Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Log data
- Address Message
- Themida - Winlicense Ultra Unpacker 1.4
- -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- 01710A0F [PhantOm_iNFO] > Breakpoint [sti]
- 01710A0F Breakpoint at 01710A0F
- 01710A10 [PhantOm_iNFO] > Breakpoint [sti]
- 01710A10 Breakpoint at 01710A10
- 01720054 [PhantOm_iNFO] > Breakpoint [sti]
- 01720054 Breakpoint at 01720054
- OS=x86 32-Bit
- 01720056 [PhantOm_iNFO] > Breakpoint [sti]
- 01720056 Breakpoint at 01720056
- 01740021 [PhantOm_iNFO] > Breakpoint [sti]
- 01740021 Breakpoint at 01740021
- 01740028 [PhantOm_iNFO] > Breakpoint [sti]
- 01740028 Breakpoint at 01740028
- 4.766 MB +/-
- 13.576 MB +/-
- Your target is a >>> Executable <<< file!
- PE HEADER: 400000 | 1000
- CODESECTION: 401000 | AE7000
- PE HEADER till CODESECTION Distance: 1000 || Value of 1000 = Normal!
- Your Target seems to be a normal file!
- Unpacking of NET targets is diffrent!
- Dump running process with WinHex and then fix the whole PE and NET struct!
- 017507AA [PhantOm_iNFO] > Breakpoint [sti]
- 017507AA Breakpoint at 017507AA
- No Overlay used!
- Disasembling Syntax: MASM (Microsoft) <=> OK
- Show default segments: Enabled
- Always show size of memory operands: Enabled
- Extra space between arguments: Disabled
- StrongOD Found!
- ----------------------------------------------
- HidePEB=1 Enabled = OK
- KernelMode=1 Enabled = OK
- KillPEBug=1 Enabled = OK
- SkipExpection=1 Enabled = OK
- Custom Exceptions Enabled = 00000000-FFFFFFFF
- DriverName=piparote
- DRX=1 Enabled = OK
- ----------------------------------------------
- Basic Olly & Plugin Settings seems to be ok!
- No InfoBox to User to show now!
- 01130009 [PhantOm_iNFO] > Breakpoint [sti]
- 01130009 Breakpoint at ProjectG.01130009
- 0113000B [PhantOm_iNFO] > Breakpoint [sti]
- 0113000B Breakpoint at ProjectG.0113000B
- XP System found - Very good choice!
- Newer SetEvent & Kernel32 ADs Redirecting in Realtime is enabled by user!
- SetEvent VM Entry : FBC55A
- I/O Marker Address: EF8D5B
- SECLOCATION RVA: 46F947
- Kernel Ex Table Start: 7C802644
- 0178003F [PhantOm_iNFO] > Breakpoint [sti]
- 0178003F Breakpoint at 0178003F
- PE DUMPSEC: VA 1790000 - VS 32000
- PE ANTISEC: VA 1791000
- PE OEPMAKE: VA 1791600
- SETEVENT_VM: VA 17921D0
- PE I-Table: VA 1793000
- VP - STORE: VA 1792F00
- and or...
- API JUMP-T: VA 1793000
- 0178003F [PhantOm_iNFO] > Breakpoint [sti]
- 0178003F Breakpoint at 0178003F
- RISC VM Store Section VA is: 17D0000 - VS 200000
- 01780041 [PhantOm_iNFO] > Breakpoint [sti]
- 01780041 Breakpoint at 01780041
- 010260C9 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00EF183C [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00EF1408 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00EF24F1 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00EF1D7C [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00EF29EC Hardware breakpoint 1 at ProjectG.00EF29EC
- Found WL Intern Export API Access at: EF2EAB
- Use this address to get all intern access WL APIs!
- 00F311B6 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F340DE [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F3A2B2 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F3A45C [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F3A37B [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F3C719 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F3E3C5 [PhantOm_iNFO] > Code: C000001D Name: Illegal Instruction
- 00F3CE79 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 76B20000 Module F:\WINDOWS\system32\winmm.dll
- 6BD00000 Module F:\WINDOWS\system32\Syncor11.dll
- Debugging information (CodeView format) available
- 00F43384 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F431FE [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F47162 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F469A6 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 7C809AE1 Hardware breakpoint 2 at kernel32.VirtualAlloc
- ---------- Loaded File Infos ----------
- Target Base: 400000
- Kernel32 Base: 7C800000
- Kernel32 SORD: 7C8001F8 | 83200
- Kernel32 SORD: 7C800200
- User32 Base: 7E360000
- Advapi32 Base: 77F50000
- ---------------------------------------
- 7C809AF9 [PhantOm_iNFO] > Breakpoint [sti]
- WL Section: EEF000 | 137000
- WL Align: ED65F014 | EBP Pointer Value
- XBundler Prepair Sign not found!
- CISC VM is located in the Themida - Winlicense section EEF000 | 137000.
- VMWare Address: EF2871 | 0
- VMWare Checks are not Used & Disabled by Script!
- Auto XBundler Checker & Dumper is enabled!
- If XBunlder Files are found in auto-modus then they will dumped by script!
- If the auto XBunlder Dumper does fail etc then disable it next time!
- Anti Access Stop on Code Section was Set!
- Moddern MJM Scan Chosen!
- Normal IAT Patch Scan Was Written!
- 01BC0306 Hardware breakpoint 3 at 01BC0306
- 00F5216A [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F52182 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 7C9C0000 Module F:\WINDOWS\system32\shell32.dll
- 77EA0000 Module F:\WINDOWS\system32\shlwapi.dll
- 773B0000 Module F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
- 7C9C0000 Unload F:\WINDOWS\system32\shell32.dll
- 00F568A1 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F573C7 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F575CA [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F574EE [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- [PhantOm_iNFO] > Code: OutputDebugString lpString: 00F5771D
- 7C8106E9 New thread with ID 000002A0 created
- 7C8106E9 New thread with ID 00000A44 created
- 7C8106E9 New thread with ID 000006CC created
- 7C8106E9 New thread with ID 00000178 created
- 7C8106E9 New thread with ID 000008D4 created
- 7C8106E9 New thread with ID 000000A0 created
- 7C8106E9 New thread with ID 00000F98 created
- 7C8106E9 New thread with ID 0000035C created
- 7C8106E9 New thread with ID 000003EC created
- 7C8106E9 New thread with ID 00000BF8 created
- 7C8106E9 New thread with ID 00000EA0 created
- 7C8106E9 New thread with ID 00000F10 created
- 7C8106E9 New thread with ID 00000FAC created
- 7C8106E9 New thread with ID 00000E58 created
- 7C8106E9 New thread with ID 00000B30 created
- 7C8106E9 New thread with ID 00000464 created
- 7C8106E9 New thread with ID 000003AC created
- 7C8106E9 New thread with ID 00000EE8 created
- 7C8106E9 New thread with ID 000008C4 created
- 7C8106E9 New thread with ID 00000E34 created
- 7C8106E9 New thread with ID 00000420 created
- 7C8106E9 New thread with ID 000003F8 created
- 7C8106E9 New thread with ID 00000C14 created
- 7C8106E9 New thread with ID 00000E68 created
- 00F737F2 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F73C1D [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F73C62 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F75BBE [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F75B5A [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F75AEF [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F76220 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F76A21 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F77589 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F7B9CC [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F7B23B [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F7E806 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F7F486 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F7F167 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F807AA [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F80663 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F8BB62 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F8B8B1 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 00F8E440 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F8DCB6 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F8E03D [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F944E0 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F9480F [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F93CAB [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F95260 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F94CC7 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F99B0B [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F9A675 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00F99E69 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 01BB0033 Hardware breakpoint 1 at 01BB0033
- 7C9101BB Hardware breakpoint 3 at ntdll.7C9101BB
- Heap Prot was redirected!
- 76380000 Module F:\WINDOWS\system32\comdlg32.dll
- 7C9C0000 Module F:\WINDOWS\system32\shell32.dll
- 10000000 Module F:\Documents and Settings\Paulo\Desktop\lixo\Mss32.dll
- 60000000 Module F:\Documents and Settings\Paulo\Desktop\lixo\ijl15.dll
- 78050000 Module F:\WINDOWS\system32\msvcp100.dll
- 78AA0000 Module F:\WINDOWS\system32\msvcr100.dll
- 73B00000 Module F:\WINDOWS\system32\avifil32.dll
- 77BC0000 Module F:\WINDOWS\system32\msacm32.dll
- 75B80000 Module F:\WINDOWS\system32\msvfw32.dll
- 71A70000 Module F:\WINDOWS\system32\ws2_32.dll
- 71A60000 Module F:\WINDOWS\system32\ws2help.dll
- 77190000 Module F:\WINDOWS\system32\wininet.dll
- 77A60000 Module F:\WINDOWS\system32\crypt32.dll
- 77B00000 Module F:\WINDOWS\system32\msasn1.dll
- 59EA0000 Module F:\WINDOWS\system32\dbghelp.dll
- 77BE0000 Module F:\WINDOWS\system32\version.dll
- 76D40000 Module F:\WINDOWS\system32\iphlpapi.dll
- 76360000 Module F:\WINDOWS\system32\imm32.dll
- 00FA0D02 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FA0479 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FA164A [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FA4CC2 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FA4CAF [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FA58EE [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FA52F5 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FA5610 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FA6E43 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FA69F0 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FA7EBB [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FAE716 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FADDB9 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB00BE [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FAFD11 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB1CAA [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB18A3 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB64CD [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB6773 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB6B03 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB77F5 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB763F [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB7E1B [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB8A9E [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB87ED [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FB9314 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FBA5DF [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FBA497 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FBA836 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FBAF6E [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FBAE76 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FBB82A [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FBBE28 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FBC55A Hardware breakpoint 4 at ProjectG.00FBC55A
- SetEvent Realtime was redirected to User location!
- First Kernel ADS was filled!
- 00EF9BDA Hardware breakpoint 3 at ProjectG.00EF9BDA
- 00F0451C Hardware breakpoint 3 at ProjectG.00F0451C
- Kernel Locations was re-filled with kernelbase!
- 00FBFB19 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FBFBD4 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC0C2F [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC2B97 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC40A0 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC431C [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC45CA [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC486B [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC4899 Hardware breakpoint 2 at ProjectG.00FC4899
- 00401000 Problems when disabling memory breakpoint:
- 00401000 Access to memory changed from RE to RWE (original RWECopy)
- 00FC48A6 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC48E0 Memory breakpoint when writing to [00ED9C5C]
- 00FC58A2 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC4FCD [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC5AA7 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC5D4F [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC6C6A [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FC6E04 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE5A83 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE5DE9 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE6B6B [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE7D0B [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE751F [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE7E6F [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE8329 Memory breakpoint when writing to [00ED9C5C]
- 00FE83B6 Memory breakpoint when writing to [00401000]
- FE83B6 - REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI]
- 00FE83B8 [PhantOm_iNFO] > Breakpoint [sti]
- 00FE83B8 Breakpoint at ProjectG.00FE83B8
- 00FE85C3 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE9107 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE934A [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE93F9 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE9DB2 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00FE984F [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 01003F8F [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 010039CF [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 0100546D [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 0100597A [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 0100781A [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 01007EE7 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 01007D79 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 010081F0 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 01BC02AF [PhantOm_iNFO] > Breakpoint [sti]
- 01BC02AF Breakpoint at 01BC02AF
- First Found 4 Magic Jumps!
- ------------------------------
- MJ_1: 0100D185
- MJ_2: 0100D198
- MJ_3: 0100D1CE
- MJ_4: 0100D1F5
- ------------------------------
- Modern TM WL Version Found!
- -------- IAT RD DATA ---------
- F4F0D4 - CMP R32, 10000
- 100C6A4 - Prevent Crasher
- 100D185 - Prevent IAT RD
- 100D198 - Prevent IAT RD
- 100D1CE - Prevent IAT RD
- 100D1F5 - Prevent IAT RD
- --------------------------------
- Special Pointers Located!
- 0100D185 Hardware breakpoint 2 at ProjectG.0100D185
- ----- First API In EAX -----
- API ADDR: 7C83644C | MODULE NAME: kernel32 | API NAME: GetPrivateProfileIntA
- ----------------------------
- MJs and Nopper was patched!
- IAT LOG & COUNT WAS SET!
- IAT WAS MANUALLY PATCHED!
- 00F2AEE3 [PhantOm_iNFO] > Breakpoint [sti]
- 00F2AEE3 Breakpoint at ProjectG.00F2AEE3
- 0100BE28 Hardware breakpoint 2 at ProjectG.0100BE28
- Special IAT Patch was written!
- 010100B2 Hardware breakpoint 1 at ProjectG.010100B2
- It can be that the VM OEP can not found yet at this moment!
- In some cases the WL code is not created at this late point!
- So if the created VM OEP data will fail then use the real OEP!
- Or find the VM OEP manually!
- Come close at the end and find VM On/Off switch!
- Do Input 1 / Output 0 steps via HWBP write!
- Test on CISC first - MemBPWrite Code = REP DW [EDI],[ESI]
- Now set HWBP on GetProcessHeap and return = close at the end!
- VM OEP = Align + Pre Push (TIGER & FISH VM Only) VM + Push + JMP Handler!
- For newer version you need to use Align to EBP before entering the VM!
- Find that later created commands at OEP in WL section...
- MOV R32,R32 | ADD R32,R32 | JMP R32
- Break on the founds and trace forward till Handler start and check push values!
- Check out my video to see a exsample about it!
- 1.) Older VM SIGN FOUND!
- 038A0193 [PhantOm_iNFO] > Breakpoint [sti]
- 038A0193 Breakpoint at 038A0193
- Possible VM OEP STOP FOUND AT: EF9013
- Possible VM OEP STOP FOUND AT: F23DFB
- Possible VM OEP STOP FOUND AT: F0DCA7
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139B43A6
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 0101456E [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 01014E7E [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 01014E41 [PhantOm_iNFO] > Code: C0000096 Name: Privlidged Instruction
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139B7C8B
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139B8451
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139B9BD5
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139B9E43
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139BA52A
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139BA670
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139BA6AF
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139BA97C
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 01BB0033 Hardware breakpoint 1 at 01BB0033
- 7C9101BB Hardware breakpoint 2 at ntdll.7C9101BB
- Heap One was redirected!
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139BAA98
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 01BB0033 Hardware breakpoint 1 at 01BB0033
- 7C9101BB Hardware breakpoint 2 at ntdll.7C9101BB
- Heap Two was redirected!
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139BABE4
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139BC545
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 [PhantOm_iNFO] > Breakpoint [sti]
- 00EF9013 Breakpoint at ProjectG.00EF9013
- FFC77600
- 139BD092
- 00EF9014 [PhantOm_iNFO] > Breakpoint [sti]
- 00C1EE73 Memory breakpoint when executing [00C1EE73]
- FOUND_API_COUNTS: 00000334
- 03710149 [PhantOm_iNFO] > Breakpoint [sti]
- 03710149 Breakpoint at 03710149
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 03710174 [PhantOm_iNFO] > Breakpoint [sti]
- 03710174 Breakpoint at 03710174
- Problem!Logged API was not found in Code!
- ++++++++++++++++++++++++++++++++++
- Search Section: 00401000
- Search End : 00EE7FF0
- API_TOP: 038C0010
- API_END: 038C0CE0
- API_ADDR: 7C83644C
- API_ADDR: 76364DD6
- FOUND_API_COUNTS: 00000334
- API_TOP_NAME: kernel32.GetPrivateProfileIntA
- API_END_NAME: imm32.ImmSetCompositionWindow
- ++++++++++++++++++++++++++++++++++
- 0371017B [PhantOm_iNFO] > Breakpoint [sti]
- 0371017B Breakpoint at 0371017B
- 00CC8000
- 00CC8D1C
- 00000D20
- Found IAT start and end!
- Newer Second SAD Found at: EF0FD7!
- Found SAD TOP at: EF203C - 12FF9C
- Fixed SAD TOP at: EF203C - 1791000 - 590D2D51
- Found and Redirected 1 First SAD's!
- ---------- NEW INFO ----------
- NEW VM OEP SCAN
- VM OEP Push is: 139BD092
- VM OEP Jump is: EF9013
- ------------------------------
- No VM OEP Routines to rebuiled!
- 03730180 [PhantOm_iNFO] > Breakpoint [sti]
- 03730180 Breakpoint at 03730180
- ----- SLEEP APIS -----
- ----- Found 1 --------
- VM Sleep API Fixed at: F43FF3
- ----------------------
- 038A0194 [PhantOm_iNFO] > Breakpoint [sti]
- 038A0194 Breakpoint at 038A0194
- Direct VM OEP Address not found! - But is in use! - Rebuild Manually Push & JUMP Values!
- VM ADDR: Custom
- VM ALIGN MOV : ED65F014
- VM PUSH : 139BD092
- VM JUMP : EF9013
- New Created OEP is: VA 1791600
- 038A018D [PhantOm_iNFO] > Breakpoint [sti]
- 038A018D Breakpoint at 038A018D
- 038A018D [PhantOm_iNFO] > Breakpoint [sti]
- 038A018D Breakpoint at 038A018D
- 038A0190 [PhantOm_iNFO] > Breakpoint [sti]
- 038A0190 Breakpoint at 038A0190
- 038A018D [PhantOm_iNFO] > Breakpoint [sti]
- 038A018D Breakpoint at 038A018D
- 038A0190 [PhantOm_iNFO] > Breakpoint [sti]
- 038A0190 Breakpoint at 038A0190
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C80BFB9 [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 7C809ECA [PhantOm_iNFO] > Code: C0000005 Name: Access Violation
- 038A01E8 [PhantOm_iNFO] > Breakpoint [sti]
- 038A01E8 Breakpoint at 038A01E8
- ---------- SDK API LIST ----------
- 1 | Possible SDK API JMP FOUND AT: C1E7C5 to DLL 0 <-- XBFile
- 00C1E7C5
- Free DLL section and load the XB dumped file and adjust the SDK imports in the IAT!
- ----------------------------------
- 038A01A8 [PhantOm_iNFO] > Breakpoint [sti]
- 038A01A8 Breakpoint at 038A01A8
- 038A01AA [PhantOm_iNFO] > Breakpoint [sti]
- 038A01AA Breakpoint at 038A01AA
- 038A01B0 [PhantOm_iNFO] > Breakpoint [sti]
- 038A01B0 Breakpoint at 038A01B0
- 038A0173 [PhantOm_iNFO] > Breakpoint [sti]
- 038A0173 Breakpoint at 038A0173
- Found no JMP to wsprintfA APIs x2!
- CRYPT-to-CODE will not fixed!
- --------------------------
- Check Code Integrity Macro Found at: 01016885
- Check Code Integrity Macro Found at: 010169D4
- Check Code Integrity Macro Found at: 01016B21
- Patch Check Code Integrity Macro Manually!
- --------------------------
- 038A0197 [PhantOm_iNFO] > Breakpoint [sti]
- 038A0197 Breakpoint at 038A0197
- 038A0199 [PhantOm_iNFO] > Breakpoint [sti]
- 038A0199 Breakpoint at 038A0199
- 038A0129 [PhantOm_iNFO] > Breakpoint [sti]
- 038A0129 Breakpoint at 038A0129
- 038A018D [PhantOm_iNFO] > Breakpoint [sti]
- 038A018D Breakpoint at 038A018D
- 038A018D [PhantOm_iNFO] > Breakpoint [sti]
- 038A018D Breakpoint at 038A018D
- 038A0190 [PhantOm_iNFO] > Breakpoint [sti]
- 038A0190 Breakpoint at 038A0190
- ---------- IAT DATA ----------
- IAT START: CC8000 | 77F69D94 | advapi32.CryptGetHashParam
- IAT END : CC8D1C | 774DD044 | ole32.CoTaskMemFree
- IAT SIZE : D20
- IAT APIs : 820 | Dec
- ------------------------------
- Start of new direct IAT fixing!
- Better search and fix pattern used!
- Only fixing direct APIs of real entered IAT start til End by user!
- 03910020 [PhantOm_iNFO] > Breakpoint [sti]
- 03910020 Breakpoint at 03910020
- 03910039 [PhantOm_iNFO] > Breakpoint [sti]
- 03910039 Breakpoint at 03910039
- 03910039 [PhantOm_iNFO] > Breakpoint [sti]
- 03910039 Breakpoint at 03910039
- 03910031 [PhantOm_iNFO] > Breakpoint [sti]
- 03910031 Breakpoint at 03910031
- 03910031 [PhantOm_iNFO] > Breakpoint [sti]
- 03910031 Breakpoint at 03910031
- 0391002E [PhantOm_iNFO] > Breakpoint [sti]
- 0391002E Breakpoint at 0391002E
- 03910033 [PhantOm_iNFO] > Breakpoint [sti]
- 03910033 Breakpoint at 03910033
- 03910035 [PhantOm_iNFO] > Breakpoint [sti]
- 03910035 Breakpoint at 03910035
- 03910035 [PhantOm_iNFO] > Breakpoint [sti]
- 03910035 Breakpoint at 03910035
- 03910035 [PhantOm_iNFO] > Breakpoint [sti]
- 03910035 Breakpoint at 03910035
- 03910041 [PhantOm_iNFO] > Breakpoint [sti]
- 03910041 Breakpoint at 03910041
- 03910035 [PhantOm_iNFO] > Breakpoint [sti]
- 03910035 Breakpoint at 03910035
- 03910035 [PhantOm_iNFO] > Breakpoint [sti]
- 03910035 Breakpoint at 03910035
- 0391003E [PhantOm_iNFO] > Breakpoint [sti]
- 0391003E Breakpoint at 0391003E
- 0391002F [PhantOm_iNFO] > Breakpoint [sti]
- 0391002F Breakpoint at 0391002F
- 03910031 [PhantOm_iNFO] > Breakpoint [sti]
- 03910031 Breakpoint at 03910031
- 03910036 [PhantOm_iNFO] > Breakpoint [sti]
- 03910036 Breakpoint at 03910036
- 0391003C [PhantOm_iNFO] > Breakpoint [sti]
- 0391003C Breakpoint at 0391003C
- 03910041 [PhantOm_iNFO] > Breakpoint [sti]
- 03910041 Breakpoint at 03910041
- 03910041 [PhantOm_iNFO] > Breakpoint [sti]
- 03910041 Breakpoint at 03910041
- 03910029 [PhantOm_iNFO] > Breakpoint [sti]
- 03910029 Breakpoint at 03910029
- 03910029 [PhantOm_iNFO] > Breakpoint [sti]
- 03910029 Breakpoint at 03910029
- 03910039 [PhantOm_iNFO] > Breakpoint [sti]
- 03910039 Breakpoint at 03910039
- New IAT Patching way was executed!
- API FOUND : 17999 and fixed DIRECT APIs to original IAT by user data.
- 038A0142 [PhantOm_iNFO] > Breakpoint [sti]
- 038A0142 Breakpoint at 038A0142
- 1 | Found possible custom TM WL calls at: 412E0C
- 00412E0C
- 2 | Found possible custom TM WL calls at: 439787
- 00439787
- 3 | Found possible custom TM WL calls at: 467FE7
- 00467FE7
- 4 | Found possible custom TM WL calls at: 56B401
- 0056B401
- 5 | Found possible custom TM WL calls at: 5A270E
- 005A270E
- 6 | Found possible custom TM WL calls at: 5B2C42
- 005B2C42
- 7 | Found possible custom TM WL calls at: 5DF5EE
- 005DF5EE
- 8 | Found possible custom TM WL calls at: 7032ED
- 007032ED
- 9 | Found possible custom TM WL calls at: 70540E
- 0070540E
- A | Found possible custom TM WL calls at: 71FC1C
- 0071FC1C
- B | Found possible custom TM WL calls at: 746F84
- 00746F84
- C | Found possible custom TM WL calls at: 761AF8
- 00761AF8
- D | Found possible custom TM WL calls at: 7A9BD0
- 007A9BD0
- E | Found possible custom TM WL calls at: 7D17A3
- 007D17A3
- F | Found possible custom TM WL calls at: 892C11
- 00892C11
- 10 | Found possible custom TM WL calls at: 89BF8E
- 0089BF8E
- 11 | Found possible custom TM WL calls at: 8DCE9A
- 008DCE9A
- 12 | Found possible custom TM WL calls at: 94D283
- 0094D283
- 13 | Found possible custom TM WL calls at: 9687D7
- 009687D7
- 14 | Found possible custom TM WL calls at: BBC5CE
- 00BBC5CE
- 15 | Found possible custom TM WL calls at: BD44FE
- 00BD44FE
- 16 | Found possible custom TM WL calls at: C4A690
- 00C4A690
- 17 | Found possible custom TM WL calls at: C4AC60
- 00C4AC60
- 03930001 [PhantOm_iNFO] > Breakpoint [sti]
- 03930001 Breakpoint at 03930001
- 03930015 [PhantOm_iNFO] > Breakpoint [sti]
- 03930015 Breakpoint at 03930015
- TLS CallBackPointer was Killed!
- Delphi Sign found!TLS Access Patched at: 773F8D
- TLS was removed from target!
- Codesection was set to writeable by script before dumping!
- IATStore-Section is already set to writeable!
- 03940047 [PhantOm_iNFO] > Breakpoint [sti]
- 03940047 Breakpoint at 03940047
- The old original Import Table was deleted!
- SetEvent: EF0AD6 - 1AB94A7
- SetEvent: EF0AD6 - 1792200 * 1792214 - 2FF03
- SetEvent ASD was redirected!
- LoadLib: EF1C04 - 1792210 * 1792226 - #15A813807C85C0595974126A#
- LoadLibraryA ASD was redirected!
- LoadLib: EF1C04 - 1792250 * 1792250 - #8BFF558BEC538B5D08F6C301560F8524A2000053E8DCFFFFFF8BF085F60F8C381C020033C0405E5B5DC2040090909090#
- FreeLibrary ASD was redirected >1< time!
- eax: 03950000 | ASCII "C:\Themida - Winlicense Ultra Unpacker 1.1\ARImpRec.dll"
- ecx: 7C801D7B | kernel32.LoadLibraryA
- 40000000 Module C:\Themida - Winlicense Ultra Unpacker 1.1\ARImpRec.dll
- eax: 40000000 | ASCII "MZP"
- ecx: 03950000 | ASCII "TryGetImportedFunction@24"
- eax: 40000000 | ASCII "MZP"
- edi: 7C80AE30 | kernel32.GetProcAddress
- eax: 4001F894 | ARImpRec.TryGetImportedFunction@24
- esi: 00CC8000
- edi: 03A80000
- ecx: 00000D20
- ---------- Pre Calculated Table datas ----------
- I_TABLE Start VA: 1793000 - Size: 8200
- P_TABLE Start VA: 179B200 - Size: 3400
- S_TABLE Start VA: 179E600 - Size: OpenEnd
- ------------------------------------------------
- ---------- ITA ----------
- Import Table Address RVA: AEE06D
- Import Table Size : 95
- -------------------------
- 03AA02C4 [PhantOm_iNFO] > Breakpoint [sti]
- 03AA02C4 Breakpoint at 03AA02C4
- --------- ITA NEW --------
- Import Table Address RVA: 1393000
- Import Table Size : 4010
- -------------------------
- VP STORE: 1792F00 - 7C801AD4 - kernel32.VirtualProtect
- 03AA02C4 [PhantOm_iNFO] > Breakpoint [sti]
- 03AA02C4 Breakpoint at 03AA02C4
- PE ADS + IAT: VA 1790000 | RVA 1390000 | 154AC Raw
- 03AA02C4 [PhantOm_iNFO] > Breakpoint [sti]
- 03AA02C4 Breakpoint at 03AA02C4
- 03AA02D8 [PhantOm_iNFO] > Breakpoint [sti]
- 03AA02D8 Breakpoint at 03AA02D8
- PE was dumped to disk!
- PE_ADS - 1790000 - 154AC
- eax: 03AF0000 | ASCII "F:\Documents and Settings\Paulo\Desktop\lixo\ProjectG.exe"
- eax: 03AF002D | ASCII "ProjectG.exe"
- ProjectG.exe
- eax: 03AF0039 | ASCII "msvcrt.dll"
- edi: 7C801D7B | kernel32.LoadLibraryA
- eax: 77BF0000
- malloc: 77C0C407 | msvcrt.malloc
- free: 77C0C21B | msvcrt.free
- ldiv: 77C16D46 | msvcrt.ldiv
- OEP_RVA: 01391600
- Section sizes analysis was rejected!
- 03B1038F [PhantOm_iNFO] > Breakpoint [sti]
- 03B1038F Breakpoint at 03B1038F
- Dumping was successfully by the script!
- PE_ADS
- F:\Documents and Settings\Paulo\Desktop\lixo\PE_ADS
- 03B204B5 [PhantOm_iNFO] > Breakpoint [sti]
- 03B204B5 Breakpoint at 03B204B5
- SEC_HANDLE: 00000160
- 03B20809 [PhantOm_iNFO] > Breakpoint [sti]
- 03B20809 Breakpoint at 03B20809
- Section was successfully added to dumped file!
- PE Rebuild was successfully!
- esi: 00000160
- edi: 7C809BD7 | kernel32.CloseHandle
- eax: 00000001
- eax: 03B50000 | ASCII "F:\Documents and Settings\Paulo\Desktop\lixo\PE_ADS"
- edi: 7C831EC5 | kernel32.DeleteFileA
- eax: 00000001
- esi: 03A80000
- edi: 00CC8000
- ecx: 00000D20
- Target OEP or Sub Routine Top First Execution On CodeSection VA: C1EE73
- Script Finished - See Olly LOG for more infos!
- Thank you and bye bye
- 5B1C0000 Module F:\WINDOWS\system32\uxtheme.dll
- 19600000 Module F:\Arquivos de programas\TeamViewer\Version9\tv_w32.dll
- 70E60000 Module F:\WINDOWS\system32\asycfilt.dll
- 03CE0643 [PhantOm_iNFO] > Breakpoint [sti]
- 03CE0643 Breakpoint at 03CE0643
- Well done,so it looks nice don't you? ;)
- LCF-AT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement