MurylloEx · July 19, 2024 23:20
diff --git a/crowdstrike-bsod-reversed-sub_1400E4124.c b/crowdstrike-bsod-reversed-sub_1400E4124.c
 __int64 __fastcall sub_1400E4124(int a1, __int64 a2, __int64 a3, unsigned int a4)
 {
 unsigned int v4; // r10d
 int v5; // ebp
 int v10; // edx
 unsigned int v11; // eax
 unsigned int v12; // r10d
 int v13; // r14d
 unsigned int v14; // edi
 unsigned int v15; // esi
 int v16; // ecx
 unsigned __int16 *v17; // rdx
 int v18; // ecx
 unsigned int v19; // eax
 unsigned int v20; // r8d
 int v21; // edx

 v4 = *(_DWORD *)(a2 + 8);
 v5 = 0;
 v10 = 4;

 if ( v4 < 2 ) {
  v11 = 1;
 } else if ( v4 == 2 ) {
  v11 = 2;
 } else {
  v11 = 4;
 }

 if ( a4 >= v11 )
 {
  if ( v4 && (v12 = v4 - 1) != 0 )
  {
   if ( v12 == 1 )
    v10 = 2;
  }
  else
  {
   v10 = 1;
  }

  v13 = *(_DWORD *)(a2 + 12);
  v14 = 0;
  v15 = a4 - v10 + 1;

  if ( a4 - v10 != -1 )
  {
   _mm_lfence();

   do
   {
    v16 = *(_DWORD *)(a2 + 8);
    v17 = (unsigned __int16 *)(a3 + v14);

    if ( v16 )
    {
     v18 = v16 - 1;

     if ( v18 )
     {
      if ( v18 == 1 )
       v19 = *v17; // <<-- Apocalypse instruction
      else
       v19 = *(_DWORD *)v17;

      v20 = (*(_DWORD *)(a2 + 24) * (v19 & *(_DWORD *)(a2 + 20))) >> (32 - *(_BYTE *)(a2 + 28));
     }
     else
     {
      v20 = -1;
      v21 = (unsigned __int8)((*(_BYTE *)v17 & *(_BYTE *)(a2 + 20)) - *(_BYTE *)(a2 + 12));

      if ( v21 < 1 << *(_DWORD *)(a2 + 28) )
       v20 = v21;
     }
    }
    else
    {
     v20 = *(unsigned __int8 *)v17;
    }

    v5 = sub_1400E6F48(a1, a2, a3, a4, v14, v20);

    if ( v5 < 0 )
     break;

    v14 += v13;
   }

   while ( v14 < v15 );
  }

 }

 return (unsigned int)v5;
 }
	__int64 __fastcall sub_1400E4124(int a1, __int64 a2, __int64 a3, unsigned int a4)
	{
	unsigned int v4; // r10d
	int v5; // ebp
	int v10; // edx
	unsigned int v11; // eax
	unsigned int v12; // r10d
	int v13; // r14d
	unsigned int v14; // edi
	unsigned int v15; // esi
	int v16; // ecx
	unsigned __int16 *v17; // rdx
	int v18; // ecx
	unsigned int v19; // eax
	unsigned int v20; // r8d
	int v21; // edx

	v4 = (_DWORD )(a2 + 8);
	v5 = 0;
	v10 = 4;

	if ( v4 < 2 ) {
	v11 = 1;
	} else if ( v4 == 2 ) {
	v11 = 2;
	} else {
	v11 = 4;
	}

	if ( a4 >= v11 )
	{
	if ( v4 && (v12 = v4 - 1) != 0 )
	{
	if ( v12 == 1 )
	v10 = 2;
	}
	else
	{
	v10 = 1;
	}

	v13 = (_DWORD )(a2 + 12);
	v14 = 0;
	v15 = a4 - v10 + 1;

	if ( a4 - v10 != -1 )
	{
	_mm_lfence();

	do
	{
	v16 = (_DWORD )(a2 + 8);
	v17 = (unsigned __int16 *)(a3 + v14);

	if ( v16 )
	{
	v18 = v16 - 1;

	if ( v18 )
	{
	if ( v18 == 1 )
	v19 = *v17; // <<-- Apocalypse instruction
	else
	v19 = (_DWORD )v17;

	v20 = ((_DWORD )(a2 + 24) * (v19 & (_DWORD )(a2 + 20))) >> (32 - (_BYTE )(a2 + 28));
	}
	else
	{
	v20 = -1;
	v21 = (unsigned __int8)(((_BYTE )v17 & (_BYTE )(a2 + 20)) - (_BYTE )(a2 + 12));

	if ( v21 < 1 << (_DWORD )(a2 + 28) )
	v20 = v21;
	}
	}
	else
	{
	v20 = (unsigned __int8 )v17;
	}

	v5 = sub_1400E6F48(a1, a2, a3, a4, v14, v20);

	if ( v5 < 0 )
	break;

	v14 += v13;
	}

	while ( v14 < v15 );
	}

	}

	return (unsigned int)v5;
	}