Iizerd
/
Code_Virtualizer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

opque branches done

Browse Source
main
James 3 years ago
parent fa0967c2d5
commit a5e6073848
18 changed files with 6726 additions and 13981 deletions
Show Stats Download Patch File Download Diff File

117
CodeVirtualizer/Main.cpp
Unescape View File

@ -45,56 +45,73 @@ int main()
XedTablesInit();
srand(time(NULL));
PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2));
PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776);
PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776);
PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst);
PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst);
NcAppendToBlock(Pre1, Return1776);
NcInsertBlockAfter(Pre1->End, Post1, 0);
Pre1->End = Post1->End;
NcInsertBlockAfter(Pre1->End, Pre2, 0);
Pre1->End = Pre2->End;
NcAppendToBlock(Pre1, RetInst);
NcInsertBlockAfter(Pre1->End, Post2, 0);
Pre1->End = Post2->End;
/*Pre->Start = Return1776;
Pre->End = Return1776;*/
for (ULONG i = 0; i < Return1776->RawDataSize; i++)
Return1776->RawData[i] = (UCHAR)rand();
for (ULONG i = 0; i < RetInst->RawDataSize; i++)
RetInst->RawData[i] = (UCHAR)rand();
/*NcDebugPrint(Pre);
NcPrintBlockCode(Pre);*/
ULONG AsmLen;
PVOID Asm = NcAssemble(Pre1, &AsmLen);
PUCHAR Tb = (PUCHAR)Asm;
for (uint32_t i = 0; i < AsmLen; i++)
{
std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
}
system("pause");
typedef ULONG64(*FnGet1776)();
FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen);
if (ExecBuffer)
{
printf("The numba was: %X\n", ExecBuffer());
printf("The numba was: %X\n", ExecBuffer());
printf("The numba was: %X\n", ExecBuffer());
printf("The numba was: %X\n", ExecBuffer());
}
NATIVE_CODE_BLOCK Block;
NcDisassemble(&Block, TestBuffer, TestBufferSize);
NATIVE_CODE_BLOCK NotTaken;
NATIVE_CODE_BLOCK Taken;
printf("\n\nOriginal\n");
NcDebugPrint(&Block);
ObfCreateOpaqueBranches(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken, &Taken);
//printf("\n\nNotTaken\n");
//NcDebugPrint(&NotTaken);
//printf("\n\nTaken\n");
//NcDebugPrint(&Taken);
//printf("\n\nCombined\n");
ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(&Block), NcGenUnusedLabelId(&Block));
ObfInsertOpaqueBranchBlock(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken);
printf("\n\nNew\n");
NcDebugPrint(&Block);
//PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
//PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2));
//PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776);
//PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776);
//PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst);
//PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst);
//NcAppendToBlock(Pre1, Return1776);
//NcInsertBlockAfter(Pre1->End, Post1, 0);
//Pre1->End = Post1->End;
//NcInsertBlockAfter(Pre1->End, Pre2, 0);
//Pre1->End = Pre2->End;
//NcAppendToBlock(Pre1, RetInst);
//NcInsertBlockAfter(Pre1->End, Post2, 0);
//Pre1->End = Post2->End;
///*Pre->Start = Return1776;
//Pre->End = Return1776;*/
//for (ULONG i = 0; i < Return1776->RawDataSize; i++)
// Return1776->RawData[i] = (UCHAR)rand();
//for (ULONG i = 0; i < RetInst->RawDataSize; i++)
// RetInst->RawData[i] = (UCHAR)rand();
//ULONG AsmLen;
//PVOID Asm = NcAssemble(Pre1, &AsmLen);
//PUCHAR Tb = (PUCHAR)Asm;
//for (uint32_t i = 0; i < AsmLen; i++)
//{
// std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
//}
//system("pause");
//typedef ULONG64(*FnGet1776)();
//FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen);
//if (ExecBuffer)
//{
// printf("The numba was: %X\n", ExecBuffer());
// printf("The numba was: %X\n", ExecBuffer());
// printf("The numba was: %X\n", ExecBuffer());
// printf("The numba was: %X\n", ExecBuffer());
//}
//NcDebugPrint(Post);
@ -124,8 +141,6 @@ int main()
//PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End);
//NcDebugPrint(OpaqueBranch);
system("pause");

47
CodeVirtualizer/NativeCode.cpp
Unescape View File

@ -20,16 +20,18 @@ _NATIVE_CODE_LINK::_NATIVE_CODE_LINK(ULONG LabelId, _NATIVE_CODE_BLOCK* B)
Flags = CODE_FLAG_IS_LABEL;
}
_NATIVE_CODE_LINK::_NATIVE_CODE_LINK(ULONG F, PVOID Rd, ULONG Rds)
_NATIVE_CODE_LINK::_NATIVE_CODE_LINK(ULONG F, PVOID Rd, ULONG Rds, BOOL Decode)
: _NATIVE_CODE_LINK()
{
Flags = F;
RawDataSize = Rds;
RawData = new UCHAR[Rds];
if (Rd)
{
RtlCopyMemory(RawData, Rd, Rds);
XedDecode(&XedInstruction, RawData, RawDataSize);
if (Decode)
XedDecode(&XedInstruction, RawData, RawDataSize);
}
}
_NATIVE_CODE_LINK::~_NATIVE_CODE_LINK()
@ -122,7 +124,7 @@ VOID NcUnlink(PNATIVE_CODE_LINK Link)
ULONG NcCalcBlockSize(PNATIVE_CODE_BLOCK Block)
{
ULONG TotalSize = 0;
for (PNATIVE_CODE_LINK T = Block->Start; T != Block->End->Next; T = T->Next)
for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next)
{
if (T->Flags & CODE_FLAG_IS_LABEL)
continue;
@ -141,7 +143,7 @@ ULONG NcGenUnusedLabelId(PNATIVE_CODE_BLOCK Block)
VOID NcChangeLabelId(PNATIVE_CODE_BLOCK Block, ULONG Original, ULONG New)
{
for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next)
for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next)
{
if (((T->Flags & CODE_FLAG_IS_LABEL) || (T->Flags & CODE_FLAG_IS_REL_JMP)) && T->Label == Original)
T->Label = New;
@ -150,7 +152,7 @@ VOID NcChangeLabelId(PNATIVE_CODE_BLOCK Block, ULONG Original, ULONG New)
VOID NcFixLabelsForBlocks(PNATIVE_CODE_BLOCK Block1, PNATIVE_CODE_BLOCK Block2)
{
for (PNATIVE_CODE_LINK T = Block2->Start; T; T = T->Next)
for (PNATIVE_CODE_LINK T = Block2->Start; T && T != Block2->End->Next; T = T->Next)
{
if ((T->Flags & CODE_FLAG_IS_LABEL) && StdFind(Block1->LabelIds.begin(), Block1->LabelIds.end(), T->Label) != Block1->LabelIds.end())
{
@ -300,12 +302,13 @@ PNATIVE_CODE_LINK NcDeepCopyLink(PNATIVE_CODE_LINK Link)
return new NATIVE_CODE_LINK(Link->Label, NULL);
}
else
{ PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(Link->Flags, Link->RawData, Link->RawDataSize);
{
PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(Link->Flags, Link->RawData, Link->RawDataSize);
NewLink->Label = Link->Label;
XED_ERROR_ENUM DecodeError = XedDecode(&NewLink->XedInstruction, Link->RawData, Link->RawDataSize);
if (DecodeError != XED_ERROR_NONE)
{
printf("XedDecode failed in NcDeepCopyLink: %s\n", XedErrorEnumToString(DecodeError));
printf("XedDecode failed in NcDeepCopyLink: %s %u\n", XedErrorEnumToString(DecodeError), Link->RawDataSize);
delete NewLink;
return NULL;
}
@ -313,36 +316,34 @@ PNATIVE_CODE_LINK NcDeepCopyLink(PNATIVE_CODE_LINK Link)
}
}
PNATIVE_CODE_BLOCK NcDeepCopyPartialBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End)
BOOL NcDeepCopyPartialBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End, PNATIVE_CODE_BLOCK Block)
{
if (!Start || !End || !Start->Block || Start->Block != End->Block)
return NULL;
if (!Start || !End || !Start->Block || Start->Block != End->Block || !Block)
return FALSE;
PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK;
if (!Block)
return NULL;
Block->LabelIds.clear();
Block->Start = Block->End = NULL;
for (ULONG L : Start->Block->LabelIds)
Block->LabelIds.push_back(L);
for (PNATIVE_CODE_LINK CurLink = Start; CurLink != End->Next; CurLink = CurLink->Next)
for (PNATIVE_CODE_LINK CurLink = Start; CurLink && CurLink != End->Next; CurLink = CurLink->Next)
{
PNATIVE_CODE_LINK Temp = NcDeepCopyLink(CurLink);
if (!Temp)
{
NcDeleteBlock(Block);
delete Block;
return NULL;
return FALSE;
}
NcAppendToBlock(Block, Temp);
}
return Block;
return TRUE;
}
PNATIVE_CODE_BLOCK NcDeepCopyBlock(PNATIVE_CODE_BLOCK Block)
BOOL NcDeepCopyBlock(PNATIVE_CODE_BLOCK Block, PNATIVE_CODE_BLOCK BlockCopy)
{
return NcDeepCopyPartialBlock(Block->Start, Block->End);
return NcDeepCopyPartialBlock(Block->Start, Block->End, BlockCopy);
}
BOOL NcGetDeltaToLabel(PNATIVE_CODE_LINK Link, PINT32 DeltaOut)
@ -383,7 +384,7 @@ BOOL NcGetDeltaToLabel(PNATIVE_CODE_LINK Link, PINT32 DeltaOut)
BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
{
for (PNATIVE_CODE_LINK T = Block->Start; T != Block->End->Next;)
for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
{
if (T->Flags & CODE_FLAG_IS_REL_JMP)
{
@ -523,7 +524,9 @@ VOID NcDeleteBlock(PNATIVE_CODE_BLOCK Block)
if (!Block->Start || !Block->End)
return;
for (PNATIVE_CODE_LINK T = Block->Start; T != Block->End->Next;)
PNATIVE_CODE_LINK BlockEnding = Block->End->Next;
for (PNATIVE_CODE_LINK T = Block->Start; T && T != BlockEnding;)
{
PNATIVE_CODE_LINK Next = T->Next;
delete T;

6
CodeVirtualizer/NativeCode.h
Unescape View File

@ -19,7 +19,7 @@ typedef struct _NATIVE_CODE_LINK
XED_DECODED_INST XedInstruction;
_NATIVE_CODE_LINK();
_NATIVE_CODE_LINK(ULONG LabelId, _NATIVE_CODE_BLOCK* B);
_NATIVE_CODE_LINK(ULONG F, PVOID Rd, ULONG Rds);
_NATIVE_CODE_LINK(ULONG F, PVOID Rd, ULONG Rds, BOOL Decode = FALSE);
~_NATIVE_CODE_LINK();
}NATIVE_CODE_LINK, *PNATIVE_CODE_LINK;
@ -59,9 +59,9 @@ PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Link, INT32 Delta);
PNATIVE_CODE_LINK NcDeepCopyLink(PNATIVE_CODE_LINK Link);
PNATIVE_CODE_BLOCK NcDeepCopyPartialBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End);
BOOL NcDeepCopyPartialBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End, PNATIVE_CODE_BLOCK Block);
PNATIVE_CODE_BLOCK NcDeepCopyBlock(PNATIVE_CODE_BLOCK Block);
BOOL NcDeepCopyBlock(PNATIVE_CODE_BLOCK Block, PNATIVE_CODE_BLOCK BlockCopy);
BOOL NcGetDeltaToLabel(PNATIVE_CODE_LINK Link, PINT32 DeltaOut);

3
CodeVirtualizer/Obfuscator.h
Unescape View File

@ -4,4 +4,7 @@
#define OBF_FLAG_IS_CODE_WRITEABLE (1<<0) //If this is set, JIT can be used
#endif

66
CodeVirtualizer/OpaqueBranching.cpp
Unescape View File

@ -85,47 +85,21 @@ PNATIVE_CODE_LINK ObfGenJmpToLabel(ULONG LabelId, ULONG DisplacementWidth)
return Link;
}
PNATIVE_CODE_BLOCK ObfGenOpaqueBranch(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End)
BOOL ObfCreateOpaqueBranches(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End, PNATIVE_CODE_BLOCK NotTaken, PNATIVE_CODE_BLOCK Taken)
{
if (!Start || !End || !Start->Block || Start->Block != End->Block)
return NULL;
PNATIVE_CODE_BLOCK NotTaken = NcDeepCopyPartialBlock(Start, End);
if (!NotTaken)
{
return NULL;
}
PNATIVE_CODE_BLOCK Taken = NcDeepCopyPartialBlock(Start, End);
if (!Taken)
{
NcDeleteBlock(NotTaken);
delete NotTaken;
return NULL;
}
ULONG JccLabel = NcGenUnusedLabelId(Start->Block);
ULONG JmpLabel = NcGenUnusedLabelId(Start->Block);
Start->Block->LabelIds.push_back(JccLabel);
Start->Block->LabelIds.push_back(JmpLabel);
return (NcDeepCopyPartialBlock(Start, End, Taken) && !NcDeepCopyPartialBlock(Start, End, NotTaken));
}
BOOL ObfCombineOpaqueBranches(PNATIVE_CODE_BLOCK NotTaken, PNATIVE_CODE_BLOCK Taken, ULONG JccLabel, ULONG JmpLabel)
{
PNATIVE_CODE_LINK Jcc = ObfGenRandomJcc(JccLabel);
if (!Jcc)
{
NcDeleteBlock(Taken);
delete Taken;
NcDeleteBlock(NotTaken);
delete NotTaken;
return NULL;
}
return FALSE;
PNATIVE_CODE_LINK Jmp = ObfGenJmpToLabel(JmpLabel);
if (!Jmp)
{
delete Jcc;
NcDeleteBlock(Taken);
delete Taken;
NcDeleteBlock(NotTaken);
delete NotTaken;
return NULL;
return FALSE;
}
NcPrependToBlock(NotTaken, Jcc);
@ -136,7 +110,29 @@ PNATIVE_CODE_BLOCK ObfGenOpaqueBranch(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK
NcInsertBlockAfter(NotTaken->End, Taken, FALSE);
NotTaken->End = Taken->End;
return TRUE;
}
delete Taken;
return NotTaken;
BOOL ObfInsertOpaqueBranchBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End, PNATIVE_CODE_BLOCK OpaqueBranchBlock)
{
OpaqueBranchBlock->Start->Prev = Start->Prev;
OpaqueBranchBlock->End->Next = End->Next;
if (Start->Prev)
Start->Prev->Next = OpaqueBranchBlock->Start;
if (End->Next)
End->Next->Prev = OpaqueBranchBlock->End;
//Update group for the current isntructions
for (PNATIVE_CODE_LINK T = OpaqueBranchBlock->Start; T && T != OpaqueBranchBlock->End->Next; T = T->Next)
T->Block = Start->Block;
PNATIVE_CODE_LINK EndBlock = End->Next;
for (PNATIVE_CODE_LINK T = Start; T && T != EndBlock;)
{
PNATIVE_CODE_LINK RealNext = T->Next;
delete T;
T = RealNext;
}
return TRUE;
}

7
CodeVirtualizer/OpaqueBranching.h
Unescape View File

@ -11,8 +11,13 @@ PNATIVE_CODE_LINK ObfGenRandomJcc(ULONG LabelId, ULONG DisplacementSize = 32);
PNATIVE_CODE_LINK ObfGenJmpToLabel(ULONG LabelId, ULONG DisplacementSize = 32);
PNATIVE_CODE_BLOCK ObfGenOpaqueBranch(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End);
BOOL ObfCreateOpaqueBranches(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End, PNATIVE_CODE_BLOCK NotTaken, PNATIVE_CODE_BLOCK Taken);
//Combines the two branches into one block that can easily be patched into the code
//Resulting block is put into NotTaken
BOOL ObfCombineOpaqueBranches(PNATIVE_CODE_BLOCK NotTaken, PNATIVE_CODE_BLOCK Taken, ULONG JccLabel, ULONG JmpLabel);
BOOL ObfInsertOpaqueBranchBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End, PNATIVE_CODE_BLOCK OpaqueBranchBlock);
#endif

2
CodeVirtualizer/Virtualizer.cpp
Unescape View File

@ -6,7 +6,7 @@ BOOL ViCanHandleInst(PNATIVE_CODE_LINK Link)
}
BOOL ViValidateNativeCodeBlock(PNATIVE_CODE_BLOCK Block)
{
for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next)
for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next)
{
if (!ViCanHandleInst(T))
return FALSE;

234
CodeVirtualizer/x64/Debug/Jit.cod
Unescape View File

@ -164,7 +164,7 @@ EXTRN xed_simple_flag_get_undefined_flag_set:PROC
EXTRN xed_decode:PROC
EXTRN xed_decoded_inst_get_rflags_info:PROC
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@XZ:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ??1_NATIVE_CODE_LINK@@QEAA@XZ:PROC ; _NATIVE_CODE_LINK::~_NATIVE_CODE_LINK
EXTRN ??0_NATIVE_CODE_BLOCK@@QEAA@XZ:PROC ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK
EXTRN ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z:PROC ; NcAppendToBlock
@ -319,7 +319,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN6
DD imagerel $LN6+270
DD imagerel $LN6+278
DD imagerel $unwind$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z
pdata ENDS
; COMDAT pdata
@ -331,7 +331,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN6
DD imagerel $LN6+270
DD imagerel $LN6+278
DD imagerel $unwind$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z
pdata ENDS
; COMDAT pdata
@ -1015,7 +1015,7 @@ $ip2state$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 06H
DB 00H
DB 0b8H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -1032,13 +1032,13 @@ $cppxdata$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD 025053b19H
DD 010e2313H
DD 07007002fH
$unwind$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD 035053b19H
DD 010e3313H
DD 070070031H
DD 05006H
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z
DD 0162H
DD 0172H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -1051,7 +1051,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcVarDesc DD 024H ; JitEmitPopfqInst
?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcVarDesc DD 034H ; JitEmitPopfqInst
DD 01H
DQ FLAT:?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcName$0
ORG $+48
@ -1072,7 +1072,7 @@ $ip2state$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 06H
DB 00H
DB 0b8H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -1089,13 +1089,13 @@ $cppxdata$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD 025053b19H
DD 010e2313H
DD 07007002fH
$unwind$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD 035053b19H
DD 010e3313H
DD 070070031H
DD 05006H
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z
DD 0162H
DD 0172H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -1108,7 +1108,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcVarDesc DD 024H ; JitEmitPushfqInst
?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcVarDesc DD 034H ; JitEmitPushfqInst
DD 01H
DQ FLAT:?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcName$0
ORG $+48
@ -5875,7 +5875,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; JitEmitPopfqInst, COMDAT
@ -5886,15 +5886,15 @@ $LN6:
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
00005 55 push rbp
00006 57 push rdi
00007 48 81 ec 78 01
00 00 sub rsp, 376 ; 00000178H
0000e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00007 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
0000e 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
00013 48 8b fc mov rdi, rsp
00016 b9 5e 00 00 00 mov ecx, 94 ; 0000005eH
00016 b9 62 00 00 00 mov ecx, 98 ; 00000062H
0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00020 f3 ab rep stosd
00022 48 8b 8c 24 98
01 00 00 mov rcx, QWORD PTR [rsp+408]
00022 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
0002a 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
00031 48 33 c5 xor rax, rbp
@ -5916,69 +5916,71 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
0005c 48 83 bd 28 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00064 74 24 je SHORT $LN3@JitEmitPop
00066 41 b9 01 00 00
00064 74 2c je SHORT $LN3@JitEmitPop
00066 c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
0006e 41 b9 01 00 00
00 mov r9d, 1
0006c 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00070 ba 04 00 00 00 mov edx, 4
00075 48 8b 8d 28 01
00074 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00078 ba 04 00 00 00 mov edx, 4
0007d 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
0007c e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
00081 48 89 85 38 01
00 00 mov QWORD PTR tv78[rbp], rax
00088 eb 0b jmp SHORT $LN4@JitEmitPop
00084 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
00089 48 89 85 38 01
00 00 mov QWORD PTR tv79[rbp], rax
00090 eb 0b jmp SHORT $LN4@JitEmitPop
$LN3@JitEmitPop:
0008a 48 c7 85 38 01
00092 48 c7 85 38 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitPop:
00095 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv78[rbp]
0009c 48 89 85 08 01
0009d 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv79[rbp]
000a4 48 89 85 08 01
00 00 mov QWORD PTR $T4[rbp], rax
000a3 48 8b 85 08 01
000ab 48 8b 85 08 01
00 00 mov rax, QWORD PTR $T4[rbp]
000aa 48 89 45 28 mov QWORD PTR Link$[rbp], rax
000b2 48 89 45 28 mov QWORD PTR Link$[rbp], rax
; 21 : XedDecode(&Link->XedInstruction, Link->RawData, 1);
000ae 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
000b2 48 83 c0 30 add rax, 48 ; 00000030H
000b6 41 b8 01 00 00
000b6 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
000ba 48 83 c0 30 add rax, 48 ; 00000030H
000be 41 b8 01 00 00
00 mov r8d, 1
000bc 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000c0 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
000c4 48 8b c8 mov rcx, rax
000c7 e8 00 00 00 00 call xed_decode
000c4 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000c8 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
000cc 48 8b c8 mov rcx, rax
000cf e8 00 00 00 00 call xed_decode
; 22 : NcAppendToBlock(Block, Link);
000cc 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
000d0 48 8b 8d 70 01
000d4 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
000d8 48 8b 8d 70 01
00 00 mov rcx, QWORD PTR Block$[rbp]
000d7 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
000df e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 23 : return TRUE;
000dc b8 01 00 00 00 mov eax, 1
000e4 b8 01 00 00 00 mov eax, 1
; 24 : }
000e1 8b f8 mov edi, eax
000e3 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
000e7 48 8d 15 00 00
000e9 8b f8 mov edi, eax
000eb 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
000ef 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcFrameData
000ee e8 00 00 00 00 call _RTC_CheckStackVars
000f3 8b c7 mov eax, edi
000f5 48 8b 8d 40 01
000f6 e8 00 00 00 00 call _RTC_CheckStackVars
000fb 8b c7 mov eax, edi
000fd 48 8b 8d 40 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
000fc 48 33 cd xor rcx, rbp
000ff e8 00 00 00 00 call __security_check_cookie
00104 48 8d a5 58 01
00104 48 33 cd xor rcx, rbp
00107 e8 00 00 00 00 call __security_check_cookie
0010c 48 8d a5 58 01
00 00 lea rsp, QWORD PTR [rbp+344]
0010b 5f pop rdi
0010c 5d pop rbp
0010d c3 ret 0
00113 5f pop rdi
00114 5d pop rbp
00115 c3 ret 0
?JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ENDP ; JitEmitPopfqInst
_TEXT ENDS
; COMDAT text$x
@ -5987,7 +5989,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `JitEmitPopfqInst'::`1'::dtor$0
@ -5996,7 +5998,7 @@ Block$ = 368
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -6014,7 +6016,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
?dtor$0@?0??JitEmitPopfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `JitEmitPopfqInst'::`1'::dtor$0
@ -6023,7 +6025,7 @@ Block$ = 368
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -6042,7 +6044,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z PROC ; JitEmitPushfqInst, COMDAT
@ -6053,15 +6055,15 @@ $LN6:
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
00005 55 push rbp
00006 57 push rdi
00007 48 81 ec 78 01
00 00 sub rsp, 376 ; 00000178H
0000e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00007 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
0000e 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
00013 48 8b fc mov rdi, rsp
00016 b9 5e 00 00 00 mov ecx, 94 ; 0000005eH
00016 b9 62 00 00 00 mov ecx, 98 ; 00000062H
0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00020 f3 ab rep stosd
00022 48 8b 8c 24 98
01 00 00 mov rcx, QWORD PTR [rsp+408]
00022 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
0002a 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
00031 48 33 c5 xor rax, rbp
@ -6083,69 +6085,71 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
0005c 48 83 bd 28 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00064 74 24 je SHORT $LN3@JitEmitPus
00066 41 b9 01 00 00
00064 74 2c je SHORT $LN3@JitEmitPus
00066 c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
0006e 41 b9 01 00 00
00 mov r9d, 1
0006c 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00070 ba 04 00 00 00 mov edx, 4
00075 48 8b 8d 28 01
00074 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00078 ba 04 00 00 00 mov edx, 4
0007d 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
0007c e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
00081 48 89 85 38 01
00 00 mov QWORD PTR tv78[rbp], rax
00088 eb 0b jmp SHORT $LN4@JitEmitPus
00084 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
00089 48 89 85 38 01
00 00 mov QWORD PTR tv79[rbp], rax
00090 eb 0b jmp SHORT $LN4@JitEmitPus
$LN3@JitEmitPus:
0008a 48 c7 85 38 01
00092 48 c7 85 38 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitPus:
00095 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv78[rbp]
0009c 48 89 85 08 01
0009d 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv79[rbp]
000a4 48 89 85 08 01
00 00 mov QWORD PTR $T4[rbp], rax
000a3 48 8b 85 08 01
000ab 48 8b 85 08 01
00 00 mov rax, QWORD PTR $T4[rbp]
000aa 48 89 45 28 mov QWORD PTR Link$[rbp], rax
000b2 48 89 45 28 mov QWORD PTR Link$[rbp], rax
; 12 : XedDecode(&Link->XedInstruction, Link->RawData, 1);
000ae 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
000b2 48 83 c0 30 add rax, 48 ; 00000030H
000b6 41 b8 01 00 00
000b6 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
000ba 48 83 c0 30 add rax, 48 ; 00000030H
000be 41 b8 01 00 00
00 mov r8d, 1
000bc 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000c0 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
000c4 48 8b c8 mov rcx, rax
000c7 e8 00 00 00 00 call xed_decode
000c4 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000c8 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
000cc 48 8b c8 mov rcx, rax
000cf e8 00 00 00 00 call xed_decode
; 13 : NcAppendToBlock(Block, Link);
000cc 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
000d0 48 8b 8d 70 01
000d4 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
000d8 48 8b 8d 70 01
00 00 mov rcx, QWORD PTR Block$[rbp]
000d7 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
000df e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 14 : return TRUE;
000dc b8 01 00 00 00 mov eax, 1
000e4 b8 01 00 00 00 mov eax, 1
; 15 : }
000e1 8b f8 mov edi, eax
000e3 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
000e7 48 8d 15 00 00
000e9 8b f8 mov edi, eax
000eb 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
000ef 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z$rtcFrameData
000ee e8 00 00 00 00 call _RTC_CheckStackVars
000f3 8b c7 mov eax, edi
000f5 48 8b 8d 40 01
000f6 e8 00 00 00 00 call _RTC_CheckStackVars
000fb 8b c7 mov eax, edi
000fd 48 8b 8d 40 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
000fc 48 33 cd xor rcx, rbp
000ff e8 00 00 00 00 call __security_check_cookie
00104 48 8d a5 58 01
00104 48 33 cd xor rcx, rbp
00107 e8 00 00 00 00 call __security_check_cookie
0010c 48 8d a5 58 01
00 00 lea rsp, QWORD PTR [rbp+344]
0010b 5f pop rdi
0010c 5d pop rbp
0010d c3 ret 0
00113 5f pop rdi
00114 5d pop rbp
00115 c3 ret 0
?JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ENDP ; JitEmitPushfqInst
_TEXT ENDS
; COMDAT text$x
@ -6154,7 +6158,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `JitEmitPushfqInst'::`1'::dtor$0
@ -6163,7 +6167,7 @@ Block$ = 368
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -6181,7 +6185,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
?dtor$0@?0??JitEmitPushfqInst@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z@4HA PROC ; `JitEmitPushfqInst'::`1'::dtor$0
@ -6190,7 +6194,7 @@ Block$ = 368
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]

4234
CodeVirtualizer/x64/Debug/Main.cod
View File

File diff suppressed because it is too large Load Diff

3636
CodeVirtualizer/x64/Debug/NativeCode.cod
View File

File diff suppressed because it is too large Load Diff

108
CodeVirtualizer/x64/Debug/Nop.cod
Unescape View File

@ -115,7 +115,7 @@ EXTRN __imp_?_Getmonths@_Locinfo@std@@QEBAPEBDXZ:PROC
EXTRN __imp_?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ:PROC
EXTRN __imp_?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ:PROC
EXTRN xed_decode:PROC
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ??0_NATIVE_CODE_BLOCK@@QEAA@XZ:PROC ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK
EXTRN ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z:PROC ; NcAppendToBlock
EXTRN _RTC_CheckStackVars:PROC
@ -190,7 +190,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ DD imagerel $LN6
DD imagerel $LN6+243
DD imagerel $LN6+251
DD imagerel $unwind$?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ
pdata ENDS
; COMDAT pdata
@ -295,7 +295,7 @@ $ip2state$?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ DB 06H
DB 00H
DB 0a0H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -312,13 +312,13 @@ $cppxdata$?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ DD 025052f19H
DD 010a230fH
DD 07003002fH
$unwind$?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ DD 035052f19H
DD 010a330fH
DD 070030031H
DD 05002H
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ
DD 0162H
DD 0172H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -331,7 +331,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ$rtcVarDesc DD 024H ; NcEmitNop
?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ$rtcVarDesc DD 034H ; NcEmitNop
DD 01H
DQ FLAT:?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ$rtcName$0
ORG $+48
@ -688,7 +688,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ PROC ; NcEmitNop, COMDAT
@ -697,11 +697,11 @@ __$ArrayPad$ = 320
$LN6:
00000 40 55 push rbp
00002 57 push rdi
00003 48 81 ec 78 01
00 00 sub rsp, 376 ; 00000178H
0000a 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00003 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
0000a 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0000f 48 8b fc mov rdi, rsp
00012 b9 5e 00 00 00 mov ecx, 94 ; 0000005eH
00012 b9 62 00 00 00 mov ecx, 98 ; 00000062H
00017 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
0001c f3 ab rep stosd
0001e 48 8b 05 00 00
@ -725,62 +725,64 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
00050 48 83 bd 28 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00058 74 24 je SHORT $LN3@NcEmitNop
0005a 41 b9 01 00 00
00058 74 2c je SHORT $LN3@NcEmitNop
0005a c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
00062 41 b9 01 00 00
00 mov r9d, 1
00060 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00064 ba 04 00 00 00 mov edx, 4
00069 48 8b 8d 28 01
00068 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
0006c ba 04 00 00 00 mov edx, 4
00071 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
00070 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
00075 48 89 85 38 01
00 00 mov QWORD PTR tv78[rbp], rax
0007c eb 0b jmp SHORT $LN4@NcEmitNop
00078 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
0007d 48 89 85 38 01
00 00 mov QWORD PTR tv79[rbp], rax
00084 eb 0b jmp SHORT $LN4@NcEmitNop
$LN3@NcEmitNop:
0007e 48 c7 85 38 01
00086 48 c7 85 38 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@NcEmitNop:
00089 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv78[rbp]
00090 48 89 85 08 01
00091 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv79[rbp]
00098 48 89 85 08 01
00 00 mov QWORD PTR $T4[rbp], rax
00097 48 8b 85 08 01
0009f 48 8b 85 08 01
00 00 mov rax, QWORD PTR $T4[rbp]
0009e 48 89 45 28 mov QWORD PTR Link$[rbp], rax
000a6 48 89 45 28 mov QWORD PTR Link$[rbp], rax
; 7 : XedDecode(&Link->XedInstruction, Link->RawData, 1);
000a2 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
000a6 48 83 c0 30 add rax, 48 ; 00000030H
000aa 41 b8 01 00 00
000aa 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
000ae 48 83 c0 30 add rax, 48 ; 00000030H
000b2 41 b8 01 00 00
00 mov r8d, 1
000b0 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000b4 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
000b8 48 8b c8 mov rcx, rax
000bb e8 00 00 00 00 call xed_decode
000b8 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000bc 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
000c0 48 8b c8 mov rcx, rax
000c3 e8 00 00 00 00 call xed_decode
; 8 : return Link;
000c0 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
000c8 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
; 9 : }
000c4 48 8b f8 mov rdi, rax
000c7 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
000cb 48 8d 15 00 00
000cc 48 8b f8 mov rdi, rax
000cf 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
000d3 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ$rtcFrameData
000d2 e8 00 00 00 00 call _RTC_CheckStackVars
000d7 48 8b c7 mov rax, rdi
000da 48 8b 8d 40 01
000da e8 00 00 00 00 call _RTC_CheckStackVars
000df 48 8b c7 mov rax, rdi
000e2 48 8b 8d 40 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
000e1 48 33 cd xor rcx, rbp
000e4 e8 00 00 00 00 call __security_check_cookie
000e9 48 8d a5 58 01
000e9 48 33 cd xor rcx, rbp
000ec e8 00 00 00 00 call __security_check_cookie
000f1 48 8d a5 58 01
00 00 lea rsp, QWORD PTR [rbp+344]
000f0 5f pop rdi
000f1 5d pop rbp
000f2 c3 ret 0
000f8 5f pop rdi
000f9 5d pop rbp
000fa c3 ret 0
?NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ ENDP ; NcEmitNop
_TEXT ENDS
; COMDAT text$x
@ -789,7 +791,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
?dtor$0@?0??NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ@4HA PROC ; `NcEmitNop'::`1'::dtor$0
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
@ -797,7 +799,7 @@ __$ArrayPad$ = 320
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -815,7 +817,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
?dtor$0@?0??NcEmitNop@@YAPEAU_NATIVE_CODE_LINK@@XZ@4HA PROC ; `NcEmitNop'::`1'::dtor$0
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
@ -823,7 +825,7 @@ __$ArrayPad$ = 320
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]

10513
CodeVirtualizer/x64/Debug/OpaqueBranching.cod
View File

File diff suppressed because it is too large Load Diff

422
CodeVirtualizer/x64/Debug/RipAndInst.cod
Unescape View File

@ -116,7 +116,7 @@ EXTRN __imp_?_Getmonths@_Locinfo@std@@QEBAPEBDXZ:PROC
EXTRN __imp_?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ:PROC
EXTRN __imp_?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ:PROC
EXTRN xed_decode:PROC
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z:PROC ; NcAppendToBlock
EXTRN _RTC_CheckStackVars:PROC
EXTRN _RTC_InitBase:PROC
@ -190,7 +190,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD imagerel $LN6
DD imagerel $LN6+369
DD imagerel $LN6+377
DD imagerel $unwind$?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
pdata ENDS
; COMDAT pdata
@ -202,7 +202,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD imagerel $LN6
DD imagerel $LN6+367
DD imagerel $LN6+375
DD imagerel $unwind$?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
pdata ENDS
; COMDAT pdata
@ -214,7 +214,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD imagerel $LN6
DD imagerel $LN6+358
DD imagerel $LN6+366
DD imagerel $unwind$?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
pdata ENDS
; COMDAT pdata
@ -270,7 +270,7 @@ $ip2state$?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 06H
DB 00H
DB 0faH
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -287,13 +287,13 @@ $cppxdata$?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 025054419H
DD 0117231cH
DD 07010002fH
$unwind$?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 035054419H
DD 0117331cH
DD 070100031H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
DD 0162H
DD 0172H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -306,7 +306,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 024H ; JitEmitRipRelativeAndB
?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 034H ; JitEmitRipRelativeAndB
DD 07H
DQ FLAT:?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcName$0
ORG $+48
@ -327,7 +327,7 @@ $ip2state$?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 06H
DB 00H
DB 015H, 02H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -344,13 +344,13 @@ $cppxdata$?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 025054419H
DD 0117231cH
DD 070100031H
$unwind$?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 035054419H
DD 0117331cH
DD 070100033H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
DD 0172H
DD 0182H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -363,7 +363,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 028H ; JitEmitRipRelativeAndW
?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 038H ; JitEmitRipRelativeAndW
DD 09H
DQ FLAT:?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcName$0
ORG $+48
@ -384,7 +384,7 @@ $ip2state$?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 06H
DB 00H
DB '%', 02H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -401,13 +401,13 @@ $cppxdata$?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 025054419H
DD 0117231cH
DD 070100031H
$unwind$?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 035054419H
DD 0117331cH
DD 070100033H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
DD 0172H
DD 0182H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -420,7 +420,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 028H ; JitEmitRipRelativeAndD
?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 038H ; JitEmitRipRelativeAndD
DD 0aH
DQ FLAT:?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcName$0
ORG $+48
@ -603,7 +603,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -618,15 +618,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 78 01
00 00 sub rsp, 376 ; 00000178H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 5e 00 00 00 mov ecx, 94 ; 0000005eH
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 98
01 00 00 mov rcx, QWORD PTR [rsp+408]
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -655,89 +655,91 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
0007d 48 83 bd 28 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00085 74 24 je SHORT $LN3@JitEmitRip
00087 41 b9 07 00 00
00085 74 2c je SHORT $LN3@JitEmitRip
00087 c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
0008f 41 b9 07 00 00
00 mov r9d, 7
0008d 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00091 ba 0c 00 00 00 mov edx, 12
00096 48 8b 8d 28 01
00095 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00099 ba 0c 00 00 00 mov edx, 12
0009e 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
0009d e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000a2 48 89 85 38 01
00 00 mov QWORD PTR tv78[rbp], rax
000a9 eb 0b jmp SHORT $LN4@JitEmitRip
000a5 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000aa 48 89 85 38 01
00 00 mov QWORD PTR tv79[rbp], rax
000b1 eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000ab 48 c7 85 38 01
000b3 48 c7 85 38 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000b6 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv78[rbp]
000bd 48 89 85 08 01
000be 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv79[rbp]
000c5 48 89 85 08 01
00 00 mov QWORD PTR $T4[rbp], rax
000c4 48 8b 85 08 01
000cc 48 8b 85 08 01
00 00 mov rax, QWORD PTR $T4[rbp]
000cb 48 89 45 28 mov QWORD PTR Link$[rbp], rax
000d3 48 89 45 28 mov QWORD PTR Link$[rbp], rax
; 32 : *(PINT32)&Link->RawData[2] = RipDelta;
000cf b8 01 00 00 00 mov eax, 1
000d4 48 6b c0 02 imul rax, rax, 2
000d8 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000dc 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e0 8b 95 78 01 00
000d7 b8 01 00 00 00 mov eax, 1
000dc 48 6b c0 02 imul rax, rax, 2
000e0 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000e4 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e8 8b 95 78 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000e6 89 14 08 mov DWORD PTR [rax+rcx], edx
000ee 89 14 08 mov DWORD PTR [rax+rcx], edx
; 33 : *(PUCHAR)&Link->RawData[6] = (UCHAR)Value;
000e9 b8 01 00 00 00 mov eax, 1
000ee 48 6b c0 06 imul rax, rax, 6
000f2 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000f6 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000fa 0f b6 95 80 01
000f1 b8 01 00 00 00 mov eax, 1
000f6 48 6b c0 06 imul rax, rax, 6
000fa 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000fe 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
00102 0f b6 95 80 01
00 00 movzx edx, BYTE PTR Value$[rbp]
00101 88 14 08 mov BYTE PTR [rax+rcx], dl
00109 88 14 08 mov BYTE PTR [rax+rcx], dl
; 34 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
00104 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
00108 48 83 c0 30 add rax, 48 ; 00000030H
0010c 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00110 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0010c 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
00110 48 83 c0 30 add rax, 48 ; 00000030H
00114 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00118 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0011c 48 8b c8 mov rcx, rax
0011f e8 00 00 00 00 call xed_decode
00118 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0011c 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00120 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00124 48 8b c8 mov rcx, rax
00127 e8 00 00 00 00 call xed_decode
; 35 : NcAppendToBlock(Block, Link);
00124 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
00128 48 8b 8d 70 01
0012c 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
00130 48 8b 8d 70 01
00 00 mov rcx, QWORD PTR Block$[rbp]
0012f e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
00137 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 36 : return TRUE;
00134 b8 01 00 00 00 mov eax, 1
0013c b8 01 00 00 00 mov eax, 1
; 37 : }
00139 8b f8 mov edi, eax
0013b 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
0013f 48 8d 15 00 00
00141 8b f8 mov edi, eax
00143 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
00147 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcFrameData
00146 e8 00 00 00 00 call _RTC_CheckStackVars
0014b 8b c7 mov eax, edi
0014d 48 8b 8d 40 01
0014e e8 00 00 00 00 call _RTC_CheckStackVars
00153 8b c7 mov eax, edi
00155 48 8b 8d 40 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
00154 48 33 cd xor rcx, rbp
00157 e8 00 00 00 00 call __security_check_cookie
0015c 48 8d a5 58 01
0015c 48 33 cd xor rcx, rbp
0015f e8 00 00 00 00 call __security_check_cookie
00164 48 8d a5 58 01
00 00 lea rsp, QWORD PTR [rbp+344]
00163 5f pop rdi
00164 5d pop rbp
00165 c3 ret 0
0016b 5f pop rdi
0016c 5d pop rbp
0016d c3 ret 0
?JitEmitRipRelativeAndB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z ENDP ; JitEmitRipRelativeAndB
_TEXT ENDS
; COMDAT text$x
@ -746,7 +748,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -757,7 +759,7 @@ Value$ = 384
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -775,7 +777,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -786,7 +788,7 @@ Value$ = 384
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -805,7 +807,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -820,15 +822,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 98 01
00 00 sub rsp, 408 ; 00000198H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
0001f b9 66 00 00 00 mov ecx, 102 ; 00000066H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
0002b 48 8b 8c 24 b8
01 00 00 mov rcx, QWORD PTR [rsp+440]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -859,89 +861,91 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
00085 48 83 bd 38 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
0008d 74 24 je SHORT $LN3@JitEmitRip
0008f 41 b9 09 00 00
0008d 74 2c je SHORT $LN3@JitEmitRip
0008f c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
00097 41 b9 09 00 00
00 mov r9d, 9
00095 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
00099 ba 0c 00 00 00 mov edx, 12
0009e 48 8b 8d 38 01
0009d 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
000a1 ba 0c 00 00 00 mov edx, 12
000a6 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a5 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000aa 48 89 85 48 01
00 00 mov QWORD PTR tv78[rbp], rax
000b1 eb 0b jmp SHORT $LN4@JitEmitRip
000ad e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000b2 48 89 85 48 01
00 00 mov QWORD PTR tv79[rbp], rax
000b9 eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000b3 48 c7 85 48 01
000bb 48 c7 85 48 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000be 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv78[rbp]
000c5 48 89 85 18 01
000c6 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv79[rbp]
000cd 48 89 85 18 01
00 00 mov QWORD PTR $T4[rbp], rax
000cc 48 8b 85 18 01
000d4 48 8b 85 18 01
00 00 mov rax, QWORD PTR $T4[rbp]
000d3 48 89 45 38 mov QWORD PTR Link$[rbp], rax
000db 48 89 45 38 mov QWORD PTR Link$[rbp], rax
; 20 : *(PINT32)&Link->RawData[3] = RipDelta;
000d7 b8 01 00 00 00 mov eax, 1
000dc 48 6b c0 03 imul rax, rax, 3
000e0 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000e4 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e8 8b 95 88 01 00
000df b8 01 00 00 00 mov eax, 1
000e4 48 6b c0 03 imul rax, rax, 3
000e8 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000ec 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000f0 8b 95 88 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000ee 89 14 08 mov DWORD PTR [rax+rcx], edx
000f6 89 14 08 mov DWORD PTR [rax+rcx], edx
; 21 : *(PUSHORT)&Link->RawData[7] = (USHORT)Value;
000f1 b8 01 00 00 00 mov eax, 1
000f6 48 6b c0 07 imul rax, rax, 7
000fa 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000fe 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
00102 0f b7 95 90 01
000f9 b8 01 00 00 00 mov eax, 1
000fe 48 6b c0 07 imul rax, rax, 7
00102 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00106 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
0010a 0f b7 95 90 01
00 00 movzx edx, WORD PTR Value$[rbp]
00109 66 89 14 08 mov WORD PTR [rax+rcx], dx
00111 66 89 14 08 mov WORD PTR [rax+rcx], dx
; 22 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
0010d 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00111 48 83 c0 30 add rax, 48 ; 00000030H
00115 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00119 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00115 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00119 48 83 c0 30 add rax, 48 ; 00000030H
0011d 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00121 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00125 48 8b c8 mov rcx, rax
00128 e8 00 00 00 00 call xed_decode
00121 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00125 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00129 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0012d 48 8b c8 mov rcx, rax
00130 e8 00 00 00 00 call xed_decode
; 23 : NcAppendToBlock(Block, Link);
0012d 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00131 48 8b 8d 80 01
00135 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00139 48 8b 8d 80 01
00 00 mov rcx, QWORD PTR Block$[rbp]
00138 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
00140 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 24 : return TRUE;
0013d b8 01 00 00 00 mov eax, 1
00145 b8 01 00 00 00 mov eax, 1
; 25 : }
00142 8b f8 mov edi, eax
00144 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
00148 48 8d 15 00 00
0014a 8b f8 mov edi, eax
0014c 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
00150 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcFrameData
0014f e8 00 00 00 00 call _RTC_CheckStackVars
00154 8b c7 mov eax, edi
00156 48 8b 8d 50 01
00157 e8 00 00 00 00 call _RTC_CheckStackVars
0015c 8b c7 mov eax, edi
0015e 48 8b 8d 50 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
0015d 48 33 cd xor rcx, rbp
00160 e8 00 00 00 00 call __security_check_cookie
00165 48 8d a5 68 01
00165 48 33 cd xor rcx, rbp
00168 e8 00 00 00 00 call __security_check_cookie
0016d 48 8d a5 68 01
00 00 lea rsp, QWORD PTR [rbp+360]
0016c 5f pop rdi
0016d 5d pop rbp
0016e c3 ret 0
00174 5f pop rdi
00175 5d pop rbp
00176 c3 ret 0
?JitEmitRipRelativeAndW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z ENDP ; JitEmitRipRelativeAndW
_TEXT ENDS
; COMDAT text$x
@ -950,7 +954,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -961,7 +965,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -979,7 +983,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -990,7 +994,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -1009,7 +1013,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1024,15 +1028,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 98 01
00 00 sub rsp, 408 ; 00000198H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
0001f b9 66 00 00 00 mov ecx, 102 ; 00000066H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
0002b 48 8b 8c 24 b8
01 00 00 mov rcx, QWORD PTR [rsp+440]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -1064,89 +1068,91 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
00089 48 83 bd 38 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00091 74 24 je SHORT $LN3@JitEmitRip
00093 41 b9 0a 00 00
00091 74 2c je SHORT $LN3@JitEmitRip
00093 c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
0009b 41 b9 0a 00 00
00 mov r9d, 10
00099 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
0009d ba 0c 00 00 00 mov edx, 12
000a2 48 8b 8d 38 01
000a1 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
000a5 ba 0c 00 00 00 mov edx, 12
000aa 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a9 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000ae 48 89 85 48 01
00 00 mov QWORD PTR tv78[rbp], rax
000b5 eb 0b jmp SHORT $LN4@JitEmitRip
000b1 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000b6 48 89 85 48 01
00 00 mov QWORD PTR tv79[rbp], rax
000bd eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000b7 48 c7 85 48 01
000bf 48 c7 85 48 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000c2 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv78[rbp]
000c9 48 89 85 18 01
000ca 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv79[rbp]
000d1 48 89 85 18 01
00 00 mov QWORD PTR $T4[rbp], rax
000d0 48 8b 85 18 01
000d8 48 8b 85 18 01
00 00 mov rax, QWORD PTR $T4[rbp]
000d7 48 89 45 38 mov QWORD PTR Link$[rbp], rax
000df 48 89 45 38 mov QWORD PTR Link$[rbp], rax
; 8 : *(PINT32)&Link->RawData[2] = RipDelta;
000db b8 01 00 00 00 mov eax, 1
000e0 48 6b c0 02 imul rax, rax, 2
000e4 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000e8 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000ec 8b 95 88 01 00
000e3 b8 01 00 00 00 mov eax, 1
000e8 48 6b c0 02 imul rax, rax, 2
000ec 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000f0 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000f4 8b 95 88 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000f2 89 14 08 mov DWORD PTR [rax+rcx], edx
000fa 89 14 08 mov DWORD PTR [rax+rcx], edx
; 9 : *(PULONG)&Link->RawData[6] = Value;
000f5 b8 01 00 00 00 mov eax, 1
000fa 48 6b c0 06 imul rax, rax, 6
000fe 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00102 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
00106 8b 95 90 01 00
000fd b8 01 00 00 00 mov eax, 1
00102 48 6b c0 06 imul rax, rax, 6
00106 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0010a 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
0010e 8b 95 90 01 00
00 mov edx, DWORD PTR Value$[rbp]
0010c 89 14 08 mov DWORD PTR [rax+rcx], edx
00114 89 14 08 mov DWORD PTR [rax+rcx], edx
; 10 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
0010f 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00113 48 83 c0 30 add rax, 48 ; 00000030H
00117 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0011b 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00117 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
0011b 48 83 c0 30 add rax, 48 ; 00000030H
0011f 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00123 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00127 48 8b c8 mov rcx, rax
0012a e8 00 00 00 00 call xed_decode
00123 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00127 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0012b 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0012f 48 8b c8 mov rcx, rax
00132 e8 00 00 00 00 call xed_decode
; 11 : NcAppendToBlock(Block, Link);
0012f 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00133 48 8b 8d 80 01
00137 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
0013b 48 8b 8d 80 01
00 00 mov rcx, QWORD PTR Block$[rbp]
0013a e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
00142 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 12 : return TRUE;
0013f b8 01 00 00 00 mov eax, 1
00147 b8 01 00 00 00 mov eax, 1
; 13 : }
00144 8b f8 mov edi, eax
00146 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
0014a 48 8d 15 00 00
0014c 8b f8 mov edi, eax
0014e 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
00152 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcFrameData
00151 e8 00 00 00 00 call _RTC_CheckStackVars
00156 8b c7 mov eax, edi
00158 48 8b 8d 50 01
00159 e8 00 00 00 00 call _RTC_CheckStackVars
0015e 8b c7 mov eax, edi
00160 48 8b 8d 50 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
0015f 48 33 cd xor rcx, rbp
00162 e8 00 00 00 00 call __security_check_cookie
00167 48 8d a5 68 01
00167 48 33 cd xor rcx, rbp
0016a e8 00 00 00 00 call __security_check_cookie
0016f 48 8d a5 68 01
00 00 lea rsp, QWORD PTR [rbp+360]
0016e 5f pop rdi
0016f 5d pop rbp
00170 c3 ret 0
00176 5f pop rdi
00177 5d pop rbp
00178 c3 ret 0
?JitEmitRipRelativeAndD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z ENDP ; JitEmitRipRelativeAndD
_TEXT ENDS
; COMDAT text$x
@ -1155,7 +1161,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1166,7 +1172,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -1184,7 +1190,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1195,7 +1201,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]

432
CodeVirtualizer/x64/Debug/RipMovInst.cod
Unescape View File

@ -116,7 +116,7 @@ EXTRN __imp_?_Getmonths@_Locinfo@std@@QEBAPEBDXZ:PROC
EXTRN __imp_?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ:PROC
EXTRN __imp_?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ:PROC
EXTRN xed_decode:PROC
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z:PROC ; NcAppendToBlock
EXTRN _RTC_CheckStackVars:PROC
EXTRN _RTC_InitBase:PROC
@ -190,7 +190,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DD imagerel $LN6
DD imagerel $LN6+381
DD imagerel $LN6+389
DD imagerel $unwind$?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z
pdata ENDS
; COMDAT pdata
@ -202,7 +202,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DD imagerel $LN6
DD imagerel $LN6+377
DD imagerel $LN6+385
DD imagerel $unwind$?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z
pdata ENDS
; COMDAT pdata
@ -214,7 +214,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DD imagerel $LN6
DD imagerel $LN6+361
DD imagerel $LN6+369
DD imagerel $unwind$?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z
pdata ENDS
; COMDAT pdata
@ -270,7 +270,7 @@ $ip2state$?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DB 06H
DB 00H
DB 0faH
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -287,13 +287,13 @@ $cppxdata$?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DD 025054419H
DD 0117231cH
DD 07010002fH
$unwind$?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DD 035054419H
DD 0117331cH
DD 070100031H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z
DD 0162H
DD 0172H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -306,7 +306,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcVarDesc DD 024H ; JitEmitRipRelativeMovB
?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcVarDesc DD 034H ; JitEmitRipRelativeMovB
DD 07H
DQ FLAT:?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcName$0
ORG $+48
@ -327,7 +327,7 @@ $ip2state$?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DB 06H
DB 00H
DB 015H, 02H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -344,13 +344,13 @@ $cppxdata$?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DD 025054419H
DD 0117231cH
DD 070100031H
$unwind$?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DD 035054419H
DD 0117331cH
DD 070100033H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z
DD 0172H
DD 0182H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -363,7 +363,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcVarDesc DD 028H ; JitEmitRipRelativeMovW
?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcVarDesc DD 038H ; JitEmitRipRelativeMovW
DD 09H
DQ FLAT:?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcName$0
ORG $+48
@ -384,7 +384,7 @@ $ip2state$?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DB 06H
DB 00H
DB '%', 02H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -401,13 +401,13 @@ $cppxdata$?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DD 025054419H
DD 0117231cH
DD 070100031H
$unwind$?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z DD 035054419H
DD 0117331cH
DD 070100033H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z
DD 0172H
DD 0182H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -420,7 +420,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcVarDesc DD 028H ; JitEmitRipRelativeMovD
?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcVarDesc DD 038H ; JitEmitRipRelativeMovD
DD 0aH
DQ FLAT:?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcName$0
ORG $+48
@ -603,7 +603,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -618,15 +618,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 78 01
00 00 sub rsp, 376 ; 00000178H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 5e 00 00 00 mov ecx, 94 ; 0000005eH
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 98
01 00 00 mov rcx, QWORD PTR [rsp+408]
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -655,90 +655,92 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
0007d 48 83 bd 28 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00085 74 24 je SHORT $LN3@JitEmitRip
00087 41 b9 07 00 00
00085 74 2c je SHORT $LN3@JitEmitRip
00087 c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
0008f 41 b9 07 00 00
00 mov r9d, 7
0008d 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00091 ba 0c 00 00 00 mov edx, 12
00096 48 8b 8d 28 01
00095 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00099 ba 0c 00 00 00 mov edx, 12
0009e 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
0009d e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000a2 48 89 85 38 01
00 00 mov QWORD PTR tv78[rbp], rax
000a9 eb 0b jmp SHORT $LN4@JitEmitRip
000a5 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000aa 48 89 85 38 01
00 00 mov QWORD PTR tv79[rbp], rax
000b1 eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000ab 48 c7 85 38 01
000b3 48 c7 85 38 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000b6 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv78[rbp]
000bd 48 89 85 08 01
000be 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv79[rbp]
000c5 48 89 85 08 01
00 00 mov QWORD PTR $T4[rbp], rax
000c4 48 8b 85 08 01
000cc 48 8b 85 08 01
00 00 mov rax, QWORD PTR $T4[rbp]
000cb 48 89 45 28 mov QWORD PTR Link$[rbp], rax
000d3 48 89 45 28 mov QWORD PTR Link$[rbp], rax
; 32 : *(PINT32)&Link->RawData[2] = RipDelta;
000cf b8 01 00 00 00 mov eax, 1
000d4 48 6b c0 02 imul rax, rax, 2
000d8 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000dc 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e0 8b 95 78 01 00
000d7 b8 01 00 00 00 mov eax, 1
000dc 48 6b c0 02 imul rax, rax, 2
000e0 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000e4 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e8 8b 95 78 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000e6 89 14 08 mov DWORD PTR [rax+rcx], edx
000ee 89 14 08 mov DWORD PTR [rax+rcx], edx
; 33 : Link->RawData[6] = *Data;
000e9 b8 01 00 00 00 mov eax, 1
000ee 48 6b c0 06 imul rax, rax, 6
000f2 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000f6 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000fa 48 8b 95 80 01
000f1 b8 01 00 00 00 mov eax, 1
000f6 48 6b c0 06 imul rax, rax, 6
000fa 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000fe 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
00102 48 8b 95 80 01
00 00 mov rdx, QWORD PTR Data$[rbp]
00101 0f b6 12 movzx edx, BYTE PTR [rdx]
00104 88 14 08 mov BYTE PTR [rax+rcx], dl
00109 0f b6 12 movzx edx, BYTE PTR [rdx]
0010c 88 14 08 mov BYTE PTR [rax+rcx], dl
; 34 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
00107 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
0010b 48 83 c0 30 add rax, 48 ; 00000030H
0010f 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00113 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0010f 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
00113 48 83 c0 30 add rax, 48 ; 00000030H
00117 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
0011b 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0011f 48 8b c8 mov rcx, rax
00122 e8 00 00 00 00 call xed_decode
0011b 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0011f 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00123 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00127 48 8b c8 mov rcx, rax
0012a e8 00 00 00 00 call xed_decode
; 35 : NcAppendToBlock(Block, Link);
00127 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
0012b 48 8b 8d 70 01
0012f 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
00133 48 8b 8d 70 01
00 00 mov rcx, QWORD PTR Block$[rbp]
00132 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
0013a e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 36 : return TRUE;
00137 b8 01 00 00 00 mov eax, 1
0013f b8 01 00 00 00 mov eax, 1
; 37 : }
0013c 8b f8 mov edi, eax
0013e 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
00142 48 8d 15 00 00
00144 8b f8 mov edi, eax
00146 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
0014a 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcFrameData
00149 e8 00 00 00 00 call _RTC_CheckStackVars
0014e 8b c7 mov eax, edi
00150 48 8b 8d 40 01
00151 e8 00 00 00 00 call _RTC_CheckStackVars
00156 8b c7 mov eax, edi
00158 48 8b 8d 40 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
00157 48 33 cd xor rcx, rbp
0015a e8 00 00 00 00 call __security_check_cookie
0015f 48 8d a5 58 01
0015f 48 33 cd xor rcx, rbp
00162 e8 00 00 00 00 call __security_check_cookie
00167 48 8d a5 58 01
00 00 lea rsp, QWORD PTR [rbp+344]
00166 5f pop rdi
00167 5d pop rbp
00168 c3 ret 0
0016e 5f pop rdi
0016f 5d pop rbp
00170 c3 ret 0
?JitEmitRipRelativeMovB@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z ENDP ; JitEmitRipRelativeMovB
_TEXT ENDS
; COMDAT text$x
@ -747,7 +749,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -758,7 +760,7 @@ Data$ = 384
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -776,7 +778,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -787,7 +789,7 @@ Data$ = 384
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -806,7 +808,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -821,15 +823,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 98 01
00 00 sub rsp, 408 ; 00000198H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
0001f b9 66 00 00 00 mov ecx, 102 ; 00000066H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
0002b 48 8b 8c 24 b8
01 00 00 mov rcx, QWORD PTR [rsp+440]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -860,92 +862,94 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
00085 48 83 bd 38 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
0008d 74 24 je SHORT $LN3@JitEmitRip
0008f 41 b9 09 00 00
0008d 74 2c je SHORT $LN3@JitEmitRip
0008f c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
00097 41 b9 09 00 00
00 mov r9d, 9
00095 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
00099 ba 0c 00 00 00 mov edx, 12
0009e 48 8b 8d 38 01
0009d 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
000a1 ba 0c 00 00 00 mov edx, 12
000a6 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a5 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000aa 48 89 85 48 01
00 00 mov QWORD PTR tv78[rbp], rax
000b1 eb 0b jmp SHORT $LN4@JitEmitRip
000ad e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000b2 48 89 85 48 01
00 00 mov QWORD PTR tv79[rbp], rax
000b9 eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000b3 48 c7 85 48 01
000bb 48 c7 85 48 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000be 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv78[rbp]
000c5 48 89 85 18 01
000c6 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv79[rbp]
000cd 48 89 85 18 01
00 00 mov QWORD PTR $T4[rbp], rax
000cc 48 8b 85 18 01
000d4 48 8b 85 18 01
00 00 mov rax, QWORD PTR $T4[rbp]
000d3 48 89 45 38 mov QWORD PTR Link$[rbp], rax
000db 48 89 45 38 mov QWORD PTR Link$[rbp], rax
; 20 : *(PINT32)&Link->RawData[3] = RipDelta;
000d7 b8 01 00 00 00 mov eax, 1
000dc 48 6b c0 03 imul rax, rax, 3
000e0 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000e4 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e8 8b 95 88 01 00
000df b8 01 00 00 00 mov eax, 1
000e4 48 6b c0 03 imul rax, rax, 3
000e8 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000ec 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000f0 8b 95 88 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000ee 89 14 08 mov DWORD PTR [rax+rcx], edx
000f6 89 14 08 mov DWORD PTR [rax+rcx], edx
; 21 : RtlCopyMemory(&Link->RawData[7], Data, 2);
000f1 b8 01 00 00 00 mov eax, 1
000f6 48 6b c0 07 imul rax, rax, 7
000fa 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000fe 48 03 41 20 add rax, QWORD PTR [rcx+32]
00102 41 b8 02 00 00
000f9 b8 01 00 00 00 mov eax, 1
000fe 48 6b c0 07 imul rax, rax, 7
00102 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00106 48 03 41 20 add rax, QWORD PTR [rcx+32]
0010a 41 b8 02 00 00
00 mov r8d, 2
00108 48 8b 95 90 01
00110 48 8b 95 90 01
00 00 mov rdx, QWORD PTR Data$[rbp]
0010f 48 8b c8 mov rcx, rax
00112 e8 00 00 00 00 call memcpy
00117 48 8b c8 mov rcx, rax
0011a e8 00 00 00 00 call memcpy
; 22 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
00117 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
0011b 48 83 c0 30 add rax, 48 ; 00000030H
0011f 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00123 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0011f 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00123 48 83 c0 30 add rax, 48 ; 00000030H
00127 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0012b 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0012f 48 8b c8 mov rcx, rax
00132 e8 00 00 00 00 call xed_decode
0012b 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0012f 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00133 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00137 48 8b c8 mov rcx, rax
0013a e8 00 00 00 00 call xed_decode
; 23 : NcAppendToBlock(Block, Link);
00137 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
0013b 48 8b 8d 80 01
0013f 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00143 48 8b 8d 80 01
00 00 mov rcx, QWORD PTR Block$[rbp]
00142 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
0014a e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 24 : return TRUE;
00147 b8 01 00 00 00 mov eax, 1
0014f b8 01 00 00 00 mov eax, 1
; 25 : }
0014c 8b f8 mov edi, eax
0014e 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
00152 48 8d 15 00 00
00154 8b f8 mov edi, eax
00156 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
0015a 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcFrameData
00159 e8 00 00 00 00 call _RTC_CheckStackVars
0015e 8b c7 mov eax, edi
00160 48 8b 8d 50 01
00161 e8 00 00 00 00 call _RTC_CheckStackVars
00166 8b c7 mov eax, edi
00168 48 8b 8d 50 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
00167 48 33 cd xor rcx, rbp
0016a e8 00 00 00 00 call __security_check_cookie
0016f 48 8d a5 68 01
0016f 48 33 cd xor rcx, rbp
00172 e8 00 00 00 00 call __security_check_cookie
00177 48 8d a5 68 01
00 00 lea rsp, QWORD PTR [rbp+360]
00176 5f pop rdi
00177 5d pop rbp
00178 c3 ret 0
0017e 5f pop rdi
0017f 5d pop rbp
00180 c3 ret 0
?JitEmitRipRelativeMovW@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z ENDP ; JitEmitRipRelativeMovW
_TEXT ENDS
; COMDAT text$x
@ -954,7 +958,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -965,7 +969,7 @@ Data$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -983,7 +987,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -994,7 +998,7 @@ Data$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -1013,7 +1017,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1028,15 +1032,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 98 01
00 00 sub rsp, 408 ; 00000198H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
0001f b9 66 00 00 00 mov ecx, 102 ; 00000066H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
0002b 48 8b 8c 24 b8
01 00 00 mov rcx, QWORD PTR [rsp+440]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -1068,92 +1072,94 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
00089 48 83 bd 38 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00091 74 24 je SHORT $LN3@JitEmitRip
00093 41 b9 0a 00 00
00091 74 2c je SHORT $LN3@JitEmitRip
00093 c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
0009b 41 b9 0a 00 00
00 mov r9d, 10
00099 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
0009d ba 0c 00 00 00 mov edx, 12
000a2 48 8b 8d 38 01
000a1 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
000a5 ba 0c 00 00 00 mov edx, 12
000aa 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a9 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000ae 48 89 85 48 01
00 00 mov QWORD PTR tv78[rbp], rax
000b5 eb 0b jmp SHORT $LN4@JitEmitRip
000b1 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000b6 48 89 85 48 01
00 00 mov QWORD PTR tv79[rbp], rax
000bd eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000b7 48 c7 85 48 01
000bf 48 c7 85 48 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000c2 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv78[rbp]
000c9 48 89 85 18 01
000ca 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv79[rbp]
000d1 48 89 85 18 01
00 00 mov QWORD PTR $T4[rbp], rax
000d0 48 8b 85 18 01
000d8 48 8b 85 18 01
00 00 mov rax, QWORD PTR $T4[rbp]
000d7 48 89 45 38 mov QWORD PTR Link$[rbp], rax
000df 48 89 45 38 mov QWORD PTR Link$[rbp], rax
; 8 : *(PINT32)&Link->RawData[2] = RipDelta;
000db b8 01 00 00 00 mov eax, 1
000e0 48 6b c0 02 imul rax, rax, 2
000e4 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000e8 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000ec 8b 95 88 01 00
000e3 b8 01 00 00 00 mov eax, 1
000e8 48 6b c0 02 imul rax, rax, 2
000ec 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000f0 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000f4 8b 95 88 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000f2 89 14 08 mov DWORD PTR [rax+rcx], edx
000fa 89 14 08 mov DWORD PTR [rax+rcx], edx
; 9 : RtlCopyMemory(&Link->RawData[6], Data, 4);
000f5 b8 01 00 00 00 mov eax, 1
000fa 48 6b c0 06 imul rax, rax, 6
000fe 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00102 48 03 41 20 add rax, QWORD PTR [rcx+32]
00106 41 b8 04 00 00
000fd b8 01 00 00 00 mov eax, 1
00102 48 6b c0 06 imul rax, rax, 6
00106 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0010a 48 03 41 20 add rax, QWORD PTR [rcx+32]
0010e 41 b8 04 00 00
00 mov r8d, 4
0010c 48 8b 95 90 01
00114 48 8b 95 90 01
00 00 mov rdx, QWORD PTR Data$[rbp]
00113 48 8b c8 mov rcx, rax
00116 e8 00 00 00 00 call memcpy
0011b 48 8b c8 mov rcx, rax
0011e e8 00 00 00 00 call memcpy
; 10 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
0011b 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
0011f 48 83 c0 30 add rax, 48 ; 00000030H
00123 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00127 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00123 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00127 48 83 c0 30 add rax, 48 ; 00000030H
0012b 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0012f 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00133 48 8b c8 mov rcx, rax
00136 e8 00 00 00 00 call xed_decode
0012f 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00133 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00137 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0013b 48 8b c8 mov rcx, rax
0013e e8 00 00 00 00 call xed_decode
; 11 : NcAppendToBlock(Block, Link);
0013b 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
0013f 48 8b 8d 80 01
00143 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00147 48 8b 8d 80 01
00 00 mov rcx, QWORD PTR Block$[rbp]
00146 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
0014e e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 12 : return TRUE;
0014b b8 01 00 00 00 mov eax, 1
00153 b8 01 00 00 00 mov eax, 1
; 13 : }
00150 8b f8 mov edi, eax
00152 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
00156 48 8d 15 00 00
00158 8b f8 mov edi, eax
0015a 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
0015e 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z$rtcFrameData
0015d e8 00 00 00 00 call _RTC_CheckStackVars
00162 8b c7 mov eax, edi
00164 48 8b 8d 50 01
00165 e8 00 00 00 00 call _RTC_CheckStackVars
0016a 8b c7 mov eax, edi
0016c 48 8b 8d 50 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
0016b 48 33 cd xor rcx, rbp
0016e e8 00 00 00 00 call __security_check_cookie
00173 48 8d a5 68 01
00173 48 33 cd xor rcx, rbp
00176 e8 00 00 00 00 call __security_check_cookie
0017b 48 8d a5 68 01
00 00 lea rsp, QWORD PTR [rbp+360]
0017a 5f pop rdi
0017b 5d pop rbp
0017c c3 ret 0
00182 5f pop rdi
00183 5d pop rbp
00184 c3 ret 0
?JitEmitRipRelativeMovD@@YAHPEAU_NATIVE_CODE_BLOCK@@HPEAE@Z ENDP ; JitEmitRipRelativeMovD
_TEXT ENDS
; COMDAT text$x
@ -1162,7 +1168,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1173,7 +1179,7 @@ Data$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -1191,7 +1197,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1202,7 +1208,7 @@ Data$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]

422
CodeVirtualizer/x64/Debug/RipOrInst.cod
Unescape View File

@ -116,7 +116,7 @@ EXTRN __imp_?_Getmonths@_Locinfo@std@@QEBAPEBDXZ:PROC
EXTRN __imp_?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ:PROC
EXTRN __imp_?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ:PROC
EXTRN xed_decode:PROC
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z:PROC ; NcAppendToBlock
EXTRN _RTC_CheckStackVars:PROC
EXTRN _RTC_InitBase:PROC
@ -190,7 +190,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD imagerel $LN6
DD imagerel $LN6+369
DD imagerel $LN6+377
DD imagerel $unwind$?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
pdata ENDS
; COMDAT pdata
@ -202,7 +202,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD imagerel $LN6
DD imagerel $LN6+367
DD imagerel $LN6+375
DD imagerel $unwind$?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
pdata ENDS
; COMDAT pdata
@ -214,7 +214,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD imagerel $LN6
DD imagerel $LN6+358
DD imagerel $LN6+366
DD imagerel $unwind$?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
pdata ENDS
; COMDAT pdata
@ -270,7 +270,7 @@ $ip2state$?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 06H
DB 00H
DB 0faH
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -287,13 +287,13 @@ $cppxdata$?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 025054419H
DD 0117231cH
DD 07010002fH
$unwind$?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 035054419H
DD 0117331cH
DD 070100031H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
DD 0162H
DD 0172H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -306,7 +306,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 024H ; JitEmitRipRelativeOrB
?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 034H ; JitEmitRipRelativeOrB
DD 07H
DQ FLAT:?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcName$0
ORG $+48
@ -327,7 +327,7 @@ $ip2state$?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 06H
DB 00H
DB 015H, 02H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -344,13 +344,13 @@ $cppxdata$?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 025054419H
DD 0117231cH
DD 070100031H
$unwind$?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 035054419H
DD 0117331cH
DD 070100033H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
DD 0172H
DD 0182H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -363,7 +363,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 028H ; JitEmitRipRelativeOrW
?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 038H ; JitEmitRipRelativeOrW
DD 09H
DQ FLAT:?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcName$0
ORG $+48
@ -384,7 +384,7 @@ $ip2state$?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 06H
DB 00H
DB '%', 02H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -401,13 +401,13 @@ $cppxdata$?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 025054419H
DD 0117231cH
DD 070100031H
$unwind$?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 035054419H
DD 0117331cH
DD 070100033H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
DD 0172H
DD 0182H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -420,7 +420,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 028H ; JitEmitRipRelativeOrD
?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 038H ; JitEmitRipRelativeOrD
DD 0aH
DQ FLAT:?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcName$0
ORG $+48
@ -603,7 +603,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -618,15 +618,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 78 01
00 00 sub rsp, 376 ; 00000178H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 5e 00 00 00 mov ecx, 94 ; 0000005eH
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 98
01 00 00 mov rcx, QWORD PTR [rsp+408]
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -655,89 +655,91 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
0007d 48 83 bd 28 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00085 74 24 je SHORT $LN3@JitEmitRip
00087 41 b9 07 00 00
00085 74 2c je SHORT $LN3@JitEmitRip
00087 c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
0008f 41 b9 07 00 00
00 mov r9d, 7
0008d 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00091 ba 0c 00 00 00 mov edx, 12
00096 48 8b 8d 28 01
00095 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00099 ba 0c 00 00 00 mov edx, 12
0009e 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
0009d e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000a2 48 89 85 38 01
00 00 mov QWORD PTR tv78[rbp], rax
000a9 eb 0b jmp SHORT $LN4@JitEmitRip
000a5 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000aa 48 89 85 38 01
00 00 mov QWORD PTR tv79[rbp], rax
000b1 eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000ab 48 c7 85 38 01
000b3 48 c7 85 38 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000b6 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv78[rbp]
000bd 48 89 85 08 01
000be 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv79[rbp]
000c5 48 89 85 08 01
00 00 mov QWORD PTR $T4[rbp], rax
000c4 48 8b 85 08 01
000cc 48 8b 85 08 01
00 00 mov rax, QWORD PTR $T4[rbp]
000cb 48 89 45 28 mov QWORD PTR Link$[rbp], rax
000d3 48 89 45 28 mov QWORD PTR Link$[rbp], rax
; 32 : *(PINT32)&Link->RawData[2] = RipDelta;
000cf b8 01 00 00 00 mov eax, 1
000d4 48 6b c0 02 imul rax, rax, 2
000d8 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000dc 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e0 8b 95 78 01 00
000d7 b8 01 00 00 00 mov eax, 1
000dc 48 6b c0 02 imul rax, rax, 2
000e0 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000e4 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e8 8b 95 78 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000e6 89 14 08 mov DWORD PTR [rax+rcx], edx
000ee 89 14 08 mov DWORD PTR [rax+rcx], edx
; 33 : *(PUCHAR)&Link->RawData[6] = (UCHAR)Value;
000e9 b8 01 00 00 00 mov eax, 1
000ee 48 6b c0 06 imul rax, rax, 6
000f2 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000f6 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000fa 0f b6 95 80 01
000f1 b8 01 00 00 00 mov eax, 1
000f6 48 6b c0 06 imul rax, rax, 6
000fa 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000fe 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
00102 0f b6 95 80 01
00 00 movzx edx, BYTE PTR Value$[rbp]
00101 88 14 08 mov BYTE PTR [rax+rcx], dl
00109 88 14 08 mov BYTE PTR [rax+rcx], dl
; 34 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
00104 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
00108 48 83 c0 30 add rax, 48 ; 00000030H
0010c 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00110 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0010c 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
00110 48 83 c0 30 add rax, 48 ; 00000030H
00114 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00118 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0011c 48 8b c8 mov rcx, rax
0011f e8 00 00 00 00 call xed_decode
00118 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0011c 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00120 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00124 48 8b c8 mov rcx, rax
00127 e8 00 00 00 00 call xed_decode
; 35 : NcAppendToBlock(Block, Link);
00124 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
00128 48 8b 8d 70 01
0012c 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
00130 48 8b 8d 70 01
00 00 mov rcx, QWORD PTR Block$[rbp]
0012f e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
00137 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 36 : return TRUE;
00134 b8 01 00 00 00 mov eax, 1
0013c b8 01 00 00 00 mov eax, 1
; 37 : }
00139 8b f8 mov edi, eax
0013b 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
0013f 48 8d 15 00 00
00141 8b f8 mov edi, eax
00143 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
00147 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcFrameData
00146 e8 00 00 00 00 call _RTC_CheckStackVars
0014b 8b c7 mov eax, edi
0014d 48 8b 8d 40 01
0014e e8 00 00 00 00 call _RTC_CheckStackVars
00153 8b c7 mov eax, edi
00155 48 8b 8d 40 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
00154 48 33 cd xor rcx, rbp
00157 e8 00 00 00 00 call __security_check_cookie
0015c 48 8d a5 58 01
0015c 48 33 cd xor rcx, rbp
0015f e8 00 00 00 00 call __security_check_cookie
00164 48 8d a5 58 01
00 00 lea rsp, QWORD PTR [rbp+344]
00163 5f pop rdi
00164 5d pop rbp
00165 c3 ret 0
0016b 5f pop rdi
0016c 5d pop rbp
0016d c3 ret 0
?JitEmitRipRelativeOrB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z ENDP ; JitEmitRipRelativeOrB
_TEXT ENDS
; COMDAT text$x
@ -746,7 +748,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -757,7 +759,7 @@ Value$ = 384
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -775,7 +777,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -786,7 +788,7 @@ Value$ = 384
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -805,7 +807,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -820,15 +822,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 98 01
00 00 sub rsp, 408 ; 00000198H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
0001f b9 66 00 00 00 mov ecx, 102 ; 00000066H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
0002b 48 8b 8c 24 b8
01 00 00 mov rcx, QWORD PTR [rsp+440]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -859,89 +861,91 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
00085 48 83 bd 38 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
0008d 74 24 je SHORT $LN3@JitEmitRip
0008f 41 b9 09 00 00
0008d 74 2c je SHORT $LN3@JitEmitRip
0008f c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
00097 41 b9 09 00 00
00 mov r9d, 9
00095 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
00099 ba 0c 00 00 00 mov edx, 12
0009e 48 8b 8d 38 01
0009d 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
000a1 ba 0c 00 00 00 mov edx, 12
000a6 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a5 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000aa 48 89 85 48 01
00 00 mov QWORD PTR tv78[rbp], rax
000b1 eb 0b jmp SHORT $LN4@JitEmitRip
000ad e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000b2 48 89 85 48 01
00 00 mov QWORD PTR tv79[rbp], rax
000b9 eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000b3 48 c7 85 48 01
000bb 48 c7 85 48 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000be 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv78[rbp]
000c5 48 89 85 18 01
000c6 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv79[rbp]
000cd 48 89 85 18 01
00 00 mov QWORD PTR $T4[rbp], rax
000cc 48 8b 85 18 01
000d4 48 8b 85 18 01
00 00 mov rax, QWORD PTR $T4[rbp]
000d3 48 89 45 38 mov QWORD PTR Link$[rbp], rax
000db 48 89 45 38 mov QWORD PTR Link$[rbp], rax
; 20 : *(PINT32)&Link->RawData[3] = RipDelta;
000d7 b8 01 00 00 00 mov eax, 1
000dc 48 6b c0 03 imul rax, rax, 3
000e0 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000e4 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e8 8b 95 88 01 00
000df b8 01 00 00 00 mov eax, 1
000e4 48 6b c0 03 imul rax, rax, 3
000e8 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000ec 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000f0 8b 95 88 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000ee 89 14 08 mov DWORD PTR [rax+rcx], edx
000f6 89 14 08 mov DWORD PTR [rax+rcx], edx
; 21 : *(PUSHORT)&Link->RawData[7] = (USHORT)Value;
000f1 b8 01 00 00 00 mov eax, 1
000f6 48 6b c0 07 imul rax, rax, 7
000fa 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000fe 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
00102 0f b7 95 90 01
000f9 b8 01 00 00 00 mov eax, 1
000fe 48 6b c0 07 imul rax, rax, 7
00102 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00106 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
0010a 0f b7 95 90 01
00 00 movzx edx, WORD PTR Value$[rbp]
00109 66 89 14 08 mov WORD PTR [rax+rcx], dx
00111 66 89 14 08 mov WORD PTR [rax+rcx], dx
; 22 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
0010d 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00111 48 83 c0 30 add rax, 48 ; 00000030H
00115 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00119 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00115 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00119 48 83 c0 30 add rax, 48 ; 00000030H
0011d 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00121 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00125 48 8b c8 mov rcx, rax
00128 e8 00 00 00 00 call xed_decode
00121 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00125 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00129 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0012d 48 8b c8 mov rcx, rax
00130 e8 00 00 00 00 call xed_decode
; 23 : NcAppendToBlock(Block, Link);
0012d 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00131 48 8b 8d 80 01
00135 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00139 48 8b 8d 80 01
00 00 mov rcx, QWORD PTR Block$[rbp]
00138 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
00140 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 24 : return TRUE;
0013d b8 01 00 00 00 mov eax, 1
00145 b8 01 00 00 00 mov eax, 1
; 25 : }
00142 8b f8 mov edi, eax
00144 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
00148 48 8d 15 00 00
0014a 8b f8 mov edi, eax
0014c 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
00150 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcFrameData
0014f e8 00 00 00 00 call _RTC_CheckStackVars
00154 8b c7 mov eax, edi
00156 48 8b 8d 50 01
00157 e8 00 00 00 00 call _RTC_CheckStackVars
0015c 8b c7 mov eax, edi
0015e 48 8b 8d 50 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
0015d 48 33 cd xor rcx, rbp
00160 e8 00 00 00 00 call __security_check_cookie
00165 48 8d a5 68 01
00165 48 33 cd xor rcx, rbp
00168 e8 00 00 00 00 call __security_check_cookie
0016d 48 8d a5 68 01
00 00 lea rsp, QWORD PTR [rbp+360]
0016c 5f pop rdi
0016d 5d pop rbp
0016e c3 ret 0
00174 5f pop rdi
00175 5d pop rbp
00176 c3 ret 0
?JitEmitRipRelativeOrW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z ENDP ; JitEmitRipRelativeOrW
_TEXT ENDS
; COMDAT text$x
@ -950,7 +954,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -961,7 +965,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -979,7 +983,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -990,7 +994,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -1009,7 +1013,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1024,15 +1028,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 98 01
00 00 sub rsp, 408 ; 00000198H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
0001f b9 66 00 00 00 mov ecx, 102 ; 00000066H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
0002b 48 8b 8c 24 b8
01 00 00 mov rcx, QWORD PTR [rsp+440]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -1064,89 +1068,91 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
00089 48 83 bd 38 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00091 74 24 je SHORT $LN3@JitEmitRip
00093 41 b9 0a 00 00
00091 74 2c je SHORT $LN3@JitEmitRip
00093 c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
0009b 41 b9 0a 00 00
00 mov r9d, 10
00099 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
0009d ba 0c 00 00 00 mov edx, 12
000a2 48 8b 8d 38 01
000a1 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
000a5 ba 0c 00 00 00 mov edx, 12
000aa 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a9 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000ae 48 89 85 48 01
00 00 mov QWORD PTR tv78[rbp], rax
000b5 eb 0b jmp SHORT $LN4@JitEmitRip
000b1 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000b6 48 89 85 48 01
00 00 mov QWORD PTR tv79[rbp], rax
000bd eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000b7 48 c7 85 48 01
000bf 48 c7 85 48 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000c2 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv78[rbp]
000c9 48 89 85 18 01
000ca 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv79[rbp]
000d1 48 89 85 18 01
00 00 mov QWORD PTR $T4[rbp], rax
000d0 48 8b 85 18 01
000d8 48 8b 85 18 01
00 00 mov rax, QWORD PTR $T4[rbp]
000d7 48 89 45 38 mov QWORD PTR Link$[rbp], rax
000df 48 89 45 38 mov QWORD PTR Link$[rbp], rax
; 8 : *(PINT32)&Link->RawData[2] = RipDelta;
000db b8 01 00 00 00 mov eax, 1
000e0 48 6b c0 02 imul rax, rax, 2
000e4 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000e8 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000ec 8b 95 88 01 00
000e3 b8 01 00 00 00 mov eax, 1
000e8 48 6b c0 02 imul rax, rax, 2
000ec 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000f0 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000f4 8b 95 88 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000f2 89 14 08 mov DWORD PTR [rax+rcx], edx
000fa 89 14 08 mov DWORD PTR [rax+rcx], edx
; 9 : *(PULONG)&Link->RawData[6] = Value;
000f5 b8 01 00 00 00 mov eax, 1
000fa 48 6b c0 06 imul rax, rax, 6
000fe 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00102 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
00106 8b 95 90 01 00
000fd b8 01 00 00 00 mov eax, 1
00102 48 6b c0 06 imul rax, rax, 6
00106 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0010a 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
0010e 8b 95 90 01 00
00 mov edx, DWORD PTR Value$[rbp]
0010c 89 14 08 mov DWORD PTR [rax+rcx], edx
00114 89 14 08 mov DWORD PTR [rax+rcx], edx
; 10 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
0010f 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00113 48 83 c0 30 add rax, 48 ; 00000030H
00117 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0011b 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00117 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
0011b 48 83 c0 30 add rax, 48 ; 00000030H
0011f 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00123 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00127 48 8b c8 mov rcx, rax
0012a e8 00 00 00 00 call xed_decode
00123 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00127 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0012b 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0012f 48 8b c8 mov rcx, rax
00132 e8 00 00 00 00 call xed_decode
; 11 : NcAppendToBlock(Block, Link);
0012f 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00133 48 8b 8d 80 01
00137 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
0013b 48 8b 8d 80 01
00 00 mov rcx, QWORD PTR Block$[rbp]
0013a e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
00142 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 12 : return TRUE;
0013f b8 01 00 00 00 mov eax, 1
00147 b8 01 00 00 00 mov eax, 1
; 13 : }
00144 8b f8 mov edi, eax
00146 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
0014a 48 8d 15 00 00
0014c 8b f8 mov edi, eax
0014e 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
00152 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcFrameData
00151 e8 00 00 00 00 call _RTC_CheckStackVars
00156 8b c7 mov eax, edi
00158 48 8b 8d 50 01
00159 e8 00 00 00 00 call _RTC_CheckStackVars
0015e 8b c7 mov eax, edi
00160 48 8b 8d 50 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
0015f 48 33 cd xor rcx, rbp
00162 e8 00 00 00 00 call __security_check_cookie
00167 48 8d a5 68 01
00167 48 33 cd xor rcx, rbp
0016a e8 00 00 00 00 call __security_check_cookie
0016f 48 8d a5 68 01
00 00 lea rsp, QWORD PTR [rbp+360]
0016e 5f pop rdi
0016f 5d pop rbp
00170 c3 ret 0
00176 5f pop rdi
00177 5d pop rbp
00178 c3 ret 0
?JitEmitRipRelativeOrD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z ENDP ; JitEmitRipRelativeOrD
_TEXT ENDS
; COMDAT text$x
@ -1155,7 +1161,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1166,7 +1172,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -1184,7 +1190,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1195,7 +1201,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]

422
CodeVirtualizer/x64/Debug/RipXorInst.cod
Unescape View File

@ -116,7 +116,7 @@ EXTRN __imp_?_Getmonths@_Locinfo@std@@QEBAPEBDXZ:PROC
EXTRN __imp_?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ:PROC
EXTRN __imp_?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ:PROC
EXTRN xed_decode:PROC
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
EXTRN ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z:PROC ; NcAppendToBlock
EXTRN _RTC_CheckStackVars:PROC
EXTRN _RTC_InitBase:PROC
@ -190,7 +190,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD imagerel $LN6
DD imagerel $LN6+369
DD imagerel $LN6+377
DD imagerel $unwind$?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
pdata ENDS
; COMDAT pdata
@ -202,7 +202,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD imagerel $LN6
DD imagerel $LN6+367
DD imagerel $LN6+375
DD imagerel $unwind$?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
pdata ENDS
; COMDAT pdata
@ -214,7 +214,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD imagerel $LN6
DD imagerel $LN6+358
DD imagerel $LN6+366
DD imagerel $unwind$?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
pdata ENDS
; COMDAT pdata
@ -270,7 +270,7 @@ $ip2state$?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 06H
DB 00H
DB 0faH
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -287,13 +287,13 @@ $cppxdata$?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 025054419H
DD 0117231cH
DD 07010002fH
$unwind$?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 035054419H
DD 0117331cH
DD 070100031H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
DD 0162H
DD 0172H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -306,7 +306,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 024H ; JitEmitRipRelativeXorB
?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 034H ; JitEmitRipRelativeXorB
DD 07H
DQ FLAT:?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcName$0
ORG $+48
@ -327,7 +327,7 @@ $ip2state$?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 06H
DB 00H
DB 015H, 02H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -344,13 +344,13 @@ $cppxdata$?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 025054419H
DD 0117231cH
DD 070100031H
$unwind$?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 035054419H
DD 0117331cH
DD 070100033H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
DD 0172H
DD 0182H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -363,7 +363,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 028H ; JitEmitRipRelativeXorW
?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 038H ; JitEmitRipRelativeXorW
DD 09H
DQ FLAT:?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcName$0
ORG $+48
@ -384,7 +384,7 @@ $ip2state$?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 06H
DB 00H
DB '%', 02H
DB 02H
DB 08eH
DB 09eH
DB 00H
xdata ENDS
; COMDAT xdata
@ -401,13 +401,13 @@ $cppxdata$?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DB 028H
xdata ENDS
; COMDAT xdata
xdata SEGMENT
$unwind$?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 025054419H
DD 0117231cH
DD 070100031H
$unwind$?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z DD 035054419H
DD 0117331cH
DD 070100033H
DD 0500fH
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z
DD 0172H
DD 0182H
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -420,7 +420,7 @@ CONST SEGMENT
DB 061H
DB 00H
ORG $+8
?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 028H ; JitEmitRipRelativeXorD
?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcVarDesc DD 038H ; JitEmitRipRelativeXorD
DD 0aH
DQ FLAT:?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcName$0
ORG $+48
@ -603,7 +603,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -618,15 +618,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 78 01
00 00 sub rsp, 376 ; 00000178H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 5e 00 00 00 mov ecx, 94 ; 0000005eH
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 98
01 00 00 mov rcx, QWORD PTR [rsp+408]
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -655,89 +655,91 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
0007d 48 83 bd 28 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00085 74 24 je SHORT $LN3@JitEmitRip
00087 41 b9 07 00 00
00085 74 2c je SHORT $LN3@JitEmitRip
00087 c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
0008f 41 b9 07 00 00
00 mov r9d, 7
0008d 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00091 ba 0c 00 00 00 mov edx, 12
00096 48 8b 8d 28 01
00095 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00099 ba 0c 00 00 00 mov edx, 12
0009e 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
0009d e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000a2 48 89 85 38 01
00 00 mov QWORD PTR tv78[rbp], rax
000a9 eb 0b jmp SHORT $LN4@JitEmitRip
000a5 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000aa 48 89 85 38 01
00 00 mov QWORD PTR tv79[rbp], rax
000b1 eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000ab 48 c7 85 38 01
000b3 48 c7 85 38 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000b6 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv78[rbp]
000bd 48 89 85 08 01
000be 48 8b 85 38 01
00 00 mov rax, QWORD PTR tv79[rbp]
000c5 48 89 85 08 01
00 00 mov QWORD PTR $T4[rbp], rax
000c4 48 8b 85 08 01
000cc 48 8b 85 08 01
00 00 mov rax, QWORD PTR $T4[rbp]
000cb 48 89 45 28 mov QWORD PTR Link$[rbp], rax
000d3 48 89 45 28 mov QWORD PTR Link$[rbp], rax
; 32 : *(PINT32)&Link->RawData[2] = RipDelta;
000cf b8 01 00 00 00 mov eax, 1
000d4 48 6b c0 02 imul rax, rax, 2
000d8 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000dc 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e0 8b 95 78 01 00
000d7 b8 01 00 00 00 mov eax, 1
000dc 48 6b c0 02 imul rax, rax, 2
000e0 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000e4 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e8 8b 95 78 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000e6 89 14 08 mov DWORD PTR [rax+rcx], edx
000ee 89 14 08 mov DWORD PTR [rax+rcx], edx
; 33 : *(PUCHAR)&Link->RawData[6] = (UCHAR)Value;
000e9 b8 01 00 00 00 mov eax, 1
000ee 48 6b c0 06 imul rax, rax, 6
000f2 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000f6 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000fa 0f b6 95 80 01
000f1 b8 01 00 00 00 mov eax, 1
000f6 48 6b c0 06 imul rax, rax, 6
000fa 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
000fe 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
00102 0f b6 95 80 01
00 00 movzx edx, BYTE PTR Value$[rbp]
00101 88 14 08 mov BYTE PTR [rax+rcx], dl
00109 88 14 08 mov BYTE PTR [rax+rcx], dl
; 34 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
00104 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
00108 48 83 c0 30 add rax, 48 ; 00000030H
0010c 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00110 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0010c 48 8b 45 28 mov rax, QWORD PTR Link$[rbp]
00110 48 83 c0 30 add rax, 48 ; 00000030H
00114 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00118 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0011c 48 8b c8 mov rcx, rax
0011f e8 00 00 00 00 call xed_decode
00118 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
0011c 48 8b 4d 28 mov rcx, QWORD PTR Link$[rbp]
00120 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00124 48 8b c8 mov rcx, rax
00127 e8 00 00 00 00 call xed_decode
; 35 : NcAppendToBlock(Block, Link);
00124 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
00128 48 8b 8d 70 01
0012c 48 8b 55 28 mov rdx, QWORD PTR Link$[rbp]
00130 48 8b 8d 70 01
00 00 mov rcx, QWORD PTR Block$[rbp]
0012f e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
00137 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 36 : return TRUE;
00134 b8 01 00 00 00 mov eax, 1
0013c b8 01 00 00 00 mov eax, 1
; 37 : }
00139 8b f8 mov edi, eax
0013b 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
0013f 48 8d 15 00 00
00141 8b f8 mov edi, eax
00143 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
00147 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcFrameData
00146 e8 00 00 00 00 call _RTC_CheckStackVars
0014b 8b c7 mov eax, edi
0014d 48 8b 8d 40 01
0014e e8 00 00 00 00 call _RTC_CheckStackVars
00153 8b c7 mov eax, edi
00155 48 8b 8d 40 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
00154 48 33 cd xor rcx, rbp
00157 e8 00 00 00 00 call __security_check_cookie
0015c 48 8d a5 58 01
0015c 48 33 cd xor rcx, rbp
0015f e8 00 00 00 00 call __security_check_cookie
00164 48 8d a5 58 01
00 00 lea rsp, QWORD PTR [rbp+344]
00163 5f pop rdi
00164 5d pop rbp
00165 c3 ret 0
0016b 5f pop rdi
0016c 5d pop rbp
0016d c3 ret 0
?JitEmitRipRelativeXorB@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z ENDP ; JitEmitRipRelativeXorB
_TEXT ENDS
; COMDAT text$x
@ -746,7 +748,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -757,7 +759,7 @@ Value$ = 384
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -775,7 +777,7 @@ RawData$ = 4
Link$ = 40
$T4 = 264
$T5 = 296
tv78 = 312
tv79 = 312
__$ArrayPad$ = 320
Block$ = 368
RipDelta$ = 376
@ -786,7 +788,7 @@ Value$ = 384
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -805,7 +807,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -820,15 +822,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 98 01
00 00 sub rsp, 408 ; 00000198H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
0001f b9 66 00 00 00 mov ecx, 102 ; 00000066H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
0002b 48 8b 8c 24 b8
01 00 00 mov rcx, QWORD PTR [rsp+440]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -859,89 +861,91 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
00085 48 83 bd 38 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
0008d 74 24 je SHORT $LN3@JitEmitRip
0008f 41 b9 09 00 00
0008d 74 2c je SHORT $LN3@JitEmitRip
0008f c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
00097 41 b9 09 00 00
00 mov r9d, 9
00095 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
00099 ba 0c 00 00 00 mov edx, 12
0009e 48 8b 8d 38 01
0009d 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
000a1 ba 0c 00 00 00 mov edx, 12
000a6 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a5 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000aa 48 89 85 48 01
00 00 mov QWORD PTR tv78[rbp], rax
000b1 eb 0b jmp SHORT $LN4@JitEmitRip
000ad e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000b2 48 89 85 48 01
00 00 mov QWORD PTR tv79[rbp], rax
000b9 eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000b3 48 c7 85 48 01
000bb 48 c7 85 48 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000be 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv78[rbp]
000c5 48 89 85 18 01
000c6 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv79[rbp]
000cd 48 89 85 18 01
00 00 mov QWORD PTR $T4[rbp], rax
000cc 48 8b 85 18 01
000d4 48 8b 85 18 01
00 00 mov rax, QWORD PTR $T4[rbp]
000d3 48 89 45 38 mov QWORD PTR Link$[rbp], rax
000db 48 89 45 38 mov QWORD PTR Link$[rbp], rax
; 20 : *(PINT32)&Link->RawData[3] = RipDelta;
000d7 b8 01 00 00 00 mov eax, 1
000dc 48 6b c0 03 imul rax, rax, 3
000e0 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000e4 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000e8 8b 95 88 01 00
000df b8 01 00 00 00 mov eax, 1
000e4 48 6b c0 03 imul rax, rax, 3
000e8 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000ec 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000f0 8b 95 88 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000ee 89 14 08 mov DWORD PTR [rax+rcx], edx
000f6 89 14 08 mov DWORD PTR [rax+rcx], edx
; 21 : *(PUSHORT)&Link->RawData[7] = (USHORT)Value;
000f1 b8 01 00 00 00 mov eax, 1
000f6 48 6b c0 07 imul rax, rax, 7
000fa 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000fe 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
00102 0f b7 95 90 01
000f9 b8 01 00 00 00 mov eax, 1
000fe 48 6b c0 07 imul rax, rax, 7
00102 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00106 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
0010a 0f b7 95 90 01
00 00 movzx edx, WORD PTR Value$[rbp]
00109 66 89 14 08 mov WORD PTR [rax+rcx], dx
00111 66 89 14 08 mov WORD PTR [rax+rcx], dx
; 22 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
0010d 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00111 48 83 c0 30 add rax, 48 ; 00000030H
00115 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00119 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00115 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00119 48 83 c0 30 add rax, 48 ; 00000030H
0011d 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00121 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00125 48 8b c8 mov rcx, rax
00128 e8 00 00 00 00 call xed_decode
00121 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00125 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00129 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0012d 48 8b c8 mov rcx, rax
00130 e8 00 00 00 00 call xed_decode
; 23 : NcAppendToBlock(Block, Link);
0012d 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00131 48 8b 8d 80 01
00135 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00139 48 8b 8d 80 01
00 00 mov rcx, QWORD PTR Block$[rbp]
00138 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
00140 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 24 : return TRUE;
0013d b8 01 00 00 00 mov eax, 1
00145 b8 01 00 00 00 mov eax, 1
; 25 : }
00142 8b f8 mov edi, eax
00144 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
00148 48 8d 15 00 00
0014a 8b f8 mov edi, eax
0014c 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
00150 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcFrameData
0014f e8 00 00 00 00 call _RTC_CheckStackVars
00154 8b c7 mov eax, edi
00156 48 8b 8d 50 01
00157 e8 00 00 00 00 call _RTC_CheckStackVars
0015c 8b c7 mov eax, edi
0015e 48 8b 8d 50 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
0015d 48 33 cd xor rcx, rbp
00160 e8 00 00 00 00 call __security_check_cookie
00165 48 8d a5 68 01
00165 48 33 cd xor rcx, rbp
00168 e8 00 00 00 00 call __security_check_cookie
0016d 48 8d a5 68 01
00 00 lea rsp, QWORD PTR [rbp+360]
0016c 5f pop rdi
0016d 5d pop rbp
0016e c3 ret 0
00174 5f pop rdi
00175 5d pop rbp
00176 c3 ret 0
?JitEmitRipRelativeXorW@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z ENDP ; JitEmitRipRelativeXorW
_TEXT ENDS
; COMDAT text$x
@ -950,7 +954,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -961,7 +965,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -979,7 +983,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -990,7 +994,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -1009,7 +1013,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1024,15 +1028,15 @@ $LN6:
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
0000e 55 push rbp
0000f 57 push rdi
00010 48 81 ec 88 01
00 00 sub rsp, 392 ; 00000188H
00017 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
00010 48 81 ec 98 01
00 00 sub rsp, 408 ; 00000198H
00017 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
0001c 48 8b fc mov rdi, rsp
0001f b9 62 00 00 00 mov ecx, 98 ; 00000062H
0001f b9 66 00 00 00 mov ecx, 102 ; 00000066H
00024 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
00029 f3 ab rep stosd
0002b 48 8b 8c 24 a8
01 00 00 mov rcx, QWORD PTR [rsp+424]
0002b 48 8b 8c 24 b8
01 00 00 mov rcx, QWORD PTR [rsp+440]
00033 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
0003a 48 33 c5 xor rax, rbp
@ -1064,89 +1068,91 @@ $LN6:
00 00 mov QWORD PTR $T5[rbp], rax
00089 48 83 bd 38 01
00 00 00 cmp QWORD PTR $T5[rbp], 0
00091 74 24 je SHORT $LN3@JitEmitRip
00093 41 b9 0a 00 00
00091 74 2c je SHORT $LN3@JitEmitRip
00093 c7 44 24 20 00
00 00 00 mov DWORD PTR [rsp+32], 0
0009b 41 b9 0a 00 00
00 mov r9d, 10
00099 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
0009d ba 0c 00 00 00 mov edx, 12
000a2 48 8b 8d 38 01
000a1 4c 8d 45 08 lea r8, QWORD PTR RawData$[rbp]
000a5 ba 0c 00 00 00 mov edx, 12
000aa 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
000a9 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXK@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000ae 48 89 85 48 01
00 00 mov QWORD PTR tv78[rbp], rax
000b5 eb 0b jmp SHORT $LN4@JitEmitRip
000b1 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
000b6 48 89 85 48 01
00 00 mov QWORD PTR tv79[rbp], rax
000bd eb 0b jmp SHORT $LN4@JitEmitRip
$LN3@JitEmitRip:
000b7 48 c7 85 48 01
000bf 48 c7 85 48 01
00 00 00 00 00
00 mov QWORD PTR tv78[rbp], 0
00 mov QWORD PTR tv79[rbp], 0
$LN4@JitEmitRip:
000c2 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv78[rbp]
000c9 48 89 85 18 01
000ca 48 8b 85 48 01
00 00 mov rax, QWORD PTR tv79[rbp]
000d1 48 89 85 18 01
00 00 mov QWORD PTR $T4[rbp], rax
000d0 48 8b 85 18 01
000d8 48 8b 85 18 01
00 00 mov rax, QWORD PTR $T4[rbp]
000d7 48 89 45 38 mov QWORD PTR Link$[rbp], rax
000df 48 89 45 38 mov QWORD PTR Link$[rbp], rax
; 8 : *(PINT32)&Link->RawData[2] = RipDelta;
000db b8 01 00 00 00 mov eax, 1
000e0 48 6b c0 02 imul rax, rax, 2
000e4 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000e8 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000ec 8b 95 88 01 00
000e3 b8 01 00 00 00 mov eax, 1
000e8 48 6b c0 02 imul rax, rax, 2
000ec 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
000f0 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
000f4 8b 95 88 01 00
00 mov edx, DWORD PTR RipDelta$[rbp]
000f2 89 14 08 mov DWORD PTR [rax+rcx], edx
000fa 89 14 08 mov DWORD PTR [rax+rcx], edx
; 9 : *(PULONG)&Link->RawData[6] = Value;
000f5 b8 01 00 00 00 mov eax, 1
000fa 48 6b c0 06 imul rax, rax, 6
000fe 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00102 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
00106 8b 95 90 01 00
000fd b8 01 00 00 00 mov eax, 1
00102 48 6b c0 06 imul rax, rax, 6
00106 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0010a 48 8b 49 20 mov rcx, QWORD PTR [rcx+32]
0010e 8b 95 90 01 00
00 mov edx, DWORD PTR Value$[rbp]
0010c 89 14 08 mov DWORD PTR [rax+rcx], edx
00114 89 14 08 mov DWORD PTR [rax+rcx], edx
; 10 : XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
0010f 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
00113 48 83 c0 30 add rax, 48 ; 00000030H
00117 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0011b 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00117 48 8b 45 38 mov rax, QWORD PTR Link$[rbp]
0011b 48 83 c0 30 add rax, 48 ; 00000030H
0011f 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
00123 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
00127 48 8b c8 mov rcx, rax
0012a e8 00 00 00 00 call xed_decode
00123 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
00127 48 8b 4d 38 mov rcx, QWORD PTR Link$[rbp]
0012b 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
0012f 48 8b c8 mov rcx, rax
00132 e8 00 00 00 00 call xed_decode
; 11 : NcAppendToBlock(Block, Link);
0012f 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
00133 48 8b 8d 80 01
00137 48 8b 55 38 mov rdx, QWORD PTR Link$[rbp]
0013b 48 8b 8d 80 01
00 00 mov rcx, QWORD PTR Block$[rbp]
0013a e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
00142 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
; 12 : return TRUE;
0013f b8 01 00 00 00 mov eax, 1
00147 b8 01 00 00 00 mov eax, 1
; 13 : }
00144 8b f8 mov edi, eax
00146 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
0014a 48 8d 15 00 00
0014c 8b f8 mov edi, eax
0014e 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
00152 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z$rtcFrameData
00151 e8 00 00 00 00 call _RTC_CheckStackVars
00156 8b c7 mov eax, edi
00158 48 8b 8d 50 01
00159 e8 00 00 00 00 call _RTC_CheckStackVars
0015e 8b c7 mov eax, edi
00160 48 8b 8d 50 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
0015f 48 33 cd xor rcx, rbp
00162 e8 00 00 00 00 call __security_check_cookie
00167 48 8d a5 68 01
00167 48 33 cd xor rcx, rbp
0016a e8 00 00 00 00 call __security_check_cookie
0016f 48 8d a5 68 01
00 00 lea rsp, QWORD PTR [rbp+360]
0016e 5f pop rdi
0016f 5d pop rbp
00170 c3 ret 0
00176 5f pop rdi
00177 5d pop rbp
00178 c3 ret 0
?JitEmitRipRelativeXorD@@YAHPEAU_NATIVE_CODE_BLOCK@@HK@Z ENDP ; JitEmitRipRelativeXorD
_TEXT ENDS
; COMDAT text$x
@ -1155,7 +1161,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1166,7 +1172,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]
@ -1184,7 +1190,7 @@ RawData$ = 8
Link$ = 56
$T4 = 280
$T5 = 312
tv78 = 328
tv79 = 328
__$ArrayPad$ = 336
Block$ = 384
RipDelta$ = 392
@ -1195,7 +1201,7 @@ Value$ = 400
0000a 55 push rbp
0000b 57 push rdi
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
00019 48 8b 8d 38 01
00 00 mov rcx, QWORD PTR $T5[rbp]

36
CodeVirtualizer/x64/Debug/Virtualizer.cod
Unescape View File

@ -189,7 +189,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$?ViValidateNativeCodeBlock@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN7
DD imagerel $LN7+122
DD imagerel $LN7+142
DD imagerel $unwind$?ViValidateNativeCodeBlock@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z
pdata ENDS
; COMDAT rtc$TMZ
@ -434,7 +434,7 @@ $LN7:
00 00 lea rcx, OFFSET FLAT:__463C1148_Virtualizer@cpp
00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
; 9 : for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next)
; 9 : for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next)
00036 48 8b 85 00 01
00 00 mov rax, QWORD PTR Block$[rbp]
@ -447,39 +447,45 @@ $LN2@ViValidate:
0004d 48 89 45 08 mov QWORD PTR T$1[rbp], rax
$LN4@ViValidate:
00051 48 83 7d 08 00 cmp QWORD PTR T$1[rbp], 0
00056 74 13 je SHORT $LN3@ViValidate
00056 74 27 je SHORT $LN3@ViValidate
00058 48 8b 85 00 01
00 00 mov rax, QWORD PTR Block$[rbp]
0005f 48 8b 40 08 mov rax, QWORD PTR [rax+8]
00063 48 8b 00 mov rax, QWORD PTR [rax]
00066 48 39 45 08 cmp QWORD PTR T$1[rbp], rax
0006a 74 13 je SHORT $LN3@ViValidate
; 10 : {
; 11 : if (!ViCanHandleInst(T))
00058 48 8b 4d 08 mov rcx, QWORD PTR T$1[rbp]
0005c e8 00 00 00 00 call ?ViCanHandleInst@@YAHPEAU_NATIVE_CODE_LINK@@@Z ; ViCanHandleInst
00061 85 c0 test eax, eax
00063 75 04 jne SHORT $LN5@ViValidate
0006c 48 8b 4d 08 mov rcx, QWORD PTR T$1[rbp]
00070 e8 00 00 00 00 call ?ViCanHandleInst@@YAHPEAU_NATIVE_CODE_LINK@@@Z ; ViCanHandleInst
00075 85 c0 test eax, eax
00077 75 04 jne SHORT $LN5@ViValidate
; 12 : return FALSE;
00065 33 c0 xor eax, eax
00067 eb 07 jmp SHORT $LN1@ViValidate
00079 33 c0 xor eax, eax
0007b eb 07 jmp SHORT $LN1@ViValidate
$LN5@ViValidate:
; 13 : }
00069 eb db jmp SHORT $LN2@ViValidate
0007d eb c7 jmp SHORT $LN2@ViValidate
$LN3@ViValidate:
; 14 : return TRUE;
0006b b8 01 00 00 00 mov eax, 1
0007f b8 01 00 00 00 mov eax, 1
$LN1@ViValidate:
; 15 : }
00070 48 8d a5 e8 00
00084 48 8d a5 e8 00
00 00 lea rsp, QWORD PTR [rbp+232]
00077 5f pop rdi
00078 5d pop rbp
00079 c3 ret 0
0008b 5f pop rdi
0008c 5d pop rbp
0008d c3 ret 0
?ViValidateNativeCodeBlock@@YAHPEAU_NATIVE_CODE_BLOCK@@@Z ENDP ; ViValidateNativeCodeBlock
_TEXT ENDS
; Function compile flags: /Odtp /RTCsu /ZI

BIN
x64/Debug/CodeVirtualizer.ilk
View File

Binary file not shown.
Write Preview
Loading…
Cancel
Save