massive bug in generating jccs

main
James 3 years ago
parent 0b45e5993b
commit 90a967dc01

@ -73,11 +73,17 @@ int main()
NcDisassemble(&Block, meme1, sizeof(meme1));
OBFUSCATOR Obf;
Obf.Flags = 0;
Obf.MinInstCount = 3;
Obf.MinInstCount = 12;
Obf.GlobalBlock = &Block;
ObfObfuscate(&Obf, &Block);
Obf.MinInstCount = 4;
ObfObfuscate(&Obf, &Block);
//NcDebugPrint(&Block);
NcDebugPrint(&Block);
ULONG ByteSize = NcCalcBlockSizeInBytes(&Block);
ULONG InstSize = NcCountInstructions(&Block);
printf("Bytes: %u, Insts: %u, FlagsMeme: %u.\n", ByteSize, InstSize, Obf.Flags);
ULONG AsmSize;
PVOID Asm = NcAssemble(&Block, &AsmSize);

@ -6,6 +6,7 @@
VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
{
ULONG InstructionCount = NcCountInstructions(Block);
printf("RECIEVED INSTRUCTION COUNT: %u\n", InstructionCount);
if (InstructionCount <= Obf->MinInstCount)
{
@ -15,7 +16,8 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
ULONG TargetCount = InstructionCount / 2;
ULONG CurrentCount = 0;
PNATIVE_CODE_LINK NewBlockStart = Block->Start;
for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
PNATIVE_CODE_LINK RealEnd = Block->End->Next;
for (PNATIVE_CODE_LINK T = Block->Start; T && T != RealEnd;)
{
if (T->Flags & CODE_FLAG_IS_LABEL)
{
@ -31,7 +33,11 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken);
ObfObfuscate(Obf, &NotTaken);
ObfObfuscate(Obf, &Taken);
ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
if (!ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock)))
{
printf("FAILED TO COMBINE BRANCHES.\n");
system("pause");
}
ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken);
T = NotTaken.End;
NewBlockStart = T->Next;

@ -2,7 +2,7 @@
XED_ICLASS_ENUM ObfGetRandomJccClass()
{
switch (rand() % 15)
switch (rand() % 14)
{
case 0: return XED_ICLASS_JL;
case 1: return XED_ICLASS_JLE;
@ -16,7 +16,6 @@ XED_ICLASS_ENUM ObfGetRandomJccClass()
case 9: return XED_ICLASS_JNZ;
case 10: return XED_ICLASS_JO;
case 11: return XED_ICLASS_JP;
case 12: return XED_ICLASS_JRCXZ;
case 13: return XED_ICLASS_JS;
case 14: return XED_ICLASS_JZ;
}

@ -384,6 +384,7 @@ PUBLIC ??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@ ; std::basic_filebuf
PUBLIC ??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@ ; std::basic_ofstream<char,std::char_traits<char> >::`vftable'
PUBLIC ??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@ ; std::basic_ofstream<char,std::char_traits<char> >::`vbtable'
PUBLIC ??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@ ; `string'
PUBLIC ??_C@_0CG@GOOMLDF@Bytes?3?5?$CFu?0?5Insts?3?5?$CFu?0?5FlagsMeme@ ; `string'
PUBLIC ??_C@_0BK@MMBIMAKC@numba?5is?3?5?$CFu?5size?5is?5?$CFu?6?6@ ; `string'
PUBLIC ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ ; `string'
PUBLIC ??_C@_0GI@GFIDMGHH@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string'
@ -529,8 +530,11 @@ EXTRN ?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z:PROC ; std::_Fiopen
EXTRN __imp__time64:PROC
EXTRN xed_tables_init:PROC
EXTRN ??0_NATIVE_CODE_BLOCK@@QEAA@XZ:PROC ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK
EXTRN ?NcCountInstructions@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; NcCountInstructions
EXTRN ?NcCalcBlockSizeInBytes@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; NcCalcBlockSizeInBytes
EXTRN ?NcDisassemble@@YAHPEAU_NATIVE_CODE_BLOCK@@PEAXK@Z:PROC ; NcDisassemble
EXTRN ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z:PROC ; NcAssemble
EXTRN ?NcDebugPrint@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; NcDebugPrint
EXTRN ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; ObfObfuscate
EXTRN ??_E?$basic_filebuf@DU?$char_traits@D@std@@@std@@UEAAPEAXI@Z:PROC ; std::basic_filebuf<char,std::char_traits<char> >::`vector deleting destructor'
EXTRN ??_E?$basic_ofstream@DU?$char_traits@D@std@@@std@@UEAAPEAXI@Z:PROC ; std::basic_ofstream<char,std::char_traits<char> >::`vector deleting destructor'
@ -1366,7 +1370,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$main DD imagerel $LN4
DD imagerel $LN4+331
DD imagerel $LN4+406
DD imagerel $unwind$main
pdata ENDS
; COMDAT pdata
@ -2110,6 +2114,11 @@ CONST SEGMENT
??_C@_0BK@MMBIMAKC@numba?5is?3?5?$CFu?5size?5is?5?$CFu?6?6@ DB 'numba is:'
DB ' %u size is %u', 0aH, 0aH, 00H ; `string'
CONST ENDS
; COMDAT ??_C@_0CG@GOOMLDF@Bytes?3?5?$CFu?0?5Insts?3?5?$CFu?0?5FlagsMeme@
CONST SEGMENT
??_C@_0CG@GOOMLDF@Bytes?3?5?$CFu?0?5Insts?3?5?$CFu?0?5FlagsMeme@ DB 'Byte'
DB 's: %u, Insts: %u, FlagsMeme: %u.', 0aH, 00H ; `string'
CONST ENDS
; COMDAT ??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@
CONST SEGMENT
??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@ DB 'C:\Users\Ii'
@ -3093,7 +3102,7 @@ $ip2state$main DB 06H
DB 00H
DB 0b2H
DB 02H
DB 0e9H, 02H
DB 015H, 04H
DB 00H
xdata ENDS
; COMDAT xdata
@ -3112,11 +3121,11 @@ xdata ENDS
xdata SEGMENT
$unwind$main DD 025052f19H
DD 010a230fH
DD 07003003bH
DD 070030043H
DD 05002H
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$main
DD 01c2H
DD 0202H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -3141,7 +3150,7 @@ main$rtcName$2 DB 041H
DB 065H
DB 00H
ORG $+8
main$rtcVarDesc DD 0a4H
main$rtcVarDesc DD 0e4H
DD 04H
DQ FLAT:main$rtcName$2
DD 078H
@ -7895,12 +7904,14 @@ text$x ENDS
_TEXT SEGMENT
Block$ = 8
Obf$ = 88
AsmSize$ = 132
Asm$ = 168
Exec$ = 200
tv92 = 404
tv90 = 408
__$ArrayPad$ = 416
ByteSize$ = 132
InstSize$ = 164
AsmSize$ = 196
Asm$ = 232
Exec$ = 264
tv133 = 468
tv131 = 472
__$ArrayPad$ = 480
main PROC ; COMDAT
; 68 : {
@ -7908,17 +7919,17 @@ main PROC ; COMDAT
$LN4:
00000 40 55 push rbp
00002 57 push rdi
00003 48 81 ec d8 01
00 00 sub rsp, 472 ; 000001d8H
00003 48 81 ec 18 02
00 00 sub rsp, 536 ; 00000218H
0000a 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
0000f 48 8b fc mov rdi, rsp
00012 b9 76 00 00 00 mov ecx, 118 ; 00000076H
00012 b9 86 00 00 00 mov ecx, 134 ; 00000086H
00017 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
0001c f3 ab rep stosd
0001e 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
00025 48 33 c5 xor rax, rbp
00028 48 89 85 a0 01
00028 48 89 85 e0 01
00 00 mov QWORD PTR __$ArrayPad$[rbp], rax
0002f 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:__4031338C_Main@cpp
@ -7958,10 +7969,10 @@ $LN4:
0006f c7 45 5c 00 00
00 00 mov DWORD PTR Obf$[rbp+4], 0
; 76 : Obf.MinInstCount = 3;
; 76 : Obf.MinInstCount = 12;
00076 c7 45 58 03 00
00 00 mov DWORD PTR Obf$[rbp], 3
00076 c7 45 58 0c 00
00 00 mov DWORD PTR Obf$[rbp], 12
; 77 : Obf.GlobalBlock = &Block;
@ -7974,192 +7985,230 @@ $LN4:
00089 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp]
0008d e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate
; 79 : ObfObfuscate(&Obf, &Block);
; 79 : Obf.MinInstCount = 4;
00092 48 8d 55 08 lea rdx, QWORD PTR Block$[rbp]
00096 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp]
0009a e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate
00092 c7 45 58 04 00
00 00 mov DWORD PTR Obf$[rbp], 4
; 80 : //NcDebugPrint(&Block);
; 81 :
; 82 : ULONG AsmSize;
; 83 : PVOID Asm = NcAssemble(&Block, &AsmSize);
; 80 : ObfObfuscate(&Obf, &Block);
00099 48 8d 55 08 lea rdx, QWORD PTR Block$[rbp]
0009d 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp]
000a1 e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate
; 81 : NcDebugPrint(&Block);
0009f 48 8d 95 84 00
00 00 lea rdx, QWORD PTR AsmSize$[rbp]
000a6 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp]
000aa e8 00 00 00 00 call ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z ; NcAssemble
000af 48 89 85 a8 00
000aa e8 00 00 00 00 call ?NcDebugPrint@@YAXPEAU_NATIVE_CODE_BLOCK@@@Z ; NcDebugPrint
; 82 :
; 83 : ULONG ByteSize = NcCalcBlockSizeInBytes(&Block);
000af 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp]
000b3 e8 00 00 00 00 call ?NcCalcBlockSizeInBytes@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcCalcBlockSizeInBytes
000b8 89 85 84 00 00
00 mov DWORD PTR ByteSize$[rbp], eax
; 84 : ULONG InstSize = NcCountInstructions(&Block);
000be 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp]
000c2 e8 00 00 00 00 call ?NcCountInstructions@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcCountInstructions
000c7 89 85 a4 00 00
00 mov DWORD PTR InstSize$[rbp], eax
; 85 :
; 86 : printf("Bytes: %u, Insts: %u, FlagsMeme: %u.\n", ByteSize, InstSize, Obf.Flags);
000cd 44 8b 4d 5c mov r9d, DWORD PTR Obf$[rbp+4]
000d1 44 8b 85 a4 00
00 00 mov r8d, DWORD PTR InstSize$[rbp]
000d8 8b 95 84 00 00
00 mov edx, DWORD PTR ByteSize$[rbp]
000de 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:??_C@_0CG@GOOMLDF@Bytes?3?5?$CFu?0?5Insts?3?5?$CFu?0?5FlagsMeme@
000e5 e8 00 00 00 00 call printf
; 87 :
; 88 : ULONG AsmSize;
; 89 : PVOID Asm = NcAssemble(&Block, &AsmSize);
000ea 48 8d 95 c4 00
00 00 lea rdx, QWORD PTR AsmSize$[rbp]
000f1 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp]
000f5 e8 00 00 00 00 call ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z ; NcAssemble
000fa 48 89 85 e8 00
00 00 mov QWORD PTR Asm$[rbp], rax
; 84 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
; 90 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
000b6 8b 95 84 00 00
00101 8b 95 c4 00 00
00 mov edx, DWORD PTR AsmSize$[rbp]
000bc 48 8b 8d a8 00
00107 48 8b 8d e8 00
00 00 mov rcx, QWORD PTR Asm$[rbp]
000c3 e8 00 00 00 00 call ?MakeExecutableBuffer@@YAPEAXPEAXK@Z ; MakeExecutableBuffer
000c8 48 89 85 c8 00
0010e e8 00 00 00 00 call ?MakeExecutableBuffer@@YAPEAXPEAXK@Z ; MakeExecutableBuffer
00113 48 89 85 08 01
00 00 mov QWORD PTR Exec$[rbp], rax
; 85 : typedef ULONG(*FnGetFour)();
; 86 : printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize);
; 91 : typedef ULONG(*FnGetFour)();
; 92 : printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize);
000cf 8b 85 84 00 00
0011a 8b 85 c4 00 00
00 mov eax, DWORD PTR AsmSize$[rbp]
000d5 89 85 94 01 00
00 mov DWORD PTR tv92[rbp], eax
000db ff 95 c8 00 00
00120 89 85 d4 01 00
00 mov DWORD PTR tv133[rbp], eax
00126 ff 95 08 01 00
00 call QWORD PTR Exec$[rbp]
000e1 89 85 98 01 00
00 mov DWORD PTR tv90[rbp], eax
000e7 44 8b 85 94 01
00 00 mov r8d, DWORD PTR tv92[rbp]
000ee 8b 95 98 01 00
00 mov edx, DWORD PTR tv90[rbp]
000f4 48 8d 0d 00 00
0012c 89 85 d8 01 00
00 mov DWORD PTR tv131[rbp], eax
00132 44 8b 85 d4 01
00 00 mov r8d, DWORD PTR tv133[rbp]
00139 8b 95 d8 01 00
00 mov edx, DWORD PTR tv131[rbp]
0013f 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:??_C@_0BK@MMBIMAKC@numba?5is?3?5?$CFu?5size?5is?5?$CFu?6?6@
000fb e8 00 00 00 00 call printf
00146 e8 00 00 00 00 call printf
; 87 : PutToFile(Asm, AsmSize);
; 93 : PutToFile(Asm, AsmSize);
00100 8b 95 84 00 00
0014b 8b 95 c4 00 00
00 mov edx, DWORD PTR AsmSize$[rbp]
00106 48 8b 8d a8 00
00151 48 8b 8d e8 00
00 00 mov rcx, QWORD PTR Asm$[rbp]
0010d e8 00 00 00 00 call ?PutToFile@@YAXPEAXK@Z ; PutToFile
00112 90 npad 1
; 88 :
; 89 :
; 90 : //PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
; 91 : //PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2));
; 92 : //PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776);
; 93 : //PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776);
; 94 : //PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst);
; 95 : //PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst);
; 96 :
; 97 : //NcAppendToBlock(Pre1, Return1776);
; 98 : //NcInsertBlockAfter(Pre1->End, Post1, 0);
; 99 : //Pre1->End = Post1->End;
; 100 : //NcInsertBlockAfter(Pre1->End, Pre2, 0);
; 101 : //Pre1->End = Pre2->End;
; 102 : //NcAppendToBlock(Pre1, RetInst);
; 103 : //NcInsertBlockAfter(Pre1->End, Post2, 0);
; 104 : //Pre1->End = Post2->End;
; 105 :
; 106 : ///*Pre->Start = Return1776;
; 107 : //Pre->End = Return1776;*/
; 108 :
; 109 : //for (ULONG i = 0; i < Return1776->RawDataSize; i++)
; 110 : // Return1776->RawData[i] = (UCHAR)rand();
; 111 : //for (ULONG i = 0; i < RetInst->RawDataSize; i++)
; 112 : // RetInst->RawData[i] = (UCHAR)rand();
; 113 :
00158 e8 00 00 00 00 call ?PutToFile@@YAXPEAXK@Z ; PutToFile
0015d 90 npad 1
; 94 :
; 95 :
; 96 : //PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
; 97 : //PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2));
; 98 : //PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776);
; 99 : //PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776);
; 100 : //PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst);
; 101 : //PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst);
; 102 :
; 103 : //NcAppendToBlock(Pre1, Return1776);
; 104 : //NcInsertBlockAfter(Pre1->End, Post1, 0);
; 105 : //Pre1->End = Post1->End;
; 106 : //NcInsertBlockAfter(Pre1->End, Pre2, 0);
; 107 : //Pre1->End = Pre2->End;
; 108 : //NcAppendToBlock(Pre1, RetInst);
; 109 : //NcInsertBlockAfter(Pre1->End, Post2, 0);
; 110 : //Pre1->End = Post2->End;
; 111 :
; 112 : ///*Pre->Start = Return1776;
; 113 : //Pre->End = Return1776;*/
; 114 :
; 115 :
; 116 : //ULONG AsmLen;
; 117 : //PVOID Asm = NcAssemble(Pre1, &AsmLen);
; 118 : //PUCHAR Tb = (PUCHAR)Asm;
; 119 : //for (uint32_t i = 0; i < AsmLen; i++)
; 120 : //{
; 121 : // std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
; 122 : //}
; 123 :
; 124 : //system("pause");
; 125 :
; 126 : //typedef ULONG64(*FnGet1776)();
; 127 : //FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen);
; 128 : //if (ExecBuffer)
; 129 : //{
; 130 : // printf("The numba was: %X\n", ExecBuffer());
; 131 : // printf("The numba was: %X\n", ExecBuffer());
; 132 :
; 133 : // printf("The numba was: %X\n", ExecBuffer());
; 134 :
; 135 : // printf("The numba was: %X\n", ExecBuffer());
; 136 :
; 137 : //}
; 115 : //for (ULONG i = 0; i < Return1776->RawDataSize; i++)
; 116 : // Return1776->RawData[i] = (UCHAR)rand();
; 117 : //for (ULONG i = 0; i < RetInst->RawDataSize; i++)
; 118 : // RetInst->RawData[i] = (UCHAR)rand();
; 119 :
; 120 :
; 121 :
; 122 : //ULONG AsmLen;
; 123 : //PVOID Asm = NcAssemble(Pre1, &AsmLen);
; 124 : //PUCHAR Tb = (PUCHAR)Asm;
; 125 : //for (uint32_t i = 0; i < AsmLen; i++)
; 126 : //{
; 127 : // std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
; 128 : //}
; 129 :
; 130 : //system("pause");
; 131 :
; 132 : //typedef ULONG64(*FnGet1776)();
; 133 : //FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen);
; 134 : //if (ExecBuffer)
; 135 : //{
; 136 : // printf("The numba was: %X\n", ExecBuffer());
; 137 : // printf("The numba was: %X\n", ExecBuffer());
; 138 :
; 139 :
; 140 : //NcDebugPrint(Post);
; 141 :
; 139 : // printf("The numba was: %X\n", ExecBuffer());
; 140 :
; 141 : // printf("The numba was: %X\n", ExecBuffer());
; 142 :
; 143 :
; 144 : /*NATIVE_CODE_BLOCK Block;
; 145 : NcDisassemble(&Block, TestBuffer, TestBufferSize);
; 146 : PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
; 143 : //}
; 144 :
; 145 :
; 146 : //NcDebugPrint(Post);
; 147 :
; 148 : NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink);
; 149 : ULONG AssembledSize;
; 150 : PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize);
; 151 : if (!AssembledBlock || !AssembledSize)
; 152 : {
; 153 : printf("Something failed nicka.\n");
; 154 : system("pause");
; 155 : return -1;
; 156 : }
; 157 : PUCHAR Tb = (PUCHAR)AssembledBlock;
; 158 : for (uint32_t i = 0; i < AssembledSize; i++)
; 159 : {
; 160 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
; 161 : }
; 162 : */
; 163 :
; 164 :
; 165 : //PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End);
; 166 : //NcDebugPrint(OpaqueBranch);
; 167 :
; 168 :
; 148 :
; 149 :
; 150 : /*NATIVE_CODE_BLOCK Block;
; 151 : NcDisassemble(&Block, TestBuffer, TestBufferSize);
; 152 : PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
; 153 :
; 154 : NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink);
; 155 : ULONG AssembledSize;
; 156 : PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize);
; 157 : if (!AssembledBlock || !AssembledSize)
; 158 : {
; 159 : printf("Something failed nicka.\n");
; 160 : system("pause");
; 161 : return -1;
; 162 : }
; 163 : PUCHAR Tb = (PUCHAR)AssembledBlock;
; 164 : for (uint32_t i = 0; i < AssembledSize; i++)
; 165 : {
; 166 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
; 167 : }
; 168 : */
; 169 :
; 170 : /*NATIVE_CODE_LINK T;
; 171 : T.RawDataSize = 10;
; 172 : T.RawData = new UCHAR[10];
; 173 : memset(T.RawData, 0xAA, 10);
; 174 : JIT_BITWISE_DATA Data;
; 175 : RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA));
; 176 : PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T);
; 177 : if (NewBlock)
; 178 : {
; 179 : printf("\n");
; 180 : NcDebugPrint(NewBlock);
; 181 : printf("\n");
; 182 : NcPrintBlockCode(NewBlock);
; 183 : }
; 184 : system("pause");*/
; 185 :
; 186 : }
00113 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp]
00117 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ
0011c 33 c0 xor eax, eax
0011e 8b f8 mov edi, eax
00120 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
00124 48 8d 15 00 00
; 170 :
; 171 : //PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End);
; 172 : //NcDebugPrint(OpaqueBranch);
; 173 :
; 174 :
; 175 :
; 176 : /*NATIVE_CODE_LINK T;
; 177 : T.RawDataSize = 10;
; 178 : T.RawData = new UCHAR[10];
; 179 : memset(T.RawData, 0xAA, 10);
; 180 : JIT_BITWISE_DATA Data;
; 181 : RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA));
; 182 : PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T);
; 183 : if (NewBlock)
; 184 : {
; 185 : printf("\n");
; 186 : NcDebugPrint(NewBlock);
; 187 : printf("\n");
; 188 : NcPrintBlockCode(NewBlock);
; 189 : }
; 190 : system("pause");*/
; 191 :
; 192 : }
0015e 48 8d 4d 08 lea rcx, QWORD PTR Block$[rbp]
00162 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ
00167 33 c0 xor eax, eax
00169 8b f8 mov edi, eax
0016b 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
0016f 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:main$rtcFrameData
0012b e8 00 00 00 00 call _RTC_CheckStackVars
00130 8b c7 mov eax, edi
00132 48 8b 8d a0 01
00176 e8 00 00 00 00 call _RTC_CheckStackVars
0017b 8b c7 mov eax, edi
0017d 48 8b 8d e0 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
00139 48 33 cd xor rcx, rbp
0013c e8 00 00 00 00 call __security_check_cookie
00141 48 8d a5 b8 01
00 00 lea rsp, QWORD PTR [rbp+440]
00148 5f pop rdi
00149 5d pop rbp
0014a c3 ret 0
00184 48 33 cd xor rcx, rbp
00187 e8 00 00 00 00 call __security_check_cookie
0018c 48 8d a5 f8 01
00 00 lea rsp, QWORD PTR [rbp+504]
00193 5f pop rdi
00194 5d pop rbp
00195 c3 ret 0
main ENDP
_TEXT ENDS
; COMDAT text$x
text$x SEGMENT
Block$ = 8
Obf$ = 88
AsmSize$ = 132
Asm$ = 168
Exec$ = 200
tv92 = 404
tv90 = 408
__$ArrayPad$ = 416
ByteSize$ = 132
InstSize$ = 164
AsmSize$ = 196
Asm$ = 232
Exec$ = 264
tv133 = 468
tv131 = 472
__$ArrayPad$ = 480
main$dtor$0 PROC
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
@ -8180,12 +8229,14 @@ text$x ENDS
text$x SEGMENT
Block$ = 8
Obf$ = 88
AsmSize$ = 132
Asm$ = 168
Exec$ = 200
tv92 = 404
tv90 = 408
__$ArrayPad$ = 416
ByteSize$ = 132
InstSize$ = 164
AsmSize$ = 196
Asm$ = 232
Exec$ = 264
tv133 = 468
tv131 = 472
__$ArrayPad$ = 480
main$dtor$0 PROC
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx

File diff suppressed because it is too large Load Diff

@ -221,8 +221,8 @@ $pdata$??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z DD imagerel $LN4
pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ DD imagerel $LN21
DD imagerel $LN21+284
$pdata$?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ DD imagerel $LN20
DD imagerel $LN20+272
DD imagerel $unwind$?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ
pdata ENDS
; COMDAT pdata
@ -877,7 +877,7 @@ End$ = 392
OpaqueBranchBlock$ = 400
?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z PROC ; ObfInsertOpaqueBranchBlock, COMDAT
; 117 : {
; 116 : {
$LN15:
00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
@ -898,7 +898,7 @@ $LN15:
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
0003b e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 118 : OpaqueBranchBlock->Start->Prev = Start->Prev;
; 117 : OpaqueBranchBlock->Start->Prev = Start->Prev;
00040 48 8b 85 90 01
00 00 mov rax, QWORD PTR OpaqueBranchBlock$[rbp]
@ -908,7 +908,7 @@ $LN15:
00051 48 8b 49 08 mov rcx, QWORD PTR [rcx+8]
00055 48 89 48 08 mov QWORD PTR [rax+8], rcx
; 119 : OpaqueBranchBlock->End->Next = End->Next;
; 118 : OpaqueBranchBlock->End->Next = End->Next;
00059 48 8b 85 90 01
00 00 mov rax, QWORD PTR OpaqueBranchBlock$[rbp]
@ -918,15 +918,15 @@ $LN15:
0006b 48 8b 09 mov rcx, QWORD PTR [rcx]
0006e 48 89 08 mov QWORD PTR [rax], rcx
; 120 :
; 121 : if (Start->Prev)
; 119 :
; 120 : if (Start->Prev)
00071 48 8b 85 80 01
00 00 mov rax, QWORD PTR Start$[rbp]
00078 48 83 78 08 00 cmp QWORD PTR [rax+8], 0
0007d 74 18 je SHORT $LN8@ObfInsertO
; 122 : Start->Prev->Next = OpaqueBranchBlock->Start;
; 121 : Start->Prev->Next = OpaqueBranchBlock->Start;
0007f 48 8b 85 80 01
00 00 mov rax, QWORD PTR Start$[rbp]
@ -937,14 +937,14 @@ $LN15:
00094 48 89 08 mov QWORD PTR [rax], rcx
$LN8@ObfInsertO:
; 123 : if (End->Next)
; 122 : if (End->Next)
00097 48 8b 85 88 01
00 00 mov rax, QWORD PTR End$[rbp]
0009e 48 83 38 00 cmp QWORD PTR [rax], 0
000a2 74 19 je SHORT $LN9@ObfInsertO
; 124 : End->Next->Prev = OpaqueBranchBlock->End;
; 123 : End->Next->Prev = OpaqueBranchBlock->End;
000a4 48 8b 85 88 01
00 00 mov rax, QWORD PTR End$[rbp]
@ -955,8 +955,8 @@ $LN8@ObfInsertO:
000b9 48 89 48 08 mov QWORD PTR [rax+8], rcx
$LN9@ObfInsertO:
; 125 :
; 126 : if (Start->Block->Start == Start)
; 124 :
; 125 : if (Start->Block->Start == Start)
000bd 48 8b 85 80 01
00 00 mov rax, QWORD PTR Start$[rbp]
@ -966,7 +966,7 @@ $LN9@ObfInsertO:
000cf 48 39 08 cmp QWORD PTR [rax], rcx
000d2 75 18 jne SHORT $LN10@ObfInsertO
; 127 : Start->Block->Start = OpaqueBranchBlock->Start;
; 126 : Start->Block->Start = OpaqueBranchBlock->Start;
000d4 48 8b 85 80 01
00 00 mov rax, QWORD PTR Start$[rbp]
@ -977,8 +977,8 @@ $LN9@ObfInsertO:
000e9 48 89 08 mov QWORD PTR [rax], rcx
$LN10@ObfInsertO:
; 128 :
; 129 : if (Start->Block->End == End)
; 127 :
; 128 : if (Start->Block->End == End)
000ec 48 8b 85 80 01
00 00 mov rax, QWORD PTR Start$[rbp]
@ -988,7 +988,7 @@ $LN10@ObfInsertO:
000fe 48 39 48 08 cmp QWORD PTR [rax+8], rcx
00102 75 1a jne SHORT $LN11@ObfInsertO
; 130 : Start->Block->End = OpaqueBranchBlock->End;
; 129 : Start->Block->End = OpaqueBranchBlock->End;
00104 48 8b 85 80 01
00 00 mov rax, QWORD PTR Start$[rbp]
@ -999,9 +999,9 @@ $LN10@ObfInsertO:
0011a 48 89 48 08 mov QWORD PTR [rax+8], rcx
$LN11@ObfInsertO:
; 131 :
; 132 : //Update group for the current isntructions
; 133 : for (PNATIVE_CODE_LINK T = OpaqueBranchBlock->Start; T && T != OpaqueBranchBlock->End->Next; T = T->Next)
; 130 :
; 131 : //Update group for the current isntructions
; 132 : for (PNATIVE_CODE_LINK T = OpaqueBranchBlock->Start; T && T != OpaqueBranchBlock->End->Next; T = T->Next)
0011e 48 8b 85 90 01
00 00 mov rax, QWORD PTR OpaqueBranchBlock$[rbp]
@ -1022,7 +1022,7 @@ $LN4@ObfInsertO:
0014e 48 39 45 08 cmp QWORD PTR T$1[rbp], rax
00152 74 15 je SHORT $LN3@ObfInsertO
; 134 : T->Block = Start->Block;
; 133 : T->Block = Start->Block;
00154 48 8b 45 08 mov rax, QWORD PTR T$1[rbp]
00158 48 8b 8d 80 01
@ -1032,15 +1032,15 @@ $LN4@ObfInsertO:
00167 eb c5 jmp SHORT $LN2@ObfInsertO
$LN3@ObfInsertO:
; 135 :
; 136 : PNATIVE_CODE_LINK EndBlock = End->Next;
; 134 :
; 135 : PNATIVE_CODE_LINK EndBlock = End->Next;
00169 48 8b 85 88 01
00 00 mov rax, QWORD PTR End$[rbp]
00170 48 8b 00 mov rax, QWORD PTR [rax]
00173 48 89 45 28 mov QWORD PTR EndBlock$[rbp], rax
; 137 : for (PNATIVE_CODE_LINK T = Start; T && T != EndBlock;)
; 136 : for (PNATIVE_CODE_LINK T = Start; T && T != EndBlock;)
00177 48 8b 85 80 01
00 00 mov rax, QWORD PTR Start$[rbp]
@ -1052,14 +1052,14 @@ $LN5@ObfInsertO:
0018d 48 39 45 48 cmp QWORD PTR T$2[rbp], rax
00191 74 4f je SHORT $LN6@ObfInsertO
; 138 : {
; 139 : PNATIVE_CODE_LINK RealNext = T->Next;
; 137 : {
; 138 : PNATIVE_CODE_LINK RealNext = T->Next;
00193 48 8b 45 48 mov rax, QWORD PTR T$2[rbp]
00197 48 8b 00 mov rax, QWORD PTR [rax]
0019a 48 89 45 68 mov QWORD PTR RealNext$3[rbp], rax
; 140 : delete T;
; 139 : delete T;
0019e 48 8b 45 48 mov rax, QWORD PTR T$2[rbp]
001a2 48 89 85 48 01
@ -1080,21 +1080,21 @@ $LN13@ObfInsertO:
00 mov QWORD PTR tv140[rbp], 0
$LN14@ObfInsertO:
; 141 : T = RealNext;
; 140 : T = RealNext;
001d8 48 8b 45 68 mov rax, QWORD PTR RealNext$3[rbp]
001dc 48 89 45 48 mov QWORD PTR T$2[rbp], rax
; 142 : }
; 141 : }
001e0 eb a0 jmp SHORT $LN5@ObfInsertO
$LN6@ObfInsertO:
; 143 : return TRUE;
; 142 : return TRUE;
001e2 b8 01 00 00 00 mov eax, 1
; 144 : }
; 143 : }
001e7 48 8d a5 68 01
00 00 lea rsp, QWORD PTR [rbp+360]
@ -1123,7 +1123,7 @@ JccLabel$ = 464
JmpLabel$ = 472
?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z PROC ; ObfCombineOpaqueBranches, COMDAT
; 94 : {
; 93 : {
$LN13:
00000 44 89 4c 24 20 mov DWORD PTR [rsp+32], r9d
@ -1145,7 +1145,7 @@ $LN13:
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
00040 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 95 : PNATIVE_CODE_LINK Jcc = ObfGenRandomJcc(JccLabel);
; 94 : PNATIVE_CODE_LINK Jcc = ObfGenRandomJcc(JccLabel);
00045 ba 20 00 00 00 mov edx, 32 ; 00000020H
0004a 8b 8d d0 01 00
@ -1153,18 +1153,18 @@ $LN13:
00050 e8 00 00 00 00 call ?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z ; ObfGenRandomJcc
00055 48 89 45 08 mov QWORD PTR Jcc$[rbp], rax
; 96 : if (!Jcc)
; 95 : if (!Jcc)
00059 48 83 7d 08 00 cmp QWORD PTR Jcc$[rbp], 0
0005e 75 07 jne SHORT $LN2@ObfCombine
; 97 : return FALSE;
; 96 : return FALSE;
00060 33 c0 xor eax, eax
00062 e9 83 01 00 00 jmp $LN1@ObfCombine
$LN2@ObfCombine:
; 98 : PNATIVE_CODE_LINK Jmp = ObfGenJmpToLabel(JmpLabel);
; 97 : PNATIVE_CODE_LINK Jmp = ObfGenJmpToLabel(JmpLabel);
00067 ba 20 00 00 00 mov edx, 32 ; 00000020H
0006c 8b 8d d8 01 00
@ -1172,13 +1172,13 @@ $LN2@ObfCombine:
00072 e8 00 00 00 00 call ?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z ; ObfGenJmpToLabel
00077 48 89 45 28 mov QWORD PTR Jmp$[rbp], rax
; 99 : if (!Jmp)
; 98 : if (!Jmp)
0007b 48 83 7d 28 00 cmp QWORD PTR Jmp$[rbp], 0
00080 75 41 jne SHORT $LN3@ObfCombine
; 100 : {
; 101 : delete Jcc;
; 99 : {
; 100 : delete Jcc;
00082 48 8b 45 08 mov rax, QWORD PTR Jcc$[rbp]
00086 48 89 85 08 01
@ -1199,30 +1199,30 @@ $LN5@ObfCombine:
00 mov QWORD PTR tv76[rbp], 0
$LN6@ObfCombine:
; 102 : return FALSE;
; 101 : return FALSE;
000bc 33 c0 xor eax, eax
000be e9 27 01 00 00 jmp $LN1@ObfCombine
$LN3@ObfCombine:
; 103 : }
; 104 :
; 105 : NcPrependToBlock(NotTaken, Jcc);
; 102 : }
; 103 :
; 104 : NcPrependToBlock(NotTaken, Jcc);
000c3 48 8b 55 08 mov rdx, QWORD PTR Jcc$[rbp]
000c7 48 8b 8d c0 01
00 00 mov rcx, QWORD PTR NotTaken$[rbp]
000ce e8 00 00 00 00 call ?NcPrependToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcPrependToBlock
; 106 : NcAppendToBlock(NotTaken, Jmp);
; 105 : NcAppendToBlock(NotTaken, Jmp);
000d3 48 8b 55 28 mov rdx, QWORD PTR Jmp$[rbp]
000d7 48 8b 8d c0 01
00 00 mov rcx, QWORD PTR NotTaken$[rbp]
000de e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 107 :
; 108 : NcPrependToBlock(Taken, new NATIVE_CODE_LINK(JccLabel, Taken));
; 106 :
; 107 : NcPrependToBlock(Taken, new NATIVE_CODE_LINK(JccLabel, Taken));
000e3 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
000e8 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -1256,7 +1256,7 @@ $LN8@ObfCombine:
00 00 mov rcx, QWORD PTR Taken$[rbp]
00147 e8 00 00 00 00 call ?NcPrependToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcPrependToBlock
; 109 : NcAppendToBlock(Taken, new NATIVE_CODE_LINK(JmpLabel, Taken));
; 108 : NcAppendToBlock(Taken, new NATIVE_CODE_LINK(JmpLabel, Taken));
0014c b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
00151 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -1290,8 +1290,8 @@ $LN10@ObfCombine:
00 00 mov rcx, QWORD PTR Taken$[rbp]
001b0 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 110 :
; 111 : NcInsertBlockAfter(NotTaken->End, Taken, FALSE);
; 109 :
; 110 : NcInsertBlockAfter(NotTaken->End, Taken, FALSE);
001b5 45 33 c0 xor r8d, r8d
001b8 48 8b 95 c8 01
@ -1301,7 +1301,7 @@ $LN10@ObfCombine:
001c6 48 8b 48 08 mov rcx, QWORD PTR [rax+8]
001ca e8 00 00 00 00 call ?NcInsertBlockAfter@@YAHPEAU_NATIVE_CODE_LINK@@PEAU_NATIVE_CODE_BLOCK@@H@Z ; NcInsertBlockAfter
; 112 : NotTaken->End = Taken->End;
; 111 : NotTaken->End = Taken->End;
001cf 48 8b 85 c0 01
00 00 mov rax, QWORD PTR NotTaken$[rbp]
@ -1310,12 +1310,12 @@ $LN10@ObfCombine:
001dd 48 8b 49 08 mov rcx, QWORD PTR [rcx+8]
001e1 48 89 48 08 mov QWORD PTR [rax+8], rcx
; 113 : return TRUE;
; 112 : return TRUE;
001e5 b8 01 00 00 00 mov eax, 1
$LN1@ObfCombine:
; 114 : }
; 113 : }
001ea 48 8d a5 a8 01
00 00 lea rsp, QWORD PTR [rbp+424]
@ -1469,7 +1469,7 @@ NotTaken$ = 256
Taken$ = 264
?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z PROC ; ObfCreateOpaqueBranches, COMDAT
; 89 : {
; 88 : {
$LN5:
00000 4c 89 4c 24 20 mov QWORD PTR [rsp+32], r9
@ -1491,7 +1491,7 @@ $LN5:
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
00040 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 90 : return (NcDeepCopyPartialBlock(Start, End, Taken) && !NcDeepCopyPartialBlock(Start, End, NotTaken));
; 89 : return (NcDeepCopyPartialBlock(Start, End, Taken) && !NcDeepCopyPartialBlock(Start, End, NotTaken));
00045 4c 8b 85 08 01
00 00 mov r8, QWORD PTR Taken$[rbp]
@ -1521,7 +1521,7 @@ $LN4@ObfCreateO:
00097 8b 85 c0 00 00
00 mov eax, DWORD PTR tv74[rbp]
; 91 : }
; 90 : }
0009d 48 8d a5 d8 00
00 00 lea rsp, QWORD PTR [rbp+216]
@ -1553,7 +1553,7 @@ LabelId$ = 1776
DisplacementWidth$ = 1784
?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z PROC ; ObfGenJmpToLabel, COMDAT
; 58 : {
; 57 : {
$LN11:
00000 89 54 24 10 mov DWORD PTR [rsp+16], edx
@ -1579,23 +1579,23 @@ $LN11:
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
00045 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 59 : XED_STATE MachineState;
; 60 : MachineState.mmode = XED_MACHINE_MODE_LONG_64;
; 58 : XED_STATE MachineState;
; 59 : MachineState.mmode = XED_MACHINE_MODE_LONG_64;
0004a c7 45 08 01 00
00 00 mov DWORD PTR MachineState$[rbp], 1
; 61 : MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b;
; 60 : MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b;
00051 c7 45 0c 08 00
00 00 mov DWORD PTR MachineState$[rbp+4], 8
; 62 : XED_ENCODER_INSTRUCTION EncoderInstruction;
; 63 : XED_ENCODER_REQUEST EncoderRequest;
; 64 : UCHAR EncodeBuffer[15];
; 65 : UINT ReturnedSize;
; 66 :
; 67 : XedInst1(&EncoderInstruction, MachineState, XED_ICLASS_JMP, DisplacementWidth, XedRelBr(0, DisplacementWidth));
; 61 : XED_ENCODER_INSTRUCTION EncoderInstruction;
; 62 : XED_ENCODER_REQUEST EncoderRequest;
; 63 : UCHAR EncodeBuffer[15];
; 64 : UINT ReturnedSize;
; 65 :
; 66 : XedInst1(&EncoderInstruction, MachineState, XED_ICLASS_JMP, DisplacementWidth, XedRelBr(0, DisplacementWidth));
00058 44 8b 85 f8 06
00 00 mov r8d, DWORD PTR DisplacementWidth$[rbp]
@ -1628,15 +1628,15 @@ $LN11:
000b9 48 8d 4d 30 lea rcx, QWORD PTR EncoderInstruction$[rbp]
000bd e8 00 00 00 00 call xed_inst1
; 68 :
; 69 : XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState);
; 67 :
; 68 : XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState);
000c2 48 8d 55 08 lea rdx, QWORD PTR MachineState$[rbp]
000c6 48 8d 8d f0 01
00 00 lea rcx, QWORD PTR EncoderRequest$[rbp]
000cd e8 00 00 00 00 call xed_encoder_request_zero_set_mode
; 70 : if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction))
; 69 : if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction))
000d2 48 8d 55 30 lea rdx, QWORD PTR EncoderInstruction$[rbp]
000d6 48 8d 8d f0 01
@ -1645,14 +1645,14 @@ $LN11:
000e2 85 c0 test eax, eax
000e4 75 07 jne SHORT $LN2@ObfGenJmpT
; 71 : return NULL;
; 70 : return NULL;
000e6 33 c0 xor eax, eax
000e8 e9 30 01 00 00 jmp $LN1@ObfGenJmpT
$LN2@ObfGenJmpT:
; 72 :
; 73 : if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize))
; 71 :
; 72 : if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize))
000ed 4c 8d 8d f4 02
00 00 lea r9, QWORD PTR ReturnedSize$[rbp]
@ -1666,14 +1666,14 @@ $LN2@ObfGenJmpT:
0010d 85 c0 test eax, eax
0010f 74 07 je SHORT $LN3@ObfGenJmpT
; 74 : return NULL;
; 73 : return NULL;
00111 33 c0 xor eax, eax
00113 e9 05 01 00 00 jmp $LN1@ObfGenJmpT
$LN3@ObfGenJmpT:
; 75 :
; 76 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, EncodeBuffer, ReturnedSize);
; 74 :
; 75 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, EncodeBuffer, ReturnedSize);
00118 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
0011d e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -1709,7 +1709,7 @@ $LN7@ObfGenJmpT:
00183 48 89 85 18 03
00 00 mov QWORD PTR Link$[rbp], rax
; 77 : if (XED_ERROR_NONE != XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize))
; 76 : if (XED_ERROR_NONE != XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize))
0018a 48 8b 85 18 03
00 00 mov rax, QWORD PTR Link$[rbp]
@ -1725,8 +1725,8 @@ $LN7@ObfGenJmpT:
001b3 85 c0 test eax, eax
001b5 74 41 je SHORT $LN4@ObfGenJmpT
; 78 : {
; 79 : delete Link;
; 77 : {
; 78 : delete Link;
001b7 48 8b 85 18 03
00 00 mov rax, QWORD PTR Link$[rbp]
@ -1748,14 +1748,14 @@ $LN8@ObfGenJmpT:
00 mov QWORD PTR tv145[rbp], 0
$LN9@ObfGenJmpT:
; 80 : return NULL;
; 79 : return NULL;
001f4 33 c0 xor eax, eax
001f6 eb 25 jmp SHORT $LN1@ObfGenJmpT
$LN4@ObfGenJmpT:
; 81 : }
; 82 : Link->Label = LabelId;
; 80 : }
; 81 : Link->Label = LabelId;
001f8 48 8b 85 18 03
00 00 mov rax, QWORD PTR Link$[rbp]
@ -1763,21 +1763,21 @@ $LN4@ObfGenJmpT:
00 mov ecx, DWORD PTR LabelId$[rbp]
00205 89 48 1c mov DWORD PTR [rax+28], ecx
; 83 : Link->Flags = (CODE_FLAG_IS_INST | CODE_FLAG_IS_REL_JMP);
; 82 : Link->Flags = (CODE_FLAG_IS_INST | CODE_FLAG_IS_REL_JMP);
00208 48 8b 85 18 03
00 00 mov rax, QWORD PTR Link$[rbp]
0020f c7 40 18 06 00
00 00 mov DWORD PTR [rax+24], 6
; 84 :
; 85 : return Link;
; 83 :
; 84 : return Link;
00216 48 8b 85 18 03
00 00 mov rax, QWORD PTR Link$[rbp]
$LN1@ObfGenJmpT:
; 86 : }
; 85 : }
0021d 48 8b f8 mov rdi, rax
00220 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
@ -1895,7 +1895,7 @@ LabelId$ = 1808
DisplacementWidth$ = 1816
?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z PROC ; ObfGenRandomJcc, COMDAT
; 27 : {
; 26 : {
$LN11:
00000 89 54 24 10 mov DWORD PTR [rsp+16], edx
@ -1921,23 +1921,23 @@ $LN11:
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
00045 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 28 : XED_STATE MachineState;
; 29 : MachineState.mmode = XED_MACHINE_MODE_LONG_64;
; 27 : XED_STATE MachineState;
; 28 : MachineState.mmode = XED_MACHINE_MODE_LONG_64;
0004a c7 45 08 01 00
00 00 mov DWORD PTR MachineState$[rbp], 1
; 30 : MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b;
; 29 : MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b;
00051 c7 45 0c 08 00
00 00 mov DWORD PTR MachineState$[rbp+4], 8
; 31 : XED_ENCODER_INSTRUCTION EncoderInstruction;
; 32 : XED_ENCODER_REQUEST EncoderRequest;
; 33 : UCHAR EncodeBuffer[15];
; 34 : UINT ReturnedSize;
; 35 :
; 36 : XedInst1(&EncoderInstruction, MachineState, ObfGetRandomJccClass(), DisplacementWidth, XedRelBr(0, DisplacementWidth));
; 30 : XED_ENCODER_INSTRUCTION EncoderInstruction;
; 31 : XED_ENCODER_REQUEST EncoderRequest;
; 32 : UCHAR EncodeBuffer[15];
; 33 : UINT ReturnedSize;
; 34 :
; 35 : XedInst1(&EncoderInstruction, MachineState, ObfGetRandomJccClass(), DisplacementWidth, XedRelBr(0, DisplacementWidth));
00058 44 8b 85 18 07
00 00 mov r8d, DWORD PTR DisplacementWidth$[rbp]
@ -1977,15 +1977,15 @@ $LN11:
000d3 48 8d 4d 30 lea rcx, QWORD PTR EncoderInstruction$[rbp]
000d7 e8 00 00 00 00 call xed_inst1
; 37 :
; 38 : XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState);
; 36 :
; 37 : XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState);
000dc 48 8d 55 08 lea rdx, QWORD PTR MachineState$[rbp]
000e0 48 8d 8d f0 01
00 00 lea rcx, QWORD PTR EncoderRequest$[rbp]
000e7 e8 00 00 00 00 call xed_encoder_request_zero_set_mode
; 39 : if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction))
; 38 : if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction))
000ec 48 8d 55 30 lea rdx, QWORD PTR EncoderInstruction$[rbp]
000f0 48 8d 8d f0 01
@ -1994,14 +1994,14 @@ $LN11:
000fc 85 c0 test eax, eax
000fe 75 07 jne SHORT $LN2@ObfGenRand
; 40 : return NULL;
; 39 : return NULL;
00100 33 c0 xor eax, eax
00102 e9 30 01 00 00 jmp $LN1@ObfGenRand
$LN2@ObfGenRand:
; 41 :
; 42 : if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize))
; 40 :
; 41 : if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize))
00107 4c 8d 8d f4 02
00 00 lea r9, QWORD PTR ReturnedSize$[rbp]
@ -2015,14 +2015,14 @@ $LN2@ObfGenRand:
00127 85 c0 test eax, eax
00129 74 07 je SHORT $LN3@ObfGenRand
; 43 : return NULL;
; 42 : return NULL;
0012b 33 c0 xor eax, eax
0012d e9 05 01 00 00 jmp $LN1@ObfGenRand
$LN3@ObfGenRand:
; 44 :
; 45 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, EncodeBuffer, ReturnedSize);
; 43 :
; 44 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, EncodeBuffer, ReturnedSize);
00132 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
00137 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -2058,7 +2058,7 @@ $LN7@ObfGenRand:
0019d 48 89 85 18 03
00 00 mov QWORD PTR Link$[rbp], rax
; 46 : if (XED_ERROR_NONE != XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize))
; 45 : if (XED_ERROR_NONE != XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize))
001a4 48 8b 85 18 03
00 00 mov rax, QWORD PTR Link$[rbp]
@ -2074,8 +2074,8 @@ $LN7@ObfGenRand:
001cd 85 c0 test eax, eax
001cf 74 41 je SHORT $LN4@ObfGenRand
; 47 : {
; 48 : delete Link;
; 46 : {
; 47 : delete Link;
001d1 48 8b 85 18 03
00 00 mov rax, QWORD PTR Link$[rbp]
@ -2097,14 +2097,14 @@ $LN8@ObfGenRand:
00 mov QWORD PTR tv149[rbp], 0
$LN9@ObfGenRand:
; 49 : return NULL;
; 48 : return NULL;
0020e 33 c0 xor eax, eax
00210 eb 25 jmp SHORT $LN1@ObfGenRand
$LN4@ObfGenRand:
; 50 : }
; 51 : Link->Label = LabelId;
; 49 : }
; 50 : Link->Label = LabelId;
00212 48 8b 85 18 03
00 00 mov rax, QWORD PTR Link$[rbp]
@ -2112,21 +2112,21 @@ $LN4@ObfGenRand:
00 mov ecx, DWORD PTR LabelId$[rbp]
0021f 89 48 1c mov DWORD PTR [rax+28], ecx
; 52 : Link->Flags = (CODE_FLAG_IS_INST | CODE_FLAG_IS_REL_JMP);
; 51 : Link->Flags = (CODE_FLAG_IS_INST | CODE_FLAG_IS_REL_JMP);
00222 48 8b 85 18 03
00 00 mov rax, QWORD PTR Link$[rbp]
00229 c7 40 18 06 00
00 00 mov DWORD PTR [rax+24], 6
; 53 :
; 54 : return Link;
; 52 :
; 53 : return Link;
00230 48 8b 85 18 03
00 00 mov rax, QWORD PTR Link$[rbp]
$LN1@ObfGenRand:
; 55 : }
; 54 : }
00237 48 8b f8 mov rdi, rax
0023a 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
@ -2232,7 +2232,7 @@ tv66 = 192
; 4 : {
$LN21:
$LN20:
00000 40 55 push rbp
00002 57 push rdi
00003 48 81 ec f8 00
@ -2246,151 +2246,143 @@ $LN21:
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
00025 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 5 : switch (rand() % 15)
; 5 : switch (rand() % 14)
0002a ff 15 00 00 00
00 call QWORD PTR __imp_rand
00030 99 cdq
00031 b9 0f 00 00 00 mov ecx, 15
00031 b9 0e 00 00 00 mov ecx, 14
00036 f7 f9 idiv ecx
00038 8b c2 mov eax, edx
0003a 89 85 c0 00 00
00 mov DWORD PTR tv66[rbp], eax
00040 83 bd c0 00 00
00 0e cmp DWORD PTR tv66[rbp], 14
00047 0f 87 83 00 00
00 ja $LN2@ObfGetRand
0004d 48 63 85 c0 00
00047 77 7c ja SHORT $LN2@ObfGetRand
00049 48 63 85 c0 00
00 00 movsxd rax, DWORD PTR tv66[rbp]
00054 48 8d 0d 00 00
00050 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:__ImageBase
0005b 8b 84 81 00 00
00 00 mov eax, DWORD PTR $LN20@ObfGetRand[rcx+rax*4]
00062 48 03 c1 add rax, rcx
00065 ff e0 jmp rax
00057 8b 84 81 00 00
00 00 mov eax, DWORD PTR $LN19@ObfGetRand[rcx+rax*4]
0005e 48 03 c1 add rax, rcx
00061 ff e0 jmp rax
$LN4@ObfGetRand:
; 6 : {
; 7 : case 0: return XED_ICLASS_JL;
00067 b8 3a 01 00 00 mov eax, 314 ; 0000013aH
0006c eb 67 jmp SHORT $LN1@ObfGetRand
00063 b8 3a 01 00 00 mov eax, 314 ; 0000013aH
00068 eb 60 jmp SHORT $LN1@ObfGetRand
$LN5@ObfGetRand:
; 8 : case 1: return XED_ICLASS_JLE;
0006e b8 3b 01 00 00 mov eax, 315 ; 0000013bH
00073 eb 60 jmp SHORT $LN1@ObfGetRand
0006a b8 3b 01 00 00 mov eax, 315 ; 0000013bH
0006f eb 59 jmp SHORT $LN1@ObfGetRand
$LN6@ObfGetRand:
; 9 : case 2: return XED_ICLASS_JNB;
00075 b8 3e 01 00 00 mov eax, 318 ; 0000013eH
0007a eb 59 jmp SHORT $LN1@ObfGetRand
00071 b8 3e 01 00 00 mov eax, 318 ; 0000013eH
00076 eb 52 jmp SHORT $LN1@ObfGetRand
$LN7@ObfGetRand:
; 10 : case 3: return XED_ICLASS_JNBE;
0007c b8 3f 01 00 00 mov eax, 319 ; 0000013fH
00081 eb 52 jmp SHORT $LN1@ObfGetRand
00078 b8 3f 01 00 00 mov eax, 319 ; 0000013fH
0007d eb 4b jmp SHORT $LN1@ObfGetRand
$LN8@ObfGetRand:
; 11 : case 4: return XED_ICLASS_JNL;
00083 b8 40 01 00 00 mov eax, 320 ; 00000140H
00088 eb 4b jmp SHORT $LN1@ObfGetRand
0007f b8 40 01 00 00 mov eax, 320 ; 00000140H
00084 eb 44 jmp SHORT $LN1@ObfGetRand
$LN9@ObfGetRand:
; 12 : case 5: return XED_ICLASS_JNLE;
0008a b8 41 01 00 00 mov eax, 321 ; 00000141H
0008f eb 44 jmp SHORT $LN1@ObfGetRand
00086 b8 41 01 00 00 mov eax, 321 ; 00000141H
0008b eb 3d jmp SHORT $LN1@ObfGetRand
$LN10@ObfGetRand:
; 13 : case 6: return XED_ICLASS_JNO;
00091 b8 42 01 00 00 mov eax, 322 ; 00000142H
00096 eb 3d jmp SHORT $LN1@ObfGetRand
0008d b8 42 01 00 00 mov eax, 322 ; 00000142H
00092 eb 36 jmp SHORT $LN1@ObfGetRand
$LN11@ObfGetRand:
; 14 : case 7: return XED_ICLASS_JNP;
00098 b8 43 01 00 00 mov eax, 323 ; 00000143H
0009d eb 36 jmp SHORT $LN1@ObfGetRand
00094 b8 43 01 00 00 mov eax, 323 ; 00000143H
00099 eb 2f jmp SHORT $LN1@ObfGetRand
$LN12@ObfGetRand:
; 15 : case 8: return XED_ICLASS_JNS;
0009f b8 44 01 00 00 mov eax, 324 ; 00000144H
000a4 eb 2f jmp SHORT $LN1@ObfGetRand
0009b b8 44 01 00 00 mov eax, 324 ; 00000144H
000a0 eb 28 jmp SHORT $LN1@ObfGetRand
$LN13@ObfGetRand:
; 16 : case 9: return XED_ICLASS_JNZ;
000a6 b8 45 01 00 00 mov eax, 325 ; 00000145H
000ab eb 28 jmp SHORT $LN1@ObfGetRand
000a2 b8 45 01 00 00 mov eax, 325 ; 00000145H
000a7 eb 21 jmp SHORT $LN1@ObfGetRand
$LN14@ObfGetRand:
; 17 : case 10: return XED_ICLASS_JO;
000ad b8 46 01 00 00 mov eax, 326 ; 00000146H
000b2 eb 21 jmp SHORT $LN1@ObfGetRand
000a9 b8 46 01 00 00 mov eax, 326 ; 00000146H
000ae eb 1a jmp SHORT $LN1@ObfGetRand
$LN15@ObfGetRand:
; 18 : case 11: return XED_ICLASS_JP;
000b4 b8 47 01 00 00 mov eax, 327 ; 00000147H
000b9 eb 1a jmp SHORT $LN1@ObfGetRand
000b0 b8 47 01 00 00 mov eax, 327 ; 00000147H
000b5 eb 13 jmp SHORT $LN1@ObfGetRand
$LN16@ObfGetRand:
; 19 : case 12: return XED_ICLASS_JRCXZ;
; 19 : case 13: return XED_ICLASS_JS;
000bb b8 48 01 00 00 mov eax, 328 ; 00000148H
000c0 eb 13 jmp SHORT $LN1@ObfGetRand
000b7 b8 49 01 00 00 mov eax, 329 ; 00000149H
000bc eb 0c jmp SHORT $LN1@ObfGetRand
$LN17@ObfGetRand:
; 20 : case 13: return XED_ICLASS_JS;
; 20 : case 14: return XED_ICLASS_JZ;
000c2 b8 49 01 00 00 mov eax, 329 ; 00000149H
000c7 eb 0c jmp SHORT $LN1@ObfGetRand
$LN18@ObfGetRand:
; 21 : case 14: return XED_ICLASS_JZ;
000c9 b8 4a 01 00 00 mov eax, 330 ; 0000014aH
000ce eb 05 jmp SHORT $LN1@ObfGetRand
000be b8 4a 01 00 00 mov eax, 330 ; 0000014aH
000c3 eb 05 jmp SHORT $LN1@ObfGetRand
$LN2@ObfGetRand:
; 22 : }
; 23 : return XED_ICLASS_JLE;
; 21 : }
; 22 : return XED_ICLASS_JLE;
000d0 b8 3b 01 00 00 mov eax, 315 ; 0000013bH
000c5 b8 3b 01 00 00 mov eax, 315 ; 0000013bH
$LN1@ObfGetRand:
; 24 : }
; 23 : }
000d5 48 8d a5 d8 00
000ca 48 8d a5 d8 00
00 00 lea rsp, QWORD PTR [rbp+216]
000dc 5f pop rdi
000dd 5d pop rbp
000de c3 ret 0
000df 90 npad 1
$LN20@ObfGetRand:
000e0 00 00 00 00 DD $LN4@ObfGetRand
000e4 00 00 00 00 DD $LN5@ObfGetRand
000e8 00 00 00 00 DD $LN6@ObfGetRand
000ec 00 00 00 00 DD $LN7@ObfGetRand
000f0 00 00 00 00 DD $LN8@ObfGetRand
000f4 00 00 00 00 DD $LN9@ObfGetRand
000f8 00 00 00 00 DD $LN10@ObfGetRand
000fc 00 00 00 00 DD $LN11@ObfGetRand
00100 00 00 00 00 DD $LN12@ObfGetRand
00104 00 00 00 00 DD $LN13@ObfGetRand
00108 00 00 00 00 DD $LN14@ObfGetRand
0010c 00 00 00 00 DD $LN15@ObfGetRand
00110 00 00 00 00 DD $LN16@ObfGetRand
00114 00 00 00 00 DD $LN17@ObfGetRand
00118 00 00 00 00 DD $LN18@ObfGetRand
000d1 5f pop rdi
000d2 5d pop rbp
000d3 c3 ret 0
$LN19@ObfGetRand:
000d4 00 00 00 00 DD $LN4@ObfGetRand
000d8 00 00 00 00 DD $LN5@ObfGetRand
000dc 00 00 00 00 DD $LN6@ObfGetRand
000e0 00 00 00 00 DD $LN7@ObfGetRand
000e4 00 00 00 00 DD $LN8@ObfGetRand
000e8 00 00 00 00 DD $LN9@ObfGetRand
000ec 00 00 00 00 DD $LN10@ObfGetRand
000f0 00 00 00 00 DD $LN11@ObfGetRand
000f4 00 00 00 00 DD $LN12@ObfGetRand
000f8 00 00 00 00 DD $LN13@ObfGetRand
000fc 00 00 00 00 DD $LN14@ObfGetRand
00100 00 00 00 00 DD $LN15@ObfGetRand
00104 00 00 00 00 DD $LN2@ObfGetRand
00108 00 00 00 00 DD $LN16@ObfGetRand
0010c 00 00 00 00 DD $LN17@ObfGetRand
?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ ENDP ; ObfGetRandomJccClass
_TEXT ENDS
; Function compile flags: /Odtp /RTCsu /ZI

Loading…
Cancel
Save