API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 25th, 2019
778
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.35 KB | None | 0 0
raw download clone embed print report
  1. RCX:
  2. 00000000D9A9DE80 0000000100000001
  3. 00000000D9A9DE88 00000000D98F30E0 "ahcTaNwLcATREpxtZEXM8n2uuOn44R3QjvCqXKYfrhaee6svbPvfhxjqCBt2ZQ8nX6TxSt4l9IMpOj1lAeATjpDtcGPQDnqn2wZRJ6qkwWoVy2kk8IxM7861NQ6zeMA7zOrdxunA07BshCT2rB7WyTU6D7Qu3fzciFahnemYvHcloUZDe8oEzwIiPzrPrqWJCDVDnv13QCI0ieqrDuUU65C5o7RcBXoL5yugOsAYBlgpLohOw0nuc0mlt86c2TqQ6F44mGeLzUjCsihAANjkX71U6zmiaSjTuGM4FXiKg1iOrdh9wbq6Yc4T1HjV1jV2grl82axAqEUNgXQLOcQvJQzqLzIdUgFH7oy01EC3bZ63R3Q1JqrywTQUmIzV3m3B"
  4. 00000000D9A9DE90 0000000100000180
  5. 00000000D9A9DE98 0000000143E47001
  6. 00000000D9A9DEA0 0000000000000003
  7. 00000000D9A9DEA8 0000000000E25EC8
  8. 00000000D9A9DEB0 0000000600000005
  9. 00000000D9A9DEB8 0000000000000000
  10. 00000000D9A9DEC0 0000000000000000
  11. 00000000D9A9DEC8 0000000000000000
  12. 00000000D9A9DED0 0000000000000000
  13.  
  14. rdx = r8 = src or dst
  15. dword[r9] = length
  16. arg4 = 0?
  17.  
  18.  
  19.  
  20. 140006D60 < | 40:53 | push rbx | rbx:
  21. 140006D62 | 55 | push rbp |
  22. 140006D63 | 56 | push rsi |
  23. 140006D64 | 57 | push rdi |
  24. 140006D65 | 41:54 | push r12 |
  25. 140006D67 | 41:55 | push r13 |
  26. 140006D69 | 41:56 | push r14 |
  27. 140006D6B | 41:57 | push r15 |
  28. 140006D6D | B8 68800000 | mov eax,8068 |
  29. 140006D72 | E8 C90D0201 | call 141027B40 |
  30. 140006D77 | 48:2BE0 | sub rsp,rax |
  31. 140006D7A | 48:8B05 AFC06302 | mov rax,qword ptr ds:[142642E30] |
  32. 140006D81 | 48:33C4 | xor rax,rsp |
  33. 140006D84 | 48:898424 50800000 | mov qword ptr ss:[rsp+8050],rax |
  34. 140006D8C | 48:6341 14 | movsxd rax,dword ptr ds:[rcx+14] |
  35. 140006D90 | 33ED | xor ebp,ebp |
  36. 140006D92 | C701 01000000 | mov dword ptr ds:[rcx],1 |
  37. 140006D98 | 49:8B19 | mov rbx,qword ptr ds:[r9] | rbx:
  38. 140006D9B | 4C:8BFA | mov r15,rdx |
  39. 140006D9E | 48:895424 40 | mov qword ptr ss:[rsp+40],rdx |
  40. 140006DA3 | 33D2 | xor edx,edx |
  41. 140006DA5 | 4C:8BF1 | mov r14,rcx |
  42. 140006DA8 | 48:8BC8 | mov rcx,rax |
  43. 140006DAB | FFC8 | dec eax |
  44. 140006DAD | 4D:8BE0 | mov r12,r8 |
  45. 140006DB0 | 4C:8B8424 D0800000 | mov r8,qword ptr ss:[rsp+80D0] | !!!!!!!!arg4!!!!!!!!
  46. 140006DB8 | 48:98 | cdqe |
  47. 140006DBA | 48:895C24 30 | mov qword ptr ss:[rsp+30],rbx |
  48. 140006DBF | 896C24 20 | mov dword ptr ss:[rsp+20],ebp |
  49. 140006DC3 | 49:03C0 | add rax,r8 |
  50. 140006DC6 | 48:F7F1 | div rcx |
  51. 140006DC9 | 48:8BF0 | mov rsi,rax |
  52. 140006DCC | 48:0FAFF1 | imul rsi,rcx |
  53. 140006DD0 | 48:8BFE | mov rdi,rsi |
  54. 140006DD3 | 49:2BF8 | sub rdi,r8 |
  55. 140006DD6 | 48:81FB 00400000 | cmp rbx,4000 | rbx:
  56. 140006DDD | 0F86 07020000 | jbe 140006FEA |
  57. 140006DE3 | 4C:8DAB FFBFFFFF | lea r13,qword ptr ds:[rbx-4001] |
  58. 140006DEA | 49:C1ED 0E | shr r13,E |
  59. 140006DEE | 49:FFC5 | inc r13 |
  60. 140006DF1 | 49:8BC5 | mov rax,r13 |
  61. 140006DF4 | 48:69C0 00C0FFFF | imul rax,rax,FFFFFFFFFFFFC000 |
  62. 140006DFB | 48:03D8 | add rbx,rax | rbx:
  63. 140006DFE | 48:895C24 30 | mov qword ptr ss:[rsp+30],rbx |
  64. 140006E03 | 6666666666:0F1F8400 00000 | nop word ptr ds:[rax+rax],ax |
  65. 140006E10 | 48:63C5 | movsxd rax,ebp |
  66. 140006E13 | 48:8D5C24 50 | lea rbx,qword ptr ss:[rsp+50] |
  67. 140006E18 | 49:8BD4 | mov rdx,r12 |
  68. 140006E1B | 48:C1E0 0E | shl rax,E |
  69. 140006E1F | 48:03D8 | add rbx,rax | rbx:
  70. 140006E22 | 49:8BC4 | mov rax,r12 |
  71. 140006E25 | 48:0BC3 | or rax,rbx | rbx:
  72. 140006E28 | 48:8BCB | mov rcx,rbx | rbx:
  73. 140006E2B | 83E0 0F | and eax,F |
  74. 140006E2E | 75 56 | jne 140006E86 |
  75. 140006E30 | B8 80000000 | mov eax,80 |
  76. 140006E35 | 0F2802 | movaps xmm0,xmmword ptr ds:[rdx] |
  77. 140006E38 | 0F284A 10 | movaps xmm1,xmmword ptr ds:[rdx+10] |
  78. 140006E3C | 48:83E9 80 | sub rcx,FFFFFFFFFFFFFF80 |
  79. 140006E40 | 48:8D92 80000000 | lea rdx,qword ptr ds:[rdx+80] |
  80. 140006E47 | 0F2941 80 | movaps xmmword ptr ds:[rcx-80],xmm0 |
  81. 140006E4B | 0F2842 A0 | movaps xmm0,xmmword ptr ds:[rdx-60] |
  82. 140006E4F | 0F2949 90 | movaps xmmword ptr ds:[rcx-70],xmm1 |
  83. 140006E53 | 0F284A B0 | movaps xmm1,xmmword ptr ds:[rdx-50] |
  84. 140006E57 | 0F2941 A0 | movaps xmmword ptr ds:[rcx-60],xmm0 |
  85. 140006E5B | 0F2842 C0 | movaps xmm0,xmmword ptr ds:[rdx-40] |
  86. 140006E5F | 0F2949 B0 | movaps xmmword ptr ds:[rcx-50],xmm1 |
  87. 140006E63 | 0F284A D0 | movaps xmm1,xmmword ptr ds:[rdx-30] |
  88. 140006E67 | 0F2941 C0 | movaps xmmword ptr ds:[rcx-40],xmm0 |
  89. 140006E6B | 0F2842 E0 | movaps xmm0,xmmword ptr ds:[rdx-20] |
  90. 140006E6F | 0F2949 D0 | movaps xmmword ptr ds:[rcx-30],xmm1 |
  91. 140006E73 | 0F284A F0 | movaps xmm1,xmmword ptr ds:[rdx-10] |
  92. 140006E77 | 0F2941 E0 | movaps xmmword ptr ds:[rcx-20],xmm0 |
  93. 140006E7B | 0F2949 F0 | movaps xmmword ptr ds:[rcx-10],xmm1 |
  94. 140006E7F | 48:FFC8 | dec rax |
  95. 140006E82 | 75 B1 | jne 140006E35 |
  96. 140006E84 | EB 0B | jmp 140006E91 |
  97. 140006E86 | 41:B8 00400000 | mov r8d,4000 |
  98. 140006E8C | E8 BFF90101 | call <_memmove> |
  99. 140006E91 | 49:81C4 00400000 | add r12,4000 |
  100. 140006E98 | 41:807E 18 00 | cmp byte ptr ds:[r14+18],0 | !!!!!!!!!!!arg0+18!!!!!!!!!!!
  101. 140006E9D | 74 63 | je 140006F02 |
  102. 140006E9F | 48:81FF 00400000 | cmp rdi,4000 |
  103. 140006EA6 | 0F83 A1000000 | jae 140006F4D |
  104. 140006EAC | 4D:6356 10 | movsxd r10,dword ptr ds:[r14+10] | r10:
  105. 140006EB0 | 4D:8B5E 08 | mov r11,qword ptr ds:[r14+8] |
  106. 140006EB4 | 49:8B6E 20 | mov rbp,qword ptr ds:[r14+20] |
  107. 140006EB8 | 4D:634E 14 | movsxd r9,dword ptr ds:[r14+14] |
  108. 140006EBC | 0F1F40 00 | nop dword ptr ds:[rax],eax |
  109. 140006EC0 | 33D2 | xor edx,edx |
  110. 140006EC2 | 48:8BC6 | mov rax,rsi |
  111. 140006EC5 | 48:F7F5 | div rbp |
  112. 140006EC8 | 48:8BC6 | mov rax,rsi |
  113. 140006ECB | 46:0FB64432 28 | movzx r8d,byte ptr ds:[rdx+r14+28] | !!!!!!!!!!!e2,5e,c8!!!!!!!!!!!
  114. 140006ED1 | 33D2 | xor edx,edx |
  115. 140006ED3 | 49:F7F2 | div r10 | r10:
  116. 140006ED6 | 0FB6043B | movzx eax,byte ptr ds:[rbx+rdi] |
  117. 140006EDA | 46:32041A | xor r8b,byte ptr ds:[rdx+r11] |
  118. 140006EDE | 84C0 | test al,al |
  119. 140006EE0 | 74 0B | je 140006EED |
  120. 140006EE2 | 41:3AC0 | cmp al,r8b |
  121. 140006EE5 | 74 06 | je 140006EED |
  122. 140006EE7 | 41:32C0 | xor al,r8b |
  123. 140006EEA | 88043B | mov byte ptr ds:[rbx+rdi],al |
  124. 140006EED | 49:03F9 | add rdi,r9 |
  125. 140006EF0 | 49:03F1 | add rsi,r9 |
  126. 140006EF3 | 48:81FF 00400000 | cmp rdi,4000 |
  127. 140006EFA | 72 C4 | jb 140006EC0 |
  128. 140006EFC | 8B6C24 20 | mov ebp,dword ptr ss:[rsp+20] |
  129. 140006F00 | EB 4B | jmp 140006F4D |
  130. 140006F02 | 48:81FF 00400000 | cmp rdi,4000 |
  131. 140006F09 | 73 42 | jae 140006F4D |
  132. 140006F0B | 4D:634E 10 | movsxd r9,dword ptr ds:[r14+10] |
  133. 140006F0F | 4D:8B56 08 | mov r10,qword ptr ds:[r14+8] | r10:
  134. 140006F13 | 4D:6346 14 | movsxd r8,dword ptr ds:[r14+14] |
  135. 140006F17 | 66:0F1F8400 00000000 | nop word ptr ds:[rax+rax],ax |
  136. 140006F20 | 33D2 | xor edx,edx |
  137. 140006F22 | 48:8BC6 | mov rax,rsi |
  138. 140006F25 | 49:F7F1 | div r9 |
  139. 140006F28 | 0FB6043B | movzx eax,byte ptr ds:[rbx+rdi] |
  140. 140006F2C | 42:0FB60C12 | movzx ecx,byte ptr ds:[rdx+r10] |
  141. 140006F31 | 84C0 | test al,al |
  142. 140006F33 | 74 09 | je 140006F3E |
  143. 140006F35 | 3AC1 | cmp al,cl |
  144. 140006F37 | 74 05 | je 140006F3E |
  145. 140006F39 | 32C1 | xor al,cl |
  146. 140006F3B | 88043B | mov byte ptr ds:[rbx+rdi],al |
  147. 140006F3E | 49:03F8 | add rdi,r8 |
  148. 140006F41 | 49:03F0 | add rsi,r8 |
  149. 140006F44 | 48:81FF 00400000 | cmp rdi,4000 |
  150. 140006F4B | 72 D3 | jb 140006F20 |
  151. 140006F4D | 48:8BC3 | mov rax,rbx | rbx:
  152. 140006F50 | 49:8BCF | mov rcx,r15 |
  153. 140006F53 | 49:0BC7 | or rax,r15 |
  154. 140006F56 | 83E0 0F | and eax,F |
  155. 140006F59 | 75 59 | jne 140006FB4 |
  156. 140006F5B | B8 80000000 | mov eax,80 |
  157. 140006F60 | 0F2803 | movaps xmm0,xmmword ptr ds:[rbx] | rbx:
  158. 140006F63 | 0F284B 10 | movaps xmm1,xmmword ptr ds:[rbx+10] |
  159. 140006F67 | 48:8D89 80000000 | lea rcx,qword ptr ds:[rcx+80] |
  160. 140006F6E | 48:8D9B 80000000 | lea rbx,qword ptr ds:[rbx+80] | rbx:,
  161. 140006F75 | 0F2941 80 | movaps xmmword ptr ds:[rcx-80],xmm0 |
  162. 140006F79 | 0F2843 A0 | movaps xmm0,xmmword ptr ds:[rbx-60] |
  163. 140006F7D | 0F2949 90 | movaps xmmword ptr ds:[rcx-70],xmm1 |
  164. 140006F81 | 0F284B B0 | movaps xmm1,xmmword ptr ds:[rbx-50] |
  165. 140006F85 | 0F2941 A0 | movaps xmmword ptr ds:[rcx-60],xmm0 |
  166. 140006F89 | 0F2843 C0 | movaps xmm0,xmmword ptr ds:[rbx-40] |
  167. 140006F8D | 0F2949 B0 | movaps xmmword ptr ds:[rcx-50],xmm1 |
  168. 140006F91 | 0F284B D0 | movaps xmm1,xmmword ptr ds:[rbx-30] |
  169. 140006F95 | 0F2941 C0 | movaps xmmword ptr ds:[rcx-40],xmm0 |
  170. 140006F99 | 0F2843 E0 | movaps xmm0,xmmword ptr ds:[rbx-20] |
  171. 140006F9D | 0F2949 D0 | movaps xmmword ptr ds:[rcx-30],xmm1 |
  172. 140006FA1 | 0F284B F0 | movaps xmm1,xmmword ptr ds:[rbx-10] |
  173. 140006FA5 | 0F2941 E0 | movaps xmmword ptr ds:[rcx-20],xmm0 |
  174. 140006FA9 | 0F2949 F0 | movaps xmmword ptr ds:[rcx-10],xmm1 |
  175. 140006FAD | 48:FFC8 | dec rax |
  176. 140006FB0 | 75 AE | jne 140006F60 |
  177. 140006FB2 | EB 0E | jmp 140006FC2 |
  178. 140006FB4 | 41:B8 00400000 | mov r8d,4000 |
  179. 140006FBA | 48:8BD3 | mov rdx,rbx | rbx:
  180. 140006FBD | E8 8EF80101 | call <_memmove> |
  181. 140006FC2 | 83F5 01 | xor ebp,1 |
  182. 140006FC5 | 48:81EF 00400000 | sub rdi,4000 |
  183. 140006FCC | 49:81C7 00400000 | add r15,4000 |
  184. 140006FD3 | 896C24 20 | mov dword ptr ss:[rsp+20],ebp |
  185. 140006FD7 | 49:FFCD | dec r13 |
  186. 140006FDA | 0F85 30FEFFFF | jne 140006E10 |
  187. 140006FE0 | 48:8B5C24 30 | mov rbx,qword ptr ss:[rsp+30] |
  188. 140006FE5 | 4C:897C24 40 | mov qword ptr ss:[rsp+40],r15 |
  189. 140006FEA | 48:85DB | test rbx,rbx | rbx:
  190. 140006FED | 0F84 EC000000 | je 1400070DF |
  191. 140006FF3 | 48:63C5 | movsxd rax,ebp |
  192. 140006FF6 | 4C:8D7C24 50 | lea r15,qword ptr ss:[rsp+50] |
  193. 140006FFB | 44:8BC3 | mov r8d,ebx | ebx:
  194. 140006FFE | 48:C1E0 0E | shl rax,E |
  195. 140007002 | 49:8BD4 | mov rdx,r12 |
  196. 140007005 | 44:8BEB | mov r13d,ebx | ebx:
  197. 140007008 | 4C:03F8 | add r15,rax |
  198. 14000700B | 49:8BCF | mov rcx,r15 |
  199. 14000700E | E8 3DF80101 | call <_memmove> |
  200. 140007013 | 41:807E 18 00 | cmp byte ptr ds:[r14+18],0 | !!!!!!!!!!!arg0+18!!!!!!!!!!!!!
  201. 140007018 | 74 66 | je 140007080 |
  202. 14000701A | 48:3BFB | cmp rdi,rbx | rbx:
  203. 14000701D | 0F83 AC000000 | jae 1400070CF |
  204. 140007023 | 49:635E 10 | movsxd rbx,dword ptr ds:[r14+10] | rbx:
  205. 140007027 | 49:8B6E 08 | mov rbp,qword ptr ds:[r14+8] |
  206. 14000702B | 4D:8B66 20 | mov r12,qword ptr ds:[r14+20] |
  207. 14000702F | 4D:6356 14 | movsxd r10,dword ptr ds:[r14+14] | r10:
  208. 140007033 | 4D:8BDF | mov r11,r15 |
  209. 140007036 | 4D:8D043F | lea r8,qword ptr ds:[r15+rdi] |
  210. 14000703A | 48:8B7C24 30 | mov rdi,qword ptr ss:[rsp+30] |
  211. 14000703F | 49:F7DB | neg r11 |
  212. 140007042 | 33D2 | xor edx,edx |
  213. 140007044 | 48:8BC6 | mov rax,rsi |
  214. 140007047 | 49:F7F4 | div r12 |
  215. 14000704A | 48:8BC6 | mov rax,rsi |
  216. 14000704D | 46:0FB64C32 28 | movzx r9d,byte ptr ds:[rdx+r14+28] |
  217. 140007053 | 33D2 | xor edx,edx |
  218. 140007055 | 48:F7F3 | div rbx | rbx:
  219. 140007058 | 41:0FB600 | movzx eax,byte ptr ds:[r8] |
  220. 14000705C | 44:320C2A | xor r9b,byte ptr ds:[rdx+rbp] |
  221. 140007060 | 84C0 | test al,al |
  222. 140007062 | 74 0B | je 14000706F |
  223. 140007064 | 41:3AC1 | cmp al,r9b |
  224. 140007067 | 74 06 | je 14000706F |
  225. 140007069 | 41:32C1 | xor al,r9b |
  226. 14000706C | 41:8800 | mov byte ptr ds:[r8],al |
  227. 14000706F | 4D:03C2 | add r8,r10 | r10:
  228. 140007072 | 49:03F2 | add rsi,r10 | r10:
  229. 140007075 | 4B:8D0403 | lea rax,qword ptr ds:[r11+r8] |
  230. 140007079 | 48:3BC7 | cmp rax,rdi |
  231. 14000707C | 72 C4 | jb 140007042 |
  232. 14000707E | EB 4F | jmp 1400070CF |
  233. 140007080 | 48:3BFB | cmp rdi,rbx | rbx:
  234. 140007083 | 73 4A | jae 1400070CF |
  235. 140007085 | 49:636E 10 | movsxd rbp,dword ptr ds:[r14+10] |
  236. 140007089 | 4D:8B66 08 | mov r12,qword ptr ds:[r14+8] |
  237. 14000708D | 4D:635E 14 | movsxd r11,dword ptr ds:[r14+14] |
  238. 140007091 | 49:8BDF | mov rbx,r15 | rbx:
  239. 140007094 | 4D:8D0C3F | lea r9,qword ptr ds:[r15+rdi] |
  240. 140007098 | 48:8B7C24 30 | mov rdi,qword ptr ss:[rsp+30] |
  241. 14000709D | 48:F7DB | neg rbx | rbx:
  242. 1400070A0 | 33D2 | xor edx,edx |
  243. 1400070A2 | 48:8BC6 | mov rax,rsi |
  244. 1400070A5 | 48:F7F5 | div rbp |
  245. 1400070A8 | 41:0FB601 | movzx eax,byte ptr ds:[r9] |
  246. 1400070AC | 46:0FB61422 | movzx r10d,byte ptr ds:[rdx+r12] | r10d:
  247. 1400070B1 | 84C0 | test al,al |
  248. 1400070B3 | 74 0B | je 1400070C0 |
  249. 1400070B5 | 41:3AC2 | cmp al,r10b |
  250. 1400070B8 | 74 06 | je 1400070C0 |
  251. 1400070BA | 41:32C2 | xor al,r10b |
  252. 1400070BD | 41:8801 | mov byte ptr ds:[r9],al |
  253. 1400070C0 | 4D:03CB | add r9,r11 |
  254. 1400070C3 | 49:03F3 | add rsi,r11 |
  255. 1400070C6 | 49:8D0419 | lea rax,qword ptr ds:[r9+rbx] |
  256. 1400070CA | 48:3BC7 | cmp rax,rdi |
  257. 1400070CD | 72 D1 | jb 1400070A0 |
  258. 1400070CF | 48:8B4C24 40 | mov rcx,qword ptr ss:[rsp+40] |
  259. 1400070D4 | 4D:8BC5 | mov r8,r13 |
  260. 1400070D7 | 49:8BD7 | mov rdx,r15 |
  261. 1400070DA | E8 71F70101 | call <_memmove> |
  262. 1400070DF | 41:C706 02000000 | mov dword ptr ds:[r14],2 |
  263. 1400070E6 | 48:8B8C24 50800000 | mov rcx,qword ptr ss:[rsp+8050] |
  264. 1400070EE | 48:33CC | xor rcx,rsp |
  265. 1400070F1 | E8 DAE10101 | call 1410252D0 |
  266. 1400070F6 | 48:81C4 68800000 | add rsp,8068 |
  267. 1400070FD | 41:5F | pop r15 |
  268. 1400070FF | 41:5E | pop r14 |
  269. 140007101 | 41:5D | pop r13 |
  270. 140007103 | 41:5C | pop r12 |
  271. 140007105 | 5F | pop rdi |
  272. 140007106 | 5E | pop rsi |
  273. 140007107 | 5D | pop rbp |
  274. 140007108 | 5B | pop rbx | rbx:
  275. 140007109 | C3 | ret |
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!