NDISASM of memory dump


SUBMITTED BY: Guest

DATE: June 6, 2013, 7:01 p.m.

FORMAT: Text only

SIZE: 1.8 kB

HITS: 1050

  1. 00000000 50 push rax
  2. 00000001 9C pushfq
  3. 00000002 50 push rax
  4. 00000003 48B86A9E16770000 mov rax,0x77169e6a
  5. -0000
  6. 0000000D 4889442410 mov [rsp+0x10],rax
  7. 00000012 51 push rcx
  8. 00000013 52 push rdx
  9. 00000014 53 push rbx
  10. 00000015 55 push rbp
  11. 00000016 56 push rsi
  12. 00000017 57 push rdi
  13. 00000018 4150 push r8
  14. 0000001A 4151 push r9
  15. 0000001C 4152 push r10
  16. 0000001E 4153 push r11
  17. 00000020 4154 push r12
  18. 00000022 4155 push r13
  19. 00000024 4156 push r14
  20. 00000026 4157 push r15
  21. 00000028 49B8000012000000 mov r8,0x120000
  22. -0000
  23. 00000032 4150 push r8
  24. 00000034 48BA000012000000 mov rdx,0x120000
  25. -0000
  26. 0000003E 52 push rdx
  27. 0000003F 4531C9 xor r9d,r9d
  28. 00000042 31C9 xor ecx,ecx
  29. 00000044 48B8707026770000 mov rax,0x77267070
  30. -0000
  31. 0000004E FFD0 call rax
  32. 00000050 415F pop r15
  33. 00000052 415E pop r14
  34. 00000054 415D pop r13
  35. 00000056 415C pop r12
  36. 00000058 415B pop r11
  37. 0000005A 415A pop r10
  38. 0000005C 4159 pop r9
  39. 0000005E 4158 pop r8
  40. 00000060 5F pop rdi
  41. 00000061 5E pop rsi
  42. 00000062 5D pop rbp
  43. 00000063 5B pop rbx
  44. 00000064 5A pop rdx
  45. 00000065 59 pop rcx
  46. 00000066 58 pop rax
  47. 00000067 9D popfq
  48. 00000068 C3 ret

comments powered by Disqus