_xeroxz
/
amlegit
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

paste V1.1

Browse Source
master
xerox 4 years ago
parent 2b0bbe4678
commit 43b380b66e
33 changed files with 387 additions and 0 deletions
Show Stats Download Patch File Download Diff File

0
buffer_dump.dll → buffer/buffer_dump.dll
Unescape View File

0
buffer_dump.i64 → buffer/buffer_dump.i64
Unescape View File

0
driver.sys → driver/driver.sys
Unescape View File

BIN
driver.sys.i64 → driver/driver.sys.i64
View File

Binary file not shown.

0
ida_pages/ioctl_hook_setup.html → driver/html/ioctl_hook_setup.html
Unescape View File

0
images/ioctl_hook_driver.png → driver/images/ioctl_hook_driver.png
Unescape View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 30 KiB

After

Width:  |  Height:  |  Size: 30 KiB

0
images/spoofer_paste.png → driver/images/spoofer_paste_1.png
Unescape View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 144 KiB

After

Width:  |  Height:  |  Size: 144 KiB

0
images/nsiproxy_paste.PNG → driver/images/spoofer_paste_2.PNG
Unescape View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 163 KiB

After

Width:  |  Height:  |  Size: 163 KiB

BIN
images/amlegit_diagram.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 26 KiB

BIN
images/lapex_imports.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 134 KiB

BIN
inject/images/DeviceIoControl.PNG
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 66 KiB

0
inject_dump.dll → inject/inject_dump.dll
Unescape View File

BIN
inject_dump.i64 → inject/inject_dump.i64
View File

Binary file not shown.

0
lapex.dll → lapex/lapex.dll
Unescape View File

0
lapex.dll.i64 → lapex/lapex.dll.i64
Unescape View File

17
llauncher/html/export_inject.html
Unescape View File

@ -0,0 +1,17 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>IDA - llauncher_dump.i64 (llauncher_dump.exe) C:\Users\xerox\Desktop\amlegit.com\files\llauncher\llauncher_dump.i64</title>
</head>
<body bgcolor="#ffffff">
<span style="white-space: pre; font-family: Consolas; color: blue; background: #ffffff">
<span style="color:black">.text:00007FF7D93BAC0C
.text:00007FF7D93BAC0C </span><span style="color:navy">loc_7FF7D93BAC0C: </span><span style="color:#8080ff">; DATA XREF: sub_7FF7D95E2D10-97C6D↓o
</span><span style="color:black">.text:00007FF7D93BAC0C </span><span style="color:navy">call export_inject_addr </span>; ExportInject(&quot;Respawn001&quot;, &quot;lapex.dll&quot;);
<span style="color:black">.text:00007FF7D93BAC0E </span><span style="color:navy">test al, al
</span><span style="color:black">.text:00007FF7D93BAC10 </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAC14 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAC18 </span><span style="color:navy">jnz short </span><span style="color:gray">dll_injected_success </span>; if (ExportInject(&quot;Respawn001&quot;, &quot;lapex.dll&quot;))
</span></body></html>

22
llauncher/html/export_load.html
Unescape View File

@ -0,0 +1,22 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>IDA - llauncher_dump.i64 (llauncher_dump.exe) C:\Users\xerox\Desktop\amlegit.com\files\llauncher\llauncher_dump.i64</title>
</head>
<body bgcolor="#ffffff">
<span style="white-space: pre; font-family: Consolas; color: blue; background: #ffffff">
<span style="color:black">.text:00007FF7D93BAD9E </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAD9E </span><span style="color:navy">call export_loader_addr </span>; ExportLoad()
<span style="color:black">.text:00007FF7D93BADA0 </span><span style="color:navy">test al, al
</span><span style="color:black">.text:00007FF7D93BADA2 </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BADA6 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BADAA </span><span style="color:navy">jnz short </span><span style="color:gray">loaded_intel_driver </span>; if(ExportLoad())
<span style="color:black">.text:00007FF7D93BADAC </span><span style="color:navy">mov edx, </span><span style="color:green">20h </span><span style="color:gray">; &#039; &#039;
</span><span style="color:black">.text:00007FF7D93BADB1 </span><span style="color:navy">lea rcx, aFailedToLoadVu </span><span style="color:gray">; &quot;Failed to load vulnerable driver&quot;
</span><span style="color:black">.text:00007FF7D93BADB8 </span><span style="color:navy">call sub_7FF7D958DEFC
</span><span style="color:black">.text:00007FF7D93BADBD </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BADBE </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BADBE </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span></body></html>

19
llauncher/html/export_map.html
Unescape View File

@ -0,0 +1,19 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>IDA - llauncher_dump.i64 (llauncher_dump.exe) C:\Users\xerox\Desktop\amlegit.com\files\llauncher\llauncher_dump.i64</title>
</head>
<body bgcolor="#ffffff">
<span style="white-space: pre; font-family: Consolas; color: blue; background: #ffffff">
<span style="color:black">.text:00007FF7D93BAE03 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAE03 </span><span style="color:navy">lea rcx, aDriverSys </span><span style="color:gray">; &quot;driver.sys&quot;
</span><span style="color:black">.text:00007FF7D93BAE0A </span><span style="color:navy">call export_map_addr </span>; ExportMap(&quot;driver.sys&quot;)
<span style="color:black">.text:00007FF7D93BAE0C </span><span style="color:navy">test al, al
</span><span style="color:black">.text:00007FF7D93BAE0E
.text:00007FF7D93BAE0E </span><span style="color:navy">loc_7FF7D93BAE0E: </span><span style="color:olive">; DATA XREF: sub_7FF7D957BEA6-FC4D7↓o
</span><span style="color:black">.text:00007FF7D93BAE0E </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAE12 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAE16 </span><span style="color:navy">jnz short </span><span style="color:gray">mapped_driver_success </span>; if(ExportMap(&quot;driver.sys&quot;))
</span></body></html>

16
llauncher/html/export_spoof.html
Unescape View File

@ -0,0 +1,16 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>IDA - llauncher_dump.i64 (llauncher_dump.exe) C:\Users\xerox\Desktop\amlegit.com\files\llauncher\llauncher_dump.i64</title>
</head>
<body bgcolor="#ffffff">
<span style="white-space: pre; font-family: Consolas; color: blue; background: #ffffff">
<span style="color:black">.text:00007FF7D93BAFC6 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAFC6 </span><span style="color:navy">call export_spoof_addr </span>; ExportSpoof();
<span style="color:black">.text:00007FF7D93BAFC8 </span><span style="color:navy">test al, al
</span><span style="color:black">.text:00007FF7D93BAFCA </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAFCE </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAFD2 </span><span style="color:navy">jnz short loc_7FF7D93BAFF3 </span>; if(!ExportSpoof())
</span></body></html>

18
llauncher/html/getprocaddr_export_inject.html
Unescape View File

@ -0,0 +1,18 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>IDA - llauncher_dump.i64 (llauncher_dump.exe) C:\Users\xerox\Desktop\amlegit.com\files\llauncher\llauncher_dump.i64</title>
</head>
<body bgcolor="#ffffff">
<span style="white-space: pre; font-family: Consolas; color: blue; background: #ffffff">
<span style="color:black">.text:00007FF7D93BAB6E </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAB6E </span><span style="color:navy">lea rdx, ProcName </span><span style="color:gray">; &quot;ExportInject&quot;
</span><span style="color:black">.text:00007FF7D93BAB75 </span><span style="color:navy">lea rcx, hModule </span>; hModule
<span style="color:black">.text:00007FF7D93BAB7C </span><span style="color:navy">push get_proc_result
</span><span style="color:black">.text:00007FF7D93BAB7D </span><span style="color:navy">call </span>GetProcAddress_Wrapper ; GetProcAddress(InjectModuleHandle, &quot;ExportInject&quot;)
<span style="color:black">.text:00007FF7D93BAB82 </span><span style="color:navy">mov export_inject_addr, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAB85 </span><span style="color:navy">test get_proc_result, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAB88 </span><span style="color:navy">jnz short loc_7FF7D93BABB2 </span>; if(GetProcAddress(InjectModuleHandle, &quot;ExportInject&quot;))
</span></body></html>

28
llauncher/html/getprocaddr_export_spoof.html
Unescape View File

@ -0,0 +1,28 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>IDA - llauncher_dump.i64 (llauncher_dump.exe) C:\Users\xerox\Desktop\amlegit.com\files\llauncher\llauncher_dump.i64</title>
</head>
<body bgcolor="#ffffff">
<span style="white-space: pre; font-family: Consolas; color: blue; background: #ffffff">
<span style="color:black">.text:00007FF7D93BAF36 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAF36 </span><span style="color:navy">lea rdx, aExportspoof </span><span style="color:gray">; &quot;ExportSpoof&quot;
</span><span style="color:black">.text:00007FF7D93BAF3D
.text:00007FF7D93BAF3D </span><span style="color:navy">loc_7FF7D93BAF3D: </span><span style="color:olive">; DATA XREF: sub_7FF7D95C26CF-1AD520↓o
</span><span style="color:black">.text:00007FF7D93BAF3D </span><span style="color:navy">lea rcx, hModule
</span><span style="color:black">.text:00007FF7D93BAF44 </span><span style="color:navy">push get_proc_result
</span><span style="color:black">.text:00007FF7D93BAF45 </span><span style="color:navy">call </span>GetProcAddress_Wrapper_3 ; GetProcAddress(InjectModuleHandle, &quot;ExportSpoof&quot;);
<span style="color:black">.text:00007FF7D93BAF4A </span><span style="color:navy">mov export_spoof_addr, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAF4D </span><span style="color:navy">test get_proc_result, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAF50 </span><span style="color:navy">jnz short loc_7FF7D93BAF7A </span>; if(!GetProcAddress(InjectModuleHandle, &quot;ExportSpoof&quot;))
<span style="color:black">.text:00007FF7D93BAF52 </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAF56 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAF5A </span><span style="color:navy">lea edx, [export_spoof_addr+</span><span style="color:green">15h</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAF5D </span><span style="color:navy">lea rcx, aFailedToGetExp </span><span style="color:gray">; &quot;Failed to get exports&quot;
</span><span style="color:black">.text:00007FF7D93BAF64 </span><span style="color:navy">call sub_7FF7D951A927
</span><span style="color:black">.text:00007FF7D93BAF69 </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BAF6A </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAF6A </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span></body></html>

31
llauncher/html/getprocaddr_map_load.html
Unescape View File

@ -0,0 +1,31 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>IDA - llauncher_dump.i64 (llauncher_dump.exe) C:\Users\xerox\Desktop\amlegit.com\files\llauncher\llauncher_dump.i64</title>
</head>
<body bgcolor="#ffffff">
<span style="white-space: pre; font-family: Consolas; color: blue; background: #ffffff">
<span style="color:black">.text:00007FF7D93BAD1A </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAD1A </span><span style="color:navy">lea rdx, aExportload </span><span style="color:gray">; &quot;ExportLoad&quot;
</span><span style="color:black">.text:00007FF7D93BAD21 </span><span style="color:navy">lea rcx, InjectModuleHandle </span>; handle to inject.dll
<span style="color:black">.text:00007FF7D93BAD28 </span><span style="color:navy">push export_map_addr
</span><span style="color:black">.text:00007FF7D93BAD29 </span><span style="color:navy">call </span>GetProcAddress_Wrapper_0 ; GetProcAddress(InjectHandle, &quot;ExportLoad&quot;);
<span style="color:black">.text:00007FF7D93BAD2E
.text:00007FF7D93BAD2E </span><span style="color:navy">loc_7FF7D93BAD2E: </span><span style="color:#8080ff">; DATA XREF: sub_7FF7D954B379-8B56A↓o
</span><span style="color:black">.text:00007FF7D93BAD2E </span><span style="color:olive">; sub_7FF7D953050F+19↓o
</span><span style="color:black">.text:00007FF7D93BAD2E </span><span style="color:navy">mov export_loader_addr, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD31 </span><span style="color:navy">lea rdx, aExportmap </span><span style="color:gray">; &quot;ExportMap&quot;
</span><span style="color:black">.text:00007FF7D93BAD38 </span><span style="color:navy">lea rcx, InjectModuleHandle
</span><span style="color:black">.text:00007FF7D93BAD3F </span><span style="color:navy">call </span>GetProcAddress_Wrapper_1 ; GetProcAddress(InjectHandle, &quot;ExportMap&quot;);
<span style="color:black">.text:00007FF7D93BAD44 </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BAD45 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAD45 </span><span style="color:navy">mov export_map_addr, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD48 </span><span style="color:navy">test export_loader_addr, export_loader_addr
</span><span style="color:black">.text:00007FF7D93BAD4B </span><span style="color:navy">jz </span><span style="color:gray">get_import_failed </span>; if(!GetProcAddress(InjectHandle, &quot;ExportLoad&quot;))
<span style="color:black">.text:00007FF7D93BAD51
.text:00007FF7D93BAD51 </span><span style="color:navy">loc_7FF7D93BAD51: </span><span style="color:olive">; DATA XREF: sub_7FF7D94AAA89+10F799↓o
</span><span style="color:black">.text:00007FF7D93BAD51 </span><span style="color:navy">test get_proc_result, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD54 </span><span style="color:navy">jz </span><span style="color:gray">get_import_failed </span>; if(!GetProcAddress(InjectHandle, &quot;ExportMap&quot;))
</span></body></html>

236
llauncher/html/load_and_map.html
Unescape View File

@ -0,0 +1,236 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>IDA - llauncher_dump.i64 (llauncher_dump.exe) C:\Users\xerox\Desktop\amlegit.com\files\llauncher\llauncher_dump.i64</title>
</head>
<body bgcolor="#ffffff">
<span style="white-space: pre; font-family: Consolas; color: blue; background: #ffffff">
<span style="color:black">.text:00007FF7D93BAC80
.text:00007FF7D93BAC80 </span><span style="color:gray">; =============== S U B R O U T I N E =======================================
</span><span style="color:black">.text:00007FF7D93BAC80
.text:00007FF7D93BAC80 </span><span style="color:gray">; Attributes: noreturn bp-based frame
</span><span style="color:black">.text:00007FF7D93BAC80
.text:00007FF7D93BAC80 </span>load_driver <span style="color:black">proc near </span><span style="color:green">; CODE XREF: sub_7FF7D93BB220+66↓p
</span><span style="color:black">.text:00007FF7D93BAC80 </span><span style="color:#8080ff">; DATA XREF: .vmp1:00007FF7D9CB5F14↓o
</span><span style="color:black">.text:00007FF7D93BAC80
.text:00007FF7D93BAC80 </span><span style="color:green">arg_0 </span><span style="color:navy">= qword ptr </span><span style="color:#008040">20h
</span><span style="color:black">.text:00007FF7D93BAC80 </span><span style="color:green">arg_8 </span><span style="color:navy">= qword ptr </span><span style="color:#008040">28h
</span><span style="color:black">.text:00007FF7D93BAC80 </span><span style="color:green">arg_10 </span><span style="color:navy">= qword ptr </span><span style="color:#008040">30h
</span><span style="color:black">.text:00007FF7D93BAC80 </span><span style="color:green">arg_18 </span><span style="color:navy">= qword ptr </span><span style="color:#008040">38h
</span><span style="color:black">.text:00007FF7D93BAC80
.text:00007FF7D93BAC80 </span><span style="color:navy">get_proc_result = rax
</span><span style="color:black">.text:00007FF7D93BAC80 </span><span style="color:navy">export_map_addr = rdi
</span><span style="color:black">.text:00007FF7D93BAC80 </span><span style="color:navy">export_loader_addr = rsi
</span><span style="color:black">.text:00007FF7D93BAC80 </span><span style="color:navy">; __unwind { // sub_7FF7D93BD226
</span><span style="color:black">.text:00007FF7D93BAC80 </span><span style="color:navy">mov [rsp-</span><span style="color:green">18h</span><span style="color:navy">+</span><span style="color:green">arg_0</span><span style="color:navy">], rbx
</span><span style="color:black">.text:00007FF7D93BAC85 </span><span style="color:navy">push rbp
</span><span style="color:black">.text:00007FF7D93BAC86 </span><span style="color:navy">push export_loader_addr
</span><span style="color:black">.text:00007FF7D93BAC87 </span><span style="color:navy">push export_map_addr
</span><span style="color:black">.text:00007FF7D93BAC88 </span><span style="color:navy">mov rbp, rsp
</span><span style="color:black">.text:00007FF7D93BAC8B </span><span style="color:navy">sub rsp, </span><span style="color:green">20h
</span><span style="color:black">.text:00007FF7D93BAC8F </span>; 6: sub_7FF7D95BBA6F(a1);
<span style="color:black">.text:00007FF7D93BAC8F </span><span style="color:navy">mov rbx, rcx
</span><span style="color:black">.text:00007FF7D93BAC92 </span>; 5: v2 = &amp;v1;
<span style="color:black">.text:00007FF7D93BAC92 </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAC96
.text:00007FF7D93BAC96 </span><span style="color:navy">loc_7FF7D93BAC96: </span><span style="color:olive">; DATA XREF: sub_7FF7D959D1A6-1C17C↓o
</span><span style="color:black">.text:00007FF7D93BAC96 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAC9A </span><span style="color:navy">mov edx, </span><span style="color:green">11h
</span><span style="color:black">.text:00007FF7D93BAC9F </span><span style="color:navy">lea rcx, aLoadingDriver </span><span style="color:gray">; &quot;Loading driver...&quot;
</span><span style="color:black">.text:00007FF7D93BACA6 </span><span style="color:navy">call sub_7FF7D95BBA6F
</span><span style="color:black">.text:00007FF7D93BACAB </span>; 7: __debugbreak();
<span style="color:black">.text:00007FF7D93BACAB </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BACAC </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BACAC </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BACB0 </span><span style="color:navy">mov edx, </span><span style="color:green">1
</span><span style="color:black">.text:00007FF7D93BACB5 </span><span style="color:navy">lea rcx, aI </span><span style="color:gray">; &quot;i&quot;
</span><span style="color:black">.text:00007FF7D93BACBC </span><span style="color:navy">call sub_7FF7D940B132
</span><span style="color:black">.text:00007FF7D93BACC1 </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BACC2 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BACC2 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_10</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BACC6 </span><span style="color:navy">lea r8, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BACCA </span><span style="color:navy">lea rdx, [rbp+</span><span style="color:green">arg_10</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BACCE </span><span style="color:navy">mov rcx, rbx
</span><span style="color:black">.text:00007FF7D93BACD1 </span><span style="color:navy">call sub_7FF7D93BB040
</span><span style="color:black">.text:00007FF7D93BACD6 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BACD6
.text:00007FF7D93BACD6 </span><span style="color:navy">loc_7FF7D93BACD6: </span><span style="color:olive">; DATA XREF: sub_7FF7D95E4FFB+1↓o
</span><span style="color:black">.text:00007FF7D93BACD6 </span><span style="color:olive">; sub_7FF7D95ED6E8-E95B5↓o
</span><span style="color:black">.text:00007FF7D93BACD6 </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BACDA </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BACDE </span><span style="color:navy">mov edx, </span><span style="color:green">12h
</span><span style="color:black">.text:00007FF7D93BACE3 </span><span style="color:navy">lea rcx, aGettingExports </span><span style="color:gray">; &quot;Getting exports...&quot;
</span><span style="color:black">.text:00007FF7D93BACEA </span><span style="color:navy">push rbx
</span><span style="color:black">.text:00007FF7D93BACEB
.text:00007FF7D93BACEB </span><span style="color:navy">loc_7FF7D93BACEB: </span><span style="color:olive">; DATA XREF: sub_7FF7D94757CA-1297F↓o
</span><span style="color:black">.text:00007FF7D93BACEB </span><span style="color:navy">call sub_7FF7D95592BA
</span><span style="color:black">.text:00007FF7D93BACF0 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BACF4
.text:00007FF7D93BACF4 </span><span style="color:navy">loc_7FF7D93BACF4: </span><span style="color:olive">; DATA XREF: sub_7FF7D94468AE+1674B7↓o
</span><span style="color:black">.text:00007FF7D93BACF4 </span><span style="color:navy">mov edx, </span><span style="color:green">1
</span><span style="color:black">.text:00007FF7D93BACF9 </span><span style="color:navy">lea rcx, aD </span><span style="color:gray">; &quot;d&quot;
</span><span style="color:black">.text:00007FF7D93BAD00 </span><span style="color:navy">push get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD01 </span><span style="color:navy">call sub_7FF7D95056A0
</span><span style="color:black">.text:00007FF7D93BAD06
.text:00007FF7D93BAD06 </span><span style="color:navy">loc_7FF7D93BAD06: </span><span style="color:olive">; DATA XREF: sub_7FF7D942142B+1BEC8↓o
</span><span style="color:black">.text:00007FF7D93BAD06 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_10</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD0A </span><span style="color:navy">lea r8, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAD0E </span><span style="color:navy">lea rdx, [rbp+</span><span style="color:green">arg_10</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAD12 </span><span style="color:navy">mov rcx, rbx
</span><span style="color:black">.text:00007FF7D93BAD15 </span><span style="color:navy">call sub_7FF7D93BB040
</span><span style="color:black">.text:00007FF7D93BAD1A </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAD1A </span><span style="color:navy">lea rdx, aExportload </span><span style="color:gray">; &quot;ExportLoad&quot;
</span><span style="color:black">.text:00007FF7D93BAD21 </span><span style="color:navy">lea rcx, InjectModuleHandle </span>; handle to inject.dll
<span style="color:black">.text:00007FF7D93BAD28 </span><span style="color:navy">push export_map_addr
</span><span style="color:black">.text:00007FF7D93BAD29 </span><span style="color:navy">call </span>GetProcAddress_Wrapper_0 ; GetProcAddress(InjectHandle, &quot;ExportLoad&quot;);
<span style="color:black">.text:00007FF7D93BAD2E
.text:00007FF7D93BAD2E </span><span style="color:navy">loc_7FF7D93BAD2E: </span><span style="color:#8080ff">; DATA XREF: sub_7FF7D954B379-8B56A↓o
</span><span style="color:black">.text:00007FF7D93BAD2E </span><span style="color:olive">; sub_7FF7D953050F+19↓o
</span><span style="color:black">.text:00007FF7D93BAD2E </span><span style="color:navy">mov export_loader_addr, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD31 </span><span style="color:navy">lea rdx, aExportmap </span><span style="color:gray">; &quot;ExportMap&quot;
</span><span style="color:black">.text:00007FF7D93BAD38 </span><span style="color:navy">lea rcx, InjectModuleHandle
</span><span style="color:black">.text:00007FF7D93BAD3F </span><span style="color:navy">call </span>GetProcAddress_Wrapper_1 ; GetProcAddress(InjectHandle, &quot;ExportMap&quot;);
<span style="color:black">.text:00007FF7D93BAD44 </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BAD45 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAD45 </span><span style="color:navy">mov export_map_addr, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD48 </span><span style="color:navy">test export_loader_addr, export_loader_addr
</span><span style="color:black">.text:00007FF7D93BAD4B </span><span style="color:navy">jz </span><span style="color:gray">get_import_failed </span>; if(!GetProcAddress(InjectHandle, &quot;ExportLoad&quot;))
<span style="color:black">.text:00007FF7D93BAD51
.text:00007FF7D93BAD51 </span><span style="color:navy">loc_7FF7D93BAD51: </span><span style="color:olive">; DATA XREF: sub_7FF7D94AAA89+10F799↓o
</span><span style="color:black">.text:00007FF7D93BAD51 </span><span style="color:navy">test get_proc_result, get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD54 </span><span style="color:navy">jz </span><span style="color:gray">get_import_failed
</span><span style="color:black">.text:00007FF7D93BAD5A </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAD5E </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD62 </span><span style="color:navy">mov edx, </span><span style="color:green">1Ch
</span><span style="color:black">.text:00007FF7D93BAD67
.text:00007FF7D93BAD67 </span><span style="color:navy">loc_7FF7D93BAD67: </span><span style="color:olive">; DATA XREF: sub_7FF7D95ECD37-A8861↓o
</span><span style="color:black">.text:00007FF7D93BAD67 </span><span style="color:olive">; .vmp0:loc_7FF7D94B4A3E↓o
</span><span style="color:black">.text:00007FF7D93BAD67 </span><span style="color:navy">lea rcx, aLoadingVulnera </span><span style="color:gray">; &quot;Loading vulnerable driver...&quot;
</span><span style="color:black">.text:00007FF7D93BAD6E </span><span style="color:navy">push rbx
</span><span style="color:black">.text:00007FF7D93BAD6F </span><span style="color:navy">call </span>print_wrapper
<span style="color:black">.text:00007FF7D93BAD74 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD78 </span><span style="color:navy">mov edx, </span><span style="color:green">1
</span><span style="color:black">.text:00007FF7D93BAD7D
.text:00007FF7D93BAD7D </span><span style="color:navy">loc_7FF7D93BAD7D: </span><span style="color:olive">; DATA XREF: sub_7FF7D94503B6-30DA4↓o
</span><span style="color:black">.text:00007FF7D93BAD7D </span><span style="color:navy">lea rcx, aD </span><span style="color:gray">; &quot;d&quot;
</span><span style="color:black">.text:00007FF7D93BAD84 </span><span style="color:navy">call sub_7FF7D9478BE0
</span><span style="color:black">.text:00007FF7D93BAD89 </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BAD8A </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAD8A </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_10</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAD8E </span><span style="color:navy">lea r8, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAD92 </span><span style="color:navy">lea rdx, [rbp+</span><span style="color:green">arg_10</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAD96 </span><span style="color:navy">mov rcx, rbx
</span><span style="color:black">.text:00007FF7D93BAD99 </span><span style="color:navy">call sub_7FF7D93BB040
</span><span style="color:black">.text:00007FF7D93BAD9E </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAD9E </span><span style="color:navy">call export_loader_addr </span>; ExportLoad()
<span style="color:black">.text:00007FF7D93BADA0 </span><span style="color:navy">test al, al
</span><span style="color:black">.text:00007FF7D93BADA2 </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BADA6 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BADAA </span><span style="color:navy">jnz short </span><span style="color:gray">loaded_intel_driver </span>; if(!ExportLoad())
<span style="color:black">.text:00007FF7D93BADAC </span><span style="color:navy">mov edx, </span><span style="color:green">20h </span><span style="color:gray">; &#039; &#039;
</span><span style="color:black">.text:00007FF7D93BADB1 </span><span style="color:navy">lea rcx, aFailedToLoadVu </span><span style="color:gray">; &quot;Failed to load vulnerable driver&quot;
</span><span style="color:black">.text:00007FF7D93BADB8 </span><span style="color:navy">call sub_7FF7D958DEFC
</span><span style="color:black">.text:00007FF7D93BADBD </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BADBE </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BADBE </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BADC2 </span><span style="color:navy">jmp loc_7FF7D93BAE6D
</span><span style="color:black">.text:00007FF7D93BADC7 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BADC7
.text:00007FF7D93BADC7 </span><span style="color:gray">loaded_intel_driver</span><span style="color:navy">: </span><span style="color:green">; CODE XREF: load_driver+12A↑j
</span><span style="color:black">.text:00007FF7D93BADC7 </span><span style="color:navy">mov edx, </span><span style="color:green">21
</span><span style="color:black">.text:00007FF7D93BADCC
.text:00007FF7D93BADCC </span><span style="color:navy">loc_7FF7D93BADCC: </span><span style="color:olive">; DATA XREF: .vmp0:00007FF7D95F9431↓o
</span><span style="color:black">.text:00007FF7D93BADCC </span><span style="color:navy">lea rcx, aMappingOurDriv </span><span style="color:gray">; &quot;Mapping our driver...&quot;
</span><span style="color:black">.text:00007FF7D93BADD3 </span><span style="color:navy">push rdx
</span><span style="color:black">.text:00007FF7D93BADD4 </span><span style="color:navy">call sub_7FF7D955E32D
</span><span style="color:black">.text:00007FF7D93BADD9 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BADDD </span><span style="color:navy">mov edx, </span><span style="color:green">1
</span><span style="color:black">.text:00007FF7D93BADE2 </span><span style="color:navy">lea rcx, aD </span><span style="color:gray">; &quot;d&quot;
</span><span style="color:black">.text:00007FF7D93BADE9
.text:00007FF7D93BADE9 </span><span style="color:navy">loc_7FF7D93BADE9: </span><span style="color:olive">; DATA XREF: sub_7FF7D95A4C59:loc_7FF7D9592C44↓o
</span><span style="color:black">.text:00007FF7D93BADE9 </span><span style="color:navy">call sub_7FF7D952ADCD
</span><span style="color:black">.text:00007FF7D93BADEE </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BADEF </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BADEF </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_10</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BADF3 </span><span style="color:navy">lea r8, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BADF7 </span><span style="color:navy">lea rdx, [rbp+</span><span style="color:green">arg_10</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BADFB </span><span style="color:navy">mov rcx, rbx
</span><span style="color:black">.text:00007FF7D93BADFE </span><span style="color:navy">call sub_7FF7D93BB040
</span><span style="color:black">.text:00007FF7D93BAE03 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAE03 </span><span style="color:navy">lea rcx, aDriverSys </span><span style="color:gray">; &quot;driver.sys&quot;
</span><span style="color:black">.text:00007FF7D93BAE0A </span><span style="color:navy">call export_map_addr
</span><span style="color:black">.text:00007FF7D93BAE0C </span><span style="color:navy">test al, al
</span><span style="color:black">.text:00007FF7D93BAE0E
.text:00007FF7D93BAE0E </span><span style="color:navy">loc_7FF7D93BAE0E: </span><span style="color:olive">; DATA XREF: sub_7FF7D957BEA6-FC4D7↓o
</span><span style="color:black">.text:00007FF7D93BAE0E </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAE12 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAE16 </span><span style="color:navy">jnz short </span><span style="color:gray">mapped_driver_success
</span><span style="color:black">.text:00007FF7D93BAE18 </span><span style="color:navy">mov edx, </span><span style="color:green">18h
</span><span style="color:black">.text:00007FF7D93BAE1D </span><span style="color:navy">lea rcx, aFailedToMapOur </span><span style="color:gray">; &quot;Failed to map our driver&quot;
</span><span style="color:black">.text:00007FF7D93BAE24
.text:00007FF7D93BAE24 </span><span style="color:navy">loc_7FF7D93BAE24: </span><span style="color:#8080ff">; DATA XREF: sub_7FF7D94FF131-2DECE↓o
</span><span style="color:black">.text:00007FF7D93BAE24 </span><span style="color:navy">push export_loader_addr
</span><span style="color:black">.text:00007FF7D93BAE25 </span><span style="color:navy">call sub_7FF7D954EE11
</span><span style="color:black">.text:00007FF7D93BAE2A </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAE2E </span><span style="color:navy">jmp short loc_7FF7D93BAE6D
</span><span style="color:black">.text:00007FF7D93BAE30 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAE30
.text:00007FF7D93BAE30 </span><span style="color:gray">mapped_driver_success</span><span style="color:navy">: </span><span style="color:green">; CODE XREF: load_driver+196↑j
</span><span style="color:black">.text:00007FF7D93BAE30 </span><span style="color:navy">mov edx, </span><span style="color:green">1Ah
</span><span style="color:black">.text:00007FF7D93BAE35
.text:00007FF7D93BAE35 </span><span style="color:navy">loc_7FF7D93BAE35: </span><span style="color:olive">; DATA XREF: sub_7FF7D9567ABC-7F50C↓o
</span><span style="color:black">.text:00007FF7D93BAE35 </span><span style="color:olive">; sub_7FF7D95A8564-271A↓o
</span><span style="color:black">.text:00007FF7D93BAE35 </span><span style="color:navy">lea rcx, aDriverLoadedSu </span><span style="color:gray">; &quot;Driver loaded successfully&quot;
</span><span style="color:black">.text:00007FF7D93BAE3C
.text:00007FF7D93BAE3C </span><span style="color:navy">loc_7FF7D93BAE3C: </span><span style="color:olive">; DATA XREF: sub_7FF7D9471582+10↓o
</span><span style="color:black">.text:00007FF7D93BAE3C </span><span style="color:navy">call sub_7FF7D95B77C9
</span><span style="color:black">.text:00007FF7D93BAE41 </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BAE42 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAE42 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAE46 </span><span style="color:navy">lea rcx, aS </span><span style="color:gray">; &quot;s&quot;
</span><span style="color:black">.text:00007FF7D93BAE4D </span><span style="color:navy">jmp short loc_7FF7D93BAE74
</span><span style="color:black">.text:00007FF7D93BAE4F </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAE4F
.text:00007FF7D93BAE4F </span><span style="color:gray">get_import_failed</span><span style="color:navy">: </span><span style="color:green">; CODE XREF: load_driver+CB↑j
</span><span style="color:black">.text:00007FF7D93BAE4F </span><span style="color:green">; load_driver+D4↑j
</span><span style="color:black">.text:00007FF7D93BAE4F </span><span style="color:navy">lea get_proc_result, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAE53 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_18</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAE57
.text:00007FF7D93BAE57 </span><span style="color:navy">loc_7FF7D93BAE57: </span><span style="color:olive">; DATA XREF: sub_7FF7D9529E62+78856↓o
</span><span style="color:black">.text:00007FF7D93BAE57 </span><span style="color:navy">mov edx, </span><span style="color:green">15h
</span><span style="color:black">.text:00007FF7D93BAE5C </span><span style="color:navy">lea rcx, aFailedToGetExp </span><span style="color:gray">; &quot;Failed to get exports&quot;
</span><span style="color:black">.text:00007FF7D93BAE63 </span><span style="color:navy">call sub_7FF7D95DC54A
</span><span style="color:black">.text:00007FF7D93BAE68 </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BAE69 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAE69 </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAE6D
.text:00007FF7D93BAE6D </span><span style="color:navy">loc_7FF7D93BAE6D: </span><span style="color:green">; CODE XREF: load_driver+142↑j
</span><span style="color:black">.text:00007FF7D93BAE6D </span><span style="color:green">; load_driver+1AE↑j
</span><span style="color:black">.text:00007FF7D93BAE6D </span><span style="color:olive">; DATA XREF: ...
</span><span style="color:black">.text:00007FF7D93BAE6D </span><span style="color:navy">lea rcx, aE </span><span style="color:gray">; &quot;e&quot;
</span><span style="color:black">.text:00007FF7D93BAE74
.text:00007FF7D93BAE74 </span><span style="color:navy">loc_7FF7D93BAE74: </span><span style="color:green">; CODE XREF: load_driver+1CD↑j
</span><span style="color:black">.text:00007FF7D93BAE74 </span><span style="color:navy">mov edx, </span><span style="color:green">1
</span><span style="color:black">.text:00007FF7D93BAE79 </span><span style="color:navy">call sub_7FF7D959401E
</span><span style="color:black">.text:00007FF7D93BAE7E </span><span style="color:navy">int </span><span style="color:green">3 </span>; Trap to Debugger
<span style="color:black">.text:00007FF7D93BAE7F </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAE7F </span><span style="color:navy">mov [rbp+</span><span style="color:green">arg_10</span><span style="color:navy">], get_proc_result
</span><span style="color:black">.text:00007FF7D93BAE83 </span><span style="color:navy">lea r8, [rbp+</span><span style="color:green">arg_8</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAE87 </span><span style="color:navy">lea rdx, [rbp+</span><span style="color:green">arg_10</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAE8B </span><span style="color:navy">mov rcx, rbx
</span><span style="color:black">.text:00007FF7D93BAE8E </span><span style="color:navy">call sub_7FF7D93BB040
</span><span style="color:black">.text:00007FF7D93BAE93 </span><span style="color:gray">; ---------------------------------------------------------------------------
</span><span style="color:black">.text:00007FF7D93BAE93 </span><span style="color:navy">mov rbx, [rsp+</span><span style="color:green">20h</span><span style="color:navy">+</span><span style="color:green">arg_0</span><span style="color:navy">]
</span><span style="color:black">.text:00007FF7D93BAE98 </span><span style="color:navy">add rsp, </span><span style="color:green">20h
</span><span style="color:black">.text:00007FF7D93BAE9C
.text:00007FF7D93BAE9C </span><span style="color:navy">loc_7FF7D93BAE9C: </span><span style="color:#8080ff">; DATA XREF: sub_7FF7D954BA34+37E22↓o
</span><span style="color:black">.text:00007FF7D93BAE9C </span><span style="color:navy">pop export_map_addr
</span><span style="color:black">.text:00007FF7D93BAE9D </span><span style="color:navy">pop export_loader_addr
</span><span style="color:black">.text:00007FF7D93BAE9E </span><span style="color:navy">pop rbp
</span><span style="color:black">.text:00007FF7D93BAE9F </span><span style="color:navy">retn
</span><span style="color:black">.text:00007FF7D93BAE9F </span><span style="color:navy">; } // starts at 7FF7D93BAC80
</span><span style="color:black">.text:00007FF7D93BAE9F </span>load_driver <span style="color:black">endp
.text:00007FF7D93BAE9F
</span></body></html>

BIN
llauncher/images/getprocaddr_export_load.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
llauncher/images/load_driver.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
llauncher/images/map_load.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 87 KiB

0
llauncher_dump.exe → llauncher/llauncher_dump.exe
Unescape View File

BIN
llauncher_dump.i64 → llauncher/llauncher_dump.i64
View File

Binary file not shown.

BIN
mmap/images/kdmapper_paste.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 112 KiB

BIN
mmap/images/kdmapper_paste2.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 122 KiB

0
mmap_dump.dll → mmap/mmap_dump.dll
Unescape View File

BIN
mmap_dump.i64 → mmap/mmap_dump.i64
View File

Binary file not shown.

BIN
overview.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

Write Preview
Loading…
Cancel
Save