-
Prototype on UP Squared Pro board, all 4 cores, works for x64 Windows 10
RAM space: u@u-Squared:~/prjs/lib-micro$ ./build/cmps_static core 0 patching addr: 00007dbc - ram: 000001bc jump_target return value: 0x7dbc 7dbc: 11890b8279c8 11890b8279c8 11890b826988 018000c0 7dc0: 11890b826988 000000000000 000000000000 018000c0 7dc4: 100500021861 237d3f000e88 0fff00000000 030000f2 0x3cc8 uop 0x1c0000231027 0x3cc8 uop 0x1c0000630026 0x3cc8 uop 0x108501034d08 seqw 0x18000c0 Patching 3de8 -> 7dc8 7dc8: 000000000000 1c0000231027 0008901f000d...
-
Windows 10 x64 22h2 weird hashes
I am testing windows 10 x64 generated password hashes for the cpu backdoor project. kd> !process 0 0 ... PROCESS ffff9a8fa5e6d080 SessionId: 1 Cid: 0218 Peb: e83886000 ParentCid: 01d4 DirBase: 7d0f0000 ObjectTable: ffffd801f7e84bc0 HandleCount: <Data Not Accessible> Image: winlogon.exe ... kd> .process /i ffff9a8fa5e6d080 You need to continue execution (press...
-
Goldmont microcode -- MSLOOP MOD1
MSLOOP In the following code, there is “MSLOOP” pointing at tmp10:=SUB\_DSZN(tmp1, tmp0). U3cc8: 1c0000231027 tmp1:= LDZX_DSZN_ASZ32_SC1(rdi, mode=0x08) U3cc9: 1c0000630026 tmp0:= LDZX_DSZN_ASZ32_SC1(rsi, mode=0x18) U3cca: 108501034d08 tmp4:= SUB_DSZN(0x00000001, tmp4) U3ccc: 11890b8279c8 rdi:= ADDSUB_DSZ16_CONDD(IMM_MACRO_ALIAS_DATASIZE, rdi) U3ccd: 11890b826988 rsi:= ADDSUB_DSZ16_CONDD(IMM_MACRO_ALIAS_DATASIZE, rsi) U3cce: 10050003ac31 MSLOOP-> tmp10:= SUB_DSZN(tmp1, tmp0) U3cd0: 015f6410023a UJMPCC_DIRECT_TAKEN_CONDZ(tmp10, U0464) U3cd1: 015064100234 UJMPCC_DIRECT_NOTTAKEN_CONDZ(tmp4,...