|
|
|
@ -607,7 +607,7 @@ pdata ENDS
|
|
|
|
|
; COMDAT pdata
|
|
|
|
|
pdata SEGMENT
|
|
|
|
|
$pdata$?ObfGenOpaqueBranch@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@0@Z DD imagerel $LN29
|
|
|
|
|
DD imagerel $LN29+1160
|
|
|
|
|
DD imagerel $LN29+1176
|
|
|
|
|
DD imagerel $unwind$?ObfGenOpaqueBranch@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@0@Z
|
|
|
|
|
pdata ENDS
|
|
|
|
|
; COMDAT pdata
|
|
|
|
@ -4232,7 +4232,7 @@ $T12 = 808
|
|
|
|
|
$T13 = 840
|
|
|
|
|
$T14 = 872
|
|
|
|
|
$T15 = 904
|
|
|
|
|
tv214 = 920
|
|
|
|
|
tv216 = 920
|
|
|
|
|
tv204 = 920
|
|
|
|
|
tv189 = 920
|
|
|
|
|
tv171 = 920
|
|
|
|
@ -4297,7 +4297,7 @@ $LN3@ObfGenOpaq:
|
|
|
|
|
; 91 : return NULL;
|
|
|
|
|
|
|
|
|
|
00086 33 c0 xor eax, eax
|
|
|
|
|
00088 e9 cc 03 00 00 jmp $LN1@ObfGenOpaq
|
|
|
|
|
00088 e9 dc 03 00 00 jmp $LN1@ObfGenOpaq
|
|
|
|
|
$LN2@ObfGenOpaq:
|
|
|
|
|
|
|
|
|
|
; 92 :
|
|
|
|
@ -4319,7 +4319,7 @@ $LN2@ObfGenOpaq:
|
|
|
|
|
; 96 : return NULL;
|
|
|
|
|
|
|
|
|
|
000ab 33 c0 xor eax, eax
|
|
|
|
|
000ad e9 a7 03 00 00 jmp $LN1@ObfGenOpaq
|
|
|
|
|
000ad e9 b7 03 00 00 jmp $LN1@ObfGenOpaq
|
|
|
|
|
$LN4@ObfGenOpaq:
|
|
|
|
|
|
|
|
|
|
; 97 : }
|
|
|
|
@ -4367,7 +4367,7 @@ $LN10@ObfGenOpaq:
|
|
|
|
|
; 103 : return NULL;
|
|
|
|
|
|
|
|
|
|
00113 33 c0 xor eax, eax
|
|
|
|
|
00115 e9 3f 03 00 00 jmp $LN1@ObfGenOpaq
|
|
|
|
|
00115 e9 4f 03 00 00 jmp $LN1@ObfGenOpaq
|
|
|
|
|
$LN5@ObfGenOpaq:
|
|
|
|
|
|
|
|
|
|
; 104 : }
|
|
|
|
@ -4486,7 +4486,7 @@ $LN14@ObfGenOpaq:
|
|
|
|
|
; 118 : return NULL;
|
|
|
|
|
|
|
|
|
|
00234 33 c0 xor eax, eax
|
|
|
|
|
00236 e9 1e 02 00 00 jmp $LN1@ObfGenOpaq
|
|
|
|
|
00236 e9 2e 02 00 00 jmp $LN1@ObfGenOpaq
|
|
|
|
|
$LN6@ObfGenOpaq:
|
|
|
|
|
|
|
|
|
|
; 119 : }
|
|
|
|
@ -4583,7 +4583,7 @@ $LN20@ObfGenOpaq:
|
|
|
|
|
; 128 : return NULL;
|
|
|
|
|
|
|
|
|
|
00320 33 c0 xor eax, eax
|
|
|
|
|
00322 e9 32 01 00 00 jmp $LN1@ObfGenOpaq
|
|
|
|
|
00322 e9 42 01 00 00 jmp $LN1@ObfGenOpaq
|
|
|
|
|
$LN7@ObfGenOpaq:
|
|
|
|
|
|
|
|
|
|
; 129 : }
|
|
|
|
@ -4674,50 +4674,57 @@ $LN24@ObfGenOpaq:
|
|
|
|
|
00412 48 8b 48 08 mov rcx, QWORD PTR [rax+8]
|
|
|
|
|
00416 e8 00 00 00 00 call ?NcInsertBlockAfter@@YAHPEAU_NATIVE_CODE_LINK@@PEAU_NATIVE_CODE_BLOCK@@H@Z ; NcInsertBlockAfter
|
|
|
|
|
|
|
|
|
|
; 138 :
|
|
|
|
|
; 139 : delete Taken;
|
|
|
|
|
; 138 : NotTaken->End = Taken->End;
|
|
|
|
|
|
|
|
|
|
0041b 48 8b 45 08 mov rax, QWORD PTR NotTaken$[rbp]
|
|
|
|
|
0041f 48 8b 4d 28 mov rcx, QWORD PTR Taken$[rbp]
|
|
|
|
|
00423 48 8b 49 08 mov rcx, QWORD PTR [rcx+8]
|
|
|
|
|
00427 48 89 48 08 mov QWORD PTR [rax+8], rcx
|
|
|
|
|
|
|
|
|
|
0041b 48 8b 45 28 mov rax, QWORD PTR Taken$[rbp]
|
|
|
|
|
0041f 48 89 85 88 03
|
|
|
|
|
; 139 :
|
|
|
|
|
; 140 : delete Taken;
|
|
|
|
|
|
|
|
|
|
0042b 48 8b 45 28 mov rax, QWORD PTR Taken$[rbp]
|
|
|
|
|
0042f 48 89 85 88 03
|
|
|
|
|
00 00 mov QWORD PTR $T15[rbp], rax
|
|
|
|
|
00426 48 83 bd 88 03
|
|
|
|
|
00436 48 83 bd 88 03
|
|
|
|
|
00 00 00 cmp QWORD PTR $T15[rbp], 0
|
|
|
|
|
0042e 74 1a je SHORT $LN25@ObfGenOpaq
|
|
|
|
|
00430 ba 01 00 00 00 mov edx, 1
|
|
|
|
|
00435 48 8b 8d 88 03
|
|
|
|
|
0043e 74 1a je SHORT $LN25@ObfGenOpaq
|
|
|
|
|
00440 ba 01 00 00 00 mov edx, 1
|
|
|
|
|
00445 48 8b 8d 88 03
|
|
|
|
|
00 00 mov rcx, QWORD PTR $T15[rbp]
|
|
|
|
|
0043c e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z
|
|
|
|
|
00441 48 89 85 98 03
|
|
|
|
|
00 00 mov QWORD PTR tv214[rbp], rax
|
|
|
|
|
00448 eb 0b jmp SHORT $LN26@ObfGenOpaq
|
|
|
|
|
0044c e8 00 00 00 00 call ??_G_NATIVE_CODE_BLOCK@@QEAAPEAXI@Z
|
|
|
|
|
00451 48 89 85 98 03
|
|
|
|
|
00 00 mov QWORD PTR tv216[rbp], rax
|
|
|
|
|
00458 eb 0b jmp SHORT $LN26@ObfGenOpaq
|
|
|
|
|
$LN25@ObfGenOpaq:
|
|
|
|
|
0044a 48 c7 85 98 03
|
|
|
|
|
0045a 48 c7 85 98 03
|
|
|
|
|
00 00 00 00 00
|
|
|
|
|
00 mov QWORD PTR tv214[rbp], 0
|
|
|
|
|
00 mov QWORD PTR tv216[rbp], 0
|
|
|
|
|
$LN26@ObfGenOpaq:
|
|
|
|
|
|
|
|
|
|
; 140 : return NotTaken;
|
|
|
|
|
; 141 : return NotTaken;
|
|
|
|
|
|
|
|
|
|
00455 48 8b 45 08 mov rax, QWORD PTR NotTaken$[rbp]
|
|
|
|
|
00465 48 8b 45 08 mov rax, QWORD PTR NotTaken$[rbp]
|
|
|
|
|
$LN1@ObfGenOpaq:
|
|
|
|
|
|
|
|
|
|
; 141 : }
|
|
|
|
|
; 142 : }
|
|
|
|
|
|
|
|
|
|
00459 48 8b f8 mov rdi, rax
|
|
|
|
|
0045c 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
|
|
|
|
|
00460 48 8d 15 00 00
|
|
|
|
|
00469 48 8b f8 mov rdi, rax
|
|
|
|
|
0046c 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
|
|
|
|
|
00470 48 8d 15 00 00
|
|
|
|
|
00 00 lea rdx, OFFSET FLAT:?ObfGenOpaqueBranch@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@0@Z$rtcFrameData
|
|
|
|
|
00467 e8 00 00 00 00 call _RTC_CheckStackVars
|
|
|
|
|
0046c 48 8b c7 mov rax, rdi
|
|
|
|
|
0046f 48 8b 8d a0 03
|
|
|
|
|
00477 e8 00 00 00 00 call _RTC_CheckStackVars
|
|
|
|
|
0047c 48 8b c7 mov rax, rdi
|
|
|
|
|
0047f 48 8b 8d a0 03
|
|
|
|
|
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
|
|
|
|
|
00476 48 33 cd xor rcx, rbp
|
|
|
|
|
00479 e8 00 00 00 00 call __security_check_cookie
|
|
|
|
|
0047e 48 8d a5 b8 03
|
|
|
|
|
00486 48 33 cd xor rcx, rbp
|
|
|
|
|
00489 e8 00 00 00 00 call __security_check_cookie
|
|
|
|
|
0048e 48 8d a5 b8 03
|
|
|
|
|
00 00 lea rsp, QWORD PTR [rbp+952]
|
|
|
|
|
00485 5f pop rdi
|
|
|
|
|
00486 5d pop rbp
|
|
|
|
|
00487 c3 ret 0
|
|
|
|
|
00495 5f pop rdi
|
|
|
|
|
00496 5d pop rbp
|
|
|
|
|
00497 c3 ret 0
|
|
|
|
|
?ObfGenOpaqueBranch@@YAPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@0@Z ENDP ; ObfGenOpaqueBranch
|
|
|
|
|
_TEXT ENDS
|
|
|
|
|
; COMDAT text$x
|
|
|
|
@ -4739,7 +4746,7 @@ $T12 = 808
|
|
|
|
|
$T13 = 840
|
|
|
|
|
$T14 = 872
|
|
|
|
|
$T15 = 904
|
|
|
|
|
tv214 = 920
|
|
|
|
|
tv216 = 920
|
|
|
|
|
tv204 = 920
|
|
|
|
|
tv189 = 920
|
|
|
|
|
tv171 = 920
|
|
|
|
@ -4789,7 +4796,7 @@ $T12 = 808
|
|
|
|
|
$T13 = 840
|
|
|
|
|
$T14 = 872
|
|
|
|
|
$T15 = 904
|
|
|
|
|
tv214 = 920
|
|
|
|
|
tv216 = 920
|
|
|
|
|
tv204 = 920
|
|
|
|
|
tv189 = 920
|
|
|
|
|
tv171 = 920
|
|
|
|
@ -4840,7 +4847,7 @@ $T12 = 808
|
|
|
|
|
$T13 = 840
|
|
|
|
|
$T14 = 872
|
|
|
|
|
$T15 = 904
|
|
|
|
|
tv214 = 920
|
|
|
|
|
tv216 = 920
|
|
|
|
|
tv204 = 920
|
|
|
|
|
tv189 = 920
|
|
|
|
|
tv171 = 920
|
|
|
|
@ -4891,7 +4898,7 @@ $T12 = 808
|
|
|
|
|
$T13 = 840
|
|
|
|
|
$T14 = 872
|
|
|
|
|
$T15 = 904
|
|
|
|
|
tv214 = 920
|
|
|
|
|
tv216 = 920
|
|
|
|
|
tv204 = 920
|
|
|
|
|
tv189 = 920
|
|
|
|
|
tv171 = 920
|
|
|
|
|