Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 01-12-2020, 10:04 AM
popo0987 popo0987 is offline
Member
 
Join Date: Mar 2013
Posts: 14
Default Hello

Hello,

here is the re-dump with SpoRaw, how can i solve it to multireg?

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Emulator\Sentinel\Dump\94580000]
"sntMemory"=hex:0581,9458,0000,0000,A8A9,0000,0000 ,0000,0000,0000,0000,0000,0000,0000,0000,0000,\
0000,0000,0000,0000,0000,45FB,48F9,9B60,70E1,0000, 0000,0000,0000,0000,0000,0000,\
0000,0000,0000,0000,0000,0000,0000,0000,0000,0000, 0000,0000,0000,0000,0000,0000,\
0000,0000,0000,0000,0000,0000,0000,0000,0000,0000, 0000,0000,0000,0000,0002,0000
"CellType"=hex:01,01,03,03,03,03,03,03,01,01,01,01 ,01,01,01,01,\
01,01,01,01,01,00,00,00,00,00,00,00,00,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01
"Type"=dword:00000000
"DongleType"=dword:00000003

Last edited by popo0987 : 01-12-2020 at 10:06 AM.
Reply With Quote
  #12  
Old 01-12-2020, 03:07 PM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,235
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

convert from
0581,9458,0000,0000,A8A9,0000,0000\
to
81,05,58,94,00,00,00,00,A9,A8,00,00,00,00,\

and all other string for "sntMemory" and get profit =)
__________________
... Either you work well or you work much ....
Reply With Quote
  #13  
Old 01-12-2020, 10:43 PM
hasp hasp is offline
Member
 
Join Date: May 2011
Posts: 7
Default 9458

Code:
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Multikey\Dumps\94580000]
"Type"=dword:00000000
"DongleType"=dword:00000003
"CellType"=hex:\
01,01,03,03,03,01,03,01,01,01,01,01,01,01,01,01,\
01,01,01,01,01,00,00,00,00,00,00,00,00,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01
"sntMemory"=hex:\
81,05,58,94,00,00,00,00,A9,A8,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,FB,45,F9,48,60,9B,\
E1,70,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00
Reply With Quote
  #14  
Old 01-17-2020, 09:30 AM
popo0987 popo0987 is offline
Member
 
Join Date: Mar 2013
Posts: 14
Default

Quote:
Originally Posted by BfoX View Post
convert from
0581,9458,0000,0000,A8A9,0000,0000\
to
81,05,58,94,00,00,00,00,A9,A8,00,00,00,00,\

and all other string for "sntMemory" and get profit =)
Thank you Thank you Thank you
Reply With Quote
  #15  
Old 01-17-2020, 09:30 AM
popo0987 popo0987 is offline
Member
 
Join Date: Mar 2013
Posts: 14
Default

Quote:
Originally Posted by hasp View Post
Code:
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Multikey\Dumps\94580000]
"Type"=dword:00000000
"DongleType"=dword:00000003
"CellType"=hex:\
01,01,03,03,03,01,03,01,01,01,01,01,01,01,01,01,\
01,01,01,01,01,00,00,00,00,00,00,00,00,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01
"sntMemory"=hex:\
81,05,58,94,00,00,00,00,A9,A8,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,FB,45,F9,48,60,9B,\
E1,70,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00
Thank you
Thank you Thank you Thank you
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.