00407000 > BF 30544000 MOV EDI,in.00405430 ;this block is entire decode loop
00407005 81FF D0554000 CMP EDI,in.004055D0
0040700B 74 10 JE SHORT in.0040701D
0040700D 812F 0B000000 SUB DWORD PTR DS:[EDI],0B
00407013 83C7 04 ADD EDI,4
00407016 BB 05704000 MOV EBX,in.00407005
0040701B FFE3 JMP EBX
0040701D BE 30544000 MOV ESI,in.00405430
00407022 -FFE6 JMP ESI ;esi=405430 end of decode loop
00405430 ? 60 PUSHAD ;start of regular upx stub
00405431 ? BE 00504000 MOV ESI,in.00405000
00405436 . 8DBE 00C0FFFF LEA EDI,DWORD PTR DS:[ESI+FFFFC000]
0040543C . 57 PUSH EDI
0040543D . 83CD FF OR EBP,FFFFFFFF
00405440 . EB 10 JMP SHORT in.00405452
00405442 90 NOP
00405443 90 NOP
00405444 90 NOP
00405445 90 NOP
00405446 90 NOP
00405447 90 NOP |
Error: Authentication required to access requested resource.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}