Code: Select all
0000000141394FF2 | 4D:13D9 | adc r11,r9 |
0000000141394FF5 | 53 | push rbx |
0000000141394FF6 | 4A:8BB416 1596FFFF | mov rsi,qword ptr ds:[rsi+r10-69EB] |
0000000141394FFE | 50 | push rax |
0000000141394FFF | 44:0FB7C9 | movzx r9d,cx |
0000000141395003 | 4D:8D940A 8C3D929A | lea r10,qword ptr ds:[r10+rcx-656DC274] |
000000014139500B | 53 | push rbx |
000000014139500C | 42:D3AC0C 893DFFFF | shr dword ptr ss:[rsp+r9-C277],cl |
0000000141395014 | 49:33F0 | xor rsi,r8 |
0000000141395017 | 2A9C0C 893D929A | sub bl,byte ptr ss:[rsp+rcx-656DC277] |
000000014139501E | 48:C1CE 05 | ror rsi,5 |
0000000141395022 | 42:899C0C 8A3DFFFF | mov dword ptr ss:[rsp+r9-C276],ebx |
000000014139502A | 48:81F6 1FA73B0D | xor rsi,D3BA71F |
0000000141395031 | 48:FFC6 | inc rsi |
0000000141395034 | 48:F7D6 | not rsi |
0000000141395037 | 66:C1C2 A5 | rol dx,A5 |
000000014139503B | 66:09BC0C 873D929A | or word ptr ss:[rsp+rcx-656DC279],di |
0000000141395043 | 2AC4 | sub al,ah |
0000000141395045 | 48:8DB432 897EA7B8 | lea rsi,qword ptr ds:[rdx+rsi-47588177] |
000000014139504D | 48:0FCB | bswap rbx |
0000000141395050 | 4C:33C6 | xor r8,rsi |
0000000141395053 | 48:33CF | xor rcx,rdi |
0000000141395056 | 6642:21BC4C 087BFEFF | and word ptr ss:[rsp+r9*2-184F8],di |
000000014139505F | 53 | push rbx |
0000000141395060 | 49:8DAC29 7C3DFFFF | lea rbp,qword ptr ds:[r9+rbp-C284] |
0000000141395068 | 40:F6D7 | not dil |
000000014139506B | 4A:89B40D 843DFFFF | mov qword ptr ss:[rbp+r9-C27C],rsi |
0000000141395073 | 42:28844C 257BFEFF | sub byte ptr ss:[rsp+r9*2-184DB],al |
000000014139507B | 5E | pop rsi |
000000014139507C | 5F | pop rdi |
000000014139507D | 5B | pop rbx |
000000014139507E | 5E | pop rsi |
000000014139507F | 5E | pop rsi |
0000000141395080 | 0F85 AB9B0000 | jne vmprotectcon.vmp.14139EC31 |
00000000D1FE4579
Правильное состояние RAX в 0000000141395080:
00000000D1FE4534
под Windows ARM (Windows 11 Pro Insider Preview 22H2):
00000000D1FE4500
Все что нужно знать о разработчиках из майкрософт.