Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Log data
- Address Message
- Themida - Winlicense Ultra Unpacker 1.4
- -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- 090D0A0F Breakpoint at 090D0A0F
- 090D0A10 Breakpoint at 090D0A10
- 090E0054 Breakpoint at 090E0054
- OS=x86 32-Bit
- 090E0056 Breakpoint at 090E0056
- 09100021 Breakpoint at 09100021
- 09100028 Breakpoint at 09100028
- 2.214 MB +/-
- 138.280 MB +/-
- Your target is a >>> Executable <<< file!
- PE HEADER: 400000 | 1000
- CODESECTION: 401000 | 84DE000
- PE HEADER till CODESECTION Distance: 1000 || Value of 1000 = Normal!
- Your Target seems to be a normal file!
- Unpacking of NET targets is diffrent!
- Dump running process with WinHex and then fix the whole PE and NET struct!
- 0911064B Breakpoint at 0911064B
- Overlay found & dumped to disk!
- Disasembling Syntax: MASM (Microsoft) <=> OK
- Show default segments: Enabled
- Always show size of memory operands: Enabled
- Extra space between arguments: Disabled
- StrongOD Found!
- ----------------------------------------------
- HidePEB=1 Enabled = OK
- KernelMode=1 Enabled = OK
- KillPEBug=1 Enabled = OK
- SkipExpection=1 Enabled = OK
- Custom Exceptions Enabled = 00000000-FFFFFFFF
- DriverName=xesover0
- DRX=1 Enabled = OK
- ----------------------------------------------
- Basic Olly & Plugin Settings seems to be ok!
- No InfoBox to User to show now!
- 088DFF92 Breakpoint at unl.088DFF92
- 088DFF94 Breakpoint at unl.088DFF94
- XP System found - Very good choice!
- Newer SetEvent & Kernel32 ADs Redirecting in Realtime is disabled by user!
- Kernel Ex Table Start: 7C802644
- 0915003F Breakpoint at 0915003F
- PE DUMPSEC: VA 9160000 - VS 3A000
- PE ANTISEC: VA 9161000
- PE OEPMAKE: VA 9161600
- SETEVENT_VM: VA 91621D0
- PE I-Table: VA 9163000
- VP - STORE: VA 9162F00
- and or...
- API JUMP-T: VA 9163000
- 0915003F Breakpoint at 0915003F
- RISC VM Store Section VA is: 91A0000 - VS 200000
- 09150041 Breakpoint at 09150041
- 76B20000 Module C:\WINDOWS\system32\winmm.dll
- 7C8106E9 New thread with ID 00000D04 created
- 7C8106E9 New thread with ID 00000D20 created
- 7C8106E9 New thread with ID 00000D24 created
- 7C8106E9 New thread with ID 00000D28 created
- 7C8106E9 New thread with ID 00000D2C created
- 7C8106E9 New thread with ID 00000D30 created
- 7C8106E9 New thread with ID 00000D34 created
- 7C8106E9 New thread with ID 00000D38 created
- 7C8106E9 New thread with ID 00000D3C created
- 7C8106E9 New thread with ID 00000D40 created
- 7C8106E9 New thread with ID 00000D0C created
- 7C8106E9 New thread with ID 00000D44 created
- 7C8106E9 New thread with ID 00000D48 created
- 7C8106E9 New thread with ID 00000D4C created
- 7C8106E9 New thread with ID 00000D50 created
- 7C8106E9 New thread with ID 00000D54 created
- 7C8106E9 New thread with ID 00000D58 created
- 7C8106E9 New thread with ID 00000D18 created
- 7C8106E9 New thread with ID 00000D5C created
- 77F60000 Module C:\WINDOWS\system32\shlwapi.dll
- 77BF0000 Module C:\WINDOWS\system32\version.dll
- 76380000 Module C:\WINDOWS\system32\comdlg32.dll
- 7C9C0000 Module C:\WINDOWS\system32\shell32.dll
- 773C0000 Module C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
- 77910000 Module C:\WINDOWS\system32\setupapi.dll
- 5B260000 Module C:\WINDOWS\system32\uxtheme.dll
- 746E0000 Module C:\WINDOWS\system32\MSCTF.dll
- 68E60000 Module C:\WINDOWS\system32\hid.dll
- 76C20000 Module C:\WINDOWS\system32\wintrust.dll
- 77A70000 Module C:\WINDOWS\system32\crypt32.dll
- 77B10000 Module C:\WINDOWS\system32\msasn1.dll
- 76C80000 Module C:\WINDOWS\system32\imagehlp.dll
- 68E60000 Unload C:\WINDOWS\system32\hid.dll
- Process terminated, exit code 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement