You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3622 lines
111 KiB
3622 lines
111 KiB
; Listing generated by Microsoft (R) Optimizing Compiler Version 19.27.29111.0
|
|
|
|
include listing.inc
|
|
|
|
INCLUDELIB MSVCRTD
|
|
INCLUDELIB OLDNAMES
|
|
|
|
msvcjmc SEGMENT
|
|
__B2D2BA86_ctype@h DB 01H
|
|
__79C7FC57_basetsd@h DB 01H
|
|
__1FEB9909_corecrt_memcpy_s@h DB 01H
|
|
__A751F051_corecrt_memory@h DB 01H
|
|
__9200769A_corecrt_wstring@h DB 01H
|
|
__32E5F013_string@h DB 01H
|
|
__D545DD43_guiddef@h DB 01H
|
|
__D5DDFBF3_winnt@h DB 01H
|
|
__439612F0_processthreadsapi@h DB 01H
|
|
__5733279A_memoryapi@h DB 01H
|
|
__D4435474_winerror@h DB 01H
|
|
__B3ED30D4_winbase@h DB 01H
|
|
__DB057BA3_winuser@h DB 01H
|
|
__A7113148_winioctl@h DB 01H
|
|
__B49664B7_stdlib@h DB 01H
|
|
__EC5BC72C_propidl@h DB 01H
|
|
__6DA674A0_oleauto@h DB 01H
|
|
__A118E6DC_stralign@h DB 01H
|
|
__8906660C_vcruntime_new@h DB 01H
|
|
__A2143F22_corecrt_stdio_config@h DB 01H
|
|
__829E1958_corecrt_wstdio@h DB 01H
|
|
__6DFAE8B8_stdio@h DB 01H
|
|
__C6E16F6F_corecrt_wconio@h DB 01H
|
|
__6D390390_corecrt_wio@h DB 01H
|
|
__1157D6BA_corecrt_wtime@h DB 01H
|
|
__1DC1E279_stat@h DB 01H
|
|
__93DC0B45_wchar@h DB 01H
|
|
__5DDA4519_cstddef DB 01H
|
|
__741AE07E_corecrt_math@h DB 01H
|
|
__F8119FB4_cstdlib DB 01H
|
|
__F2870A2C_limits DB 01H
|
|
__85A9AA98_type_traits DB 01H
|
|
__20BB4341_malloc@h DB 01H
|
|
__E75714E4_vcruntime_exception@h DB 01H
|
|
__E4152856_exception DB 01H
|
|
__4324C6B3_xutility DB 01H
|
|
__A58979FC_xmemory DB 01H
|
|
__AC6CB2D0_tuple DB 01H
|
|
__E0552A5D_xpolymorphic_allocator@h DB 01H
|
|
__D15AFF60_xstring DB 01H
|
|
__3AFA803E_string DB 01H
|
|
__0A4FAB91_cmath DB 01H
|
|
__6D5B120B_stdexcept DB 01H
|
|
__160863A3_xcall_once@h DB 01H
|
|
__99B256EE_atomic DB 01H
|
|
__A9557183_system_error DB 01H
|
|
__FB364CBD_vcruntime_typeinfo@h DB 01H
|
|
__33FB35AA_typeinfo DB 01H
|
|
__4E2906A2_memory DB 01H
|
|
__626C51AD_xfacet DB 01H
|
|
__2C72D662_xlocinfo DB 01H
|
|
__0E648B51_xlocale DB 01H
|
|
__1597A171_xiosbase DB 01H
|
|
__90E3ED46_xlocnum DB 01H
|
|
__165C22CB_ios DB 01H
|
|
__BB81F87E_xlocmon DB 01H
|
|
__A0B61CF9_time@h DB 01H
|
|
__886F7F70_xloctime DB 01H
|
|
__296E625F_xed-util@h DB 01H
|
|
__642E1CAE_xed-iform-map@h DB 01H
|
|
__5ABB6AAF_xed-inst@h DB 01H
|
|
__24115468_xed-flags@h DB 01H
|
|
__818AA54B_xed-operand-accessors@h DB 01H
|
|
__A4754044_xed-state@h DB 01H
|
|
__73AE08D0_xed-encode@h DB 01H
|
|
__CDA14B9B_xed-encoder-hl@h DB 01H
|
|
__5981B539_xed-decoded-inst-api@h DB 01H
|
|
__BCD1AF07_OpaqueBranching@cpp DB 01H
|
|
__7EA464AF_istream DB 01H
|
|
__1D745195_ostream DB 01H
|
|
__6FFBAAB7_streambuf DB 01H
|
|
__528871F3_iterator DB 01H
|
|
__3E6EDFAA_iosfwd DB 01H
|
|
__CF1C1A3F_utility DB 01H
|
|
__38038D2D_xstddef DB 01H
|
|
__EE19A480_xatomic@h DB 01H
|
|
msvcjmc ENDS
|
|
PUBLIC ?__empty_global_delete@@YAXPEAX@Z ; __empty_global_delete
|
|
PUBLIC ?__empty_global_delete@@YAXPEAX_K@Z ; __empty_global_delete
|
|
PUBLIC ?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z ; __empty_global_delete
|
|
PUBLIC ?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z ; __empty_global_delete
|
|
PUBLIC wmemcpy
|
|
PUBLIC ??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z ; std::_Maklocstr<wchar_t>
|
|
PUBLIC ?_Maklocwcs@std@@YAPEA_WPEB_W@Z ; std::_Maklocwcs
|
|
PUBLIC ??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z ; std::_Maklocstr<char>
|
|
PUBLIC ??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z ; std::time_get<char,std::istreambuf_iterator<char,std::char_traits<char> > >::_Getvals<wchar_t>
|
|
PUBLIC ??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z ; std::time_get<wchar_t,std::istreambuf_iterator<wchar_t,std::char_traits<wchar_t> > >::_Getvals<wchar_t>
|
|
PUBLIC ??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z ; _NATIVE_CODE_LINK::`scalar deleting destructor'
|
|
PUBLIC ?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ ; ObfGetRandomJccClass
|
|
PUBLIC ?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z ; ObfGenRandomJcc
|
|
PUBLIC ?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z ; ObfGenJmpToLabel
|
|
PUBLIC ?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z ; ObfCreateOpaqueBranches
|
|
PUBLIC ?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z ; ObfCombineOpaqueBranches
|
|
PUBLIC ?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfInsertOpaqueBranchBlock
|
|
PUBLIC __JustMyCode_Default
|
|
PUBLIC ??_C@_0GI@DEICPIDJ@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string'
|
|
PUBLIC ?__LINE__Var@?0??_Maklocwcs@std@@YAPEA_WPEB_W@Z@4JA ; `std::_Maklocwcs'::`1'::__LINE__Var
|
|
PUBLIC ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string'
|
|
PUBLIC ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ ; `string'
|
|
PUBLIC ??_C@_1BK@MHIKGOKE@?$AA?3?$AAA?$AAM?$AA?3?$AAa?$AAm?$AA?3?$AAP?$AAM?$AA?3?$AAp?$AAm@ ; `string'
|
|
EXTRN ??2@YAPEAX_K@Z:PROC ; operator new
|
|
EXTRN ??3@YAXPEAX_K@Z:PROC ; operator delete
|
|
EXTRN memcpy:PROC
|
|
EXTRN __imp_wcslen:PROC
|
|
EXTRN strlen:PROC
|
|
EXTRN __imp_rand:PROC
|
|
EXTRN __imp__calloc_dbg:PROC
|
|
EXTRN ?_Xbad_alloc@std@@YAXXZ:PROC ; std::_Xbad_alloc
|
|
EXTRN _Mbrtowc:PROC
|
|
EXTRN __imp_?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ:PROC
|
|
EXTRN __imp_?_Getdays@_Locinfo@std@@QEBAPEBDXZ:PROC
|
|
EXTRN __imp_?_Getmonths@_Locinfo@std@@QEBAPEBDXZ:PROC
|
|
EXTRN __imp_?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ:PROC
|
|
EXTRN __imp_?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ:PROC
|
|
EXTRN xed_decode:PROC
|
|
EXTRN xed_encoder_request_zero_set_mode:PROC
|
|
EXTRN xed_encode:PROC
|
|
EXTRN xed_convert_to_encoder_request:PROC
|
|
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
|
|
EXTRN ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z:PROC ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
|
|
EXTRN ??1_NATIVE_CODE_LINK@@QEAA@XZ:PROC ; _NATIVE_CODE_LINK::~_NATIVE_CODE_LINK
|
|
EXTRN ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z:PROC ; NcAppendToBlock
|
|
EXTRN ?NcPrependToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z:PROC ; NcPrependToBlock
|
|
EXTRN ?NcInsertBlockAfter@@YAHPEAU_NATIVE_CODE_LINK@@PEAU_NATIVE_CODE_BLOCK@@H@Z:PROC ; NcInsertBlockAfter
|
|
EXTRN ?NcDeepCopyPartialBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; NcDeepCopyPartialBlock
|
|
EXTRN _RTC_CheckStackVars:PROC
|
|
EXTRN _RTC_InitBase:PROC
|
|
EXTRN _RTC_Shutdown:PROC
|
|
EXTRN __CheckForDebuggerJustMyCode:PROC
|
|
EXTRN __CxxFrameHandler4:PROC
|
|
EXTRN __GSHandlerCheck:PROC
|
|
EXTRN __GSHandlerCheck_EH4:PROC
|
|
EXTRN __security_check_cookie:PROC
|
|
EXTRN __ImageBase:BYTE
|
|
EXTRN __security_cookie:QWORD
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?__empty_global_delete@@YAXPEAX@Z DD imagerel $LN3
|
|
DD imagerel $LN3+65
|
|
DD imagerel $unwind$?__empty_global_delete@@YAXPEAX@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?__empty_global_delete@@YAXPEAX_K@Z DD imagerel $LN3
|
|
DD imagerel $LN3+70
|
|
DD imagerel $unwind$?__empty_global_delete@@YAXPEAX_K@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z DD imagerel $LN3
|
|
DD imagerel $LN3+70
|
|
DD imagerel $unwind$?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z DD imagerel $LN3
|
|
DD imagerel $LN3+75
|
|
DD imagerel $unwind$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$wmemcpy DD imagerel $LN3
|
|
DD imagerel $LN3+106
|
|
DD imagerel $unwind$wmemcpy
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z DD imagerel $LN12
|
|
DD imagerel $LN12+584
|
|
DD imagerel $unwind$??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?_Maklocwcs@std@@YAPEA_WPEB_W@Z DD imagerel $LN4
|
|
DD imagerel $LN4+165
|
|
DD imagerel $unwind$?_Maklocwcs@std@@YAPEA_WPEB_W@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z DD imagerel $LN7
|
|
DD imagerel $LN7+223
|
|
DD imagerel $unwind$??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z DD imagerel $LN5
|
|
DD imagerel $LN5+379
|
|
DD imagerel $unwind$??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z DD imagerel $LN5
|
|
DD imagerel $LN5+379
|
|
DD imagerel $unwind$??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$xed_relbr DD imagerel xed_relbr
|
|
DD imagerel xed_relbr+182
|
|
DD imagerel $unwind$xed_relbr
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$xed_inst1 DD imagerel xed_inst1
|
|
DD imagerel xed_inst1+207
|
|
DD imagerel $unwind$xed_inst1
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z DD imagerel $LN4
|
|
DD imagerel $LN4+105
|
|
DD imagerel $unwind$??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ DD imagerel $LN21
|
|
DD imagerel $LN21+284
|
|
DD imagerel $unwind$?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z DD imagerel $LN11
|
|
DD imagerel $LN11+615
|
|
DD imagerel $unwind$?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?dtor$0@?0??ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA DD imagerel ?dtor$0@?0??ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA
|
|
DD imagerel ?dtor$0@?0??ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA+44
|
|
DD imagerel $unwind$?dtor$0@?0??ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z DD imagerel $LN11
|
|
DD imagerel $LN11+589
|
|
DD imagerel $unwind$?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?dtor$0@?0??ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA DD imagerel ?dtor$0@?0??ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA
|
|
DD imagerel ?dtor$0@?0??ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA+44
|
|
DD imagerel $unwind$?dtor$0@?0??ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z DD imagerel $LN5
|
|
DD imagerel $LN5+167
|
|
DD imagerel $unwind$?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z DD imagerel $LN13
|
|
DD imagerel $LN13+500
|
|
DD imagerel $unwind$?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?dtor$0@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA DD imagerel ?dtor$0@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA
|
|
DD imagerel ?dtor$0@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA+44
|
|
DD imagerel $unwind$?dtor$0@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?dtor$1@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA DD imagerel ?dtor$1@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA
|
|
DD imagerel ?dtor$1@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA+44
|
|
DD imagerel $unwind$?dtor$1@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA
|
|
pdata ENDS
|
|
; COMDAT pdata
|
|
pdata SEGMENT
|
|
$pdata$?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z DD imagerel $LN15
|
|
DD imagerel $LN15+497
|
|
DD imagerel $unwind$?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z
|
|
pdata ENDS
|
|
; COMDAT rtc$TMZ
|
|
rtc$TMZ SEGMENT
|
|
_RTC_Shutdown.rtc$TMZ DQ FLAT:_RTC_Shutdown
|
|
rtc$TMZ ENDS
|
|
; COMDAT rtc$IMZ
|
|
rtc$IMZ SEGMENT
|
|
_RTC_InitBase.rtc$IMZ DQ FLAT:_RTC_InitBase
|
|
rtc$IMZ ENDS
|
|
; COMDAT ??_C@_1BK@MHIKGOKE@?$AA?3?$AAA?$AAM?$AA?3?$AAa?$AAm?$AA?3?$AAP?$AAM?$AA?3?$AAp?$AAm@
|
|
CONST SEGMENT
|
|
??_C@_1BK@MHIKGOKE@?$AA?3?$AAA?$AAM?$AA?3?$AAa?$AAm?$AA?3?$AAP?$AAM?$AA?3?$AAp?$AAm@ DB ':'
|
|
DB 00H, 'A', 00H, 'M', 00H, ':', 00H, 'a', 00H, 'm', 00H, ':', 00H
|
|
DB 'P', 00H, 'M', 00H, ':', 00H, 'p', 00H, 'm', 00H, 00H, 00H ; `string'
|
|
CONST ENDS
|
|
; COMDAT ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@
|
|
CONST SEGMENT
|
|
??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ DB ':AM:am:PM:pm', 00H ; `string'
|
|
CONST ENDS
|
|
; COMDAT ??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@
|
|
CONST SEGMENT
|
|
??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ DB 'C:\Pro'
|
|
DB 'gram Files (x86)\Microsoft Visual Studio\2019\Community\VC\To'
|
|
DB 'ols\MSVC\14.27.29110\include\xlocnum', 00H ; `string'
|
|
CONST ENDS
|
|
; COMDAT ?__LINE__Var@?0??_Maklocwcs@std@@YAPEA_WPEB_W@Z@4JA
|
|
_DATA SEGMENT
|
|
?__LINE__Var@?0??_Maklocwcs@std@@YAPEA_WPEB_W@Z@4JA DD 05aH ; `std::_Maklocwcs'::`1'::__LINE__Var
|
|
_DATA ENDS
|
|
; COMDAT ??_C@_0GI@DEICPIDJ@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@
|
|
CONST SEGMENT
|
|
??_C@_0GI@DEICPIDJ@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ DB 'C:\Pro'
|
|
DB 'gram Files (x86)\Microsoft Visual Studio\2019\Community\VC\To'
|
|
DB 'ols\MSVC\14.27.29110\include\xlocale', 00H ; `string'
|
|
CONST ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z DD 025053401H
|
|
DD 0118231dH
|
|
DD 070110031H
|
|
DD 05010H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?dtor$1@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA DD 031001H
|
|
DD 0700c4210H
|
|
DD 0500bH
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?dtor$0@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA DD 031001H
|
|
DD 0700c4210H
|
|
DD 0500bH
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$ip2state$?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z DB 0aH
|
|
DB 00H
|
|
DB 00H
|
|
DB 0d1H, 03H
|
|
DB 02H
|
|
DB 08aH
|
|
DB 00H
|
|
DB 'H'
|
|
DB 04H
|
|
DB 08aH
|
|
DB 00H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$stateUnwindMap$?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z DB 04H
|
|
DB 0eH
|
|
DD imagerel ?dtor$0@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA
|
|
DB 036H
|
|
DD imagerel ?dtor$1@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$cppxdata$?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z DB 028H
|
|
DD imagerel $stateUnwindMap$?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z
|
|
DD imagerel $ip2state$?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z DD 025053911H
|
|
DD 011d2322H
|
|
DD 070160039H
|
|
DD 05015H
|
|
DD imagerel __CxxFrameHandler4
|
|
DD imagerel $cppxdata$?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z DD 025053901H
|
|
DD 011d2322H
|
|
DD 07016001fH
|
|
DD 05015H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?dtor$0@?0??ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA DD 031001H
|
|
DD 0700c4210H
|
|
DD 0500bH
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$ip2state$?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z DB 06H
|
|
DB 00H
|
|
DB 00H
|
|
DB 0a5H, 04H
|
|
DB 02H
|
|
DB 0a6H
|
|
DB 00H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$stateUnwindMap$?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z DB 02H
|
|
DB 0eH
|
|
DD imagerel ?dtor$0@?0??ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$cppxdata$?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z DB 028H
|
|
DD imagerel $stateUnwindMap$?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z
|
|
DD imagerel $ip2state$?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z DD 035063e19H
|
|
DD 01123317H
|
|
DD 0700b00e0H
|
|
DD 05009600aH
|
|
DD imagerel __GSHandlerCheck_EH4
|
|
DD imagerel $cppxdata$?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z
|
|
DD 06f2H
|
|
xdata ENDS
|
|
; COMDAT CONST
|
|
CONST SEGMENT
|
|
?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$0 DB 04dH ; ObfGenJmpToLabel
|
|
DB 061H
|
|
DB 063H
|
|
DB 068H
|
|
DB 069H
|
|
DB 06eH
|
|
DB 065H
|
|
DB 053H
|
|
DB 074H
|
|
DB 061H
|
|
DB 074H
|
|
DB 065H
|
|
DB 00H
|
|
ORG $+3
|
|
?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$1 DB 045H ; ObfGenJmpToLabel
|
|
DB 06eH
|
|
DB 063H
|
|
DB 06fH
|
|
DB 064H
|
|
DB 065H
|
|
DB 072H
|
|
DB 049H
|
|
DB 06eH
|
|
DB 073H
|
|
DB 074H
|
|
DB 072H
|
|
DB 075H
|
|
DB 063H
|
|
DB 074H
|
|
DB 069H
|
|
DB 06fH
|
|
DB 06eH
|
|
DB 00H
|
|
ORG $+5
|
|
?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$2 DB 045H ; ObfGenJmpToLabel
|
|
DB 06eH
|
|
DB 063H
|
|
DB 06fH
|
|
DB 064H
|
|
DB 065H
|
|
DB 072H
|
|
DB 052H
|
|
DB 065H
|
|
DB 071H
|
|
DB 075H
|
|
DB 065H
|
|
DB 073H
|
|
DB 074H
|
|
DB 00H
|
|
ORG $+1
|
|
?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$3 DB 045H ; ObfGenJmpToLabel
|
|
DB 06eH
|
|
DB 063H
|
|
DB 06fH
|
|
DB 064H
|
|
DB 065H
|
|
DB 042H
|
|
DB 075H
|
|
DB 066H
|
|
DB 066H
|
|
DB 065H
|
|
DB 072H
|
|
DB 00H
|
|
ORG $+3
|
|
?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$4 DB 052H ; ObfGenJmpToLabel
|
|
DB 065H
|
|
DB 074H
|
|
DB 075H
|
|
DB 072H
|
|
DB 06eH
|
|
DB 065H
|
|
DB 064H
|
|
DB 053H
|
|
DB 069H
|
|
DB 07aH
|
|
DB 065H
|
|
DB 00H
|
|
ORG $+11
|
|
?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcVarDesc DD 0324H ; ObfGenJmpToLabel
|
|
DD 04H
|
|
DQ FLAT:?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$4
|
|
DD 02f8H
|
|
DD 0fH
|
|
DQ FLAT:?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$3
|
|
DD 0220H
|
|
DD 0c0H
|
|
DQ FLAT:?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$2
|
|
DD 060H
|
|
DD 01a0H
|
|
DQ FLAT:?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$1
|
|
DD 038H
|
|
DD 08H
|
|
DQ FLAT:?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$0
|
|
ORG $+240
|
|
?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcFrameData DD 05H ; ObfGenJmpToLabel
|
|
DD 00H
|
|
DQ FLAT:?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcVarDesc
|
|
CONST ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?dtor$0@?0??ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA DD 031001H
|
|
DD 0700c4210H
|
|
DD 0500bH
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$ip2state$?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z DB 06H
|
|
DB 00H
|
|
DB 00H
|
|
DB 0dH, 05H
|
|
DB 02H
|
|
DB 0a6H
|
|
DB 00H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$stateUnwindMap$?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z DB 02H
|
|
DB 0eH
|
|
DD imagerel ?dtor$0@?0??ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$cppxdata$?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z DB 028H
|
|
DD imagerel $stateUnwindMap$?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z
|
|
DD imagerel $ip2state$?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z DD 035063e19H
|
|
DD 01123317H
|
|
DD 0700b00e4H
|
|
DD 05009600aH
|
|
DD imagerel __GSHandlerCheck_EH4
|
|
DD imagerel $cppxdata$?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z
|
|
DD 0712H
|
|
xdata ENDS
|
|
; COMDAT CONST
|
|
CONST SEGMENT
|
|
?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$0 DB 04dH ; ObfGenRandomJcc
|
|
DB 061H
|
|
DB 063H
|
|
DB 068H
|
|
DB 069H
|
|
DB 06eH
|
|
DB 065H
|
|
DB 053H
|
|
DB 074H
|
|
DB 061H
|
|
DB 074H
|
|
DB 065H
|
|
DB 00H
|
|
ORG $+3
|
|
?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$1 DB 045H ; ObfGenRandomJcc
|
|
DB 06eH
|
|
DB 063H
|
|
DB 06fH
|
|
DB 064H
|
|
DB 065H
|
|
DB 072H
|
|
DB 049H
|
|
DB 06eH
|
|
DB 073H
|
|
DB 074H
|
|
DB 072H
|
|
DB 075H
|
|
DB 063H
|
|
DB 074H
|
|
DB 069H
|
|
DB 06fH
|
|
DB 06eH
|
|
DB 00H
|
|
ORG $+5
|
|
?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$2 DB 045H ; ObfGenRandomJcc
|
|
DB 06eH
|
|
DB 063H
|
|
DB 06fH
|
|
DB 064H
|
|
DB 065H
|
|
DB 072H
|
|
DB 052H
|
|
DB 065H
|
|
DB 071H
|
|
DB 075H
|
|
DB 065H
|
|
DB 073H
|
|
DB 074H
|
|
DB 00H
|
|
ORG $+1
|
|
?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$3 DB 045H ; ObfGenRandomJcc
|
|
DB 06eH
|
|
DB 063H
|
|
DB 06fH
|
|
DB 064H
|
|
DB 065H
|
|
DB 042H
|
|
DB 075H
|
|
DB 066H
|
|
DB 066H
|
|
DB 065H
|
|
DB 072H
|
|
DB 00H
|
|
ORG $+3
|
|
?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$4 DB 052H ; ObfGenRandomJcc
|
|
DB 065H
|
|
DB 074H
|
|
DB 075H
|
|
DB 072H
|
|
DB 06eH
|
|
DB 065H
|
|
DB 064H
|
|
DB 053H
|
|
DB 069H
|
|
DB 07aH
|
|
DB 065H
|
|
DB 00H
|
|
ORG $+11
|
|
?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcVarDesc DD 0324H ; ObfGenRandomJcc
|
|
DD 04H
|
|
DQ FLAT:?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$4
|
|
DD 02f8H
|
|
DD 0fH
|
|
DQ FLAT:?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$3
|
|
DD 0220H
|
|
DD 0c0H
|
|
DQ FLAT:?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$2
|
|
DD 060H
|
|
DD 01a0H
|
|
DQ FLAT:?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$1
|
|
DD 038H
|
|
DD 08H
|
|
DQ FLAT:?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcName$0
|
|
ORG $+240
|
|
?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcFrameData DD 05H ; ObfGenRandomJcc
|
|
DD 00H
|
|
DQ FLAT:?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcVarDesc
|
|
CONST ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ DD 025051e01H
|
|
DD 010a230fH
|
|
DD 07003001fH
|
|
DD 05002H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z DD 025052e01H
|
|
DD 01122317H
|
|
DD 0700b001dH
|
|
DD 0500aH
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$xed_inst1 DD 025063a01H
|
|
DD 011e2323H
|
|
DD 07017001cH
|
|
DD 050156016H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$xed_relbr DD 025064519H
|
|
DD 0118231dH
|
|
DD 070110026H
|
|
DD 0500f6010H
|
|
DD imagerel __GSHandlerCheck
|
|
DD 0128H
|
|
xdata ENDS
|
|
; COMDAT CONST
|
|
CONST SEGMENT
|
|
xed_relbr$rtcName$0 DB 06fH
|
|
DB 00H
|
|
ORG $+14
|
|
xed_relbr$rtcVarDesc DD 028H
|
|
DD 030H
|
|
DQ FLAT:xed_relbr$rtcName$0
|
|
ORG $+48
|
|
xed_relbr$rtcFrameData DD 01H
|
|
DD 00H
|
|
DQ FLAT:xed_relbr$rtcVarDesc
|
|
CONST ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z DD 025063501H
|
|
DD 0119231eH
|
|
DD 070120026H
|
|
DD 050106011H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z DD 025063501H
|
|
DD 0119231eH
|
|
DD 070120026H
|
|
DD 050106011H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z DD 035053401H
|
|
DD 0118331dH
|
|
DD 07011002bH
|
|
DD 05010H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?_Maklocwcs@std@@YAPEA_WPEB_W@Z DD 035052a01H
|
|
DD 010e3313H
|
|
DD 070070027H
|
|
DD 05006H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z DD 035054519H
|
|
DD 0118331dH
|
|
DD 070110047H
|
|
DD 05010H
|
|
DD imagerel __GSHandlerCheck
|
|
DD 0228H
|
|
xdata ENDS
|
|
; COMDAT CONST
|
|
CONST SEGMENT
|
|
??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z$rtcName$0 DB 05fH ; std::_Maklocstr<wchar_t>
|
|
DB 057H
|
|
DB 063H
|
|
DB 00H
|
|
??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z$rtcName$1 DB 05fH ; std::_Maklocstr<wchar_t>
|
|
DB 04dH
|
|
DB 062H
|
|
DB 073H
|
|
DB 074H
|
|
DB 031H
|
|
DB 00H
|
|
ORG $+1
|
|
??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z$rtcName$2 DB 05fH ; std::_Maklocstr<wchar_t>
|
|
DB 04dH
|
|
DB 062H
|
|
DB 073H
|
|
DB 074H
|
|
DB 032H
|
|
DB 00H
|
|
ORG $+13
|
|
??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z$rtcVarDesc DD 0158H ; std::_Maklocstr<wchar_t>
|
|
DD 08H
|
|
DQ FLAT:??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z$rtcName$2
|
|
DD 0f8H
|
|
DD 08H
|
|
DQ FLAT:??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z$rtcName$1
|
|
DD 0d4H
|
|
DD 02H
|
|
DQ FLAT:??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z$rtcName$0
|
|
ORG $+144
|
|
??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z$rtcFrameData DD 03H ; std::_Maklocstr<wchar_t>
|
|
DD 00H
|
|
DQ FLAT:??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z$rtcVarDesc
|
|
CONST ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$wmemcpy DD 025053401H
|
|
DD 0118231dH
|
|
DD 07011001dH
|
|
DD 05010H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$ip2state$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z DB 02H
|
|
DB 00H
|
|
DB 00H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$cppxdata$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z DB 060H
|
|
DD imagerel $ip2state$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z DD 025053419H
|
|
DD 0118231dH
|
|
DD 07011001dH
|
|
DD 05010H
|
|
DD imagerel __CxxFrameHandler4
|
|
DD imagerel $cppxdata$?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$ip2state$?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z DB 02H
|
|
DB 00H
|
|
DB 00H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$cppxdata$?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z DB 060H
|
|
DD imagerel $ip2state$?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z DD 025052f19H
|
|
DD 01132318H
|
|
DD 0700c001dH
|
|
DD 0500bH
|
|
DD imagerel __CxxFrameHandler4
|
|
DD imagerel $cppxdata$?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$ip2state$?__empty_global_delete@@YAXPEAX_K@Z DB 02H
|
|
DB 00H
|
|
DB 00H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$cppxdata$?__empty_global_delete@@YAXPEAX_K@Z DB 060H
|
|
DD imagerel $ip2state$?__empty_global_delete@@YAXPEAX_K@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?__empty_global_delete@@YAXPEAX_K@Z DD 025052f19H
|
|
DD 01132318H
|
|
DD 0700c001dH
|
|
DD 0500bH
|
|
DD imagerel __CxxFrameHandler4
|
|
DD imagerel $cppxdata$?__empty_global_delete@@YAXPEAX_K@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$ip2state$?__empty_global_delete@@YAXPEAX@Z DB 02H
|
|
DB 00H
|
|
DB 00H
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$cppxdata$?__empty_global_delete@@YAXPEAX@Z DB 060H
|
|
DD imagerel $ip2state$?__empty_global_delete@@YAXPEAX@Z
|
|
xdata ENDS
|
|
; COMDAT xdata
|
|
xdata SEGMENT
|
|
$unwind$?__empty_global_delete@@YAXPEAX@Z DD 025052a19H
|
|
DD 010e2313H
|
|
DD 07007001dH
|
|
DD 05006H
|
|
DD imagerel __CxxFrameHandler4
|
|
DD imagerel $cppxdata$?__empty_global_delete@@YAXPEAX@Z
|
|
xdata ENDS
|
|
; Function compile flags: /Odt
|
|
; COMDAT __JustMyCode_Default
|
|
_TEXT SEGMENT
|
|
__JustMyCode_Default PROC ; COMDAT
|
|
00000 c2 00 00 ret 0
|
|
__JustMyCode_Default ENDP
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\OpaqueBranching.cpp
|
|
; COMDAT ?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z
|
|
_TEXT SEGMENT
|
|
T$1 = 8
|
|
EndBlock$ = 40
|
|
T$2 = 72
|
|
RealNext$3 = 104
|
|
$T4 = 328
|
|
tv140 = 344
|
|
Start$ = 384
|
|
End$ = 392
|
|
OpaqueBranchBlock$ = 400
|
|
?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z PROC ; ObfInsertOpaqueBranchBlock, COMDAT
|
|
|
|
; 117 : {
|
|
|
|
$LN15:
|
|
00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
0000f 55 push rbp
|
|
00010 57 push rdi
|
|
00011 48 81 ec 88 01
|
|
00 00 sub rsp, 392 ; 00000188H
|
|
00018 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
0001d 48 8b fc mov rdi, rsp
|
|
00020 b9 62 00 00 00 mov ecx, 98 ; 00000062H
|
|
00025 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0002a f3 ab rep stosd
|
|
0002c 48 8b 8c 24 a8
|
|
01 00 00 mov rcx, QWORD PTR [rsp+424]
|
|
00034 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
|
|
0003b e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 118 : OpaqueBranchBlock->Start->Prev = Start->Prev;
|
|
|
|
00040 48 8b 85 90 01
|
|
00 00 mov rax, QWORD PTR OpaqueBranchBlock$[rbp]
|
|
00047 48 8b 00 mov rax, QWORD PTR [rax]
|
|
0004a 48 8b 8d 80 01
|
|
00 00 mov rcx, QWORD PTR Start$[rbp]
|
|
00051 48 8b 49 08 mov rcx, QWORD PTR [rcx+8]
|
|
00055 48 89 48 08 mov QWORD PTR [rax+8], rcx
|
|
|
|
; 119 : OpaqueBranchBlock->End->Next = End->Next;
|
|
|
|
00059 48 8b 85 90 01
|
|
00 00 mov rax, QWORD PTR OpaqueBranchBlock$[rbp]
|
|
00060 48 8b 40 08 mov rax, QWORD PTR [rax+8]
|
|
00064 48 8b 8d 88 01
|
|
00 00 mov rcx, QWORD PTR End$[rbp]
|
|
0006b 48 8b 09 mov rcx, QWORD PTR [rcx]
|
|
0006e 48 89 08 mov QWORD PTR [rax], rcx
|
|
|
|
; 120 :
|
|
; 121 : if (Start->Prev)
|
|
|
|
00071 48 8b 85 80 01
|
|
00 00 mov rax, QWORD PTR Start$[rbp]
|
|
00078 48 83 78 08 00 cmp QWORD PTR [rax+8], 0
|
|
0007d 74 18 je SHORT $LN8@ObfInsertO
|
|
|
|
; 122 : Start->Prev->Next = OpaqueBranchBlock->Start;
|
|
|
|
0007f 48 8b 85 80 01
|
|
00 00 mov rax, QWORD PTR Start$[rbp]
|
|
00086 48 8b 40 08 mov rax, QWORD PTR [rax+8]
|
|
0008a 48 8b 8d 90 01
|
|
00 00 mov rcx, QWORD PTR OpaqueBranchBlock$[rbp]
|
|
00091 48 8b 09 mov rcx, QWORD PTR [rcx]
|
|
00094 48 89 08 mov QWORD PTR [rax], rcx
|
|
$LN8@ObfInsertO:
|
|
|
|
; 123 : if (End->Next)
|
|
|
|
00097 48 8b 85 88 01
|
|
00 00 mov rax, QWORD PTR End$[rbp]
|
|
0009e 48 83 38 00 cmp QWORD PTR [rax], 0
|
|
000a2 74 19 je SHORT $LN9@ObfInsertO
|
|
|
|
; 124 : End->Next->Prev = OpaqueBranchBlock->End;
|
|
|
|
000a4 48 8b 85 88 01
|
|
00 00 mov rax, QWORD PTR End$[rbp]
|
|
000ab 48 8b 00 mov rax, QWORD PTR [rax]
|
|
000ae 48 8b 8d 90 01
|
|
00 00 mov rcx, QWORD PTR OpaqueBranchBlock$[rbp]
|
|
000b5 48 8b 49 08 mov rcx, QWORD PTR [rcx+8]
|
|
000b9 48 89 48 08 mov QWORD PTR [rax+8], rcx
|
|
$LN9@ObfInsertO:
|
|
|
|
; 125 :
|
|
; 126 : if (Start->Block->Start == Start)
|
|
|
|
000bd 48 8b 85 80 01
|
|
00 00 mov rax, QWORD PTR Start$[rbp]
|
|
000c4 48 8b 40 10 mov rax, QWORD PTR [rax+16]
|
|
000c8 48 8b 8d 80 01
|
|
00 00 mov rcx, QWORD PTR Start$[rbp]
|
|
000cf 48 39 08 cmp QWORD PTR [rax], rcx
|
|
000d2 75 18 jne SHORT $LN10@ObfInsertO
|
|
|
|
; 127 : Start->Block->Start = OpaqueBranchBlock->Start;
|
|
|
|
000d4 48 8b 85 80 01
|
|
00 00 mov rax, QWORD PTR Start$[rbp]
|
|
000db 48 8b 40 10 mov rax, QWORD PTR [rax+16]
|
|
000df 48 8b 8d 90 01
|
|
00 00 mov rcx, QWORD PTR OpaqueBranchBlock$[rbp]
|
|
000e6 48 8b 09 mov rcx, QWORD PTR [rcx]
|
|
000e9 48 89 08 mov QWORD PTR [rax], rcx
|
|
$LN10@ObfInsertO:
|
|
|
|
; 128 :
|
|
; 129 : if (Start->Block->End == End)
|
|
|
|
000ec 48 8b 85 80 01
|
|
00 00 mov rax, QWORD PTR Start$[rbp]
|
|
000f3 48 8b 40 10 mov rax, QWORD PTR [rax+16]
|
|
000f7 48 8b 8d 88 01
|
|
00 00 mov rcx, QWORD PTR End$[rbp]
|
|
000fe 48 39 48 08 cmp QWORD PTR [rax+8], rcx
|
|
00102 75 1a jne SHORT $LN11@ObfInsertO
|
|
|
|
; 130 : Start->Block->End = OpaqueBranchBlock->End;
|
|
|
|
00104 48 8b 85 80 01
|
|
00 00 mov rax, QWORD PTR Start$[rbp]
|
|
0010b 48 8b 40 10 mov rax, QWORD PTR [rax+16]
|
|
0010f 48 8b 8d 90 01
|
|
00 00 mov rcx, QWORD PTR OpaqueBranchBlock$[rbp]
|
|
00116 48 8b 49 08 mov rcx, QWORD PTR [rcx+8]
|
|
0011a 48 89 48 08 mov QWORD PTR [rax+8], rcx
|
|
$LN11@ObfInsertO:
|
|
|
|
; 131 :
|
|
; 132 : //Update group for the current isntructions
|
|
; 133 : for (PNATIVE_CODE_LINK T = OpaqueBranchBlock->Start; T && T != OpaqueBranchBlock->End->Next; T = T->Next)
|
|
|
|
0011e 48 8b 85 90 01
|
|
00 00 mov rax, QWORD PTR OpaqueBranchBlock$[rbp]
|
|
00125 48 8b 00 mov rax, QWORD PTR [rax]
|
|
00128 48 89 45 08 mov QWORD PTR T$1[rbp], rax
|
|
0012c eb 0b jmp SHORT $LN4@ObfInsertO
|
|
$LN2@ObfInsertO:
|
|
0012e 48 8b 45 08 mov rax, QWORD PTR T$1[rbp]
|
|
00132 48 8b 00 mov rax, QWORD PTR [rax]
|
|
00135 48 89 45 08 mov QWORD PTR T$1[rbp], rax
|
|
$LN4@ObfInsertO:
|
|
00139 48 83 7d 08 00 cmp QWORD PTR T$1[rbp], 0
|
|
0013e 74 29 je SHORT $LN3@ObfInsertO
|
|
00140 48 8b 85 90 01
|
|
00 00 mov rax, QWORD PTR OpaqueBranchBlock$[rbp]
|
|
00147 48 8b 40 08 mov rax, QWORD PTR [rax+8]
|
|
0014b 48 8b 00 mov rax, QWORD PTR [rax]
|
|
0014e 48 39 45 08 cmp QWORD PTR T$1[rbp], rax
|
|
00152 74 15 je SHORT $LN3@ObfInsertO
|
|
|
|
; 134 : T->Block = Start->Block;
|
|
|
|
00154 48 8b 45 08 mov rax, QWORD PTR T$1[rbp]
|
|
00158 48 8b 8d 80 01
|
|
00 00 mov rcx, QWORD PTR Start$[rbp]
|
|
0015f 48 8b 49 10 mov rcx, QWORD PTR [rcx+16]
|
|
00163 48 89 48 10 mov QWORD PTR [rax+16], rcx
|
|
00167 eb c5 jmp SHORT $LN2@ObfInsertO
|
|
$LN3@ObfInsertO:
|
|
|
|
; 135 :
|
|
; 136 : PNATIVE_CODE_LINK EndBlock = End->Next;
|
|
|
|
00169 48 8b 85 88 01
|
|
00 00 mov rax, QWORD PTR End$[rbp]
|
|
00170 48 8b 00 mov rax, QWORD PTR [rax]
|
|
00173 48 89 45 28 mov QWORD PTR EndBlock$[rbp], rax
|
|
|
|
; 137 : for (PNATIVE_CODE_LINK T = Start; T && T != EndBlock;)
|
|
|
|
00177 48 8b 85 80 01
|
|
00 00 mov rax, QWORD PTR Start$[rbp]
|
|
0017e 48 89 45 48 mov QWORD PTR T$2[rbp], rax
|
|
$LN5@ObfInsertO:
|
|
00182 48 83 7d 48 00 cmp QWORD PTR T$2[rbp], 0
|
|
00187 74 59 je SHORT $LN6@ObfInsertO
|
|
00189 48 8b 45 28 mov rax, QWORD PTR EndBlock$[rbp]
|
|
0018d 48 39 45 48 cmp QWORD PTR T$2[rbp], rax
|
|
00191 74 4f je SHORT $LN6@ObfInsertO
|
|
|
|
; 138 : {
|
|
; 139 : PNATIVE_CODE_LINK RealNext = T->Next;
|
|
|
|
00193 48 8b 45 48 mov rax, QWORD PTR T$2[rbp]
|
|
00197 48 8b 00 mov rax, QWORD PTR [rax]
|
|
0019a 48 89 45 68 mov QWORD PTR RealNext$3[rbp], rax
|
|
|
|
; 140 : delete T;
|
|
|
|
0019e 48 8b 45 48 mov rax, QWORD PTR T$2[rbp]
|
|
001a2 48 89 85 48 01
|
|
00 00 mov QWORD PTR $T4[rbp], rax
|
|
001a9 48 83 bd 48 01
|
|
00 00 00 cmp QWORD PTR $T4[rbp], 0
|
|
001b1 74 1a je SHORT $LN13@ObfInsertO
|
|
001b3 ba 01 00 00 00 mov edx, 1
|
|
001b8 48 8b 8d 48 01
|
|
00 00 mov rcx, QWORD PTR $T4[rbp]
|
|
001bf e8 00 00 00 00 call ??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z
|
|
001c4 48 89 85 58 01
|
|
00 00 mov QWORD PTR tv140[rbp], rax
|
|
001cb eb 0b jmp SHORT $LN14@ObfInsertO
|
|
$LN13@ObfInsertO:
|
|
001cd 48 c7 85 58 01
|
|
00 00 00 00 00
|
|
00 mov QWORD PTR tv140[rbp], 0
|
|
$LN14@ObfInsertO:
|
|
|
|
; 141 : T = RealNext;
|
|
|
|
001d8 48 8b 45 68 mov rax, QWORD PTR RealNext$3[rbp]
|
|
001dc 48 89 45 48 mov QWORD PTR T$2[rbp], rax
|
|
|
|
; 142 : }
|
|
|
|
001e0 eb a0 jmp SHORT $LN5@ObfInsertO
|
|
$LN6@ObfInsertO:
|
|
|
|
; 143 : return TRUE;
|
|
|
|
001e2 b8 01 00 00 00 mov eax, 1
|
|
|
|
; 144 : }
|
|
|
|
001e7 48 8d a5 68 01
|
|
00 00 lea rsp, QWORD PTR [rbp+360]
|
|
001ee 5f pop rdi
|
|
001ef 5d pop rbp
|
|
001f0 c3 ret 0
|
|
?ObfInsertOpaqueBranchBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z ENDP ; ObfInsertOpaqueBranchBlock
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\OpaqueBranching.cpp
|
|
; COMDAT ?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z
|
|
_TEXT SEGMENT
|
|
Jcc$ = 8
|
|
Jmp$ = 40
|
|
$T1 = 264
|
|
$T2 = 296
|
|
$T3 = 328
|
|
$T4 = 360
|
|
$T5 = 392
|
|
tv141 = 408
|
|
tv94 = 408
|
|
tv76 = 408
|
|
NotTaken$ = 448
|
|
Taken$ = 456
|
|
JccLabel$ = 464
|
|
JmpLabel$ = 472
|
|
?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z PROC ; ObfCombineOpaqueBranches, COMDAT
|
|
|
|
; 94 : {
|
|
|
|
$LN13:
|
|
00000 44 89 4c 24 20 mov DWORD PTR [rsp+32], r9d
|
|
00005 44 89 44 24 18 mov DWORD PTR [rsp+24], r8d
|
|
0000a 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000f 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00014 55 push rbp
|
|
00015 57 push rdi
|
|
00016 48 81 ec c8 01
|
|
00 00 sub rsp, 456 ; 000001c8H
|
|
0001d 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
00022 48 8b fc mov rdi, rsp
|
|
00025 b9 72 00 00 00 mov ecx, 114 ; 00000072H
|
|
0002a b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0002f f3 ab rep stosd
|
|
00031 48 8b 8c 24 e8
|
|
01 00 00 mov rcx, QWORD PTR [rsp+488]
|
|
00039 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
|
|
00040 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 95 : PNATIVE_CODE_LINK Jcc = ObfGenRandomJcc(JccLabel);
|
|
|
|
00045 ba 20 00 00 00 mov edx, 32 ; 00000020H
|
|
0004a 8b 8d d0 01 00
|
|
00 mov ecx, DWORD PTR JccLabel$[rbp]
|
|
00050 e8 00 00 00 00 call ?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z ; ObfGenRandomJcc
|
|
00055 48 89 45 08 mov QWORD PTR Jcc$[rbp], rax
|
|
|
|
; 96 : if (!Jcc)
|
|
|
|
00059 48 83 7d 08 00 cmp QWORD PTR Jcc$[rbp], 0
|
|
0005e 75 07 jne SHORT $LN2@ObfCombine
|
|
|
|
; 97 : return FALSE;
|
|
|
|
00060 33 c0 xor eax, eax
|
|
00062 e9 83 01 00 00 jmp $LN1@ObfCombine
|
|
$LN2@ObfCombine:
|
|
|
|
; 98 : PNATIVE_CODE_LINK Jmp = ObfGenJmpToLabel(JmpLabel);
|
|
|
|
00067 ba 20 00 00 00 mov edx, 32 ; 00000020H
|
|
0006c 8b 8d d8 01 00
|
|
00 mov ecx, DWORD PTR JmpLabel$[rbp]
|
|
00072 e8 00 00 00 00 call ?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z ; ObfGenJmpToLabel
|
|
00077 48 89 45 28 mov QWORD PTR Jmp$[rbp], rax
|
|
|
|
; 99 : if (!Jmp)
|
|
|
|
0007b 48 83 7d 28 00 cmp QWORD PTR Jmp$[rbp], 0
|
|
00080 75 41 jne SHORT $LN3@ObfCombine
|
|
|
|
; 100 : {
|
|
; 101 : delete Jcc;
|
|
|
|
00082 48 8b 45 08 mov rax, QWORD PTR Jcc$[rbp]
|
|
00086 48 89 85 08 01
|
|
00 00 mov QWORD PTR $T1[rbp], rax
|
|
0008d 48 83 bd 08 01
|
|
00 00 00 cmp QWORD PTR $T1[rbp], 0
|
|
00095 74 1a je SHORT $LN5@ObfCombine
|
|
00097 ba 01 00 00 00 mov edx, 1
|
|
0009c 48 8b 8d 08 01
|
|
00 00 mov rcx, QWORD PTR $T1[rbp]
|
|
000a3 e8 00 00 00 00 call ??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z
|
|
000a8 48 89 85 98 01
|
|
00 00 mov QWORD PTR tv76[rbp], rax
|
|
000af eb 0b jmp SHORT $LN6@ObfCombine
|
|
$LN5@ObfCombine:
|
|
000b1 48 c7 85 98 01
|
|
00 00 00 00 00
|
|
00 mov QWORD PTR tv76[rbp], 0
|
|
$LN6@ObfCombine:
|
|
|
|
; 102 : return FALSE;
|
|
|
|
000bc 33 c0 xor eax, eax
|
|
000be e9 27 01 00 00 jmp $LN1@ObfCombine
|
|
$LN3@ObfCombine:
|
|
|
|
; 103 : }
|
|
; 104 :
|
|
; 105 : NcPrependToBlock(NotTaken, Jcc);
|
|
|
|
000c3 48 8b 55 08 mov rdx, QWORD PTR Jcc$[rbp]
|
|
000c7 48 8b 8d c0 01
|
|
00 00 mov rcx, QWORD PTR NotTaken$[rbp]
|
|
000ce e8 00 00 00 00 call ?NcPrependToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcPrependToBlock
|
|
|
|
; 106 : NcAppendToBlock(NotTaken, Jmp);
|
|
|
|
000d3 48 8b 55 28 mov rdx, QWORD PTR Jmp$[rbp]
|
|
000d7 48 8b 8d c0 01
|
|
00 00 mov rcx, QWORD PTR NotTaken$[rbp]
|
|
000de e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
|
|
|
|
; 107 :
|
|
; 108 : NcPrependToBlock(Taken, new NATIVE_CODE_LINK(JccLabel, Taken));
|
|
|
|
000e3 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
|
|
000e8 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
|
|
000ed 48 89 85 48 01
|
|
00 00 mov QWORD PTR $T3[rbp], rax
|
|
000f4 48 83 bd 48 01
|
|
00 00 00 cmp QWORD PTR $T3[rbp], 0
|
|
000fc 74 22 je SHORT $LN7@ObfCombine
|
|
000fe 4c 8b 85 c8 01
|
|
00 00 mov r8, QWORD PTR Taken$[rbp]
|
|
00105 8b 95 d0 01 00
|
|
00 mov edx, DWORD PTR JccLabel$[rbp]
|
|
0010b 48 8b 8d 48 01
|
|
00 00 mov rcx, QWORD PTR $T3[rbp]
|
|
00112 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAU_NATIVE_CODE_BLOCK@@@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
|
|
00117 48 89 85 98 01
|
|
00 00 mov QWORD PTR tv94[rbp], rax
|
|
0011e eb 0b jmp SHORT $LN8@ObfCombine
|
|
$LN7@ObfCombine:
|
|
00120 48 c7 85 98 01
|
|
00 00 00 00 00
|
|
00 mov QWORD PTR tv94[rbp], 0
|
|
$LN8@ObfCombine:
|
|
0012b 48 8b 85 98 01
|
|
00 00 mov rax, QWORD PTR tv94[rbp]
|
|
00132 48 89 85 28 01
|
|
00 00 mov QWORD PTR $T2[rbp], rax
|
|
00139 48 8b 95 28 01
|
|
00 00 mov rdx, QWORD PTR $T2[rbp]
|
|
00140 48 8b 8d c8 01
|
|
00 00 mov rcx, QWORD PTR Taken$[rbp]
|
|
00147 e8 00 00 00 00 call ?NcPrependToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcPrependToBlock
|
|
|
|
; 109 : NcAppendToBlock(Taken, new NATIVE_CODE_LINK(JmpLabel, Taken));
|
|
|
|
0014c b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
|
|
00151 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
|
|
00156 48 89 85 88 01
|
|
00 00 mov QWORD PTR $T5[rbp], rax
|
|
0015d 48 83 bd 88 01
|
|
00 00 00 cmp QWORD PTR $T5[rbp], 0
|
|
00165 74 22 je SHORT $LN9@ObfCombine
|
|
00167 4c 8b 85 c8 01
|
|
00 00 mov r8, QWORD PTR Taken$[rbp]
|
|
0016e 8b 95 d8 01 00
|
|
00 mov edx, DWORD PTR JmpLabel$[rbp]
|
|
00174 48 8b 8d 88 01
|
|
00 00 mov rcx, QWORD PTR $T5[rbp]
|
|
0017b e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAU_NATIVE_CODE_BLOCK@@@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
|
|
00180 48 89 85 98 01
|
|
00 00 mov QWORD PTR tv141[rbp], rax
|
|
00187 eb 0b jmp SHORT $LN10@ObfCombine
|
|
$LN9@ObfCombine:
|
|
00189 48 c7 85 98 01
|
|
00 00 00 00 00
|
|
00 mov QWORD PTR tv141[rbp], 0
|
|
$LN10@ObfCombine:
|
|
00194 48 8b 85 98 01
|
|
00 00 mov rax, QWORD PTR tv141[rbp]
|
|
0019b 48 89 85 68 01
|
|
00 00 mov QWORD PTR $T4[rbp], rax
|
|
001a2 48 8b 95 68 01
|
|
00 00 mov rdx, QWORD PTR $T4[rbp]
|
|
001a9 48 8b 8d c8 01
|
|
00 00 mov rcx, QWORD PTR Taken$[rbp]
|
|
001b0 e8 00 00 00 00 call ?NcAppendToBlock@@YAXPEAU_NATIVE_CODE_BLOCK@@PEAU_NATIVE_CODE_LINK@@@Z ; NcAppendToBlock
|
|
|
|
; 110 :
|
|
; 111 : NcInsertBlockAfter(NotTaken->End, Taken, FALSE);
|
|
|
|
001b5 45 33 c0 xor r8d, r8d
|
|
001b8 48 8b 95 c8 01
|
|
00 00 mov rdx, QWORD PTR Taken$[rbp]
|
|
001bf 48 8b 85 c0 01
|
|
00 00 mov rax, QWORD PTR NotTaken$[rbp]
|
|
001c6 48 8b 48 08 mov rcx, QWORD PTR [rax+8]
|
|
001ca e8 00 00 00 00 call ?NcInsertBlockAfter@@YAHPEAU_NATIVE_CODE_LINK@@PEAU_NATIVE_CODE_BLOCK@@H@Z ; NcInsertBlockAfter
|
|
|
|
; 112 : NotTaken->End = Taken->End;
|
|
|
|
001cf 48 8b 85 c0 01
|
|
00 00 mov rax, QWORD PTR NotTaken$[rbp]
|
|
001d6 48 8b 8d c8 01
|
|
00 00 mov rcx, QWORD PTR Taken$[rbp]
|
|
001dd 48 8b 49 08 mov rcx, QWORD PTR [rcx+8]
|
|
001e1 48 89 48 08 mov QWORD PTR [rax+8], rcx
|
|
|
|
; 113 : return TRUE;
|
|
|
|
001e5 b8 01 00 00 00 mov eax, 1
|
|
$LN1@ObfCombine:
|
|
|
|
; 114 : }
|
|
|
|
001ea 48 8d a5 a8 01
|
|
00 00 lea rsp, QWORD PTR [rbp+424]
|
|
001f1 5f pop rdi
|
|
001f2 5d pop rbp
|
|
001f3 c3 ret 0
|
|
?ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z ENDP ; ObfCombineOpaqueBranches
|
|
_TEXT ENDS
|
|
; COMDAT text$x
|
|
text$x SEGMENT
|
|
Jcc$ = 8
|
|
Jmp$ = 40
|
|
$T1 = 264
|
|
$T2 = 296
|
|
$T3 = 328
|
|
$T4 = 360
|
|
$T5 = 392
|
|
tv141 = 408
|
|
tv94 = 408
|
|
tv76 = 408
|
|
NotTaken$ = 448
|
|
Taken$ = 456
|
|
JccLabel$ = 464
|
|
JmpLabel$ = 472
|
|
?dtor$0@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA PROC ; `ObfCombineOpaqueBranches'::`1'::dtor$0
|
|
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 55 push rbp
|
|
0000b 57 push rdi
|
|
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
|
|
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
|
|
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
|
|
00019 48 8b 8d 48 01
|
|
00 00 mov rcx, QWORD PTR $T3[rbp]
|
|
00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete
|
|
00025 48 83 c4 28 add rsp, 40 ; 00000028H
|
|
00029 5f pop rdi
|
|
0002a 5d pop rbp
|
|
0002b c3 ret 0
|
|
?dtor$0@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA ENDP ; `ObfCombineOpaqueBranches'::`1'::dtor$0
|
|
text$x ENDS
|
|
; COMDAT text$x
|
|
text$x SEGMENT
|
|
Jcc$ = 8
|
|
Jmp$ = 40
|
|
$T1 = 264
|
|
$T2 = 296
|
|
$T3 = 328
|
|
$T4 = 360
|
|
$T5 = 392
|
|
tv141 = 408
|
|
tv94 = 408
|
|
tv76 = 408
|
|
NotTaken$ = 448
|
|
Taken$ = 456
|
|
JccLabel$ = 464
|
|
JmpLabel$ = 472
|
|
?dtor$1@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA PROC ; `ObfCombineOpaqueBranches'::`1'::dtor$1
|
|
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 55 push rbp
|
|
0000b 57 push rdi
|
|
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
|
|
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
|
|
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
|
|
00019 48 8b 8d 88 01
|
|
00 00 mov rcx, QWORD PTR $T5[rbp]
|
|
00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete
|
|
00025 48 83 c4 28 add rsp, 40 ; 00000028H
|
|
00029 5f pop rdi
|
|
0002a 5d pop rbp
|
|
0002b c3 ret 0
|
|
?dtor$1@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA ENDP ; `ObfCombineOpaqueBranches'::`1'::dtor$1
|
|
text$x ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; COMDAT text$x
|
|
text$x SEGMENT
|
|
Jcc$ = 8
|
|
Jmp$ = 40
|
|
$T1 = 264
|
|
$T2 = 296
|
|
$T3 = 328
|
|
$T4 = 360
|
|
$T5 = 392
|
|
tv141 = 408
|
|
tv94 = 408
|
|
tv76 = 408
|
|
NotTaken$ = 448
|
|
Taken$ = 456
|
|
JccLabel$ = 464
|
|
JmpLabel$ = 472
|
|
?dtor$0@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA PROC ; `ObfCombineOpaqueBranches'::`1'::dtor$0
|
|
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 55 push rbp
|
|
0000b 57 push rdi
|
|
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
|
|
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
|
|
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
|
|
00019 48 8b 8d 48 01
|
|
00 00 mov rcx, QWORD PTR $T3[rbp]
|
|
00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete
|
|
00025 48 83 c4 28 add rsp, 40 ; 00000028H
|
|
00029 5f pop rdi
|
|
0002a 5d pop rbp
|
|
0002b c3 ret 0
|
|
?dtor$0@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA ENDP ; `ObfCombineOpaqueBranches'::`1'::dtor$0
|
|
text$x ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; COMDAT text$x
|
|
text$x SEGMENT
|
|
Jcc$ = 8
|
|
Jmp$ = 40
|
|
$T1 = 264
|
|
$T2 = 296
|
|
$T3 = 328
|
|
$T4 = 360
|
|
$T5 = 392
|
|
tv141 = 408
|
|
tv94 = 408
|
|
tv76 = 408
|
|
NotTaken$ = 448
|
|
Taken$ = 456
|
|
JccLabel$ = 464
|
|
JmpLabel$ = 472
|
|
?dtor$1@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA PROC ; `ObfCombineOpaqueBranches'::`1'::dtor$1
|
|
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 55 push rbp
|
|
0000b 57 push rdi
|
|
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
|
|
00010 48 8d 6a 20 lea rbp, QWORD PTR [rdx+32]
|
|
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
|
|
00019 48 8b 8d 88 01
|
|
00 00 mov rcx, QWORD PTR $T5[rbp]
|
|
00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete
|
|
00025 48 83 c4 28 add rsp, 40 ; 00000028H
|
|
00029 5f pop rdi
|
|
0002a 5d pop rbp
|
|
0002b c3 ret 0
|
|
?dtor$1@?0??ObfCombineOpaqueBranches@@YAHPEAU_NATIVE_CODE_BLOCK@@0KK@Z@4HA ENDP ; `ObfCombineOpaqueBranches'::`1'::dtor$1
|
|
text$x ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\OpaqueBranching.cpp
|
|
; COMDAT ?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z
|
|
_TEXT SEGMENT
|
|
tv74 = 192
|
|
Start$ = 240
|
|
End$ = 248
|
|
NotTaken$ = 256
|
|
Taken$ = 264
|
|
?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z PROC ; ObfCreateOpaqueBranches, COMDAT
|
|
|
|
; 89 : {
|
|
|
|
$LN5:
|
|
00000 4c 89 4c 24 20 mov QWORD PTR [rsp+32], r9
|
|
00005 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
|
|
0000a 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000f 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00014 55 push rbp
|
|
00015 57 push rdi
|
|
00016 48 81 ec f8 00
|
|
00 00 sub rsp, 248 ; 000000f8H
|
|
0001d 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
00022 48 8b fc mov rdi, rsp
|
|
00025 b9 3e 00 00 00 mov ecx, 62 ; 0000003eH
|
|
0002a b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0002f f3 ab rep stosd
|
|
00031 48 8b 8c 24 18
|
|
01 00 00 mov rcx, QWORD PTR [rsp+280]
|
|
00039 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
|
|
00040 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 90 : return (NcDeepCopyPartialBlock(Start, End, Taken) && !NcDeepCopyPartialBlock(Start, End, NotTaken));
|
|
|
|
00045 4c 8b 85 08 01
|
|
00 00 mov r8, QWORD PTR Taken$[rbp]
|
|
0004c 48 8b 95 f8 00
|
|
00 00 mov rdx, QWORD PTR End$[rbp]
|
|
00053 48 8b 8d f0 00
|
|
00 00 mov rcx, QWORD PTR Start$[rbp]
|
|
0005a e8 00 00 00 00 call ?NcDeepCopyPartialBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeepCopyPartialBlock
|
|
0005f 85 c0 test eax, eax
|
|
00061 74 2a je SHORT $LN3@ObfCreateO
|
|
00063 4c 8b 85 00 01
|
|
00 00 mov r8, QWORD PTR NotTaken$[rbp]
|
|
0006a 48 8b 95 f8 00
|
|
00 00 mov rdx, QWORD PTR End$[rbp]
|
|
00071 48 8b 8d f0 00
|
|
00 00 mov rcx, QWORD PTR Start$[rbp]
|
|
00078 e8 00 00 00 00 call ?NcDeepCopyPartialBlock@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@@Z ; NcDeepCopyPartialBlock
|
|
0007d 85 c0 test eax, eax
|
|
0007f 75 0c jne SHORT $LN3@ObfCreateO
|
|
00081 c7 85 c0 00 00
|
|
00 01 00 00 00 mov DWORD PTR tv74[rbp], 1
|
|
0008b eb 0a jmp SHORT $LN4@ObfCreateO
|
|
$LN3@ObfCreateO:
|
|
0008d c7 85 c0 00 00
|
|
00 00 00 00 00 mov DWORD PTR tv74[rbp], 0
|
|
$LN4@ObfCreateO:
|
|
00097 8b 85 c0 00 00
|
|
00 mov eax, DWORD PTR tv74[rbp]
|
|
|
|
; 91 : }
|
|
|
|
0009d 48 8d a5 d8 00
|
|
00 00 lea rsp, QWORD PTR [rbp+216]
|
|
000a4 5f pop rdi
|
|
000a5 5d pop rbp
|
|
000a6 c3 ret 0
|
|
?ObfCreateOpaqueBranches@@YAHPEAU_NATIVE_CODE_LINK@@0PEAU_NATIVE_CODE_BLOCK@@1@Z ENDP ; ObfCreateOpaqueBranches
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\OpaqueBranching.cpp
|
|
; COMDAT ?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z
|
|
_TEXT SEGMENT
|
|
MachineState$ = 8
|
|
EncoderInstruction$ = 48
|
|
EncoderRequest$ = 496
|
|
EncodeBuffer$ = 712
|
|
ReturnedSize$ = 756
|
|
Link$ = 792
|
|
$T8 = 1400
|
|
$T9 = 1480
|
|
$T10 = 1560
|
|
$T11 = 1592
|
|
$T12 = 1624
|
|
$T13 = 1664
|
|
tv145 = 1720
|
|
tv133 = 1720
|
|
__$ArrayPad$ = 1728
|
|
LabelId$ = 1776
|
|
DisplacementWidth$ = 1784
|
|
?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z PROC ; ObfGenJmpToLabel, COMDAT
|
|
|
|
; 58 : {
|
|
|
|
$LN11:
|
|
00000 89 54 24 10 mov DWORD PTR [rsp+16], edx
|
|
00004 89 4c 24 08 mov DWORD PTR [rsp+8], ecx
|
|
00008 55 push rbp
|
|
00009 56 push rsi
|
|
0000a 57 push rdi
|
|
0000b 48 81 ec 00 07
|
|
00 00 sub rsp, 1792 ; 00000700H
|
|
00012 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
|
|
00017 48 8b fc mov rdi, rsp
|
|
0001a b9 c0 01 00 00 mov ecx, 448 ; 000001c0H
|
|
0001f b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
00024 f3 ab rep stosd
|
|
00026 8b 8c 24 28 07
|
|
00 00 mov ecx, DWORD PTR [rsp+1832]
|
|
0002d 48 8b 05 00 00
|
|
00 00 mov rax, QWORD PTR __security_cookie
|
|
00034 48 33 c5 xor rax, rbp
|
|
00037 48 89 85 c0 06
|
|
00 00 mov QWORD PTR __$ArrayPad$[rbp], rax
|
|
0003e 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
|
|
00045 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 59 : XED_STATE MachineState;
|
|
; 60 : MachineState.mmode = XED_MACHINE_MODE_LONG_64;
|
|
|
|
0004a c7 45 08 01 00
|
|
00 00 mov DWORD PTR MachineState$[rbp], 1
|
|
|
|
; 61 : MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b;
|
|
|
|
00051 c7 45 0c 08 00
|
|
00 00 mov DWORD PTR MachineState$[rbp+4], 8
|
|
|
|
; 62 : XED_ENCODER_INSTRUCTION EncoderInstruction;
|
|
; 63 : XED_ENCODER_REQUEST EncoderRequest;
|
|
; 64 : UCHAR EncodeBuffer[15];
|
|
; 65 : UINT ReturnedSize;
|
|
; 66 :
|
|
; 67 : XedInst1(&EncoderInstruction, MachineState, XED_ICLASS_JMP, DisplacementWidth, XedRelBr(0, DisplacementWidth));
|
|
|
|
00058 44 8b 85 f8 06
|
|
00 00 mov r8d, DWORD PTR DisplacementWidth$[rbp]
|
|
0005f 33 d2 xor edx, edx
|
|
00061 48 8d 8d c8 05
|
|
00 00 lea rcx, QWORD PTR $T9[rbp]
|
|
00068 e8 00 00 00 00 call xed_relbr
|
|
0006d 48 8d 8d 78 05
|
|
00 00 lea rcx, QWORD PTR $T8[rbp]
|
|
00074 48 8b f9 mov rdi, rcx
|
|
00077 48 8b f0 mov rsi, rax
|
|
0007a b9 30 00 00 00 mov ecx, 48 ; 00000030H
|
|
0007f f3 a4 rep movsb
|
|
00081 48 8d 85 80 06
|
|
00 00 lea rax, QWORD PTR $T13[rbp]
|
|
00088 48 8d 8d 78 05
|
|
00 00 lea rcx, QWORD PTR $T8[rbp]
|
|
0008f 48 8b f8 mov rdi, rax
|
|
00092 48 8b f1 mov rsi, rcx
|
|
00095 b9 30 00 00 00 mov ecx, 48 ; 00000030H
|
|
0009a f3 a4 rep movsb
|
|
0009c 48 8d 85 80 06
|
|
00 00 lea rax, QWORD PTR $T13[rbp]
|
|
000a3 48 89 44 24 20 mov QWORD PTR [rsp+32], rax
|
|
000a8 44 8b 8d f8 06
|
|
00 00 mov r9d, DWORD PTR DisplacementWidth$[rbp]
|
|
000af 41 b8 3c 01 00
|
|
00 mov r8d, 316 ; 0000013cH
|
|
000b5 48 8b 55 08 mov rdx, QWORD PTR MachineState$[rbp]
|
|
000b9 48 8d 4d 30 lea rcx, QWORD PTR EncoderInstruction$[rbp]
|
|
000bd e8 00 00 00 00 call xed_inst1
|
|
|
|
; 68 :
|
|
; 69 : XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState);
|
|
|
|
000c2 48 8d 55 08 lea rdx, QWORD PTR MachineState$[rbp]
|
|
000c6 48 8d 8d f0 01
|
|
00 00 lea rcx, QWORD PTR EncoderRequest$[rbp]
|
|
000cd e8 00 00 00 00 call xed_encoder_request_zero_set_mode
|
|
|
|
; 70 : if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction))
|
|
|
|
000d2 48 8d 55 30 lea rdx, QWORD PTR EncoderInstruction$[rbp]
|
|
000d6 48 8d 8d f0 01
|
|
00 00 lea rcx, QWORD PTR EncoderRequest$[rbp]
|
|
000dd e8 00 00 00 00 call xed_convert_to_encoder_request
|
|
000e2 85 c0 test eax, eax
|
|
000e4 75 07 jne SHORT $LN2@ObfGenJmpT
|
|
|
|
; 71 : return NULL;
|
|
|
|
000e6 33 c0 xor eax, eax
|
|
000e8 e9 30 01 00 00 jmp $LN1@ObfGenJmpT
|
|
$LN2@ObfGenJmpT:
|
|
|
|
; 72 :
|
|
; 73 : if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize))
|
|
|
|
000ed 4c 8d 8d f4 02
|
|
00 00 lea r9, QWORD PTR ReturnedSize$[rbp]
|
|
000f4 41 b8 0f 00 00
|
|
00 mov r8d, 15
|
|
000fa 48 8d 95 c8 02
|
|
00 00 lea rdx, QWORD PTR EncodeBuffer$[rbp]
|
|
00101 48 8d 8d f0 01
|
|
00 00 lea rcx, QWORD PTR EncoderRequest$[rbp]
|
|
00108 e8 00 00 00 00 call xed_encode
|
|
0010d 85 c0 test eax, eax
|
|
0010f 74 07 je SHORT $LN3@ObfGenJmpT
|
|
|
|
; 74 : return NULL;
|
|
|
|
00111 33 c0 xor eax, eax
|
|
00113 e9 05 01 00 00 jmp $LN1@ObfGenJmpT
|
|
$LN3@ObfGenJmpT:
|
|
|
|
; 75 :
|
|
; 76 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, EncodeBuffer, ReturnedSize);
|
|
|
|
00118 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
|
|
0011d e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
|
|
00122 48 89 85 38 06
|
|
00 00 mov QWORD PTR $T11[rbp], rax
|
|
00129 48 83 bd 38 06
|
|
00 00 00 cmp QWORD PTR $T11[rbp], 0
|
|
00131 74 30 je SHORT $LN6@ObfGenJmpT
|
|
00133 c7 44 24 20 00
|
|
00 00 00 mov DWORD PTR [rsp+32], 0
|
|
0013b 44 8b 8d f4 02
|
|
00 00 mov r9d, DWORD PTR ReturnedSize$[rbp]
|
|
00142 4c 8d 85 c8 02
|
|
00 00 lea r8, QWORD PTR EncodeBuffer$[rbp]
|
|
00149 ba 04 00 00 00 mov edx, 4
|
|
0014e 48 8b 8d 38 06
|
|
00 00 mov rcx, QWORD PTR $T11[rbp]
|
|
00155 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
|
|
0015a 48 89 85 b8 06
|
|
00 00 mov QWORD PTR tv133[rbp], rax
|
|
00161 eb 0b jmp SHORT $LN7@ObfGenJmpT
|
|
$LN6@ObfGenJmpT:
|
|
00163 48 c7 85 b8 06
|
|
00 00 00 00 00
|
|
00 mov QWORD PTR tv133[rbp], 0
|
|
$LN7@ObfGenJmpT:
|
|
0016e 48 8b 85 b8 06
|
|
00 00 mov rax, QWORD PTR tv133[rbp]
|
|
00175 48 89 85 18 06
|
|
00 00 mov QWORD PTR $T10[rbp], rax
|
|
0017c 48 8b 85 18 06
|
|
00 00 mov rax, QWORD PTR $T10[rbp]
|
|
00183 48 89 85 18 03
|
|
00 00 mov QWORD PTR Link$[rbp], rax
|
|
|
|
; 77 : if (XED_ERROR_NONE != XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize))
|
|
|
|
0018a 48 8b 85 18 03
|
|
00 00 mov rax, QWORD PTR Link$[rbp]
|
|
00191 48 83 c0 30 add rax, 48 ; 00000030H
|
|
00195 48 8b 8d 18 03
|
|
00 00 mov rcx, QWORD PTR Link$[rbp]
|
|
0019c 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
|
|
001a0 48 8b 8d 18 03
|
|
00 00 mov rcx, QWORD PTR Link$[rbp]
|
|
001a7 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
|
|
001ab 48 8b c8 mov rcx, rax
|
|
001ae e8 00 00 00 00 call xed_decode
|
|
001b3 85 c0 test eax, eax
|
|
001b5 74 41 je SHORT $LN4@ObfGenJmpT
|
|
|
|
; 78 : {
|
|
; 79 : delete Link;
|
|
|
|
001b7 48 8b 85 18 03
|
|
00 00 mov rax, QWORD PTR Link$[rbp]
|
|
001be 48 89 85 58 06
|
|
00 00 mov QWORD PTR $T12[rbp], rax
|
|
001c5 48 83 bd 58 06
|
|
00 00 00 cmp QWORD PTR $T12[rbp], 0
|
|
001cd 74 1a je SHORT $LN8@ObfGenJmpT
|
|
001cf ba 01 00 00 00 mov edx, 1
|
|
001d4 48 8b 8d 58 06
|
|
00 00 mov rcx, QWORD PTR $T12[rbp]
|
|
001db e8 00 00 00 00 call ??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z
|
|
001e0 48 89 85 b8 06
|
|
00 00 mov QWORD PTR tv145[rbp], rax
|
|
001e7 eb 0b jmp SHORT $LN9@ObfGenJmpT
|
|
$LN8@ObfGenJmpT:
|
|
001e9 48 c7 85 b8 06
|
|
00 00 00 00 00
|
|
00 mov QWORD PTR tv145[rbp], 0
|
|
$LN9@ObfGenJmpT:
|
|
|
|
; 80 : return NULL;
|
|
|
|
001f4 33 c0 xor eax, eax
|
|
001f6 eb 25 jmp SHORT $LN1@ObfGenJmpT
|
|
$LN4@ObfGenJmpT:
|
|
|
|
; 81 : }
|
|
; 82 : Link->Label = LabelId;
|
|
|
|
001f8 48 8b 85 18 03
|
|
00 00 mov rax, QWORD PTR Link$[rbp]
|
|
001ff 8b 8d f0 06 00
|
|
00 mov ecx, DWORD PTR LabelId$[rbp]
|
|
00205 89 48 1c mov DWORD PTR [rax+28], ecx
|
|
|
|
; 83 : Link->Flags = (CODE_FLAG_IS_INST | CODE_FLAG_IS_REL_JMP);
|
|
|
|
00208 48 8b 85 18 03
|
|
00 00 mov rax, QWORD PTR Link$[rbp]
|
|
0020f c7 40 18 06 00
|
|
00 00 mov DWORD PTR [rax+24], 6
|
|
|
|
; 84 :
|
|
; 85 : return Link;
|
|
|
|
00216 48 8b 85 18 03
|
|
00 00 mov rax, QWORD PTR Link$[rbp]
|
|
$LN1@ObfGenJmpT:
|
|
|
|
; 86 : }
|
|
|
|
0021d 48 8b f8 mov rdi, rax
|
|
00220 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
|
|
00224 48 8d 15 00 00
|
|
00 00 lea rdx, OFFSET FLAT:?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcFrameData
|
|
0022b e8 00 00 00 00 call _RTC_CheckStackVars
|
|
00230 48 8b c7 mov rax, rdi
|
|
00233 48 8b 8d c0 06
|
|
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
|
|
0023a 48 33 cd xor rcx, rbp
|
|
0023d e8 00 00 00 00 call __security_check_cookie
|
|
00242 48 8d a5 d0 06
|
|
00 00 lea rsp, QWORD PTR [rbp+1744]
|
|
00249 5f pop rdi
|
|
0024a 5e pop rsi
|
|
0024b 5d pop rbp
|
|
0024c c3 ret 0
|
|
?ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z ENDP ; ObfGenJmpToLabel
|
|
_TEXT ENDS
|
|
; COMDAT text$x
|
|
text$x SEGMENT
|
|
MachineState$ = 8
|
|
EncoderInstruction$ = 48
|
|
EncoderRequest$ = 496
|
|
EncodeBuffer$ = 712
|
|
ReturnedSize$ = 756
|
|
Link$ = 792
|
|
$T8 = 1400
|
|
$T9 = 1480
|
|
$T10 = 1560
|
|
$T11 = 1592
|
|
$T12 = 1624
|
|
$T13 = 1664
|
|
tv145 = 1720
|
|
tv133 = 1720
|
|
__$ArrayPad$ = 1728
|
|
LabelId$ = 1776
|
|
DisplacementWidth$ = 1784
|
|
?dtor$0@?0??ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA PROC ; `ObfGenJmpToLabel'::`1'::dtor$0
|
|
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 55 push rbp
|
|
0000b 57 push rdi
|
|
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
|
|
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
|
|
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
|
|
00019 48 8b 8d 38 06
|
|
00 00 mov rcx, QWORD PTR $T11[rbp]
|
|
00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete
|
|
00025 48 83 c4 28 add rsp, 40 ; 00000028H
|
|
00029 5f pop rdi
|
|
0002a 5d pop rbp
|
|
0002b c3 ret 0
|
|
?dtor$0@?0??ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA ENDP ; `ObfGenJmpToLabel'::`1'::dtor$0
|
|
text$x ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; COMDAT text$x
|
|
text$x SEGMENT
|
|
MachineState$ = 8
|
|
EncoderInstruction$ = 48
|
|
EncoderRequest$ = 496
|
|
EncodeBuffer$ = 712
|
|
ReturnedSize$ = 756
|
|
Link$ = 792
|
|
$T8 = 1400
|
|
$T9 = 1480
|
|
$T10 = 1560
|
|
$T11 = 1592
|
|
$T12 = 1624
|
|
$T13 = 1664
|
|
tv145 = 1720
|
|
tv133 = 1720
|
|
__$ArrayPad$ = 1728
|
|
LabelId$ = 1776
|
|
DisplacementWidth$ = 1784
|
|
?dtor$0@?0??ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA PROC ; `ObfGenJmpToLabel'::`1'::dtor$0
|
|
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 55 push rbp
|
|
0000b 57 push rdi
|
|
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
|
|
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
|
|
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
|
|
00019 48 8b 8d 38 06
|
|
00 00 mov rcx, QWORD PTR $T11[rbp]
|
|
00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete
|
|
00025 48 83 c4 28 add rsp, 40 ; 00000028H
|
|
00029 5f pop rdi
|
|
0002a 5d pop rbp
|
|
0002b c3 ret 0
|
|
?dtor$0@?0??ObfGenJmpToLabel@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA ENDP ; `ObfGenJmpToLabel'::`1'::dtor$0
|
|
text$x ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\OpaqueBranching.cpp
|
|
; COMDAT ?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z
|
|
_TEXT SEGMENT
|
|
MachineState$ = 8
|
|
EncoderInstruction$ = 48
|
|
EncoderRequest$ = 496
|
|
EncodeBuffer$ = 712
|
|
ReturnedSize$ = 756
|
|
Link$ = 792
|
|
$T8 = 1400
|
|
$T9 = 1480
|
|
$T10 = 1560
|
|
$T11 = 1592
|
|
$T12 = 1624
|
|
$T13 = 1656
|
|
$T14 = 1696
|
|
tv77 = 1748
|
|
tv149 = 1752
|
|
tv137 = 1752
|
|
__$ArrayPad$ = 1760
|
|
LabelId$ = 1808
|
|
DisplacementWidth$ = 1816
|
|
?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z PROC ; ObfGenRandomJcc, COMDAT
|
|
|
|
; 27 : {
|
|
|
|
$LN11:
|
|
00000 89 54 24 10 mov DWORD PTR [rsp+16], edx
|
|
00004 89 4c 24 08 mov DWORD PTR [rsp+8], ecx
|
|
00008 55 push rbp
|
|
00009 56 push rsi
|
|
0000a 57 push rdi
|
|
0000b 48 81 ec 20 07
|
|
00 00 sub rsp, 1824 ; 00000720H
|
|
00012 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
|
|
00017 48 8b fc mov rdi, rsp
|
|
0001a b9 c8 01 00 00 mov ecx, 456 ; 000001c8H
|
|
0001f b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
00024 f3 ab rep stosd
|
|
00026 8b 8c 24 48 07
|
|
00 00 mov ecx, DWORD PTR [rsp+1864]
|
|
0002d 48 8b 05 00 00
|
|
00 00 mov rax, QWORD PTR __security_cookie
|
|
00034 48 33 c5 xor rax, rbp
|
|
00037 48 89 85 e0 06
|
|
00 00 mov QWORD PTR __$ArrayPad$[rbp], rax
|
|
0003e 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
|
|
00045 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 28 : XED_STATE MachineState;
|
|
; 29 : MachineState.mmode = XED_MACHINE_MODE_LONG_64;
|
|
|
|
0004a c7 45 08 01 00
|
|
00 00 mov DWORD PTR MachineState$[rbp], 1
|
|
|
|
; 30 : MachineState.stack_addr_width = XED_ADDRESS_WIDTH_64b;
|
|
|
|
00051 c7 45 0c 08 00
|
|
00 00 mov DWORD PTR MachineState$[rbp+4], 8
|
|
|
|
; 31 : XED_ENCODER_INSTRUCTION EncoderInstruction;
|
|
; 32 : XED_ENCODER_REQUEST EncoderRequest;
|
|
; 33 : UCHAR EncodeBuffer[15];
|
|
; 34 : UINT ReturnedSize;
|
|
; 35 :
|
|
; 36 : XedInst1(&EncoderInstruction, MachineState, ObfGetRandomJccClass(), DisplacementWidth, XedRelBr(0, DisplacementWidth));
|
|
|
|
00058 44 8b 85 18 07
|
|
00 00 mov r8d, DWORD PTR DisplacementWidth$[rbp]
|
|
0005f 33 d2 xor edx, edx
|
|
00061 48 8d 8d c8 05
|
|
00 00 lea rcx, QWORD PTR $T9[rbp]
|
|
00068 e8 00 00 00 00 call xed_relbr
|
|
0006d 48 8d 8d 78 05
|
|
00 00 lea rcx, QWORD PTR $T8[rbp]
|
|
00074 48 8b f9 mov rdi, rcx
|
|
00077 48 8b f0 mov rsi, rax
|
|
0007a b9 30 00 00 00 mov ecx, 48 ; 00000030H
|
|
0007f f3 a4 rep movsb
|
|
00081 e8 00 00 00 00 call ?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ ; ObfGetRandomJccClass
|
|
00086 89 85 d4 06 00
|
|
00 mov DWORD PTR tv77[rbp], eax
|
|
0008c 48 8b 45 08 mov rax, QWORD PTR MachineState$[rbp]
|
|
00090 48 89 85 18 06
|
|
00 00 mov QWORD PTR $T10[rbp], rax
|
|
00097 48 8d 85 a0 06
|
|
00 00 lea rax, QWORD PTR $T14[rbp]
|
|
0009e 48 8d 8d 78 05
|
|
00 00 lea rcx, QWORD PTR $T8[rbp]
|
|
000a5 48 8b f8 mov rdi, rax
|
|
000a8 48 8b f1 mov rsi, rcx
|
|
000ab b9 30 00 00 00 mov ecx, 48 ; 00000030H
|
|
000b0 f3 a4 rep movsb
|
|
000b2 48 8d 85 a0 06
|
|
00 00 lea rax, QWORD PTR $T14[rbp]
|
|
000b9 48 89 44 24 20 mov QWORD PTR [rsp+32], rax
|
|
000be 44 8b 8d 18 07
|
|
00 00 mov r9d, DWORD PTR DisplacementWidth$[rbp]
|
|
000c5 44 8b 85 d4 06
|
|
00 00 mov r8d, DWORD PTR tv77[rbp]
|
|
000cc 48 8b 95 18 06
|
|
00 00 mov rdx, QWORD PTR $T10[rbp]
|
|
000d3 48 8d 4d 30 lea rcx, QWORD PTR EncoderInstruction$[rbp]
|
|
000d7 e8 00 00 00 00 call xed_inst1
|
|
|
|
; 37 :
|
|
; 38 : XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState);
|
|
|
|
000dc 48 8d 55 08 lea rdx, QWORD PTR MachineState$[rbp]
|
|
000e0 48 8d 8d f0 01
|
|
00 00 lea rcx, QWORD PTR EncoderRequest$[rbp]
|
|
000e7 e8 00 00 00 00 call xed_encoder_request_zero_set_mode
|
|
|
|
; 39 : if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction))
|
|
|
|
000ec 48 8d 55 30 lea rdx, QWORD PTR EncoderInstruction$[rbp]
|
|
000f0 48 8d 8d f0 01
|
|
00 00 lea rcx, QWORD PTR EncoderRequest$[rbp]
|
|
000f7 e8 00 00 00 00 call xed_convert_to_encoder_request
|
|
000fc 85 c0 test eax, eax
|
|
000fe 75 07 jne SHORT $LN2@ObfGenRand
|
|
|
|
; 40 : return NULL;
|
|
|
|
00100 33 c0 xor eax, eax
|
|
00102 e9 30 01 00 00 jmp $LN1@ObfGenRand
|
|
$LN2@ObfGenRand:
|
|
|
|
; 41 :
|
|
; 42 : if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize))
|
|
|
|
00107 4c 8d 8d f4 02
|
|
00 00 lea r9, QWORD PTR ReturnedSize$[rbp]
|
|
0010e 41 b8 0f 00 00
|
|
00 mov r8d, 15
|
|
00114 48 8d 95 c8 02
|
|
00 00 lea rdx, QWORD PTR EncodeBuffer$[rbp]
|
|
0011b 48 8d 8d f0 01
|
|
00 00 lea rcx, QWORD PTR EncoderRequest$[rbp]
|
|
00122 e8 00 00 00 00 call xed_encode
|
|
00127 85 c0 test eax, eax
|
|
00129 74 07 je SHORT $LN3@ObfGenRand
|
|
|
|
; 43 : return NULL;
|
|
|
|
0012b 33 c0 xor eax, eax
|
|
0012d e9 05 01 00 00 jmp $LN1@ObfGenRand
|
|
$LN3@ObfGenRand:
|
|
|
|
; 44 :
|
|
; 45 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, EncodeBuffer, ReturnedSize);
|
|
|
|
00132 b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
|
|
00137 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
|
|
0013c 48 89 85 58 06
|
|
00 00 mov QWORD PTR $T12[rbp], rax
|
|
00143 48 83 bd 58 06
|
|
00 00 00 cmp QWORD PTR $T12[rbp], 0
|
|
0014b 74 30 je SHORT $LN6@ObfGenRand
|
|
0014d c7 44 24 20 00
|
|
00 00 00 mov DWORD PTR [rsp+32], 0
|
|
00155 44 8b 8d f4 02
|
|
00 00 mov r9d, DWORD PTR ReturnedSize$[rbp]
|
|
0015c 4c 8d 85 c8 02
|
|
00 00 lea r8, QWORD PTR EncodeBuffer$[rbp]
|
|
00163 ba 04 00 00 00 mov edx, 4
|
|
00168 48 8b 8d 58 06
|
|
00 00 mov rcx, QWORD PTR $T12[rbp]
|
|
0016f e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
|
|
00174 48 89 85 d8 06
|
|
00 00 mov QWORD PTR tv137[rbp], rax
|
|
0017b eb 0b jmp SHORT $LN7@ObfGenRand
|
|
$LN6@ObfGenRand:
|
|
0017d 48 c7 85 d8 06
|
|
00 00 00 00 00
|
|
00 mov QWORD PTR tv137[rbp], 0
|
|
$LN7@ObfGenRand:
|
|
00188 48 8b 85 d8 06
|
|
00 00 mov rax, QWORD PTR tv137[rbp]
|
|
0018f 48 89 85 38 06
|
|
00 00 mov QWORD PTR $T11[rbp], rax
|
|
00196 48 8b 85 38 06
|
|
00 00 mov rax, QWORD PTR $T11[rbp]
|
|
0019d 48 89 85 18 03
|
|
00 00 mov QWORD PTR Link$[rbp], rax
|
|
|
|
; 46 : if (XED_ERROR_NONE != XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize))
|
|
|
|
001a4 48 8b 85 18 03
|
|
00 00 mov rax, QWORD PTR Link$[rbp]
|
|
001ab 48 83 c0 30 add rax, 48 ; 00000030H
|
|
001af 48 8b 8d 18 03
|
|
00 00 mov rcx, QWORD PTR Link$[rbp]
|
|
001b6 44 8b 41 28 mov r8d, DWORD PTR [rcx+40]
|
|
001ba 48 8b 8d 18 03
|
|
00 00 mov rcx, QWORD PTR Link$[rbp]
|
|
001c1 48 8b 51 20 mov rdx, QWORD PTR [rcx+32]
|
|
001c5 48 8b c8 mov rcx, rax
|
|
001c8 e8 00 00 00 00 call xed_decode
|
|
001cd 85 c0 test eax, eax
|
|
001cf 74 41 je SHORT $LN4@ObfGenRand
|
|
|
|
; 47 : {
|
|
; 48 : delete Link;
|
|
|
|
001d1 48 8b 85 18 03
|
|
00 00 mov rax, QWORD PTR Link$[rbp]
|
|
001d8 48 89 85 78 06
|
|
00 00 mov QWORD PTR $T13[rbp], rax
|
|
001df 48 83 bd 78 06
|
|
00 00 00 cmp QWORD PTR $T13[rbp], 0
|
|
001e7 74 1a je SHORT $LN8@ObfGenRand
|
|
001e9 ba 01 00 00 00 mov edx, 1
|
|
001ee 48 8b 8d 78 06
|
|
00 00 mov rcx, QWORD PTR $T13[rbp]
|
|
001f5 e8 00 00 00 00 call ??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z
|
|
001fa 48 89 85 d8 06
|
|
00 00 mov QWORD PTR tv149[rbp], rax
|
|
00201 eb 0b jmp SHORT $LN9@ObfGenRand
|
|
$LN8@ObfGenRand:
|
|
00203 48 c7 85 d8 06
|
|
00 00 00 00 00
|
|
00 mov QWORD PTR tv149[rbp], 0
|
|
$LN9@ObfGenRand:
|
|
|
|
; 49 : return NULL;
|
|
|
|
0020e 33 c0 xor eax, eax
|
|
00210 eb 25 jmp SHORT $LN1@ObfGenRand
|
|
$LN4@ObfGenRand:
|
|
|
|
; 50 : }
|
|
; 51 : Link->Label = LabelId;
|
|
|
|
00212 48 8b 85 18 03
|
|
00 00 mov rax, QWORD PTR Link$[rbp]
|
|
00219 8b 8d 10 07 00
|
|
00 mov ecx, DWORD PTR LabelId$[rbp]
|
|
0021f 89 48 1c mov DWORD PTR [rax+28], ecx
|
|
|
|
; 52 : Link->Flags = (CODE_FLAG_IS_INST | CODE_FLAG_IS_REL_JMP);
|
|
|
|
00222 48 8b 85 18 03
|
|
00 00 mov rax, QWORD PTR Link$[rbp]
|
|
00229 c7 40 18 06 00
|
|
00 00 mov DWORD PTR [rax+24], 6
|
|
|
|
; 53 :
|
|
; 54 : return Link;
|
|
|
|
00230 48 8b 85 18 03
|
|
00 00 mov rax, QWORD PTR Link$[rbp]
|
|
$LN1@ObfGenRand:
|
|
|
|
; 55 : }
|
|
|
|
00237 48 8b f8 mov rdi, rax
|
|
0023a 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
|
|
0023e 48 8d 15 00 00
|
|
00 00 lea rdx, OFFSET FLAT:?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z$rtcFrameData
|
|
00245 e8 00 00 00 00 call _RTC_CheckStackVars
|
|
0024a 48 8b c7 mov rax, rdi
|
|
0024d 48 8b 8d e0 06
|
|
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
|
|
00254 48 33 cd xor rcx, rbp
|
|
00257 e8 00 00 00 00 call __security_check_cookie
|
|
0025c 48 8d a5 f0 06
|
|
00 00 lea rsp, QWORD PTR [rbp+1776]
|
|
00263 5f pop rdi
|
|
00264 5e pop rsi
|
|
00265 5d pop rbp
|
|
00266 c3 ret 0
|
|
?ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z ENDP ; ObfGenRandomJcc
|
|
_TEXT ENDS
|
|
; COMDAT text$x
|
|
text$x SEGMENT
|
|
MachineState$ = 8
|
|
EncoderInstruction$ = 48
|
|
EncoderRequest$ = 496
|
|
EncodeBuffer$ = 712
|
|
ReturnedSize$ = 756
|
|
Link$ = 792
|
|
$T8 = 1400
|
|
$T9 = 1480
|
|
$T10 = 1560
|
|
$T11 = 1592
|
|
$T12 = 1624
|
|
$T13 = 1656
|
|
$T14 = 1696
|
|
tv77 = 1748
|
|
tv149 = 1752
|
|
tv137 = 1752
|
|
__$ArrayPad$ = 1760
|
|
LabelId$ = 1808
|
|
DisplacementWidth$ = 1816
|
|
?dtor$0@?0??ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA PROC ; `ObfGenRandomJcc'::`1'::dtor$0
|
|
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 55 push rbp
|
|
0000b 57 push rdi
|
|
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
|
|
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
|
|
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
|
|
00019 48 8b 8d 58 06
|
|
00 00 mov rcx, QWORD PTR $T12[rbp]
|
|
00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete
|
|
00025 48 83 c4 28 add rsp, 40 ; 00000028H
|
|
00029 5f pop rdi
|
|
0002a 5d pop rbp
|
|
0002b c3 ret 0
|
|
?dtor$0@?0??ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA ENDP ; `ObfGenRandomJcc'::`1'::dtor$0
|
|
text$x ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; COMDAT text$x
|
|
text$x SEGMENT
|
|
MachineState$ = 8
|
|
EncoderInstruction$ = 48
|
|
EncoderRequest$ = 496
|
|
EncodeBuffer$ = 712
|
|
ReturnedSize$ = 756
|
|
Link$ = 792
|
|
$T8 = 1400
|
|
$T9 = 1480
|
|
$T10 = 1560
|
|
$T11 = 1592
|
|
$T12 = 1624
|
|
$T13 = 1656
|
|
$T14 = 1696
|
|
tv77 = 1748
|
|
tv149 = 1752
|
|
tv137 = 1752
|
|
__$ArrayPad$ = 1760
|
|
LabelId$ = 1808
|
|
DisplacementWidth$ = 1816
|
|
?dtor$0@?0??ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA PROC ; `ObfGenRandomJcc'::`1'::dtor$0
|
|
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 55 push rbp
|
|
0000b 57 push rdi
|
|
0000c 48 83 ec 28 sub rsp, 40 ; 00000028H
|
|
00010 48 8d 6a 30 lea rbp, QWORD PTR [rdx+48]
|
|
00014 ba f0 00 00 00 mov edx, 240 ; 000000f0H
|
|
00019 48 8b 8d 58 06
|
|
00 00 mov rcx, QWORD PTR $T12[rbp]
|
|
00020 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete
|
|
00025 48 83 c4 28 add rsp, 40 ; 00000028H
|
|
00029 5f pop rdi
|
|
0002a 5d pop rbp
|
|
0002b c3 ret 0
|
|
?dtor$0@?0??ObfGenRandomJcc@@YAPEAU_NATIVE_CODE_LINK@@KK@Z@4HA ENDP ; `ObfGenRandomJcc'::`1'::dtor$0
|
|
text$x ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\OpaqueBranching.cpp
|
|
; COMDAT ?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ
|
|
_TEXT SEGMENT
|
|
tv66 = 192
|
|
?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ PROC ; ObfGetRandomJccClass, COMDAT
|
|
|
|
; 4 : {
|
|
|
|
$LN21:
|
|
00000 40 55 push rbp
|
|
00002 57 push rdi
|
|
00003 48 81 ec f8 00
|
|
00 00 sub rsp, 248 ; 000000f8H
|
|
0000a 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
0000f 48 8b fc mov rdi, rsp
|
|
00012 b9 3e 00 00 00 mov ecx, 62 ; 0000003eH
|
|
00017 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0001c f3 ab rep stosd
|
|
0001e 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
|
|
00025 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 5 : switch (rand() % 15)
|
|
|
|
0002a ff 15 00 00 00
|
|
00 call QWORD PTR __imp_rand
|
|
00030 99 cdq
|
|
00031 b9 0f 00 00 00 mov ecx, 15
|
|
00036 f7 f9 idiv ecx
|
|
00038 8b c2 mov eax, edx
|
|
0003a 89 85 c0 00 00
|
|
00 mov DWORD PTR tv66[rbp], eax
|
|
00040 83 bd c0 00 00
|
|
00 0e cmp DWORD PTR tv66[rbp], 14
|
|
00047 0f 87 83 00 00
|
|
00 ja $LN2@ObfGetRand
|
|
0004d 48 63 85 c0 00
|
|
00 00 movsxd rax, DWORD PTR tv66[rbp]
|
|
00054 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__ImageBase
|
|
0005b 8b 84 81 00 00
|
|
00 00 mov eax, DWORD PTR $LN20@ObfGetRand[rcx+rax*4]
|
|
00062 48 03 c1 add rax, rcx
|
|
00065 ff e0 jmp rax
|
|
$LN4@ObfGetRand:
|
|
|
|
; 6 : {
|
|
; 7 : case 0: return XED_ICLASS_JL;
|
|
|
|
00067 b8 3a 01 00 00 mov eax, 314 ; 0000013aH
|
|
0006c eb 67 jmp SHORT $LN1@ObfGetRand
|
|
$LN5@ObfGetRand:
|
|
|
|
; 8 : case 1: return XED_ICLASS_JLE;
|
|
|
|
0006e b8 3b 01 00 00 mov eax, 315 ; 0000013bH
|
|
00073 eb 60 jmp SHORT $LN1@ObfGetRand
|
|
$LN6@ObfGetRand:
|
|
|
|
; 9 : case 2: return XED_ICLASS_JNB;
|
|
|
|
00075 b8 3e 01 00 00 mov eax, 318 ; 0000013eH
|
|
0007a eb 59 jmp SHORT $LN1@ObfGetRand
|
|
$LN7@ObfGetRand:
|
|
|
|
; 10 : case 3: return XED_ICLASS_JNBE;
|
|
|
|
0007c b8 3f 01 00 00 mov eax, 319 ; 0000013fH
|
|
00081 eb 52 jmp SHORT $LN1@ObfGetRand
|
|
$LN8@ObfGetRand:
|
|
|
|
; 11 : case 4: return XED_ICLASS_JNL;
|
|
|
|
00083 b8 40 01 00 00 mov eax, 320 ; 00000140H
|
|
00088 eb 4b jmp SHORT $LN1@ObfGetRand
|
|
$LN9@ObfGetRand:
|
|
|
|
; 12 : case 5: return XED_ICLASS_JNLE;
|
|
|
|
0008a b8 41 01 00 00 mov eax, 321 ; 00000141H
|
|
0008f eb 44 jmp SHORT $LN1@ObfGetRand
|
|
$LN10@ObfGetRand:
|
|
|
|
; 13 : case 6: return XED_ICLASS_JNO;
|
|
|
|
00091 b8 42 01 00 00 mov eax, 322 ; 00000142H
|
|
00096 eb 3d jmp SHORT $LN1@ObfGetRand
|
|
$LN11@ObfGetRand:
|
|
|
|
; 14 : case 7: return XED_ICLASS_JNP;
|
|
|
|
00098 b8 43 01 00 00 mov eax, 323 ; 00000143H
|
|
0009d eb 36 jmp SHORT $LN1@ObfGetRand
|
|
$LN12@ObfGetRand:
|
|
|
|
; 15 : case 8: return XED_ICLASS_JNS;
|
|
|
|
0009f b8 44 01 00 00 mov eax, 324 ; 00000144H
|
|
000a4 eb 2f jmp SHORT $LN1@ObfGetRand
|
|
$LN13@ObfGetRand:
|
|
|
|
; 16 : case 9: return XED_ICLASS_JNZ;
|
|
|
|
000a6 b8 45 01 00 00 mov eax, 325 ; 00000145H
|
|
000ab eb 28 jmp SHORT $LN1@ObfGetRand
|
|
$LN14@ObfGetRand:
|
|
|
|
; 17 : case 10: return XED_ICLASS_JO;
|
|
|
|
000ad b8 46 01 00 00 mov eax, 326 ; 00000146H
|
|
000b2 eb 21 jmp SHORT $LN1@ObfGetRand
|
|
$LN15@ObfGetRand:
|
|
|
|
; 18 : case 11: return XED_ICLASS_JP;
|
|
|
|
000b4 b8 47 01 00 00 mov eax, 327 ; 00000147H
|
|
000b9 eb 1a jmp SHORT $LN1@ObfGetRand
|
|
$LN16@ObfGetRand:
|
|
|
|
; 19 : case 12: return XED_ICLASS_JRCXZ;
|
|
|
|
000bb b8 48 01 00 00 mov eax, 328 ; 00000148H
|
|
000c0 eb 13 jmp SHORT $LN1@ObfGetRand
|
|
$LN17@ObfGetRand:
|
|
|
|
; 20 : case 13: return XED_ICLASS_JS;
|
|
|
|
000c2 b8 49 01 00 00 mov eax, 329 ; 00000149H
|
|
000c7 eb 0c jmp SHORT $LN1@ObfGetRand
|
|
$LN18@ObfGetRand:
|
|
|
|
; 21 : case 14: return XED_ICLASS_JZ;
|
|
|
|
000c9 b8 4a 01 00 00 mov eax, 330 ; 0000014aH
|
|
000ce eb 05 jmp SHORT $LN1@ObfGetRand
|
|
$LN2@ObfGetRand:
|
|
|
|
; 22 : }
|
|
; 23 : return XED_ICLASS_JLE;
|
|
|
|
000d0 b8 3b 01 00 00 mov eax, 315 ; 0000013bH
|
|
$LN1@ObfGetRand:
|
|
|
|
; 24 : }
|
|
|
|
000d5 48 8d a5 d8 00
|
|
00 00 lea rsp, QWORD PTR [rbp+216]
|
|
000dc 5f pop rdi
|
|
000dd 5d pop rbp
|
|
000de c3 ret 0
|
|
000df 90 npad 1
|
|
$LN20@ObfGetRand:
|
|
000e0 00 00 00 00 DD $LN4@ObfGetRand
|
|
000e4 00 00 00 00 DD $LN5@ObfGetRand
|
|
000e8 00 00 00 00 DD $LN6@ObfGetRand
|
|
000ec 00 00 00 00 DD $LN7@ObfGetRand
|
|
000f0 00 00 00 00 DD $LN8@ObfGetRand
|
|
000f4 00 00 00 00 DD $LN9@ObfGetRand
|
|
000f8 00 00 00 00 DD $LN10@ObfGetRand
|
|
000fc 00 00 00 00 DD $LN11@ObfGetRand
|
|
00100 00 00 00 00 DD $LN12@ObfGetRand
|
|
00104 00 00 00 00 DD $LN13@ObfGetRand
|
|
00108 00 00 00 00 DD $LN14@ObfGetRand
|
|
0010c 00 00 00 00 DD $LN15@ObfGetRand
|
|
00110 00 00 00 00 DD $LN16@ObfGetRand
|
|
00114 00 00 00 00 DD $LN17@ObfGetRand
|
|
00118 00 00 00 00 DD $LN18@ObfGetRand
|
|
?ObfGetRandomJccClass@@YA?AW4xed_iclass_enum_t@@XZ ENDP ; ObfGetRandomJccClass
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; COMDAT ??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z
|
|
_TEXT SEGMENT
|
|
this$ = 224
|
|
__flags$ = 232
|
|
??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z PROC ; _NATIVE_CODE_LINK::`scalar deleting destructor', COMDAT
|
|
$LN4:
|
|
00000 89 54 24 10 mov DWORD PTR [rsp+16], edx
|
|
00004 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00009 55 push rbp
|
|
0000a 57 push rdi
|
|
0000b 48 81 ec e8 00
|
|
00 00 sub rsp, 232 ; 000000e8H
|
|
00012 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
00017 48 8b fc mov rdi, rsp
|
|
0001a b9 3a 00 00 00 mov ecx, 58 ; 0000003aH
|
|
0001f b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
00024 f3 ab rep stosd
|
|
00026 48 8b 8c 24 08
|
|
01 00 00 mov rcx, QWORD PTR [rsp+264]
|
|
0002e 48 8b 8d e0 00
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
00035 e8 00 00 00 00 call ??1_NATIVE_CODE_LINK@@QEAA@XZ ; _NATIVE_CODE_LINK::~_NATIVE_CODE_LINK
|
|
0003a 8b 85 e8 00 00
|
|
00 mov eax, DWORD PTR __flags$[rbp]
|
|
00040 83 e0 01 and eax, 1
|
|
00043 85 c0 test eax, eax
|
|
00045 74 11 je SHORT $LN2@scalar
|
|
00047 ba f0 00 00 00 mov edx, 240 ; 000000f0H
|
|
0004c 48 8b 8d e0 00
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
00053 e8 00 00 00 00 call ??3@YAXPEAX_K@Z ; operator delete
|
|
$LN2@scalar:
|
|
00058 48 8b 85 e0 00
|
|
00 00 mov rax, QWORD PTR this$[rbp]
|
|
0005f 48 8d a5 c8 00
|
|
00 00 lea rsp, QWORD PTR [rbp+200]
|
|
00066 5f pop rdi
|
|
00067 5d pop rbp
|
|
00068 c3 ret 0
|
|
??_G_NATIVE_CODE_LINK@@QEAAPEAXI@Z ENDP ; _NATIVE_CODE_LINK::`scalar deleting destructor'
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\build\obj\wkit\include\xed\xed-encoder-hl.h
|
|
; COMDAT xed_inst1
|
|
_TEXT SEGMENT
|
|
inst$ = 224
|
|
mode$ = 232
|
|
iclass$ = 240
|
|
effective_operand_width$ = 248
|
|
op0$ = 256
|
|
xed_inst1 PROC ; COMDAT
|
|
|
|
; 490 : xed_encoder_operand_t op0) {
|
|
|
|
00000 44 89 4c 24 20 mov DWORD PTR [rsp+32], r9d
|
|
00005 44 89 44 24 18 mov DWORD PTR [rsp+24], r8d
|
|
0000a 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000f 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00014 55 push rbp
|
|
00015 56 push rsi
|
|
00016 57 push rdi
|
|
00017 48 81 ec e0 00
|
|
00 00 sub rsp, 224 ; 000000e0H
|
|
0001e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
00023 48 8b fc mov rdi, rsp
|
|
00026 b9 38 00 00 00 mov ecx, 56 ; 00000038H
|
|
0002b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
00030 f3 ab rep stosd
|
|
00032 48 8b 8c 24 08
|
|
01 00 00 mov rcx, QWORD PTR [rsp+264]
|
|
0003a 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__CDA14B9B_xed-encoder-hl@h
|
|
00041 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 491 :
|
|
; 492 : inst->mode=mode;
|
|
|
|
00046 48 8b 85 e0 00
|
|
00 00 mov rax, QWORD PTR inst$[rbp]
|
|
0004d 48 8b 8d e8 00
|
|
00 00 mov rcx, QWORD PTR mode$[rbp]
|
|
00054 48 89 08 mov QWORD PTR [rax], rcx
|
|
|
|
; 493 : inst->iclass = iclass;
|
|
|
|
00057 48 8b 85 e0 00
|
|
00 00 mov rax, QWORD PTR inst$[rbp]
|
|
0005e 8b 8d f0 00 00
|
|
00 mov ecx, DWORD PTR iclass$[rbp]
|
|
00064 89 48 08 mov DWORD PTR [rax+8], ecx
|
|
|
|
; 494 : inst->effective_operand_width = effective_operand_width;
|
|
|
|
00067 48 8b 85 e0 00
|
|
00 00 mov rax, QWORD PTR inst$[rbp]
|
|
0006e 8b 8d f8 00 00
|
|
00 mov ecx, DWORD PTR effective_operand_width$[rbp]
|
|
00074 89 48 0c mov DWORD PTR [rax+12], ecx
|
|
|
|
; 495 : inst->effective_address_width = 0;
|
|
|
|
00077 48 8b 85 e0 00
|
|
00 00 mov rax, QWORD PTR inst$[rbp]
|
|
0007e c7 40 10 00 00
|
|
00 00 mov DWORD PTR [rax+16], 0
|
|
|
|
; 496 : inst->prefixes.i = 0;
|
|
|
|
00085 48 8b 85 e0 00
|
|
00 00 mov rax, QWORD PTR inst$[rbp]
|
|
0008c c7 40 14 00 00
|
|
00 00 mov DWORD PTR [rax+20], 0
|
|
|
|
; 497 : inst->operands[0] = op0;
|
|
|
|
00093 b8 30 00 00 00 mov eax, 48 ; 00000030H
|
|
00098 48 6b c0 00 imul rax, rax, 0
|
|
0009c 48 8b 8d e0 00
|
|
00 00 mov rcx, QWORD PTR inst$[rbp]
|
|
000a3 48 8d 7c 01 20 lea rdi, QWORD PTR [rcx+rax+32]
|
|
000a8 48 8b b5 00 01
|
|
00 00 mov rsi, QWORD PTR op0$[rbp]
|
|
000af b9 30 00 00 00 mov ecx, 48 ; 00000030H
|
|
000b4 f3 a4 rep movsb
|
|
|
|
; 498 : inst->noperands = 1;
|
|
|
|
000b6 48 8b 85 e0 00
|
|
00 00 mov rax, QWORD PTR inst$[rbp]
|
|
000bd c7 40 18 01 00
|
|
00 00 mov DWORD PTR [rax+24], 1
|
|
|
|
; 499 : }
|
|
|
|
000c4 48 8d a5 c0 00
|
|
00 00 lea rsp, QWORD PTR [rbp+192]
|
|
000cb 5f pop rdi
|
|
000cc 5e pop rsi
|
|
000cd 5d pop rbp
|
|
000ce c3 ret 0
|
|
xed_inst1 ENDP
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\build\obj\wkit\include\xed\xed-encoder-hl.h
|
|
; COMDAT xed_relbr
|
|
_TEXT SEGMENT
|
|
o$ = 8
|
|
__$ArrayPad$ = 264
|
|
$T4 = 304
|
|
brdisp$ = 312
|
|
width_bits$ = 320
|
|
xed_relbr PROC ; COMDAT
|
|
|
|
; 105 : xed_uint_t width_bits) {
|
|
|
|
00000 44 89 44 24 18 mov DWORD PTR [rsp+24], r8d
|
|
00005 89 54 24 10 mov DWORD PTR [rsp+16], edx
|
|
00009 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
0000e 55 push rbp
|
|
0000f 56 push rsi
|
|
00010 57 push rdi
|
|
00011 48 81 ec 30 01
|
|
00 00 sub rsp, 304 ; 00000130H
|
|
00018 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
0001d 48 8b fc mov rdi, rsp
|
|
00020 b9 4c 00 00 00 mov ecx, 76 ; 0000004cH
|
|
00025 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0002a f3 ab rep stosd
|
|
0002c 48 8b 8c 24 58
|
|
01 00 00 mov rcx, QWORD PTR [rsp+344]
|
|
00034 48 8b 05 00 00
|
|
00 00 mov rax, QWORD PTR __security_cookie
|
|
0003b 48 33 c5 xor rax, rbp
|
|
0003e 48 89 85 08 01
|
|
00 00 mov QWORD PTR __$ArrayPad$[rbp], rax
|
|
00045 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__CDA14B9B_xed-encoder-hl@h
|
|
0004c e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 106 : xed_encoder_operand_t o;
|
|
; 107 : o.type = XED_ENCODER_OPERAND_TYPE_BRDISP;
|
|
|
|
00051 c7 45 08 01 00
|
|
00 00 mov DWORD PTR o$[rbp], 1
|
|
|
|
; 108 : o.u.brdisp = brdisp;
|
|
|
|
00058 8b 85 38 01 00
|
|
00 mov eax, DWORD PTR brdisp$[rbp]
|
|
0005e 89 45 10 mov DWORD PTR o$[rbp+8], eax
|
|
|
|
; 109 : o.width_bits = width_bits;
|
|
|
|
00061 8b 85 40 01 00
|
|
00 mov eax, DWORD PTR width_bits$[rbp]
|
|
00067 89 45 30 mov DWORD PTR o$[rbp+40], eax
|
|
|
|
; 110 : return o;
|
|
|
|
0006a 48 8d 45 08 lea rax, QWORD PTR o$[rbp]
|
|
0006e 48 8b bd 30 01
|
|
00 00 mov rdi, QWORD PTR $T4[rbp]
|
|
00075 48 8b f0 mov rsi, rax
|
|
00078 b9 30 00 00 00 mov ecx, 48 ; 00000030H
|
|
0007d f3 a4 rep movsb
|
|
0007f 48 8b 85 30 01
|
|
00 00 mov rax, QWORD PTR $T4[rbp]
|
|
|
|
; 111 : }
|
|
|
|
00086 48 8b f8 mov rdi, rax
|
|
00089 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
|
|
0008d 48 8d 15 00 00
|
|
00 00 lea rdx, OFFSET FLAT:xed_relbr$rtcFrameData
|
|
00094 e8 00 00 00 00 call _RTC_CheckStackVars
|
|
00099 48 8b c7 mov rax, rdi
|
|
0009c 48 8b 8d 08 01
|
|
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
|
|
000a3 48 33 cd xor rcx, rbp
|
|
000a6 e8 00 00 00 00 call __security_check_cookie
|
|
000ab 48 8d a5 10 01
|
|
00 00 lea rsp, QWORD PTR [rbp+272]
|
|
000b2 5f pop rdi
|
|
000b3 5e pop rsi
|
|
000b4 5d pop rbp
|
|
000b5 c3 ret 0
|
|
xed_relbr ENDP
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\xloctime
|
|
; COMDAT ??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
|
|
_TEXT SEGMENT
|
|
$T1 = 200
|
|
tv93 = 264
|
|
tv85 = 264
|
|
this$ = 304
|
|
__formal$ = 312
|
|
_Lobj$ = 320
|
|
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z PROC ; std::time_get<wchar_t,std::istreambuf_iterator<wchar_t,std::char_traits<wchar_t> > >::_Getvals<wchar_t>, COMDAT
|
|
|
|
; 176 : void __CLR_OR_THIS_CALL _Getvals(_Elem2, const _Locinfo& _Lobj) { // get values
|
|
|
|
$LN5:
|
|
00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
|
|
00005 66 89 54 24 10 mov WORD PTR [rsp+16], dx
|
|
0000a 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
0000f 55 push rbp
|
|
00010 56 push rsi
|
|
00011 57 push rdi
|
|
00012 48 81 ec 30 01
|
|
00 00 sub rsp, 304 ; 00000130H
|
|
00019 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
0001e 48 8b fc mov rdi, rsp
|
|
00021 b9 4c 00 00 00 mov ecx, 76 ; 0000004cH
|
|
00026 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0002b f3 ab rep stosd
|
|
0002d 48 8b 8c 24 58
|
|
01 00 00 mov rcx, QWORD PTR [rsp+344]
|
|
00035 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__886F7F70_xloctime
|
|
0003c e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 177 : _Cvt = _Lobj._Getcvt();
|
|
|
|
00041 48 8d 95 c8 00
|
|
00 00 lea rdx, QWORD PTR $T1[rbp]
|
|
00048 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Lobj$[rbp]
|
|
0004f ff 15 00 00 00
|
|
00 call QWORD PTR __imp_?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
|
|
00055 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
0005c 48 8d 79 2c lea rdi, QWORD PTR [rcx+44]
|
|
00060 48 8b f0 mov rsi, rax
|
|
00063 b9 2c 00 00 00 mov ecx, 44 ; 0000002cH
|
|
00068 f3 a4 rep movsb
|
|
|
|
; 178 :
|
|
; 179 : if (is_same_v<_Elem2, wchar_t>) {
|
|
|
|
0006a 33 c0 xor eax, eax
|
|
0006c 83 f8 01 cmp eax, 1
|
|
0006f 74 5c je SHORT $LN2@Getvals
|
|
|
|
; 180 : _Days = reinterpret_cast<const _Elem*>(_Maklocwcs(reinterpret_cast<const wchar_t*>(_Lobj._W_Getdays())));
|
|
|
|
00071 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Lobj$[rbp]
|
|
00078 ff 15 00 00 00
|
|
00 call QWORD PTR __imp_?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
|
|
0007e 48 8b c8 mov rcx, rax
|
|
00081 e8 00 00 00 00 call ?_Maklocwcs@std@@YAPEA_WPEB_W@Z ; std::_Maklocwcs
|
|
00086 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
0008d 48 89 41 10 mov QWORD PTR [rcx+16], rax
|
|
|
|
; 181 : _Months =
|
|
|
|
00091 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Lobj$[rbp]
|
|
00098 ff 15 00 00 00
|
|
00 call QWORD PTR __imp_?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
|
|
0009e 48 8b c8 mov rcx, rax
|
|
000a1 e8 00 00 00 00 call ?_Maklocwcs@std@@YAPEA_WPEB_W@Z ; std::_Maklocwcs
|
|
000a6 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
000ad 48 89 41 18 mov QWORD PTR [rcx+24], rax
|
|
|
|
; 182 : reinterpret_cast<const _Elem*>(_Maklocwcs(reinterpret_cast<const wchar_t*>(_Lobj._W_Getmonths())));
|
|
; 183 : _Ampm = reinterpret_cast<const _Elem*>(_Maklocwcs(L":AM:am:PM:pm"));
|
|
|
|
000b1 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:??_C@_1BK@MHIKGOKE@?$AA?3?$AAA?$AAM?$AA?3?$AAa?$AAm?$AA?3?$AAP?$AAM?$AA?3?$AAp?$AAm@
|
|
000b8 e8 00 00 00 00 call ?_Maklocwcs@std@@YAPEA_WPEB_W@Z ; std::_Maklocwcs
|
|
000bd 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
000c4 48 89 41 20 mov QWORD PTR [rcx+32], rax
|
|
|
|
; 184 : } else {
|
|
|
|
000c8 e9 a3 00 00 00 jmp $LN3@Getvals
|
|
$LN2@Getvals:
|
|
|
|
; 185 : _Days = _Maklocstr(_Lobj._Getdays(), static_cast<_Elem*>(nullptr), _Cvt);
|
|
|
|
000cd 48 8b 85 30 01
|
|
00 00 mov rax, QWORD PTR this$[rbp]
|
|
000d4 48 83 c0 2c add rax, 44 ; 0000002cH
|
|
000d8 48 89 85 08 01
|
|
00 00 mov QWORD PTR tv85[rbp], rax
|
|
000df 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Lobj$[rbp]
|
|
000e6 ff 15 00 00 00
|
|
00 call QWORD PTR __imp_?_Getdays@_Locinfo@std@@QEBAPEBDXZ
|
|
000ec 48 8b 8d 08 01
|
|
00 00 mov rcx, QWORD PTR tv85[rbp]
|
|
000f3 4c 8b c1 mov r8, rcx
|
|
000f6 33 d2 xor edx, edx
|
|
000f8 48 8b c8 mov rcx, rax
|
|
000fb e8 00 00 00 00 call ??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z ; std::_Maklocstr<wchar_t>
|
|
00100 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
00107 48 89 41 10 mov QWORD PTR [rcx+16], rax
|
|
|
|
; 186 : _Months = _Maklocstr(_Lobj._Getmonths(), static_cast<_Elem*>(nullptr), _Cvt);
|
|
|
|
0010b 48 8b 85 30 01
|
|
00 00 mov rax, QWORD PTR this$[rbp]
|
|
00112 48 83 c0 2c add rax, 44 ; 0000002cH
|
|
00116 48 89 85 08 01
|
|
00 00 mov QWORD PTR tv93[rbp], rax
|
|
0011d 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Lobj$[rbp]
|
|
00124 ff 15 00 00 00
|
|
00 call QWORD PTR __imp_?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
|
|
0012a 48 8b 8d 08 01
|
|
00 00 mov rcx, QWORD PTR tv93[rbp]
|
|
00131 4c 8b c1 mov r8, rcx
|
|
00134 33 d2 xor edx, edx
|
|
00136 48 8b c8 mov rcx, rax
|
|
00139 e8 00 00 00 00 call ??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z ; std::_Maklocstr<wchar_t>
|
|
0013e 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
00145 48 89 41 18 mov QWORD PTR [rcx+24], rax
|
|
|
|
; 187 : _Ampm = _Maklocstr(":AM:am:PM:pm", static_cast<_Elem*>(nullptr), _Cvt);
|
|
|
|
00149 48 8b 85 30 01
|
|
00 00 mov rax, QWORD PTR this$[rbp]
|
|
00150 48 83 c0 2c add rax, 44 ; 0000002cH
|
|
00154 4c 8b c0 mov r8, rax
|
|
00157 33 d2 xor edx, edx
|
|
00159 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@
|
|
00160 e8 00 00 00 00 call ??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z ; std::_Maklocstr<wchar_t>
|
|
00165 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
0016c 48 89 41 20 mov QWORD PTR [rcx+32], rax
|
|
$LN3@Getvals:
|
|
|
|
; 188 : }
|
|
; 189 : }
|
|
|
|
00170 48 8d a5 10 01
|
|
00 00 lea rsp, QWORD PTR [rbp+272]
|
|
00177 5f pop rdi
|
|
00178 5e pop rsi
|
|
00179 5d pop rbp
|
|
0017a c3 ret 0
|
|
??$_Getvals@_W@?$time_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z ENDP ; std::time_get<wchar_t,std::istreambuf_iterator<wchar_t,std::char_traits<wchar_t> > >::_Getvals<wchar_t>
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\xloctime
|
|
; COMDAT ??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z
|
|
_TEXT SEGMENT
|
|
$T1 = 200
|
|
tv93 = 264
|
|
tv85 = 264
|
|
this$ = 304
|
|
__formal$ = 312
|
|
_Lobj$ = 320
|
|
??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z PROC ; std::time_get<char,std::istreambuf_iterator<char,std::char_traits<char> > >::_Getvals<wchar_t>, COMDAT
|
|
|
|
; 176 : void __CLR_OR_THIS_CALL _Getvals(_Elem2, const _Locinfo& _Lobj) { // get values
|
|
|
|
$LN5:
|
|
00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
|
|
00005 66 89 54 24 10 mov WORD PTR [rsp+16], dx
|
|
0000a 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
0000f 55 push rbp
|
|
00010 56 push rsi
|
|
00011 57 push rdi
|
|
00012 48 81 ec 30 01
|
|
00 00 sub rsp, 304 ; 00000130H
|
|
00019 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
0001e 48 8b fc mov rdi, rsp
|
|
00021 b9 4c 00 00 00 mov ecx, 76 ; 0000004cH
|
|
00026 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0002b f3 ab rep stosd
|
|
0002d 48 8b 8c 24 58
|
|
01 00 00 mov rcx, QWORD PTR [rsp+344]
|
|
00035 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__886F7F70_xloctime
|
|
0003c e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 177 : _Cvt = _Lobj._Getcvt();
|
|
|
|
00041 48 8d 95 c8 00
|
|
00 00 lea rdx, QWORD PTR $T1[rbp]
|
|
00048 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Lobj$[rbp]
|
|
0004f ff 15 00 00 00
|
|
00 call QWORD PTR __imp_?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
|
|
00055 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
0005c 48 8d 79 2c lea rdi, QWORD PTR [rcx+44]
|
|
00060 48 8b f0 mov rsi, rax
|
|
00063 b9 2c 00 00 00 mov ecx, 44 ; 0000002cH
|
|
00068 f3 a4 rep movsb
|
|
|
|
; 178 :
|
|
; 179 : if (is_same_v<_Elem2, wchar_t>) {
|
|
|
|
0006a 33 c0 xor eax, eax
|
|
0006c 83 f8 01 cmp eax, 1
|
|
0006f 74 5c je SHORT $LN2@Getvals
|
|
|
|
; 180 : _Days = reinterpret_cast<const _Elem*>(_Maklocwcs(reinterpret_cast<const wchar_t*>(_Lobj._W_Getdays())));
|
|
|
|
00071 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Lobj$[rbp]
|
|
00078 ff 15 00 00 00
|
|
00 call QWORD PTR __imp_?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
|
|
0007e 48 8b c8 mov rcx, rax
|
|
00081 e8 00 00 00 00 call ?_Maklocwcs@std@@YAPEA_WPEB_W@Z ; std::_Maklocwcs
|
|
00086 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
0008d 48 89 41 10 mov QWORD PTR [rcx+16], rax
|
|
|
|
; 181 : _Months =
|
|
|
|
00091 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Lobj$[rbp]
|
|
00098 ff 15 00 00 00
|
|
00 call QWORD PTR __imp_?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
|
|
0009e 48 8b c8 mov rcx, rax
|
|
000a1 e8 00 00 00 00 call ?_Maklocwcs@std@@YAPEA_WPEB_W@Z ; std::_Maklocwcs
|
|
000a6 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
000ad 48 89 41 18 mov QWORD PTR [rcx+24], rax
|
|
|
|
; 182 : reinterpret_cast<const _Elem*>(_Maklocwcs(reinterpret_cast<const wchar_t*>(_Lobj._W_Getmonths())));
|
|
; 183 : _Ampm = reinterpret_cast<const _Elem*>(_Maklocwcs(L":AM:am:PM:pm"));
|
|
|
|
000b1 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:??_C@_1BK@MHIKGOKE@?$AA?3?$AAA?$AAM?$AA?3?$AAa?$AAm?$AA?3?$AAP?$AAM?$AA?3?$AAp?$AAm@
|
|
000b8 e8 00 00 00 00 call ?_Maklocwcs@std@@YAPEA_WPEB_W@Z ; std::_Maklocwcs
|
|
000bd 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
000c4 48 89 41 20 mov QWORD PTR [rcx+32], rax
|
|
|
|
; 184 : } else {
|
|
|
|
000c8 e9 a3 00 00 00 jmp $LN3@Getvals
|
|
$LN2@Getvals:
|
|
|
|
; 185 : _Days = _Maklocstr(_Lobj._Getdays(), static_cast<_Elem*>(nullptr), _Cvt);
|
|
|
|
000cd 48 8b 85 30 01
|
|
00 00 mov rax, QWORD PTR this$[rbp]
|
|
000d4 48 83 c0 2c add rax, 44 ; 0000002cH
|
|
000d8 48 89 85 08 01
|
|
00 00 mov QWORD PTR tv85[rbp], rax
|
|
000df 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Lobj$[rbp]
|
|
000e6 ff 15 00 00 00
|
|
00 call QWORD PTR __imp_?_Getdays@_Locinfo@std@@QEBAPEBDXZ
|
|
000ec 48 8b 8d 08 01
|
|
00 00 mov rcx, QWORD PTR tv85[rbp]
|
|
000f3 4c 8b c1 mov r8, rcx
|
|
000f6 33 d2 xor edx, edx
|
|
000f8 48 8b c8 mov rcx, rax
|
|
000fb e8 00 00 00 00 call ??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z ; std::_Maklocstr<char>
|
|
00100 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
00107 48 89 41 10 mov QWORD PTR [rcx+16], rax
|
|
|
|
; 186 : _Months = _Maklocstr(_Lobj._Getmonths(), static_cast<_Elem*>(nullptr), _Cvt);
|
|
|
|
0010b 48 8b 85 30 01
|
|
00 00 mov rax, QWORD PTR this$[rbp]
|
|
00112 48 83 c0 2c add rax, 44 ; 0000002cH
|
|
00116 48 89 85 08 01
|
|
00 00 mov QWORD PTR tv93[rbp], rax
|
|
0011d 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Lobj$[rbp]
|
|
00124 ff 15 00 00 00
|
|
00 call QWORD PTR __imp_?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
|
|
0012a 48 8b 8d 08 01
|
|
00 00 mov rcx, QWORD PTR tv93[rbp]
|
|
00131 4c 8b c1 mov r8, rcx
|
|
00134 33 d2 xor edx, edx
|
|
00136 48 8b c8 mov rcx, rax
|
|
00139 e8 00 00 00 00 call ??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z ; std::_Maklocstr<char>
|
|
0013e 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
00145 48 89 41 18 mov QWORD PTR [rcx+24], rax
|
|
|
|
; 187 : _Ampm = _Maklocstr(":AM:am:PM:pm", static_cast<_Elem*>(nullptr), _Cvt);
|
|
|
|
00149 48 8b 85 30 01
|
|
00 00 mov rax, QWORD PTR this$[rbp]
|
|
00150 48 83 c0 2c add rax, 44 ; 0000002cH
|
|
00154 4c 8b c0 mov r8, rax
|
|
00157 33 d2 xor edx, edx
|
|
00159 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@
|
|
00160 e8 00 00 00 00 call ??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z ; std::_Maklocstr<char>
|
|
00165 48 8b 8d 30 01
|
|
00 00 mov rcx, QWORD PTR this$[rbp]
|
|
0016c 48 89 41 20 mov QWORD PTR [rcx+32], rax
|
|
$LN3@Getvals:
|
|
|
|
; 188 : }
|
|
; 189 : }
|
|
|
|
00170 48 8d a5 10 01
|
|
00 00 lea rsp, QWORD PTR [rbp+272]
|
|
00177 5f pop rdi
|
|
00178 5e pop rsi
|
|
00179 5d pop rbp
|
|
0017a c3 ret 0
|
|
??$_Getvals@_W@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IEAAX_WAEBV_Locinfo@1@@Z ENDP ; std::time_get<char,std::istreambuf_iterator<char,std::char_traits<char> > >::_Getvals<wchar_t>
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\xlocale
|
|
; COMDAT ??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z
|
|
_TEXT SEGMENT
|
|
_Count$ = 8
|
|
_Ptrdest$ = 40
|
|
_Ptrnext$1 = 72
|
|
_Ptr$ = 320
|
|
__formal$ = 328
|
|
__formal$ = 336
|
|
??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z PROC ; std::_Maklocstr<char>, COMDAT
|
|
|
|
; 563 : _Elem* __CRTDECL _Maklocstr(const char* _Ptr, _Elem*, const _Locinfo::_Cvtvec&) {
|
|
|
|
$LN7:
|
|
00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
0000f 55 push rbp
|
|
00010 57 push rdi
|
|
00011 48 81 ec 58 01
|
|
00 00 sub rsp, 344 ; 00000158H
|
|
00018 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
|
|
0001d 48 8b fc mov rdi, rsp
|
|
00020 b9 56 00 00 00 mov ecx, 86 ; 00000056H
|
|
00025 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0002a f3 ab rep stosd
|
|
0002c 48 8b 8c 24 78
|
|
01 00 00 mov rcx, QWORD PTR [rsp+376]
|
|
00034 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__0E648B51_xlocale
|
|
0003b e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 564 : // convert C string to _Elem sequence using _Cvtvec
|
|
; 565 : size_t _Count = _CSTD strlen(_Ptr) + 1;
|
|
|
|
00040 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Ptr$[rbp]
|
|
00047 e8 00 00 00 00 call strlen
|
|
0004c 48 ff c0 inc rax
|
|
0004f 48 89 45 08 mov QWORD PTR _Count$[rbp], rax
|
|
|
|
; 566 :
|
|
; 567 : _Elem* _Ptrdest = static_cast<_Elem*>(_calloc_dbg(_Count, sizeof(_Elem), _CRT_BLOCK, __FILE__, __LINE__));
|
|
|
|
00053 c7 44 24 20 37
|
|
02 00 00 mov DWORD PTR [rsp+32], 567 ; 00000237H
|
|
0005b 4c 8d 0d 00 00
|
|
00 00 lea r9, OFFSET FLAT:??_C@_0GI@DEICPIDJ@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@
|
|
00062 41 b8 02 00 00
|
|
00 mov r8d, 2
|
|
00068 ba 01 00 00 00 mov edx, 1
|
|
0006d 48 8b 4d 08 mov rcx, QWORD PTR _Count$[rbp]
|
|
00071 ff 15 00 00 00
|
|
00 call QWORD PTR __imp__calloc_dbg
|
|
00077 48 89 45 28 mov QWORD PTR _Ptrdest$[rbp], rax
|
|
|
|
; 568 :
|
|
; 569 : if (!_Ptrdest) {
|
|
|
|
0007b 48 83 7d 28 00 cmp QWORD PTR _Ptrdest$[rbp], 0
|
|
00080 75 05 jne SHORT $LN5@Maklocstr
|
|
|
|
; 570 : _Xbad_alloc();
|
|
|
|
00082 e8 00 00 00 00 call ?_Xbad_alloc@std@@YAXXZ ; std::_Xbad_alloc
|
|
$LN5@Maklocstr:
|
|
|
|
; 571 : }
|
|
; 572 :
|
|
; 573 : for (_Elem* _Ptrnext = _Ptrdest; 0 < _Count; --_Count, ++_Ptrnext, ++_Ptr) {
|
|
|
|
00087 48 8b 45 28 mov rax, QWORD PTR _Ptrdest$[rbp]
|
|
0008b 48 89 45 48 mov QWORD PTR _Ptrnext$1[rbp], rax
|
|
0008f eb 27 jmp SHORT $LN4@Maklocstr
|
|
$LN2@Maklocstr:
|
|
00091 48 8b 45 08 mov rax, QWORD PTR _Count$[rbp]
|
|
00095 48 ff c8 dec rax
|
|
00098 48 89 45 08 mov QWORD PTR _Count$[rbp], rax
|
|
0009c 48 8b 45 48 mov rax, QWORD PTR _Ptrnext$1[rbp]
|
|
000a0 48 ff c0 inc rax
|
|
000a3 48 89 45 48 mov QWORD PTR _Ptrnext$1[rbp], rax
|
|
000a7 48 8b 85 40 01
|
|
00 00 mov rax, QWORD PTR _Ptr$[rbp]
|
|
000ae 48 ff c0 inc rax
|
|
000b1 48 89 85 40 01
|
|
00 00 mov QWORD PTR _Ptr$[rbp], rax
|
|
$LN4@Maklocstr:
|
|
000b8 48 83 7d 08 00 cmp QWORD PTR _Count$[rbp], 0
|
|
000bd 76 12 jbe SHORT $LN3@Maklocstr
|
|
|
|
; 574 : *_Ptrnext = static_cast<_Elem>(static_cast<unsigned char>(*_Ptr));
|
|
|
|
000bf 48 8b 45 48 mov rax, QWORD PTR _Ptrnext$1[rbp]
|
|
000c3 48 8b 8d 40 01
|
|
00 00 mov rcx, QWORD PTR _Ptr$[rbp]
|
|
000ca 0f b6 09 movzx ecx, BYTE PTR [rcx]
|
|
000cd 88 08 mov BYTE PTR [rax], cl
|
|
|
|
; 575 : }
|
|
|
|
000cf eb c0 jmp SHORT $LN2@Maklocstr
|
|
$LN3@Maklocstr:
|
|
|
|
; 576 :
|
|
; 577 : return _Ptrdest;
|
|
|
|
000d1 48 8b 45 28 mov rax, QWORD PTR _Ptrdest$[rbp]
|
|
$LN6@Maklocstr:
|
|
|
|
; 578 : }
|
|
|
|
000d5 48 8d a5 28 01
|
|
00 00 lea rsp, QWORD PTR [rbp+296]
|
|
000dc 5f pop rdi
|
|
000dd 5d pop rbp
|
|
000de c3 ret 0
|
|
??$_Maklocstr@D@std@@YAPEADPEBDPEADAEBU_Cvtvec@@@Z ENDP ; std::_Maklocstr<char>
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\xlocnum
|
|
; COMDAT ?_Maklocwcs@std@@YAPEA_WPEB_W@Z
|
|
_TEXT SEGMENT
|
|
_Count$ = 8
|
|
_Ptrdest$ = 40
|
|
_Ptr$ = 288
|
|
?_Maklocwcs@std@@YAPEA_WPEB_W@Z PROC ; std::_Maklocwcs, COMDAT
|
|
|
|
; 90 : inline wchar_t* _Maklocwcs(const wchar_t* _Ptr) { // copy NTWCS to allocated storage
|
|
|
|
$LN4:
|
|
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00005 55 push rbp
|
|
00006 57 push rdi
|
|
00007 48 81 ec 38 01
|
|
00 00 sub rsp, 312 ; 00000138H
|
|
0000e 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
|
|
00013 48 8b fc mov rdi, rsp
|
|
00016 b9 4e 00 00 00 mov ecx, 78 ; 0000004eH
|
|
0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
00020 f3 ab rep stosd
|
|
00022 48 8b 8c 24 58
|
|
01 00 00 mov rcx, QWORD PTR [rsp+344]
|
|
0002a 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__90E3ED46_xlocnum
|
|
00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 91 : const size_t _Count = _CSTD wcslen(_Ptr) + 1;
|
|
|
|
00036 48 8b 8d 20 01
|
|
00 00 mov rcx, QWORD PTR _Ptr$[rbp]
|
|
0003d ff 15 00 00 00
|
|
00 call QWORD PTR __imp_wcslen
|
|
00043 48 ff c0 inc rax
|
|
00046 48 89 45 08 mov QWORD PTR _Count$[rbp], rax
|
|
|
|
; 92 :
|
|
; 93 : wchar_t* _Ptrdest = static_cast<wchar_t*>(_calloc_dbg(_Count, sizeof(wchar_t), _CRT_BLOCK, __FILE__, __LINE__));
|
|
|
|
0004a 8b 05 00 00 00
|
|
00 mov eax, DWORD PTR ?__LINE__Var@?0??_Maklocwcs@std@@YAPEA_WPEB_W@Z@4JA
|
|
00050 83 c0 03 add eax, 3
|
|
00053 89 44 24 20 mov DWORD PTR [rsp+32], eax
|
|
00057 4c 8d 0d 00 00
|
|
00 00 lea r9, OFFSET FLAT:??_C@_0GI@LHMPPKJI@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@
|
|
0005e 41 b8 02 00 00
|
|
00 mov r8d, 2
|
|
00064 ba 02 00 00 00 mov edx, 2
|
|
00069 48 8b 4d 08 mov rcx, QWORD PTR _Count$[rbp]
|
|
0006d ff 15 00 00 00
|
|
00 call QWORD PTR __imp__calloc_dbg
|
|
00073 48 89 45 28 mov QWORD PTR _Ptrdest$[rbp], rax
|
|
|
|
; 94 :
|
|
; 95 : if (!_Ptrdest) {
|
|
|
|
00077 48 83 7d 28 00 cmp QWORD PTR _Ptrdest$[rbp], 0
|
|
0007c 75 05 jne SHORT $LN2@Maklocwcs
|
|
|
|
; 96 : _Xbad_alloc();
|
|
|
|
0007e e8 00 00 00 00 call ?_Xbad_alloc@std@@YAXXZ ; std::_Xbad_alloc
|
|
$LN2@Maklocwcs:
|
|
|
|
; 97 : }
|
|
; 98 :
|
|
; 99 : _CSTD wmemcpy(_Ptrdest, _Ptr, _Count);
|
|
|
|
00083 4c 8b 45 08 mov r8, QWORD PTR _Count$[rbp]
|
|
00087 48 8b 95 20 01
|
|
00 00 mov rdx, QWORD PTR _Ptr$[rbp]
|
|
0008e 48 8b 4d 28 mov rcx, QWORD PTR _Ptrdest$[rbp]
|
|
00092 e8 00 00 00 00 call wmemcpy
|
|
|
|
; 100 : return _Ptrdest;
|
|
|
|
00097 48 8b 45 28 mov rax, QWORD PTR _Ptrdest$[rbp]
|
|
$LN3@Maklocwcs:
|
|
|
|
; 101 : }
|
|
|
|
0009b 48 8d a5 08 01
|
|
00 00 lea rsp, QWORD PTR [rbp+264]
|
|
000a2 5f pop rdi
|
|
000a3 5d pop rbp
|
|
000a4 c3 ret 0
|
|
?_Maklocwcs@std@@YAPEA_WPEB_W@Z ENDP ; std::_Maklocwcs
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\include\xlocale
|
|
; COMDAT ??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z
|
|
_TEXT SEGMENT
|
|
_Count$ = 8
|
|
_Count1$ = 40
|
|
_Wchars$ = 72
|
|
_Ptr1$ = 104
|
|
_Bytes$ = 132
|
|
_Wc$ = 164
|
|
_Mbst1$ = 200
|
|
_Ptrdest$ = 232
|
|
_Ptrnext$ = 264
|
|
_Mbst2$ = 296
|
|
__$ArrayPad$ = 504
|
|
_Ptr$ = 544
|
|
__formal$ = 552
|
|
_Cvt$ = 560
|
|
??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z PROC ; std::_Maklocstr<wchar_t>, COMDAT
|
|
|
|
; 581 : inline wchar_t* __CRTDECL _Maklocstr(const char* _Ptr, wchar_t*, const _Locinfo::_Cvtvec& _Cvt) {
|
|
|
|
$LN12:
|
|
00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
0000f 55 push rbp
|
|
00010 57 push rdi
|
|
00011 48 81 ec 38 02
|
|
00 00 sub rsp, 568 ; 00000238H
|
|
00018 48 8d 6c 24 30 lea rbp, QWORD PTR [rsp+48]
|
|
0001d 48 8b fc mov rdi, rsp
|
|
00020 b9 8e 00 00 00 mov ecx, 142 ; 0000008eH
|
|
00025 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0002a f3 ab rep stosd
|
|
0002c 48 8b 8c 24 58
|
|
02 00 00 mov rcx, QWORD PTR [rsp+600]
|
|
00034 48 8b 05 00 00
|
|
00 00 mov rax, QWORD PTR __security_cookie
|
|
0003b 48 33 c5 xor rax, rbp
|
|
0003e 48 89 85 f8 01
|
|
00 00 mov QWORD PTR __$ArrayPad$[rbp], rax
|
|
00045 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__0E648B51_xlocale
|
|
0004c e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 582 : // convert C string to wchar_t sequence using _Cvtvec
|
|
; 583 : size_t _Count;
|
|
; 584 : size_t _Count1;
|
|
; 585 : size_t _Wchars;
|
|
; 586 : const char* _Ptr1;
|
|
; 587 : int _Bytes;
|
|
; 588 : wchar_t _Wc;
|
|
; 589 : mbstate_t _Mbst1 = {};
|
|
|
|
00051 48 8d 85 c8 00
|
|
00 00 lea rax, QWORD PTR _Mbst1$[rbp]
|
|
00058 48 8b f8 mov rdi, rax
|
|
0005b 33 c0 xor eax, eax
|
|
0005d b9 08 00 00 00 mov ecx, 8
|
|
00062 f3 aa rep stosb
|
|
|
|
; 590 :
|
|
; 591 : _Count1 = _CSTD strlen(_Ptr) + 1;
|
|
|
|
00064 48 8b 8d 20 02
|
|
00 00 mov rcx, QWORD PTR _Ptr$[rbp]
|
|
0006b e8 00 00 00 00 call strlen
|
|
00070 48 ff c0 inc rax
|
|
00073 48 89 45 28 mov QWORD PTR _Count1$[rbp], rax
|
|
|
|
; 592 : for (_Count = _Count1, _Wchars = 0, _Ptr1 = _Ptr; 0 < _Count; _Count -= _Bytes, _Ptr1 += _Bytes, ++_Wchars) {
|
|
|
|
00077 48 8b 45 28 mov rax, QWORD PTR _Count1$[rbp]
|
|
0007b 48 89 45 08 mov QWORD PTR _Count$[rbp], rax
|
|
0007f 48 c7 45 48 00
|
|
00 00 00 mov QWORD PTR _Wchars$[rbp], 0
|
|
00087 48 8b 85 20 02
|
|
00 00 mov rax, QWORD PTR _Ptr$[rbp]
|
|
0008e 48 89 45 68 mov QWORD PTR _Ptr1$[rbp], rax
|
|
00092 eb 35 jmp SHORT $LN4@Maklocstr
|
|
$LN2@Maklocstr:
|
|
00094 48 63 85 84 00
|
|
00 00 movsxd rax, DWORD PTR _Bytes$[rbp]
|
|
0009b 48 8b 4d 08 mov rcx, QWORD PTR _Count$[rbp]
|
|
0009f 48 2b c8 sub rcx, rax
|
|
000a2 48 8b c1 mov rax, rcx
|
|
000a5 48 89 45 08 mov QWORD PTR _Count$[rbp], rax
|
|
000a9 48 63 85 84 00
|
|
00 00 movsxd rax, DWORD PTR _Bytes$[rbp]
|
|
000b0 48 8b 4d 68 mov rcx, QWORD PTR _Ptr1$[rbp]
|
|
000b4 48 03 c8 add rcx, rax
|
|
000b7 48 8b c1 mov rax, rcx
|
|
000ba 48 89 45 68 mov QWORD PTR _Ptr1$[rbp], rax
|
|
000be 48 8b 45 48 mov rax, QWORD PTR _Wchars$[rbp]
|
|
000c2 48 ff c0 inc rax
|
|
000c5 48 89 45 48 mov QWORD PTR _Wchars$[rbp], rax
|
|
$LN4@Maklocstr:
|
|
000c9 48 83 7d 08 00 cmp QWORD PTR _Count$[rbp], 0
|
|
000ce 76 3a jbe SHORT $LN3@Maklocstr
|
|
|
|
; 593 : if ((_Bytes = _Mbrtowc(&_Wc, _Ptr1, _Count, &_Mbst1, &_Cvt)) <= 0) {
|
|
|
|
000d0 48 8b 85 30 02
|
|
00 00 mov rax, QWORD PTR _Cvt$[rbp]
|
|
000d7 48 89 44 24 20 mov QWORD PTR [rsp+32], rax
|
|
000dc 4c 8d 8d c8 00
|
|
00 00 lea r9, QWORD PTR _Mbst1$[rbp]
|
|
000e3 4c 8b 45 08 mov r8, QWORD PTR _Count$[rbp]
|
|
000e7 48 8b 55 68 mov rdx, QWORD PTR _Ptr1$[rbp]
|
|
000eb 48 8d 8d a4 00
|
|
00 00 lea rcx, QWORD PTR _Wc$[rbp]
|
|
000f2 e8 00 00 00 00 call _Mbrtowc
|
|
000f7 89 85 84 00 00
|
|
00 mov DWORD PTR _Bytes$[rbp], eax
|
|
000fd 83 bd 84 00 00
|
|
00 00 cmp DWORD PTR _Bytes$[rbp], 0
|
|
00104 7f 02 jg SHORT $LN8@Maklocstr
|
|
|
|
; 594 : break;
|
|
|
|
00106 eb 02 jmp SHORT $LN3@Maklocstr
|
|
$LN8@Maklocstr:
|
|
|
|
; 595 : }
|
|
; 596 : }
|
|
|
|
00108 eb 8a jmp SHORT $LN2@Maklocstr
|
|
$LN3@Maklocstr:
|
|
|
|
; 597 :
|
|
; 598 : ++_Wchars; // count terminating nul
|
|
|
|
0010a 48 8b 45 48 mov rax, QWORD PTR _Wchars$[rbp]
|
|
0010e 48 ff c0 inc rax
|
|
00111 48 89 45 48 mov QWORD PTR _Wchars$[rbp], rax
|
|
|
|
; 599 :
|
|
; 600 : wchar_t* _Ptrdest = static_cast<wchar_t*>(_calloc_dbg(_Wchars, sizeof(wchar_t), _CRT_BLOCK, __FILE__, __LINE__));
|
|
|
|
00115 c7 44 24 20 58
|
|
02 00 00 mov DWORD PTR [rsp+32], 600 ; 00000258H
|
|
0011d 4c 8d 0d 00 00
|
|
00 00 lea r9, OFFSET FLAT:??_C@_0GI@DEICPIDJ@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@
|
|
00124 41 b8 02 00 00
|
|
00 mov r8d, 2
|
|
0012a ba 02 00 00 00 mov edx, 2
|
|
0012f 48 8b 4d 48 mov rcx, QWORD PTR _Wchars$[rbp]
|
|
00133 ff 15 00 00 00
|
|
00 call QWORD PTR __imp__calloc_dbg
|
|
00139 48 89 85 e8 00
|
|
00 00 mov QWORD PTR _Ptrdest$[rbp], rax
|
|
|
|
; 601 :
|
|
; 602 : if (!_Ptrdest) {
|
|
|
|
00140 48 83 bd e8 00
|
|
00 00 00 cmp QWORD PTR _Ptrdest$[rbp], 0
|
|
00148 75 05 jne SHORT $LN9@Maklocstr
|
|
|
|
; 603 : _Xbad_alloc();
|
|
|
|
0014a e8 00 00 00 00 call ?_Xbad_alloc@std@@YAXXZ ; std::_Xbad_alloc
|
|
$LN9@Maklocstr:
|
|
|
|
; 604 : }
|
|
; 605 :
|
|
; 606 : wchar_t* _Ptrnext = _Ptrdest;
|
|
|
|
0014f 48 8b 85 e8 00
|
|
00 00 mov rax, QWORD PTR _Ptrdest$[rbp]
|
|
00156 48 89 85 08 01
|
|
00 00 mov QWORD PTR _Ptrnext$[rbp], rax
|
|
|
|
; 607 : mbstate_t _Mbst2 = {};
|
|
|
|
0015d 48 8d 85 28 01
|
|
00 00 lea rax, QWORD PTR _Mbst2$[rbp]
|
|
00164 48 8b f8 mov rdi, rax
|
|
00167 33 c0 xor eax, eax
|
|
00169 b9 08 00 00 00 mov ecx, 8
|
|
0016e f3 aa rep stosb
|
|
|
|
; 608 :
|
|
; 609 : for (; 0 < _Wchars; _Count -= _Bytes, _Ptr += _Bytes, --_Wchars, ++_Ptrnext) {
|
|
|
|
00170 eb 4d jmp SHORT $LN7@Maklocstr
|
|
$LN5@Maklocstr:
|
|
00172 48 63 85 84 00
|
|
00 00 movsxd rax, DWORD PTR _Bytes$[rbp]
|
|
00179 48 8b 4d 08 mov rcx, QWORD PTR _Count$[rbp]
|
|
0017d 48 2b c8 sub rcx, rax
|
|
00180 48 8b c1 mov rax, rcx
|
|
00183 48 89 45 08 mov QWORD PTR _Count$[rbp], rax
|
|
00187 48 63 85 84 00
|
|
00 00 movsxd rax, DWORD PTR _Bytes$[rbp]
|
|
0018e 48 8b 8d 20 02
|
|
00 00 mov rcx, QWORD PTR _Ptr$[rbp]
|
|
00195 48 03 c8 add rcx, rax
|
|
00198 48 8b c1 mov rax, rcx
|
|
0019b 48 89 85 20 02
|
|
00 00 mov QWORD PTR _Ptr$[rbp], rax
|
|
001a2 48 8b 45 48 mov rax, QWORD PTR _Wchars$[rbp]
|
|
001a6 48 ff c8 dec rax
|
|
001a9 48 89 45 48 mov QWORD PTR _Wchars$[rbp], rax
|
|
001ad 48 8b 85 08 01
|
|
00 00 mov rax, QWORD PTR _Ptrnext$[rbp]
|
|
001b4 48 83 c0 02 add rax, 2
|
|
001b8 48 89 85 08 01
|
|
00 00 mov QWORD PTR _Ptrnext$[rbp], rax
|
|
$LN7@Maklocstr:
|
|
001bf 48 83 7d 48 00 cmp QWORD PTR _Wchars$[rbp], 0
|
|
001c4 76 40 jbe SHORT $LN6@Maklocstr
|
|
|
|
; 610 : if ((_Bytes = _Mbrtowc(_Ptrnext, _Ptr, _Count1, &_Mbst2, &_Cvt)) <= 0) {
|
|
|
|
001c6 48 8b 85 30 02
|
|
00 00 mov rax, QWORD PTR _Cvt$[rbp]
|
|
001cd 48 89 44 24 20 mov QWORD PTR [rsp+32], rax
|
|
001d2 4c 8d 8d 28 01
|
|
00 00 lea r9, QWORD PTR _Mbst2$[rbp]
|
|
001d9 4c 8b 45 28 mov r8, QWORD PTR _Count1$[rbp]
|
|
001dd 48 8b 95 20 02
|
|
00 00 mov rdx, QWORD PTR _Ptr$[rbp]
|
|
001e4 48 8b 8d 08 01
|
|
00 00 mov rcx, QWORD PTR _Ptrnext$[rbp]
|
|
001eb e8 00 00 00 00 call _Mbrtowc
|
|
001f0 89 85 84 00 00
|
|
00 mov DWORD PTR _Bytes$[rbp], eax
|
|
001f6 83 bd 84 00 00
|
|
00 00 cmp DWORD PTR _Bytes$[rbp], 0
|
|
001fd 7f 02 jg SHORT $LN10@Maklocstr
|
|
|
|
; 611 : break;
|
|
|
|
001ff eb 05 jmp SHORT $LN6@Maklocstr
|
|
$LN10@Maklocstr:
|
|
|
|
; 612 : }
|
|
; 613 : }
|
|
|
|
00201 e9 6c ff ff ff jmp $LN5@Maklocstr
|
|
$LN6@Maklocstr:
|
|
|
|
; 614 :
|
|
; 615 : *_Ptrnext = L'\0';
|
|
|
|
00206 33 c0 xor eax, eax
|
|
00208 48 8b 8d 08 01
|
|
00 00 mov rcx, QWORD PTR _Ptrnext$[rbp]
|
|
0020f 66 89 01 mov WORD PTR [rcx], ax
|
|
|
|
; 616 :
|
|
; 617 : return _Ptrdest;
|
|
|
|
00212 48 8b 85 e8 00
|
|
00 00 mov rax, QWORD PTR _Ptrdest$[rbp]
|
|
$LN11@Maklocstr:
|
|
|
|
; 618 : }
|
|
|
|
00219 48 8b f8 mov rdi, rax
|
|
0021c 48 8d 4d d0 lea rcx, QWORD PTR [rbp-48]
|
|
00220 48 8d 15 00 00
|
|
00 00 lea rdx, OFFSET FLAT:??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z$rtcFrameData
|
|
00227 e8 00 00 00 00 call _RTC_CheckStackVars
|
|
0022c 48 8b c7 mov rax, rdi
|
|
0022f 48 8b 8d f8 01
|
|
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
|
|
00236 48 33 cd xor rcx, rbp
|
|
00239 e8 00 00 00 00 call __security_check_cookie
|
|
0023e 48 8d a5 08 02
|
|
00 00 lea rsp, QWORD PTR [rbp+520]
|
|
00245 5f pop rdi
|
|
00246 5d pop rbp
|
|
00247 c3 ret 0
|
|
??$_Maklocstr@_W@std@@YAPEA_WPEBDPEA_WAEBU_Cvtvec@@@Z ENDP ; std::_Maklocstr<wchar_t>
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\ucrt\wchar.h
|
|
; COMDAT wmemcpy
|
|
_TEXT SEGMENT
|
|
_S1$ = 224
|
|
_S2$ = 232
|
|
_N$ = 240
|
|
wmemcpy PROC ; COMDAT
|
|
|
|
; 234 : {
|
|
|
|
$LN3:
|
|
00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
0000f 55 push rbp
|
|
00010 57 push rdi
|
|
00011 48 81 ec e8 00
|
|
00 00 sub rsp, 232 ; 000000e8H
|
|
00018 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
0001d 48 8b fc mov rdi, rsp
|
|
00020 b9 3a 00 00 00 mov ecx, 58 ; 0000003aH
|
|
00025 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0002a f3 ab rep stosd
|
|
0002c 48 8b 8c 24 08
|
|
01 00 00 mov rcx, QWORD PTR [rsp+264]
|
|
00034 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__93DC0B45_wchar@h
|
|
0003b e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
|
|
; 235 : #pragma warning(suppress: 6386) // Buffer overrun
|
|
; 236 : return (wchar_t*)memcpy(_S1, _S2, _N*sizeof(wchar_t));
|
|
|
|
00040 48 8b 85 f0 00
|
|
00 00 mov rax, QWORD PTR _N$[rbp]
|
|
00047 48 d1 e0 shl rax, 1
|
|
0004a 4c 8b c0 mov r8, rax
|
|
0004d 48 8b 95 e8 00
|
|
00 00 mov rdx, QWORD PTR _S2$[rbp]
|
|
00054 48 8b 8d e0 00
|
|
00 00 mov rcx, QWORD PTR _S1$[rbp]
|
|
0005b e8 00 00 00 00 call memcpy
|
|
|
|
; 237 : }
|
|
|
|
00060 48 8d a5 c8 00
|
|
00 00 lea rsp, QWORD PTR [rbp+200]
|
|
00067 5f pop rdi
|
|
00068 5d pop rbp
|
|
00069 c3 ret 0
|
|
wmemcpy ENDP
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\OpaqueBranching.cpp
|
|
; COMDAT ?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z
|
|
_TEXT SEGMENT
|
|
__formal$ = 224
|
|
__formal$ = 232
|
|
__formal$ = 240
|
|
?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z PROC ; __empty_global_delete, COMDAT
|
|
|
|
$LN3:
|
|
00000 4c 89 44 24 18 mov QWORD PTR [rsp+24], r8
|
|
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
0000a 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
0000f 55 push rbp
|
|
00010 57 push rdi
|
|
00011 48 81 ec e8 00
|
|
00 00 sub rsp, 232 ; 000000e8H
|
|
00018 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
0001d 48 8b fc mov rdi, rsp
|
|
00020 b9 3a 00 00 00 mov ecx, 58 ; 0000003aH
|
|
00025 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
0002a f3 ab rep stosd
|
|
0002c 48 8b 8c 24 08
|
|
01 00 00 mov rcx, QWORD PTR [rsp+264]
|
|
00034 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
|
|
0003b e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
00040 90 npad 1
|
|
00041 48 8d a5 c8 00
|
|
00 00 lea rsp, QWORD PTR [rbp+200]
|
|
00048 5f pop rdi
|
|
00049 5d pop rbp
|
|
0004a c3 ret 0
|
|
?__empty_global_delete@@YAXPEAX_KW4align_val_t@std@@@Z ENDP ; __empty_global_delete
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\OpaqueBranching.cpp
|
|
; COMDAT ?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z
|
|
_TEXT SEGMENT
|
|
__formal$ = 224
|
|
__formal$ = 232
|
|
?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z PROC ; __empty_global_delete, COMDAT
|
|
|
|
$LN3:
|
|
00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
0000a 55 push rbp
|
|
0000b 57 push rdi
|
|
0000c 48 81 ec e8 00
|
|
00 00 sub rsp, 232 ; 000000e8H
|
|
00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
00018 48 8b fc mov rdi, rsp
|
|
0001b b9 3a 00 00 00 mov ecx, 58 ; 0000003aH
|
|
00020 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
00025 f3 ab rep stosd
|
|
00027 48 8b 8c 24 08
|
|
01 00 00 mov rcx, QWORD PTR [rsp+264]
|
|
0002f 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
|
|
00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
0003b 90 npad 1
|
|
0003c 48 8d a5 c8 00
|
|
00 00 lea rsp, QWORD PTR [rbp+200]
|
|
00043 5f pop rdi
|
|
00044 5d pop rbp
|
|
00045 c3 ret 0
|
|
?__empty_global_delete@@YAXPEAXW4align_val_t@std@@@Z ENDP ; __empty_global_delete
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\OpaqueBranching.cpp
|
|
; COMDAT ?__empty_global_delete@@YAXPEAX_K@Z
|
|
_TEXT SEGMENT
|
|
__formal$ = 224
|
|
__formal$ = 232
|
|
?__empty_global_delete@@YAXPEAX_K@Z PROC ; __empty_global_delete, COMDAT
|
|
|
|
$LN3:
|
|
00000 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
|
|
00005 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
0000a 55 push rbp
|
|
0000b 57 push rdi
|
|
0000c 48 81 ec e8 00
|
|
00 00 sub rsp, 232 ; 000000e8H
|
|
00013 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
00018 48 8b fc mov rdi, rsp
|
|
0001b b9 3a 00 00 00 mov ecx, 58 ; 0000003aH
|
|
00020 b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
00025 f3 ab rep stosd
|
|
00027 48 8b 8c 24 08
|
|
01 00 00 mov rcx, QWORD PTR [rsp+264]
|
|
0002f 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
|
|
00036 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
0003b 90 npad 1
|
|
0003c 48 8d a5 c8 00
|
|
00 00 lea rsp, QWORD PTR [rbp+200]
|
|
00043 5f pop rdi
|
|
00044 5d pop rbp
|
|
00045 c3 ret 0
|
|
?__empty_global_delete@@YAXPEAX_K@Z ENDP ; __empty_global_delete
|
|
_TEXT ENDS
|
|
; Function compile flags: /Odtp /RTCsu /ZI
|
|
; File C:\$Fanta\code-virtualizer\CodeVirtualizer\OpaqueBranching.cpp
|
|
; COMDAT ?__empty_global_delete@@YAXPEAX@Z
|
|
_TEXT SEGMENT
|
|
__formal$ = 224
|
|
?__empty_global_delete@@YAXPEAX@Z PROC ; __empty_global_delete, COMDAT
|
|
|
|
$LN3:
|
|
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
|
|
00005 55 push rbp
|
|
00006 57 push rdi
|
|
00007 48 81 ec e8 00
|
|
00 00 sub rsp, 232 ; 000000e8H
|
|
0000e 48 8d 6c 24 20 lea rbp, QWORD PTR [rsp+32]
|
|
00013 48 8b fc mov rdi, rsp
|
|
00016 b9 3a 00 00 00 mov ecx, 58 ; 0000003aH
|
|
0001b b8 cc cc cc cc mov eax, -858993460 ; ccccccccH
|
|
00020 f3 ab rep stosd
|
|
00022 48 8b 8c 24 08
|
|
01 00 00 mov rcx, QWORD PTR [rsp+264]
|
|
0002a 48 8d 0d 00 00
|
|
00 00 lea rcx, OFFSET FLAT:__BCD1AF07_OpaqueBranching@cpp
|
|
00031 e8 00 00 00 00 call __CheckForDebuggerJustMyCode
|
|
00036 90 npad 1
|
|
00037 48 8d a5 c8 00
|
|
00 00 lea rsp, QWORD PTR [rbp+200]
|
|
0003e 5f pop rdi
|
|
0003f 5d pop rbp
|
|
00040 c3 ret 0
|
|
?__empty_global_delete@@YAXPEAX@Z ENDP ; __empty_global_delete
|
|
_TEXT ENDS
|
|
END
|