Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- static const unsigned char TDLBootstrapLoader_code[463] = {
- 0x48, 0x8B, 0xC4, // mov rax, rsp
- 0x55, // push rbp
- 0x57, // push rdi
- 0x41, 0x54, // push r12
- 0x41, 0x55, // push r13
- 0x41, 0x56, // push r14
- 0x48, 0x83, 0xEC, 0x70, // sub rsp, 70h
- // loc_140021F5F:
- 0x48, 0x89, 0x58, 0x10, // mov [rax+10h], rbx
- 0x48, 0x8D, 0x3D, 0xE6, 0xFF, 0xFF, 0xFF, // lea rdi, TDLBootstrapLoader
- 0x48, 0x81, 0xC7, 0x00, 0x02, 0x00, 0x00, // add rdi, 200h
- 0x4C, 0x89, 0x78, 0x20, // mov [rax+20h], r15
- 0x4C, 0x8B, 0xEA, // mov r13, rdx
- 0x48, 0x8B, 0xD9, // mov rbx, rcx
- 0x33, 0xC9, // xor ecx, ecx
- 0x41, 0xB8, 0x54, 0x64, 0x6C, 0x53, // mov r8d, 536C6454h
- 0x4C, 0x63, 0x77, 0x3C, // movsxd r14, dword ptr [rdi+3Ch]
- 0x4C, 0x03, 0xF7, // add r14, rdi
- 0x45, 0x8B, 0x7E, 0x50, // mov r15d, [r14+50h]
- 0x41, 0x8D, 0x97, 0x00, 0x10, 0x00, 0x00, // lea edx, [r15+1000h]
- 0xFF, 0xD3, // call rbx
- 0xBA, 0x18, 0x00, 0x00, 0x00, // mov edx, 18h
- 0x33, 0xC9, // xor ecx, ecx
- 0x41, 0xB8, 0x54, 0x64, 0x6C, 0x53, // mov r8d, 536C6454h
- 0x48, 0x8D, 0xA8, 0x00, 0x10, 0x00, 0x00, // lea rbp, [rax+1000h]
- 0x48, 0x81, 0xE5, 0x00, 0xF0, 0xFF, 0xFF, // and rbp, 0FFFFFFFFFFFFF000h
- 0xFF, 0xD3, // call rbx
- 0x4C, 0x8B, 0xE0, // mov r12, rax
- 0x45, 0x33, 0xC9, // xor r9d, r9d
- 0x48, 0xB8, 0xDD, 0xCC, 0xBB, 0xAA, 0x00, 0xFF, 0x00, 0xFF, // mov rax, 0FF00FF00AABBCCDDh
- 0x49, 0x89, 0x04, 0x24, // mov [r12], rax
- 0x49, 0x89, 0x6C, 0x24, 0x08, // mov [r12+8], rbp
- 0x41, 0x8B, 0x4E, 0x50, // mov ecx, [r14+50h]
- 0x41, 0x89, 0x4C, 0x24, 0x10, // mov [r12+10h], ecx
- 0x41, 0x83, 0xBE, 0x84, 0x00, 0x00, 0x00, 0x05, // cmp dword ptr [r14+84h], 5
- 0x0F, 0x86, 0xA7, 0x00, 0x00, 0x00, // jbe loc_14002208B
- 0x41, 0x8B, 0x8E, 0xB0, 0x00, 0x00, 0x00, // mov ecx, [r14+0B0h]
- 0x85, 0xC9, // test ecx, ecx
- 0x0F, 0x84, 0x98, 0x00, 0x00, 0x00, // jz loc_14002208B
- 0x4C, 0x8B, 0xDD, // mov r11, rbp
- // loc_140021FF6:
- 0x48, 0x89, 0xB4, 0x24, 0xB0, 0x00, 0x00, 0x00, // mov [rsp+98h+arg_10], rsi
- 0x4D, 0x2B, 0x5E, 0x30, // sub r11, [r14+30h]
- 0x4C, 0x8D, 0x04, 0x0F, // lea r8, [rdi+rcx]
- 0x41, 0x8B, 0xB6, 0xB4, 0x00, 0x00, 0x00, // mov esi, [r14+0B4h]
- 0x41, 0x8B, 0xD9, // mov ebx, r9d
- 0x85, 0xF6, // test esi, esi
- 0x74, 0x6F, // jz short loc_140022083
- 0x0F, 0x1F, 0x40, 0x00, // nop dword ptr [rax+00h]
- 0x0F, 0x1F, 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, // nop dword ptr [rax+rax+00000000h]
- // loc_140022020:
- 0x41, 0xB9, 0x08, 0x00, 0x00, 0x00, // mov r9d, 8
- 0x4D, 0x8D, 0x50, 0x08, // lea r10, [r8+8]
- 0x45, 0x39, 0x48, 0x04, // cmp [r8+4], r9d
- 0x76, 0x43, // jbe short loc_140022073
- // loc_140022030:
- 0x41, 0x0F, 0xB7, 0x02, // movzx eax, word ptr [r10]
- 0x8B, 0xC8, // mov ecx, eax
- 0xC1, 0xE9, 0x0C, // shr ecx, 0Ch
- 0x83, 0xF9, 0x03, // cmp ecx, 3
- 0x74, 0x17, // jz short loc_140022055
- 0x83, 0xF9, 0x0A, // cmp ecx, 0Ah
- 0x75, 0x22, // jnz short loc_140022065
- 0x41, 0x8B, 0x10, // mov edx, [r8]
- 0x25, 0xFF, 0x0F, 0x00, 0x00, // and eax, 0FFFh
- 0x48, 0x8D, 0x0C, 0x07, // lea rcx, [rdi+rax]
- 0x4C, 0x01, 0x1C, 0x0A, // add [rdx+rcx], r11
- 0xEB, 0x10, // jmp short loc_140022065
- // loc_140022055:
- 0x41, 0x8B, 0x10, // mov edx, [r8]
- 0x25, 0xFF, 0x0F, 0x00, 0x00, // and eax, 0FFFh
- 0x48, 0x8D, 0x0C, 0x07, // lea rcx, [rdi+rax]
- 0x44, 0x01, 0x1C, 0x0A, // add [rdx+rcx], r11d
- // loc_140022065:
- 0x49, 0x83, 0xC2, 0x02, // add r10, 2
- 0x41, 0x83, 0xC1, 0x02, // add r9d, 2
- 0x45, 0x3B, 0x48, 0x04, // cmp r9d, [r8+4]
- 0x72, 0xBD, // jb short loc_140022030
- // loc_140022073:
- 0x41, 0x8B, 0x40, 0x04, // mov eax, [r8+4]
- 0x03, 0xD8, // add ebx, eax
- 0x4C, 0x03, 0xC0, // add r8, rax
- 0x3B, 0xDE, // cmp ebx, esi
- 0x72, 0xA0, // jb short loc_140022020
- 0x45, 0x33, 0xC9, // xor r9d, r9d
- // loc_140022083:
- 0x48, 0x8B, 0xB4, 0x24, 0xB0, 0x00, 0x00, 0x00, // mov rsi, [rsp+98h+arg_10]
- // loc_14002208B:
- 0x48, 0x8B, 0x9C, 0x24, 0xA8, 0x00, 0x00, 0x00, // mov rbx, [rsp+98h+arg_8]
- 0x49, 0x8B, 0xD7, // mov rdx, r15
- 0x4C, 0x8B, 0xBC, 0x24, 0xB8, 0x00, 0x00, 0x00, // mov r15, [rsp+98h+arg_18]
- 0x48, 0xC1, 0xEA, 0x03, // shr rdx, 3
- 0x48, 0x85, 0xD2, // test rdx, rdx
- 0x74, 0x1A, // jz short loc_1400220C1
- // loc_1400220A7:
- 0x48, 0x8B, 0xCD, // mov rcx, rbp
- 0x48, 0x2B, 0xFD, // sub rdi, rbp
- 0x0F, 0x1F, 0x00, // nop dword ptr [rax]
- // loc_1400220B0:
- 0x48, 0x8B, 0x04, 0x0F, // mov rax, [rdi+rcx]
- 0x48, 0x89, 0x01, // mov [rcx], rax
- 0x48, 0x8D, 0x49, 0x08, // lea rcx, [rcx+8]
- 0x48, 0x83, 0xEA, 0x01, // sub rdx, 1
- 0x75, 0xEF, // jnz short loc_1400220B0
- // loc_1400220C1:
- 0x4C, 0x89, 0x4C, 0x24, 0x48, // mov [rsp+98h+var_50], r9
- 0x4C, 0x8D, 0x44, 0x24, 0x40, // lea r8, [rsp+98h+var_58]
- 0x4C, 0x89, 0x4C, 0x24, 0x50, // mov [rsp+98h+var_48], r9
- 0x48, 0x8D, 0x8C, 0x24, 0xA0, 0x00, 0x00, 0x00, // lea rcx, [rsp+98h+arg_0]
- 0x0F, 0x57, 0xC0, // xorps xmm0, xmm0
- 0xC7, 0x44, 0x24, 0x40, 0x30, 0x00, 0x00, 0x00, // mov [rsp+98h+var_58], 30h
- 0xF3, 0x0F, 0x7F, 0x44, 0x24, 0x60, // movdqu [rsp+98h+var_38], xmm0
- 0xC7, 0x44, 0x24, 0x58, 0x00, 0x02, 0x00, 0x00, // mov [rsp+98h+var_40], 200h
- 0xBA, 0xFF, 0xFF, 0x1F, 0x00, // mov edx, 1FFFFFh
- 0x41, 0x8B, 0x46, 0x28, // mov eax, [r14+28h]
- 0x48, 0x03, 0xC5, // add rax, rbp
- 0x4C, 0x89, 0x64, 0x24, 0x30, // mov [rsp+98h+var_68], r12
- 0x48, 0x89, 0x44, 0x24, 0x28, // mov [rsp+98h+var_70], rax
- 0x4C, 0x89, 0x4C, 0x24, 0x20, // mov [rsp+98h+var_78], r9
- 0x45, 0x33, 0xC9, // xor r9d, r9d
- 0x41, 0xFF, 0xD5, // call r13
- 0x48, 0x83, 0xC4, 0x70, // add rsp, 70h
- 0x41, 0x5E, // pop r14
- 0x41, 0x5D, // pop r13
- 0x41, 0x5C, // pop r12
- 0x5F, // pop rdi
- 0x5D, // pop rbp
- 0xC3 // retn
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
