API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 28th, 2024
96
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.99 KB | None | 0 0
raw download clone embed print report
  1. Enigma Alternativ Unpacker 1.1
  2. Titan.dll loading check was successfully!
  3. Na,das hast du aber fein gemacht ;)
  4.  
  5. Real target name is: UnPackMe.TEP.3.80.exe
  6. MODULEBASE: 00400000 | ASCII "MZP"
  7. ENTRY: 0040A5C7 | UnPackMe.<ModuleEntryPoint>
  8. SectionEnd: 903000
  9. TLS: 007ED000
  10. TLS_CB: 007ED00C
  11. TLS_CB_IN: 007ED020
  12.  
  13.  
  14. Enigmasection is: 47F000
  15. ENIGMA VERSION | 3.70 - Static Scan!
  16. ----------------------------------
  17. DLL_Loader.dll
  18. ----------------------------------------------------------------------
  19. RVA: C850C | VA: 54750C | Func: EP_CheckUpStartupPasswordHashString
  20. RVA: C855C | VA: 54755C | Func: EP_CheckupCopies
  21. RVA: C856C | VA: 54756C | Func: EP_CheckupCopiesCurrent
  22. RVA: C8564 | VA: 547564 | Func: EP_CheckupCopiesTotal
  23. RVA: C85C4 | VA: 5475C4 | Func: EP_CheckupFindProcess
  24. RVA: C85C4 | VA: 5475C4 | Func: EP_CheckupFindProcessA
  25. RVA: C85CC | VA: 5475CC | Func: EP_CheckupFindProcessW
  26. RVA: C857C | VA: 54757C | Func: EP_CheckupIsEnigmaOk
  27. RVA: C8574 | VA: 547574 | Func: EP_CheckupIsProtected
  28. RVA: C8584 | VA: 547584 | Func: EP_CheckupVirtualizationTools
  29. RVA: C85A4 | VA: 5475A4 | Func: EP_CryptDecryptBuffer
  30. RVA: C85AC | VA: 5475AC | Func: EP_CryptDecryptBufferEx
  31. RVA: C8594 | VA: 547594 | Func: EP_CryptEncryptBuffer
  32. RVA: C859C | VA: 54759C | Func: EP_CryptEncryptBufferEx
  33. RVA: C8534 | VA: 547534 | Func: EP_CryptHashBuffer
  34. RVA: C853C | VA: 54753C | Func: EP_CryptHashFileA
  35. RVA: C8544 | VA: 547544 | Func: EP_CryptHashFileW
  36. RVA: C854C | VA: 54754C | Func: EP_CryptHashStringA
  37. RVA: C8554 | VA: 547554 | Func: EP_CryptHashStringW
  38. RVA: C858C | VA: 54758C | Func: EP_EnigmaVersion
  39. RVA: C851C | VA: 54751C | Func: EP_MiscCountryCode
  40. RVA: C8514 | VA: 547514 | Func: EP_MiscGetWatermark
  41. RVA: C8524 | VA: 547524 | Func: EP_ProtectedStringByID
  42. RVA: C852C | VA: 54752C | Func: EP_ProtectedStringByKey
  43. RVA: C83BC | VA: 5473BC | Func: EP_RegCheckAndSaveKey
  44. RVA: C83C4 | VA: 5473C4 | Func: EP_RegCheckAndSaveKeyA
  45. RVA: C83CC | VA: 5473CC | Func: EP_RegCheckAndSaveKeyW
  46. RVA: C836C | VA: 54736C | Func: EP_RegCheckKey
  47. RVA: C8374 | VA: 547374 | Func: EP_RegCheckKeyA
  48. RVA: C84F4 | VA: 5474F4 | Func: EP_RegCheckKeyEx
  49. RVA: C837C | VA: 54737C | Func: EP_RegCheckKeyW
  50. RVA: C85FC | VA: 5475FC | Func: EP_RegDecryptRegistrationInformation
  51. RVA: C83D4 | VA: 5473D4 | Func: EP_RegDeleteKey
  52. RVA: C85F4 | VA: 5475F4 | Func: EP_RegEncryptRegistrationInformation
  53. RVA: C8354 | VA: 547354 | Func: EP_RegHardwareID
  54. RVA: C835C | VA: 54735C | Func: EP_RegHardwareIDA
  55. RVA: C8364 | VA: 547364 | Func: EP_RegHardwareIDW
  56. RVA: C83EC | VA: 5473EC | Func: EP_RegKeyCreationDate
  57. RVA: C83F4 | VA: 5473F4 | Func: EP_RegKeyCreationDateEx
  58. RVA: C8414 | VA: 547414 | Func: EP_RegKeyDays
  59. RVA: C8424 | VA: 547424 | Func: EP_RegKeyDaysLeft
  60. RVA: C841C | VA: 54741C | Func: EP_RegKeyDaysTotal
  61. RVA: C83FC | VA: 5473FC | Func: EP_RegKeyExecutions
  62. RVA: C840C | VA: 54740C | Func: EP_RegKeyExecutionsLeft
  63. RVA: C8404 | VA: 547404 | Func: EP_RegKeyExecutionsTotal
  64. RVA: C83DC | VA: 5473DC | Func: EP_RegKeyExpirationDate
  65. RVA: C83E4 | VA: 5473E4 | Func: EP_RegKeyExpirationDateEx
  66. RVA: C8444 | VA: 547444 | Func: EP_RegKeyGlobalTime
  67. RVA: C8454 | VA: 547454 | Func: EP_RegKeyGlobalTimeLeft
  68. RVA: C844C | VA: 54744C | Func: EP_RegKeyGlobalTimeTotal
  69. RVA: C85D4 | VA: 5475D4 | Func: EP_RegKeyInformation
  70. RVA: C85D4 | VA: 5475D4 | Func: EP_RegKeyInformationA
  71. RVA: C85DC | VA: 5475DC | Func: EP_RegKeyInformationW
  72. RVA: C845C | VA: 54745C | Func: EP_RegKeyRegisterAfterDate
  73. RVA: C8464 | VA: 547464 | Func: EP_RegKeyRegisterAfterDateEx
  74. RVA: C846C | VA: 54746C | Func: EP_RegKeyRegisterBeforeDate
  75. RVA: C8474 | VA: 547474 | Func: EP_RegKeyRegisterBeforeDateEx
  76. RVA: C842C | VA: 54742C | Func: EP_RegKeyRuntime
  77. RVA: C843C | VA: 54743C | Func: EP_RegKeyRuntimeLeft
  78. RVA: C8434 | VA: 547434 | Func: EP_RegKeyRuntimeTotal
  79. RVA: C85E4 | VA: 5475E4 | Func: EP_RegKeyStatus
  80. RVA: C83B4 | VA: 5473B4 | Func: EP_RegLoadAndCheckKey
  81. RVA: C839C | VA: 54739C | Func: EP_RegLoadKey
  82. RVA: C83A4 | VA: 5473A4 | Func: EP_RegLoadKeyA
  83. RVA: C8504 | VA: 547504 | Func: EP_RegLoadKeyEx
  84. RVA: C83AC | VA: 5473AC | Func: EP_RegLoadKeyW
  85. RVA: C8384 | VA: 547384 | Func: EP_RegSaveKey
  86. RVA: C838C | VA: 54738C | Func: EP_RegSaveKeyA
  87. RVA: C84FC | VA: 5474FC | Func: EP_RegSaveKeyEx
  88. RVA: C8394 | VA: 547394 | Func: EP_RegSaveKeyW
  89. RVA: C85EC | VA: 5475EC | Func: EP_RegShowDialog
  90. RVA: C85BC | VA: 5475BC | Func: EP_SplashScreenHide
  91. RVA: C85B4 | VA: 5475B4 | Func: EP_SplashScreenShow
  92. RVA: C84EC | VA: 5474EC | Func: EP_TrialClockReversedDays
  93. RVA: C84BC | VA: 5474BC | Func: EP_TrialDateTillDate
  94. RVA: C84CC | VA: 5474CC | Func: EP_TrialDateTillDateEndEx
  95. RVA: C84C4 | VA: 5474C4 | Func: EP_TrialDateTillDateStartEx
  96. RVA: C8494 | VA: 547494 | Func: EP_TrialDays
  97. RVA: C84A4 | VA: 5474A4 | Func: EP_TrialDaysLeft
  98. RVA: C849C | VA: 54749C | Func: EP_TrialDaysTotal
  99. RVA: C84D4 | VA: 5474D4 | Func: EP_TrialExecutionTime
  100. RVA: C84E4 | VA: 5474E4 | Func: EP_TrialExecutionTimeLeft
  101. RVA: C84DC | VA: 5474DC | Func: EP_TrialExecutionTimeTotal
  102. RVA: C847C | VA: 54747C | Func: EP_TrialExecutions
  103. RVA: C848C | VA: 54748C | Func: EP_TrialExecutionsLeft
  104. RVA: C8484 | VA: 547484 | Func: EP_TrialExecutionsTotal
  105. RVA: C84AC | VA: 5474AC | Func: EP_TrialExpirationDate
  106. RVA: C84B4 | VA: 5474B4 | Func: EP_TrialExpirationDateEx
  107. RVA: EA160 | VA: 569160 | Func: Start
  108. ----------------------------------------------------------------------
  109.  
  110. ----------------------------------------------------------------------
  111. RVA: C850C | VA: 54750C | VM PUSH VALUE: 5A3BFA84 | Func: EP_CheckUpStartupPasswordHashString
  112. RVA: C855C | VA: 54755C | VM PUSH VALUE: 5A3B8FD1 | Func: EP_CheckupCopies
  113. RVA: C856C | VA: 54756C | VM PUSH VALUE: 5A3B8FD0 | Func: EP_CheckupCopiesCurrent
  114. RVA: C8564 | VA: 547564 | VM PUSH VALUE: 5A3B8A0C | Func: EP_CheckupCopiesTotal
  115. RVA: C85C4 | VA: 5475C4 | VM PUSH VALUE: 5A3BBE89 | Func: EP_CheckupFindProcess
  116. RVA: C85C4 | VA: 5475C4 | VM PUSH VALUE: 5A3BBE89 | Func: EP_CheckupFindProcessA
  117. RVA: C85CC | VA: 5475CC | VM PUSH VALUE: 5A3BF2ED | Func: EP_CheckupFindProcessW
  118. RVA: C857C | VA: 54757C | VM PUSH VALUE: 5A3B8B99 | Func: EP_CheckupIsEnigmaOk
  119. RVA: C8574 | VA: 547574 | VM PUSH VALUE: 5A3BE248 | Func: EP_CheckupIsProtected
  120. RVA: C8584 | VA: 547584 | VM PUSH VALUE: 5A3B82FC | Func: EP_CheckupVirtualizationTools
  121. RVA: C85A4 | VA: 5475A4 | VM PUSH VALUE: 5A3BCEB8 | Func: EP_CryptDecryptBuffer
  122. RVA: C85AC | VA: 5475AC | VM PUSH VALUE: 5A3BEEB5 | Func: EP_CryptDecryptBufferEx
  123. RVA: C8594 | VA: 547594 | VM PUSH VALUE: 5A3BC00C | Func: EP_CryptEncryptBuffer
  124. RVA: C859C | VA: 54759C | VM PUSH VALUE: 5A3BDC03 | Func: EP_CryptEncryptBufferEx
  125. RVA: C8534 | VA: 547534 | VM PUSH VALUE: 5A3BDE97 | Func: EP_CryptHashBuffer
  126. RVA: C853C | VA: 54753C | VM PUSH VALUE: 5A3B846F | Func: EP_CryptHashFileA
  127. RVA: C8544 | VA: 547544 | VM PUSH VALUE: 5A3B8FE6 | Func: EP_CryptHashFileW
  128. RVA: C854C | VA: 54754C | VM PUSH VALUE: 5A3BB740 | Func: EP_CryptHashStringA
  129. RVA: C8554 | VA: 547554 | VM PUSH VALUE: 5A3BE30E | Func: EP_CryptHashStringW
  130. RVA: C858C | VA: 54758C | VM PUSH VALUE: 5A3BDE3B | Func: EP_EnigmaVersion
  131. RVA: C851C | VA: 54751C | VM PUSH VALUE: 5A3BF070 | Func: EP_MiscCountryCode
  132. RVA: C8514 | VA: 547514 | VM PUSH VALUE: 5A3B8162 | Func: EP_MiscGetWatermark
  133. RVA: C8524 | VA: 547524 | VM PUSH VALUE: 5A3BEF16 | Func: EP_ProtectedStringByID
  134. RVA: C852C | VA: 54752C | VM PUSH VALUE: 5A3BDF26 | Func: EP_ProtectedStringByKey
  135. RVA: C83BC | VA: 5473BC | VM PUSH VALUE: 5A3BBE73 | Func: EP_RegCheckAndSaveKey
  136. RVA: C83C4 | VA: 5473C4 | VM PUSH VALUE: 5A3BDED4 | Func: EP_RegCheckAndSaveKeyA
  137. RVA: C83CC | VA: 5473CC | VM PUSH VALUE: 5A3BC818 | Func: EP_RegCheckAndSaveKeyW
  138. RVA: C836C | VA: 54736C | VM PUSH VALUE: 5A3BB86A | Func: EP_RegCheckKey
  139. RVA: C8374 | VA: 547374 | VM PUSH VALUE: 5A3BF528 | Func: EP_RegCheckKeyA
  140. RVA: C84F4 | VA: 5474F4 | VM PUSH VALUE: 5A3BBFC2 | Func: EP_RegCheckKeyEx
  141. RVA: C837C | VA: 54737C | VM PUSH VALUE: 5A3BDE05 | Func: EP_RegCheckKeyW
  142. ----------------------------------------------------------------------
  143. RVA: C85FC | VA: 5475FC | VM PUSH VALUE: DeCrypt_ | Func: EP_RegDecryptRegistrationInformation
  144. ----------------------------------------------------------------------
  145. RVA: C83D4 | VA: 5473D4 | VM PUSH VALUE: 5A3B96C2 | Func: EP_RegDeleteKey
  146. ----------------------------------------------------------------------
  147. RVA: C85F4 | VA: 5475F4 | VM PUSH VALUE: DeCrypt_ | Func: EP_RegEncryptRegistrationInformation
  148. ----------------------------------------------------------------------
  149. RVA: C8354 | VA: 547354 | VM PUSH VALUE: 5A3BEEB4 | Func: EP_RegHardwareID
  150. RVA: C835C | VA: 54735C | VM PUSH VALUE: 5A3BBE8A | Func: EP_RegHardwareIDA
  151. RVA: C8364 | VA: 547364 | VM PUSH VALUE: 5A3BD22F | Func: EP_RegHardwareIDW
  152. RVA: C83EC | VA: 5473EC | VM PUSH VALUE: 5A3BDC63 | Func: EP_RegKeyCreationDate
  153. RVA: C83F4 | VA: 5473F4 | VM PUSH VALUE: 5A3BC503 | Func: EP_RegKeyCreationDateEx
  154. RVA: C8414 | VA: 547414 | VM PUSH VALUE: 5A3BDFF7 | Func: EP_RegKeyDays
  155. RVA: C8424 | VA: 547424 | VM PUSH VALUE: 5A3BE08B | Func: EP_RegKeyDaysLeft
  156. RVA: C841C | VA: 54741C | VM PUSH VALUE: 5A3BBFAA | Func: EP_RegKeyDaysTotal
  157. RVA: C83FC | VA: 5473FC | VM PUSH VALUE: 5A3BE927 | Func: EP_RegKeyExecutions
  158. RVA: C840C | VA: 54740C | VM PUSH VALUE: 5A3B9D8E | Func: EP_RegKeyExecutionsLeft
  159. RVA: C8404 | VA: 547404 | VM PUSH VALUE: 5A3B8C7F | Func: EP_RegKeyExecutionsTotal
  160. RVA: C83DC | VA: 5473DC | VM PUSH VALUE: 5A3B846E | Func: EP_RegKeyExpirationDate
  161. RVA: C83E4 | VA: 5473E4 | VM PUSH VALUE: 5A3B94CC | Func: EP_RegKeyExpirationDateEx
  162. RVA: C8444 | VA: 547444 | VM PUSH VALUE: 5A3BE099 | Func: EP_RegKeyGlobalTime
  163. RVA: C8454 | VA: 547454 | VM PUSH VALUE: 5A3B94CD | Func: EP_RegKeyGlobalTimeLeft
  164. RVA: C844C | VA: 54744C | VM PUSH VALUE: 5A3B8A67 | Func: EP_RegKeyGlobalTimeTotal
  165. RVA: C85D4 | VA: 5475D4 | VM PUSH VALUE: 5A3BEACC | Func: EP_RegKeyInformation
  166. RVA: C85D4 | VA: 5475D4 | VM PUSH VALUE: 5A3BEACC | Func: EP_RegKeyInformationA
  167. RVA: C85DC | VA: 5475DC | VM PUSH VALUE: 5A3BE30F | Func: EP_RegKeyInformationW
  168. RVA: C845C | VA: 54745C | VM PUSH VALUE: 5A3BE603 | Func: EP_RegKeyRegisterAfterDate
  169. RVA: C8464 | VA: 547464 | VM PUSH VALUE: 5A3BC069 | Func: EP_RegKeyRegisterAfterDateEx
  170. RVA: C846C | VA: 54746C | VM PUSH VALUE: 5A3B94CE | Func: EP_RegKeyRegisterBeforeDate
  171. RVA: C8474 | VA: 547474 | VM PUSH VALUE: 5A3B8A66 | Func: EP_RegKeyRegisterBeforeDateEx
  172. RVA: C842C | VA: 54742C | VM PUSH VALUE: 5A3BC502 | Func: EP_RegKeyRuntime
  173. RVA: C843C | VA: 54743C | VM PUSH VALUE: 5A3B894F | Func: EP_RegKeyRuntimeLeft
  174. RVA: C8434 | VA: 547434 | VM PUSH VALUE: 5A3BF04D | Func: EP_RegKeyRuntimeTotal
  175. RVA: C85E4 | VA: 5475E4 | VM PUSH VALUE: 5A3B8C1D | Func: EP_RegKeyStatus
  176. RVA: C83B4 | VA: 5473B4 | VM PUSH VALUE: 5A3B8A0D | Func: EP_RegLoadAndCheckKey
  177. RVA: C839C | VA: 54739C | VM PUSH VALUE: 5A3BB381 | Func: EP_RegLoadKey
  178. RVA: C83A4 | VA: 5473A4 | VM PUSH VALUE: 5A3BF299 | Func: EP_RegLoadKeyA
  179. RVA: C8504 | VA: 547504 | VM PUSH VALUE: 5A3BEF15 | Func: EP_RegLoadKeyEx
  180. RVA: C83AC | VA: 5473AC | VM PUSH VALUE: 5A3BEF14 | Func: EP_RegLoadKeyW
  181. RVA: C8384 | VA: 547384 | VM PUSH VALUE: 5A3BF48F | Func: EP_RegSaveKey
  182. RVA: C838C | VA: 54738C | VM PUSH VALUE: 5A3BBAE5 | Func: EP_RegSaveKeyA
  183. RVA: C84FC | VA: 5474FC | VM PUSH VALUE: 5A3BC322 | Func: EP_RegSaveKeyEx
  184. RVA: C8394 | VA: 547394 | VM PUSH VALUE: 5A3B82FD | Func: EP_RegSaveKeyW
  185. RVA: C85EC | VA: 5475EC | VM PUSH VALUE: 5A3BB380 | Func: EP_RegShowDialog
  186. RVA: C85BC | VA: 5475BC | VM PUSH VALUE: 5A3BEACE | Func: EP_SplashScreenHide
  187. RVA: C85B4 | VA: 5475B4 | VM PUSH VALUE: 5A3BF2EF | Func: EP_SplashScreenShow
  188. RVA: C84EC | VA: 5474EC | VM PUSH VALUE: 5A3BB864 | Func: EP_TrialClockReversedDays
  189. RVA: C84BC | VA: 5474BC | VM PUSH VALUE: 5A3BDC5E | Func: EP_TrialDateTillDate
  190. RVA: C84CC | VA: 5474CC | VM PUSH VALUE: 5A3BD4F4 | Func: EP_TrialDateTillDateEndEx
  191. RVA: C84C4 | VA: 5474C4 | VM PUSH VALUE: 5A3BDB6C | Func: EP_TrialDateTillDateStartEx
  192. RVA: C8494 | VA: 547494 | VM PUSH VALUE: 5A3BCE7C | Func: EP_TrialDays
  193. RVA: C84A4 | VA: 5474A4 | VM PUSH VALUE: 5A3BF7BD | Func: EP_TrialDaysLeft
  194. RVA: C849C | VA: 54749C | VM PUSH VALUE: 5A3BE30D | Func: EP_TrialDaysTotal
  195. RVA: C84D4 | VA: 5474D4 | VM PUSH VALUE: 5A3BD002 | Func: EP_TrialExecutionTime
  196. RVA: C84E4 | VA: 5474E4 | VM PUSH VALUE: 5A3BDE54 | Func: EP_TrialExecutionTimeLeft
  197. RVA: C84DC | VA: 5474DC | VM PUSH VALUE: 5A3B9CA9 | Func: EP_TrialExecutionTimeTotal
  198. RVA: C847C | VA: 54747C | VM PUSH VALUE: 5A3BC716 | Func: EP_TrialExecutions
  199. RVA: C848C | VA: 54748C | VM PUSH VALUE: 5A3BDF25 | Func: EP_TrialExecutionsLeft
  200. RVA: C8484 | VA: 547484 | VM PUSH VALUE: 5A3BF7BC | Func: EP_TrialExecutionsTotal
  201. RVA: C84AC | VA: 5474AC | VM PUSH VALUE: 5A3BF993 | Func: EP_TrialExpirationDate
  202. RVA: C84B4 | VA: 5474B4 | VM PUSH VALUE: 5A3B87C0 | Func: EP_TrialExpirationDateEx
  203. RVA: EA160 | VA: 569160 | VM PUSH VALUE: 5A3B82E3 | Func: Start
  204. ----------------------------------------------------------------------
  205.  
  206. All Exports Functions - Addresses - VM Values logged!
  207.  
  208. Found and Patched Anti Plug at: 4C71D4
  209. 1 New CRC found at: 4C0879
  210. CRC_1 was patched
  211.  
  212. VM OEP SIGN FOUND!
  213.  
  214. ENIGMA VERSION | 3.80 - Intern EP Scan = Real Version!
  215.  
  216. Possible used RegSheme found!
  217.  
  218. Address: 540597 - SETNE AL
  219. Address: 5405D6 - SETNE AL
  220.  
  221.  
  222. MJ found and patched at: 53C264
  223. HWID check is disbaled by user!
  224. PRE_CHECKER: 00547790
  225.  
  226. OEP is inside of the target!
  227.  
  228. APIs located in main target!
  229.  
  230. 004616F4
  231. 000005C4
  232.  
  233.  
  234. ---------- IAT DATA ----------
  235.  
  236. IATSTART VA: 4616F4
  237. IATEND VA: 461CB8
  238. IAT SIZE : 5C4
  239.  
  240. 004616F4
  241. 00461CB8
  242. 000005C4
  243. ------------------------------
  244.  
  245.  
  246. Calling LLA & GPA was disabled!
  247. Found main API Table!
  248.  
  249. Reg Jump Table Functions
  250. ----------------------------------
  251. Jump to Push - API == RVA: 1417FC | VA: 5417FC | Func: EP_RegHardwareID
  252. Jump to Push - API == RVA: 1417F4 | VA: 5417F4 | Func: EP_RegHardwareIDA
  253. Jump to Push - API == RVA: 1418BC | VA: 5418BC | Func: EP_RegHardwareIDW
  254. Jump to Push - API == RVA: 143584 | VA: 543584 | Func: EP_RegCheckKey
  255. Jump to Push - API == RVA: 143570 | VA: 543570 | Func: EP_RegCheckKeyA
  256. Jump to Push - API == RVA: 143624 | VA: 543624 | Func: EP_RegCheckKeyW
  257. Jump to Push - API == RVA: 144364 | VA: 544364 | Func: EP_RegSaveKey
  258. Jump to Push - API == RVA: 144350 | VA: 544350 | Func: EP_RegSaveKeyA
  259. Jump to Push - API == RVA: 144488 | VA: 544488 | Func: EP_RegSaveKeyW
  260. Jump to Push - API == RVA: 144F00 | VA: 544F00 | Func: EP_RegLoadKey
  261. Jump to Push - API == RVA: 144EEC | VA: 544EEC | Func: EP_RegLoadKeyA
  262. Jump to Push - API == RVA: 145164 | VA: 545164 | Func: EP_RegLoadKeyW
  263. Jump to Push - API == RVA: 145714 | VA: 545714 | Func: EP_RegLoadAndCheckKey
  264. Jump to Push - API == RVA: 1460CC | VA: 5460CC | Func: EP_RegCheckAndSaveKey
  265. Jump to Push - API == RVA: 1460B8 | VA: 5460B8 | Func: EP_RegCheckAndSaveKeyA
  266. Jump to Push - API == RVA: 1460F8 | VA: 5460F8 | Func: EP_RegCheckAndSaveKeyW
  267. Jump to Push - API == RVA: 1456C4 | VA: 5456C4 | Func: EP_RegDeleteKey
  268. Jump to Push - API == RVA: 145C10 | VA: 545C10 | Func: EP_RegKeyExpirationDate
  269. Jump to Push - API == RVA: 145C80 | VA: 545C80 | Func: EP_RegKeyExpirationDateEx
  270. Jump to Push - API == RVA: 145E08 | VA: 545E08 | Func: EP_RegKeyCreationDate
  271. Jump to Push - API == RVA: 146080 | VA: 546080 | Func: EP_RegKeyCreationDateEx
  272. Jump to Push - API == RVA: 145E70 | VA: 545E70 | Func: EP_RegKeyExecutions
  273. Jump to Push - API == RVA: 145EAC | VA: 545EAC | Func: EP_RegKeyExecutionsTotal
  274. Jump to Push - API == RVA: 145ED0 | VA: 545ED0 | Func: EP_RegKeyExecutionsLeft
  275. Jump to Push - API == RVA: 145EF4 | VA: 545EF4 | Func: EP_RegKeyDays
  276. Jump to Push - API == RVA: 145F30 | VA: 545F30 | Func: EP_RegKeyDaysTotal
  277. Jump to Push - API == RVA: 145F54 | VA: 545F54 | Func: EP_RegKeyDaysLeft
  278. Jump to Push - API == RVA: 145F78 | VA: 545F78 | Func: EP_RegKeyRuntime
  279. Jump to Push - API == RVA: 145FB4 | VA: 545FB4 | Func: EP_RegKeyRuntimeTotal
  280. Jump to Push - API == RVA: 145FD8 | VA: 545FD8 | Func: EP_RegKeyRuntimeLeft
  281. Jump to Push - API == RVA: 145FFC | VA: 545FFC | Func: EP_RegKeyGlobalTime
  282. Jump to Push - API == RVA: 146038 | VA: 546038 | Func: EP_RegKeyGlobalTimeTotal
  283. Jump to Push - API == RVA: 14605C | VA: 54605C | Func: EP_RegKeyGlobalTimeLeft
  284. Jump to Push - API == RVA: 145CB8 | VA: 545CB8 | Func: EP_RegKeyRegisterAfterDate
  285. Jump to Push - API == RVA: 145D28 | VA: 545D28 | Func: EP_RegKeyRegisterAfterDateEx
  286. Jump to Push - API == RVA: 145D60 | VA: 545D60 | Func: EP_RegKeyRegisterBeforeDate
  287. Jump to Push - API == RVA: 145DD0 | VA: 545DD0 | Func: EP_RegKeyRegisterBeforeDateEx
  288. Jump to Push - API == RVA: 145784 | VA: 545784 | Func: EP_TrialExecutions
  289. Jump to Push - API == RVA: 1457EC | VA: 5457EC | Func: EP_TrialExecutionsTotal
  290. Jump to Push - API == RVA: 14580C | VA: 54580C | Func: EP_TrialExecutionsLeft
  291. Jump to Push - API == RVA: 14582C | VA: 54582C | Func: EP_TrialDays
  292. Jump to Push - API == RVA: 145894 | VA: 545894 | Func: EP_TrialDaysTotal
  293. Jump to Push - API == RVA: 1458B4 | VA: 5458B4 | Func: EP_TrialDaysLeft
  294. Jump to Push - API == RVA: 145984 | VA: 545984 | Func: EP_TrialExpirationDate
  295. Jump to Push - API == RVA: 145A34 | VA: 545A34 | Func: EP_TrialExpirationDateEx
  296. Jump to Push - API == RVA: 145A6C | VA: 545A6C | Func: EP_TrialDateTillDate
  297. Jump to Push - API == RVA: 145B80 | VA: 545B80 | Func: EP_TrialDateTillDateStartEx
  298. Jump to Push - API == RVA: 145BC8 | VA: 545BC8 | Func: EP_TrialDateTillDateEndEx
  299. Jump to Push - API == RVA: 1458D4 | VA: 5458D4 | Func: EP_TrialExecutionTime
  300. Jump to Push - API == RVA: 14593C | VA: 54593C | Func: EP_TrialExecutionTimeTotal
  301. Jump to Push - API == RVA: 145960 | VA: 545960 | Func: EP_TrialExecutionTimeLeft
  302. Jump to Push - API == RVA: 1472AC | VA: 5472AC | Func: EP_TrialClockReversedDays
  303. Jump to Push - API == RVA: 1423F0 | VA: 5423F0 | Func: EP_RegCheckKeyEx
  304. Jump to Push - API == RVA: 144584 | VA: 544584 | Func: EP_RegSaveKeyEx
  305. Jump to Push - API == RVA: 144D04 | VA: 544D04 | Func: EP_RegLoadKeyEx
  306. Jump to Push - API == RVA: 141364 | VA: 541364 | Func: EP_CheckUpStartupPasswordHashString
  307. Jump to Push - API == RVA: 14113C | VA: 54113C | Func: EP_MiscGetWatermark
  308. Jump to Push - API == RVA: 146514 | VA: 546514 | Func: EP_MiscCountryCode
  309. Jump to Push - API == RVA: 140F18 | VA: 540F18 | Func: EP_ProtectedStringByID
  310. Jump to Push - API == RVA: 140FE0 | VA: 540FE0 | Func: EP_ProtectedStringByKey
  311. Jump to Push - API == RVA: 146124 | VA: 546124 | Func: EP_CryptHashBuffer
  312. Jump to Push - API == RVA: 14624C | VA: 54624C | Func: EP_CryptHashFileA
  313. Jump to Push - API == RVA: 1462E0 | VA: 5462E0 | Func: EP_CryptHashFileW
  314. Jump to Push - API == RVA: 146378 | VA: 546378 | Func: EP_CryptHashStringA
  315. Jump to Push - API == RVA: 14639C | VA: 54639C | Func: EP_CryptHashStringW
  316. Jump to Push - API == RVA: 140DE8 | VA: 540DE8 | Func: EP_CryptEncryptBuffer
  317. Jump to Push - API == RVA: 140E38 | VA: 540E38 | Func: EP_CryptEncryptBufferEx
  318. Jump to Push - API == RVA: 140E7C | VA: 540E7C | Func: EP_CryptDecryptBuffer
  319. Jump to Push - API == RVA: 140ECC | VA: 540ECC | Func: EP_CryptDecryptBufferEx
  320. Jump to Push - API == RVA: 146400 | VA: 546400 | Func: EP_CheckupCopies
  321. Jump to Push - API == RVA: 146440 | VA: 546440 | Func: EP_CheckupCopiesTotal
  322. Jump to Push - API == RVA: 146464 | VA: 546464 | Func: EP_CheckupCopiesCurrent
  323. Jump to Push - API == RVA: 146488 | VA: 546488 | Func: EP_CheckupIsProtected
  324. Jump to Push - API == RVA: 146490 | VA: 546490 | Func: EP_CheckupIsEnigmaOk
  325. Jump to Push - API == RVA: 140F10 | VA: 540F10 | Func: EP_EnigmaVersion
  326. Jump to Push - API == RVA: 146590 | VA: 546590 | Func: EP_SplashScreenShow
  327. Jump to Push - API == RVA: 146598 | VA: 546598 | Func: EP_SplashScreenHide
  328. Jump to Push - API == RVA: 14680C | VA: 54680C | Func: EP_CheckupFindProcess
  329. Jump to Push - API == RVA: 14680C | VA: 54680C | Func: EP_CheckupFindProcessA
  330. Jump to Push - API == RVA: 146E5C | VA: 546E5C | Func: EP_CheckupFindProcessW
  331. Jump to Push - API == RVA: 142328 | VA: 542328 | Func: EP_RegKeyInformation
  332. Jump to Push - API == RVA: 142328 | VA: 542328 | Func: EP_RegKeyInformationA
  333. Jump to Push - API == RVA: 1422B0 | VA: 5422B0 | Func: EP_RegKeyInformationW
  334. Jump to Push - API == RVA: 140DE0 | VA: 540DE0 | Func: EP_Marker
  335. Jump to Push - API == RVA: 140DD8 | VA: 540DD8 | Func: EP_RegKeyStatus
  336. Jump to Push - API == RVA: 14728C | VA: 54728C | Func: EP_CheckupVirtualizationTools
  337. Jump to Push - API == RVA: 1472A0 | VA: 5472A0 | Func: EP_RegShowDialog
  338. Jump to Push - API == RVA: 1475F4 | VA: 5475F4 | Func: EP_RegEncryptRegistrationInformation
  339. Jump to Push - API == RVA: 1475FC | VA: 5475FC | Func: EP_RegDecryptRegistrationInformation
  340. ----------------------------------
  341.  
  342. OUTER_VM: 005668D8
  343. OUTER_START: 005639A0
  344.  
  345. VM_POINTER_2_IN : 18 // VM Main Table
  346.  
  347. VM_POINTER_1 : 585568
  348. VM_POINTER_1_IN : 2D01EFC <-- Dump VM
  349. VM_POINTER_2 : 2D01FD4
  350. VM_POINTER_2_IN : 18 <-- Dump VM
  351. VM_POINTER_3 : 2D01FD8
  352. VM_POINTER_3_IN : 48 <-- Dump VM
  353. VM_POINTER_4 : 2D01FDC
  354. VM_POINTER_4_IN : 0 <-- Dump VM
  355. ESP_POINTER : 58A2E0
  356. ESP_POINTER_IN : 3390590 <-- Change VM Pointer!
  357.  
  358. VM - VA_2D00000_RVA_2900000_size_34000.mem
  359. VM was dumped!
  360.  
  361. All VM was dumped!Add them with the right RVA and rebuid PE before fixing!
  362. Dont forget to change the ESP Pointer manually in your dumped file!
  363.  
  364. Enigma 3.70 - 3.130 detected
  365.  
  366. ---------- VM DATA ----------
  367.  
  368. JUMP TABLE AT: 007F2BF4
  369. VM TABLE AT: 00000018
  370. LASTSEC: 007ED000
  371.  
  372. 007F2BF4
  373. 00000018
  374. 007ED000
  375. -----------------------------
  376. TLS callback was killed!
  377. CHECKUP was found and patched!
  378.  
  379. Stolen Code M1 nothing to fix!
  380.  
  381. Script Finished - See Olly LOG for more infos!
  382.  
  383. For VM fixing you can use my other script til version 3.70!
  384.  
  385. Thank you and bye bye
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!