                        ActiveMARK process dumper (AMDUMPER)
                                    (c) ARTeam 2006
                                    
                                                CondZero/ARTeam

Usage:
Open ActiveMARK specific target (executable).

Program will load / run the target via CreateProcess API(debug only this process) and attempt to find the 2nd layer EP by hooking GetVersion API.
Please note that the process of searching bytes is memory
intensive and can take up to several seconds depending on the speed
of the cpu and memory capacity (RAM).

Upon Successfully finding the 2nd layer EP
The program will search for the "AMCLIENT_VERSION"
of ActiveMARK.

Once the dialog completes, simply dump the process as normal, fix the imports, close the dialog, append the encrypted overlay data to the end of the file via a hexeditor and patch the "Magic Call".

That's it...

                                        cheers, CondZero/ARTeam


