1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
tstLdr-3: Addr=0000000000002000
0000000000002000 myfunc6 (10) - 0000000000002120 myfunc6_end (0)
myfunc6:
00002000 nop ; 90
^^^^^^^^
00002001 mov rax, 00000000000002134h ; 48 b8 34 21 00 00 00 00 00 00
0000200b mov al, byte [+000000123h wrt rip (00000000000002134h = g_EndOfData+004h)] ; 8a 05 23 01 00 00
00002011 cmp byte [+00000011ch wrt rip (00000000000002134h = g_EndOfData+004h)], 07fh ; 80 3d 1c 01 00 00 7f
00002018 cmp word [+000000113h wrt rip (00000000000002134h = g_EndOfData+004h)], word 0117fh ; 66 81 3d 13 01 00 00 7f 11
00002021 cmp dword [+000000109h wrt rip (00000000000002134h = g_EndOfData+004h)], 09988117fh ; 81 3d 09 01 00 00 7f 11 88 99
0000202b jmp +000000104h (00000000000002134h = g_EndOfData+004h ) ; e9 04 01 00 00
00002030 nop ; 90
00002031 mov rax, 00000000000002120h ; 48 b8 20 21 00 00 00 00 00 00
0000203b mov al, byte [+0000000dfh wrt rip (00000000000002120h = myfunc6_end)] ; 8a 05 df 00 00 00
00002041 cmp byte [+0000000d8h wrt rip (00000000000002120h = myfunc6_end)], 07eh ; 80 3d d8 00 00 00 7e
00002048 cmp word [+0000000cfh wrt rip (00000000000002120h = myfunc6_end)], word 0117eh ; 66 81 3d cf 00 00 00 7e 11
00002051 cmp dword [+0000000c5h wrt rip (00000000000002120h = myfunc6_end)], 09988117eh ; 81 3d c5 00 00 00 7e 11 88 99
0000205b jmp +0000000c0h (00000000000002120h = myfunc6_end ) ; e9 c0 00 00 00
00002060 nop ; 90
00002061 mov rax, 00000000000002128h ; 48 b8 28 21 00 00 00 00 00 00
0000206b mov al, byte [+0000000b7h wrt rip (00000000000002128h = g_Data.0)] ; 8a 05 b7 00 00 00
00002071 cmp byte [+0000000b0h wrt rip (00000000000002128h = g_Data.0)], 004h ; 80 3d b0 00 00 00 04
00002078 jmp +0000000abh (00000000000002128h = g_Data.0 ) ; e9 ab 00 00 00
0000207d nop ; 90
0000207e mov rax, 0000000000000212bh ; 48 b8 2b 21 00 00 00 00 00 00
00002088 mov al, byte [+00000009dh wrt rip (0000000000000212bh = g_Data.3)] ; 8a 05 9d 00 00 00
0000208e cmp byte [+000000096h wrt rip (0000000000000212bh = g_Data.3)], 005h ; 80 3d 96 00 00 00 05
00002095 cmp word [+00000008dh wrt rip (0000000000000212bh = g_Data.3)], word 00451h ; 66 81 3d 8d 00 00 00 51 04
0000209e cmp dword [+000000083h wrt rip (0000000000000212bh = g_Data.3)], 005f41091h ; 81 3d 83 00 00 00 91 10 f4 05
000020a8 jmp +00000007eh (0000000000000212bh = g_Data.3 ) ; e9 7e 00 00 00
000020ad nop ; 90
000020ae mov rax, 00000000000123456h ; 48 b8 56 34 12 00 00 00 00 00
000020b8 mov al, byte [+0001234c3h wrt rip (00000000000125581h] ; 8a 05 c3 34 12 00
000020be cmp byte [+0001234bch wrt rip (00000000000125581h], 005h ; 80 3d bc 34 12 00 05
000020c5 cmp word [+0001234b3h wrt rip (00000000000125581h], word 00451h ; 66 81 3d b3 34 12 00 51 04
000020ce cmp dword [+0001234a9h wrt rip (00000000000125581h], 005f41091h ; 81 3d a9 34 12 00 91 10 f4 05
000020d8 jmp +0001234a4h (00000000000125581h) ; e9 a4 34 12 00
000020dd nop ; 90
000020de cmp byte [+000000048h wrt rip (0000000000000212dh = g_Data.4.1)], 001h ; 80 3d 48 00 00 00 01
000020e5 cmp byte [+000000042h wrt rip (0000000000000212eh = g_Data.4.2)], 002h ; 80 3d 42 00 00 00 02
000020ec cmp byte [+00000003ch wrt rip (0000000000000212fh = g_Data.4.3)], 003h ; 80 3d 3c 00 00 00 03
000020f3 nop ; 90
000020f4 mov rax, 0fffffffffffffff8h ; 48 b8 f8 ff ff ff ff ff ff ff
000020fe mov rax, 00000000000000078h ; 48 b8 78 00 00 00 00 00 00 00
00002108 mov rax, 0fffffffffffffff8h ; 48 b8 f8 ff ff ff ff ff ff ff
00002112 mov rax, 00000000000000078h ; 48 b8 78 00 00 00 00 00 00 00
0000211c int3 ; cc
0000211d int3 ; cc
0000211e int3 ; cc
0000211f int3 ; cc
myfunc6_end:
00002120 nop ; 90
00002121 nop ; 90
00002122 int3 ; cc
00002123 int3 ; cc
00002124 nop ; 90
00002125 nop ; 90
00002126 int3 ; cc
00002127 int3 ; cc
g_Data.0:
00002128 nop ; 90
g_Data.1:
00002129 int3 ; cc
g_Data.2:
0000212a nop ; 90
g_Data.3:
0000212b int3 ; cc
g_Data.4.0:
0000212c nop ; 90
g_Data.4.1:
0000212d int3 ; cc
g_Data.4.2:
0000212e nop ; 90
g_Data.4.3:
0000212f int3 ; cc
g_EndOfData:
00002130 nop ; 90
00002131 nop ; 90
00002132 nop ; 90
00002133 nop ; 90
00002134 int3 ; cc
00002135 int3 ; cc
00002136 int3 ; cc
00002137 int3 ; cc
00002138 int3 ; cc
00002139 int3 ; cc
0000213a add byte [rax], al ; 00 00
0000213c add byte [rax], al ; 00 00
0000213e add byte [rax], al ; 00 00
00002140 and byte [rcx], ah ; 20 21
00002142 add byte [rax], al ; 00 00
00002144 add byte [rax], al ; 00 00
00002146 add byte [rax], al ; 00 00
00002148 sub byte [rcx], ah ; 28 21
0000214a add byte [rax], al ; 00 00
0000214c add byte [rax], al ; 00 00
0000214e add byte [rax], al ; 00 00
00002150 sub dword [rcx], esp ; 29 21
00002152 add byte [rax], al ; 00 00
00002154 add byte [rax], al ; 00 00
00002156 add byte [rax], al ; 00 00
00002158 sub ah, byte [rcx] ; 2a 21
0000215a add byte [rax], al ; 00 00
0000215c add byte [rax], al ; 00 00
0000215e add byte [rax], al ; 00 00
00002160 sub esp, dword [rcx] ; 2b 21
00002162 add byte [rax], al ; 00 00
00002164 add byte [rax], al ; 00 00
00002166 add byte [rax], al ; 00 00
00002168 sub AL, 021h ; 2c 21
0000216a add byte [rax], al ; 00 00
0000216c add byte [rax], al ; 00 00
0000216e add byte [rax], al ; 00 00
00002170 sub eax, 000000021h ; 2d 21 00 00 00
00002175 add byte [rax], al ; 00 00
00002177 add byte [rsi], ch ; 00 2e
00002179 and dword [rax], eax ; 21 00
0000217b add byte [rax], al ; 00 00
0000217d add byte [rax], al ; 00 00
0000217f add byte [rdi], ch ; 00 2f
00002181 and dword [rax], eax ; 21 00
00002183 add byte [rax], al ; 00 00
00002185 add byte [rax], al ; 00 00
00002187 add byte [rax], dh ; 00 30
00002189 and dword [rax], eax ; 21 00
0000218b add byte [rax], al ; 00 00
0000218d add byte [rax], al ; 00 00
0000218f add byte [rax], al ; 00 00
00002191 and byte [rax], al ; 20 00
00002193 add byte [rax], al ; 00 00
00002195 add byte [rax], al ; 00 00
00002197 add byte [rsi+034h], dl ; 00 56 34
0000219a adc al, byte [rax] ; 12 00
0000219c add byte [rax], al ; 00 00
0000219e add byte [rax], al ; 00 00
000021a0 add byte [rax], al ; 00 00
000021a2 add byte [rax], al ; 00 00
000021a4 add byte [rax], al ; 00 00
000021a6 add byte [rax], al ; 00 00
000021a8 add byte [rax], al ; 00 00
000021aa add byte [rax], al ; 00 00
000021ac add byte [rax], al ; 00 00
000021ae add byte [rax], al ; 00 00
000021b0 add byte [rax], al ; 00 00
000021b2 add byte [rax], al ; 00 00
000021b4 add byte [rax], al ; 00 00
000021b6 add byte [rax], al ; 00 00
000021b8 add byte [rax], al ; 00 00
000021ba add byte [rax], al ; 00 00
000021bc add byte [rax], al ; 00 00
000021be add byte [rax], al ; 00 00
000021c0 jmp qword [-000000086h wrt rip (00000000000002140h = g_EndOfData+010h)] ; ff 25 7a ff ff ff
000021c6 int3 ; cc
000021c7 int3 ; cc
000021c8 jmp qword [-000000086h wrt rip (00000000000002148h = g_EndOfData+018h)] ; ff 25 7a ff ff ff
000021ce int3 ; cc
000021cf int3 ; cc
000021d0 jmp qword [-000000086h wrt rip (00000000000002150h = g_EndOfData+020h)] ; ff 25 7a ff ff ff
000021d6 int3 ; cc
000021d7 int3 ; cc
000021d8 jmp qword [-000000086h wrt rip (00000000000002158h = g_EndOfData+028h)] ; ff 25 7a ff ff ff
000021de int3 ; cc
000021df int3 ; cc
000021e0 jmp qword [-000000086h wrt rip (00000000000002160h = g_EndOfData+030h)] ; ff 25 7a ff ff ff
000021e6 int3 ; cc
000021e7 int3 ; cc
000021e8 jmp qword [-000000086h wrt rip (00000000000002168h = g_EndOfData+038h)] ; ff 25 7a ff ff ff
000021ee int3 ; cc
000021ef int3 ; cc
000021f0 jmp qword [-000000086h wrt rip (00000000000002170h = g_EndOfData+040h)] ; ff 25 7a ff ff ff
000021f6 int3 ; cc
000021f7 int3 ; cc
000021f8 jmp qword [-000000086h wrt rip (00000000000002178h = g_EndOfData+048h)] ; ff 25 7a ff ff ff
000021fe int3 ; cc
000021ff int3 ; cc
00002200 jmp qword [-000000086h wrt rip (00000000000002180h = g_EndOfData+050h)] ; ff 25 7a ff ff ff
00002206 int3 ; cc
00002207 int3 ; cc
00002208 jmp qword [-000000086h wrt rip (00000000000002188h = g_EndOfData+058h)] ; ff 25 7a ff ff ff
0000220e int3 ; cc
0000220f int3 ; cc
00002210 jmp qword [-000000086h wrt rip (00000000000002190h = g_EndOfData+060h)] ; ff 25 7a ff ff ff
00002216 int3 ; cc
00002217 int3 ; cc
00002218 jmp qword [-000000086h wrt rip (00000000000002198h = g_EndOfData+068h)] ; ff 25 7a ff ff ff
0000221e int3 ; cc
0000221f int3 ; cc
00002220 add byte [rax], al ; 00 00
00002222 add byte [rax], al ; 00 00
00002224 add byte [rax], al ; 00 00
00002226 add byte [rax], al ; 00 00
00002228 add byte [rax], al ; 00 00
0000222a add byte [rax], al ; 00 00
0000222c add byte [rax], al ; 00 00
0000222e add byte [rax], al ; 00 00
00002230 add byte [rax], al ; 00 00
00002232 add byte [rax], al ; 00 00
00002234 add byte [rax], al ; 00 00
00002236 add byte [rax], al ; 00 00
00002238 add byte [rax], al ; 00 00
0000223a add byte [rax], al ; 00 00
0000223c add byte [rax], al ; 00 00
0000223e add byte [rax], al ; 00 00
00002240 add al, byte [rax] ; 02 00
00002242 add byte [rax], al ; 00 00
tstLdr-3: SUCCESS
|