Page 2 of 7 FirstFirst 1234 ... LastLast
Results 16 to 30 of 91
  1. 07-28-2009 #1
    Grim
    Grim is offline
    MPGH Lord
    MPGH Member
    Grim's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    5,359
    Reputation
    112
    Thanks
    3,786
    My Mood
    Cynical
    Send a message via Birdie™ to Grim United States

    the bypass is patched

    i was using the xfire hacks all morning and got on here for a minute to check email and fuck around on mpgh.. got back on CA and it closed out on me before the login screen.. so i poked around in my folders and found that HShield folder now has a bunch of .dll files that are hidden, to view go Tools>Folder Options>View.. without scrolling down you can see at the bottom it says "Show hidden files and folders" i've always had this checked, but even after deleting the .dll's that werent there before i can only just get passed the login screen.. still working on it, if i can figure it out i'll repost
    Want to see my programs?
    \/ CLICK IT BITCHES \/
  2. 07-28-2009 #16
    i-c-e-m-a-n
    i-c-e-m-a-n is offline
    Newbie
    i-c-e-m-a-n's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    65
    Reputation
    10
    Thanks
    12
    Send a message via Birdie™ to i-c-e-m-a-n
    try this out tack one of your hack dll files and rename it to this EHsvc.dll and copy and paste to you hs folder and see if that works for you i got some hacks to work that way
    I think trick hs to thick part for the hack code is part of the hs
  3. 07-28-2009 #17
    NeonNoise
    NeonNoise is offline
    Unverified User
    NeonNoise's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    ten steps ahead of you
    Posts
    593
    Reputation
    38
    Thanks
    42
    My Mood
    Amused
    Send a message via Birdie™ to NeonNoise United States
    Quote Originally Posted by LuckiiEmoo View Post
    my god-er.. Go to ur NEXON folder then DELETE- RWDATA.BIN

    THEN GO TO HSHIELD THEN delete the 2 .v3d..

    and go back to combat arms folder and delete all COMBAT ARMS DUMP

    then try the bypass again
    i cant find these what is the full name
    .v3d..
  4. 07-28-2009 #18
    lolz2much
    lolz2much is offline
    Expert Member
    MPGH Member
    lolz2much's Avatar
    Join Date
    Jan 2009
    Gender
    male
    Posts
    743
    Reputation
    28
    Thanks
    807
    My Mood
    Amused
    Send a message via Birdie™ to lolz2much United States
    ok first dll
    file name - 3ba1ea5.dll

    Code:
    76A61000 > . F62D817C       DD kernel32.GetSystemInfo
76A61004 > . 7B1D807C       DD kernel32.LoadLibraryA
76A61008 > . 2E98807C       DD kernel32.InterlockedExchange
76A6100C > . 7EAC807C       DD kernel32.FreeLibrary
76A61010 > . 40AE807C       DD kernel32.GetProcAddress
76A61014 > . 5D49847C       DD kernel32.SetUnhandledExceptionFilter
76A61018 > . CA3F867C       DD kernel32.UnhandledExceptionFilter
76A6101C > . 95DE807C       DD kernel32.GetCurrentProcess
76A61020 > . 1A1E807C       DD kernel32.TerminateProcess
76A61024 > . E917807C       DD kernel32.GetSystemTimeAsFileTime
76A61028 > . C099807C       DD kernel32.GetCurrentProcessId
76A6102C > . D097807C       DD kernel32.GetCurrentThreadId
76A61030 > . 4A93807C       DD kernel32.GetTickCount
76A61034 > . C7A4807C       DD kernel32.QueryPerformanceCounter
76A61038 > . 21FE907C       DD ntdll.RtlGetLastWin32Error
76A6103C > . 3613817C       DD kernel32.DisableThreadLibraryCalls
76A61040 > . 16BC807C       DD kernel32.OpenFileMappingA
76A61044 > . A5B9807C       DD kernel32.MapViewOfFile
76A61048 > . 14BA807C       DD kernel32.UnmapViewOfFile
76A6104C > . 281A807C       DD kernel32.CreateFileA
76A61050 > . E79B807C       DD kernel32.CloseHandle
76A61054 > . 61AC807C       DD kernel32.GetProcessHeap
76A61058 > . 30FE907C       DD ntdll.RtlSetLastWin32Error
76A6105C > . CF99807C       DD kernel32.LocalFree
76A61060 > . 2D9A807C       DD kernel32.LocalAlloc
76A61064 > . 989C807C       DD kernel32.MultiByteToWideChar
76A61068 > . 74A1807C       DD kernel32.WideCharToMultiByte
76A6106C > . D021807C       DD kernel32.ReadProcessMemory
76A61070 > . A92A817C       DD kernel32.RaiseException
76A61074 > . D803837C       DD kernel32.SetProcessWorkingSetSize
76A61078 > . 4C21867C       DD kernel32.GetProcessWorkingSetSize
76A6107C > . A1BE807C       DD kernel32.lstrcpyA
76A61080 > . 56BE807C       DD kernel32.lstrlenA
76A61084 > . 2DFF907C       DD ntdll.RtlFreeHeap
76A61088 > . C400917C       DD ntdll.RtlAllocateHeap
76A6108C   . 00000000       DD 00000000
76A61090 > . C5AB927C       DD ntdll.RtlUnwind
76A61094 > . 4AFE907C       DD ntdll.wcslen
76A61098 > . 8249917C       DD ntdll.wcschr
76A6109C > . 642E917C       DD ntdll._stricmp
76A610A0 > . A948927C       DD ntdll.atoi
76A610A4 > . EECF907C       DD ntdll.ZwClose
76A610A8 > . 1EDE907C       DD ntdll.ZwStopProfile
76A610AC > . 0A19977C       DD ntdll._snprintf
76A610B0 > . 6FFB927C       DD ntdll.DbgPrint
76A610B4 > . E870927C       DD ntdll.RtlUnicodeToOemN
76A610B8 > . 6D9A927C       DD ntdll.RtlAdjustPrivilege
76A610BC > . BAEC907C       DD ntdll.RtlMultiByteToUnicodeN
76A610C0 > . 6ECF907C       DD ntdll.ZwAllocateVirtualMemory
76A610C4 > . 6ED1907C       DD ntdll.ZwCreateProfile
76A610C8 > . CEDC907C       DD ntdll.ZwSetIntervalProfile
76A610CC > . 0EDE907C       DD ntdll.ZwStartProfile
76A610D0 > . 7EDF907C       DD ntdll.ZwWriteFile
76A610D4 > . 9EDC907C       DD ntdll.ZwSetInformationProcess
76A610D8 > . FED7907C       DD ntdll.ZwQueryInformationProcess
76A610DC > . 7ED9907C       DD ntdll.ZwQueryVirtualMemory
76A610E0 > . 2ED9907C       DD ntdll.ZwQuerySystemInformation
76A610E4 > . 2DF6907C       DD ntdll.RtlNtStatusToDosError
76A610E8   . 00000000       DD 00000000
76A610EC   . 863BA676       DD 3ba1ea5.76A63B86                      ;  Entry address
76A610F0     00             DB 00
76A610F1     00             DB 00
76A610F2     00             DB 00
76A610F3     00             DB 00
76A610F4     AD             DB AD
76A610F5   . 5B 43 42 00    ASCII "[CB",0
76A610F9     00             DB 00
76A610FA     00             DB 00
76A610FB     00             DB 00
76A610FC     02             DB 02
76A610FD     00             DB 00
76A610FE     00             DB 00
76A610FF     00             DB 00
76A61100     22             DB 22                                    ;  CHAR '"'
76A61101     00             DB 00
76A61102     00             DB 00
76A61103     00             DB 00
76A61104     98             DB 98
76A61105     14             DB 14
76A61106     00             DB 00
76A61107     00             DB 00
76A61108     98             DB 98
76A61109     08             DB 08
76A6110A     00             DB 00
76A6110B     00             DB 00
76A6110C     00             DB 00
76A6110D     00             DB 00
76A6110E     00             DB 00
76A6110F     00             DB 00
76A61110     FF             DB FF
76A61111     FF             DB FF
76A61112     FF             DB FF
76A61113     FF             DB FF
76A61114   . 1816A676       DD 3ba1ea5.76A61618
76A61118   . 2616A676       DD 3ba1ea5.76A61626
76A6111C     FF             DB FF
76A6111D     FF             DB FF
76A6111E     FF             DB FF
76A6111F     FF             DB FF
76A61120   . 5616A676       DD 3ba1ea5.76A61656
76A61124   . 6416A676       DD 3ba1ea5.76A61664
76A61128     FF             DB FF
76A61129     FF             DB FF
76A6112A     FF             DB FF
76A6112B     FF             DB FF
76A6112C   . 611BA676       DD 3ba1ea5.76A61B61
76A61130   . 6F1BA676       DD 3ba1ea5.76A61B6F
76A61134     FF             DB FF
76A61135     FF             DB FF
76A61136     FF             DB FF
76A61137     FF             DB FF
76A61138   . 991BA676       DD 3ba1ea5.76A61B99
76A6113C   . A71BA676       DD 3ba1ea5.76A61BA7
76A61140     FF             DB FF
76A61141     FF             DB FF
76A61142     FF             DB FF
76A61143     FF             DB FF
76A61144   . EC1DA676       DD 3ba1ea5.76A61DEC
76A61148   . FA1DA676       DD 3ba1ea5.76A61DFA
76A6114C   . 70 72 6F 66 69>ASCII "profile.out",0
76A61158   . 73 74 61 72 74>ASCII "start secondary "
76A61168   . 70 72 6F 66 69>ASCII "profile %wZ fail"
76A61178   . 65 64 20 2D 20>ASCII "ed - status %lx
"
76A61188   . 00             ASCII 0
76A61189     00             DB 00
76A6118A     00             DB 00
76A6118B     00             DB 00
76A6118C   . 73 74 61 72 74>ASCII "start profile %w"
76A6119C   . 5A 20 66 61 69>ASCII "Z failed - statu"
76A611AC   . 73 20 25 6C 78>ASCII "s %lx
",0
76A611B3     00             DB 00
76A611B4   . 52 74 6C 49 6E>ASCII "RtlInitializePro"
76A611C4   . 66 69 6C 65 20>ASCII "file : secondary"
76A611D4   . 20 61 6C 6C 6F>ASCII " alloc VM failed"
76A611E4   . 20 25 6C 78 0A>ASCII " %lx
",0
76A611EA     00             DB 00
76A611EB     00             DB 00
76A611EC   . 63 72 65 61 74>ASCII "create profile %"
76A611FC   . 77 5A 20 66 61>ASCII "wZ failed - stat"
76A6120C   . 75 73 20 25 6C>ASCII "us %lx
",0
76A61214   . 52 74 6C 49 6E>ASCII "RtlInitializePro"
76A61224   . 66 69 6C 65 20>ASCII "file : alloc VM "
76A61234   . 66 61 69 6C 65>ASCII "failed %lx
",0
76A61240   . 55 6E 61 62 6C>ASCII "Unable to increa"
76A61250   . 73 65 20 71 75>ASCII "se quota privile"
76A61260   . 67 65 20 28 73>ASCII "ge (status=0x%lx"
76A61270   . 29 0A 00       ASCII ")
",0
76A61273     00             DB 00
76A61274   . 45 6E 61 62 6C>ASCII "Enable system pr"
76A61284   . 6F 66 69 6C 65>ASCII "ofile privilege "
76A61294   . 66 61 69 6C 65>ASCII "failed - status "
76A612A4   . 30 78 25 6C 78>ASCII "0x%lx
",0
76A612AB     00             DB 00
76A612AC   . 71 75 65 72 79>ASCII "query system inf"
76A612BC   . 6F 20 66 61 69>ASCII "o failed status "
76A612CC   . 2D 20 25 6C 78>ASCII "- %lx
",0
76A612D3     00             DB 00
76A612D4   . 25 64 2C 25 77>ASCII "%d,%wZ,Unknown ("
76A612E4   . 25 70 29 0A 00>ASCII "%p)
",0
76A612E9     00             DB 00
76A612EA     00             DB 00
76A612EB     00             DB 00
76A612EC   . 09             DB 09
76A612ED   . 25 70 3A 25 64>ASCII "%p:%d, %d"
76A612F6   . 2C 20 2D 2D 0A>ASCII ", --
",0
76A612FC   . 09             DB 09
76A612FD   . 25 70 3A 25 64>ASCII "%p:%d, %d"
76A61306   . 2C 20 25 32 2E>ASCII ", %2.2d.%3.3d
",0
76A61315     00             DB 00
76A61316     00             DB 00
76A61317     00             DB 00
76A61318   . 09 25 70 3A 25>ASCII "	%p:%d
",0
76A61320   . 25 64 2C 25 64>ASCII "%d,%d, -- ,%wZ,%"
76A61330   . 73 20 28 25 30>ASCII "s (%08lx)
",0
76A6133B     00             DB 00
76A6133C   . 25 64 2C 25 64>ASCII "%d,%d,%2.2d.%3.3"
76A6134C   . 64 2C 25 77 5A>ASCII "d,%wZ,%s (%08lx)"
76A6135C   . 0A 00          ASCII "
",0
76A6135E     00             DB 00
76A6135F     00             DB 00
76A61360   . 25 64 2C 25 77>ASCII "%d,%wZ,%s (%08lx"
76A61370   . 29 0A 00       ASCII ")
",0
76A61373     00             DB 00
76A61374   . 25 64 2C 25 77>ASCII "%d,%wZ,Total%s
",0
76A61384   . 20 28 4E 4F 20>ASCII " (NO SYMBOLS)",0
76A61392     00             DB 00
76A61393     00             DB 00
76A61394   . 4F 76 65 72 66>ASCII "Overflowed the m"
76A613A4   . 61 78 69 6D 75>ASCII "aximum number of"
76A613B4   . 20 6D 6F 64 75>ASCII " modules: %d
",0
76A613C2     00             DB 00
76A613C3     00             DB 00
76A613C4   . 4E 6F 20 53 79>ASCII "No Symbol Found",0
76A613D4     00             DB 00
76A613D5     00             DB 00
76A613D6     00             DB 00
76A613D7     00             DB 00
76A613D8     FF             DB FF
76A613D9     FF             DB FF
76A613DA     FF             DB FF
76A613DB     FF             DB FF
76A613DC   . 9631A676       DD 3ba1ea5.76A63196
76A613E0   . 9A31A676       DD 3ba1ea5.76A6319A
76A613E4   . 20 09 00       ASCII " 	",0
76A613E7     00             DB 00
76A613E8   . 50 72 6F 66 69>ASCII "ProfileStartupPa"
76A613F8   . 72 61 6D 65 74>ASCII "rameters",0
76A61401     00             DB 00
76A61402     00             DB 00
76A61403     00             DB 00
76A61404     00             DB 00
76A61405     00             DB 00
76A61406     00             DB 00
76A61407     00             DB 00
76A61408     FF             DB FF
76A61409     FF             DB FF
76A6140A     FF             DB FF
76A6140B     FF             DB FF
76A6140C   . 6635A676       DD 3ba1ea5.76A63566
76A61410   . 7435A676       DD 3ba1ea5.76A63574
76A61414     FF             DB FF
76A61415     FF             DB FF
76A61416     FF             DB FF
76A61417     FF             DB FF
76A61418   . 8535A676       DD 3ba1ea5.76A63585
76A6141C   . 9335A676       DD 3ba1ea5.76A63593
76A61420     FF             DB FF
76A61421     FF             DB FF
76A61422     FF             DB FF
76A61423     FF             DB FF
76A61424   . 6936A676       DD 3ba1ea5.76A63669
76A61428   . 7736A676       DD 3ba1ea5.76A63677
76A6142C   . 8050A676       DD 3ba1ea5.76A65080
76A61430   . D050A676       DD 3ba1ea5.76A650D0
76A61434     00             DB 00
76A61435     00             DB 00
76A61436     00             DB 00
76A61437     00             DB 00
76A61438     00             DB 00
76A61439     00             DB 00
76A6143A     00             DB 00
76A6143B     00             DB 00
76A6143C     00             DB 00
76A6143D     00             DB 00
76A6143E     00             DB 00
76A6143F     00             DB 00
76A61440   . 69 6D 61 67 65>ASCII "imagehlp.dll",0
76A6144D     5A             DB 5A                                    ;  CHAR 'Z'
76A6144E     00             DB 00
76A6144F     00             DB 00
76A61450     48             DB 48                                    ;  CHAR 'H'
76A61451     00             DB 00
76A61452     00             DB 00
76A61453     00             DB 00
76A61454     00             DB 00
76A61455     00             DB 00
76A61456     00             DB 00
76A61457     00             DB 00
76A61458     00             DB 00
76A61459     00             DB 00
76A6145A     00             DB 00
76A6145B     00             DB 00
76A6145C     00             DB 00
76A6145D     00             DB 00
76A6145E     00             DB 00
76A6145F     00             DB 00
76A61460     00             DB 00
76A61461     00             DB 00
76A61462     00             DB 00
76A61463     00             DB 00
76A61464     00             DB 00
76A61465     00             DB 00
76A61466     00             DB 00
76A61467     00             DB 00
76A61468     00             DB 00
76A61469     00             DB 00
76A6146A     00             DB 00
76A6146B     00             DB 00
76A6146C     00             DB 00
76A6146D     00             DB 00
76A6146E     00             DB 00
76A6146F     00             DB 00
76A61470     00             DB 00
76A61471     00             DB 00
76A61472     00             DB 00
76A61473     00             DB 00
76A61474     00             DB 00
76A61475     00             DB 00
76A61476     00             DB 00
76A61477     00             DB 00
76A61478     00             DB 00
76A61479     00             DB 00
76A6147A     00             DB 00
76A6147B     00             DB 00
76A6147C     00             DB 00
76A6147D     00             DB 00
76A6147E     00             DB 00
76A6147F     00             DB 00
76A61480     00             DB 00
76A61481     00             DB 00
76A61482     00             DB 00
76A61483     00             DB 00
76A61484     00             DB 00
76A61485     00             DB 00
76A61486     00             DB 00
76A61487     00             DB 00
76A61488     00             DB 00
76A61489     00             DB 00
76A6148A     00             DB 00
76A6148B     00             DB 00
76A6148C   . 2050A676       DD 3ba1ea5.76A65020
76A61490   . C014A676       DD 3ba1ea5.76A614C0
76A61494     02             DB 02
76A61495     00             DB 00
76A61496     00             DB 00
76A61497     00             DB 00
76A61498     52             DB 52                                    ;  CHAR 'R'
76A61499     53             DB 53                                    ;  CHAR 'S'
76A6149A     44             DB 44                                    ;  CHAR 'D'
76A6149B     53             DB 53                                    ;  CHAR 'S'
76A6149C     FD             DB FD
76A6149D     D7             DB D7
76A6149E     3C             DB 3C                                    ;  CHAR '<'
76A6149F     AF             DB AF
76A614A0     1A             DB 1A
76A614A1     F2             DB F2
76A614A2     79             DB 79                                    ;  CHAR 'y'
76A614A3     4E             DB 4E                                    ;  CHAR 'N'
76A614A4     AF             DB AF
76A614A5     DF             DB DF
76A614A6     AB             DB AB
76A614A7     0B             DB 0B
76A614A8     08             DB 08
76A614A9     9A             DB 9A
76A614AA     BB             DB BB
76A614AB     BC             DB BC
76A614AC     01             DB 01
76A614AD     00             DB 00
76A614AE     00             DB 00
76A614AF     00             DB 00
76A614B0   . 70 73 61 70 69>ASCII "psapi.pdb",0
76A614BA     00             DB 00
76A614BB     00             DB 00
76A614BC     00             DB 00
76A614BD     00             DB 00
76A614BE     00             DB 00
76A614BF     00             DB 00
76A614C0     E0             DB E0
76A614C1     3D             DB 3D                                    ;  CHAR '='
76A614C2     00             DB 00
76A614C3     00             DB 00
76A614C4   . 20 3F 00       ASCII " ?",0
76A614C7     00             DB 00
76A614C8     00             DB 00
76A614C9     00             DB 00
76A614CA     00             DB 00
76A614CB     00             DB 00
76A614CC     00             DB 00
76A614CD     00             DB 00
76A614CE     00             DB 00
76A614CF     00             DB 00
76A614D0     00             DB 00
76A614D1     00             DB 00
76A614D2     00             DB 00
76A614D3     00             DB 00
76A614D4     00             DB 00
76A614D5  Ú$ 8BFF           MOV EDI,EDI
76A614D7  ³. 55             PUSH EBP
76A614D8  ³. 8BEC           MOV EBP,ESP
76A614DA  ³. 83EC 0C        SUB ESP,0C
76A614DD  ³. 53             PUSH EBX
76A614DE  ³. 56             PUSH ESI
76A614DF  ³. 57             PUSH EDI
76A614E0  ³. 8B3D 6010A676  MOV EDI,DWORD PTR DS:[<&KERNEL32.LocalAl>;  kernel32.LocalAlloc
76A614E6  ³. B8 20050000    MOV EAX,520
76A614EB  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A614EE  ³. 50             PUSH EAX
76A614EF  ³.EB 3C          JMP SHORT 3ba1ea5.76A6152D
76A614F1  ³> 8D45 F4        ÚLEA EAX,DWORD PTR SS:[EBP-C]
76A614F4  ³. 50             ³PUSH EAX                                ; ÚpReqsize
76A614F5  ³. FF75 FC        ³PUSH DWORD PTR SS:[EBP-4]               ; ³Bufsize
76A614F8  ³. 53             ³PUSH EBX                                ; ³Buffer
76A614F9  ³. 6A 0B          ³PUSH 0B                                 ; ³InfoType = SystemModuleInfo
76A614FB  ³. FF15 E010A676  ³CALL DWORD PTR DS:[<&ntdll.NtQuerySyste>; ÀZwQuerySystemInformation
76A61501  ³. 85C0           ³TEST EAX,EAX
76A61503  ³. 8B33           ³MOV ESI,DWORD PTR DS:[EBX]
76A61505  ³. 8945 F8        ³MOV DWORD PTR SS:[EBP-8],EAX
76A61508  ³.7D 34          ³JGE SHORT 3ba1ea5.76A6153E
76A6150A  ³. 53             ³PUSH EBX                                ; ÚhMemory
76A6150B  ³. FF15 5C10A676  ³CALL DWORD PTR DS:[<&KERNEL32.LocalFree>; ÀLocalFree
76A61511  ³. B8 040000C0    ³MOV EAX,C0000004
76A61516  ³. 3945 F8        ³CMP DWORD PTR SS:[EBP-8],EAX
76A61519  ³.75 6A          ³JNZ SHORT 3ba1ea5.76A61585
76A6151B  ³. 69F6 1C010000  ³IMUL ESI,ESI,11C
76A61521  ³. 83C6 04        ³ADD ESI,4
76A61524  ³. 3B75 FC        ³CMP ESI,DWORD PTR SS:[EBP-4]
76A61527  ³.76 59          ³JBE SHORT 3ba1ea5.76A61582
76A61529  ³. 8975 FC        ³MOV DWORD PTR SS:[EBP-4],ESI
76A6152C  ³. 56             ³PUSH ESI
76A6152D  ³> 6A 00           PUSH 0
76A6152F  ³. FFD7           ³CALL EDI
76A61531  ³. 8BD8           ³MOV EBX,EAX
76A61533  ³. 85DB           ³TEST EBX,EBX
76A61535  ³.75 BA          ÀJNZ SHORT 3ba1ea5.76A614F1
76A61537  ³. 68 AA050000    PUSH 5AA
76A6153C  ³.EB 51          JMP SHORT 3ba1ea5.76A6158F
76A6153E  ³> 33C0           XOR EAX,EAX
76A61540  ³. 85F6           TEST ESI,ESI
76A61542  ³.76 15          JBE SHORT 3ba1ea5.76A61559
76A61544  ³. 8D4B 0C        LEA ECX,DWORD PTR DS:[EBX+C]
76A61547  ³> 8B11           ÚMOV EDX,DWORD PTR DS:[ECX]
76A61549  ³. 3B55 08        ³CMP EDX,DWORD PTR SS:[EBP+8]
76A6154C  ³.74 16          ³JE SHORT 3ba1ea5.76A61564
76A6154E  ³. 40             ³INC EAX
76A6154F  ³. 81C1 1C010000  ³ADD ECX,11C
76A61555  ³. 3BC6           ³CMP EAX,ESI
76A61557  ³.72 EE          ÀJB SHORT 3ba1ea5.76A61547
76A61559  ³> 53             PUSH EBX                                 ; ÚhMemory
76A6155A  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61560  ³. 6A 06          PUSH 6
76A61562  ³.EB 2B          JMP SHORT 3ba1ea5.76A6158F
76A61564  ³> 8B7D 0C        MOV EDI,DWORD PTR SS:[EBP+C]
76A61567  ³. 69C0 1C010000  IMUL EAX,EAX,11C
76A6156D  ³. 6A 47          PUSH 47
76A6156F  ³. 59             POP ECX
76A61570  ³. 8D7418 04      LEA ESI,DWORD PTR DS:[EAX+EBX+4]
76A61574  ³. 53             PUSH EBX                                 ; ÚhMemory
76A61575  ³. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>; ³
76A61577  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A6157D  ³. 33C0           XOR EAX,EAX
76A6157F  ³. 40             INC EAX
76A61580  ³.EB 15          JMP SHORT 3ba1ea5.76A61597
76A61582  ³> 50             PUSH EAX
76A61583  ³.EB 03          JMP SHORT 3ba1ea5.76A61588
76A61585  ³> FF75 F8        PUSH DWORD PTR SS:[EBP-8]
76A61588  ³> FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A6158E  ³. 50             PUSH EAX                                 ; ÚError
76A6158F  ³> FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61595  ³. 33C0           XOR EAX,EAX
76A61597  ³> 5F             POP EDI
76A61598  ³. 5E             POP ESI
76A61599  ³. 5B             POP EBX
76A6159A  ³. C9             LEAVE
76A6159B  À. C2 0800        RETN 8
76A6159E     CC             INT3
76A6159F     CC             INT3
76A615A0     CC             INT3
76A615A1     CC             INT3
76A615A2     CC             INT3
76A615A3 > $ 6A 1C          PUSH 1C
76A615A5   . 68 1011A676    PUSH 3ba1ea5.76A61110
76A615AA   . E8 69270000    CALL 3ba1ea5.76A63D18
76A615AF   . BB 20050000    MOV EBX,520
76A615B4   > 53             PUSH EBX                                 ; ÚSize
76A615B5   . 6A 00          PUSH 0                                   ; ³Flags = LMEM_FIXED
76A615B7   . FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A615BD   . 8BF0           MOV ESI,EAX
76A615BF   . 8975 E4        MOV DWORD PTR SS:[EBP-1C],ESI
76A615C2   . 85F6           TEST ESI,ESI
76A615C4   .75 0A          JNZ SHORT 3ba1ea5.76A615D0
76A615C6   . 68 AA050000    PUSH 5AA
76A615CB   .E9 E8000000    JMP 3ba1ea5.76A616B8
76A615D0   > 8D45 D4        LEA EAX,DWORD PTR SS:[EBP-2C]
76A615D3   . 50             PUSH EAX                                 ; ÚpReqsize
76A615D4   . 53             PUSH EBX                                 ; ³Bufsize
76A615D5   . 56             PUSH ESI                                 ; ³Buffer
76A615D6   . 6A 0B          PUSH 0B                                  ; ³InfoType = SystemModuleInfo
76A615D8   . FF15 E010A676  CALL DWORD PTR DS:[<&ntdll.NtQuerySystem>; ÀZwQuerySystemInformation
76A615DE   . 8945 E0        MOV DWORD PTR SS:[EBP-20],EAX
76A615E1   . 8B3E           MOV EDI,DWORD PTR DS:[ESI]
76A615E3   . 85C0           TEST EAX,EAX
76A615E5   .0F8C 9B000000  JL 3ba1ea5.76A61686
76A615EB   . 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]
76A615EE   . C1E8 02        SHR EAX,2
76A615F1   . 33C9           XOR ECX,ECX
76A615F3   > 3BCF           CMP ECX,EDI
76A615F5   .73 40          JNB SHORT 3ba1ea5.76A61637
76A615F7   . 3BC8           CMP ECX,EAX
76A615F9   .74 3C          JE SHORT 3ba1ea5.76A61637
76A615FB   . 8365 FC 00     AND DWORD PTR SS:[EBP-4],0
76A615FF   . 8BD1           MOV EDX,ECX
76A61601   . 69D2 1C010000  IMUL EDX,EDX,11C
76A61607   . 8B5432 0C      MOV EDX,DWORD PTR DS:[EDX+ESI+C]
76A6160B   . 8B5D 08        MOV EBX,DWORD PTR SS:[EBP+8]
76A6160E   . 89148B         MOV DWORD PTR DS:[EBX+ECX*4],EDX
76A61611   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61615   . 41             INC ECX
76A61616   .EB DB          JMP SHORT 3ba1ea5.76A615F3
76A61618   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-14]
76A6161B   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A6161D   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A6161F   . 8945 DC        MOV DWORD PTR SS:[EBP-24],EAX
76A61622   . 33C0           XOR EAX,EAX
76A61624   . 40             INC EAX
76A61625   . C3             RETN
76A61626   . 8B65 E8        MOV ESP,DWORD PTR SS:[EBP-18]
76A61629   . FF75 E4        PUSH DWORD PTR SS:[EBP-1C]               ; ÚhMemory
76A6162C   . FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61632   . FF75 DC        PUSH DWORD PTR SS:[EBP-24]
76A61635   .EB 3C          JMP SHORT 3ba1ea5.76A61673
76A61637   > 33DB           XOR EBX,EBX
76A61639   . 43             INC EBX
76A6163A   . 895D FC        MOV DWORD PTR SS:[EBP-4],EBX
76A6163D   . 8BC7           MOV EAX,EDI
76A6163F   . C1E0 02        SHL EAX,2
76A61642   . 8B4D 10        MOV ECX,DWORD PTR SS:[EBP+10]
76A61645   . 8901           MOV DWORD PTR DS:[ECX],EAX
76A61647   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A6164B   . 56             PUSH ESI                                 ; ÚhMemory
76A6164C   . FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61652   . 8BC3           MOV EAX,EBX
76A61654   .EB 6A          JMP SHORT 3ba1ea5.76A616C0
76A61656   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-14]
76A61659   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A6165B   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A6165D   . 8945 D8        MOV DWORD PTR SS:[EBP-28],EAX
76A61660   . 33C0           XOR EAX,EAX
76A61662   . 40             INC EAX
76A61663   . C3             RETN
76A61664   . 8B65 E8        MOV ESP,DWORD PTR SS:[EBP-18]
76A61667   . FF75 E4        PUSH DWORD PTR SS:[EBP-1C]               ; ÚhMemory
76A6166A   . FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61670   . FF75 D8        PUSH DWORD PTR SS:[EBP-28]
76A61673   > FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A61679   . 50             PUSH EAX                                 ; ÚError
76A6167A   . FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61680   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61684   .EB 38          JMP SHORT 3ba1ea5.76A616BE
76A61686   > 56             PUSH ESI                                 ; ÚhMemory
76A61687   . FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A6168D   . B8 040000C0    MOV EAX,C0000004
76A61692   . 3945 E0        CMP DWORD PTR SS:[EBP-20],EAX
76A61695   .75 17          JNZ SHORT 3ba1ea5.76A616AE
76A61697   . 69FF 1C010000  IMUL EDI,EDI,11C
76A6169D   . 83C7 04        ADD EDI,4
76A616A0   . 3BFB           CMP EDI,EBX
76A616A2   .77 03          JA SHORT 3ba1ea5.76A616A7
76A616A4   . 50             PUSH EAX
76A616A5   .EB 0A          JMP SHORT 3ba1ea5.76A616B1
76A616A7   > 8BDF           MOV EBX,EDI
76A616A9   .E9 06FFFFFF    JMP 3ba1ea5.76A615B4
76A616AE   > FF75 E0        PUSH DWORD PTR SS:[EBP-20]
76A616B1   > FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A616B7   . 50             PUSH EAX                                 ; ÚError
76A616B8   > FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A616BE   > 33C0           XOR EAX,EAX
76A616C0   > E8 8E260000    CALL 3ba1ea5.76A63D53
76A616C5   . C2 0C00        RETN 0C
76A616C8     CC             INT3
76A616C9     CC             INT3
76A616CA     CC             INT3
76A616CB     CC             INT3
76A616CC     CC             INT3
76A616CD >Ú$ 8BFF           MOV EDI,EDI
76A616CF  ³. 55             PUSH EBP
76A616D0  ³. 8BEC           MOV EBP,ESP
76A616D2  ³. 81EC 20010000  SUB ESP,120
76A616D8  ³. A1 2050A676    MOV EAX,DWORD PTR DS:[76A65020]
76A616DD  ³. 57             PUSH EDI
76A616DE  ³. 8B7D 0C        MOV EDI,DWORD PTR SS:[EBP+C]
76A616E1  ³. 8D8D E0FEFFFF  LEA ECX,DWORD PTR SS:[EBP-120]
76A616E7  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A616EA  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A616ED  ³. 51             PUSH ECX                                 ; ÚArg2
76A616EE  ³. 50             PUSH EAX                                 ; ³Arg1
76A616EF  ³. E8 E1FDFFFF    CALL 3ba1ea5.76A614D5                    ; À3ba1ea5.76A614D5
76A616F4  ³. 85C0           TEST EAX,EAX
76A616F6  ³.74 3E          JE SHORT 3ba1ea5.76A61736
76A616F8  ³. 8D85 FCFEFFFF  LEA EAX,DWORD PTR SS:[EBP-104]
76A616FE  ³. 8D48 01        LEA ECX,DWORD PTR DS:[EAX+1]
76A61701  ³> 8A10           ÚMOV DL,BYTE PTR DS:[EAX]
76A61703  ³. 40             ³INC EAX
76A61704  ³. 84D2           ³TEST DL,DL
76A61706  ³.75 F9          ÀJNZ SHORT 3ba1ea5.76A61701
76A61708  ³. 2BC1           SUB EAX,ECX
76A6170A  ³. 8D50 01        LEA EDX,DWORD PTR DS:[EAX+1]
76A6170D  ³. 3955 10        CMP DWORD PTR SS:[EBP+10],EDX
76A61710  ³. 8BC2           MOV EAX,EDX
76A61712  ³.73 03          JNB SHORT 3ba1ea5.76A61717
76A61714  ³. 8B45 10        MOV EAX,DWORD PTR SS:[EBP+10]
76A61717  ³> 53             PUSH EBX
76A61718  ³. 56             PUSH ESI
76A61719  ³. 8BC8           MOV ECX,EAX
76A6171B  ³. 8BD9           MOV EBX,ECX
76A6171D  ³. C1E9 02        SHR ECX,2
76A61720  ³. 8DB5 FCFEFFFF  LEA ESI,DWORD PTR SS:[EBP-104]
76A61726  ³. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
76A61728  ³. 8BCB           MOV ECX,EBX
76A6172A  ³. 83E1 03        AND ECX,3
76A6172D  ³. 3BC2           CMP EAX,EDX
76A6172F  ³. F3:A4          REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
76A61731  ³. 5E             POP ESI
76A61732  ³. 5B             POP EBX
76A61733  ³.75 01          JNZ SHORT 3ba1ea5.76A61736
76A61735  ³. 48             DEC EAX
76A61736  ³> 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
76A61739  ³. 5F             POP EDI
76A6173A  ³. E8 BA240000    CALL 3ba1ea5.76A63BF9
76A6173F  ³. C9             LEAVE
76A61740  À. C2 0C00        RETN 0C
76A61743     CC             INT3
76A61744     CC             INT3
76A61745     CC             INT3
76A61746     CC             INT3
76A61747     CC             INT3
76A61748 >Ú$ 8BFF           MOV EDI,EDI
76A6174A  ³. 55             PUSH EBP
76A6174B  ³. 8BEC           MOV EBP,ESP
76A6174D  ³. 81EC 20010000  SUB ESP,120
76A61753  ³. A1 2050A676    MOV EAX,DWORD PTR DS:[76A65020]
76A61758  ³. 57             PUSH EDI
76A61759  ³. 8B7D 0C        MOV EDI,DWORD PTR SS:[EBP+C]
76A6175C  ³. 8D8D E0FEFFFF  LEA ECX,DWORD PTR SS:[EBP-120]
76A61762  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A61765  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A61768  ³. 51             PUSH ECX                                 ; ÚArg2
76A61769  ³. 50             PUSH EAX                                 ; ³Arg1
76A6176A  ³. E8 66FDFFFF    CALL 3ba1ea5.76A614D5                    ; À3ba1ea5.76A614D5
76A6176F  ³. 85C0           TEST EAX,EAX
76A61771  ³.74 42          JE SHORT 3ba1ea5.76A617B5
76A61773  ³. 53             PUSH EBX
76A61774  ³. 56             PUSH ESI
76A61775  ³. 0FB7B5 FAFEFFF>MOVZX ESI,WORD PTR SS:[EBP-106]
76A6177C  ³. 8DB435 FCFEFFF>LEA ESI,DWORD PTR SS:[EBP+ESI-104]
76A61783  ³. 8BC6           MOV EAX,ESI
76A61785  ³. 8D48 01        LEA ECX,DWORD PTR DS:[EAX+1]
76A61788  ³> 8A10           ÚMOV DL,BYTE PTR DS:[EAX]
76A6178A  ³. 40             ³INC EAX
76A6178B  ³. 84D2           ³TEST DL,DL
76A6178D  ³.75 F9          ÀJNZ SHORT 3ba1ea5.76A61788
76A6178F  ³. 2BC1           SUB EAX,ECX
76A61791  ³. 8D50 01        LEA EDX,DWORD PTR DS:[EAX+1]
76A61794  ³. 3955 10        CMP DWORD PTR SS:[EBP+10],EDX
76A61797  ³. 8BC2           MOV EAX,EDX
76A61799  ³.73 03          JNB SHORT 3ba1ea5.76A6179E
76A6179B  ³. 8B45 10        MOV EAX,DWORD PTR SS:[EBP+10]
76A6179E  ³> 8BC8           MOV ECX,EAX
76A617A0  ³. 8BD9           MOV EBX,ECX
76A617A2  ³. C1E9 02        SHR ECX,2
76A617A5  ³. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
76A617A7  ³. 8BCB           MOV ECX,EBX
76A617A9  ³. 83E1 03        AND ECX,3
76A617AC  ³. 3BC2           CMP EAX,EDX
76A617AE  ³. F3:A4          REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
76A617B0  ³. 5E             POP ESI
76A617B1  ³. 5B             POP EBX
76A617B2  ³.75 01          JNZ SHORT 3ba1ea5.76A617B5
76A617B4  ³. 48             DEC EAX
76A617B5  ³> 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
76A617B8  ³. 5F             POP EDI
76A617B9  ³. E8 3B240000    CALL 3ba1ea5.76A63BF9
76A617BE  ³. C9             LEAVE
76A617BF  À. C2 0C00        RETN 0C
76A617C2     CC             INT3
76A617C3     CC             INT3
76A617C4     CC             INT3
76A617C5     CC             INT3
76A617C6     CC             INT3
76A617C7 >   8BFF           MOV EDI,EDI
76A617C9  Ú. 55             PUSH EBP
76A617CA  ³. 8BEC           MOV EBP,ESP
76A617CC  ³. 53             PUSH EBX
76A617CD  ³. 57             PUSH EDI
76A617CE  ³. 8B7D 10        MOV EDI,DWORD PTR SS:[EBP+10]
76A617D1  ³. 57             PUSH EDI                                 ; ÚSize
76A617D2  ³. 6A 00          PUSH 0                                   ; ³Flags = LMEM_FIXED
76A617D4  ³. FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A617DA  ³. 8BD8           MOV EBX,EAX
76A617DC  ³. 85DB           TEST EBX,EBX
76A617DE  ³.74 38          JE SHORT 3ba1ea5.76A61818
76A617E0  ³. 56             PUSH ESI
76A617E1  ³. 57             PUSH EDI                                 ; ÚArg3
76A617E2  ³. 53             PUSH EBX                                 ; ³Arg2
76A617E3  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A617E6  ³. E8 E2FEFFFF    CALL 3ba1ea5.GetDeviceDriverFileNameA    ; ÀGetDeviceDriverFileNameA
76A617EB  ³. 8BF0           MOV ESI,EAX
76A617ED  ³. 85F6           TEST ESI,ESI
76A617EF  ³.74 1B          JE SHORT 3ba1ea5.76A6180C
76A617F1  ³. 3BF7           CMP ESI,EDI
76A617F3  ³.73 03          JNB SHORT 3ba1ea5.76A617F8
76A617F5  ³. 8D46 01        LEA EAX,DWORD PTR DS:[ESI+1]
76A617F8  ³> 57             PUSH EDI                                 ; ÚWideBufSize
76A617F9  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³WideCharBuf
76A617FC  ³. 50             PUSH EAX                                 ; ³StringSize
76A617FD  ³. 53             PUSH EBX                                 ; ³StringToMap
76A617FE  ³. 6A 00          PUSH 0                                   ; ³Options = 0
76A61800  ³. 6A 00          PUSH 0                                   ; ³CodePage = CP_ACP
76A61802  ³. FF15 6410A676  CALL DWORD PTR DS:[<&KERNEL32.MultiByteT>; ÀMultiByteToWideChar
76A61808  ³. 85C0           TEST EAX,EAX
76A6180A  ³.75 02          JNZ SHORT 3ba1ea5.76A6180E
76A6180C  ³> 33F6           XOR ESI,ESI
76A6180E  ³> 53             PUSH EBX                                 ; ÚhMemory
76A6180F  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61815  ³. 8BC6           MOV EAX,ESI
76A61817  ³. 5E             POP ESI
76A61818  ³> 5F             POP EDI
76A61819  ³. 5B             POP EBX
76A6181A  ³. 5D             POP EBP
76A6181B  À. C2 0C00        RETN 0C
76A6181E     CC             INT3
76A6181F     CC             INT3
76A61820     CC             INT3
76A61821     CC             INT3
76A61822     CC             INT3
76A61823 >   8BFF           MOV EDI,EDI
76A61825  Ú. 55             PUSH EBP
76A61826  ³. 8BEC           MOV EBP,ESP
76A61828  ³. 53             PUSH EBX
76A61829  ³. 57             PUSH EDI
76A6182A  ³. 8B7D 10        MOV EDI,DWORD PTR SS:[EBP+10]
76A6182D  ³. 57             PUSH EDI                                 ; ÚSize
76A6182E  ³. 6A 00          PUSH 0                                   ; ³Flags = LMEM_FIXED
76A61830  ³. FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A61836  ³. 8BD8           MOV EBX,EAX
76A61838  ³. 85DB           TEST EBX,EBX
76A6183A  ³.74 38          JE SHORT 3ba1ea5.76A61874
76A6183C  ³. 56             PUSH ESI
76A6183D  ³. 57             PUSH EDI                                 ; ÚArg3
76A6183E  ³. 53             PUSH EBX                                 ; ³Arg2
76A6183F  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A61842  ³. E8 01FFFFFF    CALL 3ba1ea5.GetDeviceDriverBaseNameA    ; ÀGetDeviceDriverBaseNameA
76A61847  ³. 8BF0           MOV ESI,EAX
76A61849  ³. 85F6           TEST ESI,ESI
76A6184B  ³.74 1B          JE SHORT 3ba1ea5.76A61868
76A6184D  ³. 3BF7           CMP ESI,EDI
76A6184F  ³.73 03          JNB SHORT 3ba1ea5.76A61854
76A61851  ³. 8D46 01        LEA EAX,DWORD PTR DS:[ESI+1]
76A61854  ³> 57             PUSH EDI                                 ; ÚWideBufSize
76A61855  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³WideCharBuf
76A61858  ³. 50             PUSH EAX                                 ; ³StringSize
76A61859  ³. 53             PUSH EBX                                 ; ³StringToMap
76A6185A  ³. 6A 00          PUSH 0                                   ; ³Options = 0
76A6185C  ³. 6A 00          PUSH 0                                   ; ³CodePage = CP_ACP
76A6185E  ³. FF15 6410A676  CALL DWORD PTR DS:[<&KERNEL32.MultiByteT>; ÀMultiByteToWideChar
76A61864  ³. 85C0           TEST EAX,EAX
76A61866  ³.75 02          JNZ SHORT 3ba1ea5.76A6186A
76A61868  ³> 33F6           XOR ESI,ESI
76A6186A  ³> 53             PUSH EBX                                 ; ÚhMemory
76A6186B  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61871  ³. 8BC6           MOV EAX,ESI
76A61873  ³. 5E             POP ESI
76A61874  ³> 5F             POP EDI
76A61875  ³. 5B             POP EBX
76A61876  ³. 5D             POP EBP
76A61877  À. C2 0C00        RETN 0C
76A6187A     CC             INT3
76A6187B     CC             INT3
76A6187C     CC             INT3
76A6187D     CC             INT3
76A6187E     CC             INT3
76A6187F >Ú$ 8BFF           MOV EDI,EDI
76A61881  ³. 55             PUSH EBP
76A61882  ³. 8BEC           MOV EBP,ESP
76A61884  ³. 81EC 1C020000  SUB ESP,21C
76A6188A  ³. A1 2050A676    MOV EAX,DWORD PTR DS:[76A65020]
76A6188F  ³. 8B55 10        MOV EDX,DWORD PTR SS:[EBP+10]
76A61892  ³. 8B4D 0C        MOV ECX,DWORD PTR SS:[EBP+C]
76A61895  ³. 57             PUSH EDI
76A61896  ³. 8B7D 14        MOV EDI,DWORD PTR SS:[EBP+14]
76A61899  ³. 85FF           TEST EDI,EDI
76A6189B  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A6189E  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A618A1  ³. 8995 E8FDFFFF  MOV DWORD PTR SS:[EBP-218],EDX
76A618A7  ³.75 04          JNZ SHORT 3ba1ea5.76A618AD
76A618A9  ³. 6A 7A          PUSH 7A
76A618AB  ³.EB 29          JMP SHORT 3ba1ea5.76A618D6
76A618AD  ³> 8D95 E4FDFFFF  LEA EDX,DWORD PTR SS:[EBP-21C]
76A618B3  ³. 52             PUSH EDX
76A618B4  ³. 68 10020000    PUSH 210
76A618B9  ³. 8D95 ECFDFFFF  LEA EDX,DWORD PTR SS:[EBP-214]
76A618BF  ³. 52             PUSH EDX
76A618C0  ³. 6A 02          PUSH 2
76A618C2  ³. 51             PUSH ECX
76A618C3  ³. 50             PUSH EAX
76A618C4  ³. FF15 DC10A676  CALL DWORD PTR DS:[<&ntdll.NtQueryVirtua>;  ntdll.ZwQueryVirtualMemory
76A618CA  ³. 85C0           TEST EAX,EAX
76A618CC  ³.7D 12          JGE SHORT 3ba1ea5.76A618E0
76A618CE  ³. 50             PUSH EAX
76A618CF  ³. FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A618D5  ³. 50             PUSH EAX                                 ; ÚError
76A618D6  ³> FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A618DC  ³. 33C0           XOR EAX,EAX
76A618DE  ³.EB 53          JMP SHORT 3ba1ea5.76A61933
76A618E0  ³> 53             PUSH EBX
76A618E1  ³. 0FB79D ECFDFFF>MOVZX EBX,WORD PTR SS:[EBP-214]
76A618E8  ³. D1EB           SHR EBX,1
76A618EA  ³. 8D43 01        LEA EAX,DWORD PTR DS:[EBX+1]
76A618ED  ³. 3BF8           CMP EDI,EAX
76A618EF  ³. 56             PUSH ESI
76A618F0  ³. 8BF3           MOV ESI,EBX
76A618F2  ³.73 09          JNB SHORT 3ba1ea5.76A618FD
76A618F4  ³. 8D77 FF        LEA ESI,DWORD PTR DS:[EDI-1]
76A618F7  ³. 8BDF           MOV EBX,EDI
76A618F9  ³. 6A 7A          PUSH 7A
76A618FB  ³.EB 02          JMP SHORT 3ba1ea5.76A618FF
76A618FD  ³> 6A 00          PUSH 0                                   ; ÚError = ERROR_SUCCESS
76A618FF  ³> FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61905  ³. 8BBD E8FDFFFF  MOV EDI,DWORD PTR SS:[EBP-218]
76A6190B  ³. 8D0436         LEA EAX,DWORD PTR DS:[ESI+ESI]
76A6190E  ³. 8BB5 F0FDFFFF  MOV ESI,DWORD PTR SS:[EBP-210]
76A61914  ³. 8BC8           MOV ECX,EAX
76A61916  ³. 8BD1           MOV EDX,ECX
76A61918  ³. C1E9 02        SHR ECX,2
76A6191B  ³. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
76A6191D  ³. 8BCA           MOV ECX,EDX
76A6191F  ³. 83E1 03        AND ECX,3
76A61922  ³. F3:A4          REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
76A61924  ³. 8B8D E8FDFFFF  MOV ECX,DWORD PTR SS:[EBP-218]
76A6192A  ³. 66:832408 00   AND WORD PTR DS:[EAX+ECX],0
76A6192F  ³. 5E             POP ESI
76A61930  ³. 8BC3           MOV EAX,EBX
76A61932  ³. 5B             POP EBX
76A61933  ³> 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
76A61936  ³. 5F             POP EDI
76A61937  ³. E8 BD220000    CALL 3ba1ea5.76A63BF9
76A6193C  ³. C9             LEAVE
76A6193D  À. C2 1000        RETN 10
76A61940     CC             INT3
76A61941     CC             INT3
76A61942     CC             INT3
76A61943     CC             INT3
76A61944     CC             INT3
76A61945 >   8BFF           MOV EDI,EDI
76A61947  Ú. 55             PUSH EBP
76A61948  ³. 8BEC           MOV EBP,ESP
76A6194A  ³. 53             PUSH EBX
76A6194B  ³. 56             PUSH ESI
76A6194C  ³. 8B75 14        MOV ESI,DWORD PTR SS:[EBP+14]
76A6194F  ³. 57             PUSH EDI
76A61950  ³. 8D0436         LEA EAX,DWORD PTR DS:[ESI+ESI]
76A61953  ³. 50             PUSH EAX                                 ; ÚSize
76A61954  ³. 33FF           XOR EDI,EDI                              ; ³
76A61956  ³. 57             PUSH EDI                                 ; ³Flags => LMEM_FIXED
76A61957  ³. FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A6195D  ³. 8BD8           MOV EBX,EAX
76A6195F  ³. 3BDF           CMP EBX,EDI
76A61961  ³.75 04          JNZ SHORT 3ba1ea5.76A61967
76A61963  ³. 33C0           XOR EAX,EAX
76A61965  ³.EB 36          JMP SHORT 3ba1ea5.76A6199D
76A61967  ³> 56             PUSH ESI                                 ; ÚArg4
76A61968  ³. 53             PUSH EBX                                 ; ³Arg3
76A61969  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³Arg2
76A6196C  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A6196F  ³. E8 0BFFFFFF    CALL 3ba1ea5.GetMappedFileNameW          ; ÀGetMappedFileNameW
76A61974  ³. 3BC6           CMP EAX,ESI
76A61976  ³. 8945 14        MOV DWORD PTR SS:[EBP+14],EAX
76A61979  ³.73 01          JNB SHORT 3ba1ea5.76A6197C
76A6197B  ³. 40             INC EAX
76A6197C  ³> 57             PUSH EDI                                 ; ÚpDefaultCharUsed
76A6197D  ³. 57             PUSH EDI                                 ; ³pDefaultChar
76A6197E  ³. 56             PUSH ESI                                 ; ³MultiByteCount
76A6197F  ³. FF75 10        PUSH DWORD PTR SS:[EBP+10]               ; ³MultiByteStr
76A61982  ³. 50             PUSH EAX                                 ; ³WideCharCount
76A61983  ³. 53             PUSH EBX                                 ; ³WideCharStr
76A61984  ³. 57             PUSH EDI                                 ; ³Options
76A61985  ³. 57             PUSH EDI                                 ; ³CodePage
76A61986  ³. FF15 6810A676  CALL DWORD PTR DS:[<&KERNEL32.WideCharTo>; ÀWideCharToMultiByte
76A6198C  ³. 85C0           TEST EAX,EAX
76A6198E  ³.75 03          JNZ SHORT 3ba1ea5.76A61993
76A61990  ³. 897D 14        MOV DWORD PTR SS:[EBP+14],EDI
76A61993  ³> 53             PUSH EBX                                 ; ÚhMemory
76A61994  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A6199A  ³. 8B45 14        MOV EAX,DWORD PTR SS:[EBP+14]
76A6199D  ³> 5F             POP EDI
76A6199E  ³. 5E             POP ESI
76A6199F  ³. 5B             POP EBX
76A619A0  ³. 5D             POP EBP
76A619A1  À. C2 1000        RETN 10
76A619A4     CC             INT3
76A619A5     CC             INT3
76A619A6     CC             INT3
76A619A7     CC             INT3
76A619A8     CC             INT3
76A619A9  Ú$ 8BFF           MOV EDI,EDI
76A619AB  ³. 55             PUSH EBP
76A619AC  ³. 8BEC           MOV EBP,ESP
76A619AE  ³. 83EC 24        SUB ESP,24
76A619B1  ³. 57             PUSH EDI
76A619B2  ³. 33FF           XOR EDI,EDI
76A619B4  ³. 57             PUSH EDI                                 ; ÚpReqsize => NULL
76A619B5  ³. 6A 18          PUSH 18                                  ; ³Bufsize = 18 (24.)
76A619B7  ³. 8D45 DC        LEA EAX,DWORD PTR SS:[EBP-24]            ; ³
76A619BA  ³. 50             PUSH EAX                                 ; ³Buffer
76A619BB  ³. 57             PUSH EDI                                 ; ³InfoClass => 0
76A619BC  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A619BF  ³. FF15 D810A676  CALL DWORD PTR DS:[<&ntdll.NtQueryInform>; ÀZwQueryInformationProcess
76A619C5  ³. 3BC7           CMP EAX,EDI
76A619C7  ³.7D 15          JGE SHORT 3ba1ea5.76A619DE
76A619C9  ³. 50             PUSH EAX
76A619CA  ³. FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A619D0  ³. 50             PUSH EAX                                 ; ÚError
76A619D1  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A619D7  ³. 33C0           XOR EAX,EAX
76A619D9  ³.E9 9D000000    JMP 3ba1ea5.76A61A7B
76A619DE  ³> 397D 0C        CMP DWORD PTR SS:[EBP+C],EDI
76A619E1  ³. 8B45 E0        MOV EAX,DWORD PTR SS:[EBP-20]
76A619E4  ³. 53             PUSH EBX
76A619E5  ³. 56             PUSH ESI
76A619E6  ³. 8B35 6C10A676  MOV ESI,DWORD PTR DS:[<&KERNEL32.ReadPro>;  kernel32.ReadProcessMemory
76A619EC  ³. 8BD8           MOV EBX,EAX
76A619EE  ³.75 14          JNZ SHORT 3ba1ea5.76A61A04
76A619F0  ³. 57             PUSH EDI                                 ; ÚpBytesRead
76A619F1  ³. 6A 04          PUSH 4                                   ; ³BytesToRead = 4
76A619F3  ³. 8D4D 0C        LEA ECX,DWORD PTR SS:[EBP+C]             ; ³
76A619F6  ³. 51             PUSH ECX                                 ; ³Buffer
76A619F7  ³. 83C0 08        ADD EAX,8                                ; ³
76A619FA  ³. 50             PUSH EAX                                 ; ³pBaseAddress
76A619FB  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A619FE  ³. FFD6           CALL ESI                                 ; ÀReadProcessMemory
76A61A00  ³. 85C0           TEST EAX,EAX
76A61A02  ³.74 73          JE SHORT 3ba1ea5.76A61A77
76A61A04  ³> 57             PUSH EDI
76A61A05  ³. 6A 04          PUSH 4
76A61A07  ³. 8D45 F4        LEA EAX,DWORD PTR SS:[EBP-C]
76A61A0A  ³. 50             PUSH EAX
76A61A0B  ³. 83C3 0C        ADD EBX,0C
76A61A0E  ³. 53             PUSH EBX
76A61A0F  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A61A12  ³. FFD6           CALL ESI
76A61A14  ³. 85C0           TEST EAX,EAX
76A61A16  ³.74 5F          JE SHORT 3ba1ea5.76A61A77
76A61A18  ³. 8B45 F4        MOV EAX,DWORD PTR SS:[EBP-C]
76A61A1B  ³. 3BC7           CMP EAX,EDI
76A61A1D  ³.74 50          JE SHORT 3ba1ea5.76A61A6F
76A61A1F  ³. 57             PUSH EDI
76A61A20  ³. 8D58 14        LEA EBX,DWORD PTR DS:[EAX+14]
76A61A23  ³. 6A 04          PUSH 4
76A61A25  ³. 8D45 F8        LEA EAX,DWORD PTR SS:[EBP-8]
76A61A28  ³. 50             PUSH EAX
76A61A29  ³. 53             PUSH EBX
76A61A2A  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A61A2D  ³. FFD6           CALL ESI
76A61A2F  ³. 85C0           TEST EAX,EAX
76A61A31  ³.74 44          JE SHORT 3ba1ea5.76A61A77
76A61A33  ³. 8B45 F8        MOV EAX,DWORD PTR SS:[EBP-8]
76A61A36  ³. 897D FC        MOV DWORD PTR SS:[EBP-4],EDI
76A61A39  ³.EB 30          JMP SHORT 3ba1ea5.76A61A6B
76A61A3B  ³> 57             ÚPUSH EDI
76A61A3C  ³. 6A 50          ³PUSH 50
76A61A3E  ³. FF75 10        ³PUSH DWORD PTR SS:[EBP+10]
76A61A41  ³. 83C0 F8        ³ADD EAX,-8
76A61A44  ³. 50             ³PUSH EAX
76A61A45  ³. FF75 08        ³PUSH DWORD PTR SS:[EBP+8]
76A61A48  ³. FFD6           ³CALL ESI
76A61A4A  ³. 85C0           ³TEST EAX,EAX
76A61A4C  ³.74 29          ³JE SHORT 3ba1ea5.76A61A77
76A61A4E  ³. 8B45 10        ³MOV EAX,DWORD PTR SS:[EBP+10]
76A61A51  ³. 8B48 18        ³MOV ECX,DWORD PTR DS:[EAX+18]
76A61A54  ³. 3B4D 0C        ³CMP ECX,DWORD PTR SS:[EBP+C]
76A61A57  ³.74 27          ³JE SHORT 3ba1ea5.76A61A80
76A61A59  ³. FF45 FC        ³INC DWORD PTR SS:[EBP-4]
76A61A5C  ³. 817D FC 102700>³CMP DWORD PTR SS:[EBP-4],2710
76A61A63  ³. 8B40 08        ³MOV EAX,DWORD PTR DS:[EAX+8]
76A61A66  ³. 8945 F8        ³MOV DWORD PTR SS:[EBP-8],EAX
76A61A69  ³.77 04          ³JA SHORT 3ba1ea5.76A61A6F
76A61A6B  ³> 3BC3            CMP EAX,EBX
76A61A6D  ³.75 CC          ÀJNZ SHORT 3ba1ea5.76A61A3B
76A61A6F  ³> 6A 06          PUSH 6                                   ; ÚError = ERROR_INVALID_HANDLE
76A61A71  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61A77  ³> 33C0           XOR EAX,EAX
76A61A79  ³> 5E             POP ESI
76A61A7A  ³. 5B             POP EBX
76A61A7B  ³> 5F             POP EDI
76A61A7C  ³. C9             LEAVE
76A61A7D  ³. C2 0C00        RETN 0C
76A61A80  ³> 33C0           XOR EAX,EAX
76A61A82  ³. 40             INC EAX
76A61A83  À.EB F4          JMP SHORT 3ba1ea5.76A61A79
76A61A85     CC             INT3
76A61A86     CC             INT3
76A61A87     CC             INT3
76A61A88     CC             INT3
76A61A89     CC             INT3
76A61A8A > $ 68 88000000    PUSH 88
76A61A8F   . 68 2811A676    PUSH 3ba1ea5.76A61128
76A61A94   . E8 7F220000    CALL 3ba1ea5.76A63D18
76A61A99   . 33DB           XOR EBX,EBX
76A61A9B   . 53             PUSH EBX                                 ; ÚpReqsize => NULL
76A61A9C   . 6A 18          PUSH 18                                  ; ³Bufsize = 18 (24.)
76A61A9E   . 8D45 B8        LEA EAX,DWORD PTR SS:[EBP-48]            ; ³
76A61AA1   . 50             PUSH EAX                                 ; ³Buffer
76A61AA2   . 53             PUSH EBX                                 ; ³InfoClass => 0
76A61AA3   . FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A61AA6   . FF15 D810A676  CALL DWORD PTR DS:[<&ntdll.NtQueryInform>; ÀZwQueryInformationProcess
76A61AAC   . 3BC3           CMP EAX,EBX
76A61AAE   .7D 0D          JGE SHORT 3ba1ea5.76A61ABD
76A61AB0   . 50             PUSH EAX
76A61AB1   > FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A61AB7   . 50             PUSH EAX
76A61AB8   .E9 9C000000    JMP 3ba1ea5.76A61B59
76A61ABD   > 8B45 BC        MOV EAX,DWORD PTR SS:[EBP-44]
76A61AC0   . 3BC3           CMP EAX,EBX
76A61AC2   .75 07          JNZ SHORT 3ba1ea5.76A61ACB
76A61AC4   . 68 0D000080    PUSH 8000000D
76A61AC9   .EB E6          JMP SHORT 3ba1ea5.76A61AB1
76A61ACB   > 53             PUSH EBX                                 ; ÚpBytesRead
76A61ACC   . 6A 04          PUSH 4                                   ; ³BytesToRead = 4
76A61ACE   . 8D4D DC        LEA ECX,DWORD PTR SS:[EBP-24]            ; ³
76A61AD1   . 51             PUSH ECX                                 ; ³Buffer
76A61AD2   . 83C0 0C        ADD EAX,0C                               ; ³
76A61AD5   . 50             PUSH EAX                                 ; ³pBaseAddress
76A61AD6   . FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A61AD9   . 8B35 6C10A676  MOV ESI,DWORD PTR DS:[<&KERNEL32.ReadPro>; ³kernel32.ReadProcessMemory
76A61ADF   . FFD6           CALL ESI                                 ; ÀReadProcessMemory
76A61AE1   . 85C0           TEST EAX,EAX
76A61AE3   .0F84 D5000000  JE 3ba1ea5.76A61BBE
76A61AE9   . 8B45 DC        MOV EAX,DWORD PTR SS:[EBP-24]
76A61AEC   . 83C0 14        ADD EAX,14
76A61AEF   . 8945 D8        MOV DWORD PTR SS:[EBP-28],EAX
76A61AF2   . 53             PUSH EBX                                 ; ÚpBytesRead
76A61AF3   . 6A 04          PUSH 4                                   ; ³BytesToRead = 4
76A61AF5   . 8D4D E0        LEA ECX,DWORD PTR SS:[EBP-20]            ; ³
76A61AF8   . 51             PUSH ECX                                 ; ³Buffer
76A61AF9   . 50             PUSH EAX                                 ; ³pBaseAddress
76A61AFA   . FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A61AFD   . FFD6           CALL ESI                                 ; ÀReadProcessMemory
76A61AFF   . 85C0           TEST EAX,EAX
76A61B01   .0F84 B7000000  JE 3ba1ea5.76A61BBE
76A61B07   . 8B7D 10        MOV EDI,DWORD PTR SS:[EBP+10]
76A61B0A   . C1EF 02        SHR EDI,2
76A61B0D   . 895D E4        MOV DWORD PTR SS:[EBP-1C],EBX
76A61B10   . 8B45 E0        MOV EAX,DWORD PTR SS:[EBP-20]
76A61B13   > 3B45 D8        CMP EAX,DWORD PTR SS:[EBP-28]
76A61B16   .74 6A          JE SHORT 3ba1ea5.76A61B82
76A61B18   . 83C0 F8        ADD EAX,-8
76A61B1B   . 53             PUSH EBX
76A61B1C   . 6A 50          PUSH 50
76A61B1E   . 8D8D 68FFFFFF  LEA ECX,DWORD PTR SS:[EBP-98]
76A61B24   . 51             PUSH ECX
76A61B25   . 50             PUSH EAX
76A61B26   . FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A61B29   . FFD6           CALL ESI
76A61B2B   . 85C0           TEST EAX,EAX
76A61B2D   .0F84 8B000000  JE 3ba1ea5.76A61BBE
76A61B33   . 397D E4        CMP DWORD PTR SS:[EBP-1C],EDI
76A61B36   .73 13          JNB SHORT 3ba1ea5.76A61B4B
76A61B38   . 895D FC        MOV DWORD PTR SS:[EBP-4],EBX
76A61B3B   . 8B45 80        MOV EAX,DWORD PTR SS:[EBP-80]
76A61B3E   . 8B4D 0C        MOV ECX,DWORD PTR SS:[EBP+C]
76A61B41   . 8B55 E4        MOV EDX,DWORD PTR SS:[EBP-1C]
76A61B44   . 890491         MOV DWORD PTR DS:[ECX+EDX*4],EAX
76A61B47   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61B4B   > FF45 E4        INC DWORD PTR SS:[EBP-1C]
76A61B4E   . 817D E4 102700>CMP DWORD PTR SS:[EBP-1C],2710
76A61B55   .76 20          JBE SHORT 3ba1ea5.76A61B77
76A61B57   . 6A 06          PUSH 6                                   ; ÚError = ERROR_INVALID_HANDLE
76A61B59   > FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61B5F   .EB 5D          JMP SHORT 3ba1ea5.76A61BBE
76A61B61   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-14]
76A61B64   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A61B66   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A61B68   . 8945 D4        MOV DWORD PTR SS:[EBP-2C],EAX
76A61B6B   . 33C0           XOR EAX,EAX
76A61B6D   . 40             INC EAX
76A61B6E   . C3             RETN
76A61B6F   . 8B65 E8        MOV ESP,DWORD PTR SS:[EBP-18]
76A61B72   . FF75 D4        PUSH DWORD PTR SS:[EBP-2C]
76A61B75   .EB 36          JMP SHORT 3ba1ea5.76A61BAD
76A61B77   > 8B85 70FFFFFF  MOV EAX,DWORD PTR SS:[EBP-90]
76A61B7D   . 8945 E0        MOV DWORD PTR SS:[EBP-20],EAX
76A61B80   .EB 91          JMP SHORT 3ba1ea5.76A61B13
76A61B82   > 33C0           XOR EAX,EAX
76A61B84   . 40             INC EAX
76A61B85   . 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A61B88   . 8B4D E4        MOV ECX,DWORD PTR SS:[EBP-1C]
76A61B8B   . C1E1 02        SHL ECX,2
76A61B8E   . 8B55 14        MOV EDX,DWORD PTR SS:[EBP+14]
76A61B91   . 890A           MOV DWORD PTR DS:[EDX],ECX
76A61B93   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61B97   .EB 27          JMP SHORT 3ba1ea5.76A61BC0
76A61B99   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-14]
76A61B9C   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A61B9E   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A61BA0   . 8945 D0        MOV DWORD PTR SS:[EBP-30],EAX
76A61BA3   . 33C0           XOR EAX,EAX
76A61BA5   . 40             INC EAX
76A61BA6   . C3             RETN
76A61BA7   . 8B65 E8        MOV ESP,DWORD PTR SS:[EBP-18]
76A61BAA   . FF75 D0        PUSH DWORD PTR SS:[EBP-30]
76A61BAD   > FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A61BB3   . 50             PUSH EAX                                 ; ÚError
76A61BB4   . FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61BBA   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61BBE   > 33C0           XOR EAX,EAX
76A61BC0   > E8 8E210000    CALL 3ba1ea5.76A63D53
76A61BC5   . C2 1000        RETN 10
76A61BC8     CC             INT3
76A61BC9     CC             INT3
76A61BCA     CC             INT3
76A61BCB     CC             INT3
76A61BCC     CC             INT3
76A61BCD >Ú$ 8BFF           MOV EDI,EDI
76A61BCF  ³. 55             PUSH EBP
76A61BD0  ³. 8BEC           MOV EBP,ESP
76A61BD2  ³. 83EC 50        SUB ESP,50
76A61BD5  ³. 8D45 B0        LEA EAX,DWORD PTR SS:[EBP-50]
76A61BD8  ³. 50             PUSH EAX                                 ; ÚArg3
76A61BD9  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³Arg2
76A61BDC  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A61BDF  ³. E8 C5FDFFFF    CALL 3ba1ea5.76A619A9                    ; À3ba1ea5.76A619A9
76A61BE4  ³. 85C0           TEST EAX,EAX
76A61BE6  ³.74 59          JE SHORT 3ba1ea5.76A61C41
76A61BE8  ³. 56             PUSH ESI
76A61BE9  ³. 0FB775 D4      MOVZX ESI,WORD PTR SS:[EBP-2C]
76A61BED  ³. 57             PUSH EDI
76A61BEE  ³. 8B7D 14        MOV EDI,DWORD PTR SS:[EBP+14]
76A61BF1  ³. 03FF           ADD EDI,EDI
76A61BF3  ³. 46             INC ESI
76A61BF4  ³. 46             INC ESI
76A61BF5  ³. 3BFE           CMP EDI,ESI
76A61BF7  ³.73 02          JNB SHORT 3ba1ea5.76A61BFB
76A61BF9  ³. 8BF7           MOV ESI,EDI
76A61BFB  ³> 53             PUSH EBX
76A61BFC  ³. 8B5D 10        MOV EBX,DWORD PTR SS:[EBP+10]
76A61BFF  ³. 6A 00          PUSH 0                                   ; ÚpBytesRead = NULL
76A61C01  ³. 56             PUSH ESI                                 ; ³BytesToRead
76A61C02  ³. 53             PUSH EBX                                 ; ³Buffer
76A61C03  ³. FF75 D8        PUSH DWORD PTR SS:[EBP-28]               ; ³pBaseAddress
76A61C06  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A61C09  ³. FF15 6C10A676  CALL DWORD PTR DS:[<&KERNEL32.ReadProces>; ÀReadProcessMemory
76A61C0F  ³. 85C0           TEST EAX,EAX
76A61C11  ³.74 2B          JE SHORT 3ba1ea5.76A61C3E
76A61C13  ³. 0FB745 D4      MOVZX EAX,WORD PTR SS:[EBP-2C]
76A61C17  ³. 40             INC EAX
76A61C18  ³. 40             INC EAX
76A61C19  ³. 3BF0           CMP ESI,EAX
76A61C1B  ³.75 02          JNZ SHORT 3ba1ea5.76A61C1F
76A61C1D  ³. 4E             DEC ESI
76A61C1E  ³. 4E             DEC ESI
76A61C1F  ³> 3BF7           CMP ESI,EDI
76A61C21  ³.73 0B          JNB SHORT 3ba1ea5.76A61C2E
76A61C23  ³. 8BC6           MOV EAX,ESI
76A61C25  ³. D1E8           SHR EAX,1
76A61C27  ³. 66:832443 00   AND WORD PTR DS:[EBX+EAX*2],0
76A61C2C  ³.EB 0C          JMP SHORT 3ba1ea5.76A61C3A
76A61C2E  ³> 85FF           TEST EDI,EDI
76A61C30  ³.76 08          JBE SHORT 3ba1ea5.76A61C3A
    continued below

    i had no idea how many people in ca are on mpgh...i went in a game, and there was a room called "lol2much fly hack" and everybody had it...it was fun...



  5. 07-28-2009 #19
    LuckiiEmoo
    LuckiiEmoo is offline
    Member
    LuckiiEmoo's Avatar
    Join Date
    May 2009
    Gender
    male
    Posts
    114
    Reputation
    11
    Thanks
    69
    My Mood
    Amused
    Send a message via Birdie™ to LuckiiEmoo
    Quote Originally Posted by NeonNoise View Post
    i cant find these what is the full name
    .v3d..
    v3warpds.v3d and v3warpns.v3d
  6. 07-28-2009 #20
    Grim
    Grim is offline
    Threadstarter
    MPGH Lord
    MPGH Member
    Grim's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    5,359
    Reputation
    112
    Thanks
    3,786
    My Mood
    Cynical
    Send a message via Birdie™ to Grim United States
    Quote Originally Posted by LuckiiEmoo View Post
    Then RENAME THE BYPASS TO ANYTHING..
    dude i always delete those files and i've had my bypass named to English.dll since i started using it.. your just lucky you havent downloaded the update yet.. but you will and you'll be in the same boat as the rest of us..

    Also there are a ton of files that have been modified on 7/28/2009 at 3:32 PM which was about 10 - 20 minutes ago.... i've deleted all of them not only in the CA folder but in the HShield folder and its sub folders.. no change..
    Want to see my programs?
    \/ CLICK IT BITCHES \/
  7. 07-28-2009 #21
    kcfreak
    kcfreak is offline
    Member
    kcfreak's Avatar
    Join Date
    Mar 2009
    Gender
    male
    Location
    KC
    Posts
    128
    Reputation
    10
    Thanks
    9
    My Mood
    Amazed
    Send a message via Birdie™ to kcfreak
    yeh i wouldnt try anything until after the patch, it wouldnt b worth doing all that just for them to patch it all over
  8. 07-28-2009 #22
    lolz2much
    lolz2much is offline
    Expert Member
    MPGH Member
    lolz2much's Avatar
    Join Date
    Jan 2009
    Gender
    male
    Posts
    743
    Reputation
    28
    Thanks
    807
    My Mood
    Amused
    Send a message via Birdie™ to lolz2much United States
    Code:
    76A61C32  ³. D1EF           SHR EDI,1
76A61C34  ³. 66:83647B FE 0>AND WORD PTR DS:[EBX+EDI*2-2],0
76A61C3A  ³> 8BC6           MOV EAX,ESI
76A61C3C  ³. D1E8           SHR EAX,1
76A61C3E  ³> 5B             POP EBX
76A61C3F  ³. 5F             POP EDI
76A61C40  ³. 5E             POP ESI
76A61C41  ³> C9             LEAVE
76A61C42  À. C2 1000        RETN 10
76A61C45     CC             INT3
76A61C46     CC             INT3
76A61C47     CC             INT3
76A61C48     CC             INT3
76A61C49     CC             INT3
76A61C4A >   8BFF           MOV EDI,EDI
76A61C4C  Ú. 55             PUSH EBP
76A61C4D  ³. 8BEC           MOV EBP,ESP
76A61C4F  ³. 53             PUSH EBX
76A61C50  ³. 56             PUSH ESI
76A61C51  ³. 8B75 14        MOV ESI,DWORD PTR SS:[EBP+14]
76A61C54  ³. 8D0436         LEA EAX,DWORD PTR DS:[ESI+ESI]
76A61C57  ³. 50             PUSH EAX                                 ; ÚSize
76A61C58  ³. 33DB           XOR EBX,EBX                              ; ³
76A61C5A  ³. 53             PUSH EBX                                 ; ³Flags => LMEM_FIXED
76A61C5B  ³. FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A61C61  ³. 3BC3           CMP EAX,EBX
76A61C63  ³. 8945 14        MOV DWORD PTR SS:[EBP+14],EAX
76A61C66  ³.75 04          JNZ SHORT 3ba1ea5.76A61C6C
76A61C68  ³. 33C0           XOR EAX,EAX
76A61C6A  ³.EB 3B          JMP SHORT 3ba1ea5.76A61CA7
76A61C6C  ³> 57             PUSH EDI
76A61C6D  ³. 56             PUSH ESI                                 ; ÚArg4
76A61C6E  ³. 50             PUSH EAX                                 ; ³Arg3
76A61C6F  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³Arg2
76A61C72  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A61C75  ³. E8 53FFFFFF    CALL 3ba1ea5.GetModuleFileNameExW        ; ÀGetModuleFileNameExW
76A61C7A  ³. 8BF8           MOV EDI,EAX
76A61C7C  ³. 3BFE           CMP EDI,ESI
76A61C7E  ³.73 03          JNB SHORT 3ba1ea5.76A61C83
76A61C80  ³. 8D47 01        LEA EAX,DWORD PTR DS:[EDI+1]
76A61C83  ³> 53             PUSH EBX                                 ; ÚpDefaultCharUsed
76A61C84  ³. 53             PUSH EBX                                 ; ³pDefaultChar
76A61C85  ³. 56             PUSH ESI                                 ; ³MultiByteCount
76A61C86  ³. FF75 10        PUSH DWORD PTR SS:[EBP+10]               ; ³MultiByteStr
76A61C89  ³. 50             PUSH EAX                                 ; ³WideCharCount
76A61C8A  ³. FF75 14        PUSH DWORD PTR SS:[EBP+14]               ; ³WideCharStr
76A61C8D  ³. 53             PUSH EBX                                 ; ³Options
76A61C8E  ³. 53             PUSH EBX                                 ; ³CodePage
76A61C8F  ³. FF15 6810A676  CALL DWORD PTR DS:[<&KERNEL32.WideCharTo>; ÀWideCharToMultiByte
76A61C95  ³. 85C0           TEST EAX,EAX
76A61C97  ³.75 02          JNZ SHORT 3ba1ea5.76A61C9B
76A61C99  ³. 33FF           XOR EDI,EDI
76A61C9B  ³> FF75 14        PUSH DWORD PTR SS:[EBP+14]               ; ÚhMemory
76A61C9E  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61CA4  ³. 8BC7           MOV EAX,EDI
76A61CA6  ³. 5F             POP EDI
76A61CA7  ³> 5E             POP ESI
76A61CA8  ³. 5B             POP EBX
76A61CA9  ³. 5D             POP EBP
76A61CAA  À. C2 1000        RETN 10
76A61CAD     CC             INT3
76A61CAE     CC             INT3
76A61CAF     CC             INT3
76A61CB0     CC             INT3
76A61CB1     CC             INT3
76A61CB2 >Ú$ 8BFF           MOV EDI,EDI
76A61CB4  ³. 55             PUSH EBP
76A61CB5  ³. 8BEC           MOV EBP,ESP
76A61CB7  ³. 83EC 50        SUB ESP,50
76A61CBA  ³. 8D45 B0        LEA EAX,DWORD PTR SS:[EBP-50]
76A61CBD  ³. 50             PUSH EAX                                 ; ÚArg3
76A61CBE  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³Arg2
76A61CC1  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A61CC4  ³. E8 E0FCFFFF    CALL 3ba1ea5.76A619A9                    ; À3ba1ea5.76A619A9
76A61CC9  ³. 85C0           TEST EAX,EAX
76A61CCB  ³.74 59          JE SHORT 3ba1ea5.76A61D26
76A61CCD  ³. 56             PUSH ESI
76A61CCE  ³. 0FB775 DC      MOVZX ESI,WORD PTR SS:[EBP-24]
76A61CD2  ³. 57             PUSH EDI
76A61CD3  ³. 8B7D 14        MOV EDI,DWORD PTR SS:[EBP+14]
76A61CD6  ³. 03FF           ADD EDI,EDI
76A61CD8  ³. 46             INC ESI
76A61CD9  ³. 46             INC ESI
76A61CDA  ³. 3BFE           CMP EDI,ESI
76A61CDC  ³.73 02          JNB SHORT 3ba1ea5.76A61CE0
76A61CDE  ³. 8BF7           MOV ESI,EDI
76A61CE0  ³> 53             PUSH EBX
76A61CE1  ³. 8B5D 10        MOV EBX,DWORD PTR SS:[EBP+10]
76A61CE4  ³. 6A 00          PUSH 0                                   ; ÚpBytesRead = NULL
76A61CE6  ³. 56             PUSH ESI                                 ; ³BytesToRead
76A61CE7  ³. 53             PUSH EBX                                 ; ³Buffer
76A61CE8  ³. FF75 E0        PUSH DWORD PTR SS:[EBP-20]               ; ³pBaseAddress
76A61CEB  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A61CEE  ³. FF15 6C10A676  CALL DWORD PTR DS:[<&KERNEL32.ReadProces>; ÀReadProcessMemory
76A61CF4  ³. 85C0           TEST EAX,EAX
76A61CF6  ³.74 2B          JE SHORT 3ba1ea5.76A61D23
76A61CF8  ³. 0FB745 DC      MOVZX EAX,WORD PTR SS:[EBP-24]
76A61CFC  ³. 40             INC EAX
76A61CFD  ³. 40             INC EAX
76A61CFE  ³. 3BF0           CMP ESI,EAX
76A61D00  ³.75 02          JNZ SHORT 3ba1ea5.76A61D04
76A61D02  ³. 4E             DEC ESI
76A61D03  ³. 4E             DEC ESI
76A61D04  ³> 3BF7           CMP ESI,EDI
76A61D06  ³.73 0B          JNB SHORT 3ba1ea5.76A61D13
76A61D08  ³. 8BC6           MOV EAX,ESI
76A61D0A  ³. D1E8           SHR EAX,1
76A61D0C  ³. 66:832443 00   AND WORD PTR DS:[EBX+EAX*2],0
76A61D11  ³.EB 0C          JMP SHORT 3ba1ea5.76A61D1F
76A61D13  ³> 85FF           TEST EDI,EDI
76A61D15  ³.76 08          JBE SHORT 3ba1ea5.76A61D1F
76A61D17  ³. D1EF           SHR EDI,1
76A61D19  ³. 66:83647B FE 0>AND WORD PTR DS:[EBX+EDI*2-2],0
76A61D1F  ³> 8BC6           MOV EAX,ESI
76A61D21  ³. D1E8           SHR EAX,1
76A61D23  ³> 5B             POP EBX
76A61D24  ³. 5F             POP EDI
76A61D25  ³. 5E             POP ESI
76A61D26  ³> C9             LEAVE
76A61D27  À. C2 1000        RETN 10
76A61D2A     CC             INT3
76A61D2B     CC             INT3
76A61D2C     CC             INT3
76A61D2D     CC             INT3
76A61D2E     CC             INT3
76A61D2F >   8BFF           MOV EDI,EDI
76A61D31  Ú. 55             PUSH EBP
76A61D32  ³. 8BEC           MOV EBP,ESP
76A61D34  ³. 53             PUSH EBX
76A61D35  ³. 56             PUSH ESI
76A61D36  ³. 8B75 14        MOV ESI,DWORD PTR SS:[EBP+14]
76A61D39  ³. 8D0436         LEA EAX,DWORD PTR DS:[ESI+ESI]
76A61D3C  ³. 50             PUSH EAX                                 ; ÚSize
76A61D3D  ³. 33DB           XOR EBX,EBX                              ; ³
76A61D3F  ³. 53             PUSH EBX                                 ; ³Flags => LMEM_FIXED
76A61D40  ³. FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A61D46  ³. 3BC3           CMP EAX,EBX
76A61D48  ³. 8945 14        MOV DWORD PTR SS:[EBP+14],EAX
76A61D4B  ³.75 04          JNZ SHORT 3ba1ea5.76A61D51
76A61D4D  ³. 33C0           XOR EAX,EAX
76A61D4F  ³.EB 3B          JMP SHORT 3ba1ea5.76A61D8C
76A61D51  ³> 57             PUSH EDI
76A61D52  ³. 56             PUSH ESI                                 ; ÚArg4
76A61D53  ³. 50             PUSH EAX                                 ; ³Arg3
76A61D54  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]                ; ³Arg2
76A61D57  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A61D5A  ³. E8 53FFFFFF    CALL 3ba1ea5.GetModuleBaseNameW          ; ÀGetModuleBaseNameW
76A61D5F  ³. 8BF8           MOV EDI,EAX
76A61D61  ³. 3BFE           CMP EDI,ESI
76A61D63  ³.73 03          JNB SHORT 3ba1ea5.76A61D68
76A61D65  ³. 8D47 01        LEA EAX,DWORD PTR DS:[EDI+1]
76A61D68  ³> 53             PUSH EBX                                 ; ÚpDefaultCharUsed
76A61D69  ³. 53             PUSH EBX                                 ; ³pDefaultChar
76A61D6A  ³. 56             PUSH ESI                                 ; ³MultiByteCount
76A61D6B  ³. FF75 10        PUSH DWORD PTR SS:[EBP+10]               ; ³MultiByteStr
76A61D6E  ³. 50             PUSH EAX                                 ; ³WideCharCount
76A61D6F  ³. FF75 14        PUSH DWORD PTR SS:[EBP+14]               ; ³WideCharStr
76A61D72  ³. 53             PUSH EBX                                 ; ³Options
76A61D73  ³. 53             PUSH EBX                                 ; ³CodePage
76A61D74  ³. FF15 6810A676  CALL DWORD PTR DS:[<&KERNEL32.WideCharTo>; ÀWideCharToMultiByte
76A61D7A  ³. 85C0           TEST EAX,EAX
76A61D7C  ³.75 02          JNZ SHORT 3ba1ea5.76A61D80
76A61D7E  ³. 33FF           XOR EDI,EDI
76A61D80  ³> FF75 14        PUSH DWORD PTR SS:[EBP+14]               ; ÚhMemory
76A61D83  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A61D89  ³. 8BC7           MOV EAX,EDI
76A61D8B  ³. 5F             POP EDI
76A61D8C  ³> 5E             POP ESI
76A61D8D  ³. 5B             POP EBX
76A61D8E  ³. 5D             POP EBP
76A61D8F  À. C2 1000        RETN 10
76A61D92     CC             INT3
76A61D93     CC             INT3
76A61D94     CC             INT3
76A61D95     CC             INT3
76A61D96     CC             INT3
76A61D97 > $ 6A 68          PUSH 68
76A61D99   . 68 4011A676    PUSH 3ba1ea5.76A61140
76A61D9E   . E8 751F0000    CALL 3ba1ea5.76A63D18
76A61DA3   . 837D 14 0C     CMP DWORD PTR SS:[EBP+14],0C
76A61DA7   .73 0A          JNB SHORT 3ba1ea5.76A61DB3
76A61DA9   . 6A 7A          PUSH 7A                                  ; ÚError = ERROR_INSUFFICIENT_BUFFER
76A61DAB   . FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61DB1   .EB 5E          JMP SHORT 3ba1ea5.76A61E11
76A61DB3   > 8D45 88        LEA EAX,DWORD PTR SS:[EBP-78]
76A61DB6   . 50             PUSH EAX                                 ; ÚArg3
76A61DB7   . 8B75 0C        MOV ESI,DWORD PTR SS:[EBP+C]             ; ³
76A61DBA   . 56             PUSH ESI                                 ; ³Arg2
76A61DBB   . FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³Arg1
76A61DBE   . E8 E6FBFFFF    CALL 3ba1ea5.76A619A9                    ; À3ba1ea5.76A619A9
76A61DC3   . 85C0           TEST EAX,EAX
76A61DC5   .74 4A          JE SHORT 3ba1ea5.76A61E11
76A61DC7   . 8975 D8        MOV DWORD PTR SS:[EBP-28],ESI
76A61DCA   . 8B45 A8        MOV EAX,DWORD PTR SS:[EBP-58]
76A61DCD   . 8945 DC        MOV DWORD PTR SS:[EBP-24],EAX
76A61DD0   . 8B45 A4        MOV EAX,DWORD PTR SS:[EBP-5C]
76A61DD3   . 8945 E0        MOV DWORD PTR SS:[EBP-20],EAX
76A61DD6   . 8365 FC 00     AND DWORD PTR SS:[EBP-4],0
76A61DDA   . 8D75 D8        LEA ESI,DWORD PTR SS:[EBP-28]
76A61DDD   . 8B7D 10        MOV EDI,DWORD PTR SS:[EBP+10]
76A61DE0   . A5             MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES>
76A61DE1   . A5             MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES>
76A61DE2   . A5             MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ES>
76A61DE3   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61DE7   . 33C0           XOR EAX,EAX
76A61DE9   . 40             INC EAX
76A61DEA   .EB 27          JMP SHORT 3ba1ea5.76A61E13
76A61DEC   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-14]
76A61DEF   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A61DF1   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A61DF3   . 8945 E4        MOV DWORD PTR SS:[EBP-1C],EAX
76A61DF6   . 33C0           XOR EAX,EAX
76A61DF8   . 40             INC EAX
76A61DF9   . C3             RETN
76A61DFA   . 8B65 E8        MOV ESP,DWORD PTR SS:[EBP-18]
76A61DFD   . FF75 E4        PUSH DWORD PTR SS:[EBP-1C]
76A61E00   . FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A61E06   . 50             PUSH EAX                                 ; ÚError
76A61E07   . FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61E0D   . 834D FC FF     OR DWORD PTR SS:[EBP-4],FFFFFFFF
76A61E11   > 33C0           XOR EAX,EAX
76A61E13   > E8 3B1F0000    CALL 3ba1ea5.76A63D53
76A61E18   . C2 1000        RETN 10
76A61E1B     CC             INT3
76A61E1C     CC             INT3
76A61E1D     CC             INT3
76A61E1E     CC             INT3
76A61E1F     CC             INT3
76A61E20 >   8BFF           MOV EDI,EDI
76A61E22  Ú. 55             PUSH EBP
76A61E23  ³. 8BEC           MOV EBP,ESP
76A61E25  ³. 83EC 44        SUB ESP,44
76A61E28  ³. 8D45 BC        LEA EAX,DWORD PTR SS:[EBP-44]
76A61E2B  ³. 50             PUSH EAX                                 ; ÚpSystemInfo
76A61E2C  ³. FF15 0010A676  CALL DWORD PTR DS:[<&KERNEL32.GetSystemI>; ÀGetSystemInfo
76A61E32  ³. 6A 00          PUSH 0                                   ; ÚpReqsize = NULL
76A61E34  ³. 6A 20          PUSH 20                                  ; ³Bufsize = 20 (32.)
76A61E36  ³. 8D45 E0        LEA EAX,DWORD PTR SS:[EBP-20]            ; ³
76A61E39  ³. 50             PUSH EAX                                 ; ³Buffer
76A61E3A  ³. 6A 01          PUSH 1                                   ; ³InfoClass = 1
76A61E3C  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³hProcess
76A61E3F  ³. FF15 D810A676  CALL DWORD PTR DS:[<&ntdll.NtQueryInform>; ÀZwQueryInformationProcess
76A61E45  ³. 85C0           TEST EAX,EAX
76A61E47  ³.7C 24          JL SHORT 3ba1ea5.76A61E6D
76A61E49  ³. 834D E8 FF     OR DWORD PTR SS:[EBP-18],FFFFFFFF
76A61E4D  ³. 834D EC FF     OR DWORD PTR SS:[EBP-14],FFFFFFFF
76A61E51  ³. 6A 20          PUSH 20
76A61E53  ³. 8D45 E0        LEA EAX,DWORD PTR SS:[EBP-20]
76A61E56  ³. 50             PUSH EAX
76A61E57  ³. 6A 01          PUSH 1
76A61E59  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A61E5C  ³. FF15 D410A676  CALL DWORD PTR DS:[<&ntdll.NtSetInformat>;  ntdll.ZwSetInformationProcess
76A61E62  ³. 85C0           TEST EAX,EAX
76A61E64  ³.7D 19          JGE SHORT 3ba1ea5.76A61E7F
76A61E66  ³. 3D 610000C0    CMP EAX,C0000061
76A61E6B  ³.74 12          JE SHORT 3ba1ea5.76A61E7F
76A61E6D  ³> 50             PUSH EAX
76A61E6E  ³. FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A61E74  ³. 50             PUSH EAX                                 ; ÚError
76A61E75  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61E7B  ³. 33C0           XOR EAX,EAX
76A61E7D  ³.EB 03          JMP SHORT 3ba1ea5.76A61E82
76A61E7F  ³> 33C0           XOR EAX,EAX
76A61E81  ³. 40             INC EAX
76A61E82  ³> C9             LEAVE
76A61E83  À. C2 0400        RETN 4
76A61E86     CC             INT3
76A61E87     CC             INT3
76A61E88     CC             INT3
76A61E89     CC             INT3
76A61E8A     CC             INT3
76A61E8B >   8BFF           MOV EDI,EDI
76A61E8D  Ú. 55             PUSH EBP
76A61E8E  ³. 8BEC           MOV EBP,ESP
76A61E90  ³. 6A 00          PUSH 0
76A61E92  ³. FF75 10        PUSH DWORD PTR SS:[EBP+10]
76A61E95  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]
76A61E98  ³. 6A 01          PUSH 1
76A61E9A  ³. 6A 00          PUSH 0
76A61E9C  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A61E9F  ³. FF15 DC10A676  CALL DWORD PTR DS:[<&ntdll.NtQueryVirtua>;  ntdll.ZwQueryVirtualMemory
76A61EA5  ³. 85C0           TEST EAX,EAX
76A61EA7  ³.7D 12          JGE SHORT 3ba1ea5.76A61EBB
76A61EA9  ³. 50             PUSH EAX
76A61EAA  ³. FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A61EB0  ³. 50             PUSH EAX                                 ; ÚError
76A61EB1  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61EB7  ³. 33C0           XOR EAX,EAX
76A61EB9  ³.EB 03          JMP SHORT 3ba1ea5.76A61EBE
76A61EBB  ³> 33C0           XOR EAX,EAX
76A61EBD  ³. 40             INC EAX
76A61EBE  ³> 5D             POP EBP
76A61EBF  À. C2 0C00        RETN 0C
76A61EC2     CC             INT3
76A61EC3     CC             INT3
76A61EC4     CC             INT3
76A61EC5     CC             INT3
76A61EC6     CC             INT3
76A61EC7 >   8BFF           MOV EDI,EDI
76A61EC9  Ú. 55             PUSH EBP
76A61ECA  ³. 8BEC           MOV EBP,ESP
76A61ECC  ³. 6A 00          PUSH 0
76A61ECE  ³. FF75 10        PUSH DWORD PTR SS:[EBP+10]
76A61ED1  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]
76A61ED4  ³. 6A 04          PUSH 4
76A61ED6  ³. 6A 00          PUSH 0
76A61ED8  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A61EDB  ³. FF15 DC10A676  CALL DWORD PTR DS:[<&ntdll.NtQueryVirtua>;  ntdll.ZwQueryVirtualMemory
76A61EE1  ³. 85C0           TEST EAX,EAX
76A61EE3  ³.7D 12          JGE SHORT 3ba1ea5.76A61EF7
76A61EE5  ³. 50             PUSH EAX
76A61EE6  ³. FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A61EEC  ³. 50             PUSH EAX                                 ; ÚError
76A61EED  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A61EF3  ³. 33C0           XOR EAX,EAX
76A61EF5  ³.EB 03          JMP SHORT 3ba1ea5.76A61EFA
76A61EF7  ³> 33C0           XOR EAX,EAX
76A61EF9  ³. 40             INC EAX
76A61EFA  ³> 5D             POP EBP
76A61EFB  À. C2 0C00        RETN 0C
76A61EFE     CC             INT3
76A61EFF     CC             INT3
76A61F00     CC             INT3
76A61F01     CC             INT3
76A61F02     CC             INT3
76A61F03  Ú$ 8BFF           MOV EDI,EDI
76A61F05  ³. 55             PUSH EBP
76A61F06  ³. 8BEC           MOV EBP,ESP
76A61F08  ³. 51             PUSH ECX
76A61F09  ³. 51             PUSH ECX
76A61F0A  ³. 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]
76A61F0D  ³. 56             PUSH ESI
76A61F0E  ³. 8D70 01        LEA ESI,DWORD PTR DS:[EAX+1]
76A61F11  ³. 33C9           XOR ECX,ECX
76A61F13  ³> 8A10           ÚMOV DL,BYTE PTR DS:[EAX]
76A61F15  ³. 40             ³INC EAX
76A61F16  ³. 3AD1           ³CMP DL,CL
76A61F18  ³.75 F9          ÀJNZ SHORT 3ba1ea5.76A61F13
76A61F1A  ³. 51             PUSH ECX
76A61F1B  ³. 51             PUSH ECX
76A61F1C  ³. 2BC6           SUB EAX,ESI
76A61F1E  ³. 50             PUSH EAX
76A61F1F  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]
76A61F22  ³. 8D45 F8        LEA EAX,DWORD PTR SS:[EBP-8]
76A61F25  ³. 50             PUSH EAX
76A61F26  ³. 51             PUSH ECX
76A61F27  ³. 51             PUSH ECX
76A61F28  ³. 51             PUSH ECX
76A61F29  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A61F2C  ³. FF15 D010A676  CALL DWORD PTR DS:[<&ntdll.NtWriteFile>] ;  ntdll.ZwWriteFile
76A61F32  ³. 5E             POP ESI
76A61F33  ³. C9             LEAVE
76A61F34  À. C2 0800        RETN 8
76A61F37     CC             INT3
76A61F38     CC             INT3
76A61F39     CC             INT3
76A61F3A     CC             INT3
76A61F3B     CC             INT3
76A61F3C  Ú$ 8BFF           MOV EDI,EDI
76A61F3E  ³. 55             PUSH EBP
76A61F3F  ³. 8BEC           MOV EBP,ESP
76A61F41  ³. 83EC 78        SUB ESP,78
76A61F44  ³. A1 2050A676    MOV EAX,DWORD PTR DS:[76A65020]
76A61F49  ³. 53             PUSH EBX
76A61F4A  ³. 8B1D E010A676  MOV EBX,DWORD PTR DS:[<&ntdll.NtQuerySys>;  ntdll.ZwQuerySystemInformation
76A61F50  ³. 56             PUSH ESI
76A61F51  ³. 33F6           XOR ESI,ESI
76A61F53  ³. 56             PUSH ESI                                 ; ÚpReqsize => NULL
76A61F54  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX             ; ³
76A61F57  ³. 6A 2C          PUSH 2C                                  ; ³Bufsize = 2C (44.)
76A61F59  ³. 8D45 88        LEA EAX,DWORD PTR SS:[EBP-78]            ; ³
76A61F5C  ³. 50             PUSH EAX                                 ; ³Buffer
76A61F5D  ³. 56             PUSH ESI                                 ; ³InfoType => SystemBasicInfo
76A61F5E  ³. 8975 F8        MOV DWORD PTR SS:[EBP-8],ESI             ; ³
76A61F61  ³. FFD3           CALL EBX                                 ; ÀNtQuerySystemInformation
76A61F63  ³. 3BC6           CMP EAX,ESI
76A61F65  ³. 8945 F4        MOV DWORD PTR SS:[EBP-C],EAX
76A61F68  ³.0F8C 38050000  JL 3ba1ea5.76A624A6
76A61F6E  ³. 803D 6950A676 >CMP BYTE PTR DS:[76A65069],0
76A61F75  ³. 57             PUSH EDI
76A61F76  ³.0F84 8C000000  JE 3ba1ea5.76A62008
76A61F7C  ³. 8B3D 6010A676  MOV EDI,DWORD PTR DS:[<&KERNEL32.LocalAl>;  kernel32.LocalAlloc
76A61F82  ³. B8 20050000    MOV EAX,520
76A61F87  ³. 50             PUSH EAX                                 ; ÚSize => 520 (1312.)
76A61F88  ³. 56             PUSH ESI                                 ; ³Flags => LMEM_FIXED
76A61F89  ³. 8945 E8        MOV DWORD PTR SS:[EBP-18],EAX            ; ³
76A61F8C  ³. FFD7           CALL EDI                                 ; ÀLocalAlloc
76A61F8E  ³. 3BC6           CMP EAX,ESI
76A61F90  ³.EB 4A          JMP SHORT 3ba1ea5.76A61FDC
76A61F92  ³> 8B75 F8        ÚMOV ESI,DWORD PTR SS:[EBP-8]
76A61F95  ³. 8D45 B4        ³LEA EAX,DWORD PTR SS:[EBP-4C]
76A61F98  ³. 50             ³PUSH EAX
76A61F99  ³. FF75 E8        ³PUSH DWORD PTR SS:[EBP-18]
76A61F9C  ³. 56             ³PUSH ESI
76A61F9D  ³. 6A 0B          ³PUSH 0B
76A61F9F  ³. FFD3           ³CALL EBX
76A61FA1  ³. 85C0           ³TEST EAX,EAX
76A61FA3  ³. 8B36           ³MOV ESI,DWORD PTR DS:[ESI]
76A61FA5  ³. 8945 F4        ³MOV DWORD PTR SS:[EBP-C],EAX
76A61FA8  ³.0F8D 02010000  ³JGE 3ba1ea5.76A620B0
76A61FAE  ³. FF75 F8        ³PUSH DWORD PTR SS:[EBP-8]               ; ÚhMemory
76A61FB1  ³. FF15 5C10A676  ³CALL DWORD PTR DS:[<&KERNEL32.LocalFree>; ÀLocalFree
76A61FB7  ³. 8365 F8 00     ³AND DWORD PTR SS:[EBP-8],0
76A61FBB  ³. 817D F4 040000>³CMP DWORD PTR SS:[EBP-C],C0000004
76A61FC2  ³.75 24          ³JNZ SHORT 3ba1ea5.76A61FE8
76A61FC4  ³. 69F6 1C010000  ³IMUL ESI,ESI,11C
76A61FCA  ³. 83C6 04        ³ADD ESI,4
76A61FCD  ³. 3B75 E8        ³CMP ESI,DWORD PTR SS:[EBP-18]
76A61FD0  ³.76 20          ³JBE SHORT 3ba1ea5.76A61FF2
76A61FD2  ³. 56             ³PUSH ESI
76A61FD3  ³. 6A 00          ³PUSH 0
76A61FD5  ³. 8975 E8        ³MOV DWORD PTR SS:[EBP-18],ESI
76A61FD8  ³. FFD7           ³CALL EDI
76A61FDA  ³. 85C0           ³TEST EAX,EAX
76A61FDC  ³> 8945 F8         MOV DWORD PTR SS:[EBP-8],EAX
76A61FDF  ³.75 B1          ÀJNZ SHORT 3ba1ea5.76A61F92
76A61FE1  ³. C745 F4 9A0000>MOV DWORD PTR SS:[EBP-C],C000009A
76A61FE8  ³> 837D F4 00     CMP DWORD PTR SS:[EBP-C],0
76A61FEC  ³.0F8D BE000000  JGE 3ba1ea5.76A620B0
76A61FF2  ³> FF75 F4        PUSH DWORD PTR SS:[EBP-C]
76A61FF5  ³. 68 AC12A676    PUSH 3ba1ea5.76A612AC                    ;  ASCII "query system info failed status - %lx
"
76A61FFA  ³. E8 F31E0000    CALL <JMP.&ntdll.DbgPrint>
76A61FFF  ³. 59             POP ECX
76A62000  ³. 59             POP ECX
76A62001  ³. C605 6950A676 >MOV BYTE PTR DS:[76A65069],0
76A62008  ³> 8B7D D0        MOV EDI,DWORD PTR SS:[EBP-30]
76A6200B  ³> 8B45 90        MOV EAX,DWORD PTR SS:[EBP-70]
76A6200E  ³. A3 1868A676    MOV DWORD PTR DS:[76A66818],EAX
76A62013  ³. 64:A1 18000000 MOV EAX,DWORD PTR FS:[18]
76A62019  ³. 8B40 30        MOV EAX,DWORD PTR DS:[EAX+30]
76A6201C  ³. 8945 BC        MOV DWORD PTR SS:[EBP-44],EAX
76A6201F  ³. 8B40 0C        MOV EAX,DWORD PTR DS:[EAX+C]
76A62022  ³. 8B40 14        MOV EAX,DWORD PTR DS:[EAX+14]
76A62025  ³. 8945 C4        MOV DWORD PTR SS:[EBP-3C],EAX
76A62028  ³> 8B45 BC        ÚMOV EAX,DWORD PTR SS:[EBP-44]
76A6202B  ³. 8B40 0C        ³MOV EAX,DWORD PTR DS:[EAX+C]
76A6202E  ³. 8B4D C4        ³MOV ECX,DWORD PTR SS:[EBP-3C]
76A62031  ³. 83C0 14        ³ADD EAX,14
76A62034  ³. 3BC8           ³CMP ECX,EAX
76A62036  ³.0F84 DA000000  ³JE 3ba1ea5.76A62116
76A6203C  ³. 8D41 F8        ³LEA EAX,DWORD PTR DS:[ECX-8]
76A6203F  ³. 8B58 18        ³MOV EBX,DWORD PTR DS:[EAX+18]
76A62042  ³. 8B09           ³MOV ECX,DWORD PTR DS:[ECX]
76A62044  ³. 8D70 2C        ³LEA ESI,DWORD PTR DS:[EAX+2C]
76A62047  ³. 8B40 20        ³MOV EAX,DWORD PTR DS:[EAX+20]
76A6204A  ³. 68 01010000    ³PUSH 101                                ; ÚHeapSize = 101 (257.)
76A6204F  ³. 6A 00          ³PUSH 0                                  ; ³Flags = 0
76A62051  ³. 894D C4        ³MOV DWORD PTR SS:[EBP-3C],ECX           ; ³
76A62054  ³. 8945 D0        ³MOV DWORD PTR SS:[EBP-30],EAX           ; ³
76A62057  ³. FF15 5410A676  ³CALL DWORD PTR DS:[<&KERNEL32.GetProces>; ³[GetProcessHeap
76A6205D  ³. 50             ³PUSH EAX                                ; ³hHeap
76A6205E  ³. FF15 8810A676  ³CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc>; ÀHeapAlloc
76A62064  ³. 85C0           ³TEST EAX,EAX
76A62066  ³. 8945 E0        ³MOV DWORD PTR SS:[EBP-20],EAX
76A62069  ³.0F84 43040000  ³JE 3ba1ea5.76A624B2
76A6206F  ³. 0FB70E         ³MOVZX ECX,WORD PTR DS:[ESI]
76A62072  ³. 51             ³PUSH ECX
76A62073  ³. FF76 04        ³PUSH DWORD PTR DS:[ESI+4]
76A62076  ³. 8D4D F0        ³LEA ECX,DWORD PTR SS:[EBP-10]
76A62079  ³. 51             ³PUSH ECX
76A6207A  ³. 68 00010000    ³PUSH 100
76A6207F  ³. 50             ³PUSH EAX
76A62080  ³. FF15 B410A676  ³CALL DWORD PTR DS:[<&ntdll.RtlUnicodeTo>;  ntdll.RtlUnicodeToOemN
76A62086  ³. 85C0           ³TEST EAX,EAX
76A62088  ³. 8B55 F0        ³MOV EDX,DWORD PTR SS:[EBP-10]
76A6208B  ³. 8B4D E0        ³MOV ECX,DWORD PTR SS:[EBP-20]
76A6208E  ³. 8945 F4        ³MOV DWORD PTR SS:[EBP-C],EAX
76A62091  ³. C6040A 00      ³MOV BYTE PTR DS:[EDX+ECX],0
76A62095  ³.0F84 34010000  ³JE 3ba1ea5.76A621CF
76A6209B  ³. 51             ³PUSH ECX                                ; ÚpMemory
76A6209C  ³. 6A 00          ³PUSH 0                                  ; ³Flags = 0
76A6209E  ³. FF15 5410A676  ³CALL DWORD PTR DS:[<&KERNEL32.GetProces>; ³[GetProcessHeap
76A620A4  ³. 50             ³PUSH EAX                                ; ³hHeap
76A620A5  ³. FF15 8410A676  ³CALL DWORD PTR DS:[<&KERNEL32.HeapFree>>; ÀHeapFree
76A620AB  ³.E9 78FFFFFF    ÀJMP 3ba1ea5.76A62028
76A620B0  ³> 8B7D F8        MOV EDI,DWORD PTR SS:[EBP-8]
76A620B3  ³. 8B35 B810A676  MOV ESI,DWORD PTR DS:[<&ntdll.RtlAdjustP>;  ntdll.RtlAdjustPrivilege
76A620B9  ³. 8365 E8 00     AND DWORD PTR SS:[EBP-18],0
76A620BD  ³. 8D45 CE        LEA EAX,DWORD PTR SS:[EBP-32]
76A620C0  ³. 50             PUSH EAX
76A620C1  ³. 6A 00          PUSH 0
76A620C3  ³. 6A 01          PUSH 1
76A620C5  ³. 897D B8        MOV DWORD PTR SS:[EBP-48],EDI
76A620C8  ³. 6A 0B          PUSH 0B
76A620CA  ³. 83C7 04        ADD EDI,4
76A620CD  ³. FFD6           CALL ESI                                 ;  <&ntdll.RtlAdjustPrivilege>
76A620CF  ³. 85C0           TEST EAX,EAX
76A620D1  ³. BB 06010000    MOV EBX,106
76A620D6  ³.7C 04          JL SHORT 3ba1ea5.76A620DC
76A620D8  ³. 3BC3           CMP EAX,EBX
76A620DA  ³.75 0D          JNZ SHORT 3ba1ea5.76A620E9
76A620DC  ³> 50             PUSH EAX
76A620DD  ³. 68 7412A676    PUSH 3ba1ea5.76A61274                    ;  ASCII "Enable system profile privilege failed - status 0x%lx
"
76A620E2  ³. E8 0B1E0000    CALL <JMP.&ntdll.DbgPrint>
76A620E7  ³. 59             POP ECX
76A620E8  ³. 59             POP ECX
76A620E9  ³> 8D45 CF        LEA EAX,DWORD PTR SS:[EBP-31]
76A620EC  ³. 50             PUSH EAX
76A620ED  ³. 6A 00          PUSH 0
76A620EF  ³. 6A 01          PUSH 1
76A620F1  ³. 6A 05          PUSH 5
76A620F3  ³. FFD6           CALL ESI
76A620F5  ³. 85C0           TEST EAX,EAX
76A620F7  ³. 8945 F4        MOV DWORD PTR SS:[EBP-C],EAX
76A620FA  ³.7C 08          JL SHORT 3ba1ea5.76A62104
76A620FC  ³. 3BC3           CMP EAX,EBX
76A620FE  ³.0F85 07FFFFFF  JNZ 3ba1ea5.76A6200B
76A62104  ³> 50             PUSH EAX
76A62105  ³. 68 4012A676    PUSH 3ba1ea5.76A61240                    ;  ASCII "Unable to increase quota privilege (status=0x%lx)
"
76A6210A  ³. E8 E31D0000    CALL <JMP.&ntdll.DbgPrint>
76A6210F  ³. 59             POP ECX
76A62110  ³. 59             POP ECX
76A62111  ³.E9 F5FEFFFF    JMP 3ba1ea5.76A6200B
76A62116  ³> 803D 6950A676 >CMP BYTE PTR DS:[76A65069],0
76A6211D  ³.0F84 3D020000  JE 3ba1ea5.76A62360
76A62123  ³. 8B45 E8        MOV EAX,DWORD PTR SS:[EBP-18]
76A62126  ³. 8B4D B8        MOV ECX,DWORD PTR SS:[EBP-48]
76A62129  ³. 3B01           CMP EAX,DWORD PTR DS:[ECX]
76A6212B  ³.0F83 2F020000  JNB 3ba1ea5.76A62360
76A62131  ³. 0FB747 1A      MOVZX EAX,WORD PTR DS:[EDI+1A]
76A62135  ³. 8D4438 1C      LEA EAX,DWORD PTR DS:[EAX+EDI+1C]
76A62139  ³. 50             PUSH EAX                                 ; ÚString
76A6213A  ³. FF15 8010A676  CALL DWORD PTR DS:[<&KERNEL32.lstrlenA>] ; ÀlstrlenA
76A62140  ³. 40             INC EAX
76A62141  ³. 50             PUSH EAX                                 ; ÚHeapSize
76A62142  ³. 8D0C00         LEA ECX,DWORD PTR DS:[EAX+EAX]           ; ³
76A62145  ³. 6A 00          PUSH 0                                   ; ³Flags = 0
76A62147  ³. 8945 C0        MOV DWORD PTR SS:[EBP-40],EAX            ; ³
76A6214A  ³. 894D D4        MOV DWORD PTR SS:[EBP-2C],ECX            ; ³
76A6214D  ³. FF15 5410A676  CALL DWORD PTR DS:[<&KERNEL32.GetProcess>; ³[GetProcessHeap
76A62153  ³. 8B35 8810A676  MOV ESI,DWORD PTR DS:[<&KERNEL32.HeapAll>; ³ntdll.RtlAllocateHeap
76A62159  ³. 50             PUSH EAX                                 ; ³hHeap
76A6215A  ³. FFD6           CALL ESI                                 ; ÀHeapAlloc
76A6215C  ³. 85C0           TEST EAX,EAX
76A6215E  ³. 8945 E0        MOV DWORD PTR SS:[EBP-20],EAX
76A62161  ³.0F84 4B030000  JE 3ba1ea5.76A624B2
76A62167  ³. 0FB74F 1A      MOVZX ECX,WORD PTR DS:[EDI+1A]
76A6216B  ³. 8D4C39 1C      LEA ECX,DWORD PTR DS:[ECX+EDI+1C]
76A6216F  ³. 51             PUSH ECX                                 ; ÚString2
76A62170  ³. 50             PUSH EAX                                 ; ³String1
76A62171  ³. FF15 7C10A676  CALL DWORD PTR DS:[<&KERNEL32.lstrcpyA>] ; ÀlstrcpyA
76A62177  ³. 8B47 0C        MOV EAX,DWORD PTR DS:[EDI+C]
76A6217A  ³. 8B5F 08        MOV EBX,DWORD PTR DS:[EDI+8]
76A6217D  ³. 8945 D0        MOV DWORD PTR SS:[EBP-30],EAX
76A62180  ³. 8B45 D4        MOV EAX,DWORD PTR SS:[EBP-2C]
76A62183  ³. 83C0 08        ADD EAX,8
76A62186  ³. 50             PUSH EAX                                 ; ÚHeapSize
76A62187  ³. 6A 00          PUSH 0                                   ; ³Flags = 0
76A62189  ³. FF15 5410A676  CALL DWORD PTR DS:[<&KERNEL32.GetProcess>; ³[GetProcessHeap
76A6218F  ³. 50             PUSH EAX                                 ; ³hHeap
76A62190  ³. FFD6           CALL ESI                                 ; ÀHeapAlloc
76A62192  ³. 8BF0           MOV ESI,EAX
76A62194  ³. 85F6           TEST ESI,ESI
76A62196  ³.0F84 16030000  JE 3ba1ea5.76A624B2
76A6219C  ³. FF75 C0        PUSH DWORD PTR SS:[EBP-40]
76A6219F  ³. 8D46 08        LEA EAX,DWORD PTR DS:[ESI+8]
76A621A2  ³. 8946 04        MOV DWORD PTR DS:[ESI+4],EAX
76A621A5  ³. 0FB74F 1A      MOVZX ECX,WORD PTR DS:[EDI+1A]
76A621A9  ³. 8D4C39 1C      LEA ECX,DWORD PTR DS:[ECX+EDI+1C]
76A621AD  ³. 51             PUSH ECX
76A621AE  ³. 8D4D F0        LEA ECX,DWORD PTR SS:[EBP-10]
76A621B1  ³. 51             PUSH ECX
76A621B2  ³. FF75 D4        PUSH DWORD PTR SS:[EBP-2C]
76A621B5  ³. 50             PUSH EAX
76A621B6  ³. FF15 BC10A676  CALL DWORD PTR DS:[<&ntdll.RtlMultiByteT>;  ntdll.RtlMultiByteToUnicodeN
76A621BC  ³. 66:8B45 F0     MOV AX,WORD PTR SS:[EBP-10]
76A621C0  ³. 8B4D E0        MOV ECX,DWORD PTR SS:[EBP-20]
76A621C3  ³. 81C7 1C010000  ADD EDI,11C
76A621C9  ³. FF45 E8        INC DWORD PTR SS:[EBP-18]
76A621CC  ³. 66:8906        MOV WORD PTR DS:[ESI],AX
76A621CF  ³> A1 6450A676    MOV EAX,DWORD PTR DS:[76A65064]
76A621D4  ³. 8365 F0 00     AND DWORD PTR SS:[EBP-10],0
76A621D8  ³. 85C0           TEST EAX,EAX
76A621DA  ³. C645 EF 00     MOV BYTE PTR SS:[EBP-11],0
76A621DE  ³.76 2B          JBE SHORT 3ba1ea5.76A6220B
76A621E0  ³. C745 E0 6870A6>MOV DWORD PTR SS:[EBP-20],3ba1ea5.76A670>
76A621E7  ³. 8945 D4        MOV DWORD PTR SS:[EBP-2C],EAX
76A621EA  ³. 8945 F0        MOV DWORD PTR SS:[EBP-10],EAX
76A621ED  ³> 8B55 E0        ÚMOV EDX,DWORD PTR SS:[EBP-20]
76A621F0  ³. 3B1A           ³CMP EBX,DWORD PTR DS:[EDX]
76A621F2  ³.75 04          ³JNZ SHORT 3ba1ea5.76A621F8
76A621F4  ³. C645 EF 01     ³MOV BYTE PTR SS:[EBP-11],1
76A621F8  ³> 8345 E0 34     ³ADD DWORD PTR SS:[EBP-20],34
76A621FC  ³. FF4D D4        ³DEC DWORD PTR SS:[EBP-2C]
76A621FF  ³.75 EC          ÀJNZ SHORT 3ba1ea5.76A621ED
76A62201  ³. 807D EF 00     CMP BYTE PTR SS:[EBP-11],0
76A62205  ³.0F85 1DFEFFFF  JNZ 3ba1ea5.76A62028
76A6220B  ³> 6BC0 34        IMUL EAX,EAX,34
76A6220E  ³. 8998 6870A676  MOV DWORD PTR DS:[EAX+76A67068],EBX
76A62214  ³. 89B0 8C70A676  MOV DWORD PTR DS:[EAX+76A6708C],ESI
76A6221A  ³. 8988 9070A676  MOV DWORD PTR DS:[EAX+76A67090],ECX
76A62220  ³. 8B4D D0        MOV ECX,DWORD PTR SS:[EBP-30]
76A62223  ³. 8988 7470A676  MOV DWORD PTR DS:[EAX+76A67074],ECX
76A62229  ³. 8B35 C010A676  MOV ESI,DWORD PTR DS:[<&ntdll.NtAllocate>;  ntdll.ZwAllocateVirtualMemory
76A6222F  ³. 8365 D8 00     AND DWORD PTR SS:[EBP-28],0
76A62233  ³. 8998 7070A676  MOV DWORD PTR DS:[EAX+76A67070],EBX
76A62239  ³. C780 8470A676 >MOV DWORD PTR DS:[EAX+76A67084],1
76A62243  ³. 8BC1           MOV EAX,ECX
76A62245  ³. 8B0D 1050A676  MOV ECX,DWORD PTR DS:[76A65010]
76A6224B  ³. C1E0 02        SHL EAX,2
76A6224E  ³. D3E8           SHR EAX,CL
76A62250  ³. 6A 04          PUSH 4
76A62252  ³. BB 00300000    MOV EBX,3000
76A62257  ³. 53             PUSH EBX
76A62258  ³. 83C0 04        ADD EAX,4
76A6225B  ³. 8945 C8        MOV DWORD PTR SS:[EBP-38],EAX
76A6225E  ³. 8D45 C8        LEA EAX,DWORD PTR SS:[EBP-38]
76A62261  ³. 50             PUSH EAX
76A62262  ³. 6A 00          PUSH 0
76A62264  ³. 8D45 D8        LEA EAX,DWORD PTR SS:[EBP-28]
76A62267  ³. 50             PUSH EAX
76A62268  ³. 6A FF          PUSH -1
76A6226A  ³. FFD6           CALL ESI                                 ;  <&ntdll.NtAllocateVirtualMemory>
76A6226C  ³. 85C0           TEST EAX,EAX
76A6226E  ³. 8945 F4        MOV DWORD PTR SS:[EBP-C],EAX
76A62271  ³.0F8C 51020000  JL 3ba1ea5.76A624C8
76A62277  ³. A1 6450A676    MOV EAX,DWORD PTR DS:[76A65064]
76A6227C  ³. 8B4D D8        MOV ECX,DWORD PTR SS:[EBP-28]
76A6227F  ³. 6BC0 34        IMUL EAX,EAX,34
76A62282  ³. 8B15 1050A676  MOV EDX,DWORD PTR DS:[76A65010]
76A62288  ³. 8988 7870A676  MOV DWORD PTR DS:[EAX+76A67078],ECX
76A6228E  ³. 8B4D C8        MOV ECX,DWORD PTR SS:[EBP-38]
76A62291  ³. 6A FF          PUSH -1
76A62293  ³. FF35 6C50A676  PUSH DWORD PTR DS:[76A6506C]
76A62299  ³. 8988 8070A676  MOV DWORD PTR DS:[EAX+76A67080],ECX
76A6229F  ³. 8D88 8870A676  LEA ECX,DWORD PTR DS:[EAX+76A67088]
76A622A5  ³. 8911           MOV DWORD PTR DS:[ECX],EDX
76A622A7  ³. FFB0 8070A676  PUSH DWORD PTR DS:[EAX+76A67080]
76A622AD  ³. FFB0 7870A676  PUSH DWORD PTR DS:[EAX+76A67078]
76A622B3  ³. 52             PUSH EDX
76A622B4  ³. FFB0 7470A676  PUSH DWORD PTR DS:[EAX+76A67074]
76A622BA  ³. FFB0 7070A676  PUSH DWORD PTR DS:[EAX+76A67070]
76A622C0  ³. 8D80 6070A676  LEA EAX,DWORD PTR DS:[EAX+76A67060]
76A622C6  ³. 6A FF          PUSH -1
76A622C8  ³. 50             PUSH EAX
76A622C9  ³. FF15 C410A676  CALL DWORD PTR DS:[<&ntdll.NtCreateProfi>;  ntdll.ZwCreateProfile
76A622CF  ³. 33C9           XOR ECX,ECX
76A622D1  ³. 3BC1           CMP EAX,ECX
76A622D3  ³. 8945 F4        MOV DWORD PTR SS:[EBP-C],EAX
76A622D6  ³.0F85 FB010000  JNZ 3ba1ea5.76A624D7
76A622DC  ³. 380D 7450A676  CMP BYTE PTR DS:[76A65074],CL
76A622E2  ³.74 69          JE SHORT 3ba1ea5.76A6234D
76A622E4  ³. 6A 04          PUSH 4
76A622E6  ³. 53             PUSH EBX
76A622E7  ³. 8D45 C8        LEA EAX,DWORD PTR SS:[EBP-38]
76A622EA  ³. 50             PUSH EAX
76A622EB  ³. 51             PUSH ECX
76A622EC  ³. 8D45 D8        LEA EAX,DWORD PTR SS:[EBP-28]
76A622EF  ³. 50             PUSH EAX
76A622F0  ³. 6A FF          PUSH -1
76A622F2  ³. 894D D8        MOV DWORD PTR SS:[EBP-28],ECX
76A622F5  ³. FFD6           CALL ESI
76A622F7  ³. 8BF0           MOV ESI,EAX
76A622F9  ³. 85F6           TEST ESI,ESI
76A622FB  ³.0F8C FC010000  JL 3ba1ea5.76A624FD
76A62301  ³. A1 6450A676    MOV EAX,DWORD PTR DS:[76A65064]
76A62306  ³. 8B4D D8        MOV ECX,DWORD PTR SS:[EBP-28]
76A62309  ³. 6BC0 34        IMUL EAX,EAX,34
76A6230C  ³. 6A FF          PUSH -1
76A6230E  ³. FF35 7050A676  PUSH DWORD PTR DS:[76A65070]
76A62314  ³. 8988 7C70A676  MOV DWORD PTR DS:[EAX+76A6707C],ECX
76A6231A  ³. FFB0 8070A676  PUSH DWORD PTR DS:[EAX+76A67080]
76A62320  ³. 51             PUSH ECX
76A62321  ³. FFB0 8870A676  PUSH DWORD PTR DS:[EAX+76A67088]
76A62327  ³. FFB0 7470A676  PUSH DWORD PTR DS:[EAX+76A67074]
76A6232D  ³. FFB0 7070A676  PUSH DWORD PTR DS:[EAX+76A67070]
76A62333  ³. 8D80 6470A676  LEA EAX,DWORD PTR DS:[EAX+76A67064]
76A62339  ³. 6A FF          PUSH -1
76A6233B  ³. 50             PUSH EAX
76A6233C  ³. FF15 C410A676  CALL DWORD PTR DS:[<&ntdll.NtCreateProfi>;  ntdll.ZwCreateProfile
76A62342  ³. 85C0           TEST EAX,EAX
76A62344  ³. 8945 F4        MOV DWORD PTR SS:[EBP-C],EAX
76A62347  ³.0F85 D0010000  JNZ 3ba1ea5.76A6251D
76A6234D  ³> FF05 6450A676  INC DWORD PTR DS:[76A65064]
76A62353  ³. 833D 6450A676 >CMP DWORD PTR DS:[76A65064],64
76A6235A  ³.0F85 C8FCFFFF  JNZ 3ba1ea5.76A62028
76A62360  ³> FF35 6C50A676  PUSH DWORD PTR DS:[76A6506C]
76A62366  ³. 8B35 C810A676  MOV ESI,DWORD PTR DS:[<&ntdll.NtSetInter>;  ntdll.ZwSetIntervalProfile
76A6236C  ³. FF35 0C50A676  PUSH DWORD PTR DS:[76A6500C]
76A62372  ³. FFD6           CALL ESI                                 ;  <&ntdll.NtSetIntervalProfile>
76A62374  ³. 803D 7450A676 >CMP BYTE PTR DS:[76A65074],0
76A6237B  ³.74 0E          JE SHORT 3ba1ea5.76A6238B
76A6237D  ³. FF35 7050A676  PUSH DWORD PTR DS:[76A65070]
76A62383  ³. FF35 0C50A676  PUSH DWORD PTR DS:[76A6500C]
76A62389  ³. FFD6           CALL ESI
76A6238B  ³> 33C0           XOR EAX,EAX
76A6238D  ³. 3905 6450A676  CMP DWORD PTR DS:[76A65064],EAX
76A62393  ³. 8945 F0        MOV DWORD PTR SS:[EBP-10],EAX
76A62396  ³.0F86 F7000000  JBE 3ba1ea5.76A62493
76A6239C  ³. 8B35 CC10A676  MOV ESI,DWORD PTR DS:[<&ntdll.NtStartPro>;  ntdll.ZwStartProfile
76A623A2  ³. 8B3D 7810A676  MOV EDI,DWORD PTR DS:[<&KERNEL32.GetProc>;  kernel32.GetProcessWorkingSetSize
76A623A8  ³. 8B1D 7410A676  MOV EBX,DWORD PTR DS:[<&KERNEL32.SetProc>;  kernel32.SetProcessWorkingSetSize
76A623AE  ³> 6BC0 34        ÚIMUL EAX,EAX,34
76A623B1  ³. FFB0 6070A676  ³PUSH DWORD PTR DS:[EAX+76A67060]
76A623B7  ³. FFD6           ³CALL ESI
76A623B9  ³. 3D A10000C0    ³CMP EAX,C00000A1
76A623BE  ³. 8945 F4        ³MOV DWORD PTR SS:[EBP-C],EAX
76A623C1  ³.75 44          ³JNZ SHORT 3ba1ea5.76A62407
76A623C3  ³. 8D45 DC        ³LEA EAX,DWORD PTR SS:[EBP-24]
76A623C6  ³. 50             ³PUSH EAX
76A623C7  ³. 8D45 E4        ³LEA EAX,DWORD PTR SS:[EBP-1C]
76A623CA  ³. 50             ³PUSH EAX
76A623CB  ³. 6A FF          ³PUSH -1
76A623CD  ³. FFD7           ³CALL EDI
76A623CF  ³. 8B4D F0        ³MOV ECX,DWORD PTR SS:[EBP-10]
76A623D2  ³. A1 1868A676    ³MOV EAX,DWORD PTR DS:[76A66818]
76A623D7  ³. 6BC9 34        ³IMUL ECX,ECX,34
76A623DA  ³. 8B89 8070A676  ³MOV ECX,DWORD PTR DS:[ECX+76A67080]
76A623E0  ³. 8D0480         ³LEA EAX,DWORD PTR DS:[EAX+EAX*4]
76A623E3  ³. 8D0441         ³LEA EAX,DWORD PTR DS:[ECX+EAX*2]
76A623E6  ³. 0145 DC        ³ADD DWORD PTR SS:[EBP-24],EAX
76A623E9  ³. FF75 DC        ³PUSH DWORD PTR SS:[EBP-24]
76A623EC  ³. 0145 E4        ³ADD DWORD PTR SS:[EBP-1C],EAX
76A623EF  ³. FF75 E4        ³PUSH DWORD PTR SS:[EBP-1C]
76A623F2  ³. 6A FF          ³PUSH -1
76A623F4  ³. FFD3           ³CALL EBX
76A623F6  ³. 8B45 F0        ³MOV EAX,DWORD PTR SS:[EBP-10]
76A623F9  ³. 6BC0 34        ³IMUL EAX,EAX,34
76A623FC  ³. FFB0 6070A676  ³PUSH DWORD PTR DS:[EAX+76A67060]
76A62402  ³. FFD6           ³CALL ESI
76A62404  ³. 8945 F4        ³MOV DWORD PTR SS:[EBP-C],EAX
76A62407  ³> 837D F4 00     ³CMP DWORD PTR SS:[EBP-C],0
76A6240B  ³.0F85 12010000  ³JNZ 3ba1ea5.76A62523
76A62411  ³. 803D 7450A676 >³CMP BYTE PTR DS:[76A65074],0
76A62418  ³.74 66          ³JE SHORT 3ba1ea5.76A62480
76A6241A  ³. 8B45 F0        ³MOV EAX,DWORD PTR SS:[EBP-10]
76A6241D  ³. 6BC0 34        ³IMUL EAX,EAX,34
76A62420  ³. FFB0 6470A676  ³PUSH DWORD PTR DS:[EAX+76A67064]
76A62426  ³. FFD6           ³CALL ESI
76A62428  ³. 3D A10000C0    ³CMP EAX,C00000A1
76A6242D  ³. 8945 F4        ³MOV DWORD PTR SS:[EBP-C],EAX
76A62430  ³.75 44          ³JNZ SHORT 3ba1ea5.76A62476
76A62432  ³. 8D45 DC        ³LEA EAX,DWORD PTR SS:[EBP-24]
76A62435  ³. 50             ³PUSH EAX
76A62436  ³. 8D45 E4        ³LEA EAX,DWORD PTR SS:[EBP-1C]
76A62439  ³. 50             ³PUSH EAX
76A6243A  ³. 6A FF          ³PUSH -1
76A6243C  ³. FFD7           ³CALL EDI
76A6243E  ³. 8B4D F0        ³MOV ECX,DWORD PTR SS:[EBP-10]
76A62441  ³. A1 1868A676    ³MOV EAX,DWORD PTR DS:[76A66818]
76A62446  ³. 6BC9 34        ³IMUL ECX,ECX,34
76A62449  ³. 8B89 8070A676  ³MOV ECX,DWORD PTR DS:[ECX+76A67080]
76A6244F  ³. 8D0480         ³LEA EAX,DWORD PTR DS:[EAX+EAX*4]
76A62452  ³. 8D0441         ³LEA EAX,DWORD PTR DS:[ECX+EAX*2]
76A62455  ³. 0145 DC        ³ADD DWORD PTR SS:[EBP-24],EAX
76A62458  ³. FF75 DC        ³PUSH DWORD PTR SS:[EBP-24]
76A6245B  ³. 0145 E4        ³ADD DWORD PTR SS:[EBP-1C],EAX
76A6245E  ³. FF75 E4        ³PUSH DWORD PTR SS:[EBP-1C]
76A62461  ³. 6A FF          ³PUSH -1
76A62463  ³. FFD3           ³CALL EBX
76A62465  ³. 8B45 F0        ³MOV EAX,DWORD PTR SS:[EBP-10]
76A62468  ³. 6BC0 34        ³IMUL EAX,EAX,34
76A6246B  ³. FFB0 6470A676  ³PUSH DWORD PTR DS:[EAX+76A67064]
76A62471  ³. FFD6           ³CALL ESI
76A62473  ³. 8945 F4        ³MOV DWORD PTR SS:[EBP-C],EAX
76A62476  ³> 837D F4 00     ³CMP DWORD PTR SS:[EBP-C],0
76A6247A  ³.0F85 C8000000  ³JNZ 3ba1ea5.76A62548
76A62480  ³> 8B45 F0        ³MOV EAX,DWORD PTR SS:[EBP-10]
76A62483  ³. 40             ³INC EAX
76A62484  ³. 3B05 6450A676  ³CMP EAX,DWORD PTR DS:[76A65064]
76A6248A  ³. 8945 F0        ³MOV DWORD PTR SS:[EBP-10],EAX
76A6248D  ³.0F82 1BFFFFFF  ÀJB 3ba1ea5.76A623AE
76A62493  ³> 837D F8 00     CMP DWORD PTR SS:[EBP-8],0
76A62497  ³.74 09          JE SHORT 3ba1ea5.76A624A2
76A62499  ³. FF75 F8        PUSH DWORD PTR SS:[EBP-8]                ; ÚhMemory
76A6249C  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A624A2  ³> 8B45 F4        MOV EAX,DWORD PTR SS:[EBP-C]
76A624A5  ³> 5F             POP EDI
76A624A6  ³> 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
76A624A9  ³. 5E             POP ESI
76A624AA  ³. 5B             POP EBX
76A624AB  ³. E8 49170000    CALL 3ba1ea5.76A63BF9
76A624B0  ³. C9             LEAVE
76A624B1  ³. C3             RETN
76A624B2  ³> 837D F8 00     CMP DWORD PTR SS:[EBP-8],0
76A624B6  ³.74 09          JE SHORT 3ba1ea5.76A624C1
76A624B8  ³. FF75 F8        PUSH DWORD PTR SS:[EBP-8]                ; ÚhMemory
76A624BB  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A624C1  ³> B8 170000C0    MOV EAX,C0000017
76A624C6  ³.EB DD          JMP SHORT 3ba1ea5.76A624A5
76A624C8  ³> 50             PUSH EAX
76A624C9  ³. 68 1412A676    PUSH 3ba1ea5.76A61214                    ;  ASCII "RtlInitializeProfile : alloc VM failed %lx
"
76A624CE  ³. E8 1F1A0000    CALL <JMP.&ntdll.DbgPrint>
76A624D3  ³. 59             POP ECX
76A624D4  ³. 59             POP ECX
76A624D5  ³.EB BC          JMP SHORT 3ba1ea5.76A62493
76A624D7  ³> 394D F8        CMP DWORD PTR SS:[EBP-8],ECX
76A624DA  ³>74 09          JE SHORT 3ba1ea5.76A624E5
76A624DC  ³. FF75 F8        PUSH DWORD PTR SS:[EBP-8]                ; ÚhMemory
76A624DF  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A624E5  ³> A1 6450A676    MOV EAX,DWORD PTR DS:[76A65064]
76A624EA  ³. FF75 F4        PUSH DWORD PTR SS:[EBP-C]
76A624ED  ³. 6BC0 34        IMUL EAX,EAX,34
76A624F0  ³. FFB0 8C70A676  PUSH DWORD PTR DS:[EAX+76A6708C]
76A624F6  ³. 68 EC11A676    PUSH 3ba1ea5.76A611EC                    ;  ASCII "create profile %wZ failed - status %lx
"
76A624FB  ³.EB 6E          JMP SHORT 3ba1ea5.76A6256B
76A624FD  ³> 837D F8 00     CMP DWORD PTR SS:[EBP-8],0
76A62501  ³.74 09          JE SHORT 3ba1ea5.76A6250C
76A62503  ³. FF75 F8        PUSH DWORD PTR SS:[EBP-8]                ; ÚhMemory
76A62506  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A6250C  ³> 56             PUSH ESI
76A6250D  ³. 68 B411A676    PUSH 3ba1ea5.76A611B4                    ;  ASCII "RtlInitializeProfile : secondary alloc VM failed %lx
"
76A62512  ³. E8 DB190000    CALL <JMP.&ntdll.DbgPrint>
76A62517  ³. 59             POP ECX
76A62518  ³. 59             POP ECX
76A62519  ³. 8BC6           MOV EAX,ESI
76A6251B  ³.EB 88          JMP SHORT 3ba1ea5.76A624A5
76A6251D  ³> 837D F8 00     CMP DWORD PTR SS:[EBP-8],0
76A62521  ³.EB B7          JMP SHORT 3ba1ea5.76A624DA
76A62523  ³> 837D F8 00     CMP DWORD PTR SS:[EBP-8],0
76A62527  ³.74 09          JE SHORT 3ba1ea5.76A62532
76A62529  ³. FF75 F8        PUSH DWORD PTR SS:[EBP-8]                ; ÚhMemory
76A6252C  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A62532  ³> 8B45 F0        MOV EAX,DWORD PTR SS:[EBP-10]
76A62535  ³. FF75 F4        PUSH DWORD PTR SS:[EBP-C]
76A62538  ³. 6BC0 34        IMUL EAX,EAX,34
76A6253B  ³. FFB0 8C70A676  PUSH DWORD PTR DS:[EAX+76A6708C]
76A62541  ³. 68 8C11A676    PUSH 3ba1ea5.76A6118C                    ;  ASCII "start profile %wZ failed - status %lx
"
76A62546  ³.EB 23          JMP SHORT 3ba1ea5.76A6256B
76A62548  ³> 837D F8 00     CMP DWORD PTR SS:[EBP-8],0
76A6254C  ³.74 09          JE SHORT 3ba1ea5.76A62557
76A6254E  ³. FF75 F8        PUSH DWORD PTR SS:[EBP-8]                ; ÚhMemory
76A62551  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A62557  ³> 8B45 F0        MOV EAX,DWORD PTR SS:[EBP-10]
76A6255A  ³. FF75 F4        PUSH DWORD PTR SS:[EBP-C]
76A6255D  ³. 6BC0 34        IMUL EAX,EAX,34
76A62560  ³. FFB0 8C70A676  PUSH DWORD PTR DS:[EAX+76A6708C]
76A62566  ³. 68 5811A676    PUSH 3ba1ea5.76A61158                    ;  ASCII "start secondary profile %wZ failed - status %lx
"
76A6256B  ³> E8 82190000    CALL <JMP.&ntdll.DbgPrint>
76A62570  ³. 83C4 0C        ADD ESP,0C
76A62573  À.E9 2AFFFFFF    JMP 3ba1ea5.76A624A2
76A62578     CC             INT3
76A62579     CC             INT3
76A6257A     CC             INT3
76A6257B     CC             INT3
76A6257C     CC             INT3
76A6257D  Ú$ 8BFF           MOV EDI,EDI
76A6257F  ³. 55             PUSH EBP
76A62580  ³. 8BEC           MOV EBP,ESP
76A62582  ³. 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]
76A62585  ³. 69C0 A0860100  IMUL EAX,EAX,186A0
76A6258B  ³. 6A 00          PUSH 0
76A6258D  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]
76A62590  ³. 6A 00          PUSH 0
76A62592  ³. 50             PUSH EAX
76A62593  ³. E8 D8170000    CALL 3ba1ea5.76A63D70
76A62598  ³. B9 A0860100    MOV ECX,186A0
76A6259D  ³. 3BC1           CMP EAX,ECX
76A6259F  ³.76 0C          JBE SHORT 3ba1ea5.76A625AD
76A625A1  ³. 56             PUSH ESI
76A625A2  ³> 33D2           ÚXOR EDX,EDX
76A625A4  ³. 8BF1           ³MOV ESI,ECX
76A625A6  ³. F7F6           ³DIV ESI
76A625A8  ³. 3BC1           ³CMP EAX,ECX
76A625AA  ³.77 F6          ÀJA SHORT 3ba1ea5.76A625A2
76A625AC  ³. 5E             POP ESI
76A625AD  ³> B9 E8030000    MOV ECX,3E8
76A625B2  ³. 33D2           XOR EDX,EDX
76A625B4  ³. F7F1           DIV ECX
76A625B6  ³. 8B4D 10        MOV ECX,DWORD PTR SS:[EBP+10]
76A625B9  ³. 8911           MOV DWORD PTR DS:[ECX],EDX
76A625BB  ³. 5D             POP EBP
76A625BC  À. C2 0C00        RETN 0C
76A625BF     CC             INT3
76A625C0     CC             INT3
76A625C1     CC             INT3
76A625C2     CC             INT3
76A625C3     CC             INT3
76A625C4   $ 68 90040000    PUSH 490
76A625C9   . 68 D813A676    PUSH 3ba1ea5.76A613D8
76A625CE   . E8 45170000    CALL 3ba1ea5.76A63D18
76A625D3   . A1 2050A676    MOV EAX,DWORD PTR DS:[76A65020]
76A625D8   . 8945 E4        MOV DWORD PTR SS:[EBP-1C],EAX
76A625DB   . C785 A8FBFFFF >MOV DWORD PTR SS:[EBP-458],23C
76A625E5   . 33FF           XOR EDI,EDI
76A625E7   . 897D FC        MOV DWORD PTR SS:[EBP-4],EDI
76A625EA   . 6A 18          PUSH 18
76A625EC   . 5B             POP EBX
76A625ED   . A1 0050A676    MOV EAX,DWORD PTR DS:[76A65000]
76A625F2   . 8918           MOV DWORD PTR DS:[EAX],EBX
76A625F4   . BE 00040000    MOV ESI,400
76A625F9   . A1 0050A676    MOV EAX,DWORD PTR DS:[76A65000]
76A625FE   . 8970 10        MOV DWORD PTR DS:[EAX+10],ESI
76A62601   . A1 0450A676    MOV EAX,DWORD PTR DS:[76A65004]
76A62606   . 8918           MOV DWORD PTR DS:[EAX],EBX
76A62608   . A1 0450A676    MOV EAX,DWORD PTR DS:[76A65004]
76A6260D   . 8970 10        MOV DWORD PTR DS:[EAX+10],ESI
76A62610   . 6A 23          PUSH 23
76A62612   . FF15 5450A676  CALL DWORD PTR DS:[76A65054]             ;  3ba1ea5.76A64295
76A62618   . 57             PUSH EDI
76A62619   . 57             PUSH EDI
76A6261A   . 6A FF          PUSH -1
76A6261C   . FF15 5050A676  CALL DWORD PTR DS:[76A65050]             ;  3ba1ea5.76A6428B
76A62622   . 68 00100000    PUSH 1000
76A62627   . 68 0054A676    PUSH 3ba1ea5.76A65400
76A6262C   . 6A FF          PUSH -1
76A6262E   . FF15 4C50A676  CALL DWORD PTR DS:[76A6504C]             ;  3ba1ea5.76A64281
76A62634   . B9 06010000    MOV ECX,106
76A62639   . 33C0           XOR EAX,EAX
76A6263B   . BF 2068A676    MOV EDI,3ba1ea5.76A66820
76A62640   . F3:AB          REP STOS DWORD PTR ES:[EDI]
76A62642   . BF C413A676    MOV EDI,3ba1ea5.76A613C4                 ;  ASCII "No Symbol Found"
76A62647   . 57             PUSH EDI                                 ; ÚString => "No Symbol Found"
76A62648   . FF15 8010A676  CALL DWORD PTR DS:[<&KERNEL32.lstrlenA>] ; ÀlstrlenA
76A6264E   . 8B0D 0850A676  MOV ECX,DWORD PTR DS:[76A65008]          ;  3ba1ea5.76A66820
76A62654   . 8841 14        MOV BYTE PTR DS:[ECX+14],AL
76A62657   . 57             PUSH EDI                                 ; ÚString2 => "No Symbol Found"
76A62658   . A1 0850A676    MOV EAX,DWORD PTR DS:[76A65008]          ; ³
76A6265D   . 83C0 15        ADD EAX,15                               ; ³
76A62660   . 50             PUSH EAX                                 ; ³String1
76A62661   . FF15 7C10A676  CALL DWORD PTR DS:[<&KERNEL32.lstrcpyA>] ; ÀlstrcpyA
76A62667   . A1 0850A676    MOV EAX,DWORD PTR DS:[76A65008]
76A6266C   . 8918           MOV DWORD PTR DS:[EAX],EBX
76A6266E   . A1 0850A676    MOV EAX,DWORD PTR DS:[76A65008]
76A62673   . 8970 10        MOV DWORD PTR DS:[EAX+10],ESI
76A62676   . 6A 00          PUSH 0                                   ; ÚhTemplateFile = NULL
76A62678   . 68 80000000    PUSH 80                                  ; ³Attributes = NORMAL
76A6267D   . 6A 02          PUSH 2                                   ; ³Mode = CREATE_ALWAYS
76A6267F   . 6A 00          PUSH 0                                   ; ³pSecurity = NULL
76A62681   . 6A 03          PUSH 3                                   ; ³ShareMode = FILE_SHARE_READ|FILE_SHARE_WRITE
76A62683   . 68 000000C0    PUSH C0000000                            ; ³Access = GENERIC_READ|GENERIC_WRITE
76A62688   . FF35 1850A676  PUSH DWORD PTR DS:[76A65018]             ; ³FileName = "profile.out"
76A6268E   . FF15 4C10A676  CALL DWORD PTR DS:[<&KERNEL32.CreateFile>; ÀCreateFileA
76A62694   . 8985 84FBFFFF  MOV DWORD PTR SS:[EBP-47C],EAX
76A6269A   . 83F8 FF        CMP EAX,-1
76A6269D   .75 0D          JNZ SHORT 3ba1ea5.76A626AC
76A6269F   . 0945 FC        OR DWORD PTR SS:[EBP-4],EAX
76A626A2   . B8 010000C0    MOV EAX,C0000001
76A626A7   .E9 F70A0000    JMP 3ba1ea5.76A631A3
76A626AC   > 83A5 A0FBFFFF >AND DWORD PTR SS:[EBP-460],0
76A626B3   . 8B1D A410A676  MOV EBX,DWORD PTR DS:[<&ntdll.N***ose>]  ;  ntdll.ZwClose
76A626B9   > A1 6450A676    MOV EAX,DWORD PTR DS:[76A65064]
76A626BE   . 3985 A0FBFFFF  CMP DWORD PTR SS:[EBP-460],EAX
76A626C4   .73 46          JNB SHORT 3ba1ea5.76A6270C
76A626C6   . 8BB5 A0FBFFFF  MOV ESI,DWORD PTR SS:[EBP-460]
76A626CC   . 6BF6 34        IMUL ESI,ESI,34
76A626CF   . 8DBE 6070A676  LEA EDI,DWORD PTR DS:[ESI+76A67060]
76A626D5   . FF37           PUSH DWORD PTR DS:[EDI]
76A626D7   . FF15 A810A676  CALL DWORD PTR DS:[<&ntdll.NtStopProfile>;  ntdll.ZwStopProfile
76A626DD   . 8985 6CFBFFFF  MOV DWORD PTR SS:[EBP-494],EAX
76A626E3   . FF37           PUSH DWORD PTR DS:[EDI]
76A626E5   . FFD3           CALL EBX
76A626E7   . 8985 6CFBFFFF  MOV DWORD PTR SS:[EBP-494],EAX
76A626ED   . 803D 7450A676 >CMP BYTE PTR DS:[76A65074],0
76A626F4   .74 0E          JE SHORT 3ba1ea5.76A62704
76A626F6   . FFB6 6470A676  PUSH DWORD PTR DS:[ESI+76A67064]
76A626FC   . FFD3           CALL EBX
76A626FE   . 8985 6CFBFFFF  MOV DWORD PTR SS:[EBP-494],EAX
76A62704   > FF85 A0FBFFFF  INC DWORD PTR SS:[EBP-460]
76A6270A   .EB AD          JMP SHORT 3ba1ea5.76A626B9
76A6270C   > 8B3D AC10A676  MOV EDI,DWORD PTR DS:[<&ntdll._snprintf>>;  ntdll._snprintf
76A62712   . BE 00020000    MOV ESI,200
76A62717   . 83F8 64        CMP EAX,64
76A6271A   .75 29          JNZ SHORT 3ba1ea5.76A62745
76A6271C   . 50             PUSH EAX                                 ; Ú<%d>
76A6271D   . 68 9413A676    PUSH 3ba1ea5.76A61394                    ; ³format = "Overflowed the maximum number of modules: %d
"
76A62722   . 56             PUSH ESI                                 ; ³count => 200 (512.)
76A62723   . 8D85 E4FDFFFF  LEA EAX,DWORD PTR SS:[EBP-21C]           ; ³
76A62729   . 50             PUSH EAX                                 ; ³s
76A6272A   . FFD7           CALL EDI                                 ; À_snprintf
76A6272C   . 83C4 10        ADD ESP,10
76A6272F   . C645 E3 00     MOV BYTE PTR SS:[EBP-1D],0
76A62733   . 8D85 E4FDFFFF  LEA EAX,DWORD PTR SS:[EBP-21C]
76A62739   . 50             PUSH EAX
76A6273A   . FFB5 84FBFFFF  PUSH DWORD PTR SS:[EBP-47C]
76A62740   . E8 BEF7FFFF    CALL 3ba1ea5.76A61F03
76A62745   > 83A5 A0FBFFFF >AND DWORD PTR SS:[EBP-460],0
76A6274C   > 8B85 A0FBFFFF  MOV EAX,DWORD PTR SS:[EBP-460]
76A62752   . 3B05 6450A676  CMP EAX,DWORD PTR DS:[76A65064]
76A62758   .0F83 E3090000  JNB 3ba1ea5.76A63141
76A6275E   . 33DB           XOR EBX,EBX
76A62760   . 891D E484A676  MOV DWORD PTR DS:[76A684E4],EBX
76A62766   . 899D 9CFBFFFF  MOV DWORD PTR SS:[EBP-464],EBX
76A6276C   . 899D 98FBFFFF  MOV DWORD PTR SS:[EBP-468],EBX
76A62772   . 6BC0 34        IMUL EAX,EAX,34
76A62775   . 8B88 7870A676  MOV ECX,DWORD PTR DS:[EAX+76A67078]
76A6277B   . 8B90 8070A676  MOV EDX,DWORD PTR DS:[EAX+76A67080]
76A62781   . C1EA 02        SHR EDX,2
76A62784   . 8D1491         LEA EDX,DWORD PTR DS:[ECX+EDX*4]
76A62787   . 8995 68FBFFFF  MOV DWORD PTR SS:[EBP-498],EDX
76A6278D   . 898D 80FBFFFF  MOV DWORD PTR SS:[EBP-480],ECX
76A62793   . 8995 90FBFFFF  MOV DWORD PTR SS:[EBP-470],EDX
76A62799   . 381D 7450A676  CMP BYTE PTR DS:[76A65074],BL
76A6279F   .74 0C          JE SHORT 3ba1ea5.76A627AD
76A627A1   . 8B80 7C70A676  MOV EAX,DWORD PTR DS:[EAX+76A6707C]
76A627A7   . 8985 74FBFFFF  MOV DWORD PTR SS:[EBP-48C],EAX
76A627AD   > 33C0           XOR EAX,EAX
76A627AF   > 8985 70FBFFFF  MOV DWORD PTR SS:[EBP-490],EAX
76A627B5   . 3BD1           CMP EDX,ECX
76A627B7   .76 0D          JBE SHORT 3ba1ea5.76A627C6
76A627B9   . 83EA 04        SUB EDX,4
76A627BC   . 8995 90FBFFFF  MOV DWORD PTR SS:[EBP-470],EDX
76A627C2   . 0302           ADD EAX,DWORD PTR DS:[EDX]
76A627C4   .EB E9          JMP SHORT 3ba1ea5.76A627AF
76A627C6   > 3BC3           CMP EAX,EBX
76A627C8   .0F84 68090000  JE 3ba1ea5.76A63136
76A627CE   . 8B9D A0FBFFFF  MOV EBX,DWORD PTR SS:[EBP-460]
76A627D4   . 6BDB 34        IMUL EBX,EBX,34
76A627D7   . 33C0           XOR EAX,EAX
76A627D9   . 50             PUSH EAX
76A627DA   . FFB3 6870A676  PUSH DWORD PTR DS:[EBX+76A67068]
76A627E0   . 50             PUSH EAX
76A627E1   . FFB3 9070A676  PUSH DWORD PTR DS:[EBX+76A67090]
76A627E7   . 50             PUSH EAX
76A627E8   . 6A FF          PUSH -1
76A627EA   . FF15 4850A676  CALL DWORD PTR DS:[76A65048]             ;  3ba1ea5.76A64277
76A627F0   . 85C0           TEST EAX,EAX
76A627F2   .74 2E          JE SHORT 3ba1ea5.76A62822
76A627F4   . 8D85 A8FBFFFF  LEA EAX,DWORD PTR SS:[EBP-458]
76A627FA   . 50             PUSH EAX
76A627FB   . FFB3 6870A676  PUSH DWORD PTR DS:[EBX+76A67068]
76A62801   . 6A FF          PUSH -1
76A62803   . FF15 4450A676  CALL DWORD PTR DS:[76A65044]             ;  3ba1ea5.76A6426D
76A62809   . 85C0           TEST EAX,EAX
76A6280B   .74 15          JE SHORT 3ba1ea5.76A62822
76A6280D   . 83BD C0FBFFFF >CMP DWORD PTR SS:[EBP-440],0
76A62814   .74 0C          JE SHORT 3ba1ea5.76A62822
76A62816   . C783 6C70A676 >MOV DWORD PTR DS:[EBX+76A6706C],1
76A62820   .EB 07          JMP SHORT 3ba1ea5.76A62829
76A62822   > 83A3 6C70A676 >AND DWORD PTR DS:[EBX+76A6706C],0
76A62829   > 83BB 6C70A676 >CMP DWORD PTR DS:[EBX+76A6706C],0
76A62830   . B8 9213A676    MOV EAX,3ba1ea5.76A61392
76A62835   .75 05          JNZ SHORT 3ba1ea5.76A6283C
76A62837   . B8 8413A676    MOV EAX,3ba1ea5.76A61384                 ;  ASCII " (NO SYMBOLS)"
76A6283C   > 50             PUSH EAX
76A6283D   . FFB3 8C70A676  PUSH DWORD PTR DS:[EBX+76A6708C]
76A62843   . FFB5 70FBFFFF  PUSH DWORD PTR SS:[EBP-490]
76A62849   . 68 7413A676    PUSH 3ba1ea5.76A61374                    ;  ASCII "%d,%wZ,Total%s
"
76A6284E   . 56             PUSH ESI
76A6284F   . 8D85 E4FDFFFF  LEA EAX,DWORD PTR SS:[EBP-21C]
76A62855   . 50             PUSH EAX
76A62856   . FFD7           CALL EDI
76A62858   . 83C4 18        ADD ESP,18
76A6285B   . C645 E3 00     MOV BYTE PTR SS:[EBP-1D],0
76A6285F   . 8D85 E4FDFFFF  LEA EAX,DWORD PTR SS:[EBP-21C]
76A62865   . 50             PUSH EAX
76A62866   . FFB5 84FBFFFF  PUSH DWORD PTR SS:[EBP-47C]
76A6286C   . E8 92F6FFFF    CALL 3ba1ea5.76A61F03
76A62871   . 83BB 6C70A676 >CMP DWORD PTR DS:[EBX+76A6706C],0
76A62878   .0F84 B8080000  JE 3ba1ea5.76A63136
76A6287E   . 8B85 80FBFFFF  MOV EAX,DWORD PTR SS:[EBP-480]
76A62884   . 8985 A4FBFFFF  MOV DWORD PTR SS:[EBP-45C],EAX
76A6288A   . 803D 7450A676 >CMP BYTE PTR DS:[76A65074],0
76A62891   .74 0C          JE SHORT 3ba1ea5.76A6289F
76A62893   . 8B85 74FBFFFF  MOV EAX,DWORD PTR SS:[EBP-48C]
76A62899   . 8985 94FBFFFF  MOV DWORD PTR SS:[EBP-46C],EAX
76A6289F   > 8B85 80FBFFFF  MOV EAX,DWORD PTR SS:[EBP-480]
76A628A5   . 8985 90FBFFFF  MOV DWORD PTR SS:[EBP-470],EAX
76A628AB   . 8B1D 0450A676  MOV EBX,DWORD PTR DS:[76A65004]          ;  3ba1ea5.76A66400
76A628B1   > 3B85 68FBFFFF  CMP EAX,DWORD PTR SS:[EBP-498]
76A628B7   .0F83 40060000  JNB 3ba1ea5.76A62EFD
76A628BD   . 8338 00        CMP DWORD PTR DS:[EAX],0
76A628C0   .0F84 25060000  JE 3ba1ea5.76A62EEB
76A628C6   . 8B85 90FBFFFF  MOV EAX,DWORD PTR SS:[EBP-470]
76A628CC   . 2B85 80FBFFFF  SUB EAX,DWORD PTR SS:[EBP-480]
76A628D2   . 8985 64FBFFFF  MOV DWORD PTR SS:[EBP-49C],EAX
76A628D8   . 8985 8CFBFFFF  MOV DWORD PTR SS:[EBP-474],EAX
76A628DE   . 8B85 A0FBFFFF  MOV EAX,DWORD PTR SS:[EBP-460]
76A628E4   . 6BC0 34        IMUL EAX,EAX,34
76A628E7   . 8985 7CFBFFFF  MOV DWORD PTR SS:[EBP-484],EAX
76A628ED   . 8B88 8870A676  MOV ECX,DWORD PTR DS:[EAX+76A67088]
76A628F3   . 49             DEC ECX
76A628F4   . 49             DEC ECX
76A628F5   . 33DB           XOR EBX,EBX
76A628F7   . 43             INC EBX
76A628F8   . D3E3           SHL EBX,CL
76A628FA   . 0FAF9D 8CFBFFF>IMUL EBX,DWORD PTR SS:[EBP-474]
76A62901   . 899D 8CFBFFFF  MOV DWORD PTR SS:[EBP-474],EBX
76A62907   . 0398 7070A676  ADD EBX,DWORD PTR DS:[EAX+76A67070]
76A6290D   . 899D 8CFBFFFF  MOV DWORD PTR SS:[EBP-474],EBX
76A62913   . FF35 0050A676  PUSH DWORD PTR DS:[76A65000]             ;  3ba1ea5.76A66C40
76A62919   . 8D85 60FBFFFF  LEA EAX,DWORD PTR SS:[EBP-4A0]
76A6291F   . 50             PUSH EAX
76A62920   . 53             PUSH EBX
76A62921   . 6A FF          PUSH -1
76A62923   . FF15 4050A676  CALL DWORD PTR DS:[76A65040]             ;  3ba1ea5.76A64263
76A62929   . 85C0           TEST EAX,EAX
76A6292B   .0F84 E7020000  JE 3ba1ea5.76A62C18
76A62931   . A1 E484A676    MOV EAX,DWORD PTR DS:[76A684E4]
76A62936   . 8B1D 0450A676  MOV EBX,DWORD PTR DS:[76A65004]          ;  3ba1ea5.76A66400
76A6293C   . 85C0           TEST EAX,EAX
76A6293E   .0F84 77020000  JE 3ba1ea5.76A62BBB
76A62944   . 8B4B 04        MOV ECX,DWORD PTR DS:[EBX+4]
76A62947   . 8B15 0050A676  MOV EDX,DWORD PTR DS:[76A65000]          ;  3ba1ea5.76A66C40
76A6294D   . 3B4A 04        CMP ECX,DWORD PTR DS:[EDX+4]
76A62950   .75 38          JNZ SHORT 3ba1ea5.76A6298A
76A62952   . 8B85 90FBFFFF  MOV EAX,DWORD PTR SS:[EBP-470]
76A62958   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
76A6295A   . 0185 9CFBFFFF  ADD DWORD PTR SS:[EBP-464],EAX
76A62960   . 803D 7450A676 >CMP BYTE PTR DS:[76A65074],0
76A62967   .0F84 7E050000  JE 3ba1ea5.76A62EEB
76A6296D   . 8B85 64FBFFFF  MOV EAX,DWORD PTR SS:[EBP-49C]
76A62973   . C1F8 02        SAR EAX,2
76A62976   . 8B8D 74FBFFFF  MOV ECX,DWORD PTR SS:[EBP-48C]
76A6297C   . 8B0481         MOV EAX,DWORD PTR DS:[ECX+EAX*4]
76A6297F   . 0185 98FBFFFF  ADD DWORD PTR SS:[EBP-468],EAX
76A62985   .E9 61050000    JMP 3ba1ea5.76A62EEB
76A6298A   > 85C0           TEST EAX,EAX
76A6298C   .0F84 29020000  JE 3ba1ea5.76A62BBB
76A62992   . 837B 04 00     CMP DWORD PTR DS:[EBX+4],0
76A62996   .0F84 1F020000  JE 3ba1ea5.76A62BBB
76A6299C   . 83BD 9CFBFFFF >CMP DWORD PTR SS:[EBP-464],0
76A629A3   .75 0D          JNZ SHORT 3ba1ea5.76A629B2
76A629A5   . 83BD 98FBFFFF >CMP DWORD PTR SS:[EBP-468],0
76A629AC   .0F84 09020000  JE 3ba1ea5.76A62BBB
76A629B2   > 803D 7450A676 >CMP BYTE PTR DS:[76A65074],0
76A629B9   .75 30          JNZ SHORT 3ba1ea5.76A629EB
76A629BB   . FF73 04        PUSH DWORD PTR DS:[EBX+4]
76A629BE   . 83C3 14        ADD EBX,14
76A629C1   . 53             PUSH EBX
76A629C2   . 8B85 7CFBFFFF  MOV EAX,DWORD PTR SS:[EBP-484]
76A629C8   . FFB0 8C70A676  PUSH DWORD PTR DS:[EAX+76A6708C]
76A629CE   . FFB5 9CFBFFFF  PUSH DWORD PTR SS:[EBP-464]
76A629D4   . 68 6013A676    PUSH 3ba1ea5.76A61360                    ;  ASCII
    continued below

    i had no idea how many people in ca are on mpgh...i went in a game, and there was a room called "lol2much fly hack" and everybody had it...it was fun...



  9. 07-28-2009 #23
    phobovien
    phobovien is offline
    Newbie
    phobovien's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    60
    Reputation
    10
    Thanks
    11
    My Mood
    Mellow
    Send a message via Birdie™ to phobovien
    Turns out Perx Doesnt work either i just tried
  10. 07-28-2009 #24
    jamestoles69
    jamestoles69 is offline
    Choob
    jamestoles69's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    usa
    Posts
    33
    Reputation
    10
    Thanks
    1
    Send a message via Birdie™ to jamestoles69
    Bypasss by neverborn is patched. So is kizz.dll and Drgn.dll (which i think is just kizz.dll renamed...its same size file..)

    So basically this means no wallhack/chams, no LOLZ2MUCH fly, no MHS engine..
  11. 07-28-2009 #25
    Grim
    Grim is offline
    Threadstarter
    MPGH Lord
    MPGH Member
    Grim's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    5,359
    Reputation
    112
    Thanks
    3,786
    My Mood
    Cynical
    Send a message via Birdie™ to Grim United States
    Quote Originally Posted by kcfreak View Post
    yeh i wouldnt try anything until after the patch, it wouldnt b worth doing all that just for them to patch it all over
    i agree but theres nothin bad about an early start
    Want to see my programs?
    \/ CLICK IT BITCHES \/
  12. 07-28-2009 #26
    lolz2much
    lolz2much is offline
    Expert Member
    MPGH Member
    lolz2much's Avatar
    Join Date
    Jan 2009
    Gender
    male
    Posts
    743
    Reputation
    28
    Thanks
    807
    My Mood
    Amused
    Send a message via Birdie™ to lolz2much United States
    Code:
    "

ÀNtQuerySystemInformation
76A6388F  ³. 3BC3           CMP EAX,EBX
76A63891  ³.7D 15          JGE SHORT 3ba1ea5.76A638A8
76A63893  ³> 50             PUSH EAX
76A63894  ³. FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A6389A  ³. 50             PUSH EAX                                 ; ÚError
76A6389B  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A638A1  ³. 33C0           XOR EAX,EAX
76A638A3  ³.E9 1A010000    JMP 3ba1ea5.76A639C2
76A638A8  ³> 57             PUSH EDI
76A638A9  ³. BF 00100000    MOV EDI,1000
76A638AE  ³. 57             PUSH EDI
76A638AF  ³. 53             PUSH EBX
76A638B0  ³. 8B1D 6010A676  MOV EBX,DWORD PTR DS:[<&KERNEL32.LocalAl>;  kernel32.LocalAlloc
76A638B6  ³. 897D 0C        MOV DWORD PTR SS:[EBP+C],EDI
76A638B9  ³.EB 40          JMP SHORT 3ba1ea5.76A638FB
76A638BB  ³> 8D45 FC        ÚLEA EAX,DWORD PTR SS:[EBP-4]
76A638BE  ³. 50             ³PUSH EAX
76A638BF  ³. FF75 0C        ³PUSH DWORD PTR SS:[EBP+C]
76A638C2  ³. FF75 F8        ³PUSH DWORD PTR SS:[EBP-8]
76A638C5  ³. 6A 05          ³PUSH 5
76A638C7  ³. FFD6           ³CALL ESI
76A638C9  ³. 85C0           ³TEST EAX,EAX
76A638CB  ³. 8945 F4        ³MOV DWORD PTR SS:[EBP-C],EAX
76A638CE  ³.7D 3E          ³JGE SHORT 3ba1ea5.76A6390E
76A638D0  ³. FF75 F8        ³PUSH DWORD PTR SS:[EBP-8]               ; ÚhMemory
76A638D3  ³. FF15 5C10A676  ³CALL DWORD PTR DS:[<&KERNEL32.LocalFree>; ÀLocalFree
76A638D9  ³. 817D F4 040000>³CMP DWORD PTR SS:[EBP-C],C0000004
76A638E0  ³.0F85 C9000000  ³JNZ 3ba1ea5.76A639AF
76A638E6  ³. 8B45 FC        ³MOV EAX,DWORD PTR SS:[EBP-4]
76A638E9  ³. 3B45 0C        ³CMP EAX,DWORD PTR SS:[EBP+C]
76A638EC  ³.76 05          ³JBE SHORT 3ba1ea5.76A638F3
76A638EE  ³. 8945 0C        ³MOV DWORD PTR SS:[EBP+C],EAX
76A638F1  ³.EB 03          ³JMP SHORT 3ba1ea5.76A638F6
76A638F3  ³> 017D 0C        ³ADD DWORD PTR SS:[EBP+C],EDI
76A638F6  ³> FF75 0C        ³PUSH DWORD PTR SS:[EBP+C]
76A638F9  ³. 6A 00          ³PUSH 0
76A638FB  ³> FFD3            CALL EBX
76A638FD  ³. 85C0           ³TEST EAX,EAX
76A638FF  ³. 8945 F8        ³MOV DWORD PTR SS:[EBP-8],EAX
76A63902  ³.75 B7          ÀJNZ SHORT 3ba1ea5.76A638BB
76A63904  ³. 68 9A0000C0    PUSH C000009A
76A63909  ³.E9 A4000000    JMP 3ba1ea5.76A639B2
76A6390E  ³> 8365 0C 00     AND DWORD PTR SS:[EBP+C],0
76A63912  ³. 8B45 F8        MOV EAX,DWORD PTR SS:[EBP-8]
76A63915  ³. 33F6           XOR ESI,ESI
76A63917  ³. 33FF           XOR EDI,EDI
76A63919  ³. B9 B8000000    MOV ECX,0B8
76A6391E  ³.EB 19          JMP SHORT 3ba1ea5.76A63939
76A63920  ³> 8B10           ÚMOV EDX,DWORD PTR DS:[EAX]
76A63922  ³. FF45 0C        ³INC DWORD PTR SS:[EBP+C]
76A63925  ³. 0370 04        ³ADD ESI,DWORD PTR DS:[EAX+4]
76A63928  ³. 0378 4C        ³ADD EDI,DWORD PTR DS:[EAX+4C]
76A6392B  ³. 85D2           ³TEST EDX,EDX
76A6392D  ³.74 0F          ³JE SHORT 3ba1ea5.76A6393E
76A6392F  ³. 3B55 FC        ³CMP EDX,DWORD PTR SS:[EBP-4]
76A63932  ³.77 0A          ³JA SHORT 3ba1ea5.76A6393E
76A63934  ³. 2955 FC        ³SUB DWORD PTR SS:[EBP-4],EDX
76A63937  ³. 0300           ³ADD EAX,DWORD PTR DS:[EAX]
76A63939  ³> 394D FC         CMP DWORD PTR SS:[EBP-4],ECX
76A6393C  ³.77 E2          ÀJA SHORT 3ba1ea5.76A63920
76A6393E  ³> FF75 F8        PUSH DWORD PTR SS:[EBP-8]                ; ÚhMemory
76A63941  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A63947  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A6394A  ³. 8B8D 9CFEFFFF  MOV ECX,DWORD PTR SS:[EBP-164]
76A63950  ³. 8B95 DCFEFFFF  MOV EDX,DWORD PTR SS:[EBP-124]
76A63956  ³. 8948 04        MOV DWORD PTR DS:[EAX+4],ECX
76A63959  ³. 8B8D A0FEFFFF  MOV ECX,DWORD PTR SS:[EBP-160]
76A6395F  ³. 8948 08        MOV DWORD PTR DS:[EAX+8],ECX
76A63962  ³. 8B8D A4FEFFFF  MOV ECX,DWORD PTR SS:[EBP-15C]
76A63968  ³. 8948 0C        MOV DWORD PTR DS:[EAX+C],ECX
76A6396B  ³. 8B4D D4        MOV ECX,DWORD PTR SS:[EBP-2C]
76A6396E  ³. 8948 10        MOV DWORD PTR DS:[EAX+10],ECX
76A63971  ³. 8B8D 98FEFFFF  MOV ECX,DWORD PTR SS:[EBP-168]
76A63977  ³. 8948 14        MOV DWORD PTR DS:[EAX+14],ECX
76A6397A  ³. 8B4D B8        MOV ECX,DWORD PTR SS:[EBP-48]
76A6397D  ³. 8948 18        MOV DWORD PTR DS:[EAX+18],ECX
76A63980  ³. 8B8D E0FEFFFF  MOV ECX,DWORD PTR SS:[EBP-120]
76A63986  ³. 8948 24        MOV DWORD PTR DS:[EAX+24],ECX
76A63989  ³. 8D1C11         LEA EBX,DWORD PTR DS:[ECX+EDX]
76A6398C  ³. 8B4D D0        MOV ECX,DWORD PTR SS:[EBP-30]
76A6398F  ³. 8948 28        MOV DWORD PTR DS:[EAX+28],ECX
76A63992  ³. 8B4D 0C        MOV ECX,DWORD PTR SS:[EBP+C]
76A63995  ³. C700 38000000  MOV DWORD PTR DS:[EAX],38
76A6399B  ³. 8958 1C        MOV DWORD PTR DS:[EAX+1C],EBX
76A6399E  ³. 8950 20        MOV DWORD PTR DS:[EAX+20],EDX
76A639A1  ³. 8978 2C        MOV DWORD PTR DS:[EAX+2C],EDI
76A639A4  ³. 8948 30        MOV DWORD PTR DS:[EAX+30],ECX
76A639A7  ³. 8970 34        MOV DWORD PTR DS:[EAX+34],ESI
76A639AA  ³. 33C0           XOR EAX,EAX
76A639AC  ³. 40             INC EAX
76A639AD  ³.EB 12          JMP SHORT 3ba1ea5.76A639C1
76A639AF  ³> FF75 F4        PUSH DWORD PTR SS:[EBP-C]
76A639B2  ³> FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A639B8  ³. 50             PUSH EAX                                 ; ÚError
76A639B9  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A639BF  ³. 33C0           XOR EAX,EAX
76A639C1  ³> 5F             POP EDI
76A639C2  ³> 5E             POP ESI
76A639C3  ³. 5B             POP EBX
76A639C4  ³> C9             LEAVE
76A639C5  À. C2 0800        RETN 8
76A639C8     CC             INT3
76A639C9     CC             INT3
76A639CA     CC             INT3
76A639CB     CC             INT3
76A639CC     CC             INT3
76A639CD >Ú$ 8BFF           MOV EDI,EDI
76A639CF  ³. 55             PUSH EBP
76A639D0  ³. 8BEC           MOV EBP,ESP
76A639D2  ³. 83EC 20        SUB ESP,20
76A639D5  ³. 53             PUSH EBX
76A639D6  ³. 56             PUSH ESI
76A639D7  ³. 57             PUSH EDI
76A639D8  ³. 8B3D 6010A676  MOV EDI,DWORD PTR DS:[<&KERNEL32.LocalAl>;  kernel32.LocalAlloc
76A639DE  ³. BE 00100000    MOV ESI,1000
76A639E3  ³. 8BDE           MOV EBX,ESI
76A639E5  ³. 56             PUSH ESI
76A639E6  ³.EB 3A          JMP SHORT 3ba1ea5.76A63A22
76A639E8  ³> 8D45 FC        ÚLEA EAX,DWORD PTR SS:[EBP-4]
76A639EB  ³. 50             ³PUSH EAX                                ; ÚpReqsize
76A639EC  ³. 53             ³PUSH EBX                                ; ³Bufsize
76A639ED  ³. FF75 F8        ³PUSH DWORD PTR SS:[EBP-8]               ; ³Buffer
76A639F0  ³. 6A 12          ³PUSH 12                                 ; ³InfoType = SystemPageFileInformation
76A639F2  ³. FF15 E010A676  ³CALL DWORD PTR DS:[<&ntdll.NtQuerySyste>; ÀZwQuerySystemInformation
76A639F8  ³. 85C0           ³TEST EAX,EAX
76A639FA  ³. 8945 F4        ³MOV DWORD PTR SS:[EBP-C],EAX
76A639FD  ³.7D 35          ³JGE SHORT 3ba1ea5.76A63A34
76A639FF  ³. FF75 F8        ³PUSH DWORD PTR SS:[EBP-8]               ; ÚhMemory
76A63A02  ³. FF15 5C10A676  ³CALL DWORD PTR DS:[<&KERNEL32.LocalFree>; ÀLocalFree
76A63A08  ³. 817D F4 040000>³CMP DWORD PTR SS:[EBP-C],C0000004
76A63A0F  ³.0F85 89000000  ³JNZ 3ba1ea5.76A63A9E
76A63A15  ³. 395D FC        ³CMP DWORD PTR SS:[EBP-4],EBX
76A63A18  ³.76 05          ³JBE SHORT 3ba1ea5.76A63A1F
76A63A1A  ³. 8B5D FC        ³MOV EBX,DWORD PTR SS:[EBP-4]
76A63A1D  ³.EB 02          ³JMP SHORT 3ba1ea5.76A63A21
76A63A1F  ³> 03DE           ³ADD EBX,ESI
76A63A21  ³> 53             ³PUSH EBX
76A63A22  ³> 6A 00           PUSH 0
76A63A24  ³. FFD7           ³CALL EDI
76A63A26  ³. 85C0           ³TEST EAX,EAX
76A63A28  ³. 8945 F8        ³MOV DWORD PTR SS:[EBP-8],EAX
76A63A2B  ³.75 BB          ÀJNZ SHORT 3ba1ea5.76A639E8
76A63A2D  ³. 68 9A0000C0    PUSH C000009A
76A63A32  ³.EB 6D          JMP SHORT 3ba1ea5.76A63AA1
76A63A34  ³> 8B75 F8        MOV ESI,DWORD PTR SS:[EBP-8]
76A63A37  ³.EB 51          JMP SHORT 3ba1ea5.76A63A8A
76A63A39  ³> 8365 E4 00     ÚAND DWORD PTR SS:[EBP-1C],0
76A63A3D  ³. C745 E0 140000>³MOV DWORD PTR SS:[EBP-20],14
76A63A44  ³. 8B46 04        ³MOV EAX,DWORD PTR DS:[ESI+4]
76A63A47  ³. 8945 E8        ³MOV DWORD PTR SS:[EBP-18],EAX
76A63A4A  ³. 8B46 08        ³MOV EAX,DWORD PTR DS:[ESI+8]
76A63A4D  ³. 8945 EC        ³MOV DWORD PTR SS:[EBP-14],EAX
76A63A50  ³. 8B46 0C        ³MOV EAX,DWORD PTR DS:[ESI+C]
76A63A53  ³. 8945 F0        ³MOV DWORD PTR SS:[EBP-10],EAX
76A63A56  ³. 6A 3A          ³PUSH 3A                                 ; Úw = 003A  (':')
76A63A58  ³. FF76 14        ³PUSH DWORD PTR DS:[ESI+14]              ; ³wstr
76A63A5B  ³. FF15 9810A676  ³CALL DWORD PTR DS:[<&ntdll.wcschr>]     ; Àwcschr
76A63A61  ³. 85C0           ³TEST EAX,EAX
76A63A63  ³. 59             ³POP ECX
76A63A64  ³. 59             ³POP ECX
76A63A65  ³.74 13          ³JE SHORT 3ba1ea5.76A63A7A
76A63A67  ³. 3B46 14        ³CMP EAX,DWORD PTR DS:[ESI+14]
76A63A6A  ³.76 0E          ³JBE SHORT 3ba1ea5.76A63A7A
76A63A6C  ³. 83C0 FE        ³ADD EAX,-2
76A63A6F  ³. 50             ³PUSH EAX
76A63A70  ³. 8D45 E0        ³LEA EAX,DWORD PTR SS:[EBP-20]
76A63A73  ³. 50             ³PUSH EAX
76A63A74  ³. FF75 0C        ³PUSH DWORD PTR SS:[EBP+C]
76A63A77  ³. FF55 08        ³CALL DWORD PTR SS:[EBP+8]
76A63A7A  ³> 8B06           ³MOV EAX,DWORD PTR DS:[ESI]
76A63A7C  ³. 85C0           ³TEST EAX,EAX
76A63A7E  ³.74 10          ³JE SHORT 3ba1ea5.76A63A90
76A63A80  ³. 3B45 FC        ³CMP EAX,DWORD PTR SS:[EBP-4]
76A63A83  ³.77 0B          ³JA SHORT 3ba1ea5.76A63A90
76A63A85  ³. 2945 FC        ³SUB DWORD PTR SS:[EBP-4],EAX
76A63A88  ³. 0336           ³ADD ESI,DWORD PTR DS:[ESI]
76A63A8A  ³> 837D FC 18      CMP DWORD PTR SS:[EBP-4],18
76A63A8E  ³.77 A9          ÀJA SHORT 3ba1ea5.76A63A39
76A63A90  ³> FF75 F8        PUSH DWORD PTR SS:[EBP-8]                ; ÚhMemory
76A63A93  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A63A99  ³. 33C0           XOR EAX,EAX
76A63A9B  ³. 40             INC EAX
76A63A9C  ³.EB 12          JMP SHORT 3ba1ea5.76A63AB0
76A63A9E  ³> FF75 F4        PUSH DWORD PTR SS:[EBP-C]
76A63AA1  ³> FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A63AA7  ³. 50             PUSH EAX                                 ; ÚError
76A63AA8  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A63AAE  ³. 33C0           XOR EAX,EAX
76A63AB0  ³> 5F             POP EDI
76A63AB1  ³. 5E             POP ESI
76A63AB2  ³. 5B             POP EBX
76A63AB3  ³. C9             LEAVE
76A63AB4  À. C2 0800        RETN 8
76A63AB7     CC             INT3
76A63AB8     CC             INT3
76A63AB9     CC             INT3
76A63ABA     CC             INT3
76A63ABB     CC             INT3
76A63ABC     8BFF           MOV EDI,EDI
76A63ABE  Ú. 55             PUSH EBP
76A63ABF  ³. 8BEC           MOV EBP,ESP
76A63AC1  ³. 53             PUSH EBX
76A63AC2  ³. 56             PUSH ESI
76A63AC3  ³. 57             PUSH EDI
76A63AC4  ³. FF75 10        PUSH DWORD PTR SS:[EBP+10]               ; Ús
76A63AC7  ³. FF15 9410A676  CALL DWORD PTR DS:[<&ntdll.wcslen>]      ; Àwcslen
76A63ACD  ³. 8BF0           MOV ESI,EAX
76A63ACF  ³. 59             POP ECX
76A63AD0  ³. 46             INC ESI
76A63AD1  ³. 56             PUSH ESI                                 ; ÚSize
76A63AD2  ³. 33FF           XOR EDI,EDI                              ; ³
76A63AD4  ³. 57             PUSH EDI                                 ; ³Flags => LMEM_FIXED
76A63AD5  ³. FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A63ADB  ³. 8BD8           MOV EBX,EAX
76A63ADD  ³. 3BDF           CMP EBX,EDI
76A63ADF  ³.75 15          JNZ SHORT 3ba1ea5.76A63AF6
76A63AE1  ³. 68 9A0000C0    PUSH C000009A
76A63AE6  ³. FF15 E410A676  CALL DWORD PTR DS:[<&ntdll.RtlNtStatusTo>;  ntdll.RtlNtStatusToDosError
76A63AEC  ³. 8B4D 08        MOV ECX,DWORD PTR SS:[EBP+8]
76A63AEF  ³. 8941 08        MOV DWORD PTR DS:[ECX+8],EAX
76A63AF2  ³. 33C0           XOR EAX,EAX
76A63AF4  ³.EB 3A          JMP SHORT 3ba1ea5.76A63B30
76A63AF6  ³> 57             PUSH EDI                                 ; ÚpDefaultCharUsed
76A63AF7  ³. 57             PUSH EDI                                 ; ³pDefaultChar
76A63AF8  ³. 56             PUSH ESI                                 ; ³MultiByteCount
76A63AF9  ³. 53             PUSH EBX                                 ; ³MultiByteStr
76A63AFA  ³. 6A FF          PUSH -1                                  ; ³WideCharCount = FFFFFFFF (-1.)
76A63AFC  ³. FF75 10        PUSH DWORD PTR SS:[EBP+10]               ; ³WideCharStr
76A63AFF  ³. 57             PUSH EDI                                 ; ³Options
76A63B00  ³. 57             PUSH EDI                                 ; ³CodePage
76A63B01  ³. FF15 6810A676  CALL DWORD PTR DS:[<&KERNEL32.WideCharTo>; ÀWideCharToMultiByte
76A63B07  ³. 85C0           TEST EAX,EAX
76A63B09  ³.74 10          JE SHORT 3ba1ea5.76A63B1B
76A63B0B  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A63B0E  ³. 53             PUSH EBX
76A63B0F  ³. FF75 0C        PUSH DWORD PTR SS:[EBP+C]
76A63B12  ³. FF30           PUSH DWORD PTR DS:[EAX]
76A63B14  ³. FF50 04        CALL DWORD PTR DS:[EAX+4]
76A63B17  ³. 8BF8           MOV EDI,EAX
76A63B19  ³.EB 0C          JMP SHORT 3ba1ea5.76A63B27
76A63B1B  ³> FF15 3810A676  CALL DWORD PTR DS:[<&KERNEL32.GetLastErr>; [GetLastError
76A63B21  ³. 8B4D 08        MOV ECX,DWORD PTR SS:[EBP+8]
76A63B24  ³. 8941 08        MOV DWORD PTR DS:[ECX+8],EAX
76A63B27  ³> 53             PUSH EBX                                 ; ÚhMemory
76A63B28  ³. FF15 5C10A676  CALL DWORD PTR DS:[<&KERNEL32.LocalFree>>; ÀLocalFree
76A63B2E  ³. 8BC7           MOV EAX,EDI
76A63B30  ³> 5F             POP EDI
76A63B31  ³. 5E             POP ESI
76A63B32  ³. 5B             POP EBX
76A63B33  ³. 5D             POP EBP
76A63B34  À. C2 0C00        RETN 0C
76A63B37     CC             INT3
76A63B38     CC             INT3
76A63B39     CC             INT3
76A63B3A     CC             INT3
76A63B3B     CC             INT3
76A63B3C >   8BFF           MOV EDI,EDI
76A63B3E  Ú. 55             PUSH EBP
76A63B3F  ³. 8BEC           MOV EBP,ESP
76A63B41  ³. 83EC 0C        SUB ESP,0C
76A63B44  ³. 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]
76A63B47  ³. 8365 FC 00     AND DWORD PTR SS:[EBP-4],0
76A63B4B  ³. 8945 F4        MOV DWORD PTR SS:[EBP-C],EAX
76A63B4E  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A63B51  ³. 56             PUSH ESI
76A63B52  ³. 8945 F8        MOV DWORD PTR SS:[EBP-8],EAX
76A63B55  ³. 8D45 F4        LEA EAX,DWORD PTR SS:[EBP-C]
76A63B58  ³. 50             PUSH EAX                                 ; ÚArg2
76A63B59  ³. 68 BC3AA676    PUSH 3ba1ea5.76A63ABC                    ; ³Arg1 = 76A63ABC
76A63B5E  ³. E8 6AFEFFFF    CALL 3ba1ea5.EnumPageFilesW              ; ÀEnumPageFilesW
76A63B63  ³. 8BF0           MOV ESI,EAX
76A63B65  ³. 85F6           TEST ESI,ESI
76A63B67  ³.74 11          JE SHORT 3ba1ea5.76A63B7A
76A63B69  ³. 837D FC 00     CMP DWORD PTR SS:[EBP-4],0
76A63B6D  ³.74 0B          JE SHORT 3ba1ea5.76A63B7A
76A63B6F  ³. FF75 FC        PUSH DWORD PTR SS:[EBP-4]                ; ÚError
76A63B72  ³. 33F6           XOR ESI,ESI                              ; ³
76A63B74  ³. FF15 5810A676  CALL DWORD PTR DS:[<&KERNEL32.SetLastErr>; ÀSetLastError
76A63B7A  ³> 8BC6           MOV EAX,ESI
76A63B7C  ³. 5E             POP ESI
76A63B7D  ³. C9             LEAVE
76A63B7E  À. C2 0800        RETN 8
76A63B81     CC             INT3
76A63B82     CC             INT3
76A63B83     CC             INT3
76A63B84     CC             INT3
76A63B85     CC             INT3
76A63B86  Ú$ 8BFF           MOV EDI,EDI
76A63B88  ³. 55             PUSH EBP
76A63B89  ³. 8BEC           MOV EBP,ESP
76A63B8B  ³. 83EC 10        SUB ESP,10
76A63B8E  ³. A1 2050A676    MOV EAX,DWORD PTR DS:[76A65020]
76A63B93  ³. 85C0           TEST EAX,EAX
76A63B95  ³.74 07          JE SHORT 3ba1ea5.76A63B9E
76A63B97  ³. 3D 40BB0000    CMP EAX,0BB40
76A63B9C  ³.75 4D          JNZ SHORT 3ba1ea5.76A63BEB
76A63B9E  ³> 56             PUSH ESI
76A63B9F  ³. 8D45 F8        LEA EAX,DWORD PTR SS:[EBP-8]
76A63BA2  ³. 50             PUSH EAX                                 ; ÚpFileTime
76A63BA3  ³. FF15 2410A676  CALL DWORD PTR DS:[<&KERNEL32.GetSystemT>; ÀGetSystemTimeAsFileTime
76A63BA9  ³. 8B75 FC        MOV ESI,DWORD PTR SS:[EBP-4]
76A63BAC  ³. 3375 F8        XOR ESI,DWORD PTR SS:[EBP-8]
76A63BAF  ³. FF15 2810A676  CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; [GetCurrentProcessId
76A63BB5  ³. 33F0           XOR ESI,EAX
76A63BB7  ³. FF15 2C10A676  CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; [GetCurrentThreadId
76A63BBD  ³. 33F0           XOR ESI,EAX
76A63BBF  ³. FF15 3010A676  CALL DWORD PTR DS:[<&KERNEL32.GetTickCou>; [GetTickCount
76A63BC5  ³. 33F0           XOR ESI,EAX
76A63BC7  ³. 8D45 F0        LEA EAX,DWORD PTR SS:[EBP-10]
76A63BCA  ³. 50             PUSH EAX                                 ; ÚpPerformanceCount
76A63BCB  ³. FF15 3410A676  CALL DWORD PTR DS:[<&KERNEL32.QueryPerfo>; ÀQueryPerformanceCounter
76A63BD1  ³. 8B45 F4        MOV EAX,DWORD PTR SS:[EBP-C]
76A63BD4  ³. 3345 F0        XOR EAX,DWORD PTR SS:[EBP-10]
76A63BD7  ³. 33C6           XOR EAX,ESI
76A63BD9  ³. 25 FFFF0000    AND EAX,0FFFF
76A63BDE  ³. 5E             POP ESI
76A63BDF  ³.75 05          JNZ SHORT 3ba1ea5.76A63BE6
76A63BE1  ³. B8 40BB0000    MOV EAX,0BB40
76A63BE6  ³> A3 2050A676    MOV DWORD PTR DS:[76A65020],EAX
76A63BEB  ³> F7D0           NOT EAX
76A63BED  ³. A3 1C50A676    MOV DWORD PTR DS:[76A6501C],EAX
76A63BF2  ³. C9             LEAVE
76A63BF3  À. C3             RETN
76A63BF4     CC             INT3
76A63BF5     CC             INT3
76A63BF6     CC             INT3
76A63BF7     CC             INT3
76A63BF8     CC             INT3
76A63BF9   $ 3B0D 2050A676  CMP ECX,DWORD PTR DS:[76A65020]
76A63BFF   .75 09          JNZ SHORT 3ba1ea5.76A63C0A
76A63C01   . F7C1 0000FFFF  TEST ECX,FFFF0000
76A63C07   .75 01          JNZ SHORT 3ba1ea5.76A63C0A
76A63C09   . C3             RETN
76A63C0A   >E9 21000000    JMP 3ba1ea5.76A63C30
76A63C0F     CC             INT3
76A63C10     CC             INT3
76A63C11     CC             INT3
76A63C12     CC             INT3
76A63C13     CC             INT3
76A63C14  Ú$ 8BFF           MOV EDI,EDI
76A63C16  ³. 55             PUSH EBP
76A63C17  ³. 8BEC           MOV EBP,ESP
76A63C19  ³. 837D 0C 01     CMP DWORD PTR SS:[EBP+C],1
76A63C1D  ³.75 05          JNZ SHORT 3ba1ea5.76A63C24
76A63C1F  ³. E8 62FFFFFF    CALL 3ba1ea5.76A63B86
76A63C24  ³> 33C0           XOR EAX,EAX
76A63C26  ³. 40             INC EAX
76A63C27  ³. 5D             POP EBP
76A63C28  À. C2 0C00        RETN 0C
76A63C2B     CC             INT3
76A63C2C     CC             INT3
76A63C2D     CC             INT3
76A63C2E     CC             INT3
76A63C2F     CC             INT3
76A63C30   > 8BFF           MOV EDI,EDI
76A63C32   . 55             PUSH EBP
76A63C33   . 8BEC           MOV EBP,ESP
76A63C35   . 81EC 20030000  SUB ESP,320
76A63C3B   . 57             PUSH EDI
76A63C3C   . A3 8051A676    MOV DWORD PTR DS:[76A65180],EAX
76A63C41   . 890D 7C51A676  MOV DWORD PTR DS:[76A6517C],ECX
76A63C47   . 8915 7851A676  MOV DWORD PTR DS:[76A65178],EDX
76A63C4D   . 891D 7451A676  MOV DWORD PTR DS:[76A65174],EBX
76A63C53   . 8935 7051A676  MOV DWORD PTR DS:[76A65170],ESI
76A63C59   . 893D 6C51A676  MOV DWORD PTR DS:[76A6516C],EDI
76A63C5F   . 66:8C15 9851A6>MOV WORD PTR DS:[76A65198],SS
76A63C66   . 66:8C0D 8C51A6>MOV WORD PTR DS:[76A6518C],CS
76A63C6D   . 66:8C1D 6851A6>MOV WORD PTR DS:[76A65168],DS
76A63C74   . 66:8C05 6451A6>MOV WORD PTR DS:[76A65164],ES
76A63C7B   . 66:8C25 6051A6>MOV WORD PTR DS:[76A65160],FS
76A63C82   . 66:8C2D 5C51A6>MOV WORD PTR DS:[76A6515C],GS
76A63C89   . 9C             PUSHFD
76A63C8A   . 8F05 9051A676  POP DWORD PTR DS:[76A65190]
76A63C90   . 8B45 04        MOV EAX,DWORD PTR SS:[EBP+4]
76A63C93   . 8D4D 04        LEA ECX,DWORD PTR SS:[EBP+4]
76A63C96   . 83C1 04        ADD ECX,4
76A63C99   . 890D 9451A676  MOV DWORD PTR DS:[76A65194],ECX
76A63C9F   . A3 8851A676    MOV DWORD PTR DS:[76A65188],EAX
76A63CA4   . C705 D050A676 >MOV DWORD PTR DS:[76A650D0],10001
76A63CAE   . 8D4D 04        LEA ECX,DWORD PTR SS:[EBP+4]
76A63CB1   . 8B49 FC        MOV ECX,DWORD PTR DS:[ECX-4]
76A63CB4   . A3 8C50A676    MOV DWORD PTR DS:[76A6508C],EAX
76A63CB9   . A1 2050A676    MOV EAX,DWORD PTR DS:[76A65020]
76A63CBE   . 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A63CC1   . A1 1C50A676    MOV EAX,DWORD PTR DS:[76A6501C]
76A63CC6   . 33FF           XOR EDI,EDI
76A63CC8   . 47             INC EDI
76A63CC9   . 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A63CCC   . 6A 00          PUSH 0                                   ; ÚpTopLevelFilter = NULL
76A63CCE   . 890D 8451A676  MOV DWORD PTR DS:[76A65184],ECX          ; ³
76A63CD4   . C705 8050A676 >MOV DWORD PTR DS:[76A65080],C0000409     ; ³
76A63CDE   . 893D 8450A676  MOV DWORD PTR DS:[76A65084],EDI          ; ³
76A63CE4   . FF15 1410A676  CALL DWORD PTR DS:[<&KERNEL32.SetUnhandl>; ÀSetUnhandledExceptionFilter
76A63CEA   . 68 2C14A676    PUSH 3ba1ea5.76A6142C                    ; ÚpExceptionInfo = 3ba1ea5.76A6142C
76A63CEF   . FF15 1810A676  CALL DWORD PTR DS:[<&KERNEL32.UnhandledE>; ÀUnhandledExceptionFilter
76A63CF5   . 68 090400C0    PUSH C0000409                            ; ÚExitCode = C0000409 (-1073740791.)
76A63CFA   . 89BD E0FCFFFF  MOV DWORD PTR SS:[EBP-320],EDI           ; ³
76A63D00   . FF15 1C10A676  CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; ³[GetCurrentProcess
76A63D06   . 50             PUSH EAX                                 ; ³hProcess
76A63D07   . FF15 2010A676  CALL DWORD PTR DS:[<&KERNEL32.TerminateP>; ÀTerminateProcess
76A63D0D   . 5F             POP EDI
76A63D0E   . C9             LEAVE
76A63D0F   . C3             RETN
76A63D10     CC             INT3
76A63D11     CC             INT3
76A63D12     CC             INT3
76A63D13     CC             INT3
76A63D14     CC             INT3
76A63D15     CC             INT3
76A63D16     CC             INT3
76A63D17     CC             INT3
76A63D18  Ú$ 68 E03DA676    PUSH 3ba1ea5.76A63DE0
76A63D1D  ³. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
76A63D23  ³. 50             PUSH EAX
76A63D24  ³. 8B4424 10      MOV EAX,DWORD PTR SS:[ESP+10]
76A63D28  ³. 896C24 10      MOV DWORD PTR SS:[ESP+10],EBP
76A63D2C  ³. 8D6C24 10      LEA EBP,DWORD PTR SS:[ESP+10]
76A63D30  ³. 2BE0           SUB ESP,EAX
76A63D32  ³. 53             PUSH EBX
76A63D33  ³. 56             PUSH ESI
76A63D34  ³. 57             PUSH EDI
76A63D35  ³. 8B45 F8        MOV EAX,DWORD PTR SS:[EBP-8]
76A63D38  ³. 8965 E8        MOV DWORD PTR SS:[EBP-18],ESP
76A63D3B  ³. 50             PUSH EAX
76A63D3C  ³. 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-4]
76A63D3F  ³. C745 FC FFFFFF>MOV DWORD PTR SS:[EBP-4],-1
76A63D46  ³. 8945 F8        MOV DWORD PTR SS:[EBP-8],EAX
76A63D49  ³. 8D45 F0        LEA EAX,DWORD PTR SS:[EBP-10]
76A63D4C  ³. 64:A3 00000000 MOV DWORD PTR FS:[0],EAX
76A63D52  À. C3             RETN
76A63D53  Ú$ 8B4D F0        MOV ECX,DWORD PTR SS:[EBP-10]
76A63D56  ³. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
76A63D5D  ³. 59             POP ECX
76A63D5E  ³. 5F             POP EDI
76A63D5F  ³. 5E             POP ESI
76A63D60  ³. 5B             POP EBX
76A63D61  ³. C9             LEAVE
76A63D62  ³. 51             PUSH ECX
76A63D63  À. C3             RETN
76A63D64     CC             INT3
76A63D65     CC             INT3
76A63D66     CC             INT3
76A63D67     CC             INT3
76A63D68     CC             INT3
76A63D69     CC             INT3
76A63D6A     CC             INT3
76A63D6B     CC             INT3
76A63D6C     CC             INT3
76A63D6D     CC             INT3
76A63D6E     CC             INT3
76A63D6F     CC             INT3
76A63D70  Ú$ 53             PUSH EBX
76A63D71  ³. 56             PUSH ESI
76A63D72  ³. 8B4424 18      MOV EAX,DWORD PTR SS:[ESP+18]
76A63D76  ³. 0BC0           OR EAX,EAX
76A63D78  ³.75 18          JNZ SHORT 3ba1ea5.76A63D92
76A63D7A  ³. 8B4C24 14      MOV ECX,DWORD PTR SS:[ESP+14]
76A63D7E  ³. 8B4424 10      MOV EAX,DWORD PTR SS:[ESP+10]
76A63D82  ³. 33D2           XOR EDX,EDX
76A63D84  ³. F7F1           DIV ECX
76A63D86  ³. 8BD8           MOV EBX,EAX
76A63D88  ³. 8B4424 0C      MOV EAX,DWORD PTR SS:[ESP+C]
76A63D8C  ³. F7F1           DIV ECX
76A63D8E  ³. 8BD3           MOV EDX,EBX
76A63D90  ³.EB 41          JMP SHORT 3ba1ea5.76A63DD3
76A63D92  ³> 8BC8           MOV ECX,EAX
76A63D94  ³. 8B5C24 14      MOV EBX,DWORD PTR SS:[ESP+14]
76A63D98  ³. 8B5424 10      MOV EDX,DWORD PTR SS:[ESP+10]
76A63D9C  ³. 8B4424 0C      MOV EAX,DWORD PTR SS:[ESP+C]
76A63DA0  ³> D1E9           ÚSHR ECX,1
76A63DA2  ³. D1DB           ³RCR EBX,1
76A63DA4  ³. D1EA           ³SHR EDX,1
76A63DA6  ³. D1D8           ³RCR EAX,1
76A63DA8  ³. 0BC9           ³OR ECX,ECX
76A63DAA  ³.75 F4          ÀJNZ SHORT 3ba1ea5.76A63DA0
76A63DAC  ³. F7F3           DIV EBX
76A63DAE  ³. 8BF0           MOV ESI,EAX
76A63DB0  ³. F76424 18      MUL DWORD PTR SS:[ESP+18]
76A63DB4  ³. 8BC8           MOV ECX,EAX
76A63DB6  ³. 8B4424 14      MOV EAX,DWORD PTR SS:[ESP+14]
76A63DBA  ³. F7E6           MUL ESI
76A63DBC  ³. 03D1           ADD EDX,ECX
76A63DBE  ³.72 0E          JB SHORT 3ba1ea5.76A63DCE
76A63DC0  ³. 3B5424 10      CMP EDX,DWORD PTR SS:[ESP+10]
76A63DC4  ³.77 08          JA SHORT 3ba1ea5.76A63DCE
76A63DC6  ³.72 07          JB SHORT 3ba1ea5.76A63DCF
76A63DC8  ³. 3B4424 0C      CMP EAX,DWORD PTR SS:[ESP+C]
76A63DCC  ³.76 01          JBE SHORT 3ba1ea5.76A63DCF
76A63DCE  ³> 4E             DEC ESI
76A63DCF  ³> 33D2           XOR EDX,EDX
76A63DD1  ³. 8BC6           MOV EAX,ESI
76A63DD3  ³> 5E             POP ESI
76A63DD4  ³. 5B             POP EBX
76A63DD5  À. C2 1000        RETN 10
76A63DD8   . 56             PUSH ESI
76A63DD9   . 43             INC EBX
76A63DDA   . 3230           XOR DH,BYTE PTR DS:[EAX]
76A63DDC   . 58             POP EAX
76A63DDD   . 43             INC EBX
76A63DDE   . 3030           XOR BYTE PTR DS:[EAX],DH
76A63DE0  Ú. 55             PUSH EBP
76A63DE1  ³. 8BEC           MOV EBP,ESP
76A63DE3  ³. 83EC 08        SUB ESP,8
76A63DE6  ³. 53             PUSH EBX
76A63DE7  ³. 56             PUSH ESI
76A63DE8  ³. 57             PUSH EDI
76A63DE9  ³. 55             PUSH EBP
76A63DEA  ³. FC             CLD
76A63DEB  ³. 8B5D 0C        MOV EBX,DWORD PTR SS:[EBP+C]
76A63DEE  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A63DF1  ³. F740 04 060000>TEST DWORD PTR DS:[EAX+4],6
76A63DF8  ³.0F85 AB000000  JNZ 3ba1ea5.76A63EA9
76A63DFE  ³. 8945 F8        MOV DWORD PTR SS:[EBP-8],EAX
76A63E01  ³. 8B45 10        MOV EAX,DWORD PTR SS:[EBP+10]
76A63E04  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A63E07  ³. 8D45 F8        LEA EAX,DWORD PTR SS:[EBP-8]
76A63E0A  ³. 8943 FC        MOV DWORD PTR DS:[EBX-4],EAX
76A63E0D  ³. 8B73 0C        MOV ESI,DWORD PTR DS:[EBX+C]
76A63E10  ³. 8B7B 08        MOV EDI,DWORD PTR DS:[EBX+8]
76A63E13  ³. 53             PUSH EBX
76A63E14  ³. E8 01020000    CALL 3ba1ea5.76A6401A
76A63E19  ³. 83C4 04        ADD ESP,4
76A63E1C  ³. 0BC0           OR EAX,EAX
76A63E1E  ³.74 7B          JE SHORT 3ba1ea5.76A63E9B
76A63E20  ³> 83FE FF        ÚCMP ESI,-1
76A63E23  ³.74 7D          ³JE SHORT 3ba1ea5.76A63EA2
76A63E25  ³. 8D0C76         ³LEA ECX,DWORD PTR DS:[ESI+ESI*2]
76A63E28  ³. 8B448F 04      ³MOV EAX,DWORD PTR DS:[EDI+ECX*4+4]
76A63E2C  ³. 0BC0           ³OR EAX,EAX
76A63E2E  ³.74 59          ³JE SHORT 3ba1ea5.76A63E89
76A63E30  ³. 56             ³PUSH ESI
76A63E31  ³. 55             ³PUSH EBP
76A63E32  ³. 8D6B 10        ³LEA EBP,DWORD PTR DS:[EBX+10]
76A63E35  ³. 33DB           ³XOR EBX,EBX
76A63E37  ³. 33C9           ³XOR ECX,ECX
76A63E39  ³. 33D2           ³XOR EDX,EDX
76A63E3B  ³. 33F6           ³XOR ESI,ESI
76A63E3D  ³. 33FF           ³XOR EDI,EDI
76A63E3F  ³. FFD0           ³CALL EAX
76A63E41  ³. 5D             ³POP EBP
76A63E42  ³. 5E             ³POP ESI
76A63E43  ³. 8B5D 0C        ³MOV EBX,DWORD PTR SS:[EBP+C]
76A63E46  ³. 0BC0           ³OR EAX,EAX
76A63E48  ³.74 3F          ³JE SHORT 3ba1ea5.76A63E89
76A63E4A  ³.78 48          ³JS SHORT 3ba1ea5.76A63E94
76A63E4C  ³. 8B7B 08        ³MOV EDI,DWORD PTR DS:[EBX+8]
76A63E4F  ³. 53             ³PUSH EBX                                ; ÚArg1
76A63E50  ³. E8 AB000000    ³CALL 3ba1ea5.76A63F00                   ; À3ba1ea5.76A63F00
76A63E55  ³. 83C4 04        ³ADD ESP,4
76A63E58  ³. 8D6B 10        ³LEA EBP,DWORD PTR DS:[EBX+10]
76A63E5B  ³. 56             ³PUSH ESI
76A63E5C  ³. 53             ³PUSH EBX
76A63E5D  ³. E8 F9000000    ³CALL 3ba1ea5.76A63F5B
76A63E62  ³. 83C4 08        ³ADD ESP,8
76A63E65  ³. 8D0C76         ³LEA ECX,DWORD PTR DS:[ESI+ESI*2]
76A63E68  ³. 6A 01          ³PUSH 1
76A63E6A  ³. 8B448F 08      ³MOV EAX,DWORD PTR DS:[EDI+ECX*4+8]
76A63E6E  ³. E8 84010000    ³CALL 3ba1ea5.76A63FF7
76A63E73  ³. 8B048F         ³MOV EAX,DWORD PTR DS:[EDI+ECX*4]
76A63E76  ³. 8943 0C        ³MOV DWORD PTR DS:[EBX+C],EAX
76A63E79  ³. 8B448F 08      ³MOV EAX,DWORD PTR DS:[EDI+ECX*4+8]
76A63E7D  ³. 33DB           ³XOR EBX,EBX
76A63E7F  ³. 33C9           ³XOR ECX,ECX
76A63E81  ³. 33D2           ³XOR EDX,EDX
76A63E83  ³. 33F6           ³XOR ESI,ESI
76A63E85  ³. 33FF           ³XOR EDI,EDI
76A63E87  ³. FFD0           ³CALL EAX
76A63E89  ³> 8B7B 08        ³MOV EDI,DWORD PTR DS:[EBX+8]
76A63E8C  ³. 8D0C76         ³LEA ECX,DWORD PTR DS:[ESI+ESI*2]
76A63E8F  ³. 8B348F         ³MOV ESI,DWORD PTR DS:[EDI+ECX*4]
76A63E92  ³.EB 8C          ÀJMP SHORT 3ba1ea5.76A63E20
76A63E94  ³> B8 00000000    MOV EAX,0
76A63E99  ³.EB 23          JMP SHORT 3ba1ea5.76A63EBE
76A63E9B  ³> 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A63E9E  ³. 8348 04 08     OR DWORD PTR DS:[EAX+4],8
76A63EA2  ³> B8 01000000    MOV EAX,1
76A63EA7  ³.EB 15          JMP SHORT 3ba1ea5.76A63EBE
76A63EA9  ³> 55             PUSH EBP
76A63EAA  ³. 8D6B 10        LEA EBP,DWORD PTR DS:[EBX+10]
76A63EAD  ³. 6A FF          PUSH -1
76A63EAF  ³. 53             PUSH EBX
76A63EB0  ³. E8 A6000000    CALL 3ba1ea5.76A63F5B
76A63EB5  ³. 83C4 08        ADD ESP,8
76A63EB8  ³. 5D             POP EBP
76A63EB9  ³. B8 01000000    MOV EAX,1
76A63EBE  ³> 5D             POP EBP
76A63EBF  ³. 5F             POP EDI
76A63EC0  ³. 5E             POP ESI
76A63EC1  ³. 5B             POP EBX
76A63EC2  ³. 8BE5           MOV ESP,EBP
76A63EC4  ³. 5D             POP EBP
76A63EC5  À. C3             RETN
76A63EC6   . 55             PUSH EBP
76A63EC7   . 8B4C24 08      MOV ECX,DWORD PTR SS:[ESP+8]
76A63ECB   . 8B29           MOV EBP,DWORD PTR DS:[ECX]
76A63ECD   . 8B41 1C        MOV EAX,DWORD PTR DS:[ECX+1C]
76A63ED0   . 50             PUSH EAX
76A63ED1   . 8B41 18        MOV EAX,DWORD PTR DS:[ECX+18]
76A63ED4   . 50             PUSH EAX
76A63ED5   . E8 81000000    CALL 3ba1ea5.76A63F5B
76A63EDA   . 83C4 08        ADD ESP,8
76A63EDD   . 5D             POP EBP
76A63EDE   . C2 0400        RETN 4
76A63EE1     CC             INT3
76A63EE2     CC             INT3
76A63EE3     CC             INT3
76A63EE4     CC             INT3
76A63EE5     CC             INT3
76A63EE6   $FF25 DC10A676  JMP DWORD PTR DS:[<&ntdll.NtQueryVirtual>;  ntdll.ZwQueryVirtualMemory
76A63EEC     CC             INT3
76A63EED     CC             INT3
76A63EEE     CC             INT3
76A63EEF     CC             INT3
76A63EF0     CC             INT3
76A63EF1     CC             INT3
76A63EF2   $FF25 B010A676  JMP DWORD PTR DS:[<&ntdll.DbgPrint>]     ;  ntdll.DbgPrint
76A63EF8     CC             INT3
76A63EF9     CC             INT3
76A63EFA     CC             INT3
76A63EFB     CC             INT3
76A63EFC     CC             INT3
76A63EFD     CC             INT3
76A63EFE     CC             INT3
76A63EFF     CC             INT3
76A63F00  Ú$ 55             PUSH EBP
76A63F01  ³. 8BEC           MOV EBP,ESP
76A63F03  ³. 53             PUSH EBX
76A63F04  ³. 56             PUSH ESI
76A63F05  ³. 57             PUSH EDI
76A63F06  ³. 55             PUSH EBP
76A63F07  ³. 6A 00          PUSH 0                                   ; Ú_eax_value = 0
76A63F09  ³. 6A 00          PUSH 0                                   ; ³pExcptRec = NULL
76A63F0B  ³. 68 183FA676    PUSH 3ba1ea5.76A63F18                    ; ³ReturnAddr = 3ba1ea5.76A63F18
76A63F10  ³. FF75 08        PUSH DWORD PTR SS:[EBP+8]                ; ³pRegistrationFrame
76A63F13  ³. E8 2A030000    CALL <JMP.&ntdll.RtlUnwind>              ; ÀRtlUnwind
76A63F18  ³. 5D             POP EBP
76A63F19  ³. 5F             POP EDI
76A63F1A  ³. 5E             POP ESI
76A63F1B  ³. 5B             POP EBX
76A63F1C  ³. 8BE5           MOV ESP,EBP
76A63F1E  ³. 5D             POP EBP
76A63F1F  À. C3             RETN
76A63F20  Ú$ 8B4C24 04      MOV ECX,DWORD PTR SS:[ESP+4]             ;  Structured exception handler
76A63F24  ³. F741 04 060000>TEST DWORD PTR DS:[ECX+4],6
76A63F2B  ³. B8 01000000    MOV EAX,1
76A63F30  ³.74 28          JE SHORT 3ba1ea5.76A63F5A
76A63F32  ³. 8B4424 14      MOV EAX,DWORD PTR SS:[ESP+14]
76A63F36  ³. 55             PUSH EBP
76A63F37  ³. 8B68 10        MOV EBP,DWORD PTR DS:[EAX+10]
76A63F3A  ³. 8B50 28        MOV EDX,DWORD PTR DS:[EAX+28]
76A63F3D  ³. 52             PUSH EDX
76A63F3E  ³. 8B50 24        MOV EDX,DWORD PTR DS:[EAX+24]
76A63F41  ³. 52             PUSH EDX
76A63F42  ³. E8 14000000    CALL 3ba1ea5.76A63F5B
76A63F47  ³. 83C4 08        ADD ESP,8
76A63F4A  ³. 5D             POP EBP
76A63F4B  ³. 8B4424 08      MOV EAX,DWORD PTR SS:[ESP+8]
76A63F4F  ³. 8B5424 10      MOV EDX,DWORD PTR SS:[ESP+10]
76A63F53  ³. 8902           MOV DWORD PTR DS:[EDX],EAX
76A63F55  ³. B8 03000000    MOV EAX,3
76A63F5A  À> C3             RETN
76A63F5B  Ú$ 53             PUSH EBX
76A63F5C  ³. 56             PUSH ESI
76A63F5D  ³. 57             PUSH EDI
76A63F5E  ³. 8B4424 10      MOV EAX,DWORD PTR SS:[ESP+10]
76A63F62  ³. 55             PUSH EBP
76A63F63  ³. 50             PUSH EAX
76A63F64  ³. 6A FE          PUSH -2
76A63F66  ³. 68 203FA676    PUSH 3ba1ea5.76A63F20                    ;  SE handler installation
76A63F6B  ³. 64:FF35 000000>PUSH DWORD PTR FS:[0]
76A63F72  ³. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
76A63F79  ³> 8B4424 24      ÚMOV EAX,DWORD PTR SS:[ESP+24]
76A63F7D  ³. 8B58 08        ³MOV EBX,DWORD PTR DS:[EAX+8]
76A63F80  ³. 8B70 0C        ³MOV ESI,DWORD PTR DS:[EAX+C]
76A63F83  ³. 83FE FF        ³CMP ESI,-1
76A63F86  ³.74 35          ³JE SHORT 3ba1ea5.76A63FBD
76A63F88  ³. 837C24 28 FF   ³CMP DWORD PTR SS:[ESP+28],-1
76A63F8D  ³.74 06          ³JE SHORT 3ba1ea5.76A63F95
76A63F8F  ³. 3B7424 28      ³CMP ESI,DWORD PTR SS:[ESP+28]
76A63F93  ³.76 28          ³JBE SHORT 3ba1ea5.76A63FBD
76A63F95  ³> 8D3476         ³LEA ESI,DWORD PTR DS:[ESI+ESI*2]
76A63F98  ³. 8B0CB3         ³MOV ECX,DWORD PTR DS:[EBX+ESI*4]
76A63F9B  ³. 894C24 08      ³MOV DWORD PTR SS:[ESP+8],ECX
76A63F9F  ³. 8948 0C        ³MOV DWORD PTR DS:[EAX+C],ECX
76A63FA2  ³. 837CB3 04 00   ³CMP DWORD PTR DS:[EBX+ESI*4+4],0
76A63FA7  ³.75 12          ³JNZ SHORT 3ba1ea5.76A63FBB
76A63FA9  ³. 68 01010000    ³PUSH 101
76A63FAE  ³. 8B44B3 08      ³MOV EAX,DWORD PTR DS:[EBX+ESI*4+8]
76A63FB2  ³. E8 40000000    ³CALL 3ba1ea5.76A63FF7
76A63FB7  ³. FF54B3 08      ³CALL DWORD PTR DS:[EBX+ESI*4+8]
76A63FBB  ³>EB BC          ÀJMP SHORT 3ba1ea5.76A63F79
76A63FBD  ³> 64:8F05 000000>POP DWORD PTR FS:[0]
76A63FC4  ³. 83C4 10        ADD ESP,10
76A63FC7  ³. 5F             POP EDI
76A63FC8  ³. 5E             POP ESI
76A63FC9  ³. 5B             POP EBX
76A63FCA  À. C3             RETN
76A63FCB   . 33C0           XOR EAX,EAX
76A63FCD   . 64:8B0D 000000>MOV ECX,DWORD PTR FS:[0]
76A63FD4   . 8179 04 203FA6>CMP DWORD PTR DS:[ECX+4],3ba1ea5.76A63F2>;  Entry address
76A63FDB   .75 10          JNZ SHORT 3ba1ea5.76A63FED
76A63FDD   . 8B51 0C        MOV EDX,DWORD PTR DS:[ECX+C]
76A63FE0   . 8B52 0C        MOV EDX,DWORD PTR DS:[EDX+C]
76A63FE3   . 3951 08        CMP DWORD PTR DS:[ECX+8],EDX
76A63FE6   .75 05          JNZ SHORT 3ba1ea5.76A63FED
76A63FE8   . B8 01000000    MOV EAX,1
76A63FED   > C3             RETN
76A63FEE   . 53             PUSH EBX
76A63FEF   . 51             PUSH ECX
76A63FF0   . BB 3050A676    MOV EBX,3ba1ea5.76A65030
76A63FF5   .EB 0A          JMP SHORT 3ba1ea5.76A64001
76A63FF7  Ú$ 53             PUSH EBX
76A63FF8  ³. 51             PUSH ECX
76A63FF9  ³. BB 3050A676    MOV EBX,3ba1ea5.76A65030
76A63FFE  ³. 8B4D 08        MOV ECX,DWORD PTR SS:[EBP+8]
76A64001  ³> 894B 08        MOV DWORD PTR DS:[EBX+8],ECX
76A64004  ³. 8943 04        MOV DWORD PTR DS:[EBX+4],EAX
76A64007  ³. 896B 0C        MOV DWORD PTR DS:[EBX+C],EBP
76A6400A  ³. 55             PUSH EBP
76A6400B  ³. 51             PUSH ECX
76A6400C  ³. 50             PUSH EAX
76A6400D  ³. 58             POP EAX
76A6400E  ³. 59             POP ECX
76A6400F  ³. 5D             POP EBP
76A64010  ³. 59             POP ECX
76A64011  ³. 5B             POP EBX
76A64012  À. C2 0400        RETN 4
76A64015     CC             INT3
76A64016     CC             INT3
76A64017     CC             INT3
76A64018     CC             INT3
76A64019     CC             INT3
76A6401A  Ú$ 8BFF           MOV EDI,EDI
76A6401C  ³. 55             PUSH EBP
76A6401D  ³. 8BEC           MOV EBP,ESP
76A6401F  ³. 83EC 20        SUB ESP,20
76A64022  ³. 53             PUSH EBX
76A64023  ³. 56             PUSH ESI
76A64024  ³. 8B75 08        MOV ESI,DWORD PTR SS:[EBP+8]
76A64027  ³. 8B5E 08        MOV EBX,DWORD PTR DS:[ESI+8]
76A6402A  ³. F6C3 03        TEST BL,3
76A6402D  ³.75 1C          JNZ SHORT 3ba1ea5.76A6404B
76A6402F  ³. 64:A1 04000000 MOV EAX,DWORD PTR FS:[4]
76A64035  ³. 8945 08        MOV DWORD PTR SS:[EBP+8],EAX
76A64038  ³. 64:A1 08000000 MOV EAX,DWORD PTR FS:[8]
76A6403E  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A64041  ³. 3B5D FC        CMP EBX,DWORD PTR SS:[EBP-4]
76A64044  ³.72 0C          JB SHORT 3ba1ea5.76A64052
76A64046  ³. 3B5D 08        CMP EBX,DWORD PTR SS:[EBP+8]
76A64049  ³.73 07          JNB SHORT 3ba1ea5.76A64052
76A6404B  ³> 33C0           XOR EAX,EAX
76A6404D  ³.E9 E6010000    JMP 3ba1ea5.76A64238
76A64052  ³> 57             PUSH EDI
76A64053  ³. 8B7E 0C        MOV EDI,DWORD PTR DS:[ESI+C]
76A64056  ³. 83FF FF        CMP EDI,-1
76A64059  ³.75 08          JNZ SHORT 3ba1ea5.76A64063
76A6405B  ³> 33C0           XOR EAX,EAX
76A6405D  ³. 40             INC EAX
76A6405E  ³.E9 D4010000    JMP 3ba1ea5.76A64237
76A64063  ³> 33D2           XOR EDX,EDX
76A64065  ³. 8955 08        MOV DWORD PTR SS:[EBP+8],EDX
76A64068  ³. 8BC3           MOV EAX,EBX
76A6406A  ³> 8B08           ÚMOV ECX,DWORD PTR DS:[EAX]
76A6406C  ³. 83F9 FF        ³CMP ECX,-1
76A6406F  ³.74 04          ³JE SHORT 3ba1ea5.76A64075
76A64071  ³. 3BCA           ³CMP ECX,EDX
76A64073  ³.73 64          ³JNB SHORT 3ba1ea5.76A640D9
76A64075  ³> 8378 04 00     ³CMP DWORD PTR DS:[EAX+4],0
76A64079  ³.74 03          ³JE SHORT 3ba1ea5.76A6407E
76A6407B  ³. FF45 08        ³INC DWORD PTR SS:[EBP+8]
76A6407E  ³> 42             ³INC EDX
76A6407F  ³. 83C0 0C        ³ADD EAX,0C
76A64082  ³. 3BD7           ³CMP EDX,EDI
76A64084  ³.76 E4          ÀJBE SHORT 3ba1ea5.76A6406A
76A64086  ³. 837D 08 00     CMP DWORD PTR SS:[EBP+8],0
76A6408A  ³.74 0C          JE SHORT 3ba1ea5.76A64098
76A6408C  ³. 8B46 F8        MOV EAX,DWORD PTR DS:[ESI-8]
76A6408F  ³. 3B45 FC        CMP EAX,DWORD PTR SS:[EBP-4]
76A64092  ³.72 45          JB SHORT 3ba1ea5.76A640D9
76A64094  ³. 3BC6           CMP EAX,ESI
76A64096  ³.73 41          JNB SHORT 3ba1ea5.76A640D9
76A64098  ³> 8B0D A053A676  MOV ECX,DWORD PTR DS:[76A653A0]
76A6409E  ³. 8BF3           MOV ESI,EBX
76A640A0  ³. 81E6 00F0FFFF  AND ESI,FFFFF000
76A640A6  ³. 33C0           XOR EAX,EAX
76A640A8  ³. 85C9           TEST ECX,ECX
76A640AA  ³.7E 0E          JLE SHORT 3ba1ea5.76A640BA
76A640AC  ³> 393485 A853A67>ÚCMP DWORD PTR DS:[EAX*4+76A653A8],ESI
76A640B3  ³.74 2B          ³JE SHORT 3ba1ea5.76A640E0
76A640B5  ³. 40             ³INC EAX
76A640B6  ³. 3BC1           ³CMP EAX,ECX
76A640B8  ³.7C F2          ÀJL SHORT 3ba1ea5.76A640AC
76A640BA  ³> 8D45 08        LEA EAX,DWORD PTR SS:[EBP+8]
76A640BD  ³. 50             PUSH EAX
76A640BE  ³. 6A 1C          PUSH 1C
76A640C0  ³. 8D45 E0        LEA EAX,DWORD PTR SS:[EBP-20]
76A640C3  ³. 50             PUSH EAX
76A640C4  ³. 6A 00          PUSH 0
76A640C6  ³. 53             PUSH EBX
76A640C7  ³. 83CF FF        OR EDI,FFFFFFFF
76A640CA  ³. 57             PUSH EDI
76A640CB  ³. E8 16FEFFFF    CALL <JMP.&ntdll.NtQueryVirtualMemory>
76A640D0  ³. 85C0           TEST EAX,EAX
76A640D2  ³.7C 7C          JL SHORT 3ba1ea5.76A64150
76A640D4  ³. 8B45 08        MOV EAX,DWORD PTR SS:[EBP+8]
76A640D7  ³.EB 79          JMP SHORT 3ba1ea5.76A64152
76A640D9  ³> 33C0           XOR EAX,EAX
76A640DB  ³.E9 57010000    JMP 3ba1ea5.76A64237
76A640E0  ³> 85C0           TEST EAX,EAX
76A640E2  ³.0F8E 73FFFFFF  JLE 3ba1ea5.76A6405B
76A640E8  ³. 33D2           XOR EDX,EDX
76A640EA  ³. BB E853A676    MOV EBX,3ba1ea5.76A653E8
76A640EF  ³. 42             INC EDX
76A640F0  ³. 8BFB           MOV EDI,EBX
76A640F2  ³. 8717           XCHG DWORD PTR DS:[EDI],EDX
76A640F4  ³. 85D2           TEST EDX,EDX
76A640F6  ³.0F85 5FFFFFFF  JNZ 3ba1ea5.76A6405B
76A640FC  ³. 393485 A853A67>CMP DWORD PTR DS:[EAX*4+76A653A8],ESI
76A64103  ³.74 2A          JE SHORT 3ba1ea5.76A6412F
76A64105  ³. 8D41 FF        LEA EAX,DWORD PTR DS:[ECX-1]
76A64108  ³. 85C0           TEST EAX,EAX
76A6410A  ³.7C 10          JL SHORT 3ba1ea5.76A6411C
76A6410C  ³> 393485 A853A67>ÚCMP DWORD PTR DS:[EAX*4+76A653A8],ESI
76A64113  ³.74 03          ³JE SHORT 3ba1ea5.76A64118
76A64115  ³. 48             ³DEC EAX
76A64116  ³.79 F4          ÀJNS SHORT 3ba1ea5.76A6410C
76A64118  ³> 85C0           TEST EAX,EAX
76A6411A  ³.7D 11          JGE SHORT 3ba1ea5.76A6412D
76A6411C  ³> 83F9 10        CMP ECX,10
76A6411F  ³.7D 07          JGE SHORT 3ba1ea5.76A64128
76A64121  ³. 41             INC ECX
76A64122  ³. 890D A053A676  MOV DWORD PTR DS:[76A653A0],ECX
76A64128  ³> 8D41 FF        LEA EAX,DWORD PTR DS:[ECX-1]
76A6412B  ³.EB 02          JMP SHORT 3ba1ea5.76A6412F
76A6412D  ³>74 18          JE SHORT 3ba1ea5.76A64147
76A6412F  ³> 33D2           XOR EDX,EDX
76A64131  ³. 85C0           TEST EAX,EAX
76A64133  ³.7C 12          JL SHORT 3ba1ea5.76A64147
76A64135  ³> 8D0C95 A853A67>ÚLEA ECX,DWORD PTR DS:[EDX*4+76A653A8]
76A6413C  ³. 8B39           ³MOV EDI,DWORD PTR DS:[ECX]
76A6413E  ³. 42             ³INC EDX
76A6413F  ³. 3BD0           ³CMP EDX,EAX
76A64141  ³. 8931           ³MOV DWORD PTR DS:[ECX],ESI
76A64143  ³. 8BF7           ³MOV ESI,EDI
76A64145  ³.7E EE          ÀJLE SHORT 3ba1ea5.76A64135
76A64147  ³> 33C0           XOR EAX,EAX
76A64149  ³. 8703           XCHG DWORD PTR DS:[EBX],EAX
76A6414B  ³.E9 0BFFFFFF    JMP 3ba1ea5.76A6405B
76A64150  ³> 33C0           XOR EAX,EAX
76A64152  ³> 85C0           TEST EAX,EAX
76A64154  ³.0F84 DB000000  JE 3ba1ea5.76A64235
76A6415A  ³. 817D F8 000000>CMP DWORD PTR SS:[EBP-8],1000000
76A64161  ³.0F85 CE000000  JNZ 3ba1ea5.76A64235
76A64167  ³. F645 F4 CC     TEST BYTE PTR SS:[EBP-C],0CC
76A6416B  ³.74 5A          JE SHORT 3ba1ea5.76A641C7
76A6416D  ³. 8B4D E4        MOV ECX,DWORD PTR SS:[EBP-1C]
76A64170  ³. 66:8139 4D5A   CMP WORD PTR DS:[ECX],5A4D
76A64175  ³.0F85 BA000000  JNZ 3ba1ea5.76A64235
76A6417B  ³. 8B41 3C        MOV EAX,DWORD PTR DS:[ECX+3C]
76A6417E  ³. 03C1           ADD EAX,ECX
76A64180  ³. 8138 50450000  CMP DWORD PTR DS:[EAX],4550
76A64186  ³.0F85 A9000000  JNZ 3ba1ea5.76A64235
76A6418C  ³. 66:8178 18 0B0>CMP WORD PTR DS:[EAX+18],10B
76A64192  ³.0F85 9D000000  JNZ 3ba1ea5.76A64235
76A64198  ³. 2BD9           SUB EBX,ECX
76A6419A  ³. 66:8378 06 00  CMP WORD PTR DS:[EAX+6],0
76A6419F  ³. 0FB748 14      MOVZX ECX,WORD PTR DS:[EAX+14]
76A641A3  ³. 8D4C01 18      LEA ECX,DWORD PTR DS:[ECX+EAX+18]
76A641A7  ³.0F86 88000000  JBE 3ba1ea5.76A64235
76A641AD  ³. 8B41 0C        MOV EAX,DWORD PTR DS:[ECX+C]
76A641B0  ³. 3BD8           CMP EBX,EAX
76A641B2  ³.72 13          JB SHORT 3ba1ea5.76A641C7
76A641B4  ³. 8B51 08        MOV EDX,DWORD PTR DS:[ECX+8]
76A641B7  ³. 03D0           ADD EDX,EAX
76A641B9  ³. 3BDA           CMP EBX,EDX
76A641BB  ³.73 0A          JNB SHORT 3ba1ea5.76A641C7
76A641BD  ³. F641 27 80     TEST BYTE PTR DS:[ECX+27],80
76A641C1  ³.0F85 12FFFFFF  JNZ 3ba1ea5.76A640D9
76A641C7  ³> 33C0           XOR EAX,EAX
76A641C9  ³. 40             INC EAX
76A641CA  ³. 8BC8           MOV ECX,EAX
76A641CC  ³. BA E853A676    MOV EDX,3ba1ea5.76A653E8
76A641D1  ³. 870A           XCHG DWORD PTR DS:[EDX],ECX
76A641D3  ³. 85C9           TEST ECX,ECX
76A641D5  ³.75 60          JNZ SHORT 3ba1ea5.76A64237
76A641D7  ³. 8B0D A053A676  MOV ECX,DWORD PTR DS:[76A653A0]
76A641DD  ³. 85C9           TEST ECX,ECX
76A641DF  ³. 8BD1           MOV EDX,ECX
76A641E1  ³.7E 13          JLE SHORT 3ba1ea5.76A641F6
76A641E3  ³. 8D048D A453A67>LEA EAX,DWORD PTR DS:[ECX*4+76A653A4]
76A641EA  ³> 3930           ÚCMP DWORD PTR DS:[EAX],ESI
76A641EC  ³.74 08          ³JE SHORT 3ba1ea5.76A641F6
76A641EE  ³. 4A             ³DEC EDX
76A641EF  ³. 83E8 04        ³SUB EAX,4
76A641F2  ³. 85D2           ³TEST EDX,EDX
76A641F4  ³.7F F4          ÀJG SHORT 3ba1ea5.76A641EA
76A641F6  ³> 85D2           TEST EDX,EDX
76A641F8  ³.75 2D          JNZ SHORT 3ba1ea5.76A64227
76A641FA  ³. 6A 0F          PUSH 0F
76A641FC  ³. 5B             POP EBX
76A641FD  ³. 3BCB           CMP ECX,EBX
76A641FF  ³.7F 02          JG SHORT 3ba1ea5.76A64203
76A64201  ³. 8BD9           MOV EBX,ECX
76A64203  ³> 33D2           XOR EDX,EDX
76A64205  ³. 85DB           TEST EBX,EBX
76A64207  ³.7C 12          JL SHORT 3ba1ea5.76A6421B
76A64209  ³> 8D0495 A853A67>ÚLEA EAX,DWORD PTR DS:[EDX*4+76A653A8]
76A64210  ³. 8B38           ³MOV EDI,DWORD PTR DS:[EAX]
76A64212  ³. 42             ³INC EDX
76A64213  ³. 3BD3           ³CMP EDX,EBX
76A64215  ³. 8930           ³MOV DWORD PTR DS:[EAX],ESI
76A64217  ³. 8BF7           ³MOV ESI,EDI
76A64219  ³.7E EE          ÀJLE SHORT 3ba1ea5.76A64209
76A6421B  ³> 83F9 10        CMP ECX,10
76A6421E  ³.7D 07          JGE SHORT 3ba1ea5.76A64227
76A64220  ³. 41             INC ECX
76A64221  ³. 890D A053A676  MOV DWORD PTR DS:[76A653A0],ECX
76A64227  ³> 33C0           XOR EAX,EAX
76A64229  ³. B9 E853A676    MOV ECX,3ba1ea5.76A653E8
76A6422E  ³. 8701           XCHG DWORD PTR DS:[ECX],EAX
76A64230  ³.E9 26FEFFFF    JMP 3ba1ea5.76A6405B
76A64235  ³> 8BC7           MOV EAX,EDI
76A64237  ³> 5F             POP EDI
76A64238  ³> 5E             POP ESI
76A64239  ³. 5B             POP EBX
76A6423A  ³. C9             LEAVE
76A6423B  À. C3             RETN
76A6423C     CC             INT3
76A6423D     CC             INT3
76A6423E     CC             INT3
76A6423F     CC             INT3
76A64240     CC             INT3
76A64241     CC             INT3
76A64242   $FF25 9010A676  JMP DWORD PTR DS:[<&ntdll.RtlUnwind>]    ;  ntdll.RtlUnwind
76A64248   $ B8 5850A676    MOV EAX,3ba1ea5.76A65058
76A6424D   .E9 00000000    JMP 3ba1ea5.76A64252
76A64252   > 51             PUSH ECX
76A64253   . 52             PUSH EDX
76A64254   . 50             PUSH EAX                                 ; ÚArg2
76A64255   . 68 E844A676    PUSH 3ba1ea5.76A644E8                    ; ³Arg1 = 76A644E8
76A6425A   . E8 45000000    CALL 3ba1ea5.76A642A4                    ; À3ba1ea5.76A642A4
76A6425F   . 5A             POP EDX
76A64260   . 59             POP ECX
76A64261   . FFE0           JMP EAX
76A64263   $ B8 4050A676    MOV EAX,3ba1ea5.76A65040
76A64268   .E9 E5FFFFFF    JMP 3ba1ea5.76A64252
76A6426D   $ B8 4450A676    MOV EAX,3ba1ea5.76A65044
76A64272   .E9 DBFFFFFF    JMP 3ba1ea5.76A64252
76A64277   $ B8 4850A676    MOV EAX,3ba1ea5.76A65048
76A6427C   .E9 D1FFFFFF    JMP 3ba1ea5.76A64252
76A64281   $ B8 4C50A676    MOV EAX,3ba1ea5.76A6504C
76A64286   .E9 C7FFFFFF    JMP 3ba1ea5.76A64252
76A6428B   $ B8 5050A676    MOV EAX,3ba1ea5.76A65050
76A64290   .E9 BDFFFFFF    JMP 3ba1ea5.76A64252
76A64295   $ B8 5450A676    MOV EAX,3ba1ea5.76A65054
76A6429A   .E9 B3FFFFFF    JMP 3ba1ea5.76A64252
76A6429F     CC             INT3
76A642A0     CC             INT3
76A642A1     CC             INT3
76A642A2     CC             INT3
76A642A3     CC             INT3
76A642A4  Ú$ 55             PUSH EBP
76A642A5  ³. 8BEC           MOV EBP,ESP
76A642A7  ³. 83EC 44        SUB ESP,44
76A642AA  ³. 53             PUSH EBX
76A642AB  ³. B8 0000A676    MOV EAX,3ba1ea5.76A60000
76A642B0  ³. 56             PUSH ESI
76A642B1  ³. 8B75 08        MOV ESI,DWORD PTR SS:[EBP+8]
76A642B4  ³. 8B56 08        MOV EDX,DWORD PTR DS:[ESI+8]
76A642B7  ³. 8B4E 04        MOV ECX,DWORD PTR DS:[ESI+4]
76A642BA  ³. 8B5E 0C        MOV EBX,DWORD PTR DS:[ESI+C]
76A642BD  ³. 03D0           ADD EDX,EAX
76A642BF  ³. 57             PUSH EDI
76A642C0  ³. 8B7E 14        MOV EDI,DWORD PTR DS:[ESI+14]
76A642C3  ³. 03F8           ADD EDI,EAX
76A642C5  ³. 03C8           ADD ECX,EAX
76A642C7  ³. 8955 E8        MOV DWORD PTR SS:[EBP-18],EDX
76A642CA  ³. 8B56 10        MOV EDX,DWORD PTR DS:[ESI+10]
76A642CD  ³. 03D8           ADD EBX,EAX
76A642CF  ³. 03D0           ADD EDX,EAX
76A642D1  ³. 8B46 1C        MOV EAX,DWORD PTR DS:[ESI+1C]
76A642D4  ³. 8945 FC        MOV DWORD PTR SS:[EBP-4],EAX
76A642D7  ³. 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]
76A642DA  ³. 894D C8        MOV DWORD PTR SS:[EBP-38],ECX
76A642DD  ³. 33C9           XOR ECX,ECX
76A642DF  ³. 897D F4        MOV DWORD PTR SS:[EBP-C],EDI
76A642E2  ³. 8945 C4        MOV DWORD PTR SS:[EBP-3C],EAX
76A642E5  ³. 33C0           XOR EAX,EAX
76A642E7  ³. F706 01000000  TEST DWORD PTR DS:[ESI],1
76A642ED  ³. 8D7D D0        LEA EDI,DWORD PTR SS:[EBP-30]
76A642F0  ³. C745 BC 240000>MOV DWORD PTR SS:[EBP-44],24
76A642F7  ³. 8975 C0        MOV DWORD PTR SS:[EBP-40],ESI
76A642FA  ³. 894D CC        MOV DWORD PTR SS:[EBP-34],ECX
76A642FD  ³. AB             STOS DWORD PTR ES:[EDI]
76A642FE  ³. 894D D4        MOV DWORD PTR SS:[EBP-2C],ECX
76A64301  ³. 894D D8        MOV DWORD PTR SS:[EBP-28],ECX
76A64304  ³. 894D DC        MOV DWORD PTR SS:[EBP-24],ECX
76A64307  ³.75 1F          JNZ SHORT 3ba1ea5.76A64328
76A64309  ³. 8D45 BC        LEA EAX,DWORD PTR SS:[EBP-44]
76A6430C  ³. 8945 0C        MOV DWORD PTR SS:[EBP+C],EAX
76A6430F  ³. 8D45 0C        LEA EAX,DWORD PTR SS:[EBP+C]
76A64312  ³. 50             PUSH EAX                                 ; ÚpArguments
76A64313  ³. 6A 01          PUSH 1                                   ; ³nArguments = 1
76A64315  ³. 51             PUSH ECX                                 ; ³ExceptionFlags => EXCEPTION_CONTINUABLE
76A64316  ³. 68 57006DC0    PUSH C06D0057                            ; ³ExceptionCode = C06D0057
76A6431B  ³. FF15 7010A676  CALL DWORD PTR DS:[<&KERNEL32.RaiseExcep>; ÀRaiseException
76A64321  ³. 33C0           XOR EAX,EAX
76A64323  ³.E9 B8010000    JMP 3ba1ea5.76A644E0
76A64328  ³> 8B45 E8        MOV EAX,DWORD PTR SS:[EBP-18]
76A6432B  ³. 8B38           MOV EDI,DWORD PTR DS:[EAX]
76A6432D  ³. 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]
76A64330  ³. 2BC3           SUB EAX,EBX
76A64332  ³. C1F8 02        SAR EAX,2
76A64335  ³. C1E0 02        SHL EAX,2
76A64338  ³. 03D0           ADD EDX,EAX
76A6433A  ³. 8B12           MOV EDX,DWORD PTR DS:[EDX]
76A6433C  ³. 8945 08        MOV DWORD PTR SS:[EBP+8],EAX
76A6433F  ³. 8BC2           MOV EAX,EDX
76A64341  ³. C1E8 1F        SHR EAX,1F
76A64344  ³. F7D0           NOT EAX
76A64346  ³. 83E0 01        AND EAX,1
76A64349  ³. 8945 CC        MOV DWORD PTR SS:[EBP-34],EAX
76A6434C  ³.74 0B          JE SHORT 3ba1ea5.76A64359
76A6434E  ³. 8D82 0200A676  LEA EAX,DWORD PTR DS:[EDX+76A60002]
76A64354  ³. 8945 D0        MOV DWORD PTR SS:[EBP-30],EAX
76A64357  ³.EB 09          JMP SHORT 3ba1ea5.76A64362
76A64359  ³> 81E2 FFFF0000  AND EDX,0FFFF
76A6435F  ³. 8955 D0        MOV DWORD PTR SS:[EBP-30],EDX
76A64362  ³> A1 F853A676    MOV EAX,DWORD PTR DS:[76A653F8]
76A64367  ³. 33DB           XOR EBX,EBX
76A64369  ³. 3BC1           CMP EAX,ECX
76A6436B  ³.74 11          JE SHORT 3ba1ea5.76A6437E
76A6436D  ³. 8D55 BC        LEA EDX,DWORD PTR SS:[EBP-44]
76A64370  ³. 52             PUSH EDX
76A64371  ³. 51             PUSH ECX
76A64372  ³. FFD0           CALL EAX
76A64374  ³. 8BD8           MOV EBX,EAX
76A64376  ³. 85DB           TEST EBX,EBX
76A64378  ³.0F85 45010000  JNZ 3ba1ea5.76A644C3
76A6437E  ³> 85FF           TEST EDI,EDI
76A64380  ³.0F85 A2000000  JNZ 3ba1ea5.76A64428
76A64386  ³. A1 F853A676    MOV EAX,DWORD PTR DS:[76A653F8]
76A6438B  ³. 85C0           TEST EAX,EAX
76A6438D  ³.74 0E          JE SHORT 3ba1ea5.76A6439D
76A6438F  ³. 8D4D BC        LEA ECX,DWORD PTR SS:[EBP-44]
76A64392  ³. 51             PUSH ECX
76A64393  ³. 6A 01          PUSH 1
76A64395  ³. FFD0           CALL EAX
76A64397  ³. 8BF8           MOV EDI,EAX
76A64399  ³. 85FF           TEST EDI,EDI
76A6439B  ³.75 50          JNZ SHORT 3ba1ea5.76A643ED
76A6439D  ³> FF75 C8        PUSH DWORD PTR SS:[EBP-38]               ; ÚFileName
76A643A0  ³. FF15 0410A676  CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; ÀLoadLibraryA
76A643A6  ³. 8BF8           MOV EDI,EAX
76A643A8  ³. 85FF           TEST EDI,EDI
76A643AA  ³.75 41          JNZ SHORT 3ba1ea5.76A643ED
76A643AC  ³. FF15 3810A676  CALL DWORD PTR DS:[<&KERNEL32.GetLastErr>; [GetLastError
76A643B2  ³. 8945 DC        MOV DWORD PTR SS:[EBP-24],EAX
76A643B5  ³. A1 F453A676    MOV EAX,DWORD PTR DS:[76A653F4]
76A643BA  ³. 85C0           TEST EAX,EAX
76A643BC  ³.74 0E          JE SHORT 3ba1ea5.76A643CC
76A643BE  ³. 8D4D BC        LEA ECX,DWORD PTR SS:[EBP-44]
76A643C1  ³. 51             PUSH ECX
76A643C2  ³. 6A 03          PUSH 3
76A643C4  ³. FFD0           CALL EAX
76A643C6  ³. 8BF8           MOV EDI,EAX
76A643C8  ³. 85FF           TEST EDI,EDI
76A643CA  ³.75 21          JNZ SHORT 3ba1ea5.76A643ED
76A643CC  ³> 8D45 BC        LEA EAX,DWORD PTR SS:[EBP-44]
76A643CF  ³. 8945 0C        MOV DWORD PTR SS:[EBP+C],EAX
76A643D2  ³. 8D45 0C        LEA EAX,DWORD PTR SS:[EBP+C]
76A643D5  ³. 50             PUSH EAX                                 ; ÚpArguments
76A643D6  ³. 6A 01          PUSH 1                                   ; ³nArguments = 1
76A643D8  ³. 6A 00          PUSH 0                                   ; ³ExceptionFlags = EXCEPTION_CONTINUABLE
76A643DA  ³. 68 7E006DC0    PUSH C06D007E                            ; ³ExceptionCode = C06D007E
76A643DF  ³. FF15 7010A676  CALL DWORD PTR DS:[<&KERNEL32.RaiseExcep>; ÀRaiseException
76A643E5  ³. 8B45 D8        MOV EAX,DWORD PTR SS:[EBP-28]
76A643E8  ³.E9 F3000000    JMP 3ba1ea5.76A644E0
76A643ED  ³> 57             PUSH EDI                                 ; ÚNewValue
76A643EE  ³. FF75 E8        PUSH DWORD PTR SS:[EBP-18]               ; ³pTarget
76A643F1  ³. FF15 0810A676  CALL DWORD PTR DS:[<&KERNEL32.Interlocke>; ÀInterlockedExchange
76A643F7  ³. 3BC7           CMP EAX,EDI
76A643F9  ³.74 26          JE SHORT 3ba1ea5.76A64421
76A643FB  ³. 837E 18 00     CMP DWORD PTR DS:[ESI+18],0
76A643FF  ³.74 27          JE SHORT 3ba1ea5.76A64428
76A64401  ³. 6A 08          PUSH 8                                   ; ÚSize = 8
76A64403  ³. 6A 40          PUSH 40                                  ; ³Flags = LPTR
76A64405  ³. FF15 6010A676  CALL DWORD PTR DS:[<&KERNEL32.LocalAlloc>; ÀLocalAlloc
76A6440B  ³. 85C0           TEST EAX,EAX
76A6440D  ³.74 19          JE SHORT 3ba1ea5.76A64428
76A6440F  ³. 8970 04        MOV DWORD PTR DS:[EAX+4],ESI
76A64412  ³. 8B0D F053A676  MOV ECX,DWORD PTR DS:[76A653F0]
76A64418  ³. 8908           MOV DWORD PTR DS:[EAX],ECX
76A6441A  ³. A3 F053A676    MOV DWORD PTR DS:[76A653F0],EAX
76A6441F  ³.EB 07          JMP SHORT 3ba1ea5.76A64428
76A64421  ³> 57             PUSH EDI                                 ; ÚhLibModule
76A64422  ³. FF15 0C10A676  CALL DWORD PTR DS:[<&KERNEL32.FreeLibrar>; ÀFreeLibrary
76A64428  ³> A1 F853A676    MOV EAX,DWORD PTR DS:[76A653F8]
76A6442D  ³. 85C0           TEST EAX,EAX
76A6442F  ³. 897D D4        MOV DWORD PTR SS:[EBP-2C],EDI
76A64432  ³.74 0A          JE SHORT 3ba1ea5.76A6443E
76A64434  ³. 8D4D BC        LEA ECX,DWORD PTR SS:[EBP-44]
76A64437  ³. 51             PUSH ECX
76A64438  ³. 6A 02          PUSH 2
76A6443A  ³. FFD0           CALL EAX
76A6443C  ³. 8BD8           MOV EBX,EAX
76A6443E  ³> 85DB           TEST EBX,EBX
76A64440  ³.75 7C          JNZ SHORT 3ba1ea5.76A644BE
76A64442  ³. 395E 14        CMP DWORD PTR DS:[ESI+14],EBX
76A64445  ³.74 2C          JE SHORT 3ba1ea5.76A64473
76A64447  ³. 395E 1C        CMP DWORD PTR DS:[ESI+1C],EBX
76A6444A  ³.74 27          JE SHORT 3ba1ea5.76A64473
76A6444C  ³. 8B47 3C        MOV EAX,DWORD PTR DS:[EDI+3C]
76A6444F  ³. 03C7           ADD EAX,EDI
76A64451  ³. 8138 50450000  CMP DWORD PTR DS:[EAX],4550
76A64457  ³.75 1A          JNZ SHORT 3ba1ea5.76A64473
76A64459  ³. 8B4D FC        MOV ECX,DWORD PTR SS:[EBP-4]
76A6445C  ³. 3948 08        CMP DWORD PTR DS:[EAX+8],ECX
76A6445F  ³.75 12          JNZ SHORT 3ba1ea5.76A64473
76A64461  ³. 3B78 34        CMP EDI,DWORD PTR DS:[EAX+34]
76A64464  ³.75 0D          JNZ SHORT 3ba1ea5.76A64473
76A64466  ³. 8B45 F4        MOV EAX,DWORD PTR SS:[EBP-C]
76A64469  ³. 8B4D 08        MOV ECX,DWORD PTR SS:[EBP+8]
76A6446C  ³. 8B1C01         MOV EBX,DWORD PTR DS:[ECX+EAX]
76A6446F  ³. 85DB           TEST EBX,EBX
76A64471  ³.75 4B          JNZ SHORT 3ba1ea5.76A644BE
76A64473  ³> FF75 D0        PUSH DWORD PTR SS:[EBP-30]               ; ÚProcNameOrOrdinal
76A64476  ³. 57             PUSH EDI                                 ; ³hModule
76A64477  ³. FF15 1010A676  CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; ÀGetProcAddress
76A6447D  ³. 8BD8           MOV EBX,EAX
76A6447F  ³. 85DB           TEST EBX,EBX
76A64481  ³.75 3B          JNZ SHORT 3ba1ea5.76A644BE
76A64483  ³. FF15 3810A676  CALL DWORD PTR DS:[<&KERNEL32.GetLastErr>; [GetLastError
76A64489  ³. 8945 DC        MOV DWORD PTR SS:[EBP-24],EAX
76A6448C  ³. A1 F453A676    MOV EAX,DWORD PTR DS:[76A653F4]
76A64491  ³. 85C0           TEST EAX,EAX
76A64493  ³.74 0A          JE SHORT 3ba1ea5.76A6449F
76A64495  ³. 8D4D BC        LEA ECX,DWORD PTR SS:[EBP-44]
76A64498  ³. 51             PUSH ECX
76A64499  ³. 6A 04          PUSH 4
76A6449B  ³. FFD0           CALL EAX
76A6449D  ³. 8BD8           MOV EBX,EAX
76A6449F  ³> 85DB           TEST EBX,EBX
76A644A1  ³.75 1B          JNZ SHORT 3ba1ea5.76A644BE
76A644A3  ³. 8D45 BC        LEA EAX,DWORD PTR SS:[EBP-44]
76A644A6  ³. 8945 08        MOV DWORD PTR SS:[EBP+8],EAX
76A644A9  ³. 8D45 08        LEA EAX,DWORD PTR SS:[EBP+8]
76A644AC  ³. 50             PUSH EAX                                 ; ÚpArguments
76A644AD  ³. 6A 01          PUSH 1                                   ; ³nArguments = 1
76A644AF  ³. 53             PUSH EBX                                 ; ³ExceptionFlags
76A644B0  ³. 68 7F006DC0    PUSH C06D007F                            ; ³ExceptionCode = C06D007F
76A644B5  ³. FF15 7010A676  CALL DWORD PTR DS:[<&KERNEL32.RaiseExcep>; ÀRaiseException
76A644BB  ³. 8B5D D8        MOV EBX,DWORD PTR SS:[EBP-28]
76A644BE  ³> 8B45 0C        MOV EAX,DWORD PTR SS:[EBP+C]
76A644C1  ³. 8918           MOV DWORD PTR DS:[EAX],EBX
76A644C3  ³> A1 F853A676    MOV EAX,DWORD PTR DS:[76A653F8]
76A644C8  ³. 85C0           TEST EAX,EAX
76A644CA  ³.74 12          JE SHORT 3ba1ea5.76A644DE
76A644CC  ³. 8365 DC 00     AND DWORD PTR SS:[EBP-24],0
76A644D0  ³. 8D4D BC        LEA ECX,DWORD PTR SS:[EBP-44]
76A644D3  ³. 51             PUSH ECX
76A644D4  ³. 6A 05          PUSH 5
76A644D6  ³. 897D D4        MOV DWORD PTR SS:[EBP-2C],EDI
76A644D9  ³. 895D D8        MOV DWORD PTR SS:[EBP-28],EBX
76A644DC  ³. FFD0           CALL EAX
76A644DE  ³> 8BC3           MOV EAX,EBX
76A644E0  ³> 5F             POP EDI
76A644E1  ³. 5E             POP ESI
76A644E2  ³. 5B             POP EBX
76A644E3  ³. C9             LEAVE
76A644E4  À. C2 0800        RETN 8
76A644E7     CC             INT3
76A644E8     01             DB 01
76A644E9     00             DB 00
76A644EA     00             DB 00
76A644EB     00             DB 00
76A644EC     40             DB 40                                    ;  CHAR '@'
76A644ED     14             DB 14
76A644EE     00             DB 00
76A644EF     00             DB 00
76A644F0     EC             DB EC
76A644F1     53             DB 53                                    ;  CHAR 'S'
76A644F2     00             DB 00
76A644F3     00             DB 00
76A644F4   . 40 50 00       ASCII "@P",0
76A644F7     00             DB 00
76A644F8   . 28 45 00       ASCII "(E",0
76A644FB     00             DB 00
76A644FC     C8             DB C8
76A644FD     45             DB 45                                    ;  CHAR 'E'
76A644FE     00             DB 00
76A644FF     00             DB 00
76A64500     00             DB 00
76A64501     00             DB 00
76A64502     00             DB 00
76A64503     00             DB 00
76A64504     00             DB 00
76A64505     00             DB 00
76A64506     00             DB 00
76A64507     00             DB 00
76A64508     00             DB 00
76A64509     00             DB 00
76A6450A     00             DB 00
76A6450B     00             DB 00
76A6450C     00             DB 00
76A6450D     00             DB 00
76A6450E     00             DB 00
76A6450F     00             DB 00
76A64510     00             DB 00
76A64511     00             DB 00
76A64512     00             DB 00
76A64513     00             DB 00
76A64514     00             DB 00
76A64515     00             DB 00
76A64516     00             DB 00
76A64517     00             DB 00
76A64518     00             DB 00
76A64519     00             DB 00
76A6451A     00             DB 00
76A6451B     00             DB 00
76A6451C     00             DB 00
76A6451D     00             DB 00
76A6451E     00             DB 00
76A6451F     00             DB 00
76A64520     00             DB 00
76A64521     00             DB 00
76A64522     00             DB 00
76A64523     00             DB 00
76A64524     00             DB 00
76A64525     00             DB 00
76A64526     00             DB 00
76A64527     00             DB 00
76A64528   . 5A 45 00       ASCII "ZE",0
76A6452B     00             DB 00
76A6452C   . 6E 45 00       ASCII "nE",0
76A6452F     00             DB 00
76A64530     82             DB 82
76A64531     45             DB 45                                    ;  CHAR 'E'
76A64532     00             DB 00
76A64533     00             DB 00
76A64534     92             DB 92
76A64535     45             DB 45                                    ;  CHAR 'E'
76A64536     00             DB 00
76A64537     00             DB 00
76A64538     A6             DB A6
76A64539     45             DB 45                                    ;  CHAR 'E'
76A6453A     00             DB 00
76A6453B     00             DB 00
76A6453C     B6             DB B6
76A6453D     45             DB 45                                    ;  CHAR 'E'
76A6453E     00             DB 00
76A6453F     00             DB 00
76A64540   . 48 45 00       ASCII "HE",0
76A64543     00             DB 00
76A64544     00             DB 00
76A64545     00             DB 00
76A64546     00             DB 00
76A64547     00             DB 00
76A64548     00             DB 00
76A64549     00             DB 00
76A6454A   . 53 79 6D 55 6E>ASCII "SymUnloadModule",0
76A6455A     00             DB 00
76A6455B     00             DB 00
76A6455C   . 53 79 6D 47 65>ASCII "SymGetSymFromAdd"
76A6456C   . 72 00          ASCII "r",0
76A6456E     00             DB 00
76A6456F     00             DB 00
76A64570   . 53 79 6D 47 65>ASCII "SymGetModuleInfo"
76A64580   . 00             ASCII 0
76A64581     6C             DB 6C                                    ;  CHAR 'l'
76A64582     00             DB 00
76A64583     00             DB 00
76A64584   . 53 79 6D 4C 6F>ASCII "SymLoadModule",0
76A64592     00             DB 00
76A64593     00             DB 00
76A64594   . 53 79 6D 47 65>ASCII "SymGetSearchPath"
76A645A4   . 00             ASCII 0
76A645A5     6C             DB 6C                                    ;  CHAR 'l'
76A645A6     00             DB 00
76A645A7     00             DB 00
76A645A8   . 53 79 6D 49 6E>ASCII "SymInitialize",0
76A645B6     00             DB 00
76A645B7     00             DB 00
76A645B8   . 53 79 6D 53 65>ASCII "SymSetOptions",0
76A645C6     00             DB 00
76A645C7     00             DB 00
76A645C8     00             DB 00
76A645C9     00             DB 00
76A645CA     00             DB 00
76A645CB     00             DB 00
76A645CC     00             DB 00
76A645CD     00             DB 00
76A645CE     00             DB 00
76A645CF     00             DB 00
76A645D0     00             DB 00
76A645D1     00             DB 00
76A645D2     00             DB 00
76A645D3     00             DB 00
76A645D4     00             DB 00
76A645D5     00             DB 00
76A645D6     00             DB 00
76A645D7     00             DB 00
76A645D8     00             DB 00
76A645D9     00             DB 00
76A645DA     00             DB 00
76A645DB     00             DB 00
76A645DC     00             DB 00
76A645DD     00             DB 00
76A645DE     00             DB 00
76A645DF     00             DB 00
76A645E0     00             DB 00
76A645E1     00             DB 00
76A645E2     00             DB 00
76A645E3     00             DB 00
76A645E4     00             DB 00
76A645E5     00             DB 00
76A645E6     00             DB 00
76A645E7     00             DB 00
76A645E8   . B4460000       DD 000046B4                              ;  Struct 'IMAGE_IMPORT_DESCRIPTOR'
76A645EC   . FFFFFFFF       DD FFFFFFFF
76A645F0   . FFFFFFFF       DD FFFFFFFF
76A645F4   . 94480000       DD 00004894
76A645F8   . 90100000       DD 00001090
76A645FC   . 24460000       DD 00004624                              ;  Struct 'IMAGE_IMPORT_DESCRIPTOR'
76A64600   . FFFFFFFF       DD FFFFFFFF
76A64604   . FFFFFFFF       DD FFFFFFFF
76A64608   . EE4A0000       DD 00004AEE
76A6460C   . 00100000       DD 00001000
76A64610   . 00000000       DD 00000000                              ;  Struct 'IMAGE_IMPORT_DESCRIPTOR'
76A64614   . 00000000       DD 00000000
76A64618   . 00000000       DD 00000000
76A6461C   . 00000000       DD 00000000
76A64620   . 00000000       DD 00000000
76A64624   . 14490000       DD 00004914                              ;  Import lookup table for 'KERNEL32.dll'
76A64628   . 324B0000       DD 00004B32
76A6462C   . 1C4B0000       DD 00004B1C
76A64630   . 0E4B0000       DD 00004B0E
76A64634   . FC4A0000       DD 00004AFC
76A64638   . D04A0000       DD 00004AD0
76A6463C   . B44A0000       DD 00004AB4
76A64640   . A04A0000       DD 00004AA0
76A64644   . 8C4A0000       DD 00004A8C
76A64648   . 724A0000       DD 00004A72
76A6464C   . 5C4A0000       DD 00004A5C
76A64650   . 464A0000       DD 00004A46
76A64654   . 364A0000       DD 00004A36
76A64658   . 1C4A0000       DD 00004A1C
76A6465C   . 0C4A0000       DD 00004A0C
76A64660   . F0490000       DD 000049F0
76A64664   . DC490000       DD 000049DC
76A64668   . CC490000       DD 000049CC
76A6466C   . BA490000       DD 000049BA
76A64670   . AC490000       DD 000049AC
76A64674   . 9E490000       DD 0000499E
76A64678   . 8C490000       DD 0000498C
76A6467C   . AA480000       DD 000048AA
76A64680   . BA480000       DD 000048BA
76A64684   . C6480000       DD 000048C6
76A64688   . D4480000       DD 000048D4
76A6468C   . EA480000       DD 000048EA
76A64690   . 00490000       DD 00004900
76A64694   . 424B0000       DD 00004B42
76A64698   . 24490000       DD 00004924
76A6469C   . 40490000       DD 00004940
76A646A0   . 5C490000       DD 0000495C
76A646A4   . 68490000       DD 00004968
76A646A8   . 74490000       DD 00004974
76A646AC   . 80490000       DD 00004980
76A646B0   . 00000000       DD 00000000
76A646B4   . 9E480000       DD 0000489E                              ;  Import lookup table for 'ntdll.dll'
76A646B8   . 8A480000       DD 0000488A
76A646BC   . 80480000       DD 00004880
76A646C0   . 74480000       DD 00004874
76A646C4   . 6C480000       DD 0000486C
76A646C8   . 62480000       DD 00004862
76A646CC   . 52480000       DD 00004852
76A646D0   . 46480000       DD 00004846
76A646D4   . 3A480000       DD 0000483A
76A646D8   . 26480000       DD 00004826
76A646DC   . 10480000       DD 00004810
76A646E0   . F6470000       DD 000047F6
76A646E4   . DC470000       DD 000047DC
76A646E8   . CA470000       DD 000047CA
76A646EC   . B2470000       DD 000047B2
76A646F0   . A0470000       DD 000047A0
76A646F4   . 92470000       DD 00004792
76A646F8   . 78470000       DD 00004778
76A646FC   . 5C470000       DD 0000475C
76A64700   . 44470000       DD 00004744
76A64704   . 28470000       DD 00004728
76A64708   . 10470000       DD 00004710
76A6470C   . 00000000       DD 00000000
76A64710   . 0B03           DW 030B
76A64712   . 52 74 6C 4E 74>ASCII "RtlNtStatusToDos"
76A64722   . 45 72 72 6F 72>ASCII "Error",0
76A64728   . 3001           DW 0130
76A6472A   . 4E 74 51 75 65>ASCII "NtQuerySystemInf"
76A6473A   . 6F 72 6D 61 74>ASCII "ormation",0
76A64743   . 00             DB 00
76A64744   . 3501           DW 0135
76A64746   . 4E 74 51 75 65>ASCII "NtQueryVirtualMe"
76A64756   . 6D 6F 72 79 00>ASCII "mory",0
76A6475B   . 00             DB 00
76A6475C   . 1B01           DW 011B
76A6475E   . 4E 74 51 75 65>ASCII "NtQueryInformati"
76A6476E   . 6F 6E 50 72 6F>ASCII "onProcess",0
76A64778   . 6901           DW 0169
76A6477A   . 4E 74 53 65 74>ASCII "NtSetInformation"
76A6478A   . 50 72 6F 63 65>ASCII "Process",0
76A64792   . 9A01           DW 019A
76A64794   . 4E 74 57 72 69>ASCII "NtWriteFile",0
76A647A0   . 8001           DW 0180
76A647A2   . 4E 74 53 74 61>ASCII "NtStartProfile",0
76A647B1   . 00             DB 00
76A647B2   . 6C01           DW 016C
76A647B4   . 4E 74 53 65 74>ASCII "NtSetIntervalPro"
76A647C4   . 66 69 6C 65 00>ASCII "file",0
76A647C9   . 00             DB 00
76A647CA   . A900           DW 00A9
76A647CC   . 4E 74 43 72 65>ASCII "NtCreateProfile",0
76A647DC   . 8700           DW 0087
76A647DE   . 4E 74 41 6C 6C>ASCII "NtAllocateVirtua"
76A647EE   . 6C 4D 65 6D 6F>ASCII "lMemory",0
76A647F6   . 0003           DW 0300
76A647F8   . 52 74 6C 4D 75>ASCII "RtlMultiByteToUn"
76A64808   . 69 63 6F 64 65>ASCII "icodeN",0
76A6480F   . 00             DB 00
76A64810   . C001           DW 01C0
76A64812   . 52 74 6C 41 64>ASCII "RtlAdjustPrivile"
76A64822   . 67 65 00       ASCII "ge",0
76A64825   . 00             DB 00
76A64826   . 9103           DW 0391
76A64828   . 52 74 6C 55 6E>ASCII "RtlUnicodeToOemN"
76A64838   . 00             ASCII 0
76A64839   . 00             DB 00
76A6483A   . 1000           DW 0010
76A6483C   . 44 62 67 50 72>ASCII "DbgPrint",0
76A64845   . 00             DB 00
76A64846   . 0E05           DW 050E
76A64848   . 5F 73 6E 70 72>ASCII "_snprintf",0
76A64852   . 8101           DW 0181
76A64854   . 4E 74 53 74 6F>ASCII "NtStopProfile",0
76A64862   . 9000           DW 0090
76A64864   . 4E 74 43 6C 6F>ASCII "N***ose",0
76A6486C   . 2905           DW 0529
76A6486E   . 61 74 6F 69 00>ASCII "atoi",0
76A64873   . 00             DB 00
76A64874   . 1205           DW 0512
76A64876   . 5F 73 74 72 69>ASCII "_stricmp",0
76A6487F   . 00             DB 00
76A64880   . 6805           DW 0568
76A64882   . 77 63 73 63 68>ASCII "wcschr",0
76A64889   . 00             DB 00
76A6488A   . 6C05           DW 056C
76A6488C   . 77 63 73 6C 65>ASCII "wcslen",0
76A64893   . 00             DB 00
76A64894   . 6E 74 64 6C 6C>ASCII "ntdll.dll",0
76A6489E   . 9603           DW 0396
76A648A0   . 52 74 6C 55 6E>ASCII "RtlUnwind",0
76A648AA   . 2803           DW 0328
76A648AC   . 53 65 74 4C 61>ASCII "SetLastError",0
76A648B9   . 00             DB 00
76A648BA   . 5C02           DW 025C
76A648BC   . 4C 6F 63 61 6C>ASCII "LocalFree",0
76A648C6   . 5802           DW 0258
76A648C8   . 4C 6F 63 61 6C>ASCII "LocalAlloc",0
76A648D3   . 00             DB 00
76A648D4   . 7502           DW 0275
76A648D6   . 4D 75 6C 74 69>ASCII "MultiByteToWideC"
76A648E6   . 68 61 72 00    ASCII "har",0
76A648EA   . 9403           DW 0394
76A648EC   . 57 69 64 65 43>ASCII "WideCharToMultiB"
76A648FC   . 79 74 65 00    ASCII "yte",0
76A64900   . B802           DW 02B8
76A64902   . 52 65 61 64 50>ASCII "ReadProcessMemor"
76A64912   . 79 00          ASCII "y",0
76A64914   . C501           DW 01C5
76A64916   . 47 65 74 53 79>ASCII "GetSystemInfo",0
76A64924   . 3503           DW 0335
76A64926   . 53 65 74 50 72>ASCII "SetProcessWorkin"
76A64936   . 67 53 65 74 53>ASCII "gSetSize",0
76A6493F   . 00             DB 00
76A64940   . AC01           DW 01AC
76A64942   . 47 65 74 50 72>ASCII "GetProcessWorkin"
76A64952   . 67 53 65 74 53>ASCII "gSetSize",0
76A6495B   . 00             DB 00
76A6495C   . C603           DW 03C6
76A6495E   . 6C 73 74 72 63>ASCII "lstrcpyA",0
76A64967   . 00             DB 00
76A64968   . CC03           DW 03CC
76A6496A   . 6C 73 74 72 6C>ASCII "lstrlenA",0
76A64973   . 00             DB 00
76A64974   . 1602           DW 0216
76A64976   . 48 65 61 70 46>ASCII "HeapFree",0
76A6497F   . 00             DB 00
76A64980   . 1002           DW 0210
76A64982   . 48 65 61 70 41>ASCII "HeapAlloc",0
76A6498C   . A301           DW 01A3
76A6498E   . 47 65 74 50 72>ASCII "GetProcessHeap",0
76A6499D   . 00             DB 00
76A6499E   . 3400           DW 0034
76A649A0   . 43 6C 6F 73 65>ASCII "CloseHandle",0
76A649AC   . 5300           DW 0053
76A649AE   . 43 72 65 61 74>ASCII "CreateFileA",0
76A649BA   . 7103           DW 0371
76A649BC   . 55 6E 6D 61 70>ASCII "UnmapViewOfFile",0
76A649CC   . 6802           DW 0268
76A649CE   . 4D 61 70 56 69>ASCII "MapViewOfFile",0
76A649DC   . 8002           DW 0280
76A649DE   . 4F 70 65 6E 46>ASCII "OpenFileMappingA"
76A649EE   . 00             ASCII 0
76A649EF   . 00             DB 00
76A649F0   . 8B00           DW 008B
76A649F2   . 44 69 73 61 62>ASCII "DisableThreadLib"
76A64A02   . 72 61 72 79 43>ASCII "raryCalls",0
76A64A0C   . 7101           DW 0171
76A64A0E   . 47 65 74 4C 61>ASCII "GetLastError",0
76A64A1B   . 00             DB 00
76A64A1C   . A302           DW 02A3
76A64A1E   . 51 75 65 72 79>ASCII "QueryPerformance"
76A64A2E   . 43 6F 75 6E 74>ASCII "Counter",0
76A64A36   . DF01           DW 01DF
76A64A38   . 47 65 74 54 69>ASCII "GetTickCount",0
76A64A45   . 00             DB 00
76A64A46   . 4601           DW 0146
76A64A48   . 47 65 74 43 75>ASCII "GetCurrentThread"
76A64A58   . 49 64 00       ASCII "Id",0
76A64A5B   . 00             DB 00
76A64A5C   . 4301           DW 0143
76A64A5E   . 47 65 74 43 75>ASCII "GetCurrentProces"
76A64A6E   . 73 49 64 00    ASCII "sId",0
76A64A72   . CA01           DW 01CA
76A64A74   . 47 65 74 53 79>ASCII "GetSystemTimeAsF"
76A64A84   . 69 6C 65 54 69>ASCII "ileTime",0
76A64A8C   . 5E03           DW 035E
76A64A8E   . 54 65 72 6D 69>ASCII "TerminateProcess"
76A64A9E   . 00             ASCII 0
76A64A9F   . 00             DB 00
76A64AA0   . 4201           DW 0142
76A64AA2   . 47 65 74 43 75>ASCII "GetCurrentProces"
76A64AB2   . 73 00          ASCII "s",0
76A64AB4   . 6E03           DW 036E
76A64AB6   . 55 6E 68 61 6E>ASCII "UnhandledExcepti"
76A64AC6   . 6F 6E 46 69 6C>ASCII "onFilter",0
76A64ACF   . 00             DB 00
76A64AD0   . 4A03           DW 034A
76A64AD2   . 53 65 74 55 6E>ASCII "SetUnhandledExce"
76A64AE2   . 70 74 69 6F 6E>ASCII "ptionFilter",0
76A64AEE   . 4B 45 52 4E 45>ASCII "KERNEL32.dll",0
76A64AFB     00             DB 00
76A64AFC   . A001           DW 01A0
76A64AFE   . 47 65 74 50 72>ASCII "GetProcAddress",0
76A64B0D   . 00             DB 00
76A64B0E   . F800           DW 00F8
76A64B10   . 46 72 65 65 4C>ASCII "FreeLibrary",0
76A64B1C   . 2902           DW 0229
76A64B1E   . 49 6E 74 65 72>ASCII "InterlockedExcha"
76A64B2E   . 6E 67 65 00    ASCII "nge",0
76A64B32   . 5202           DW 0252
76A64B34   . 4C 6F 61 64 4C>ASCII "LoadLibraryA",0
76A64B41   . 00             DB 00
76A64B42   . A702           DW 02A7
76A64B44   . 52 61 69 73 65>ASCII "RaiseException",0
76A64B53   . 00             DB 00
76A64B54     00             DB 00
76A64B55     00             DB 00
76A64B56     00             DB 00
76A64B57     00             DB 00
76A64B58     00             DB 00
76A64B59     00             DB 00
76A64B5A     00             DB 00
76A64B5B     00             DB 00
76A64B5C     00             DB 00
76A64B5D     00             DB 00
76A64B5E     00             DB 00
76A64B5F     00             DB 00
76A64B60   . 00000000       DD 00000000                              ;  Struct 'IMAGE_EXPORT_DIRECTORY'
76A64B64   . F0474342       DD 424347F0
76A64B68   . 0000           DW 0000
76A64B6A   . 0000           DW 0000
76A64B6C   . 824C0000       DD 00004C82
76A64B70   . 01000000       DD 00000001
76A64B74   . 19000000       DD 00000019
76A64B78   . 19000000       DD 00000019
76A64B7C   . 884B0000       DD 00004B88
76A64B80   . EC4B0000       DD 00004BEC
76A64B84   . 504C0000       DD 00004C50
76A64B88   . 201E0000       DD 00001E20                              ;  Export Address Table
76A64B8C   . A3150000       DD 000015A3
76A64B90   . 3C3B0000       DD 00003B3C
76A64B94   . CD390000       DD 000039CD
76A64B98   . 8A1A0000       DD 00001A8A
76A64B9C   . A9340000       DD 000034A9
76A64BA0   . 48170000       DD 00001748
76A64BA4   . 23180000       DD 00001823
76A64BA8   . CD160000       DD 000016CD
76A64BAC   . C7170000       DD 000017C7
76A64BB0   . 45190000       DD 00001945
76A64BB4   . 7F180000       DD 0000187F
76A64BB8   . 2F1D0000       DD 00001D2F
76A64BBC   . B21C0000       DD 00001CB2
76A64BC0   . 4A1C0000       DD 00001C4A
76A64BC4   . CD1B0000       DD 00001BCD
76A64BC8   . 971D0000       DD 00001D97
76A64BCC   . 2D380000       DD 0000382D
76A64BD0   . A9370000       DD 000037A9
76A64BD4   . 1B370000       DD 0000371B
76A64BD8   . C2350000       DD 000035C2
76A64BDC   . E1360000       DD 000036E1
76A64BE0   . 9D360000       DD 0000369D
76A64BE4   . 8B1E0000       DD 00001E8B
76A64BE8   . C71E0000       DD 00001EC7
76A64BEC   . 8C4C0000       DD 00004C8C                              ;  Export Name Pointer Table
76A64BF0   . 9C4C0000       DD 00004C9C
76A64BF4   . AE4C0000       DD 00004CAE
76A64BF8   . BD4C0000       DD 00004CBD
76A64BFC   . CC4C0000       DD 00004CCC
76A64C00   . DF4C0000       DD 00004CDF
76A64C04   . ED4C0000       DD 00004CED
76A64C08   . 064D0000       DD 00004D06
76A64C0C   . 1F4D0000       DD 00004D1F
76A64C10   . 384D0000       DD 00004D38
76A64C14   . 514D0000       DD 00004D51
76A64C18   . 644D0000       DD 00004D64
76A64C1C   . 774D0000       DD 00004D77
76A64C20   . 8A4D0000       DD 00004D8A
76A64C24   . 9D4D0000       DD 00004D9D
76A64C28   . B24D0000       DD 00004DB2
76A64C2C   . C74D0000       DD 00004DC7
76A64C30   . DC4D0000       DD 00004DDC
76A64C34   . EF4D0000       DD 00004DEF
76A64C38   . 084E0000       DD 00004E08
76A64C3C   . 214E0000       DD 00004E21
76A64C40   . 364E0000       DD 00004E36
76A64C44   . 434E0000       DD 00004E43
76A64C48   . 5F4E0000       DD 00004E5F
76A64C4C   . 6F4E0000       DD 00004E6F
76A64C50   . 0000           DW 0000                                  ;  Export Ordinal Table
76A64C52   . 0100           DW 0001
76A64C54   . 0200           DW 0002
76A64C56   . 0300           DW 0003
76A64C58   . 0400           DW 0004
76A64C5A   . 0500           DW 0005
76A64C5C   . 0600           DW 0006
76A64C5E   . 0700           DW 0007
76A64C60   . 0800           DW 0008
76A64C62   . 0900           DW 0009
76A64C64   . 0A00           DW 000A
76A64C66   . 0B00           DW 000B
76A64C68   . 0C00           DW 000C
76A64C6A   . 0D00           DW 000D
76A64C6C   . 0E00           DW 000E
76A64C6E   . 0F00           DW 000F
76A64C70   . 1000           DW 0010
76A64C72   . 1100           DW 0011
76A64C74   . 1200           DW 0012
76A64C76   . 1300           DW 0013
76A64C78   . 1400           DW 0014
76A64C7A   . 1500           DW 0015
76A64C7C   . 1600           DW 0016
76A64C7E   . 1700           DW 0017
76A64C80   . 1800           DW 0018
76A64C82   . 50 53 41 50 49>ASCII "PSAPI.DLL",0
76A64C8C   . 45 6D 70 74 79>ASCII "EmptyWorkingSet",0
76A64C9C   . 45 6E 75 6D 44>ASCII "EnumDeviceDriver"
76A64CAC   . 73 00          ASCII "s",0
76A64CAE   . 45 6E 75 6D 50>ASCII "EnumPageFilesA",0
76A64CBD   . 45 6E 75 6D 50>ASCII "EnumPageFilesW",0
76A64CCC   . 45 6E 75 6D 50>ASCII "EnumProcessModul"
76A64CDC   . 65 73 00       ASCII "es",0
76A64CDF   . 45 6E 75 6D 50>ASCII "EnumProcesses",0
76A64CED   . 47 65 74 44 65>ASCII "GetDeviceDriverB"
76A64CFD   . 61 73 65 4E 61>ASCII "aseNameA",0
76A64D06   . 47 65 74 44 65>ASCII "GetDeviceDriverB"
76A64D16   . 61 73 65 4E 61>ASCII "aseNameW",0
76A64D1F   . 47 65 74 44 65>ASCII "GetDeviceDriverF"
76A64D2F   . 69 6C 65 4E 61>ASCII "ileNameA",0
76A64D38   . 47 65 74 44 65>ASCII "GetDeviceDriverF"
76A64D48   . 69 6C 65 4E 61>ASCII "ileNameW",0
76A64D51   . 47 65 74 4D 61>ASCII "GetMappedFileNam"
76A64D61   . 65 41 00       ASCII "eA",0
76A64D64   . 47 65 74 4D 61>ASCII "GetMappedFileNam"
76A64D74   . 65 57 00       ASCII "eW",0
76A64D77   . 47 65 74 4D 6F>ASCII "GetModuleBaseNam"
76A64D87   . 65 41 00       ASCII "eA",0
76A64D8A   . 47 65 74 4D 6F>ASCII "GetModuleBaseNam"
76A64D9A   . 65 57 00       ASCII "eW",0
76A64D9D   . 47 65 74 4D 6F>ASCII "GetModuleFileNam"
76A64DAD   . 65 45 78 41 00>ASCII "eExA",0
76A64DB2   . 47 65 74 4D 6F>ASCII "GetModuleFileNam"
76A64DC2   . 65 45 78 57 00>ASCII "eExW",0
76A64DC7   . 47 65 74 4D 6F>ASCII "GetModuleInforma"
76A64DD7   . 74 69 6F 6E 00>ASCII "tion",0
76A64DDC   . 47 65 74 50 65>ASCII "GetPerformanceIn"
76A64DEC   . 66 6F 00       ASCII "fo",0
76A64DEF   . 47 65 74 50 72>ASCII "GetProcessImageF"
76A64DFF   . 69 6C 65 4E 61>ASCII "ileNameA",0
76A64E08   . 47 65 74 50 72>ASCII "GetProcessImageF"
76A64E18   . 69 6C 65 4E 61>ASCII "ileNameW",0
76A64E21   . 47 65 74 50 72>ASCII "GetProcessMemory"
76A64E31   . 49 6E 66 6F 00>ASCII "Info",0
76A64E36   . 47 65 74 57 73>ASCII "GetWsChanges",0
76A64E43   . 49 6E 69 74 69>ASCII "InitializeProces"
76A64E53   . 73 46 6F 72 57>ASCII "sForWsWatch",0
76A64E5F   . 51 75 65 72 79>ASCII "QueryWorkingSet",0
76A64E6F   . 51 75 65 72 79>ASCII "QueryWorkingSetE"
76A64E7F   . 78 00          ASCII "x",0
76A64E81     00             DB 00
76A64E82     00             DB 00
76A64E83     00             DB 00
76A64E84     00             DB 00
76A64E85     00             DB 00
76A64E86     00             DB 00
76A64E87     00             DB 00
76A64E88     00             DB 00
76A64E89     00             DB 00
76A64E8A     00             DB 00
76A64E8B     00             DB 00
76A64E8C     00             DB 00
76A64E8D     00             DB 00
76A64E8E     00             DB 00
76A64E8F     00             DB 00
76A64E90     00             DB 00
76A64E91     00             DB 00
76A64E92     00             DB 00
76A64E93     00             DB 00
76A64E94     00             DB 00
76A64E95     00             DB 00
76A64E96     00             DB 00
76A64E97     00             DB 00
76A64E98     00             DB 00
76A64E99     00             DB 00
76A64E9A     00             DB 00
76A64E9B     00             DB 00
76A64E9C     00             DB 00
76A64E9D     00             DB 00
76A64E9E     00             DB 00
76A64E9F     00             DB 00
76A64EA0     00             DB 00
76A64EA1     00             DB 00
76A64EA2     00             DB 00
76A64EA3     00             DB 00
76A64EA4     00             DB 00
76A64EA5     00             DB 00
76A64EA6     00             DB 00
76A64EA7     00             DB 00
76A64EA8     00             DB 00
76A64EA9     00             DB 00
76A64EAA     00             DB 00
76A64EAB     00             DB 00
76A64EAC     00             DB 00
76A64EAD     00             DB 00
76A64EAE     00             DB 00
76A64EAF     00             DB 00
76A64EB0     00             DB 00
76A64EB1     00             DB 00
76A64EB2     00             DB 00
76A64EB3     00             DB 00
76A64EB4     00             DB 00
76A64EB5     00             DB 00
76A64EB6     00             DB 00
76A64EB7     00             DB 00
76A64EB8     00             DB 00
76A64EB9     00             DB 00
76A64EBA     00             DB 00
76A64EBB     00             DB 00
76A64EBC     00             DB 00
76A64EBD     00             DB 00
76A64EBE     00             DB 00
76A64EBF     00             DB 00
76A64EC0     00             DB 00
76A64EC1     00             DB 00
76A64EC2     00             DB 00
76A64EC3     00             DB 00
76A64EC4     00             DB 00
76A64EC5     00             DB 00
76A64EC6     00             DB 00
76A64EC7     00             DB 00
76A64EC8     00             DB 00
76A64EC9     00             DB 00
76A64ECA     00             DB 00
76A64ECB     00             DB 00
76A64ECC     00             DB 00
76A64ECD     00             DB 00
76A64ECE     00             DB 00
76A64ECF     00             DB 00
76A64ED0     00             DB 00
76A64ED1     00             DB 00
76A64ED2     00             DB 00
76A64ED3     00             DB 00
76A64ED4     00             DB 00
76A64ED5     00             DB 00
76A64ED6     00             DB 00
76A64ED7     00             DB 00
76A64ED8     00             DB 00
76A64ED9     00             DB 00
76A64EDA     00             DB 00
76A64EDB     00             DB 00
76A64EDC     00             DB 00
76A64EDD     00             DB 00
76A64EDE     00             DB 00
76A64EDF     00             DB 00
76A64EE0     00             DB 00
76A64EE1     00             DB 00
76A64EE2     00             DB 00
76A64EE3     00             DB 00
76A64EE4     00             DB 00
76A64EE5     00             DB 00
76A64EE6     00             DB 00
76A64EE7     00             DB 00
76A64EE8     00             DB 00
76A64EE9     00             DB 00
76A64EEA     00             DB 00
76A64EEB     00             DB 00
76A64EEC     00             DB 00
76A64EED     00             DB 00
76A64EEE     00             DB 00
76A64EEF     00             DB 00
76A64EF0     00             DB 00
76A64EF1     00             DB 00
76A64EF2     00             DB 00
76A64EF3     00             DB 00
76A64EF4     00             DB 00
76A64EF5     00             DB 00
76A64EF6     00             DB 00
76A64EF7     00             DB 00
76A64EF8     00             DB 00
76A64EF9     00             DB 00
76A64EFA     00             DB 00
76A64EFB     00             DB 00
76A64EFC     00             DB 00
76A64EFD     00             DB 00
76A64EFE     00             DB 00
76A64EFF     00             DB 00
76A64F00     00             DB 00
76A64F01     00             DB 00
76A64F02     00             DB 00
76A64F03     00             DB 00
76A64F04     00             DB 00
76A64F05     00             DB 00
76A64F06     00             DB 00
76A64F07     00             DB 00
76A64F08     00             DB 00
76A64F09     00             DB 00
76A64F0A     00             DB 00
76A64F0B     00             DB 00
76A64F0C     00             DB 00
76A64F0D     00             DB 00
76A64F0E     00             DB 00
76A64F0F     00             DB 00
76A64F10     00             DB 00
76A64F11     00             DB 00
76A64F12     00             DB 00
76A64F13     00             DB 00
76A64F14     00             DB 00
76A64F15     00             DB 00
76A64F16     00             DB 00
76A64F17     00             DB 00
76A64F18     00             DB 00
76A64F19     00             DB 00
76A64F1A     00             DB 00
76A64F1B     00             DB 00
76A64F1C     00             DB 00
76A64F1D     00             DB 00
76A64F1E     00             DB 00
76A64F1F     00             DB 00
76A64F20     00             DB 00
76A64F21     00             DB 00
76A64F22     00             DB 00
76A64F23     00             DB 00
76A64F24     00             DB 00
76A64F25     00             DB 00
76A64F26     00             DB 00
76A64F27     00             DB 00
76A64F28     00             DB 00
76A64F29     00             DB 00
76A64F2A     00             DB 00
76A64F2B     00             DB 00
76A64F2C     00             DB 00
76A64F2D     00             DB 00
76A64F2E     00             DB 00
76A64F2F     00             DB 00
76A64F30     00             DB 00
76A64F31     00             DB 00
76A64F32     00             DB 00
76A64F33     00             DB 00
76A64F34     00             DB 00
76A64F35     00             DB 00
76A64F36     00             DB 00
76A64F37     00             DB 00
76A64F38     00             DB 00
76A64F39     00             DB 00
76A64F3A     00             DB 00
76A64F3B     00             DB 00
76A64F3C     00             DB 00
76A64F3D     00             DB 00
76A64F3E     00             DB 00
76A64F3F     00             DB 00
76A64F40     00             DB 00
76A64F41     00             DB 00
76A64F42     00             DB 00
76A64F43     00             DB 00
76A64F44     00             DB 00
76A64F45     00             DB 00
76A64F46     00             DB 00
76A64F47     00             DB 00
76A64F48     00             DB 00
76A64F49     00             DB 00
76A64F4A     00             DB 00
76A64F4B     00             DB 00
76A64F4C     00             DB 00
76A64F4D     00             DB 00
76A64F4E     00             DB 00
76A64F4F     00             DB 00
76A64F50     00             DB 00
76A64F51     00             DB 00
76A64F52     00             DB 00
76A64F53     00             DB 00
76A64F54     00             DB 00
76A64F55     00             DB 00
76A64F56     00             DB 00
76A64F57     00             DB 00
76A64F58     00             DB 00
76A64F59     00             DB 00
76A64F5A     00             DB 00
76A64F5B     00             DB 00
76A64F5C     00             DB 00
76A64F5D     00             DB 00
76A64F5E     00             DB 00
76A64F5F     00             DB 00
76A64F60     00             DB 00
76A64F61     00             DB 00
76A64F62     00             DB 00
76A64F63     00             DB 00
76A64F64     00             DB 00
76A64F65     00             DB 00
76A64F66     00             DB 00
76A64F67     00             DB 00
76A64F68     00             DB 00
76A64F69     00             DB 00
76A64F6A     00             DB 00
76A64F6B     00             DB 00
76A64F6C     00             DB 00
76A64F6D     00             DB 00
76A64F6E     00             DB 00
76A64F6F     00             DB 00
76A64F70     00             DB 00
76A64F71     00             DB 00
76A64F72     00             DB 00
76A64F73     00             DB 00
76A64F74     00             DB 00
76A64F75     00             DB 00
76A64F76     00             DB 00
76A64F77     00             DB 00
76A64F78     00             DB 00
76A64F79     00             DB 00
76A64F7A     00             DB 00
76A64F7B     00             DB 00
76A64F7C     00             DB 00
76A64F7D     00             DB 00
76A64F7E     00             DB 00
76A64F7F     00             DB 00
76A64F80     00             DB 00
76A64F81     00             DB 00
76A64F82     00             DB 00
76A64F83     00             DB 00
76A64F84     00             DB 00
76A64F85     00             DB 00
76A64F86     00             DB 00
76A64F87     00             DB 00
76A64F88     00             DB 00
76A64F89     00             DB 00
76A64F8A     00             DB 00
76A64F8B     00             DB 00
76A64F8C     00             DB 00
76A64F8D     00             DB 00
76A64F8E     00             DB 00
76A64F8F     00             DB 00
76A64F90     00             DB 00
76A64F91     00             DB 00
76A64F92     00             DB 00
76A64F93     00             DB 00
76A64F94     00             DB 00
76A64F95     00             DB 00
76A64F96     00             DB 00
76A64F97     00             DB 00
76A64F98     00             DB 00
76A64F99     00             DB 00
76A64F9A     00             DB 00
76A64F9B     00             DB 00
76A64F9C     00             DB 00
76A64F9D     00             DB 00
76A64F9E     00             DB 00
76A64F9F     00             DB 00
76A64FA0     00             DB 00
76A64FA1     00             DB 00
76A64FA2     00             DB 00
76A64FA3     00             DB 00
76A64FA4     00             DB 00
76A64FA5     00             DB 00
76A64FA6     00             DB 00
76A64FA7     00             DB 00
76A64FA8     00             DB 00
76A64FA9     00             DB 00
76A64FAA     00             DB 00
76A64FAB     00             DB 00
76A64FAC     00             DB 00
76A64FAD     00             DB 00
76A64FAE     00             DB 00
76A64FAF     00             DB 00
76A64FB0     00             DB 00
76A64FB1     00             DB 00
76A64FB2     00             DB 00
76A64FB3     00             DB 00
76A64FB4     00             DB 00
76A64FB5     00             DB 00
76A64FB6     00             DB 00
76A64FB7     00             DB 00
76A64FB8     00             DB 00
76A64FB9     00             DB 00
76A64FBA     00             DB 00
76A64FBB     00             DB 00
76A64FBC     00             DB 00
76A64FBD     00             DB 00
76A64FBE     00             DB 00
76A64FBF     00             DB 00
76A64FC0     00             DB 00
76A64FC1     00             DB 00
76A64FC2     00             DB 00
76A64FC3     00             DB 00
76A64FC4     00             DB 00
76A64FC5     00             DB 00
76A64FC6     00             DB 00
76A64FC7     00             DB 00
76A64FC8     00             DB 00
76A64FC9     00             DB 00
76A64FCA     00             DB 00
76A64FCB     00             DB 00
76A64FCC     00             DB 00
76A64FCD     00             DB 00
76A64FCE     00             DB 00
76A64FCF     00             DB 00
76A64FD0     00             DB 00
76A64FD1     00             DB 00
76A64FD2     00             DB 00
76A64FD3     00             DB 00
76A64FD4     00             DB 00
76A64FD5     00             DB 00
76A64FD6     00             DB 00
76A64FD7     00             DB 00
76A64FD8     00             DB 00
76A64FD9     00             DB 00
76A64FDA     00             DB 00
76A64FDB     00             DB 00
76A64FDC     00             DB 00
76A64FDD     00             DB 00
76A64FDE     00             DB 00
76A64FDF     00             DB 00
76A64FE0     00             DB 00
76A64FE1     00             DB 00
76A64FE2     00             DB 00
76A64FE3     00             DB 00
76A64FE4     00             DB 00
76A64FE5     00             DB 00
76A64FE6     00             DB 00
76A64FE7     00             DB 00
76A64FE8     00             DB 00
76A64FE9     00             DB 00
76A64FEA     00             DB 00
76A64FEB     00             DB 00
76A64FEC     00             DB 00
76A64FED     00             DB 00
76A64FEE     00             DB 00
76A64FEF     00             DB 00
76A64FF0     00             DB 00
76A64FF1     00             DB 00
76A64FF2     00             DB 00
76A64FF3     00             DB 00
76A64FF4     00             DB 00
76A64FF5     00             DB 00
76A64FF6     00             DB 00
76A64FF7     00             DB 00
76A64FF8     00             DB 00
76A64FF9     00             DB 00
76A64FFA     00             DB 00
76A64FFB     00             DB 00
76A64FFC     00             DB 00
76A64FFD     00             DB 00
76A64FFE     00             DB 00
76A64FFF     00             DB 00

    EOF

    i had no idea how many people in ca are on mpgh...i went in a game, and there was a room called "lol2much fly hack" and everybody had it...it was fun...



  13. 07-28-2009 #27
    farsight13
    farsight13 is offline
    Dual-Keyboard Member
    MPGH Member
    farsight13's Avatar
    Join Date
    Oct 2008
    Gender
    male
    Location
    currently about to move
    Posts
    466
    Reputation
    11
    Thanks
    61
    My Mood
    Amused
    Send a message via Birdie™ to farsight13 Jamaica
    MAKE A HACK THAT BECOMES PART OF THE GAME WHEN U PUT IT IN A SPECIFIC GAME FOLDER DURH THAT CAN WORK THANK ME IF I HELPED
    [IMG]https://img.photobucke*****m/albums/v344/eondestiny/1zx6ttt.gif[/IMG]



    MY BRUTES
    https://monstaking1234.mybrute.com
    https://eefwqt.mybrute.com


    THANK ME IF I HELP
  14. 07-28-2009 #28
    NeonNoise
    NeonNoise is offline
    Unverified User
    NeonNoise's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Location
    ten steps ahead of you
    Posts
    593
    Reputation
    38
    Thanks
    42
    My Mood
    Amused
    Send a message via Birdie™ to NeonNoise United States

    Exclamation

    Quote Originally Posted by WarPathSin666 View Post
    dude i always delete those files and i've had my bypass named to English.dll since i started using it.. your just lucky you havent downloaded the update yet.. but you will and you'll be in the same boat as the rest of us..

    Also there are a ton of files that have been modified on 7/28/2009 at 3:32 PM which was about 10 - 20 minutes ago.... i've deleted all of them not only in the CA folder but in the HShield folder and its sub folders.. no change..
    sooo we are finally screwed huh?
    NO MORE HACKS
  15. 07-28-2009 #29
    aswhooper
    aswhooper is offline
    Banned
    BANNED!
    aswhooper's Avatar
    Join Date
    Jun 2009
    Gender
    male
    Location
    Two trailer park girls go round the outside; round the outside, round the outside!!!
    Posts
    374
    Reputation
    13
    Thanks
    220
    My Mood
    Bitchy
    Send a message via Birdie™ to aswhooper
    just tell me what the new .dlls are! then ill b able to help

    i got an idea!!!
  16. 07-28-2009 #30
    lolz2much
    lolz2much is offline
    Expert Member
    MPGH Member
    lolz2much's Avatar
    Join Date
    Jan 2009
    Gender
    male
    Posts
    743
    Reputation
    28
    Thanks
    807
    My Mood
    Amused
    Send a message via Birdie™ to lolz2much United States
    Quote Originally Posted by aswhooper View Post
    just tell me what the new .dlls are! then ill b able to help

    i got an idea!!!
    yeah this will take way to long to do and i cant paste a dll in one post

    look for the new dlls in the hshield folder with funky names,there hidden files btw

    i had no idea how many people in ca are on mpgh...i went in a game, and there was a room called "lol2much fly hack" and everybody had it...it was fun...



Page 2 of 7 FirstFirst 1234 ... LastLast
« Previous Thread | Next Thread »

Similar Threads

  1. The New Gunz Patches 9-24-06
    By iceejnp in forum Gunz General
    Replies: 7
    Last Post: 05-25-2009, 11:03 PM
  2. need bypass after patch for working the team speak
    By yaniv7626 in forum Combat Arms Europe Hacks
    Replies: 4
    Last Post: 03-23-2009, 07:44 AM
  3. Will a CE be detected if I use the bypass
    By xNarutoSouls in forum Combat Arms Hacks & Cheats
    Replies: 8
    Last Post: 08-04-2008, 03:46 PM
  4. PB if fuck*** the bypasses
    By crazy4her in forum WarRock - International Hacks
    Replies: 8
    Last Post: 06-29-2007, 09:38 PM
  5. I need UCE for saving the bypass...
    By EyalZamir in forum WarRock - International Hacks
    Replies: 0
    Last Post: 05-15-2007, 04:40 PM

Tags for this Thread