C:\Users\lair\Desktop\access\Driver\x64\Release\Driver.pdb
Overview
overview
7Static
static
7DeathV6.rar
windows10-2004-x64
7DeathV6/Driver.sys
windows10-2004-x64
1DeathV6/Pr...V6.dll
windows10-2004-x64
1DeathV6/READ ME.txt
windows10-2004-x64
1DeathV6/phymem64.sys
windows10-2004-x64
1DeathV6/prflog.bat
windows10-2004-x64
7DeathV6/prflog64.sys
windows10-2004-x64
1DeathV6/pr...fg.exe
windows10-2004-x64
7DeathV6/smap.bat
windows10-2004-x64
1DeathV6/smap.exe
windows10-2004-x64
1Behavioral task
behavioral1
Sample
DeathV6.rar
Resource
win10v2004-20231215-en
windows10-2004-x64
13 signatures
1800 seconds
Behavioral task
behavioral2
Sample
DeathV6/Driver.sys
Resource
win10v2004-20231222-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral3
Sample
DeathV6/ProjectDeathV6.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral4
Sample
DeathV6/READ ME.txt
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral5
Sample
DeathV6/phymem64.sys
Resource
win10v2004-20231222-en
windows10-2004-x64
0 signatures
1800 seconds
Behavioral task
behavioral6
Sample
DeathV6/prflog.bat
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
1800 seconds
Behavioral task
behavioral7
Sample
DeathV6/prflog64.sys
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
1800 seconds
Behavioral task
behavioral8
Sample
DeathV6/prflog_cfg.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
1800 seconds
Behavioral task
behavioral9
Sample
DeathV6/smap.bat
Resource
win10v2004-20231222-en
windows10-2004-x64
3 signatures
1800 seconds
Behavioral task
behavioral10
Sample
DeathV6/smap.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
1800 seconds
General
-
Target
DeathV6.rar
-
Size
1.1MB
-
MD5
5749fd2ef590ec20a984bf8b146f3d1c
-
SHA1
2694a3cbc27d9f67723924514bebf072bfc6413a
-
SHA256
1b7c55dc71063e88d7a7a601cdb42bba284f5b22c9c02d1b3e6643fa099a5060
-
SHA512
499377d67a7bafd5899f02ef5ab8c9f0be0316562e5f96cbf6f704576cefc51614768db0247c8fee7366100d4643568177890881d2b134235914a18e3f014afa
-
SSDEEP
24576:pS9klUw5mFFcztnJaZl10tNBW7xmBu+VqBcf6MJPCsRPGfq+F:pg3wMetnw+NWmBPqBW58swf7F
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/DeathV6/prflog_cfg.exe vmprotect -
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/DeathV6/Driver.sys unpack001/DeathV6/ProjectDeathV6.dll unpack001/DeathV6/prflog_cfg.exe unpack001/DeathV6/smap.exe
Files
-
DeathV6.rar.rar
-
DeathV6/Driver.sys.sys windows:10 windows x64 arch:x64
7ab4fcfae142b97d42523a545bf0f7eb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
__C_specific_handler
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeEnterGuardedRegion
KeLeaveGuardedRegion
ExAllocatePool
ExFreePoolWithTag
ProbeForWrite
IoGetCurrentProcess
ObfDereferenceObject
PsGetProcessId
PsGetThreadId
ZwSetInformationThread
NtClose
NtAllocateVirtualMemory
NtFreeVirtualMemory
KeAttachProcess
KeDetachProcess
KeSetIdealProcessorThread
PsLookupProcessByProcessId
PsLookupThreadByThreadId
ObOpenObjectByPointer
ZwQueryVirtualMemory
ZwFlushVirtualMemory
NtQueryInformationProcess
NtSetInformationProcess
PsRegisterPicoProvider
ZwLockVirtualMemory
ZwUnlockVirtualMemory
ZwProtectVirtualMemory
ZwQueryInformationThread
NtWaitForSingleObject
PsSuspendProcess
PsResumeProcess
PsLookupProcessThreadByCid
MmCopyVirtualMemory
PsGetContextThread
PsSetContextThread
PsGetThreadTeb
NtQuerySystemInformationEx
PsProcessType
PsThreadType
MmHighestUserAddress
tolower
strstr
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl
ZwQuerySystemInformation
RtlFindExportedRoutineByName
RtlCopyUnicodeString
DbgPrintEx
ExGetPreviousMode
ProbeForRead
ZwFlushInstructionCache
DbgPrint
wdfldr.sys
WdfVersionUnbind
WdfVersionBind
WdfVersionUnbindClass
WdfVersionBindClass
Sections
.text Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 528B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 252B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DeathV6/ProjectDeathV6.dll.dll windows:6 windows x64 arch:x64
d08fa82ee892d2bcb18358a25b645c7a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
ExitProcess
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
GetTempPathA
GetCurrentProcess
K32GetModuleInformation
GetModuleHandleW
SetEndOfFile
WriteConsoleW
HeapSize
GetProcAddress
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetTickCount64
CreateFileW
GetModuleHandleA
GetLastError
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
SetLastError
FreeLibrary
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
OpenThread
Sleep
CloseHandle
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
TerminateProcess
GetProcessHeap
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
GetModuleFileNameW
ReadFile
GetModuleHandleExW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteFile
GetConsoleCP
user32
GetAsyncKeyState
CallWindowProcW
SetWindowLongPtrW
MessageBoxA
GetForegroundWindow
FindWindowW
GetKeyState
GetCapture
ClientToScreen
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
MessageBoxW
d3d11
D3D11CreateDeviceAndSwapChain
imm32
ImmSetCompositionWindow
ImmGetContext
Exports
Exports
?DoResize@rend@@YAJPEAUIDXGISwapChain@@IIIW4DXGI_FORMAT@@I@Z
?WndProc@rend@@YA_JPEAUHWND__@@I_K_J@Z
Sections
.text Size: 541KB - Virtual size: 540KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 127KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.detourd Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DeathV6/READ ME.txt
-
DeathV6/phymem64.sys.sys windows:5 windows x64 arch:x64
69260cce3156aa2dc0540fb78f5fe826
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before08/11/2006, 00:00Not After07/11/2021, 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
36:76:64:2b:a9:1b:1d:0b:df:1d:3a:d0:a6:ef:af:4bCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before14/09/2012, 00:00Not After13/11/2015, 23:59SubjectCN=Super Micro Computer\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=Super Micro Computer\, Inc.,L=San Jose,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
52:a8:cd:44:64:69:73:b5:9c:24:4b:5f:7b:04:b3:3a:41:26:34:a2Signer
Actual PE Digest52:a8:cd:44:64:69:73:b5:9c:24:4b:5f:7b:04:b3:3a:41:26:34:a2Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
KeWaitForSingleObject
IofCallDriver
IoBuildSynchronousFsdRequest
KeInitializeEvent
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlInitUnicodeString
ExAllocatePool
IofCompleteRequest
ExFreePoolWithTag
IoFreeMdl
MmUnmapLockedPages
MmUnmapIoSpace
ExReleaseFastMutex
ExAcquireFastMutex
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmMapIoSpace
IoDeleteSymbolicLink
MmMapLockedPagesSpecifyCache
IoGetDeviceObjectPointer
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 292B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 742B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DeathV6/prflog.bat
-
DeathV6/prflog64.sys.sys windows:5 windows x64 arch:x64
cc81a908891587ccac8059435eda4c66
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0c:12:06:00:00:00:00:00:1bCertificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2006, 17:01Not After23/05/2016, 17:11SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
24:84:72:54:2c:24:ab:8e:42:92:29:ac:f1:21:ca:26Certificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before23/08/2010, 00:00Not After17/10/2013, 23:59SubjectCN=Giga-Byte Technology,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Testing Department,O=Giga-Byte Technology,L=Taipei Hsien,ST=Taiwan,C=TWExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0f:50:34:fc:f5:b3:4b:e2:2a:72:d2:ec:c2:9e:34:8e:93:b6:f0:0fSigner
Actual PE Digest0f:50:34:fc:f5:b3:4b:e2:2a:72:d2:ec:c2:9e:34:8e:93:b6:f0:0fDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
f:\ycc\gdrv64\objfre_wnet_AMD64\amd64\gdrv64.pdb
Imports
ntoskrnl.exe
IoCreateDevice
RtlInitUnicodeString
DbgPrint
IoDeleteSymbolicLink
ExFreePoolWithTag
MmUnmapIoSpace
IoFreeMdl
MmUnmapLockedPages
MmMapIoSpace
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
IoCreateSymbolicLink
KeAcquireInStackQueuedSpinLock
MmFreeContiguousMemory
MmIsAddressValid
MmAllocateContiguousMemory
MmGetPhysicalAddress
IofCompleteRequest
ExAllocatePoolWithTag
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
ZwUnmapViewOfSection
KeReleaseInStackQueuedSpinLock
IoDeleteDevice
hal
HalTranslateBusAddress
Sections
.text Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 344B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DeathV6/prflog_cfg.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: - Virtual size: 162KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp0 Size: - Virtual size: 165KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.vmp1 Size: 427KB - Virtual size: 426KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 61KB - Virtual size: 61KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DeathV6/smap.bat
-
DeathV6/smap.exe.exe windows:6 windows x64 arch:x64
dad26d3f0e112e7d2ce4bf90247d9d55
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\voxdz\Desktop\niggur\smap\x64\Release\smap.pdb
Imports
kernel32
GetProcessId
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
CloseHandle
CreateFileMappingW
MapViewOfFile
WriteProcessMemory
Sleep
LoadLibraryW
VirtualProtectEx
GetProcAddress
VirtualAllocEx
VirtualFreeEx
HeapFree
SetLastError
LoadLibraryA
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
FreeLibrary
IsBadReadPtr
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Module32FirstW
Module32NextW
SetEndOfFile
WriteConsoleW
HeapSize
GetLastError
FormatMessageA
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LocalFree
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
HeapReAlloc
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
FlushFileBuffers
ReadFile
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
CreateFileW
RtlUnwind
shlwapi
StrStrIA
Exports
Exports
??0AsmParser@asmtk@@QEAA@PEAVBaseEmitter@asmjit@@@Z
??0AsmTokenizer@asmtk@@QEAA@XZ
??0Assembler@x86@asmjit@@QEAA@PEAVCodeHolder@2@@Z
??0BaseAssembler@asmjit@@QEAA@XZ
??0BaseBuilder@asmjit@@QEAA@XZ
??0BaseCompiler@asmjit@@QEAA@XZ
??0BaseEmitter@asmjit@@QEAA@I@Z
??0Builder@x86@asmjit@@QEAA@PEAVCodeHolder@2@@Z
??0CodeHolder@asmjit@@QEAA@XZ
??0Compiler@x86@asmjit@@QEAA@PEAVCodeHolder@2@@Z
??0ConstPool@asmjit@@QEAA@PEAVZone@1@@Z
??0ErrorHandler@asmjit@@QEAA@XZ
??0FileLogger@asmjit@@QEAA@PEAU_iobuf@@@Z
??0FuncPass@asmjit@@QEAA@PEBD@Z
??0JitAllocator@asmjit@@QEAA@PEBUCreateParams@01@@Z
??0JitRuntime@asmjit@@QEAA@PEBUCreateParams@JitAllocator@1@@Z
??0Logger@asmjit@@QEAA@XZ
??0Pass@asmjit@@QEAA@PEBD@Z
??0StringLogger@asmjit@@QEAA@XZ
??0Target@asmjit@@QEAA@XZ
??1AsmParser@asmtk@@QEAA@XZ
??1AsmTokenizer@asmtk@@QEAA@XZ
??1Assembler@x86@asmjit@@UEAA@XZ
??1BaseAssembler@asmjit@@UEAA@XZ
??1BaseBuilder@asmjit@@UEAA@XZ
??1BaseCompiler@asmjit@@UEAA@XZ
??1BaseEmitter@asmjit@@UEAA@XZ
??1Builder@x86@asmjit@@UEAA@XZ
??1CodeHolder@asmjit@@QEAA@XZ
??1Compiler@x86@asmjit@@UEAA@XZ
??1ConstPool@asmjit@@QEAA@XZ
??1ErrorHandler@asmjit@@UEAA@XZ
??1FileLogger@asmjit@@UEAA@XZ
??1JitAllocator@asmjit@@QEAA@XZ
??1JitRuntime@asmjit@@UEAA@XZ
??1Logger@asmjit@@UEAA@XZ
??1Pass@asmjit@@UEAA@XZ
??1StringLogger@asmjit@@UEAA@XZ
??1Target@asmjit@@UEAA@XZ
??_FAssembler@x86@asmjit@@QEAAXXZ
??_FBuilder@x86@asmjit@@QEAAXXZ
??_FCompiler@x86@asmjit@@QEAAXXZ
??_FFileLogger@asmjit@@QEAAXXZ
??_FJitAllocator@asmjit@@QEAAXXZ
??_FJitRuntime@asmjit@@QEAAXXZ
?_add@JitRuntime@asmjit@@UEAAIPEAPEAXPEAVCodeHolder@2@@Z
?_alloc@Zone@asmjit@@QEAAPEAX_K0@Z
?_alloc@ZoneAllocator@asmjit@@QEAAPEAX_KAEA_K@Z
?_allocZeroed@ZoneAllocator@asmjit@@QEAAPEAX_KAEA_K@Z
?_append@ZoneBitVector@asmjit@@QEAAIPEAVZoneAllocator@2@_N@Z
?_cleanupBlock@ZoneStackBase@asmjit@@QEAAXI_K@Z
?_commonInfoTable@InstDB@x86@asmjit@@3QBUCommonInfo@123@B
?_emit@Assembler@x86@asmjit@@UEAAIIAEBUOperand_@3@000@Z
?_emit@BaseAssembler@asmjit@@UEAAIIAEBUOperand_@2@00000@Z
?_emit@BaseBuilder@asmjit@@UEAAIIAEBUOperand_@2@00000@Z
?_emit@BaseBuilder@asmjit@@UEAAIIAEBUOperand_@2@000@Z
?_emitOpArray@BaseAssembler@asmjit@@UEAAIIPEBUOperand_@2@_K@Z
?_grow@ZoneVectorBase@asmjit@@IEAAIPEAVZoneAllocator@2@II@Z
?_init@Zone@asmjit@@QEAAX_K0PEBUTemporary@Support@2@@Z
?_init@ZoneStackBase@asmjit@@QEAAIPEAVZoneAllocator@2@_K@Z
?_insert@ZoneHashBase@asmjit@@QEAAPEAVZoneHashNode@2@PEAVZoneAllocator@2@PEAV32@@Z
?_instInfoTable@InstDB@x86@asmjit@@3QBUInstInfo@123@B
?_instSignatureTable@InstDB@x86@asmjit@@3QBUInstSignature@123@B
?_log@FileLogger@asmjit@@UEAAIPEBD_K@Z
?_log@StringLogger@asmjit@@UEAAIPEBD_K@Z
?_newConst@BaseCompiler@asmjit@@QEAAIAEAVBaseMem@2@IPEBX_K@Z
?_newReg@BaseCompiler@asmjit@@QEAAIAEAVBaseReg@2@AEBV32@PEBD@Z
?_newReg@BaseCompiler@asmjit@@QEAAIAEAVBaseReg@2@AEBV32@PEBDPEAD@Z
?_newReg@BaseCompiler@asmjit@@QEAAIAEAVBaseReg@2@IPEBD@Z
?_newReg@BaseCompiler@asmjit@@QEAAIAEAVBaseReg@2@IPEBDPEAD@Z
?_newStack@BaseCompiler@asmjit@@QEAAIAEAVBaseMem@2@IIPEBD@Z
?_opChar@String@asmjit@@QEAAIID@Z
?_opChars@String@asmjit@@QEAAIID_K@Z
?_opFormat@String@asmjit@@QEAAIIPEBDZZ
?_opHex@String@asmjit@@QEAAIIPEBX_KD@Z
?_opNumber@String@asmjit@@QEAAII_KI0I@Z
?_opSignatureTable@InstDB@x86@asmjit@@3QBUOpSignature@123@B
?_opString@String@asmjit@@QEAAIIPEBD_K@Z
?_opVFormat@String@asmjit@@QEAAIIPEBDPEAD@Z
?_prepareBlock@ZoneStackBase@asmjit@@QEAAII_K@Z
?_rehash@ZoneHashBase@asmjit@@QEAAXPEAVZoneAllocator@2@I@Z
?_release@JitRuntime@asmjit@@UEAAIPEAX@Z
?_releaseDynamic@ZoneAllocator@asmjit@@QEAAXPEAX_K@Z
?_remove@ZoneHashBase@asmjit@@QEAAPEAVZoneHashNode@2@PEAVZoneAllocator@2@PEAV32@@Z
?_reserve@ZoneVectorBase@asmjit@@IEAAIPEAVZoneAllocator@2@II@Z
?_resize@ZoneBitVector@asmjit@@QEAAIPEAVZoneAllocator@2@II_N@Z
?_resize@ZoneVectorBase@asmjit@@IEAAIPEAVZoneAllocator@2@II@Z
?_setArg@FuncCallNode@asmjit@@QEAA_NIAEBUOperand_@2@@Z
?_setRet@FuncCallNode@asmjit@@QEAA_NIAEBUOperand_@2@@Z
?_typeData@Type@asmjit@@3UTypeData@12@B
?_zeroBlock@Zone@asmjit@@2UBlock@12@B
?add@ConstPool@asmjit@@QEAAIPEBX_KAEA_K@Z
?addAddressToAddressTable@CodeHolder@asmjit@@QEAAI_K@Z
?addAfter@BaseBuilder@asmjit@@QEAAPEAVBaseNode@2@PEAV32@0@Z
?addBefore@BaseBuilder@asmjit@@QEAAPEAVBaseNode@2@PEAV32@0@Z
?addCall@BaseCompiler@asmjit@@QEAAPEAVFuncCallNode@2@IAEBUOperand_@2@AEBUFuncSignature@2@@Z
?addEmitterOptions@CodeHolder@asmjit@@QEAAXI@Z
?addFunc@BaseCompiler@asmjit@@QEAAPEAVFuncNode@2@AEBUFuncSignature@2@@Z
?addFunc@BaseCompiler@asmjit@@QEAAPEAVFuncNode@2@PEAV32@@Z
?addNode@BaseBuilder@asmjit@@QEAAPEAVBaseNode@2@PEAV32@@Z
?addPass@BaseBuilder@asmjit@@QEAAIPEAVPass@2@@Z
?addRet@BaseCompiler@asmjit@@QEAAPEAVFuncRetNode@2@AEBUOperand_@2@0@Z
?align@Assembler@x86@asmjit@@UEAAIII@Z
?align@BaseBuilder@asmjit@@UEAAIII@Z
?alloc@JitAllocator@asmjit@@QEAAIPEAPEAX0_K@Z
?alloc@VirtMem@asmjit@@YAIPEAPEAX_KI@Z
?allocDualMapping@VirtMem@asmjit@@YAIPEAUDualMapping@12@_KI@Z
?allocZeroed@Zone@asmjit@@QEAAPEAX_K0@Z
?assertionFailed@DebugUtils@asmjit@@YAXPEBDH0@Z
?assignString@String@asmjit@@QEAAIPEBD_K@Z
?attach@CodeHolder@asmjit@@QEAAIPEAVBaseEmitter@2@@Z
?bind@BaseAssembler@asmjit@@UEAAIAEBVLabel@2@@Z
?bind@BaseBuilder@asmjit@@UEAAIAEBVLabel@2@@Z
?bindLabel@CodeHolder@asmjit@@QEAAIAEBVLabel@2@I_K@Z
?clear@String@asmjit@@QEAAIXZ
?clearEmitterOptions@CodeHolder@asmjit@@QEAAXI@Z
?codeSize@CodeHolder@asmjit@@QEBA_KXZ
?comment@BaseAssembler@asmjit@@UEAAIPEBD_K@Z
?comment@BaseBuilder@asmjit@@UEAAIPEBD_K@Z
?commentf@BaseEmitter@asmjit@@QEAAIPEBDZZ
?commentv@BaseEmitter@asmjit@@QEAAIPEBDPEAD@Z
?copyFlattenedData@CodeHolder@asmjit@@QEAAIPEAX_KI@Z
?copyFrom@ZoneBitVector@asmjit@@QEAAIPEAVZoneAllocator@2@AEBV12@@Z
?copySectionData@CodeHolder@asmjit@@QEAAIPEAX_KII@Z
?debugOutput@DebugUtils@asmjit@@YAXPEBD@Z
?deletePass@BaseBuilder@asmjit@@QEAAIPEAVPass@2@@Z
?detach@CodeHolder@asmjit@@QEAAIPEAVBaseEmitter@2@@Z
?dump@BaseBuilder@asmjit@@QEBAIAEAVString@2@I@Z
?dup@Zone@asmjit@@QEAAPEAXPEBX_K_N@Z
?embed@BaseAssembler@asmjit@@UEAAIPEBXI@Z
?embed@BaseBuilder@asmjit@@UEAAIPEBXI@Z
?embedConstPool@BaseAssembler@asmjit@@UEAAIAEBVLabel@2@AEBVConstPool@2@@Z
?embedConstPool@BaseBuilder@asmjit@@UEAAIAEBVLabel@2@AEBVConstPool@2@@Z
?embedLabel@BaseAssembler@asmjit@@UEAAIAEBVLabel@2@@Z
?embedLabel@BaseBuilder@asmjit@@UEAAIAEBVLabel@2@@Z
?embedLabelDelta@BaseAssembler@asmjit@@UEAAIAEBVLabel@2@0I@Z
?embedLabelDelta@BaseBuilder@asmjit@@UEAAIAEBVLabel@2@0I@Z
?emitArgsAssignment@BaseEmitter@asmjit@@QEAAIAEBVFuncFrame@2@AEBVFuncArgsAssignment@2@@Z
?emitEpilog@BaseEmitter@asmjit@@QEAAIAEBVFuncFrame@2@@Z
?emitProlog@BaseEmitter@asmjit@@QEAAIAEBVFuncFrame@2@@Z
?endFunc@BaseCompiler@asmjit@@QEAAIXZ
?ensureAddressTableSection@CodeHolder@asmjit@@QEAAPEAVSection@2@XZ
?eq@String@asmjit@@QEBA_NPEBD_K@Z
?errorAsString@DebugUtils@asmjit@@YAPEBDI@Z
?fill@ConstPool@asmjit@@QEBAXPEAX@Z
?finalize@BaseEmitter@asmjit@@UEAAIXZ
?finalize@Builder@x86@asmjit@@UEAAIXZ
?finalize@Compiler@x86@asmjit@@UEAAIXZ
?finalize@FuncFrame@asmjit@@QEAAIXZ
?flatten@CodeHolder@asmjit@@QEAAIXZ
?flush@JitRuntime@asmjit@@UEAAXPEBX_K@Z
?formatInstruction@Logging@asmjit@@SAIAEAVString@2@IPEBVBaseEmitter@2@IAEBVBaseInst@2@PEBUOperand_@2@I@Z
?formatLabel@Logging@asmjit@@SAIAEAVString@2@IPEBVBaseEmitter@2@I@Z
?formatNode@Logging@asmjit@@SAIAEAVString@2@IPEBVBaseBuilder@2@PEBVBaseNode@2@@Z
?formatOperand@Logging@asmjit@@SAIAEAVString@2@IPEBVBaseEmitter@2@IAEBUOperand_@2@@Z
?formatRegister@Logging@asmjit@@SAIAEAVString@2@IPEBVBaseEmitter@2@III@Z
?formatTypeId@Logging@asmjit@@SAIAEAVString@2@I@Z
?getTickCount@OSUtils@asmjit@@YAIXZ
?growBuffer@CodeHolder@asmjit@@QEAAIPEAUCodeBuffer@2@_K@Z
?host@CpuInfo@asmjit@@SAAEBV12@XZ
?info@VirtMem@asmjit@@YA?AUInfo@12@XZ
?init@ArchInfo@asmjit@@QEAAXII@Z
?init@CallConv@asmjit@@QEAAII@Z
?init@CodeHolder@asmjit@@QEAAIAEBVCodeInfo@2@@Z
?init@FuncDetail@asmjit@@QEAAIAEBUFuncSignature@2@@Z
?init@FuncFrame@asmjit@@QEAAIAEBVFuncDetail@2@@Z
?instIdToString@InstAPI@asmjit@@YAIIIAEAVString@2@@Z
?isLabelValid@BaseEmitter@asmjit@@QEBA_NI@Z
?labelByName@BaseEmitter@asmjit@@QEAA?AVLabel@2@PEBD_KI@Z
?labelIdByName@CodeHolder@asmjit@@QEAAIPEBD_KI@Z
?labelNodeOf@BaseBuilder@asmjit@@QEAAIPEAPEAVLabelNode@2@I@Z
?logBinary@Logger@asmjit@@QEAAIPEBX_K@Z
?logf@Logger@asmjit@@QEAAIPEBDZZ
?logv@Logger@asmjit@@QEAAIPEBDPEAD@Z
?newAlignNode@BaseBuilder@asmjit@@QEAAPEAVAlignNode@2@II@Z
?newCall@BaseCompiler@asmjit@@QEAAPEAVFuncCallNode@2@IAEBUOperand_@2@AEBUFuncSignature@2@@Z
?newCommentNode@BaseBuilder@asmjit@@QEAAPEAVCommentNode@2@PEBD_K@Z
?newConstPoolNode@BaseBuilder@asmjit@@QEAAPEAVConstPoolNode@2@XZ
?newEmbedDataNode@BaseBuilder@asmjit@@QEAAPEAVEmbedDataNode@2@PEBXI@Z
?newFunc@BaseCompiler@asmjit@@QEAAPEAVFuncNode@2@AEBUFuncSignature@2@@Z
?newInstNode@BaseBuilder@asmjit@@QEAAPEAVInstNode@2@IIAEBUOperand_@2@000@Z
?newInstNode@BaseBuilder@asmjit@@QEAAPEAVInstNode@2@IIAEBUOperand_@2@00@Z
?newInstNode@BaseBuilder@asmjit@@QEAAPEAVInstNode@2@IIAEBUOperand_@2@0@Z
?newInstNode@BaseBuilder@asmjit@@QEAAPEAVInstNode@2@IIAEBUOperand_@2@@Z
?newInstNodeRaw@BaseBuilder@asmjit@@QEAAPEAVInstNode@2@III@Z
?newLabel@BaseAssembler@asmjit@@UEAA?AVLabel@2@XZ
?newLabel@BaseBuilder@asmjit@@UEAA?AVLabel@2@XZ
?newLabelEntry@CodeHolder@asmjit@@QEAAIPEAPEAVLabelEntry@2@@Z
?newLabelLink@CodeHolder@asmjit@@QEAAPEAULabelLink@2@PEAVLabelEntry@2@I_K_J@Z
?newLabelNode@BaseBuilder@asmjit@@QEAAPEAVLabelNode@2@XZ
?newNamedLabel@BaseAssembler@asmjit@@UEAA?AVLabel@2@PEBD_KII@Z
?newNamedLabel@BaseBuilder@asmjit@@UEAA?AVLabel@2@PEBD_KII@Z
?newNamedLabelEntry@CodeHolder@asmjit@@QEAAIPEAPEAVLabelEntry@2@PEBD_KII@Z
?newRelocEntry@CodeHolder@asmjit@@QEAAIPEAPEAURelocEntry@2@II@Z
?newRet@BaseCompiler@asmjit@@QEAAPEAVFuncRetNode@2@AEBUOperand_@2@0@Z
?newSection@CodeHolder@asmjit@@QEAAIPEAPEAVSection@2@PEBD_KII@Z
?newVirtReg@BaseCompiler@asmjit@@QEAAPEAVVirtReg@2@IIPEBD@Z
?next@AsmTokenizer@asmtk@@QEAAIPEAUAsmToken@2@I@Z
?nextToken@AsmParser@asmtk@@QEAAIPEAUAsmToken@2@I@Z
?onAttach@Assembler@x86@asmjit@@UEAAIPEAVCodeHolder@3@@Z
?onAttach@BaseAssembler@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onAttach@BaseBuilder@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onAttach@BaseCompiler@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onAttach@Builder@x86@asmjit@@UEAAIPEAVCodeHolder@3@@Z
?onAttach@Compiler@x86@asmjit@@UEAAIPEAVCodeHolder@3@@Z
?onDetach@Assembler@x86@asmjit@@UEAAIPEAVCodeHolder@3@@Z
?onDetach@BaseAssembler@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onDetach@BaseBuilder@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onDetach@BaseCompiler@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onUpdateGlobalInstOptions@BaseEmitter@asmjit@@QEAAXXZ
?opData@x86@asmjit@@3UOpData@12@B
?padEnd@String@asmjit@@QEAAI_KD@Z
?parse@AsmParser@asmtk@@QEAAIPEBD_K@Z
?parseCommand@AsmParser@asmtk@@QEAAIXZ
?passByName@BaseBuilder@asmjit@@QEBAPEAVPass@2@PEBD@Z
?prepare@String@asmjit@@QEAAPEADI_K@Z
?protect@VirtMem@asmjit@@YAIPEAX_KI@Z
?putTokenBack@AsmParser@asmtk@@QEAAXPEAUAsmToken@2@@Z
?queryFeatures@InstAPI@asmjit@@YAIIAEBVBaseInst@2@PEBUOperand_@2@IAEAVBaseFeatures@2@@Z
?queryRWInfo@InstAPI@asmjit@@YAIIAEBVBaseInst@2@PEBUOperand_@2@IAEAUInstRWInfo@2@@Z
?registerLabelNode@BaseBuilder@asmjit@@QEAAIPEAVLabelNode@2@@Z
?release@JitAllocator@asmjit@@QEAAIPEAX@Z
?release@VirtMem@asmjit@@YAIPEAX_K@Z
?releaseDualMapping@VirtMem@asmjit@@YAIPEAUDualMapping@12@_K@Z
?relocateToBase@CodeHolder@asmjit@@QEAAI_K@Z
?removeNode@BaseBuilder@asmjit@@QEAAPEAVBaseNode@2@PEAV32@@Z
?removeNodes@BaseBuilder@asmjit@@QEAAXPEAVBaseNode@2@0@Z
?rename@BaseCompiler@asmjit@@QEAAXAEBVBaseReg@2@PEBDZZ
?reportError@BaseEmitter@asmjit@@QEAAIIPEBD@Z
?reserveBuffer@CodeHolder@asmjit@@QEAAIPEAUCodeBuffer@2@_K@Z
?reset@CodeHolder@asmjit@@QEAAXI@Z
?reset@ConstPool@asmjit@@QEAAXPEAVZone@2@@Z
?reset@JitAllocator@asmjit@@QEAAXI@Z
?reset@String@asmjit@@QEAAIXZ
?reset@Zone@asmjit@@QEAAXI@Z
?reset@ZoneAllocator@asmjit@@QEAAXPEAVZone@2@@Z
?resolveUnresolvedLinks@CodeHolder@asmjit@@QEAAIXZ
?run@FuncPass@asmjit@@UEAAIPEAVZone@2@PEAVLogger@2@@Z
?runPasses@BaseBuilder@asmjit@@QEAAIXZ
?section@BaseAssembler@asmjit@@UEAAIPEAVSection@2@@Z
?section@BaseBuilder@asmjit@@UEAAIPEAVSection@2@@Z
?sectionByName@CodeHolder@asmjit@@QEBAPEAVSection@2@PEBD_K@Z
?sectionNodeOf@BaseBuilder@asmjit@@QEAAIPEAPEAVSectionNode@2@I@Z
?serialize@BaseBuilder@asmjit@@QEAAIPEAVBaseEmitter@2@@Z
?setArg@BaseCompiler@asmjit@@QEAAIIAEBVBaseReg@2@@Z
?setCursor@BaseBuilder@asmjit@@QEAAPEAVBaseNode@2@PEAV32@@Z
?setLogger@CodeHolder@asmjit@@QEAAXPEAVLogger@2@@Z
?setOffset@BaseAssembler@asmjit@@QEAAI_K@Z
?sformat@Zone@asmjit@@QEAAPEADPEBDZZ
?shrink@JitAllocator@asmjit@@QEAAIPEAX_K@Z
?statistics@JitAllocator@asmjit@@QEBA?AUStatistics@12@XZ
?stringToInstId@InstAPI@asmjit@@YAIIPEBD_K@Z
?truncate@String@asmjit@@QEAAI_K@Z
?typeIdToRegInfo@ArchUtils@asmjit@@SAIIAEAIAEAURegInfo@2@@Z
?updateFuncFrame@FuncArgsAssignment@asmjit@@QEBAIAEAVFuncFrame@2@@Z
?updateSectionLinks@BaseBuilder@asmjit@@QEAAXXZ
?validate@InstAPI@asmjit@@YAIIAEBVBaseInst@2@PEBUOperand_@2@I@Z
Sections
.text Size: 465KB - Virtual size: 464KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 497KB - Virtual size: 496KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 192KB - Virtual size: 199KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ