ShockMgr.sys: file format trad-core AT&T syntax: mov here, there Disassembly of section .text: 00010480 <.text>: 10480: 55 push %ebp 10481: 8b ec mov %esp,%ebp 10483: 8b 45 08 mov 0x8(%ebp),%eax 10486: 53 push %ebx 10487: 56 push %esi 10488: 8b 70 28 mov 0x28(%eax),%esi 1048b: 33 db xor %ebx,%ebx 1048d: 38 9e b4 00 00 00 cmp %bl,0xb4(%esi) 10493: 74 52 je 0x104e7 10495: 57 push %edi 10496: 53 push %ebx 10497: 53 push %ebx 10498: 53 push %ebx 10499: 53 push %ebx 1049a: 8d be c0 00 00 00 lea 0xc0(%esi),%edi 104a0: 57 push %edi 104a1: ff 15 2c 07 01 00 call *0x1072c 104a7: c7 45 08 01 00 00 00 movl $0x1,0x8(%ebp) 104ae: 8d 86 bc 00 00 00 lea 0xbc(%esi),%eax 104b4: 8b 08 mov (%eax),%ecx 104b6: c7 01 20 34 07 00 movl $0x73420,(%ecx) 104bc: 8b 08 mov (%eax),%ecx 104be: 89 59 0c mov %ebx,0xc(%ecx) 104c1: 8b 08 mov (%eax),%ecx 104c3: 89 59 04 mov %ebx,0x4(%ecx) 104c6: 8b 08 mov (%eax),%ecx 104c8: 89 59 08 mov %ebx,0x8(%ecx) 104cb: ff 30 pushl (%eax) 104cd: 8d 45 08 lea 0x8(%ebp),%eax 104d0: 50 push %eax 104d1: ff b6 b8 00 00 00 pushl 0xb8(%esi) 104d7: ff 15 28 07 01 00 call *0x10728 104dd: 53 push %ebx 104de: 53 push %ebx 104df: 57 push %edi 104e0: ff 15 24 07 01 00 call *0x10724 104e6: 5f pop %edi 104e7: 8b 4d 0c mov 0xc(%ebp),%ecx 104ea: 32 d2 xor %dl,%dl 104ec: 89 59 1c mov %ebx,0x1c(%ecx) 104ef: 89 59 18 mov %ebx,0x18(%ecx) 104f2: ff 15 20 07 01 00 call *0x10720 104f8: 5e pop %esi 104f9: 33 c0 xor %eax,%eax 104fb: 5b pop %ebx 104fc: 5d pop %ebp 104fd: c2 08 00 ret $0x8 10500: 5c pop %esp 10501: 00 43 00 add %al,0x0(%ebx) 10504: 61 popa 10505: 00 6c 00 6c add %ch,0x6c(%eax,%eax,1) 10509: 00 62 00 add %ah,0x0(%edx) 1050c: 61 popa 1050d: 00 63 00 add %ah,0x0(%ebx) 10510: 6b 00 5c imul $0x5c,(%eax),%eax 10513: 00 53 00 add %dl,0x0(%ebx) 10516: 68 00 6f 00 63 push $0x63006f00 1051b: 00 6b 00 add %ch,0x0(%ebx) 1051e: 70 00 jo 0x10520 10520: 72 00 jb 0x10522 10522: 6f outsl %ds:(%esi),(%dx) 10523: 00 6f 00 add %ch,0x0(%edi) 10526: 66 data16 10527: 00 00 add %al,(%eax) 10529: 00 55 8b add %dl,0xffffff8b(%ebp) 1052c: ec in (%dx),%al 1052d: 83 ec 20 sub $0x20,%esp 10530: 53 push %ebx 10531: 56 push %esi 10532: 8b 75 08 mov 0x8(%ebp),%esi 10535: 33 db xor %ebx,%ebx 10537: 38 9e b4 00 00 00 cmp %bl,0xb4(%esi) 1053d: 74 07 je 0x10546 1053f: b0 01 mov $0x1,%al 10541: e9 a2 00 00 00 jmp 0x105e8 10546: 68 44 64 6b 20 push $0x206b6444 1054b: 6a 14 push $0x14 1054d: 53 push %ebx 1054e: ff 15 38 07 01 00 call *0x10738 10554: 3b c3 cmp %ebx,%eax 10556: 89 86 bc 00 00 00 mov %eax,0xbc(%esi) 1055c: 75 07 jne 0x10565 1055e: 32 c0 xor %al,%al 10560: e9 83 00 00 00 jmp 0x105e8 10565: 57 push %edi 10566: 68 00 05 01 00 push $0x10500 1056b: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 1056e: 50 push %eax 1056f: ff 15 18 07 01 00 call *0x10718 10575: 6a 01 push $0x1 10577: 8d 45 f8 lea 0xfffffff8(%ebp),%eax 1057a: 89 45 e8 mov %eax,0xffffffe8(%ebp) 1057d: 53 push %ebx 1057e: 8d 45 e0 lea 0xffffffe0(%ebp),%eax 10581: 50 push %eax 10582: 8d be b8 00 00 00 lea 0xb8(%esi),%edi 10588: 57 push %edi 10589: c7 45 e0 18 00 00 00 movl $0x18,0xffffffe0(%ebp) 10590: 89 5d e4 mov %ebx,0xffffffe4(%ebp) 10593: c7 45 ec 50 00 00 00 movl $0x50,0xffffffec(%ebp) 1059a: 89 5d f0 mov %ebx,0xfffffff0(%ebp) 1059d: 89 5d f4 mov %ebx,0xfffffff4(%ebp) 105a0: ff 15 34 07 01 00 call *0x10734 105a6: 85 c0 test %eax,%eax 105a8: 7d 15 jge 0x105bf 105aa: 8b b6 bc 00 00 00 mov 0xbc(%esi),%esi 105b0: 3b f3 cmp %ebx,%esi 105b2: 74 07 je 0x105bb 105b4: 56 push %esi 105b5: ff 15 30 07 01 00 call *0x10730 105bb: 32 c0 xor %al,%al 105bd: eb 28 jmp 0x105e7 105bf: 53 push %ebx 105c0: 8d 45 08 lea 0x8(%ebp),%eax 105c3: 50 push %eax 105c4: ff 37 pushl (%edi) 105c6: c6 86 b4 00 00 00 01 movb $0x1,0xb4(%esi) 105cd: 89 5d 08 mov %ebx,0x8(%ebp) 105d0: ff 15 28 07 01 00 call *0x10728 105d6: 53 push %ebx 105d7: 53 push %ebx 105d8: 81 c6 c0 00 00 00 add $0xc0,%esi 105de: 56 push %esi 105df: ff 15 24 07 01 00 call *0x10724 105e5: b0 01 mov $0x1,%al 105e7: 5f pop %edi 105e8: 5e pop %esi 105e9: 5b pop %ebx 105ea: c9 leave 105eb: c2 04 00 ret $0x4 105ee: 55 push %ebp 105ef: 8b ec mov %esp,%ebp 105f1: 51 push %ecx 105f2: 8b 45 08 mov 0x8(%ebp),%eax 105f5: 53 push %ebx 105f6: 56 push %esi 105f7: 8b 70 28 mov 0x28(%eax),%esi 105fa: 33 db xor %ebx,%ebx 105fc: 38 9e b4 00 00 00 cmp %bl,0xb4(%esi) 10602: 75 1b jne 0x1061f 10604: 8b 4d 0c mov 0xc(%ebp),%ecx 10607: be 01 00 00 c0 mov $0xc0000001,%esi 1060c: 32 d2 xor %dl,%dl 1060e: 89 59 1c mov %ebx,0x1c(%ecx) 10611: 89 71 18 mov %esi,0x18(%ecx) 10614: ff 15 20 07 01 00 call *0x10720 1061a: e9 95 00 00 00 jmp 0x106b4 1061f: 57 push %edi 10620: 53 push %ebx 10621: 53 push %ebx 10622: 53 push %ebx 10623: 8d 86 c0 00 00 00 lea 0xc0(%esi),%eax 10629: 53 push %ebx 1062a: 50 push %eax 1062b: 89 45 fc mov %eax,0xfffffffc(%ebp) 1062e: ff 15 2c 07 01 00 call *0x1072c 10634: 8b 7d 0c mov 0xc(%ebp),%edi 10637: 8b 47 60 mov 0x60(%edi),%eax 1063a: 8b 57 0c mov 0xc(%edi),%edx 1063d: c7 45 08 01 00 00 00 movl $0x1,0x8(%ebp) 10644: 8b 8e bc 00 00 00 mov 0xbc(%esi),%ecx 1064a: 89 51 0c mov %edx,0xc(%ecx) 1064d: 8b 50 0c mov 0xc(%eax),%edx 10650: 8b 8e bc 00 00 00 mov 0xbc(%esi),%ecx 10656: 89 11 mov %edx,(%ecx) 10658: 8b 50 08 mov 0x8(%eax),%edx 1065b: 8b 8e bc 00 00 00 mov 0xbc(%esi),%ecx 10661: 89 51 04 mov %edx,0x4(%ecx) 10664: 8b 40 04 mov 0x4(%eax),%eax 10667: 8b 8e bc 00 00 00 mov 0xbc(%esi),%ecx 1066d: 89 41 08 mov %eax,0x8(%ecx) 10670: ff b6 bc 00 00 00 pushl 0xbc(%esi) 10676: 8d 45 08 lea 0x8(%ebp),%eax 10679: 50 push %eax 1067a: ff b6 b8 00 00 00 pushl 0xb8(%esi) 10680: ff 15 28 07 01 00 call *0x10728 10686: 8b 86 bc 00 00 00 mov 0xbc(%esi),%eax 1068c: 8b 40 08 mov 0x8(%eax),%eax 1068f: 89 47 1c mov %eax,0x1c(%edi) 10692: 8b 86 bc 00 00 00 mov 0xbc(%esi),%eax 10698: 8b 70 10 mov 0x10(%eax),%esi 1069b: 32 d2 xor %dl,%dl 1069d: 8b cf mov %edi,%ecx 1069f: 89 77 18 mov %esi,0x18(%edi) 106a2: ff 15 20 07 01 00 call *0x10720 106a8: 53 push %ebx 106a9: 53 push %ebx 106aa: ff 75 fc pushl 0xfffffffc(%ebp) 106ad: ff 15 24 07 01 00 call *0x10724 106b3: 5f pop %edi 106b4: 8b c6 mov %esi,%eax 106b6: 5e pop %esi 106b7: 5b pop %ebx 106b8: c9 leave 106b9: c2 08 00 ret $0x8 ...