API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 21st, 2019
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.95 KB | None | 0 0
raw download clone embed print report
  1. 000000015DF883C7 | 4C:8B3D 92EE0600 | mov r15,qword ptr ds:[15DFF7260] |
  2. 000000015DF883CE | 49:89E1 | mov r9,rsp | r9:EntryPoint
  3. 000000015DF883D1 | 49:C7C0 40000000 | mov r8,40 | 40:'@'
  4. 000000015DF883D8 | 48:C7C2 00010000 | mov rdx,100 | rdx:EntryPoint
  5. 000000015DF883DF | 4C:89F9 | mov rcx,r15 |
  6. 000000015DF883E2 | FF15 28EE0600 | call qword ptr ds:[15DFF7210] |
  7. 000000015DF883E8 | 48:8D1D 111C0000 | lea rbx,qword ptr ds:[15DF8A000] |
  8. 000000015DF883EF | 6641:C707 48B8 | mov word ptr ds:[r15],B848 |
  9. 000000015DF883F5 | 49:895F 02 | mov qword ptr ds:[r15+2],rbx |
  10. 000000015DF883F9 | 41:C747 08 0000FFE0 | mov dword ptr ds:[r15+8],E0FF0000 |
  11. 000000015DF88401 | 48:8D0D 78EB0600 | lea rcx,qword ptr ds:[15DFF6F80] | 000000015DFF6F80:"kernelbase.dll"
  12. 000000015DF88408 | FF15 F2ED0600 | call qword ptr ds:[15DFF7200] |
  13. 000000015DF8840E | 48:89C1 | mov rcx,rax | rax:EntryPoint
  14. 000000015DF88411 | 48:8D15 78EB0600 | lea rdx,qword ptr ds:[15DFF6F90] | rdx:EntryPoint, 000000015DFF6F90:"CreateThread"
  15. 000000015DF88418 | FF15 EAED0600 | call qword ptr ds:[15DFF7208] |
  16. 000000015DF8841E | 48:8905 4BED0600 | mov qword ptr ds:[15DFF7170],rax | rax:EntryPoint
  17. 000000015DF88425 | 48:8D0D 24EB0600 | lea rcx,qword ptr ds:[15DFF6F50] | 000000015DFF6F50:"ntdll.dll"
  18. 000000015DF8842C | FF15 CEED0600 | call qword ptr ds:[15DFF7200] |
  19. 000000015DF88432 | 48:89C1 | mov rcx,rax | rax:EntryPoint
  20. 000000015DF88435 | 48:8D15 24EB0600 | lea rdx,qword ptr ds:[15DFF6F60] | rdx:EntryPoint, 000000015DFF6F60:"RtlRestoreContext"
  21. 000000015DF8843C | FF15 C6ED0600 | call qword ptr ds:[15DFF7208] |
  22. 000000015DF88442 | 48:8905 37ED0600 | mov qword ptr ds:[15DFF7180],rax | rax:EntryPoint
  23. 000000015DF88449 | 48:8D05 DF9FFFFF | lea rax,qword ptr ds:[15DF8242F] | rax:EntryPoint
  24. 000000015DF88450 | 48:8905 D9EB0400 | mov qword ptr ds:[15DFD7030],rax | rax:EntryPoint
  25. 000000015DF88457 | 48:8D0D F2EA0600 | lea rcx,qword ptr ds:[15DFF6F50] | 000000015DFF6F50:"ntdll.dll"
  26. 000000015DF8845E | FF15 9CED0600 | call qword ptr ds:[15DFF7200] |
  27. 000000015DF88464 | 48:89C1 | mov rcx,rax | rax:EntryPoint
  28. 000000015DF88467 | 48:8D15 32EB0600 | lea rdx,qword ptr ds:[15DFF6FA0] | rdx:EntryPoint, 000000015DFF6FA0:"NtQueryInformationThread"
  29. 000000015DF8846E | FF15 94ED0600 | call qword ptr ds:[15DFF7208] |
  30. 000000015DF88474 | 48:8905 15ED0600 | mov qword ptr ds:[15DFF7190],rax | rax:EntryPoint
  31. 000000015DF8847B | 48:31C9 | xor rcx,rcx |
  32. 000000015DF8847E | 48:C7C2 00100000 | mov rdx,1000 | rdx:EntryPoint
  33. 000000015DF88485 | 49:C7C0 00100000 | mov r8,1000 |
  34. 000000015DF8848C | 49:C7C1 04000000 | mov r9,4 | r9:EntryPoint
  35. 000000015DF88493 | FF15 8FED0600 | call qword ptr ds:[15DFF7228] |
  36. 000000015DF88499 | 48:8905 10EB0400 | mov qword ptr ds:[15DFD6FB0],rax | rax:EntryPoint
  37. 000000015DF884A0 | 48:31C9 | xor rcx,rcx |
  38. 000000015DF884A3 | 48:C7C2 00100000 | mov rdx,1000 | rdx:EntryPoint
  39. 000000015DF884AA | 49:C7C0 00100000 | mov r8,1000 |
  40. 000000015DF884B1 | 49:C7C1 04000000 | mov r9,4 | r9:EntryPoint
  41. 000000015DF884B8 | FF15 6AED0600 | call qword ptr ds:[15DFF7228] |
  42. 000000015DF884BE | 48:8905 F3EB0400 | mov qword ptr ds:[15DFD70B8],rax | rax:EntryPoint
  43. 000000015DF884C5 | 48:C740 30 10001000 | mov qword ptr ds:[rax+30],100010 |
  44. 000000015DF884CD | 48:8D0D ACEA0600 | lea rcx,qword ptr ds:[15DFF6F80] | 000000015DFF6F80:"kernelbase.dll"
  45. 000000015DF884D4 | FF15 26ED0600 | call qword ptr ds:[15DFF7200] |
  46. 000000015DF884DA | 48:89C1 | mov rcx,rax | rax:EntryPoint
  47. 000000015DF884DD | 48:8D15 DCEA0600 | lea rdx,qword ptr ds:[15DFF6FC0] | rdx:EntryPoint, 000000015DFF6FC0:"GetCurrentProcessId"
  48. 000000015DF884E4 | FF15 1EED0600 | call qword ptr ds:[15DFF7208] |
  49. 000000015DF884EA | 49:89C7 | mov r15,rax | rax:EntryPoint
  50. 000000015DF884ED | 6548:8B3C25 30000000 | mov rdi,qword ptr gs:[30] |
  51. 000000015DF884F6 | 48:8B7F 40 | mov rdi,qword ptr ds:[rdi+40] |
  52. 000000015DF884FA | 49:89FE | mov r14,rdi |
  53. 000000015DF884FD | 49:89E1 | mov r9,rsp | r9:EntryPoint
  54. 000000015DF88500 | 49:C7C0 40000000 | mov r8,40 | 40:'@'
  55. 000000015DF88507 | 48:C7C2 00010000 | mov rdx,100 | rdx:EntryPoint
  56. 000000015DF8850E | 4C:89F9 | mov rcx,r15 |
  57. 000000015DF88511 | FF15 F9EC0600 | call qword ptr ds:[15DFF7210] |
  58. 000000015DF88517 | 41:C607 B8 | mov byte ptr ds:[r15],B8 |
  59. 000000015DF8851B | 45:8977 01 | mov dword ptr ds:[r15+1],r14d |
  60. 000000015DF8851F | 41:C647 05 C3 | mov byte ptr ds:[r15+5],C3 |
  61. 000000015DF88524 | C705 A278FEF1 0F0BC300 | mov dword ptr ds:[14FF6FDD0],C30B0F |
  62. 000000015DF8852E | 48:8D0D 4BEA0600 | lea rcx,qword ptr ds:[15DFF6F80] | 000000015DFF6F80:"kernelbase.dll"
  63. 000000015DF88535 | FF15 C5EC0600 | call qword ptr ds:[15DFF7200] |
  64. 000000015DF8853B | 48:89C1 | mov rcx,rax | rax:EntryPoint
  65. 000000015DF8853E | 48:8D15 9BEA0600 | lea rdx,qword ptr ds:[15DFF6FE0] | rdx:EntryPoint, 000000015DFF6FE0:"CloseHandle"
  66. 000000015DF88545 | FF15 BDEC0600 | call qword ptr ds:[15DFF7208] |
  67. 000000015DF8854B | 48:8905 6EEC0600 | mov qword ptr ds:[15DFF71C0],rax | rax:EntryPoint
  68. 000000015DF88552 | 4C:8B3D E7EC0600 | mov r15,qword ptr ds:[15DFF7240] |
  69. 000000015DF88559 | 49:89E1 | mov r9,rsp | r9:EntryPoint
  70. 000000015DF8855C | 49:C7C0 40000000 | mov r8,40 | 40:'@'
  71. 000000015DF88563 | 48:C7C2 00010000 | mov rdx,100 | rdx:EntryPoint
  72. 000000015DF8856A | 4C:89F9 | mov rcx,r15 |
  73. 000000015DF8856D | FF15 9DEC0600 | call qword ptr ds:[15DFF7210] |
  74. 000000015DF88573 | 4C:8D35 DA1B0000 | lea r14,qword ptr ds:[15DF8A154] |
  75. 000000015DF8857A | 6641:C707 48B8 | mov word ptr ds:[r15],B848 |
  76. 000000015DF88580 | 4D:8977 02 | mov qword ptr ds:[r15+2],r14 |
  77. 000000015DF88584 | 41:C747 08 0000FFE0 | mov dword ptr ds:[r15+8],E0FF0000 |
  78. 000000015DF8858C | 6548:8B3C25 60000000 | mov rdi,qword ptr gs:[60] |
  79. 000000015DF88595 | 45:31FF | xor r15d,r15d |
  80. 000000015DF88598 | 44:33BF 1C010000 | xor r15d,dword ptr ds:[rdi+11C] |
  81. 000000015DF8859F | 44:33BF 18010000 | xor r15d,dword ptr ds:[rdi+118] |
  82. 000000015DF885A6 | 44:33BF B8000000 | xor r15d,dword ptr ds:[rdi+B8] |
  83. 000000015DF885AD | 44:03BF 30010000 | add r15d,dword ptr ds:[rdi+130] |
  84. 000000015DF885B4 | 44:03BF 2C010000 | add r15d,dword ptr ds:[rdi+12C] |
  85. 000000015DF885BB | 48:8B0D 7EEA0400 | mov rcx,qword ptr ds:[15DFD7040] |
  86. 000000015DF885C2 | 44:29F9 | sub ecx,r15d |
  87. 000000015DF885C5 | 48:83F9 00 | cmp rcx,0 |
  88. 000000015DF885C9 | 74 08 | je cpuid_log.15DF885D3 |
  89. 000000015DF885CB | 018F 30010000 | add dword ptr ds:[rdi+130],ecx |
  90. 000000015DF885D1 | EB B9 | jmp cpuid_log.15DF8858C |
  91. 000000015DF885D3 | 49:C7C3 7002FE7F | mov r11,7FFE0270 |
  92. 000000015DF885DA | 41:8B13 | mov edx,dword ptr ds:[r11] |
  93. 000000015DF885DD | 6641:83EB F0 | sub r11w,FFF0 |
  94. 000000015DF885E2 | 41:2B13 | sub edx,dword ptr ds:[r11] |
  95. 000000015DF885E5 | 6641:83C3 FC | add r11w,FFFC |
  96. 000000015DF885EA | 41:3313 | xor edx,dword ptr ds:[r11] |
  97. 000000015DF885ED | 6641:83C3 6C | add r11w,6C |
  98. 000000015DF885F2 | 41:3313 | xor edx,dword ptr ds:[r11] |
  99. 000000015DF885F5 | 6641:83EB 64 | sub r11w,64 |
  100. 000000015DF885FA | 41:0313 | add edx,dword ptr ds:[r11] |
  101. 000000015DF885FD | 6641:83EB 18 | sub r11w,18 |
  102. 000000015DF88602 | 41:2B13 | sub edx,dword ptr ds:[r11] |
  103. 000000015DF88605 | 6641:83F3 14 | xor r11w,14 |
  104. 000000015DF8860A | 41:3313 | xor edx,dword ptr ds:[r11] |
  105. 000000015DF8860D | 6641:83C3 10 | add r11w,10 |
  106. 000000015DF88612 | 41:3313 | xor edx,dword ptr ds:[r11] |
  107. 000000015DF88615 | 48:8B0D 74EA0400 | mov rcx,qword ptr ds:[15DFD7090] |
  108. 000000015DF8861C | 29D1 | sub ecx,edx |
  109. 000000015DF8861E | 48:83F9 00 | cmp rcx,0 |
  110. 000000015DF88622 | 74 09 | je cpuid_log.15DF8862D |
  111. 000000015DF88624 | 48:010D A5373100 | add qword ptr ds:[15E29BDD0],rcx |
  112. 000000015DF8862B | EB A6 | jmp cpuid_log.15DF885D3 |
  113. 000000015DF8862D | 48:31C9 | xor rcx,rcx |
  114. 000000015DF88630 | 48:C7C2 89353900 | mov rdx,393589 | rdx:EntryPoint
  115. 000000015DF88637 | 49:C7C0 00100000 | mov r8,1000 |
  116. 000000015DF8863E | 49:C7C1 04000000 | mov r9,4 | r9:EntryPoint
  117. 000000015DF88645 | FF15 DDEB0600 | call qword ptr ds:[15DFF7228] |
  118. 000000015DF8864B | 48:8905 4EE90400 | mov qword ptr ds:[15DFD6FA0],rax | rax:EntryPoint
  119. 000000015DF88652 | 4C:8D3D A74B1A00 | lea r15,qword ptr ds:[15E12D200] |
  120. 000000015DF88659 | 4C:8B35 C0EB0400 | mov r14,qword ptr ds:[15DFD7220] |
  121. 000000015DF88660 | 4D:8B2F | mov r13,qword ptr ds:[r15] |
  122. 000000015DF88663 | 41:C645 00 B0 | mov byte ptr ds:[r13],B0 |
  123. 000000015DF88668 | 45:8875 01 | mov byte ptr ds:[r13+1],r14b |
  124. 000000015DF8866C | 41:C645 02 90 | mov byte ptr ds:[r13+2],90 |
  125. 000000015DF88671 | 49:83C7 08 | add r15,8 |
  126. 000000015DF88675 | 49:833F 00 | cmp qword ptr ds:[r15],0 |
  127. 000000015DF88679 | 75 E5 | jne cpuid_log.15DF88660 |
  128. 000000015DF8867B | E9 5E9BFFFF | jmp cpuid_log.15DF821DE |
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!