-
Notifications
You must be signed in to change notification settings - Fork 3
/
PC_Level4_flav_dll_x64.dumpbin
327 lines (302 loc) · 11.5 KB
/
PC_Level4_flav_dll_x64.dumpbin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
Dump of file D:\4150\equationGroupWindows\equation_drug\PC_Level4_flav_dll_x64
PE signature found
File Type: DLL
FILE HEADER VALUES
8664 machine (x64)
6 number of sections
4F99A1EA time date stamp Thu Apr 26 22:28:42 2012
0 file pointer to symbol table
0 number of symbols
F0 size of optional header
2022 characteristics
Executable
Application can handle large (>2GB) addresses
DLL
OPTIONAL HEADER VALUES
20B magic # (PE32+)
9.00 linker version
14600 size of code
7E00 size of initialized data
0 size of uninitialized data
14AF8 entry point (0000000180014AF8)
1000 base of code
180000000 image base (0000000180000000 to 0000000180020FFF)
1000 section alignment
200 file alignment
5.02 operating system version
0.00 image version
5.02 subsystem version
0 Win32 version
21000 size of image
400 size of headers
0 checksum
2 subsystem (Windows GUI)
0 DLL characteristics
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
19890 [ 3B7] RVA [size] of Export Directory
18B34 [ 78] RVA [size] of Import Directory
1F000 [ 3C8] RVA [size] of Resource Directory
1D000 [ 10C8] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
20000 [ DC] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
16000 [ 458] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
145E0 virtual size
1000 virtual address (0000000180001000 to 00000001800155DF)
14600 size of raw data
400 file pointer to raw data (00000400 to 000149FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
SECTION HEADER #2
.rdata name
3C47 virtual size
16000 virtual address (0000000180016000 to 0000000180019C46)
3E00 size of raw data
14A00 file pointer to raw data (00014A00 to 000187FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
Section contains the following imports:
ADVAPI32.dll
180016000 Import Address Table
180018BB0 Import Name Table
0 time date stamp
0 Index of first forwarder reference
205 RegSetValueExW
1F8 RegQueryValueExW
1ED RegOpenKeyExW
23A SetSecurityDescriptorDacl
134 InitializeSecurityDescriptor
1CB RegCloseKey
USER32.dll
180016228 Import Address Table
180018DD8 Import Name Table
0 time date stamp
0 Index of first forwarder reference
1C2 LoadIconW
A2 DispatchMessageW
2B1 TranslateMessage
204 PeekMessageW
1C0 LoadCursorW
44 CloseWindow
10D GetCursorPos
8F DefWindowProcW
21C RegisterClassW
61 CreateWindowExW
299 ShowWindow
2C3 UpdateWindow
2BB UnregisterClassW
msvcrt.dll
180016298 Import Address Table
180018E48 Import Name Table
0 time date stamp
0 Index of first forwarder reference
2E9 _stricmp
47F memcmp
389 _wcsrev
4C _CxxThrowException
13 ??2@YAPEAX_K@Z
15 ??3@YAXPEAX@Z
4B0 strcmp
413 calloc
4AF strchr
497 realloc
4A6 sprintf
474 malloc
4B2 strcpy
12 ??1type_info@@UEAA@XZ
358 _vsnwprintf
3E7 _wstati64
3B1 _wfopen
440 fseek
445 fwrite
427 fflush
424 fclose
4BC strncpy
480 memcpy
4F6 wcslen
4F2 wcscpy
1D0 _local_unwind
482 memmove
AE _beginthreadex
4C2 strstr
484 memset
454 isdigit
43A free
4AA srand
495 rand
379 _wcsicmp
2C4 _snwprintf
4FA wcsncpy
4C7 strtoul
4D2 time
46E localtime
4B8 strlen
53 __C_specific_handler
55 __CxxFrameHandler
27F _onexit
1D5 _lock
6D __dllonexit
A0 _amsg_exit
16C _initterm
52 _XcptFilter
352 _vsnprintf
330 _unlock
ntdll.dll
180016438 Import Address Table
180018FE8 Import Name Table
0 time date stamp
0 Index of first forwarder reference
1D5 RtlCaptureContext
2ED RtlLookupFunctionEntry
39F RtlVirtualUnwind
KERNEL32.dll
180016038 Import Address Table
180018BE8 Import Name Table
0 time date stamp
0 Index of first forwarder reference
350 SetUnhandledExceptionFilter
374 UnhandledExceptionFilter
364 TerminateProcess
34A SetThreadPriority
2CE ResumeThread
2B4 ReadProcessMemory
31B SetEnvironmentVariableW
15E GetExitCodeThread
96 DuplicateHandle
71 CreateThread
36B TlsGetValue
36C TlsSetValue
2A1 QueueUserAPC
31D SetEvent
2CB ResetEvent
369 TlsAlloc
36A TlsFree
52 CreateEventA
8D DeviceIoControl
56 CreateFileA
39A WideCharToMultiByte
389 VirtualFree
1E0 GetThreadTimes
146 GetCurrentProcessId
149 GetCurrentThreadId
152 GetDiskFreeSpaceExW
206 GlobalMemoryStatus
1E1 GetTickCount
29F QueryPerformanceCounter
148 GetCurrentThread
365 TerminateThread
145 GetCurrentProcess
271 MultiByteToWideChar
32E SetLastError
181 GetModuleHandleA
8E DisableThreadLibraryCalls
1CC GetSystemTimeAsFileTime
396 WaitForSingleObject
31C SetErrorMode
1EA GetVersion
58 CreateFileMappingW
264 MapViewOfFile
377 UnmapViewOfFile
1EB GetVersionExA
180 GetModuleFileNameW
251 LoadLibraryW
26D MoveFileW
FB FreeLibrary
87 DeleteFileW
6C CreateProcessW
36 CloseHandle
1D8 GetTempPathW
1D6 GetTempFileNameW
59 CreateFileW
3AA WriteFile
173 GetLastError
387 VirtualAlloc
24E LoadLibraryA
1A2 GetProcAddress
35C Sleep
38C VirtualProtect
SECTION HEADER #3
.data name
25D0 virtual size
1A000 virtual address (000000018001A000 to 000000018001C5CF)
1A00 size of raw data
18800 file pointer to raw data (00018800 to 0001A1FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write
SECTION HEADER #4
.pdata name
10C8 virtual size
1D000 virtual address (000000018001D000 to 000000018001E0C7)
1200 size of raw data
1A200 file pointer to raw data (0001A200 to 0001B3FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
SECTION HEADER #5
.rsrc name
3C8 virtual size
1F000 virtual address (000000018001F000 to 000000018001F3C7)
400 size of raw data
1B400 file pointer to raw data (0001B400 to 0001B7FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
SECTION HEADER #6
.reloc name
224 virtual size
20000 virtual address (0000000180020000 to 0000000180020223)
400 size of raw data
1B800 file pointer to raw data (0001B800 to 0001BBFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42000040 flags
Initialized Data
Discardable
Read Only
Summary
3000 .data
2000 .pdata
4000 .rdata
1000 .reloc
1000 .rsrc
15000 .text