var len var base var BeingDebug var ret var loadingfailled var isdbgpr var apibp var pebcheck var peb var bpuef var apibp1 var errorloading var int1 var int3 var int3a var int41 var int3hwbp var excep gmi eip,MODULEBASE mov loadingfailled,$RESULT add loadingfailled,321ae mov isdbgpr,$RESULT add isdbgpr,3c45a mov apibp,$RESULT add apibp,3b038 mov pebcheck,$RESULT add pebcheck,35e80 mov bpuef,$RESULT add bpuef,3f1b5 mov apibp1,$RESULT add apibp1,34070 mov errorloading,$RESULT add errorloading,3408c mov int1,$RESULT add int1,2f3bb mov int3,$RESULT add int3,3367d mov int3a,$RESULT add int3a,33693 mov int41,$RESULT add int41,2f455 mov int3hwbp,$RESULT add int3hwbp,3bd83 mov excep,$RESULT add excep,32cd0 mov peb,$RESULT add peb,2d52e //kill anti-debug tricks i section 6 REPL loadingfailled,#75??#,#eb??#,0a8 //vyrieši loading failed repl isdbgpr,#740e#,#eb??#,2 //kill IsDbgPresent repl apibp,#751b#,#eb??#,2 //kill api bp check repl pebcheck,#8a4002#,#b00090#,3 //kill peb check repl peb,#7411#,#eb??#,2 //kill peb check repl bpuef,#750f#,#eb??#,2 //kill bp check on UnhandledExcFilter repl apibp1,#7515#,#eb??#,2 //kill api bp check repl errorloading,#7408#,#9090#,2 //error loading repl int1,#cd014040#,#90909090#,4 //kill int1 repl int3,#cc#,#90#,1 //kill int3 repl int3a,#7530#,#9090#,2 repl int41,#cd41#,#9090#,2 //kill int41 repl int3hwbp,#cc#,#90#,1 //kill int3 - hwbp zeroing repl excep,#558bec????????????????????????????????????#,#c70500d4010127e4bfc3c70504d40101f9d192a9c3#,21 var bp1 var bp2 var bp3 var bpjmp var konst var konst1 var a var b mov bpjmp,$RESULT add bpjmp,353d8 bp bpjmp //jump to next section run bc bpjmp sti // section 9. mov bp1,$RESULT mov bp2,$RESULT mov bp3,$RESULT mov bpjmp,$RESULT add bp1,59d70 add bp2,65fd0 add bp3,65892 add bpjmp,5ece0 mov konst,$RESULT mov konst1,$RESULT add konst,483dc add konst1,483e0 //kill exceptions bp bp1 run bc bp1 bp bp2 exec ret ende bc bp2 bp bp3 exec ret ende bc bp3 bp bpjmp mov a,eax mov b,ebx mov eax,konst mov ebx,konst1 exec mov dword ptr ds:[eax],084c97c7 mov dword ptr ds:[ebx],0c06c9313 ende mov eax,a mov ebx,b run bc bpjmp bphwc bp1 bphwc bp2 sti // section 11. mov bp1,$RESULT mov bp2,$RESULT mov bp3,$RESULT mov bpjmp,$RESULT add bp1,8a520 add bp2,810a0 add bp3,8b232 add bpjmp,89df8 mov konst,$RESULT mov konst1,$RESULT add konst,703dc add konst1,703e0 //kill exceptions bp bp1 run bc bp1 bp bp2 exec ret ende bc bp2 bp bp3 exec ret ende bc bp3 bp bpjmp mov a,eax mov b,ebx mov eax,konst mov ebx,konst1 exec mov dword ptr ds:[eax],2659257f mov dword ptr ds:[ebx],033bc8fb ende mov eax,a mov ebx,b run bc bpjmp bphwc bp1 bphwc bp2 sti // section 13. mov bp1,$RESULT mov bp2,$RESULT mov bp3,$RESULT mov bpjmp,$RESULT add bp1,ad970 add bp2,b4880 add bp3,ac8d2 add bpjmp,a8ae1 mov konst,$RESULT mov konst1,$RESULT add konst,983dc add konst1,983e0 //kill exceptions bp bp1 run bc bp1 bp bp2 exec ret ende bc bp2 bp bp3 exec ret ende bc bp3 bp bpjmp mov a,eax mov b,ebx mov eax,konst mov ebx,konst1 exec mov dword ptr ds:[eax],0b3fc664c mov dword ptr ds:[ebx],85f2df44 ende mov eax,a mov ebx,b run bc bpjmp bphwc bp1 bphwc bp2 sti // section 15. mov bp1,$RESULT mov bp2,$RESULT mov bp3,$RESULT mov bpjmp,$RESULT add bp1,d5380 add bp2,db750 add bp3,dcf42 add bpjmp,da74a mov konst,$RESULT mov konst1,$RESULT add konst,c03dc add konst1,c03e0 //kill exceptions bp bp1 run bc bp1 bp bp2 exec ret ende bc bp2 bp bp3 exec ret ende bc bp3 bp bpjmp mov a,eax mov b,ebx mov eax,konst mov ebx,konst1 exec mov dword ptr ds:[eax],5d789b9d mov dword ptr ds:[ebx],312d8b0b ende mov eax,a mov ebx,b run bc bpjmp bphwc bp1 bphwc bp2 sti // section 17. mov bp1,$RESULT mov bp2,$RESULT mov bp3,$RESULT mov bpjmp,$RESULT add bp1,1062c0 add bp2,1028d0 add bp3,102382 add bpjmp,fe4c7 mov konst,$RESULT mov konst1,$RESULT add konst,e83dc add konst1,e83e0 //kill exceptions bp bp1 run bc bp1 bp bp2 exec ret ende bc bp2 bp bp3 exec ret ende bc bp3 bp bpjmp mov a,eax mov b,ebx mov eax,konst mov ebx,konst1 exec mov dword ptr ds:[eax],59b87bd3 mov dword ptr ds:[ebx],725e3283 ende mov eax,a mov ebx,b run bc bpjmp bphwc bp1 bphwc bp2 sti //jump to section 19.