-
Notifications
You must be signed in to change notification settings - Fork 3
/
PC_Level3_flav_dll_x64.dumpbin
311 lines (286 loc) · 10.8 KB
/
PC_Level3_flav_dll_x64.dumpbin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
Dump of file D:\4150\equationGroupWindows\equation_drug\PC_Level3_flav_dll_x64
PE signature found
File Type: DLL
FILE HEADER VALUES
8664 machine (x64)
6 number of sections
4EA96E7B time date stamp Thu Oct 27 17:45:15 2011
0 file pointer to symbol table
0 number of symbols
F0 size of optional header
2022 characteristics
Executable
Application can handle large (>2GB) addresses
DLL
OPTIONAL HEADER VALUES
20B magic # (PE32+)
9.00 linker version
12200 size of code
7000 size of initialized data
0 size of uninitialized data
12884 entry point (0000000180012884)
1000 base of code
180000000 image base (0000000180000000 to 000000018001DFFF)
1000 section alignment
200 file alignment
5.02 operating system version
0.00 image version
5.02 subsystem version
0 Win32 version
1E000 size of image
400 size of headers
0 checksum
2 subsystem (Windows GUI)
0 DLL characteristics
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
170E0 [ 61] RVA [size] of Export Directory
16514 [ 78] RVA [size] of Import Directory
1C000 [ 3A0] RVA [size] of Resource Directory
1B000 [ F0C] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
1D000 [ D8] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
14000 [ 3D8] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
12200 virtual size
1000 virtual address (0000000180001000 to 00000001800131FF)
12200 size of raw data
400 file pointer to raw data (00000400 to 000125FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
SECTION HEADER #2
.rdata name
3141 virtual size
14000 virtual address (0000000180014000 to 0000000180017140)
3200 size of raw data
12600 file pointer to raw data (00012600 to 000157FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
Section contains the following imports:
ADVAPI32.dll
180014000 Import Address Table
180016590 Import Name Table
0 time date stamp
0 Index of first forwarder reference
1CB RegCloseKey
USER32.dll
1800141E0 Import Address Table
180016770 Import Name Table
0 time date stamp
0 Index of first forwarder reference
1C2 LoadIconW
A2 DispatchMessageW
2B1 TranslateMessage
204 PeekMessageW
1C0 LoadCursorW
44 CloseWindow
10D GetCursorPos
8F DefWindowProcW
21C RegisterClassW
61 CreateWindowExW
299 ShowWindow
2C3 UpdateWindow
2BB UnregisterClassW
msvcrt.dll
180014250 Import Address Table
1800167E0 Import Name Table
0 time date stamp
0 Index of first forwarder reference
379 _wcsicmp
2E9 _stricmp
47F memcmp
389 _wcsrev
4C _CxxThrowException
13 ??2@YAPEAX_K@Z
15 ??3@YAXPEAX@Z
4B0 strcmp
413 calloc
4AF strchr
4A6 sprintf
474 malloc
12 ??1type_info@@UEAA@XZ
4B2 strcpy
358 _vsnwprintf
43A free
3E7 _wstati64
3B1 _wfopen
440 fseek
445 fwrite
427 fflush
424 fclose
4BC strncpy
480 memcpy
4F6 wcslen
4F2 wcscpy
1D0 _local_unwind
482 memmove
484 memset
2C4 _snwprintf
4FA wcsncpy
4C7 strtoul
4D2 time
46E localtime
4B8 strlen
53 __C_specific_handler
55 __CxxFrameHandler
27F _onexit
6D __dllonexit
330 _unlock
A0 _amsg_exit
16C _initterm
52 _XcptFilter
1D5 _lock
ntdll.dll
1800143B8 Import Address Table
180016948 Import Name Table
0 time date stamp
0 Index of first forwarder reference
1D5 RtlCaptureContext
2ED RtlLookupFunctionEntry
39F RtlVirtualUnwind
KERNEL32.dll
180014010 Import Address Table
1800165A0 Import Name Table
0 time date stamp
0 Index of first forwarder reference
350 SetUnhandledExceptionFilter
374 UnhandledExceptionFilter
364 TerminateProcess
34A SetThreadPriority
2CE ResumeThread
2B4 ReadProcessMemory
31B SetEnvironmentVariableW
15E GetExitCodeThread
96 DuplicateHandle
71 CreateThread
36B TlsGetValue
36C TlsSetValue
8D DeviceIoControl
56 CreateFileA
2A1 QueueUserAPC
31D SetEvent
2CB ResetEvent
52 CreateEventA
369 TlsAlloc
36A TlsFree
39A WideCharToMultiByte
389 VirtualFree
1E0 GetThreadTimes
146 GetCurrentProcessId
149 GetCurrentThreadId
152 GetDiskFreeSpaceExW
206 GlobalMemoryStatus
1E1 GetTickCount
29F QueryPerformanceCounter
1CC GetSystemTimeAsFileTime
148 GetCurrentThread
396 WaitForSingleObject
365 TerminateThread
145 GetCurrentProcess
271 MultiByteToWideChar
377 UnmapViewOfFile
32E SetLastError
181 GetModuleHandleA
31C SetErrorMode
1EA GetVersion
1EB GetVersionExA
251 LoadLibraryW
26D MoveFileW
FB FreeLibrary
87 DeleteFileW
6C CreateProcessW
36 CloseHandle
1D8 GetTempPathW
1D6 GetTempFileNameW
59 CreateFileW
3AA WriteFile
173 GetLastError
387 VirtualAlloc
24E LoadLibraryA
1A2 GetProcAddress
35C Sleep
38C VirtualProtect
SECTION HEADER #3
.data name
2590 virtual size
18000 virtual address (0000000180018000 to 000000018001A58F)
1A00 size of raw data
15800 file pointer to raw data (00015800 to 000171FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write
SECTION HEADER #4
.pdata name
F0C virtual size
1B000 virtual address (000000018001B000 to 000000018001BF0B)
1000 size of raw data
17200 file pointer to raw data (00017200 to 000181FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
SECTION HEADER #5
.rsrc name
3A0 virtual size
1C000 virtual address (000000018001C000 to 000000018001C39F)
400 size of raw data
18200 file pointer to raw data (00018200 to 000185FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
SECTION HEADER #6
.reloc name
202 virtual size
1D000 virtual address (000000018001D000 to 000000018001D201)
400 size of raw data
18600 file pointer to raw data (00018600 to 000189FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42000040 flags
Initialized Data
Discardable
Read Only
Summary
3000 .data
1000 .pdata
4000 .rdata
1000 .reloc
1000 .rsrc
13000 .text