157 +15352,163 @@ $LN10@NcCreateLa: 00158 48 89 85 08 01 00 00 mov QWORD PTR JmpPos$11[rbp], rax -; 256 : if (!JmpPos) +; 256 : printf("Ended.\n"); + + 0015f 48 8d 0d 00 00 + 00 00 lea rcx, OFFSET FLAT:??_C@_07JOOGINOC@Ended?4?6@ + 00166 e8 00 00 00 00 call printf + +; 257 : if (!JmpPos) - 0015f 48 83 bd 08 01 + 0016b 48 83 bd 08 01 00 00 00 cmp QWORD PTR JmpPos$11[rbp], 0 - 00167 75 25 jne SHORT $LN11@NcCreateLa + 00173 75 25 jne SHORT $LN11@NcCreateLa -; 257 : { -; 258 : printf("Failed to validate jump. Type: %s, Displacement: %d\n", XedCategoryEnumToString(Category), BranchDisplacement); +; 258 : { +; 259 : printf("Failed to validate jump. Type: %s, Displacement: %d\n", XedCategoryEnumToString(Category), BranchDisplacement); - 00169 8b 4d 44 mov ecx, DWORD PTR Category$5[rbp] - 0016c e8 00 00 00 00 call xed_category_enum_t2str - 00171 44 8b 85 e4 00 + 00175 8b 4d 44 mov ecx, DWORD PTR Category$5[rbp] + 00178 e8 00 00 00 00 call xed_category_enum_t2str + 0017d 44 8b 85 e4 00 00 00 mov r8d, DWORD PTR BranchDisplacement$10[rbp] - 00178 48 8b d0 mov rdx, rax - 0017b 48 8d 0d 00 00 + 00184 48 8b d0 mov rdx, rax + 00187 48 8d 0d 00 00 00 00 lea rcx, OFFSET FLAT:??_C@_0DF@KKBEBOEB@Failed?5to?5validate?5jump?4?5Type?3?5@ - 00182 e8 00 00 00 00 call printf + 0018e e8 00 00 00 00 call printf -; 259 : return FALSE; +; 260 : return FALSE; - 00187 33 c0 xor eax, eax - 00189 e9 f2 00 00 00 jmp $LN1@NcCreateLa + 00193 33 c0 xor eax, eax + 00195 e9 f2 00 00 00 jmp $LN1@NcCreateLa $LN11@NcCreateLa: -; 260 : } -; 261 : -; 262 : if (JmpPos->Prev && (JmpPos->Prev->Flags & CODE_FLAG_IS_LABEL)) +; 261 : } +; 262 : +; 263 : if (JmpPos->Prev && (JmpPos->Prev->Flags & CODE_FLAG_IS_LABEL)) - 0018e 48 8b 85 08 01 + 0019a 48 8b 85 08 01 00 00 mov rax, QWORD PTR JmpPos$11[rbp] - 00195 48 83 78 08 00 cmp QWORD PTR [rax+8], 0 - 0019a 74 2f je SHORT $LN12@NcCreateLa - 0019c 48 8b 85 08 01 + 001a1 48 83 78 08 00 cmp QWORD PTR [rax+8], 0 + 001a6 74 2f je SHORT $LN12@NcCreateLa + 001a8 48 8b 85 08 01 00 00 mov rax, QWORD PTR JmpPos$11[rbp] - 001a3 48 8b 40 08 mov rax, QWORD PTR [rax+8] - 001a7 8b 40 18 mov eax, DWORD PTR [rax+24] - 001aa 83 e0 01 and eax, 1 - 001ad 85 c0 test eax, eax - 001af 74 1a je SHORT $LN12@NcCreateLa + 001af 48 8b 40 08 mov rax, QWORD PTR [rax+8] + 001b3 8b 40 18 mov eax, DWORD PTR [rax+24] + 001b6 83 e0 01 and eax, 1 + 001b9 85 c0 test eax, eax + 001bb 74 1a je SHORT $LN12@NcCreateLa -; 263 : { -; 264 : T->Label = JmpPos->Prev->Label; +; 264 : { +; 265 : T->Label = JmpPos->Prev->Label; - 001b1 48 8b 85 08 01 + 001bd 48 8b 85 08 01 00 00 mov rax, QWORD PTR JmpPos$11[rbp] - 001b8 48 8b 40 08 mov rax, QWORD PTR [rax+8] - 001bc 48 8b 4d 28 mov rcx, QWORD PTR T$4[rbp] - 001c0 8b 40 1c mov eax, DWORD PTR [rax+28] - 001c3 89 41 1c mov DWORD PTR [rcx+28], eax + 001c4 48 8b 40 08 mov rax, QWORD PTR [rax+8] + 001c8 48 8b 4d 28 mov rcx, QWORD PTR T$4[rbp] + 001cc 8b 40 1c mov eax, DWORD PTR [rax+28] + 001cf 89 41 1c mov DWORD PTR [rcx+28], eax -; 265 : } +; 266 : } - 001c6 e9 9a 00 00 00 jmp $LN13@NcCreateLa + 001d2 e9 9a 00 00 00 jmp $LN13@NcCreateLa $LN12@NcCreateLa: -; 266 : else -; 267 : { -; 268 : NcInsertLinkBefore(JmpPos, new NATIVE_CODE_LINK(CurrentLabelId, Block)); +; 267 : else +; 268 : { +; 269 : NcInsertLinkBefore(JmpPos, new NATIVE_CODE_LINK(CurrentLabelId, Block)); - 001cb b9 10 01 00 00 mov ecx, 272 ; 00000110H - 001d0 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new - 001d5 48 89 85 08 02 + 001d7 b9 10 01 00 00 mov ecx, 272 ; 00000110H + 001dc e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new + 001e1 48 89 85 08 02 00 00 mov QWORD PTR $T13[rbp], rax - 001dc 48 83 bd 08 02 + 001e8 48 83 bd 08 02 00 00 00 cmp QWORD PTR $T13[rbp], 0 - 001e4 74 1f je SHORT $LN15@NcCreateLa - 001e6 4c 8b 85 50 02 + 001f0 74 1f je SHORT $LN15@NcCreateLa + 001f2 4c 8b 85 50 02 00 00 mov r8, QWORD PTR Block$[rbp] - 001ed 8b 55 04 mov edx, DWORD PTR CurrentLabelId$[rbp] - 001f0 48 8b 8d 08 02 + 001f9 8b 55 04 mov edx, DWORD PTR CurrentLabelId$[rbp] + 001fc 48 8b 8d 08 02 00 00 mov rcx, QWORD PTR $T13[rbp] - 001f7 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAU_NATIVE_CODE_BLOCK@@@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK - 001fc 48 89 85 18 02 - 00 00 mov QWORD PTR tv157[rbp], rax - 00203 eb 0b jmp SHORT $LN16@NcCreateLa + 00203 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAU_NATIVE_CODE_BLOCK@@@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK + 00208 48 89 85 18 02 + 00 00 mov QWORD PTR tv158[rbp], rax + 0020f eb 0b jmp SHORT $LN16@NcCreateLa $LN15@NcCreateLa: - 00205 48 c7 85 18 02 + 00211 48 c7 85 18 02 00 00 00 00 00 - 00 mov QWORD PTR tv157[rbp], 0 + 00 mov QWORD PTR tv158[rbp], 0 $LN16@NcCreateLa: - 00210 48 8b 85 18 02 - 00 00 mov rax, QWORD PTR tv157[rbp] - 00217 48 89 85 e8 01 + 0021c 48 8b 85 18 02 + 00 00 mov rax, QWORD PTR tv158[rbp] + 00223 48 89 85 e8 01 00 00 mov QWORD PTR $T12[rbp], rax - 0021e 48 8b 95 e8 01 + 0022a 48 8b 95 e8 01 00 00 mov rdx, QWORD PTR $T12[rbp] - 00225 48 8b 8d 08 01 + 00231 48 8b 8d 08 01 00 00 mov rcx, QWORD PTR JmpPos$11[rbp] - 0022c e8 00 00 00 00 call ?NcInsertLinkBefore@@YAXPEAU_NATIVE_CODE_LINK@@0@Z ; NcInsertLinkBefore + 00238 e8 00 00 00 00 call ?NcInsertLinkBefore@@YAXPEAU_NATIVE_CODE_LINK@@0@Z ; NcInsertLinkBefore -; 269 : Block->LabelIds.push_back(CurrentLabelId); +; 270 : Block->LabelIds.push_back(CurrentLabelId); - 00231 48 8b 85 50 02 + 0023d 48 8b 85 50 02 00 00 mov rax, QWORD PTR Block$[rbp] - 00238 48 83 c0 10 add rax, 16 - 0023c 48 89 85 18 02 - 00 00 mov QWORD PTR tv163[rbp], rax - 00243 48 8d 55 04 lea rdx, QWORD PTR CurrentLabelId$[rbp] - 00247 48 8b 8d 18 02 - 00 00 mov rcx, QWORD PTR tv163[rbp] - 0024e e8 00 00 00 00 call ?push_back@?$vector@KV?$allocator@K@std@@@std@@QEAAXAEBK@Z ; std::vector >::push_back + 00244 48 83 c0 10 add rax, 16 + 00248 48 89 85 18 02 + 00 00 mov QWORD PTR tv164[rbp], rax + 0024f 48 8d 55 04 lea rdx, QWORD PTR CurrentLabelId$[rbp] + 00253 48 8b 8d 18 02 + 00 00 mov rcx, QWORD PTR tv164[rbp] + 0025a e8 00 00 00 00 call ?push_back@?$vector@KV?$allocator@K@std@@@std@@QEAAXAEBK@Z ; std::vector >::push_back -; 270 : T->Label = CurrentLabelId; +; 271 : T->Label = CurrentLabelId; - 00253 48 8b 45 28 mov rax, QWORD PTR T$4[rbp] - 00257 8b 4d 04 mov ecx, DWORD PTR CurrentLabelId$[rbp] - 0025a 89 48 1c mov DWORD PTR [rax+28], ecx + 0025f 48 8b 45 28 mov rax, QWORD PTR T$4[rbp] + 00263 8b 4d 04 mov ecx, DWORD PTR CurrentLabelId$[rbp] + 00266 89 48 1c mov DWORD PTR [rax+28], ecx -; 271 : ++CurrentLabelId; +; 272 : ++CurrentLabelId; - 0025d 8b 45 04 mov eax, DWORD PTR CurrentLabelId$[rbp] - 00260 ff c0 inc eax - 00262 89 45 04 mov DWORD PTR CurrentLabelId$[rbp], eax + 00269 8b 45 04 mov eax, DWORD PTR CurrentLabelId$[rbp] + 0026c ff c0 inc eax + 0026e 89 45 04 mov DWORD PTR CurrentLabelId$[rbp], eax $LN13@NcCreateLa: -; 272 : } -; 273 : T->Flags |= CODE_FLAG_IS_REL_JMP; +; 273 : } +; 274 : T->Flags |= CODE_FLAG_IS_REL_JMP; - 00265 48 8b 45 28 mov rax, QWORD PTR T$4[rbp] - 00269 8b 40 18 mov eax, DWORD PTR [rax+24] - 0026c 83 c8 02 or eax, 2 - 0026f 48 8b 4d 28 mov rcx, QWORD PTR T$4[rbp] - 00273 89 41 18 mov DWORD PTR [rcx+24], eax + 00271 48 8b 45 28 mov rax, QWORD PTR T$4[rbp] + 00275 8b 40 18 mov eax, DWORD PTR [rax+24] + 00278 83 c8 02 or eax, 2 + 0027b 48 8b 4d 28 mov rcx, QWORD PTR T$4[rbp] + 0027f 89 41 18 mov DWORD PTR [rcx+24], eax -; 274 : } +; 275 : } - 00276 e9 e3 fd ff ff jmp $LN2@NcCreateLa + 00282 e9 d7 fd ff ff jmp $LN2@NcCreateLa $LN3@NcCreateLa: -; 275 : return TRUE; +; 276 : return TRUE; - 0027b b8 01 00 00 00 mov eax, 1 + 00287 b8 01 00 00 00 mov eax, 1 $LN1@NcCreateLa: -; 276 : } +; 277 : } - 00280 48 8b f8 mov rdi, rax - 00283 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] - 00287 48 8d 15 00 00 + 0028c 48 8b f8 mov rdi, rax + 0028f 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32] + 00293 48 8d 15 00 00 00 00 lea rdx, OFFSET FLAT:?NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcFrameData - 0028e e8 00 00 00 00 call _RTC_CheckStackVars - 00293 48 8b c7 mov rax, rdi - 00296 48 8b 8d 20 02 + 0029a e8 00 00 00 00 call _RTC_CheckStackVars + 0029f 48 8b c7 mov rax, rdi + 002a2 48 8b 8d 20 02 00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp] - 0029d 48 33 cd xor rcx, rbp - 002a0 e8 00 00 00 00 call __security_check_cookie - 002a5 48 8d a5 38 02 + 002a9 48 33 cd xor rcx, rbp + 002ac e8 00 00 00 00 call __security_check_cookie + 002b1 48 8d a5 38 02 00 00 lea rsp, QWORD PTR [rbp+568] - 002ac 5f pop rdi - 002ad 5d pop rbp - 002ae c3 ret 0 + 002b8 5f pop rdi + 002b9 5d pop rbp + 002ba c3 ret 0 ?NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ENDP ; NcCreateLabels _TEXT ENDS ; COMDAT text$x @@ -15507,8 +15524,8 @@ BranchDisplacement$10 = 228 JmpPos$11 = 264 $T12 = 488 $T13 = 520 -tv163 = 536 -tv157 = 536 +tv164 = 536 +tv158 = 536 __$ArrayPad$ = 544 Block$ = 592 ?dtor$0@?0??NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `NcCreateLabels'::`1'::dtor$0 @@ -15542,8 +15559,8 @@ BranchDisplacement$10 = 228 JmpPos$11 = 264 $T12 = 488 $T13 = 520 -tv163 = 536 -tv157 = 536 +tv164 = 536 +tv158 = 536 __$ArrayPad$ = 544 Block$ = 592 ?dtor$0@?0??NcCreateLabels@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `NcCreateLabels'::`1'::dtor$0 diff --git a/CodeVirtualizer/x64/Debug/Nop.cod b/CodeVirtualizer/x64/Debug/Nop.cod index 34dacb9..babda69 100644 --- a/CodeVirtualizer/x64/Debug/Nop.cod +++ b/CodeVirtualizer/x64/Debug/Nop.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H diff --git a/CodeVirtualizer/x64/Debug/Obfuscator.cod b/CodeVirtualizer/x64/Debug/Obfuscator.cod index 2cd640b..9e30c1a 100644 --- a/CodeVirtualizer/x64/Debug/Obfuscator.cod +++ b/CodeVirtualizer/x64/Debug/Obfuscator.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H @@ -5142,7 +5143,8 @@ $LN5@ObfMutateI: 000e3 e8 00 00 00 00 call ?JitEmitPostRipMov@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@H@Z ; JitEmitPostRipMov 000e8 48 89 45 68 mov QWORD PTR PostOp$4[rbp], rax -; 97 : PreOp->Start->Flags |= CODE_FLAG_GROUP_START; +; 97 : +; 98 : PreOp->Start->Flags |= CODE_FLAG_GROUP_START; 000ec 48 8b 45 48 mov rax, QWORD PTR PreOp$3[rbp] 000f0 48 8b 00 mov rax, QWORD PTR [rax] @@ -5152,7 +5154,7 @@ $LN5@ObfMutateI: 000fd 48 8b 09 mov rcx, QWORD PTR [rcx] 00100 89 41 18 mov DWORD PTR [rcx+24], eax -; 98 : PostOp->End->Flags |= CODE_FLAG_GROUP_END; +; 99 : PostOp->End->Flags |= CODE_FLAG_GROUP_END; 00103 48 8b 45 68 mov rax, QWORD PTR PostOp$4[rbp] 00107 48 8b 40 08 mov rax, QWORD PTR [rax+8] @@ -5162,7 +5164,7 @@ $LN5@ObfMutateI: 00115 48 8b 49 08 mov rcx, QWORD PTR [rcx+8] 00119 89 41 18 mov DWORD PTR [rcx+24], eax -; 99 : T->Flags |= CODE_FLAG_DO_NOT_DIVIDE; +; 100 : T->Flags |= CODE_FLAG_DO_NOT_DIVIDE; 0011c 48 8b 45 08 mov rax, QWORD PTR T$1[rbp] 00120 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -5170,7 +5172,7 @@ $LN5@ObfMutateI: 00126 48 8b 4d 08 mov rcx, QWORD PTR T$1[rbp] 0012a 89 41 18 mov DWORD PTR [rcx+24], eax -; 100 : T->Flags |= CODE_FLAG_HAS_ASM_OP; +; 101 : T->Flags |= CODE_FLAG_HAS_ASM_OP; 0012d 48 8b 45 08 mov rax, QWORD PTR T$1[rbp] 00131 8b 40 18 mov eax, DWORD PTR [rax+24] @@ -5178,7 +5180,7 @@ $LN5@ObfMutateI: 00137 48 8b 4d 08 mov rcx, QWORD PTR T$1[rbp] 0013b 89 41 18 mov DWORD PTR [rcx+24], eax -; 101 : T->AsmOperations.emplace_back((FN_INST_ASM_OP)ObfiRandomizeInstruction, (PVOID)NULL); +; 102 : T->AsmOperations.emplace_back((FN_INST_ASM_OP)ObfiRandomizeInstruction, (PVOID)NULL); 0013e 48 8b 45 08 mov rax, QWORD PTR T$1[rbp] 00142 48 05 f0 00 00 @@ -5200,23 +5202,23 @@ $LN5@ObfMutateI: 00 00 mov rcx, QWORD PTR tv144[rbp] 0017d e8 00 00 00 00 call ??$emplace_back@P6AHPEAU_NATIVE_CODE_LINK@@PEAEPEAX@ZPEAX@?$vector@U?$pair@P6AHPEAU_NATIVE_CODE_LINK@@PEAEPEAX@ZPEAX@std@@V?$allocator@U?$pair@P6AHPEAU_NATIVE_CODE_LINK@@PEAEPEAX@ZPEAX@std@@@2@@std@@QEAA@$$QEAP6AHPEAU_NATIVE_CODE_LINK@@PEAEPEAX@Z$$QEAPEAX@Z ; std::vector,std::allocator > >::emplace_back -; 102 : -; 103 : NcInsertBlockBefore(T, PreOp, FALSE); +; 103 : +; 104 : NcInsertBlockBefore(T, PreOp, FALSE); 00182 45 33 c0 xor r8d, r8d 00185 48 8b 55 48 mov rdx, QWORD PTR PreOp$3[rbp] 00189 48 8b 4d 08 mov rcx, QWORD PTR T$1[rbp] 0018d e8 00 00 00 00 call ?NcInsertBlockBefore@@YAHPEAU_NATIVE_CODE_LINK@@PEAU_NATIVE_CODE_BLOCK@@H@Z ; NcInsertBlockBefore -; 104 : NcInsertBlockAfter(T, PostOp, FALSE); +; 105 : NcInsertBlockAfter(T, PostOp, FALSE); 00192 45 33 c0 xor r8d, r8d 00195 48 8b 55 68 mov rdx, QWORD PTR PostOp$4[rbp] 00199 48 8b 4d 08 mov rcx, QWORD PTR T$1[rbp] 0019d e8 00 00 00 00 call ?NcInsertBlockAfter@@YAHPEAU_NATIVE_CODE_LINK@@PEAU_NATIVE_CODE_BLOCK@@H@Z ; NcInsertBlockAfter -; 105 : -; 106 : if (T == Block->End) +; 106 : +; 107 : if (T == Block->End) 001a2 48 8b 85 e8 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -5224,7 +5226,7 @@ $LN5@ObfMutateI: 001ad 48 39 45 08 cmp QWORD PTR T$1[rbp], rax 001b1 75 13 jne SHORT $LN8@ObfMutateI -; 107 : Block->End = PostOp->End; +; 108 : Block->End = PostOp->End; 001b3 48 8b 85 e8 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -5233,7 +5235,7 @@ $LN5@ObfMutateI: 001c2 48 89 48 08 mov QWORD PTR [rax+8], rcx $LN8@ObfMutateI: -; 108 : if (T == Block->Start) +; 109 : if (T == Block->Start) 001c6 48 8b 85 e8 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -5241,7 +5243,7 @@ $LN8@ObfMutateI: 001d0 48 39 45 08 cmp QWORD PTR T$1[rbp], rax 001d4 75 11 jne SHORT $LN9@ObfMutateI -; 109 : Block->Start = PreOp->Start; +; 110 : Block->Start = PreOp->Start; 001d6 48 8b 85 e8 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -5250,8 +5252,8 @@ $LN8@ObfMutateI: 001e4 48 89 08 mov QWORD PTR [rax], rcx $LN9@ObfMutateI: -; 110 : -; 111 : if (Block->Start == T) +; 111 : +; 112 : if (Block->Start == T) 001e7 48 8b 85 e8 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -5259,7 +5261,7 @@ $LN9@ObfMutateI: 001f2 48 39 08 cmp QWORD PTR [rax], rcx 001f5 75 11 jne SHORT $LN10@ObfMutateI -; 112 : Block->Start = PreOp->Start; +; 113 : Block->Start = PreOp->Start; 001f7 48 8b 85 e8 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -5268,7 +5270,7 @@ $LN9@ObfMutateI: 00205 48 89 08 mov QWORD PTR [rax], rcx $LN10@ObfMutateI: -; 113 : if (Block->End == T) +; 114 : if (Block->End == T) 00208 48 8b 85 e8 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -5276,7 +5278,7 @@ $LN10@ObfMutateI: 00213 48 39 48 08 cmp QWORD PTR [rax+8], rcx 00217 75 13 jne SHORT $LN11@ObfMutateI -; 114 : Block->End = PostOp->End; +; 115 : Block->End = PostOp->End; 00219 48 8b 85 e8 01 00 00 mov rax, QWORD PTR Block$[rbp] @@ -5285,8 +5287,8 @@ $LN10@ObfMutateI: 00228 48 89 48 08 mov QWORD PTR [rax+8], rcx $LN11@ObfMutateI: -; 115 : -; 116 : delete PreOp; +; 116 : +; 117 : delete PreOp; 0022c 48 8b 45 48 mov rax, QWORD PTR PreOp$3[rbp] 00230 48 89 85 88 01 @@ -5307,7 +5309,7 @@ $LN13@ObfMutateI: 00 mov QWORD PTR tv170[rbp], 0 $LN14@ObfMutateI: -; 117 : delete PostOp; +; 118 : delete PostOp; 00266 48 8b 45 68 mov rax, QWORD PTR PostOp$4[rbp] 0026a 48 89 85 a8 01 @@ -5329,19 +5331,19 @@ $LN15@ObfMutateI: $LN16@ObfMutateI: $LN7@ObfMutateI: -; 118 : } -; 119 : -; 120 : T = RealNext; +; 119 : } +; 120 : +; 121 : T = RealNext; 002a0 48 8b 45 28 mov rax, QWORD PTR RealNext$2[rbp] 002a4 48 89 45 08 mov QWORD PTR T$1[rbp], rax -; 121 : } +; 122 : } 002a8 e9 9c fd ff ff jmp $LN2@ObfMutateI $LN3@ObfMutateI: -; 122 : } +; 123 : } 002ad 48 8d a5 c8 01 00 00 lea rsp, QWORD PTR [rbp+456] diff --git a/CodeVirtualizer/x64/Debug/OpaqueBranching.cod b/CodeVirtualizer/x64/Debug/OpaqueBranching.cod index 2a986b3..4ad66ba 100644 --- a/CodeVirtualizer/x64/Debug/OpaqueBranching.cod +++ b/CodeVirtualizer/x64/Debug/OpaqueBranching.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H diff --git a/CodeVirtualizer/x64/Debug/RipAndInst.cod b/CodeVirtualizer/x64/Debug/RipAndInst.cod index 75b17e6..7b25806 100644 --- a/CodeVirtualizer/x64/Debug/RipAndInst.cod +++ b/CodeVirtualizer/x64/Debug/RipAndInst.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H diff --git a/CodeVirtualizer/x64/Debug/RipMovInst.cod b/CodeVirtualizer/x64/Debug/RipMovInst.cod index 965d0a6..15a830c 100644 --- a/CodeVirtualizer/x64/Debug/RipMovInst.cod +++ b/CodeVirtualizer/x64/Debug/RipMovInst.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H diff --git a/CodeVirtualizer/x64/Debug/RipOrInst.cod b/CodeVirtualizer/x64/Debug/RipOrInst.cod index 32dab91..69a5d22 100644 --- a/CodeVirtualizer/x64/Debug/RipOrInst.cod +++ b/CodeVirtualizer/x64/Debug/RipOrInst.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H diff --git a/CodeVirtualizer/x64/Debug/RipXorInst.cod b/CodeVirtualizer/x64/Debug/RipXorInst.cod index 4048997..f921816 100644 --- a/CodeVirtualizer/x64/Debug/RipXorInst.cod +++ b/CodeVirtualizer/x64/Debug/RipXorInst.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H diff --git a/CodeVirtualizer/x64/Debug/VirtualMachine.cod b/CodeVirtualizer/x64/Debug/VirtualMachine.cod index cec3ca3..619a034 100644 --- a/CodeVirtualizer/x64/Debug/VirtualMachine.cod +++ b/CodeVirtualizer/x64/Debug/VirtualMachine.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H diff --git a/CodeVirtualizer/x64/Debug/Virtualizer.cod b/CodeVirtualizer/x64/Debug/Virtualizer.cod index fdee2fa..cfeaee7 100644 --- a/CodeVirtualizer/x64/Debug/Virtualizer.cod +++ b/CodeVirtualizer/x64/Debug/Virtualizer.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H diff --git a/CodeVirtualizer/x64/Debug/VmCode.cod b/CodeVirtualizer/x64/Debug/VmCode.cod index ce1c7a5..45b438a 100644 --- a/CodeVirtualizer/x64/Debug/VmCode.cod +++ b/CodeVirtualizer/x64/Debug/VmCode.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __FA675702_VmCode@h DB 01H __B456BB99_VmCode@cpp DB 01H __7EA464AF_istream DB 01H diff --git a/CodeVirtualizer/x64/Debug/XedWrap.cod b/CodeVirtualizer/x64/Debug/XedWrap.cod index 86565e7..537e2e6 100644 --- a/CodeVirtualizer/x64/Debug/XedWrap.cod +++ b/CodeVirtualizer/x64/Debug/XedWrap.cod @@ -64,6 +64,7 @@ __165C22CB_ios DB 01H __BB81F87E_xlocmon DB 01H __A0B61CF9_time@h DB 01H __886F7F70_xloctime DB 01H +__0ED96A82_algorithm DB 01H __296E625F_xed-util@h DB 01H __642E1CAE_xed-iform-map@h DB 01H __5ABB6AAF_xed-inst@h DB 01H