This is weird
I've been looking throught the code (disassembled with IDA) and there some very weird things.
The osTestBackdoorATI function takes two arguments. The first is a value used in the main switch, the other is a pointer.
Depending on the first argument osTestBackdoorATI will call different functions.
Now the weird part is that a lot of this code seems to be doing ... nothing at all.
For example at the very start a global object's address is fetched from the GOT and placed into ebx. And then functions are called and ebx is overwritten before even being used.
There's one function that does NOTHING AT ALL.
It takes the value in ebx, does nothing with it, changes ebp, zeroes eax even if eax isn't used after this point, then restores ebp, canceling the changes, and returns.
This definitely looks like handwritten assembly. A compiler would never generate empty functions like that. Not unless you disabled ~every optimisations.
I'm still trying to understand what it's doing.
I've been looking throught the code (disassembled with IDA) and there some very weird things.
The osTestBackdoorATI function takes two arguments. The first is a value used in the main switch, the other is a pointer.
Depending on the first argument osTestBackdoorATI will call different functions.
Now the weird part is that a lot of this code seems to be doing ... nothing at all.
For example at the very start a global object's address is fetched from the GOT and placed into ebx. And then functions are called and ebx is overwritten before even being used.
There's one function that does NOTHING AT ALL.
It takes the value in ebx, does nothing with it, changes ebp, zeroes eax even if eax isn't used after this point, then restores ebp, canceling the changes, and returns.
This definitely looks like handwritten assembly. A compiler would never generate empty functions like that. Not unless you disabled ~every optimisations.
I'm still trying to understand what it's doing.
Comment