biew:
File : a02.exe                      Size :     2560 bytes
00000400:a6A00                           push (d)  +00
00000402:a6880000000                     push      00000080
00000407:a6A02                           push (d)  +02
00000409:a4883EC20                       sub (q)   rsp,+20
0000040D:a4D33C9                         xor       r9,r9
00000410:a4D33C0                         xor       r8,r8
00000413:aBA00000040                     mov       edx,40000000
00000418:a488D0DE11F0000                 lea       rcx,[rip+00001FE1]
0000041F:aE854000000                     calln     file:00000478
00000424:a4883C438                       add (q)   rsp,+38
00000428:a4883F8FF                       cmp (q)   rax,-01
0000042C:a7441                           je        file:0000046F
0000042E:a4893                           xchg      rax,rbx
00000430:a6A00                           push (d)  +00
00000432:a4883EC20                       sub (q)   rsp,+20
00000436:a4C8D0D23200000                 lea       r9,[rip+00002023]
0000043D:a49B84F00000000000000           mov       r8,000000000000004F
00000447:a488D15BC1F0000                 lea       rdx,[rip+00001FBC]
0000044E:a488BCB                         mov       rcx,rbx
00000451:aE828000000                     calln     file:0000047E
00000456:a4883C428                       add (q)   rsp,+28
0000045A:a48813DFB1F00004F000000         cmp       [rip+00001FFB],0000004F
00000465:a7508                           jne       file:0000046F
00000467:a488BCB                         mov       rcx,rbx
0000046A:aE815000000                     calln     file:00000484
0000046F:a4833C9                         xor       rcx,rcx
00000472:aE813000000                     calln     file:0000048A
00000477:aCC                             int3
00000478:aFF259A0F0000                   jmp (d)   [rip+00000F9A]
0000047E:aFF257C0F0000                   jmp (d)   [rip+00000F7C]
00000484:aFF257E0F0000                   jmp (d)   [rip+00000F7E]
0000048A:aFF25800F0000                   jmp (d)   [rip+00000F80]

WinDbg:
CommandLine: D:\asm\prog\a64\01d\a02.exe
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is: 
ModLoad: 00000000`00400000 00000000`00404000   image00000000`00400000
ModLoad: 00000000`78ec0000 00000000`78ff9000   ntdll.dll
ModLoad: 00000000`78d40000 00000000`78eb2000   C:\WINDOWS\system32\kernel32.dll
(8c0.a14): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
ntdll!DbgBreakPoint:
00000000`78ef3320 cc               int     3
0:000> bp 401000
*** WARNING: Unable to verify checksum for image00000000`00400000
*** ERROR: Module load completed but symbols could not be loaded for image00000000`00400000
0:000> g
Breakpoint 0 hit
image00000000_00400000+0x1000:
00000000`00401000 6a00             push    0x0
0:000> p
image00000000_00400000+0x1002:
00000000`00401002 6880000000       push    0x80
0:000> p
image00000000_00400000+0x1007:
00000000`00401007 6a02             push    0x2
0:000> p
image00000000_00400000+0x1009:
00000000`00401009 4883ec20         sub     rsp,0x20
0:000> db rsp
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - 
00000000`0012ff60  02 00 00 00 00 00 00 00-80 00 00 00 00 00 00 00  ................
00000000`0012ff70  00 00 00 00 00 00 00 00-5c 96 d5 78 00 00 00 00  ........\..x....
00000000`0012ff80  30 96 d5 78 00 00 00 00-00 00 00 00 00 00 00 00  0..x............
00000000`0012ff90  00 00 00 00 00 00 00 00-a8 ff 12 00 00 00 00 00  ................
00000000`0012ffa0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffb0  00 10 40 00 00 00 00 00-00 00 00 00 00 00 00 00  ..@.............
00000000`0012ffc0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffd0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0:000> p
image00000000_00400000+0x100d:
00000000`0040100d 4d33c9           xor     r9,r9
0:000> db rsp
00000000`0012ff40  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ff50  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ff60  02 00 00 00 00 00 00 00-80 00 00 00 00 00 00 00  ................
00000000`0012ff70  00 00 00 00 00 00 00 00-5c 96 d5 78 00 00 00 00  ........\..x....
00000000`0012ff80  30 96 d5 78 00 00 00 00-00 00 00 00 00 00 00 00  0..x............
00000000`0012ff90  00 00 00 00 00 00 00 00-a8 ff 12 00 00 00 00 00  ................
00000000`0012ffa0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffb0  00 10 40 00 00 00 00 00-00 00 00 00 00 00 00 00  ..@.............
0:000> p
image00000000_00400000+0x1010:
00000000`00401010 4d33c0           xor     r8,r8
0:000> p
image00000000_00400000+0x1013:
00000000`00401013 ba00000040       mov     edx,0x40000000
0:000> r rdx
rdx=0000000000000000
0:000> r rdx=-1
0:000> r rdx
rdx=ffffffffffffffff
0:000> p
image00000000_00400000+0x1018:
00000000`00401018 488d0de11f0000 lea rcx,[image00000000_00400000+0x3000 (0000000000403000)] ds:00000000`00403000=78742e6f626d6152
0:000> r rdx
rdx=0000000040000000
0:000> p
image00000000_00400000+0x101f:
00000000`0040101f e854000000 call image00000000_00400000+0x1078 (0000000000401078)
0:000> p
image00000000_00400000+0x1024:
00000000`00401024 4883c438         add     rsp,0x38
0:000> p
image00000000_00400000+0x1028:
00000000`00401028 4883f8ff         cmp     rax,0xffffffffffffffff
0:000> db rsp
00000000`0012ff78  5c 96 d5 78 00 00 00 00-30 96 d5 78 00 00 00 00  \..x....0..x....
00000000`0012ff88  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ff98  a8 ff 12 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffa8  00 00 00 00 00 00 00 00-00 10 40 00 00 00 00 00  ..........@.....
00000000`0012ffb8  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffc8  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffd8  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffe8  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0:000> r rax
rax=00000000000003e4
0:000> p
image00000000_00400000+0x102c:
00000000`0040102c 7441 jz image00000000_00400000+0x106f (000000000040106f) [br=0]
0:000> p
image00000000_00400000+0x102e:
00000000`0040102e 4893             xchg    rax,rbx
0:000> p
image00000000_00400000+0x1030:
00000000`00401030 6a00             push    0x0
0:000> p
image00000000_00400000+0x1032:
00000000`00401032 4883ec20         sub     rsp,0x20
0:000> db rsp
00000000`0012ff70  00 00 00 00 00 00 00 00-5c 96 d5 78 00 00 00 00  ........\..x....
00000000`0012ff80  30 96 d5 78 00 00 00 00-00 00 00 00 00 00 00 00  0..x............
00000000`0012ff90  00 00 00 00 00 00 00 00-a8 ff 12 00 00 00 00 00  ................
00000000`0012ffa0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffb0  00 10 40 00 00 00 00 00-00 00 00 00 00 00 00 00  ..@.............
00000000`0012ffc0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffd0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffe0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0:000> p
image00000000_00400000+0x1036:
00000000`00401036 4c8d0d23200000 lea r9,[image00000000_00400000+0x3060 (0000000000403060)] ds:00000000`00403060=0000000000000000
0:000> db rsp
00000000`0012ff50  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ff60  02 00 00 00 00 00 00 00-80 00 00 00 00 00 00 00  ................
00000000`0012ff70  00 00 00 00 00 00 00 00-5c 96 d5 78 00 00 00 00  ........\..x....
00000000`0012ff80  30 96 d5 78 00 00 00 00-00 00 00 00 00 00 00 00  0..x............
00000000`0012ff90  00 00 00 00 00 00 00 00-a8 ff 12 00 00 00 00 00  ................
00000000`0012ffa0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffb0  00 10 40 00 00 00 00 00-00 00 00 00 00 00 00 00  ..@.............
00000000`0012ffc0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0:000> p
image00000000_00400000+0x103d:
00000000`0040103d 49b84f00000000000000 mov r8,0x4f
0:000> p
image00000000_00400000+0x1047:
00000000`00401047 488d15bc1f0000 lea rdx,[image00000000_00400000+0x300a (000000000040300a)] ds:00000000`0040300a=202d206f626d6152
0:000> p
image00000000_00400000+0x104e:
00000000`0040104e 488bcb           mov     rcx,rbx
0:000> p
image00000000_00400000+0x1051:
00000000`00401051 e828000000 call image00000000_00400000+0x107e (000000000040107e)
0:000> p
image00000000_00400000+0x1056:
00000000`00401056 4883c428         add     rsp,0x28
0:000> db rsp
00000000`0012ff50  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ff60  02 00 00 00 00 00 00 00-60 30 40 00 00 00 00 00  ........`0@.....
00000000`0012ff70  00 00 00 00 00 00 00 00-5c 96 d5 78 00 00 00 00  ........\..x....
00000000`0012ff80  30 96 d5 78 00 00 00 00-00 00 00 00 00 00 00 00  0..x............
00000000`0012ff90  00 00 00 00 00 00 00 00-a8 ff 12 00 00 00 00 00  ................
00000000`0012ffa0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffb0  00 10 40 00 00 00 00 00-00 00 00 00 00 00 00 00  ..@.............
00000000`0012ffc0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0:000> p
image00000000_00400000+0x105a:
00000000`0040105a 48813dfb1f00004f000000 cmp qword ptr [image00000000_00400000+0x3060 (0000000000403060)],0x4f ds:00000000`00403060=000000000000004f
0:000> db rsp
00000000`0012ff78  5c 96 d5 78 00 00 00 00-30 96 d5 78 00 00 00 00  \..x....0..x....
00000000`0012ff88  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ff98  a8 ff 12 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffa8  00 00 00 00 00 00 00 00-00 10 40 00 00 00 00 00  ..........@.....
00000000`0012ffb8  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffc8  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffd8  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`0012ffe8  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0:000> db 403060
00000000`00403060  4f 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  O...............
00000000`00403070  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`00403080  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`00403090  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`004030a0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`004030b0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`004030c0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
00000000`004030d0  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0:000> p
image00000000_00400000+0x1065:
00000000`00401065 7508 jnz image00000000_00400000+0x106f (000000000040106f) [br=0]
0:000> p
image00000000_00400000+0x1067:
00000000`00401067 488bcb           mov     rcx,rbx
0:000> p
image00000000_00400000+0x106a:
00000000`0040106a e815000000 call image00000000_00400000+0x1084 (0000000000401084)
0:000> p
image00000000_00400000+0x106f:
00000000`0040106f 4833c9           xor     rcx,rcx
0:000> p
image00000000_00400000+0x1072:
00000000`00401072 e813000000 call image00000000_00400000+0x108a (000000000040108a)
0:000> p
ntdll!ZwTerminateProcess+0xa:
00000000`78ef152a c3               ret
