[Colours]
Scheme[0]=10,12,18,0,5,15,13,13
Scheme name[0]=Dave's black
Scheme[1]=1,5,0,18,7,18,4,12
Scheme name[1]=Fancy Nico
Scheme[2]=7,12,7,10,11,7,3,13
Scheme name[2]=Kostya's blue
Scheme[3]=7,12,7,0,5,15,18,13
Scheme name[3]=Dami's black
Scheme[4]=0,12,8,18,7,8,7,13
Scheme name[4]=Scheme 4
Scheme[5]=14,12,7,1,3,7,3,13
Scheme name[5]=Scheme 5
Scheme[6]=1,12,3,11,14,2,7,13
Scheme name[6]=Scheme 6
Scheme[7]=15,12,7,0,8,11,7,13
Scheme name[7]=Scheme 7
[Fonts]
Font[0]=16,8,400,0,0,0,134,2,49,0
Face name[0]=Terminal
Font name[0]=OEM ȿ
Font[1]=-12,0,400,0,0,0,134,1,49,0
Face name[1]=
Font name[1]=Terminal 6
Font[2]=16,8,400,0,0,0,134,2,49,0
Face name[2]=Fixedsys
Font name[2]=ϵͳȿ
Font[3]=14,0,400,0,0,0,1,2,5,0
Face name[3]=Courier New
Font name[3]=Courier (UNICODE)
Font[4]=10,6,400,0,0,0,1,2,5,0
Face name[4]=Lucida Console
Font name[4]=Lucida (UNICODE)
Font[5]=9,6,700,0,0,0,255,0,48,0
Face name[5]=Terminal
Font name[5]= 5
Font[6]=16,8,400,0,0,0,134,2,49,0
Face name[6]=Fixedsys
Font name[6]= 6
Font[7]=14,0,400,0,0,0,1,2,5,0
Face name[7]=Courier New
Font name[7]= 7
[Syntax]
Commands[1]=10,7,12,12,14,12,12,13,96,7,14,0,0,0
Operands[1]=1,7,7,7,13,14,10,11,0,0,0,0,0,0
Scheme name[1]=Dave
Commands[2]=1,1,1,1,1,1,1,4,109,12,12,0,0,0
Operands[2]=1,1,2,4,12,2,2,5,0,0,0,0,0,0
Scheme name[2]=Fancy Nico
Commands[3]=14,4,124,124,9,110,64,13,111,8,12,0,0,0
Operands[3]=1,10,4,13,11,13,15,6,0,0,0,0,0,0
Scheme name[3]=Kostya's xmas tree
Commands[4]=7,7,2,12,6,12,10,13,96,7,14,0,0,0
Operands[4]=1,7,7,7,13,7,10,11,0,0,0,0,0,0
Scheme name[4]=Dami
Commands[5]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
Operands[5]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
Scheme name[5]=No highlighting
Commands[0]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
Operands[0]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
Scheme name[0]=No highlighting
[﷨]
Commands[0]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
Operands[0]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
[0]=ֹͻʾ
Commands[1]=0,4,124,112,9,64,64,13,111,8,12,0,0,0
Operands[1]=1,0,4,13,65,1,112,6,0,0,0,0,0,0
[1]=Christmas tree
Commands[2]=0,0,124,112,0,64,64,0,96,0,0,0,0,0
Operands[2]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
[2]=Jumps'n'calls
Commands[3]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
Operands[3]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
[3]=Hilite 3
Commands[4]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
Operands[4]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
[4]=Hilite 4
[Plugin IDAFicator Paths]
Num=10
7=F:\ƽ⹤߰\Tool\Թ\Сרð\Tools\ImportREC \ImportREC_chs.exe
6=-
5=F:\ƽ⹤߰\Tool\Թ\Сרð\Tools\Asm\ѯ.exe
4=-
3=F:\ƽ⹤߰\Tool\Թ\Сרð\Tools\ƽ.exe
2=-
1=F:\ƽ⹤߰\Tool\Թ\Сרð\Tools\.exe
0=
9=F:\ƽ⹤߰\Tool\Թ\Сרð\Tools\LordPE\LordPE_hh.EXE
8=-
[History]
UDD path=D:\ҵĵ\\Ollydbg52pojie\UDD
Plugin path=D:\ҵĵ\\Ollydbg52pojie\plugin
Executable[1]=C:\Documents and Settings\Jiack\\Aֶ࿪V1.7ˢܡַwww.hongx.5d6d.com\ֶ࿪V1.7ˢܡ\ֶ࿪V1.7ˢܡ.exe
Executable[2]=C:\Documents and Settings\Jiack\\anti\anti.exe
Executable[3]=C:\Documents and Settings\Jiack\\˵ڲ2.6\˵.exe
Executable[4]=C:\Documents and Settings\Jiack\\VSMapHack677\VSMapHack\VSMH.exe
Executable[5]=C:\Documents and Settings\Jiack\\VSMapHack677\VSMapHack\Unpack.exe
Executable[0]=D:\ҵĵ\ѧϰ\ƽ\Medicine.exe
View file=
View text file=
Object file=
Import library=
Log file=log.txt
Run trace file=rtrace.txt
API help file=
Text save file=
Symbolic data path=F:\ƽ⹤߰\Tool\Թ\С[LCG]
[Settings]
Check DLL versions=0
Show toolbar=1
Status in toolbar=1
Use hardware breakpoints to step=1
Restore windows=191
Scroll MDI=0
Horizontal scroll=0
Topmost window=0
Index of default font=1
Index of default colours=0
Index of default syntax highlighting=0
Log buffer size index=0
Run trace buffer size index=1
Group adjacent commands in profile=1
Highlighted trace register=-1
IDEAL disassembling mode=0
Disassemble in lowercase=1
Separate arguments with TAB=0
Extra space between arguments=0
Show default segments=1
NEAR jump modifiers=0
Use short form of string commands=0
Use RET instead of RETN=0
Size sensitive mnemonics=1
SSE size decoding mode=0
Top of FPU stack=1
Always show memory size=1
Decode registers for any IP=0
Show symbolic addresses=1
Show local module names=1
Gray data used as filling=1
Show jump direction=1
Show jump path=1
Show jumpfrom path=1
Show path if jump is not taken=1
Underline fixups=1
Center FOLLOWed command=1
Show stack frames=1
Show local names in stack=1
Extended stack trace=1
Synchronize source with CPU=1
Include SFX extractor in code=0
SFX trace mode=0
Use real SFX entry from previous run=1
Ignore SFX exceptions=1
First pause=1
Stop on new DLL=0
Stop on DLL unload=0
Stop on new thread=0
Stop on thread end=0
Stop on debug string=0
Decode SSE registers=0
Enable last error=1
Ignore access violations in KERNEL32=1
Ignore INT3=1
Ignore TRAP=1
Ignore access violations=1
Step in unknown commands=1
Ignore division by 0=1
Ignore illegal instructions=1
Ignore all FPU exceptions=1
Warn when frequent breaks=0
Warn when break not in code=0
Autoreturn=0
Save original command in trace=1
Show traced ESP=1
Show traced flags=1
Animate over system DLLs=1
Trace over string commands=0
Synchronize CPU and Run trace=1
Ignore custom exceptions=1
Smart update=1
Set high priority=1
Append arguments=1
Use ExitProcess=1
Allow injection to get WinProc=1
Sort WM_XXX by name=0
Type of last WinProc breakpoint=0
Snow-free drawing=0
Demangle symbolic names=1
Keep ordinal in name=1
Only ASCII printable in dump=0
Allow diacritical symbols=0
String decoding=0
Warn if not administrator=1
Warn when terminating process=0
Align dialogs=1
Use font of calling window=0
Specified dialog font=0
Number of lines that follow EIP=0
Restore window positions=1
Restore width of columns=0
Highlight sorted column=0
Compress analysis data=1
Backup UDD files=1
Fill rest of command with NOPs=1
Reference search mode=0
Global search=1
Aligned search=0
Allow error margin=0
Keep size of hex edit selection=1
Modify tag of FPU register=1
Hex inspector limits=1
MMX display mode=0
Last selected options card=3
Last selected appearance card=0
Ignore case in text search=1
Letter key in Disassembler=1
Looseness of code analysis=1
Decode pascal strings=1
Guess number of arguments=1
Accept far calls and returns=1
Accept direct segment modifications=1
Decode VxD calls=1
Accept privileged commands=1
Accept I/O commands=1
Accept NOPs=1
Accept shifts out of range=1
Accept superfluous prefixes=1
Accept LOCK prefixes=1
Accept unaligned stack operations=1
Accept non-standard command forms=1
Show ARG and LOCAL in procedures=1
Save analysis to file=1
Analyse main module automatically=1
Analyse code structure=1
Decode ifs as switches=1
Save trace to file=0
Trace contents of registers=1
Functions preserve registers=0
Decode tricks=1
Automatically select register type=1
Show decoded arguments=1
Show decoded arguments in stack=1
Show arguments in call stack=1
Show induced calls=1
Label display mode=0
Label includes module name=1
Highlight symbolic labels=1
Highlight RETURNs in stack=1
Ignore path in user data file=1
Ignore timestamp in user data file=1
Ignore CRC in user data file=1
Default sort mode in Names=1
Save out-of-module user data=0
Tabulate columns in log file=0
Append data to existing log file=0
Flush gathered data to log file=0
Skip spaces in source comments=1
Hide non-existing source files=1
Tab stops=8
File graph mode=2
Show internal handle names=0
Hide irrelevant handles=0
[Plugin ODbgScript]
MRU1=F:\ѿǽű\ThemidaScript\TMDScript-1.9.1+_1.0final.osc
MRU2=F:\ѿǽű\ThemidaScript\ThemidaScript.for.V1.9.10+.0.4.By.fxyang.oSc
MRU3=F:\ѿǽű\ThemidaScript\TMDScript-1.9.1+_private_0.7.osc
MRU4=F:\ѿǽű\ThemidaScript\TMDScript-1.9.1+_1.0 final_ɰ.osc
MRU5=F:\ѿǽű\ThemidaScript\Themida&WinLicense.V1.9.1-V2.0.X.UnPacKScript.Public.By.fxyang[CUG].osc
Restore Script window=1
Restore Script Log=0
ScriptDir=F:\ѿǽű\ThemidaScript\TMDScript-1.9.1+_1.0final.osc
BP_FILE=F:\ѿǽű\ThemidaScript\TMDScript-1.9.1+_1.0final.osc
BP_0001=
BP_0002=
[System]
Options position=309,183
[Arguments]
Executable[1]=
Executable[2]=
Executable[3]=
Executable[4]=
Executable[5]=
Executable[0]=
[Plugin StrongOD]
CreateProcessMode=2
HidePEB=1
IsPatchFloat=1
IsAdvGoto=1
KernelMode=1
KillPEBug=1
SuperEnumMod=1
AdvAttach=1
SkipExpection=1
OrdFirst=0
BreakOnLdr=0
BreakOnTls=1
RemoveEpOneShot=1
ShowBar=17
LoadSym=1
AutoUpdate=0
HideWindow=1
HideProcess=1
ProtectProcess=1
DriverKey=-82693034
DriverName=fengyue0
UpdateURL=http://sod.ibt.name/update.txt
[Plugin IDAFicator]
Custom Scheme=0,8388608,32768,8421376,128,8388736,32896,12632256,8421504,16711680,65280,16776960,255,16711935,65535,16777215,12639424,15780004,15793151,10789024
disableClickJmp=1
[Plugin ]
Restore UStrRef Window=1
[Placement]
OllyTest=218,88,850,621,0
CPU=130,316,871,455,3
CPU subwindows=353,501,347,501,419,731,413,710
=22,29,618,230,1
References=230,0,618,170,1
Breakpoints=88,116,498,230,1
Executable modules=66,87,632,230,1
Threads=110,145,492,170,1
Memory map=132,174,390,230,1
Log data=154,203,378,290,1
űд=0,0,632,230,1
Jiack=192,32,640,480,1
[Appearance]
CPU scheme=3
CPU Disassembler=2,3,0,0,3
CPU Dump=2,3,1,0,32788,0
CPU Stack=2,3,0,0
CPU Info=2,3,0,0
CPU Registers=2,3,1,0
=1,0,1,0,0
References=1,0,1,0,0
Breakpoints=1,0,1,0,0
Executable modules=1,0,1,0,0
Threads=1,0,1,0,0
Memory map=1,0,1,0,0
Log data=1,0,1,0,0
űд=1,0,1,0,0
[Columns]
CPU Disassembler=72,136,320,2048
CPU Dump=72,72,2048
CPU Stack=72,80,2048
=54,240,1536
References=54,240,1536
Breakpoints=54,54,150,216,1536
Executable modules=54,54,54,54,96,1536
Threads=54,54,66,108,60,54,72,72
Memory map=54,54,54,54,72,30,48,48,1536
Log data=54,1536
űд=30,240,90,54,600
[Plugin Olly Advanced]
varbps=0
showalljumpsfix=1
TerminateProcess=0
HideDebugBit=0
NtGlobalFlag=0
Antihwbp=0
HeapFlags=0
ForceFlags=0
maxolly=0
Writememory=0
Readmemory=0
Process32Next=0
UnhandledExceptionFilter=0
Module32Next=0
CheckRemoteDebuggerPresent=0
ZwSetInformationThread=0
GetTickCount=0
GetTickCountCounter=1
ZwQuerySystemInformation=0
ZwOpenProcess=0
FindWindow=0
Anti-RDTSCenabled=0
Anti-RDTSC=0
Anti-RDTSC2=0
ZwQueryInformationProcess=0
codebasefix=0
ignoreexporttable=0
ZwQueryObject=0
scrambleexporttable=0
maxallollywindows=0
x64compat=0
SuspendThread=0
BlockInput=0
viewfilefix=0
copytoexecutable=1
usetoolhelp=0
pausedex=0
pluginexpand=0
keepalteredcrc=0
ignorechangedbp=0
advancedctrlg=0
numofrva=0
followindisassembler=1
analysisbug=0
Entrypointwarning=0
antiattachkill=0
winupack=0
BreakOnTls=0
killps=0
alwaysenableshowalljumpsandcalls=0
fixc08bug=0
fixtermination=0
toomanypatches=0
compressedcode=0
dllloading=0
[Plugin Conditional Branch Logger]
Restore Conditional Branch Logger window=0
[Exceptions]
Custom[0]=00000000,FFFFFFFF
