Page 4 of 7 FirstFirst ... 23456 ... LastLast
Results 46 to 60 of 91
  1. 07-28-2009 #1
    Grim
    Grim is offline
    MPGH Lord
    MPGH Member
    Grim's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    5,359
    Reputation
    112
    Thanks
    3,786
    My Mood
    Cynical
    Send a message via Birdie™ to Grim United States

    the bypass is patched

    i was using the xfire hacks all morning and got on here for a minute to check email and fuck around on mpgh.. got back on CA and it closed out on me before the login screen.. so i poked around in my folders and found that HShield folder now has a bunch of .dll files that are hidden, to view go Tools>Folder Options>View.. without scrolling down you can see at the bottom it says "Show hidden files and folders" i've always had this checked, but even after deleting the .dll's that werent there before i can only just get passed the login screen.. still working on it, if i can figure it out i'll repost
    Want to see my programs?
    \/ CLICK IT BITCHES \/
  2. 07-28-2009 #46
    NeonNoise
    NeonNoise is offline
    Unverified User
    NeonNoise's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    ten steps ahead of you
    Posts
    593
    Reputation
    38
    Thanks
    42
    My Mood
    Amused
    Send a message via Birdie™ to NeonNoise United States

    Exclamation

    Quote Originally Posted by WarPathSin666 View Post
    it hit the american version.. i read your thread before posting this one
    i think i go it
    uninstall
    reinstall teh EU version
    thats it im a genius
  3. 07-28-2009 #47
    Grim
    Grim is offline
    Threadstarter
    MPGH Lord
    MPGH Member
    Grim's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    5,359
    Reputation
    112
    Thanks
    3,786
    My Mood
    Cynical
    Send a message via Birdie™ to Grim United States
    Quote Originally Posted by aswhooper View Post
    face it, we're screwed. goodbye cruel world *stabs eye out*
    LMAO well they said that it looks like they are trying to stop Engine.exe from being injected.. the bypass might not be patched, we just need a new way to apply it
    Want to see my programs?
    \/ CLICK IT BITCHES \/
  4. 07-28-2009 #48
    NeonNoise
    NeonNoise is offline
    Unverified User
    NeonNoise's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    ten steps ahead of you
    Posts
    593
    Reputation
    38
    Thanks
    42
    My Mood
    Amused
    Send a message via Birdie™ to NeonNoise United States
    Quote Originally Posted by WarPathSin666 View Post
    LMAO well they said that it looks like they are trying to stop Engine.exe from being injected.. the bypass might not be patched, we just need a new way to apply it
    nevr mind ignore what i said




    I PWN
  5. 07-28-2009 #49
    bloddyapache
    bloddyapache is offline
    Synthetic Hacker
    MPGH Member
    bloddyapache's Avatar
    Join Date
    Apr 2009
    Gender
    male
    Posts
    1,273
    Reputation
    15
    Thanks
    107
    My Mood
    Amazed
    Send a message via Birdie™ to bloddyapache Bermuda
    Quote Originally Posted by lolz2much View Post
    ok first dll
    file name - 3ba1ea5.dll

    Code:
    76A61000 > . F62D817C       DD kernel32.GetSystemInfo
76A61004 > . 7B1D807C       DD kernel32.LoadLibraryA
76A61008 > . 2E98807C       DD kernel32.InterlockedExchange
76A6100C > . 7EAC807C       DD kernel32.FreeLibrary
76A61010 > . 40AE807C       DD kernel32.GetProcAddress
76A61014 > . 5D49847C       DD kernel32.SetUnhandledExceptionFilter
76A61018 > . CA3F867C       DD kernel32.UnhandledExceptionFilter
76A6101C > . 95DE807C       DD kernel32.GetCurrentProcess
76A61020 > . 1A1E807C       DD kernel32.TerminateProcess
76A61024 > . E917807C       DD kernel32.GetSystemTimeAsFileTime
76A61028 > . C099807C       DD kernel32.GetCurrentProcessId
76A6102C > . D097807C       DD kernel32.GetCurrentThreadId
76A61030 > . 4A93807C       DD kernel32.GetTickCount
76A61034 > . C7A4807C       DD kernel32.QueryPerformanceCounter
76A61038 > . 21FE907C       DD ntdll.RtlGetLastWin32Error
76A6103C > . 3613817C       DD kernel32.DisableThreadLibraryCalls
76A61040 > . 16BC807C       DD kernel32.OpenFileMappingA
76A61044 > . A5B9807C       DD kernel32.MapViewOfFile
76A61048 > . 14BA807C       DD kernel32.UnmapViewOfFile
76A6104C > . 281A807C       DD kernel32.CreateFileA
76A61050 > . E79B807C       DD kernel32.CloseHandle
76A61054 > . 61AC807C       DD kernel32.GetProcessHeap
76A61058 > . 30FE907C       DD ntdll.RtlSetLastWin32Error
76A6105C > . CF99807C       DD kernel32.LocalFree
76A61060 > . 2D9A807C       DD kernel32.LocalAlloc
76A61064 > . 989C807C       DD kernel32.MultiByteToWideChar
76A61068 > . 74A1807C       DD kernel32.WideCharToMultiByte
76A6106C > . D021807C       DD kernel32.ReadProcessMemory
76A61070 > . A92A817C       DD kernel32.RaiseException
76A61074 > . D803837C       DD kernel32.SetProcessWorkingSetSize
76A61078 > . 4C21867C       DD kernel32.GetProcessWorkingSetSize
76A6107C > . A1BE807C       DD kernel32.lstrcpyA
76A61080 > . 56BE807C       DD kernel32.lstrlenA
76A61084 > . 2DFF907C       DD ntdll.RtlFreeHeap
76A61088 > . C400917C       DD ntdll.RtlAllocateHeap
76A6108C   . 00000000       DD 00000000
76A61090 > . C5AB927C       DD ntdll.RtlUnwind
76A61094 > . 4AFE907C       DD ntdll.wcslen
76A61098 > . 8249917C       DD ntdll.wcschr
76A6109C > . 642E917C       DD ntdll._stricmp
76A610A0 > . A948927C       DD ntdll.atoi
76A610A4 > . EECF907C       DD ntdll.ZwClose
76A610A8 > . 1EDE907C       DD ntdll.ZwStopProfile
76A610AC > . 0A19977C       DD ntdll._snprintf
76A610B0 > . 6FFB927C       DD ntdll.DbgPrint
76A610B4 > . E870927C       DD ntdll.RtlUnicodeToOemN
76A610B8 > . 6D9A927C       DD ntdll.RtlAdjustPrivilege
76A610BC > . BAEC907C       DD ntdll.RtlMultiByteToUnicodeN
76A610C0 > . 6ECF907C       DD ntdll.ZwAllocateVirtualMemory
76A610C4 > . 6ED1907C       DD ntdll.ZwCreateProfile
76A610C8 > . CEDC907C       DD ntdll.ZwSetIntervalProfile
76A610CC > . 0EDE907C       DD ntdll.ZwStartProfile
76A610D0 > . 7EDF907C       DD ntdll.ZwWriteFile
76A610D4 > . 9EDC907C       DD ntdll.ZwSetInformationProcess
76A610D8 > . FED7907C       DD ntdll.ZwQueryInformationProcess
76A610DC > . 7ED9907C       DD ntdll.ZwQueryVirtualMemory
76A610E0 > . 2ED9907C       DD ntdll.ZwQuerySystemInformation
76A610E4 > . 2DF6907C       DD ntdll.RtlNtStatusToDosError
76A610E8   . 00000000       DD 00000000
76A610EC   . 863BA676       DD 3ba1ea5.76A63B86                      ;  Entry address
76A610F0     00             DB 00
76A610F1     00             DB 00
76A610F2     00             DB 00
76A610F3     00             DB 00
76A610F4     AD             DB AD
76A610F5   . 5B 43 42 00    ASCII "[CB",0
76A610F9     00             DB 00
76A610FA     00             DB 00
76A610FB     00             DB 00
76A610FC     02             DB 02
76A610FD     00             DB 00
76A610FE     00             DB 00
76A610FF     00             DB 00
76A61100     22             DB 22                                    ;  CHAR '"'
76A61101     00             DB 00
76A61102     00             DB 00
76A61103     00             DB 00
76A61104     98             DB 98
76A61105     14             DB 14
76A61106     00             DB 00
76A61107     00             DB 00
76A61108     98             DB 98
76A61109     08             DB 08
76A6110A     00             DB 00
76A6110B     00             DB 00
76A6110C     00             DB 00
76A6110D     00             DB 00
76A6110E     00             DB 00
76A6110F     00             DB 00
76A61110     FF             DB FF
76A61111     FF             DB FF
76A61112     FF             DB FF
76A61113     FF             DB FF
76A61114   . 1816A676       DD 3ba1ea5.76A61618
76A61118   . 2616A676       DD 3ba1ea5.76A61626
76A6111C     FF             DB FF
76A6111D     FF             DB FF
76A6111E     FF             DB FF
76A6111F     FF             DB FF
76A61120   . 5616A676       DD 3ba1ea5.76A61656
76A61124   . 6416A676       DD 3ba1ea5.76A61664
76A61128     FF             DB FF
76A61129     FF             DB FF
76A6112A     FF             DB FF
76A6112B     FF             DB FF
76A6112C   . 611BA676       DD 3ba1ea5.76A61B61
76A61130   . 6F1BA676       DD 3ba1ea5.76A61B6F
76A61134     FF             DB FF
76A61135     FF             DB FF
76A61136     FF             DB FF
76A61137     FF             DB FF
76A61138   . 991BA676       DD 3ba1ea5.76A61B99
76A6113C   . A71BA676       DD 3ba1ea5.76A61BA7
76A61140     FF             DB FF
76A61141     FF             DB FF
76A61142     FF             DB FF
76A61143     FF             DB FF
76A61144   . EC1DA676       DD 3ba1ea5.76A61DEC
76A61148   . FA1DA676       DD 3ba1ea5.76A61DFA
76A6114C   . 70 72 6F 66 69>ASCII "profile.out",0
76A61158   . 73 74 61 72 74>ASCII "start secondary "
76A61168   . 70 72 6F 66 69>ASCII "profile %wZ fail"
76A61178   . 65 64 20 2D 20>ASCII "ed - status %lx
"
76A61188   . 00             ASCII 0
76A61189     00             DB 00
76A6118A     00             DB 00
76A6118B     00             DB 00
76A6118C   . 73 74 61 72 74>ASCII "start profile %w"
76A6119C   . 5A 20 66 61 69>ASCII "Z failed - statu"
76A611AC   . 73 20 25 6C 78>ASCII "s %lx
",0
76A611B3     00             DB 00
76A611B4   . 52 74 6C 49 6E>ASCII "RtlInitializePro"
76A611C4   . 66 69 6C 65 20>ASCII "file : secondary"
76A611D4   . 20 61 6C 6C 6F>ASCII " alloc VM failed"
76A611E4   . 20 25 6C 78 0A>ASCII " %lx
",0
76A611EA     00             DB 00
76A611EB     00             DB 00
76A611EC   . 63 72 65 61 74>ASCII "create profile %"
76A611FC   . 77 5A 20 66 61>ASCII "wZ failed - stat"
76A6120C   . 75 73 20 25 6C>ASCII "us %lx
",0
76A61214   . 52 74 6C 49 6E>ASCII "RtlInitializePro"
76A61224   . 66 69 6C 65 20>ASCII "file : alloc VM "
76A61234   . 66 61 69 6C 65>ASCII "failed %lx
",0
76A61240   . 55 6E 61 62 6C>ASCII "Unable to increa"
76A61250   . 73 65 20 71 75>ASCII "se quota privile"
76A61260   . 67 65 20 28 73>ASCII "ge (status=0x%lx"
76A61270   . 29 0A 00       ASCII ")
",0
76A61273     00             DB 00
76A61274   . 45 6E 61 62 6C>ASCII "Enable system pr"
76A61284   . 6F 66 69 6C 65>ASCII "ofile privilege "
76A61294   . 66 61 69 6C 65>ASCII "failed - status "
76A612A4   . 30 78 25 6C 78>ASCII "0x%lx
",0
76A612AB     00             DB 00
76A612AC   . 71 75 65 72 79>ASCII "query system inf"
76A612BC   . 6F 20 66 61 69>ASCII "o failed status "
76A612CC   . 2D 20 25 6C 78>ASCII "- %lx
",0
76A612D3     00             DB 00
76A612D4   . 25 64 2C 25 77>ASCII "%d,%wZ,Unknown ("
76A612E4   . 25 70 29 0A 00>ASCII "%p)
",0
76A612E9     00             DB 00
76A612EA     00             DB 00
76A612EB     00             DB 00
76A612EC   . 09             DB 09
76A612ED   . 25 70 3A 25 64>ASCII "%p:%d, %d"
76A612F6   . 2C 20 2D 2D 0A>ASCII ", --
",0
76A612FC   . 09             DB 09
76A612FD   . 25 70 3A 25 64>ASCII "%p:%d, %d"
76A61306   . 2C 20 25 32 2E>ASCII ", %2.2d.%3.3d
",0
76A61315     00             DB 00
76A61316     00             DB 00
76A61317     00             DB 00
76A61318   . 09 25 70 3A 25>ASCII "	%p:%d
",0
76A61320   . 25 64 2C 25 64>ASCII "%d,%d, -- ,%wZ,%"
76A61330   . 73 20 28 25 30>ASCII "s (%08lx)
",0
76A6133B     00             DB 00
76A6133C   . 25 64 2C 25 64>ASCII "%d,%d,%2.2d.%3.3"
76A6134C   . 64 2C 25 77 5A>ASCII "d,%wZ,%s (%08lx)"
76A6135C   . 0A 00          ASCII "
",0
76A6135E     00             DB 00
76A6135F     00             DB 00
76A61360   . 25 64 2C 25 77>ASCII "%d,%wZ,%s (%08lx"
76A61370   . 29 0A 00       ASCII ")
",0
76A61373     00             DB 00
76A61374   . 25 64 2C 25 77>ASCII "%d,%wZ,Total%s
",0
76A61384   . 20 28 4E 4F 20>ASCII " (NO SYMBOLS)",0
76A61392     00             DB 00
76A61393     00             DB 00
76A61394   . 4F 76 65 72 66>ASCII "Overflowed the m"
76A613A4   . 61 78 69 6D 75>ASCII "aximum number of"
76A613B4   . 20 6D 6F 64 75>ASCII " modules: %d
",0
76A613C2     00             DB 00
76A613C3     00             DB 00
76A613C4   . 4E 6F 20 53 79>ASCII "No Symbol Found",0
76A613D4     00             DB 00
76A613D5     00             DB 00
76A613D6     00             DB 00
76A613D7     00             DB 00
76A613D8     FF             DB FF
76A613D9     FF             DB FF
76A613DA     FF             DB FF
76A613DB     FF             DB FF
76A613DC   . 9631A676       DD 3ba1ea5.76A63196
76A613E0   . 9A31A676       DD 3ba1ea5.76A6319A
76A613E4   . 20 09 00       ASCII " 	",0
76A613E7     00             DB 00
76A613E8   . 50 72 6F 66 69>ASCII "ProfileStartupPa"
76A613F8   . 72 61 6D 65 74>ASCII "rameters",0
76A61401     00             DB 00
76A61402     00             DB 00
76A61403     00             DB 00
76A61404     00             DB 00
76A61405     00             DB 00
76A61406     00             DB 00
76A61407     00             DB 00
76A61408     FF             DB FF
76A61409     FF             DB FF
76A6140A     FF             DB FF
76A6140B     FF             DB FF
76A6140C   . 6635A676       DD 3ba1ea5.76A63566
76A61410   . 7435A676       DD 3ba1ea5.76A63574
76A61414     FF             DB FF
76A61415     FF             DB FF
76A61416     FF             DB FF
76A61417     FF             DB FF
76A61418   . 8535A676       DD 3ba1ea5.76A63585
76A6141C   . 9335A676       DD 3ba1ea5.76A63593
76A61420     FF             DB FF
76A61421     FF             DB FF
76A61422     FF             DB FF
76A61423     FF             DB FF
76A61424   . 6936A676       DD 3ba1ea5.76A63669
76A61428   . 7736A676       DD 3ba1ea5.76A63677
76A6142C   . 8050A676       DD 3ba1ea5.76A65080
76A61430   . D050A676       DD 3ba1ea5.76A650D0
76A61434     00             DB 00
76A61435     00             DB 00
76A61436     00             DB 00
76A61437     00             DB 00
76A61438     00             DB 00
76A61439     00             DB 00
76A6143A     00             DB 00
76A6143B     00             DB 00
76A6143C     00             DB 00
76A6143D     00             DB 00
76A6143E     00             DB 00
76A6143F     00             DB 00
76A61440   . 69 6D 61 67 65>ASCII "imagehlp.dll",0
76A6144D     5A             DB 5A                                    ;  CHAR 'Z'
76A6144E     00             DB 00
76A6144F     00             DB 00
76A61450     48             DB 48                                    ;  CHAR 'H'
76A61451     00             DB 00
76A61452     00             DB 00
76A61453     00             DB 00
76A61454     00             DB 00
76A61455     00             DB 00
76A61456     00             DB 00
76A61457     00             DB 00
76A61458     00             DB 00
76A61459     00             DB 00
76A6145A     00             DB 00
76A6145B     00             DB 00
76A6145C     00             DB 00
76A6145D     00             DB 00
76A6145E     00             DB 00
76A6145F     00             DB 00
76A61460     00             DB 00
76A61461     00             DB 00
76A61462     00             DB 00
76A61463     00             DB 00
76A61464     00             DB 00
76A61465     00             DB 00
76A61466     00             DB 00
76A61467     00             DB 00
76A61468     00             DB 00
76A61469     00             DB 00
76A6146A     00             DB 00
76A6146B     00             DB 00
76A6146C     00             DB 00
76A6146D     00             DB 00
76A6146E     00             DB 00
76A6146F     00             DB 00
76A61470     00             DB 00
76A61471     00             DB 00
76A61472     00             DB 00
76A61473     00             DB 00
76A61474     00             DB 00
76A61475     00             DB 00
76A61476     00             DB 00
76A61477     00             DB 00
76A61478     00             DB 00
76A61479     00             DB 00
76A6147A     00             DB 00
76A6147B     00             DB 00
76A6147C     00             DB 00
76A6147D     00             DB 00
76A6147E     00             DB 00
76A6147F     00             DB 00
76A61480     00             DB 00
76A61481     00             DB 00
76A61482     00             DB 00
76A61483     00             DB 00
76A61484     00             DB 00
76A61485     00             DB 00
76A61486     00             DB 00
76A61487     00             DB 00
76A61488     00             DB 00
76A61489     00             DB 00
76A6148A     00             DB 00
76A6148B     00             DB 00
76A6148C   . 2050A676       DD 3ba1ea5.76A65020
76A61490   . C014A676       DD 3ba1ea5.76A614C0
76A61494     02             DB 02
76A61495     00             DB 00
76A61496     00             DB 00
76A61497     00             DB 00
76A61498     52             DB 52                                    ;  CHAR 'R'
76A61499     53             DB 53                                    ;  CHAR 'S'
76A6149A     44             DB 44                                    ;  CHAR 'D'
76A6149B     53             DB 53                                    ;  CHAR 'S'
76A6149C     FD             DB FD
76A6149D     D7             DB D7
76A6149E     3C             DB 3C                                    ;  CHAR '<'
76A6149F     AF             DB AF
76A614A0     1A             DB 1A
76A614A1     F2             DB F2
76A614A2     79             DB 79                                    ;  CHAR 'y'
76A614A3     4E             DB 4E                                    ;  CHAR 'N'
76A614A4     AF             DB AF
76A614A5     DF             DB DF
76A614A6     AB             DB AB
76A614A7     0B             DB 0B
76A614A8     08             DB 08
76A614A9     9A             DB 9A
76A614AA     BB             DB BB
76A614AB     BC             DB BC
76A614AC     01             DB 01
76A614AD     00             DB 00
76A614AE     00             DB 00
76A614AF     00             DB 00
76A614B0   . 70 73 61 70 69>ASCII "psapi.pdb",0
76A614BA     00             DB 00
76A614BB     00             DB 00
76A614BC     00             DB 00
76A614BD     00             DB 00
76A614BE     00             DB 00
76A614BF     00             DB 00
76A614C0     E0             DB E0
76A614C1     3D             DB 3D                                    ;  CHAR '='
76A614C2     00             DB 00
76A614C3     00             DB 00
76A614C4   . 20 3F 00       ASCII " ?",0
76A614C7     00             DB 00
76A614C8     00             DB 00
76A614C9     00             DB 00
76A614CA     00             DB 00
76A614CB     00             DB 00
76A614CC     00             DB 00
76A614CD     00             DB 00
76A614CE     00             DB 00
76A614CF     00             DB 00
76A614D0     00             DB 00
76A614D1     00             DB 00
76A614D2     00             DB 00
76A614D3     00             DB 00
76A614D4     00             DB 00
76A614D5  Ú$ 8BFF           MOV EDI,EDI
76A614D7  ³. 55             PUSH EBP
76A614D8  ³. 8BEC           MOV EBP,ESP
76A614DA  ³. 83EC 0C        SUB ESP,0C
76A614DD  ³. 53             PUSH EBX
76A614DE  ³. 56             PUSH ESI
76A614DF  ³. 57             PUSH EDI
76A614E0  ³. 8B3D 6010A676  MOV EDI,DWORD PTR DS:[<&KERNEL32.LocalAl>;  kernel32.LocalAlloc
76A614E6  ³. B8 20050000    MOV EAX,520
76A614EB  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A614EE  ³. 50             PUSH EAX
76A614EF  ³.EB 3C          JMP SHORT 3ba1ea5.76A6152D
76A614F1  ³> 8D45 F4        ÚLEA EAX,DWORD PTR SS:[EBP-C]
76A614F4  ³. 50             ³PUSH EAX                                ; ÚpReqsize
76A614F5  ³. FF75 FC        ³PUSH DWORD PTR SS:[EBP-4]               ; ³Bufsize
76A614F8  ³. 53             ³PUSH EBX                                ; ³Buffer
76A614F9  ³. 6A 0B          ³PUSH 0B                                 ; ³InfoType = SystemModuleInfo
76A614FB  ³. FF15 E010A676  ³CALL DWORD PTR DS:[<&ntdll.NtQuerySyste>; ÀZwQuerySystemInformation
76A61501  ³. 85C0           ³TEST EAX,EAX
76A61503  ³. 8B33           ³MOV ESI,DWORD PTR DS:[EBX]
76A61505  ³. 8945 F8        ³MOV DWORD PTR SS:[EBP-8],EAX
76A61508  ³.7D 34          ³JGE SHORT 3ba1ea5.76A6153E
76A6150A  ³. 53             ³PUSH EBX                                ; ÚhMemory
76A6150B  ³. FF15 5C10A676  ³CALL DWORD PTR DS:[<&KERNEL32.LocalFree>; ÀLocalFree
76A61511  ³. B8 040000C0    ³MOV EAX,C0000004
76A61516  ³. 3945 F8        ³CMP DWORD PTR SS:[EBP-8],EAX
76A61519  ³.75 6A          ³JNZ SHORT 3ba1ea5.76A61585
76A6151B  ³. 69F6 1C010000  ³IMUL ESI,ESI,11C
76A61521  ³. 83C6 04        ³ADD ESI,4
76A61524  ³. 3B75 FC        ³CMP ESI,DWORD PTR SS:[EBP-4]
76A61527  ³.76 59          ³JBE SHORT 3ba1ea5.76A61582
76A61529  ³. 8975 FC        ³MOV DWORD PTR SS:[EBP-4],ESI
76A6152C  ³. 56             ³PUSH ESI
76A6152D  ³> 6A 00           PUSH 0
76A6152F  ³. FFD7           ³CALL EDI
76A61531  ³. 8BD8           ³MOV EBX,EAX
76A61533  ³. 85DB           ³TEST EBX,EBX
76A61535  ³.75 BA          ÀJNZ SHORT 3ba1ea5.76A614F1
76A61537  ³. 68 AA050000    PUSH 5AA
76A6153C  ³.EB 51          JMP SHORT 3ba1ea5.76A6158F
76A6153E  ³> 33C0           XOR EAX,EAX
76A61540  ³. 85F6           TEST ESI,ESI
76A61542  ³.76 15          JBE SHORT 3ba1ea5.76A61559
76A61544  ³. 8D4B 0C        LEA ECX,DWORD PTR DS:[EBX+C]
76A61547  ³> 8B11           ÚMOV EDX,DWORD PTR DS:[ECX]
76A61549  ³. 3B55 08        ³CMP EDX,DWORD PTR SS:[EBP+8]
76A6154C  ³.74 16          ³JE SHORT 3ba1ea5.76A61564
76A6154E  ³. 40             ³INC EAX
76A6154F  ³. 81C1 1C010000  ³ADD ECX,11C
76A61555  ³. 3BC6           ³CMP EAX,ESI
76A61557  ³.72 EE          ÀJB SHORT 3ba1ea5.76A61547
76A61559  ³> 53             PUSH EBX                                 ; ÚhMemory
76A6155A  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61560  ³. 6A 06          PUSH 6
76A61562  ³.EB 2B          JMP SHORT 3ba1ea5.76A6158F
76A61564  ³> 8B7D 0C        MOV EDI,DWORD PTR SS:[EBP+C]
76A61567  ³. 69C0 1C010000  IMUL EAX,EAX,11C
76A6156D  ³. 6A 47          PUSH 47
76A6156F  ³. 59             POP ECX
76A61570  ³. 8D7418 04      LEA ESI,DWORD PTR DS:[EAX+EBX+4]
76A61574  ³. 53             PUSH EBX                                 ; ÚhMemory
76A61575  ³. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>; ³
76A61577  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A6157D  ³. 33C0           XOR EAX,EAX
76A6157F  ³. 40             INC EAX
76A61580  ³.EB 15          JMP SHORT 3ba1ea5.76A61597
76A61582  ³> 50             PUSH EAX
76A61583  ³.EB 03          JMP SHORT 3ba1ea5.76A61588
76A61585  ³> FF75 F8        PUSH DWORD PTR SS:[EBP-8]
76A61588  ³> FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A6158E  ³. 50             PUSH EAX                                 ; ÚError
76A6158F  ³> FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61595  ³. 33C0           XOR EAX,EAX
76A61597  ³> 5F             POP EDI
76A61598  ³. 5E             POP ESI
76A61599  ³. 5B             POP EBX
76A6159A  ³. C9             LEAVE
76A6159B  À. C2 0800        RETN 8
76A6159E     CC             INT3
76A6159F     CC             INT3
76A615A0     CC             INT3
76A615A1     CC             INT3
76A615A2     CC             INT3
76A615A3 > $ 6A 1C          PUSH 1C
76A615A5   . 68 1011A676    PUSH 3ba1ea5.76A61110
76A615AA   . E8 69270000    CALL 3ba1ea5.76A63D18
76A615AF   . BB 20050000    MOV EBX,520
76A615B4   > 53             PUSH EBX                                 ; ÚSize
76A615B5   . 6A 00          PUSH 0                                   ; ³Flags = LMEM_FIXED
76A615B7   . FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A615BD   . 8BF0           MOV ESI,EAX
76A615BF   . 8975 E4        MOV DWORD PTR SS:[EBP-1C],ESI
76A615C2   . 85F6           TEST ESI,ESI
76A615C4   .75 0A          JNZ SHORT 3ba1ea5.76A615D0
76A615C6   . 68 AA050000    PUSH 5AA
76A615CB   .E9 E8000000    JMP 3ba1ea5.76A616B8
76A615D0   > 8D45 D4        LEA EAX,DWORD PTR SS:[EBP-2C]
76A615D3   . 50             PUSH EAX                                 ; ÚpReqsize
76A615D4   . 53             PUSH EBX                                 ; ³Bufsize
76A615D5   . 56             PUSH ESI                                 ; ³Buffer
76A615D6   . 6A 0B          PUSH 0B                                  ; ³InfoType = SystemModuleInfo
76A615D8   . FF15 E010A676  CALL DWORD PTR DS:[<&ntdll.NtQuerySystem>; ÀZwQuerySystemInformation
76A615DE   . 8945 E0        MOV DWORD PTR SS:[EBP-20],EAX
76A615E1   . 8B3E           MOV EDI,DWORD PTR DS:[ESI]
76A615E3   . 85C0           TEST EAX,EAX
76A615E5   .0F8C 9B000000  JL 3ba1ea5.76A61686
76A615EB   . 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]
76A615EE   . C1E8 02        SHR EAX,2
76A615F1   . 33C9           XOR ECX,ECX
76A615F3   > 3BCF           CMP ECX,EDI
76A615F5   .73 40          JNB SHORT 3ba1ea5.76A61637
76A615F7   . 3BC8           CMP ECX,EAX
76A615F9   .74 3C          JE SHORT 3ba1ea5.76A61637
76A615FB   . 8365 FC 00     AND DWORD PTR SS:[EBP-4],0
76A615FF   . 8BD1           MOV EDX,ECX
76A61601   . 69D2 1C010000  IMUL EDX,EDX,11C
76A61607   . 8B5432 0C      MOV EDX,DWORD PTR DS:[EDX+ESI+C]
76A6160B   . 8B5D 08        MOV EBX,DWORD PTR SS:[EBP+8]
76A6160E   . 89148B         MOV DWORD PTR DS:[EBX+ECX*4],EDX
76A61611   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61615   . 41             INC ECX
76A61616   .EB DB          JMP SHORT 3ba1ea5.76A615F3
76A61618   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-14]
76A6161B   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A6161D   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A6161F   . 8945 DC        MOV DWORD PTR SS:[EBP-24],EAX
76A61622   . 33C0           XOR EAX,EAX
76A61624   . 40             INC EAX
76A61625   . C3             RETN
76A61626   . 8B65 E8        MOV ESP,DWORD PTR SS:[EBP-18]
76A61629   . FF75 E4        PUSH DWORD PTR SS:[EBP-1C]               ; ÚhMemory
76A6162C   . FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61632   . FF75 DC        PUSH DWORD PTR SS:[EBP-24]
76A61635   .EB 3C          JMP SHORT 3ba1ea5.76A61673
76A61637   > 33DB           XOR EBX,EBX
76A61639   . 43             INC EBX
76A6163A   . 895D FC        MOV DWORD PTR SS:[EBP-4],EBX
76A6163D   . 8BC7           MOV EAX,EDI
76A6163F   . C1E0 02        SHL EAX,2
76A61642   . 8B4D 10        MOV ECX,DWORD PTR SS:[EBP+10]
76A61645   . 8901           MOV DWORD PTR DS:[ECX],EAX
76A61647   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A6164B   . 56             PUSH ESI                                 ; ÚhMemory
76A6164C   . FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61652   . 8BC3           MOV EAX,EBX
76A61654   .EB 6A          JMP SHORT 3ba1ea5.76A616C0
76A61656   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-14]
76A61659   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A6165B   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A6165D   . 8945 D8        MOV DWORD PTR SS:[EBP-28],EAX
76A61660   . 33C0           XOR EAX,EAX
76A61662   . 40             INC EAX
76A61663   . C3             RETN
76A61664   . 8B65 E8        MOV ESP,DWORD PTR SS:[EBP-18]
76A61667   . FF75 E4        PUSH DWORD PTR SS:[EBP-1C]               ; ÚhMemory
76A6166A   . FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61670   . FF75 D8        PUSH DWORD PTR SS:[EBP-28]
76A61673   > FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A61679   . 50             PUSH EAX                                 ; ÚError
76A6167A   . FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61680   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61684   .EB 38          JMP SHORT 3ba1ea5.76A616BE
76A61686   > 56             PUSH ESI                                 ; ÚhMemory
76A61687   . FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A6168D   . B8 040000C0    MOV EAX,C0000004
76A61692   . 3945 E0        CMP DWORD PTR SS:[EBP-20],EAX
76A61695   .75 17          JNZ SHORT 3ba1ea5.76A616AE
76A61697   . 69FF 1C010000  IMUL EDI,EDI,11C
76A6169D   . 83C7 04        ADD EDI,4
76A616A0   . 3BFB           CMP EDI,EBX
76A616A2   .77 03          JA SHORT 3ba1ea5.76A616A7
76A616A4   . 50             PUSH EAX
76A616A5   .EB 0A          JMP SHORT 3ba1ea5.76A616B1
76A616A7   > 8BDF           MOV EBX,EDI
76A616A9   .E9 06FFFFFF    JMP 3ba1ea5.76A615B4
76A616AE   > FF75 E0        PUSH DWORD PTR SS:[EBP-20]
76A616B1   > FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A616B7   . 50             PUSH EAX                                 ; ÚError
76A616B8   > FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A616BE   > 33C0           XOR EAX,EAX
76A616C0   > E8 8E260000    CALL 3ba1ea5.76A63D53
76A616C5   . C2 0C00        RETN 0C
76A616C8     CC             INT3
76A616C9     CC             INT3
76A616CA     CC             INT3
76A616CB     CC             INT3
76A616CC     CC             INT3
76A616CD >Ú$ 8BFF           MOV EDI,EDI
76A616CF  ³. 55             PUSH EBP
76A616D0  ³. 8BEC           MOV EBP,ESP
76A616D2  ³. 81EC 20010000  SUB ESP,120
76A616D8  ³. A1 2050A676    MOV EAX,DWORD PTR DS:[76A65020]
76A616DD  ³. 57             PUSH EDI
76A616DE  ³. 8B7D 0C        MOV EDI,DWORD PTR SS:[EBP+C]
76A616E1  ³. 8D8D E0FEFFFF  LEA ECX,DWORD PTR SS:[EBP-120]
76A616E7  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A616EA  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A616ED  ³. 51             PUSH ECX                                 ; ÚArg2
76A616EE  ³. 50             PUSH EAX                                 ; ³Arg1
76A616EF  ³. E8 E1FDFFFF    CALL 3ba1ea5.76A614D5                    ; À3ba1ea5.76A614D5
76A616F4  ³. 85C0           TEST EAX,EAX
76A616F6  ³.74 3E          JE SHORT 3ba1ea5.76A61736
76A616F8  ³. 8D85 FCFEFFFF  LEA EAX,DWORD PTR SS:[EBP-104]
76A616FE  ³. 8D48 01        LEA ECX,DWORD PTR DS:[EAX+1]
76A61701  ³> 8A10           ÚMOV DL,BYTE PTR DS:[EAX]
76A61703  ³. 40             ³INC EAX
76A61704  ³. 84D2           ³TEST DL,DL
76A61706  ³.75 F9          ÀJNZ SHORT 3ba1ea5.76A61701
76A61708  ³. 2BC1           SUB EAX,ECX
76A6170A  ³. 8D50 01        LEA EDX,DWORD PTR DS:[EAX+1]
76A6170D  ³. 3955 10        CMP DWORD PTR SS:[EBP+10],EDX
76A61710  ³. 8BC2           MOV EAX,EDX
76A61712  ³.73 03          JNB SHORT 3ba1ea5.76A61717
76A61714  ³. 8B45 10        MOV EAX,DWORD PTR SS:[EBP+10]
76A61717  ³> 53             PUSH EBX
76A61718  ³. 56             PUSH ESI
76A61719  ³. 8BC8           MOV ECX,EAX
76A6171B  ³. 8BD9           MOV EBX,ECX
76A6171D  ³. C1E9 02        SHR ECX,2
76A61720  ³. 8DB5 FCFEFFFF  LEA ESI,DWORD PTR SS:[EBP-104]
76A61726  ³. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
76A61728  ³. 8BCB           MOV ECX,EBX
76A6172A  ³. 83E1 03        AND ECX,3
76A6172D  ³. 3BC2           CMP EAX,EDX
76A6172F  ³. F3:A4          REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
76A61731  ³. 5E             POP ESI
76A61732  ³. 5B             POP EBX
76A61733  ³.75 01          JNZ SHORT 3ba1ea5.76A61736
76A61735  ³. 48             DEC EAX
76A61736  ³> 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
76A61739  ³. 5F             POP EDI
76A6173A  ³. E8 BA240000    CALL 3ba1ea5.76A63BF9
76A6173F  ³. C9             LEAVE
76A61740  À. C2 0C00        RETN 0C
76A61743     CC             INT3
76A61744     CC             INT3
76A61745     CC             INT3
76A61746     CC             INT3
76A61747     CC             INT3
76A61748 >Ú$ 8BFF           MOV EDI,EDI
76A6174A  ³. 55             PUSH EBP
76A6174B  ³. 8BEC           MOV EBP,ESP
76A6174D  ³. 81EC 20010000  SUB ESP,120
76A61753  ³. A1 2050A676    MOV EAX,DWORD PTR DS:[76A65020]
76A61758  ³. 57             PUSH EDI
76A61759  ³. 8B7D 0C        MOV EDI,DWORD PTR SS:[EBP+C]
76A6175C  ³. 8D8D E0FEFFFF  LEA ECX,DWORD PTR SS:[EBP-120]
76A61762  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A61765  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A61768  ³. 51             PUSH ECX                                 ; ÚArg2
76A61769  ³. 50             PUSH EAX                                 ; ³Arg1
76A6176A  ³. E8 66FDFFFF    CALL 3ba1ea5.76A614D5                    ; À3ba1ea5.76A614D5
76A6176F  ³. 85C0           TEST EAX,EAX
76A61771  ³.74 42          JE SHORT 3ba1ea5.76A617B5
76A61773  ³. 53             PUSH EBX
76A61774  ³. 56             PUSH ESI
76A61775  ³. 0FB7B5 FAFEFFF>MOVZX ESI,WORD PTR SS:[EBP-106]
76A6177C  ³. 8DB435 FCFEFFF>LEA ESI,DWORD PTR SS:[EBP+ESI-104]
76A61783  ³. 8BC6           MOV EAX,ESI
76A61785  ³. 8D48 01        LEA ECX,DWORD PTR DS:[EAX+1]
76A61788  ³> 8A10           ÚMOV DL,BYTE PTR DS:[EAX]
76A6178A  ³. 40             ³INC EAX
76A6178B  ³. 84D2           ³TEST DL,DL
76A6178D  ³.75 F9          ÀJNZ SHORT 3ba1ea5.76A61788
76A6178F  ³. 2BC1           SUB EAX,ECX
76A61791  ³. 8D50 01        LEA EDX,DWORD PTR DS:[EAX+1]
76A61794  ³. 3955 10        CMP DWORD PTR SS:[EBP+10],EDX
76A61797  ³. 8BC2           MOV EAX,EDX
76A61799  ³.73 03          JNB SHORT 3ba1ea5.76A6179E
76A6179B  ³. 8B45 10        MOV EAX,DWORD PTR SS:[EBP+10]
76A6179E  ³> 8BC8           MOV ECX,EAX
76A617A0  ³. 8BD9           MOV EBX,ECX
76A617A2  ³. C1E9 02        SHR ECX,2
76A617A5  ³. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
76A617A7  ³. 8BCB           MOV ECX,EBX
76A617A9  ³. 83E1 03        AND ECX,3
76A617AC  ³. 3BC2           CMP EAX,EDX
76A617AE  ³. F3:A4          REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
76A617B0  ³. 5E             POP ESI
76A617B1  ³. 5B             POP EBX
76A617B2  ³.75 01          JNZ SHORT 3ba1ea5.76A617B5
76A617B4  ³. 48             DEC EAX
76A617B5  ³> 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
76A617B8  ³. 5F             POP EDI
76A617B9  ³. E8 3B240000    CALL 3ba1ea5.76A63BF9
76A617BE  ³. C9             LEAVE
76A617BF  À. C2 0C00        RETN 0C
76A617C2     CC             INT3
76A617C3     CC             INT3
76A617C4     CC             INT3
76A617C5     CC             INT3
76A617C6     CC             INT3
76A617C7 >   8BFF           MOV EDI,EDI
76A617C9  Ú. 55             PUSH EBP
76A617CA  ³. 8BEC           MOV EBP,ESP
76A617CC  ³. 53             PUSH EBX
76A617CD  ³. 57             PUSH EDI
76A617CE  ³. 8B7D 10        MOV EDI,DWORD PTR SS:[EBP+10]
76A617D1  ³. 57             PUSH EDI                                 ; ÚSize
76A617D2  ³. 6A 00          PUSH 0                                   ; ³Flags = LMEM_FIXED
76A617D4  ³. FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A617DA  ³. 8BD8           MOV EBX,EAX
76A617DC  ³. 85DB           TEST EBX,EBX
76A617DE  ³.74 38          JE SHORT 3ba1ea5.76A61818
76A617E0  ³. 56             PUSH ESI
76A617E1  ³. 57             PUSH EDI                                 ; ÚArg3
76A617E2  ³. 53             PUSH EBX                                 ; ³Arg2
76A617E3  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A617E6  ³. E8 E2FEFFFF    CALL 3ba1ea5.GetDeviceDriverFileNameA    ; ÀGetDeviceDriverFileNameA
76A617EB  ³. 8BF0           MOV ESI,EAX
76A617ED  ³. 85F6           TEST ESI,ESI
76A617EF  ³.74 1B          JE SHORT 3ba1ea5.76A6180C
76A617F1  ³. 3BF7           CMP ESI,EDI
76A617F3  ³.73 03          JNB SHORT 3ba1ea5.76A617F8
76A617F5  ³. 8D46 01        LEA EAX,DWORD PTR DS:[ESI+1]
76A617F8  ³> 57             PUSH EDI                                 ; ÚWideBufSize
76A617F9  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³WideCharBuf
76A617FC  ³. 50             PUSH EAX                                 ; ³StringSize
76A617FD  ³. 53             PUSH EBX                                 ; ³StringToMap
76A617FE  ³. 6A 00          PUSH 0                                   ; ³Options = 0
76A61800  ³. 6A 00          PUSH 0                                   ; ³CodePage = CP_ACP
76A61802  ³. FF15 6410A676  CALL DWORD PTR DS:[<&KERNEL32.MultiByteT>; ÀMultiByteToWideChar
76A61808  ³. 85C0           TEST EAX,EAX
76A6180A  ³.75 02          JNZ SHORT 3ba1ea5.76A6180E
76A6180C  ³> 33F6           XOR ESI,ESI
76A6180E  ³> 53             PUSH EBX                                 ; ÚhMemory
76A6180F  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61815  ³. 8BC6           MOV EAX,ESI
76A61817  ³. 5E             POP ESI
76A61818  ³> 5F             POP EDI
76A61819  ³. 5B             POP EBX
76A6181A  ³. 5D             POP EBP
76A6181B  À. C2 0C00        RETN 0C
76A6181E     CC             INT3
76A6181F     CC             INT3
76A61820     CC             INT3
76A61821     CC             INT3
76A61822     CC             INT3
76A61823 >   8BFF           MOV EDI,EDI
76A61825  Ú. 55             PUSH EBP
76A61826  ³. 8BEC           MOV EBP,ESP
76A61828  ³. 53             PUSH EBX
76A61829  ³. 57             PUSH EDI
76A6182A  ³. 8B7D 10        MOV EDI,DWORD PTR SS:[EBP+10]
76A6182D  ³. 57             PUSH EDI                                 ; ÚSize
76A6182E  ³. 6A 00          PUSH 0                                   ; ³Flags = LMEM_FIXED
76A61830  ³. FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A61836  ³. 8BD8           MOV EBX,EAX
76A61838  ³. 85DB           TEST EBX,EBX
76A6183A  ³.74 38          JE SHORT 3ba1ea5.76A61874
76A6183C  ³. 56             PUSH ESI
76A6183D  ³. 57             PUSH EDI                                 ; ÚArg3
76A6183E  ³. 53             PUSH EBX                                 ; ³Arg2
76A6183F  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A61842  ³. E8 01FFFFFF    CALL 3ba1ea5.GetDeviceDriverBaseNameA    ; ÀGetDeviceDriverBaseNameA
76A61847  ³. 8BF0           MOV ESI,EAX
76A61849  ³. 85F6           TEST ESI,ESI
76A6184B  ³.74 1B          JE SHORT 3ba1ea5.76A61868
76A6184D  ³. 3BF7           CMP ESI,EDI
76A6184F  ³.73 03          JNB SHORT 3ba1ea5.76A61854
76A61851  ³. 8D46 01        LEA EAX,DWORD PTR DS:[ESI+1]
76A61854  ³> 57             PUSH EDI                                 ; ÚWideBufSize
76A61855  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³WideCharBuf
76A61858  ³. 50             PUSH EAX                                 ; ³StringSize
76A61859  ³. 53             PUSH EBX                                 ; ³StringToMap
76A6185A  ³. 6A 00          PUSH 0                                   ; ³Options = 0
76A6185C  ³. 6A 00          PUSH 0                                   ; ³CodePage = CP_ACP
76A6185E  ³. FF15 6410A676  CALL DWORD PTR DS:[<&KERNEL32.MultiByteT>; ÀMultiByteToWideChar
76A61864  ³. 85C0           TEST EAX,EAX
76A61866  ³.75 02          JNZ SHORT 3ba1ea5.76A6186A
76A61868  ³> 33F6           XOR ESI,ESI
76A6186A  ³> 53             PUSH EBX                                 ; ÚhMemory
76A6186B  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61871  ³. 8BC6           MOV EAX,ESI
76A61873  ³. 5E             POP ESI
76A61874  ³> 5F             POP EDI
76A61875  ³. 5B             POP EBX
76A61876  ³. 5D             POP EBP
76A61877  À. C2 0C00        RETN 0C
76A6187A     CC             INT3
76A6187B     CC             INT3
76A6187C     CC             INT3
76A6187D     CC             INT3
76A6187E     CC             INT3
76A6187F >Ú$ 8BFF           MOV EDI,EDI
76A61881  ³. 55             PUSH EBP
76A61882  ³. 8BEC           MOV EBP,ESP
76A61884  ³. 81EC 1C020000  SUB ESP,21C
76A6188A  ³. A1 2050A676    MOV EAX,DWORD PTR DS:[76A65020]
76A6188F  ³. 8B55 10        MOV EDX,DWORD PTR SS:[EBP+10]
76A61892  ³. 8B4D 0C        MOV ECX,DWORD PTR SS:[EBP+C]
76A61895  ³. 57             PUSH EDI
76A61896  ³. 8B7D 14        MOV EDI,DWORD PTR SS:[EBP+14]
76A61899  ³. 85FF           TEST EDI,EDI
76A6189B  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A6189E  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A618A1  ³. 8995 E8FDFFFF  MOV DWORD PTR SS:[EBP-218],EDX
76A618A7  ³.75 04          JNZ SHORT 3ba1ea5.76A618AD
76A618A9  ³. 6A 7A          PUSH 7A
76A618AB  ³.EB 29          JMP SHORT 3ba1ea5.76A618D6
76A618AD  ³> 8D95 E4FDFFFF  LEA EDX,DWORD PTR SS:[EBP-21C]
76A618B3  ³. 52             PUSH EDX
76A618B4  ³. 68 10020000    PUSH 210
76A618B9  ³. 8D95 ECFDFFFF  LEA EDX,DWORD PTR SS:[EBP-214]
76A618BF  ³. 52             PUSH EDX
76A618C0  ³. 6A 02          PUSH 2
76A618C2  ³. 51             PUSH ECX
76A618C3  ³. 50             PUSH EAX
76A618C4  ³. FF15 DC10A676  CALL DWORD PTR DS:[<&ntdll.NtQueryVirtua>;  ntdll.ZwQueryVirtualMemory
76A618CA  ³. 85C0           TEST EAX,EAX
76A618CC  ³.7D 12          JGE SHORT 3ba1ea5.76A618E0
76A618CE  ³. 50             PUSH EAX
76A618CF  ³. FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A618D5  ³. 50             PUSH EAX                                 ; ÚError
76A618D6  ³> FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A618DC  ³. 33C0           XOR EAX,EAX
76A618DE  ³.EB 53          JMP SHORT 3ba1ea5.76A61933
76A618E0  ³> 53             PUSH EBX
76A618E1  ³. 0FB79D ECFDFFF>MOVZX EBX,WORD PTR SS:[EBP-214]
76A618E8  ³. D1EB           SHR EBX,1
76A618EA  ³. 8D43 01        LEA EAX,DWORD PTR DS:[EBX+1]
76A618ED  ³. 3BF8           CMP EDI,EAX
76A618EF  ³. 56             PUSH ESI
76A618F0  ³. 8BF3           MOV ESI,EBX
76A618F2  ³.73 09          JNB SHORT 3ba1ea5.76A618FD
76A618F4  ³. 8D77 FF        LEA ESI,DWORD PTR DS:[EDI-1]
76A618F7  ³. 8BDF           MOV EBX,EDI
76A618F9  ³. 6A 7A          PUSH 7A
76A618FB  ³.EB 02          JMP SHORT 3ba1ea5.76A618FF
76A618FD  ³> 6A 00          PUSH 0                                   ; ÚError = ERROR_SUCCESS
76A618FF  ³> FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61905  ³. 8BBD E8FDFFFF  MOV EDI,DWORD PTR SS:[EBP-218]
76A6190B  ³. 8D0436         LEA EAX,DWORD PTR DS:[ESI+ESI]
76A6190E  ³. 8BB5 F0FDFFFF  MOV ESI,DWORD PTR SS:[EBP-210]
76A61914  ³. 8BC8           MOV ECX,EAX
76A61916  ³. 8BD1           MOV EDX,ECX
76A61918  ³. C1E9 02        SHR ECX,2
76A6191B  ³. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
76A6191D  ³. 8BCA           MOV ECX,EDX
76A6191F  ³. 83E1 03        AND ECX,3
76A61922  ³. F3:A4          REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
76A61924  ³. 8B8D E8FDFFFF  MOV ECX,DWORD PTR SS:[EBP-218]
76A6192A  ³. 66:832408 00   AND WORD PTR DS:[EAX+ECX],0
76A6192F  ³. 5E             POP ESI
76A61930  ³. 8BC3           MOV EAX,EBX
76A61932  ³. 5B             POP EBX
76A61933  ³> 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
76A61936  ³. 5F             POP EDI
76A61937  ³. E8 BD220000    CALL 3ba1ea5.76A63BF9
76A6193C  ³. C9             LEAVE
76A6193D  À. C2 1000        RETN 10
76A61940     CC             INT3
76A61941     CC             INT3
76A61942     CC             INT3
76A61943     CC             INT3
76A61944     CC             INT3
76A61945 >   8BFF           MOV EDI,EDI
76A61947  Ú. 55             PUSH EBP
76A61948  ³. 8BEC           MOV EBP,ESP
76A6194A  ³. 53             PUSH EBX
76A6194B  ³. 56             PUSH ESI
76A6194C  ³. 8B75 14        MOV ESI,DWORD PTR SS:[EBP+14]
76A6194F  ³. 57             PUSH EDI
76A61950  ³. 8D0436         LEA EAX,DWORD PTR DS:[ESI+ESI]
76A61953  ³. 50             PUSH EAX                                 ; ÚSize
76A61954  ³. 33FF           XOR EDI,EDI                              ; ³
76A61956  ³. 57             PUSH EDI                                 ; ³Flags => LMEM_FIXED
76A61957  ³. FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A6195D  ³. 8BD8           MOV EBX,EAX
76A6195F  ³. 3BDF           CMP EBX,EDI
76A61961  ³.75 04          JNZ SHORT 3ba1ea5.76A61967
76A61963  ³. 33C0           XOR EAX,EAX
76A61965  ³.EB 36          JMP SHORT 3ba1ea5.76A6199D
76A61967  ³> 56             PUSH ESI                                 ; ÚArg4
76A61968  ³. 53             PUSH EBX                                 ; ³Arg3
76A61969  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³Arg2
76A6196C  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A6196F  ³. E8 0BFFFFFF    CALL 3ba1ea5.GetMappedFileNameW          ; ÀGetMappedFileNameW
76A61974  ³. 3BC6           CMP EAX,ESI
76A61976  ³. 8945 14        MOV DWORD PTR SS:[EBP+14],EAX
76A61979  ³.73 01          JNB SHORT 3ba1ea5.76A6197C
76A6197B  ³. 40             INC EAX
76A6197C  ³> 57             PUSH EDI                                 ; ÚpDefaultCharUsed
76A6197D  ³. 57             PUSH EDI                                 ; ³pDefaultChar
76A6197E  ³. 56             PUSH ESI                                 ; ³MultiByteCount
76A6197F  ³. FF75 10        PUSH DWORD PTR SS:[EBP+10]               ; ³MultiByteStr
76A61982  ³. 50             PUSH EAX                                 ; ³WideCharCount
76A61983  ³. 53             PUSH EBX                                 ; ³WideCharStr
76A61984  ³. 57             PUSH EDI                                 ; ³Options
76A61985  ³. 57             PUSH EDI                                 ; ³CodePage
76A61986  ³. FF15 6810A676  CALL DWORD PTR DS:[<&KERNEL32.WideCharTo>; ÀWideCharToMultiByte
76A6198C  ³. 85C0           TEST EAX,EAX
76A6198E  ³.75 03          JNZ SHORT 3ba1ea5.76A61993
76A61990  ³. 897D 14        MOV DWORD PTR SS:[EBP+14],EDI
76A61993  ³> 53             PUSH EBX                                 ; ÚhMemory
76A61994  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A6199A  ³. 8B45 14        MOV EAX,DWORD PTR SS:[EBP+14]
76A6199D  ³> 5F             POP EDI
76A6199E  ³. 5E             POP ESI
76A6199F  ³. 5B             POP EBX
76A619A0  ³. 5D             POP EBP
76A619A1  À. C2 1000        RETN 10
76A619A4     CC             INT3
76A619A5     CC             INT3
76A619A6     CC             INT3
76A619A7     CC             INT3
76A619A8     CC             INT3
76A619A9  Ú$ 8BFF           MOV EDI,EDI
76A619AB  ³. 55             PUSH EBP
76A619AC  ³. 8BEC           MOV EBP,ESP
76A619AE  ³. 83EC 24        SUB ESP,24
76A619B1  ³. 57             PUSH EDI
76A619B2  ³. 33FF           XOR EDI,EDI
76A619B4  ³. 57             PUSH EDI                                 ; ÚpReqsize => NULL
76A619B5  ³. 6A 18          PUSH 18                                  ; ³Bufsize = 18 (24.)
76A619B7  ³. 8D45 DC        LEA EAX,DWORD PTR SS:[EBP-24]            ; ³
76A619BA  ³. 50             PUSH EAX                                 ; ³Buffer
76A619BB  ³. 57             PUSH EDI                                 ; ³InfoClass => 0
76A619BC  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A619BF  ³. FF15 D810A676  CALL DWORD PTR DS:[<&ntdll.NtQueryInform>; ÀZwQueryInformationProcess
76A619C5  ³. 3BC7           CMP EAX,EDI
76A619C7  ³.7D 15          JGE SHORT 3ba1ea5.76A619DE
76A619C9  ³. 50             PUSH EAX
76A619CA  ³. FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A619D0  ³. 50             PUSH EAX                                 ; ÚError
76A619D1  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A619D7  ³. 33C0           XOR EAX,EAX
76A619D9  ³.E9 9D000000    JMP 3ba1ea5.76A61A7B
76A619DE  ³> 397D 0C        CMP DWORD PTR SS:[EBP+C],EDI
76A619E1  ³. 8B45 E0        MOV EAX,DWORD PTR SS:[EBP-20]
76A619E4  ³. 53             PUSH EBX
76A619E5  ³. 56             PUSH ESI
76A619E6  ³. 8B35 6C10A676  MOV ESI,DWORD PTR DS:[<&KERNEL32.ReadPro>;  kernel32.ReadProcessMemory
76A619EC  ³. 8BD8           MOV EBX,EAX
76A619EE  ³.75 14          JNZ SHORT 3ba1ea5.76A61A04
76A619F0  ³. 57             PUSH EDI                                 ; ÚpBytesRead
76A619F1  ³. 6A 04          PUSH 4                                   ; ³BytesToRead = 4
76A619F3  ³. 8D4D 0C        LEA ECX,DWORD PTR SS:[EBP+C]             ; ³
76A619F6  ³. 51             PUSH ECX                                 ; ³Buffer
76A619F7  ³. 83C0 08        ADD EAX,8                                ; ³
76A619FA  ³. 50             PUSH EAX                                 ; ³pBaseAddress
76A619FB  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A619FE  ³. FFD6           CALL ESI                                 ; ÀReadProcessMemory
76A61A00  ³. 85C0           TEST EAX,EAX
76A61A02  ³.74 73          JE SHORT 3ba1ea5.76A61A77
76A61A04  ³> 57             PUSH EDI
76A61A05  ³. 6A 04          PUSH 4
76A61A07  ³. 8D45 F4        LEA EAX,DWORD PTR SS:[EBP-C]
76A61A0A  ³. 50             PUSH EAX
76A61A0B  ³. 83C3 0C        ADD EBX,0C
76A61A0E  ³. 53             PUSH EBX
76A61A0F  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A61A12  ³. FFD6           CALL ESI
76A61A14  ³. 85C0           TEST EAX,EAX
76A61A16  ³.74 5F          JE SHORT 3ba1ea5.76A61A77
76A61A18  ³. 8B45 F4        MOV EAX,DWORD PTR SS:[EBP-C]
76A61A1B  ³. 3BC7           CMP EAX,EDI
76A61A1D  ³.74 50          JE SHORT 3ba1ea5.76A61A6F
76A61A1F  ³. 57             PUSH EDI
76A61A20  ³. 8D58 14        LEA EBX,DWORD PTR DS:[EAX+14]
76A61A23  ³. 6A 04          PUSH 4
76A61A25  ³. 8D45 F8        LEA EAX,DWORD PTR SS:[EBP-8]
76A61A28  ³. 50             PUSH EAX
76A61A29  ³. 53             PUSH EBX
76A61A2A  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A61A2D  ³. FFD6           CALL ESI
76A61A2F  ³. 85C0           TEST EAX,EAX
76A61A31  ³.74 44          JE SHORT 3ba1ea5.76A61A77
76A61A33  ³. 8B45 F8        MOV EAX,DWORD PTR SS:[EBP-8]
76A61A36  ³. 897D FC        MOV DWORD PTR SS:[EBP-4],EDI
76A61A39  ³.EB 30          JMP SHORT 3ba1ea5.76A61A6B
76A61A3B  ³> 57             ÚPUSH EDI
76A61A3C  ³. 6A 50          ³PUSH 50
76A61A3E  ³. FF75 10        ³PUSH DWORD PTR SS:[EBP+10]
76A61A41  ³. 83C0 F8        ³ADD EAX,-8
76A61A44  ³. 50             ³PUSH EAX
76A61A45  ³. FF75 08        ³PUSH DWORD PTR SS:[EBP+8]
76A61A48  ³. FFD6           ³CALL ESI
76A61A4A  ³. 85C0           ³TEST EAX,EAX
76A61A4C  ³.74 29          ³JE SHORT 3ba1ea5.76A61A77
76A61A4E  ³. 8B45 10        ³MOV EAX,DWORD PTR SS:[EBP+10]
76A61A51  ³. 8B48 18        ³MOV ECX,DWORD PTR DS:[EAX+18]
76A61A54  ³. 3B4D 0C        ³CMP ECX,DWORD PTR SS:[EBP+C]
76A61A57  ³.74 27          ³JE SHORT 3ba1ea5.76A61A80
76A61A59  ³. FF45 FC        ³INC DWORD PTR SS:[EBP-4]
76A61A5C  ³. 817D FC 102700>³CMP DWORD PTR SS:[EBP-4],2710
76A61A63  ³. 8B40 08        ³MOV EAX,DWORD PTR DS:[EAX+8]
76A61A66  ³. 8945 F8        ³MOV DWORD PTR SS:[EBP-8],EAX
76A61A69  ³.77 04          ³JA SHORT 3ba1ea5.76A61A6F
76A61A6B  ³> 3BC3            CMP EAX,EBX
76A61A6D  ³.75 CC          ÀJNZ SHORT 3ba1ea5.76A61A3B
76A61A6F  ³> 6A 06          PUSH 6                                   ; ÚError = ERROR_INVALID_HANDLE
76A61A71  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61A77  ³> 33C0           XOR EAX,EAX
76A61A79  ³> 5E             POP ESI
76A61A7A  ³. 5B             POP EBX
76A61A7B  ³> 5F             POP EDI
76A61A7C  ³. C9             LEAVE
76A61A7D  ³. C2 0C00        RETN 0C
76A61A80  ³> 33C0           XOR EAX,EAX
76A61A82  ³. 40             INC EAX
76A61A83  À.EB F4          JMP SHORT 3ba1ea5.76A61A79
76A61A85     CC             INT3
76A61A86     CC             INT3
76A61A87     CC             INT3
76A61A88     CC             INT3
76A61A89     CC             INT3
76A61A8A > $ 68 88000000    PUSH 88
76A61A8F   . 68 2811A676    PUSH 3ba1ea5.76A61128
76A61A94   . E8 7F220000    CALL 3ba1ea5.76A63D18
76A61A99   . 33DB           XOR EBX,EBX
76A61A9B   . 53             PUSH EBX                                 ; ÚpReqsize => NULL
76A61A9C   . 6A 18          PUSH 18                                  ; ³Bufsize = 18 (24.)
76A61A9E   . 8D45 B8        LEA EAX,DWORD PTR SS:[EBP-48]            ; ³
76A61AA1   . 50             PUSH EAX                                 ; ³Buffer
76A61AA2   . 53             PUSH EBX                                 ; ³InfoClass => 0
76A61AA3   . FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A61AA6   . FF15 D810A676  CALL DWORD PTR DS:[<&ntdll.NtQueryInform>; ÀZwQueryInformationProcess
76A61AAC   . 3BC3           CMP EAX,EBX
76A61AAE   .7D 0D          JGE SHORT 3ba1ea5.76A61ABD
76A61AB0   . 50             PUSH EAX
76A61AB1   > FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A61AB7   . 50             PUSH EAX
76A61AB8   .E9 9C000000    JMP 3ba1ea5.76A61B59
76A61ABD   > 8B45 BC        MOV EAX,DWORD PTR SS:[EBP-44]
76A61AC0   . 3BC3           CMP EAX,EBX
76A61AC2   .75 07          JNZ SHORT 3ba1ea5.76A61ACB
76A61AC4   . 68 0D000080    PUSH 8000000D
76A61AC9   .EB E6          JMP SHORT 3ba1ea5.76A61AB1
76A61ACB   > 53             PUSH EBX                                 ; ÚpBytesRead
76A61ACC   . 6A 04          PUSH 4                                   ; ³BytesToRead = 4
76A61ACE   . 8D4D DC        LEA ECX,DWORD PTR SS:[EBP-24]            ; ³
76A61AD1   . 51             PUSH ECX                                 ; ³Buffer
76A61AD2   . 83C0 0C        ADD EAX,0C                               ; ³
76A61AD5   . 50             PUSH EAX                                 ; ³pBaseAddress
76A61AD6   . FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A61AD9   . 8B35 6C10A676  MOV ESI,DWORD PTR DS:[<&KERNEL32.ReadPro>; ³kernel32.ReadProcessMemory
76A61ADF   . FFD6           CALL ESI                                 ; ÀReadProcessMemory
76A61AE1   . 85C0           TEST EAX,EAX
76A61AE3   .0F84 D5000000  JE 3ba1ea5.76A61BBE
76A61AE9   . 8B45 DC        MOV EAX,DWORD PTR SS:[EBP-24]
76A61AEC   . 83C0 14        ADD EAX,14
76A61AEF   . 8945 D8        MOV DWORD PTR SS:[EBP-28],EAX
76A61AF2   . 53             PUSH EBX                                 ; ÚpBytesRead
76A61AF3   . 6A 04          PUSH 4                                   ; ³BytesToRead = 4
76A61AF5   . 8D4D E0        LEA ECX,DWORD PTR SS:[EBP-20]            ; ³
76A61AF8   . 51             PUSH ECX                                 ; ³Buffer
76A61AF9   . 50             PUSH EAX                                 ; ³pBaseAddress
76A61AFA   . FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A61AFD   . FFD6           CALL ESI                                 ; ÀReadProcessMemory
76A61AFF   . 85C0           TEST EAX,EAX
76A61B01   .0F84 B7000000  JE 3ba1ea5.76A61BBE
76A61B07   . 8B7D 10        MOV EDI,DWORD PTR SS:[EBP+10]
76A61B0A   . C1EF 02        SHR EDI,2
76A61B0D   . 895D E4        MOV DWORD PTR SS:[EBP-1C],EBX
76A61B10   . 8B45 E0        MOV EAX,DWORD PTR SS:[EBP-20]
76A61B13   > 3B45 D8        CMP EAX,DWORD PTR SS:[EBP-28]
76A61B16   .74 6A          JE SHORT 3ba1ea5.76A61B82
76A61B18   . 83C0 F8        ADD EAX,-8
76A61B1B   . 53             PUSH EBX
76A61B1C   . 6A 50          PUSH 50
76A61B1E   . 8D8D 68FFFFFF  LEA ECX,DWORD PTR SS:[EBP-98]
76A61B24   . 51             PUSH ECX
76A61B25   . 50             PUSH EAX
76A61B26   . FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A61B29   . FFD6           CALL ESI
76A61B2B   . 85C0           TEST EAX,EAX
76A61B2D   .0F84 8B000000  JE 3ba1ea5.76A61BBE
76A61B33   . 397D E4        CMP DWORD PTR SS:[EBP-1C],EDI
76A61B36   .73 13          JNB SHORT 3ba1ea5.76A61B4B
76A61B38   . 895D FC        MOV DWORD PTR SS:[EBP-4],EBX
76A61B3B   . 8B45 80        MOV EAX,DWORD PTR SS:[EBP-80]
76A61B3E   . 8B4D 0C        MOV ECX,DWORD PTR SS:[EBP+C]
76A61B41   . 8B55 E4        MOV EDX,DWORD PTR SS:[EBP-1C]
76A61B44   . 890491         MOV DWORD PTR DS:[ECX+EDX*4],EAX
76A61B47   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61B4B   > FF45 E4        INC DWORD PTR SS:[EBP-1C]
76A61B4E   . 817D E4 102700>CMP DWORD PTR SS:[EBP-1C],2710
76A61B55   .76 20          JBE SHORT 3ba1ea5.76A61B77
76A61B57   . 6A 06          PUSH 6                                   ; ÚError = ERROR_INVALID_HANDLE
76A61B59   > FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61B5F   .EB 5D          JMP SHORT 3ba1ea5.76A61BBE
76A61B61   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-14]
76A61B64   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A61B66   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A61B68   . 8945 D4        MOV DWORD PTR SS:[EBP-2C],EAX
76A61B6B   . 33C0           XOR EAX,EAX
76A61B6D   . 40             INC EAX
76A61B6E   . C3             RETN
76A61B6F   . 8B65 E8        MOV ESP,DWORD PTR SS:[EBP-18]
76A61B72   . FF75 D4        PUSH DWORD PTR SS:[EBP-2C]
76A61B75   .EB 36          JMP SHORT 3ba1ea5.76A61BAD
76A61B77   > 8B85 70FFFFFF  MOV EAX,DWORD PTR SS:[EBP-90]
76A61B7D   . 8945 E0        MOV DWORD PTR SS:[EBP-20],EAX
76A61B80   .EB 91          JMP SHORT 3ba1ea5.76A61B13
76A61B82   > 33C0           XOR EAX,EAX
76A61B84   . 40             INC EAX
76A61B85   . 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A61B88   . 8B4D E4        MOV ECX,DWORD PTR SS:[EBP-1C]
76A61B8B   . C1E1 02        SHL ECX,2
76A61B8E   . 8B55 14        MOV EDX,DWORD PTR SS:[EBP+14]
76A61B91   . 890A           MOV DWORD PTR DS:[EDX],ECX
76A61B93   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61B97   .EB 27          JMP SHORT 3ba1ea5.76A61BC0
76A61B99   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-14]
76A61B9C   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A61B9E   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A61BA0   . 8945 D0        MOV DWORD PTR SS:[EBP-30],EAX
76A61BA3   . 33C0           XOR EAX,EAX
76A61BA5   . 40             INC EAX
76A61BA6   . C3             RETN
76A61BA7   . 8B65 E8        MOV ESP,DWORD PTR SS:[EBP-18]
76A61BAA   . FF75 D0        PUSH DWORD PTR SS:[EBP-30]
76A61BAD   > FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A61BB3   . 50             PUSH EAX                                 ; ÚError
76A61BB4   . FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61BBA   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61BBE   > 33C0           XOR EAX,EAX
76A61BC0   > E8 8E210000    CALL 3ba1ea5.76A63D53
76A61BC5   . C2 1000        RETN 10
76A61BC8     CC             INT3
76A61BC9     CC             INT3
76A61BCA     CC             INT3
76A61BCB     CC             INT3
76A61BCC     CC             INT3
76A61BCD >Ú$ 8BFF           MOV EDI,EDI
76A61BCF  ³. 55             PUSH EBP
76A61BD0  ³. 8BEC           MOV EBP,ESP
76A61BD2  ³. 83EC 50        SUB ESP,50
76A61BD5  ³. 8D45 B0        LEA EAX,DWORD PTR SS:[EBP-50]
76A61BD8  ³. 50             PUSH EAX                                 ; ÚArg3
76A61BD9  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³Arg2
76A61BDC  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A61BDF  ³. E8 C5FDFFFF    CALL 3ba1ea5.76A619A9                    ; À3ba1ea5.76A619A9
76A61BE4  ³. 85C0           TEST EAX,EAX
76A61BE6  ³.74 59          JE SHORT 3ba1ea5.76A61C41
76A61BE8  ³. 56             PUSH ESI
76A61BE9  ³. 0FB775 D4      MOVZX ESI,WORD PTR SS:[EBP-2C]
76A61BED  ³. 57             PUSH EDI
76A61BEE  ³. 8B7D 14        MOV EDI,DWORD PTR SS:[EBP+14]
76A61BF1  ³. 03FF           ADD EDI,EDI
76A61BF3  ³. 46             INC ESI
76A61BF4  ³. 46             INC ESI
76A61BF5  ³. 3BFE           CMP EDI,ESI
76A61BF7  ³.73 02          JNB SHORT 3ba1ea5.76A61BFB
76A61BF9  ³. 8BF7           MOV ESI,EDI
76A61BFB  ³> 53             PUSH EBX
76A61BFC  ³. 8B5D 10        MOV EBX,DWORD PTR SS:[EBP+10]
76A61BFF  ³. 6A 00          PUSH 0                                   ; ÚpBytesRead = NULL
76A61C01  ³. 56             PUSH ESI                                 ; ³BytesToRead
76A61C02  ³. 53             PUSH EBX                                 ; ³Buffer
76A61C03  ³. FF75 D8        PUSH DWORD PTR SS:[EBP-28]               ; ³pBaseAddress
76A61C06  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A61C09  ³. FF15 6C10A676  CALL DWORD PTR DS:[<&KERNEL32.ReadProces>; ÀReadProcessMemory
76A61C0F  ³. 85C0           TEST EAX,EAX
76A61C11  ³.74 2B          JE SHORT 3ba1ea5.76A61C3E
76A61C13  ³. 0FB745 D4      MOVZX EAX,WORD PTR SS:[EBP-2C]
76A61C17  ³. 40             INC EAX
76A61C18  ³. 40             INC EAX
76A61C19  ³. 3BF0           CMP ESI,EAX
76A61C1B  ³.75 02          JNZ SHORT 3ba1ea5.76A61C1F
76A61C1D  ³. 4E             DEC ESI
76A61C1E  ³. 4E             DEC ESI
76A61C1F  ³> 3BF7           CMP ESI,EDI
76A61C21  ³.73 0B          JNB SHORT 3ba1ea5.76A61C2E
76A61C23  ³. 8BC6           MOV EAX,ESI
76A61C25  ³. D1E8           SHR EAX,1
76A61C27  ³. 66:832443 00   AND WORD PTR DS:[EBX+EAX*2],0
76A61C2C  ³.EB 0C          JMP SHORT 3ba1ea5.76A61C3A
76A61C2E  ³> 85FF           TEST EDI,EDI
76A61C30  ³.76 08          JBE SHORT 3ba1ea5.76A61C3A
    continued below
    hey i found like 4 new files 2 text files it has come weird code idk if it has 2 do with it but go 2 combat arms folder hshield and scroll down there are 2 text files and 2 v3d files
    add me on psn ---> vlackops
  6. 07-28-2009 #50
    NeonNoise
    NeonNoise is offline
    Unverified User
    NeonNoise's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    ten steps ahead of you
    Posts
    593
    Reputation
    38
    Thanks
    42
    My Mood
    Amused
    Send a message via Birdie™ to NeonNoise United States
    Quote Originally Posted by bloddyapache View Post
    hey i found like 4 new files 2 text files it has come weird code idk if it has 2 do with it but go 2 combat arms folder hshield and scroll down there are 2 text files and 2 v3d files
    yea dude i see them
    i think we r screwed
    ill keep looking into it
    there also one called
    EHSvc.dll
    hack .dll interface
    mabe thatys the problem??
  7. 07-28-2009 #51
    YoungFlip
    YoungFlip is offline
    Member
    YoungFlip's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    112
    Reputation
    10
    Thanks
    4
    My Mood
    Grumpy
    Send a message via Birdie™ to YoungFlip
    wait so are we screwed as in no moar hax? or we gotta find another way to inject?
  8. 07-28-2009 #52
    That0n3Guy
    That0n3Guy is offline
    MPGH Expert
    MPGH Member
    That0n3Guy's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    1,137
    Reputation
    13
    Thanks
    271
    My Mood
    Sleepy
    Send a message via Birdie™ to That0n3Guy United States
    The v3d files have been there, and the text files are config files that have also been there.
    Quotes Hall of Fame

    Quote Originally Posted by martijno0o0 View Post
    ok, i got visual basic 2008 and i got some expirients but i need c++ to make hacks rigth?
    so i need c++ and my question is!?¿? where i dontload it? and is c++ a own program or a update for vb08?
    [IMG]https://i660.photobucke*****m/albums/uu327/EddieTheWin/duff.png[/IMG]
  9. 07-28-2009 #53
    NeonNoise
    NeonNoise is offline
    Unverified User
    NeonNoise's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    ten steps ahead of you
    Posts
    593
    Reputation
    38
    Thanks
    42
    My Mood
    Amused
    Send a message via Birdie™ to NeonNoise United States
    Quote Originally Posted by YoungFlip View Post
    wait so are we screwed as in no moar hax? or we gotta find another way to inject?
    we wil find another way
    but...
    i think we r screwed as in
    NO MORE HACKS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    ill keep trying thouhg
  10. 07-28-2009 #54
    Grim
    Grim is offline
    Threadstarter
    MPGH Lord
    MPGH Member
    Grim's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    5,359
    Reputation
    112
    Thanks
    3,786
    My Mood
    Cynical
    Send a message via Birdie™ to Grim United States
    Quote Originally Posted by YoungFlip View Post
    wait so are we screwed as in no moar hax? or we gotta find another way to inject?
    we dont know yet, they are looking into the new files.. but dont expect anything to come out until after the update
    Want to see my programs?
    \/ CLICK IT BITCHES \/
  11. 07-28-2009 #55
    YoungFlip
    YoungFlip is offline
    Member
    YoungFlip's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    112
    Reputation
    10
    Thanks
    4
    My Mood
    Grumpy
    Send a message via Birdie™ to YoungFlip
    best wishes to those coders. godspeed hackers, godspeed.
  12. 07-28-2009 #56
    That0n3Guy
    That0n3Guy is offline
    MPGH Expert
    MPGH Member
    That0n3Guy's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    1,137
    Reputation
    13
    Thanks
    271
    My Mood
    Sleepy
    Send a message via Birdie™ to That0n3Guy United States
    Quote Originally Posted by WarPathSin666 View Post
    we dont know yet, they are looking into the new files.. but dont expect anything to come out until after the update
    Those files aren't new in any way.
    Quotes Hall of Fame

    Quote Originally Posted by martijno0o0 View Post
    ok, i got visual basic 2008 and i got some expirients but i need c++ to make hacks rigth?
    so i need c++ and my question is!?¿? where i dontload it? and is c++ a own program or a update for vb08?
    [IMG]https://i660.photobucke*****m/albums/uu327/EddieTheWin/duff.png[/IMG]
  13. 07-28-2009 #57
    NeonNoise
    NeonNoise is offline
    Unverified User
    NeonNoise's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    ten steps ahead of you
    Posts
    593
    Reputation
    38
    Thanks
    42
    My Mood
    Amused
    Send a message via Birdie™ to NeonNoise United States
    guys
    i got it to work 4 one game then it crashed
    ooo well
  14. 07-28-2009 #58
    Grim
    Grim is offline
    Threadstarter
    MPGH Lord
    MPGH Member
    Grim's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    5,359
    Reputation
    112
    Thanks
    3,786
    My Mood
    Cynical
    Send a message via Birdie™ to Grim United States
    Quote Originally Posted by That0n3Guy View Post
    Those files aren't new in any way.
    wrong files man..not the v3d.. im talkin about the new .dll's that are hidden and they modified a few other files in the HShield folder.. like i said they are looking into it
    Want to see my programs?
    \/ CLICK IT BITCHES \/
  15. 07-28-2009 #59
    That0n3Guy
    That0n3Guy is offline
    MPGH Expert
    MPGH Member
    That0n3Guy's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    1,137
    Reputation
    13
    Thanks
    271
    My Mood
    Sleepy
    Send a message via Birdie™ to That0n3Guy United States
    Who's looking into it?
    Quotes Hall of Fame

    Quote Originally Posted by martijno0o0 View Post
    ok, i got visual basic 2008 and i got some expirients but i need c++ to make hacks rigth?
    so i need c++ and my question is!?¿? where i dontload it? and is c++ a own program or a update for vb08?
    [IMG]https://i660.photobucke*****m/albums/uu327/EddieTheWin/duff.png[/IMG]
  16. 07-28-2009 #60
    YoungFlip
    YoungFlip is offline
    Member
    YoungFlip's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    112
    Reputation
    10
    Thanks
    4
    My Mood
    Grumpy
    Send a message via Birdie™ to YoungFlip
    i would love to help in any way
Page 4 of 7 FirstFirst ... 23456 ... LastLast
« Previous Thread | Next Thread »

Similar Threads

  1. The New Gunz Patches 9-24-06
    By iceejnp in forum Gunz General
    Replies: 7
    Last Post: 05-25-2009, 11:03 PM
  2. need bypass after patch for working the team speak
    By yaniv7626 in forum Combat Arms Europe Hacks
    Replies: 4
    Last Post: 03-23-2009, 07:44 AM
  3. Will a CE be detected if I use the bypass
    By xNarutoSouls in forum Combat Arms Hacks & Cheats
    Replies: 8
    Last Post: 08-04-2008, 03:46 PM
  4. PB if fuck*** the bypasses
    By crazy4her in forum WarRock - International Hacks
    Replies: 8
    Last Post: 06-29-2007, 09:38 PM
  5. I need UCE for saving the bypass...
    By EyalZamir in forum WarRock - International Hacks
    Replies: 0
    Last Post: 05-15-2007, 04:40 PM

Tags for this Thread