General
Reply With Quote.
Results 1 to 13 of 13
-
06-04-2011 #1Banned
- Join Date
- Mar 2011
- Gender
- Posts
- 843
- Reputation
8- Thanks
- 719
- My Mood
-
Does This Have Something To Do With All Hack Not Working
Hey All Members Of Mpgh ,
I Was Browsing Through CShell And Found This .. Its Called AntiMemHackThread And I Was Wondering Is This Why All Hacks Were Patched Not Long Ago ?
If Thats Not The Reason Just Say LolCode:10001FA8 68 007B2E10 PUSH CShell.102E7B00 ; ASCII "AntiMemHackThread" 10001FAD 57 PUSH EDI 10001FAE FFD2 CALL EDX 10001FB0 68 C8000000 PUSH 0C8 10001FB5 899F 9C000000 MOV DWORD PTR DS:[EDI+9C],EBX 10001FBB 899F A0000000 MOV DWORD PTR DS:[EDI+A0],EBX 10001FC1 899F A4000000 MOV DWORD PTR DS:[EDI+A4],EBX 10001FC7 899F A8000000 MOV DWORD PTR DS:[EDI+A8],EBX 10001FCD 90 NOP 10001FCE E8 2CF11C65 CALL kernel32.Sleep 10001FD3 5E POP ESI 10001FD4 5B POP EBX 10001FD5 C3 RETN 10001FD6 CC INT3 10001FD7 CC INT3 10001FD8 CC INT3 10001FD9 CC INT3 10001FDA CC INT3 10001FDB CC INT3 10001FDC CC INT3 10001FDD CC INT3 10001FDE CC INT3 10001FDF CC INT3 10001FE0 55 PUSH EBP 10001FE1 8BEC MOV EBP,ESP 10001FE3 83E4 F8 AND ESP,FFFFFFF8 10001FE6 83EC 14 SUB ESP,14 10001FE9 53 PUSH EBX 10001FEA 8BD8 MOV EBX,EAX 10001FEC 8B8B B8000000 MOV ECX,DWORD PTR DS:[EBX+B8] 10001FF2 8B01 MOV EAX,DWORD PTR DS:[ECX] 10001FF4 8B50 0C MOV EDX,DWORD PTR DS:[EAX+C] 10001FF7 56 PUSH ESI 10001FF8 57 PUSH EDI 10001FF9 FFD2 CALL EDX 10001FFB 8B8B B8000000 MOV ECX,DWORD PTR DS:[EBX+B8] 10002001 85C9 TEST ECX,ECX 10002003 74 08 JE SHORT CShell.1000200D 10002005 8B01 MOV EAX,DWORD PTR DS:[ECX] 10002007 8B10 MOV EDX,DWORD PTR DS:[EAX] 10002009 6A 01 PUSH 1 1000200B FFD2 CALL EDX 1000200D 8B35 4CF12910 MOV ESI,DWORD PTR DS:[1029F14C] ; ntdll.RtlEnterCriticalSection 10002013 8D43 08 LEA EAX,DWORD PTR DS:[EBX+8] 10002016 50 PUSH EAX 10002017 FFD6 CALL ESI 10002019 8D7B 08 LEA EDI,DWORD PTR DS:[EBX+8] 1000201C 57 PUSH EDI 1000201D FFD6 CALL ESI 1000201F 8B43 24 MOV EAX,DWORD PTR DS:[EBX+24] 10002022 8B08 MOV ECX,DWORD PTR DS:[EAX] 10002024 8D73 20 LEA ESI,DWORD PTR DS:[EBX+20] 10002027 57 PUSH EDI 10002028 894C24 18 MOV DWORD PTR SS:[ESP+18],ECX 1000202C 90 NOP 1000202D E8 3E029367 CALL ntdll.RtlLeaveCriticalSection 10002032 8BFE MOV EDI,ESI 10002034 8B7424 14 MOV ESI,DWORD PTR SS:[ESP+14] 10002038 897C24 18 MOV DWORD PTR SS:[ESP+18],EDI 1000203C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] 10002040 8D43 08 LEA EAX,DWORD PTR DS:[EBX+8] 10002043 50 PUSH EAX 10002044 90 NOP 10002045 E8 66029367 CALL ntdll.RtlEnterCriticalSection 1000204A 85FF TEST EDI,EDI 1000204C 8B53 24 MOV EDX,DWORD PTR DS:[EBX+24] 1000204F 8D43 20 LEA EAX,DWORD PTR DS:[EBX+20] 10002052 895424 14 MOV DWORD PTR SS:[ESP+14],EDX 10002056 74 04 JE SHORT CShell.1000205C 10002058 3BF8 CMP EDI,EAX 1000205A 74 06 JE SHORT CShell.10002062 1000205C 90 NOP 1000205D E8 326ADC5F CALL MSVCR80._invalid_parameter_noinfo 10002062 3B7424 14 CMP ESI,DWORD PTR SS:[ESP+14] 10002066 0F84 D8000000 JE CShell.10002144 1000206C 8D43 08 LEA EAX,DWORD PTR DS:[EBX+8] 1000206F 50 PUSH EAX 10002070 90 NOP 10002071 E8 FA019367 CALL ntdll.RtlLeaveCriticalSection 10002076 85FF TEST EDI,EDI 10002078 75 06 JNZ SHORT CShell.10002080 1000207A 90 NOP 1000207B E8 146ADC5F CALL MSVCR80._invalid_parameter_noinfo 10002080 3B77 04 CMP ESI,DWORD PTR DS:[EDI+4] 10002083 75 06 JNZ SHORT CShell.1000208B 10002085 90 NOP 10002086 E8 096ADC5F CALL MSVCR80._invalid_parameter_noinfo 1000208B 837E 08 00 CMP DWORD PTR DS:[ESI+8],0 1000208F 0F84 9D000000 JE CShell.10002132 10002095 3B77 04 CMP ESI,DWORD PTR DS:[EDI+4] 10002098 75 06 JNZ SHORT CShell.100020A0 1000209A 90 NOP 1000209B E8 F469DC5F CALL MSVCR80._invalid_parameter_noinfo 100020A0 8B7E 08 MOV EDI,DWORD PTR DS:[ESI+8] 100020A3 85FF TEST EDI,EDI 100020A5 74 1E JE SHORT CShell.100020C5 100020A7 8B47 08 MOV EAX,DWORD PTR DS:[EDI+8] 100020AA 85C0 TEST EAX,EAX 100020AC 74 0E JE SHORT CShell.100020BC 100020AE 50 PUSH EAX 100020AF 90 NOP 100020B0 E8 B1BE3365 CALL ADVAPI32.CryptDestroyHash 100020B5 C747 08 00000000 MOV DWORD PTR DS:[EDI+8],0 100020BC 57 PUSH EDI 100020BD E8 528E2800 CALL CShell.1028AF14 100020C2 83C4 04 ADD ESP,4 100020C5 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18] 100020C9 3B70 04 CMP ESI,DWORD PTR DS:[EAX+4] 100020CC 8BFE MOV EDI,ESI 100020CE 75 06 JNZ SHORT CShell.100020D6 100020D0 90 NOP 100020D1 E8 BE69DC5F CALL MSVCR80._invalid_parameter_noinfo 100020D6 8B36 MOV ESI,DWORD PTR DS:[ESI] 100020D8 8D43 08 LEA EAX,DWORD PTR DS:[EBX+8] 100020DB 50 PUSH EAX 100020DC 90 NOP 100020DD E8 CE019367 CALL ntdll.RtlEnterCriticalSection 100020E2 837C24 18 00 CMP DWORD PTR SS:[ESP+18],0 100020E7 75 06 JNZ SHORT CShell.100020EF 100020E9 90 NOP 100020EA E8 A569DC5F CALL MSVCR80._invalid_parameter_noinfo 100020EF 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18] 100020F3 3B78 04 CMP EDI,DWORD PTR DS:[EAX+4] 100020F6 75 06 JNZ SHORT CShell.100020FE 100020F8 90 NOP 100020F9 E8 9669DC5F CALL MSVCR80._invalid_parameter_noinfo 100020FE 3B7B 24 CMP EDI,DWORD PTR DS:[EBX+24] 10002101 74 1C JE SHORT CShell.1000211F 10002103 8B4F 04 MOV ECX,DWORD PTR DS:[EDI+4] 10002106 8B17 MOV EDX,DWORD PTR DS:[EDI] 10002108 8911 MOV DWORD PTR DS:[ECX],EDX 1000210A 8B07 MOV EAX,DWORD PTR DS:[EDI] 1000210C 8B4F 04 MOV ECX,DWORD PTR DS:[EDI+4] 1000210F 57 PUSH EDI 10002110 8948 04 MOV DWORD PTR DS:[EAX+4],ECX 10002113 E8 FC8D2800 CALL CShell.1028AF14 10002118 83C4 04 ADD ESP,4 1000211B 8343 28 FF ADD DWORD PTR DS:[EBX+28],-1 1000211F 8D43 08 LEA EAX,DWORD PTR DS:[EBX+8] 10002122 50 PUSH EAX 10002123 90 NOP 10002124 E8 47019367 CALL ntdll.RtlLeaveCriticalSection 10002129 8B7C24 18 MOV EDI,DWORD PTR SS:[ESP+18] 1000212D ^E9 0EFFFFFF JMP CShell.10002040 10002132 3B77 04 CMP ESI,DWORD PTR DS:[EDI+4] 10002135 75 06 JNZ SHORT CShell.1000213D 10002137 90 NOP 10002138 E8 5769DC5F CALL MSVCR80._invalid_parameter_noinfo 1000213D 8B36 MOV ESI,DWORD PTR DS:[ESI] 1000213F ^E9 FCFEFFFF JMP CShell.10002040 10002144 8B35 50F12910 MOV ESI,DWORD PTR DS:[1029F150] ; ntdll.RtlLeaveCriticalSection 1000214A 8D53 08 LEA EDX,DWORD PTR DS:[EBX+8] 1000214D 52 PUSH EDX 1000214E FFD6 CALL ESI 10002150 8D43 08 LEA EAX,DWORD PTR DS:[EBX+8] 10002153 50 PUSH EAX 10002154 FFD6 CALL ESI 10002156 8D73 34 LEA ESI,DWORD PTR DS:[EBX+34] 10002159 C74424 10 040000>MOV DWORD PTR SS:[ESP+10],4 10002161 8B06 MOV EAX,DWORD PTR DS:[ESI] 10002163 3946 FC CMP DWORD PTR DS:[ESI-4],EAX 10002166 894424 0C MOV DWORD PTR SS:[ESP+C],EAX 1000216A 76 06 JBE SHORT CShell.10002172 1000216C 90 NOP 1000216D E8 2269DC5F CALL MSVCR80._invalid_parameter_noinfo 10002172 8B7E FC MOV EDI,DWORD PTR DS:[ESI-4] 10002175 3B3E CMP EDI,DWORD PTR DS:[ESI] 10002177 76 06 JBE SHORT CShell.1000217F 10002179 90 NOP 1000217A E8 1569DC5F CALL MSVCR80._invalid_parameter_noinfo 1000217F 8D46 F8 LEA EAX,DWORD PTR DS:[ESI-8] 10002182 85C0 TEST EAX,EAX 10002184 75 06 JNZ SHORT CShell.1000218C 10002186 90 NOP 10002187 E8 0869DC5F CALL MSVCR80._invalid_parameter_noinfo 1000218C 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+C] 10002190 3BF9 CMP EDI,ECX 10002192 74 30 JE SHORT CShell.100021C4 10002194 8B06 MOV EAX,DWORD PTR DS:[ESI] 10002196 2BC1 SUB EAX,ECX 10002198 C1F8 02 SAR EAX,2 1000219B 85C0 TEST EAX,EAX 1000219D 8D0C85 00000000 LEA ECX,DWORD PTR DS:[EAX*4] 100021A4 8D1439 LEA EDX,DWORD PTR DS:[ECX+EDI] 100021A7 895424 18 MOV DWORD PTR SS:[ESP+18],EDX 100021AB 7E 11 JLE SHORT CShell.100021BE 100021AD 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C] 100021B1 51 PUSH ECX 100021B2 50 PUSH EAX 100021B3 51 PUSH ECX 100021B4 57 PUSH EDI 100021B5 90 NOP 100021B6 E8 EDE2E05F CALL MSVCR80.memmove_s 100021BB 83C4 10 ADD ESP,10 100021BE 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18] 100021C2 890E MOV DWORD PTR DS:[ESI],ECX 100021C4 83C6 1C ADD ESI,1C 100021C7 836C24 10 01 SUB DWORD PTR SS:[ESP+10],1 100021CC ^75 93 JNZ SHORT CShell.10002161 100021CE 81C3 9C000000 ADD EBX,9C 100021D4 BF 04000000 MOV EDI,4 100021D9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] 100021E0 8B33 MOV ESI,DWORD PTR DS:[EBX] 100021E2 85F6 TEST ESI,ESI 100021E4 74 24 JE SHORT CShell.1000220A 100021E6 8B46 08 MOV EAX,DWORD PTR DS:[ESI+8] 100021E9 85C0 TEST EAX,EAX 100021EB 74 0E JE SHORT CShell.100021FB 100021ED 50 PUSH EAX 100021EE 90 NOP 100021EF E8 72BD3365 CALL ADVAPI32.CryptDestroyHash 100021F4 C746 08 00000000 MOV DWORD PTR DS:[ESI+8],0 100021FB 56 PUSH ESI 100021FC E8 138D2800 CALL CShell.1028AF14 10002201 83C4 04 ADD ESP,4 10002204 C703 00000000 MOV DWORD PTR DS:[EBX],0 1000220A 83C3 04 ADD EBX,4 1000220D 83EF 01 SUB EDI,1 10002210 ^75 CE JNZ SHORT CShell.100021E0 10002212 5F POP EDI 10002213 5E POP ESI 10002214 5B POP EBX 10002215 8BE5 MOV ESP,EBP 10002217 5D POP EBP 10002218 C3 RETN 10002219 CC INT3 1000221A CC INT3 1000221B CC INT3 1000221C CC INT3 1000221D CC INT3 1000221E CC INT3 1000221F CC INT3 10002220 55 PUSH EBP 10002221 8BEC MOV EBP,ESP 10002223 83E4 F8 AND ESP,FFFFFFF8 10002226 6A FF PUSH -1 10002228 68 10C62910 PUSH CShell.1029C610 1000222D 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 10002233 50 PUSH EAX 10002234 83EC 6C SUB ESP,6C 10002237 53 PUSH EBX 10002238 56 PUSH ESI 10002239 A1 681B3110 MOV EAX,DWORD PTR DS:[10311B68] 1000223E 33C4 XOR EAX,ESP 10002240 50 PUSH EAX 10002241 8D4424 78 LEA EAX,DWORD PTR SS:[ESP+78] 10002245 64:A3 00000000 MOV DWORD PTR FS:[0],EAX 1000224B 8B87 B8000000 MOV EAX,DWORD PTR DS:[EDI+B8] 10002251 8B80 14010000 MOV EAX,DWORD PTR DS:[EAX+114] 10002257 50 PUSH EAX 10002258 90 NOP 10002259 E8 67F41C65 CALL kernel32.SetEvent 1000225E 33DB XOR EBX,EBX 10002260 53 PUSH EBX 10002261 53 PUSH EBX 10002262 53 PUSH EBX 10002263 53 PUSH EBX 10002264 90 NOP 10002265 E8 22101D65 CALL kernel32.CreateEventA 1000226A 8B8F B8000000 MOV ECX,DWORD PTR DS:[EDI+B8] 10002270 8B35 38F12910 MOV ESI,DWORD PTR DS:[1029F138] ; kernel32.WaitForMultipleObjects 10002276 8987 BC000000 MOV DWORD PTR DS:[EDI+BC],EAX 1000227C 8B91 10010000 MOV EDX,DWORD PTR DS:[ECX+110] 10002282 895424 1C MOV DWORD PTR SS:[ESP+1C],EDX 10002286 894424 20 MOV DWORD PTR SS:[ESP+20],EAX 1000228A 895C24 14 MOV DWORD PTR SS:[ESP+14],EBX 1000228E 895C24 18 MOV DWORD PTR SS:[ESP+18],EBX 10002292 C74424 10 010000>MOV DWORD PTR SS:[ESP+10],1 1000229A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] 100022A0 6A FF PUSH -1 100022A2 53 PUSH EBX 100022A3 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+24] 100022A7 50 PUSH EAX 100022A8 6A 02 PUSH 2 100022AA FFD6 CALL ESI 100022AC 2BC3 SUB EAX,EBX 100022AE 0F84 F2010000 JE CShell.100024A6 100022B4 83E8 01 SUB EAX,1 100022B7 ^75 E7 JNZ SHORT CShell.100022A0 100022B9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] 100022C0 8B8F B4000000 MOV ECX,DWORD PTR DS:[EDI+B4] 100022C6 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C] 100022CA 51 PUSH ECX 100022CB 52 PUSH EDX 100022CC 90 NOP 100022CD E8 64EE1C65 CALL kernel32.WaitForSingleObject 100022D2 85C0 TEST EAX,EAX 100022D4 0F84 CC010000 JE CShell.100024A6 100022DA 837C24 10 00 CMP DWORD PTR SS:[ESP+10],0 100022DF 74 31 JE SHORT CShell.10002312 100022E1 8D77 08 LEA ESI,DWORD PTR DS:[EDI+8] 100022E4 56 PUSH ESI 100022E5 90 NOP 100022E6 E8 C5FF9267 CALL ntdll.RtlEnterCriticalSection 100022EB 8B47 24 MOV EAX,DWORD PTR DS:[EDI+24] 100022EE 8B00 MOV EAX,DWORD PTR DS:[EAX] 100022F0 8D5F 20 LEA EBX,DWORD PTR DS:[EDI+20] 100022F3 56 PUSH ESI 100022F4 894424 2C MOV DWORD PTR SS:[ESP+2C],EAX 100022F8 90 NOP 100022F9 E8 72FF9267 CALL ntdll.RtlLeaveCriticalSection 100022FE 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+28] 10002302 895C24 14 MOV DWORD PTR SS:[ESP+14],EBX 10002306 894C24 18 MOV DWORD PTR SS:[ESP+18],ECX 1000230A C74424 10 000000>MOV DWORD PTR SS:[ESP+10],0 10002312 83BF AC000000 00 CMP DWORD PTR DS:[EDI+AC],0 10002319 C787 B0000000 00>MOV DWORD PTR DS:[EDI+B0],0 10002323 ^76 9B JBE SHORT CShell.100022C0 10002325 8B1D 4CF12910 MOV EBX,DWORD PTR DS:[1029F14C] ; ntdll.RtlEnterCriticalSection 1000232B 8D77 08 LEA ESI,DWORD PTR DS:[EDI+8] 1000232E 56 PUSH ESI 1000232F FFD3 CALL EBX 10002331 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14] 10002335 85C9 TEST ECX,ECX 10002337 8B57 24 MOV EDX,DWORD PTR DS:[EDI+24] 1000233A 8D47 20 LEA EAX,DWORD PTR DS:[EDI+20] 1000233D 895424 30 MOV DWORD PTR SS:[ESP+30],EDX 10002341 74 04 JE SHORT CShell.10002347 10002343 3BC8 CMP ECX,EAX 10002345 74 06 JE SHORT CShell.1000234D 10002347 90 NOP 10002348 E8 4767DC5F CALL MSVCR80._invalid_parameter_noinfo 1000234D 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+30] 10002351 394424 18 CMP DWORD PTR SS:[ESP+18],EAX 10002355 56 PUSH ESI 10002356 75 30 JNZ SHORT CShell.10002388 10002358 90 NOP 10002359 E8 12FF9267 CALL ntdll.RtlLeaveCriticalSection 1000235E 8D77 08 LEA ESI,DWORD PTR DS:[EDI+8] 10002361 56 PUSH ESI 10002362 FFD3 CALL EBX 10002364 8B4F 24 MOV ECX,DWORD PTR DS:[EDI+24] 10002367 8B11 MOV EDX,DWORD PTR DS:[ECX] 10002369 8D5F 20 LEA EBX,DWORD PTR DS:[EDI+20] 1000236C 56 PUSH ESI 1000236D 895424 3C MOV DWORD PTR SS:[ESP+3C],EDX 10002371 90 NOP 10002372 E8 F9FE9267 CALL ntdll.RtlLeaveCriticalSection 10002377 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38] 1000237B 895C24 14 MOV DWORD PTR SS:[ESP+14],EBX 1000237F 894424 18 MOV DWORD PTR SS:[ESP+18],EAX 10002383 E9 FD000000 JMP CShell.10002485 10002388 90 NOP 10002389 E8 E2FE9267 CALL ntdll.RtlLeaveCriticalSection 1000238E 8B5C24 14 MOV EBX,DWORD PTR SS:[ESP+14] 10002392 85DB TEST EBX,EBX 10002394 75 06 JNZ SHORT CShell.1000239C 10002396 90 NOP 10002397 E8 F866DC5F CALL MSVCR80._invalid_parameter_noinfo 1000239C 8B7424 18 MOV ESI,DWORD PTR SS:[ESP+18] 100023A0 3B73 04 CMP ESI,DWORD PTR DS:[EBX+4] 100023A3 75 06 JNZ SHORT CShell.100023AB 100023A5 90 NOP 100023A6 E8 E966DC5F CALL MSVCR80._invalid_parameter_noinfo 100023AB 8B5E 08 MOV EBX,DWORD PTR DS:[ESI+8] 100023AE 8D7424 58 LEA ESI,DWORD PTR SS:[ESP+58] 100023B2 8BCB MOV ECX,EBX 100023B4 E8 B7050000 CALL CShell.10002970 100023B9 8BF0 MOV ESI,EAX 100023BB 8D4C24 3C LEA ECX,DWORD PTR SS:[ESP+3C] 100023BF 8BC3 MOV EAX,EBX 100023C1 C78424 80000000 >MOV DWORD PTR SS:[ESP+80],0 100023CC E8 2F050000 CALL CShell.10002900 100023D1 8BC8 MOV ECX,EAX 100023D3 C68424 80000000 >MOV BYTE PTR SS:[ESP+80],1 100023DB 837E 18 10 CMP DWORD PTR DS:[ESI+18],10 100023DF 8B46 14 MOV EAX,DWORD PTR DS:[ESI+14] 100023E2 72 05 JB SHORT CShell.100023E9 100023E4 8B76 04 MOV ESI,DWORD PTR DS:[ESI+4] 100023E7 EB 03 JMP SHORT CShell.100023EC 100023E9 83C6 04 ADD ESI,4 100023EC 50 PUSH EAX 100023ED 8B41 14 MOV EAX,DWORD PTR DS:[ECX+14] 100023F0 8BD6 MOV EDX,ESI 100023F2 E8 89030000 CALL CShell.10002780 100023F7 85C0 TEST EAX,EAX 100023F9 BE 10000000 MOV ESI,10 100023FE 0F944424 0F SETE BYTE PTR SS:[ESP+F] 10002403 397424 54 CMP DWORD PTR SS:[ESP+54],ESI 10002407 72 0D JB SHORT CShell.10002416 10002409 8B4C24 40 MOV ECX,DWORD PTR SS:[ESP+40] 1000240D 51 PUSH ECX 1000240E E8 018B2800 CALL CShell.1028AF14 10002413 83C4 04 ADD ESP,4 10002416 C78424 80000000 >MOV DWORD PTR SS:[ESP+80],-1 10002421 397424 70 CMP DWORD PTR SS:[ESP+70],ESI 10002425 C74424 54 0F0000>MOV DWORD PTR SS:[ESP+54],0F 1000242D C74424 50 000000>MOV DWORD PTR SS:[ESP+50],0 10002435 C64424 40 00 MOV BYTE PTR SS:[ESP+40],0 1000243A 72 0D JB SHORT CShell.10002449 1000243C 8B5424 5C MOV EDX,DWORD PTR SS:[ESP+5C] 10002440 52 PUSH EDX 10002441 E8 CE8A2800 CALL CShell.1028AF14 10002446 83C4 04 ADD ESP,4 10002449 807C24 0F 00 CMP BYTE PTR SS:[ESP+F],0 1000244E C74424 70 0F0000>MOV DWORD PTR SS:[ESP+70],0F 10002456 C74424 6C 000000>MOV DWORD PTR SS:[ESP+6C],0 1000245E C64424 5C 00 MOV BYTE PTR SS:[ESP+5C],0 10002463 74 37 JE SHORT CShell.1000249C 10002465 8B7424 18 MOV ESI,DWORD PTR SS:[ESP+18] 10002469 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14] 1000246D 8387 B0000000 01 ADD DWORD PTR DS:[EDI+B0],1 10002474 3B70 04 CMP ESI,DWORD PTR DS:[EAX+4] 10002477 75 06 JNZ SHORT CShell.1000247F 10002479 90 NOP 1000247A E8 1566DC5F CALL MSVCR80._invalid_parameter_noinfo 1000247F 8B0E MOV ECX,DWORD PTR DS:[ESI] 10002481 894C24 18 MOV DWORD PTR SS:[ESP+18],ECX 10002485 8B97 B0000000 MOV EDX,DWORD PTR DS:[EDI+B0] 1000248B 3B97 AC000000 CMP EDX,DWORD PTR DS:[EDI+AC] 10002491 ^0F83 29FEFFFF JNB CShell.100022C0 10002497 ^E9 89FEFFFF JMP CShell.10002325 1000249C 8B07 MOV EAX,DWORD PTR DS:[EDI] 1000249E 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4] 100024A1 53 PUSH EBX 100024A2 8BCF MOV ECX,EDI 100024A4 FFD2 CALL EDX 100024A6 8B4C24 78 MOV ECX,DWORD PTR SS:[ESP+78] 100024AA 64:890D 00000000 MOV DWORD PTR FS:[0],ECX 100024B1 59 POP ECX 100024B2 5E POP ESI 100024B3 5B POP EBX 100024B4 8BE5 MOV ESP,EBP 100024B6 5D POP EBP 100024B7 C3 RETN 100024B8 CC INT3 100024B9 CC INT3 100024BA CC INT3 100024BB CC INT3 100024BC CC INT3 100024BD CC INT3 100024BE CC INT3 100024BF CC INT3 100024C0 F605 B464C410 01 TEST BYTE PTR DS:[10C464B4],1 100024C7 75 1E JNZ SHORT CShell.100024E7 100024C9 830D B464C410 01 OR DWORD PTR DS:[10C464B4],1 100024D0 68 20E22910 PUSH CShell.1029E220 100024D5 C705 B064C410 00>MOV DWORD PTR DS:[10C464B0],0 100024DF E8 738B2800 CALL CShell.1028B057 100024E4 83C4 04 ADD ESP,4 100024E7 A1 B064C410 MOV EAX,DWORD PTR DS:[10C464B0] 100024EC 85C0 TEST EAX,EAX 100024EE 74 13 JE SHORT CShell.10002503 100024F0 6A 00 PUSH 0 100024F2 50 PUSH EAX 100024F3 90 NOP 100024F4 E8 2BBC3365 CALL ADVAPI32.CryptReleaseContext 100024F9 C705 B064C410 00>MOV DWORD PTR DS:[10C464B0],0 10002503 68 000000F0 PUSH F0000000 10002508 6A 01 PUSH 1 1000250A 6A 00 PUSH 0 1000250C 6A 00 PUSH 0 1000250E 68 B064C410 PUSH CShell.10C464B0 10002513 90 NOP 10002514 E8 C46C3365 CALL ADVAPI32.CryptAcquireContextA 10002519 85C0 TEST EAX,EAX 1000251B 75 03 JNZ SHORT CShell.10002520 1000251D 32C0 XOR AL,AL 1000251F C3 RETN 10002520 C705 6464C410 B0>MOV DWORD PTR DS:[10C46464],CShell.10C46> 1000252A B0 01 MOV AL,1 1000252C C3 RETN 1000252D CC INT3 1000252E CC INT3 1000252F CC INT3 10002530 53 PUSH EBX 10002531 8B5C24 0C MOV EBX,DWORD PTR SS:[ESP+C] 10002535 85DB TEST EBX,EBX 10002537 56 PUSH ESI 10002538 8BF1 MOV ESI,ECX 1000253A 75 07 JNZ SHORT CShell.10002543 1000253C 5E POP ESI 1000253D 32C0 XOR AL,AL 1000253F 5B POP EBX 10002540 C2 0C00 RETN 0C 10002543 55 PUSH EBP 10002544 8B6C24 18 MOV EBP,DWORD PTR SS:[ESP+18] 10002548 83FD 02 CMP EBP,2 1000254B 72 45 JB SHORT CShell.10002592 1000254D 57 PUSH EDI 1000254E 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+14] 10002552 83BCBE 9C000000 >CMP DWORD PTR DS:[ESI+EDI*4+9C],0 1000255A 75 20 JNZ SHORT CShell.1000257C 1000255C 6A 2C PUSH 2C 1000255E E8 018A2800 CALL CShell.1028AF64 10002563 83C4 04 ADD ESP,4 10002566 85C0 TEST EAX,EAX 10002568 74 09 JE SHORT CShell.10002573 1000256A C740 08 00000000 MOV DWORD PTR DS:[EAX+8],0 10002571 EB 02 JMP SHORT CShell.10002575 10002573 33C0 XOR EAX,EAX 10002575 8984BE 9C000000 MOV DWORD PTR DS:[ESI+EDI*4+9C],EAX 1000257C 8B84BE 9C000000 MOV EAX,DWORD PTR DS:[ESI+EDI*4+9C] 10002583 85C0 TEST EAX,EAX 10002585 5F POP EDI 10002586 74 12 JE SHORT CShell.1000259A 10002588 55 PUSH EBP 10002589 E8 92030000 CALL CShell.10002920 1000258E 84C0 TEST AL,AL 10002590 75 08 JNZ SHORT CShell.1000259A 10002592 5D POP EBP 10002593 5E POP ESI 10002594 32C0 XOR AL,AL 10002596 5B POP EBX 10002597 C2 0C00 RETN 0C 1000259A 5D POP EBP 1000259B 5E POP ESI 1000259C B0 01 MOV AL,1 1000259E 5B POP EBX 1000259F C2 0C00 RETN 0C 100025A2 CC INT3 100025A3 CC INT3 100025A4 CC INT3 100025A5 CC INT3 100025A6 CC INT3 100025A7 CC INT3 100025A8 CC INT3 100025A9 CC INT3 100025AA CC INT3 100025AB CC INT3 100025AC CC INT3 100025AD CC INT3 100025AE CC INT3 100025AF CC INT3 100025B0 6A FF PUSH -1 100025B2 68 E0C52910 PUSH CShell.1029C5E0 100025B7 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 100025BD 50 PUSH EAX 100025BE 83EC 38 SUB ESP,38 100025C1 53 PUSH EBX 100025C2 55 PUSH EBP 100025C3 56 PUSH ESI 100025C4 57 PUSH EDI 100025C5 A1 681B3110 MOV EAX,DWORD PTR DS:[10311B68] 100025CA 33C4 XOR EAX,ESP 100025CC 50 PUSH EAX 100025CD 8D4424 4C LEA EAX,DWORD PTR SS:[ESP+4C] 100025D1 64:A3 00000000 MOV DWORD PTR FS:[0],EAX 100025D7 8BF9 MOV EDI,ECX 100025D9 8B6C24 5C MOV EBP,DWORD PTR SS:[ESP+5C] 100025DD 8B8CAF 9C000000 MOV ECX,DWORD PTR DS:[EDI+EBP*4+9C] 100025E4 85C9 TEST ECX,ECX 100025E6 0F84 90000000 JE CShell.1000267C 100025EC 8D7424 30 LEA ESI,DWORD PTR SS:[ESP+30] 100025F0 E8 7B030000 CALL CShell.10002970 100025F5 8BF0 MOV ESI,EAX 100025F7 C74424 54 000000>MOV DWORD PTR SS:[ESP+54],0 100025FF 8B84AF 9C000000 MOV EAX,DWORD PTR DS:[EDI+EBP*4+9C] 10002606 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14] 1000260A E8 F1020000 CALL CShell.10002900 1000260F 8BC8 MOV ECX,EAX 10002611 C64424 54 01 MOV BYTE PTR SS:[ESP+54],1 10002616 8B46 14 MOV EAX,DWORD PTR DS:[ESI+14] 10002619 BF 10000000 MOV EDI,10 1000261E 397E 18 CMP DWORD PTR DS:[ESI+18],EDI 10002621 72 05 JB SHORT CShell.10002628 10002623 8B56 04 MOV EDX,DWORD PTR DS:[ESI+4] 10002626 EB 03 JMP SHORT CShell.1000262B 10002628 8D56 04 LEA EDX,DWORD PTR DS:[ESI+4] 1000262B 50 PUSH EAX 1000262C 8B41 14 MOV EAX,DWORD PTR DS:[ECX+14] 1000262F E8 4C010000 CALL CShell.10002780 10002634 85C0 TEST EAX,EAX 10002636 0F94C3 SETE BL 10002639 397C24 2C CMP DWORD PTR SS:[ESP+2C],EDI 1000263D 72 0D JB SHORT CShell.1000264C 1000263F 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18] 10002643 50 PUSH EAX 10002644 E8 CB882800 CALL CShell.1028AF14 10002649 83C4 04 ADD ESP,4 1000264C 397C24 48 CMP DWORD PTR SS:[ESP+48],EDI 10002650 C74424 2C 0F0000>MOV DWORD PTR SS:[ESP+2C],0F 10002658 C74424 28 000000>MOV DWORD PTR SS:[ESP+28],0 10002660 C64424 18 00 MOV BYTE PTR SS:[ESP+18],0 10002665 72 0D JB SHORT CShell.10002674 10002667 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+34] 1000266B 51 PUSH ECX 1000266C E8 A3882800 CALL CShell.1028AF14 10002671 83C4 04 ADD ESP,4 10002674 84DB TEST BL,BL 10002676 74 04 JE SHORT CShell.1000267C 10002678 B0 01 MOV AL,1 1000267A EB 02 JMP SHORT CShell.1000267E 1000267C 32C0 XOR AL,AL 1000267E 8B4C24 4C MOV ECX,DWORD PTR SS:[ESP+4C] 10002682 64:890D 00000000 MOV DWORD PTR FS:[0],ECX 10002689 59 POP ECX 1000268A 5F POP EDI 1000268B 5E POP ESI 1000268C 5D POP EBP 1000268D 5B POP EBX 1000268E 83C4 44 ADD ESP,44 10002691 C2 0400 RETN 4 10002694 CC INT3 10002695 CC INT3 10002696 CC INT3 10002697 CC INT3 10002698 CC INT3 10002699 CC INT3 1000269A CC INT3 1000269B CC INT3 1000269C CC INT3 1000269D CC INT3 1000269E CC INT3 1000269F CC INT3 100026A0 6A FF PUSH -1 100026A2 68 48C42910 PUSH CShell.1029C448 100026A7 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 100026AD 50 PUSH EAX 100026AE 56 PUSH ESI 100026AF A1 681B3110 MOV EAX,DWORD PTR DS:[10311B68] 100026B4 33C4 XOR EAX,ESP 100026B6 50 PUSH EAX 100026B7 8D4424 08 LEA EAX,DWORD PTR SS:[ESP+8] 100026BB 64:A3 00000000 MOV DWORD PTR FS:[0],EAX 100026C1 8B7424 18 MOV ESI,DWORD PTR SS:[ESP+18] 100026C5 8D46 04 LEA EAX,DWORD PTR DS:[ESI+4] 100026C8 50 PUSH EAX 100026C9 C706 287B2E10 MOV DWORD PTR DS:[ESI],CShell.102E7B28 100026CF 90 NOP 100026D0 E8 6D059467 CALL ntdll.RtlInitializeCriticalSection 100026D5 C74424 10 000000>MOV DWORD PTR SS:[ESP+10],0 100026DD C706 407B2E10 MOV DWORD PTR DS:[ESI],CShell.102E7B40 100026E3 E8 08010000 CALL CShell.100027F0 100026E8 8946 20 MOV DWORD PTR DS:[ESI+20],EAX 100026EB C746 24 00000000 MOV DWORD PTR DS:[ESI+24],0 100026F2 8BC6 MOV EAX,ESI 100026F4 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+8] 100026F8 64:890D 00000000 MOV DWORD PTR FS:[0],ECX 100026FF 59 POP ECX 10002700 5E POP ESI 10002701 83C4 0C ADD ESP,0C 10002704 C2 0400 RETN 4 10002707 CC INT3 10002708 CC INT3 10002709 CC INT3 1000270A CC INT3 1000270B CC INT3 1000270C CC INT3 1000270D CC INT3 1000270E CC INT3 1000270F CC INT3 10002710 56 PUSH ESI 10002711 57 PUSH EDI 10002712 8BF9 MOV EDI,ECX 10002714 8BF7 MOV ESI,EDI 10002716 C707 407B2E10 MOV DWORD PTR DS:[EDI],CShell.102E7B40 1000271C E8 3F010000 CALL CShell.10002860 10002721 8D77 1C LEA ESI,DWORD PTR DS:[EDI+1C] 10002724 E8 E7000000 CALL CShell.10002810 10002729 C707 287B2E10 MOV DWORD PTR DS:[EDI],CShell.102E7B28 1000272F 83C7 04 ADD EDI,4 10002732 57 PUSH EDI 10002733 90 NOP 10002734 E8 BC1E9467 CALL ntdll.RtlDeleteCriticalSection 10002739 5F POP EDI 1000273A 5E POP ESI 1000273B C3 RETN 1000273C CC INT3 1000273D CC INT3 1000273E CC INT3 1000273F CC INT3 10002740 56 PUSH ESI 10002741 57 PUSH EDI 10002742 8BF9 MOV EDI,ECX 10002744 8BF7 MOV ESI,EDI 10002746 C707 407B2E10 MOV DWORD PTR DS:[EDI],CShell.102E7B40 1000274C E8 0F010000 CALL CShell.10002860 10002751 8D77 1C LEA ESI,DWORD PTR DS:[EDI+1C] 10002754 E8 B7000000 CALL CShell.10002810 10002759 8D47 04 LEA EAX,DWORD PTR DS:[EDI+4] 1000275C 50 PUSH EAX 1000275D C707 287B2E10 MOV DWORD PTR DS:[EDI],CShell.102E7B28 10002763 90 NOP 10002764 E8 8C1E9467 CALL ntdll.RtlDeleteCriticalSection 10002769 F64424 0C 01 TEST BYTE PTR SS:[ESP+C],1 1000276E 74 09 JE SHORT CShell.10002779 10002770 57 PUSH EDI 10002771 E8 9E872800 CALL CShell.1028AF14 10002776 83C4 04 ADD ESP,4 10002779 8BC7 MOV EAX,EDI 1000277B 5F POP EDI 1000277C 5E POP ESI 1000277D C2 0400 RETN 4 10002780 55 PUSH EBP 10002781 8B6C24 08 MOV EBP,DWORD PTR SS:[ESP+8] 10002785 56 PUSH ESI 10002786 57 PUSH EDI 10002787 8BF8 MOV EDI,EAX 10002789 8B41 14 MOV EAX,DWORD PTR DS:[ECX+14] 1000278C 3BC7 CMP EAX,EDI 1000278E 73 02 JNB SHORT CShell.10002792 10002790 8BF8 MOV EDI,EAX 10002792 3BFD CMP EDI,EBP 10002794 8BC7 MOV EAX,EDI 10002796 72 02 JB SHORT CShell.1000279A 10002798 8BC5 MOV EAX,EBP 1000279A 8379 18 10 CMP DWORD PTR DS:[ECX+18],10 1000279E 72 05 JB SHORT CShell.100027A5 100027A0 8B49 04 MOV ECX,DWORD PTR DS:[ECX+4] 100027A3 EB 03 JMP SHORT CShell.100027A8 100027A5 83C1 04 ADD ECX,4 100027A8 85C0 TEST EAX,EAX 100027AA 8BF2 MOV ESI,EDX 100027AC 76 26 JBE SHORT CShell.100027D4 100027AE 8BFF MOV EDI,EDI 100027B0 8A11 MOV DL,BYTE PTR DS:[ECX] 100027B2 3A16 CMP DL,BYTE PTR DS:[ESI] 100027B4 75 0F JNZ SHORT CShell.100027C5 100027B6 83E8 01 SUB EAX,1 100027B9 83C1 01 ADD ECX,1 100027BC 83C6 01 ADD ESI,1 100027BF 85C0 TEST EAX,EAX 100027C1 ^77 ED JA SHORT CShell.100027B0 100027C3 EB 0F JMP SHORT CShell.100027D4 100027C5 0FB601 MOVZX EAX,BYTE PTR DS:[ECX] 100027C8 3A06 CMP AL,BYTE PTR DS:[ESI] 100027CA 1BC0 SBB EAX,EAX 100027CC 83E0 FE AND EAX,FFFFFFFE 100027CF 83C0 01 ADD EAX,1 100027D2 75 14 JNZ SHORT CShell.100027E8 100027D4 3BFD CMP EDI,EBP 100027D6 73 09 JNB SHORT CShell.100027E1 100027D8 5F POP EDI 100027D9 5E POP ESI 100027DA 83C8 FF OR EAX,FFFFFFFF 100027DD 5D POP EBP 100027DE C2 0400 RETN 4 100027E1 33C0 XOR EAX,EAX 100027E3 3BFD CMP EDI,EBP 100027E5 0F95C0 SETNE AL 100027E8 5F POP EDI 100027E9 5E POP ESI 100027EA 5D POP EBP 100027EB C2 0400 RETN 4 100027EE CC INT3 100027EF CC INT3 100027F0 B9 01000000 MOV ECX,1 100027F5 E8 B6000000 CALL CShell.100028B0 100027FA 85C0 TEST EAX,EAX 100027FC 74 02 JE SHORT CShell.10002800 100027FE 8900 MOV DWORD PTR DS:[EAX],EAX 10002800 8D48 04 LEA ECX,DWORD PTR DS:[EAX+4] 10002803 85C9 TEST ECX,ECX 10002805 74 02 JE SHORT CShell.10002809 10002807 8901 MOV DWORD PTR DS:[ECX],EAX 10002809 C3 RETN 1000280A CC INT3 1000280B CC INT3 1000280C CC INT3 1000280D CC INT3 1000280E CC INT3 1000280F CC INT3 10002810 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4] 10002813 8B01 MOV EAX,DWORD PTR DS:[ECX] 10002815 8909 MOV DWORD PTR DS:[ECX],ECX 10002817 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4] 1000281A 8949 04 MOV DWORD PTR DS:[ECX+4],ECX 1000281D 3B46 04 CMP EAX,DWORD PTR DS:[ESI+4] 10002820 C746 08 00000000 MOV DWORD PTR DS:[ESI+8],0 10002827 74 1A JE SHORT CShell.10002843 10002829 57 PUSH EDI 1000282A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] 10002830 8B38 MOV EDI,DWORD PTR DS:[EAX] 10002832 50 PUSH EAX 10002833 E8 DC862800 CALL CShell.1028AF14 10002838 83C4 04 ADD ESP,4 1000283B 3B7E 04 CMP EDI,DWORD PTR DS:[ESI+4] 1000283E 8BC7 MOV EAX,EDI 10002840 ^75 EE JNZ SHORT CShell.10002830 10002842 5F POP EDI 10002843 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4] 10002846 50 PUSH EAX 10002847 E8 C8862800 CALL CShell.1028AF14 1000284C 83C4 04 ADD ESP,4 1000284F C746 04 00000000 MOV DWORD PTR DS:[ESI+4],0 10002856 C3 RETN 10002857 CC INT3 10002858 CC INT3 10002859 CC INT3 1000285A CC INT3 1000285B CC INT3 1000285C CC INT3 1000285D CC INT3 1000285E CC INT3 1000285F CC INT3 10002860 53 PUSH EBX 10002861 8D5E 04 LEA EBX,DWORD PTR DS:[ESI+4] 10002864 53 PUSH EBX 10002865 90 NOP 10002866 E8 45FA9267 CALL ntdll.RtlEnterCriticalSection 1000286B 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+20] 1000286E 8B01 MOV EAX,DWORD PTR DS:[ECX] 10002870 8909 MOV DWORD PTR DS:[ECX],ECX 10002872 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+20] 10002875 8949 04 MOV DWORD PTR DS:[ECX+4],ECX 10002878 3B46 20 CMP EAX,DWORD PTR DS:[ESI+20] 1000287B C746 24 00000000 MOV DWORD PTR DS:[ESI+24],0 10002882 74 14 JE SHORT CShell.10002898 10002884 57 PUSH EDI 10002885 8B38 MOV EDI,DWORD PTR DS:[EAX] 10002887 50 PUSH EAX 10002888 E8 87862800 CALL CShell.1028AF14 1000288D 83C4 04 ADD ESP,4 10002890 3B7E 20 CMP EDI,DWORD PTR DS:[ESI+20] 10002893 8BC7 MOV EAX,EDI 10002895 ^75 EE JNZ SHORT CShell.10002885 10002897 5F POP EDI 10002898 53 PUSH EBX 10002899 90 NOP 1000289A E8 D1F99267 CALL ntdll.RtlLeaveCriticalSection 1000289F 5B POP EBX 100028A0 C3 RETN 100028A1 CC INT3 100028A2 CC INT3 100028A3 CC INT3 100028A4 CC INT3 100028A5 CC INT3 100028A6 CC INT3 100028A7 CC INT3 100028A8 CC INT3 100028A9 CC INT3 100028AA CC INT3 100028AB CC INT3 100028AC CC INT3 100028AD CC INT3 100028AE CC INT3 100028AF CC INT3 100028B0 83C8 FF OR EAX,FFFFFFFF 100028B3 33D2 XOR EDX,EDX 100028B5 F7F1 DIV ECX 100028B7 83EC 10 SUB ESP,10 100028BA 83F8 0C CMP EAX,0C 100028BD 73 2D JNB SHORT CShell.100028EC 100028BF 8D0424 LEA EAX,DWORD PTR SS:[ESP] 100028C2 50 PUSH EAX 100028C3 8D4C24 08 LEA ECX,DWORD PTR SS:[ESP+8] 100028C7 C74424 04 000000>MOV DWORD PTR SS:[ESP+4],0 100028CF 90 NOP 100028D0 E8 1849DE5F CALL MSVCR80.??0exception@STD@@QAE@ABQBD> 100028D5 68 74523010 PUSH CShell.10305274 100028DA 8D4C24 08 LEA ECX,DWORD PTR SS:[ESP+8] 100028DE 51 PUSH ECX 100028DF C74424 0C A4002A>MOV DWORD PTR SS:[ESP+C],CShell.102A00A4 100028E7 E8 9C872800 CALL CShell.1028B088 100028EC 8D1449 LEA EDX,DWORD PTR DS:[ECX+ECX*2] 100028EF 03D2 ADD EDX,EDX 100028F1 03D2 ADD EDX,EDX 100028F3 52 PUSH EDX 100028F4 E8 6B862800 CALL CShell.1028AF64 100028F9 83C4 04 ADD ESP,4 100028FC 83C4 10 ADD ESP,10 100028FF C3 RETN 10002900 51 PUSH ECX 10002901 57 PUSH EDI 10002902 83C0 08 ADD EAX,8 10002905 8BF9 MOV EDI,ECX 10002907 50 PUSH EAX 10002908 C74424 08 000000>MOV DWORD PTR SS:[ESP+8],0 10002910 E8 4BEEFFFF CALL CShell.10001760 10002915 8BC7 MOV EAX,EDI 10002917 5F POP EDI 10002918 59 POP ECX 10002919 C3 RETN 1000291A CC INT3 1000291B CC INT3 1000291C CC INT3 1000291D CC INT3 1000291E CC INT3 1000291F CC INT3 10002920 85DB TEST EBX,EBX 10002922 55 PUSH EBP 10002923 8B6C24 08 MOV EBP,DWORD PTR SS:[ESP+8] 10002927 56 PUSH ESI 10002928 8BF0 MOV ESI,EAX 1000292A 75 07 JNZ SHORT CShell.10002933 1000292C 5E POP ESI 1000292D 32C0 XOR AL,AL 1000292F 5D POP EBP 10002930 C2 0400 RETN 4 10002933 83FD 02 CMP EBP,2 10002936 ^72 F4 JB SHORT CShell.1000292C 10002938 57 PUSH EDI 10002939 8D7E 08 LEA EDI,DWORD PTR DS:[ESI+8] 1000293C 8BC7 MOV EAX,EDI 1000293E 896E 04 MOV DWORD PTR DS:[ESI+4],EBP 10002941 891E MOV DWORD PTR DS:[ESI],EBX 10002943 E8 28EDFFFF CALL CShell.10001670 10002948 84C0 TEST AL,AL 1000294A 75 06 JNZ SHORT CShell.10002952 1000294C 5F POP EDI 1000294D 5E POP ESI 1000294E 5D POP EBP 1000294F C2 0400 RETN 4 10002952 83C6 0C ADD ESI,0C 10002955 56 PUSH ESI 10002956 53 PUSH EBX 10002957 8BC5 MOV EAX,EBP 10002959 E8 82EDFFFF CALL CShell.100016E0 1000295E 5F POP EDI 1000295F 5E POP ESI 10002960 5D POP EBP 10002961 C2 0400 RETN 4 10002964 CC INT3 10002965 CC INT3 10002966 CC INT3 10002967 CC INT3 10002968 CC INT3 10002969 CC INT3 1000296A CC INT3 1000296B CC INT3 1000296C CC INT3 1000296D CC INT3 1000296E CC INT3 1000296F CC INT3 10002970 6A FF PUSH -1 10002972 68 A8C52910 PUSH CShell.1029C5A8 10002977 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 1000297D 50 PUSH EAX 1000297E 83EC 2C SUB ESP,2C 10002981 A1 681B3110 MOV EAX,DWORD PTR DS:[10311B68] 10002986 33C4 XOR EAX,ESP 10002988 894424 28 MOV DWORD PTR SS:[ESP+28],EAX 1000298C 53 PUSH EBX 1000298D 57 PUSH EDI 1000298E A1 681B3110 MOV EAX,DWORD PTR DS:[10311B68] 10002993 33C4 XOR EAX,ESP 10002995 50 PUSH EAX 10002996 8D4424 38 LEA EAX,DWORD PTR SS:[ESP+38] 1000299A 64:A3 00000000 MOV DWORD PTR FS:[0],EAX 100029A0 33DB XOR EBX,EBX 100029A2 8BF9 MOV EDI,ECX 100029A4 895C24 10 MOV DWORD PTR SS:[ESP+10],EBX 100029A8 391F CMP DWORD PTR DS:[EDI],EBX 100029AA 75 0F JNZ SHORT CShell.100029BB 100029AC C746 18 0F000000 MOV DWORD PTR DS:[ESI+18],0F 100029B3 895E 14 MOV DWORD PTR DS:[ESI+14],EBX 100029B6 885E 04 MOV BYTE PTR DS:[ESI+4],BL 100029B9 EB 6C JMP SHORT CShell.10002A27 100029BB 837F 04 02 CMP DWORD PTR DS:[EDI+4],2 100029BF ^72 EB JB SHORT CShell.100029AC 100029C1 895C24 10 MOV DWORD PTR SS:[ESP+10],EBX 100029C5 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+10] 100029C9 895C24 40 MOV DWORD PTR SS:[ESP+40],EBX 100029CD E8 9EECFFFF CALL CShell.10001670 100029D2 84C0 TEST AL,AL 100029D4 75 0F JNZ SHORT CShell.100029E5 100029D6 C746 18 0F000000 MOV DWORD PTR DS:[ESI+18],0F 100029DD 895E 14 MOV DWORD PTR DS:[ESI+14],EBX 100029E0 885E 04 MOV BYTE PTR DS:[ESI+4],BL 100029E3 EB 33 JMP SHORT CShell.10002A18 100029E5 8B0F MOV ECX,DWORD PTR DS:[EDI] 100029E7 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+14] 100029EB 50 PUSH EAX 100029EC 8B47 04 MOV EAX,DWORD PTR DS:[EDI+4] 100029EF 51 PUSH ECX 100029F0 8D7C24 18 LEA EDI,DWORD PTR SS:[ESP+18] 100029F4 E8 E7ECFFFF CALL CShell.100016E0 100029F9 84C0 TEST AL,AL 100029FB 75 0F JNZ SHORT CShell.10002A0C 100029FD C746 18 0F000000 MOV DWORD PTR DS:[ESI+18],0F 10002A04 895E 14 MOV DWORD PTR DS:[ESI+14],EBX 10002A07 885E 04 MOV BYTE PTR DS:[ESI+4],BL 10002A0A EB 0C JMP SHORT CShell.10002A18 10002A0C 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+10] 10002A10 52 PUSH EDX 10002A11 8BFE MOV EDI,ESI 10002A13 E8 48EDFFFF CALL CShell.10001760 10002A18 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] 10002A1C 3BC3 CMP EAX,EBX 10002A1E 74 07 JE SHORT CShell.10002A27 10002A20 50 PUSH EAX 10002A21 90 NOP 10002A22 E8 3FB53365 CALL ADVAPI32.CryptDestroyHash 10002A27 8BC6 MOV EAX,ESI 10002A29 8B4C24 38 MOV ECX,DWORD PTR SS:[ESP+38] 10002A2D 64:890D 00000000 MOV DWORD PTR FS:[0],ECX 10002A34 59 POP ECX 10002A35 5F POP EDI 10002A36 5B POP EBX 10002A37 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+28] 10002A3B 33CC XOR ECX,ESP 10002A3D E8 2E852800 CALL CShell.1028AF70 10002A42 83C4 38 ADD ESP,38 10002A45 C3 RETN 10002A46 CC INT3 10002A47 CC INT3 10002A48 CC INT3 10002A49 CC INT3 10002A4A CC INT3 10002A4B CC INT3 10002A4C CC INT3 10002A4D CC INT3 10002A4E CC INT3 10002A4F CC INT3 10002A50 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4] 10002A54 85C0 TEST EAX,EAX 10002A56 56 PUSH ESI 10002A57 8BF1 MOV ESI,ECX 10002A59 75 07 JNZ SHORT CShell.10002A62 10002A5B 83C8 FF OR EAX,FFFFFFFF 10002A5E 5E POP ESI 10002A5F C2 0800 RETN 8 10002A62 57 PUSH EDI 10002A63 8D7E 08 LEA EDI,DWORD PTR DS:[ESI+8] 10002A66 57 PUSH EDI 10002A67 6A 00 PUSH 0 10002A69 56 PUSH ESI 10002A6A 68 A02C0010 PUSH CShell.10002CA0 10002A6F 6A 00 PUSH 0 10002A71 6A 00 PUSH 0 10002A73 8986 18010000 MOV DWORD PTR DS:[ESI+118],EAX 10002A79 90 NOP 10002A7A E8 C9FFDB5F CALL MSVCR80._beginthreadex 10002A7F 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+28] 10002A83 83C4 18 ADD ESP,18 10002A86 8946 04 MOV DWORD PTR DS:[ESI+4],EAX 10002A89 8B07 MOV EAX,DWORD PTR DS:[EDI] 10002A8B 50 PUSH EAX 10002A8C 56 PUSH ESI 10002A8D E8 5E010000 CALL CShell.10002BF0 10002A92 8B07 MOV EAX,DWORD PTR DS:[EDI] 10002A94 5F POP EDI 10002A95 5E POP ESI 10002A96 C2 0800 RETN 8 10002A99 CC INT3 10002A9A CC INT3 10002A9B CC INT3 10002A9C CC INT3 10002A9D CC INT3 10002A9E CC INT3 10002A9F CC INT3 10002AA0 57 PUSH EDI 10002AA1 8BB9 18010000 MOV EDI,DWORD PTR DS:[ECX+118] 10002AA7 E8 74F7FFFF CALL CShell.10002220 10002AAC 5F POP EDI 10002AAD C3 RETN 10002AAE CC INT3 10002AAF CC INT3 10002AB0 57 PUSH EDI 10002AB1 68 04010000 PUSH 104 10002AB6 8D46 0C LEA EAX,DWORD PTR DS:[ESI+C] 10002AB9 6A 00 PUSH 0 10002ABB 50 PUSH EAX 10002ABC C706 5C7B2E10 MOV DWORD PTR DS:[ESI],CShell.102E7B5C 10002AC2 C746 04 FFFFFFFF MOV DWORD PTR DS:[ESI+4],-1 10002AC9 C746 08 00000000 MOV DWORD PTR DS:[ESI+8],0 10002AD0 E8 D7842800 CALL CShell.1028AFAC 10002AD5 8B3D 7CF12910 MOV EDI,DWORD PTR DS:[1029F17C] ; kernel32.CreateEventA 10002ADB 83C4 0C ADD ESP,0C 10002ADE 6A 00 PUSH 0 10002AE0 6A 00 PUSH 0 10002AE2 6A 00 PUSH 0 10002AE4 6A 00 PUSH 0 10002AE6 FFD7 CALL EDI 10002AE8 6A 00 PUSH 0 10002AEA 6A 00 PUSH 0 10002AEC 6A 00 PUSH 0 10002AEE 6A 00 PUSH 0 10002AF0 8986 10010000 MOV DWORD PTR DS:[ESI+110],EAX 10002AF6 FFD7 CALL EDI 10002AF8 6A 00 PUSH 0 10002AFA 6A 00 PUSH 0 10002AFC 6A 00 PUSH 0 10002AFE 6A 00 PUSH 0 10002B00 A3 5464C410 MOV DWORD PTR DS:[10C46454],EAX 10002B05 FFD7 CALL EDI 10002B07 8986 14010000 MOV DWORD PTR DS:[ESI+114],EAX 10002B0D 8BC6 MOV EAX,ESI 10002B0F 5F POP EDI 10002B10 C3 RETN 10002B11 CC INT3 10002B12 CC INT3 10002B13 CC INT3 10002B14 CC INT3 10002B15 CC INT3 10002B16 CC INT3 10002B17 CC INT3 10002B18 CC INT3 10002B19 CC INT3 10002B1A CC INT3 10002B1B CC INT3 10002B1C CC INT3 10002B1D CC INT3 10002B1E CC INT3 10002B1F CC INT3 10002B20 56 PUSH ESI 10002B21 8BF1 MOV ESI,ECX 10002B23 8B86 10010000 MOV EAX,DWORD PTR DS:[ESI+110] 10002B29 57 PUSH EDI 10002B2A 8B3D 74F02910 MOV EDI,DWORD PTR DS:[1029F074] ; kernel32.CloseHandle 10002B30 50 PUSH EAX 10002B31 C706 5C7B2E10 MOV DWORD PTR DS:[ESI],CShell.102E7B5C 10002B37 FFD7 CALL EDI 10002B39 8B0D 5464C410 MOV ECX,DWORD PTR DS:[10C46454] 10002B3F 51 PUSH ECX 10002B40 FFD7 CALL EDI 10002B42 8B96 14010000 MOV EDX,DWORD PTR DS:[ESI+114] 10002B48 52 PUSH EDX 10002B49 FFD7 CALL EDI 10002B4B 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4] 10002B4E 50 PUSH EAX 10002B4F FFD7 CALL EDI 10002B51 F64424 0C 01 TEST BYTE PTR SS:[ESP+C],1 10002B56 74 09 JE SHORT CShell.10002B61 10002B58 56 PUSH ESI 10002B59 E8 B6832800 CALL CShell.1028AF14 10002B5E 83C4 04 ADD ESP,4 10002B61 5F POP EDI 10002B62 8BC6 MOV EAX,ESI 10002B64 5E POP ESI 10002B65 C2 0400 RETN 4 10002B68 CC INT3 10002B69 CC INT3 10002B6A CC INT3 10002B6B CC INT3 10002B6C CC INT3 10002B6D CC INT3 10002B6E CC INT3 10002B6F CC INT3 10002B70 837C24 04 00 CMP DWORD PTR SS:[ESP+4],0 10002B75 56 PUSH ESI 10002B76 8BF1 MOV ESI,ECX 10002B78 75 07 JNZ SHORT CShell.10002B81 10002B7A 83C8 FF OR EAX,FFFFFFFF 10002B7D 5E POP ESI 10002B7E C2 0800 RETN 8 10002B81 57 PUSH EDI 10002B82 8D7E 08 LEA EDI,DWORD PTR DS:[ESI+8] 10002B85 57 PUSH EDI 10002B86 6A 00 PUSH 0 10002B88 56 PUSH ESI 10002B89 68 A02C0010 PUSH CShell.10002CA0 10002B8E 6A 00 PUSH 0 10002B90 6A 00 PUSH 0 10002B92 90 NOP 10002B93 E8 B0FEDB5F CALL MSVCR80._beginthreadex 10002B98 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+28] 10002B9C 83C4 18 ADD ESP,18 10002B9F 8946 04 MOV DWORD PTR DS:[ESI+4],EAX 10002BA2 8B07 MOV EAX,DWORD PTR DS:[EDI] 10002BA4 50 PUSH EAX 10002BA5 56 PUSH ESI 10002BA6 E8 45000000 CALL CShell.10002BF0 10002BAB 8B07 MOV EAX,DWORD PTR DS:[EDI] 10002BAD 5F POP EDI 10002BAE 5E POP ESI 10002BAF C2 0800 RETN 8 10002BB2 CC INT3 10002BB3 CC INT3 10002BB4 CC INT3 10002BB5 CC INT3 10002BB6 CC INT3 10002BB7 CC INT3 10002BB8 CC INT3 10002BB9 CC INT3 10002BBA CC INT3 10002BBB CC INT3 10002BBC CC INT3 10002BBD CC INT3 10002BBE CC INT3 10002BBF CC INT3 10002BC0 8B81 10010000 MOV EAX,DWORD PTR DS:[ECX+110] 10002BC6 50 PUSH EAX 10002BC7 90 NOP 10002BC8 E8 F8EA1C65 CALL kernel32.SetEvent 10002BCD 8B0D 5464C410 MOV ECX,DWORD PTR DS:[10C46454] 10002BD3 6A FF PUSH -1 10002BD5 51 PUSH ECX 10002BD6 90 NOP 10002BD7 E8 5AE51C65 CALL kernel32.WaitForSingleObject 10002BDC B8 01000000 MOV EAX,1 10002BE1 C3 RETN 10002BE2 CC INT3 10002BE3 CC INT3 10002BE4 CC INT3 10002BE5 CC INT3 10002BE6 CC INT3 10002BE7 CC INT3 10002BE8 CC INT3 10002BE9 CC INT3 10002BEA CC INT3 10002BEB CC INT3 10002BEC CC INT3 10002BED CC INT3 10002BEE CC INT3 10002BEF CC INT3 10002BF0 55 PUSH EBP 10002BF1 8BEC MOV EBP,ESP 10002BF3 6A FE PUSH -2 10002BF5 68 88523010 PUSH CShell.10305288 10002BFA 68 A8B22810 PUSH CShell.1028B2A8 10002BFF 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] 10002C05 50 PUSH EAX 10002C06 83EC 18 SUB ESP,18 10002C09 53 PUSH EBX 10002C0A 56 PUSH ESI 10002C0B 57 PUSH EDI 10002C0C A1 681B3110 MOV EAX,DWORD PTR DS:[10311B68] 10002C11 3145 F8 XOR DWORD PTR SS:[EBP-8],EAX 10002C14 33C5 XOR EAX,EBP 10002C16 50 PUSH EAX 10002C17 8D45 F0 LEA EAX,DWORD PTR SS:[EBP-10] 10002C1A 64:A3 00000000 MOV DWORD PTR FS:[0],EAX 10002C20 8965 E8 MOV DWORD PTR SS:[EBP-18],ESP 10002C23 C745 D8 00100000 MOV DWORD PTR SS:[EBP-28],1000 10002C2A 894D DC MOV DWORD PTR SS:[EBP-24],ECX 10002C2D 8B45 0C MOV EAX,DWORD PTR SS:[EBP+C] 10002C30 8945 E0 MOV DWORD PTR SS:[EBP-20],EAX 10002C33 33DB XOR EBX,EBX 10002C35 895D E4 MOV DWORD PTR SS:[EBP-1C],EBX 10002C38 8BC1 MOV EAX,ECX 10002C3A 8D70 01 LEA ESI,DWORD PTR DS:[EAX+1] 10002C3D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] 10002C40 8A10 MOV DL,BYTE PTR DS:[EAX] 10002C42 83C0 01 ADD EAX,1 10002C45 3AD3 CMP DL,BL 10002C47 ^75 F7 JNZ SHORT CShell.10002C40 10002C49 2BC6 SUB EAX,ESI 10002C4B 50 PUSH EAX 10002C4C 51 PUSH ECX 10002C4D 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8] 10002C50 83C1 0C ADD ECX,0C 10002C53 51 PUSH ECX 10002C54 90 NOP 10002C55 E8 F6DAE05F CALL MSVCR80.strncpy 10002C5A 83C4 0C ADD ESP,0C 10002C5D 895D FC MOV DWORD PTR SS:[EBP-4],EBX 10002C60 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-28] 10002C63 52 PUSH EDX 10002C64 6A 04 PUSH 4 10002C66 53 PUSH EBX 10002C67 68 88136D40 PUSH 406D1388 10002C6C 90 NOP 10002C6D E8 342C1D65 CALL kernel32.RaiseException 10002C72 EB 07 JMP SHORT CShell.10002C7B 10002C74 83C8 FF OR EAX,FFFFFFFF 10002C77 C3 RETN 10002C78 8B65 E8 MOV ESP,DWORD PTR SS:[EBP-18] 10002C7B C745 FC FEFFFFFF MOV DWORD PTR SS:[EBP-4],-2 10002C82 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-10] 10002C85 64:890D 00000000 MOV DWORD PTR FS:[0],ECX 10002C8C 59 POP ECX 10002C8D 5F POP EDI 10002C8E 5E POP ESI 10002C8F 5B POP EBX 10002C90 8BE5 MOV ESP,EBP 10002C92 5D POP EBP 10002C93 C2 0800 RETN 8 10002C96 CC INT3 10002C97 CC INT3 10002C98 CC INT3 10002C99 CC INT3 10002C9A CC INT3 10002C9B CC INT3 10002C9C CC INT3 10002C9D CC INT3 10002C9E CC INT3 10002C9F CC INT3 10002CA0 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4] 10002CA4 8B01 MOV EAX,DWORD PTR DS:[ECX] 10002CA6 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4] 10002CA9 FFD2 CALL EDX 10002CAB A1 5464C410 MOV EAX,DWORD PTR DS:[10C46454] 10002CB0 50 PUSH EAX 10002CB1 90 NOP 10002CB2 E8 0EEA1C65 CALL kernel32.SetEvent 10002CB7 33C0 XOR EAX,EAX 10002CB9 C2 0400 RETN 4 10002CBC CC INT3 10002CBD CC INT3 10002CBE CC INT3 10002CBF CC INT3 10002CC0 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4] 10002CC4 56 PUSH ESI 10002CC5 50 PUSH EAX 10002CC6 8BF1 MOV ESI,ECX 10002CC8 E8 43D21E00 CALL CShell.101EFF10 10002CCD 33C0 XOR EAX,EAX 10002CCF C706 50F92910 MOV DWORD PTR DS:[ESI],CShell.1029F950 10002CD5 8986 D0000000 MOV DWORD PTR DS:[ESI+D0],EAX 10002CDB 8986 D4000000 MOV DWORD PTR DS:[ESI+D4],EAX 10002CE1 8986 D8000000 MOV DWORD PTR DS:[ESI+D8],EAX 10002CE7 8986 DC000000 MOV DWORD PTR DS:[ESI+DC],EAX 10002CED 8986 E0000000 MOV DWORD PTR DS:[ESI+E0],EAX 10002CF3 8986 E4000000 MOV DWORD PTR DS:[ESI+E4],EAX 10002CF9 8986 E8000000 MOV DWORD PTR DS:[ESI+E8],EAX 10002CFF 8BC6 MOV EAX,ESI 10002D01 5E POP ESI 10002D02 C2 0400 RETN 4 10002D05 CC INT3 10002D06 CC INT3 10002D07 CC INT3 10002D08 CC INT3 10002D09 CC INT3 10002D0A CC INT3 10002D0B CC INT3 10002D0C CC INT3 10002D0D CC INT3 10002D0E CC INT3 10002D0F CC INT3 10002D10 C701 50F92910 MOV DWORD PTR DS:[ECX],CShell.1029F950 10002D16 E9 65D11E00 JMP CShell.101EFE80 10002D1B CC INT3 10002D1C CC INT3 10002D1D CC INT3 10002D1E CC INT3 10002D1F CC INT3 10002D20 56 PUSH ESI 10002D21 57 PUSH EDI 10002D22 8D71 38 LEA ESI,DWORD PTR DS:[ECX+38] 10002D25 8DB9 D0000000 LEA EDI,DWORD PTR DS:[ECX+D0] 10002D2B B9 07000000 MOV ECX,7 10002D30 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> 10002D32 5F POP EDI 10002D33 5E POP ESI 10002D34 C3 RETN 10002D35 CC INT3 10002D36 CC INT3 10002D37 CC INT3 10002D38 CC INT3 10002D39 CC INT3 10002D3A CC INT3 10002D3B CC INT3 10002D3C CC INT3 10002D3D CC INT3 10002D3E CC INT3 10002D3F CC INT3 10002D40 8D81 D0000000 LEA EAX,DWORD PTR DS:[ECX+D0] 10002D46 50 PUSH EAX 10002D47 E8 64D51E00 CALL CShell.101F02B0 10002D4C C3 RETN 10002D4D CC INT3 10002D4E CC INT3 10002D4F CC INT3 10002D50 33C0 XOR EAX,EAX 10002D52 83C1 38 ADD ECX,38 10002D55 8B11 MOV EDX,DWORD PTR DS:[ECX] 10002D57 3B91 98000000 CMP EDX,DWORD PTR DS:[ECX+98] 10002D5D 75 0E JNZ SHORT CShell.10002D6D 10002D5F 83C0 01 ADD EAX,1 10002D62 83C1 04 ADD ECX,4 10002D65 83F8 07 CMP EAX,7 10002D68 ^7C EB JL SHORT CShell.10002D55 10002D6A 32C0 XOR AL,AL 10002D6C C3 RETN 10002D6D B0 01 MOV AL,1 10002D6F C3 RETN 10002D70 56 PUSH ESI 10002D71 8BF1 MOV ESI,ECX 10002D73 E8 98FFFFFF CALL CShell.10002D10 10002D78 F64424 08 01 TEST BYTE PTR SS:[ESP+8],1 10002D7D 74 09 JE SHORT CShell.10002D88 10002D7F 56 PUSH ESI 10002D80 E8 8F812800 CALL CShell.1028AF14 10002D85 83C4 04 ADD ESP,4 10002D88 8BC6 MOV EAX,ESI 10002D8A 5E POP ESI 10002D8B C2 0400 RETN 4 10002D8E CC INT3 10002D8F CC INT3 10002D90 56 PUSH ESI 10002D91 57 PUSH EDI 10002D92 8B7C24 0C MOV EDI,DWORD PTR SS:[ESP+C] 10002D96 57 PUSH EDI 10002D97 8BF1 MOV ESI,ECX 10002D99 E8 02D71E00 CALL CShell.101F04A0 10002D9E C706 60F92910 MOV DWORD PTR DS:[ESI],CShell.1029F960 10002DA4 8A47 38 MOV AL,BYTE PTR DS:[EDI+38] 10002DA7 8846 60 MOV BYTE PTR DS:[ESI+60],AL 10002DAA 5F POP EDI 10002DAB 8BC6 MOV EAX,ESI 10002DAD 5E POP ESI 10002DAE C2 0400 RETN 4 10002DB1 CC INT3 10002DB2 CC INT3 10002DB3 CC INT3 10002DB4 CC INT3 10002DB5 CC INT3 10002DB6 CC INT3 10002DB7 CC INT3 10002DB8 CC INT3 10002DB9 CC INT3 10002DBA CC INT3 10002DBB CC INT3 10002DBC CC INT3 10002DBD CC INT3 10002DBE CC INT3 10002DBF CC INT3 10002DC0 C701 60F92910 MOV DWORD PTR DS:[ECX],CShell.1029F960 10002DC6 E9 55D61E00 JMP CShell.101F0420 10002DCB CC INT3 10002DCC CC INT3 10002DCD CC INT3 10002DCE CC INT3 10002DCF CC INT3 10002DD0 8A41 38 MOV AL,BYTE PTR DS:[ECX+38] 10002DD3 8841 60 MOV BYTE PTR DS:[ECX+60],AL 10002DD6 C3 RETN 10002DD7 CC INT3 10002DD8 CC INT3 10002DD9 CC INT3 10002DDA CC INT3 10002DDB CC INT3 10002DDC CC INT3 10002DDD CC INT3 10002DDE CC INT3 10002DDF CC INT3 10002DE0 8A41 60 MOV AL,BYTE PTR DS:[ECX+60] 10002DE3 8841 38 MOV BYTE PTR DS:[ECX+38],AL 10002DE6 C3 RETN 10002DE7 CC INT3 10002DE8 CC INT3 10002DE9 CC INT3 10002DEA CC INT3 10002DEB CC INT3 10002DEC CC INT3 10002DED CC INT3 10002DEE CC INT3 10002DEF CC INT3 10002DF0 8A41 60 MOV AL,BYTE PTR DS:[ECX+60] 10002DF3 33D2 XOR EDX,EDX 10002DF5 3A41 38 CMP AL,BYTE PTR DS:[ECX+38] 10002DF8 0F95C2 SETNE DL 10002DFB 8AC2 MOV AL,DL 10002DFD C3 RETN 10002DFE CC INT3 10002DFF CC INT3 10002E00 56 PUSH ESI 10002E01 8BF1 MOV ESI,ECX 10002E03 E8 B8FFFFFF CALL CShell.10002DC0 10002E08 F64424 08 01 TEST BYTE PTR SS:[ESP+8],1 10002E0D 74 09 JE SHORT CShell.10002E18 10002E0F 56 PUSH ESI 10002E10 E8 FF802800 CALL CShell.1028AF14 10002E15 83C4 04 ADD ESP,4 10002E18 8BC6 MOV EAX,ESI 10002E1A 5E POP ESI 10002E1B C2 0400 RETN 4 10002E1E CC INT3 10002E1F CC INT3 10002E20 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4] 10002E24 85C0 TEST EAX,EAX 10002E26 75 06 JNZ SHORT CShell.10002E2E
-
06-04-2011 #2MPGH Enemy #1
- Join Date
- Feb 2010
- Gender
- Location
- Posts
- 11,889
- Reputation
574- Thanks
- 1,966
- My Mood
-
[IMG]https://i1114.photobucke*****m/albums/k538/ImminentJM/takari.png[/IMG]
-
06-04-2011 #3Bobo's Trainer
- Join Date
- Dec 2010
- Gender
- Posts
- 922
- Reputation
- 18
- Thanks
- 730
- My Mood
-
idk hacker :S why? you will make a Dll to unpatch the old methods/bases?
with that addie.. , or ? @{Banned}**HACKER**
Last edited by CheatCreatorzz; 06-04-2011 at 04:40 AM.
(_¸.•*´'`°¤¸'¸¤°´'`*•.¸_)
Video Creator
GFX Creator
C++ Coder
D3D Coder
(¯`*•.¸,¤°´'`°¤,¸.•*´¯)
-
06-04-2011 #4
ThreadstarterBanned
- Join Date
- Mar 2011
- Gender
- Posts
- 843
- Reputation
- 8
- Thanks
- 719
- My Mood
-
Well @CheatCreatorzz Ive Been Trying To Make My Hack Unpatched For 2 Days Now .. It Lets Me go Ingame With It But The Features Dont Work When I Press The Hotkeys So Im Nearly There !
-
06-04-2011 #5Bobo's Trainer
- Join Date
- Aug 2010
- Gender
- Location
- Posts
- 826
- Reputation
- 14
- Thanks
- 616
- My Mood
-
XTrap blocks the acess from Hacks.
Originally Posted by {Banned}**HACKER**
I've made a hack. With my "Bypass" it worked, but without not. No Send error report or something else.
Edit : You have 288 Thanks and you have 288 Posts ^^
Maybe it detects if XTrap runs or not
Last edited by derh.acker; 06-04-2011 at 10:04 AM.
-
06-04-2011 #6Bobo's Trainer
- Join Date
- Dec 2010
- Gender
- Posts
- 922
- Reputation
- 18
- Thanks
- 730
- My Mood
-
@{Banned}**HACKER** okay, try to make it auto on, then it will work?
auto on: you know ? bool onehit (p e.x)= true, (
:P
(_¸.•*´'`°¤¸'¸¤°´'`*•.¸_)
Video Creator
GFX Creator
C++ Coder
D3D Coder
(¯`*•.¸,¤°´'`°¤,¸.•*´¯)
-
06-04-2011 #7Banned
- Join Date
- Jan 2011
- Gender
- Location
- Posts
- 3,734
- Reputation
- 133
- Thanks
- 1,621
- My Mood
-
lol Typical sentence from a leecher, Sorry to say that, but what you said makes you look like a real leecher omg Originally Posted by CheatCreatorzz
@{Banned}**HACKER** okay, try to make it auto on, then it will work?
auto on: you know ? bool onehit (p e.x)= true, ( :P
-
06-04-2011 #8
ThreadstarterBanned
- Join Date
- Mar 2011
- Gender
- Posts
- 843
- Reputation
- 8
- Thanks
- 719
- My Mood
-
@Lyoto Machida Who You Talking About Me Or Cheatz ?
-
06-04-2011 #9Banned
- Join Date
- Jan 2011
- Gender
- Location
- Posts
- 3,734
- Reputation
- 133
- Thanks
- 1,621
- My Mood
-
Cheatz, HAcker you are not a leecher
You make ptc hacks from a long time ago , i know you since the old times, and no i wont say who i was..
-
06-04-2011 #10Maybe this world is another planet's Hell.
- Join Date
- Mar 2011
- Gender
- Location
- Posts
- 2,116
- Reputation
- 120
- Thanks
- 117
- My Mood
-
i don't know try delete that and try detected hack
MPGH's Official Facebook, Twitter, and Youtube page!
-
06-05-2011 #11
- Join Date
- May 2010
- Gender
- Location
- Posts
- 1,527
- Reputation
- 206
- Thanks
- 1,043
- My Mood
-
yo @{Banned}**HACKER**
I think That Is The Method Used To Stop/Patch Hacks So U Might Be Onto Something here!
500 Posts ✓
750 Posts ✓
1,337 Posts ✓
2,000 Posts ×
3,000 Posts ×
Ex VIP
Ex Resource Team Member
Ex Wiki Editor
-
06-06-2011 #12
ThreadstarterBanned
- Join Date
- Mar 2011
- Gender
- Posts
- 843
- Reputation
- 8
- Thanks
- 719
- My Mood
-
I Hope Im On To Something Lol I Really Wanna Release My Next Hack ! I Might Just Try And Set Most Of These Addys To 0 And See If It Works ! If So You'll See A Hack From Me Soon
-
06-06-2011 #13Bobo's Trainer
- Join Date
- Dec 2010
- Gender
- Posts
- 922
- Reputation
- 18
- Thanks
- 730
- My Mood
-
lol @Lyoto Machida , what i said was a joke xD auto on --' if xtrap block the hackacces, it wont work with auto on --' or hotkeys... and stfu, go make hack...
(_¸.•*´'`°¤¸'¸¤°´'`*•.¸_)
Video Creator
GFX Creator
C++ Coder
D3D Coder
(¯`*•.¸,¤°´'`°¤,¸.•*´¯)
