Hello,
This can be used for reflective dll injection (no dll on disk)
The creator of the video removed the code, but I am posting it here for you!
MemLib.h
MemLib.cpp
main.cpp
This can be used for reflective dll injection (no dll on disk)
The creator of the video removed the code, but I am posting it here for you!
MemLib.h
Код:
#include <windows.h>
typedef void* HCUSTOMMODULE;
typedef HCUSTOMMODULE(*MemLoadLibraryFn)(LPCSTR, void *);
typedef FARPROC(*MemGetProcAddressFn)(HANDLE, LPCSTR, void *);
typedef void(*MemFreeLibraryFn)(HANDLE, void *);
typedef BOOL(WINAPI *DllEntryProc)(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved);
typedef int (WINAPI *ExeEntryProc)(void);
typedef struct {
PIMAGE_NT_HEADERS headers;
unsigned char *codeBase;
HCUSTOMMODULE *modules;
int numModules;
BOOL initialized;
BOOL isDLL;
BOOL isRelocated;
MemLoadLibraryFn loadLibrary;
MemGetProcAddressFn getProcAddress;
MemFreeLibraryFn freeLibrary;
void *userdata;
ExeEntryProc exeEntry;
DWORD pageSize;
} MEMORYMODULE, *PMEMORYMODULE;
typedef struct {
LPVOID address;
LPVOID alignedAddress;
DWORD size;
DWORD characteristics;
BOOL last;
} SECTIONFINALIZEDATA, *PSECTIONFINALIZEDATA;
class CWin32PE
{
protected:
int CheckSize(size_t size, size_t expected);
DWORD GetRealSectionSize(PMEMORYMODULE module, PIMAGE_SECTION_HEADER section);
int CopySections(const unsigned char *data, size_t size, PIMAGE_NT_HEADERS old_headers, PMEMORYMODULE module);
int FinalizeSection(PMEMORYMODULE module, PSECTIONFINALIZEDATA sectionData);
int FinalizeSections(PMEMORYMODULE module);
int ExecuteTLS(PMEMORYMODULE module);
int PerformBaseRelocation(PMEMORYMODULE module, ptrdiff_t delta);
int BuildImportTable(PMEMORYMODULE module);
};
class CLoad : protected CWin32PE
{
private:
HANDLE MemLoadLibraryEx(const void *data, size_t size, MemLoadLibraryFn loadLibrary,
MemGetProcAddressFn getProcAddress, MemFreeLibraryFn freeLibrary, void *userdata);
public:
HANDLE LoadFromMemory(const void* , size_t);
HANDLE LoadFromResources(int IDD_RESOUCE);
HANDLE LoadFromFile(LPCSTR filename);
FARPROC GetProcAddressFromMemory(HANDLE hModule, LPCSTR ProcName);
int CallEntryPointFromMemory(HANDLE hModule);
void FreeLibraryFromMemory(HANDLE hModule);
};MemLib.cpp
Код:
#define _CRT_SECURE_NO_WARNINGS
#include <windows.h>
#include <winnt.h>
#include <stddef.h>
#include <stdint.h>
#include <tchar.h>
#include <iostream>
#include <fstream>
#ifdef DEBUG_OUTPUT
#include <stdio.h>
#endif
#if _MSC_VER
// Disable warning about data -> function pointer conversion
#pragma warning(disable:4055)
#endif
#define IMAGE_SIZEOF_BASE_RELOCATION (sizeof(IMAGE_BASE_RELOCATION))
#include "MemLoadLibrary.h"
#define GET_HEADER_DICTIONARY(module, idx) &(module)->headers->OptionalHeader.DataDirectory[idx]
#define ALIGN_DOWN(address, alignment) (LPVOID)((uintptr_t)(address) & ~((alignment) - 1))
#define ALIGN_VALUE_UP(value, alignment) (((value) + (alignment) - 1) & ~((alignment) - 1))
BOOL
CWin32PE::CheckSize(size_t size, size_t expected) {
if (size < expected) {
SetLastError(ERROR_INVALID_DATA);
return FALSE;
}
return TRUE;
}
BOOL CWin32PE::CopySections(const unsigned char *data, size_t size, PIMAGE_NT_HEADERS old_headers, PMEMORYMODULE module)
{
int i, section_size;
unsigned char *codeBase = module->codeBase;
unsigned char *dest;
PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(module->headers);
for (i = 0; i<module->headers->FileHeader.NumberOfSections; i++, section++) {
if (section->SizeOfRawData == 0) {
// section doesn't contain data in the dll itself, but may define
// uninitialized data
section_size = old_headers->OptionalHeader.SectionAlignment;
if (section_size > 0) {
dest = (unsigned char *)VirtualAlloc(codeBase + section->VirtualAddress,
section_size,
MEM_COMMIT,
PAGE_READWRITE);
if (dest == NULL) {
return FALSE;
}
// Always use position from file to support alignments smaller
// than page size.
dest = codeBase + section->VirtualAddress;
section->Misc.PhysicalAddress = (DWORD)(uintptr_t)dest;
memset(dest, 0, section_size);
}
// section is empty
continue;
}
if (!CheckSize(size, section->PointerToRawData + section->SizeOfRawData)) {
return FALSE;
}
// commit memory block and copy data from dll
dest = (unsigned char *)VirtualAlloc(codeBase + section->VirtualAddress,
section->SizeOfRawData,
MEM_COMMIT,
PAGE_READWRITE);
if (dest == NULL) {
return FALSE;
}
// Always use position from file to support alignments smaller
// than page size.
dest = codeBase + section->VirtualAddress;
memcpy(dest, data + section->PointerToRawData, section->SizeOfRawData);
section->Misc.PhysicalAddress = (DWORD)(uintptr_t)dest;
}
return TRUE;
}
// Protection flags for memory pages (Executable, Readable, Writeable)
static int ProtectionFlags[2][2][2] = {
{
// not executable
{ PAGE_NOACCESS, PAGE_WRITECOPY },
{ PAGE_READONLY, PAGE_READWRITE },
}, {
// executable
{ PAGE_EXECUTE, PAGE_EXECUTE_WRITECOPY },
{ PAGE_EXECUTE_READ, PAGE_EXECUTE_READWRITE },
},
};
DWORD
CWin32PE::GetRealSectionSize(PMEMORYMODULE module, PIMAGE_SECTION_HEADER section) {
DWORD size = section->SizeOfRawData;
if (size == 0) {
if (section->Characteristics & IMAGE_SCN_CNT_INITIALIZED_DATA) {
size = module->headers->OptionalHeader.SizeOfInitializedData;
}
else if (section->Characteristics & IMAGE_SCN_CNT_UNINITIALIZED_DATA) {
size = module->headers->OptionalHeader.SizeOfUninitializedData;
}
}
return size;
}
BOOL
CWin32PE::FinalizeSection(PMEMORYMODULE module, PSECTIONFINALIZEDATA sectionData) {
DWORD protect, oldProtect;
BOOL executable;
BOOL readable;
BOOL writeable;
if (sectionData->size == 0) {
return TRUE;
}
if (sectionData->characteristics & IMAGE_SCN_MEM_DISCARDABLE) {
// section is not needed any more and can safely be freed
if (sectionData->address == sectionData->alignedAddress &&
(sectionData->last ||
module->headers->OptionalHeader.SectionAlignment == module->pageSize ||
(sectionData->size % module->pageSize) == 0)
) {
// Only allowed to decommit whole pages
VirtualFree(sectionData->address, sectionData->size, MEM_DECOMMIT);
}
return TRUE;
}
// determine protection flags based on characteristics
executable = (sectionData->characteristics & IMAGE_SCN_MEM_EXECUTE) != 0;
readable = (sectionData->characteristics & IMAGE_SCN_MEM_READ) != 0;
writeable = (sectionData->characteristics & IMAGE_SCN_MEM_WRITE) != 0;
protect = ProtectionFlags[executable][readable][writeable];
if (sectionData->characteristics & IMAGE_SCN_MEM_NOT_CACHED) {
protect |= PAGE_NOCACHE;
}
// change memory access flags
if (VirtualProtect(sectionData->address, sectionData->size, protect, &oldProtect) == 0) {
#ifdef DEBUG_OUTPUT
OutputLastError("Error protecting memory page")
#endif
return FALSE;
}
return TRUE;
}
BOOL
CWin32PE::FinalizeSections(PMEMORYMODULE module)
{
int i;
PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(module->headers);
#ifdef _WIN64
uintptr_t imageOffset = (module->headers->OptionalHeader.ImageBase & 0xffffffff00000000);
#else
#define imageOffset 0
#endif
SECTIONFINALIZEDATA sectionData;
sectionData.address = (LPVOID)((uintptr_t)section->Misc.PhysicalAddress | imageOffset);
sectionData.alignedAddress = ALIGN_DOWN(sectionData.address, module->pageSize);
sectionData.size = GetRealSectionSize(module, section);
sectionData.characteristics = section->Characteristics;
sectionData.last = FALSE;
section++;
// loop through all sections and change access flags
for (i = 1; i<module->headers->FileHeader.NumberOfSections; i++, section++) {
LPVOID sectionAddress = (LPVOID)((uintptr_t)section->Misc.PhysicalAddress | imageOffset);
LPVOID alignedAddress = ALIGN_DOWN(sectionAddress, module->pageSize);
DWORD sectionSize = GetRealSectionSize(module, section);
// Combine access flags of all sections that share a page
// TODO(fancycode): We currently share flags of a trailing large section
// with the page of a first small section. This should be optimized.
if (sectionData.alignedAddress == alignedAddress || (uintptr_t)sectionData.address + sectionData.size >(uintptr_t) alignedAddress) {
// Section shares page with previous
if ((section->Characteristics & IMAGE_SCN_MEM_DISCARDABLE) == 0 || (sectionData.characteristics & IMAGE_SCN_MEM_DISCARDABLE) == 0) {
sectionData.characteristics = (sectionData.characteristics | section->Characteristics) & ~IMAGE_SCN_MEM_DISCARDABLE;
}
else {
sectionData.characteristics |= section->Characteristics;
}
sectionData.size = (((uintptr_t)sectionAddress) + sectionSize) - (uintptr_t)sectionData.address;
continue;
}
if (!FinalizeSection(module, §ionData)) {
return FALSE;
}
sectionData.address = sectionAddress;
sectionData.alignedAddress = alignedAddress;
sectionData.size = sectionSize;
sectionData.characteristics = section->Characteristics;
}
sectionData.last = TRUE;
if (!FinalizeSection(module, §ionData)) {
return FALSE;
}
#ifndef _WIN64
#undef imageOffset
#endif
return TRUE;
}
BOOL
CWin32PE::ExecuteTLS(PMEMORYMODULE module)
{
unsigned char *codeBase = module->codeBase;
PIMAGE_TLS_DIRECTORY tls;
PIMAGE_TLS_CALLBACK* callback;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_TLS);
if (directory->VirtualAddress == 0) {
return TRUE;
}
tls = (PIMAGE_TLS_DIRECTORY)(codeBase + directory->VirtualAddress);
callback = (PIMAGE_TLS_CALLBACK *)tls->AddressOfCallBacks;
if (callback) {
while (*callback) {
(*callback)((LPVOID)codeBase, DLL_PROCESS_ATTACH, NULL);
callback++;
}
}
return TRUE;
}
BOOL
CWin32PE::PerformBaseRelocation(PMEMORYMODULE module, ptrdiff_t delta)
{
unsigned char *codeBase = module->codeBase;
PIMAGE_BASE_RELOCATION relocation;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_BASERELOC);
if (directory->Size == 0) {
return (delta == 0);
}
relocation = (PIMAGE_BASE_RELOCATION)(codeBase + directory->VirtualAddress);
for (; relocation->VirtualAddress > 0;) {
DWORD i;
unsigned char *dest = codeBase + relocation->VirtualAddress;
unsigned short *relInfo = (unsigned short *)((unsigned char *)relocation + IMAGE_SIZEOF_BASE_RELOCATION);
for (i = 0; i<((relocation->SizeOfBlock - IMAGE_SIZEOF_BASE_RELOCATION) / 2); i++, relInfo++) {
DWORD *patchAddrHL;
#ifdef _WIN64
ULONGLONG *patchAddr64;
#endif
int type, offset;
// the upper 4 bits define the type of relocation
type = *relInfo >> 12;
// the lower 12 bits define the offset
offset = *relInfo & 0xfff;
switch (type)
{
case IMAGE_REL_BASED_ABSOLUTE:
// skip relocation
break;
case IMAGE_REL_BASED_HIGHLOW:
// change complete 32 bit address
patchAddrHL = (DWORD *)(dest + offset);
*patchAddrHL += (DWORD)delta;
break;
#ifdef _WIN64
case IMAGE_REL_BASED_DIR64:
patchAddr64 = (ULONGLONG *)(dest + offset);
*patchAddr64 += (ULONGLONG)delta;
break;
#endif
default:
//printf("Unknown relocation: %d\n", type);
break;
}
}
// advance to next relocation block
relocation = (PIMAGE_BASE_RELOCATION)(((char *)relocation) + relocation->SizeOfBlock);
}
return TRUE;
}
BOOL
CWin32PE::BuildImportTable(PMEMORYMODULE module)
{
unsigned char *codeBase = module->codeBase;
PIMAGE_IMPORT_DESCRIPTOR importDesc;
BOOL result = TRUE;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_IMPORT);
if (directory->Size == 0) {
return TRUE;
}
importDesc = (PIMAGE_IMPORT_DESCRIPTOR)(codeBase + directory->VirtualAddress);
for (; !IsBadReadPtr(importDesc, sizeof(IMAGE_IMPORT_DESCRIPTOR)) && importDesc->Name; importDesc++) {
uintptr_t *thunkRef;
FARPROC *funcRef;
HCUSTOMMODULE *tmp;
HCUSTOMMODULE handle = module->loadLibrary((LPCSTR)(codeBase + importDesc->Name), module->userdata);
if (handle == NULL) {
SetLastError(ERROR_MOD_NOT_FOUND);
result = FALSE;
break;
}
tmp = (HCUSTOMMODULE *)realloc(module->modules, (module->numModules + 1)*(sizeof(HCUSTOMMODULE)));
if (tmp == NULL) {
module->freeLibrary(handle, module->userdata);
SetLastError(ERROR_OUTOFMEMORY);
result = FALSE;
break;
}
module->modules = tmp;
module->modules[module->numModules++] = handle;
if (importDesc->OriginalFirstThunk) {
thunkRef = (uintptr_t *)(codeBase + importDesc->OriginalFirstThunk);
funcRef = (FARPROC *)(codeBase + importDesc->FirstThunk);
}
else {
// no hint table
thunkRef = (uintptr_t *)(codeBase + importDesc->FirstThunk);
funcRef = (FARPROC *)(codeBase + importDesc->FirstThunk);
}
for (; *thunkRef; thunkRef++, funcRef++) {
if (IMAGE_SNAP_BY_ORDINAL(*thunkRef)) {
*funcRef = module->getProcAddress(handle, (LPCSTR)IMAGE_ORDINAL(*thunkRef), module->userdata);
}
else {
PIMAGE_IMPORT_BY_NAME thunkData = (PIMAGE_IMPORT_BY_NAME)(codeBase + (*thunkRef));
*funcRef = module->getProcAddress(handle, (LPCSTR)&thunkData->Name, module->userdata);
}
if (*funcRef == 0) {
result = FALSE;
break;
}
}
if (!result) {
module->freeLibrary(handle, module->userdata);
SetLastError(ERROR_PROC_NOT_FOUND);
break;
}
}
return result;
}
HCUSTOMMODULE MemoryDefaultLoadLibrary(LPCSTR filename, void *userdata)
{
HMODULE result;
UNREFERENCED_PARAMETER(userdata);
result = LoadLibraryA(filename);
if (result == NULL) {
return NULL;
}
return (HCUSTOMMODULE)result;
}
FARPROC MemoryDefaultGetProcAddress(HCUSTOMMODULE module, LPCSTR name, void *userdata)
{
UNREFERENCED_PARAMETER(userdata);
return (FARPROC)GetProcAddress((HMODULE)module, name);
}
void MemoryDefaultFreeLibrary(HCUSTOMMODULE module, void *userdata)
{
UNREFERENCED_PARAMETER(userdata);
FreeLibrary((HMODULE)module);
}
HANDLE CLoad::MemLoadLibraryEx(const void *data, size_t size,
MemLoadLibraryFn loadLibrary,
MemGetProcAddressFn getProcAddress,
MemFreeLibraryFn freeLibrary,
void *userdata)
{
PMEMORYMODULE result = NULL;
PIMAGE_DOS_HEADER dos_header;
PIMAGE_NT_HEADERS old_header;
unsigned char *code, *headers;
ptrdiff_t locationDelta;
SYSTEM_INFO sysInfo;
PIMAGE_SECTION_HEADER section;
DWORD i;
size_t optionalSectionSize;
size_t lastSectionEnd = 0;
size_t alignedImageSize;
if (!CheckSize(size, sizeof(IMAGE_DOS_HEADER))) {
return NULL;
}
dos_header = (PIMAGE_DOS_HEADER)data;
if (dos_header->e_magic != IMAGE_DOS_SIGNATURE) {
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
if (!CheckSize(size, dos_header->e_lfanew + sizeof(IMAGE_NT_HEADERS))) {
return NULL;
}
old_header = (PIMAGE_NT_HEADERS)&((const unsigned char *)(data))[dos_header->e_lfanew];
if (old_header->Signature != IMAGE_NT_SIGNATURE) {
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
#ifdef _WIN64
if (old_header->FileHeader.Machine != IMAGE_FILE_MACHINE_AMD64) {
#else
if (old_header->FileHeader.Machine != IMAGE_FILE_MACHINE_I386) {
#endif
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
if (old_header->OptionalHeader.SectionAlignment & 1) {
// Only support section alignments that are a multiple of 2
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
section = IMAGE_FIRST_SECTION(old_header);
optionalSectionSize = old_header->OptionalHeader.SectionAlignment;
for (i = 0; i<old_header->FileHeader.NumberOfSections; i++, section++) {
size_t endOfSection;
if (section->SizeOfRawData == 0) {
// Section without data in the DLL
endOfSection = section->VirtualAddress + optionalSectionSize;
}
else {
endOfSection = section->VirtualAddress + section->SizeOfRawData;
}
if (endOfSection > lastSectionEnd) {
lastSectionEnd = endOfSection;
}
}
GetNativeSystemInfo(&sysInfo);
alignedImageSize = ALIGN_VALUE_UP(old_header->OptionalHeader.SizeOfImage, sysInfo.dwPageSize);
if (alignedImageSize != ALIGN_VALUE_UP(lastSectionEnd, sysInfo.dwPageSize)) {
SetLastError(ERROR_BAD_EXE_FORMAT);
return NULL;
}
// reserve memory for image of library
// XXX: is it correct to commit the complete memory region at once?
// calling DllEntry raises an exception if we don't...
code = (unsigned char *)VirtualAlloc((LPVOID)(old_header->OptionalHeader.ImageBase),
alignedImageSize,
MEM_RESERVE | MEM_COMMIT,
PAGE_READWRITE);
if (code == NULL) {
// try to allocate memory at arbitrary position
code = (unsigned char *)VirtualAlloc(NULL,
alignedImageSize,
MEM_RESERVE | MEM_COMMIT,
PAGE_READWRITE);
if (code == NULL) {
SetLastError(ERROR_OUTOFMEMORY);
return NULL;
}
}
result = (PMEMORYMODULE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(MEMORYMODULE));
if (result == NULL) {
VirtualFree(code, 0, MEM_RELEASE);
SetLastError(ERROR_OUTOFMEMORY);
return NULL;
}
result->codeBase = code;
result->isDLL = (old_header->FileHeader.Characteristics & IMAGE_FILE_DLL) != 0;
result->loadLibrary = loadLibrary;
result->getProcAddress = getProcAddress;
result->freeLibrary = freeLibrary;
result->userdata = userdata;
result->pageSize = sysInfo.dwPageSize;
if (!CheckSize(size, old_header->OptionalHeader.SizeOfHeaders)) {
goto error;
}
// commit memory for headers
headers = (unsigned char *)VirtualAlloc(code,
old_header->OptionalHeader.SizeOfHeaders,
MEM_COMMIT,
PAGE_READWRITE);
// copy PE header to code
memcpy(headers, dos_header, old_header->OptionalHeader.SizeOfHeaders);
result->headers = (PIMAGE_NT_HEADERS)&((const unsigned char *)(headers))[dos_header->e_lfanew];
// update position
result->headers->OptionalHeader.ImageBase = (uintptr_t)code;
// copy sections from DLL file block to new memory location
if (!CopySections((const unsigned char *)data, size, old_header, result)) {
goto error;
}
// adjust base address of imported data
locationDelta = (ptrdiff_t)(result->headers->OptionalHeader.ImageBase - old_header->OptionalHeader.ImageBase);
if (locationDelta != 0) {
result->isRelocated = PerformBaseRelocation(result, locationDelta);
}
else {
result->isRelocated = TRUE;
}
// load required dlls and adjust function table of imports
if (!BuildImportTable(result)) {
goto error;
}
// mark memory pages depending on section headers and release
// sections that are marked as "discardable"
if (!FinalizeSections(result)) {
goto error;
}
// TLS callbacks are executed BEFORE the main loading
if (!ExecuteTLS(result)) {
goto error;
}
// get entry point of loaded library
if (result->headers->OptionalHeader.AddressOfEntryPoint != 0) {
if (result->isDLL) {
DllEntryProc DllEntry = (DllEntryProc)(LPVOID)(code + result->headers->OptionalHeader.AddressOfEntryPoint);
// notify library about attaching to process
BOOL successfull = (*DllEntry)((HINSTANCE)code, DLL_PROCESS_ATTACH, 0);
if (!successfull) {
SetLastError(ERROR_DLL_INIT_FAILED);
goto error;
}
result->initialized = TRUE;
}
else {
result->exeEntry = (ExeEntryProc)(LPVOID)(code + result->headers->OptionalHeader.AddressOfEntryPoint);
}
}
else {
result->exeEntry = NULL;
}
return (HANDLE)result;
error:
// cleanup
FreeLibraryFromMemory(result);
return NULL;
}
HANDLE CLoad::LoadFromMemory(const void *data, size_t size)
{
return MemLoadLibraryEx(data, size, MemoryDefaultLoadLibrary, MemoryDefaultGetProcAddress, MemoryDefaultFreeLibrary, NULL);
}
FARPROC CLoad::GetProcAddressFromMemory(HANDLE module, LPCSTR name)
{
unsigned char *codeBase = ((PMEMORYMODULE)module)->codeBase;
DWORD idx = 0;
PIMAGE_EXPORT_DIRECTORY exports;
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY((PMEMORYMODULE)module, IMAGE_DIRECTORY_ENTRY_EXPORT);
if (directory->Size == 0) {
// no export table found
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
exports = (PIMAGE_EXPORT_DIRECTORY)(codeBase + directory->VirtualAddress);
if (exports->NumberOfNames == 0 || exports->NumberOfFunctions == 0) {
// DLL doesn't export anything
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
if (HIWORD(name) == 0) {
// load function by ordinal value
if (LOWORD(name) < exports->Base) {
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
idx = LOWORD(name) - exports->Base;
}
else {
// search function name in list of exported names
DWORD i;
DWORD *nameRef = (DWORD *)(codeBase + exports->AddressOfNames);
WORD *ordinal = (WORD *)(codeBase + exports->AddressOfNameOrdinals);
BOOL found = FALSE;
for (i = 0; i<exports->NumberOfNames; i++, nameRef++, ordinal++) {
if (_stricmp(name, (const char *)(codeBase + (*nameRef))) == 0) {
idx = *ordinal;
found = TRUE;
break;
}
}
if (!found) {
// exported symbol not found
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
}
if (idx > exports->NumberOfFunctions) {
// name <-> ordinal number don't match
SetLastError(ERROR_PROC_NOT_FOUND);
return NULL;
}
// AddressOfFunctions contains the RVAs to the "real" functions
return (FARPROC)(LPVOID)(codeBase + (*(DWORD *)(codeBase + exports->AddressOfFunctions + (idx * 4))));
}
void CLoad::FreeLibraryFromMemory(HANDLE mod)
{
PMEMORYMODULE module = (PMEMORYMODULE)mod;
if (module == NULL) {
return;
}
if (module->initialized) {
// notify library about detaching from process
DllEntryProc DllEntry = (DllEntryProc)(LPVOID)(module->codeBase + module->headers->OptionalHeader.AddressOfEntryPoint);
(*DllEntry)((HINSTANCE)module->codeBase, DLL_PROCESS_DETACH, 0);
}
if (module->modules != NULL) {
// free previously opened libraries
int i;
for (i = 0; i<module->numModules; i++) {
if (module->modules[i] != NULL) {
module->freeLibrary(module->modules[i], module->userdata);
}
}
free(module->modules);
}
if (module->codeBase != NULL) {
// release memory of library
VirtualFree(module->codeBase, 0, MEM_RELEASE);
}
HeapFree(GetProcessHeap(), 0, module);
}
int CLoad::CallEntryPointFromMemory(HANDLE mod)
{
PMEMORYMODULE module = (PMEMORYMODULE)mod;
if (module == NULL || module->isDLL || module->exeEntry == NULL || !module->isRelocated) {
return -1;
}
return module->exeEntry();
}
HANDLE CLoad::LoadFromFile(LPCSTR filename)
{
HANDLE Module;
std::streampos size;
char * memblock;
std::fstream file(filename, std::ios::in | std::ios::binary | std::ios::ate);
if (file.is_open())
{
size = file.tellg();
memblock = new char[size];
file.seekg(0, std::ios::beg);
file.read(memblock, size);
file.close();
Module = LoadFromMemory(memblock, size);
delete[] memblock;
return Module;
}
else {
return 0;
}
}
HANDLE CLoad::LoadFromResources(int IDD_RESOUCE)
{
HGLOBAL hResData;
HRSRC hResInfo;
void *pvRes;
DWORD dwSize;
void* lpMemory;
HMODULE hModule = GetModuleHandle(NULL);
if (((hResInfo = FindResource(hModule, MAKEINTRESOURCE(IDD_RESOUCE), L"DLL")) != NULL) && ((hResData = LoadResource(hModule, hResInfo)) != NULL) && ((pvRes = LockResource(hResData)) != NULL))
{
dwSize = SizeofResource(hModule, hResInfo);
lpMemory = (char*)malloc(dwSize);
memset(lpMemory, 0, dwSize);
memcpy(lpMemory, pvRes, dwSize);
return lpMemory;
}
}main.cpp
Код:
// Crypter.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "MemLoadLibrary.h"
typedef void(_cdecl* func)();
unsigned char rawData[6656] = {
0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0x00, 0x00, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x01, 0x00, 0x00, 0x0E, 0x1F, 0xBA, 0x0E, 0x00, 0xB4, 0x09, 0xCD,
0x21, 0xB8, 0x01, 0x4C, 0xCD, 0x21, 0x54, 0x68, 0x69, 0x73, 0x20, 0x70,
0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x20, 0x63, 0x61, 0x6E, 0x6E, 0x6F,
0x74, 0x20, 0x62, 0x65, 0x20, 0x72, 0x75, 0x6E, 0x20, 0x69, 0x6E, 0x20,
0x44, 0x4F, 0x53, 0x20, 0x6D, 0x6F, 0x64, 0x65, 0x2E, 0x0D, 0x0D, 0x0A,
0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x09, 0xB2, 0xE6,
0x0C, 0x68, 0xDC, 0xB5, 0x0C, 0x68, 0xDC, 0xB5, 0x0C, 0x68, 0xDC, 0xB5,
0x01, 0x3A, 0x01, 0xB5, 0x0E, 0x68, 0xDC, 0xB5, 0x01, 0x3A, 0x03, 0xB5,
0x0D, 0x68, 0xDC, 0xB5, 0x01, 0x3A, 0x3C, 0xB5, 0x07, 0x68, 0xDC, 0xB5,
0x01, 0x3A, 0x3D, 0xB5, 0x0E, 0x68, 0xDC, 0xB5, 0xD1, 0x97, 0x17, 0xB5,
0x09, 0x68, 0xDC, 0xB5, 0x0C, 0x68, 0xDD, 0xB5, 0x15, 0x68, 0xDC, 0xB5,
0xB9, 0xF6, 0x39, 0xB5, 0x0E, 0x68, 0xDC, 0xB5, 0xB9, 0xF6, 0x00, 0xB5,
0x0D, 0x68, 0xDC, 0xB5, 0x01, 0x3A, 0x07, 0xB5, 0x0D, 0x68, 0xDC, 0xB5,
0xB9, 0xF6, 0x02, 0xB5, 0x0D, 0x68, 0xDC, 0xB5, 0x52, 0x69, 0x63, 0x68,
0x0C, 0x68, 0xDC, 0xB5, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x50, 0x45, 0x00, 0x00, 0x4C, 0x01, 0x05, 0x00,
0x1E, 0x48, 0x01, 0x57, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xE0, 0x00, 0x02, 0x21, 0x0B, 0x01, 0x0C, 0x00, 0x00, 0x0A, 0x00, 0x00,
0x00, 0x0E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x74, 0x12, 0x00, 0x00,
0x00, 0x10, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,
0x00, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x60, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x02, 0x00, 0x40, 0x01, 0x00, 0x00, 0x10, 0x00, 0x00, 0x10, 0x00, 0x00,
0x00, 0x00, 0x10, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x10, 0x00, 0x00, 0x00, 0x50, 0x22, 0x00, 0x00, 0x47, 0x00, 0x00, 0x00,
0x98, 0x22, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00,
0xE0, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00,
0x28, 0x01, 0x00, 0x00, 0x90, 0x20, 0x00, 0x00, 0x38, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x21, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x70, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x2E, 0x74, 0x65, 0x78, 0x74, 0x00, 0x00, 0x00, 0xF2, 0x08, 0x00, 0x00,
0x00, 0x10, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x20, 0x00, 0x00, 0x60, 0x2E, 0x72, 0x64, 0x61, 0x74, 0x61, 0x00, 0x00,
0x4C, 0x05, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x06, 0x00, 0x00,
0x00, 0x0E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x40, 0x2E, 0x64, 0x61, 0x74,
0x61, 0x00, 0x00, 0x00, 0x5C, 0x03, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
0x00, 0x02, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0xC0,
0x2E, 0x72, 0x73, 0x72, 0x63, 0x00, 0x00, 0x00, 0xE0, 0x01, 0x00, 0x00,
0x00, 0x40, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x40, 0x00, 0x00, 0x40, 0x2E, 0x72, 0x65, 0x6C, 0x6F, 0x63, 0x00, 0x00,
0x28, 0x01, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x42, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xB8, 0x01, 0x00, 0x00, 0x00, 0xC2, 0x0C, 0x00,
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0x6A, 0x00, 0x6A, 0x00,
0x68, 0xD4, 0x20, 0x00, 0x10, 0x6A, 0x00, 0xFF, 0x15, 0x68, 0x20, 0x00,
0x10, 0xC3, 0x3B, 0x0D, 0x00, 0x30, 0x00, 0x10, 0x75, 0x02, 0xF3, 0xC3,
0xE9, 0xD6, 0x03, 0x00, 0x00, 0x56, 0x68, 0x80, 0x00, 0x00, 0x00, 0xFF,
0x15, 0x50, 0x20, 0x00, 0x10, 0x59, 0x8B, 0xF0, 0x56, 0xFF, 0x15, 0x18,
0x20, 0x00, 0x10, 0xA3, 0x54, 0x33, 0x00, 0x10, 0xA3, 0x50, 0x33, 0x00,
0x10, 0x85, 0xF6, 0x75, 0x05, 0x33, 0xC0, 0x40, 0x5E, 0xC3, 0x83, 0x26,
0x00, 0xE8, 0x85, 0x07, 0x00, 0x00, 0x68, 0x07, 0x18, 0x00, 0x10, 0xE8,
0xCA, 0x06, 0x00, 0x00, 0xC7, 0x04, 0x24, 0x34, 0x18, 0x00, 0x10, 0xE8,
0xBE, 0x06, 0x00, 0x00, 0x59, 0x33, 0xC0, 0x5E, 0xC3, 0x55, 0x8B, 0xEC,
0x51, 0x51, 0x83, 0x7D, 0x0C, 0x00, 0x53, 0x56, 0x57, 0x0F, 0x85, 0x29,
0x01, 0x00, 0x00, 0xA1, 0x18, 0x30, 0x00, 0x10, 0x85, 0xC0, 0x0F, 0x8E,
0x15, 0x01, 0x00, 0x00, 0x48, 0xBB, 0x48, 0x33, 0x00, 0x10, 0xA3, 0x18,
0x30, 0x00, 0x10, 0x33, 0xFF, 0x64, 0xA1, 0x18, 0x00, 0x00, 0x00, 0x89,
0x7D, 0xFC, 0x8B, 0x50, 0x04, 0xEB, 0x04, 0x3B, 0xC2, 0x74, 0x0E, 0x33,
0xC0, 0x8B, 0xCA, 0xF0, 0x0F, 0xB1, 0x0B, 0x85, 0xC0, 0x75, 0xF0, 0xEB,
0x07, 0xC7, 0x45, 0xFC, 0x01, 0x00, 0x00, 0x00, 0x83, 0x3D, 0x4C, 0x33,
0x00, 0x10, 0x02, 0x74, 0x0D, 0x6A, 0x1F, 0xE8, 0x28, 0x04, 0x00, 0x00,
0x59, 0xE9, 0x82, 0x01, 0x00, 0x00, 0xFF, 0x35, 0x54, 0x33, 0x00, 0x10,
0xFF, 0x15, 0x14, 0x20, 0x00, 0x10, 0x8B, 0xF0, 0x89, 0x75, 0x10, 0x85,
0xF6, 0x0F, 0x84, 0x9A, 0x00, 0x00, 0x00, 0xFF, 0x35, 0x50, 0x33, 0x00,
0x10, 0xFF, 0x15, 0x14, 0x20, 0x00, 0x10, 0x8B, 0xD8, 0x89, 0x75, 0x0C,
0x89, 0x5D, 0x08, 0x83, 0xEB, 0x04, 0x3B, 0xDE, 0x72, 0x5C, 0x39, 0x3B,
0x74, 0xF5, 0x57, 0xFF, 0x15, 0x18, 0x20, 0x00, 0x10, 0x39, 0x03, 0x74,
0xEA, 0xFF, 0x33, 0xFF, 0x15, 0x14, 0x20, 0x00, 0x10, 0x57, 0x8B, 0xF0,
0xFF, 0x15, 0x18, 0x20, 0x00, 0x10, 0x89, 0x03, 0xFF, 0xD6, 0xFF, 0x35,
0x54, 0x33, 0x00, 0x10, 0x8B, 0x35, 0x14, 0x20, 0x00, 0x10, 0xFF, 0xD6,
0xFF, 0x35, 0x50, 0x33, 0x00, 0x10, 0x89, 0x45, 0xF8, 0xFF, 0xD6, 0x8B,
0x4D, 0xF8, 0x39, 0x4D, 0x0C, 0x75, 0x08, 0x8B, 0x75, 0x10, 0x39, 0x45,
0x08, 0x74, 0xAC, 0x8B, 0xF1, 0x89, 0x4D, 0x0C, 0x89, 0x75, 0x10, 0x8B,
0xD8, 0x89, 0x45, 0x08, 0xEB, 0x9D, 0x83, 0xFE, 0xFF, 0x74, 0x08, 0x56,
0xFF, 0x15, 0x54, 0x20, 0x00, 0x10, 0x59, 0x57, 0xFF, 0x15, 0x18, 0x20,
0x00, 0x10, 0xA3, 0x50, 0x33, 0x00, 0x10, 0xBB, 0x48, 0x33, 0x00, 0x10,
0xA3, 0x54, 0x33, 0x00, 0x10, 0x89, 0x3D, 0x4C, 0x33, 0x00, 0x10, 0x39,
0x7D, 0xFC, 0x0F, 0x85, 0xC0, 0x00, 0x00, 0x00, 0x33, 0xC0, 0x87, 0x03,
0xE9, 0xB7, 0x00, 0x00, 0x00, 0x33, 0xC0, 0xE9, 0xB3, 0x00, 0x00, 0x00,
0x83, 0x7D, 0x0C, 0x01, 0x0F, 0x85, 0xA6, 0x00, 0x00, 0x00, 0x64, 0xA1,
0x18, 0x00, 0x00, 0x00, 0x33, 0xFF, 0x8B, 0xF7, 0xBB, 0x48, 0x33, 0x00,
0x10, 0x8B, 0x50, 0x04, 0xEB, 0x04, 0x3B, 0xC2, 0x74, 0x0E, 0x33, 0xC0,
0x8B, 0xCA, 0xF0, 0x0F, 0xB1, 0x0B, 0x85, 0xC0, 0x75, 0xF0, 0xEB, 0x03,
0x33, 0xF6, 0x46, 0x39, 0x3D, 0x4C, 0x33, 0x00, 0x10, 0x6A, 0x02, 0x5F,
0x74, 0x09, 0x6A, 0x1F, 0xE8, 0x0B, 0x03, 0x00, 0x00, 0xEB, 0x35, 0x68,
0x84, 0x20, 0x00, 0x10, 0x68, 0x78, 0x20, 0x00, 0x10, 0xC7, 0x05, 0x4C,
0x33, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0xE8, 0x16, 0x06, 0x00, 0x00,
0x59, 0x59, 0x85, 0xC0, 0x75, 0x93, 0x68, 0x74, 0x20, 0x00, 0x10, 0x68,
0x70, 0x20, 0x00, 0x10, 0xE8, 0xFB, 0x05, 0x00, 0x00, 0x59, 0x89, 0x3D,
0x4C, 0x33, 0x00, 0x10, 0x59, 0x85, 0xF6, 0x75, 0x04, 0x33, 0xC0, 0x87,
0x03, 0x83, 0x3D, 0x58, 0x33, 0x00, 0x10, 0x00, 0x74, 0x1C, 0x68, 0x58,
0x33, 0x00, 0x10, 0xE8, 0x10, 0x03, 0x00, 0x00, 0x59, 0x85, 0xC0, 0x74,
0x0D, 0xFF, 0x75, 0x10, 0x57, 0xFF, 0x75, 0x08, 0xFF, 0x15, 0x58, 0x33,
0x00, 0x10, 0xFF, 0x05, 0x18, 0x30, 0x00, 0x10, 0x33, 0xC0, 0x40, 0x5F,
0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0xC2, 0x0C, 0x00, 0x55, 0x8B, 0xEC, 0x83,
0x7D, 0x0C, 0x01, 0x75, 0x05, 0xE8, 0xC9, 0x04, 0x00, 0x00, 0xFF, 0x75,
0x10, 0xFF, 0x75, 0x0C, 0xFF, 0x75, 0x08, 0xE8, 0x07, 0x00, 0x00, 0x00,
0x83, 0xC4, 0x0C, 0x5D, 0xC2, 0x0C, 0x00, 0x6A, 0x10, 0x68, 0xE8, 0x21,
0x00, 0x10, 0xE8, 0x9D, 0x05, 0x00, 0x00, 0x33, 0xC0, 0x40, 0x8B, 0xF0,
0x89, 0x75, 0xE4, 0x33, 0xDB, 0x89, 0x5D, 0xFC, 0x8B, 0x7D, 0x0C, 0x89,
0x3D, 0x10, 0x30, 0x00, 0x10, 0x89, 0x45, 0xFC, 0x85, 0xFF, 0x75, 0x0C,
0x39, 0x3D, 0x18, 0x30, 0x00, 0x10, 0x0F, 0x84, 0xD4, 0x00, 0x00, 0x00,
0x3B, 0xF8, 0x74, 0x05, 0x83, 0xFF, 0x02, 0x75, 0x38, 0xA1, 0xC8, 0x20,
0x00, 0x10, 0x85, 0xC0, 0x74, 0x0E, 0xFF, 0x75, 0x10, 0x57, 0xFF, 0x75,
0x08, 0xFF, 0xD0, 0x8B, 0xF0, 0x89, 0x75, 0xE4, 0x85, 0xF6, 0x0F, 0x84,
0xB1, 0x00, 0x00, 0x00, 0xFF, 0x75, 0x10, 0x57, 0xFF, 0x75, 0x08, 0xE8,
0x7D, 0xFD, 0xFF, 0xFF, 0x8B, 0xF0, 0x89, 0x75, 0xE4, 0x85, 0xF6, 0x0F,
0x84, 0x98, 0x00, 0x00, 0x00, 0xFF, 0x75, 0x10, 0x57, 0xFF, 0x75, 0x08,
0xE8, 0xE7, 0xFC, 0xFF, 0xFF, 0x8B, 0xF0, 0x89, 0x75, 0xE4, 0x83, 0xFF,
0x01, 0x75, 0x2E, 0x85, 0xF6, 0x75, 0x2A, 0xFF, 0x75, 0x10, 0x53, 0xFF,
0x75, 0x08, 0xE8, 0xCD, 0xFC, 0xFF, 0xFF, 0xFF, 0x75, 0x10, 0x53, 0xFF,
0x75, 0x08, 0xE8, 0x3E, 0xFD, 0xFF, 0xFF, 0xA1, 0xC8, 0x20, 0x00, 0x10,
0x85, 0xC0, 0x74, 0x09, 0xFF, 0x75, 0x10, 0x53, 0xFF, 0x75, 0x08, 0xFF,
0xD0, 0x85, 0xFF, 0x74, 0x05, 0x83, 0xFF, 0x03, 0x75, 0x4B, 0xFF, 0x75,
0x10, 0x57, 0xFF, 0x75, 0x08, 0xE8, 0x17, 0xFD, 0xFF, 0xFF, 0xF7, 0xD8,
0x1B, 0xC0, 0x23, 0xF0, 0x89, 0x75, 0xE4, 0x74, 0x34, 0xA1, 0xC8, 0x20,
0x00, 0x10, 0x85, 0xC0, 0x74, 0x2B, 0xFF, 0x75, 0x10, 0x57, 0xFF, 0x75,
0x08, 0xFF, 0xD0, 0x8B, 0xF0, 0xEB, 0x1B, 0x8B, 0x4D, 0xEC, 0x8B, 0x01,
0x8B, 0x00, 0x89, 0x45, 0xE0, 0x51, 0x50, 0xE8, 0x6A, 0x01, 0x00, 0x00,
0x59, 0x59, 0xC3, 0x8B, 0x65, 0xE8, 0x33, 0xDB, 0x8B, 0xF3, 0x89, 0x75,
0xE4, 0x89, 0x5D, 0xFC, 0xC7, 0x45, 0xFC, 0xFE, 0xFF, 0xFF, 0xFF, 0xE8,
0x0B, 0x00, 0x00, 0x00, 0x8B, 0xC6, 0xE8, 0xCA, 0x04, 0x00, 0x00, 0xC3,
0x8B, 0x75, 0xE4, 0xC7, 0x05, 0x10, 0x30, 0x00, 0x10, 0xFF, 0xFF, 0xFF,
0xFF, 0xC3, 0x55, 0x8B, 0xEC, 0xFF, 0x15, 0x10, 0x20, 0x00, 0x10, 0x6A,
0x01, 0xA3, 0x3C, 0x33, 0x00, 0x10, 0xE8, 0xDD, 0x04, 0x00, 0x00, 0xFF,
0x75, 0x08, 0xE8, 0xDB, 0x04, 0x00, 0x00, 0x83, 0x3D, 0x3C, 0x33, 0x00,
0x10, 0x00, 0x59, 0x59, 0x75, 0x08, 0x6A, 0x01, 0xE8, 0xC3, 0x04, 0x00,
0x00, 0x59, 0x68, 0x09, 0x04, 0x00, 0xC0, 0xE8, 0xC4, 0x04, 0x00, 0x00,
0x59, 0x5D, 0xC3, 0x55, 0x8B, 0xEC, 0x81, 0xEC, 0x24, 0x03, 0x00, 0x00,
0x6A, 0x17, 0xE8, 0xD5, 0x04, 0x00, 0x00, 0x85, 0xC0, 0x74, 0x05, 0x6A,
0x02, 0x59, 0xCD, 0x29, 0xA3, 0x20, 0x31, 0x00, 0x10, 0x89, 0x0D, 0x1C,
0x31, 0x00, 0x10, 0x89, 0x15, 0x18, 0x31, 0x00, 0x10, 0x89, 0x1D, 0x14,
0x31, 0x00, 0x10, 0x89, 0x35, 0x10, 0x31, 0x00, 0x10, 0x89, 0x3D, 0x0C,
0x31, 0x00, 0x10, 0x66, 0x8C, 0x15, 0x38, 0x31, 0x00, 0x10, 0x66, 0x8C,
0x0D, 0x2C, 0x31, 0x00, 0x10, 0x66, 0x8C, 0x1D, 0x08, 0x31, 0x00, 0x10,
0x66, 0x8C, 0x05, 0x04, 0x31, 0x00, 0x10, 0x66, 0x8C, 0x25, 0x00, 0x31,
0x00, 0x10, 0x66, 0x8C, 0x2D, 0xFC, 0x30, 0x00, 0x10, 0x9C, 0x8F, 0x05,
0x30, 0x31, 0x00, 0x10, 0x8B, 0x45, 0x00, 0xA3, 0x24, 0x31, 0x00, 0x10,
0x8B, 0x45, 0x04, 0xA3, 0x28, 0x31, 0x00, 0x10, 0x8D, 0x45, 0x08, 0xA3,
0x34, 0x31, 0x00, 0x10, 0x8B, 0x85, 0xDC, 0xFC, 0xFF, 0xFF, 0xC7, 0x05,
0x70, 0x30, 0x00, 0x10, 0x01, 0x00, 0x01, 0x00, 0xA1, 0x28, 0x31, 0x00,
0x10, 0xA3, 0x2C, 0x30, 0x00, 0x10, 0xC7, 0x05, 0x20, 0x30, 0x00, 0x10,
0x09, 0x04, 0x00, 0xC0, 0xC7, 0x05, 0x24, 0x30, 0x00, 0x10, 0x01, 0x00,
0x00, 0x00, 0xC7, 0x05, 0x30, 0x30, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00,
0x6A, 0x04, 0x58, 0x6B, 0xC0, 0x00, 0xC7, 0x80, 0x34, 0x30, 0x00, 0x10,
0x02, 0x00, 0x00, 0x00, 0x6A, 0x04, 0x58, 0x6B, 0xC0, 0x00, 0x8B, 0x0D,
0x00, 0x30, 0x00, 0x10, 0x89, 0x4C, 0x05, 0xF8, 0x6A, 0x04, 0x58, 0xC1,
0xE0, 0x00, 0x8B, 0x0D, 0x04, 0x30, 0x00, 0x10, 0x89, 0x4C, 0x05, 0xF8,
0x68, 0xCC, 0x20, 0x00, 0x10, 0xE8, 0xCC, 0xFE, 0xFF, 0xFF, 0x8B, 0xE5,
0x5D, 0xC3, 0xFF, 0x25, 0x5C, 0x20, 0x00, 0x10, 0xFF, 0x25, 0x58, 0x20,
0x00, 0x10, 0xCC, 0xCC, 0x55, 0x8B, 0xEC, 0x8B, 0x45, 0x08, 0x33, 0xD2,
0x53, 0x56, 0x57, 0x8B, 0x48, 0x3C, 0x03, 0xC8, 0x0F, 0xB7, 0x41, 0x14,
0x0F, 0xB7, 0x59, 0x06, 0x83, 0xC0, 0x18, 0x03, 0xC1, 0x85, 0xDB, 0x74,
0x1B, 0x8B, 0x7D, 0x0C, 0x8B, 0x70, 0x0C, 0x3B, 0xFE, 0x72, 0x09, 0x8B,
0x48, 0x08, 0x03, 0xCE, 0x3B, 0xF9, 0x72, 0x0A, 0x42, 0x83, 0xC0, 0x28,
0x3B, 0xD3, 0x72, 0xE8, 0x33, 0xC0, 0x5F, 0x5E, 0x5B, 0x5D, 0xC3, 0xCC,
0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
0x55, 0x8B, 0xEC, 0x6A, 0xFE, 0x68, 0x10, 0x22, 0x00, 0x10, 0x68, 0x99,
0x18, 0x00, 0x10, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x83, 0xEC,
0x08, 0x53, 0x56, 0x57, 0xA1, 0x00, 0x30, 0x00, 0x10, 0x31, 0x45, 0xF8,
0x33, 0xC5, 0x50, 0x8D, 0x45, 0xF0, 0x64, 0xA3, 0x00, 0x00, 0x00, 0x00,
0x89, 0x65, 0xE8, 0xC7, 0x45, 0xFC, 0x00, 0x00, 0x00, 0x00, 0x68, 0x00,
0x00, 0x00, 0x10, 0xE8, 0x7C, 0x00, 0x00, 0x00, 0x83, 0xC4, 0x04, 0x85,
0xC0, 0x74, 0x54, 0x8B, 0x45, 0x08, 0x2D, 0x00, 0x00, 0x00, 0x10, 0x50,
0x68, 0x00, 0x00, 0x00, 0x10, 0xE8, 0x52, 0xFF, 0xFF, 0xFF, 0x83, 0xC4,
0x08, 0x85, 0xC0, 0x74, 0x3A, 0x8B, 0x40, 0x24, 0xC1, 0xE8, 0x1F, 0xF7,
0xD0, 0x83, 0xE0, 0x01, 0xC7, 0x45, 0xFC, 0xFE, 0xFF, 0xFF, 0xFF, 0x8B,
0x4D, 0xF0, 0x64, 0x89, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x59, 0x5F, 0x5E,
0x5B, 0x8B, 0xE5, 0x5D, 0xC3, 0x8B, 0x45, 0xEC, 0x8B, 0x00, 0x33, 0xC9,
0x81, 0x38, 0x05, 0x00, 0x00, 0xC0, 0x0F, 0x94, 0xC1, 0x8B, 0xC1, 0xC3,
0x8B, 0x65, 0xE8, 0xC7, 0x45, 0xFC, 0xFE, 0xFF, 0xFF, 0xFF, 0x33, 0xC0,
0x8B, 0x4D, 0xF0, 0x64, 0x89, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x59, 0x5F,
0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0xC3, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
0x55, 0x8B, 0xEC, 0x8B, 0x45, 0x08, 0xB9, 0x4D, 0x5A, 0x00, 0x00, 0x66,
0x39, 0x08, 0x74, 0x04, 0x33, 0xC0, 0x5D, 0xC3, 0x8B, 0x48, 0x3C, 0x03,
0xC8, 0x33, 0xC0, 0x81, 0x39, 0x50, 0x45, 0x00, 0x00, 0x75, 0x0C, 0xBA,
0x0B, 0x01, 0x00, 0x00, 0x66, 0x39, 0x51, 0x18, 0x0F, 0x94, 0xC0, 0x5D,
0xC3, 0x83, 0x3D, 0x54, 0x33, 0x00, 0x10, 0x00, 0x74, 0x03, 0x33, 0xC0,
0xC3, 0x56, 0x6A, 0x04, 0x6A, 0x20, 0xFF, 0x15, 0x60, 0x20, 0x00, 0x10,
0x59, 0x59, 0x8B, 0xF0, 0x56, 0xFF, 0x15, 0x18, 0x20, 0x00, 0x10, 0xA3,
0x54, 0x33, 0x00, 0x10, 0xA3, 0x50, 0x33, 0x00, 0x10, 0x85, 0xF6, 0x75,
0x05, 0x6A, 0x18, 0x58, 0x5E, 0xC3, 0x83, 0x26, 0x00, 0x33, 0xC0, 0x5E,
0xC3, 0x6A, 0x14, 0x68, 0x30, 0x22, 0x00, 0x10, 0xE8, 0xA7, 0x01, 0x00,
0x00, 0x83, 0x65, 0xDC, 0x00, 0xFF, 0x35, 0x54, 0x33, 0x00, 0x10, 0x8B,
0x35, 0x14, 0x20, 0x00, 0x10, 0xFF, 0xD6, 0x89, 0x45, 0xE4, 0x83, 0xF8,
0xFF, 0x75, 0x0C, 0xFF, 0x75, 0x08, 0xFF, 0x15, 0x3C, 0x20, 0x00, 0x10,
0x59, 0xEB, 0x65, 0x6A, 0x08, 0xE8, 0x08, 0x02, 0x00, 0x00, 0x59, 0x83,
0x65, 0xFC, 0x00, 0xFF, 0x35, 0x54, 0x33, 0x00, 0x10, 0xFF, 0xD6, 0x89,
0x45, 0xE4, 0xFF, 0x35, 0x50, 0x33, 0x00, 0x10, 0xFF, 0xD6, 0x89, 0x45,
0xE0, 0x8D, 0x45, 0xE0, 0x50, 0x8D, 0x45, 0xE4, 0x50, 0xFF, 0x75, 0x08,
0x8B, 0x35, 0x18, 0x20, 0x00, 0x10, 0xFF, 0xD6, 0x50, 0xE8, 0xE0, 0x01,
0x00, 0x00, 0x83, 0xC4, 0x0C, 0x8B, 0xF8, 0x89, 0x7D, 0xDC, 0xFF, 0x75,
0xE4, 0xFF, 0xD6, 0xA3, 0x54, 0x33, 0x00, 0x10, 0xFF, 0x75, 0xE0, 0xFF,
0xD6, 0xA3, 0x50, 0x33, 0x00, 0x10, 0xC7, 0x45, 0xFC, 0xFE, 0xFF, 0xFF,
0xFF, 0xE8, 0x0B, 0x00, 0x00, 0x00, 0x8B, 0xC7, 0xE8, 0x5C, 0x01, 0x00,
0x00, 0xC3, 0x8B, 0x7D, 0xDC, 0x6A, 0x08, 0xE8, 0xA0, 0x01, 0x00, 0x00,
0x59, 0xC3, 0x55, 0x8B, 0xEC, 0xFF, 0x75, 0x08, 0xE8, 0x4C, 0xFF, 0xFF,
0xFF, 0xF7, 0xD8, 0x59, 0x1B, 0xC0, 0xF7, 0xD8, 0x48, 0x5D, 0xC3, 0x55,
0x8B, 0xEC, 0x83, 0xEC, 0x14, 0x83, 0x65, 0xF4, 0x00, 0x83, 0x65, 0xF8,
0x00, 0xA1, 0x00, 0x30, 0x00, 0x10, 0x56, 0x57, 0xBF, 0x4E, 0xE6, 0x40,
0xBB, 0xBE, 0x00, 0x00, 0xFF, 0xFF, 0x3B, 0xC7, 0x74, 0x0D, 0x85, 0xC6,
0x74, 0x09, 0xF7, 0xD0, 0xA3, 0x04, 0x30, 0x00, 0x10, 0xEB, 0x66, 0x8D,
0x45, 0xF4, 0x50, 0xFF, 0x15, 0x00, 0x20, 0x00, 0x10, 0x8B, 0x45, 0xF8,
0x33, 0x45, 0xF4, 0x89, 0x45, 0xFC, 0xFF, 0x15, 0x1C, 0x20, 0x00, 0x10,
0x31, 0x45, 0xFC, 0xFF, 0x15, 0x04, 0x20, 0x00, 0x10, 0x31, 0x45, 0xFC,
0x8D, 0x45, 0xEC, 0x50, 0xFF, 0x15, 0x08, 0x20, 0x00, 0x10, 0x8B, 0x4D,
0xF0, 0x8D, 0x45, 0xFC, 0x33, 0x4D, 0xEC, 0x33, 0x4D, 0xFC, 0x33, 0xC8,
0x3B, 0xCF, 0x75, 0x07, 0xB9, 0x4F, 0xE6, 0x40, 0xBB, 0xEB, 0x10, 0x85,
0xCE, 0x75, 0x0C, 0x8B, 0xC1, 0x0D, 0x11, 0x47, 0x00, 0x00, 0xC1, 0xE0,
0x10, 0x0B, 0xC8, 0x89, 0x0D, 0x00, 0x30, 0x00, 0x10, 0xF7, 0xD1, 0x89,
0x0D, 0x04, 0x30, 0x00, 0x10, 0x5F, 0x5E, 0x8B, 0xE5, 0x5D, 0xC3, 0x56,
0x57, 0xBE, 0xD8, 0x21, 0x00, 0x10, 0xBF, 0xD8, 0x21, 0x00, 0x10, 0xEB,
0x0B, 0x8B, 0x06, 0x85, 0xC0, 0x74, 0x02, 0xFF, 0xD0, 0x83, 0xC6, 0x04,
0x3B, 0xF7, 0x72, 0xF1, 0x5F, 0x5E, 0xC3, 0x56, 0x57, 0xBE, 0xE0, 0x21,
0x00, 0x10, 0xBF, 0xE0, 0x21, 0x00, 0x10, 0xEB, 0x0B, 0x8B, 0x06, 0x85,
0xC0, 0x74, 0x02, 0xFF, 0xD0, 0x83, 0xC6, 0x04, 0x3B, 0xF7, 0x72, 0xF1,
0x5F, 0x5E, 0xC3, 0xCC, 0xFF, 0x25, 0x4C, 0x20, 0x00, 0x10, 0xFF, 0x25,
0x48, 0x20, 0x00, 0x10, 0x68, 0x40, 0x33, 0x00, 0x10, 0xE8, 0xA2, 0x00,
0x00, 0x00, 0x59, 0xC3, 0x68, 0x99, 0x18, 0x00, 0x10, 0x64, 0xFF, 0x35,
0x00, 0x00, 0x00, 0x00, 0x8B, 0x44, 0x24, 0x10, 0x89, 0x6C, 0x24, 0x10,
0x8D, 0x6C, 0x24, 0x10, 0x2B, 0xE0, 0x53, 0x56, 0x57, 0xA1, 0x00, 0x30,
0x00, 0x10, 0x31, 0x45, 0xFC, 0x33, 0xC5, 0x50, 0x89, 0x65, 0xE8, 0xFF,
0x75, 0xF8, 0x8B, 0x45, 0xFC, 0xC7, 0x45, 0xFC, 0xFE, 0xFF, 0xFF, 0xFF,
0x89, 0x45, 0xF8, 0x8D, 0x45, 0xF0, 0x64, 0xA3, 0x00, 0x00, 0x00, 0x00,
0xC3, 0x8B, 0x4D, 0xF0, 0x64, 0x89, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x59,
0x5F, 0x5F, 0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0x51, 0xC3, 0x55, 0x8B, 0xEC,
0xFF, 0x75, 0x14, 0xFF, 0x75, 0x10, 0xFF, 0x75, 0x0C, 0xFF, 0x75, 0x08,
0x68, 0x22, 0x10, 0x00, 0x10, 0x68, 0x00, 0x30, 0x00, 0x10, 0xE8, 0x2F,
0x00, 0x00, 0x00, 0x83, 0xC4, 0x18, 0x5D, 0xC3, 0xFF, 0x25, 0x34, 0x20,
0x00, 0x10, 0xFF, 0x25, 0x24, 0x20, 0x00, 0x10, 0xFF, 0x25, 0x28, 0x20,
0x00, 0x10, 0xFF, 0x25, 0x2C, 0x20, 0x00, 0x10, 0xFF, 0x25, 0x30, 0x20,
0x00, 0x10, 0xFF, 0x25, 0x38, 0x20, 0x00, 0x10, 0xFF, 0x25, 0x40, 0x20,
0x00, 0x10, 0xFF, 0x25, 0x44, 0x20, 0x00, 0x10, 0xFF, 0x25, 0x0C, 0x20,
0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x25, 0x00, 0x00,
0xF8, 0x24, 0x00, 0x00, 0xDE, 0x24, 0x00, 0x00, 0xC2, 0x24, 0x00, 0x00,
0xAE, 0x24, 0x00, 0x00, 0x9E, 0x24, 0x00, 0x00, 0x8E, 0x24, 0x00, 0x00,
0x0E, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xD8, 0x23, 0x00, 0x00,
0xF2, 0x23, 0x00, 0x00, 0x18, 0x24, 0x00, 0x00, 0x20, 0x24, 0x00, 0x00,
0xC2, 0x23, 0x00, 0x00, 0x38, 0x24, 0x00, 0x00, 0x46, 0x24, 0x00, 0x00,
0x50, 0x24, 0x00, 0x00, 0x74, 0x24, 0x00, 0x00, 0xB4, 0x23, 0x00, 0x00,
0xA8, 0x23, 0x00, 0x00, 0x9A, 0x23, 0x00, 0x00, 0x92, 0x23, 0x00, 0x00,
0x84, 0x23, 0x00, 0x00, 0x72, 0x23, 0x00, 0x00, 0x2A, 0x24, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x58, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x31, 0x10, 0x00, 0x10, 0x51, 0x16, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x1E, 0x48, 0x01, 0x57, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
0x6A, 0x00, 0x00, 0x00, 0x48, 0x21, 0x00, 0x00, 0x48, 0x0F, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x1E, 0x48, 0x01, 0x57, 0x00, 0x00, 0x00, 0x00,
0x0C, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0xB4, 0x21, 0x00, 0x00,
0xB4, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x30, 0x00, 0x10,
0x70, 0x30, 0x00, 0x10, 0x59, 0x00, 0x6F, 0x00, 0x75, 0x00, 0x20, 0x00,
0x63, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x6C, 0x00, 0x65, 0x00, 0x64, 0x00,
0x20, 0x00, 0x74, 0x00, 0x65, 0x00, 0x73, 0x00, 0x74, 0x00, 0x66, 0x00,
0x75, 0x00, 0x6E, 0x00, 0x63, 0x00, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00,
0x48, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x30, 0x00, 0x10, 0xD0, 0x21, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00,
0x52, 0x53, 0x44, 0x53, 0xB3, 0x88, 0xA0, 0x2A, 0x48, 0x5E, 0x53, 0x43,
0xA1, 0xEF, 0xF5, 0x95, 0x04, 0x66, 0x33, 0x9B, 0x01, 0x00, 0x00, 0x00,
0x63, 0x3A, 0x5C, 0x75, 0x73, 0x65, 0x72, 0x73, 0x5C, 0x6D, 0x61, 0x74,
0x69, 0x61, 0x73, 0x5C, 0x64, 0x6F, 0x63, 0x75, 0x6D, 0x65, 0x6E, 0x74,
0x73, 0x5C, 0x76, 0x69, 0x73, 0x75, 0x61, 0x6C, 0x20, 0x73, 0x74, 0x75,
0x64, 0x69, 0x6F, 0x20, 0x32, 0x30, 0x31, 0x33, 0x5C, 0x50, 0x72, 0x6F,
0x6A, 0x65, 0x63, 0x74, 0x73, 0x5C, 0x43, 0x72, 0x79, 0x70, 0x74, 0x65,
0x72, 0x5C, 0x52, 0x65, 0x6C, 0x65, 0x61, 0x73, 0x65, 0x5C, 0x64, 0x6C,
0x6C, 0x74, 0x65, 0x73, 0x74, 0x2E, 0x70, 0x64, 0x62, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00, 0x0F, 0x00, 0x00, 0x00,
0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x99, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xFE, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
0xD0, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFE, 0xFF, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0x00, 0xBC, 0x13, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00,
0x87, 0x13, 0x00, 0x10, 0x9B, 0x13, 0x00, 0x10, 0xFE, 0xFF, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0x00, 0xD8, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
0xFE, 0xFF, 0xFF, 0xFF, 0xE9, 0x15, 0x00, 0x10, 0xFC, 0x15, 0x00, 0x10,
0x00, 0x00, 0x00, 0x00, 0xFE, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
0xCC, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFE, 0xFF, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x2A, 0x17, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x1D, 0x48, 0x01, 0x57, 0x00, 0x00, 0x00, 0x00,
0x82, 0x22, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x78, 0x22, 0x00, 0x00, 0x7C, 0x22, 0x00, 0x00,
0x80, 0x22, 0x00, 0x00, 0x10, 0x10, 0x00, 0x00, 0x8E, 0x22, 0x00, 0x00,
0x00, 0x00, 0x64, 0x6C, 0x6C, 0x74, 0x65, 0x73, 0x74, 0x2E, 0x64, 0x6C,
0x6C, 0x00, 0x74, 0x65, 0x73, 0x74, 0x66, 0x75, 0x6E, 0x63, 0x00, 0x00,
0x50, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x66, 0x23, 0x00, 0x00, 0x68, 0x20, 0x00, 0x00, 0x0C, 0x23, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x24, 0x00, 0x00,
0x24, 0x20, 0x00, 0x00, 0xE8, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x3E, 0x25, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x25, 0x00, 0x00,
0xF8, 0x24, 0x00, 0x00, 0xDE, 0x24, 0x00, 0x00, 0xC2, 0x24, 0x00, 0x00,
0xAE, 0x24, 0x00, 0x00, 0x9E, 0x24, 0x00, 0x00, 0x8E, 0x24, 0x00, 0x00,
0x0E, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xD8, 0x23, 0x00, 0x00,
0xF2, 0x23, 0x00, 0x00, 0x18, 0x24, 0x00, 0x00, 0x20, 0x24, 0x00, 0x00,
0xC2, 0x23, 0x00, 0x00, 0x38, 0x24, 0x00, 0x00, 0x46, 0x24, 0x00, 0x00,
0x50, 0x24, 0x00, 0x00, 0x74, 0x24, 0x00, 0x00, 0xB4, 0x23, 0x00, 0x00,
0xA8, 0x23, 0x00, 0x00, 0x9A, 0x23, 0x00, 0x00, 0x92, 0x23, 0x00, 0x00,
0x84, 0x23, 0x00, 0x00, 0x72, 0x23, 0x00, 0x00, 0x2A, 0x24, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x58, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x4D, 0x02, 0x4D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x6F, 0x78,
0x57, 0x00, 0x55, 0x53, 0x45, 0x52, 0x33, 0x32, 0x2E, 0x64, 0x6C, 0x6C,
0x00, 0x00, 0x6F, 0x01, 0x5F, 0x5F, 0x43, 0x70, 0x70, 0x58, 0x63, 0x70,
0x74, 0x46, 0x69, 0x6C, 0x74, 0x65, 0x72, 0x00, 0x17, 0x02, 0x5F, 0x61,
0x6D, 0x73, 0x67, 0x5F, 0x65, 0x78, 0x69, 0x74, 0x00, 0x00, 0x83, 0x06,
0x66, 0x72, 0x65, 0x65, 0x00, 0x00, 0xA5, 0x03, 0x5F, 0x6D, 0x61, 0x6C,
0x6C, 0x6F, 0x63, 0x5F, 0x63, 0x72, 0x74, 0x00, 0x0C, 0x03, 0x5F, 0x69,
0x6E, 0x69, 0x74, 0x74, 0x65, 0x72, 0x6D, 0x00, 0x0D, 0x03, 0x5F, 0x69,
0x6E, 0x69, 0x74, 0x74, 0x65, 0x72, 0x6D, 0x5F, 0x65, 0x00, 0x50, 0x02,
0x5F, 0x63, 0x72, 0x74, 0x5F, 0x64, 0x65, 0x62, 0x75, 0x67, 0x67, 0x65,
0x72, 0x5F, 0x68, 0x6F, 0x6F, 0x6B, 0x00, 0x00, 0xAC, 0x01, 0x5F, 0x5F,
0x63, 0x72, 0x74, 0x55, 0x6E, 0x68, 0x61, 0x6E, 0x64, 0x6C, 0x65, 0x64,
0x45, 0x78, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x00, 0xAB, 0x01,
0x5F, 0x5F, 0x63, 0x72, 0x74, 0x54, 0x65, 0x72, 0x6D, 0x69, 0x6E, 0x61,
0x74, 0x65, 0x50, 0x72, 0x6F, 0x63, 0x65, 0x73, 0x73, 0x00, 0x4D, 0x53,
0x56, 0x43, 0x52, 0x31, 0x32, 0x30, 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x00,
0x94, 0x03, 0x5F, 0x6C, 0x6F, 0x63, 0x6B, 0x00, 0x04, 0x05, 0x5F, 0x75,
0x6E, 0x6C, 0x6F, 0x63, 0x6B, 0x00, 0x2E, 0x02, 0x5F, 0x63, 0x61, 0x6C,
0x6C, 0x6F, 0x63, 0x5F, 0x63, 0x72, 0x74, 0x00, 0xAE, 0x01, 0x5F, 0x5F,
0x64, 0x6C, 0x6C, 0x6F, 0x6E, 0x65, 0x78, 0x69, 0x74, 0x00, 0x3A, 0x04,
0x5F, 0x6F, 0x6E, 0x65, 0x78, 0x69, 0x74, 0x00, 0x8C, 0x01, 0x5F, 0x5F,
0x63, 0x6C, 0x65, 0x61, 0x6E, 0x5F, 0x74, 0x79, 0x70, 0x65, 0x5F, 0x69,
0x6E, 0x66, 0x6F, 0x5F, 0x6E, 0x61, 0x6D, 0x65, 0x73, 0x5F, 0x69, 0x6E,
0x74, 0x65, 0x72, 0x6E, 0x61, 0x6C, 0x00, 0x00, 0x7A, 0x02, 0x5F, 0x65,
0x78, 0x63, 0x65, 0x70, 0x74, 0x5F, 0x68, 0x61, 0x6E, 0x64, 0x6C, 0x65,
0x72, 0x34, 0x5F, 0x63, 0x6F, 0x6D, 0x6D, 0x6F, 0x6E, 0x00, 0x21, 0x01,
0x45, 0x6E, 0x63, 0x6F, 0x64, 0x65, 0x50, 0x6F, 0x69, 0x6E, 0x74, 0x65,
0x72, 0x00, 0xFE, 0x00, 0x44, 0x65, 0x63, 0x6F, 0x64, 0x65, 0x50, 0x6F,
0x69, 0x6E, 0x74, 0x65, 0x72, 0x00, 0x67, 0x03, 0x49, 0x73, 0x44, 0x65,
0x62, 0x75, 0x67, 0x67, 0x65, 0x72, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6E,
0x74, 0x00, 0x6D, 0x03, 0x49, 0x73, 0x50, 0x72, 0x6F, 0x63, 0x65, 0x73,
0x73, 0x6F, 0x72, 0x46, 0x65, 0x61, 0x74, 0x75, 0x72, 0x65, 0x50, 0x72,
0x65, 0x73, 0x65, 0x6E, 0x74, 0x00, 0x2D, 0x04, 0x51, 0x75, 0x65, 0x72,
0x79, 0x50, 0x65, 0x72, 0x66, 0x6F, 0x72, 0x6D, 0x61, 0x6E, 0x63, 0x65,
0x43, 0x6F, 0x75, 0x6E, 0x74, 0x65, 0x72, 0x00, 0x0A, 0x02, 0x47, 0x65,
0x74, 0x43, 0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, 0x50, 0x72, 0x6F, 0x63,
0x65, 0x73, 0x73, 0x49, 0x64, 0x00, 0x0E, 0x02, 0x47, 0x65, 0x74, 0x43,
0x75, 0x72, 0x72, 0x65, 0x6E, 0x74, 0x54, 0x68, 0x72, 0x65, 0x61, 0x64,
0x49, 0x64, 0x00, 0x00, 0xD6, 0x02, 0x47, 0x65, 0x74, 0x53, 0x79, 0x73,
0x74, 0x65, 0x6D, 0x54, 0x69, 0x6D, 0x65, 0x41, 0x73, 0x46, 0x69, 0x6C,
0x65, 0x54, 0x69, 0x6D, 0x65, 0x00, 0x4B, 0x45, 0x52, 0x4E, 0x45, 0x4C,
0x33, 0x32, 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4E, 0xE6, 0x40, 0xBB,
0xB1, 0x19, 0xBF, 0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x00, 0x00,
0x18, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00,
0x30, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x09, 0x04, 0x00, 0x00,
0x48, 0x00, 0x00, 0x00, 0x60, 0x40, 0x00, 0x00, 0x7D, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x3C, 0x3F, 0x78, 0x6D, 0x6C, 0x20, 0x76, 0x65,
0x72, 0x73, 0x69, 0x6F, 0x6E, 0x3D, 0x27, 0x31, 0x2E, 0x30, 0x27, 0x20,
0x65, 0x6E, 0x63, 0x6F, 0x64, 0x69, 0x6E, 0x67, 0x3D, 0x27, 0x55, 0x54,
0x46, 0x2D, 0x38, 0x27, 0x20, 0x73, 0x74, 0x61, 0x6E, 0x64, 0x61, 0x6C,
0x6F, 0x6E, 0x65, 0x3D, 0x27, 0x79, 0x65, 0x73, 0x27, 0x3F, 0x3E, 0x0D,
0x0A, 0x3C, 0x61, 0x73, 0x73, 0x65, 0x6D, 0x62, 0x6C, 0x79, 0x20, 0x78,
0x6D, 0x6C, 0x6E, 0x73, 0x3D, 0x27, 0x75, 0x72, 0x6E, 0x3A, 0x73, 0x63,
0x68, 0x65, 0x6D, 0x61, 0x73, 0x2D, 0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73,
0x6F, 0x66, 0x74, 0x2D, 0x63, 0x6F, 0x6D, 0x3A, 0x61, 0x73, 0x6D, 0x2E,
0x76, 0x31, 0x27, 0x20, 0x6D, 0x61, 0x6E, 0x69, 0x66, 0x65, 0x73, 0x74,
0x56, 0x65, 0x72, 0x73, 0x69, 0x6F, 0x6E, 0x3D, 0x27, 0x31, 0x2E, 0x30,
0x27, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x3C, 0x74, 0x72, 0x75, 0x73, 0x74,
0x49, 0x6E, 0x66, 0x6F, 0x20, 0x78, 0x6D, 0x6C, 0x6E, 0x73, 0x3D, 0x22,
0x75, 0x72, 0x6E, 0x3A, 0x73, 0x63, 0x68, 0x65, 0x6D, 0x61, 0x73, 0x2D,
0x6D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 0x2D, 0x63, 0x6F,
0x6D, 0x3A, 0x61, 0x73, 0x6D, 0x2E, 0x76, 0x33, 0x22, 0x3E, 0x0D, 0x0A,
0x20, 0x20, 0x20, 0x20, 0x3C, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74,
0x79, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x72,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x64, 0x50, 0x72, 0x69, 0x76,
0x69, 0x6C, 0x65, 0x67, 0x65, 0x73, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x65, 0x64, 0x45, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6F, 0x6E,
0x4C, 0x65, 0x76, 0x65, 0x6C, 0x20, 0x6C, 0x65, 0x76, 0x65, 0x6C, 0x3D,
0x27, 0x61, 0x73, 0x49, 0x6E, 0x76, 0x6F, 0x6B, 0x65, 0x72, 0x27, 0x20,
0x75, 0x69, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x3D, 0x27, 0x66, 0x61,
0x6C, 0x73, 0x65, 0x27, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x3C, 0x2F, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x65, 0x64, 0x50, 0x72, 0x69, 0x76, 0x69, 0x6C, 0x65, 0x67, 0x65, 0x73,
0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x3C, 0x2F, 0x73, 0x65, 0x63,
0x75, 0x72, 0x69, 0x74, 0x79, 0x3E, 0x0D, 0x0A, 0x20, 0x20, 0x3C, 0x2F,
0x74, 0x72, 0x75, 0x73, 0x74, 0x49, 0x6E, 0x66, 0x6F, 0x3E, 0x0D, 0x0A,
0x3C, 0x2F, 0x61, 0x73, 0x73, 0x65, 0x6D, 0x62, 0x6C, 0x79, 0x3E, 0x0D,
0x0A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x10, 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x15, 0x30, 0x1D, 0x30,
0x24, 0x30, 0x39, 0x30, 0x43, 0x30, 0x48, 0x30, 0x4D, 0x30, 0x63, 0x30,
0x6F, 0x30, 0x90, 0x30, 0x9E, 0x30, 0xA3, 0x30, 0xD2, 0x30, 0xE8, 0x30,
0xEE, 0x30, 0x01, 0x31, 0x07, 0x31, 0x21, 0x31, 0x2D, 0x31, 0x36, 0x31,
0x40, 0x31, 0x46, 0x31, 0x4E, 0x31, 0x7E, 0x31, 0x86, 0x31, 0x8B, 0x31,
0x90, 0x31, 0x95, 0x31, 0x9B, 0x31, 0xCD, 0x31, 0xED, 0x31, 0x00, 0x32,
0x05, 0x32, 0x0B, 0x32, 0x1F, 0x32, 0x24, 0x32, 0x30, 0x32, 0x3F, 0x32,
0x47, 0x32, 0x5E, 0x32, 0x64, 0x32, 0x9A, 0x32, 0xB5, 0x32, 0xC2, 0x32,
0xD6, 0x32, 0x40, 0x33, 0x72, 0x33, 0xC1, 0x33, 0xCF, 0x33, 0xD6, 0x33,
0xE9, 0x33, 0x21, 0x34, 0x27, 0x34, 0x2D, 0x34, 0x33, 0x34, 0x39, 0x34,
0x3F, 0x34, 0x46, 0x34, 0x4D, 0x34, 0x54, 0x34, 0x5B, 0x34, 0x62, 0x34,
0x69, 0x34, 0x70, 0x34, 0x78, 0x34, 0x80, 0x34, 0x88, 0x34, 0x94, 0x34,
0x9D, 0x34, 0xA2, 0x34, 0xA8, 0x34, 0xB2, 0x34, 0xBC, 0x34, 0xCC, 0x34,
0xDC, 0x34, 0xEC, 0x34, 0xF5, 0x34, 0x04, 0x35, 0x0A, 0x35, 0x66, 0x35,
0x6B, 0x35, 0x7D, 0x35, 0x9B, 0x35, 0xAF, 0x35, 0xB5, 0x35, 0x53, 0x36,
0x64, 0x36, 0x6F, 0x36, 0x74, 0x36, 0x79, 0x36, 0x90, 0x36, 0x9F, 0x36,
0xA5, 0x36, 0xB8, 0x36, 0xCD, 0x36, 0xD8, 0x36, 0xEE, 0x36, 0x08, 0x37,
0x12, 0x37, 0x5A, 0x37, 0x75, 0x37, 0x81, 0x37, 0x90, 0x37, 0x99, 0x37,
0xA6, 0x37, 0xD5, 0x37, 0xDD, 0x37, 0xEA, 0x37, 0xEF, 0x37, 0x0A, 0x38,
0x0F, 0x38, 0x2A, 0x38, 0x30, 0x38, 0x35, 0x38, 0x41, 0x38, 0x5E, 0x38,
0xA9, 0x38, 0xAE, 0x38, 0xBE, 0x38, 0xC4, 0x38, 0xCA, 0x38, 0xD0, 0x38,
0xD6, 0x38, 0xDC, 0x38, 0xE2, 0x38, 0xE8, 0x38, 0xEE, 0x38, 0x00, 0x00,
0x00, 0x20, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x7C, 0x30, 0x80, 0x30,
0xCC, 0x30, 0xD0, 0x30, 0x3C, 0x31, 0x40, 0x31, 0x00, 0x32, 0x08, 0x32,
0x0C, 0x32, 0x24, 0x32, 0x28, 0x32, 0x48, 0x32, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
int _tmain(int argc, _TCHAR* argv[])
{
CLoad lib;
HANDLE hLibrary = 0;
hLibrary = lib.LoadFromMemory(rawData, sizeof(rawData)); // loaded the dll from byte array.
func fn = (func)lib.GetProcAddressFromMemory(hLibrary, "testfunc");
fn();
lib.FreeLibraryFromMemory(hLibrary);
return 0;
}
