-
-
Save ZingBallyhoo/f1162fa0b14d5abb47c6eaba22807ae7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -1 180794D20 push rbp | |
| -1 180794D22 sub rsp,40h | |
| -1 180794D26 lea rbp,[rsp+20h] | |
| -1 180794D2B mov [rbp+30h],rbx | |
| -1 180794D2F cmp byte ptr [180A810DEh],0 | |
| -1 180794D36 jne short 0000000180794D4Ah | |
| -1 180794D38 mov ecx,[1808317D8h] | |
| -1 180794D3E call 0000000180106290h | |
| -1 180794D43 mov byte ptr [180A810DEh],1 | |
| -1 180794D4A mov eax,[rsp] | |
| -1 180794D4D sub rsp,10h | |
| -1 180794D51 lea rdx,[rsp+20h] | |
| -1 180794D56 mov eax,[rdx] | |
| -1 180794D58 lea rcx,[rbp+8] | |
| -1 180794D5C call 000000018000E3F0h | |
| -1 180794D61 nop | |
| try { | |
| 0 180794D62 mov rcx,[180D33F08h] | |
| 0 180794D69 call 0000000180106390h | |
| 0 180794D6E mov rbx,rax | |
| 0 180794D71 xor r8d,r8d | |
| 0 180794D74 mov rdx,[180D3FDF8h] | |
| 0 180794D7B mov rcx,rax | |
| 0 180794D7E call 000000018026FE30h | |
| 0 180794D83 mov rdx,[180D446B8h] | |
| 0 180794D8A mov rcx,rbx | |
| 0 180794D8D call 00000001801063B0h | |
| } | |
| catch { | |
| call catch funclet at 180796860 | |
| will jump to 180794D93 | |
| } | |
| try { | |
| 2 180794D92 nop | |
| 2 180794D93 mov rbx,[rbp+40h] | |
| 2 180794D97 test rbx,rbx | |
| 2 180794D9A je short 0000000180794DEFh | |
| 2 180794D9C mov rax,[rbx] | |
| 2 180794D9F mov rdx,[180D33F08h] | |
| 2 180794DA6 movzx ecx,byte ptr [rdx+128h] | |
| 2 180794DAD cmp [rax+128h],cl | |
| 2 180794DB3 jb short 0000000180794DEFh | |
| 2 180794DB5 mov rax,[rax+0C8h] | |
| 2 180794DBC cmp [rax+rcx*8-8],rdx | |
| 2 180794DC1 jne short 0000000180794DEFh | |
| 2 180794DC3 mov rcx,rbx | |
| 2 180794DC6 mov rax,[rbx] | |
| 2 180794DC9 mov rdx,[rax+268h] | |
| 2 180794DD0 call qword ptr [rax+260h] | |
| 2 180794DD6 xor r8d,r8d | |
| 2 180794DD9 mov rdx,[180D38B48h] | |
| 2 180794DE0 mov rcx,rax | |
| 2 180794DE3 call 0000000180171DE0h | |
| 2 180794DE8 test al,al | |
| 2 180794DEA setne cl | |
| 2 180794DED jmp short 0000000180794DF1h | |
| } | |
| catch { | |
| call catch funclet at 18079FDE0 | |
| will jump to 180794E04 | |
| } | |
| -1 180794DEF xor ecx,ecx | |
| -1 180794DF1 test cl,cl | |
| -1 180794DF3 je short 0000000180794E08h | |
| -1 180794DF5 mov eax,64h | |
| -1 180794DFA mov rbx,[rbp+30h] | |
| -1 180794DFE lea rsp,[rbp+20h] | |
| -1 180794E02 pop rbp | |
| -1 180794E03 ret | |
| -1 180794E04 mov rbx,[rbp+40h] | |
| -1 180794E08 mov rdx,[180D446B8h] | |
| -1 180794E0F mov rcx,rbx | |
| -1 180794E12 call 00000001801063B0h | |
| -1 180794E17 int 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -1 180794E20 push rbp | |
| -1 180794E22 sub rsp,50h | |
| -1 180794E26 lea rbp,[rsp+20h] | |
| -1 180794E2B mov [rbp+40h],rbx | |
| -1 180794E2F cmp byte ptr [180A810DDh],0 | |
| -1 180794E36 jne short 0000000180794E4Ah | |
| -1 180794E38 mov ecx,[1808317E4h] | |
| -1 180794E3E call 0000000180106290h | |
| -1 180794E43 mov byte ptr [180A810DDh],1 | |
| -1 180794E4A mov dword ptr [rbp+50h],0 | |
| -1 180794E51 mov eax,[rsp] | |
| -1 180794E54 sub rsp,10h | |
| -1 180794E58 lea rdx,[rsp+20h] | |
| -1 180794E5D mov eax,[rdx] | |
| -1 180794E5F lea rcx,[rbp+18h] | |
| -1 180794E63 call 000000018000E3F0h | |
| -1 180794E68 nop | |
| try { | |
| try { | |
| 1 180794E69 mov rcx,[180D33F08h] | |
| 1 180794E70 call 0000000180106390h | |
| 1 180794E75 mov rbx,rax | |
| 1 180794E78 xor r8d,r8d | |
| 1 180794E7B mov rdx,[180D3FDF8h] | |
| 1 180794E82 mov rcx,rax | |
| 1 180794E85 call 000000018026FE30h | |
| 1 180794E8A mov rdx,[180D446A0h] | |
| 1 180794E91 mov rcx,rbx | |
| 1 180794E94 call 00000001801063B0h | |
| } | |
| catch { | |
| call catch funclet at 18079FE00 | |
| will jump to 180794E9A | |
| } | |
| 0 180794E99 nop | |
| 0 180794E9A mov edx,64h | |
| 0 180794E9F mov [rbp+50h],edx | |
| 0 180794EA2 mov eax,[rbp+20h] | |
| 0 180794EA5 inc eax | |
| 0 180794EA7 movsxd rcx,eax | |
| 0 180794EAA mov rax,[rbp+18h] | |
| 0 180794EAE mov dword ptr [rax+rcx*4],16h | |
| 0 180794EB5 jmp short 0000000180794EC3h | |
| 0 180794EB7 mov rcx,[rbp+58h] | |
| 0 180794EBB test rcx,rcx | |
| 0 180794EBE jne short 0000000180794ECFh | |
| 0 180794EC0 mov edx,[rbp+50h] | |
| 0 180794EC3 mov eax,edx | |
| 0 180794EC5 mov rbx,[rbp+40h] | |
| 0 180794EC9 lea rsp,[rbp+30h] | |
| 0 180794ECD pop rbp | |
| 0 180794ECE ret | |
| } | |
| catch { | |
| call catch funclet at 18079BB10 | |
| will jump to 180794EB7 | |
| } | |
| -1 180794ECF xor edx,edx | |
| -1 180794ED1 call 00000001801063B0h | |
| -1 180794ED6 int 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -1 180794EE0 push rbp | |
| -1 180794EE2 sub rsp,50h | |
| -1 180794EE6 lea rbp,[rsp+20h] | |
| -1 180794EEB cmp byte ptr [180A810E3h],0 | |
| -1 180794EF2 jne short 0000000180794F06h | |
| -1 180794EF4 mov ecx,[1808317E8h] | |
| -1 180794EFA call 0000000180106290h | |
| -1 180794EFF mov byte ptr [180A810E3h],1 | |
| -1 180794F06 mov eax,[rsp] | |
| -1 180794F09 sub rsp,20h | |
| -1 180794F0D mov eax,[rsp] | |
| -1 180794F10 mov rax,[180D33F00h] | |
| -1 180794F17 test byte ptr [rax+12Fh],2 | |
| -1 180794F1E je short 0000000180794F38h | |
| -1 180794F20 cmp dword ptr [rax+0E0h],0 | |
| -1 180794F27 jne short 0000000180794F38h | |
| try { | |
| try { | |
| 1 180794F29 mov rcx,rax | |
| 1 180794F2C call 0000000180082850h | |
| 1 180794F31 mov rax,[180D33F00h] | |
| 1 180794F38 cmp byte ptr [180A810E7h],0 | |
| 1 180794F3F jne short 0000000180794F5Ah | |
| 1 180794F41 mov ecx,[180853B64h] | |
| 1 180794F47 call 0000000180106290h | |
| 1 180794F4C mov byte ptr [180A810E7h],1 | |
| 1 180794F53 mov rax,[180D33F00h] | |
| 1 180794F5A test byte ptr [rax+12Fh],2 | |
| 1 180794F61 je short 0000000180794F7Bh | |
| 1 180794F63 cmp dword ptr [rax+0E0h],0 | |
| 1 180794F6A jne short 0000000180794F7Bh | |
| 1 180794F6C mov rcx,rax | |
| 1 180794F6F call 0000000180082850h | |
| 1 180794F74 mov rax,[180D33F00h] | |
| 1 180794F7B mov rax,[rax+0B8h] | |
| 1 180794F82 mov rcx,[rax] | |
| 1 180794F85 test rcx,rcx | |
| 1 180794F88 je near ptr 0000000180795128h | |
| 1 180794F8E mov rax,[rcx] | |
| 1 180794F91 mov r8,[rax+3F8h] | |
| 1 180794F98 mov rdx,[180D38B30h] | |
| 1 180794F9F call qword ptr [rax+3F0h] | |
| } | |
| catch { | |
| call catch funclet at 180797AA0 | |
| will jump to 180794FA8 | |
| } | |
| 0 180794FA5 nop | |
| 0 180794FA6 jmp short 0000000180794FA8h | |
| 0 180794FA8 mov rax,[180D33F00h] | |
| 0 180794FAF test byte ptr [rax+12Fh],2 | |
| 0 180794FB6 je short 0000000180794FD0h | |
| 0 180794FB8 cmp dword ptr [rax+0E0h],0 | |
| 0 180794FBF jne short 0000000180794FD0h | |
| 0 180794FC1 mov rcx,rax | |
| 0 180794FC4 call 0000000180082850h | |
| 0 180794FC9 mov rax,[180D33F00h] | |
| 0 180794FD0 cmp byte ptr [180A810E7h],0 | |
| 0 180794FD7 jne short 0000000180794FF2h | |
| 0 180794FD9 mov ecx,[180853B64h] | |
| 0 180794FDF call 0000000180106290h | |
| 0 180794FE4 mov byte ptr [180A810E7h],1 | |
| 0 180794FEB mov rax,[180D33F00h] | |
| 0 180794FF2 test byte ptr [rax+12Fh],2 | |
| 0 180794FF9 je short 0000000180795013h | |
| 0 180794FFB cmp dword ptr [rax+0E0h],0 | |
| 0 180795002 jne short 0000000180795013h | |
| 0 180795004 mov rcx,rax | |
| 0 180795007 call 0000000180082850h | |
| 0 18079500C mov rax,[180D33F00h] | |
| 0 180795013 mov rax,[rax+0B8h] | |
| 0 18079501A mov rcx,[rax] | |
| 0 18079501D test rcx,rcx | |
| 0 180795020 je near ptr 0000000180795139h | |
| 0 180795026 mov rax,[rcx] | |
| 0 180795029 mov r8,[rax+3F8h] | |
| 0 180795030 mov rdx,[180D38B28h] | |
| 0 180795037 call qword ptr [rax+3F0h] | |
| try { | |
| 3 18079503D nop | |
| 3 18079503E mov rax,[180D33F00h] | |
| 3 180795045 test byte ptr [rax+12Fh],2 | |
| 3 18079504C je short 0000000180795066h | |
| 3 18079504E cmp dword ptr [rax+0E0h],0 | |
| 3 180795055 jne short 0000000180795066h | |
| 3 180795057 mov rcx,rax | |
| 3 18079505A call 0000000180082850h | |
| 3 18079505F mov rax,[180D33F00h] | |
| 3 180795066 cmp byte ptr [180A810E7h],0 | |
| 3 18079506D jne short 0000000180795088h | |
| 3 18079506F mov ecx,[180853B64h] | |
| 3 180795075 call 0000000180106290h | |
| 3 18079507A mov byte ptr [180A810E7h],1 | |
| 3 180795081 mov rax,[180D33F00h] | |
| 3 180795088 test byte ptr [rax+12Fh],2 | |
| 3 18079508F je short 00000001807950A9h | |
| 3 180795091 cmp dword ptr [rax+0E0h],0 | |
| 3 180795098 jne short 00000001807950A9h | |
| 3 18079509A mov rcx,rax | |
| 3 18079509D call 0000000180082850h | |
| 3 1807950A2 mov rax,[180D33F00h] | |
| 3 1807950A9 mov rax,[rax+0B8h] | |
| 3 1807950B0 mov rcx,[rax] | |
| 3 1807950B3 test rcx,rcx | |
| 3 1807950B6 je short 000000018079512Eh | |
| 3 1807950B8 mov rax,[rcx] | |
| 3 1807950BB mov r8,[rax+3F8h] | |
| 3 1807950C2 mov rdx,[180D38B18h] | |
| 3 1807950C9 call qword ptr [rax+3F0h] | |
| } | |
| catch { | |
| call catch funclet at 18079FE60 | |
| will jump to 1807950D2 | |
| } | |
| 0 1807950CF nop | |
| 0 1807950D0 jmp short 0000000180795116h | |
| 0 1807950D2 mov rcx,[180D33F00h] | |
| 0 1807950D9 test byte ptr [rcx+12Fh],2 | |
| 0 1807950E0 je short 00000001807950F0h | |
| 0 1807950E2 cmp dword ptr [rcx+0E0h],0 | |
| 0 1807950E9 jne short 00000001807950F0h | |
| 0 1807950EB call 0000000180082850h | |
| 0 1807950F0 xor ecx,ecx | |
| 0 1807950F2 call 0000000180794790h | |
| 0 1807950F7 mov rcx,rax | |
| 0 1807950FA test rax,rax | |
| 0 1807950FD je short 0000000180795134h | |
| 0 1807950FF mov rax,[rax] | |
| 0 180795102 mov r8,[rax+3F8h] | |
| 0 180795109 mov rdx,[180D38B00h] | |
| 0 180795110 call qword ptr [rax+3F0h] | |
| } | |
| catch { | |
| call catch funclet at 18079FEC0 | |
| will jump to 18079511D | |
| } | |
| -1 180795116 mov eax,3Bh | |
| -1 18079511B jmp short 0000000180795122h | |
| -1 18079511D mov eax,3 | |
| -1 180795122 lea rsp,[rbp+30h] | |
| -1 180795126 pop rbp | |
| try { | |
| try { | |
| 1 180795127 ret | |
| 1 180795128 call 00000001801063E0h | |
| } | |
| catch { | |
| call catch funclet at 180797AA0 | |
| will jump to 180794FA8 | |
| } | |
| try { | |
| 3 18079512D nop | |
| 3 18079512E call 00000001801063E0h | |
| } | |
| catch { | |
| call catch funclet at 18079FE60 | |
| will jump to 1807950D2 | |
| } | |
| 0 180795133 nop | |
| 0 180795134 call 00000001801063E0h | |
| 0 180795139 call 00000001801063E0h | |
| } | |
| catch { | |
| call catch funclet at 18079FEC0 | |
| will jump to 18079511D | |
| } | |
| -1 18079513E int 3 | |
| -1 18079513F int 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -1 180795140 push rbp | |
| -1 180795142 sub rsp,50h | |
| -1 180795146 lea rbp,[rsp+20h] | |
| -1 18079514B mov [rbp+40h],rbx | |
| -1 18079514F cmp byte ptr [180A810E1h],0 | |
| -1 180795156 jne short 000000018079516Ah | |
| -1 180795158 mov ecx,[1808317F0h] | |
| -1 18079515E call 0000000180106290h | |
| -1 180795163 mov byte ptr [180A810E1h],1 | |
| -1 18079516A mov eax,[rsp] | |
| -1 18079516D sub rsp,10h | |
| -1 180795171 lea rdx,[rsp+20h] | |
| -1 180795176 mov eax,[rdx] | |
| -1 180795178 lea rcx,[rbp+20h] | |
| -1 18079517C call 000000018000E3F0h | |
| -1 180795181 nop | |
| try { | |
| try { | |
| 1 180795182 mov rcx,[180D33F08h] | |
| 1 180795189 call 0000000180106390h | |
| 1 18079518E mov rbx,rax | |
| 1 180795191 xor edx,edx | |
| 1 180795193 mov rcx,rax | |
| 1 180795196 call 000000018026FD30h | |
| 1 18079519B mov rdx,[180D44698h] | |
| 1 1807951A2 mov rcx,rbx | |
| 1 1807951A5 call 00000001801063B0h | |
| } | |
| catch { | |
| call catch funclet at 18079E890 | |
| will jump to 1807951BA | |
| } | |
| 0 1807951BA mov rcx,[180D33DD0h] | |
| 0 1807951C1 call 0000000180106390h | |
| 0 1807951C6 mov rbx,rax | |
| 0 1807951C9 xor edx,edx | |
| 0 1807951CB mov rcx,rax | |
| 0 1807951CE call 0000000180235A70h | |
| 0 1807951D3 mov rdx,[180D44698h] | |
| 0 1807951DA mov rcx,rbx | |
| 0 1807951DD call 00000001801063B0h | |
| } | |
| catch { | |
| call catch funclet at 180797AA0 | |
| will jump to 1807951AB | |
| } | |
| -1 1807951AA nop | |
| -1 1807951AB mov eax,3 | |
| -1 1807951B0 mov rbx,[rbp+40h] | |
| -1 1807951B4 lea rsp,[rbp+30h] | |
| -1 1807951B8 pop rbp | |
| -1 1807951B9 ret | |
| -1 1807951E2 int 3 | |
| -1 1807951E3 int 3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -1 1807951F0 push rbp | |
| -1 1807951F2 sub rsp,40h | |
| -1 1807951F6 lea rbp,[rsp+20h] | |
| -1 1807951FB mov [rbp+30h],rbx | |
| -1 1807951FF cmp byte ptr [180A810E0h],0 | |
| -1 180795206 jne short 000000018079521Ah | |
| -1 180795208 mov ecx,[1808317F8h] | |
| -1 18079520E call 0000000180106290h | |
| -1 180795213 mov byte ptr [180A810E0h],1 | |
| -1 18079521A mov eax,[rsp] | |
| -1 18079521D sub rsp,10h | |
| -1 180795221 lea rdx,[rsp+20h] | |
| -1 180795226 mov eax,[rdx] | |
| -1 180795228 lea rcx,[rbp+10h] | |
| -1 18079522C call 000000018000E3F0h | |
| -1 180795231 nop | |
| try { | |
| 0 180795232 mov rcx,[180D33F08h] | |
| 0 180795239 call 0000000180106390h | |
| 0 18079523E mov rbx,rax | |
| 0 180795241 xor edx,edx | |
| 0 180795243 mov rcx,rax | |
| 0 180795246 call 000000018026FD30h | |
| 0 18079524B mov rdx,[180D44680h] | |
| 0 180795252 mov rcx,rbx | |
| 0 180795255 call 00000001801063B0h | |
| } | |
| catch { | |
| call catch funclet at 18079FF20 | |
| continuation code pointer is returned by funclet | |
| } | |
| -1 18079525A nop | |
| -1 18079525B mov eax,64h | |
| -1 180795260 mov rbx,[rbp+30h] | |
| -1 180795264 lea rsp,[rbp+20h] | |
| -1 180795268 pop rbp | |
| -1 180795269 ret | |
| -1 18079526A mov eax,65h | |
| -1 18079526F mov rbx,[rbp+30h] | |
| -1 180795273 lea rsp,[rbp+20h] | |
| -1 180795277 pop rbp | |
| -1 180795278 ret | |
| -1 180795279 xor eax,eax | |
| -1 18079527B mov rbx,[rbp+30h] | |
| -1 18079527F lea rsp,[rbp+20h] | |
| -1 180795283 pop rbp | |
| -1 180795284 ret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -1 180795290 push rbp | |
| -1 180795292 sub rsp,40h | |
| -1 180795296 lea rbp,[rsp+20h] | |
| -1 18079529B mov [rbp+30h],rbx | |
| -1 18079529F cmp byte ptr [180A810DFh],0 | |
| -1 1807952A6 jne short 00000001807952BAh | |
| -1 1807952A8 mov ecx,[180831804h] | |
| -1 1807952AE call 0000000180106290h | |
| -1 1807952B3 mov byte ptr [180A810DFh],1 | |
| -1 1807952BA mov eax,[rsp] | |
| -1 1807952BD sub rsp,10h | |
| -1 1807952C1 lea rdx,[rsp+20h] | |
| -1 1807952C6 mov eax,[rdx] | |
| -1 1807952C8 lea rcx,[rbp+10h] | |
| -1 1807952CC call 000000018000E3F0h | |
| -1 1807952D1 nop | |
| try { | |
| 0 1807952D2 mov rcx,[180D33F08h] | |
| 0 1807952D9 call 0000000180106390h | |
| 0 1807952DE mov rbx,rax | |
| 0 1807952E1 xor edx,edx | |
| 0 1807952E3 mov rcx,rax | |
| 0 1807952E6 call 000000018026FD30h | |
| 0 1807952EB mov rdx,[180D44678h] | |
| 0 1807952F2 mov rcx,rbx | |
| 0 1807952F5 call 00000001801063B0h | |
| } | |
| catch { | |
| call catch funclet at 18079FFB0 | |
| could jump to 1807952FB or 18079530A based off funclet return value | |
| } | |
| -1 1807952FA nop | |
| -1 1807952FB mov eax,64h | |
| -1 180795300 mov rbx,[rbp+30h] | |
| -1 180795304 lea rsp,[rbp+20h] | |
| -1 180795308 pop rbp | |
| -1 180795309 ret | |
| -1 18079530A xor eax,eax | |
| -1 18079530C mov rbx,[rbp+30h] | |
| -1 180795310 lea rsp,[rbp+20h] | |
| -1 180795314 pop rbp | |
| -1 180795315 ret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -1 180795320 push rbp | |
| -1 180795322 sub rsp,40h | |
| -1 180795326 lea rbp,[rsp+20h] | |
| -1 18079532B cmp byte ptr [180A810E2h],0 | |
| -1 180795332 jne short 0000000180795346h | |
| -1 180795334 mov ecx,[180831808h] | |
| -1 18079533A call 0000000180106290h | |
| -1 18079533F mov byte ptr [180A810E2h],1 | |
| -1 180795346 mov eax,[rsp] | |
| -1 180795349 sub rsp,10h | |
| -1 18079534D mov eax,[rsp] | |
| -1 180795350 mov rax,[180D33F00h] | |
| -1 180795357 test byte ptr [rax+12Fh],2 | |
| -1 18079535E je short 0000000180795378h | |
| -1 180795360 cmp dword ptr [rax+0E0h],0 | |
| -1 180795367 jne short 0000000180795378h | |
| try { | |
| 0 180795369 mov rcx,rax | |
| 0 18079536C call 0000000180082850h | |
| 0 180795371 mov rax,[180D33F00h] | |
| 0 180795378 cmp byte ptr [180A810E7h],0 | |
| 0 18079537F jne short 000000018079539Ah | |
| 0 180795381 mov ecx,[180853B64h] | |
| 0 180795387 call 0000000180106290h | |
| 0 18079538C mov byte ptr [180A810E7h],1 | |
| 0 180795393 mov rax,[180D33F00h] | |
| 0 18079539A test byte ptr [rax+12Fh],2 | |
| 0 1807953A1 je short 00000001807953BBh | |
| 0 1807953A3 cmp dword ptr [rax+0E0h],0 | |
| 0 1807953AA jne short 00000001807953BBh | |
| 0 1807953AC mov rcx,rax | |
| 0 1807953AF call 0000000180082850h | |
| 0 1807953B4 mov rax,[180D33F00h] | |
| 0 1807953BB mov rax,[rax+0B8h] | |
| 0 1807953C2 mov rcx,[rax] | |
| 0 1807953C5 test rcx,rcx | |
| 0 1807953C8 je near ptr 0000000180795563h | |
| 0 1807953CE mov rax,[rcx] | |
| 0 1807953D1 mov r8,[rax+3F8h] | |
| 0 1807953D8 mov rdx,[180D38B30h] | |
| 0 1807953DF call qword ptr [rax+3F0h] | |
| } | |
| catch { | |
| call catch funclet at 1807A0030 | |
| will jump to 1807953E8 | |
| } | |
| -1 1807953E5 nop | |
| -1 1807953E6 jmp short 00000001807953E8h | |
| -1 1807953E8 mov rax,[180D33F00h] | |
| -1 1807953EF test byte ptr [rax+12Fh],2 | |
| -1 1807953F6 je short 0000000180795410h | |
| -1 1807953F8 cmp dword ptr [rax+0E0h],0 | |
| -1 1807953FF jne short 0000000180795410h | |
| -1 180795401 mov rcx,rax | |
| -1 180795404 call 0000000180082850h | |
| -1 180795409 mov rax,[180D33F00h] | |
| -1 180795410 cmp byte ptr [180A810E7h],0 | |
| -1 180795417 jne short 0000000180795432h | |
| -1 180795419 mov ecx,[180853B64h] | |
| -1 18079541F call 0000000180106290h | |
| -1 180795424 mov byte ptr [180A810E7h],1 | |
| -1 18079542B mov rax,[180D33F00h] | |
| -1 180795432 test byte ptr [rax+12Fh],2 | |
| -1 180795439 je short 0000000180795453h | |
| -1 18079543B cmp dword ptr [rax+0E0h],0 | |
| -1 180795442 jne short 0000000180795453h | |
| -1 180795444 mov rcx,rax | |
| -1 180795447 call 0000000180082850h | |
| -1 18079544C mov rax,[180D33F00h] | |
| -1 180795453 mov rax,[rax+0B8h] | |
| -1 18079545A mov rcx,[rax] | |
| -1 18079545D test rcx,rcx | |
| -1 180795460 je near ptr 000000018079555Dh | |
| -1 180795466 mov rax,[rcx] | |
| -1 180795469 mov r8,[rax+3F8h] | |
| -1 180795470 mov rdx,[180D38B28h] | |
| -1 180795477 call qword ptr [rax+3F0h] | |
| try { | |
| 2 18079547D nop | |
| 2 18079547E mov rax,[180D33F00h] | |
| 2 180795485 test byte ptr [rax+12Fh],2 | |
| 2 18079548C je short 00000001807954A6h | |
| 2 18079548E cmp dword ptr [rax+0E0h],0 | |
| 2 180795495 jne short 00000001807954A6h | |
| 2 180795497 mov rcx,rax | |
| 2 18079549A call 0000000180082850h | |
| 2 18079549F mov rax,[180D33F00h] | |
| 2 1807954A6 cmp byte ptr [180A810E7h],0 | |
| 2 1807954AD jne short 00000001807954C8h | |
| 2 1807954AF mov ecx,[180853B64h] | |
| 2 1807954B5 call 0000000180106290h | |
| 2 1807954BA mov byte ptr [180A810E7h],1 | |
| 2 1807954C1 mov rax,[180D33F00h] | |
| 2 1807954C8 test byte ptr [rax+12Fh],2 | |
| 2 1807954CF je short 00000001807954E9h | |
| 2 1807954D1 cmp dword ptr [rax+0E0h],0 | |
| 2 1807954D8 jne short 00000001807954E9h | |
| 2 1807954DA mov rcx,rax | |
| 2 1807954DD call 0000000180082850h | |
| 2 1807954E2 mov rax,[180D33F00h] | |
| 2 1807954E9 mov rax,[rax+0B8h] | |
| 2 1807954F0 mov rcx,[rax] | |
| 2 1807954F3 test rcx,rcx | |
| 2 1807954F6 je short 0000000180795569h | |
| 2 1807954F8 mov rax,[rcx] | |
| 2 1807954FB mov r8,[rax+3F8h] | |
| 2 180795502 mov rdx,[180D38B18h] | |
| 2 180795509 call qword ptr [rax+3F0h] | |
| } | |
| catch { | |
| call catch funclet at 18079DFD0 | |
| will jump to 180795512 | |
| } | |
| 0 180795562 nop | |
| 0 180795563 call 00000001801063E0h | |
| try { | |
| 2 180795568 nop | |
| -1 180795569 call 00000001801063E0h | |
| -1 18079556E int 3 | |
| -1 18079556F int 3 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment