search

ionescu007 / Blackwood-4NT

Blackwood 4NT -- Grand Slam Authentication for Windows NT (10)
BSD 3-Clause "New" or "Revised" License
37 stars 8 forks source link

how to get cpim #3

Open DsoTsin opened 2 years ago

DsoTsin commented 2 years ago

spim was returned after startMachineProvisioning, but finishProvisioning need cpim, have you implemented spim-cpim conversion?

sub_7FF656F4A350 proc near              ; encrypt spim to cpim
    var_1194= dword ptr -1194h
    var_10F0= qword ptr -10F0h
    arg_28= dword ptr  30h
    arg_2E= byte ptr  36h
    arg_2F= byte ptr  37h
    arg_3E= byte ptr  46h
    arg_3F= byte ptr  47h
    arg_5C= dword ptr  64h
    arg_70= qword ptr  78h
    arg_88= qword ptr  90h
    arg_90= qword ptr  98h
    arg_A0= qword ptr  0A8h
    arg_A8= qword ptr  0B0h
    arg_B8= qword ptr  0C0h
    arg_C0= qword ptr  0C8h
    arg_C8= qword ptr  0D0h
    arg_D0= qword ptr  0D8h
    arg_D8= qword ptr  0E0h
    arg_E0= qword ptr  0E8h
    arg_E8= qword ptr  0F0h
    arg_F0= qword ptr  0F8h
    arg_F8= qword ptr  100h
    arg_108= qword ptr  110h
    arg_110= qword ptr  118h
    arg_118= qword ptr  120h
    arg_120= qword ptr  128h
    arg_128= qword ptr  130h
    arg_130= qword ptr  138h
    arg_140= qword ptr  148h
    arg_148= dword ptr  150h
    arg_14C= qword ptr  154h
    arg_158= qword ptr  160h
    arg_160= qword ptr  168h
    arg_168= qword ptr  170h
    arg_1A8= byte ptr  1B0h
    arg_1AC= dword ptr  1B4h
    push    r15
    push    r14
    push    r13
    push    r12
    push    rsi
    push    rdi
    push    rbp
    push    rbx
    mov     eax, 11B8h
    call    __alloca_probe
    sub     rsp, rax
    mov     eax, ecx
    xor     eax, 0A0E79F72h
    imul    r12d, eax, 0E835EADh
    xor     r12d, [rcx]
    mov     [rsp+11F8h+var_10F0], rcx
    mov     rsi, [rcx+8]
    mov     r8, [rsi+28h]
    mov     rdx, [rsi+18h]
    mov     r9d, [rsi+40h]
    mov     rbp, [rsi+8]
    mov     r15, [rsi+30h]
    mov     r11, [rsi+38h]
    mov     r14, [rsi+10h]
    mov     r10, [rsi+20h]
    mov     esi, [rsi]
    mov     [rsp+11F8h+var_1194], 0FFFFFFFFh
loc_7FF656F4A3B0:                       ; DATA XREF: sub_7FF656F4A350+69↓o
    add     esi, 0FFFFFF59h
    movsxd  rsi, esi
    lea     rbx, loc_7FF656F4A3B0
    add     rbx, rsi
    lea     esi, [r12+2Ah]
    movsxd  rsi, esi
    lea     rdi, unknown_pointers        ; 356 function pointers
    mov     rcx, 0FFFFFFFFDF131FAEh
    add     rcx, [rdi+rsi*8]
    lea     esi, [r12+15h]
    movsxd  rax, esi
    mov     r13, 0FFFFFFFFCEF49231h
    add     r13, [rdi+rax*8]
    lea     eax, [r12+3]
    cdqe
    mov     rsi, 0FFFFFFFFC12386A5h
    add     rsi, [rdi+rax*8]
    jmp     rbx
;

; first jump
loc_7FF656F4ABE3:                       ; DATA XREF: sub_7FF656F4A350+8DC↓o
    mov     [rsp+arg_5C], 4
    test    rbp, rbp
    setz    al
    setnz   bl
    test    r15, r15
    setz    cl
    mov     r14, rbp
    setnz   sil
    or      cl, al
    test    r11, r11
    setnz   r10b
    setz    al
    or      al, cl
    movzx   edi, al
    mov     [rsp+arg_28], 4DAA9AAFh
    lea     eax, [rdi+r12-2]
    cdqe
    lea     rcx, jpt_7FF656F4AC36
    movsxd  rax, ds:(jpt_7FF656F4AC36 - 7FF6587FAF70h)[rcx+rax*4] ; return new jump address
    lea     rcx, loc_7FF656F4ABE3
    add     rcx, rax
    jmp     rcx                             ; switch jump
; rcx -> jumped proc
    and     bl, sil
    and     bl, r10b
    movzx   eax, bl
    imul    ecx, edi, 46h ; 'F'
    lea     ebx, [rcx+rax*2]
    mov     qword ptr [r14], 0
    mov     dword ptr [r15], 0
    lea     rax, [rsp+arg_140]
    mov     [rsp+arg_90], rax
    lea     rdi, [rsp+arg_1A8]
    mov     [rsp+arg_140], rdi
    lea     rax, [rsp+arg_148]
    mov     [rsp+arg_A0], rax
    mov     [rsp+arg_148], 1000h
    lea     rax, [rsp+arg_14C]
    mov     [rsp+arg_70], rax
    mov     [rsp+arg_1AC], 1000000h
    mov     [rsp+arg_14C], 8
    mov     rax, 769415C37CDA970Bh
    add     rax, rdx
    mov     [rsp+arg_E0], rax
    mov     rax, rdx
    or      rax, 0FFFFFFFF8FEFFFEFh
    mov     [rsp+arg_E8], rax
    mov     rsi, 21BF55B00DAFFFFFh
    lea     rax, [rsi+6EEFF6C0h]
    and     rax, rdx
    mov     rdx, 0FFFFFFFF4CCFFFAFh
    mov     [rsp+arg_C8], rax
    lea     eax, [r9+r9]
    and     eax, 0E904BE86h
    neg     eax
    lea     eax, [r9+rax+74825F43h]
    mov     ecx, eax
    shr     ecx, 18h
    xor     cl, 74h
    mov     [rsp+arg_2E], cl
    mov     ecx, eax
    shr     ecx, 10h
    xor     cl, 82h
    mov     [rsp+arg_2F], cl
    mov     ecx, eax
    shr     ecx, 8
    xor     cl, 5Fh
    mov     [rsp+arg_3E], cl
    xor     al, 43h
    ; new piece
    mov     [rsp+arg_3F], al
    mov     rax, 0DE429AA5CF2748EFh
    add     rax, r14
    mov     [rsp+arg_108], rax
    lea     rax, [rdx+11EFFF50h]
    or      rax, r14
    mov     [rsp+arg_110], rax
    lea     rax, [rcx+111FF7B0h]
    and     rax, r14
    mov     rbp, 2331AE3AF07C0D73h
    add     rbp, r8
    mov     [rsp+arg_118], rax
    mov     rax, 232341FBA91AE15Dh
    add     rax, r15
    mov     [rsp+arg_F0], rax
    lea     rax, [rdx+230FF700h]
    or      rdx, r15
    mov     [rsp+arg_120], rdx
    mov     rdx, r8
    and     r8, rcx
    add     rcx, 230FF700h
    and     rcx, r15
    mov     [rsp+arg_88], rcx
    mov     rcx, 0CEDFF6FB512F327Bh
    add     rcx, r11
    mov     [rsp+arg_128], rcx
    mov     rcx, r11
    or      rcx, 0FFFFFFFFAE9FF6EFh
    mov     [rsp+arg_F8], rcx
    add     rsi, 503FFFC0h
    and     rsi, r11
    mov     [rsp+arg_130], rsi
    or      rdx, rax
    mov     [rsp+arg_158], rax
    mov     [rsp+arg_160], r8
    mov     [rsp+arg_168], rdx
    mov     [rsp+arg_D0], rbp
    mov     rax, 172588AE3EC16C4h
    mov     [rsp+arg_D8], rax
    mov     [rsp+arg_A8], rdi
    mov     rax, 309A185C724206CDh
    mov     [rsp+arg_C0], rax
    lea     rax, unk_7FF656F4B1ED
    mov     [rsp+arg_B8], rax
    add     ebx, r12d
    add     ebx, 0FFFFFFFEh
    jmp     loc_7FF656F4B078

loc_7FF656F4B078:                       ; CODE XREF: sub_7FF656F4A350+B1B↑j
    lea     r14, jpt_7FF656F4AC36
    lea     r8, loc_7FF656F4B103
    mov     r9, 0FFFFFFFFAF08F085h
    jmp     short loc_7FF656F4B0FC

loc_7FF656F4B0FC:                       ; CODE XREF: sub_7FF656F4A350+D3D↑j
    lea     rsi, unknown_pointers

loc_7FF656F4B103:                       ; DATA XREF: sub_7FF656F4A350+D2F↑o
    mov     r10, [rsp+arg_B8]
    mov     rcx, [rsp+arg_A8]
    mov     rdi, [rsp+arg_D0]
    mov     rbp, [rsp+arg_160]
    xor     rbp, [rsp+arg_168]
    xor     rbp, [rsp+arg_158]
    add     rbp, rbp
    sub     rdi, rbp
    sub     rdi, [rsp+arg_D8]
    mov     rdx, rdi
    shr     rdx, 38h
    xor     dl, 21h
    mov     rbp, [rsp+arg_C0]
    mov     rax, 0CF65E7A38DBDF93Bh
    add     rbp, rax
    mov     [rcx+rbp], dl
    mov     rdx, rdi
    shr     rdx, 30h
    xor     dl, 0BFh
    mov     [rcx+rbp+1], dl
    mov     rdx, rdi
    shr     rdx, 28h
    xor     dl, 55h
    mov     [rcx+rbp+2], dl
    mov     rdx, rdi
    shr     rdx, 20h
    xor     dl, 0B0h
    mov     [rcx+rbp+3], dl
    mov     rdx, rdi
    shr     rdx, 18h
    xor     dl, 0Ch
    mov     [rcx+rbp+4], dl
    mov     rdx, rdi
    shr     rdx, 10h
    xor     dl, 8Fh
    mov     [rcx+rbp+5], dl
    mov     rdx, rdi
    shr     rdx, 8
    xor     dl, 0F6h
    mov     [rcx+rbp+6], dl
    xor     dil, 0AFh
    mov     [rcx+rbp+7], dil
    xor     ecx, ecx
    cmp     [rsp+arg_5C], 4
    setz    cl
    lea     ecx, [rbx+rcx-4]
    movsxd  rcx, ecx
    movsxd  rcx, ds:(jpt_7FF656F4AC36 - 7FF6587FAF70h)[r14+rcx*4] ; switch 2 cases
    add     rcx, r8
    add     ebx, 23h ; '#'
    movsxd  rdx, ebx
    mov     r11, [rsi+rdx*8]
    add     r11, r9
    jmp     rcx                         ; jump loc_7FF656F4B1E9

loc_7FF656F4B1E9:                       ; CODE XREF: sub_7FF656F4A350+E95↑j
                                        ; DATA XREF: .rdata:jpt_7FF656F4AC36↓o
    jmp     r10                         ; jump loc_7FF656F4B1ED jumptable 00007FF656F4B1E5 case 1

loc_7FF656F4B1ED:                       ; DATA XREF: sub_7FF656F4A350+B06↑o
                                        ; sub_7FF656F4A350+EEE↓o
    mov     rax, [rsp+arg_70]
    mov     ecx, [rax]
    lea     edx, [rcx+8]
    mov     [rsp+arg_38], edx
    mov     [rax], edx
    add     ecx, 10h
    mov     rax, [rsp+arg_A0]
    xor     ebp, ebp
    xor     edi, edi
    cmp     ecx, [rax]
    setbe   bpl
    setnbe  dil
    imul    ebx, ebp, 45h ; 'E'
    imul    eax, edi, 36h ; '6'
    add     ebx, r12d
    add     ebx, eax
    mov     [rsp+arg_13C], edx
    mov     [rsp+arg_98], 4DAA9A8Dh
    lea     eax, [r12+rdi+4Ah]
    cdqe
    movsxd  rax, dword ptr [r14+rax*4]
    lea     rcx, loc_7FF656F4B1ED
    add     rax, rcx
    jmp     rax ; jump to next
; next
    add     ebx, 0FFFFFFC1h
    mov     esi, [rsp+arg_38]
    mov     rax, [rsp+arg_90]
    mov     rax, [rax]
    mov     rcx, rsi
    mov     rdx, 77BB9B5C7AC216F5h
    xor     rcx, rdx
    mov     r11, [rsp+arg_C8]
    mov     r13, [rsp+arg_E8]
    mov     rdi, [rsp+arg_E0]
    mov     [rsp+arg_80], rax
    lea     rax, unk_7FF656F4B316
    mov     [rsp+arg_48], rax
    mov     eax, 0FD64699Eh
    lea     rdx, [rax-7E03BB4h]
    mov     rbp, 0FFFFFFFF8FEFFFEFh
    mov     r10, 54D4C013704AA05Ch
    mov     rax, 0B8DE7CFFF77FEFD0h
    jmp     loc_7FF656F4B0A0
; next
loc_7FF656F4B0A0:                       ; CODE XREF: sub_7FF656F4A350+1864↓j
    add     rcx, rax
    add     ebx, 0FFFFFFFAh
    mov     rax, [rsp+arg_48]
    mov     r15, [rsp+arg_80]
    add     rsi, rsi
    and     rsi, rdx
    add     rsi, rcx
    mov     [rsp+arg_158], rbp
    mov     [rsp+arg_160], r11
    mov     [rsp+arg_168], r13
    mov     [rsp+arg_D0], rdi
    mov     [rsp+arg_D8], r10
    mov     [rsp+arg_A8], r15
    mov     [rsp+arg_C0], rsi
    mov     [rsp+arg_B8], rax

loc_7FF656F4B0FC:                       ; CODE XREF: sub_7FF656F4A350+D3D↑j
    lea     rsi, unknown_pointers

loc_7FF656F4B103:                       ; DATA XREF: sub_7FF656F4A350+D2F↑o
    mov     r10, [rsp+arg_B8]
    mov     rcx, [rsp+arg_A8]
    mov     rdi, [rsp+arg_D0]
    mov     rbp, [rsp+arg_160]
    xor     rbp, [rsp+arg_168]
    xor     rbp, [rsp+arg_158]
    add     rbp, rbp
    sub     rdi, rbp
    sub     rdi, [rsp+arg_D8]
    mov     rdx, rdi
    shr     rdx, 38h
    xor     dl, 21h
    mov     rbp, [rsp+arg_C0]
    mov     rax, 0CF65E7A38DBDF93Bh
    add     rbp, rax
    mov     [rcx+rbp], dl
    mov     rdx, rdi
    shr     rdx, 30h
    xor     dl, 0BFh
    mov     [rcx+rbp+1], dl
    mov     rdx, rdi
    shr     rdx, 28h
    xor     dl, 55h
    mov     [rcx+rbp+2], dl
    mov     rdx, rdi
    shr     rdx, 20h
    xor     dl, 0B0h
    mov     [rcx+rbp+3], dl
    mov     rdx, rdi
    shr     rdx, 18h
    xor     dl, 0Ch
    mov     [rcx+rbp+4], dl
    mov     rdx, rdi
    shr     rdx, 10h
    xor     dl, 8Fh
    mov     [rcx+rbp+5], dl
    mov     rdx, rdi
    shr     rdx, 8
    xor     dl, 0F6h
    mov     [rcx+rbp+6], dl
    xor     dil, 0AFh
    mov     [rcx+rbp+7], dil
    xor     ecx, ecx
    cmp     [rsp+arg_5C], 4
    setz    cl
    lea     ecx, [rbx+rcx-4]
    movsxd  rcx, ecx
    movsxd  rcx, ds:(jpt_7FF656F4AC36 - 7FF6587FAF70h)[r14+rcx*4] ; switch 2 cases
    add     rcx, r8
    add     ebx, 23h ; '#'
    movsxd  rdx, ebx
    mov     r11, [rsi+rdx*8]
    add     r11, r9
    jmp     rcx ; loc_7FF656F4B1E9

loc_7FF656F4B1E9:                       ; CODE XREF: sub_7FF656F4A350+E95↑j
    jmp     r10 ; jump loc_7FF656F4B316

loc_7FF656F4B316:                       ; DATA XREF: sub_7FF656F4A350+1831↓o
    lea     ebx, [r12+36h]
    mov     rax, [rsp+arg_70]
    mov     ecx, [rax]
    add     ecx, 8
    mov     [rax], ecx
    mov     [rsp+arg_13C], ecx
    mov     [rsp+arg_98], 4DAB4A78h
    mov     ebp, [rsp+arg_98]
    mov     eax, [rsp+arg_13C]
    mov     [rsp+arg_6C], eax
    xor     eax, eax
    xor     ecx, ecx
    cmp     ebp, 4DAB4A78h
    setnz   dl
    setz    cl
    mov     [rsp+arg_28], ebp
    lea     ebp, [rcx+rbx]
    movsxd  rbp, ebp
    movsxd  rbp, dword ptr [r14+rbp*4]
    lea     rdi, unk_7FF656F4B24C
    add     rbp, rdi
    jmp     rbp ; saved_fp

saved_fp:
    mov     al, dl                          ; DATA XREF: sub_7FF656F4A350+1061↓o
    shl     eax, 4
    lea     ecx, [rcx+rcx*2]

retaddr:
    add     eax, ebx
    lea     eax, [rax+rcx*2]
    mov     ebp, [rsp+arg_6C]
    add     ebp, 4
    mov     rbx, [rsp+arg_A0]
    xor     edx, edx
    xor     ecx, ecx
    cmp     ebp, [rbx]
    setbe   bl
    setnbe  cl
    mov     [rsp+arg_28], 4DAA9A8Dh
    lea     ebp, [rcx+rax]
    movsxd  rbp, ebp
    movsxd  rbp, dword ptr [r14+rbp*4]
    lea     rdi, saved_fp
    add     rbp, rdi
    jmp     rbp ; saved_fp

saved_fp:
    mov     dl, bl                          ; DATA XREF: sub_7FF656F4A350+111F↓o
    lea     edx, [rdx+rdx*4]
    lea     ecx, [rcx+rcx*4]

retaddr:
    add     edx, eax
    lea     edi, [rdx+rcx*2]
    mov     rax, [rsp+arg_90]
    mov     rax, [rax]
    mov     edx, [rsp+arg_6C]
    mov     ebp, edx
    xor     ebp, 9FF3B4BDh
    and     edx, 1FF3B4BDh
    lea     ebx, [rbp+rdx*2+600C4B43h]
    movzx   ecx, [rsp+arg_2E]
    mov     [rax+rbx], cl
    lea     ecx, [rbp+rdx*2+600C4B44h]
    movzx   ebx, [rsp+arg_2F]
    mov     [rax+rcx], bl
    lea     ecx, [rbp+rdx*2+600C4B45h]
    movzx   ebx, [rsp+arg_3E]
    mov     [rax+rcx], bl
    lea     ecx, [rbp+rdx*2+600C4B46h]
    movzx   edx, [rsp+arg_3F]
    mov     [rax+rcx], dl
    mov     rax, [rsp+arg_70]
    mov     ecx, [rax]
    lea     edx, [rcx+4]
    mov     [rsp+arg_60], edx
    mov     [rax], edx
    add     ecx, 0Ch
    mov     rax, [rsp+arg_A0]
    xor     ebp, ebp
    xor     ebx, ebx
    cmp     ecx, [rax]
    setbe   bpl
    setnbe  bl
    lea     eax, [rbp+rbp*2+0]
    mov     ecx, edi
    sub     ecx, eax
    lea     eax, [rcx+rbx*2]
    mov     [rsp+arg_9C], edx
    mov     [rsp+arg_68], 4DAA9A8Dh
    add     ebx, edi
    movsxd  rcx, ebx
    movsxd  rcx, dword ptr [r14+rcx*4]
    lea     rdx, saved_fp
    add     rcx, rdx
    jmp     rcx ; next
; next
    add     eax, 0FFFFFFC8h
    mov     esi, [rsp+arg_60]
    mov     rcx, [rsp+arg_90]
    mov     rdx, [rcx]
    mov     rcx, rsi
    mov     rbp, 769EF95F766626DFh
    xor     rcx, rbp
    mov     r11, [rsp+arg_118]
    mov     r13, [rsp+arg_110]
    mov     rdi, [rsp+arg_108]
    mov     [rsp+arg_80], rdx
    lea     rdx, unk_7FF656F4B2F0
    mov     [rsp+arg_48], rdx
    mov     edx, 0FD64699Eh
    lea     rdx, [rdx-10981BE0h]
    mov     rbp, 0FFFFFFFF4CCFFFAFh
    lea     rbp, [rbp+11EFFF50h]
    mov     ebx, eax
    mov     r10, 0BC8344F5C2975240h
    mov     rax, 0B9FB1EFCFBDBDFE6h
    jmp     loc_7FF656F4B0A0

loc_7FF656F4B0A0:                       ; CODE XREF: sub_7FF656F4A350+17E7↓j
                                        ; sub_7FF656F4A350+1864↓j
    add     rcx, rax
    add     ebx, 0FFFFFFFAh
    mov     rax, [rsp+arg_48]
    mov     r15, [rsp+arg_80]
    add     rsi, rsi
    and     rsi, rdx
    add     rsi, rcx
    mov     [rsp+arg_158], rbp
    mov     [rsp+arg_160], r11
    mov     [rsp+arg_168], r13
    mov     [rsp+arg_D0], rdi
    mov     [rsp+arg_D8], r10
    mov     [rsp+arg_A8], r15
    mov     [rsp+arg_C0], rsi
    mov     [rsp+arg_B8], rax

loc_7FF656F4B0FC:                       ; CODE XREF: sub_7FF656F4A350+D3D↑j
    lea     rsi, unknown_pointers

loc_7FF656F4B103:                       ; DATA XREF: sub_7FF656F4A350+D2F↑o
    mov     r10, [rsp+arg_B8]
    mov     rcx, [rsp+arg_A8]
    mov     rdi, [rsp+arg_D0]
    mov     rbp, [rsp+arg_160]
    xor     rbp, [rsp+arg_168]
    xor     rbp, [rsp+arg_158]
    add     rbp, rbp
    sub     rdi, rbp
    sub     rdi, [rsp+arg_D8]
    mov     rdx, rdi
    shr     rdx, 38h
    xor     dl, 21h
    mov     rbp, [rsp+arg_C0]
    mov     rax, 0CF65E7A38DBDF93Bh
    add     rbp, rax
    mov     [rcx+rbp], dl
    mov     rdx, rdi
    shr     rdx, 30h
    xor     dl, 0BFh
    mov     [rcx+rbp+1], dl
    mov     rdx, rdi
    shr     rdx, 28h
    xor     dl, 55h
    mov     [rcx+rbp+2], dl
    mov     rdx, rdi
    shr     rdx, 20h
    xor     dl, 0B0h
    mov     [rcx+rbp+3], dl
    mov     rdx, rdi
    shr     rdx, 18h
    xor     dl, 0Ch
    mov     [rcx+rbp+4], dl
    mov     rdx, rdi
    shr     rdx, 10h
    xor     dl, 8Fh
    mov     [rcx+rbp+5], dl
    mov     rdx, rdi
    shr     rdx, 8
    xor     dl, 0F6h
    mov     [rcx+rbp+6], dl
    xor     dil, 0AFh
    mov     [rcx+rbp+7], dil
    xor     ecx, ecx
    cmp     [rsp+arg_5C], 4
    setz    cl
    lea     ecx, [rbx+rcx-4]
    movsxd  rcx, ecx
    movsxd  rcx, ds:(jpt_7FF656F4AC36 - 7FF6587FAF70h)[r14+rcx*4] ; switch 2 cases
    add     rcx, r8
    add     ebx, 23h ; '#'
    movsxd  rdx, ebx
    mov     r11, [rsi+rdx*8]
    add     r11, r9
    jmp     rcx ; loc_7FF656F4B1E9

loc_7FF656F4B1E9:
    jmp     r10 ; loc_7FF656F4B2F0

loc_7FF656F4B2F0:
    lea     eax, [r12+43h]
    mov     rcx, [rsp+arg_70]
    mov     edx, [rcx]
    add     edx, 8
    mov     [rcx], edx
    mov     [rsp+arg_9C], edx
    mov     [rsp+arg_68], 4DAB4A78h
    jmp     loc_7FF656F4B47D

loc_7FF656F4B47D:
    mov     ecx, [rsp+arg_68]
    mov     edx, [rsp+arg_9C]
    mov     [rsp+arg_64], edx
    xor     edx, edx
    xor     ebp, ebp
    cmp     ecx, 4DAB4A78h
    setnz   dl
    setz    bpl
    lea     ebx, [rdx+rdx*2]
    imul    edx, ebp, -35h
    add     ebx, eax
    add     ebx, edx
    mov     [rsp+arg_28], ecx
    add     ebp, eax
    movsxd  rax, ebp
    movsxd  rax, dword ptr [r14+rax*4]
    lea     rcx, loc_7FF656F4B47D
    add     rax, rcx
    jmp     rax ; loc_7FF656F4B641

loc_7FF656F4B641:                       ; DATA XREF: sub_7FF656F4A350+1324↓o
    mov     eax, [rsp+arg_64]
    lea     edx, [rax+8]
    mov     rcx, [rsp+arg_A0]
    mov     ebp, [rcx]
    xor     ecx, ecx
    xor     edi, edi
    cmp     [rsp+arg_5C], 4
    setnz   cl
    setz    dil
    lea     esi, [rdi+rdi*8]
    lea     ecx, [rbx+rcx*8]
    lea     ecx, [rcx+rsi*4]
    add     edi, ebx
    movsxd  rbx, edi
    movsxd  rbx, dword ptr [r14+rbx*4]
    lea     rdi, loc_7FF656F4B641
    add     rbx, rdi
    jmp     rbx ; loc_7FF656F4B680

loc_7FF656F4B680:                       ; DATA XREF: sub_7FF656F4A350+135A↓o
    xor     edi, edi
    xor     esi, esi
    cmp     edx, ebp
    setbe   dil
    setnbe  sil
    imul    ebx, esi, -6
    sub     ebx, edi
    add     ebx, ecx
    mov     [rsp+arg_54], eax
    mov     [rsp+arg_40], 4DAA9A8Dh
    add     ecx, esi
    movsxd  rax, ecx
    movsxd  rax, dword ptr [r14+rax*4]
    lea     rcx, loc_7FF656F4B680
    add     rax, rcx
    jmp     rax ; next
; next
    add     ebx, 0FFFFFFD5h
    mov     esi, [rsp+arg_64]
    mov     rax, [rsp+arg_90]
    mov     rax, [rax]
    mov     rcx, rsi
    mov     rdx, 3CFBDC7E76CBEFEDh
    xor     rcx, rdx
    mov     r11, [rsp+arg_88]
    mov     r13, [rsp+arg_120]
    mov     rdi, [rsp+arg_F0]
    mov     [rsp+arg_80], rax
    lea     rax, unk_7FF656F4B2CD
    mov     [rsp+arg_48], rax
    mov     eax, 0FD64699Eh
    lea     rdx, [rax-0FCC89C4h]
    mov     r10, 163EC4B9C8AEAAEh
    mov     rbp, 0FFFFFFFF4CCFFFAFh
    mov     rax, 0F39E3BDDFB7616D8h
    jmp     loc_7FF656F4B0A0

loc_7FF656F4B0A0:                       ; CODE XREF: sub_7FF656F4A350+1660↓j
                                        ; sub_7FF656F4A350+17E7↓j ...
    add     rcx, rax
    add     ebx, 0FFFFFFFAh
    mov     rax, [rsp+arg_48]
    mov     r15, [rsp+arg_80]
    add     rsi, rsi
    and     rsi, rdx
    add     rsi, rcx
    mov     [rsp+arg_158], rbp
    mov     [rsp+arg_160], r11
    mov     [rsp+arg_168], r13
    mov     [rsp+arg_D0], rdi
    mov     [rsp+arg_D8], r10
    mov     [rsp+arg_A8], r15
    mov     [rsp+arg_C0], rsi
    mov     [rsp+arg_B8], rax

loc_7FF656F4B0FC:                       ; CODE XREF: sub_7FF656F4A350+D3D↑j
    lea     rsi, unknown_pointers

loc_7FF656F4B103:                       ; DATA XREF: sub_7FF656F4A350+D2F↑o
    mov     r10, [rsp+arg_B8]
    mov     rcx, [rsp+arg_A8]
    mov     rdi, [rsp+arg_D0]
    mov     rbp, [rsp+arg_160]
    xor     rbp, [rsp+arg_168]
    xor     rbp, [rsp+arg_158]
    add     rbp, rbp
    sub     rdi, rbp
    sub     rdi, [rsp+arg_D8]
    mov     rdx, rdi
    shr     rdx, 38h
    xor     dl, 21h
    mov     rbp, [rsp+arg_C0]
    mov     rax, 0CF65E7A38DBDF93Bh
    add     rbp, rax
    mov     [rcx+rbp], dl
    mov     rdx, rdi
    shr     rdx, 30h
    xor     dl, 0BFh
    mov     [rcx+rbp+1], dl
    mov     rdx, rdi
    shr     rdx, 28h
    xor     dl, 55h
    mov     [rcx+rbp+2], dl
    mov     rdx, rdi
    shr     rdx, 20h
    xor     dl, 0B0h
    mov     [rcx+rbp+3], dl
    mov     rdx, rdi
    shr     rdx, 18h
    xor     dl, 0Ch
    mov     [rcx+rbp+4], dl
    mov     rdx, rdi
    shr     rdx, 10h
    xor     dl, 8Fh
    mov     [rcx+rbp+5], dl
    mov     rdx, rdi
    shr     rdx, 8
    xor     dl, 0F6h
    mov     [rcx+rbp+6], dl
    xor     dil, 0AFh
    mov     [rcx+rbp+7], dil
    xor     ecx, ecx
    cmp     [rsp+arg_5C], 4
    setz    cl
    lea     ecx, [rbx+rcx-4]
    movsxd  rcx, ecx
    movsxd  rcx, ds:(jpt_7FF656F4AC36 - 7FF6587FAF70h)[r14+rcx*4] ; switch 2 cases
    add     rcx, r8
    add     ebx, 23h ; '#'
    movsxd  rdx, ebx
    mov     r11, [rsi+rdx*8]
    add     r11, r9
    jmp     rcx ; loc_7FF656F4B1E9

loc_7FF656F4B1E9:
    jmp     r10 ; loc_7FF656F4B2CD

loc_7FF656F4B2CD:                       ; DATA XREF: sub_7FF656F4A350+162A↓o
    lea     ebx, [r12+2Ch]
    mov     rax, [rsp+arg_70]
    mov     ecx, [rax]
    add     ecx, 8
    mov     [rax], ecx
    mov     [rsp+arg_54], ecx
    mov     [rsp+arg_40], 4DAB4A78h
    jmp     loc_7FF656F4B6B9

loc_7FF656F4B6B9:                       ; CODE XREF: sub_7FF656F4A350+F9A↑j
                                        ; DATA XREF: sub_7FF656F4A350+13A2↓o
    mov     ecx, [rsp+arg_40]
    mov     eax, [rsp+arg_54]
    mov     [rsp+arg_30], eax
    xor     edx, edx
    xor     ebp, ebp
    cmp     ecx, 4DAB4A78h
    setnz   dl
    setz    bpl
    lea     eax, [rdx+rdx*8]
    lea     eax, [rax+rax*2]
    sub     eax, edx
    imul    edx, ebp, -1Ch
    add     eax, ebx
    add     eax, edx
    mov     [rsp+arg_28], ecx
    add     ebp, ebx
    movsxd  rcx, ebp
    movsxd  rcx, dword ptr [r14+rcx*4]
    lea     rdx, loc_7FF656F4B6B9
    add     rcx, rdx
    jmp     rcx ; loc_7FF656F4B781

loc_7FF656F4B781:                       ; DATA XREF: sub_7FF656F4A350+1468↓o
    mov     edx, [rsp+arg_30]
    add     edx, 8
    mov     rcx, [rsp+arg_A0]
    xor     ebx, ebx
    xor     edi, edi
    cmp     [rsp+arg_5C], 4
    mov     ebp, [rcx]
    setnz   bl
    setz    dil
    lea     esi, [rdi+rdi*2]
    shl     esi, 3
    sub     esi, edi
    lea     ecx, [rax+rbx*4]
    add     ecx, esi
    add     edi, eax
    movsxd  rax, edi
    movsxd  rax, dword ptr [r14+rax*4]
    lea     rbx, loc_7FF656F4B781
    add     rax, rbx
    jmp     rax ; loc_7FF656F4B7C7

loc_7FF656F4B7C7:                       ; DATA XREF: sub_7FF656F4A350+14A1↓o
    xor     eax, eax
    xor     edi, edi
    cmp     edx, ebp
    setbe   al
    setnbe  dil
    lea     ebx, [rax+rax*4]
    neg     ebx
    lea     eax, [rdi+rdi]
    sub     ebx, eax
    add     ebx, ecx
    mov     [rsp+arg_44], 4DAA9A8Dh
    add     edi, ecx
    movsxd  rax, edi
    movsxd  rax, dword ptr [r14+rax*4]
    lea     rcx, loc_7FF656F4B7C7
    add     rax, rcx
    jmp     rax
; next
    add     ebx, 0FFFFFFE4h
    mov     esi, [rsp+arg_30]
    mov     rax, [rsp+arg_90]
    mov     rax, [rax]
    mov     rcx, rsi
    mov     rdx, 3CBB395F7A7A6FFFh
    xor     rcx, rdx
    mov     r11, [rsp+arg_130]
    mov     r13, [rsp+arg_F8]
    mov     rdi, [rsp+arg_128]
    mov     [rsp+arg_80], rax
    lea     rax, unk_7FF656F4BDBA
    mov     [rsp+arg_48], rax
    mov     eax, 0FD64699Eh
    lea     rdx, [rax-86F89A0h]
    mov     rbp, 0FFFFFFFFAE9FF6EFh
    mov     r10, 0AD20A14B449F3BCCh
    mov     rax, 0F3DEDEFCF7C796C6h
    jmp     loc_7FF656F4B0A0

loc_7FF656F4B0A0:
    add     rcx, rax
    add     ebx, 0FFFFFFFAh
    mov     rax, [rsp+arg_48]
    mov     r15, [rsp+arg_80]
    add     rsi, rsi
    and     rsi, rdx
    add     rsi, rcx
    mov     [rsp+arg_158], rbp
    mov     [rsp+arg_160], r11
    mov     [rsp+arg_168], r13
    mov     [rsp+arg_D0], rdi
    mov     [rsp+arg_D8], r10
    mov     [rsp+arg_A8], r15
    mov     [rsp+arg_C0], rsi
    mov     [rsp+arg_B8], rax

loc_7FF656F4B0FC:                       ; CODE XREF: sub_7FF656F4A350+D3D↑j
    lea     rsi, unknown_pointers

loc_7FF656F4B103:                       ; DATA XREF: sub_7FF656F4A350+D2F↑o
    mov     r10, [rsp+arg_B8]
    mov     rcx, [rsp+arg_A8]
    mov     rdi, [rsp+arg_D0]
    mov     rbp, [rsp+arg_160]
    xor     rbp, [rsp+arg_168]
    xor     rbp, [rsp+arg_158]
    add     rbp, rbp
    sub     rdi, rbp
    sub     rdi, [rsp+arg_D8]
    mov     rdx, rdi
    shr     rdx, 38h
    xor     dl, 21h
    mov     rbp, [rsp+arg_C0]
    mov     rax, 0CF65E7A38DBDF93Bh
    add     rbp, rax
    mov     [rcx+rbp], dl
    mov     rdx, rdi
    shr     rdx, 30h
    xor     dl, 0BFh
    mov     [rcx+rbp+1], dl
    mov     rdx, rdi
    shr     rdx, 28h
    xor     dl, 55h
    mov     [rcx+rbp+2], dl
    mov     rdx, rdi
    shr     rdx, 20h
    xor     dl, 0B0h
    mov     [rcx+rbp+3], dl
    mov     rdx, rdi
    shr     rdx, 18h
    xor     dl, 0Ch
    mov     [rcx+rbp+4], dl
    mov     rdx, rdi
    shr     rdx, 10h
    xor     dl, 8Fh
    mov     [rcx+rbp+5], dl
    mov     rdx, rdi
    shr     rdx, 8
    xor     dl, 0F6h
    mov     [rcx+rbp+6], dl
    xor     dil, 0AFh
    mov     [rcx+rbp+7], dil
    xor     ecx, ecx
    cmp     [rsp+arg_5C], 4
    setz    cl
    lea     ecx, [rbx+rcx-4]
    movsxd  rcx, ecx
    movsxd  rcx, ds:(jpt_7FF656F4AC36 - 7FF6587FAF70h)[r14+rcx*4] ; switch 2 cases
    add     rcx, r8
    add     ebx, 23h ; '#'
    movsxd  rdx, ebx
    mov     r11, [rsi+rdx*8]
    add     r11, r9
    jmp     rcx ; loc_7FF656F4B1E9
loc_7FF656F4B1E9:                       ; CODE XREF: sub_7FF656F4A350+E95↑j
                                        ; DATA XREF: .rdata:jpt_7FF656F4AC36↓o
    jmp     r10 ; loc_7FF656F4BDBA

loc_7FF656F4BDBA:                       ; DATA XREF: sub_7FF656F4A350+14F1↑o
    add     r12d, 25h ; '%'
    mov     rax, [rsp+arg_70]
    add     dword ptr [rax], 8
    mov     [rsp+arg_44], 4DAB4A78h
    mov     ebx, r12d
    jmp     loc_7FF656F4BF17

loc_7FF656F4BF17:                       ; CODE XREF: sub_7FF656F4A350+1A81↑j
                                        ; DATA XREF: sub_7FF656F4A350+1BE9↓o
    mov     ebp, [rsp+arg_44]
    xor     ecx, ecx
    xor     eax, eax
    cmp     ebp, 4DAB4A78h
    setnz   dl
    setz    al
    mov     [rsp+arg_28], ebp
    lea     ebp, [rax+rbx]
    movsxd  rbp, ebp
    movsxd  rbp, dword ptr [r14+rbp*4]
    lea     rdi, loc_7FF656F4BF17
    add     rdi, rbp
    jmp     rdi ; loc_7FF656F4BF46

loc_7FF656F4BF46:                       ; DATA XREF: sub_7FF656F4A350+1C6E↓o
    mov     cl, dl
    mov     edx, ecx
    shl     edx, 5
    or      edx, ecx
    lea     eax, [rax+rax*4]
    add     edx, ebx
    lea     esi, [rdx+rax*2]
    lea     eax, [rsi-33h]
    lea     rcx, [rsp+arg_170]
    mov     edx, ecx
    xor     edx, 4A8AC765h
    imul    edx, 2E79DF4Fh
    lea     rbp, [rsp+arg_140]
    mov     [rsp+arg_170], rbp
    xor     eax, edx
    xor     edx, 58950D05h
    mov     [rsp+arg_178], edx
    mov     [rsp+arg_180], eax
    call    r11
    mov     ebp, [rsp+arg_17C]
    xor     edx, edx
    xor     ecx, ecx
    cmp     ebp, 4DAB4A78h
    setnz   al
    setz    cl
    mov     [rsp+arg_28], ebp
    lea     ebp, [rcx+rsi]
    movsxd  rbp, ebp
    movsxd  rbp, dword ptr [r14+rbp*4]
    lea     rbx, loc_7FF656F4BF46
    add     rbx, rbp
    jmp     rbx ; loc_7FF656F4BFCC

loc_7FF656F4BFCC:                       ; DATA XREF: sub_7FF656F4A350+1CD5↓o
    mov     dl, al
    lea     eax, [rdx+rdx*2]
    shl     eax, 3
    sub     eax, edx
    lea     ecx, [rcx+rcx*4]
    add     eax, esi
    sub     eax, ecx
    mov     rcx, [rsp+arg_70]
    mov     dword ptr [rcx], 0
    mov     rcx, [rsp+arg_A0]
    mov     ecx, [rcx]
    xor     edx, edx
    cmp     ecx, 3
    setnbe  dl
    xor     ebp, ebp
    cmp     ecx, 4
    setb    bpl
    imul    esi, edx, -12h
    imul    ecx, ebp, -6
    add     esi, eax
    add     esi, ecx
    mov     [rsp+arg_34], 4DAB4A78h
    mov     [rsp+arg_58], 4DAA9A8Eh
    add     eax, ebp
    cdqe
    movsxd  rax, dword ptr [r14+rax*4]
    lea     rcx, loc_7FF656F4BFCC
    add     rcx, rax
    jmp     rcx ; loc_7FF656F4C13F

loc_7FF656F4C13F:                       ; DATA XREF: sub_7FF656F4A350+1E4A↓o
    mov     rax, [rsp+arg_90]
    mov     rax, [rax]
    movzx   ecx, byte ptr [rax]
    shl     ecx, 18h
    movzx   edx, byte ptr [rax+1]
    shl     edx, 10h
    or      edx, ecx
    movzx   ecx, byte ptr [rax+2]
    shl     ecx, 8
    or      ecx, edx
    movzx   eax, byte ptr [rax+3]
    or      eax, ecx
    mov     ecx, eax
    xor     ecx, 5DEBCE7Ch
    and     eax, 5DEBCE7Ch
    lea     eax, [rcx+rax*2-10408404h]
    mov     rcx, [rsp+arg_70]
    mov     dword ptr [rcx], 4
    xor     ecx, ecx
    cmp     [rsp+arg_5C], 4
    setz    cl
    add     ecx, esi
    movsxd  rcx, ecx
    movsxd  rcx, dword ptr [r14+rcx*4]
    lea     rdx, loc_7FF656F4C13F
    add     rdx, rcx
    jmp     rdx ; next
; next
    mov     [rsp+arg_34], eax
    mov     [rsp+arg_58], 4DAB4A78h
    mov     eax, [rsp+arg_58]
    cmp     eax, 4DAB4A78h
    cmovz   eax, [rsp+arg_34]
    mov     [rsp+arg_28], eax
    mov     eax, 0B254B588h
    add     eax, [rsp+arg_28]
    jmp     near ptr qword_7FF656F4C408+35Ch ; loc_7FF656F4C764

loc_7FF656F4C764:                       ; CODE XREF: sub_7FF656F4A350+1E80↑j
    mov     rbx, [rsp+11F8h+var_10F0]
    mov     [rbx+4], eax
    add     rsp, 11B8h
    pop     rbx
    pop     rbp
    pop     rdi
    pop     rsi
    pop     r12
    pop     r13
    pop     r14
    pop     r15
    retn
sub_7FF656F4A350 endp
Dadoum commented 2 years ago

If you want some help I have some tools that can probably help you !

DsoTsin commented 2 years ago

If you want some help I have some tools that can probably help you !

Thanks ! You can send tools to my email dsotsen@gmail.com