use32 org $47023C Continue_46C54A equ $46C54A Continue_46C48F equ $46C48F AVXEnable equ $4760E5 KiIpiGenericCall equ $42B034 macro LOAD_AX arg1 { call GetPIC_EAX add eax, (arg1 - base1) } macro avxsave reg0 { VEXTRACTF128 [reg0+$120], ymm0,1 VEXTRACTF128 [reg0+$130], ymm1,1 VEXTRACTF128 [reg0+$140], ymm2,1 VEXTRACTF128 [reg0+$150], ymm3,1 VEXTRACTF128 [reg0+$160], ymm4,1 VEXTRACTF128 [reg0+$170], ymm5,1 VEXTRACTF128 [reg0+$180], ymm6,1 VEXTRACTF128 [reg0+$190], ymm7,1 } macro avxload reg0 { VBROADCASTF128 ymm0, [reg0+$120] VBROADCASTF128 ymm1, [reg0+$130] VBROADCASTF128 ymm2, [reg0+$140] VBROADCASTF128 ymm3, [reg0+$150] VBROADCASTF128 ymm4, [reg0+$160] VBROADCASTF128 ymm5, [reg0+$170] VBROADCASTF128 ymm6, [reg0+$180] VBROADCASTF128 ymm7, [reg0+$190] } Hook_427DA4: ;47023C jmp short Save_eax_427DA4 Hook_5CE746: ;47023E jmp short Save_eax_5CE746 Hook_46C542: ;470240 jmp short Save_ecx_46C542 Hook_46DDB7: ;470242 jmp short Save_ecx_46DDB7 Hook_46DF41: ;470244 jmp short Save_ecx_46DF41 Hook_46DF8D: ;470246 jmp short Save_ecx_46DF8D Hook_46ED62: ;470248 jmp short Save_ecx_46ED62 Empty_Hook: ;47024A jmp short $ Hook_42DBCE: ;47024C jmp short Load_eax_42DBCE Hook_46C488: ;47024E jmp short Load_ecx_46C488 Hook_46DF51: ;470250 jmp short Load_ecx_46DF51 Init_Hook: ;470252 jmp short Init Save_eax_427DA4: Save_eax_427D61: mov eax, [ebp-$8] jmp Save_Eax Save_eax_5CE746: mov eax, [ebp-$18] jmp Save_Eax Save_ecx_46C542: call Save_Ecx jmp Continue_46C54A Save_ecx_46DDB7: call Save_Ecx or ebx, $0A ret Save_ecx_46DF41: call Save_Ecx mov byte [eax+$31], $0A ret Save_ecx_46DF8D: call Save_Ecx mov ecx, [esp+$14+$4] ; +4 - orig stack ret Save_ecx_46ED62: call Save_Ecx mov byte [edi+$31], $0A ret Load_eax_42DBCE: mov cr0, ebx call Load_Eax ret Load_ecx_46C488: call Load_Ecx jmp Continue_46C48F Load_ecx_46DF51: call Load_Ecx mov edx, [ecx+$20C] ret Save_Eax: call check_avx jnz Save_Eax_part2 fxsave [eax] ret ;Save_Eax part1 Init: ;eax = NumberProcessors mov [ebp-4], eax ; stolen bytes, ebp-4 = &NumberProcessors push ebx push edi call GetPIC_AVXEnable mov edi,eax xor eax,eax mov byte [edi],al ; cpuid mov al, 1 ; fxn: get features cpuid bt ecx, 28 ; AVX support by CPU? jnc L1 xor ecx, ecx xor eax, eax mov al, $0d cpuid bt eax, 2 ; XCR0.AVX can be set to 1 ? jnc L1 lea eax, [ebp-4] push eax LOAD_AX EnableAvxPerCPU push eax call KiIpiGenericCall mov byte [edi], $1 L1: pop edi pop ebx ;stolen bytes lea eax, [ebp-4] ret ;Init Save_Eax_part2: fxsave [eax] avxsave eax ret ;Save_Eax_part2 GetPIC_EAX: call $+5 base1: pop eax ret ;GetPIC_EAX GetPIC_AVXEnable: LOAD_AX AVXEnable ret ;GetPIC_AVXEnable Save_Ecx: push eax mov eax, ecx call Save_Eax pop eax ret ;Save_Ecx Load_Ecx: push eax mov eax, ecx call Load_Eax pop eax ret ;Load_Ecx Load_Eax: call check_avx jz L3 avxload eax L3: fxrstor [eax] ret ;Load_Eax check_avx: push eax call GetPIC_AVXEnable test byte [eax],$01 pop eax ret ;check_avx EnableAvxPerCPU: ; cr4.osxsave mov eax, cr4 ; load cr4 or eax, $00040000 ; set bit 18 OSXSAVE mov cr4, eax ; write new content ; XCR0.FPU+SSE+AVX xor ecx, ecx ; XFEATURE_ENABLED_MASK register xor edx, edx xor eax, eax mov al , $7 ; mask in edx:eax, fpu+sse+avx xsetbv ret 4 ;EnableAvxPerCPU EndAdress: db ($470400 - $) dup 0