adeii · January 11, 2024 22:35
diff --git a/gistfile1.txt b/gistfile1.txt
 swap in import/export Brave 1.58.131 x32 / chromium 117.0.5938.89 32bit


 brave.exe
 ==========
 110-Security Directory RVA / Size --> 00000000
 ---
 2B4F0: 00 53 52 FF 15 7C 9C 5C 00 85 C0 74 15 FF 4D F0 --- 00 53 52 FF 15 7C 9C 5C 00 90 90 90 90 FF 4D F0 brave32
       
 2B500: 8B 3E 85 FF 75 3E B3 01 83 7D F0 00 0F 85 CB 00 --  8B 3E 90 90 90 90 B3 01 90 90 90 90 90 90 90 90 brave32
       
 2b510: 00 00 89 D8 83 C4 04 5E 5F 5B 5D C3 31 DB EB F2 --  90 90 89 D8 83 C4 04 5E 5F 5B 5D C3 31 DB EB F2 brave32
       
 138050: 55 89 E5 53 57 56 83 EC 18 89 D6 89 CF A1 08 E0 -- 55 89 E5 53 57 56 83 EC 78 89 D6 89 CF A1 08 E0 brave32
 14B0C0 - ignore
        
 138060: 5C 00 31 E8 89 45 F0 66 0F 76 C0 8D 45 E0 F3 0F -- 5C 00 31 E8 89 45 F0 66 0F 76 C0 8D 45 A0 F3 0F brave32
        
 138070: 7F 00 8D 5D DC C7 03 FF FF FF FF 53 6A 10 50 FF -- 7F 00 8D 5D DC C7 03 FF FF FF FF 53 6A 20 50 FF brave32
        
 138090: 83 3B 10 0F 94 C3 20 C3 80 FB 01 75 27 80 7D E0 -- 83 3B 20 0F 94 C3 20 C3 80 FB 01 75 27 80 7D A0 brave32        
        
 1380b0: 89 4D E1 29 D0 83 C0 13 89 47 18 F3 0F 6F 45 E0 -- 89 4D E1 29 D0 83 C0 13 89 47 18 E9 F0 53 05 00 brave32
        

 b.c.r.y.p.t.o.p.r -> x.c.r.y.p.t.o.p.r (hidden) 63 00 72 00 79 00 70 00 74 00 70
 userenv -> userenx         (hidden)
 kernel32 -> kernel64


 chrome_proxy.exe
 =======================
 *

 chrome_elf.dll
 ==============
 110-Security Directory RVA / Size --> 00000000

 e1b20: b.c.r.y.p.t.p.r.i.m.i.t -> x.c.r.y.p.t.p.r.i.m.i.t (hidden)
 ed430: b.c.r.y.p.t.p.r.i -> x.c.r.y.p.t.p.r.i (hidden)  [62 00 63 00 72 00 79 00 70 00 74 00 70 00 72]
 f0ff0: kernel32 -> kernel64



 chrome.dll
 =================
 110-Security Directory RVA / Size --> 00000000

 10D3A0:
 7E 08 00 0F 95 C1 30 C1 0F 84 09 01 00 00 89 66 --> 7E 08 00 0F 95 C1 30 C1 90 90 90 90 90 90 89 66 brave32

 DB8E70:
 40 50 57 68 0F 00 00 10 50 FF 75 D8 FF 15 B8 5F -- 40 50 57 68 0F 00 00 00 50 FF 75 D8 FF 15 B8 5F brave32

 7BBB400:
 89 C3 89 F9 E8 F7 F3 8F 00 84 DB 89 F3 75 12 FF -- 89 C3 89 F9 E8 F7 F3 8F 00 84 DB 89 F3 EB 12 FF brave32


 b.c.r.y.p.t.p -> x.c.r.y.p.t.p (hidden) [62 00 63 00 72 00 79 00 70 00 74 00 70 00]

 a1a89a0: C3 41 1B 9A BB D3 6A 46 87 FC FE 67 55 6A 3B 65 --> 5A EE 59 B8 38 D8 5B 4B A2 E8 1A DC 7D 93 DB 48

 b.c.r.y.p.t.p -> x.c.r.y.p.t.p (hidden) [62 00 63 00 72 00 79 00 70 00 74 00 70 00]

 user32 -> user64 (hidden)

 mfplat -> xfplat (hidden)

 netapi32 -> netapi64 (hidden)

 kernel32 -> kernel64

 userenv -> userenx

 winhttp -> winxttp

 -- kernel64-function name swaps --
 CreatePipe -> CancelIo
 K32GetModuleFileNameExA -> GetModuleHandleExA
 SetThreadStackGuarantee -> SetThreadInformation
 WritePrivateProfileStringW  -> GetPrivateProfileStringW

 chrome_wer.exe
 ==============
 *

 chrome_paw_launcher.exe
 ==============
 *
	swap in import/export Brave 1.58.131 x32 / chromium 117.0.5938.89 32bit


	brave.exe
	==========
	110-Security Directory RVA / Size --> 00000000
	---
	2B4F0: 00 53 52 FF 15 7C 9C 5C 00 85 C0 74 15 FF 4D F0 --- 00 53 52 FF 15 7C 9C 5C 00 90 90 90 90 FF 4D F0 brave32

	2B500: 8B 3E 85 FF 75 3E B3 01 83 7D F0 00 0F 85 CB 00 -- 8B 3E 90 90 90 90 B3 01 90 90 90 90 90 90 90 90 brave32

	2b510: 00 00 89 D8 83 C4 04 5E 5F 5B 5D C3 31 DB EB F2 -- 90 90 89 D8 83 C4 04 5E 5F 5B 5D C3 31 DB EB F2 brave32

	138050: 55 89 E5 53 57 56 83 EC 18 89 D6 89 CF A1 08 E0 -- 55 89 E5 53 57 56 83 EC 78 89 D6 89 CF A1 08 E0 brave32
	14B0C0 - ignore

	138060: 5C 00 31 E8 89 45 F0 66 0F 76 C0 8D 45 E0 F3 0F -- 5C 00 31 E8 89 45 F0 66 0F 76 C0 8D 45 A0 F3 0F brave32

	138070: 7F 00 8D 5D DC C7 03 FF FF FF FF 53 6A 10 50 FF -- 7F 00 8D 5D DC C7 03 FF FF FF FF 53 6A 20 50 FF brave32

	138090: 83 3B 10 0F 94 C3 20 C3 80 FB 01 75 27 80 7D E0 -- 83 3B 20 0F 94 C3 20 C3 80 FB 01 75 27 80 7D A0 brave32

	1380b0: 89 4D E1 29 D0 83 C0 13 89 47 18 F3 0F 6F 45 E0 -- 89 4D E1 29 D0 83 C0 13 89 47 18 E9 F0 53 05 00 brave32


	b.c.r.y.p.t.o.p.r -> x.c.r.y.p.t.o.p.r (hidden) 63 00 72 00 79 00 70 00 74 00 70
	userenv -> userenx (hidden)
	kernel32 -> kernel64


	chrome_proxy.exe
	=======================
	*

	chrome_elf.dll
	==============
	110-Security Directory RVA / Size --> 00000000

	e1b20: b.c.r.y.p.t.p.r.i.m.i.t -> x.c.r.y.p.t.p.r.i.m.i.t (hidden)
	ed430: b.c.r.y.p.t.p.r.i -> x.c.r.y.p.t.p.r.i (hidden) [62 00 63 00 72 00 79 00 70 00 74 00 70 00 72]
	f0ff0: kernel32 -> kernel64



	chrome.dll
	=================
	110-Security Directory RVA / Size --> 00000000

	10D3A0:
	7E 08 00 0F 95 C1 30 C1 0F 84 09 01 00 00 89 66 --> 7E 08 00 0F 95 C1 30 C1 90 90 90 90 90 90 89 66 brave32

	DB8E70:
	40 50 57 68 0F 00 00 10 50 FF 75 D8 FF 15 B8 5F -- 40 50 57 68 0F 00 00 00 50 FF 75 D8 FF 15 B8 5F brave32

	7BBB400:
	89 C3 89 F9 E8 F7 F3 8F 00 84 DB 89 F3 75 12 FF -- 89 C3 89 F9 E8 F7 F3 8F 00 84 DB 89 F3 EB 12 FF brave32


	b.c.r.y.p.t.p -> x.c.r.y.p.t.p (hidden) [62 00 63 00 72 00 79 00 70 00 74 00 70 00]

	a1a89a0: C3 41 1B 9A BB D3 6A 46 87 FC FE 67 55 6A 3B 65 --> 5A EE 59 B8 38 D8 5B 4B A2 E8 1A DC 7D 93 DB 48

	b.c.r.y.p.t.p -> x.c.r.y.p.t.p (hidden) [62 00 63 00 72 00 79 00 70 00 74 00 70 00]

	user32 -> user64 (hidden)

	mfplat -> xfplat (hidden)

	netapi32 -> netapi64 (hidden)

	kernel32 -> kernel64

	userenv -> userenx

	winhttp -> winxttp

	-- kernel64-function name swaps --
	CreatePipe -> CancelIo
	K32GetModuleFileNameExA -> GetModuleHandleExA
	SetThreadStackGuarantee -> SetThreadInformation
	WritePrivateProfileStringW -> GetPrivateProfileStringW

	chrome_wer.exe
	==============
	*

	chrome_paw_launcher.exe
	==============
	*