Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- text:0000000000005128 _CPUID_sub_5128 proc near
- text:0000000000005128 push rbx
- text:0000000000005129 mov r8, rdx
- text:000000000000512C mov rax, rcx
- text:000000000000512F cpuid
- text:0000000000005131 cmp r8, 0
- text:0000000000005135 jz short loc_5146
- text:0000000000005137 mov [r8], eax
- text:000000000000513A mov [r8+4], ebx
- text:000000000000513E mov [r8+8], ecx
- text:0000000000005142 mov [r8+0Ch], edx
- text:0000000000005146
- text:0000000000005146 loc_5146: ; CODE XREF: _CPUID_sub_5128+Dj
- text:0000000000005146 pop rbx
- text:0000000000005147 retn
- text:0000000000005147 _CPUID_sub_5128 endp
- text:0000000000005147
- text:0000000000005148
- text:0000000000005148 ; =============== S U B R O U T I N E =======================================
- text:0000000000005148
- text:0000000000005148
- text:0000000000005148 _READ_MSR_sub_5148 proc near
- text:0000000000005148 rdmsr
- text:000000000000514A shl rdx, 20h
- text:000000000000514E or rax, rdx
- text:0000000000005151 retn
- text:0000000000005151 _READ_MSR_sub_5148 endp
- text:0000000000005151
- text:0000000000005152
- text:0000000000005152 ; =============== S U B R O U T I N E =======================================
- text:0000000000005152
- text:0000000000005152
- text:0000000000005152 _WRITE_MSR_sub_5152 proc near
- text:0000000000005152 mov rax, rdx
- text:0000000000005155 sar rdx, 20h
- text:0000000000005159 wrmsr
- text:000000000000515B retn
- text:000000000000515B _WRITE_MSR_sub_5152 endp
- .text:0000000000003480 _AES_sub_3480 proc near
- .text:0000000000003480
- .text:0000000000003480 cpuid_v3 = dword ptr -18h
- .text:0000000000003480 var_14 = dword ptr -14h
- .text:0000000000003480 var_10 = dword ptr -10h
- .text:0000000000003480 var_C = dword ptr -0Ch
- .text:0000000000003480
- .text:0000000000003480 sub rsp, 38h
- .text:0000000000003484 xor eax, eax
- .text:0000000000003486 lea rdx, [rsp+38h+cpuid_v3]
- .text:000000000000348B lea ecx, [rax+1]
- .text:000000000000348E mov [rsp+38h+cpuid_v3], eax
- .text:0000000000003492 mov [rsp+38h+var_14], eax
- .text:0000000000003496 mov [rsp+38h+var_10], eax
- .text:000000000000349A mov [rsp+38h+var_C], eax
- .text:000000000000349E call _CPUID_sub_5128
- .text:00000000000034A3 bt [rsp+38h+var_10], 19h
- .text:00000000000034A9 jnb short loc_34EC
- .text:00000000000034AB mov ecx, 13Ch
- .text:00000000000034B0 call _READ_MSR_sub_5148
- .text:00000000000034B5 test al, 1
- .text:00000000000034B7 jnz short loc_34EC
- .text:00000000000034B9 movzx edx, cs:_CHECK_AES_word_4ACC
- .text:00000000000034C0 mov r8d, 200h
- .text:00000000000034C6 test r8w, dx
- .text:00000000000034CA jnz short loc_34D7
- .text:00000000000034CC test dl, 4
- .text:00000000000034CF jnz short loc_34D7
- .text:00000000000034D1 or rax, 1 ; ----- AES !!! original 'or rax, 3', patched check 'or rax,1'
- .text:00000000000034D5 jmp short loc_34DF
- .text:00000000000034D7 ; ---------------------------------------------------------------------------
- .text:00000000000034D7
- .text:00000000000034D7 loc_34D7: ; CODE XREF: _AES_sub_3480+4Aj
- .text:00000000000034D7 ; _AES_sub_3480+4Fj
- .text:00000000000034D7 and rax, 0FFFFFFFFFFFFFFFDh
- .text:00000000000034DB or rax, 1
- .text:00000000000034DF
- .text:00000000000034DF loc_34DF: ; CODE XREF: _AES_sub_3480+55j
- .text:00000000000034DF mov rdx, rax
- .text:00000000000034E2 mov ecx, 13Ch
- .text:00000000000034E7 call _WRITE_MSR_sub_5152
- .text:00000000000034EC
- .text:00000000000034EC loc_34EC: ; CODE XREF: _AES_sub_3480+29j
- .text:00000000000034EC ; _AES_sub_3480+37j
- .text:00000000000034EC xor eax, eax
- .text:00000000000034EE add rsp, 38h
- .text:00000000000034F2 retn
- .text:00000000000034F2 _AES_sub_3480 endp
- void __cdecl AES_sub_3480()
- {
- unsigned __int64 v0; // rax@2
- unsigned __int64 v1; // rax@5
- int cpuid_v3; // [sp+20h] [bp-18h]@1
- int v3; // [sp+24h] [bp-14h]@1
- int v4; // [sp+28h] [bp-10h]@1
- int v5; // [sp+2Ch] [bp-Ch]@1
- cpuid_v3 = 0;
- v3 = 0;
- v4 = 0;
- v5 = 0;
- CPUID_sub_5128(1i64, (__int64)&cpuid_v3);
- if ( _bittest((const signed __int32 *)&v4, 0x19u) )
- {
- v0 = READ_MSR_sub_5148(0x13Cu);
- if ( !(v0 & 1) )
- {
- if ( CHECK_AES_word_4ACC & 0x200 || CHECK_AES_word_4ACC & 4 )
- v1 = v0 & ~2 | 1;
- else
- v1 = v0 | 1; <---- AES patched 1, original 3
- WRITE_MSR_sub_5152(0x13C, v1);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement