1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
|
BITS 32
mov eax, 0x41424344
nop
cmp byte [0x41424344], ah
cmp ah, bh
nop
xchg word [bx], bx
xchg word [ebx], bx
nop
xchg word [bx], bx
xchg word [bx + si], bx
add bx, word [bx + si]
add word [bx + si], si
nop
lgdt [ebx]
lldt [ecx]
lmsw [edx]
push eax
push 0x41
push 0x41424344
push ds
push fs
imul ecx, ebx
imul ecx, 0x10203040
imul ecx
imul ebx, dword [0x41424344]
imul ecx, [eax], 100
add eax, [edx * 8 + eax]
add eax, 0x10203040
add [edx*2 + ecx + 0x41424344], ebx
add [eax*2+edx], ebx
or edx, dword [4*eax + 0x41424344]
nop
db 0x30
db 0x0a
nop
db 0x9a
dd 0x40414243
dw 0x1234
nop
fstenv [0x80818283]
fstp tword [0x81828384]
fstp st2
fstsw ax
fstsw word [0x41424344]
fsub st4, st0
fsub st4
fsub qword [0x81828384]
fsubp st4
fsubr dword [0x41424344]
ftst
fucom st2
fucomp st1
fucompp
fucomi st0
fucomip st6
fxam
fxch st3
fxtract
fyl2x
fyl2xp1
fwait
nop
fld tword [0x81828384]
fld st3
fld1
fldcw word [0x41424344]
fldenv [0x81828384]
fldl2e
fldl2t
fldlg2
fldln2
fldpi
fldz
fmul dword [0x41424344]
fmul st3
fmul st3, st0
fmulp st3
fnop
fpatan
fprem
fprem1
fptan
frndint
frstor [0x41424344]
fsave [0x41424344]
fscale
fsin
fsincos
fsqrt
fst dword [0x81828384]
fst qword [0x41424344]
fst st3
fstcw word [0x41424344]
nop
finit
nop
fimul word [0x41424344]
fimul dword [0x81828384]
fincstp
fist word [0x41424344]
fistp qword [0x41424344]
fisub word [0x41424344]
fisub dword [ebx]
fisubr dword [0x80818283]
nop
fild word [0x41424344]
fild dword [0x81828384]
fild qword [0xf0f1f3f4]
nop
xor eax, byte -4
ficomp dword [0xf0f0f0f0]
ficom word [0x41424344]
fidiv word [0x41424344]
fidiv dword [0x41424344]
nop
fiadd word [0x41424344]
fiadd dword [0x41424344]
nop
fdivrp st4
fdivp st4
ffree st2
nop
fdivr st0, st4
fdivr dword [0x41424344]
fdivr qword [0x41424344]
fcomip st1
fcomi st2
fcos
fdecstp
fcompp
fdiv st0, st0
fdiv st0, st4
fdiv st4, st0
fdiv dword [0x41424344]
fdiv qword [0x41424344]
nop
fcom st6
fcom dword [0x41424344]
fcom qword [0x41424344]
fcmovb st4
nop
fbld tword [0x41424344]
fbstp tword [0x41424344]
fchs
fclex
nop
faddp st4
nop
fadd dword [0x41424344]
fadd qword [0x41424344]
fadd st0, st0
fadd st4, st0
fadd st0, st4
f2xm1
fabs
nop
db 0x75
db 0x1d
db 0x80
db 0x65
db 0xd0
db 0xc0
db 0x80
db 0x7d
db 0xd0
db 0xc0
db 0x83
db 0xc4
db 0x41
add ecx, 0x41424344
punpckhdq mm1, mm0
psubd mm1, mm0
pslld mm1, mm0
psllq mm1, 12
db 0x0f
db 0xf5
db 0xc0
pcmpeqd mm1, mm0
pand mm0, mm1
paddw mm0, mm1
packssdw mm0, mm1
nop
movq mm0, [0x40414243]
int3
emms
movq mm0, mm1
movd mm0, ecx
nop
mov eax, dword [bx + si + 0x0102]
mov bx, word [ebx]
mov cx, dx
wait
wbinvd
wrmsr
xadd eax, ebx
xadd dl, cl
xchg eax, edx
xchg byte [eax], dl
xlat
xor ebx, 0x41424344
xor byte [0x41424344], 0xf0
nop
shld edx, eax, 12
shrd ebx, ecx, cl
shr eax, cl
stc
std
sti
stosd
sub eax, 8
sub ecx, edx
test al, 0xff
db 0x0f
db 0x0b
verr [eax]
nop
ret
ret 0x0102
rol eax, 1
rol edx, cl
ror eax, 12
rsm
sahf
sbb eax, edx
sbb dl, 10
scasb
setz al
shl ebx, cl
nop
; pop cs ; uhh ohh
pop ds
pop gs
popa
popf
pusha
pushf
rcl ebx, 1
rcl eax, cl
rcl edx, 4
rcr ebx, 3
rdmsr
rdpmc
rdtsc
nop
movsx eax, dl
movsb
movsd
movzx edx, byte [0x41424344]
mul edx
neg al
nop
not dword [0x41424344]
or edx, dword [4*eax + 0x41424344]
out 0x60, al
out dx, eax
pop eax
pop dword [0x41424344]
nop
mov cs, eax
mov ebx, ds
mov cs, word [0x41424344]
mov word [0x46474849], es
mov ss, ecx
nop
mov cr0, eax
mov eax, cr1
mov dr6, edx
mov ecx, dr7
nop
lsl ebx, [eax]
mov ebx, eax
mov cl, ch
mov dl, 0x61
mov edx, 0x61616161
mov [0x41424344], eax
mov eax, [0x81828384]
nop
lahf
lar eax, ebx
lar ecx, [eax]
lea eax, [4*ecx]
leave
nop
lodsb
loop label2
nop
jns label2
label2: jmp eax
db 0xea
dd 0x01020304
dw 0x4041
nop
jmp [eax]
jmp dword [0x41424344]
nop
in eax, 0x60
in eax, dx
inc eax
nop
int3
int 0x80
iret
nop
enter 0x100, 1
nop
div dl
div dword [0x41424344]
nop
dec eax
dec dword [eax]
dec byte [0x41424344]
nop
cmpsb
cmpsd
cmpxchg eax, ebx
cmpxchg8b [0x41424344]
nop
cmp eax, 0x10203040
cmp eax, ebx
cmp al, bl
nop
cmovns eax, ebx
nop
cbw
cdq
clc
cld
cli
clts
cmc
call label
nop
call dword 0x08048000
label:
btc eax, ebx
bt eax, ebx
nop
bt eax, 0x7f
nop
bsf eax, ebx
nop
bsf eax, [edx * 8]
nop
bswap eax
nop
nop
nop
mov [eax], ebx
doexit: mov eax, 1
xor ebx, ebx ; exit with level 0
int 0x80
filesize equ ($ - $$)
|
