-
Notifications
You must be signed in to change notification settings - Fork 113
/
log15alt
782 lines (771 loc) · 34 KB
/
log15alt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
Thread B08 exit
Thread 9F0 created, Entry: ntdll.00007FF8D5EE2DC0
DLL Loaded: 00007FF8D2320000 C:\Windows\System32\kernel.appcore.dll
Thread 1704 created, Entry: ntdll.00007FF8D5EE2DC0
Thread 13EC created, Entry: ntdll.00007FF8D5EE2DC0
Thread 13F8 created, Entry: ntdll.00007FF8D5EE2DC0
Thread AB4 created, Entry: ntdll.00007FF8D5EE2DC0
DLL Loaded: 00007FF8CE720000 C:\Windows\System32\winusb.dll
MemRead failed on breakpoint address00007FF8B93E6154!
DLL Loaded: 00007FF8B00C0000 C:\Windows\System32\drivers\UMDF\synaWudfBioUsb.dll
DLL Loaded: 00007FF8D5BF0000 C:\Windows\System32\ole32.dll
DLL Loaded: 00007FF8D3440000 C:\Windows\System32\gdi32.dll
DLL Loaded: 00007FF8D2810000 C:\Windows\System32\gdi32full.dll
DLL Loaded: 00007FF8D55E0000 C:\Windows\System32\user32.dll
DLL Loaded: 00007FF8D24B0000 C:\Windows\System32\win32u.dll
DLL Loaded: 00007FF8D3620000 C:\Windows\System32\shell32.dll
DLL Loaded: 00007FF8D2CC0000 C:\Windows\System32\windows.storage.dll
DLL Loaded: 00007FF8D2330000 C:\Windows\System32\powrprof.dll
DLL Loaded: 00007FF8D5E50000 C:\Windows\System32\shlwapi.dll
DLL Loaded: 00007FF8D2400000 C:\Windows\System32\SHCore.dll
DLL Loaded: 00007FF8D2380000 C:\Windows\System32\profapi.dll
DLL Loaded: 00007FF8D2AA0000 C:\Windows\System32\crypt32.dll
DLL Loaded: 00007FF8D2310000 C:\Windows\System32\msasn1.dll
DLL Loaded: 00007FF8D57C0000 C:\Windows\System32\setupapi.dll
DLL Loaded: 00007FF8D2260000 C:\Windows\System32\bcrypt.dll
DLL Loaded: 00007FF8CF190000 C:\Windows\System32\WUDFx.dll
DLL Loaded: 00007FF8D5D90000 C:\Windows\System32\oleaut32.dll
DLL Loaded: 00007FF8D33A0000 C:\Windows\System32\msvcp_win.dll
DLL Loaded: 00007FF8D1D80000 C:\Windows\System32\cryptsp.dll
DLL Loaded: 00007FF8D17E0000 C:\Windows\System32\rsaenh.dll
DLL Loaded: 00007FF8D1A60000 C:\Windows\System32\userenv.dll
BCryptOpenAlgorithmProvider Algo: L"MD5" Ptr: 0000000000000000
DLL Loaded: 00007FF8D1DA0000 C:\Windows\System32\cryptbase.dll
DLL Loaded: 00007FF8D1820000 C:\Windows\System32\dpapi.dll
Thread 15AC created, Entry: <synawudfbiousb.$LN9_1>
Thread 12DC created, Entry: <synawudfbiousb.StartAddress>
readFromPipe
Thread 708 created, Entry: ntdll.00007FF8D5EE2DC0
INT3 breakpoint at synawudfbiousb.00007FF8B01DCAC0 (00007FF8B01DCAC0)!
Thread A74 created, Entry: <synawudfbiousb.sub_7FF8B00D9534>
readFromPipe
INT3 breakpoint at synawudfbiousb.00007FF8B01DCAC0 (00007FF8B01DCAC0)!
readFromPipe
INT3 breakpoint at synawudfbiousb.00007FF8B01DCAC0 (00007FF8B01DCAC0)!
readFromPipe
INT3 breakpoint at synawudfbiousb.00007FF8B01DCAC0 (00007FF8B01DCAC0)!
readFromPipe
INT3 breakpoint at synawudfbiousb.00007FF8B01DCAC0 (00007FF8B01DCAC0)!
readFromPipe
INT3 breakpoint at synawudfbiousb.00007FF8B01DCAC0 (00007FF8B01DCAC0)!
readFromPipe
INT3 breakpoint at synawudfbiousb.00007FF8B01DCAC0 (00007FF8B01DCAC0)!
CryptCreateHash alg: 800C
BCryptOpenAlgorithmProvider Algo: L"SHA256" Ptr: 0000000000000000
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 00
CryptGetHashParam type : 4 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 6e 34 0b 9c ff b3 7a 98 9c a5 44 e6 bb 78 0a 2c
0010 78 90 1d 3f b3 37 38 76 85 11 a3 06 17 af a0 1d
CryptCreateHash alg: 800C
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 02 84 a0 bb 26 bd fc 9f 81 d1 53 08 c0 83 5d ea
0010 2b 39 1d 6a bc b0 c8 1b 07 b0 cc 4b d1 68 45 9e
0020 69 5a 48 7c 49 55 5d 0a ea 5e d6 a7 f9 e4 b7 9e
0030 80 de 6a 26 d2 31 35 09 3f f4 0b 74 77 87 1b 93
0040 03 fe b6 65 45 db 0a 5e 07 6b 41 e5 cd 76 89 f9
0050 73 5e 52 77 4a bc 53 10 60 67 0e 35 d1 e9 13 3c
0060 9c 89 98 45 36 fb 05 15 3d ed 46 ef c6 b5 bf d6
0070 18 bf 59 2e 0f 30 30 3a a1 47 a3 b6 5d 00 b2 84
0080 4f 26 e8 55 a1 42 d8 36 ae 44 13 0a 7f 53 85 dc
0090 e2 13 64 73 93 9c 3b a5 e4 85 00 e7 c4 25 c0 08
00a0 ed
CryptGetHashParam type : 4 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 92 92 63 d6 3e c6 b7 ec 43 af 34 a8 66 3c 72 ac
0010 96 9e 17 ca c3 58 61 14 f3 18 05 01 c9 6b 2e 7d
CryptCreateHash alg: 800C
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 17 00 00 00 20 00 00 00 57 f5 79 a6 04 12 91 30
0010 66 45 5f d8 c2 eb 68 96 35 00 f2 e1 aa 46 66 4b
0020 9f c7 49 df dd 7f fc 40 00 00 00 00 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 43 c4 33 85
0050 89 c2 ab df 40 65 a2 0d 69 d7 46 2b de e0 cc e0
0060 59 6d 8d a4 68 00 05 bd dd d1 a0 49 00 00 00 00
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0090 00 00 00 00 00 00 00 00 20 50 4a 7b b5 d3 ce 95
00a0 d0 49 6e 11 2e 9e 6b e7 21 bf 7d b0 56 9d 30 09
00b0 22 15 d8 8a 23 f2 fa 17
CryptGetHashParam type : 4 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 65 ed a7 36 0c be 6e 04 fa da d0 db 4b 65 8e f0
0010 2d 1a c9 0b 52 da 40 70 ef 2d 24 03 46 05 c2 ef
CryptCreateHash alg: 800C
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 17 00 00 00 00 01 00 00 01 00 00 00 fc ff ff ff
0010 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00
0020 00 00 00 00 01 00 00 00 ff ff ff ff 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 4b 60 d2 27 3e 3c ce 3b f6 b0 53 cc b0 06 1d 65
0060 bc 86 98 76 55 bd eb b3 e7 93 3a aa d8 35 c6 5a
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0090 00 00 00 00 96 c2 98 d8 45 39 a1 f4 a0 33 eb 2d
00a0 81 7d 03 77 f2 40 a4 63 e5 e6 bc f8 47 42 2c e1
00b0 f2 d1 17 6b 00 00 00 00 00 00 00 00 00 00 00 00
00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00d0 00 00 00 00 00 00 00 00 f5 51 bf 37 68 40 b6 cb
00e0 ce 5e 31 6b 57 33 ce 2b 16 9e 0f 7c 4a eb e7 8e
00f0 9b 7f 1a fe e2 42 e3 4f 00 00 00 00 00 00 00 00
0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0110 00 00 00 00 00 00 00 00 00 00 00 00 51 25 63 fc
0120 c2 ca b9 f3 84 9e 17 a7 ad fa e6 bc ff ff ff ff
0130 ff ff ff ff 00 00 00 00 ff ff ff ff 00 00 00 00
0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0160 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00
0170 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff
0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01a0 00 00 00 00
CryptGetHashParam type : 4 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 ec 5d 90 0e 5a 79 58 6d 2c db ee c6 22 40 c6 89
0010 9d 37 47 5e 0f 46 bb 9e fd 3f 5a 4f 32 e8 27 d2
CryptCreateHash alg: 800C
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CryptGetHashParam type : 4 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 53 41 e6 b2 64 69 79 a7 0e 57 65 30 07 a1 f3 10
0010 16 94 21 ec 9b dd 9f 1a 56 48 f7 5a de 00 5a f1
CryptCreateHash alg: 800C
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CryptGetHashParam type : 4 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 53 41 e6 b2 64 69 79 a7 0e 57 65 30 07 a1 f3 10
0010 16 94 21 ec 9b dd 9f 1a 56 48 f7 5a de 00 5a f1
CryptCreateHash alg: 800C
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 20 00 00 00 17 00 00 00 f0 d4 55 3e 1c 7e bb 3d
0010 05 a5 f1 b6 c3 9c 64 e8 90 2e be ad 04 ba 1e 19
0020 fc 91 dd 03 4a b8 8c 66 00 00 00 00 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 b4 25 b4 5d
0050 87 6e 0d 2d 88 9b c1 27 40 f8 2f ed a9 e9 fe de
0060 9f 85 57 02 35 76 62 c7 96 3b 56 fe 00 00 00 00
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0090 48 00 00 00 30 46 02 21 00 cc a7 7a ea b6 80 76
00a0 15 94 66 14 61 3b 13 a0 56 fb 81 10 90 be 85 e1
00b0 0e fb 71 97 63 30 1d 86 82 02 21 00 92 d4 3a 80
00c0 31 d6 c8 02 cd 91 c4 c7 15 66 14 6f 9d ba 0b 2c
00d0 ad 23 bf 24 f1 f6 bc 43 e2 60 0b 85 00 00 00 00
00e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CryptGetHashParam type : 4 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 9d 04 d2 76 08 c5 e1 19 92 c3 b7 1f ea ef 50 d4
0010 ff b0 76 ef a4 de d4 3f f7 b7 e2 48 9c 79 c5 a2
CryptCreateHash alg: 800C
BCryptOpenAlgorithmProvider Algo: L"ECDH_P256" Ptr: 0000000000000000
BCryptOpenAlgorithmProvider Algo: L"ECDSA_P256" Ptr: 0000000000000000
CryptCreateHash alg: 800C
CryptHashData 000001D3188B9190 00007FF8D17E4870
0000 20 00 00 00 17 00 00 00 f0 d4 55 3e 1c 7e bb 3d
0010 05 a5 f1 b6 c3 9c 64 e8 90 2e be ad 04 ba 1e 19
0020 fc 91 dd 03 4a b8 8c 66 00 00 00 00 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 b4 25 b4 5d
0050 87 6e 0d 2d 88 9b c1 27 40 f8 2f ed a9 e9 fe de
0060 9f 85 57 02 35 76 62 c7 96 3b 56 fe 00 00 00 00
0070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CryptGetHashParam type : 4 ptr: 000001D3188B9190 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188B9190 00007FF8D17E4870
DumpGot
0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
BCryptOpenAlgorithmProvider Algo: L"ECDH_P256" Ptr: 0000000000000000
BCryptOpenAlgorithmProvider Algo: L"ECDSA_P256" Ptr: 0000000000000000
BCryptImportKeyPair \\\
Type: L"ECCPUBLICBLOB" \\\
Data len: 188B9190hex
[rsp+28]
0000 45 43 53 31 20 00 00 00 f7 27 65 3b 4e 16 ce 06
0010 65 a6 89 4d 7f 3a 30 d7 d0 a0 be 31 0d 12 92 a7
0020 43 67 1f df 69 f6 a8 d3 a8 55 38 f8 b6 be c5 0d
0030 6e ef 8b d5 f4 d0 7a 88 62 43 c5 8b 23 93 94 8d
0040 f7 61 a8 47 21 a6 ca 94
CryptDecodeObject struct type ???
0000 30 46 02 21 00 cc a7 7a ea b6 80 76 15 94 66 14
0010 61 3b 13 a0 56 fb 81 10 90 be 85 e1 0e fb 71 97
0020 63 30 1d 86 82 02 21 00 92 d4 3a 80 31 d6 c8 02
0030 cd 91 c4 c7 15 66 14 6f 9d ba 0b 2c ad 23 bf 24
0040 f1 f6 bc 43 e2 60 0b 85
Decoded
0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CryptDecodeObject struct type ???
0000 30 46 02 21 00 cc a7 7a ea b6 80 76 15 94 66 14
0010 61 3b 13 a0 56 fb 81 10 90 be 85 e1 0e fb 71 97
0020 63 30 1d 86 82 02 21 00 92 d4 3a 80 31 d6 c8 02
0030 cd 91 c4 c7 15 66 14 6f 9d ba 0b 2c ad 23 bf 24
0040 f1 f6 bc 43 e2 60 0b 85
Decoded
0000 20 00 00 00 00 00 00 00 b0 c5 8b 18 d3 01 00 00
0010 20 00 00 00 00 00 00 00 d0 c5 8b 18 d3 01 00 00
0020 82 86 1d 30 63 97 71 fb 0e e1 85 be 90 10 81 fb
0030 56 a0 13 3b 61 14 66 94 15 76 80 b6 ea 7a a7 cc
0040 85 0b 60 e2 43 bc f6 f1 24 bf 23 ad 2c 0b ba 9d
0050 6f 14 66 15 c7 c4 91 cd 02 c8 d6 31 80 3a d4 92
BCryptVerfySignature
0000 bc 10 4a 58 81 a7 c6 de 56 4b c0 96 d3 24 30 95
0010 18 fd a8 5d d1 19 fc bf 43 0c 40 24 80 dc 2b 81
CryptImportKey
0000 08 02 00 00 02 66 00 00 20 00 00 00 71 7c d7 2d
0010 09 62 bc 4a 28 46 13 8d bb 2c 24 19 25 12 a7 64
0020 07 06 5f 38 38 46 13 9d 4b ec 20 33
BCryptOpenAlgorithmProvider Algo: L"RC2" Ptr: 0000000000000000
CryptCreateHash alg: 8009
CryptHashData 000001D3188BB0F0 00007FF8D17E4870
0000 47 57 4b 56 69 72 74 75 61 6c 42 6f 78 00 30 00
CryptGetHashParam type : 2 ptr: 000001D3188BB0F0 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BB0F0 00007FF8D17E4870
DumpGot
0000 bc 41 9d fc 39 c9 ba 69 a7 4d 5d 60 0a c3 5b 7b
0010 1a fb 2b 52 e5 d2 4a 23 04 58 67 c8 3a 98 aa 9a
CryptImportKey
0000 08 02 00 00 02 66 00 00 20 00 00 00 71 7c d7 2d
0010 09 62 bc 4a 28 46 13 8d bb 2c 24 19 25 12 a7 64
0020 07 06 5f 38 38 46 13 9d 4b ec 20 33
CryptCreateHash alg: 8009
CryptHashData 000001D3188BB0F0 00007FF8D17E4870
0000 bc 41 9d fc 39 c9 ba 69 a7 4d 5d 60 0a c3 5b 7b
0010 1a fb 2b 52 e5 d2 4a 23 04 58 67 c8 3a 98 aa 9a
0020 47 57 4b 56 69 72 74 75 61 6c 42 6f 78 00 30 00
CryptGetHashParam type : 2 ptr: 000001D3188BB0F0 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BB0F0 00007FF8D17E4870
DumpGot
0000 48 78 02 70 5e 5a c4 a9 93 1c 44 aa 4d 32 25 22
0010 39 e0 bf 8f 0c 85 4d de 49 0c cc f6 87 ef ad 9c
CryptImportKey
0000 08 02 00 00 02 66 00 00 20 00 00 00 48 78 02 70
0010 5e 5a c4 a9 93 1c 44 aa 4d 32 25 22 39 e0 bf 8f
0020 0c 85 4d de 49 0c cc f6 87 ef ad 9c
CryptCreateHash alg: 8009
CryptHashData 000001D3188BB210 00007FF8D17E4870
0000 47 57 4b 5f 53 49 47 4e 3a 4c 76 b7 6a 97 98 1d
0010 12 74 24 7e 16 66 10 e7 7f 4d 9c 9d 07 d3 c7 28
0020 e5 32 91 6b dd 28 b4 54
CryptGetHashParam type : 2 ptr: 000001D3188BB210 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BB210 00007FF8D17E4870
DumpGot
0000 eb 1e 63 25 2c e0 c6 bb 08 38 88 5d 0d 1e 52 86
0010 4e 89 7f 7b 41 cb 8d e4 dd 34 17 16 09 ef db e5
CryptImportKey
0000 08 02 00 00 02 66 00 00 20 00 00 00 48 78 02 70
0010 5e 5a c4 a9 93 1c 44 aa 4d 32 25 22 39 e0 bf 8f
0020 0c 85 4d de 49 0c cc f6 87 ef ad 9c
CryptCreateHash alg: 8009
CryptHashData 000001D3188BB210 00007FF8D17E4870
0000 eb 1e 63 25 2c e0 c6 bb 08 38 88 5d 0d 1e 52 86
0010 4e 89 7f 7b 41 cb 8d e4 dd 34 17 16 09 ef db e5
0020 47 57 4b 5f 53 49 47 4e 3a 4c 76 b7 6a 97 98 1d
0030 12 74 24 7e 16 66 10 e7 7f 4d 9c 9d 07 d3 c7 28
0040 e5 32 91 6b dd 28 b4 54
CryptGetHashParam type : 2 ptr: 000001D3188BB210 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BB210 00007FF8D17E4870
DumpGot
0000 b7 01 5b e1 65 8f 48 d0 d3 95 4b 2c 79 fe 66 b5
0010 45 47 38 bd f3 a9 d4 ec e6 2e cf 7d d0 dd ba ba
CryptImportKey
0000 08 02 00 00 02 66 00 00 20 00 00 00 b7 01 5b e1
0010 65 8f 48 d0 d3 95 4b 2c 79 fe 66 b5 45 47 38 bd
0020 f3 a9 d4 ec e6 2e cf 7d d0 dd ba ba
CryptCreateHash alg: 8009
CryptHashData 000001D3188B9190 00007FF8D17E4870
0000 84 a0 bb 26 bd fc 9f 81 d1 53 08 c0 83 5d ea 2b
0010 39 1d 6a bc b0 c8 1b 07 b0 cc 4b d1 68 45 9e 69
0020 5a 48 7c 49 55 5d 0a ea 5e d6 a7 f9 e4 b7 9e 80
0030 de 6a 26 d2 31 35 09 3f f4 0b 74 77 87 1b 93 03
0040 fe b6 65 45 db 0a 5e 07 6b 41 e5 cd 76 89 f9 73
0050 5e 52 77 4a bc 53 10 60 67 0e 35 d1 e9 13 3c 9c
0060 89 98 45 36 fb 05 15 3d ed 46 ef c6 b5 bf d6 18
0070 bf 59 2e 0f 30 30 3a a1 47 a3 b6 5d 00 b2 84 4f
CryptGetHashParam type : 2 ptr: 000001D3188B9190 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188B9190 00007FF8D17E4870
DumpGot
0000 26 e8 55 a1 42 d8 36 ae 44 13 0a 7f 53 85 dc e2
0010 13 64 73 93 9c 3b a5 e4 85 00 e7 c4 25 c0 08 ed
CryptImportKey
0000 08 02 00 00 10 66 00 00 20 00 00 00 48 78 02 70
0010 5e 5a c4 a9 93 1c 44 aa 4d 32 25 22 39 e0 bf 8f
0020 0c 85 4d de 49 0c cc f6 87 ef ad 9c
BCryptOpenAlgorithmProvider Algo: L"AES" Ptr: 0000000000000000
CryptDecrypt: len - 112
0000 39 1d 6a bc b0 c8 1b 07 b0 cc 4b d1 68 45 9e 69
0010 5a 48 7c 49 55 5d 0a ea 5e d6 a7 f9 e4 b7 9e 80
0020 de 6a 26 d2 31 35 09 3f f4 0b 74 77 87 1b 93 03
0030 fe b6 65 45 db 0a 5e 07 6b 41 e5 cd 76 89 f9 73
0040 5e 52 77 4a bc 53 10 60 67 0e 35 d1 e9 13 3c 9c
0050 89 98 45 36 fb 05 15 3d ed 46 ef c6 b5 bf d6 18
0060 bf 59 2e 0f 30 30 3a a1 47 a3 b6 5d 00 b2 84 4f
INT3 breakpoint at <cryptsp.CryptDecrypt> (00007FF8D1D83A40)!
Decrypted:
0000 57 f5 79 a6 04 12 91 30 66 45 5f d8 c2 eb 68 96
0010 35 00 f2 e1 aa 46 66 4b 9f c7 49 df dd 7f fc 40
0020 43 c4 33 85 89 c2 ab df 40 65 a2 0d 69 d7 46 2b
0030 de e0 cc e0 59 6d 8d a4 68 00 05 bd dd d1 a0 49
0040 0e 5d 9d cf b1 15 67 d7 0a 80 0e a5 ee a9 99 e2
0050 a9 57 69 2c 5d de 8b 3b 26 5e 84 0e e4 42 5f 59
0060 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10
CryptGenRandom 4
Generated
0000 e9 96 da 8e
CryptGenRandom 28
Generated
0000 d8 f6 8f 05 eb b0 a9 51 54 06 ee d5 d8 7d bc 7a
0010 b0 64 9d 25 b8 b7 07 2a e8 c3 ea f9
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 01 00 00 3f 03 03 8e da 96 e9 d8 f6 8f 05 eb b0
0010 a9 51 54 06 ee d5 d8 7d bc 7a b0 64 9d 25 b8 b7
0020 07 2a e8 c3 ea f9 07 00 00 00 00 00 00 00 00 04
0030 c0 05 00 3d 00 00 0a 00 04 00 02 00 17 00 0b 00
0040 02 01 00
readFromPipe
INT3 breakpoint at synawudfbiousb.00007FF8B01DCAC0 (00007FF8B01DCAC0)!
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 02 00 00 2d 03 03 00 7d f7 8c 37 b2 9c 6b 7e 3f
0010 47 ab 70 7f 2a dd 83 0c 7a dd 33 6d 98 5c 39 e5
0020 b0 d7 dc 3a 11 d0 07 54 4c 53 37 b2 9c 6b c0 05
0030 00
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 0d 00 00 04 01 40 00 00
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 0e 00 00 00
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 0b 00 00 c0 00 00 b8 00 00 b8 d8 f6 17 00 00 00
0010 20 00 00 00 57 f5 79 a6 04 12 91 30 66 45 5f d8
0020 c2 eb 68 96 35 00 f2 e1 aa 46 66 4b 9f c7 49 df
0030 dd 7f fc 40 00 00 00 00 00 00 00 00 00 00 00 00
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050 00 00 00 00 00 00 00 00 43 c4 33 85 89 c2 ab df
0060 40 65 a2 0d 69 d7 46 2b de e0 cc e0 59 6d 8d a4
0070 68 00 05 bd dd d1 a0 49 00 00 00 00 00 00 00 00
0080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00a0 00 00 00 00 20 50 4a 7b b5 d3 ce 95 d0 49 6e 11
00b0 2e 9e 6b e7 21 bf 7d b0 56 9d 30 09 22 15 d8 8a
00c0 23 f2 fa 17
BCryptGenerateKeyPair ptr: 5555555100000130
BCryptExportKey L"ECCPRIVATEBLOB"
len: 9557B7E8E8
BCryptExportKey L"ECCPRIVATEBLOB"
Exported: len unknown
0000 45 43 4b 32 20 00 00 00 45 5e 77 3a 96 12 9e 64
0010 a8 49 ac 08 69 5d a1 8a a0 a2 79 4e 38 f5 b5 ec
0020 00 bb 4e 82 37 79 1a 24 aa d7 6a 82 39 83 1b 7c
0030 81 ea 17 ff d2 60 0b e3 c3 45 a5 6a 06 00 55 b6
0040 4e cb 58 7e 44 e6 0c 55 52 cb 7d 68 08 2b 9f 0b
0050 da 73 de 17 ec 64 7c a8 ee d3 4a 82 a3 5d 0a 88
0060 a3 b9 dd 4d 73 cc ec cf
BCryptImportKeyPair \\\
Type: L"ECCPRIVATEBLOB" \\\
Data len: 188BC7A0hex
[rsp+28]
0000 45 43 4b 32 20 00 00 00 45 5e 77 3a 96 12 9e 64
0010 a8 49 ac 08 69 5d a1 8a a0 a2 79 4e 38 f5 b5 ec
0020 00 bb 4e 82 37 79 1a 24 aa d7 6a 82 39 83 1b 7c
0030 81 ea 17 ff d2 60 0b e3 c3 45 a5 6a 06 00 55 b6
0040 4e cb 58 7e 44 e6 0c 55 52 cb 7d 68 08 2b 9f 0b
0050 da 73 de 17 ec 64 7c a8 ee d3 4a 82 a3 5d 0a 88
0060 a3 b9 dd 4d 73 cc ec cf
BCryptImportKeyPair \\\
Type: L"ECCPUBLICBLOB" \\\
Data len: 188BC5E0hex
[rsp+28]
0000 45 43 4b 31 20 00 00 00 66 8c b8 4a 03 dd 91 fc
0010 19 1e ba 04 ad be 2e 90 e8 64 9c c3 b6 f1 a5 05
0020 3d bb 7e 1c 3e 55 d4 f0 fe 56 3b 96 c7 62 76 35
0030 02 57 85 9f de fe e9 a9 ed 2f f8 40 27 c1 9b 88
0040 2d 0d 6e 87 5d b4 25 b4
BCryptSecretAgreement
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 10 00 00 41 04 45 5e 77 3a 96 12 9e 64 a8 49 ac
0010 08 69 5d a1 8a a0 a2 79 4e 38 f5 b5 ec 00 bb 4e
0020 82 37 79 1a 24 aa d7 6a 82 39 83 1b 7c 81 ea 17
0030 ff d2 60 0b e3 c3 45 a5 6a 06 00 55 b6 4e cb 58
0040 7e 44 e6 0c 55
BCryptDeriveKey kdf: L"TLS_PRF"
Derived:
0000 13 10 89 9c 8a 84 ae 6d 8a af c7 38 ad d9 6a 26
0010 0a 1a 35 53 54 52 91 ec 39 9e 27 56 ff 6d e8 d5
0020 4f 59 06 31 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptImportKey
0000 08 02 00 00 02 66 00 00 30 00 00 00 13 10 89 9c
0010 8a 84 ae 6d 8a af c7 38 ad d9 6a 26 0a 1a 35 53
0020 54 52 91 ec 39 9e 27 56 ff 6d e8 d5 4f 59 06 31
0030 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptCreateHash alg: 8009
CryptHashData 000001D3188BC760 00007FF8D17E4870
0000 6b 65 79 20 65 78 70 61 6e 73 69 6f 6e 8e da 96
0010 e9 d8 f6 8f 05 eb b0 a9 51 54 06 ee d5 d8 7d bc
0020 7a b0 64 9d 25 b8 b7 07 2a e8 c3 ea f9 00 7d f7
0030 8c 37 b2 9c 6b 7e 3f 47 ab 70 7f 2a dd 83 0c 7a
0040 dd 33 6d 98 5c 39 e5 b0 d7 dc 3a 11 d0
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
0000 06 e7 d8 8a 05 7c 5d c9 fa f2 11 5d 48 14 e3 f8
0010 1f 0c 2a ed 38 05 be 3a af 90 9e 79 a7 e6 ab 01
CryptImportKey
0000 08 02 00 00 02 66 00 00 30 00 00 00 13 10 89 9c
0010 8a 84 ae 6d 8a af c7 38 ad d9 6a 26 0a 1a 35 53
0020 54 52 91 ec 39 9e 27 56 ff 6d e8 d5 4f 59 06 31
0030 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptCreateHash alg: 8009
CryptHashData 000001D3188BC760 00007FF8D17E4870
0000 06 e7 d8 8a 05 7c 5d c9 fa f2 11 5d 48 14 e3 f8
0010 1f 0c 2a ed 38 05 be 3a af 90 9e 79 a7 e6 ab 01
0020 6b 65 79 20 65 78 70 61 6e 73 69 6f 6e 8e da 96
0030 e9 d8 f6 8f 05 eb b0 a9 51 54 06 ee d5 d8 7d bc
0040 7a b0 64 9d 25 b8 b7 07 2a e8 c3 ea f9 00 7d f7
0050 8c 37 b2 9c 6b 7e 3f 47 ab 70 7f 2a dd 83 0c 7a
0060 dd 33 6d 98 5c 39 e5 b0 d7 dc 3a 11 d0
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
0000 69 b3 51 3e 9c 9a 15 13 d2 c0 1a 74 5a ee e7 a5
0010 08 03 de b1 2d cf b9 62 80 75 f2 7c 48 9e 24 1b
CryptImportKey
0000 08 02 00 00 02 66 00 00 30 00 00 00 13 10 89 9c
0010 8a 84 ae 6d 8a af c7 38 ad d9 6a 26 0a 1a 35 53
0020 54 52 91 ec 39 9e 27 56 ff 6d e8 d5 4f 59 06 31
0030 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptCreateHash alg: 8009
CryptHashData 000001D3188BC760 00007FF8D17E4870
0000 06 e7 d8 8a 05 7c 5d c9 fa f2 11 5d 48 14 e3 f8
0010 1f 0c 2a ed 38 05 be 3a af 90 9e 79 a7 e6 ab 01
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
0000 87 f5 eb 3c 1b 27 33 1b 1b c1 0e 52 13 9b bf 11
0010 c1 b3 8e fc 74 9a 09 d1 0c d4 96 55 ce b9 67 cb
CryptImportKey
0000 08 02 00 00 02 66 00 00 30 00 00 00 13 10 89 9c
0010 8a 84 ae 6d 8a af c7 38 ad d9 6a 26 0a 1a 35 53
0020 54 52 91 ec 39 9e 27 56 ff 6d e8 d5 4f 59 06 31
0030 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptCreateHash alg: 8009
CryptHashData 000001D3188BC760 00007FF8D17E4870
0000 87 f5 eb 3c 1b 27 33 1b 1b c1 0e 52 13 9b bf 11
0010 c1 b3 8e fc 74 9a 09 d1 0c d4 96 55 ce b9 67 cb
0020 6b 65 79 20 65 78 70 61 6e 73 69 6f 6e 8e da 96
0030 e9 d8 f6 8f 05 eb b0 a9 51 54 06 ee d5 d8 7d bc
0040 7a b0 64 9d 25 b8 b7 07 2a e8 c3 ea f9 00 7d f7
0050 8c 37 b2 9c 6b 7e 3f 47 ab 70 7f 2a dd 83 0c 7a
0060 dd 33 6d 98 5c 39 e5 b0 d7 dc 3a 11 d0
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
0000 51 ca a2 46 77 24 4c 2e db 52 4a 35 b6 9e bb f9
0010 1a 2b 5f e9 13 40 2d a8 21 70 ab f6 ca 10 43 5d
CryptImportKey
0000 08 02 00 00 02 66 00 00 30 00 00 00 13 10 89 9c
0010 8a 84 ae 6d 8a af c7 38 ad d9 6a 26 0a 1a 35 53
0020 54 52 91 ec 39 9e 27 56 ff 6d e8 d5 4f 59 06 31
0030 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptCreateHash alg: 8009
CryptHashData 000001D3188BC760 00007FF8D17E4870
0000 87 f5 eb 3c 1b 27 33 1b 1b c1 0e 52 13 9b bf 11
0010 c1 b3 8e fc 74 9a 09 d1 0c d4 96 55 ce b9 67 cb
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
0000 4e 62 c1 39 53 94 62 0b 36 e5 9e 71 c0 88 a0 d7
0010 61 de 5f 70 07 95 b0 8e 6a 8e f3 d9 0b e9 04 d8
CryptImportKey
0000 08 02 00 00 02 66 00 00 30 00 00 00 13 10 89 9c
0010 8a 84 ae 6d 8a af c7 38 ad d9 6a 26 0a 1a 35 53
0020 54 52 91 ec 39 9e 27 56 ff 6d e8 d5 4f 59 06 31
0030 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptCreateHash alg: 8009
CryptHashData 000001D3188BC760 00007FF8D17E4870
0000 4e 62 c1 39 53 94 62 0b 36 e5 9e 71 c0 88 a0 d7
0010 61 de 5f 70 07 95 b0 8e 6a 8e f3 d9 0b e9 04 d8
0020 6b 65 79 20 65 78 70 61 6e 73 69 6f 6e 8e da 96
0030 e9 d8 f6 8f 05 eb b0 a9 51 54 06 ee d5 d8 7d bc
0040 7a b0 64 9d 25 b8 b7 07 2a e8 c3 ea f9 00 7d f7
0050 8c 37 b2 9c 6b 7e 3f 47 ab 70 7f 2a dd 83 0c 7a
0060 dd 33 6d 98 5c 39 e5 b0 d7 dc 3a 11 d0
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
0000 12 99 50 9d 8d ee 9e cf 93 e9 65 aa 23 7b aa 13
0010 f2 29 a9 90 83 b0 86 0a b3 6d 4b 4a 46 a5 b3 90
CryptImportKey
0000 08 02 00 00 02 66 00 00 30 00 00 00 13 10 89 9c
0010 8a 84 ae 6d 8a af c7 38 ad d9 6a 26 0a 1a 35 53
0020 54 52 91 ec 39 9e 27 56 ff 6d e8 d5 4f 59 06 31
0030 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptCreateHash alg: 8009
CryptHashData 000001D3188BC760 00007FF8D17E4870
0000 4e 62 c1 39 53 94 62 0b 36 e5 9e 71 c0 88 a0 d7
0010 61 de 5f 70 07 95 b0 8e 6a 8e f3 d9 0b e9 04 d8
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
0000 c5 ea a0 43 b9 36 2e cd 8c e3 6e ce 12 00 8b 14
0010 78 41 37 fc 20 c3 18 72 62 c5 90 9c 39 b0 96 99
CryptImportKey
0000 08 02 00 00 02 66 00 00 30 00 00 00 13 10 89 9c
0010 8a 84 ae 6d 8a af c7 38 ad d9 6a 26 0a 1a 35 53
0020 54 52 91 ec 39 9e 27 56 ff 6d e8 d5 4f 59 06 31
0030 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptCreateHash alg: 8009
CryptHashData 000001D3188BC760 00007FF8D17E4870
0000 c5 ea a0 43 b9 36 2e cd 8c e3 6e ce 12 00 8b 14
0010 78 41 37 fc 20 c3 18 72 62 c5 90 9c 39 b0 96 99
0020 6b 65 79 20 65 78 70 61 6e 73 69 6f 6e 8e da 96
0030 e9 d8 f6 8f 05 eb b0 a9 51 54 06 ee d5 d8 7d bc
0040 7a b0 64 9d 25 b8 b7 07 2a e8 c3 ea f9 00 7d f7
0050 8c 37 b2 9c 6b 7e 3f 47 ab 70 7f 2a dd 83 0c 7a
0060 dd 33 6d 98 5c 39 e5 b0 d7 dc 3a 11 d0
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BC760 00007FF8D17E4870
DumpGot
0000 c9 fb be 32 7c 10 1d ac 07 90 0f 83 75 17 a9 7d
0010 b6 23 f1 19 a9 0f 8a 24 58 19 8f 29 96 b0 d3 07
INT3 breakpoint at <advapi32.CryptDuplicateHash> (00007FF8D513E360)!
CryptDuplicateHash 000001D3188B22A0 ->
INT3 breakpoint at cryptsp.00007FF8D1D8636B (00007FF8D1D8636B)!
CryptDuplicateHash end
000001D3188BA920
CryptGetHashParam type : 4 ptr: 000001D3188BA920 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188BA920 00007FF8D17E4870
DumpGot
0000 c1 00 e4 2c 10 68 aa 49 2a 9b c8 dd e6 1d 51 a6
0010 85 b0 8c b8 a0 4b 27 f0 db 66 3d 2d 46 76 01 88
BCryptImportKeyPair \\\
Type: L"ECCPRIVATEBLOB" \\\
Data len: 188BB110hex
[rsp+28]
0000 45 43 53 32 20 00 00 00 40 fc 7f dd df 49 c7 9f
0010 4b 66 46 aa e1 f2 00 35 96 68 eb c2 d8 5f 45 66
0020 30 91 12 04 a6 79 f5 57 49 a0 d1 dd bd 05 00 68
0030 a4 8d 6d 59 e0 cc e0 de 2b 46 d7 69 0d a2 65 40
0040 df ab c2 89 85 33 c4 43 59 5f 42 e4 0e 84 5e 26
0050 3b 8b de 5d 2c 69 57 a9 e2 99 a9 ee a5 0e 80 0a
0060 d7 67 15 b1 cf 9d 5d 0e
BCryptSignHash
0000 c1 00 e4 2c 10 68 aa 49 2a 9b c8 dd e6 1d 51 a6
0010 85 b0 8c b8 a0 4b 27 f0 db 66 3d 2d 46 76 01 88
CryptEncodeObject ??? len unkown!
0000 20 00 00 00 ca ea 00 00 90 b6 8b 18 d3 01 00 00
0010 20 00 00 00 00 00 00 00 e0 b6 8b 18 d3 01 00 00
0020 20 a9 8b 18 d3 01 00 00 18 a6 8b 18 d3 01 00 00
0030 18 b1 8b 18 d3 01 00 00 00 00 00 00 95 00 00 00
Encoded
0000 30 44 02 20 27 c5 c6 37 38 44 70 c0 1b 0f 07 bf
0010 cd 6e ef a9 97 2c cb 8c 29 92 ee d2 fd cf 26 31
0020 75 17 d6 3c 02 20 64 25 d6 93 78 c6 5f 20 9a fc
0030 1d a5 c0 3d a0 0f c9 f9 08 6e 9a 8b 0a e8 54 19
0040 b8 bf 95 e8 7b 20
CryptHashData 000001D3188B22A0 00007FF8D17E4870
0000 0f 00 00 46 30 44 02 20 27 c5 c6 37 38 44 70 c0
0010 1b 0f 07 bf cd 6e ef a9 97 2c cb 8c 29 92 ee d2
0020 fd cf 26 31 75 17 d6 3c 02 20 64 25 d6 93 78 c6
0030 5f 20 9a fc 1d a5 c0 3d a0 0f c9 f9 08 6e 9a 8b
0040 0a e8 54 19 b8 bf 95 e8 7b 20
INT3 breakpoint at <advapi32.CryptDuplicateHash> (00007FF8D513E360)!
CryptDuplicateHash 000001D3188B22A0 ->
INT3 breakpoint at cryptsp.00007FF8D1D8636B (00007FF8D1D8636B)!
CryptDuplicateHash end
000001D3188BB060
CryptGetHashParam type : 4 ptr: 000001D3188BB060 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188BB060 00007FF8D17E4870
DumpGot
0000 3c 27 68 81 2d 8b 1b eb 65 ed 3a a7 d0 8b c8 3a
0010 21 75 02 23 09 5e ed 94 78 a9 2f 65 e9 f6 fe d3
CryptImportKey
0000 08 02 00 00 02 66 00 00 30 00 00 00 13 10 89 9c
0010 8a 84 ae 6d 8a af c7 38 ad d9 6a 26 0a 1a 35 53
0020 54 52 91 ec 39 9e 27 56 ff 6d e8 d5 4f 59 06 31
0030 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptCreateHash alg: 8009
CryptHashData 000001D3188BB770 00007FF8D17E4870
0000 63 6c 69 65 6e 74 20 66 69 6e 69 73 68 65 64 3c
0010 27 68 81 2d 8b 1b eb 65 ed 3a a7 d0 8b c8 3a 21
0020 75 02 23 09 5e ed 94 78 a9 2f 65 e9 f6 fe d3
CryptGetHashParam type : 2 ptr: 000001D3188BB770 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BB770 00007FF8D17E4870
DumpGot
0000 a1 29 50 64 93 ce c7 b3 40 af 55 a2 fe 38 15 b4
0010 73 8b ba 71 5b 78 f0 d1 56 25 b9 23 d2 aa 7e bf
CryptImportKey
0000 08 02 00 00 02 66 00 00 30 00 00 00 13 10 89 9c
0010 8a 84 ae 6d 8a af c7 38 ad d9 6a 26 0a 1a 35 53
0020 54 52 91 ec 39 9e 27 56 ff 6d e8 d5 4f 59 06 31
0030 f7 82 fe e1 8d 2c 95 f8 55 1b 24 4a
CryptCreateHash alg: 8009
CryptHashData 000001D3188BB770 00007FF8D17E4870
0000 a1 29 50 64 93 ce c7 b3 40 af 55 a2 fe 38 15 b4
0010 73 8b ba 71 5b 78 f0 d1 56 25 b9 23 d2 aa 7e bf
0020 63 6c 69 65 6e 74 20 66 69 6e 69 73 68 65 64 3c
0030 27 68 81 2d 8b 1b eb 65 ed 3a a7 d0 8b c8 3a 21
0040 75 02 23 09 5e ed 94 78 a9 2f 65 e9 f6 fe d3
CryptGetHashParam type : 2 ptr: 000001D3188BB770 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BB770 00007FF8D17E4870
DumpGot
0000 6e 3c 89 d3 58 5f f8 d9 b0 8a 3c 72 10 81 07 56
0010 ef 60 4f 85 89 64 1b be 34 b8 56 c3 58 b3 42 63
CryptImportKey
0000 08 02 00 00 02 66 00 00 20 00 00 00 69 b3 51 3e
0010 9c 9a 15 13 d2 c0 1a 74 5a ee e7 a5 08 03 de b1
0020 2d cf b9 62 80 75 f2 7c 48 9e 24 1b
CryptCreateHash alg: 8009
CryptHashData 000001D3188BCAE0 00007FF8D17E4870
0000 16 03 03 00 10
CryptHashData 000001D3188BCAE0 00007FF8D17E4870
0000 14 00 00 0c 6e 3c 89 d3 58 5f f8 d9 b0 8a 3c 72
CryptGetHashParam type : 2 ptr: 000001D3188BCAE0 00007FF8D17E4870
DumpGot
CryptGetHashParam type : 2 ptr: 000001D3188BCAE0 00007FF8D17E4870
DumpGot
0000 3c 39 5e f9 55 87 b8 bb 06 58 31 13 0b a2 93 74
0010 8a 54 dd 5d c1 b9 7d ce 89 3a e4 79 47 67 2f 44
CryptGenRandom 16
Generated
0000 80 47 4a 88 5b ac 47 5f 10 00 54 a3 52 48 f4 59
CryptImportKey
0000 08 02 00 00 10 66 00 00 20 00 00 00 12 99 50 9d
0010 8d ee 9e cf 93 e9 65 aa 23 7b aa 13 f2 29 a9 90
0020 83 b0 86 0a b3 6d 4b 4a 46 a5 b3 90
CryptEncrypt: len - 64
0000 14 00 00 0c 6e 3c 89 d3 58 5f f8 d9 b0 8a 3c 72
0010 3c 39 5e f9 55 87 b8 bb 06 58 31 13 0b a2 93 74
0020 8a 54 dd 5d c1 b9 7d ce 89 3a e4 79 47 67 2f 44
0030 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f
Encrypted:
0000 e7 11 c7 f0 18 13 dc 1b e5 a0 20 48 e2 0e 17 aa
0010 f4 97 b2 86 d3 fb 3d 56 d2 04 e2 64 52 c1 98 8b
0020 6e 42 4f e1 f3 91 9d d5 7d 0e 3b 8f 70 91 58 8e
0030 9f d1 a5 bb dd 18 ae d0 af 56 ef 24 d9 39 ed ff
readFromPipe
INT3 breakpoint at synawudfbiousb.00007FF8B01DCAC0 (00007FF8B01DCAC0)!
CryptGetHashParam type : 4 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 20 00 00 00
CryptGetHashParam type : 2 ptr: 000001D3188B22A0 00007FF8D17E4870
DumpGot
0000 3c 27 68 81 2d 8b 1b eb 65 ed 3a a7 d0 8b c8 3a
0010 21 75 02 23 09 5e ed 94 78 a9 2f 65 e9 f6 fe d3
readFromPipe
INT3 breakpoint at synawudfbiousb.00007FF8B01DCAC0 (00007FF8B01DCAC0)!
Thread 1304 created, Entry: ntdll.00007FF8D5EE2DC0
Thread 12DC exit
Thread A74 exit
Thread 15AC exit
DLL Unloaded: 00007FF8D2330000 powrprof.dll
DLL Unloaded: 00007FF8D2400000 shcore.dll
DLL Unloaded: 00007FF8D2CC0000 windows.storage.dll
DLL Unloaded: 00007FF8D3620000 shell32.dll
DLL Unloaded: 00007FF8D5E50000 shlwapi.dll
DLL Unloaded: 00007FF8D2310000 msasn1.dll
DLL Unloaded: 00007FF8D1820000 dpapi.dll
DLL Unloaded: 00007FF8D2AA0000 crypt32.dll
DLL Unloaded: 00007FF8D57C0000 setupapi.dll
Could not delete breakpoint 00007FF8B93E6154! (DeleteBPX)
DLL Unloaded: 00007FF8B00C0000 synawudfbiousb.dll
DLL Unloaded: 00007FF8CF190000 wudfx.dll
Thread E34 exit
Thread 1304 exit
Thread 13F8 exit
Thread 708 exit
Thread 13EC exit
Thread AB4 exit
Thread 1704 exit
Process stopped with exit code 0x0
Saving database to C:\Users\Test\Desktop\release\x64\db\WUDFHost.exe.dd64 594ms
Debugging stopped!