From 151c98d45967852a355bee1d3106711fdfa992ca Mon Sep 17 00:00:00 2001
From: xerox <xerox@back.engineering>
Date: Thu, 1 Oct 2020 13:34:02 -0700
Subject: [PATCH] hyper-v hook for win10-2004 amd working!

---
 Voyager-2/PayLoad/PayLoad.vcxproj         |   4 +-
 Voyager-2/PayLoad/types.h                 |   4 +-
 Voyager-2/PayLoad/vmexit_handler.cpp      |  40 +++---
 Voyager-2/Voyager-2 (2004-1709)/Hvax64.c  |   6 +-
 Voyager-2/Voyager-2 (2004-1709)/Hvax64.h  |   7 +-
 Voyager-2/Voyager-2 (2004-1709)/PayLoad.c | 146 ++++++++--------------
 6 files changed, 76 insertions(+), 131 deletions(-)

diff --git a/Voyager-2/PayLoad/PayLoad.vcxproj b/Voyager-2/PayLoad/PayLoad.vcxproj
index 4496385..ce42402 100644
--- a/Voyager-2/PayLoad/PayLoad.vcxproj
+++ b/Voyager-2/PayLoad/PayLoad.vcxproj
@@ -153,7 +153,7 @@
       <TreatWarningAsError>false</TreatWarningAsError>
     </ClCompile>
     <Link>
-      <EntryPointSymbol>vcpu_run</EntryPointSymbol>
+      <EntryPointSymbol>vmexit_handler</EntryPointSymbol>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -164,7 +164,7 @@
       <TreatWarningAsError>false</TreatWarningAsError>
     </ClCompile>
     <Link>
-      <EntryPointSymbol>vcpu_run</EntryPointSymbol>
+      <EntryPointSymbol>vmexit_handler</EntryPointSymbol>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
diff --git a/Voyager-2/PayLoad/types.h b/Voyager-2/PayLoad/types.h
index 124439f..1659148 100644
--- a/Voyager-2/PayLoad/types.h
+++ b/Voyager-2/PayLoad/types.h
@@ -5,7 +5,7 @@
 #include <ntstatus.h>
 #include <basetsd.h>
 #define PORT_NUM 0x2F8
-
+#define VMEXIT_KEY 0xDEADBEEFDEADBEEF
 #define DBG_PRINT(arg) \
 	__outbytestring(PORT_NUM, (unsigned char*)arg, sizeof arg);
 
@@ -359,7 +359,7 @@ namespace svm
 		u64 lastexcepto;                 // +0x290
 	} vmcb, *pvmcb;
 
-	using vcpu_run_t = pgs_base_struct (__fastcall*)(guest_context*);
+	using vcpu_run_t = pgs_base_struct (__fastcall*)(void*, guest_context*);
 	#pragma pack(push, 1)
 	typedef struct _voyager_t
 	{
diff --git a/Voyager-2/PayLoad/vmexit_handler.cpp b/Voyager-2/PayLoad/vmexit_handler.cpp
index 48b6ec1..2f43d55 100644
--- a/Voyager-2/PayLoad/vmexit_handler.cpp
+++ b/Voyager-2/PayLoad/vmexit_handler.cpp
@@ -1,33 +1,21 @@
 #include "types.h"
 
-#define VMEXIT_KEY 0xDEADBEEFDEADBEEF
-svm::pgs_base_struct vcpu_run(svm::pguest_context context)
+svm::pgs_base_struct vmexit_handler(void* unknown, svm::pguest_context context)
 {
-	while (1)
-	{
-		DBG_PRINT("before vcpu_run\n");
-		__svm_clgi();
-		svm::pgs_base_struct result = 
-			reinterpret_cast<svm::vcpu_run_t>(
-				reinterpret_cast<uintptr_t>(&vcpu_run) -
-					svm::voyager_context.vcpu_run_rva)(context);
-		__svm_stgi();
-		DBG_PRINT("after vcpu_run\n");
-
-		// gs:0 + 0x103B0 ] + 0x198 ] + 0xE80 ] = pointer to vmcb...
-		auto vmcb = *reinterpret_cast<svm::pvmcb*>(
+	// gs:0 + 0x103B0 ] + 0x198 ] + 0xE80 ] = pointer to vmcb...
+	const auto vmcb = *reinterpret_cast<svm::pvmcb*>(
+		*reinterpret_cast<uintptr_t*>(
 			*reinterpret_cast<uintptr_t*>(
-				*reinterpret_cast<uintptr_t*>(
-					__readgsqword(0) + 0x103B0) + 0x198) + 0xE80);
-
-		if (vmcb->exitcode == VMEXIT_CPUID && context->rcx == VMEXIT_KEY)
-		{
-			vmcb->rax = 0xC0FFEE;
-			vmcb->rip = vmcb->nrip;
-			continue;
-		}
+				__readgsqword(0) + 0x103B0) + 0x198) + 0xE80);
 
-		// else return result...
-		return result;
+	if (vmcb->exitcode == VMEXIT_CPUID && context->rcx == VMEXIT_KEY)
+	{
+		vmcb->rax = 0xC0FFEE;
+		vmcb->rip = vmcb->nrip;
+		return reinterpret_cast<svm::pgs_base_struct>(__readgsqword(0));
 	}
+
+	return reinterpret_cast<svm::vcpu_run_t>(
+		reinterpret_cast<uintptr_t>(&vmexit_handler) -
+			svm::voyager_context.vcpu_run_rva)(unknown, context);
 }
\ No newline at end of file
diff --git a/Voyager-2/Voyager-2 (2004-1709)/Hvax64.c b/Voyager-2/Voyager-2 (2004-1709)/Hvax64.c
index b06f0b5..c243131 100644
--- a/Voyager-2/Voyager-2 (2004-1709)/Hvax64.c	
+++ b/Voyager-2/Voyager-2 (2004-1709)/Hvax64.c	
@@ -115,6 +115,7 @@ VOID MakeVoyagerData
 	UINT64 VCpuRunFunction = VCpuRunCallRip + *(INT32*)((UINT64)VCpuRunCall + 1); // + 1 to skip E8 (call) and read 4 bytes (RVA)
 	VoyagerData->VCpuRunHandlerRVA = ((UINT64)PayLoadEntry(PayLoadBase)) - VCpuRunFunction;
 
+	DBG_PRINT("VCpuRunCall -> 0x%p\n", VCpuRunCall);
 	DBG_PRINT("VCpuRunCallRip -> 0x%p\n", VCpuRunCallRip);
 	DBG_PRINT("VCpuRunFunction -> 0x%p\n", VCpuRunFunction);
 	DBG_PRINT("VoyagerData->VCpuRunHandlerRVA -> 0x%p\n", VoyagerData->VCpuRunHandlerRVA);
@@ -130,11 +131,12 @@ VOID* HookVCpuRun(VOID* HypervBase, VOID* HypervSize, VOID* VCpuRunHook)
 			VCPU_RUN_HANDLER_MASK
 		);
 
-	UINT64 VCpuRunCallRip = (UINT64)VCpuRunCall + 5; // + 5 bytes to next instructions address...
-	UINT64 VCpuRunFunction = VCpuRunCallRip + *(INT32*)((UINT64)VCpuRunCall + 1); // + 1 to skip E8 (call) and read 4 bytes (RVA)
+	UINT64 VCpuRunCallRip = ((UINT64)VCpuRunCall) + 5; // + 5 bytes to next instructions address...
+	UINT64 VCpuRunFunction = VCpuRunCallRip + *(INT32*)(((UINT64)VCpuRunCall) + 1); // + 1 to skip E8 (call) and read 4 bytes (RVA)
 	INT32 NewVCpuRunRVA = ((INT64)VCpuRunHook) - VCpuRunCallRip;
 	*(INT32*)((UINT64)VCpuRunCall + 1) = NewVCpuRunRVA;
 
+	DBG_PRINT("VCpuRunCall -> 0x%p\n", VCpuRunCall);
 	DBG_PRINT("VCpuRunCallRip -> 0x%p\n", VCpuRunCallRip);
 	DBG_PRINT("VCpuRunFunction -> 0x%p\n", VCpuRunFunction);
 	DBG_PRINT("NewVCpuRunRVA -> 0x%p\n", NewVCpuRunRVA);
diff --git a/Voyager-2/Voyager-2 (2004-1709)/Hvax64.h b/Voyager-2/Voyager-2 (2004-1709)/Hvax64.h
index 6d4a97c..e129c34 100644
--- a/Voyager-2/Voyager-2 (2004-1709)/Hvax64.h	
+++ b/Voyager-2/Voyager-2 (2004-1709)/Hvax64.h	
@@ -1,11 +1,8 @@
 #pragma once
 #include "PayLoad.h"
 
-#if WINVER == 2004
-#define VCPU_RUN_HANDLER_SIG "\xE8\x00\x00\x00\x00\x0F\x01\xDC"
-#define VCPU_RUN_HANDLER_MASK "x????xxx"
-#endif
-
+#define VCPU_RUN_HANDLER_SIG "\xE8\x00\x00\x00\x00\x48\x89\x04\x24\xE9"
+#define VCPU_RUN_HANDLER_MASK "x????xxxxx"
 static_assert(sizeof(VCPU_RUN_HANDLER_SIG) == sizeof(VCPU_RUN_HANDLER_MASK), "signature does not match mask size!");
 
 //
diff --git a/Voyager-2/Voyager-2 (2004-1709)/PayLoad.c b/Voyager-2/Voyager-2 (2004-1709)/PayLoad.c
index b2bdcd8..504ab5d 100644
--- a/Voyager-2/Voyager-2 (2004-1709)/PayLoad.c	
+++ b/Voyager-2/Voyager-2 (2004-1709)/PayLoad.c	
@@ -43,21 +43,21 @@ unsigned char PayLoad[3072] =
 	0xDC, 0xAF, 0x5A, 0x8F, 0x6A, 0xDE, 0x5F, 0x8E, 0xDC, 0xAF, 0x5F, 0x8F,
 	0x6A, 0xDE, 0x5F, 0x8E, 0xDC, 0xAF, 0x5D, 0x8F, 0x6A, 0xDE, 0x5F, 0x8E,
 	0x52, 0x69, 0x63, 0x68, 0x6B, 0xDE, 0x5F, 0x8E, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x50, 0x45, 0x00, 0x00, 0x64, 0x86, 0x05, 0x00,
-	0x91, 0x48, 0x75, 0x5F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x50, 0x45, 0x00, 0x00, 0x64, 0x86, 0x04, 0x00,
+	0x09, 0x30, 0x76, 0x5F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0xF0, 0x00, 0x22, 0x20, 0x0B, 0x02, 0x0E, 0x1B, 0x00, 0x02, 0x00, 0x00,
-	0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00,
+	0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00,
 	0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x00,
 	0x00, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00,
 	0x0A, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x60, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0xD4, 0x9E, 0x00, 0x00,
+	0x00, 0x50, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0xBD, 0xEB, 0x00, 0x00,
 	0x01, 0x00, 0x60, 0x01, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00,
 	0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00,
-	0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00,
 	0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -66,24 +66,19 @@ unsigned char PayLoad[3072] =
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x2E, 0x74, 0x65, 0x78, 0x74, 0x00, 0x00, 0x00,
-	0x50, 0x01, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
+	0x69, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
 	0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x68, 0x2E, 0x72, 0x64, 0x61,
-	0x74, 0x61, 0x00, 0x00, 0x34, 0x01, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00,
+	0x74, 0x61, 0x00, 0x00, 0xF4, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00,
 	0x00, 0x02, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x48,
 	0x2E, 0x64, 0x61, 0x74, 0x61, 0x00, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00,
 	0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x40, 0x00, 0x00, 0xC8, 0x2E, 0x70, 0x64, 0x61, 0x74, 0x61, 0x00, 0x00,
-	0x0C, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
+	0x40, 0x00, 0x00, 0xC8, 0x2E, 0x65, 0x64, 0x61, 0x74, 0x61, 0x00, 0x00,
+	0x65, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
 	0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x48, 0x2E, 0x65, 0x64, 0x61,
-	0x74, 0x61, 0x00, 0x00, 0x65, 0x00, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00,
-	0x00, 0x02, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x40,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -113,40 +108,21 @@ unsigned char PayLoad[3072] =
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0x5C, 0x24, 0x08, 0x56, 0x48, 0x83,
-	0xEC, 0x20, 0x48, 0x8B, 0xD9, 0x48, 0x8D, 0x35, 0x0C, 0x01, 0x00, 0x00,
-	0xB9, 0x11, 0x00, 0x00, 0x00, 0xBA, 0xF8, 0x02, 0x00, 0x00, 0xF3, 0x6E,
-	0x0F, 0x01, 0xDD, 0x48, 0x8D, 0x05, 0xD6, 0xFF, 0xFF, 0xFF, 0x48, 0x8B,
-	0xCB, 0x48, 0x2B, 0x05, 0xCC, 0x1F, 0x00, 0x00, 0xFF, 0xD0, 0x4C, 0x8B,
-	0xC0, 0x0F, 0x01, 0xDC, 0xBA, 0xF8, 0x02, 0x00, 0x00, 0x48, 0x8D, 0x35,
-	0xF8, 0x00, 0x00, 0x00, 0xB9, 0x10, 0x00, 0x00, 0x00, 0xF3, 0x6E, 0x65,
-	0x48, 0x8B, 0x14, 0x25, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8B, 0x8A, 0xB0,
-	0x03, 0x01, 0x00, 0x48, 0x8B, 0x91, 0x98, 0x01, 0x00, 0x00, 0x48, 0x8B,
-	0x8A, 0x80, 0x0E, 0x00, 0x00, 0xE9, 0x8D, 0x00, 0x00, 0x00, 0x48, 0xB8,
-	0xEF, 0xBE, 0xAD, 0xDE, 0xEF, 0xBE, 0xAD, 0xDE, 0x48, 0x39, 0x43, 0x08,
-	0x0F, 0x85, 0x84, 0x00, 0x00, 0x00, 0x48, 0x8B, 0x81, 0xC8, 0x00, 0x00,
-	0x00, 0x48, 0x8D, 0x35, 0x8C, 0x00, 0x00, 0x00, 0x48, 0x89, 0x81, 0x78,
-	0x05, 0x00, 0x00, 0xBA, 0xF8, 0x02, 0x00, 0x00, 0x48, 0xC7, 0x81, 0xF8,
-	0x05, 0x00, 0x00, 0xEE, 0xFF, 0xC0, 0x00, 0xB9, 0x11, 0x00, 0x00, 0x00,
-	0xF3, 0x6E, 0x0F, 0x01, 0xDD, 0x48, 0x8D, 0x05, 0x44, 0xFF, 0xFF, 0xFF,
-	0x48, 0x8B, 0xCB, 0x48, 0x2B, 0x05, 0x3A, 0x1F, 0x00, 0x00, 0xFF, 0xD0,
-	0x4C, 0x8B, 0xC0, 0x0F, 0x01, 0xDC, 0xBA, 0xF8, 0x02, 0x00, 0x00, 0x48,
-	0x8D, 0x35, 0x66, 0x00, 0x00, 0x00, 0xB9, 0x10, 0x00, 0x00, 0x00, 0xF3,
-	0x6E, 0x65, 0x48, 0x8B, 0x04, 0x25, 0x00, 0x00, 0x00, 0x00, 0x48, 0x8B,
-	0x88, 0xB0, 0x03, 0x01, 0x00, 0x48, 0x8B, 0x81, 0x98, 0x01, 0x00, 0x00,
-	0x48, 0x8B, 0x88, 0x80, 0x0E, 0x00, 0x00, 0x48, 0x83, 0x79, 0x70, 0x72,
-	0x0F, 0x84, 0x68, 0xFF, 0xFF, 0xFF, 0x48, 0x8B, 0x5C, 0x24, 0x30, 0x49,
-	0x8B, 0xC0, 0x48, 0x83, 0xC4, 0x20, 0x5E, 0xC3, 0xCC, 0xCC, 0xCC, 0xCC,
-	0xCC, 0xCC, 0xCC, 0xCC, 0x62, 0x65, 0x66, 0x6F, 0x72, 0x65, 0x20, 0x76,
-	0x63, 0x70, 0x75, 0x5F, 0x72, 0x75, 0x6E, 0x0A, 0x00, 0xCC, 0xCC, 0xCC,
-	0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
-	0x61, 0x66, 0x74, 0x65, 0x72, 0x20, 0x76, 0x63, 0x70, 0x75, 0x5F, 0x72,
-	0x75, 0x6E, 0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x65, 0x48, 0x8B, 0x04, 0x25, 0x00, 0x00, 0x00,
+	0x00, 0x4C, 0x8B, 0x80, 0xB0, 0x03, 0x01, 0x00, 0x49, 0x8B, 0x80, 0x98,
+	0x01, 0x00, 0x00, 0x4C, 0x8B, 0x80, 0x80, 0x0E, 0x00, 0x00, 0x49, 0x83,
+	0x78, 0x70, 0x72, 0x75, 0x33, 0x48, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xEF,
+	0xBE, 0xAD, 0xDE, 0x48, 0x39, 0x42, 0x08, 0x75, 0x23, 0x49, 0x8B, 0x80,
+	0xC8, 0x00, 0x00, 0x00, 0x49, 0x89, 0x80, 0x78, 0x05, 0x00, 0x00, 0x49,
+	0xC7, 0x80, 0xF8, 0x05, 0x00, 0x00, 0xEE, 0xFF, 0xC0, 0x00, 0x65, 0x48,
+	0x8B, 0x04, 0x25, 0x00, 0x00, 0x00, 0x00, 0xC3, 0x48, 0x8D, 0x05, 0xA1,
+	0xFF, 0xFF, 0xFF, 0x48, 0x2B, 0x05, 0x9A, 0x1F, 0x00, 0x00, 0x48, 0xFF,
+	0xE0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -156,35 +132,6 @@ unsigned char PayLoad[3072] =
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x91, 0x48, 0x75, 0x5F, 0x00, 0x00, 0x00, 0x00,
-	0x02, 0x00, 0x00, 0x00, 0x59, 0x00, 0x00, 0x00, 0x38, 0x20, 0x00, 0x00,
-	0x38, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x91, 0x48, 0x75, 0x5F,
-	0x00, 0x00, 0x00, 0x00, 0x0D, 0x00, 0x00, 0x00, 0x90, 0x00, 0x00, 0x00,
-	0x94, 0x20, 0x00, 0x00, 0x94, 0x06, 0x00, 0x00, 0x52, 0x53, 0x44, 0x53,
-	0xCE, 0x74, 0x7C, 0x88, 0x8C, 0xD6, 0x6B, 0x49, 0x87, 0x35, 0x71, 0x34,
-	0xAF, 0x3B, 0x11, 0xC5, 0x01, 0x00, 0x00, 0x00, 0x43, 0x3A, 0x5C, 0x55,
-	0x73, 0x65, 0x72, 0x73, 0x5C, 0x78, 0x65, 0x72, 0x6F, 0x78, 0x5C, 0x44,
-	0x65, 0x73, 0x6B, 0x74, 0x6F, 0x70, 0x5C, 0x76, 0x6F, 0x79, 0x61, 0x67,
-	0x65, 0x72, 0x5C, 0x56, 0x6F, 0x79, 0x61, 0x67, 0x65, 0x72, 0x2D, 0x32,
-	0x5C, 0x78, 0x36, 0x34, 0x5C, 0x52, 0x65, 0x6C, 0x65, 0x61, 0x73, 0x65,
-	0x5C, 0x50, 0x61, 0x79, 0x4C, 0x6F, 0x61, 0x64, 0x2E, 0x70, 0x64, 0x62,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00,
-	0x20, 0x01, 0x00, 0x00, 0x2E, 0x74, 0x65, 0x78, 0x74, 0x24, 0x6D, 0x6E,
-	0x00, 0x00, 0x00, 0x00, 0x20, 0x11, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00,
-	0x2E, 0x74, 0x65, 0x78, 0x74, 0x24, 0x73, 0x00, 0x00, 0x20, 0x00, 0x00,
-	0x38, 0x00, 0x00, 0x00, 0x2E, 0x72, 0x64, 0x61, 0x74, 0x61, 0x00, 0x00,
-	0x38, 0x20, 0x00, 0x00, 0xEC, 0x00, 0x00, 0x00, 0x2E, 0x72, 0x64, 0x61,
-	0x74, 0x61, 0x24, 0x7A, 0x7A, 0x7A, 0x64, 0x62, 0x67, 0x00, 0x00, 0x00,
-	0x24, 0x21, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x2E, 0x78, 0x64, 0x61,
-	0x74, 0x61, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00,
-	0x2E, 0x62, 0x73, 0x73, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00,
-	0x0C, 0x00, 0x00, 0x00, 0x2E, 0x70, 0x64, 0x61, 0x74, 0x61, 0x00, 0x00,
-	0x00, 0x50, 0x00, 0x00, 0x65, 0x00, 0x00, 0x00, 0x2E, 0x65, 0x64, 0x61,
-	0x74, 0x61, 0x00, 0x00, 0x02, 0x0A, 0x06, 0x00, 0x02, 0x16, 0x00, 0x06,
-	0x0A, 0x34, 0x06, 0x00, 0x0A, 0x32, 0x06, 0x60, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -198,15 +145,6 @@ unsigned char PayLoad[3072] =
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00,
-	0x18, 0x11, 0x00, 0x00, 0x24, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -218,6 +156,27 @@ unsigned char PayLoad[3072] =
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x09, 0x30, 0x76, 0x5F, 0x00, 0x00, 0x00, 0x00,
+	0x02, 0x00, 0x00, 0x00, 0x59, 0x00, 0x00, 0x00, 0x38, 0x20, 0x00, 0x00,
+	0x38, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x30, 0x76, 0x5F,
+	0x00, 0x00, 0x00, 0x00, 0x0D, 0x00, 0x00, 0x00, 0x60, 0x00, 0x00, 0x00,
+	0x94, 0x20, 0x00, 0x00, 0x94, 0x06, 0x00, 0x00, 0x52, 0x53, 0x44, 0x53,
+	0x51, 0x03, 0x11, 0xDB, 0xF4, 0x60, 0xA2, 0x45, 0xAB, 0x86, 0x08, 0xEA,
+	0xF0, 0xD5, 0x9A, 0x0A, 0x03, 0x00, 0x00, 0x00, 0x43, 0x3A, 0x5C, 0x55,
+	0x73, 0x65, 0x72, 0x73, 0x5C, 0x78, 0x65, 0x72, 0x6F, 0x78, 0x5C, 0x44,
+	0x65, 0x73, 0x6B, 0x74, 0x6F, 0x70, 0x5C, 0x76, 0x6F, 0x79, 0x61, 0x67,
+	0x65, 0x72, 0x5C, 0x56, 0x6F, 0x79, 0x61, 0x67, 0x65, 0x72, 0x2D, 0x32,
+	0x5C, 0x78, 0x36, 0x34, 0x5C, 0x52, 0x65, 0x6C, 0x65, 0x61, 0x73, 0x65,
+	0x5C, 0x50, 0x61, 0x79, 0x4C, 0x6F, 0x61, 0x64, 0x2E, 0x70, 0x64, 0x62,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00,
+	0x69, 0x00, 0x00, 0x00, 0x2E, 0x74, 0x65, 0x78, 0x74, 0x24, 0x6D, 0x6E,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
+	0x2E, 0x72, 0x64, 0x61, 0x74, 0x61, 0x00, 0x00, 0x38, 0x20, 0x00, 0x00,
+	0xBC, 0x00, 0x00, 0x00, 0x2E, 0x72, 0x64, 0x61, 0x74, 0x61, 0x24, 0x7A,
+	0x7A, 0x7A, 0x64, 0x62, 0x67, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
+	0x28, 0x00, 0x00, 0x00, 0x2E, 0x62, 0x73, 0x73, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x40, 0x00, 0x00, 0x65, 0x00, 0x00, 0x00, 0x2E, 0x65, 0x64, 0x61,
+	0x74, 0x61, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -240,16 +199,15 @@ unsigned char PayLoad[3072] =
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x32, 0x40, 0x00, 0x00,
+	0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+	0x28, 0x40, 0x00, 0x00, 0x2C, 0x40, 0x00, 0x00, 0x30, 0x40, 0x00, 0x00,
+	0x00, 0x30, 0x00, 0x00, 0x3E, 0x40, 0x00, 0x00, 0x00, 0x00, 0x50, 0x61,
+	0x79, 0x4C, 0x6F, 0x61, 0x64, 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x3F, 0x76,
+	0x6F, 0x79, 0x61, 0x67, 0x65, 0x72, 0x5F, 0x63, 0x6F, 0x6E, 0x74, 0x65,
+	0x78, 0x74, 0x40, 0x73, 0x76, 0x6D, 0x40, 0x40, 0x33, 0x55, 0x5F, 0x76,
+	0x6F, 0x79, 0x61, 0x67, 0x65, 0x72, 0x5F, 0x74, 0x40, 0x31, 0x40, 0x41,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
-	0x00, 0x00, 0x00, 0x00, 0x32, 0x50, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
-	0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x28, 0x50, 0x00, 0x00,
-	0x2C, 0x50, 0x00, 0x00, 0x30, 0x50, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
-	0x3E, 0x50, 0x00, 0x00, 0x00, 0x00, 0x50, 0x61, 0x79, 0x4C, 0x6F, 0x61,
-	0x64, 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x3F, 0x76, 0x6F, 0x79, 0x61, 0x67,
-	0x65, 0x72, 0x5F, 0x63, 0x6F, 0x6E, 0x74, 0x65, 0x78, 0x74, 0x40, 0x73,
-	0x76, 0x6D, 0x40, 0x40, 0x33, 0x55, 0x5F, 0x76, 0x6F, 0x79, 0x61, 0x67,
-	0x65, 0x72, 0x5F, 0x74, 0x40, 0x31, 0x40, 0x41, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -283,5 +241,5 @@ unsigned char PayLoad[3072] =
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+	0x00, 0x00, 0x00, 0x00
 };
\ No newline at end of file