D:\VSP\cpp\zatuphacl\x64\Release\binary\OneTapGm.pdb
Overview
overview
8Static
static
3Cranium GM...a).dll
windows10-1703-x64
8x64/ProcessHacker.exe
windows10-1703-x64
1x64/kproce...er.sys
windows10-1703-x64
1x64/peview.exe
windows10-1703-x64
3x64/plugin...ls.dll
windows10-1703-x64
1x64/plugin...ns.dll
windows10-1703-x64
1x64/plugin...es.dll
windows10-1703-x64
1x64/plugin...ls.dll
windows10-1703-x64
1x64/plugin...es.dll
windows10-1703-x64
1x64/plugin...ls.dll
windows10-1703-x64
1x64/plugin...ks.dll
windows10-1703-x64
1x64/plugin...rt.dll
windows10-1703-x64
1x64/plugin...us.dll
windows10-1703-x64
1x64/plugin...er.dll
windows10-1703-x64
1x64/plugin...es.dll
windows10-1703-x64
1x64/plugin...er.dll
windows10-1703-x64
1x86/ProcessHacker.exe
windows10-1703-x64
1x86/kproce...er.sys
windows10-1703-x64
1x86/peview.exe
windows10-1703-x64
3x86/plugin...ls.dll
windows10-1703-x64
1x86/plugin...ns.dll
windows10-1703-x64
1x86/plugin...es.dll
windows10-1703-x64
1x86/plugin...ls.dll
windows10-1703-x64
1x86/plugin...es.dll
windows10-1703-x64
1x86/plugin...ls.dll
windows10-1703-x64
1x86/plugin...ks.dll
windows10-1703-x64
1x86/plugin...rt.dll
windows10-1703-x64
1x86/plugin...us.dll
windows10-1703-x64
1x86/plugin...er.dll
windows10-1703-x64
1x86/plugin...es.dll
windows10-1703-x64
1x86/plugin...er.dll
windows10-1703-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Cranium GM (Telegram - Urbanichka).dll
Resource
win10-20231215-en
windows10-1703-x64
36 signatures
1800 seconds
Behavioral task
behavioral2
Sample
x64/ProcessHacker.exe
Resource
win10-20231215-en
windows10-1703-x64
8 signatures
1800 seconds
Behavioral task
behavioral3
Sample
x64/kprocesshacker.sys
Resource
win10-20231220-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral4
Sample
x64/peview.exe
Resource
win10-20231215-en
windows10-1703-x64
3 signatures
1800 seconds
Behavioral task
behavioral5
Sample
x64/plugins/DotNetTools.dll
Resource
win10-20231215-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral6
Sample
x64/plugins/ExtendedNotifications.dll
Resource
win10-20231215-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral7
Sample
x64/plugins/ExtendedServices.dll
Resource
win10-20231215-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral8
Sample
x64/plugins/ExtendedTools.dll
Resource
win10-20231215-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral9
Sample
x64/plugins/HardwareDevices.dll
Resource
win10-20231215-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral10
Sample
x64/plugins/NetworkTools.dll
Resource
win10-20231215-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral11
Sample
x64/plugins/OnlineChecks.dll
Resource
win10-20231215-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral12
Sample
x64/plugins/SbieSupport.dll
Resource
win10-20231215-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral13
Sample
x64/plugins/ToolStatus.dll
Resource
win10-20231220-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral14
Sample
x64/plugins/Updater.dll
Resource
win10-20231220-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral15
Sample
x64/plugins/UserNotes.dll
Resource
win10-20231215-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral16
Sample
x64/plugins/WindowExplorer.dll
Resource
win10-20231220-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral17
Sample
x86/ProcessHacker.exe
Resource
win10-20231215-en
windows10-1703-x64
7 signatures
1800 seconds
Behavioral task
behavioral18
Sample
x86/kprocesshacker.sys
Resource
win10-20231220-en
windows10-1703-x64
0 signatures
1800 seconds
Behavioral task
behavioral19
Sample
x86/peview.exe
Resource
win10-20231215-en
windows10-1703-x64
3 signatures
1800 seconds
Behavioral task
behavioral20
Sample
x86/plugins/DotNetTools.dll
Resource
win10-20231215-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral21
Sample
x86/plugins/ExtendedNotifications.dll
Resource
win10-20231215-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral22
Sample
x86/plugins/ExtendedServices.dll
Resource
win10-20231215-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral23
Sample
x86/plugins/ExtendedTools.dll
Resource
win10-20231215-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral24
Sample
x86/plugins/HardwareDevices.dll
Resource
win10-20231215-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral25
Sample
x86/plugins/NetworkTools.dll
Resource
win10-20231220-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral26
Sample
x86/plugins/OnlineChecks.dll
Resource
win10-20231215-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral27
Sample
x86/plugins/SbieSupport.dll
Resource
win10-20231215-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral28
Sample
x86/plugins/ToolStatus.dll
Resource
win10-20231220-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral29
Sample
x86/plugins/Updater.dll
Resource
win10-20231215-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral30
Sample
x86/plugins/UserNotes.dll
Resource
win10-20231215-en
windows10-1703-x64
1 signatures
1800 seconds
Behavioral task
behavioral31
Sample
x86/plugins/WindowExplorer.dll
Resource
win10-20231215-en
windows10-1703-x64
1 signatures
1800 seconds
General
-
Target
checker.zip
-
Size
5.3MB
-
MD5
658bf891b2e9a250deea7e2311ca114e
-
SHA1
5d5b73599c8048c2019d80e8fa4473e5bddfdada
-
SHA256
948cb329f74b39769afc89e62fba47fb52272402bce949edbfd00a35ae62ca4b
-
SHA512
3bde9c8bd5c56a9de72e5b808982102e02603a3df957b87f6646d66172650bde8c98b15402b438ff50d59dc6807b6de1268761aad0c5a3d730a029f33e18d5d3
-
SSDEEP
98304:qbwtHNpUwi3tT1nbiWqH+n9oTl5j5BweUxHK4gVtOWMllzrlY3luskY2od9aKn4p:CSNpnil1bfqHhUeUxpKtO3zrAl7/2W1i
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Cranium GM (Telegram - Urbanichka).dll
Files
-
checker.zip.zip
-
Cranium GM (Telegram - Urbanichka).dll.dll windows:6 windows x64 arch:x64
cf2d6d68b9e4802f3e0f85d320cf8043
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
GetModuleHandleA
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
HeapReAlloc
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
GetLastError
DisableThreadLibraryCalls
GetModuleFileNameA
GetFileSizeEx
ReadFile
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LocalFree
WideCharToMultiByte
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
GlobalLock
GlobalFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSListHead
GetSystemTimeAsFileTime
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GlobalUnlock
GlobalAlloc
FormatMessageA
MultiByteToWideChar
CreateFileA
user32
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
GetClipboardData
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetKeyState
RegisterClassExA
EmptyClipboard
SetClipboardData
SetCapture
UnregisterClassA
MessageBoxA
CallWindowProcA
FindWindowW
SetWindowLongPtrA
GetAsyncKeyState
DestroyWindow
DefWindowProcA
CreateWindowExA
shell32
ShellExecuteA
msvcp140
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xbad_function_call@std@@YAXXZ
_Strxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?uncaught_exceptions@std@@YAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?good@ios_base@std@@QEBA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
imm32
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
xinput1_3
ord2
ord4
vcruntime140_1
__CxxFrameHandler4
vcruntime140
longjmp
memcpy
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
strchr
__std_type_info_compare
memset
memchr
__std_type_info_destroy_list
_CxxThrowException
__intrinsic_setjmp
__C_specific_handler
__current_exception_context
__current_exception
memcmp
strrchr
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf
ftell
_get_stream_buffer_pointers
fseek
_wfopen
__stdio_common_vsscanf
_fseeki64
fread
fsetpos
ungetc
setvbuf
fwrite
fgetc
fclose
fflush
__stdio_common_vfprintf
fputc
__acrt_iob_func
fgetpos
api-ms-win-crt-heap-l1-1-0
malloc
calloc
free
_callnewh
realloc
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-runtime-l1-1-0
_cexit
abort
_initterm
_initterm_e
_errno
_beginthreadex
_seh_filter_dll
terminate
_configure_narrow_argv
exit
_initialize_narrow_environment
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_crt_atexit
_execute_onexit_table
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-string-l1-1-0
toupper
strcmp
strncpy
strncmp
strcpy_s
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-convert-l1-1-0
strtoull
strtoul
strtol
strtoll
atof
strtod
api-ms-win-crt-math-l1-1-0
cos
_dclass
acosf
cosf
fmodf
atan2f
atanf
floor
log
logf
powf
sin
pow
_dsign
tanf
roundf
sinf
ceilf
sqrtf
_fdclass
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
localeconv
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1016KB - Virtual size: 1015KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.7MB - Virtual size: 383.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
processhacker-2.39-bin.zip.zip
-
CHANGELOG.txt
-
COPYRIGHT.txt
-
LICENSE.txt
-
README.txt
-
x64/ProcessHacker.exe.exe windows:5 windows x64 arch:x64
3695333c60dedecdcaff1590409aa462
Code Sign
0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate
IssuerCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/02/2011, 12:00Not After10/02/2026, 12:00SubjectCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:a7:55:31:1b:42:8c:20:63:f9:83:05:8d:bf:9e:16:48:d0:0d:5f:ec:4a:df:00:e0:a3:4d:de:e6:39:f6:8bSigner
Actual PE Digest33:a7:55:31:1b:42:8c:20:63:f9:83:05:8d:bf:9e:16:48:d0:0d:5f:ec:4a:df:00:e0:a3:4d:de:e6:39:f6:8bDigest Algorithmsha256PE Digest Matchestrue92:53:a6:f7:2e:e0:e3:97:0d:54:57:e0:f0:61:fd:b4:0b:48:4f:18Signer
Actual PE Digest92:53:a6:f7:2e:e0:e3:97:0d:54:57:e0:f0:61:fd:b4:0b:48:4f:18Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\Projects\processhacker2\bin\Release64\ProcessHacker.pdb
Imports
ntdll
NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
RtlCreateUserThread
NtQueryDirectoryObject
NtFsControlFile
NtOpenDirectoryObject
RtlPrefixUnicodeString
NtSetSecurityObject
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtQueueApcThread
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
RtlQueueApcWow64Thread
NtOpenThread
NtDeleteKey
NtQueryKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
LdrGetProcedureAddress
NtGetContextThread
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtPowerInformation
NtTestAlert
NtOpenThreadToken
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
NtCreateSection
NtQueryMutant
NtSuspendThread
NtQueryInformationProcess
NtRemoveProcessDebug
NtTerminateThread
NtResumeProcess
NtReleaseSemaphore
NtSetHighEventPair
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
NtSetInformationFile
NtQueryInformationToken
NtCreateMutant
NtOpenProcessToken
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtDelayExecution
NtSetInformationThread
NtFreeVirtualMemory
winsta
WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW
comctl32
PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_Replace
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
uxtheme
IsThemeActive
GetThemeInt
SetWindowTheme
CloseThemeData
DrawThemeBackground
OpenThemeData
IsThemePartDefined
EnableThemeDialogTexture
kernel32
GetProcAddress
GetModuleHandleW
CreatePipe
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateProcessW
SetConsoleCtrlHandler
FreeConsole
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetConsoleMode
GlobalSize
LocalAlloc
GlobalUnlock
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
LockResource
SizeofResource
CreateRemoteThread
CreateThread
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
WriteConsoleW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
SetFilePointerEx
FlushFileBuffers
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
GetLastError
user32
SetClipboardData
GetDesktopWindow
CreateDialogIndirectParamW
GetWindowTextW
InternalGetWindowText
EmptyClipboard
CloseClipboard
OpenClipboard
GetActiveWindow
GetFocus
GetWindowLongW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
InsertMenuItemW
EndPaint
BeginPaint
ReleaseCapture
PtInRect
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
ScreenToClient
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
FrameRect
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetWindowLongPtrW
SetWindowLongPtrW
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
GetWindowTextLengthW
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
gdi32
GetDIBits
SaveDC
TextOutW
GetCharWidthW
Rectangle
SetBkMode
BitBlt
DeleteDC
CreateDIBSection
SetBoundsRect
GetStockObject
Polyline
SetDCBrushColor
SetDCPenColor
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
GetTextColor
DeleteObject
CreateFontW
GetDeviceCaps
SetTextColor
SetBkColor
GetObjectW
CreateFontIndirectW
CreateRectRgn
SelectClipRgn
ExcludeClipRect
RestoreDC
CombineRgn
IntersectClipRect
GdiAlphaBlend
CreateCompatibleDC
CreateCompatibleBitmap
GetClipRgn
comdlg32
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
ChooseColorW
advapi32
SystemFunction036
SetSecurityInfo
LsaLookupSids
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
EnumServicesStatusExW
QueryServiceConfigW
CreateProcessWithLogonW
LsaOpenAccount
LsaEnumeratePrivilegesOfAccount
LogonUserW
CreateProcessAsUserW
QueryServiceConfig2W
OpenServiceW
RegisterServiceCtrlHandlerExW
LsaEnumerateAccounts
LsaFreeMemory
SetServiceStatus
StartServiceCtrlDispatcherW
CreateServiceW
OpenSCManagerW
ChangeServiceConfig2W
ChangeServiceConfigW
LsaAddAccountRights
LsaClose
CloseServiceHandle
DeleteService
ControlService
StartServiceW
GetSecurityInfo
shell32
DuplicateIcon
SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW
ole32
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
oleaut32
SysFreeString
Exports
Exports
PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDoPropPageLayout
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindNetworkNode
PhFindPlugin
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairSetting
PhGetIntegerSetting
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginInformation
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessPriorityClassString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStockApplicationIcon
PhGetStringSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetTcpStateName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHandleListViewNotifyForCopy
PhHandleTreeNewColumnMenu
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeTreeNewColumnMenu
PhInitializeTreeNewFilterSupport
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvalidateAllProcessNodes
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadListViewColumnsFromSetting
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLoadSymbolProviderOptions
PhLoadWindowPlacementFromSetting
PhLocalTimeToSystemTime
PhLockFileStream
PhLogMessageEntry
PhLoggedCallback
PhLookupMemoryItemList
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPluginAddMenuHook
PhPluginAddMenuItem
PhPluginAddTreeNewColumn
PhPluginCallPhSvc
PhPluginCreateEMenuItem
PhPluginEnableTreeNewNotify
PhPluginGetObjectExtension
PhPluginGetSystemStatistics
PhPluginQueryPhSvc
PhPluginRegisterIcon
PhPluginReserveIds
PhPluginSetObjectExtension
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhPropPageDlgProcDestroy
PhPropPageDlgProcHeader
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryMemoryItemList
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReferenceEmptyString
PhReferenceNetworkItem
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhReferenceProcessItem
PhReferenceProcessItemForParent
PhReferenceProcessItemForRecord
PhReferenceProcessRecord
PhReferenceProcessRecordForStatistics
PhReferenceProcessRecordSafe
PhReferenceServiceItem
PhRegisterCallback
PhRegisterCallbackEx
PhRegisterDialog
PhRegisterMessageLoopFilter
PhRegisterPlugin
PhRemoveAllEMenuItems
PhRemoveEMenuItem
PhRemoveElementAvlTree
PhRemoveEntryHashtable
PhRemoveItemArray
PhRemoveItemList
PhRemoveItemPointerList
Sections
.text Size: 1023KB - Virtual size: 1023KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 321KB - Virtual size: 321KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 53KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 239KB - Virtual size: 239KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/ProcessHacker.sig
-
x64/kprocesshacker.sys.sys windows:6 windows x64 arch:x64
3905de10e3379fd2be8de512a33433a3
Code Sign
0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate
IssuerCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:20:4d:b4:00:00:00:00:00:27Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/04/2011, 19:45Not After15/04/2021, 19:55SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/02/2011, 12:00Not After10/02/2026, 12:00SubjectCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:20:4d:b4:00:00:00:00:00:27Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/04/2011, 19:45Not After15/04/2021, 19:55SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4e:e2:a5:6c:15:92:ff:0e:95:1b:45:2c:0d:e0:64:eb:a0:5b:7c:98:e3:ad:d0:4c:8a:a3:b4:a8:4e:b7:97:a5Signer
Actual PE Digest4e:e2:a5:6c:15:92:ff:0e:95:1b:45:2c:0d:e0:64:eb:a0:5b:7c:98:e3:ad:d0:4c:8a:a3:b4:a8:4e:b7:97:a5Digest Algorithmsha256PE Digest Matchestruec2:b8:c1:b3:4f:09:a9:1e:fe:19:6f:64:6e:f7:f9:a1:11:90:fb:8eSigner
Actual PE Digestc2:b8:c1:b3:4f:09:a9:1e:fe:19:6f:64:6e:f7:f9:a1:11:90:fb:8eDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
d:\projects\processhacker2\kprocesshacker\bin\amd64\kprocesshacker.pdb
Imports
ntoskrnl.exe
SePrivilegeCheck
ZwOpenKey
ProbeForRead
RtlGetVersion
PsProcessType
ObOpenObjectByName
ObGetObjectType
PsReleaseProcessExitSynchronization
ZwQueryObject
RtlEqualUnicodeString
KeUnstackDetachProcess
ExEnumHandleTable
ObQueryNameString
IoFileObjectType
IoDriverObjectType
ExfUnblockPushLock
ObReferenceObjectByHandle
PsAcquireProcessExitSynchronization
PsInitialSystemProcess
ObSetHandleAttributes
ZwQueryInformationProcess
ObfDereferenceObject
ExAllocatePoolWithQuotaTag
ZwQueryInformationThread
ObOpenObjectByPointer
KeStackAttachProcess
PsLookupProcessByProcessId
PsJobType
PsReferencePrimaryToken
SeTokenObjectType
IoCreateDevice
PsGetProcessJob
PsLookupProcessThreadByCid
ZwTerminateProcess
PsDereferencePrimaryToken
IoThreadToProcess
RtlWalkFrameChain
KeInitializeApc
KeSetEvent
KeInsertQueueApc
KeWaitForSingleObject
PsThreadType
PsLookupThreadByThreadId
ZwQuerySystemInformation
ZwQueryVirtualMemory
ExReleaseFastMutex
ExAcquireFastMutex
ZwReadFile
MmHighestUserAddress
SeLocateProcessImageName
KeDelayExecutionThread
ZwCreateFile
RtlRandomEx
ZwQueryInformationFile
MmUnmapLockedPages
ExRaiseStatus
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmUnlockPages
MmIsAddressValid
KeBugCheckEx
PsGetCurrentProcessId
IofCompleteRequest
ZwClose
ZwQueryValueKey
KeInitializeEvent
ProbeForWrite
IoDeleteDevice
RtlInitUnicodeString
ExFreePoolWithTag
IoGetCurrentProcess
ExAllocatePoolWithTag
__C_specific_handler
ksecdd.sys
BCryptCreateHash
BCryptDestroyKey
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 728B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 564B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 760B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/peview.exe.exe windows:5 windows x64 arch:x64
c79e8e2893e86218fc71412598f61209
Code Sign
0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate
IssuerCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/02/2011, 12:00Not After10/02/2026, 12:00SubjectCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
92:f2:7d:9e:d8:b6:a3:b2:06:54:33:86:12:c1:5b:30:f2:48:51:de:6d:67:2e:be:9e:6f:09:45:a7:18:2e:95Signer
Actual PE Digest92:f2:7d:9e:d8:b6:a3:b2:06:54:33:86:12:c1:5b:30:f2:48:51:de:6d:67:2e:be:9e:6f:09:45:a7:18:2e:95Digest Algorithmsha256PE Digest Matchestrue37:21:29:3d:d3:ab:8a:e6:86:2f:eb:46:10:ad:54:e5:f4:37:36:22Signer
Actual PE Digest37:21:29:3d:d3:ab:8a:e6:86:2f:eb:46:10:ad:54:e5:f4:37:36:22Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\Projects\processhacker2\bin\Release64\peview.pdb
Imports
ntdll
NtCreateFile
RtlRaiseStatus
RtlInterlockedPushEntrySList
RtlInitializeSListHead
NtQueryInformationFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
NtSetEvent
NtCreateEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
NtReleaseSemaphore
NtCreateSemaphore
NtSetInformationThread
NtMapViewOfSection
NtCreateSection
RtlCreateHeap
RtlGetVersion
NtQuerySystemInformation
NtAddAtom
LdrGetProcedureAddress
NtWaitForSingleObject
RtlNtStatusToDosError
RtlFindMessage
NtClose
RtlDosPathNameToNtPathName_U
NtUnmapViewOfSection
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlSecondsSince1970ToTime
uxtheme
SetWindowTheme
EnableThemeDialogTexture
kernel32
GetOEMCP
IsValidCodePage
GetCPInfo
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
WideCharToMultiByte
WriteFile
GetStdHandle
GetACP
MultiByteToWideChar
GetStringTypeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
IsValidLocale
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
ExitProcess
SetLastError
GlobalUnlock
GlobalLock
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
RaiseException
CreateFileW
InitializeCriticalSectionAndSpinCount
GlobalFree
GlobalAlloc
GetDateFormatW
GetModuleHandleW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsSetValue
TlsAlloc
TlsGetValue
CreateThread
GetUserDefaultLangID
GetLocaleInfoW
GetSystemDefaultLangID
GetLastError
LoadLibraryW
GetProcAddress
user32
GetWindowLongPtrW
RemovePropW
SetPropW
CallWindowProcW
SetCursor
GetPropW
GetParent
GetDlgItem
SendMessageW
ReleaseDC
GetDC
GetKeyState
SetDlgItemTextW
ShowWindow
SetWindowLongPtrW
PostMessageW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
GetWindowRect
InvalidateRect
GetClientRect
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos
gdi32
SelectObject
GetDeviceCaps
comdlg32
GetSaveFileNameW
GetOpenFileNameW
advapi32
SystemFunction036
shell32
SHGetFileInfoW
SHGetFolderPathW
ExtractIconExW
ole32
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
comctl32
CreatePropertySheetPageW
PropertySheetW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
Sections
.text Size: 137KB - Virtual size: 137KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 58KB - Virtual size: 57KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/DotNetTools.dll.dll windows:5 windows x64 arch:x64
c3f8d8cddba6c99a5f0f2ab21f6f89f6
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
18:d1:3b:7e:d5:8e:62:ea:4f:24:d2:32:52:43:00:ee:a3:ed:be:ad:33:dd:5d:6f:de:3e:a1:9b:cf:da:a9:76Signer
Actual PE Digest18:d1:3b:7e:d5:8e:62:ea:4f:24:d2:32:52:43:00:ee:a3:ed:be:ad:33:dd:5d:6f:de:3e:a1:9b:cf:da:a9:76Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\DotNetTools.pdb
Imports
uxtheme
EnableThemeDialogTexture
processhacker.exe
PhfWakeForReleaseQueuedLock
PhRemoveItemSimpleHashtable
PhAddItemSimpleHashtable
PhPluginQueryPhSvc
PhPluginCallPhSvc
PhPluginGetObjectExtension
PhPluginAddTreeNewColumn
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvcEx
PhFindItemSimpleHashtable
PhfAcquireQueuedLockExclusive
PhCreateSimpleHashtable
PhFormatToBuffer
PhFormatSize
PhSetListViewSubItem
PhAddListViewColumn
PhLoadListViewColumnsFromSetting
PhUnregisterCallback
PhSaveListViewColumnsToSetting
PhAddPropPageLayoutItem
PhHandleListViewNotifyForCopy
PhAddListViewItem
PhAddComboBoxStrings
PhSetIntegerSetting
PhGetIntegerSetting
PhFormatUInt64
PhGetProcessIsDotNet
PhAddSettings
PhGetGeneralCallback
PhPluginSetObjectExtension
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback
PhSetFlagsEMenuItem
PhGetProcessIsSuspended
PhDereferenceObject
PhAppendStringBuilder2
PhShowMessage
PhEnumProcesses
PhCreateProcessPropPageContextEx
WindowsVersion
PhFormatString_V
PhAutoDereferenceObject
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhfEndInitOnce
ProcessQueryAccess
PhOpenThread
PhConcatStringRef2
PhEnumProcessModules32
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateList
PhCreateString
PhGetTreeNewText
PhSetControlTheme
PhFormatString
PhAllocate
PhCreateThread
PhFindProcessInformation
PhLoadResourceEMenuItem
PhCountStringZ
PhInitializeStringBuilder
PhCmLoadSettings
PhPropPageDlgProcHeader
PhCompareStringRef
PhConcatStrings2
PhCreateEMenu
PhAddItemList
PhGetWin32Message
PhShellExploreFile
PhGetStringSetting
PhSetClipboardString
PhGetProcessIsDotNetEx
PhSetStringSetting2
PhSplitStringRefAtChar
PhAddProcessPropPage
PhRemoveStringBuilder
PhCreateStringEx
PhPropPageDlgProcDestroy
PhDoPropPageLayout
PhFinalStringBuilderString
PhShowEMenu
PhDestroyEMenu
PhFree
PhConcatStrings
PhCmSaveSettings
PhReferenceObject
ntdll
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtMapViewOfSection
NtOpenSection
NtUnmapViewOfSection
RtlFreeSid
NtDuplicateObject
NtQueryInformationToken
RtlAllocateAndInitializeSid
NtReleaseMutant
NtOpenProcessToken
RtlNtStatusToDosError
NtReadVirtualMemory
NtQueryInformationProcess
RtlEqualUnicodeString
LdrGetProcedureAddress
NtGetContextThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtClose
LdrGetDllHandle
kernel32
IsValidCodePage
LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
GetACP
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsFree
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
RaiseException
user32
GetKeyState
PostMessageW
SendMessageW
IsWindow
GetDlgItem
InvalidateRect
advapi32
SystemFunction036
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW
OpenTraceW
Sections
.text Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/ExtendedNotifications.dll.dll windows:5 windows x64 arch:x64
acd7837a0f8690fa4b5ada849f2560b0
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e8:82:37:af:a7:21:13:1c:c7:61:7c:30:ee:46:fb:f5:86:34:2a:d2:85:14:18:36:38:8c:60:c0:b5:1a:83:d5Signer
Actual PE Digeste8:82:37:af:a7:21:13:1c:c7:61:7c:30:ee:46:fb:f5:86:34:2a:d2:85:14:18:36:38:8c:60:c0:b5:1a:83:d5Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\ExtendedNotifications.pdb
Imports
processhacker.exe
PhCreateSaveFileDialog
PhRegisterCallback
PhAutoDereferenceObject
PhFormatLogEntry
PhWriteStringFormatAsUtf8FileStream
PhCreateFileStream
PhGetStringSetting
PhLoggedCallback
PhFree
PhAllocateSafe
PhReferenceProcessItemForParent
PhCreateList
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
PhAddSettings
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetGeneralCallback
PhFormatDateTime
PhSetStringSetting2
PhGetGlobalWorkQueue
PhQueueItemWorkQueue
PhFinalStringBuilderString
PhFormatString_V
PhSetIntegerSetting
PhAppendCharStringBuilder
PhMatchWildcards
PhGetIntegerSetting
PhRegisterPlugin
PhReferenceObject
PhAppendStringBuilderEx
PhGetPluginCallback
PhDeleteStringBuilder
PhGetFileName
PhConvertUtf8ToUtf16
PhDereferenceObject
PhFindCharInStringRef
PhModalPropertySheet
PhDuplicateBytesZSafe
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
user32
SendMessageW
SetWindowLongPtrW
EnableWindow
GetParent
GetDlgItem
SetDlgItemTextW
comctl32
ord412
ord410
ord413
CreatePropertySheetPageW
kernel32
HeapSize
WriteConsoleW
FlushFileBuffers
CreateFileW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetConsoleCP
WriteFile
SetStdHandle
GetACP
CloseHandle
LCMapStringW
GetFileType
GetStdHandle
GetConsoleMode
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
advapi32
SystemFunction036
Sections
.text Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 46KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/ExtendedServices.dll.dll windows:5 windows x64 arch:x64
8077acd95550e90db0afd6fb1689e912
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:c6:d2:e6:47:62:90:08:e5:8a:72:2f:24:20:8c:fa:c2:6c:56:a6:72:47:7b:f2:16:70:b8:40:56:4b:c3:2fSigner
Actual PE Digest0e:c6:d2:e6:47:62:90:08:e5:8a:72:2f:24:20:8c:fa:c2:6c:56:a6:72:47:7b:f2:16:70:b8:40:56:4b:c3:2fDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\ExtendedServices.pdb
Imports
processhacker.exe
PhQueryRegistryString
PhReAllocate
PhFinalStringBuilderString
PhReferenceEmptyString
PhDeleteAutoPool
PhInitializeAutoPool
PhGetSelectedListViewItemParam
PhClearList
PhFormatString
PhConcatStringRef2
PhAppendStringBuilderEx
PhCreateAlloc
PhOpenKey
PhCreateString
PhFreeFileDialog
PhShowFileDialog
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetComboBoxString
PhCreateServiceListControl
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCenterWindow
PhaChoiceDialog
PhGetNtMessage
PhSetListViewSubItem
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhDereferenceObjects
PhFindIntegerSiKeyValuePairs
PhEqualStringRef
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhAddListViewColumn
PhRemoveItemList
PhSidToStringSid
PhRemoveListViewItem
PhUiDisconnectFromPhSvc
PhUiConnectToPhSvc
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhFindStringSiKeyValuePairs
PhAddListViewItem
PhSvcCallChangeServiceConfig2
PhAddComboBoxStrings
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhNtStatusToDosError
PhOpenLsaPolicy
PhShowMessage
PhAppendStringBuilder
PhDereferenceObject
PhGetOwnTokenAttributes
PhSetIntegerSetting
PhMainWndHandle
PhInsertEMenuItem
PhUiContinueService
PhUiStopService
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
PhPluginCreateEMenuItem
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
PhAddSettings
WindowsVersion
PhShowStatus
PhGetGeneralCallback
PhfAcquireQueuedLockShared
PhIndexOfEMenuItem
PhFormatString_V
PhRegisterCallback
PhGetIntegerSetting
PhUiStartService
PhRegisterPlugin
PhReferenceObject
PhGetPluginCallback
PhUiPauseService
PhCreateList
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhOpenService
PhCountStringZ
PhConcatStrings2
PhAddItemList
PhGetWin32Message
PhReferenceServiceItem
PhGetServiceConfig
PhAddLayoutItem
PhAutoDereferenceObject
PhFree
PhLayoutManagerLayout
PhFormatGuid
ntdll
RtlLookupFunctionEntry
RtlVirtualUnwind
NtClose
NtEnumerateKey
RtlGUIDFromString
RtlUnwindEx
RtlCaptureContext
kernel32
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
HeapAlloc
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
GetComputerNameW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
WriteConsoleW
CreateFileW
RaiseException
IsValidCodePage
user32
DialogBoxParamW
SetPropW
MoveWindow
MapWindowPoints
IsWindowEnabled
GetWindowTextLengthW
GetWindowLongPtrW
SetTimer
GetParent
SetWindowLongPtrW
GetDlgItemInt
SetDlgItemInt
EnableWindow
EndDialog
GetDlgItem
SendMessageW
GetWindowRect
GetPropW
RemovePropW
ShowWindow
SetDlgItemTextW
advapi32
SystemFunction036
CloseServiceHandle
LsaEnumeratePrivileges
LsaClose
QueryServiceConfig2W
ChangeServiceConfig2W
LsaFreeMemory
QueryServiceStatus
EnumDependentServicesW
comctl32
CreatePropertySheetPageW
Sections
.text Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/ExtendedTools.dll.dll windows:5 windows x64 arch:x64
9d757d0f8f00e9133c716e8e21d6b1b0
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b9:fb:f7:93:ea:ca:63:85:bc:18:c6:65:cf:d4:0f:5f:96:9b:53:7f:7e:82:32:92:d4:5b:b4:97:0a:2f:4b:ccSigner
Actual PE Digestb9:fb:f7:93:ea:ca:63:85:bc:18:c6:65:cf:d4:0f:5f:96:9b:53:7f:7e:82:32:92:d4:5b:b4:97:0a:2f:4b:ccDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\ExtendedTools.pdb
Imports
processhacker.exe
PhDeleteCircularBuffer_FLOAT
PhCreateProcessPropPageContextEx
PhSetGraphText
PhDoPropPageLayout
PhPropPageDlgProcDestroy
PhAddProcessPropPage
PhAddLayoutItemEx
PhGlobalDpi
PhDeleteCircularBuffer_ULONG
PhSiSetColorsGraphDrawInfo
PhPropPageDlgProcHeader
PhPrintTimeSpan
PhDivideSinglesBySingle
PhApplicationFont
PhFormatSize
PhGetStatisticsTime
PhAppendStringBuilder
PhAppendStringBuilder2
PhGetDrawInfoGraphBuffers
PhFindProcessRecord
PhFinalStringBuilderString
PhRemoveStringBuilder
PhInitializeStringBuilder
PhPluginRegisterIcon
PhDrawGraphDirect
PhfBeginInitOnce
PhPluginAddTreeNewColumn
PhfEndInitOnce
PhPluginEnableTreeNewNotify
PhNetworkItemsUpdatedEvent
PhEnumProcesses
PhFindNetworkNode
PhReferenceNetworkItem
PhInitializeCircularBuffer_ULONG64
PhSiSizeLabelYFunction
PhDeleteCircularBuffer_ULONG64
PhInitializeGraphState
PhGetPluginCallback
PhRegisterPlugin
PhIndexOfEMenuItem
PhPluginSetObjectExtension
PhGetGeneralCallback
PhAddSettings
PhPluginCreateEMenuItem
PhInsertEMenuItem
PhCreateServiceListControl
PhShowStatus
PhReferenceServiceItem
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
PhLoadSymbolProviderOptions
PhGetSymbolFromAddress
PhOpenProcess
PhLoadModuleSymbolProvider
PhOpenThread
PhShowConfirmMessage
PhFormatDateTime
PhAddListViewItem
PhHandleListViewNotifyForCopy
PhAllocateSafe
PhAddListViewColumn
PhSetExtendedListView
PhSetListViewSubItem
PhCopyStringZ
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhGetBaseName
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhAddPropPageLayoutItem
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhCopyCircularBuffer_FLOAT
PhAddLayoutItem
PhCenterWindow
PhLayoutManagerLayout
PhGetStatisticsTimeString
PhBufferToHexString
PhCountStringZ
PhInitializeCircularBuffer_ULONG
PhHexStringToBuffer
PhSetIntegerSetting
PhInitializeCircularBuffer_FLOAT
PhReferenceProcessRecordForStatistics
PhFormatString
PhFormatString_V
PhCreateThread
WindowsVersion
PhHashStringRef
PhfReleaseQueuedLockShared
PhCreateObjectType
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhInvokeCallback
PhAllocateFromFreeList
PhfAcquireQueuedLockShared
PhInitializeFreeList
PhDereferenceProcessRecord
PhCreateObject
PhReferenceProcessItem
PhGetFileName
PhfAcquireQueuedLockExclusive
PhFreeToFreeList
PhProcessesUpdatedEvent
PhReferenceProcessRecord
PhCreateSimpleHashtable
PhAddEntryHashtable
PhGetStockApplicationIcon
PhMainWndHandle
PhCreateList
PhShellProcessHacker
PhCreateString
PhGetTreeNewText
PhShowProcessRecordDialog
PhFormat
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhAllocate
PhFindProcessNode
PhLoadResourceEMenuItem
PhSetIntegerPairSetting
PhRemoveEntryHashtable
PhSetFlagsAllEMenuItems
PhCmLoadSettings
PhCompareStringRef
PhDeleteTreeNewColumnMenu
PhFindEMenuItem
PhCreateEMenu
PhGetPluginInformation
PhAddItemList
PhReferenceProcessItemForRecord
PhShellExploreFile
PhGetStringSetting
PhHandleTreeNewColumnMenu
PhInitializeTreeNewColumnMenu
PhRemoveItemList
PhSetClipboardString
PhAddTreeNewFilter
PhApplyTreeNewFiltersToNode
PhGetIntegerPairSetting
PhCreateHashtable
PhFindPlugin
PhSetStringSetting2
PhFormatUInt64
PhInitializeLayoutManager
PhUnregisterCallback
PhDeleteLayoutManager
PhCreateStringEx
PhApplyTreeNewFilters
PhFindItemList
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
PhSelectAndEnsureVisibleProcessNode
PhGetIntegerSetting
PhDestroyEMenu
PhFree
PhCmSaveSettings
PhReferenceObject
PhWriteStringAsUtf8FileStream
PhShowMessage
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhGetOwnTokenAttributes
PhWriteStringAsUtf8FileStream2
PhFindEntryHashtable
PhPluginGetObjectExtension
PhSetFlagsEMenuItem
ntdll
NtAlpcQueryInformation
RtlInterlockedPushEntrySList
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationProcess
NtQueryInformationProcess
RtlGetUnloadEventTraceEx
NtReadVirtualMemory
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtDuplicateObject
RtlUnwindEx
NtQueryInformationWorkerFactory
RtlClearAllBits
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
LdrGetDllHandle
LdrGetProcedureAddress
NtClose
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead
kernel32
GetLastError
RaiseException
GetSystemTimeAsFileTime
GetSystemInfo
IsDebuggerPresent
GetStartupInfoW
VirtualProtect
VirtualQuery
GetModuleFileNameW
FreeLibrary
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
LocalFree
GetProcAddress
Sleep
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
GetCurrentThreadId
user32
InvalidateRect
GetSysColorBrush
GetDlgItem
SetCursor
LoadCursorW
SetTimer
EnableWindow
MoveWindow
CopyIcon
DestroyIcon
DestroyWindow
GetPropW
RemovePropW
SetPropW
DeferWindowPos
GetWindowRect
SetWindowPos
EndDialog
GetSystemMetrics
BeginDeferWindowPos
MapWindowPoints
EndDeferWindowPos
MapDialogRect
GetClientRect
GetParent
DialogBoxParamW
CreateDialogParamW
GetKeyState
PostMessageW
CreateWindowExW
SendMessageW
ShowWindow
SetDlgItemTextW
SetFocus
gdi32
SelectObject
SetBkMode
advapi32
SystemFunction036
StartTraceW
OpenTraceW
ControlTraceW
EnableTraceEx
CloseTrace
ProcessTrace
ole32
CoCreateInstance
oleaut32
SysAllocString
SysAllocStringLen
SysFreeString
comctl32
CreatePropertySheetPageW
Sections
.text Size: 106KB - Virtual size: 105KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/HardwareDevices.dll.dll windows:5 windows x64 arch:x64
119abb51b3de6c8e65225ee81e503143
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f1:cc:af:aa:0c:e9:3b:13:cb:33:66:28:b5:60:42:62:f7:62:68:a1:6c:43:40:48:f6:48:0d:33:e2:b9:8c:e7Signer
Actual PE Digestf1:cc:af:aa:0c:e9:3b:13:cb:33:66:28:b5:60:42:62:f7:62:68:a1:6c:43:40:48:f6:48:0d:33:e2:b9:8c:e7Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\HardwareDevices.pdb
Imports
uxtheme
EnableThemeDialogTexture
processhacker.exe
PhReAllocate
PhSystemBasicInformation
PhDereferenceObject
PhfAcquireQueuedLockExclusive
PhReferenceObject
PhCreateObject
PhGetIntegerSetting
PhFindItemList
PhReferenceObjectSafe
PhfAcquireQueuedLockShared
PhInitializeCircularBuffer_ULONG64
PhRemoveItemList
WindowsVersion
PhAddItemList
PhGetOwnTokenAttributes
PhStringToInteger64
PhConcatStrings_V
PhCreateFileWin32
PhInsertEMenuItem
PhTrimStringRef
PhCreateEMenuItem
PhCreateEMenu
PhfWakeForReleaseQueuedLock
PhCountStringZ
PhCreateObjectType
PhfReleaseQueuedLockShared
PhDeleteCircularBuffer_ULONG64
PhCreateString
PhDereferenceObjectDeferDelete
PhCreateList
PhConvertMultiByteToUtf16
PhModalPropertySheet
PhFormatUInt64
PhLayoutManagerLayout
PhFree
PhCenterWindow
PhFormatDateTime
PhAutoDereferenceObject
PhFormatString_V
PhAddListViewItem
PhAddLayoutItem
PhCreateStringEx
PhAddListViewColumn
PhGetSelectedListViewItemParam
PhSetExtendedListView
PhCreateThread
PhAllocate
PhAddSettings
PhGetGeneralCallback
PhShowEMenu
PhDestroyEMenu
PhRegisterPlugin
PhSetControlTheme
PhSetListViewSubItem
PhDeleteLayoutManager
PhBufferToHexString
PhGetPluginCallback
PhQueryValueKey
PhEqualStringRef
PhFindListViewItemByFlags
PhGetStringSetting
PhSetStringSetting2
PhSplitStringRefAtChar
PhGetListViewItemParam
PhFormatString
PhDivideSinglesBySingle
PhInitializeGraphState
PhConcatStrings2
PhSiSizeLabelYFunction
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetDrawInfoGraphBuffers
PhGetStatisticsTimeString
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhUnregisterCallback
PhRemoveStringBuilder
PhDrainAutoPool
PhFinalStringBuilderString
PhRegisterCallback
PhQueryRegistryString
PhInitializeAutoPool
PhConcatStringRef2
PhDeleteStringBuilder
PhProcessesUpdatedEvent
PhOpenKey
PhMainWndHandle
PhFormatSize
PhInitializeLayoutManager
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
NtQueryVolumeInformationFile
NtFsControlFile
NtQueryInformationProcess
NtDeviceIoControlFile
RtlGUIDFromString
LdrGetProcedureAddress
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtClose
RtlVirtualUnwind
RtlUnwindEx
kernel32
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
CloseHandle
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
CreateFileW
HeapAlloc
GetLogicalDrives
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
user32
DefWindowProcW
SetDlgItemTextW
GetParent
GetDlgItem
EnableWindow
GetCursorPos
CreateWindowExW
InvalidateRect
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
TranslateMessage
PostQuitMessage
SetForegroundWindow
IsIconic
RemovePropW
GetPropW
SendMessageW
SetPropW
comctl32
ord413
ord410
ord412
CreatePropertySheetPageW
advapi32
SystemFunction036
Sections
.text Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/NetworkTools.dll.dll windows:5 windows x64 arch:x64
708b686e80e093711f38091d787a01bd
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ad:4e:bf:30:7a:53:ea:24:c3:9a:27:62:54:01:bc:37:2d:a9:d7:d9:4e:11:84:11:6f:97:3c:e4:cb:dc:3f:9dSigner
Actual PE Digestad:4e:bf:30:7a:53:ea:24:c3:9a:27:62:54:01:bc:37:2d:a9:d7:d9:4e:11:84:11:6f:97:3c:e4:cb:dc:3f:9dDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\NetworkTools.pdb
Imports
processhacker.exe
WindowsVersion
PhReAllocate
PhCreateProcessWin32Ex
PhFormatString
PhApplicationFont
PhDivideSinglesBySingle
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
PhGetPluginCallback
PhGetPhVersion
PhSiSetColorsGraphDrawInfo
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhQueueItemWorkQueue
PhDeleteWorkQueue
PhSetGraphText
PhInitializeWorkQueue
PhProcessesUpdatedEvent
PhCreateBytesEx
PhMainWndHandle
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhCreateThread
PhSaveWindowPlacementToSetting
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhTerminateProcess
PhGetIntegerPairSetting
PhLoadWindowPlacementFromSetting
PhRemoveStringBuilder
PhDrainAutoPool
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
PhGetScalableIntegerPairSetting
PhAppendCharStringBuilder
PhInitializeAutoPool
PhCenterWindow
PhFree
PhDeleteStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilder
PhLayoutManagerLayout
PhDereferenceObject
PhShellExecute
PhSetIntegerSetting
PhGetIntegerSetting
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhFindEMenuItem
PhAddSettings
PhGetGeneralCallback
PhIndexOfEMenuItem
PhRegisterCallback
PhRegisterPlugin
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtReadFile
NtSetInformationObject
RtlOemStringToUnicodeString
RtlIpv6AddressToStringW
NtClose
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlUnwindEx
kernel32
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
SetLastError
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetFileType
LCMapStringW
IsValidCodePage
GetOEMCP
RaiseException
CreateFileW
CloseHandle
WriteConsoleW
MulDiv
GetStdHandle
CreatePipe
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
EnterCriticalSection
user32
SetWindowTextW
DialogBoxParamW
SetDlgItemInt
GetDlgItemInt
PostMessageW
GetDC
SetWindowLongPtrW
CreateWindowExW
GetSystemMetrics
GetWindowLongPtrW
DestroyIcon
SetDlgItemTextW
GetSysColorBrush
SystemParametersInfoW
LoadImageW
InvalidateRect
ReleaseDC
GetMessageW
CreateDialogParamW
DestroyWindow
GetPropW
SendMessageW
RemovePropW
GetDlgCtrlID
ShowWindow
DispatchMessageW
IsDialogMessageW
SetPropW
TranslateMessage
MapDialogRect
GetDlgItem
PostQuitMessage
GetParent
SetForegroundWindow
EndDialog
gdi32
SetBkColor
GetStockObject
DeleteObject
SetBkMode
GetDeviceCaps
CreateFontW
SelectObject
SetTextColor
advapi32
SystemFunction036
Sections
.text Size: 69KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/OnlineChecks.dll.dll windows:5 windows x64 arch:x64
04815c367f41620755869bb42bd07b00
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b9:df:1d:91:39:3a:2d:e9:e1:1e:06:e7:99:83:c8:a8:c0:e3:04:ed:ff:4c:80:58:1a:46:dd:f2:ff:a3:59:fdSigner
Actual PE Digestb9:df:1d:91:39:3a:2d:e9:e1:1e:06:e7:99:83:c8:a8:c0:e3:04:ed:ff:4c:80:58:1a:46:dd:f2:ff:a3:59:fdDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\OnlineChecks.pdb
Imports
processhacker.exe
PhMainWndHandle
PhCreateString
PhGetFileSize
PhQuerySystemTime
PhFormatSize
PhBufferToHexString
PhFormatString
PhAllocate
PhCreateThread
PhCountStringZ
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhGetPhVersion
WindowsVersion
PhDeleteAutoPool
PhGetBaseName
PhCreateFileWin32
PhCreateStringEx
PhDrainAutoPool
PhReAllocate
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhFree
PhDeleteStringBuilder
PhZeroExtendToUtf16Ex
PhDereferenceObject
PhShellExecute
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhFindEMenuItem
PhGetGeneralCallback
PhIndexOfEMenuItem
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlNtStatusToDosError
NtClose
NtReadFile
NtSetInformationFile
RtlRandomEx
RtlCaptureContext
kernel32
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
CreateFileW
GetLastError
MulDiv
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
GetACP
GetFileType
WideCharToMultiByte
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringW
GetLocaleInfoW
FreeLibrary
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
IsValidLocale
user32
GetDlgCtrlID
IsIconic
SetForegroundWindow
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
GetParent
SetPropW
TranslateMessage
GetDlgItem
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
ReleaseDC
gdi32
GetDeviceCaps
SetTextColor
SetBkMode
DeleteObject
CreateFontW
advapi32
SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
Sections
.text Size: 145KB - Virtual size: 145KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 55KB - Virtual size: 54KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 200B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/SbieSupport.dll.dll windows:5 windows x64 arch:x64
72ee8e9111090fd44c3cca631502d2bb
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
97:f3:af:2c:a2:fc:99:7a:77:7d:ae:4f:15:7a:06:6f:ba:fa:84:f0:66:d0:22:fd:d6:9a:35:0d:c9:f6:3e:e8Signer
Actual PE Digest97:f3:af:2c:a2:fc:99:7a:77:7d:ae:4f:15:7a:06:6f:ba:fa:84:f0:66:d0:22:fd:d6:9a:35:0d:c9:f6:3e:e8Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\SbieSupport.pdb
Imports
processhacker.exe
PhFindProcessNode
PhEnumHashtable
PhfAcquireQueuedLockExclusive
PhGetFileName
PhGetPluginCallback
PhRegisterPlugin
PhRegisterCallback
PhAutoDereferenceObject
PhUpdateProcessNode
PhSetStringSetting2
PhfAcquireQueuedLockShared
PhCreateHashtable
PhClearHashtable
PhGetGeneralCallback
PhAddEntryHashtable
PhMainWndHandle
PhInsertEMenuItem
PhShowConfirmMessage
PhfReleaseQueuedLockShared
PhOpenProcess
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhFindEntryHashtable
PhGetWindowText
PhSetFileDialogFilter
PhAppendFormatStringBuilder
PhCreateOpenFileDialog
PhfWakeForReleaseQueuedLock
PhAddSettings
PhGetStringSetting
PhGetFileDialogFileName
PhTerminateProcess
PhSetFileDialogFileName
ntdll
RtlCreateTimerQueue
LdrGetProcedureAddress
RtlCreateTimer
NtClose
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
kernel32
RaiseException
CreateFileW
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
LoadLibraryW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
user32
SetDlgItemTextW
EndDialog
GetDlgItem
DialogBoxParamW
advapi32
SystemFunction036
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/ToolStatus.dll.dll windows:5 windows x64 arch:x64
eb997c25e2337a8dceb7fa463ce2b04d
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a8:5f:08:7b:0f:7b:52:5b:0c:f8:79:b5:5b:0a:a7:12:b9:68:76:e2:5d:64:7f:e2:e0:f0:34:fa:0b:9d:51:70Signer
Actual PE Digesta8:5f:08:7b:0f:7b:52:5b:0c:f8:79:b5:5b:0a:a7:12:b9:68:76:e2:5d:64:7f:e2:e0:f0:34:fa:0b:9d:51:70Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\ToolStatus.pdb
Imports
uxtheme
GetThemeInt
IsThemeActive
OpenThemeData
CloseThemeData
processhacker.exe
PhSplitStringRefAtChar
PhCenterWindow
PhGlobalDpi
PhRemoveItemList
PhInsertItemList
PhAllocate
PhMainWndHandle
PhGetIntegerSetting
PhSetIntegerSetting
PhAddComboBoxStrings
WindowsVersion
PhGetStatisticsTimeString
PhGetStatisticsTime
PhDereferenceObject
PhFindProcessRecord
PhAutoDereferenceObject
PhFormatString_V
PhDereferenceProcessRecord
PhCopyCircularBuffer_FLOAT
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhSiSetColorsGraphDrawInfo
PhInitializeGraphState
PhDivideSinglesBySingle
PhSystemBasicInformation
PhFormatString
PhShowProcessRecordDialog
PhFormatSize
PhDeselectAllProcessNodes
PhCreateSimpleHashtable
PhSetFlagsEMenuItem
PhCreateProcessPropContext
PhGetOwnTokenAttributes
PhShowMessage
PhCreateAlloc
PhGetPluginCallback
PhReferenceObject
PhRegisterPlugin
PhReferenceProcessItem
PhGetFilterSupportNetworkTreeList
PhDestroyEMenu
PhDeselectAllServiceNodes
PhGetFilterSupportServiceTreeList
PhRegisterCallback
PhExpandAllProcessNodes
PhShowEMenu
PhFindItemSimpleHashtable
PhApplyTreeNewFilters
PhShowProcessProperties
PhRegisterMessageLoopFilter
PhIconToBitmap
PhAddTreeNewFilter
PhReferenceEmptyString
PhLoadIcon
PhCreateString
PhQuerySystemTime
PhClearList
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhStringToInteger64
PhGetStringSetting
PhSetStringSetting2
PhRemoveStringBuilder
PhFinalStringBuilderString
PhFormatUInt64
PhCreateList
PhfReleaseQueuedLockShared
PhDereferenceObjects
PhGetServiceTypeString
PhAddItemList
PhGetProtocolTypeName
PhfAcquireQueuedLockShared
PhFree
PhGetServiceErrorControlString
PhFindStringInStringRef
PhGetServiceStateString
PhGetProcessPriorityClassString
PhGetTcpStateName
PhGetServiceStartTypeString
PhSetImageListBitmap
PhAddItemSimpleHashtable
PhInsertEMenuItem
PhGetFilterSupportProcessTreeList
PhSetSelectThreadIdProcessPropContext
PhFindProcessNode
PhPluginGetSystemStatistics
PhEqualStringRef
PhCreateEMenuItem
PhGetWindowText
PhUiTerminateProcesses
PhConcatStrings2
PhCreateEMenu
PhInvokeCallback
PhAddSettings
PhGetGeneralCallback
kernel32
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
SetFilePointerEx
CloseHandle
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
WriteConsoleW
GetProcAddress
GetModuleHandleW
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceW
CreateFileW
RaiseException
IsDebuggerPresent
GetConsoleCP
user32
EnableWindow
DialogBoxParamW
GetSysColorBrush
DestroyIcon
GetParent
GetKeyState
GetDC
OffsetRect
GetCapture
RedrawWindow
TrackMouseEvent
PtInRect
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
GetMenu
SetWindowPos
SetWindowTextW
WindowFromPoint
LoadAcceleratorsW
IsChild
MapWindowPoints
SetFocus
TranslateAcceleratorW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
GetClientRect
ReleaseCapture
ReleaseDC
DrawTextW
DestroyWindow
IsWindowVisible
CreateWindowExW
ShowWindow
GetSystemMetrics
SetMenu
DrawMenuBar
InvalidateRect
GetPropW
FillRect
SendMessageW
EndDialog
RemovePropW
FrameRect
GetSysColor
SetPropW
GetDlgItem
GetCursorPos
gdi32
SetROP2
RestoreDC
Rectangle
BitBlt
SaveDC
CreateSolidBrush
CreateDIBSection
GetTextExtentPoint32W
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreatePen
CreateFontIndirectW
ole32
CoCreateInstance
comctl32
ord412
ImageList_SetImageCount
ord410
ord413
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_Add
ImageList_Replace
ntdll
RtlVirtualUnwind
RtlUnwindEx
RtlLookupFunctionEntry
RtlCaptureContext
advapi32
SystemFunction036
Sections
.text Size: 75KB - Virtual size: 75KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/Updater.dll.dll windows:5 windows x64 arch:x64
a4de2eec6f8b6d96d60cfa61bcaa6840
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f2:3d:e0:4a:39:d8:b0:4f:95:19:30:b3:72:cc:85:c3:24:a0:b7:37:1a:2d:c0:85:07:ad:08:81:c4:d1:92:68Signer
Actual PE Digestf2:3d:e0:4a:39:d8:b0:4f:95:19:30:b3:72:cc:85:c3:24:a0:b7:37:1a:2d:c0:85:07:ad:08:81:c4:d1:92:68Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\Updater.pdb
Imports
processhacker.exe
PhMainWndHandle
PhInitializeHash
PhQuerySystemTime
PhFormatSize
PhFinalHash
PhOpenKey
PhBufferToHexString
PhFormatString
PhfWaitForEvent
mxmlLoadString
PhIconToBitmap
PhAllocate
PhVerifyFile
PhCreateThread
PhGetFullPath
mxmlFindElement
PhEqualStringRef
PhConcatStrings2
PhFormatGuid
PhStringToInteger64
WindowsVersion
PhDeleteAutoPool
PhGetStringSetting
PhShowStatus
PhGetPhVersionNumbers
PhUpdateHash
PhSetStringSetting2
PhGenerateGuid
PhCreateFileWin32
PhSplitStringRefAtChar
PhCreateStringEx
PhDrainAutoPool
PhfSetEvent
PhFormatString_V
PhAutoDereferenceObject
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhCenterWindow
PhFree
PhReferenceObject
mxmlDelete
PhDereferenceObject
PhGetOwnTokenAttributes
PhShellExecute
PhfResetEvent
PhFormatUInt64
PhSetIntegerSetting
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhAddSettings
PhReferenceEmptyString
PhGetGeneralCallback
PhRegisterCallback
PhGetIntegerSetting
PhRegisterPlugin
PhGetPluginCallback
PhConvertUtf8ToUtf16
ntdll
RtlLookupFunctionEntry
RtlVirtualUnwind
NtWriteFile
NtClose
RtlUnwindEx
RtlCaptureContext
kernel32
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetLastError
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
MultiByteToWideChar
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
HeapFree
HeapAlloc
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
TerminateProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
GetProcAddress
CreateFileW
WriteConsoleW
GetTempPathW
Sleep
GetLastError
MulDiv
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
WideCharToMultiByte
user32
EndDialog
GetDlgItem
DialogBoxParamW
GetDlgCtrlID
GetMessageW
CreateDialogParamW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
RemovePropW
GetSystemMetrics
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
PostMessageW
SetDlgItemTextW
SendDlgItemMessageW
SetPropW
TranslateMessage
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
LoadImageW
IsIconic
ReleaseDC
EnableWindow
SendMessageW
gdi32
DeleteObject
SetTextColor
GetDeviceCaps
CreateFontW
SetBkMode
shell32
ShellExecuteExW
SHCreateDirectoryExW
advapi32
SystemFunction036
Sections
.text Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 42KB - Virtual size: 41KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/UserNotes.dll.dll windows:5 windows x64 arch:x64
dc18317fe7617feca1007aefae7060a6
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ba:80:61:a0:b7:8d:b5:d0:5d:ec:68:e7:74:2e:07:71:a7:ec:7a:fb:13:8b:9a:20:72:5b:bf:d5:09:f7:09:ecSigner
Actual PE Digestba:80:61:a0:b7:8d:b5:d0:5d:ec:68:e7:74:2e:07:71:a7:ec:7a:fb:13:8b:9a:20:72:5b:bf:d5:09:f7:09:ecDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\UserNotes.pdb
Imports
uxtheme
EnableThemeDialogTexture
processhacker.exe
PhInvalidateAllProcessNodes
PhOpenProcess
PhPluginAddMenuHook
PhInitializeLayoutManager
PhInsertEMenuItem
PhMainWndHandle
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhInitializeStringBuilder
PhGetWindowText
PhFindEntryHashtable
PhDereferenceObject
mxmlDelete
PhEnumHashtable
mxmlNewOpaque
PhfAcquireQueuedLockExclusive
PhConvertUtf8ToUtf16
mxmlElementSetAttr
PhReferenceObject
PhFree
PhInitializeAutoPool
PhAutoDereferenceObject
PhDrainAutoPool
PhPropPageDlgProcHeader
PhCompareStringRef
PhCreateStringEx
PhCreateFileWin32
PhSetFileDialogFilter
PhFindEMenuItem
PhAppendFormatStringBuilder
PhGetPluginInformation
PhCreateOpenFileDialog
PhAddSettings
PhGetStringSetting
PhGetFileDialogFileName
PhSetFileDialogFileName
PhGetGeneralCallback
PhFindPlugin
PhSetStringSetting2
PhPluginSetObjectExtension
PhSplitStringRefAtChar
PhAddProcessPropPage
PhGetSelectedProcessItems
PhRemoveStringBuilder
PhPropPageDlgProcDestroy
PhDoPropPageLayout
PhFinalStringBuilderString
PhAddLayoutItem
PhFormatString_V
PhProcessModifiedEvent
PhRegisterCallback
ProcessQueryAccess
PhCenterWindow
PhGetSelectedProcessItem
PhConcatStringRef2
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhGetFileName
PhCreateProcessPropPageContextEx
PhExpandEnvironmentStrings
PhPluginGetObjectExtension
PhProcessesUpdatedEvent
PhLayoutManagerLayout
PhDuplicateProcessNodeList
PhAddPropPageLayoutItem
PhGetApplicationDirectory
PhIntegerToString64
mxmlSaveFd
PhHashStringRef
PhGetFileSize
mxmlNewElement
PhAllocate
PhGetFullPath
mxmlLoadFd
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhAddEntryHashtableEx
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhDeleteAutoPool
PhReferenceEmptyString
PhCreateHashtable
PhDeleteLayoutManager
ntdll
RtlCaptureContext
RtlVirtualUnwind
RtlDetermineDosPathNameType_U
NtQueryInformationProcess
NtClose
NtSetInformationProcess
RtlLookupFunctionEntry
RtlUnwindEx
user32
MessageBoxW
GetPropW
SetWindowLongPtrW
SendMessageW
EndDialog
SetWindowTextW
SetDlgItemTextW
SetPropW
GetDlgItem
DialogBoxParamW
EnableWindow
RemovePropW
comdlg32
ChooseColorW
shell32
SHCreateDirectoryExW
comctl32
CreatePropertySheetPageW
kernel32
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
WriteFile
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ExitProcess
WriteConsoleW
CreateFileW
RaiseException
SetFilePointerEx
advapi32
SystemFunction036
Sections
.text Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/plugins/WindowExplorer.dll.dll windows:5 windows x64 arch:x64
807c2a5324cd8c3d21e70814ac733d28
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a1:8c:eb:35:82:9e:7f:f3:23:3f:a9:5a:42:21:55:19:bc:29:dd:e7:55:f0:92:b1:e7:34:45:2e:a9:a3:f2:12Signer
Actual PE Digesta1:8c:eb:35:82:9e:7f:f3:23:3f:a9:5a:42:21:55:19:bc:29:dd:e7:55:f0:92:b1:e7:34:45:2e:a9:a3:f2:12Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release64\plugins\WindowExplorer.pdb
Imports
ntdll
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryInformationProcess
NtMapViewOfSection
NtWaitForSingleObject
NtOpenSection
RtlCreateSecurityDescriptor
NtUnmapViewOfSection
RtlCreateAcl
NtCreateMutant
NtSetEvent
NtCreateEvent
NtClose
RtlAddAce
NtSetSecurityObject
NtOpenEvent
RtlSubAuthoritySid
NtReleaseMutant
NtCreateSection
RtlInitializeSid
NtResetEvent
RtlSetSaclSecurityDescriptor
NtOpenMutant
kernel32
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetModuleHandleW
GetProcAddress
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
GetConsoleMode
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW
DeleteCriticalSection
user32
GetKeyState
GetMessageW
GetClassWord
CallWindowProcW
GetMenu
MonitorFromRect
CreateWindowExW
DispatchMessageW
GetWindowInfo
GetMonitorInfoW
GetDlgCtrlID
PeekMessageW
SetDlgItemTextW
MapWindowPoints
TranslateMessage
PostThreadMessageW
GetWindowLongW
CreateDialogParamW
ShowWindowAsync
PostMessageW
FindWindowExW
DestroyWindow
IsWindowVisible
SetWindowPos
GetPropW
SetWindowLongPtrW
SendMessageW
RemovePropW
SetWindowTextW
GetWindowPlacement
ShowWindow
CloseDesktop
SetTimer
RedrawWindow
GetLayeredWindowAttributes
IsWindowEnabled
MoveWindow
SetLayeredWindowAttributes
SetPropW
EnumDesktopWindows
MapDialogRect
GetDlgItem
KillTimer
GetDesktopWindow
OpenDesktopW
SetForegroundWindow
EnableWindow
GetWindowRect
GetSystemMetrics
GetWindowDC
ReleaseDC
EnumDesktopsW
GetProcessWindowStation
GetWindowThreadProcessId
GetClassLongPtrA
CallNextHookEx
GetWindowLongPtrW
GetClassLongPtrW
UnhookWindowsHookEx
SendNotifyMessageW
GetClassNameW
SetWindowsHookExW
GetWindowLongPtrA
GetClassInfoExW
IsWindowUnicode
RegisterWindowMessageW
EnumPropsExW
gdi32
DeleteObject
RestoreDC
Rectangle
CreatePen
GetStockObject
SelectObject
SaveDC
SetROP2
advapi32
SystemFunction036
Sections
.text Size: 62KB - Virtual size: 61KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/ProcessHacker.exe.exe windows:5 windows x86 arch:x86
04de0ad9c37eb7bd52043d2ecac958df
Code Sign
0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate
IssuerCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/02/2011, 12:00Not After10/02/2026, 12:00SubjectCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1Signer
Actual PE Digest04:0d:50:34:d9:d5:b2:74:e3:7b:42:9c:b2:20:c0:e4:f0:a0:be:42:30:5f:68:9d:f1:2c:5e:79:08:f0:27:e1Digest Algorithmsha256PE Digest Matchestruebe:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3Signer
Actual PE Digestbe:c9:d8:3f:06:9b:df:1c:14:7d:4a:b1:44:ad:e3:46:1e:7a:46:c3Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Projects\processhacker2\bin\Release32\ProcessHacker.pdb
Imports
ntdll
NtCreateTimer
NtAlertThread
NtSetTimer
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlLengthSecurityDescriptor
NtCreateSemaphore
LdrGetProcedureAddress
NtQueryObject
NtClearEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlGetVersion
NtDeviceIoControlFile
NtSetInformationObject
NtQueryFullAttributesFile
NtQueryValueKey
NtOpenFile
NtQuerySecurityObject
NtOpenSection
NtQueryDirectoryFile
NtCreateFile
NtCreateKey
RtlCreateUserThread
NtQueryDirectoryObject
NtFsControlFile
NtOpenDirectoryObject
RtlPrefixUnicodeString
NtSetSecurityObject
NtOpenProcess
NtQuerySymbolicLinkObject
RtlConvertSidToUnicodeString
NtOpenKey
NtQueueApcThread
NtUnloadDriver
RtlEqualUnicodeString
NtOpenSymbolicLinkObject
NtOpenThread
NtDeleteKey
NtQueryKey
NtGetContextThread
NtQueryInformationFile
NtFlushBuffersFile
NtLockFile
NtSetInformationFile
NtUnlockFile
RtlInterlockedPopEntrySList
RtlUnicodeToMultiByteSize
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
RtlUpcaseUnicodeChar
RtlUnicodeToMultiByteN
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
RtlCreateUserProcess
RtlNtStatusToDosError
RtlCreateProcessParameters
NtFilterToken
RtlStringFromGUID
RtlFindMessage
NtQueryAttributesFile
RtlAddAce
RtlDestroyProcessParameters
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
RtlGetAce
RtlRandomEx
NtDuplicateToken
RtlGetFullPathName_U
NtSetInformationToken
NtPowerInformation
NtTestAlert
NtOpenThreadToken
RtlTimeToSecondsSince1980
RtlEqualSid
RtlSecondsSince1980ToTime
NtIsProcessInJob
RtlFirstEntrySList
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
NtCompleteConnectPort
RtlSetDaclSecurityDescriptor
RtlSubAuthoritySid
NtCreatePort
RtlInitializeSid
RtlLengthRequiredSid
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
RtlValidSid
NtConnectPort
NtRequestWaitReplyPort
NtSuspendThread
NtQueryInformationProcess
NtRemoveProcessDebug
NtTerminateThread
NtResumeProcess
RtlAbsoluteToSelfRelativeSD
RtlLengthSid
RtlUnwind
NtCreateSection
NtQueryMutant
NtReleaseSemaphore
NtSetHighEventPair
NtQueryEvent
NtQuerySemaphore
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
NtResetEvent
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlInterlockedFlushSList
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlSecondsSince1970ToTime
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
NtQueryVirtualMemory
NtProtectVirtualMemory
NtSetSystemInformation
NtWriteVirtualMemory
NtQueryInformationToken
NtCreateMutant
NtOpenProcessToken
NtAdjustPrivilegesToken
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryInformationJobObject
NtMapViewOfSection
NtQuerySection
RtlSetHeapInformation
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlQueryEnvironmentVariable_U
NtQueryPerformanceCounter
RtlDeleteCriticalSection
NtTerminateProcess
NtSetValueKey
RtlDetermineDosPathNameType_U
NtDeleteValueKey
NtAddAtom
RtlGUIDFromString
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtQuerySystemInformation
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtDelayExecution
NtSetInformationThread
NtFreeVirtualMemory
winsta
WinStationSendMessageW
WinStationShadow
WinStationGetAllProcesses
WinStationFreeGAPMemory
WinStationRegisterConsoleNotification
WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationReset
WinStationDisconnect
WinStationConnectW
comctl32
ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ImageList_Remove
CreatePropertySheetPageW
InitCommonControlsEx
PropertySheetW
ImageList_Replace
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
uxtheme
IsThemeActive
GetThemeInt
SetWindowTheme
CloseThemeData
DrawThemeBackground
OpenThemeData
IsThemePartDefined
EnableThemeDialogTexture
kernel32
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
CreateFileW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
ReadFile
SizeofResource
LockResource
GlobalAlloc
GlobalFree
LoadResource
FindResourceW
GlobalLock
GlobalUnlock
LocalAlloc
VirtualQuery
GlobalSize
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
GetStdHandle
WriteFile
WideCharToMultiByte
GetModuleHandleExW
HeapFree
CreateRemoteThread
CreateThread
GetDateFormatW
GetTimeFormatW
GetNumberFormatW
GetSystemDefaultLangID
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLangID
SearchPathW
LocalFree
SetLastError
GetComputerNameW
TlsGetValue
TlsAlloc
TlsSetValue
FreeLibrary
LoadLibraryW
SetProcessShutdownParameters
ExitProcess
SetErrorMode
GetTickCount
AllocConsole
GetConsoleWindow
FreeConsole
SetConsoleCtrlHandler
CreateProcessW
FileTimeToLocalFileTime
FileTimeToSystemTime
ReadConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
WriteConsoleW
DecodePointer
RaiseException
HeapAlloc
GetModuleHandleW
GetProcAddress
GetLastError
user32
ReleaseCapture
PtInRect
SetScrollPos
ShowCaret
EnableScrollBar
SetCapture
DestroyCaret
DragDetect
GetClipboardData
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
GetDCEx
BeginPaint
ScreenToClient
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
GetCapture
GetAsyncKeyState
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
GetIconInfo
EndPaint
EmptyClipboard
CloseClipboard
OpenClipboard
GetActiveWindow
GetFocus
TrackPopupMenu
DestroyMenu
CreatePopupMenu
FrameRect
InsertMenuItemW
DialogBoxParamW
SetDlgItemTextW
EndDialog
LockWorkStation
ExitWindowsEx
SendMessageW
IsWindowVisible
EnableWindow
GetParent
GetDlgItem
SetPropW
IsWindowEnabled
RemovePropW
GetPropW
GetClassNameW
GetWindowThreadProcessId
IsIconic
InvalidateRect
SetForegroundWindow
GetClientRect
SetWindowLongW
FindWindowW
SetLayeredWindowAttributes
MoveWindow
ClientToScreen
GetMonitorInfoW
GetWindowInfo
RedrawWindow
ShowWindow
GetSubMenu
GetWindowPlacement
GetMenuItemCount
MonitorFromRect
SetWindowPos
GetMenu
FindWindowExW
PostMessageW
GetKeyState
GetMenuItemInfoW
GetWindowLongW
MapWindowPoints
SetWindowTextW
GetWindowRect
MapDialogRect
DestroyIcon
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
SetCursor
LoadCursorW
CreateDialogParamW
GetSysColorBrush
GetSysColor
CopyIcon
SetDlgItemInt
SetTimer
DestroyWindow
ReleaseDC
SystemParametersInfoW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
DispatchMessageW
LoadAcceleratorsW
GetSystemMetrics
GetDC
SendMessageTimeoutW
GetMessageW
LoadImageW
UpdateWindow
PostQuitMessage
KillTimer
AppendMenuW
EndDeferWindowPos
DrawMenuBar
LoadIconW
SetFocus
SetMenuInfo
SetMenuItemInfoW
BeginDeferWindowPos
IsWindow
RegisterClassExW
CreateWindowExW
ShowWindowAsync
LoadMenuW
DefWindowProcW
DeferWindowPos
GetCursorPos
DrawIconEx
DrawTextW
TrackMouseEvent
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
CallWindowProcW
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
FillRect
GetDlgItemInt
GetGuiResources
GetWindowTextLengthW
OpenWindowStationW
GetProcessWindowStation
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CloseWindowStation
EnumDesktopsW
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
GetWindowTextW
CreateDialogIndirectParamW
GetDesktopWindow
SetClipboardData
InternalGetWindowText
gdi32
GetDeviceCaps
CreateFontW
DeleteObject
GetTextColor
GetTextExtentPoint32W
GetTextMetricsW
SelectObject
SetDCPenColor
SetDCBrushColor
Polyline
GetStockObject
CreateCompatibleDC
CreateDIBSection
DeleteDC
BitBlt
SetTextColor
Rectangle
GetCharWidthW
TextOutW
SetBoundsRect
CreateCompatibleBitmap
GdiAlphaBlend
IntersectClipRect
CombineRgn
RestoreDC
ExcludeClipRect
SelectClipRgn
GetClipRgn
SaveDC
GetDIBits
SetBkColor
GetObjectW
CreateRectRgn
CreateFontIndirectW
SetBkMode
comdlg32
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
ChooseFontW
advapi32
LogonUserW
SystemFunction036
SetSecurityInfo
GetSecurityInfo
LsaLookupSids
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaLookupPrivilegeName
StartServiceW
ControlService
DeleteService
CloseServiceHandle
LsaClose
LsaAddAccountRights
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
CreateServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
LsaFreeMemory
LsaEnumerateAccounts
RegisterServiceCtrlHandlerExW
OpenServiceW
QueryServiceConfig2W
CreateProcessAsUserW
EnumServicesStatusExW
LsaEnumeratePrivilegesOfAccount
LsaOpenAccount
CreateProcessWithLogonW
QueryServiceConfigW
shell32
SHGetFileInfoW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
ExtractIconExW
DuplicateIcon
ole32
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
oleaut32
SysFreeString
Exports
Exports
PhAddComboBoxStrings
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewItem
PhAddTabControlTab
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilderEx
PhApplicationFont
PhAutoDereferenceObject
PhBufferToHexString
PhBufferToHexStringEx
PhCenterRectangle
PhCenterWindow
PhClearArray
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearList
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateEMenu
PhCreateEMenuItem
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateKey
PhCreateList
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateSimpleHashtable
PhCreateString
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhDecodeUnicodeDecoder
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteFastLock
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteStringBuilder
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceObjects
PhDestroyEMenu
PhDestroyEMenuItem
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDosErrorToNtStatus
PhDrainAutoPool
PhDrawGraphDirect
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumGenericModules
PhEnumHandles
PhEnumHandlesEx
PhEnumHashtable
PhEnumKernelModules
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessModules
PhEnumProcessModules32
PhEnumProcessModules32Ex
PhEnumProcessModulesEx
PhEnumProcesses
PhEnumProcessesEx
PhEnumProcessesForSession
PhEnumServices
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindIntegerSiKeyValuePairs
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindLoaderEntry
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindStringInStringRef
PhFindStringSiKeyValuePairs
PhFlushFileStream
PhFormat
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreePage
PhFreeToFreeList
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGetAccessEntries
PhGetAccessString
PhGetApplicationDirectory
PhGetApplicationFileName
PhGetBaseName
PhGetComboBoxString
PhGetDllFileName
PhGetDrawInfoGraphBuffers
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileName
PhGetFileShellIcon
PhGetFileSize
PhGetFileVersionInfo
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFullPath
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetJobProcessIdList
PhGetKernelFileName
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetMessage
PhGetModuleFromAddress
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetOwnTokenAttributes
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessMappedFileName
PhGetProcessPebString
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetServiceConfig
PhGetServiceDelayedAutoStart
PhGetServiceDescription
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetStockApplicationIcon
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemRoot
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowText
PhGetWindowTextEx
PhGlobalDpi
PhGraphStateGetDrawInfo
PhHashBytes
PhHashStringRef
PhHeapHandle
PhHexStringToBuffer
PhIconToBitmap
PhImpersonateClientOfNamedPipe
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeLayoutManager
PhInitializeStringBuilder
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInjectDllProcess
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder
PhInsertStringBuilder2
PhInsertStringBuilderEx
PhIntegerToString64
PhInvokeCallback
PhIsExecutablePacked
PhIsExecutingInWow64
PhLayoutManagerLayout
PhLibImageBase
PhListenNamedPipe
PhLoadIcon
PhLoadListViewColumnSettings
PhLoadModuleSymbolProvider
PhLoadResourceEMenuItem
PhLocalTimeToSystemTime
PhLockFileStream
PhLoggedCallback
PhLookupName
PhLookupPrivilegeDisplayName
PhLookupPrivilegeName
PhLookupPrivilegeValue
PhLookupSid
PhLowerBoundElementAvlTree
PhLowerDualBoundElementAvlTree
PhMainWndHandle
PhMapFlags1
PhMapFlags2
PhMatchWildcards
PhMaximumElementAvlTree
PhMinimumElementAvlTree
PhModalPropertySheet
PhModifyEMenuItem
PhNetworkItemAddedEvent
PhNetworkItemModifiedEvent
PhNetworkItemRemovedEvent
PhNetworkItemsUpdatedEvent
PhNtStatusFileNotFound
PhNtStatusToDosError
PhOpenKey
PhOpenLsaPolicy
PhOpenProcess
PhOpenService
PhOpenThread
PhOpenThreadProcess
PhOsVersion
PhParseCommandLine
PhParseCommandLineFuzzy
PhParseCommandLinePart
PhPeekNamedPipe
PhPredecessorElementAvlTree
PhPrintTimeSpan
PhProcessAddedEvent
PhProcessModifiedEvent
PhProcessRemovedEvent
PhProcessesUpdatedEvent
PhQueryFullAttributesFileWin32
PhQueryKey
PhQueryRegistryString
PhQueryServiceVariableSize
PhQuerySystemTime
PhQueryTimeZoneBias
PhQueryValueKey
PhQueueItemWorkQueue
PhQueueItemWorkQueueEx
PhReAllocate
PhReAllocateSafe
PhReadFileStream
PhReferenceEmptyString
PhReferenceObject
PhReferenceObjectEx
PhReferenceObjectSafe
PhReferenceObjects
PhRegisterCallback
PhRegisterCallbackEx
PhRemoveAllEMenuItems
PhRemoveEMenuItem
PhRemoveElementAvlTree
PhRemoveEntryHashtable
PhRemoveItemArray
PhRemoveItemList
PhRemoveItemPointerList
PhRemoveItemSimpleHashtable
PhRemoveItemsArray
PhRemoveItemsList
PhRemoveListViewItem
PhRemoveStringBuilder
PhResizeArray
PhResizeCircularBuffer_FLOAT
PhResizeCircularBuffer_PVOID
PhResizeCircularBuffer_ULONG
PhResizeCircularBuffer_ULONG64
PhResizeList
PhResolveDevicePrefix
PhRoundUpToPowerOfTwo
PhSaveListViewColumnSettings
PhSeekFileStream
PhSelectComboBoxString
PhServiceAddedEvent
PhServiceModifiedEvent
PhServiceRemovedEvent
PhServicesUpdatedEvent
PhSetClipboardString
PhSetControlTheme
PhSetExtendedListView
PhSetFileDialogFileName
PhSetFileDialogFilter
PhSetFileDialogOptions
PhSetFileSize
PhSetFlagsAllEMenuItems
PhSetFlagsEMenuItem
PhSetGraphText
PhSetHeaderSortIcon
PhSetImageListBitmap
PhSetListViewItemImageIndex
PhSetListViewSubItem
PhSetObjectSecurity
PhSetOptionsSymbolProvider
PhSetSeObjectSecurity
PhSetSearchPathSymbolProvider
PhSetServiceDelayedAutoStart
PhSetStateAllListViewItems
PhSetTokenIsVirtualizationEnabled
PhSetTokenPrivilege
PhSetTokenPrivilege2
PhSetTokenSessionId
PhShellExecute
PhShellExecuteEx
PhShellExploreFile
PhShellOpenKey
PhShellProperties
PhShowConfirmMessage
PhShowContinueStatus
PhShowEMenu
PhShowFileDialog
PhShowMessage
PhShowMessage_V
PhShowStatus
PhSidToStringSid
PhSplitStringRefAtChar
PhSplitStringRefAtLastChar
PhSplitStringRefAtString
PhSplitStringRefEx
PhStackWalk
PhStdGetClientIdName
PhStdGetObjectSecurity
PhStdSetObjectSecurity
PhStringToDouble
PhStringToInteger64
PhSuccessorElementAvlTree
PhSystemBasicInformation
PhSystemTimeToLocalTime
PhTerminateProcess
PhTransceiveNamedPipe
PhTrimStringRef
PhUnloadDllProcess
PhUnloadDriver
PhUnlockFileStream
PhUnregisterCallback
PhUpdateDosDevicePrefixes
PhUpdateHash
PhUpdateMupDevicePrefixes
PhUpperBoundElementAvlTree
PhUpperDualBoundElementAvlTree
PhVerifyFile
PhVerifyFileStream
PhWaitForNamedPipe
PhWaitForWorkQueue
PhWalkThreadStack
PhWriteFileStream
PhWriteMiniDumpProcess
PhWriteStringAsUtf8FileStream
PhWriteStringAsUtf8FileStream2
PhWriteStringAsUtf8FileStreamEx
PhWriteStringFormatAsUtf8FileStream
PhWriteStringFormatAsUtf8FileStream_V
PhWriteUnicodeDecoder
Sections
.text Size: 865KB - Virtual size: 864KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 243KB - Virtual size: 243KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 228B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 239KB - Virtual size: 239KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 50KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/ProcessHacker.sig
-
x86/kprocesshacker.sys.sys windows:6 windows x86 arch:x86
f4bb5c922d37f0e22b46ddcb970a0a3a
Code Sign
0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate
IssuerCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:20:4d:b4:00:00:00:00:00:27Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/04/2011, 19:45Not After15/04/2021, 19:55SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/02/2011, 12:00Not After10/02/2026, 12:00SubjectCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:20:4d:b4:00:00:00:00:00:27Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/04/2011, 19:45Not After15/04/2021, 19:55SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
57:98:20:57:ba:e3:80:8a:bd:34:17:d0:82:7f:cf:59:6f:97:9f:82:4c:ff:14:9b:2f:8c:dc:f2:5b:86:39:6fSigner
Actual PE Digest57:98:20:57:ba:e3:80:8a:bd:34:17:d0:82:7f:cf:59:6f:97:9f:82:4c:ff:14:9b:2f:8c:dc:f2:5b:86:39:6fDigest Algorithmsha256PE Digest Matchestrue63:3d:86:e3:de:24:2f:57:82:4a:48:82:99:25:ae:95:57:07:83:11Signer
Actual PE Digest63:3d:86:e3:de:24:2f:57:82:4a:48:82:99:25:ae:95:57:07:83:11Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\projects\processhacker2\kprocesshacker\bin\i386\kprocesshacker.pdb
Imports
ntoskrnl.exe
RtlGetVersion
PsReleaseProcessExitSynchronization
PsAcquireProcessExitSynchronization
ExfUnblockPushLock
ObGetObjectType
ExEnumHandleTable
ObfDereferenceObject
ObReferenceObjectByHandle
PsProcessType
ObQueryNameString
KeUnstackDetachProcess
ObSetHandleAttributes
KeStackAttachProcess
PsInitialSystemProcess
ObOpenObjectByName
IoFileObjectType
ObOpenObjectByPointer
IoDriverObjectType
RtlEqualUnicodeString
ZwQueryInformationThread
ZwQueryInformationProcess
ExAllocatePoolWithQuotaTag
ZwQueryObject
PsLookupProcessByProcessId
PsLookupProcessThreadByCid
PsDereferencePrimaryToken
SeTokenObjectType
PsReferencePrimaryToken
PsJobType
ProbeForRead
ZwTerminateProcess
IoGetCurrentProcess
KeGetCurrentThread
PsThreadType
PsLookupThreadByThreadId
IoThreadToProcess
RtlWalkFrameChain
KeSetEvent
KeWaitForSingleObject
KeInsertQueueApc
KeInitializeApc
ZwQuerySystemInformation
ZwQueryVirtualMemory
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
SeLocateProcessImageName
MmHighestUserAddress
RtlRandomEx
KeQueryInterruptTime
KeDelayExecutionThread
MmUnlockPages
MmUnmapLockedPages
ExRaiseStatus
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmIsAddressValid
KeTickCount
KeBugCheckEx
RtlUnwind
IoCreateDevice
ProbeForWrite
memcpy
RtlInitUnicodeString
ZwOpenKey
ZwClose
ZwQueryValueKey
ExFreePoolWithTag
memset
PsGetCurrentProcessId
SePrivilegeCheck
ExAllocatePoolWithTag
IofCompleteRequest
IoDeleteDevice
PsGetProcessJob
KeInitializeEvent
hal
KfLowerIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfRaiseIrql
ksecdd.sys
BCryptCreateHash
BCryptFinishHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptVerifySignature
BCryptDestroyHash
BCryptImportKeyPair
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 460B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 760B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/peview.exe.exe windows:5 windows x86 arch:x86
18b893d812345fefafd644b870f18c61
Code Sign
0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate
IssuerCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate
IssuerCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2014, 00:00Not After22/10/2024, 00:00SubjectCN=DigiCert Timestamp Responder,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/02/2011, 12:00Not After10/02/2026, 12:00SubjectCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before10/11/2006, 00:00Not After10/11/2021, 00:00SubjectCN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f1:18:37:f1:d6:ef:25:08:a7:0a:cd:46:90:ca:7f:ba:63:64:95:b0:20:67:e9:d1:f8:d1:0f:3e:3b:5a:77:9aSigner
Actual PE Digestf1:18:37:f1:d6:ef:25:08:a7:0a:cd:46:90:ca:7f:ba:63:64:95:b0:20:67:e9:d1:f8:d1:0f:3e:3b:5a:77:9aDigest Algorithmsha256PE Digest Matchestrue9d:43:78:67:ff:93:b1:11:4c:0b:8f:71:36:fd:c8:07:45:a2:08:10Signer
Actual PE Digest9d:43:78:67:ff:93:b1:11:4c:0b:8f:71:36:fd:c8:07:45:a2:08:10Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Projects\processhacker2\bin\Release32\peview.pdb
Imports
ntdll
NtCreateFile
NtQueryInformationFile
RtlRaiseStatus
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlUnwind
NtSetEvent
NtCreateEvent
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
NtReleaseSemaphore
NtCreateSemaphore
NtSetInformationThread
NtMapViewOfSection
NtCreateSection
RtlCreateHeap
RtlGetVersion
NtQuerySystemInformation
NtAddAtom
LdrGetProcedureAddress
NtWaitForSingleObject
RtlNtStatusToDosError
RtlFindMessage
NtClose
RtlDosPathNameToNtPathName_U
NtUnmapViewOfSection
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlSecondsSince1970ToTime
uxtheme
SetWindowTheme
EnableThemeDialogTexture
kernel32
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
IsValidCodePage
GetCPInfo
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
WideCharToMultiByte
WriteFile
GetStdHandle
GetACP
MultiByteToWideChar
GetStringTypeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
TlsFree
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
VirtualQuery
ExitProcess
SetLastError
GlobalUnlock
GlobalLock
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
RaiseException
CreateFileW
FreeLibrary
GlobalFree
GlobalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsSetValue
TlsAlloc
TlsGetValue
CreateThread
GetUserDefaultLangID
GetLocaleInfoW
GetSystemDefaultLangID
GetLastError
LoadLibraryW
GetProcAddress
GetTimeFormatW
GetModuleHandleW
GetDateFormatW
user32
CallWindowProcW
GetPropW
RemovePropW
SetPropW
GetParent
GetDlgItem
SendMessageW
ReleaseDC
GetDC
GetKeyState
SetWindowLongW
SetDlgItemTextW
ShowWindow
PostMessageW
MoveWindow
GetMonitorInfoW
MonitorFromWindow
MessageBoxW
GetWindowRect
InvalidateRect
GetClientRect
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowPos
GetWindowLongW
SetCursor
gdi32
SelectObject
GetDeviceCaps
comdlg32
GetSaveFileNameW
GetOpenFileNameW
advapi32
SystemFunction036
shell32
SHGetFileInfoW
ExtractIconExW
SHGetFolderPathW
ole32
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
comctl32
PropertySheetW
CreatePropertySheetPageW
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
Sections
.text Size: 133KB - Virtual size: 133KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 228B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/DotNetTools.dll.dll windows:5 windows x86 arch:x86
e17ba1da8b79afe0943501b2878fa8aa
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
16:97:f5:3c:1c:9b:91:67:27:f3:3f:9c:4e:83:8f:30:6e:8a:ca:b8:74:77:fa:ff:89:b7:b9:b2:9c:63:72:9fSigner
Actual PE Digest16:97:f5:3c:1c:9b:91:67:27:f3:3f:9c:4e:83:8f:30:6e:8a:ca:b8:74:77:fa:ff:89:b7:b9:b2:9c:63:72:9fDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\DotNetTools.pdb
Imports
uxtheme
EnableThemeDialogTexture
processhacker.exe
_PhPluginGetObjectExtension@12
_PhPluginAddTreeNewColumn@24
PhAddItemSimpleHashtable
PhRemoveItemSimpleHashtable
PhfWakeForReleaseQueuedLock
PhFindItemSimpleHashtable
PhfAcquireQueuedLockExclusive
PhCreateSimpleHashtable
PhFormatToBuffer
PhFormatSize
PhSetListViewSubItem
PhAddListViewColumn
_PhLoadListViewColumnsFromSetting@8
_PhAddPropPageLayoutItem@16
PhUnregisterCallback
_PhSaveListViewColumnsToSetting@8
_PhHandleListViewNotifyForCopy@8
PhAddListViewItem
PhAddComboBoxStrings
_PhSetIntegerSetting@8
_PhGetIntegerSetting@4
PhFormatUInt64
PhGetProcessIsDotNet
_PhAddSettings@8
_PhGetGeneralCallback@4
PhSetFlagsEMenuItem
_PhGetProcessIsSuspended@4
PhDereferenceObject
PhAppendStringBuilder2
PhShowMessage
PhEnumProcesses
_PhCreateProcessPropPageContextEx@16
_PhPluginSetObjectExtension@20
PhRegisterCallback
_PhRegisterPlugin@12
_PhGetPluginCallback@8
WindowsVersion
PhFormatString_V
PhAutoDereferenceObject
PhEnumProcessModules
PhGetSystemRoot
PhOpenProcess
PhfEndInitOnce
ProcessQueryAccess
PhOpenThread
PhConcatStringRef2
PhfBeginInitOnce
PhFindLastCharInStringRef
PhCreateList
PhCreateString
PhGetTreeNewText
PhSetControlTheme
PhFormatString
PhAllocate
PhCreateThread
PhFindProcessInformation
PhLoadResourceEMenuItem
PhCountStringZ
PhInitializeStringBuilder
_PhCmLoadSettings@8
_PhPropPageDlgProcHeader@24
PhCompareStringRef
PhConcatStrings2
PhCreateEMenu
PhAddItemList
PhGetWin32Message
PhShellExploreFile
_PhGetStringSetting@4
PhSetClipboardString
PhGetProcessIsDotNetEx
_PhSetStringSetting2@8
PhSplitStringRefAtChar
_PhAddProcessPropPage@8
PhRemoveStringBuilder
PhCreateStringEx
_PhPropPageDlgProcDestroy@4
_PhDoPropPageLayout@4
PhFinalStringBuilderString
PhShowEMenu
PhDestroyEMenu
PhFree
PhConcatStrings
_PhCmSaveSettings@4
PhReferenceObject
ntdll
RtlUnwind
NtMapViewOfSection
NtOpenSection
NtUnmapViewOfSection
RtlFreeSid
NtDuplicateObject
RtlAllocateAndInitializeSid
LdrGetDllHandle
NtReleaseMutant
NtOpenProcessToken
RtlNtStatusToDosError
NtReadVirtualMemory
RtlEqualUnicodeString
LdrGetProcedureAddress
NtGetContextThread
NtWaitForSingleObject
RtlDoesFileExists_U
NtClose
NtQueryInformationToken
kernel32
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
EnterCriticalSection
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
user32
GetKeyState
PostMessageW
SendMessageW
IsWindow
GetDlgItem
InvalidateRect
advapi32
SystemFunction036
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW
OpenTraceW
Sections
.text Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/ExtendedNotifications.dll.dll windows:5 windows x86 arch:x86
a38628b6f28117aef252a51755a56458
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a3:03:8d:1d:1f:31:83:8d:33:b5:91:22:21:b9:3e:c2:4c:75:39:18:bb:60:e6:54:cf:7a:e7:e4:5e:76:14:61Signer
Actual PE Digesta3:03:8d:1d:1f:31:83:8d:33:b5:91:22:21:b9:3e:c2:4c:75:39:18:bb:60:e6:54:cf:7a:e7:e4:5e:76:14:61Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\ExtendedNotifications.pdb
Imports
processhacker.exe
PhGetGlobalWorkQueue
PhRegisterCallback
PhAutoDereferenceObject
_PhFormatLogEntry@4
PhWriteStringFormatAsUtf8FileStream
PhCreateFileStream
_PhGetStringSetting@4
PhLoggedCallback
PhFree
_PhReferenceProcessItemForParent@12
PhCreateList
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
_PhAddSettings@8
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
_PhGetGeneralCallback@4
PhCreateSaveFileDialog
_PhSetStringSetting2@8
PhFormatDateTime
PhQueueItemWorkQueue
PhFinalStringBuilderString
PhFormatString_V
_PhSetIntegerSetting@8
PhAppendCharStringBuilder
PhMatchWildcards
_PhGetIntegerSetting@4
_PhRegisterPlugin@12
PhReferenceObject
PhAppendStringBuilderEx
_PhGetPluginCallback@8
PhDeleteStringBuilder
PhGetFileName
PhConvertUtf8ToUtf16
PhDereferenceObject
PhFindCharInStringRef
PhModalPropertySheet
PhDuplicateBytesZSafe
PhAllocateSafe
ntdll
RtlUnwind
user32
SetWindowLongW
SendMessageW
EnableWindow
GetParent
GetDlgItem
SetDlgItemTextW
comctl32
ord412
ord410
ord413
CreatePropertySheetPageW
kernel32
HeapSize
WriteConsoleW
FlushFileBuffers
CreateFileW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapReAlloc
GetConsoleCP
WriteFile
SetStdHandle
GetACP
CloseHandle
LCMapStringW
GetFileType
GetStdHandle
GetConsoleMode
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
InterlockedFlushSList
RaiseException
GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleFileNameW
advapi32
SystemFunction036
Sections
.text Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/ExtendedServices.dll.dll windows:5 windows x86 arch:x86
227df7ae8435d542b182ed859f1fc4eb
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
92:22:03:a8:39:01:8d:cc:58:6f:e3:8b:80:aa:a6:98:17:5f:a8:c1:ac:b6:ed:24:95:6e:87:ce:e4:8e:43:b5Signer
Actual PE Digest92:22:03:a8:39:01:8d:cc:58:6f:e3:8b:80:aa:a6:98:17:5f:a8:c1:ac:b6:ed:24:95:6e:87:ce:e4:8e:43:b5Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\ExtendedServices.pdb
Imports
processhacker.exe
PhFinalStringBuilderString
PhReferenceEmptyString
PhDeleteAutoPool
PhFormatGuid
PhGetSelectedListViewItemParam
PhClearList
PhFormatString
PhLayoutManagerLayout
PhFree
PhAutoDereferenceObject
PhAddLayoutItem
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhConcatStringRef2
PhAppendStringBuilderEx
PhCreateAlloc
PhGetServiceConfig
_PhReferenceServiceItem@4
PhGetWin32Message
PhAddItemList
PhConcatStrings2
PhCountStringZ
PhOpenService
PhAllocate
PhDeleteLayoutManager
PhInitializeLayoutManager
PhCreateList
_PhUiPauseService@8
_PhGetPluginCallback@8
PhReferenceObject
_PhRegisterPlugin@12
_PhUiStartService@8
_PhGetIntegerSetting@4
PhRegisterCallback
PhFormatString_V
PhIndexOfEMenuItem
PhfAcquireQueuedLockShared
_PhGetGeneralCallback@4
PhOpenKey
PhCreateString
PhFreeFileDialog
PhShowFileDialog
PhSetFileDialogFilter
PhCreateOpenFileDialog
PhGetComboBoxString
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCenterWindow
_PhaChoiceDialog@40
PhShowStatus
PhGetNtMessage
PhSetListViewSubItem
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhDereferenceObjects
PhFindIntegerSiKeyValuePairs
PhEqualStringRef
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhAddListViewColumn
PhRemoveItemList
PhSidToStringSid
PhRemoveListViewItem
_PhUiDisconnectFromPhSvc@0
_PhUiConnectToPhSvc@8
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhFindStringSiKeyValuePairs
PhAddListViewItem
_PhSvcCallChangeServiceConfig2@12
PhAddComboBoxStrings
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhNtStatusToDosError
PhOpenLsaPolicy
PhShowMessage
PhAppendStringBuilder
PhDereferenceObject
PhGetOwnTokenAttributes
_PhSetIntegerSetting@8
PhMainWndHandle
PhInsertEMenuItem
_PhUiContinueService@8
_PhUiStopService@8
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
_PhPluginCreateEMenuItem@20
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
_PhAddSettings@8
WindowsVersion
_PhCreateServiceListControl@12
ntdll
NtClose
NtEnumerateKey
RtlGUIDFromString
RtlUnwind
kernel32
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
GetComputerNameW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
user32
IsWindowEnabled
GetWindowTextLengthW
GetWindowLongW
SetTimer
GetParent
GetDlgItemInt
SetWindowLongW
SetDlgItemInt
EnableWindow
EndDialog
DialogBoxParamW
SendMessageW
GetWindowRect
GetPropW
RemovePropW
ShowWindow
SetDlgItemTextW
MapWindowPoints
MoveWindow
SetPropW
GetDlgItem
advapi32
SystemFunction036
CloseServiceHandle
LsaEnumeratePrivileges
LsaClose
QueryServiceConfig2W
ChangeServiceConfig2W
LsaFreeMemory
QueryServiceStatus
EnumDependentServicesW
comctl32
CreatePropertySheetPageW
Sections
.text Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/ExtendedTools.dll.dll windows:5 windows x86 arch:x86
1f66a56d141224712ec7adb923bf37bc
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
cc:bf:c7:65:3d:a1:16:63:57:3c:aa:b0:bb:6b:ff:5e:41:1f:6c:4f:63:29:43:a8:47:fe:a0:ca:af:75:dd:18Signer
Actual PE Digestcc:bf:c7:65:3d:a1:16:63:57:3c:aa:b0:bb:6b:ff:5e:41:1f:6c:4f:63:29:43:a8:47:fe:a0:ca:af:75:dd:18Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\ExtendedTools.pdb
Imports
processhacker.exe
PhSetGraphText
_PhDoPropPageLayout@4
_PhPropPageDlgProcDestroy@4
_PhAddProcessPropPage@8
PhAddLayoutItemEx
PhGlobalDpi
PhDeleteCircularBuffer_ULONG
_PhSiSetColorsGraphDrawInfo@12
_PhPropPageDlgProcHeader@24
PhPrintTimeSpan
PhDivideSinglesBySingle
PhApplicationFont
PhFormatSize
_PhGetStatisticsTime@12
PhAppendStringBuilder
PhAppendStringBuilder2
PhGetDrawInfoGraphBuffers
_PhFindProcessRecord@8
PhFinalStringBuilderString
PhRemoveStringBuilder
PhInitializeStringBuilder
_PhPluginRegisterIcon@24
PhDrawGraphDirect
PhfBeginInitOnce
_PhPluginAddTreeNewColumn@24
PhfEndInitOnce
_PhPluginEnableTreeNewNotify@8
PhNetworkItemsUpdatedEvent
PhEnumProcesses
_PhFindNetworkNode@4
_PhReferenceNetworkItem@16
PhInitializeCircularBuffer_ULONG64
_PhSiSizeLabelYFunction@16
PhDeleteCircularBuffer_ULONG64
_PhPluginGetObjectExtension@12
PhInitializeLayoutManager
_PhRegisterPlugin@12
PhIndexOfEMenuItem
_PhPluginSetObjectExtension@20
_PhGetGeneralCallback@4
_PhAddSettings@8
_PhPluginCreateEMenuItem@20
PhInsertEMenuItem
_PhCreateServiceListControl@12
PhShowStatus
_PhReferenceServiceItem@4
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
_PhLoadSymbolProviderOptions@4
PhGetSymbolFromAddress
PhOpenProcess
PhLoadModuleSymbolProvider
PhOpenThread
PhShowConfirmMessage
PhFormatDateTime
PhAddListViewItem
_PhHandleListViewNotifyForCopy@8
PhAllocateSafe
PhAddListViewColumn
PhSetExtendedListView
PhSetListViewSubItem
PhCopyStringZ
PhFindListViewItemByParam
PhFindItemSimpleHashtable
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhGetBaseName
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhDeleteLayoutManager
_PhCreateProcessPropPageContextEx@16
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhCopyCircularBuffer_FLOAT
PhAddLayoutItem
PhCenterWindow
PhLayoutManagerLayout
_PhGetStatisticsTimeString@8
PhBufferToHexString
PhCountStringZ
PhInitializeCircularBuffer_ULONG
PhHexStringToBuffer
_PhSetIntegerSetting@8
PhInitializeCircularBuffer_FLOAT
_PhReferenceProcessRecordForStatistics@4
PhFormatString
PhFormatString_V
PhCreateThread
WindowsVersion
PhHashStringRef
PhfReleaseQueuedLockShared
PhCreateObjectType
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhInvokeCallback
PhAllocateFromFreeList
PhfAcquireQueuedLockShared
PhInitializeFreeList
_PhDereferenceProcessRecord@4
PhCreateObject
_PhReferenceProcessItem@4
PhGetFileName
PhfAcquireQueuedLockExclusive
PhFreeToFreeList
PhProcessesUpdatedEvent
_PhReferenceProcessRecord@4
PhCreateSimpleHashtable
PhAddEntryHashtable
PhGetStockApplicationIcon
PhMainWndHandle
PhCreateList
_PhShellProcessHacker@28
PhCreateString
PhGetTreeNewText
_PhShowProcessRecordDialog@8
PhFormat
_PhInitializeTreeNewFilterSupport@12
PhSetControlTheme
PhAllocate
_PhFindProcessNode@4
PhLoadResourceEMenuItem
_PhSetIntegerPairSetting@12
PhRemoveEntryHashtable
PhSetFlagsAllEMenuItems
_PhCmLoadSettings@8
PhCompareStringRef
_PhDeleteTreeNewColumnMenu@4
PhFindEMenuItem
PhCreateEMenu
_PhGetPluginInformation@4
PhAddItemList
_PhReferenceProcessItemForRecord@4
PhShellExploreFile
_PhGetStringSetting@4
_PhHandleTreeNewColumnMenu@4
_PhInitializeTreeNewColumnMenu@4
PhRemoveItemList
PhSetClipboardString
_PhAddTreeNewFilter@12
_PhApplyTreeNewFiltersToNode@8
_PhGetIntegerPairSetting@4
PhCreateHashtable
PhDeleteCircularBuffer_FLOAT
_PhAddPropPageLayoutItem@16
PhInitializeGraphState
PhFormatUInt64
_PhFindPlugin@4
_PhSetStringSetting2@8
PhCreateStringEx
_PhApplyTreeNewFilters@4
PhFindItemList
PhShowEMenu
PhAutoDereferenceObject
PhRegisterCallback
_PhSelectAndEnsureVisibleProcessNode@4
_PhGetIntegerSetting@4
PhDestroyEMenu
PhFree
_PhCmSaveSettings@4
PhReferenceObject
PhWriteStringAsUtf8FileStream
PhShowMessage
PhGetGenericTreeNewLines
PhShellProperties
PhDereferenceObject
PhGetOwnTokenAttributes
PhWriteStringAsUtf8FileStream2
PhFindEntryHashtable
_PhGetPluginCallback@8
PhSetFlagsEMenuItem
ntdll
RtlClearAllBits
RtlInterlockedPushEntrySList
NtSetInformationProcess
NtQueryInformationProcess
RtlGetUnloadEventTraceEx
NtReadVirtualMemory
RtlSecondsSince1970ToTime
NtCancelSynchronousIoFile
NtDuplicateObject
NtAlpcQueryInformation
NtQueryInformationWorkerFactory
RtlUnwind
RtlSetBits
RtlNumberOfSetBits
RtlInitializeBitMap
LdrGetDllHandle
LdrGetProcedureAddress
NtClose
RtlInterlockedFlushSList
NtQueryPerformanceCounter
RtlInitializeSListHead
kernel32
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
UnhandledExceptionFilter
GetLastError
RaiseException
SetUnhandledExceptionFilter
GetCurrentProcess
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetSystemInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
LocalFree
GetProcAddress
Sleep
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
GetModuleFileNameW
user32
InvalidateRect
GetSysColorBrush
SetTimer
EnableWindow
MoveWindow
CopyIcon
DestroyIcon
DestroyWindow
GetPropW
RemovePropW
SetPropW
DeferWindowPos
GetWindowRect
SetWindowPos
EndDialog
GetSystemMetrics
BeginDeferWindowPos
MapWindowPoints
EndDeferWindowPos
MapDialogRect
GetClientRect
GetParent
DialogBoxParamW
CreateDialogParamW
GetKeyState
PostMessageW
CreateWindowExW
SendMessageW
ShowWindow
SetDlgItemTextW
SetFocus
LoadCursorW
SetCursor
GetDlgItem
gdi32
SelectObject
SetBkMode
advapi32
SystemFunction036
StartTraceW
OpenTraceW
ControlTraceW
EnableTraceEx
CloseTrace
ProcessTrace
ole32
CoCreateInstance
oleaut32
SysAllocString
SysAllocStringLen
SysFreeString
comctl32
CreatePropertySheetPageW
Sections
.text Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/HardwareDevices.dll.dll windows:5 windows x86 arch:x86
df6ce4cfb0f22ad2fc0e01b732d88f54
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
81:45:ea:f7:31:95:80:c0:16:33:fd:74:73:6b:46:07:eb:1a:5b:9d:0e:95:52:9b:0d:46:74:23:02:e1:e2:3cSigner
Actual PE Digest81:45:ea:f7:31:95:80:c0:16:33:fd:74:73:6b:46:07:eb:1a:5b:9d:0e:95:52:9b:0d:46:74:23:02:e1:e2:3cDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\HardwareDevices.pdb
Imports
uxtheme
EnableThemeDialogTexture
processhacker.exe
PhSystemBasicInformation
PhDereferenceObject
PhfAcquireQueuedLockExclusive
PhReferenceObject
PhCreateObject
_PhGetIntegerSetting@4
PhFindItemList
PhReferenceObjectSafe
PhfAcquireQueuedLockShared
PhInitializeCircularBuffer_ULONG64
PhRemoveItemList
WindowsVersion
PhAddItemList
PhReAllocate
PhGetOwnTokenAttributes
PhStringToInteger64
PhConcatStrings_V
PhCreateFileWin32
PhInsertEMenuItem
PhTrimStringRef
PhfWakeForReleaseQueuedLock
PhCountStringZ
PhCreateObjectType
PhfReleaseQueuedLockShared
PhDeleteCircularBuffer_ULONG64
PhCreateString
PhDereferenceObjectDeferDelete
PhCreateList
PhConvertMultiByteToUtf16
PhModalPropertySheet
PhFormatUInt64
PhLayoutManagerLayout
PhFree
PhCenterWindow
PhFormatDateTime
PhAutoDereferenceObject
PhFormatString_V
PhAddListViewItem
PhAddLayoutItem
PhCreateStringEx
PhAddListViewColumn
PhGetSelectedListViewItemParam
PhSetExtendedListView
PhCreateThread
PhAllocate
PhCreateEMenuItem
PhCreateEMenu
_PhAddSettings@8
_PhGetGeneralCallback@4
PhShowEMenu
PhSetControlTheme
PhDestroyEMenu
_PhRegisterPlugin@12
_PhGetPluginCallback@8
PhQueryValueKey
PhEqualStringRef
PhFindListViewItemByFlags
_PhGetStringSetting@4
_PhSetStringSetting2@8
PhSplitStringRefAtChar
PhGetListViewItemParam
PhFormatString
PhDivideSinglesBySingle
PhInitializeGraphState
PhConcatStrings2
_PhSiSizeLabelYFunction@16
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetDrawInfoGraphBuffers
_PhGetStatisticsTimeString@8
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhUnregisterCallback
PhRemoveStringBuilder
PhDrainAutoPool
PhFinalStringBuilderString
PhRegisterCallback
PhQueryRegistryString
PhInitializeAutoPool
PhConcatStringRef2
PhDeleteStringBuilder
PhProcessesUpdatedEvent
PhOpenKey
PhMainWndHandle
PhFormatSize
PhInitializeLayoutManager
PhBufferToHexString
PhDeleteLayoutManager
PhSetListViewSubItem
ntdll
NtQueryVolumeInformationFile
NtFsControlFile
NtQueryInformationProcess
NtDeviceIoControlFile
RtlGUIDFromString
LdrGetProcedureAddress
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
NtClose
RtlUnwind
kernel32
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
WriteConsoleW
DecodePointer
CreateFileW
GetLogicalDrives
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
user32
SendMessageW
EnableWindow
GetCursorPos
CreateWindowExW
InvalidateRect
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
TranslateMessage
PostQuitMessage
SetForegroundWindow
IsIconic
DefWindowProcW
GetPropW
GetDlgItem
RemovePropW
SetDlgItemTextW
SetPropW
GetParent
comctl32
ord413
ord410
ord412
CreatePropertySheetPageW
advapi32
SystemFunction036
Sections
.text Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/NetworkTools.dll.dll windows:5 windows x86 arch:x86
e32684bf82cc05bafae420aa4e52ec9a
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c5:f2:31:17:24:b5:c5:76:be:e5:cd:05:aa:25:96:74:e4:14:cf:74:ce:08:de:03:a2:1f:f4:8e:82:22:93:c5Signer
Actual PE Digestc5:f2:31:17:24:b5:c5:76:be:e5:cd:05:aa:25:96:74:e4:14:cf:74:ce:08:de:03:a2:1f:f4:8e:82:22:93:c5Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\NetworkTools.pdb
Imports
processhacker.exe
WindowsVersion
PhReAllocate
PhCreateProcessWin32Ex
PhFormatString
PhApplicationFont
PhDivideSinglesBySingle
_PhGetPluginCallback@8
PhInitializeGraphState
PhInitializeCircularBuffer_ULONG
_PhGetPhVersion@0
_PhSiSetColorsGraphDrawInfo@12
PhUnregisterCallback
PhDeleteGraphState
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhQueueItemWorkQueue
PhDeleteWorkQueue
PhSetGraphText
PhInitializeWorkQueue
PhProcessesUpdatedEvent
PhCreateBytesEx
PhMainWndHandle
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhCreateThread
_PhSaveWindowPlacementToSetting@12
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhAppendFormatStringBuilder
PhDeleteAutoPool
PhTerminateProcess
_PhGetIntegerPairSetting@4
_PhLoadWindowPlacementFromSetting@12
PhRemoveStringBuilder
PhDrainAutoPool
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
_PhGetScalableIntegerPairSetting@8
PhAppendCharStringBuilder
PhInitializeAutoPool
PhCenterWindow
PhFree
PhDeleteStringBuilder
PhAppendStringBuilder2
PhAppendStringBuilder
PhLayoutManagerLayout
PhDereferenceObject
PhShellExecute
_PhSetIntegerSetting@8
_PhGetIntegerSetting@4
PhInsertEMenuItem
_PhPluginCreateEMenuItem@20
PhFindEMenuItem
_PhAddSettings@8
_PhGetGeneralCallback@4
PhIndexOfEMenuItem
PhRegisterCallback
_PhRegisterPlugin@12
ntdll
NtReadFile
NtSetInformationObject
RtlOemStringToUnicodeString
RtlIpv6AddressToStringW
NtClose
RtlIpv4AddressToStringW
RtlFreeUnicodeString
RtlUnwind
kernel32
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TlsGetValue
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
WideCharToMultiByte
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateProcess
ExitProcess
HeapFree
HeapAlloc
GetACP
GetFileType
LCMapStringW
IsValidCodePage
GetOEMCP
FreeLibrary
CreateFileW
CloseHandle
WriteConsoleW
MulDiv
GetStdHandle
CreatePipe
DecodePointer
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
MultiByteToWideChar
user32
ShowWindow
GetWindowLongW
PostMessageW
GetDC
CreateWindowExW
GetSystemMetrics
DestroyIcon
GetDlgCtrlID
SetWindowLongW
GetSysColorBrush
SystemParametersInfoW
LoadImageW
InvalidateRect
ReleaseDC
GetMessageW
CreateDialogParamW
DestroyWindow
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
SetDlgItemTextW
DispatchMessageW
IsDialogMessageW
SetPropW
TranslateMessage
MapDialogRect
GetDlgItem
PostQuitMessage
GetParent
SetForegroundWindow
EndDialog
GetDlgItemInt
SetDlgItemInt
DialogBoxParamW
gdi32
SetBkColor
GetStockObject
DeleteObject
SetBkMode
GetDeviceCaps
CreateFontW
SelectObject
SetTextColor
advapi32
SystemFunction036
Sections
.text Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/OnlineChecks.dll.dll windows:5 windows x86 arch:x86
7eb18c04e761984313671403452257bb
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
63:6b:87:84:3c:33:e3:83:2a:76:7e:8c:48:a1:6f:96:85:9a:c9:63:41:d9:4d:2e:ed:f2:c8:5b:0e:5c:a0:7fSigner
Actual PE Digest63:6b:87:84:3c:33:e3:83:2a:76:7e:8c:48:a1:6f:96:85:9a:c9:63:41:d9:4d:2e:ed:f2:c8:5b:0e:5c:a0:7fDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\OnlineChecks.pdb
Imports
processhacker.exe
_PhRegisterPlugin@12
PhRegisterCallback
PhIndexOfEMenuItem
_PhGetGeneralCallback@4
PhMainWndHandle
PhCreateString
PhGetFileSize
PhQuerySystemTime
PhFormatSize
PhBufferToHexString
PhFormatString
PhAllocate
PhCreateThread
PhCountStringZ
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
_PhGetPhVersion@0
WindowsVersion
PhDeleteAutoPool
PhGetBaseName
PhCreateFileWin32
PhCreateStringEx
PhDrainAutoPool
PhReAllocate
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhFree
PhDeleteStringBuilder
PhZeroExtendToUtf16Ex
PhDereferenceObject
PhShellExecute
PhInsertEMenuItem
_PhPluginCreateEMenuItem@20
PhFindEMenuItem
_PhGetPluginCallback@8
ntdll
RtlNtStatusToDosError
NtClose
NtReadFile
NtSetInformationFile
RtlRandomEx
RtlUnwind
kernel32
LCMapStringW
HeapReAlloc
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
DecodePointer
GetLocaleInfoW
GetLastError
MulDiv
CreateFileW
WriteConsoleW
SetFilePointerEx
CloseHandle
HeapSize
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCommandLineW
GetCommandLineA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetSystemInfo
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
RaiseException
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
GetFileType
user32
GetMessageW
CreateDialogParamW
PostMessageW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
GetDlgCtrlID
SetPropW
TranslateMessage
GetDlgItem
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
IsIconic
ReleaseDC
gdi32
GetDeviceCaps
SetTextColor
SetBkMode
DeleteObject
CreateFontW
advapi32
SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
Sections
.text Size: 138KB - Virtual size: 137KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 212B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/SbieSupport.dll.dll windows:5 windows x86 arch:x86
ac5d7667a131f049a9c88e2f0ce087aa
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
69:7e:32:d7:22:1d:6e:91:68:3c:8b:a6:e3:a2:a9:79:8f:cf:6d:43:eb:95:ff:7f:3c:43:84:bc:fa:3f:b2:35Signer
Actual PE Digest69:7e:32:d7:22:1d:6e:91:68:3c:8b:a6:e3:a2:a9:79:8f:cf:6d:43:eb:95:ff:7f:3c:43:84:bc:fa:3f:b2:35Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\SbieSupport.pdb
Imports
processhacker.exe
PhSetFileDialogFilter
PhEnumHashtable
PhfAcquireQueuedLockExclusive
PhGetFileName
_PhGetPluginCallback@8
_PhRegisterPlugin@12
PhRegisterCallback
PhAutoDereferenceObject
_PhUpdateProcessNode@4
_PhSetStringSetting2@8
PhfAcquireQueuedLockShared
PhAddEntryHashtable
PhMainWndHandle
PhInsertEMenuItem
PhShowConfirmMessage
PhfReleaseQueuedLockShared
PhOpenProcess
PhFreeFileDialog
_PhPluginCreateEMenuItem@20
PhShowFileDialog
_PhFindProcessNode@4
PhGetWindowText
PhFindEntryHashtable
PhAppendFormatStringBuilder
PhCreateOpenFileDialog
PhfWakeForReleaseQueuedLock
_PhAddSettings@8
_PhGetStringSetting@4
PhGetFileDialogFileName
PhTerminateProcess
PhSetFileDialogFileName
_PhGetGeneralCallback@4
PhClearHashtable
PhCreateHashtable
ntdll
NtClose
RtlCreateTimerQueue
RtlCreateTimer
LdrGetProcedureAddress
RtlUnwind
kernel32
RaiseException
CreateFileW
DecodePointer
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
LoadLibraryW
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
user32
DialogBoxParamW
EndDialog
SetDlgItemTextW
GetDlgItem
advapi32
SystemFunction036
Sections
.text Size: 40KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/ToolStatus.dll.dll windows:5 windows x86 arch:x86
3f41780f59b78ef27ce4b4cde955e570
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
48:93:10:e2:e3:99:3b:67:fa:21:78:83:fb:97:44:0e:26:54:51:91:33:c3:b8:f3:5f:ef:65:c8:b5:c9:e9:01Signer
Actual PE Digest48:93:10:e2:e3:99:3b:67:fa:21:78:83:fb:97:44:0e:26:54:51:91:33:c3:b8:f3:5f:ef:65:c8:b5:c9:e9:01Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\ToolStatus.pdb
Imports
uxtheme
OpenThemeData
CloseThemeData
IsThemeActive
GetThemeInt
processhacker.exe
PhSplitStringRefAtChar
PhCenterWindow
PhGlobalDpi
PhRemoveItemList
PhInsertItemList
PhAllocate
PhMainWndHandle
_PhGetIntegerSetting@4
_PhSetIntegerSetting@8
PhAddComboBoxStrings
WindowsVersion
_PhGetStatisticsTimeString@8
_PhGetStatisticsTime@12
PhDereferenceObject
_PhFindProcessRecord@8
PhAutoDereferenceObject
PhFormatString_V
_PhDereferenceProcessRecord@4
PhCopyCircularBuffer_FLOAT
PhGraphStateGetDrawInfo
PhDeleteGraphState
_PhSiSetColorsGraphDrawInfo@12
PhInitializeGraphState
PhDivideSinglesBySingle
PhSystemBasicInformation
PhFormatString
_PhShowProcessRecordDialog@8
PhFormatSize
_PhDeselectAllProcessNodes@0
PhCreateSimpleHashtable
PhSetFlagsEMenuItem
_PhCreateProcessPropContext@8
PhGetOwnTokenAttributes
PhShowMessage
PhCreateAlloc
_PhGetPluginCallback@8
PhReferenceObject
_PhRegisterPlugin@12
_PhReferenceProcessItem@4
_PhGetFilterSupportNetworkTreeList@0
PhDestroyEMenu
_PhDeselectAllServiceNodes@0
_PhGetFilterSupportServiceTreeList@0
PhRegisterCallback
_PhExpandAllProcessNodes@4
PhShowEMenu
PhFindItemSimpleHashtable
_PhApplyTreeNewFilters@4
_PhShowProcessProperties@4
_PhRegisterMessageLoopFilter@8
PhIconToBitmap
_PhAddTreeNewFilter@12
PhReferenceEmptyString
PhLoadIcon
PhCreateString
PhQuerySystemTime
PhClearList
PhInitializeStringBuilder
PhAppendFormatStringBuilder
PhStringToInteger64
_PhGetStringSetting@4
_PhSetStringSetting2@8
PhRemoveStringBuilder
PhFinalStringBuilderString
PhFormatUInt64
PhCreateList
PhfReleaseQueuedLockShared
PhDereferenceObjects
PhGetServiceTypeString
PhAddItemList
_PhGetProtocolTypeName@4
PhfAcquireQueuedLockShared
PhFree
PhGetServiceErrorControlString
PhFindStringInStringRef
PhGetServiceStateString
_PhGetProcessPriorityClassString@4
_PhGetTcpStateName@4
PhGetServiceStartTypeString
PhSetImageListBitmap
PhAddItemSimpleHashtable
PhInsertEMenuItem
_PhGetFilterSupportProcessTreeList@0
_PhSetSelectThreadIdProcessPropContext@8
_PhFindProcessNode@4
_PhPluginGetSystemStatistics@4
PhEqualStringRef
PhCreateEMenuItem
PhGetWindowText
_PhUiTerminateProcesses@12
PhConcatStrings2
PhCreateEMenu
PhInvokeCallback
_PhAddSettings@8
_PhGetGeneralCallback@4
kernel32
LCMapStringW
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetProcAddress
GetModuleHandleW
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceW
DecodePointer
CreateFileW
RaiseException
CloseHandle
user32
EnableWindow
DialogBoxParamW
GetSysColorBrush
DrawTextW
GetDlgItem
DestroyIcon
GetParent
GetKeyState
GetDC
OffsetRect
GetCapture
RedrawWindow
TrackMouseEvent
PtInRect
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
GetMenu
SetWindowPos
SetWindowTextW
WindowFromPoint
LoadAcceleratorsW
IsChild
MapWindowPoints
SetFocus
TranslateAcceleratorW
LoadCursorW
SetCapture
GetWindowDC
SetCursor
GetClientRect
ReleaseCapture
SetPropW
GetCursorPos
DestroyWindow
IsWindowVisible
CreateWindowExW
ShowWindow
GetSystemMetrics
SetMenu
DrawMenuBar
InvalidateRect
GetPropW
FillRect
SendMessageW
EndDialog
RemovePropW
FrameRect
GetSysColor
ReleaseDC
gdi32
SetROP2
RestoreDC
Rectangle
BitBlt
SaveDC
CreateSolidBrush
CreateDIBSection
GetTextExtentPoint32W
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreatePen
CreateFontIndirectW
ole32
CoCreateInstance
comctl32
ord412
ImageList_SetImageCount
ord410
ord413
ImageList_Destroy
ImageList_Create
ImageList_Draw
ImageList_Add
ImageList_Replace
ntdll
RtlUnwind
advapi32
SystemFunction036
Sections
.text Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 101KB - Virtual size: 101KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/Updater.dll.dll windows:5 windows x86 arch:x86
c87b61009338c7192fdd5855a4632125
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
be:12:79:c4:8a:47:02:8b:fd:84:ad:23:d1:e9:d7:2f:ff:60:d2:23:f3:9f:c0:81:f0:32:28:35:bd:63:af:b6Signer
Actual PE Digestbe:12:79:c4:8a:47:02:8b:fd:84:ad:23:d1:e9:d7:2f:ff:60:d2:23:f3:9f:c0:81:f0:32:28:35:bd:63:af:b6Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\Updater.pdb
Imports
processhacker.exe
PhMainWndHandle
PhInitializeHash
PhQuerySystemTime
PhOpenKey
PhFormatSize
PhFinalHash
PhBufferToHexString
PhFormatString
PhfWaitForEvent
_mxmlLoadString@12
PhIconToBitmap
PhAllocate
PhVerifyFile
PhCreateThread
PhGetFullPath
_mxmlFindElement@24
PhEqualStringRef
PhConcatStrings2
PhFormatGuid
PhStringToInteger64
WindowsVersion
PhDeleteAutoPool
_PhGetStringSetting@4
PhShowStatus
_PhGetPhVersionNumbers@16
PhUpdateHash
_PhSetStringSetting2@8
PhGenerateGuid
PhCreateFileWin32
PhSplitStringRefAtChar
PhCreateStringEx
PhDrainAutoPool
PhfSetEvent
PhFormatString_V
PhAutoDereferenceObject
PhReAllocate
PhQueryRegistryString
PhInitializeAutoPool
PhCenterWindow
PhFree
PhReferenceObject
_mxmlDelete@4
PhDereferenceObject
PhGetOwnTokenAttributes
PhShellExecute
PhfResetEvent
PhFormatUInt64
_PhSetIntegerSetting@8
PhInsertEMenuItem
_PhPluginCreateEMenuItem@20
_PhAddSettings@8
PhReferenceEmptyString
_PhGetGeneralCallback@4
PhRegisterCallback
_PhGetIntegerSetting@4
_PhRegisterPlugin@12
_PhGetPluginCallback@8
PhConvertUtf8ToUtf16
ntdll
NtWriteFile
NtClose
RtlUnwind
kernel32
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetModuleHandleExW
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
TerminateProcess
CreateFileW
DecodePointer
GetTempPathW
Sleep
GetLastError
MulDiv
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
user32
SendDlgItemMessageW
GetMessageW
CreateDialogParamW
DestroyWindow
GetDC
IsWindowVisible
GetPropW
RemovePropW
GetSystemMetrics
SetWindowTextW
ShowWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
GetDlgCtrlID
SetDlgItemTextW
PostMessageW
SetPropW
TranslateMessage
PostQuitMessage
GetSysColorBrush
SystemParametersInfoW
GetParent
SetForegroundWindow
LoadImageW
IsIconic
ReleaseDC
EnableWindow
SendMessageW
EndDialog
GetDlgItem
DialogBoxParamW
gdi32
DeleteObject
SetTextColor
GetDeviceCaps
CreateFontW
SetBkMode
shell32
ShellExecuteExW
SHCreateDirectoryExW
advapi32
SystemFunction036
Sections
.text Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/UserNotes.dll.dll windows:5 windows x86 arch:x86
c0fea95b42632918681f1e715a06203f
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c8:2e:38:77:3b:d7:31:fa:99:9b:58:5b:17:e6:ae:c9:56:cd:8c:78:93:87:3d:c9:7e:22:0e:b3:48:6f:48:2fSigner
Actual PE Digestc8:2e:38:77:3b:d7:31:fa:99:9b:58:5b:17:e6:ae:c9:56:cd:8c:78:93:87:3d:c9:7e:22:0e:b3:48:6f:48:2fDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\UserNotes.pdb
Imports
uxtheme
EnableThemeDialogTexture
processhacker.exe
_PhPluginAddMenuHook@12
PhInitializeLayoutManager
PhInsertEMenuItem
PhMainWndHandle
_PhInvalidateAllProcessNodes@0
PhDeleteLayoutManager
PhFreeFileDialog
_PhPluginCreateEMenuItem@20
PhShowFileDialog
PhFindEntryHashtable
PhDereferenceObject
_mxmlDelete@4
PhEnumHashtable
_mxmlNewOpaque@8
PhfAcquireQueuedLockExclusive
PhConvertUtf8ToUtf16
_mxmlElementSetAttr@12
PhReferenceObject
PhFree
PhInitializeAutoPool
PhAutoDereferenceObject
PhDrainAutoPool
PhInitializeStringBuilder
PhGetWindowText
PhCreateStringEx
PhCreateFileWin32
_PhPropPageDlgProcHeader@24
PhCompareStringRef
PhSetFileDialogFilter
PhFindEMenuItem
PhAppendFormatStringBuilder
_PhGetPluginInformation@4
PhCreateOpenFileDialog
_PhAddSettings@8
_PhGetStringSetting@4
PhGetFileDialogFileName
PhSetFileDialogFileName
_PhGetGeneralCallback@4
_PhFindPlugin@4
_PhSetStringSetting2@8
_PhPluginSetObjectExtension@20
PhSplitStringRefAtChar
_PhAddProcessPropPage@8
_PhGetSelectedProcessItems@8
PhRemoveStringBuilder
_PhPropPageDlgProcDestroy@4
_PhDoPropPageLayout@4
PhFinalStringBuilderString
PhAddLayoutItem
PhFormatString_V
PhProcessModifiedEvent
PhRegisterCallback
ProcessQueryAccess
PhCenterWindow
_PhGetSelectedProcessItem@0
PhConcatStringRef2
_PhPluginAddTreeNewColumn@24
_PhRegisterPlugin@12
_PhGetPluginCallback@8
PhGetFileName
_PhCreateProcessPropPageContextEx@16
PhExpandEnvironmentStrings
_PhPluginGetObjectExtension@12
PhProcessesUpdatedEvent
PhLayoutManagerLayout
_PhDuplicateProcessNodeList@0
_PhAddPropPageLayoutItem@16
PhGetApplicationDirectory
PhIntegerToString64
_mxmlSaveFd@12
PhHashStringRef
PhGetFileSize
_mxmlNewElement@8
PhAllocate
PhGetFullPath
_mxmlLoadFd@12
PhEqualStringRef
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhAddEntryHashtableEx
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhDeleteAutoPool
PhReferenceEmptyString
PhCreateHashtable
PhOpenProcess
ntdll
RtlDetermineDosPathNameType_U
NtQueryInformationProcess
NtClose
NtSetInformationProcess
RtlUnwind
user32
MessageBoxW
GetPropW
SendMessageW
EndDialog
RemovePropW
SetDlgItemTextW
SetPropW
SetWindowLongW
GetDlgItem
DialogBoxParamW
EnableWindow
SetWindowTextW
comdlg32
ChooseColorW
shell32
SHCreateDirectoryExW
comctl32
CreatePropertySheetPageW
kernel32
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetLastError
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteConsoleW
CloseHandle
HeapFree
DecodePointer
CreateFileW
RaiseException
advapi32
SystemFunction036
Sections
.text Size: 51KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x86/plugins/WindowExplorer.dll.dll windows:5 windows x86 arch:x86
7ebf3461dadb4d4949ccc1e2668eaf78
Code Sign
04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate
IssuerCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before30/10/2013, 00:00Not After04/01/2017, 12:00SubjectCN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AUExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before24/12/2015, 00:00Not After07/01/2025, 00:00SubjectCN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:62:8e:bc:30:e3:b0:8c:de:bb:47:b0:22:f1:ae:46:7b:35:44:0f:0f:2e:05:e2:cc:00:be:0c:4f:3b:31:d9Signer
Actual PE Digest0c:62:8e:bc:30:e3:b0:8c:de:bb:47:b0:22:f1:ae:46:7b:35:44:0f:0f:2e:05:e2:cc:00:be:0c:4f:3b:31:d9Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
D:\Projects\processhacker2\bin\Release32\plugins\WindowExplorer.pdb
Imports
ntdll
NtClose
RtlUnwind
NtResetEvent
RtlInitializeSid
NtCreateSection
NtReleaseMutant
RtlAddAce
NtOpenEvent
NtSetSecurityObject
NtMapViewOfSection
NtWaitForSingleObject
NtOpenSection
RtlCreateSecurityDescriptor
NtUnmapViewOfSection
RtlCreateAcl
NtCreateMutant
NtSetEvent
RtlSubAuthoritySid
NtCreateEvent
RtlSetSaclSecurityDescriptor
NtOpenMutant
kernel32
CreateFileW
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetModuleHandleW
GetProcAddress
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetACP
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
GetModuleFileNameW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
DecodePointer
user32
GetLayeredWindowAttributes
IsWindowUnicode
GetClassInfoExW
GetClassLongW
SetWindowsHookExW
GetClassNameW
SendNotifyMessageW
UnhookWindowsHookEx
GetWindowLongA
GetKeyState
GetMessageW
GetClassWord
CallWindowProcW
GetMenu
MonitorFromRect
CreateWindowExW
DispatchMessageW
GetWindowInfo
GetMonitorInfoW
GetDlgCtrlID
PeekMessageW
EnumPropsExW
SetDlgItemTextW
MapWindowPoints
TranslateMessage
PostThreadMessageW
CreateDialogParamW
ShowWindowAsync
PostMessageW
FindWindowExW
DestroyWindow
IsWindowVisible
SetWindowPos
GetPropW
SendMessageW
RemovePropW
SetWindowTextW
GetWindowPlacement
ShowWindow
CloseDesktop
SetTimer
RedrawWindow
GetClassLongA
IsWindowEnabled
MoveWindow
SetLayeredWindowAttributes
SetPropW
EnumDesktopWindows
MapDialogRect
SetWindowLongW
GetDlgItem
KillTimer
GetDesktopWindow
OpenDesktopW
SetForegroundWindow
EnableWindow
GetWindowRect
GetSystemMetrics
GetWindowDC
ReleaseDC
EnumDesktopsW
GetProcessWindowStation
GetWindowLongW
GetWindowThreadProcessId
CallNextHookEx
RegisterWindowMessageW
gdi32
SaveDC
SelectObject
GetStockObject
CreatePen
Rectangle
RestoreDC
DeleteObject
SetROP2
advapi32
SystemFunction036
Sections
.text Size: 59KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ