Created
November 12, 2017 13:46
-
-
Save Konctantin/1dc76573b65b89645daae31c371acf70 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- **************************************** | |
| -- **************************************** | |
| -- x86 | |
| 53 push ebx | |
| 8B DC mov ebx, esp | |
| 51 push ecx | |
| 51 push ecx | |
| 83 E4 F8 and esp, 0FFFFFFF8h | |
| 83 C4 04 add esp, 4 | |
| 55 push ebp | |
| 8B 6B 04 mov ebp, [ebx+4] | |
| 89 6C 24 04 mov [esp+0Ch+var_8], ebp | |
| 8B EC mov ebp, esp | |
| 83 EC 28 sub esp, 28h | |
| 56 push esi | |
| 57 push edi | |
| E8 | |
| -- FrameScript::Register | |
| 53 8B DC 51 51 83 E4 F8 83 C4 04 55 8B 6B 04 89 6C 24 04 8B EC 83 EC 28 56 57 E8 | |
| --------------------------------------------------------------------------------------- | |
| 55 push ebp | |
| 8B EC mov ebp, esp | |
| FF 05 F0 8C 0C 01 inc dword_10C8CF0 | |
| 53 push ebx | |
| 56 push esi | |
| 8B 35 44 24 0B 01 mov esi, dword_10B2444 | |
| 57 push edi | |
| 8B 3D EC 8C 0C 01 mov edi, dword_10C8CEC | |
| 6A 00 push 0 | |
| 5B pop ebx | |
| 74 47 jz short loc_4A5BDA | |
| 39 1D F4 8C 0C 01 cmp dword_10C8CF4, ebx | |
| 75 3F jnz short loc_4A5BDA | |
| 8B 45 10 mov eax, [ebp+arg_8] | |
| A3 EC 8C 0C 01 mov dword_10C8CEC, eax | |
| 85 C0 test eax, eax | |
| 74 33 jz short loc_4A5BDA | |
| 39 1D 04 8D 0C 01 cmp dword_10C8D04, ebx | |
| 75 2B jnz short loc_4A5BDA | |
| 68 80 AF 3F 01 push offset unk_13FAF80 | |
| 53 push ebx | |
| 56 push esi | |
| -- FrameScript::Execute | |
| 55 8B EC FF 05 ? ? ? ? 53 56 8B 35 ? ? ? ? 57 8B 3D ? ? ? ? 6A 00 | |
| -- **************************************** | |
| -- **************************************** | |
| -- x64 | |
| -- FrameScript::Register | |
| 40 53 push rbx | |
| 48 83 EC 70 sub rsp, 70h | |
| 8B D9 mov ebx, ecx | |
| E8 A3 FE 1D 00 call GetCurrentThreadId | |
| 89 05 29 DA 3F 01 mov cs:dword_1414B596C, eax | |
| E8 48 92 0E 00 call sub_1401A1190 | |
| 48 8D 0D 51 E3 FF FF lea rcx, sub_1400B62A0 | |
| 48 8B D0 mov rdx, rax | |
| 44 8B C3 mov r8d, ebx | |
| 48 89 05 F4 D9 3F 01 mov cs:qword_1414B5950, rax | |
| E8 1F 01 0E 00 call sub_140198080 | |
| 48 8D 15 78 0F 00 00 lea rdx, sub_1400B8EE0 | |
| 48 8B C8 mov rcx, rax | |
| 48 89 05 E6 D9 3F 01 mov cs:qword_1414B5958, rax | |
| E8 69 05 0E 00 call sub_1401984E0 | |
| -- FrameScript::Register | |
| 40 53 48 83 EC 70 8B D9 E8 ? ? ? ? 89 05 29 DA 3F 01 E8 ? ? ? ? | |
| ----------------------------------------------------------------------- | |
| 48 89 5C 24 08 mov [rsp+arg_0], rbx | |
| 48 89 6C 24 10 mov [rsp+arg_8], rbp | |
| 48 89 74 24 18 mov [rsp+arg_10], rsi | |
| 57 push rdi | |
| 41 56 push r14 | |
| 41 57 push r15 | |
| 48 83 EC 20 sub rsp, 20h | |
| FF 05 0A 80 41 01 inc cs:dword_1414CEDF8 | |
| 48 8B 3D 63 EB 3F 01 mov rdi, cs:qword_1414B5958 | |
| 48 8B 2D F4 7F 41 01 mov rbp, cs:qword_1414CEDF0 | |
| 4C 8B F7 mov r14, rdi | |
| 4C 8B FA mov r15, rdx | |
| 48 8B F1 mov rsi, rcx | |
| --FrameScript::Execute | |
| 48 89 5C 24 08 48 89 6C 24 10 48 89 74 24 18 57 41 56 41 57 48 83 EC 20 FF ? ? ? ? ? 48 8B ? ? ? ? ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment