pedump 0.6.10 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/Gemfile.lock +85 -34
  4. data/README.md +89 -72
  5. data/Rakefile +1 -1
  6. data/VERSION +1 -1
  7. data/bin/pedump +1 -1
  8. data/data/jc-userdb.txt +0 -8
  9. data/data/signatures.txt +1 -2
  10. data/data/userdb.txt +0 -8
  11. data/lib/pedump/cli.rb +305 -48
  12. data/lib/pedump/clr/readytorun.rb +115 -0
  13. data/lib/pedump/clr/signature.rb +318 -0
  14. data/lib/pedump/clr.rb +709 -0
  15. data/lib/pedump/logger.rb +1 -1
  16. data/lib/pedump.rb +41 -5
  17. data/pedump.gemspec +8 -5
  18. metadata +8 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bbdacadb999ae6537ebc35b07737c05c3b90b8505001d661a6b67dfafa1529bb
4
- data.tar.gz: 333026f323191ea26df0209d8ad6096eaf7f62b73993fd91e3c9abbf672561af
3
+ metadata.gz: 2f62755e13d849d3d46673271976e7ae6305f2d4fcd1e413397bbe811c272d58
4
+ data.tar.gz: 782654a01c07eeecc88f61515a76292b4d9eac9701f75a94fd8165d084bce736
5
5
  SHA512:
6
- metadata.gz: 57eeb82766539cdd806ca52d45924d0d41ce241ede175668837980a621916264049410db5afc93176421731ee93e2e94b3b65be7b839131fdb04c4b127957fa2
7
- data.tar.gz: 50a3ac21fc83bcb01600bd41064e35e597ccd4e2e3b5aaa7f29c97b44d4a493506c65ab5755ce74d3b699527b947333cf5803eef05e7efe55f2d31a22b22533c
6
+ metadata.gz: 3aafd3254ce0cfda67887212a7de2fc97a04fb705c756fe564a4bc5501bfa0f025c461a35bcc6075f8803953893e79b0c13059734ba39737758e878dedba3224
7
+ data.tar.gz: 8f3db8a1fb8903657cfc30f3adbe20fce26ba99d414862ff8c46cec01221f4807b1c7a7b5e13a582c2826b1ab63ca12ed84d164a925a92cbb1c27f97a96e8086
data/Gemfile CHANGED
@@ -3,7 +3,7 @@ source "https://rubygems.org"
3
3
 
4
4
  gem 'rainbow'
5
5
  gem "awesome_print"
6
- gem "iostruct", ">= 0.0.4"
6
+ gem "iostruct", ">= 0.5.0"
7
7
  gem "multipart-post", ">= 2.0.0"
8
8
  gem "zhexdump", ">= 0.0.2"
9
9
 
data/Gemfile.lock CHANGED
@@ -1,15 +1,34 @@
1
1
  GEM
2
2
  remote: https://rubygems.org/
3
3
  specs:
4
- addressable (2.8.6)
5
- public_suffix (>= 2.0.2, < 6.0)
4
+ activesupport (8.0.1)
5
+ base64
6
+ benchmark (>= 0.3)
7
+ bigdecimal
8
+ concurrent-ruby (~> 1.0, >= 1.3.1)
9
+ connection_pool (>= 2.2.5)
10
+ drb
11
+ i18n (>= 1.6, < 2)
12
+ logger (>= 1.4.2)
13
+ minitest (>= 5.1)
14
+ securerandom (>= 0.3)
15
+ tzinfo (~> 2.0, >= 2.0.5)
16
+ uri (>= 0.13.1)
17
+ addressable (2.8.7)
18
+ public_suffix (>= 2.0.2, < 7.0)
6
19
  awesome_print (1.9.2)
7
20
  base64 (0.2.0)
8
- builder (3.2.4)
21
+ benchmark (0.4.0)
22
+ bigdecimal (3.1.9)
23
+ builder (3.3.0)
24
+ concurrent-ruby (1.3.5)
25
+ connection_pool (2.5.0)
26
+ date (3.4.1)
9
27
  descendants_tracker (0.0.4)
10
28
  thread_safe (~> 0.3, >= 0.3.1)
11
- diff-lcs (1.5.1)
12
- faraday (1.10.3)
29
+ diff-lcs (1.6.0)
30
+ drb (2.2.1)
31
+ faraday (1.10.4)
13
32
  faraday-em_http (~> 1.0)
14
33
  faraday-em_synchrony (~> 1.0)
15
34
  faraday-excon (~> 1.1)
@@ -25,15 +44,17 @@ GEM
25
44
  faraday-em_synchrony (1.0.0)
26
45
  faraday-excon (1.1.0)
27
46
  faraday-httpclient (1.0.1)
28
- faraday-multipart (1.0.4)
29
- multipart-post (~> 2)
30
- faraday-net_http (1.0.1)
47
+ faraday-multipart (1.1.0)
48
+ multipart-post (~> 2.0)
49
+ faraday-net_http (1.0.2)
31
50
  faraday-net_http_persistent (1.2.0)
32
51
  faraday-patron (1.0.0)
33
52
  faraday-rack (1.0.0)
34
53
  faraday-retry (1.0.3)
35
- git (1.19.1)
54
+ git (2.3.3)
55
+ activesupport (>= 5.0)
36
56
  addressable (~> 2.8)
57
+ process_executer (~> 1.1)
37
58
  rchardet (~> 1.8)
38
59
  github_api (0.19.0)
39
60
  addressable (~> 2.4)
@@ -42,8 +63,12 @@ GEM
42
63
  hashie (~> 3.5, >= 3.5.2)
43
64
  oauth2 (~> 1.0)
44
65
  hashie (3.6.0)
45
- highline (3.0.1)
46
- iostruct (0.0.5)
66
+ highline (3.1.2)
67
+ reline
68
+ i18n (1.14.7)
69
+ concurrent-ruby (~> 1.0)
70
+ io-console (0.8.0)
71
+ iostruct (0.5.0)
47
72
  juwelier (2.4.9)
48
73
  builder
49
74
  bundler
@@ -56,62 +81,88 @@ GEM
56
81
  rake
57
82
  rdoc
58
83
  semver2
59
- jwt (2.8.1)
84
+ jwt (2.10.1)
60
85
  base64
61
86
  kamelcase (0.0.2)
62
87
  semver2 (~> 3)
63
- mini_portile2 (2.8.6)
88
+ logger (1.6.6)
89
+ mini_portile2 (2.8.8)
90
+ minitest (5.25.4)
64
91
  multi_json (1.15.0)
65
- multi_xml (0.6.0)
66
- multipart-post (2.4.0)
67
- nokogiri (1.16.4)
92
+ multi_xml (0.7.1)
93
+ bigdecimal (~> 3.1)
94
+ multipart-post (2.4.1)
95
+ nokogiri (1.18.4)
68
96
  mini_portile2 (~> 2.8.2)
69
97
  racc (~> 1.4)
98
+ nokogiri (1.18.4-aarch64-linux-gnu)
99
+ racc (~> 1.4)
100
+ nokogiri (1.18.4-arm-linux-gnu)
101
+ racc (~> 1.4)
102
+ nokogiri (1.18.4-arm64-darwin)
103
+ racc (~> 1.4)
104
+ nokogiri (1.18.4-x86_64-darwin)
105
+ racc (~> 1.4)
106
+ nokogiri (1.18.4-x86_64-linux-gnu)
107
+ racc (~> 1.4)
70
108
  oauth2 (1.4.11)
71
109
  faraday (>= 0.17.3, < 3.0)
72
110
  jwt (>= 1.0, < 3.0)
73
111
  multi_json (~> 1.3)
74
112
  multi_xml (~> 0.5)
75
113
  rack (>= 1.2, < 4)
76
- psych (5.1.2)
114
+ process_executer (1.3.0)
115
+ psych (5.2.3)
116
+ date
77
117
  stringio
78
- public_suffix (5.0.5)
79
- racc (1.7.3)
80
- rack (3.0.10)
118
+ public_suffix (6.0.1)
119
+ racc (1.8.1)
120
+ rack (3.1.12)
81
121
  rainbow (3.1.1)
82
122
  rake (13.2.1)
83
- rchardet (1.8.0)
84
- rdoc (6.6.3.1)
123
+ rchardet (1.9.0)
124
+ rdoc (6.12.0)
85
125
  psych (>= 4.0.0)
126
+ reline (0.6.0)
127
+ io-console (~> 0.5)
86
128
  rspec (3.13.0)
87
129
  rspec-core (~> 3.13.0)
88
130
  rspec-expectations (~> 3.13.0)
89
131
  rspec-mocks (~> 3.13.0)
90
- rspec-core (3.13.0)
132
+ rspec-core (3.13.3)
91
133
  rspec-support (~> 3.13.0)
92
- rspec-expectations (3.13.0)
134
+ rspec-expectations (3.13.3)
93
135
  diff-lcs (>= 1.2.0, < 2.0)
94
136
  rspec-support (~> 3.13.0)
95
- rspec-its (1.3.0)
96
- rspec-core (>= 3.0.0)
97
- rspec-expectations (>= 3.0.0)
98
- rspec-mocks (3.13.0)
137
+ rspec-its (2.0.0)
138
+ rspec-core (>= 3.13.0)
139
+ rspec-expectations (>= 3.13.0)
140
+ rspec-mocks (3.13.2)
99
141
  diff-lcs (>= 1.2.0, < 2.0)
100
142
  rspec-support (~> 3.13.0)
101
- rspec-support (3.13.1)
143
+ rspec-support (3.13.2)
102
144
  ruby2_keywords (0.0.5)
145
+ securerandom (0.4.1)
103
146
  semver2 (3.4.2)
104
- stringio (3.1.0)
147
+ stringio (3.1.5)
105
148
  thread_safe (0.3.6)
106
- zhexdump (0.1.0)
149
+ tzinfo (2.0.6)
150
+ concurrent-ruby (~> 1.0)
151
+ uri (1.0.3)
152
+ zhexdump (0.2.0)
107
153
 
108
154
  PLATFORMS
109
- ruby
155
+ aarch64-linux
156
+ arm-linux
157
+ arm64-darwin
158
+ x86-linux
159
+ x86_64-darwin
160
+ x86_64-linux
110
161
 
111
162
  DEPENDENCIES
112
163
  awesome_print
113
164
  bundler
114
- iostruct (>= 0.0.4)
165
+ iostruct (>= 0.5.0)
115
166
  juwelier
116
167
  multipart-post (>= 2.0.0)
117
168
  rainbow
@@ -120,4 +171,4 @@ DEPENDENCIES
120
171
  zhexdump (>= 0.0.2)
121
172
 
122
173
  BUNDLED WITH
123
- 2.2.32
174
+ 2.5.22
data/README.md CHANGED
@@ -4,6 +4,8 @@ pedump [![Build Status](https://travis-ci.org/zed-0xff/pedump.png?branch=mast
4
4
  News
5
5
  ----
6
6
  ```
7
+ 2025.11.11 - 0.7.1; CLI: add --file2va command
8
+ 2025.03.16 - added .NET CLR parsing
7
9
  2024.04.20 - cli: add --set-dll-char to patch dll characteristics
8
10
  pe: imphash calculation
9
11
  cli: added --imphash option
@@ -62,24 +64,35 @@ Usage
62
64
  (can cause exceptions & heavy wounds)
63
65
  -f, --format FORMAT Output format: bin,c,dump,hex,inspect,json,table,yaml
64
66
  (default: table)
65
- --mz
66
- --dos-stub
67
- --rich
68
- --pe
69
- --ne
70
- --te
71
- --data-directory
72
- -S, --sections
73
- --tls
74
- --security
75
- -s, --strings
76
- -R, --resources
77
- --resource-directory
78
- -I, --imports
79
- -E, --exports
80
- -V, --version-info
81
- --imphash
82
- --packer
67
+
68
+ --clr a shortcut for --clr_header, --clr_readytorun, --clr_metadata, --clr_streams, --clr_strings, --clr_tables
69
+ --clr-header clr_header
70
+ --clr-metadata clr_metadata
71
+ --clr-readytorun clr_readytorun
72
+ --clr-streams clr_streams
73
+ --clr-strings clr_strings
74
+ --clr-tables [TABLES] clr_tables
75
+ --data-directory data_directory
76
+ --dos-stub dos_stub
77
+ -E, --exports exports
78
+ --imphash imphash
79
+ -I, --imports imports
80
+ --mz mz
81
+ --ne ne
82
+ --packer packer
83
+ --pe pe
84
+ --resource-directory resource_directory
85
+ -R, --resources resources
86
+ --rich rich
87
+ -S, --sections sections
88
+ --security security
89
+ -s, --strings strings
90
+ --tail tail
91
+ --te te
92
+ --tls tls
93
+ -V, --version-info version_info
94
+
95
+ --tokens Show CLR tokens
83
96
  --deep packer deep scan, significantly slower
84
97
  -P, --packer-only packer/compiler detect only,
85
98
  mimics 'file' command output
@@ -93,7 +106,12 @@ Usage
93
106
  ID: section:.text - section by name
94
107
  ID: section:rva/0x1000 - section by RVA
95
108
  ID: section:raw/0x400 - section by RAW_PTR
96
- --va2file VA Convert RVA to file offset
109
+ ID: tail - file tail
110
+ ID: tail:c00 - file tail + 0xc00 offset
111
+
112
+ --va2file VA Convert VA to file offset
113
+ --file2va OFFSET Convert file offset to VA
114
+
97
115
  --set-os-version VER Patch OS version in PE header
98
116
  --set-dll-char X Patch IMAGE_OPTIONAL_HEADER32.DllCharacteristics
99
117
 
@@ -109,28 +127,28 @@ Usage
109
127
  === MZ Header ===
110
128
 
111
129
  signature: "MZ"
112
- bytes_in_last_block: 144 0x90
113
- blocks_in_file: 3 3
114
- num_relocs: 0 0
115
- header_paragraphs: 4 4
116
- min_extra_paragraphs: 0 0
117
- max_extra_paragraphs: 65535 0xffff
118
- ss: 0 0
119
- sp: 184 0xb8
120
- checksum: 0 0
121
- ip: 0 0
122
- cs: 0 0
123
- reloc_table_offset: 64 0x40
124
- overlay_number: 0 0
125
- reserved0: 0 0
126
- oem_id: 0 0
127
- oem_info: 0 0
128
- reserved2: 0 0
129
- reserved3: 0 0
130
- reserved4: 0 0
131
- reserved5: 0 0
132
- reserved6: 0 0
133
- lfanew: 232 0xe8
130
+ bytes_in_last_block: 144 90
131
+ blocks_in_file: 3
132
+ num_relocs: 0
133
+ header_paragraphs: 4
134
+ min_extra_paragraphs: 0
135
+ max_extra_paragraphs: 65535 ffff
136
+ ss: 0
137
+ sp: 184 b8
138
+ checksum: 0
139
+ ip: 0
140
+ cs: 0
141
+ reloc_table_offset: 64 40
142
+ overlay_number: 0
143
+ reserved0: 0
144
+ oem_id: 0
145
+ oem_info: 0
146
+ reserved2: 0
147
+ reserved3: 0
148
+ reserved4: 0
149
+ reserved5: 0
150
+ reserved6: 0
151
+ lfanew: 232 e8
134
152
 
135
153
  ### DOS stub
136
154
 
@@ -138,10 +156,10 @@ Usage
138
156
 
139
157
  === DOS STUB ===
140
158
 
141
- 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th|
159
+ 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |.... ...!..L.!Th|
142
160
  00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno|
143
161
  00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS |
144
- 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
162
+ 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$ |
145
163
 
146
164
  ### 'Rich' Header
147
165
 
@@ -167,42 +185,41 @@ Usage
167
185
  signature: "PE\x00\x00"
168
186
 
169
187
  # IMAGE_FILE_HEADER:
170
- Machine: 332 0x14c x86
171
- NumberOfSections: 4 4
188
+ Machine: 332 14c x86
189
+ NumberOfSections: 4
172
190
  TimeDateStamp: "2008-09-14 07:28:52"
173
- PointerToSymbolTable: 0 0
174
- NumberOfSymbols: 0 0
175
- SizeOfOptionalHeader: 224 0xe0
176
- Characteristics: 258 0x102 EXECUTABLE_IMAGE, 32BIT_MACHINE
191
+ PointerToSymbolTable: 0
192
+ NumberOfSymbols: 0
193
+ SizeOfOptionalHeader: 224 e0
194
+ Characteristics: 258 102 EXECUTABLE_IMAGE, 32BIT_MACHINE
177
195
 
178
196
  # IMAGE_OPTIONAL_HEADER32:
179
- Magic: 267 0x10b 32-bit executable
197
+ Magic: 267 10b 32-bit executable
180
198
  LinkerVersion: 9.0
181
- SizeOfCode: 305664 0x4aa00
182
- SizeOfInitializedData: 340480 0x53200
183
- SizeOfUninitializedData: 0 0
184
- AddressOfEntryPoint: 230155 0x3830b
185
- BaseOfCode: 4096 0x1000
186
- BaseOfData: 311296 0x4c000
187
- ImageBase: 16777216 0x1000000
188
- SectionAlignment: 4096 0x1000
189
- FileAlignment: 512 0x200
199
+ SizeOfCode: 305664 4aa00
200
+ SizeOfInitializedData: 340480 53200
201
+ SizeOfUninitializedData: 0
202
+ AddressOfEntryPoint: 230155 3830b
203
+ BaseOfCode: 4096 1000
204
+ BaseOfData: 311296 4c000
205
+ ImageBase: 16777216 1000000
206
+ SectionAlignment: 4096 1000
207
+ FileAlignment: 512 200
190
208
  OperatingSystemVersion: 5.1
191
209
  ImageVersion: 5.256
192
210
  SubsystemVersion: 5.1
193
- Reserved1: 0 0
194
- SizeOfImage: 659456 0xa1000
195
- SizeOfHeaders: 1024 0x400
196
- CheckSum: 690555 0xa897b
197
- Subsystem: 2 2 WINDOWS_GUI
198
- DllCharacteristics: 33088 0x8140 DYNAMIC_BASE, NX_COMPAT
199
- TERMINAL_SERVER_AWARE
200
- SizeOfStackReserve: 262144 0x40000
201
- SizeOfStackCommit: 8192 0x2000
202
- SizeOfHeapReserve: 1048576 0x100000
203
- SizeOfHeapCommit: 4096 0x1000
204
- LoaderFlags: 0 0
205
- NumberOfRvaAndSizes: 16 0x10
211
+ Reserved1: 0
212
+ SizeOfImage: 659456 a1000
213
+ SizeOfHeaders: 1024 400
214
+ CheckSum: 690555 a897b
215
+ Subsystem: 2 WINDOWS_GUI
216
+ DllCharacteristics: 33088 8140 DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
217
+ SizeOfStackReserve: 262144 40000
218
+ SizeOfStackCommit: 8192 2000
219
+ SizeOfHeapReserve: 1048576 100000
220
+ SizeOfHeapCommit: 4096 1000
221
+ LoaderFlags: 0
222
+ NumberOfRvaAndSizes: 16 10
206
223
 
207
224
  ### Data Directory
208
225
 
data/Rakefile CHANGED
@@ -178,7 +178,7 @@ task :readme do
178
178
  r = " # #{cmd}\n\n"
179
179
  cmd.sub! /^pedump/,"../bin/pedump"
180
180
  lines = `#{cmd}`.sub(/\A\n+/m,'').sub(/\s+\Z/,'').split("\n")
181
- lines = lines[0,25] + ['...'] if lines.size > 50
181
+ lines = lines[0,25] + ['...'] if lines.size > 50 && cmd.split.last != '-h'
182
182
  r << lines.map{|x| " #{x}"}.join("\n")
183
183
  r << "\n"
184
184
  end
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.6.10
1
+ 0.7.1
data/bin/pedump CHANGED
@@ -4,4 +4,4 @@ $LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__) + '/../lib'))
4
4
  require 'pedump'
5
5
  require 'pedump/cli'
6
6
 
7
- PEdump::CLI.new.run
7
+ exit( PEdump::CLI.new.run ? 0 : 1 )
data/data/jc-userdb.txt CHANGED
@@ -548,10 +548,6 @@ ep_only = true
548
548
  signature = 55 8B EC 6A FF 68 98 71 40 00 68 48 2D 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
549
549
  ep_only = true
550
550
 
551
- [Armadillo v1.71]
552
- signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1
553
- ep_only = false
554
-
555
551
  [Armadillo v1.72 - v1.73]
556
552
  signature = 55 8B EC 6A FF 68 E8 C1 ?? ?? 68 F4 86 ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58
557
553
  ep_only = true
@@ -608,10 +604,6 @@ ep_only = true
608
604
  signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
609
605
  ep_only = true
610
606
 
611
- [Armadillo v1.xx - v2.xx]
612
- signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6
613
- ep_only = true
614
-
615
607
  [Armadillo v2.00]
616
608
  signature = 55 8B EC 6A FF 68 00 02 41 00 68 C4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
617
609
  ep_only = true
data/data/signatures.txt CHANGED
@@ -130,7 +130,6 @@
130
130
  [AcidCrypt=BE::::::::0238404E75FA8BC28A1832DFC0CB]
131
131
  [Alloy v1.x.2000=9C60E802::::::33C08BC483C004938BE38B5BFC81EB072040::87DD6A0468::10::::68::02::::6A::FF95462340::0B]
132
132
  [Armadillo v1.60a=558BEC6AFF689871400068482D400064A100000000506489250000000083EC58]
133
- [Armadillo v1.71=558BEC6AFF68::::::::68::::::::64A1]
134
133
  [Armadillo v1.72 - v1.73=558BEC6AFF68E8C1::::68F486::::64A1::::::::50648925::::::::83EC58]
135
134
  [Armadillo v1.77=558BEC6AFF68B0714000686C37400064A100000000506489250000000083EC58]
136
135
  [Armadillo v1.80=558BEC6AFF68E8C1000068F486000064A100000000506489250000000083EC58]
@@ -675,4 +674,4 @@
675
674
  <<END>>
676
675
 
677
676
 
678
- [marcrypt=6075037401E864A1180000008B40300FB6400209C07406E800000000C3750A740839414874615053C3508BC45874037501E9B800::4000B9::::::008B1081F2EAAFAC0C891083C0044909C975EE75037401E861EB1701D358EB2140C1C0020DFF00FF0009C05074EF75ED74EFEBF783F80074E899F7F139CA74E1C3750A7408]
677
+ [marcrypt=6075037401E864A1180000008B40300FB6400209C07406E800000000C3750A740839414874615053C3508BC45874037501E9B800::4000B9::::::008B1081F2EAAFAC0C891083C0044909C975EE75037401E861EB1701D358EB2140C1C0020DFF00FF0009C05074EF75ED74EFEBF783F80074E899F7F139CA74E1C3750A7408]
data/data/userdb.txt CHANGED
@@ -11133,10 +11133,6 @@ ep_only = true
11133
11133
  signature = 8C C8 8C DB 8E D8 8E C0 89 ?? ?? ?? 2B C3 A3 ?? ?? 89 ?? ?? ?? BE ?? ?? B9 ?? ?? BF ?? ?? BA ?? ?? FC AC 32 C2 8A D8
11134
11134
  ep_only = true
11135
11135
 
11136
- [Armadillo v1.71]
11137
- signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1
11138
- ep_only = true
11139
-
11140
11136
  [Armadillo v1.72 - v1.73]
11141
11137
  signature = 55 8B EC 6A FF 68 E8 C1 ?? ?? 68 F4 86 ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58
11142
11138
  ep_only = true
@@ -11145,10 +11141,6 @@ ep_only = true
11145
11141
  signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
11146
11142
  ep_only = true
11147
11143
 
11148
- [Armadillo v1.xx - v2.xx]
11149
- signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6
11150
- ep_only = true
11151
-
11152
11144
  [Armadillo v2.51]
11153
11145
  signature = 55 8B EC 6A FF 68 B8 ?? ?? ?? 68 D0 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 20
11154
11146
  ep_only = true