Created
November 27, 2020 19:21
-
-
Save Auscitte/b943fc12f577e2ff396575344c140c69 to your computer and use it in GitHub Desktop.
pseudocode for basesrv::ServerDllInitialization() generated by radare2's built-in decompiler
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function sym.BASESRV.dll_ServerDllInitialization () { | |
// 92 basic blocks | |
loc_0x180001680: | |
push rbp | |
push rbx | |
push rsi | |
push r12 | |
push r15 | |
rbp = rsp - 0xde0 | |
rsp -= 0xee0 | |
rax = qword [pdb.__security_cookie] //[0x180010050:8]=0x2b992ddfa232 ; "2\xa2\xdf-\x99+" | |
rax ^= rsp | |
qword [var_dd0h] = rax | |
eax = 0 | |
dword [var_68h] = 4 | |
qword [var_30h] = rax | |
r12d = 0 | |
qword [var_28h] = rax | |
rbx = rcx //arg1 | |
rax = qword gs:[0x60] | |
esi = 0xc0 //192 | |
dword [var_6ch] = 0x100002 | |
r15d = r12d | |
dword [var_70h] = 8 | |
qword [var_74h] = 0x100004 | |
ecx = dword [rax + 0x2c0] | |
dword [pdb.SessionId] = ecx //[0x180010958:4]=0 | |
qword [var_8h] = r12 | |
qword [var_38h] = r12 | |
qword [ ; [0x18000cd90:8]=0xee64 reloc.ntdll.dll_RtlGetCurrentServiceSessionId ; "d\xee" ; reloc.ntdll.dll_RtlGetCurrentService | |
.__imp_RtlGetCurrentServiceSessionId(0x0, 0xc0, 0x0, 0xffffffff) | |
var = dword [pdb.SessionId] - eax //[0x180010958:4]=-1 | |
ecx = 0xd0 //208 | |
dword [pdb.ServiceSessionId] = eax //[0x180010a50:4]=0 | |
r9 = rip + pdb.___C__1CC_HBLFFKMG___AAT__AAM__AAP__AA__AA__AAV__AAD__AAM__AA__AA__AAS__AAX__AAS__AA__AA__AAA__AAP__AAP__AA__AA__AA__AA //0x18000d198 ; u"TMP" | |
rax = qword gs:[0x60] | |
r8 = rip + str.BASESRV //pdb.___C__1BC_NDHIIINN___AAB__AAA__AAS__AAE__AAS__AAR__AAV__AA__CB__AA__AA | |
//0x18000d180 ; u"BASESRV!" | |
if (!var) esi = ecx | |
edx = 0 | |
rcx = qword [rax + 0x30] | |
qword [pdb.BaseSrvHeap] = rcx //[0x180010908:8]=0 | |
qword [ ; [0x18000cd88:8]=0xee84 reloc.ntdll.dll_RtlCreateTagHeap ; reloc.ntdll.dll_RtlCrea | |
.__imp_RtlCreateTagHeap(0x0, 0xd0, 0x0, 0xffffffffffffffff) | |
rcx = qword [rbx + 0x60] | |
r9 = rip + str.INIT //pdb.___C__1BE_CFIDFAMK___AAI__AAN__AAI__AAT__AA__AA__AAI__AAN__AAI__AA__AA__AA__AA | |
//0x18000d168 ; u"INIT" | |
r8 = rip + str.BASESHR //pdb.___C__1BC_KFJCOHCI___AAB__AAA__AAS__AAE__AAS__AAH__AAR__AA__CB__AA__AA | |
//0x18000d150 ; u"BASESHR!" | |
qword [pdb.BaseSrvSharedHeap] = rcx //[0x180010918:8]=0 | |
edx = 0 | |
dword [pdb.BaseSrvTag] = eax //[0x180010910:4]=0 | |
qword [ ; [0x18000cd88:8]=0xee84 reloc.ntdll.dll_RtlCreateTagHeap ; reloc.ntdll.dll_RtlCrea | |
.__imp_RtlCreateTagHeap(0x0, 0xd0, 0x0, 0xffffffffffffffff) | |
rcx = rip + pdb.BaseSrvDosDeviceCritSec //0x1800109a0 | |
dword [rbx + 0x20] = r12d | |
dword [pdb.BaseSrvSharedTag] = eax //[0x180010920:4]=0 | |
rax = rip + pdb.BaseServerApiDispatchTable //0x18000c1f0 | |
qword [rbx + 0x28] = rax | |
rax = rip + pdb.BaseServerApiServerValidTable //0x18000d130 | |
qword [rbx + 0x30] = rax | |
rax = rip + pdb.BaseClientConnectRoutine //0x180003eb0 ; "A\x838\bu\x17H\x8b\x02H\x8b\x89\x90" | |
qword [rbx + 0x48] = rax | |
rax = rip + pdb.BaseClientDisconnectRoutine //0x180003cf0 ; "@SH\x83\xec H\x8b\xd9H\x8d\r\x80\xc9" | |
qword [rbx + 0x50] = rax | |
dword [rbx + 0x24] = 0x1d //[0x1d:4]=0xffffff ; 29 | |
dword [rbx + 0x40] = 8 | |
qword [ ; [0x18000cd80:8]=0xee98 reloc.ntdll.dll_RtlInitializeCriticalSection ; reloc.ntdll.dll_RtlInitializeCritic | |
.__imp_RtlInitializeCriticalSection(0x0, 0xd0, 0x0, 0x1800109a0) | |
var = eax & eax | |
js 0x18000233d //likely | |
{ | |
loc_0x18000233d: | |
//CODE XREF from sym.BASESRV.dll_ServerDllInitialization @ 0x1800017b8 | |
rcx = qword [var_dd0h] | |
rcx ^= rsp //uint32_t arg1 | |
pdb.__security_check_cookie () //pdb.__security_check_cookie(0x0) | |
rsp += 0xee0 | |
pop r15 | |
pop r12 | |
pop rsi | |
pop rbx | |
return | |
loc_0x1800017be: | |
qword [var_f18h] = rdi | |
rax = var_80h | |
qword [var_f20h] = r13 | |
r8 = var_20h | |
qword [var_f28h] = r14 | |
rdx = rip + pdb.UnexpandedSystemRootString //0x18000c1e0 | |
r9d = 0 | |
qword [var_28h_2] = rax | |
ecx = 0 | |
dword [var_20h] = 0x3200000 | |
r14d = 0x320 //800 | |
qword [ ; [0x18000cd78:8]=0xeeb8 reloc.ntdll.dll_RtlExpandEnvironmentStrings_U ; "L#" ; reloc.ntdll.dll_RtlExpandEnviron | |
.__imp_RtlExpandEnvironmentStrings_U(0x0, 0x0, 0x18000c1e0, 0x0) | |
eax = word [var_20h] | |
var = ax - r14w | |
jae 0x180004f72 //unlikely | |
} | |
return; | |
loc_0x180001812: | |
eax = ax | |
rax &= 0xfffffffffffffffe | |
var = rax - r14 | |
jae 0x1800023ec //likely | |
{ | |
loc_0x1800023ec: | |
//CODE XREF from sym.BASESRV.dll_ServerDllInitialization @ 0x18000181c | |
pdb.__report_rangecheckfailure () | |
int3 | |
loc_0x180001822: | |
rdx = var_80h | |
word [rbp + rax + 0x80] = r12w | |
rcx = rip + pdb.BaseSrvWindowsDirectory //0x180010930 | |
qword [ ; [0x18000cd70:8]=0xeed8 reloc.ntdll.dll_RtlCreateUnicodeString ; reloc.ntdll.dll_RtlCreate | |
.__imp_RtlCreateUnicodeString(0x0, 0x0, 0x178080, 0x180010930) | |
var = al & al | |
if (!var) goto 0x180004f72 //likely | |
} | |
return; | |
loc_0x180001847: | |
r8 = rip + str.system32 //pdb.___C__1BE_MCHPLFCF___AA_2__AAs__AAy__AAs__AAt__AAe__AAm__AA3__AA2__AA__AA | |
//0x18000d118 ; u"\system32" | |
edx = 0x190 //400 | |
rcx = var_80h | |
qword [ ; [0x18000cd68:8]=0xeef2 reloc.ntdll.dll_wcscat_s ; reloc.ntdll.dll | |
.__imp_wcscat_s(0x0, 0x0, 0x190, 0x178080) | |
rdx = var_80h | |
rcx = rip + pdb.BaseSrvWindowsSystemDirectory //0x180010940 | |
qword [ ; [0x18000cd70:8]=0xeed8 reloc.ntdll.dll_RtlCreateUnicodeString ; reloc.ntdll.dll_RtlCreateUnic | |
.__imp_RtlCreateUnicodeString(0x0, 0x0, 0x178080, 0x180010940) | |
var = al & al | |
if (!var) goto 0x180004f72 //likely | |
{ | |
loc_0x180004f72: | |
//XREFS: CODE 0x18000180c CODE 0x180001841 CODE 0x180001876 | |
//XREFS: CODE 0x18000195b CODE 0x1800019d1 CODE 0x180001a22 | |
//XREFS: CODE 0x180001a8b CODE 0x180001ae9 CODE 0x180001b50 | |
//XREFS: CODE 0x180001d17 CODE 0x180001d54 CODE 0x180004df2 | |
ebx = 0xc0000017 | |
do | |
{ | |
loc_0x180004f77: | |
//XREFS(24) | |
rcx = rip + pdb.BaseSrvDosDeviceCritSec //0x1800109a0 | |
qword [ ; [0x18000cb18:8]=0xf11e reloc.ntdll.dll_RtlDeleteCriticalSection ; reloc.ntdll.dll_RtlDele | |
.__imp_RtlDeleteCriticalSection(0x0, 0x0, 0x0, 0x1800109a0) | |
goto 0x180002323 | |
} while (?); | |
} while (?); | |
} | |
return; | |
goto loc_0x18000187c | |
loc_0x18000189a: | |
r9 = rip + str.Sessions //pdb.___C__1BE_GBAFMKEO___AA_2__AAS__AAe__AAs__AAs__AAi__AAo__AAn__AAs__AA__AA | |
//0x18000cee0 ; u"\Sessions" | |
dword [ReturnLength] = eax | |
r8 = rip + str.ws___ld__BaseNamedObjects //pdb.___C__1DC_BGGFLPH___AA__CF__AAw__AAs__AA_2__AA__CF__AAl__AAd__AA_2__AAB__AAa__AAs__AAe__AAN__AAa__AAm__AAe__AAd__AAO__AAb__AAj__AAe__AAc__AAt__AAs__AA__AA | |
//0x18000cef8 ; u"%ws\%ld\BaseNamedObjects" | |
qword [ ; [0x18000ca60:8]=0xef0a reloc.ntdll.dll_swprintf_s ; "\n\xef" ; reloc.ntdll.dll_s | |
.__imp_swprintf_s(0x0, 0x0, 0x0, 0x0) | |
do | |
{ | |
loc_0x1800018b2: | |
//CODE XREF from sym.BASESRV.dll_ServerDllInitialization @ 0x180002377 | |
eax = dword [pdb.SessionId] //[0x180010958:4]=-1 | |
r9 = rip + str.Sessions //pdb.___C__1BE_GBAFMKEO___AA_2__AAS__AAe__AAs__AAs__AAi__AAo__AAn__AAs__AA__AA | |
//0x18000cee0 ; u"\Sessions" | |
r8 = rip + str.ws___ld__AppContainerNamedObjects //pdb.___C__1EC_NJAKGLLG___AA__CF__AAw__AAs__AA_2__AA__CF__AAl__AAd__AA_2__AAA__AAp__AAp__AAC__AAo__AAn__AAt__AAa__AAi__AAn__AAe__AAr__AAN__AAa__AAm__AAe__AAd__AAO__AAb__AAj__AAe__AAc__AAt__AAs | |
//0x18000d0d0 ; u"%ws\%ld\AppContainerNamedObjects" | |
dword [ReturnLength] = eax | |
edx = 0x100 //256 | |
rcx = var_7a0h | |
qword [ ; [0x18000ca60:8]=0xef0a reloc.ntdll.dll_swprintf_s ; "\n\xef" ; reloc.ntdll.d | |
.__imp_swprintf_s(0x0, 0x0, 0x100, 0x1787a0) | |
eax = dword [pdb.SessionId] //[0x180010958:4]=-1 | |
r9 = rip + str.Sessions //pdb.___C__1BE_GBAFMKEO___AA_2__AAS__AAe__AAs__AAs__AAi__AAo__AAn__AAs__AA__AA | |
//0x18000cee0 ; u"\Sessions" ; int64_t arg4 | |
r8 = rip + str.ws___ld__BaseNamedObjects //pdb.___C__1DC_BGGFLPH___AA__CF__AAw__AAs__AA_2__AA__CF__AAl__AAd__AA_2__AAB__AAa__AAs__AAe__AAN__AAa__AAm__AAe__AAd__AAO__AAb__AAj__AAe__AAc__AAt__AAs__AA__AA | |
//0x18000cef8 ; u"%ws\%ld\BaseNamedObjects" ; int64_t arg3 | |
dword [ReturnLength] = eax | |
edx = 0x100 //256 ; int64_t arg2 | |
rcx = var_5a0h //int64_t arg1 | |
pdb.RtlStringCchPrintfW () //pdb.RtlStringCchPrintfW(0x0, 0x0, 0x100, 0x1785a0) | |
rdx = SourceString //PCWSTR SourceString | |
rcx = DestinationString //PUNICODE_STRING DestinationString | |
qword [ ; [0x18000cd98:8]=0xee4c reloc.ntdll.dll_RtlInitUnicodeString ; "L\xee" ; reloc.ntdll.dll_RtlInit | |
.__imp_RtlInitUnicodeString(0x0, 0x0, 0x1783a0, 0x177f98) | |
rdx = var_5a0h //PCWSTR SourceString | |
rcx = var_30h //PUNICODE_STRING DestinationString | |
qword [ ; [0x18000cd98:8]=0xee4c reloc.ntdll.dll_RtlInitUnicodeString ; "L\xee" ; reloc.ntdll.dll_RtlInit | |
.__imp_RtlInitUnicodeString(0x0, 0x0, 0x1785a0, 0x177fd0) | |
rdx = var_7a0h //PCWSTR SourceString | |
rcx = var_20h_2 //PUNICODE_STRING DestinationString | |
qword [ ; [0x18000cd98:8]=0xee4c reloc.ntdll.dll_RtlInitUnicodeString ; "L\xee" ; reloc.ntdll.dll_RtlInit | |
.__imp_RtlInitUnicodeString(0x0, 0x0, 0x1787a0, 0x177fe0) | |
edx = dword [pdb.BaseSrvSharedTag] //[0x180010920:4]=-1 | |
r8d = 0xb68 //2920 | |
rcx = qword [pdb.BaseSrvSharedHeap] //[0x180010918:8]=-1 | |
qword [ ; [0x18000ca70:8]=0xef26 reloc.ntdll.dll_RtlAllocateHeap ; "&\xef" ; reloc.ntdll.dll_Rt | |
.__imp_RtlAllocateHeap(0x0, 0x0, 0xffffffff, 0xffffffffffffffff) | |
qword [pdb.BaseSrvpStaticServerData] = rax //[0x180010950:8]=0 | |
var = rax & rax | |
if (!var) goto 0x180004f72 //unlikely | |
} while (?); | |
return; | |
loc_0x180001961: | |
qword [rbx + 0x60] = rax | |
rdx = rax + 0x140 //PVOID SystemInformation | |
r9d = 0 //PULONG ReturnLength | |
qword [rax + 0xb50] = rax | |
dword [rax + 0xb30] = 0xffffffff //[0xffffffff:4]=-1 ; -1 | |
dword [rax + 0xb38] = r12d | |
ecx = r9 + 3 | |
r8d = r9 + 0x30 | |
qword [ ; [0x18000ca78:8]=0xef38 reloc.ntdll.dll_NtQuerySystemInformation ; "8\xef" ; reloc.ntdll.dll_NtQuerySystemIn | |
.__imp_NtQuerySystemInformation(0x0, 0x0, 0x140, 0x3) | |
ebx = eax | |
var = eax & eax | |
js 0x180004f77 //unlikely | |
loc_0x18000199f: | |
rax = qword [pdb.BaseSrvpStaticServerData] //[0x180010950:8]=-1 | |
xmm0 = xmmword [pdb.BaseSrvWindowsDirectory] //[0x180010930:16]=-1 | |
edx = dword [pdb.BaseSrvSharedTag] //[0x180010920:4]=-1 | |
rcx = qword [pdb.BaseSrvSharedHeap] //[0x180010918:8]=-1 | |
xmmword [rax] = xmm0 | |
r8d = word [0x180010932] //[0x180010932:2]=0 | |
qword [ ; [0x18000ca70:8]=0xef26 reloc.ntdll.dll_RtlAllocateHeap ; "&\xef" ; reloc.ntdll.dll_RtlAll | |
.__imp_RtlAllocateHeap(0x0, 0x0, 0xffffffff, 0xffffffffffffffff) | |
rdi = rax | |
var = rax & rax | |
if (!var) goto 0x180004f72 //unlikely | |
loc_0x1800019d7: | |
rbx = qword [pdb.BaseSrvpStaticServerData] //[0x180010950:8]=-1 | |
rcx = rax //void *s1 | |
r8d = word [0x180010932] //[0x180010932:2]=0 ; size_t n | |
rdx = qword [rbx + 8] //const void *s2 | |
pdb.memcpy () | |
//void *memcpy(-1, -1, -1) | |
edx = dword [pdb.BaseSrvSharedTag] //[0x180010920:4]=-1 | |
rcx = qword [pdb.BaseSrvSharedHeap] //[0x180010918:8]=-1 | |
qword [rbx + 8] = rdi | |
xmm0 = xmmword [pdb.BaseSrvWindowsSystemDirectory] //[0x180010940:16]=-1 | |
xmmword [rbx + 0x10] = xmm0 | |
r8d = word [0x180010942] //[0x180010942:2]=0 | |
qword [ ; [0x18000ca70:8]=0xef26 reloc.ntdll.dll_RtlAllocateHeap ; "&\xef" ; reloc.ntdll.dll_RtlAll | |
.__imp_RtlAllocateHeap(0x0, 0x0, 0xffffffff, 0xffffffffffffffff) | |
rdi = rax | |
var = rax & rax | |
if (!var) goto 0x180004f72 //likely | |
loc_0x180001a28: | |
rbx = qword [pdb.BaseSrvpStaticServerData] //[0x180010950:8]=-1 | |
rcx = rax //void *s1 | |
r8d = word [0x180010942] //[0x180010942:2]=0 ; size_t n | |
rdx = qword [rbx + 0x18] //const void *s2 | |
pdb.memcpy () | |
//void *memcpy(-1, -1, -1) | |
edx = dword [pdb.BaseSrvSharedTag] //[0x180010920:4]=-1 | |
rcx = qword [pdb.BaseSrvSharedHeap] //[0x180010918:8]=-1 | |
qword [rbx + 0x18] = rdi | |
qword [rbx + 0x968] = r12 | |
dword [rbx + 0x960] = r12d | |
xmm0 = xmmword [DestinationString] | |
xmmword [rbx + 0x20] = xmm0 | |
eax = word [DestinationString] | |
ax += 2 | |
word [rbx + 0x22] = ax | |
r8d = word [DestinationString] | |
r8 += 2 | |
qword [ ; [0x18000ca70:8]=0xef26 reloc.ntdll.dll_RtlAllocateHeap ; "&\xef" ; reloc.ntdll.dll_RtlAll | |
.__imp_RtlAllocateHeap(0x0, 0x0, 0xffffffff, 0xffffffffffffffff) | |
rdi = rax | |
var = rax & rax | |
if (!var) goto 0x180004f72 //unlikely | |
loc_0x180001a91: | |
rbx = qword [pdb.BaseSrvpStaticServerData] //[0x180010950:8]=-1 | |
rcx = rax //void *s1 | |
r8d = word [rbx + 0x22] //size_t n | |
rdx = qword [rbx + 0x28] //const void *s2 | |
pdb.memcpy () | |
//void *memcpy(-1, -1, -1) | |
edx = dword [pdb.BaseSrvSharedTag] //[0x180010920:4]=-1 | |
rcx = qword [pdb.BaseSrvSharedHeap] //[0x180010918:8]=-1 | |
qword [rbx + 0x28] = rdi | |
xmm0 = xmmword [var_20h_2] | |
xmmword [rbx + 0xb40] = xmm0 | |
eax = word [var_20h_2] | |
ax += 2 | |
word [rbx + 0xb42] = ax | |
r8d = word [var_20h_2] | |
r8 += 2 | |
qword [ ; [0x18000ca70:8]=0xef26 reloc.ntdll.dll_RtlAllocateHeap ; "&\xef" ; reloc.ntdll.dll_RtlAll | |
.__imp_RtlAllocateHeap(0x0, 0x0, 0xffffffff, 0xffffffffffffffff) | |
rdi = rax | |
var = rax & rax | |
if (!var) goto 0x180004f72 //unlikely | |
loc_0x180001aef: | |
rbx = qword [pdb.BaseSrvpStaticServerData] //[0x180010950:8]=-1 | |
rcx = rax //void *s1 | |
r8d = word [rbx + 0xb42] //size_t n | |
rdx = qword [rbx + 0xb48] //const void *s2 | |
pdb.memcpy () | |
//void *memcpy(-1, -1, -1) | |
edx = dword [pdb.BaseSrvSharedTag] //[0x180010920:4]=-1 | |
rcx = qword [pdb.BaseSrvSharedHeap] //[0x180010918:8]=-1 | |
qword [rbx + 0xb48] = rdi | |
xmm0 = xmmword [var_30h] | |
xmmword [rbx + 0xb58] = xmm0 | |
eax = word [var_30h] | |
ax += 2 | |
word [rbx + 0xb5a] = ax | |
r8d = word [var_30h] | |
r8 += 2 | |
qword [ ; [0x18000ca70:8]=0xef26 reloc.ntdll.dll_RtlAllocateHeap ; "&\xef" ; reloc.ntdll.dll_RtlAll | |
.__imp_RtlAllocateHeap(0x0, 0x0, 0xffffffff, 0xffffffffffffffff) | |
rdi = rax | |
var = rax & rax | |
if (!var) goto 0x180004f72 //unlikely | |
loc_0x180001b56: | |
rbx = qword [pdb.BaseSrvpStaticServerData] //[0x180010950:8]=-1 | |
rcx = rax //void *s1 | |
r8d = word [rbx + 0xb5a] //size_t n | |
rdx = qword [rbx + 0xb60] //const void *s2 | |
pdb.memcpy () | |
//void *memcpy(-1, -1, -1) | |
qword [rbx + 0xb60] = rdi | |
rax = var_2d8h | |
byte [rbx + 0x970] = r12b | |
r8 = rip + pdb.BaseServerRegistryConfigurationTable1 //0x18000c170 ; u(cstr 0x18000d390) "CSDVersion" | |
r9d = 0 | |
qword [0x180010968] = rax //[0x180010968:8]=0 | |
rdx = rip + pdb.___C__11LOCGONAA___AA__AA //0x18000cef4 | |
dword [pdb.BaseSrvCSDString] = 0xc80000 //[0x180010960:4]=0 | |
qword [ReturnLength] = r12 | |
ecx = r9 + 3 | |
qword [ ; [0x18000ca80:8]=0xef54 reloc.ntdll.dll_RtlQueryRegistryValuesEx ; "T\xef" ; reloc.ntdll.dll_RtlQueryRegistr | |
.__imp_RtlQueryRegistryValuesEx(0x0, 0x0, 0x18000cef4, 0x3) | |
var = eax & eax | |
js 0x180004d06 //unlikely | |
{ | |
loc_0x180004d06: | |
//CODE XREF from sym.BASESRV.dll_ServerDllInitialization @ 0x180001bbc | |
rax = qword [pdb.BaseSrvpStaticServerData] //[0x180010950:8]=-1 | |
dword [rax + 0x36] = r12d | |
goto 0x180001bdf | |
do | |
{ | |
loc_0x180001bdf: | |
//CODE XREF from sym.BASESRV.dll_ServerDllInitialization @ 0x180004d11 | |
r9d = 0 | |
qword [ReturnLength] = r12 | |
r8 = rip + pdb.BaseServerRegistryConfigurationTable //0x18000c100 ; u(cstr 0x18000d390) "CSDVersion" | |
rdx = rip + pdb.___C__11LOCGONAA___AA__AA //0x18000cef4 | |
ecx = r9 + 3 | |
qword [ ; [0x18000ca80:8]=0xef54 reloc.ntdll.dll_RtlQueryRegistryValuesEx ; "T\xef" ; reloc.ntdll.dll_RtlQuer | |
.__imp_RtlQueryRegistryValuesEx(0x0, 0x0, 0x18000cef4, 0x3) | |
var = eax & eax | |
js 0x180004d16 //unlikely | |
} while (?); | |
} while (?); | |
} | |
return; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What the heck is this? The answer is here.