AMI-Aptio-BIOS-Reversed/TrEEPei/export_batch_3.json at a42bdf720a4c28ee31ce9d1de96442d89ac8055c

Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / TrEEPei / export_batch_3.json
Ajax Dong 2 days ago 36 KB Init
Raw Blame History
{"jsonrpc": "2.0", "result": {"structuredContent": {"format": "json", "functions": [{"addr": "0xffe15d1d", "name": "CrbCheckStatus", "prototype": "bool __cdecl(_DWORD *)", "size": "0x46", "comments": {}, "asm": "CrbCheckStatus (.text @ 0xffe15d1d):\nffe15d1d  push ebp\nffe15d1e  mov ebp, esp\nffe15d20  push ecx\nffe15d21  push ecx\nffe15d22  and [ebp+var_8], 0\nffe15d26  and [ebp+var_4], 0\nffe15d2a  mov eax, [ebp+arg_0]\nffe15d2d  mov eax, [eax]\nffe15d2f  mov [ebp+var_4], eax\nffe15d32  mov eax, [ebp+var_4]\nffe15d35  shr eax, 2\nffe15d38  mov [ebp+var_8], eax\nffe15d3b  mov eax, [ebp+var_8]\nffe15d3e  and eax, 7\nffe15d41  jnz loc_FFE15D5D\nffe15d43  mov eax, [ebp+arg_0]\nffe15d46  mov eax, [eax]\nffe15d48  and eax, 2\nffe15d4b  jz loc_FFE15D5D\nffe15d4d  mov eax, [ebp+arg_0]\nffe15d50  mov eax, [eax]\nffe15d52  and eax, 80h\nffe15d57  jz loc_FFE15D5D\nffe15d59  mov al, 1\nffe15d5b  jmp loc_FFE15D5F\nffe15d5d  xor al, al\nffe15d5f  mov esp, ebp\nffe15d61  pop ebp\nffe15d62  retn", "code": "bool __cdecl CrbCheckStatus(_DWORD *a1)\n{\n  return ((*a1 >> 2) & 7) == 0 && (*a1 & 2) != 0 && (*a1 & 0x80) != 0; /*0xffe15d5f*/\n}", "xrefs": {"to": [{"addr": "0xffe15d82", "type": "code"}], "from": [{"addr": "0xffe15d1e", "type": "code"}]}}, {"addr": "0xffe15d63", "name": "CrbWaitCmdReady", "prototype": "int __cdecl(_DWORD *)", "size": "0x5c", "comments": {}, "asm": "CrbWaitCmdReady (.text @ 0xffe15d63):\nffe15d63  push ebp\nffe15d64  mov ebp, esp\nffe15d66  sub esp, 10h\nffe15d69  and [ebp+var_10], 0\nffe15d6d  mov [ebp+var_8], 32h\nffe15d74  mov [ebp+var_C], 3A98h\nffe15d7b  and [ebp+var_4], 0\nffe15d7f  push [ebp+arg_0]\nffe15d82  call CrbCheckStatus\nffe15d87  pop ecx\nffe15d88  movzx eax, al\nffe15d8b  test eax, eax\nffe15d8d  jnz loc_FFE15DB9\nffe15d8f  mov eax, [ebp+arg_0]\nffe15d92  mov dword ptr [eax+8], 1\nffe15d99  mov ecx, [ebp+var_8]\nffe15d9c  call DebugPrintNumber\nffe15da1  mov eax, [ebp+var_4]\nffe15da4  inc eax\nffe15da5  mov [ebp+var_4], eax\nffe15da8  mov eax, [ebp+var_4]\nffe15dab  cmp eax, [ebp+var_C]\nffe15dae  jnz loc_FFE15DB7\nffe15db0  mov eax, 80000007h\nffe15db5  jmp loc_FFE15DBB\nffe15db7  jmp loc_FFE15D7F\nffe15db9  xor eax, eax\nffe15dbb  mov esp, ebp\nffe15dbd  pop ebp\nffe15dbe  retn", "code": "int __cdecl CrbWaitCmdReady(_DWORD *a1)\n{\n  int v2; // [esp+Ch] [ebp-4h]\n\n  v2 = 0; /*0xffe15d7b*/\n  while ( !CrbCheckStatus(a1) ) /*0xffe15d8d*/\n  {\n    a1[2] = 1; /*0xffe15d92*/\n    DebugPrintNumber(0x32u); /*0xffe15d9c*/\n    if ( ++v2 == 15000 ) /*0xffe15dae*/\n      return -2147483641; /*0xffe15db5*/\n  }\n  return 0; /*0xffe15dbb*/\n}", "xrefs": {"to": [{"addr": "0xffe15f44", "type": "code"}], "from": [{"addr": "0xffe15d64", "type": "code"}]}}, {"addr": "0xffe15dbf", "name": "CrbWaitIdle", "prototype": "int __cdecl(int)", "size": "0x51", "comments": {}, "asm": "CrbWaitIdle (.text @ 0xffe15dbf):\nffe15dbf  push ebp\nffe15dc0  mov ebp, esp\nffe15dc2  sub esp, 0Ch\nffe15dc5  mov [ebp+var_C], 32h\nffe15dcc  mov [ebp+var_8], 124F80h\nffe15dd3  and [ebp+var_4], 0\nffe15dd7  mov eax, [ebp+arg_0]\nffe15dda  cmp dword ptr [eax+4Ch], 0\nffe15dde  jz loc_FFE15DFB\nffe15de0  mov ecx, [ebp+var_C]\nffe15de3  call DebugPrintNumber\nffe15de8  mov eax, [ebp+var_4]\nffe15deb  cmp eax, [ebp+var_8]\nffe15dee  jnz loc_FFE15DF2\nffe15df0  jmp loc_FFE15DFB\nffe15df2  mov eax, [ebp+var_4]\nffe15df5  inc eax\nffe15df6  mov [ebp+var_4], eax\nffe15df9  jmp loc_FFE15DD7\nffe15dfb  mov eax, [ebp+var_4]\nffe15dfe  cmp eax, [ebp+var_8]\nffe15e01  jnz loc_FFE15E0A\nffe15e03  mov eax, 80000007h\nffe15e08  jmp loc_FFE15E0C\nffe15e0a  xor eax, eax\nffe15e0c  mov esp, ebp\nffe15e0e  pop ebp\nffe15e0f  retn", "code": "int __cdecl CrbWaitIdle(int a1)\n{\n  int i; // [esp+8h] [ebp-4h]\n\n  for ( i = 0; *(_DWORD *)(a1 + 76); ++i ) /*0xffe15dd3*/\n  {\n    DebugPrintNumber(0x32u); /*0xffe15de3*/\n    if ( i == 1200000 ) /*0xffe15dee*/\n      break; /*0xffe15dee*/\n  }\n  if ( i == 1200000 ) /*0xffe15e01*/\n    return -2147483641; /*0xffe15e03*/\n  else\n    return 0; /*0xffe15e0a*/\n}", "xrefs": {"to": [{"addr": "0xffe15fcc", "type": "code"}, {"addr": "0xffe16027", "type": "code"}], "from": [{"addr": "0xffe15dc0", "type": "code"}]}}, {"addr": "0xffe15e10", "name": "CrbGetState", "prototype": "char __cdecl(int)", "size": "0x25", "comments": {}, "asm": "CrbGetState (.text @ 0xffe15e10):\nffe15e10  push ebp\nffe15e11  mov ebp, esp\nffe15e13  mov eax, [ebp+arg_0]\nffe15e16  mov eax, [eax+44h]\nffe15e19  and eax, 1\nffe15e1c  jz loc_FFE15E22\nffe15e1e  or al, 0FFh\nffe15e20  jmp loc_FFE15E33\nffe15e22  mov eax, [ebp+arg_0]\nffe15e25  mov eax, [eax+44h]\nffe15e28  and eax, 2\nffe15e2b  jz loc_FFE15E31\nffe15e2d  mov al, 1\nffe15e2f  jmp loc_FFE15E33\nffe15e31  xor al, al\nffe15e33  pop ebp\nffe15e34  retn", "code": "char __cdecl CrbGetState(int a1)\n{\n  if ( (*(_DWORD *)(a1 + 68) & 1) != 0 ) /*0xffe15e1c*/\n    return -1; /*0xffe15e1e*/\n  else\n    return (*(_DWORD *)(a1 + 68) & 2) != 0; /*0xffe15e2b*/\n}", "xrefs": {"to": [{"addr": "0xffe15e50", "type": "code"}, {"addr": "0xffe15e87", "type": "code"}, {"addr": "0xffe15ec9", "type": "code"}, {"addr": "0xffe15f01", "type": "code"}], "from": [{"addr": "0xffe15e11", "type": "code"}]}}, {"addr": "0xffe15e35", "name": "CrbSetStateCmdReady", "prototype": "int __cdecl(int)", "size": "0x75", "comments": {}, "asm": "CrbSetStateCmdReady (.text @ 0xffe15e35):\nffe15e35  push ebp\nffe15e36  mov ebp, esp\nffe15e38  sub esp, 0Ch\nffe15e3b  mov [ebp+var_C], 32h\nffe15e42  mov [ebp+var_8], 3A98h\nffe15e49  and [ebp+var_4], 0\nffe15e4d  push [ebp+arg_0]\nffe15e50  call CrbGetState\nffe15e55  pop ecx\nffe15e56  movzx eax, al\nffe15e59  test eax, eax\nffe15e5b  jnz loc_FFE15E61\nffe15e5d  xor eax, eax\nffe15e5f  jmp loc_FFE15EA6\nffe15e61  mov eax, [ebp+arg_0]\nffe15e64  mov dword ptr [eax+40h], 1\nffe15e6b  mov ecx, [ebp+var_C]\nffe15e6e  call DebugPrintNumber\nffe15e73  mov eax, [ebp+var_4]\nffe15e76  cmp eax, [ebp+var_8]\nffe15e79  jnz loc_FFE15E7D\nffe15e7b  jmp loc_FFE15E95\nffe15e7d  mov eax, [ebp+var_4]\nffe15e80  inc eax\nffe15e81  mov [ebp+var_4], eax\nffe15e84  push [ebp+arg_0]\nffe15e87  call CrbGetState\nffe15e8c  pop ecx\nffe15e8d  movzx eax, al\nffe15e90  cmp eax, 1\nffe15e93  jz loc_FFE15E61\nffe15e95  mov eax, [ebp+var_4]\nffe15e98  cmp eax, [ebp+var_8]\nffe15e9b  jnz loc_FFE15EA4\nffe15e9d  mov eax, 80000007h\nffe15ea2  jmp l... [1090 chars total]", "code": "int __cdecl CrbSetStateCmdReady(int a1)\n{\n  int n15000; // [esp+8h] [ebp-4h]\n\n  n15000 = 0; /*0xffe15e49*/\n  if ( !CrbGetState(a1) ) /*0xffe15e50*/\n    return 0; /*0xffe15e5d*/\n  do /*0xffe15e93*/\n  {\n    *(_DWORD *)(a1 + 64) = 1; /*0xffe15e64*/\n    DebugPrintNumber(0x32u); /*0xffe15e6e*/\n    if ( n15000 == 15000 ) /*0xffe15e79*/\n      break; /*0xffe15e79*/\n    ++n15000; /*0xffe15e81*/\n  }\n  while ( CrbGetState(a1) == 1 ); /*0xffe15e93*/\n  if ( n15000 == 15000 ) /*0xffe15e9b*/\n    return -2147483641; /*0xffe15e9d*/\n  else\n    return 0; /*0xffe15ea4*/\n}", "xrefs": {"to": [{"addr": "0xffe15f5e", "type": "code"}], "from": [{"addr": "0xffe15e36", "type": "code"}]}}, {"addr": "0xffe15eaa", "name": "CrbSetStateIdle", "prototype": "int __cdecl(int)", "size": "0x79", "comments": {}, "asm": "CrbSetStateIdle (.text @ 0xffe15eaa):\nffe15eaa  push ebp\nffe15eab  mov ebp, esp\nffe15ead  sub esp, 10h\nffe15eb0  mov [ebp+var_C], 32h\nffe15eb7  mov [ebp+var_8], 3A98h\nffe15ebe  and [ebp+var_4], 0\nffe15ec2  and [ebp+var_10], 0\nffe15ec6  push [ebp+arg_0]\nffe15ec9  call CrbGetState\nffe15ece  pop ecx\nffe15ecf  movzx eax, al\nffe15ed2  cmp eax, 1\nffe15ed5  jnz loc_FFE15EDB\nffe15ed7  xor eax, eax\nffe15ed9  jmp loc_FFE15F1F\nffe15edb  mov eax, [ebp+arg_0]\nffe15ede  mov dword ptr [eax+40h], 2\nffe15ee5  mov ecx, [ebp+var_C]\nffe15ee8  call DebugPrintNumber\nffe15eed  mov eax, [ebp+var_4]\nffe15ef0  cmp eax, [ebp+var_8]\nffe15ef3  jnz loc_FFE15EF7\nffe15ef5  jmp loc_FFE15F0E\nffe15ef7  mov eax, [ebp+var_4]\nffe15efa  inc eax\nffe15efb  mov [ebp+var_4], eax\nffe15efe  push [ebp+arg_0]\nffe15f01  call CrbGetState\nffe15f06  pop ecx\nffe15f07  movzx eax, al\nffe15f0a  test eax, eax\nffe15f0c  jz loc_FFE15EDB\nffe15f0e  mov eax, [ebp+var_4]\nffe15f11  cmp eax, [ebp+var_8]\nffe15f14  jnz loc_FFE15F1D\nffe15f16  mov eax,... [1116 chars total]", "code": "int __cdecl CrbSetStateIdle(int a1)\n{\n  int n15000; // [esp+Ch] [ebp-4h]\n\n  n15000 = 0; /*0xffe15ebe*/\n  if ( CrbGetState(a1) == 1 ) /*0xffe15ed5*/\n    return 0; /*0xffe15ed7*/\n  do /*0xffe15f0c*/\n  {\n    *(_DWORD *)(a1 + 64) = 2; /*0xffe15ede*/\n    DebugPrintNumber(0x32u); /*0xffe15ee8*/\n    if ( n15000 == 15000 ) /*0xffe15ef3*/\n      break; /*0xffe15ef3*/\n    ++n15000; /*0xffe15efb*/\n  }\n  while ( !CrbGetState(a1) ); /*0xffe15f0c*/\n  if ( n15000 == 15000 ) /*0xffe15f14*/\n    return -2147483641; /*0xffe15f16*/\n  else\n    return 0; /*0xffe15f1d*/\n}", "xrefs": {"to": [{"addr": "0xffe160e4", "type": "code"}], "from": [{"addr": "0xffe15eab", "type": "code"}]}}, {"addr": "0xffe15f23", "name": "CrbSendCommand", "prototype": "int __cdecl(_BYTE *p_n384, int n12)", "size": "0xe3", "comments": {}, "asm": "CrbSendCommand (.text @ 0xffe15f23):\nffe15f23  push ebp\nffe15f24  mov ebp, esp\nffe15f26  sub esp, 0Ch\nffe15f29  mov [ebp+var_4], 0FED40000h\nffe15f30  call Tpm20GetDeviceType\nffe15f35  movzx eax, al\nffe15f38  cmp eax, 2\nffe15f3b  jnz loc_FFE15FF0\nffe15f41  push [ebp+var_4]\nffe15f44  call CrbWaitCmdReady\nffe15f49  pop ecx\nffe15f4a  mov [ebp+var_8], eax\nffe15f4d  cmp [ebp+var_8], 0\nffe15f51  jge loc_FFE15F5B\nffe15f53  mov eax, [ebp+var_8]\nffe15f56  jmp loc_FFE16002\nffe15f5b  push [ebp+var_4]\nffe15f5e  call CrbSetStateCmdReady\nffe15f63  pop ecx\nffe15f64  mov [ebp+var_8], eax\nffe15f67  cmp [ebp+var_8], 0\nffe15f6b  jge loc_FFE15F75\nffe15f6d  mov eax, [ebp+var_8]\nffe15f70  jmp loc_FFE16002\nffe15f75  mov eax, [ebp+var_4]\nffe15f78  cmp dword ptr [eax+5Ch], 0\nffe15f7c  jnz loc_FFE15FA6\nffe15f7e  mov eax, [ebp+var_4]\nffe15f81  mov dword ptr [eax+5Ch], 0FED40080h\nffe15f88  mov eax, [ebp+var_4]\nffe15f8b  mov dword ptr [eax+58h], 500h\nffe15f92  mov eax, [ebp+var_4]\nffe15f95  mov dword ptr [eax+68h],... [1976 chars total]", "code": "int __cdecl CrbSendCommand(_BYTE *p_n384, int n12)\n{\n  int result; // eax\n\n  if ( Tpm20GetDeviceType() != 2 ) /*0xffe15f3b*/\n    return sub_FFE162D4(); /*0xffe15ff6*/\n  result = CrbWaitCmdReady((_DWORD *)0xFED40000); /*0xffe15f44*/\n  if ( result >= 0 ) /*0xffe15f51*/\n  {\n    result = CrbSetStateCmdReady(-19660800); /*0xffe15f5e*/\n    if ( result >= 0 ) /*0xffe15f6b*/\n    {\n      if ( !MEMORY[0xFED4005C] ) /*0xffe15f7c*/\n      {\n        MEMORY[0xFED4005C] = -19660672; /*0xffe15f81*/\n        MEMORY[0xFED40058] = 1280; /*0xffe15f8b*/\n        MEMORY[0xFED40068] = -19660672; /*0xffe15f95*/\n        MEMORY[0xFED40064] = 1280; /*0xffe15f9f*/\n      }\n      if ( MEMORY[0xFED4005C] ) /*0xffe15fad*/\n      {\n        CrbMemoryBlockWrite(MEMORY[0xFED4005C], n12, p_n384); /*0xffe15fc1*/\n        result = CrbWaitIdle(-19660800); /*0xffe15fcc*/\n        if ( result >= 0 ) /*0xffe15fd9*/\n        {\n          MEMORY[0xFED4004C] = 1; /*0xffe15fe3*/\n          return 0; /*0xffe15fea*/\n        }\n      }\n      el... [1105 chars total]", "xrefs": {"to": [{"addr": "0xffe16165", "type": "code"}], "from": [{"addr": "0xffe15f24", "type": "code"}]}}, {"addr": "0xffe16006", "name": "CrbReceiveResponse", "prototype": "int __cdecl(char *src, int *p_n12)", "size": "0x10e", "comments": {"0xffe16054": {"regular": "src"}, "0xffe16057": {"regular": "n12"}, "0xffe16059": {"regular": "int"}, "0xffe16072": {"regular": "dst_"}, "0xffe160ce": {"regular": "src"}, "0xffe160d4": {"regular": "n12"}, "0xffe160d6": {"regular": "int"}}, "asm": "CrbReceiveResponse (.text @ 0xffe16006):\nffe16006  push ebp\nffe16007  mov ebp, esp\nffe16009  sub esp, 14h\nffe1600c  mov [ebp+var_4], 0FED40000h\nffe16013  call Tpm20GetDeviceType\nffe16018  movzx eax, al\nffe1601b  cmp eax, 2\nffe1601e  jnz loc_FFE160FE\nffe16024  push [ebp+var_4]\nffe16027  call CrbWaitIdle\nffe1602c  pop ecx\nffe1602d  mov [ebp+var_8], eax\nffe16030  cmp [ebp+var_8], 0\nffe16034  jge loc_FFE1603E\nffe16036  mov eax, [ebp+var_8]\nffe16039  jmp loc_FFE16110\nffe1603e  mov eax, [ebp+var_4]\nffe16041  cmp dword ptr [eax+68h], 0\nffe16045  jz loc_FFE160FC\nffe1604b  mov eax, [ebp+var_4]\nffe1604e  mov eax, [eax+68h]\nffe16051  mov [ebp+var_C], eax\nffe16054  push [ebp+src]\nffe16057  push 0Ch\nffe16059  push [ebp+var_C]\nffe1605c  call CrbMemoryBlockRead\nffe16061  add esp, 0Ch\nffe16064  push 2\nffe16066  mov edx, [ebp+src]\nffe16069  lea ecx, [ebp+dst_]\nffe1606c  call CopyMemChecked\nffe16071  pop ecx\nffe16072  mov ecx, dword ptr [ebp+dst_]\nffe16075  call HIBYTE_w\nffe1607a  movzx eax, ax\nffe1607d... [2400 chars total]", "code": "int __cdecl CrbReceiveResponse(char *src, int *p_n12)\n{\n  int dst__1; // [esp+0h] [ebp-14h] BYREF\n  int dst_; // [esp+4h] [ebp-10h] BYREF\n  int v5; // [esp+8h] [ebp-Ch]\n  int v6; // [esp+Ch] [ebp-8h]\n  int v7; // [esp+10h] [ebp-4h]\n\n  v7 = -19660800; /*0xffe1600c*/\n  if ( Tpm20GetDeviceType() != 2 ) /*0xffe1601e*/\n    return sub_FFE162D4(src, p_n12); /*0xffe16104*/\n  v6 = CrbWaitIdle(v7); /*0xffe1602d*/\n  if ( v6 < 0 ) /*0xffe16034*/\n    return v6; /*0xffe16036*/\n  if ( !*(_DWORD *)(v7 + 104) ) /*0xffe16041*/\n    return -2147483627; /*0xffe1610b*/\n  v5 = *(_DWORD *)(v7 + 104); /*0xffe16051*/\n  CrbMemoryBlockRead(v5, 12, src); /*0xffe1605c*/\n  CopyMemChecked((char *)&dst_, src, 2u); /*0xffe1606c*/\n  if ( (unsigned __int16)HIBYTE_w(dst_) == 196 ) /*0xffe16082*/\n    return -2147483641; /*0xffe16084*/\n  CopyMemChecked((char *)&dst__1, src + 2, 4u); /*0xffe16098*/\n  *p_n12 = SwapBytes32(dst__1); /*0xffe160a9*/\n  if ( (unsigned int)*p_n12 > *(_DWORD *)(v7 + 100) ) /*0xffe160b6*/\n    return -... [1313 chars total]", "xrefs": {"to": [{"addr": "0xffe16180", "type": "code"}], "from": [{"addr": "0xffe16007", "type": "code"}]}}, {"addr": "0xffe16114", "name": "TrEEExecuteCmd", "prototype": "int __cdecl(__int16 *p_n384, int n12, char *buf, int *p_n10)", "size": "0xac", "comments": {"0xffe1615f": {"regular": "n12"}, "0xffe16162": {"regular": "p_n384"}, "0xffe1617a": {"regular": "p_n12"}, "0xffe1617d": {"regular": "src"}}, "asm": "TrEEExecuteCmd (.text @ 0xffe16114):\nffe16114  push ebp\nffe16115  mov ebp, esp\nffe16117  sub esp, 0Ch\nffe1611a  mov [ebp+var_1], 0\nffe1611e  mov [ebp+var_C], 0FED40000h\nffe16125  cmp [ebp+p_n384], 0\nffe16129  jz loc_FFE16137\nffe1612b  cmp [ebp+buf], 0\nffe1612f  jz loc_FFE16137\nffe16131  cmp [ebp+n12], 0\nffe16135  jnz loc_FFE1613E\nffe16137  mov eax, 80000002h\nffe1613c  jmp loc_FFE161BC\nffe1613e  call Tpm20GetDeviceType\nffe16143  movzx eax, al\nffe16146  test eax, eax\nffe16148  jz loc_FFE161B7\nffe1614a  movzx eax, [ebp+var_1]\nffe1614e  test eax, eax\nffe16150  jz loc_FFE1615F\nffe16152  call Tpm20GetDeviceType\nffe16157  movzx eax, al\nffe1615a  cmp eax, 2\nffe1615d  jnz loc_FFE1619A\nffe1615f  push [ebp+n12]\nffe16162  push [ebp+p_n384]\nffe16165  call CrbSendCommand\nffe1616a  pop ecx\nffe1616b  pop ecx\nffe1616c  mov [ebp+var_8], eax\nffe1616f  cmp [ebp+var_8], 0\nffe16173  jge loc_FFE1617A\nffe16175  mov eax, [ebp+var_8]\nffe16178  jmp loc_FFE161BC\nffe1617a  push [ebp+p_n10]\nffe1617d  push [ebp+buf]... [1601 chars total]", "code": "int __cdecl TrEEExecuteCmd(__int16 *p_n384, int n12, char *buf, int *p_n10)\n{\n  int result; // eax\n\n  if ( !p_n384 || !buf || !n12 ) /*0xffe16135*/\n    return -2147483646; /*0xffe16137*/\n  if ( !Tpm20GetDeviceType() ) /*0xffe1613e*/\n    return -2147483645; /*0xffe161b7*/\n  result = CrbSendCommand(p_n384, n12); /*0xffe16165*/\n  if ( result >= 0 ) /*0xffe16173*/\n    return CrbReceiveResponse(buf, p_n10); /*0xffe16180*/\n  return result; /*0xffe161bc*/\n}", "xrefs": {"to": [{"addr": "0xffe0e65a", "type": "code"}], "from": [{"addr": "0xffe16115", "type": "code"}]}}, {"addr": "0xffe161c0", "name": "GetPpiDescriptor", "prototype": "int()", "size": "0x4f", "comments": {"0xffe161c6": {"regular": "CMOS Memory/RTC Index Register"}, "0xffe161cb": {"regular": "CMOS Memory/RTC Index Register:\nRTC Seconds"}, "0xffe161d2": {"regular": "CMOS Memory/RTC Data Register"}}, "asm": "GetPpiDescriptor (.text @ 0xffe161c0):\nffe161c0  push 70h\nffe161c2  pop ecx\nffe161c3  mov dx, cx\nffe161c6  in al, dx\nffe161c7  and al, 0CAh\nffe161c9  or al, 4Ah\nffe161cb  out dx, al\nffe161cc  push 71h\nffe161ce  pop eax\nffe161cf  mov dx, ax\nffe161d2  in al, dx\nffe161d3  mov cl, al\nffe161d5  cmp cl, 3\nffe161d8  jbe loc_FFE161F1\nffe161da  mov cl, n3\nffe161e0  test cl, cl\nffe161e2  jnz loc_FFE161F5\nffe161e4  mov ecx, 0FDAF0490h\nffe161e9  mov ecx, [ecx]\nffe161eb  and cl, 2\nffe161ee  or cl, 1\nffe161f1  test cl, cl\nffe161f3  jz loc_FFE1620C\nffe161f5  cmp cl, 0FFh\nffe161f8  jz loc_FFE1620C\nffe161fa  xor eax, eax\nffe161fc  cmp cl, 1\nffe161ff  setnz al\nffe16202  dec eax\nffe16203  and eax, 0FFFFFFBEh\nffe16206  add eax, 80000046h\nffe1620b  retn\nffe1620c  xor eax, eax\nffe1620e  retn", "code": "int GetPpiDescriptor()\n{\n  unsigned __int8 v0; // al\n  char n3; // al\n  char n3_1; // cl\n\n  v0 = __inbyte(0x70u); /*0xffe161c6*/\n  __outbyte(0x70u, v0 & 0x80 | 0x4A); /*0xffe161cb*/\n  n3 = __inbyte(0x71u); /*0xffe161d2*/\n  n3_1 = n3; /*0xffe161d3*/\n  if ( (unsigned __int8)n3 <= 3u ) /*0xffe161d8*/\n  {\nLABEL_4:\n    if ( !n3_1 ) /*0xffe161f3*/\n      return 0; /*0xffe161f3*/\n    goto LABEL_5; /*0xffe161f3*/\n  }\n  n3_1 = n3; /*0xffe161da*/\n  if ( !n3 ) /*0xffe161e2*/\n  {\n    n3_1 = MEMORY[0xFDAF0490] & 2 | 1; /*0xffe161ee*/\n    goto LABEL_4; /*0xffe161ee*/\n  }\nLABEL_5:\n  if ( n3_1 != -1 )\n    return n3_1 != 1 ? -2147483578 : -2147483644;\n  return 0; /*0xffe1620b*/\n}", "xrefs": {"to": [{"addr": "0xffe10520", "type": "code"}], "from": [{"addr": "0xffe161c2", "type": "code"}]}}]}, "content": [{"type": "text", "text": "{\"format\":\"json\",\"functions\":[{\"addr\":\"0xffe15d1d\",\"name\":\"CrbCheckStatus\",\"prototype\":\"bool __cdecl(_DWORD *)\",\"size\":\"0x46\",\"comments\":{},\"asm\":\"CrbCheckStatus (.text @ 0xffe15d1d):\\nffe15d1d  push ebp\\nffe15d1e  mov ebp, esp\\nffe15d20  push ecx\\nffe15d21  push ecx\\nffe15d22  and [ebp+var_8], 0\\nffe15d26  and [ebp+var_4], 0\\nffe15d2a  mov eax, [ebp+arg_0]\\nffe15d2d  mov eax, [eax]\\nffe15d2f  mov [ebp+var_4], eax\\nffe15d32  mov eax, [ebp+var_4]\\nffe15d35  shr eax, 2\\nffe15d38  mov [ebp+var_8], eax\\nffe15d3b  mov eax, [ebp+var_8]\\nffe15d3e  and eax, 7\\nffe15d41  jnz loc_FFE15D5D\\nffe15d43  mov eax, [ebp+arg_0]\\nffe15d46  mov eax, [eax]\\nffe15d48  and eax, 2\\nffe15d4b  jz loc_FFE15D5D\\nffe15d4d  mov eax, [ebp+arg_0]\\nffe15d50  mov eax, [eax]\\nffe15d52  and eax, 80h\\nffe15d57  jz loc_FFE15D5D\\nffe15d59  mov al, 1\\nffe15d5b  jmp loc_FFE15D5F\\nffe15d5d  xor al, al\\nffe15d5f  mov esp, ebp\\nffe15d61  pop ebp\\nffe15d62  retn\",\"code\":\"bool __cdecl CrbCheckStatus(_DWORD *a1)\\n{\\n  return ((*a1 >> 2) & 7) == 0 && (*a1 & 2) != 0 && (*a1 & 0x80) != 0; /*0xffe15d5f*/\\n}\",\"xrefs\":{\"to\":[{\"addr\":\"0xffe15d82\",\"type\":\"code\"}],\"from\":[{\"addr\":\"0xffe15d1e\",\"type\":\"code\"}]}},{\"addr\":\"0xffe15d63\",\"name\":\"CrbWaitCmdReady\",\"prototype\":\"int __cdecl(_DWORD *)\",\"size\":\"0x5c\",\"comments\":{},\"asm\":\"CrbWaitCmdReady (.text @ 0xffe15d63):\\nffe15d63  push ebp\\nffe15d64  mov ebp, esp\\nffe15d66  sub esp, 10h\\nffe15d69  and [ebp+var_10], 0\\nffe15d6d  mov [ebp+var_8], 32h\\nffe15d74  mov [ebp+var_C], 3A98h\\nffe15d7b  and [ebp+var_4], 0\\nffe15d7f  push [ebp+arg_0]\\nffe15d82  call CrbCheckStatus\\nffe15d87  pop ecx\\nffe15d88  movzx eax, al\\nffe15d8b  test eax, eax\\nffe15d8d  jnz loc_FFE15DB9\\nffe15d8f  mov eax, [ebp+arg_0]\\nffe15d92  mov dword ptr [eax+8], 1\\nffe15d99  mov ecx, [ebp+var_8]\\nffe15d9c  call DebugPrintNumber\\nffe15da1  mov eax, [ebp+var_4]\\nffe15da4  inc eax\\nffe15da5  mov [ebp+var_4], eax\\nffe15da8  mov eax, [ebp+var_4]\\nffe15dab  cmp eax, [ebp+var_C]\\nffe15dae  jnz loc_FFE15DB7\\nffe15db0  mov eax, 80000007h\\nffe15db5  jmp loc_FFE15DBB\\nffe15db7  jmp loc_FFE15D7F\\nffe15db9  xor eax, eax\\nffe15dbb  mov esp, ebp\\nffe15dbd  pop ebp\\nffe15dbe  retn\",\"code\":\"int __cdecl CrbWaitCmdReady(_DWORD *a1)\\n{\\n  int v2; // [esp+Ch] [ebp-4h]\\n\\n  v2 = 0; /*0xffe15d7b*/\\n  while ( !CrbCheckStatus(a1) ) /*0xffe15d8d*/\\n  {\\n    a1[2] = 1; /*0xffe15d92*/\\n    DebugPrintNumber(0x32u); /*0xffe15d9c*/\\n    if ( ++v2 == 15000 ) /*0xffe15dae*/\\n      return -2147483641; /*0xffe15db5*/\\n  }\\n  return 0; /*0xffe15dbb*/\\n}\",\"xrefs\":{\"to\":[{\"addr\":\"0xffe15f44\",\"type\":\"code\"}],\"from\":[{\"addr\":\"0xffe15d64\",\"type\":\"code\"}]}},{\"addr\":\"0xffe15dbf\",\"name\":\"CrbWaitIdle\",\"prototype\":\"int __cdecl(int)\",\"size\":\"0x51\",\"comments\":{},\"asm\":\"CrbWaitIdle (.text @ 0xffe15dbf):\\nffe15dbf  push ebp\\nffe15dc0  mov ebp, esp\\nffe15dc2  sub esp, 0Ch\\nffe15dc5  mov [ebp+var_C], 32h\\nffe15dcc  mov [ebp+var_8], 124F80h\\nffe15dd3  and [ebp+var_4], 0\\nffe15dd7  mov eax, [ebp+arg_0]\\nffe15dda  cmp dword ptr [eax+4Ch], 0\\nffe15dde  jz loc_FFE15DFB\\nffe15de0  mov ecx, [ebp+var_C]\\nffe15de3  call DebugPrintNumber\\nffe15de8  mov eax, [ebp+var_4]\\nffe15deb  cmp eax, [ebp+var_8]\\nffe15dee  jnz loc_FFE15DF2\\nffe15df0  jmp loc_FFE15DFB\\nffe15df2  mov eax, [ebp+var_4]\\nffe15df5  inc eax\\nffe15df6  mov [ebp+var_4], eax\\nffe15df9  jmp loc_FFE15DD7\\nffe15dfb  mov eax, [ebp+var_4]\\nffe15dfe  cmp eax, [ebp+var_8]\\nffe15e01  jnz loc_FFE15E0A\\nffe15e03  mov eax, 80000007h\\nffe15e08  jmp loc_FFE15E0C\\nffe15e0a  xor eax, eax\\nffe15e0c  mov esp, ebp\\nffe15e0e  pop ebp\\nffe15e0f  retn\",\"code\":\"int __cdecl CrbWaitIdle(int a1)\\n{\\n  int i; // [esp+8h] [ebp-4h]\\n\\n  for ( i = 0; *(_DWORD *)(a1 + 76); ++i ) /*0xffe15dd3*/\\n  {\\n    DebugPrintNumber(0x32u); /*0xffe15de3*/\\n    if ( i == 1200000 ) /*0xffe15dee*/\\n      break; /*0xffe15dee*/\\n  }\\n  if ( i == 1200000 ) /*0xffe15e01*/\\n    return -2147483641; /*0xffe15e03*/\\n  else\\n    return 0; /*0xffe15e0a*/\\n}\",\"xrefs\":{\"to\":[{\"addr\":\"0xffe15fcc\",\"type\":\"code\"},{\"addr\":\"0xffe16027\",\"type\":\"code\"}],\"from\":[{\"addr\":\"0xffe15dc0\",\"type\":\"code\"}]}},{\"addr\":\"0xffe15e10\",\"name\":\"CrbGetState\",\"prototype\":\"char __cdecl(int)\",\"size\":\"0x25\",\"comments\":{},\"asm\":\"CrbGetState (.text @ 0xffe15e10):\\nffe15e10  push ebp\\nffe15e11  mov ebp, esp\\nffe15e13  mov eax, [ebp+arg_0]\\nffe15e16  mov eax, [eax+44h]\\nffe15e19  and eax, 1\\nffe15e1c  jz loc_FFE15E22\\nffe15e1e  or al, 0FFh\\nffe15e20  jmp loc_FFE15E33\\nffe15e22  mov eax, [ebp+arg_0]\\nffe15e25  mov eax, [eax+44h]\\nffe15e28  and eax, 2\\nffe15e2b  jz loc_FFE15E31\\nffe15e2d  mov al, 1\\nffe15e2f  jmp loc_FFE15E33\\nffe15e31  xor al, al\\nffe15e33  pop ebp\\nffe15e34  retn\",\"code\":\"char __cdecl CrbGetState(int a1)\\n{\\n  if ( (*(_DWORD *)(a1 + 68) & 1) != 0 ) /*0xffe15e1c*/\\n    return -1; /*0xffe15e1e*/\\n  else\\n    return (*(_DWORD *)(a1 + 68) & 2) != 0; /*0xffe15e2b*/\\n}\",\"xrefs\":{\"to\":[{\"addr\":\"0xffe15e50\",\"type\":\"code\"},{\"addr\":\"0xffe15e87\",\"type\":\"code\"},{\"addr\":\"0xffe15ec9\",\"type\":\"code\"},{\"addr\":\"0xffe15f01\",\"type\":\"code\"}],\"from\":[{\"addr\":\"0xffe15e11\",\"type\":\"code\"}]}},{\"addr\":\"0xffe15e35\",\"name\":\"CrbSetStateCmdReady\",\"prototype\":\"int __cdecl(int)\",\"size\":\"0x75\",\"comments\":{},\"asm\":\"CrbSetStateCmdReady (.text @ 0xffe15e35):\\nffe15e35  push ebp\\nffe15e36  mov ebp, esp\\nffe15e38  sub esp, 0Ch\\nffe15e3b  mov [ebp+var_C], 32h\\nffe15e42  mov [ebp+var_8], 3A98h\\nffe15e49  and [ebp+var_4], 0\\nffe15e4d  push [ebp+arg_0]\\nffe15e50  call CrbGetState\\nffe15e55  pop ecx\\nffe15e56  movzx eax, al\\nffe15e59  test eax, eax\\nffe15e5b  jnz loc_FFE15E61\\nffe15e5d  xor eax, eax\\nffe15e5f  jmp loc_FFE15EA6\\nffe15e61  mov eax, [ebp+arg_0]\\nffe15e64  mov dword ptr [eax+40h], 1\\nffe15e6b  mov ecx, [ebp+var_C]\\nffe15e6e  call DebugPrintNumber\\nffe15e73  mov eax, [ebp+var_4]\\nffe15e76  cmp eax, [ebp+var_8]\\nffe15e79  jnz loc_FFE15E7D\\nffe15e7b  jmp loc_FFE15E95\\nffe15e7d  mov eax, [ebp+var_4]\\nffe15e80  inc eax\\nffe15e81  mov [ebp+var_4], eax\\nffe15e84  push [ebp+arg_0]\\nffe15e87  call CrbGetState\\nffe15e8c  pop ecx\\nffe15e8d  movzx eax, al\\nffe15e90  cmp eax, 1\\nffe15e93  jz loc_FFE15E61\\nffe15e95  mov eax, [ebp+var_4]\\nffe15e98  cmp eax, [ebp+var_8]\\nffe15e9b  jnz loc_FFE15EA4\\nffe15e9d  mov eax, 80000007h\\nffe15ea2  jmp l... [1090 chars total]\",\"code\":\"int __cdecl CrbSetStateCmdReady(int a1)\\n{\\n  int n15000; // [esp+8h] [ebp-4h]\\n\\n  n15000 = 0; /*0xffe15e49*/\\n  if ( !CrbGetState(a1) ) /*0xffe15e50*/\\n    return 0; /*0xffe15e5d*/\\n  do /*0xffe15e93*/\\n  {\\n    *(_DWORD *)(a1 + 64) = 1; /*0xffe15e64*/\\n    DebugPrintNumber(0x32u); /*0xffe15e6e*/\\n    if ( n15000 == 15000 ) /*0xffe15e79*/\\n      break; /*0xffe15e79*/\\n    ++n15000; /*0xffe15e81*/\\n  }\\n  while ( CrbGetState(a1) == 1 ); /*0xffe15e93*/\\n  if ( n15000 == 15000 ) /*0xffe15e9b*/\\n    return -2147483641; /*0xffe15e9d*/\\n  else\\n    return 0; /*0xffe15ea4*/\\n}\",\"xrefs\":{\"to\":[{\"addr\":\"0xffe15f5e\",\"type\":\"code\"}],\"from\":[{\"addr\":\"0xffe15e36\",\"type\":\"code\"}]}},{\"addr\":\"0xffe15eaa\",\"name\":\"CrbSetStateIdle\",\"prototype\":\"int __cdecl(int)\",\"size\":\"0x79\",\"comments\":{},\"asm\":\"CrbSetStateIdle (.text @ 0xffe15eaa):\\nffe15eaa  push ebp\\nffe15eab  mov ebp, esp\\nffe15ead  sub esp, 10h\\nffe15eb0  mov [ebp+var_C], 32h\\nffe15eb7  mov [ebp+var_8], 3A98h\\nffe15ebe  and [ebp+var_4], 0\\nffe15ec2  and [ebp+var_10], 0\\nffe15ec6  push [ebp+arg_0]\\nffe15ec9  call CrbGetState\\nffe15ece  pop ecx\\nffe15ecf  movzx eax, al\\nffe15ed2  cmp eax, 1\\nffe15ed5  jnz loc_FFE15EDB\\nffe15ed7  xor eax, eax\\nffe15ed9  jmp loc_FFE15F1F\\nffe15edb  mov eax, [ebp+arg_0]\\nffe15ede  mov dword ptr [eax+40h], 2\\nffe15ee5  mov ecx, [ebp+var_C]\\nffe15ee8  call DebugPrintNumber\\nffe15eed  mov eax, [ebp+var_4]\\nffe15ef0  cmp eax, [ebp+var_8]\\nffe15ef3  jnz loc_FFE15EF7\\nffe15ef5  jmp loc_FFE15F0E\\nffe15ef7  mov eax, [ebp+var_4]\\nffe15efa  inc eax\\nffe15efb  mov [ebp+var_4], eax\\nffe15efe  push [ebp+arg_0]\\nffe15f01  call CrbGetState\\nffe15f06  pop ecx\\nffe15f07  movzx eax, al\\nffe15f0a  test eax, eax\\nffe15f0c  jz loc_FFE15EDB\\nffe15f0e  mov eax, [ebp+var_4]\\nffe15f11  cmp eax, [ebp+var_8]\\nffe15f14  jnz loc_FFE15F1D\\nffe15f16  mov eax,... [1116 chars total]\",\"code\":\"int __cdecl CrbSetStateIdle(int a1)\\n{\\n  int n15000; // [esp+Ch] [ebp-4h]\\n\\n  n15000 = 0; /*0xffe15ebe*/\\n  if ( CrbGetState(a1) == 1 ) /*0xffe15ed5*/\\n    return 0; /*0xffe15ed7*/\\n  do /*0xffe15f0c*/\\n  {\\n    *(_DWORD *)(a1 + 64) = 2; /*0xffe15ede*/\\n    DebugPrintNumber(0x32u); /*0xffe15ee8*/\\n    if ( n15000 == 15000 ) /*0xffe15ef3*/\\n      break; /*0xffe15ef3*/\\n    ++n15000; /*0xffe15efb*/\\n  }\\n  while ( !CrbGetState(a1) ); /*0xffe15f0c*/\\n  if ( n15000 == 15000 ) /*0xffe15f14*/\\n    return -2147483641; /*0xffe15f16*/\\n  else\\n    return 0; /*0xffe15f1d*/\\n}\",\"xrefs\":{\"to\":[{\"addr\":\"0xffe160e4\",\"type\":\"code\"}],\"from\":[{\"addr\":\"0xffe15eab\",\"type\":\"code\"}]}},{\"addr\":\"0xffe15f23\",\"name\":\"CrbSendCommand\",\"prototype\":\"int __cdecl(_BYTE *p_n384, int n12)\",\"size\":\"0xe3\",\"comments\":{},\"asm\":\"CrbSendCommand (.text @ 0xffe15f23):\\nffe15f23  push ebp\\nffe15f24  mov ebp, esp\\nffe15f26  sub esp, 0Ch\\nffe15f29  mov [ebp+var_4], 0FED40000h\\nffe15f30  call Tpm20GetDeviceType\\nffe15f35  movzx eax, al\\nffe15f38  cmp eax, 2\\nffe15f3b  jnz loc_FFE15FF0\\nffe15f41  push [ebp+var_4]\\nffe15f44  call CrbWaitCmdReady\\nffe15f49  pop ecx\\nffe15f4a  mov [ebp+var_8], eax\\nffe15f4d  cmp [ebp+var_8], 0\\nffe15f51  jge loc_FFE15F5B\\nffe15f53  mov eax, [ebp+var_8]\\nffe15f56  jmp loc_FFE16002\\nffe15f5b  push [ebp+var_4]\\nffe15f5e  call CrbSetStateCmdReady\\nffe15f63  pop ecx\\nffe15f64  mov [ebp+var_8], eax\\nffe15f67  cmp [ebp+var_8], 0\\nffe15f6b  jge loc_FFE15F75\\nffe15f6d  mov eax, [ebp+var_8]\\nffe15f70  jmp loc_FFE16002\\nffe15f75  mov eax, [ebp+var_4]\\nffe15f78  cmp dword ptr [eax+5Ch], 0\\nffe15f7c  jnz loc_FFE15FA6\\nffe15f7e  mov eax, [ebp+var_4]\\nffe15f81  mov dword ptr [eax+5Ch], 0FED40080h\\nffe15f88  mov eax, [ebp+var_4]\\nffe15f8b  mov dword ptr [eax+58h], 500h\\nffe15f92  mov eax, [ebp+var_4]\\nffe15f95  mov dword ptr [eax+68h],... [1976 chars total]\",\"code\":\"int __cdecl CrbSendCommand(_BYTE *p_n384, int n12)\\n{\\n  int result; // eax\\n\\n  if ( Tpm20GetDeviceType() != 2 ) /*0xffe15f3b*/\\n    return sub_FFE162D4(); /*0xffe15ff6*/\\n  result = CrbWaitCmdReady((_DWORD *)0xFED40000); /*0xffe15f44*/\\n  if ( result >= 0 ) /*0xffe15f51*/\\n  {\\n    result = CrbSetStateCmdReady(-19660800); /*0xffe15f5e*/\\n    if ( result >= 0 ) /*0xffe15f6b*/\\n    {\\n      if ( !MEMORY[0xFED4005C] ) /*0xffe15f7c*/\\n      {\\n        MEMORY[0xFED4005C] = -19660672; /*0xffe15f81*/\\n        MEMORY[0xFED40058] = 1280; /*0xffe15f8b*/\\n        MEMORY[0xFED40068] = -19660672; /*0xffe15f95*/\\n        MEMORY[0xFED40064] = 1280; /*0xffe15f9f*/\\n      }\\n      if ( MEMORY[0xFED4005C] ) /*0xffe15fad*/\\n      {\\n        CrbMemoryBlockWrite(MEMORY[0xFED4005C], n12, p_n384); /*0xffe15fc1*/\\n        result = CrbWaitIdle(-19660800); /*0xffe15fcc*/\\n        if ( result >= 0 ) /*0xffe15fd9*/\\n        {\\n          MEMORY[0xFED4004C] = 1; /*0xffe15fe3*/\\n          return 0; /*0xffe15fea*/\\n        }\\n      }\\n      el... [1105 chars total]\",\"xrefs\":{\"to\":[{\"addr\":\"0xffe16165\",\"type\":\"code\"}],\"from\":[{\"addr\":\"0xffe15f24\",\"type\":\"code\"}]}},{\"addr\":\"0xffe16006\",\"name\":\"CrbReceiveResponse\",\"prototype\":\"int __cdecl(char *src, int *p_n12)\",\"size\":\"0x10e\",\"comments\":{\"0xffe16054\":{\"regular\":\"src\"},\"0xffe16057\":{\"regular\":\"n12\"},\"0xffe16059\":{\"regular\":\"int\"},\"0xffe16072\":{\"regular\":\"dst_\"},\"0xffe160ce\":{\"regular\":\"src\"},\"0xffe160d4\":{\"regular\":\"n12\"},\"0xffe160d6\":{\"regular\":\"int\"}},\"asm\":\"CrbReceiveResponse (.text @ 0xffe16006):\\nffe16006  push ebp\\nffe16007  mov ebp, esp\\nffe16009  sub esp, 14h\\nffe1600c  mov [ebp+var_4], 0FED40000h\\nffe16013  call Tpm20GetDeviceType\\nffe16018  movzx eax, al\\nffe1601b  cmp eax, 2\\nffe1601e  jnz loc_FFE160FE\\nffe16024  push [ebp+var_4]\\nffe16027  call CrbWaitIdle\\nffe1602c  pop ecx\\nffe1602d  mov [ebp+var_8], eax\\nffe16030  cmp [ebp+var_8], 0\\nffe16034  jge loc_FFE1603E\\nffe16036  mov eax, [ebp+var_8]\\nffe16039  jmp loc_FFE16110\\nffe1603e  mov eax, [ebp+var_4]\\nffe16041  cmp dword ptr [eax+68h], 0\\nffe16045  jz loc_FFE160FC\\nffe1604b  mov eax, [ebp+var_4]\\nffe1604e  mov eax, [eax+68h]\\nffe16051  mov [ebp+var_C], eax\\nffe16054  push [ebp+src]\\nffe16057  push 0Ch\\nffe16059  push [ebp+var_C]\\nffe1605c  call CrbMemoryBlockRead\\nffe16061  add esp, 0Ch\\nffe16064  push 2\\nffe16066  mov edx, [ebp+src]\\nffe16069  lea ecx, [ebp+dst_]\\nffe1606c  call CopyMemChecked\\nffe16071  pop ecx\\nffe16072  mov ecx, dword ptr [ebp+dst_]\\nffe16075  call HIBYTE_w\\nffe1607a  movzx eax, ax\\nffe1607d... [2400 chars total]\",\"code\":\"int __cdecl CrbReceiveResponse(char *src, int *p_n12)\\n{\\n  int dst__1; // [esp+0h] [ebp-14h] BYREF\\n  int dst_; // [esp+4h] [ebp-10h] BYREF\\n  int v5; // [esp+8h] [ebp-Ch]\\n  int v6; // [esp+Ch] [ebp-8h]\\n  int v7; // [esp+10h] [ebp-4h]\\n\\n  v7 = -19660800; /*0xffe1600c*/\\n  if ( Tpm20GetDeviceType() != 2 ) /*0xffe1601e*/\\n    return sub_FFE162D4(src, p_n12); /*0xffe16104*/\\n  v6 = CrbWaitIdle(v7); /*0xffe1602d*/\\n  if ( v6 < 0 ) /*0xffe16034*/\\n    return v6; /*0xffe16036*/\\n  if ( !*(_DWORD *)(v7 + 104) ) /*0xffe16041*/\\n    return -2147483627; /*0xffe1610b*/\\n  v5 = *(_DWORD *)(v7 + 104); /*0xffe16051*/\\n  CrbMemoryBlockRead(v5, 12, src); /*0xffe1605c*/\\n  CopyMemChecked((char *)&dst_, src, 2u); /*0xffe1606c*/\\n  if ( (unsigned __int16)HIBYTE_w(dst_) == 196 ) /*0xffe16082*/\\n    return -2147483641; /*0xffe16084*/\\n  CopyMemChecked((char *)&dst__1, src + 2, 4u); /*0xffe16098*/\\n  *p_n12 = SwapBytes32(dst__1); /*0xffe160a9*/\\n  if ( (unsigned int)*p_n12 > *(_DWORD *)(v7 + 100) ) /*0xffe160b6*/\\n    return -... [1313 chars total]\",\"xrefs\":{\"to\":[{\"addr\":\"0xffe16180\",\"type\":\"code\"}],\"from\":[{\"addr\":\"0xffe16007\",\"type\":\"code\"}]}},{\"addr\":\"0xffe16114\",\"name\":\"TrEEExecuteCmd\",\"prototype\":\"int __cdecl(__int16 *p_n384, int n12, char *buf, int *p_n10)\",\"size\":\"0xac\",\"comments\":{\"0xffe1615f\":{\"regular\":\"n12\"},\"0xffe16162\":{\"regular\":\"p_n384\"},\"0xffe1617a\":{\"regular\":\"p_n12\"},\"0xffe1617d\":{\"regular\":\"src\"}},\"asm\":\"TrEEExecuteCmd (.text @ 0xffe16114):\\nffe16114  push ebp\\nffe16115  mov ebp, esp\\nffe16117  sub esp, 0Ch\\nffe1611a  mov [ebp+var_1], 0\\nffe1611e  mov [ebp+var_C], 0FED40000h\\nffe16125  cmp [ebp+p_n384], 0\\nffe16129  jz loc_FFE16137\\nffe1612b  cmp [ebp+buf], 0\\nffe1612f  jz loc_FFE16137\\nffe16131  cmp [ebp+n12], 0\\nffe16135  jnz loc_FFE1613E\\nffe16137  mov eax, 80000002h\\nffe1613c  jmp loc_FFE161BC\\nffe1613e  call Tpm20GetDeviceType\\nffe16143  movzx eax, al\\nffe16146  test eax, eax\\nffe16148  jz loc_FFE161B7\\nffe1614a  movzx eax, [ebp+var_1]\\nffe1614e  test eax, eax\\nffe16150  jz loc_FFE1615F\\nffe16152  call Tpm20GetDeviceType\\nffe16157  movzx eax, al\\nffe1615a  cmp eax, 2\\nffe1615d  jnz loc_FFE1619A\\nffe1615f  push [ebp+n12]\\nffe16162  push [ebp+p_n384]\\nffe16165  call CrbSendCommand\\nffe1616a  pop ecx\\nffe1616b  pop ecx\\nffe1616c  mov [ebp+var_8], eax\\nffe1616f  cmp [ebp+var_8], 0\\nffe16173  jge loc_FFE1617A\\nffe16175  mov eax, [ebp+var_8]\\nffe16178  jmp loc_FFE161BC\\nffe1617a  push [ebp+p_n10]\\nffe1617d  push [ebp+buf]... [1601 chars total]\",\"code\":\"int __cdecl TrEEExecuteCmd(__int16 *p_n384, int n12, char *buf, int *p_n10)\\n{\\n  int result; // eax\\n\\n  if ( !p_n384 || !buf || !n12 ) /*0xffe16135*/\\n    return -2147483646; /*0xffe16137*/\\n  if ( !Tpm20GetDeviceType() ) /*0xffe1613e*/\\n    return -2147483645; /*0xffe161b7*/\\n  result = CrbSendCommand(p_n384, n12); /*0xffe16165*/\\n  if ( result >= 0 ) /*0xffe16173*/\\n    return CrbReceiveResponse(buf, p_n10); /*0xffe16180*/\\n  return result; /*0xffe161bc*/\\n}\",\"xrefs\":{\"to\":[{\"addr\":\"0xffe0e65a\",\"type\":\"code\"}],\"from\":[{\"addr\":\"0xffe16115\",\"type\":\"code\"}]}},{\"addr\":\"0xffe161c0\",\"name\":\"GetPpiDescriptor\",\"prototype\":\"int()\",\"size\":\"0x4f\",\"comments\":{\"0xffe161c6\":{\"regular\":\"CMOS Memory/RTC Index Register\"},\"0xffe161cb\":{\"regular\":\"CMOS Memory/RTC Index Register:\\nRTC Seconds\"},\"0xffe161d2\":{\"regular\":\"CMOS Memory/RTC Data Register\"}},\"asm\":\"GetPpiDescriptor (.text @ 0xffe161c0):\\nffe161c0  push 70h\\nffe161c2  pop ecx\\nffe161c3  mov dx, cx\\nffe161c6  in al, dx\\nffe161c7  and al, 0CAh\\nffe161c9  or al, 4Ah\\nffe161cb  out dx, al\\nffe161cc  push 71h\\nffe161ce  pop eax\\nffe161cf  mov dx, ax\\nffe161d2  in al, dx\\nffe161d3  mov cl, al\\nffe161d5  cmp cl, 3\\nffe161d8  jbe loc_FFE161F1\\nffe161da  mov cl, n3\\nffe161e0  test cl, cl\\nffe161e2  jnz loc_FFE161F5\\nffe161e4  mov ecx, 0FDAF0490h\\nffe161e9  mov ecx, [ecx]\\nffe161eb  and cl, 2\\nffe161ee  or cl, 1\\nffe161f1  test cl, cl\\nffe161f3  jz loc_FFE1620C\\nffe161f5  cmp cl, 0FFh\\nffe161f8  jz loc_FFE1620C\\nffe161fa  xor eax, eax\\nffe161fc  cmp cl, 1\\nffe161ff  setnz al\\nffe16202  dec eax\\nffe16203  and eax, 0FFFFFFBEh\\nffe16206  add eax, 80000046h\\nffe1620b  retn\\nffe1620c  xor eax, eax\\nffe1620e  retn\",\"code\":\"int GetPpiDescriptor()\\n{\\n  unsigned __int8 v0; // al\\n  char n3; // al\\n  char n3_1; // cl\\n\\n  v0 = __inbyte(0x70u); /*0xffe161c6*/\\n  __outbyte(0x70u, v0 & 0x80 | 0x4A); /*0xffe161cb*/\\n  n3 = __inbyte(0x71u); /*0xffe161d2*/\\n  n3_1 = n3; /*0xffe161d3*/\\n  if ( (unsigned __int8)n3 <= 3u ) /*0xffe161d8*/\\n  {\\nLABEL_4:\\n    if ( !n3_1 ) /*0xffe161f3*/\\n      return 0; /*0xffe161f3*/\\n    goto LABEL_5; /*0xffe161f3*/\\n  }\\n  n3_1 = n3; /*0xffe161da*/\\n  if ( !n3 ) /*0xffe161e2*/\\n  {\\n    n3_1 = MEMORY[0xFDAF0490] & 2 | 1; /*0xffe161ee*/\\n    goto LABEL_4; /*0xffe161ee*/\\n  }\\nLABEL_5:\\n  if ( n3_1 != -1 )\\n    return n3_1 != 1 ? -2147483578 : -2147483644;\\n  return 0; /*0xffe1620b*/\\n}\",\"xrefs\":{\"to\":[{\"addr\":\"0xffe10520\",\"type\":\"code\"}],\"from\":[{\"addr\":\"0xffe161c2\",\"type\":\"code\"}]}}]}"}, {"type": "text", "text": "Output truncated. Run: curl -o .ida-mcp/e7325948-c974-4786-bf3c-6342970f4636.json http://127.0.0.1:13375/output/e7325948-c974-4786-bf3c-6342970f4636.json"}], "isError": false, "_meta": {"ida_mcp": {"output_truncated": true, "total_chars": 30662, "output_id": "e7325948-c974-4786-bf3c-6342970f4636", "download_url": "http://127.0.0.1:13375/output/e7325948-c974-4786-bf3c-6342970f4636.json", "download_hint": "Output truncated. Run: curl -o .ida-mcp/e7325948-c974-4786-bf3c-6342970f4636.json http://127.0.0.1:13375/output/e7325948-c974-4786-bf3c-6342970f4636.json"}}}, "id": 1}