cbeed6396f
Merge commit '6fa8d51479e9a5542c67bec715a1f68e7ed057ba'
710 lines
No EOL
27 KiB
JSON
710 lines
No EOL
27 KiB
JSON
[
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "678D342525250225",
|
|
"description": "lea esi, ds:[0x0000000025022525]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "66669C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C696666666666",
|
|
"description": "pushf"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "6767676767AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
|
|
"description": "stosb"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C57811FC",
|
|
"description": "vmovups xmm4, xmm15"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "C5C5D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9C5",
|
|
"description": "vpsubusw ymm3, ymm7, ymm1"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C48301496C6C6C6C6F6C6C000000000000",
|
|
"description": "vpermil2pd xmm5, xmm15, xmmword ptr ds:[r12+r13*2+0x6C], xmm6, 0x0C"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "0F1B040000001717171717171717171717171717171717171717171700000000",
|
|
"description": "bndstx ds:[eax+eax], bnd0"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "45454545454532B10C00000014141400C4C48400000000000000",
|
|
"description": "xor r14b, byte ptr ds:[r9+0x0C]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "666666C2B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6000000000A0A",
|
|
"description": "ret 0xB6B6"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6762727D2490040400",
|
|
"description": "vpgatherdd ymm8 {k4}, dword ptr ss:[esp+ymm16*1]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "8D0D8D00000000000000000000",
|
|
"description": "lea ecx, ds:[0x0000008D]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "FF1B0A0A000000000000005D0000000000000000000000000000000000000000",
|
|
"description": "call far dword ptr ss:[bp+di*1]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C579D6FC",
|
|
"description": "vmovq xmm4, xmm15"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_REAL_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "A00300",
|
|
"description": "mov al, byte ptr ds:[0x0003]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6659",
|
|
"description": "pop cx"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C53B11FC",
|
|
"description": "vmovsd xmm4, xmm8, xmm15"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "67FF0EC00C0CA0",
|
|
"description": "dec dword ptr ds:[0x0CC0]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "D32600D3",
|
|
"description": "shl word ptr ds:[0xD300], cl"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_REAL_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "67008B00001000",
|
|
"description": "add byte ptr ds:[ebx+0x100000], cl"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6225145F5F00005F5F5FFFFFFFFFFF00FFFF",
|
|
"description": "vmaxph zmm24 {k7}, zmm13, word ptr ds:[rax] {1to32}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "67C44235919490909090906B",
|
|
"description": "vpgatherqd xmm10, dword ptr ds:[r8d+ymm2*4-0x6F6F6F70], xmm9"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "640F1A5454545454545454545454545454545454545454545454545454545454",
|
|
"description": "bndldx bnd2, fs:[rsp+rdx+0x54]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "00A4A4A4A4A4A4A4A4A4A4A4A4A4A4A400000000000000000000000000000000",
|
|
"description": "add byte ptr ss:[rsp-0x5B5B5B5C], ah"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "F30FA7C8",
|
|
"description": "rep xcrypt_ecb"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C4A3FD7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
|
|
"description": "vfnmsubsd xmm7, xmm0, xmm15, xmm7"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "2A34CDCDCDCDCDCDCDCDCDCDCDCDCDFD00005A5A5A5A5A000000BDBDBDBDBDBD",
|
|
"description": "sub dh, byte ptr ds:[rcx*8-0x32323233]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "4C4C63DF4C6C4C4C4C0000",
|
|
"description": "movsxd r11, edi"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "8F2800B60000000000000000000A",
|
|
"description": "vpmadcswd xmm0, xmm7, xmmword ptr ds:[eax], xmm0"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6262FD06A0A4A43E256262",
|
|
"description": "vpscatterdq qword ptr ss:[rsp+xmm20*4+0x6262253E] {k6}, xmm28"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "FFE22D0000",
|
|
"description": "jmp rdx"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "2E2E2E2E2E2E2E2E2E2E322E2A0000002E382E2E3E3E3E3EBC003E3E3E3E3E3E",
|
|
"description": "xor ch, byte ptr cs:[esi]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "F20F38F10D",
|
|
"description": "crc32 ecx, word ptr ds:[di]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6242795A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A",
|
|
"description": "vbroadcasti32x4 zmm27 {k2}, dword ptr ds:[r10+0x168] {sint8}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "2E2E2E2E2E2E322E2A0000002E382E2E3E3E3E3EBC003E3E3E3E3E3E3E00FF3E",
|
|
"description": "xor ch, byte ptr ds:[rsi]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "3EC5C2C2BEC2C2C2C2C2B5C2C2C2C2C2C2C2C2C2C2C27076267000",
|
|
"description": "vcmpss xmm7, xmm7, dword ptr ds:[bp-0x3D3E], 0xC2"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "8F89000110000000000000000000000000000000000000000000000000000000",
|
|
"description": "blsfill r15d, dword ptr ds:[r8]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "E800000000E8E80A0A0000000000000000000000000000000000000000",
|
|
"description": "call 0x00000005"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "87C01D",
|
|
"description": "xchg eax, eax"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "626239DD3D3D3D883D3D3D3D3D3D3D3D00FF6F6FFF00",
|
|
"description": "vpmaxsd zmm31 {k5}, zmm8, xmmword ptr ds:[0x000000003D3D8847] {sint8} {eh}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "009E00000000000000000000000000003838332700",
|
|
"description": "add byte ptr ss:[bp], bl"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "4B4B4B4B4B4B4B4B4B4B4B4B0F070055949494945555555555555555555501",
|
|
"description": "sysret"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6221DD4CDDDDDD4C4C4C4C5858580A00E000000000000000000100",
|
|
"description": "vpaddusw zmm27 {k4}, zmm4, zmm21"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "4D9F9F9F9F0000009F9F9F009F9F9F00000000FF",
|
|
"description": "lahf"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "8383830A83000000000A0000000000830A00000000000A0A",
|
|
"description": "add dword ptr ds:[rbx+0x830A83], 0x00"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6767676767F63DF6F6F6F6F6F6F6F6F60909099F00",
|
|
"description": "idiv byte ptr ds:[0x00000000F6F6F701]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "C4E1F8902420",
|
|
"description": "kmovq k4, qword ptr ds:[eax]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "3E683E4E3E7E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E0900000000000000000000",
|
|
"description": "push 0x7E3E4E3E"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "80C87AC8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8FFFFFFFF",
|
|
"description": "or al, 0x7A"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "36363636366767368D368D8D8D8D8D8D8D8D8D8D8D67670D0D0D0D0D0D0D0D32",
|
|
"description": "lea esi, ds:[0x00008D8D]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "2E47474747B0472E2E2E2E2E2E2E5B2E2E2E2E2E2E2E2E2E2E2E2E2E2E2E2E00",
|
|
"description": "mov r8b, 0x47"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C55C851600000085855C5C5C90000A00000000",
|
|
"description": "jknzd k4, 0x000000000000001D"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "87C0C00166673E00000909050980090509802281EA640000000067000000001C",
|
|
"description": "xchg ax, ax"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "006BF8",
|
|
"description": "add byte ptr ds:[ebx-0x08], ch"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "67676762E27D4F902400000062E27D4F9024EB006222CD579A0000D8D5000033",
|
|
"description": "vpgatherdd zmm4 {k7}, dword ptr ds:[eax+zmm0*1]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6252794AA02435052D6266",
|
|
"description": "vpscatterdd byte ptr ds:[zmm6*1+0x66622D05] {k2} {uint8}, zmm12"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "66666666DD6666666766666666666266666600B1B1B1B1B1B1B1B1B1FFFF7F00",
|
|
"description": "frstor ds:[esi+0x66]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_REAL_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "678D999A2D9B340000000A000A0A0000",
|
|
"description": "lea bx, ds:[ecx+0x349B2D9A]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "B90A000200",
|
|
"description": "mov ecx, 0x2000A"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_REAL_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "FF50FF",
|
|
"description": "call word ptr ds:[bx+si*1-0x01]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "62565656567C6767676767676767676767676767676767676767676767676767",
|
|
"description": "vfmaddcph zmm15 {k6}, zmm21, dword ptr ds:[r15+0x19C] {1to16}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "622231CD4747FF005D00000000",
|
|
"description": "vpsllvd zmm24 {k5}, zmm9, xmmword ptr ds:[rdi-0x10] {uint8} {eh}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6262F900922C0000",
|
|
"description": "vgatherdpd zmm29, qword ptr ds:[rax+zmm16*1]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "62457D3D7A2500E76767011FFF",
|
|
"description": "vcvttph2qq ymm28 {k5}, word ptr ds:[0x000000006767E70A] {1to4}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C8C8C8C80400000000CDCDCDCDCDCDCDCDCDCDCDCDCDCD0100000000000110FF",
|
|
"description": "enter 0xC8C8, 0xC8"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "8B04256232CDF22C00000002000200000000000000666666669A9066662B0900",
|
|
"description": "mov eax, dword ptr ds:[0xFFFFFFFFF2CD3262]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C57B11FC",
|
|
"description": "vmovsd xmm4, xmm0, xmm15"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6262219E3FBC9D000000000008000000445F",
|
|
"description": "vpmaxud zmm31 {k6}, zmm11, dword ptr ss:[rbp+rbx*4] {1to16} {eh}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C7C7C7C7C7C700060000000000",
|
|
"description": "mov edi, 0xC7C7C7C7"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "0F1B05000000000000000000000A8D0A000A0A",
|
|
"description": "bndstx ds:[0x00000000], bnd0"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "008800000000000000F0F0F0F0F0F0F0F0F0",
|
|
"description": "add byte ptr ds:[rax], cl"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6464C7F8000F64007900646464646464646464646400000000000000000B0B",
|
|
"description": "xbegin 0x0000000000640F08"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6262FD2EA39C190024242524",
|
|
"description": "vscatterqpd qword ptr ds:[rcx+ymm3*1+0x25242400] {k6}, ymm27"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "8C252DC8C8C8",
|
|
"description": "mov word ptr ds:[0xC82D], fs"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6767555555555555555555673B01000000000000676767676767676767676767",
|
|
"description": "push rbp"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "4A4A4A4A6A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4AAB00000000000000",
|
|
"description": "push 0x4A"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "9A0000000000000000000000000000000F000000000000F9FF282828282828D7",
|
|
"description": "call far 0x0000:0x00000000"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "62F20198B5FFFFFFFFFFFFFFFF5CFF5C4CFFFFFFFFFFFF05000000000000B75C",
|
|
"description": "vpmadd231d zmm7, zmm15, zmm7"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "62817C0B5A5B14210000000000FFB2",
|
|
"description": "vcvtps2pd xmm19 {k3}, qword ptr ds:[r11+0xA0]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "718EECECECECECECEC00A4A4A4",
|
|
"description": "jno 0xFFFFFFFFFFFFFF90"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "62F27E0829CD29292929FC00",
|
|
"description": "vpmovb2m k1, xmm5"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "2EC5FFE600F5C1C100",
|
|
"description": "vcvtpd2dq xmm0, ymmword ptr cs:[bx+si*1]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "D100000000003E3E453E3E3E2E3EBC003E3E3E3E3E3E3E00FF3E3E3E3E3E3E3E",
|
|
"description": "rol dword ptr ds:[rax], 0x01"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "3E3E3E3E3EBC003E3E3E3E3E3E3E00FF3E3E3E3E3E3E3E3E3E3E3E3E3E",
|
|
"description": "mov esp, 0x3E3E3E00"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "62E29D9D2C9CFFFFFFFFFFFFFF0E202020FF2020202020200100000000000000",
|
|
"description": "vscalefpd xmm3 {k5} {z}, xmm4, qword ptr ds:[si-0x01] {1to2}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6291780E1811",
|
|
"description": "vprefetch1 byte ptr ds:[r9]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6222CD9A9A9AFFFFFFFF",
|
|
"description": "vfmsub132pd xmm27 {k2} {z}, xmm6, qword ptr ds:[rdx-0x01] {1to2}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "7E6D0A0A00",
|
|
"description": "jle 0x000000000000006F"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "36643636363636363647470F0F0F1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D",
|
|
"description": "pf2id mm1, qword ptr fs:[r15]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C4A3F963493086",
|
|
"description": "vpcmpistri xmm1, xmmword ptr ds:[rcx+0x30], 0x86"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C300000A0000000000000000000000",
|
|
"description": "ret"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "67670F1B050000000000000001FDFFFF66676767676767210000000000",
|
|
"description": "bndstx ds:[0x0000], bnd0"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "626205239D63FFF862030062626262626262230100000000000A00",
|
|
"description": "vfnmadd132ss xmm28 {k3}, xmm31, dword ptr ds:[rbx-0x04]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "8080800000000000000000000000200000000000000A0AFF80808080808080FF",
|
|
"description": "add byte ptr ds:[rax+0x80], 0x00"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "FF1100000083838383838383830500000000000000E30A0000000000000A0000",
|
|
"description": "call qword ptr ds:[rcx]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "A0A0A0A0A000000000001AFFFF00",
|
|
"description": "mov al, byte ptr ds:[0x00000000A0A0A0A0]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "80E0E84F4F4F4F4F4F4F4F4F4F4F8C050000000A0A0A8E8E0AE8E8E8E8E8E8E8",
|
|
"description": "and al, 0xE8"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "8D000000D600D6830000000000",
|
|
"description": "lea eax, ds:[rax]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "8F898092929292929292929292929292929292D30000",
|
|
"description": "vprotd xmm2, xmm7, xmmword ptr ds:[edx-0x6D6D6D6E]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "535353535353535353535353535353535353535353005353",
|
|
"description": "push ebx"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "49C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7",
|
|
"description": "mov r15, 0xFFFFFFFFC7C7C7C7"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6201FD2B5A00008E",
|
|
"description": "vcvtpd2ps xmm24 {k3}, ymmword ptr ds:[r8]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "4D0AA4A4A4A4A40000A4FFFFFFF6A40000FF0000000000000AF3A4A4A4A4",
|
|
"description": "or r12b, byte ptr ds:[r12+0xA4A4A4]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "62624D017E0A",
|
|
"description": "vpermt2d xmm25 {k1}, xmm22, xmmword ptr ds:[rdx]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "C42231939C3C3D3D3D3D3D",
|
|
"description": "vgatherqps xmm11, dword ptr ss:[rsp+xmm15*1+0x3D3D3D3D], xmm9"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "62257D3E5B7373",
|
|
"description": "vcvtph2dq ymm30 {k6}, word ptr ds:[rbx+0xE6] {1to8}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6262010C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C",
|
|
"description": "vfnmadd132ps zmm27 {k4}, zmm15, zmmword ptr ss:[rsp+rbx*4-0x63636364]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "8B042505FFFFFFFFFFFFFFFFFFFFFFFF0000",
|
|
"description": "mov eax, dword ptr ds:[0xFFFFFFFFFFFFFF05]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "41D385000000000000000000000000000000000000000000000000",
|
|
"description": "rol dword ptr ds:[r13], cl"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "0F01000000000000000040000000FFFFFFFFFF3FFFFFFFFFFFFFFFFFFF000A",
|
|
"description": "sgdt tbyte ptr ds:[rax]"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "67000500006600",
|
|
"description": "add byte ptr ds:[0x0000], al"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "0F0701000000000000070F0000000000000000000000FFFF0A0000",
|
|
"description": "sysret"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_32",
|
|
"payload": "676767676767676736E230303030303030303030303031313039313830383232",
|
|
"description": "loop 0x0000003B"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "62A645BBA6454545454545454545454536360000",
|
|
"description": "vfmaddsub213ph ymm16 {k3} {z}, ymm7, word ptr ss:[rbp+0x8A] {1to16}"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "8800000000000000F0F0F0F0F0F0F0F0F0",
|
|
"description": "mov byte ptr ds:[rax], al"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "6426626205007EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
|
|
"description": "vpermt2d xmm31, xmm31, xmm7"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "4DC7C730000000",
|
|
"description": "mov r15, 0x30"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_32",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_16",
|
|
"payload": "D324FF",
|
|
"description": "shl dword ptr ds:[edi+edi*8], cl"
|
|
},
|
|
{
|
|
"machine_mode": "ZYDIS_MACHINE_MODE_LONG_64",
|
|
"stack_width": "ZYDIS_STACK_WIDTH_64",
|
|
"payload": "CACACA",
|
|
"description": "ret far 0xCACA"
|
|
}
|
|
] |