Skip to content

Instantly share code, notes, and snippets.

@adeii

adeii/gist:630e8e51dcd2c9a1af0e6f11716e4b72

Created July 22, 2024 09:43
Show Gist options
  • Save adeii/630e8e51dcd2c9a1af0e6f11716e4b72 to your computer and use it in GitHub Desktop.
Save adeii/630e8e51dcd2c9a1af0e6f11716e4b72 to your computer and use it in GitHub Desktop.
Download ZIP
Chrome 126.0.6478.127 x64 on Win 7
Raw
gistfile1.txt
Chrome.exe 126.0.6478.127 x64
----------
C0: 06
120: 00 00 00 00 00 00
89 F9 E8 49 6F 01 00 48 8D 4C 24 30 84 C0 74 0A -> 89 F9 E8 49 6F 01 00 48 8D 4C 24 30 90 90 90 90 (84 C0 74 0A -> NOP)
62 00 63 00 72 00 79 00 70 00 74 00 70 00 72 00 -> 78 00 63 00 72 00 79 00 70 00 74 00 70 00 72 00 (b.c.r.y.p.t -> x.c.r.y.p.t)
KERNEL32.dll -> KERNEL64.dll
---------------------------------------------------
chrome_proxy.exe
----------------
C0: 06
120: 00 00 00 00 00 00
62 00 63 00 72 00 79 00 70 00 74 00 70 00 72 00 -> 78 00 63 00 72 00 79 00 70 00 74 00 70 00 72 00 (b.c.r.y.p.t -> x.c.r.y.p.t)
KERNEL32.dll -> KERNEL64.dll
---------------------------------------------------
chrome.dll
----------------
C0: 06
120: 00 00 00 00 00 00
05 2B 4D 8C 0B 48 31 E0 48 89 84 24 C0 00 00 00
F7 84 24 48 01 00 00 40 00 10 00 0F 95 C0 48 85 -> 90 90 90 90 90 90 90 90 90 90 90 0F 95 C0 48 85
ED 0F 94 C1 20 C1 80 F9 01 0F 84 4B 01 00 00 4C -- ED 0F 94 C1 20 C1 80 F9 01 90 90 90 90 90 90 4C
38 D1 09 45 85 F6 0F 94 C0 85 ED 0F 95 C1 30 C1 -> 38 D1 09 90 90 90 90 90 90 90 90 90 90 90 90 90
0F 84 2F 02 00 00 4C 8B 27 48 C7 07 00 00 00 00 -- 90 90 90 90 90 90 4C 8B 27 48 C7 07 00 00 00 00
10 49 83 C7 F0 74 7F 48 8B 0D 0A 39 E6 05 41 8B -> 10 49 83 C7 00 74 7F 48 8B 0D 0A 39 E6 05 41 8B (F0 -> 00)
89 F9 E8 49 A5 B1 00 48 8D 4C 24 30 84 C0 74 0A -> 89 F9 E8 49 A5 B1 00 48 8D 4C 24 30 90 90 90 90
8B 4E 20 E8 78 FB F4 FE 84 C0 B8 02 08 00 00 B9
00 09 00 00 0F 45 C8 89 8C 24 64 02 00 00 0F 57 -> 00 00 00 00 0F 45 C8 89 8C 24 64 02 00 00 0F 57 (09 -> 00)
02 48 31 E0 48 89 44 24 68 E8 02 BE 5C 00 83 F8 -> 02 48 31 E0 48 89 44 24 68 E8 02 BE 5C 00 90 90
02 0F 85 50 01 00 00 48 8D 54 24 64 C7 02 04 00 -- 90 90 90 90 90 90 90 48 8D 54 24 64 C7 02 04 00
5B 5F 5E C3 E8 67 BD 5C 00 83 F8 02 0F 85 BB 00 -> 5B 5F 5E C3 E8 67 BD 5C 00 90 90 90 90 90 90 90
00 00 48 89 F1 BA FF FF 00 80 EB CD E8 4F BD 5C -- 90 90 48 89 F1 BA FF FF 00 80 EB CD E8 4F BD 5C
00 83 F8 02 74 EC E9 A5 00 00 00 48 89 F1 E8 9D -> 00 83 F8 02 EB EC E9 A5 00 00 00 48 89 F1 E8 9D (74 -> EB)
41 56 56 57 53 48 81 EC 78 01 00 00 48 89 D7 48 -> 31 C0 C3 57 53 48 81 EC 78 01 00 00 48 89 D7 48 (41 56 56 -> 31 C0 C3)
..
70 01 00 00 E8 67 BB 5C 00 83 F8 02 0F 85 61 01 -- 70 01 00 00 E8 67 BB 5C 00 90 90 90 90 90 90 90
00 00 48 8D 5C 24 40 48 89 D9 E8 01 E4 A2 F8 48 -- 90 90 48 8D 5C 24 40 48 89 D9 E8 01 E4 A2 F8 48
70 E8 CA B9 5C 00 83 F8 02 0F 85 6C 01 00 00 48 -> 70 E8 CA B9 5C 00 90 90 90 90 90 90 90 90 90 48
31 E0 48 89 84 24 80 01 00 00 E8 21 B8 5C 00 83 -> 31 E0 48 89 84 24 80 01 00 00 E8 21 B8 5C 00 90
F8 02 0F 85 B4 03 00 00 48 B8 AA AA AA AA AA AA -- 90 90 90 90 90 90 90 90 48 B8 AA AA AA AA AA AA
30 E8 2A B4 5C 00 83 F8 02 0F 85 F1 00 00 00 4C -> 30 E8 2A B4 5C 00 90 90 90 90 90 90 90 90 90 4C
56 48 83 EC 20 48 89 CE E8 13 B3 5C 00 83 F8 02 -> 56 48 83 EC 20 48 89 CE E8 13 B3 5C 00 90 90 90
75 17 48 89 F1 E8 86 05 00 00 48 89 F1 89 C2 48 -- 90 90 48 89 F1 E8 86 05 00 00 48 89 F1 89 C2 48
..
..
48 31 E0 48 89 44 24 30 E8 D3 B2 5C 00 83 F8 02 75 42 48 8D 54 24 2C C7 02 00 00 00 00 48 8D 8E ->
48 31 E0 48 89 44 24 30 E8 D3 B2 5C 00 90 90 90 90 90 48 8D 54 24 2C C7 02 00 00 00 00 48 8D 8E
.. *x4*
56 53 48 83 EC 28 48 89 CE E8 72 B2 5C 00 83 F8 02 75 26 48 89 F1 E8 B5 07 00 00 89 C3 84 C0 75 ->
56 53 48 83 EC 28 48 89 CE E8 72 B2 5C 00 90 90 90 90 90 48 89 F1 E8 B5 07 00 00 89 C3 84 C0 75
.. *x3*
48 31 E0 48 89 44 24 30 E8 23 B2 5C 00 83 F8 02 75 71 48 8D 54 24 2C C7 02 00 00 00 00 48 8D 8E ->
48 31 E0 48 89 44 24 30 E8 23 B2 5C 00 90 90 90 90 90 48 8D 54 24 2C C7 02 00 00 00 00 48 8D 8E
00 83 F8 02 0F 85 24 01 00 00 48 8D 7C 24 20 48 -> 00 90 90 90 90 90 90 90 90 90 48 8D 7C 24 20 48
00 E8 5A AD 5C 00 83 F8 02 0F 85 E2 01 00 00 48 -> 00 E8 5A AD 5C 00 90 90 90 90 90 90 90 90 90 48
02 48 31 E0 48 89 44 24 28 E8 92 AA 5C 00 83 F8 02 75 44 48 8D 7C 24 20 48 89 F9 E8 30 D3 A2 F8 ->
02 48 31 E0 48 89 44 24 28 E8 92 AA 5C 00 90 90 90 90 90 48 8D 7C 24 20 48 89 F9 E8 30 D3 A2 F8
E8 0B AA 5C 00 83 F8 02 0F 85 93 03 00 00 48 83 -> E8 0B AA 5C 00 90 90 90 90 90 90 90 90 90 48 83
2C A6 5C 00 83 F8 02 0F 85 57 02 00 00 48 8B 8F -> 2C A6 5C 00 90 90 90 90 90 90 90 90 90 48 8B 8F
48 89 84 24 68 01 00 00 E8 83 A3 5C 00 83 F8 02 0F 85 0E 06 00 00 0F 57 C0 0F 29 44 24 50 31 DB ->
48 89 84 24 68 01 00 00 E8 83 A3 5C 00 90 90 90 90 90 90 90 90 90 0F 57 C0 0F 29 44 24 50 31 DB
2C 9D 5C 00 83 F8 02 0F 85 FB 02 00 00 49 BF AA AA AA AA AA AA AA AA 48 8D BC 24 A0 00 00 00 4C ->
2C 9D 5C 00 90 90 90 90 90 90 90 90 90 49 BF AA AA AA AA AA AA AA AA 48 8D BC 24 A0 00 00 00 4C
C3 41 1B 9A BB D3 6A 46 87 FC FE 67 55 6A 3B 65 -> 5A EE 59 B8 38 D8 5B 4B A2 E8 1A DC 7D 93 DB 48
62 00 63 00 72 00 79 00 70 00 74 00 70 -> 78 00 63 00 72 00 79 00 70 00 74 00 70 (b.c.r. -> x.c.r.) *x2*
USER32.dll -> USER64.dll
MFPlat.DLL -> XFPlat.DLL
NETAPI32.dll -> NETAPI64.dll
bcryptprimitives.dll -> xcryptprimitives.dll
KERNEL32.dll -> KERNEL64.dll
USERENV.dll -> USERENX.dll
WINHTTP.dll -> WINXTTP.dll
---------------------------------------------------
chrome_elf.dll
----------------
C0: 06
120: 00 00 00 00 00 00
62 00 63 00 72 00 79 00 70 00 74 00 70 -> 78 00 63 00 72 00 79 00 70 00 74 00 70 (b.c.r. -> x.c.r.) *x2*
KERNEL32.dll -> KERNEL64.dll
---------------------------------------------------
mojo_core.dll
----------------
C0: 06
120: 00 00 00 00 00 00
KERNEL32.dll -> KERNEL64.dll
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment