API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 28th, 2015
414
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.40 KB | None | 0 0
raw download clone embed print report
  1. text:0000000000005128 _CPUID_sub_5128 proc near
  2. text:0000000000005128 push rbx
  3. text:0000000000005129 mov r8, rdx
  4. text:000000000000512C mov rax, rcx
  5. text:000000000000512F cpuid
  6. text:0000000000005131 cmp r8, 0
  7. text:0000000000005135 jz short loc_5146
  8. text:0000000000005137 mov [r8], eax
  9. text:000000000000513A mov [r8+4], ebx
  10. text:000000000000513E mov [r8+8], ecx
  11. text:0000000000005142 mov [r8+0Ch], edx
  12. text:0000000000005146
  13. text:0000000000005146 loc_5146: ; CODE XREF: _CPUID_sub_5128+Dj
  14. text:0000000000005146 pop rbx
  15. text:0000000000005147 retn
  16. text:0000000000005147 _CPUID_sub_5128 endp
  17. text:0000000000005147
  18. text:0000000000005148
  19. text:0000000000005148 ; =============== S U B R O U T I N E =======================================
  20. text:0000000000005148
  21. text:0000000000005148
  22. text:0000000000005148 _READ_MSR_sub_5148 proc near
  23. text:0000000000005148 rdmsr
  24. text:000000000000514A shl rdx, 20h
  25. text:000000000000514E or rax, rdx
  26. text:0000000000005151 retn
  27. text:0000000000005151 _READ_MSR_sub_5148 endp
  28. text:0000000000005151
  29. text:0000000000005152
  30. text:0000000000005152 ; =============== S U B R O U T I N E =======================================
  31. text:0000000000005152
  32. text:0000000000005152
  33. text:0000000000005152 _WRITE_MSR_sub_5152 proc near
  34. text:0000000000005152 mov rax, rdx
  35. text:0000000000005155 sar rdx, 20h
  36. text:0000000000005159 wrmsr
  37. text:000000000000515B retn
  38. text:000000000000515B _WRITE_MSR_sub_5152 endp
  39.  
  40. .text:0000000000003480 _AES_sub_3480 proc near
  41. .text:0000000000003480
  42. .text:0000000000003480 cpuid_v3 = dword ptr -18h
  43. .text:0000000000003480 var_14 = dword ptr -14h
  44. .text:0000000000003480 var_10 = dword ptr -10h
  45. .text:0000000000003480 var_C = dword ptr -0Ch
  46. .text:0000000000003480
  47. .text:0000000000003480 sub rsp, 38h
  48. .text:0000000000003484 xor eax, eax
  49. .text:0000000000003486 lea rdx, [rsp+38h+cpuid_v3]
  50. .text:000000000000348B lea ecx, [rax+1]
  51. .text:000000000000348E mov [rsp+38h+cpuid_v3], eax
  52. .text:0000000000003492 mov [rsp+38h+var_14], eax
  53. .text:0000000000003496 mov [rsp+38h+var_10], eax
  54. .text:000000000000349A mov [rsp+38h+var_C], eax
  55. .text:000000000000349E call _CPUID_sub_5128
  56. .text:00000000000034A3 bt [rsp+38h+var_10], 19h
  57. .text:00000000000034A9 jnb short loc_34EC
  58. .text:00000000000034AB mov ecx, 13Ch
  59. .text:00000000000034B0 call _READ_MSR_sub_5148
  60. .text:00000000000034B5 test al, 1
  61. .text:00000000000034B7 jnz short loc_34EC
  62. .text:00000000000034B9 movzx edx, cs:_CHECK_AES_word_4ACC
  63. .text:00000000000034C0 mov r8d, 200h
  64. .text:00000000000034C6 test r8w, dx
  65. .text:00000000000034CA jnz short loc_34D7
  66. .text:00000000000034CC test dl, 4
  67. .text:00000000000034CF jnz short loc_34D7
  68. .text:00000000000034D1 or rax, 1 ; ----- AES !!! original 'or rax, 3', patched check 'or rax,1'
  69. .text:00000000000034D5 jmp short loc_34DF
  70. .text:00000000000034D7 ; ---------------------------------------------------------------------------
  71. .text:00000000000034D7
  72. .text:00000000000034D7 loc_34D7: ; CODE XREF: _AES_sub_3480+4Aj
  73. .text:00000000000034D7 ; _AES_sub_3480+4Fj
  74. .text:00000000000034D7 and rax, 0FFFFFFFFFFFFFFFDh
  75. .text:00000000000034DB or rax, 1
  76. .text:00000000000034DF
  77. .text:00000000000034DF loc_34DF: ; CODE XREF: _AES_sub_3480+55j
  78. .text:00000000000034DF mov rdx, rax
  79. .text:00000000000034E2 mov ecx, 13Ch
  80. .text:00000000000034E7 call _WRITE_MSR_sub_5152
  81. .text:00000000000034EC
  82. .text:00000000000034EC loc_34EC: ; CODE XREF: _AES_sub_3480+29j
  83. .text:00000000000034EC ; _AES_sub_3480+37j
  84. .text:00000000000034EC xor eax, eax
  85. .text:00000000000034EE add rsp, 38h
  86. .text:00000000000034F2 retn
  87. .text:00000000000034F2 _AES_sub_3480 endp
  88.  
  89. void __cdecl AES_sub_3480()
  90. {
  91. unsigned __int64 v0; // rax@2
  92. unsigned __int64 v1; // rax@5
  93. int cpuid_v3; // [sp+20h] [bp-18h]@1
  94. int v3; // [sp+24h] [bp-14h]@1
  95. int v4; // [sp+28h] [bp-10h]@1
  96. int v5; // [sp+2Ch] [bp-Ch]@1
  97.  
  98. cpuid_v3 = 0;
  99. v3 = 0;
  100. v4 = 0;
  101. v5 = 0;
  102. CPUID_sub_5128(1i64, (__int64)&cpuid_v3);
  103. if ( _bittest((const signed __int32 *)&v4, 0x19u) )
  104. {
  105. v0 = READ_MSR_sub_5148(0x13Cu);
  106. if ( !(v0 & 1) )
  107. {
  108. if ( CHECK_AES_word_4ACC & 0x200 || CHECK_AES_word_4ACC & 4 )
  109. v1 = v0 & ~2 | 1;
  110. else
  111. v1 = v0 | 1; <---- AES patched 1, original 3
  112. WRITE_MSR_sub_5152(0x13C, v1);
  113. }
  114. }
  115. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!