forked from codewhitesec/apollon
-
Notifications
You must be signed in to change notification settings - Fork 0
/
filter-selective.asm
81 lines (70 loc) · 1.83 KB
/
filter-selective.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
BITS 64
PUSH RBP
MOV RBP,RSP
SUB RSP,0x40
MOV [RBP-0x14],EDI
MOV [RBP-0x20],RSI
MOV [RBP-0x28],RDX
MOV [RBP-0x18],ECX
MOV [RBP-0x30],R8
MOV [RBP-0x38],R9
MOV R8,[RBP-0x38]
MOV RDI,[RBP-0x30]
MOV ECX,[RBP-0x18]
MOV RDX,[RBP-0x28]
MOV RSI,[RBP-0x20]
MOV EAX,[RBP-0x14]
MOV R9,R8
MOV R8,RDI
MOV EDI,EAX
MOV R12,0xfffffffffffa
CALL R12
MOV [RBP-0x08],RAX
PATTERN_LOOP:
MOV RAX,[RBP-0x20]
ADD RAX,0x10
MOV RSI,0xffffffffff01
MOV RDI,RAX
MOV R12,0xfffffffffffb
CALL R12
TEST RAX,RAX
JE PATTERN_NOT_FOUND
PATTERN_MATCH:
MOV DWORD [RBP-0x0c],0x00
MOV RAX,QWORD [RBP-0x20]
ADD RAX,0x25
MOV EDX,0x00
MOV ESI,0x00
MOV RDI,RAX
MOV R12,0xfffffffffffc
CALL R12
MOV [RBP-0x10],EAX
RECV_LOOP:
MOV R8,[RBP-0x38]
MOV RDI,[RBP-0x30]
MOV ECX,[RBP-0x18]
MOV RDX,[RBP-0x28]
MOV RSI,[RBP-0x20]
MOV EAX,[RBP-0x14]
MOV R9,R8
MOV R8,RDI
MOV EDI,EAX
MOV R12,0xfffffffffffa
CALL R12
MOV QWORD [rbp-0x8],rax
MOV RAX,[rbp-0x20]
ADD RAX,0x25
MOV EDX,0x00
MOV ESI,0x00
MOV RDI,RAX
MOV R12,0xfffffffffffc
CALL R12
MOV DWORD [rbp-0xc],eax
CMP EAX,DWORD [rbp-0x10]
JE RECV_LOOP
JMP PATTERN_LOOP
PATTERN_NOT_FOUND:
MOV RAX,[RBP-0x08]
EXIT:
LEAVE
RET