acaedec30ded6075e6b0536f0940d985_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

acaedec30ded6075e6b0536f0940d985_JaffaCakes118
Size

19.9MB
MD5

acaedec30ded6075e6b0536f0940d985
SHA1

aad0bfe78f176547eff7ffa994210424eea5c57f
SHA256

7b1532c273936fca70a5346c9e3117587ae040d815509aa1a4e5a1f42f463688
SHA512

19269de497f20100411d0e8e10a47945ab2a5db2a38bdbe5cd7976ec30c4ab0de198051bfc73c43a8681e43c0ea991279741281c62f04216cf9327df5696b92c
SSDEEP

393216:y72b5U/cEPyqKiMFX7hDr+HNwf7jzEUYA9KfqMNDoEo/BUI:y7QU/cEbMFX7p+twf7fEgYCkoNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 68 IoCs

Checks for missing Authenticode signature.

resource
unpack001/APIOverride.dll
unpack001/APIOverride64.dll
unpack001/ApiOverrideGui.dll
unpack001/ApiOverrideGui64.dll
unpack001/DebugInfosViewer.exe
unpack001/DebugInfosViewer64.exe
unpack001/DllExportFinder.exe
unpack001/DllExportFinder64.exe
unpack001/Dumper.exe
unpack001/Dumper64.exe
unpack001/GccUnmangle.dll
unpack001/GccUnmangle64.dll
unpack001/HeapWalker.exe
unpack001/HeapWalker64.exe
unpack001/HookCom.dll
unpack001/HookCom64.dll
unpack001/HookComGui.dll
unpack001/HookComGui64.dll
unpack001/HookCsrss.dll
unpack001/HookCsrss64.dll
unpack001/HookNet.dll
unpack001/HookNet64.dll
unpack001/HookNetGui.dll
unpack001/HookNetGui64.dll
unpack001/HtmlViewer.dll
unpack001/HtmlViewer64.dll
unpack001/IATLoader.dll
unpack001/IATLoader64.dll
unpack001/InjLib.dll
unpack001/InjLib64.dll
unpack001/KernelMemoryAccess.sys
unpack001/MonitoringFileBuilder.exe
unpack001/MonitoringFileBuilder64.exe
unpack001/Overriding Dll SDK/API/ExeInternal (with target sample)/ReleaseUnicode/FakeExeInternal.dll
unpack001/Overriding Dll SDK/API/ExeInternal (with target sample)/ReleaseUnicode/TargetSample.exe
unpack001/Overriding Dll SDK/API/ExeInternal (with target sample)/ReleaseUnicode64/FakeExeInternal64.dll
unpack001/Overriding Dll SDK/API/ExeInternal (with target sample)/ReleaseUnicode64/TargetSample64.exe
unpack001/Overriding Dll SDK/API/GetDriveType/ReleaseUnicode/GetDriveType.dll
unpack001/Overriding Dll SDK/API/GetDriveType/ReleaseUnicode64/GetDriveType64.dll
unpack001/Overriding Dll SDK/API/HideMe/ReleaseUnicode/HideMe.dll
unpack001/Overriding Dll SDK/API/HideMe/ReleaseUnicode64/HideMe64.dll
unpack001/Overriding Dll SDK/API/MessageBox/ReleaseUnicode/FakeMsgBox.dll
unpack001/Overriding Dll SDK/API/MessageBox/ReleaseUnicode64/FakeMsgBox64.dll
unpack001/Overriding Dll SDK/API/PrePostHooksMsgBox/ReleaseUnicode/FakePrePostHooksMsgBox.dll
unpack001/Overriding Dll SDK/API/PrePostHooksMsgBox/ReleaseUnicode64/FakePrePostHooksMsgBox64.dll
unpack001/Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64 OverridingDll/OverrideAsm64.dll
unpack001/Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64/Asm Target64.exe
unpack001/Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x86 example/Asm Target32/Target32.exe
unpack001/Plugins/MultiConfigManager.dll
unpack001/Plugins64/MultiConfigManager64.dll
unpack001/ProcMonDrvJP.sys
unpack001/ProcMonDrvJP64.sys
unpack001/RemoteStack64.dll
unpack001/SetEnvVarProc.dll
unpack001/SetEnvVarProc64.dll
unpack001/StaticImportFinder.exe
unpack001/StaticImportFinder64.exe
unpack001/StubResolver.exe
unpack001/StubResolver64.exe
unpack001/UserTypesAndDefinesChecker.exe
unpack001/UserTypesAndDefinesChecker64.exe
unpack001/WinAPIOverride32.exe
unpack001/WinAPIOverride64.exe
unpack001/WinSxS/WinXPx86/dbghelp.dll
unpack001/WinSxS/WinXPx86/msdia80.dll
unpack001/WinSxS/WinXPx86/symsrv.dll
unpack001/x86CrossCompatibility.exe
unpack001/x86GetProcAddress.exe

Files

acaedec30ded6075e6b0536f0940d985_JaffaCakes118
.zip
APIOverride.dll
.dll windows:5 windows x86 arch:x86

4ef08d77da22bdc159576bf4a9e4c27f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\ReleaseUnicode\APIOverrideWin32.pdb

Imports

kernel32

MultiByteToWideChar
IsBadCodePtr
FindClose
FindFirstFileW
GetWindowsDirectoryW
FreeResource
LockResource
LoadResource
FindResourceW
FreeLibrary
EnumResourceNamesW
LoadLibraryExW
GetVersionExW
Module32NextW
WaitForSingleObject
CloseHandle
Module32FirstW
CreateToolhelp32Snapshot
CreateEventW
ReadFile
WriteFile
SetEvent
IsBadWritePtr
GetLastError
WaitForMultipleObjects
CreateThread
ResetEvent
CreateFileW
WaitNamedPipeW
VirtualQueryEx
GetCurrentProcess
OpenProcess
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
IsBadReadPtr
GetModuleFileNameW
GetModuleHandleW
VirtualFree
GetCurrentThreadId
TlsGetValue
TlsSetValue
TlsAlloc
VirtualProtect
Sleep
GetProcAddress
LoadLibraryW
GetCurrentProcessId
QueryPerformanceCounter
SetThreadPriority
GetCurrentThread
TerminateProcess
ExitThread
SuspendThread
GetThreadPriority
GetTickCount
TerminateThread
ResumeThread
OpenThread
Thread32Next
Thread32First
GetThreadContext
RtlCaptureContext
SetEndOfFile
SetFilePointer
FreeLibraryAndExitThread
TlsFree
GetMailslotInfo
CreateMailslotW
FormatMessageW
GetUserDefaultLangID
OpenEventW
GetSystemInfo
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
QueryPerformanceFrequency
SetLastError
FlushInstructionCache
VirtualProtectEx
WideCharToMultiByte
CreateMutexW
GetEnvironmentVariableW
GetSystemDirectoryW
SetFilePointerEx
GetModuleHandleExW
GetProcessHeap
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
DuplicateHandle
GetFileSizeEx
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
FileTimeToSystemTime
Toolhelp32ReadProcessMemory
InterlockedIncrement
InterlockedDecrement
RtlUnwind
RaiseException
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
LCMapStringA
GetStdHandle
GetModuleFileNameA
HeapSize
ExitProcess
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
APIOverride64.dll
.dll windows:5 windows x64 arch:x64

9a526800c2596f88d5c5f18db63711f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\APIOverridex64.pdb

Imports

kernel32

MultiByteToWideChar
IsBadCodePtr
FindClose
FindFirstFileW
GetWindowsDirectoryW
FreeResource
LockResource
LoadResource
FindResourceW
FreeLibrary
EnumResourceNamesW
LoadLibraryExW
GetVersionExW
Module32NextW
WaitForSingleObject
CloseHandle
Module32FirstW
CreateToolhelp32Snapshot
CreateEventW
ReadFile
WriteFile
SetEvent
IsBadWritePtr
WaitForMultipleObjects
GetLastError
CreateThread
ResetEvent
CreateFileW
WaitNamedPipeW
RtlVirtualUnwind
RtlLookupFunctionEntry
IsBadReadPtr
RtlCaptureContext
ResumeThread
GetThreadContext
SuspendThread
OpenThread
GetCurrentThreadId
VirtualQueryEx
GetCurrentProcess
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleW
VirtualFree
TlsGetValue
TlsSetValue
TlsAlloc
VirtualProtect
Sleep
VirtualAllocEx
GetProcAddress
LoadLibraryW
GetCurrentProcessId
QueryPerformanceCounter
SetThreadPriority
GetCurrentThread
GetTickCount
TerminateThread
TerminateProcess
ExitThread
GetThreadPriority
RtlDeleteFunctionTable
RtlInstallFunctionTableCallback
Thread32Next
Thread32First
SetEndOfFile
SetFilePointer
FreeLibraryAndExitThread
TlsFree
GetMailslotInfo
CreateMailslotW
FormatMessageW
GetUserDefaultLangID
OpenEventW
GetSystemInfo
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
QueryPerformanceFrequency
SetLastError
WideCharToMultiByte
CreateMutexW
GetEnvironmentVariableW
GetSystemWow64DirectoryW
GetSystemDirectoryW
SetFilePointerEx
GetModuleHandleExW
GetProcessHeap
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
FileTimeToSystemTime
RtlUnwindEx
DecodePointer
EncodePointer
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
FlsGetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSetInformation
GetVersion
GetStringTypeW
GetStdHandle
HeapSize
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetStdHandle
WriteConsoleW
FlushFileBuffers

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApiOverrideGui.dll
.dll windows:5 windows x86 arch:x86

70edf9a931d932ff81a1cd9167c7026a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\ReleaseUnicode\ApiOverrideGui.pdb

Imports

kernel32

CreateEventW
WaitForMultipleObjects
HeapAlloc
HeapFree
GetTickCount
HeapDestroy
HeapCreate
GetVersion
GetPrivateProfileStringW
GetPrivateProfileIntW
GetProcessHeap
WideCharToMultiByte
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExW
VirtualQueryEx
OpenProcess
VirtualFreeEx
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
GetCurrentProcess
Thread32First
Thread32Next
SetLastError
CreateToolhelp32Snapshot
DuplicateHandle
GetCurrentProcessId
SuspendThread
ResumeThread
CreateProcessW
MulDiv
GetThreadContext
RtlCaptureContext
SetThreadPriority
GetThreadTimes
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ResetEvent
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
LCMapStringA
ExitProcess
LCMapStringW
GetModuleFileNameA
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RaiseException
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetEvent
GetModuleHandleA
CreateThread
GetCurrentThreadId
DeleteCriticalSection
OpenThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
Sleep
MultiByteToWideChar
ReadFile
IsBadCodePtr
WriteFile
WaitForSingleObject
SetFilePointer
CloseHandle
GetFileSizeEx
CreateFileW
GetModuleFileNameW
IsBadWritePtr
CreateDirectoryW
GlobalFree
GlobalUnlock
GlobalAlloc
IsBadReadPtr
GlobalLock
GetProcAddress
GetLastError
FormatMessageW
LoadLibraryW
GetModuleHandleW
SetStdHandle
FreeLibrary

user32

IntersectRect
EqualRect
MapWindowPoints
GetPropW
DrawIconEx
SetForegroundWindow
GetMenuItemInfoW
PtInRect
InsertMenuItemW
CreateIconIndirect
GetIconInfo
SetPropW
RemovePropW
FindWindowExW
FlashWindow
MessageBoxW
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
PostMessageW
EnumThreadWindows
GetWindowThreadProcessId
EnableWindow
GetWindowTextW
GetWindowTextLengthW
GetDC
GetMenuItemRect
TrackPopupMenuEx
AppendMenuW
ReleaseDC
EnableMenuItem
GetMenuState
CreatePopupMenu
SetMenuInfo
GetMenuItemCount
RemoveMenu
InsertMenuW
DestroyMenu
DestroyIcon
SetMenuItemInfoW
FillRect
KillTimer
GetKeyState
GetFocus
GetParent
SetFocus
GetSysColor
GetMessageW
PostQuitMessage
IsIconic
GetClassInfoExW
TranslateMessage
RegisterClassExW
LoadIconW
CreateWindowExW
UpdateWindow
DefWindowProcW
MoveWindow
DispatchMessageW
SetWindowTextW
DestroyWindow
SetCursor
RealGetWindowClassW
ScreenToClient
GetWindowRect
LoadImageW
DialogBoxParamW
LoadCursorW
GetClientRect
GetWindowLongW
GetDlgItem
SetWindowLongW
EndDialog
RedrawWindow
SetWindowPos
GetCursorPos
ShowWindow
CreateDialogParamW
GetSystemMetrics
SendMessageW
GetMenuInfo

gdi32

GetDeviceCaps
CreateFontW
BitBlt
DeleteDC
CreateDIBSection
CreateBitmap
SelectObject
CreateCompatibleDC
Rectangle
CreateSolidBrush
ExtTextOutW
DeleteObject
SetBkMode
SetBkColor
SetTextColor
GetTextExtentPoint32W
GetObjectW
CreatePen

comdlg32

GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ExtractIconExW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

SysFreeString

shlwapi

SHAutoComplete

comctl32

ImageList_ReplaceIcon
ord413
ImageList_Destroy
ImageList_Draw
ImageList_Create
ord410
ImageList_Remove
ord412
ImageList_GetIcon
InitCommonControlsEx

Exports

Exports

_CloseCurrentGuis@4
_RemoteGuiServerStart@4
_RemoteGuiServerStop@4

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ApiOverrideGui64.dll
.dll windows:5 windows x64 arch:x64

86a0700600b253c49bb821dc3c5167ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\ReleaseUnicode\ApiOverrideGui64.pdb

Imports

kernel32

CreateEventW
WaitForMultipleObjects
HeapAlloc
HeapFree
GetTickCount
HeapDestroy
HeapCreate
GetVersion
GetPrivateProfileStringW
GetPrivateProfileIntW
GetProcessHeap
WideCharToMultiByte
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExW
VirtualQueryEx
OpenProcess
VirtualFreeEx
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
GetCurrentProcess
Thread32First
Thread32Next
SetLastError
CreateToolhelp32Snapshot
DuplicateHandle
GetNativeSystemInfo
GetCurrentProcessId
SuspendThread
ResumeThread
CreateProcessW
MulDiv
GetThreadContext
RtlCaptureContext
SetThreadPriority
Wow64SuspendThread
GetThreadTimes
ResetEvent
SetStdHandle
HeapReAlloc
SetEnvironmentVariableA
CompareStringW
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
HeapSize
InitializeCriticalSectionAndSpinCount
ExitProcess
LCMapStringW
GetStdHandle
HeapSetInformation
FlsAlloc
FlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
FlsSetValue
RtlUnwindEx
EncodePointer
DecodePointer
SetEvent
CreateThread
GetCurrentThreadId
DeleteCriticalSection
OpenThread
EnterCriticalSection
WriteConsoleW
LeaveCriticalSection
InitializeCriticalSection
Sleep
MultiByteToWideChar
ReadFile
IsBadCodePtr
WriteFile
WaitForSingleObject
SetFilePointer
CloseHandle
GetFileSizeEx
CreateFileW
GetModuleFileNameW
IsBadWritePtr
CreateDirectoryW
GlobalFree
GlobalUnlock
GlobalAlloc
IsBadReadPtr
GlobalLock
GetProcAddress
GetLastError
FormatMessageW
LoadLibraryW
GetModuleHandleW
Wow64GetThreadContext
FreeLibrary

user32

IntersectRect
EqualRect
MapWindowPoints
GetPropW
DrawIconEx
SetForegroundWindow
GetMenuItemInfoW
PtInRect
InsertMenuItemW
CreateIconIndirect
GetIconInfo
GetDC
GetMenuItemRect
TrackPopupMenuEx
AppendMenuW
ReleaseDC
EnableMenuItem
SetPropW
CreatePopupMenu
SetMenuInfo
GetMenuItemCount
RemoveMenu
GetMenuInfo
InsertMenuW
DestroyMenu
RemovePropW
FindWindowExW
MessageBoxW
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
PostMessageW
EnumThreadWindows
GetWindowThreadProcessId
EnableWindow
GetWindowTextLengthW
GetWindowTextW
GetMenuState
FlashWindow
DestroyIcon
SetMenuItemInfoW
FillRect
GetKeyState
GetFocus
GetParent
SetFocus
GetSysColor
GetMessageW
PostQuitMessage
IsIconic
GetClassInfoExW
TranslateMessage
RegisterClassExW
LoadIconW
CreateWindowExW
UpdateWindow
DefWindowProcW
MoveWindow
DispatchMessageW
SetWindowTextW
DestroyWindow
SetCursor
RealGetWindowClassW
ScreenToClient
GetWindowRect
LoadImageW
DialogBoxParamW
LoadCursorW
GetWindowLongPtrW
GetClientRect
GetDlgItem
EndDialog
RedrawWindow
SetWindowPos
GetCursorPos
ShowWindow
CreateDialogParamW
GetSystemMetrics
SetWindowLongPtrW
SendMessageW
KillTimer

gdi32

GetDeviceCaps
CreateFontW
BitBlt
DeleteDC
CreateDIBSection
CreateBitmap
SelectObject
CreateCompatibleDC
Rectangle
GetObjectW
CreatePen
GetTextExtentPoint32W
SetTextColor
SetBkColor
SetBkMode
DeleteObject
CreateSolidBrush
ExtTextOutW

comdlg32

GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ExtractIconExW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

SysFreeString

shlwapi

SHAutoComplete

comctl32

ImageList_ReplaceIcon
ord413
ImageList_Destroy
ImageList_Draw
ImageList_Create
ord410
ImageList_Remove
ord412
ImageList_GetIcon
InitCommonControlsEx

Exports

Exports

CloseCurrentGuis
RemoteGuiServerStart
RemoteGuiServerStop

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
COM_HookedCLSID.txt
COM_NotHookedCLSID.txt
COM_ObjectCreationHookedFunctions.txt
DebugInfosViewer.exe
.exe windows:5 windows x86 arch:x86

65ca2cec9cb1bf9cd766389023172dca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\_programmation\APIOverride\Tools\DebugInfos\DebugInfosTest\Win32ReleaseUnicode\DebugInfosViewerWin32.pdb

Imports

kernel32

WideCharToMultiByte
FormatMessageW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
IsBadCodePtr
GetEnvironmentVariableW
GetSystemDirectoryW
CreateEventW
WaitForSingleObject
SetEvent
WaitForMultipleObjects
ResetEvent
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersion
GetModuleFileNameW
CreateDirectoryW
DeleteFileW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
HeapSize
WriteFile
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
MultiByteToWideChar
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
GetConsoleMode
GetConsoleCP
GetModuleHandleA
ExitProcess
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
Sleep
LoadLibraryExW
EnumResourceNamesW
FreeLibrary
SetEndOfFile
FindResourceW
LoadResource
LockResource
FreeResource
GetWindowsDirectoryW
FindFirstFileW
SetFilePointerEx
ReadFile
GetLastError
CreateThread
SetFilePointer
GetVersionExW
LoadLibraryW
HeapFree
HeapAlloc
IsBadReadPtr
IsBadWritePtr
GetProcessHeap
GetPrivateProfileIntW
GetTickCount
GetPrivateProfileStringW
FindClose
GetFileSizeEx
CreateFileW
GetModuleHandleW
GetProcAddress
GetLocaleInfoA
CloseHandle

user32

SetDlgItemTextW
EndDialog
PostMessageW
GetDlgItem
DialogBoxParamW
MessageBoxW
SetWindowPos
GetClientRect
SetCursorPos
GetCursorPos
SetCursor
GetMessagePos
SendMessageW
RemovePropW
MapWindowPoints
SetPropW
GetSysColorBrush
SetClassLongW
InsertMenuItemW
SetForegroundWindow
TrackPopupMenuEx
GetSysColor
GetMenuItemRect
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
PtInRect
DestroyIcon
DrawIconEx
GetDC
ReleaseDC
CreateIconIndirect
GetIconInfo
GetMenuItemCount
AppendMenuW
CheckMenuItem
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
LoadIconW
GetClassInfoExW
RegisterClassExW
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
IsIconic
PostQuitMessage
DefWindowProcW
DestroyWindow
MoveWindow
GetWindowRect
CreateWindowExW
ShowWindow
GetWindow
SetLayeredWindowAttributes
RedrawWindow
ScreenToClient
GetSystemMetrics
LoadImageW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetWindowLongW
SetWindowLongW
EnableWindow
IsDlgButtonChecked
GetDlgItemTextW
ClientToScreen
WindowFromPoint
SendDlgItemMessageW
DestroyMenu

gdi32

CreateSolidBrush
Rectangle
CreateBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
CreateFontW
DeleteObject
CreatePen

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

comctl32

InitCommonControlsEx
ImageList_Destroy
ord17
ord413
ord412
ord410
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DebugInfosViewer64.exe
.exe windows:5 windows x64 arch:x64

d406c0256ff87be162b6a18f00ac77ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\_programmation\APIOverride\Tools\DebugInfos\DebugInfosTest\x64ReleaseUnicode\DebugInfosViewer64x64.pdb

Imports

kernel32

WideCharToMultiByte
FormatMessageW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
IsBadCodePtr
GetEnvironmentVariableW
GetSystemWow64DirectoryW
GetSystemDirectoryW
CreateEventW
WaitForSingleObject
SetEvent
WaitForMultipleObjects
ResetEvent
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersion
GetModuleFileNameW
CreateDirectoryW
DeleteFileW
HeapReAlloc
WriteConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
CompareStringW
GetStringTypeW
HeapSize
GetSystemTimeAsFileTime
MultiByteToWideChar
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ExitProcess
HeapCreate
HeapSetInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
SetLastError
FlsFree
FlsSetValue
FlsGetValue
GetStdHandle
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
EncodePointer
DecodePointer
GetLastError
CreateThread
SetFilePointer
GetVersionExW
LoadLibraryW
HeapFree
HeapAlloc
IsBadReadPtr
IsBadWritePtr
SetEndOfFile
GetProcessHeap
GetPrivateProfileIntW
GetPrivateProfileStringW
Sleep
LoadLibraryExW
EnumResourceNamesW
FreeLibrary
FindResourceW
LoadResource
LockResource
FreeResource
GetWindowsDirectoryW
FindFirstFileW
FindClose
GetFileSizeEx
WriteFile
SetFilePointerEx
ReadFile
CreateFileW
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle

user32

SetForegroundWindow
TrackPopupMenuEx
GetSysColor
GetMenuItemRect
PtInRect
DestroyMenu
InsertMenuItemW
SetClassLongPtrW
GetSysColorBrush
SetPropW
MapWindowPoints
PostMessageW
EndDialog
SetDlgItemTextW
SendMessageW
GetDlgItem
DialogBoxParamW
MessageBoxW
SetWindowPos
GetClientRect
SetCursorPos
GetCursorPos
SetCursor
RemovePropW
GetMessagePos
DestroyIcon
GetDC
ReleaseDC
CreateIconIndirect
GetIconInfo
GetMenuItemCount
AppendMenuW
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
CheckMenuItem
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
LoadIconW
GetClassInfoExW
RegisterClassExW
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
IsIconic
DefWindowProcW
DestroyWindow
MoveWindow
GetWindowRect
CreateWindowExW
ShowWindow
GetWindow
GetWindowLongW
SetLayeredWindowAttributes
RedrawWindow
ScreenToClient
GetSystemMetrics
LoadImageW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetWindowLongPtrW
SetWindowLongPtrW
EnableWindow
IsDlgButtonChecked
GetDlgItemTextW
ClientToScreen
WindowFromPoint
SendDlgItemMessageW
DrawIconEx

gdi32

CreatePen
CreateSolidBrush
Rectangle
DeleteObject
CreateFontW
GetObjectW
BitBlt
SelectObject
CreateDIBSection
DeleteDC
CreateBitmap
CreateCompatibleDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

DragQueryPoint
DragQueryFileW
DragFinish
DragAcceptFiles
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
StringFromCLSID
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

comctl32

ord412
ord410
ord17
InitCommonControlsEx
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Destroy
ord413

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DllExportFinder.chm
.chm
DllExportFinder.exe
.exe windows:5 windows x86 arch:x86

885412b6c53bc0ebe725aa01cf8b40f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\_programmation\APIOverride\DllExportFinder\ReleaseUnicode\DllExportFinder.pdb

Imports

kernel32

TerminateThread
CreateThread
ResetEvent
CreateEventW
GetNativeSystemInfo
GetLastError
WideCharToMultiByte
FormatMessageW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
CreateFileW
GetEnvironmentVariableW
GetSystemDirectoryW
FindNextFileW
IsBadCodePtr
GetCurrentThreadId
HeapCreate
HeapDestroy
GetTickCount
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ReadFile
GetVersion
GetModuleFileNameW
CreateDirectoryW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameW
GetStringTypeW
GetStringTypeA
LCMapStringA
GetVersionExW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
HeapSize
ExitProcess
Sleep
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
FlushFileBuffers
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetFileAttributesW
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapFree
CloseHandle
LoadLibraryExW
EnumResourceNamesW
FreeLibrary
FindResourceW
GetWindowsDirectoryW
LoadLibraryW
MultiByteToWideChar
IsBadWritePtr
IsBadReadPtr
WaitForSingleObject
HeapAlloc
SetEvent
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
GetLocaleInfoA
SetCurrentDirectoryW
LoadResource
FreeResource
LockResource
FindFirstFileW
FindClose

user32

GetWindowTextW
PostMessageW
SendMessageW
RemovePropW
MapWindowPoints
SetPropW
GetSysColorBrush
SetClassLongW
InsertMenuItemW
DestroyMenu
SetForegroundWindow
TrackPopupMenuEx
GetSysColor
GetWindowTextLengthW
InvalidateRect
RedrawWindow
LoadImageW
GetMenuItemRect
PtInRect
DestroyIcon
DrawIconEx
GetDC
ReleaseDC
CreateIconIndirect
GetMenuItemCount
InsertMenuW
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetParent
GetKeyState
RegisterClipboardFormatW
KillTimer
LoadCursorW
SetCursor
GetCursorPos
SetFocus
GetComboBoxInfo
SetWindowLongW
SetLayeredWindowAttributes
ScreenToClient
GetWindowLongW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetSystemMetrics
ShowWindow
GetDlgItemTextW
MessageBoxW
GetClientRect
SetWindowTextW
DialogBoxParamW
GetDlgItem
SetDlgItemTextW
EndDialog
CreateWindowExW
DestroyWindow
SetWindowPos
GetWindowRect
GetIconInfo

gdi32

CreateSolidBrush
Rectangle
CreateBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
CreateFontW
DeleteObject
CreatePen

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc

ole32

CoUninitialize
CoInitialize

shlwapi

SHAutoComplete

comctl32

ord413
InitCommonControlsEx
ord17
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Create
ord412
ord410
ImageList_Destroy

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DllExportFinder64.exe
.exe windows:5 windows x64 arch:x64

6f4b8aed5b510357b7314407248d910a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\_programmation\APIOverride\DllExportFinder\ReleaseUnicode\x64\DllExportFinder64.pdb

Imports

kernel32

TerminateThread
CreateThread
ResetEvent
CreateEventW
GetLastError
WideCharToMultiByte
FormatMessageW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
CreateFileW
GetEnvironmentVariableW
GetSystemWow64DirectoryW
GetSystemDirectoryW
FindNextFileW
IsBadCodePtr
GetCurrentThreadId
HeapCreate
HeapDestroy
GetTickCount
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ReadFile
GetVersion
GetModuleFileNameW
CreateDirectoryW
WriteConsoleW
SetStdHandle
HeapReAlloc
SetEnvironmentVariableA
CompareStringW
GetVersionExW
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
HeapSize
Sleep
InitializeCriticalSectionAndSpinCount
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
HeapSetInformation
FlsAlloc
SetLastError
FlsFree
FlsSetValue
FlsGetValue
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetCommandLineA
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlUnwindEx
FlushFileBuffers
RtlLookupFunctionEntry
LoadLibraryW
MultiByteToWideChar
IsBadWritePtr
IsBadReadPtr
WaitForSingleObject
HeapAlloc
SetEvent
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapFree
CloseHandle
LoadLibraryExW
EnumResourceNamesW
FreeLibrary
FindResourceW
LoadResource
LockResource
FreeResource
GetWindowsDirectoryW
FindFirstFileW
FindClose

user32

DestroyMenu
SetForegroundWindow
TrackPopupMenuEx
GetSysColor
InsertMenuItemW
PtInRect
SetClassLongPtrW
GetSysColorBrush
SetPropW
MapWindowPoints
RemovePropW
PostMessageW
SendMessageW
GetWindowTextW
GetMenuItemRect
DestroyIcon
DrawIconEx
GetDC
ReleaseDC
CreateIconIndirect
GetIconInfo
GetMenuItemCount
InsertMenuW
GetWindowTextLengthW
InvalidateRect
RedrawWindow
LoadImageW
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetKeyState
GetParent
KillTimer
LoadCursorW
SetCursor
GetCursorPos
SetFocus
GetComboBoxInfo
SetWindowLongPtrW
SetLayeredWindowAttributes
ScreenToClient
GetWindowLongPtrW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetSystemMetrics
ShowWindow
GetDlgItemTextW
MessageBoxW
GetClientRect
SetWindowTextW
DialogBoxParamW
GetDlgItem
SetDlgItemTextW
EndDialog
DestroyWindow
CreateWindowExW
SetWindowPos
GetWindowRect

gdi32

CreatePen
CreateSolidBrush
Rectangle
CreateBitmap
CreateCompatibleDC
DeleteObject
CreateFontW
GetObjectW
BitBlt
SelectObject
DeleteDC
CreateDIBSection

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

shlwapi

SHAutoComplete

comctl32

ord412
ord413
ord410
ImageList_ReplaceIcon
ImageList_Remove
ord17
InitCommonControlsEx
ImageList_Destroy
ImageList_Create

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dumper.exe
.exe windows:5 windows x86 arch:x86

3f8b8659effe40a5df1eca0e94a31619

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Thread32First
ResumeThread
GetThreadContext
SuspendThread
RtlCaptureContext
SetThreadPriority
TerminateThread
SetPriorityClass
TerminateProcess
GetNativeSystemInfo
DeleteFileW
GetSystemInfo
SetFilePointerEx
GetFileSizeEx
GetFileSize
GetModuleFileNameW
FormatMessageW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetEnvironmentVariableW
GetWindowsDirectoryW
GetSystemDirectoryW
FindClose
FindFirstFileW
ReadProcessMemory
DeviceIoControl
GetVersionExW
FreeResource
LockResource
LoadResource
FindResourceW
EnumResourceNamesW
LoadLibraryExW
GetVersion
SetLastError
DuplicateHandle
GetTempFileNameW
GetTempPathW
CreateDirectoryW
Toolhelp32ReadProcessMemory
GetCurrentThread
VirtualProtectEx
CopyFileW
HeapCreate
HeapDestroy
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
OpenThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
HeapSize
LCMapStringA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
RtlUnwind
GetThreadTimes
Thread32Next
Module32NextW
GetModuleHandleW
GetProcessTimes
MulDiv
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
FlushFileBuffers
Process32NextW
FreeLibrary
LoadLibraryW
GetProcAddress
WideCharToMultiByte
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
DeleteCriticalSection
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
CreateProcessW
InitializeCriticalSection
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
VirtualQueryEx
OpenProcess
GetProcessHeap
HeapAlloc
HeapFree
CreateMailslotW
ResetEvent
GetMailslotInfo
ReadFile
GetLastError
WaitForMultipleObjects
SetEvent
IsBadWritePtr
CreateEventW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateThread
WaitForSingleObject
CloseHandle
Sleep
SetFilePointer
CreateFileW
WriteFile
IsBadCodePtr
CreateFileA
MultiByteToWideChar

user32

IsRectEmpty
GetParent
GetClassNameW
SetCapture
LoadBitmapW
GetPropW
MapWindowPoints
IntersectRect
EqualRect
InsertMenuItemW
DestroyMenu
TrackPopupMenuEx
GetSysColor
GetMenuItemRect
PtInRect
DrawIconEx
CreateIconIndirect
GetIconInfo
OffsetRect
GetWindowDC
IsWindow
IsWindowVisible
WindowFromPoint
ReleaseCapture
TrackMouseEvent
FillRect
GetSysColorBrush
PostMessageW
SendMessageW
GetDlgItem
SetWindowTextW
ShowWindow
GetClientRect
GetWindowTextW
LoadImageW
SetWindowPos
DestroyIcon
ReleaseDC
GetDC
SetPropW
RemovePropW
GetMenuItemCount
InsertMenuW
RemoveMenu
EnableMenuItem
CheckMenuItem
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetFocus
KillTimer
RegisterClipboardFormatW
GetKeyState
LoadIconW
GetClassInfoExW
RegisterClassExW
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
IsIconic
PostQuitMessage
DefWindowProcW
MoveWindow
CreateWindowExW
ClientToScreen
CreateDialogParamW
SetCursor
LoadCursorW
GetCursorPos
EnumThreadWindows
RealGetWindowClassW
DestroyWindow
GetWindow
ScreenToClient
RedrawWindow
GetWindowThreadProcessId
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetWindowTextLengthW
GetWindowRect
GetSystemMetrics
BringWindowToTop
SetForegroundWindow
SetFocus
GetWindowLongW
SetWindowLongW
DialogBoxParamW
EndDialog
SetDlgItemTextW
MessageBoxW
AppendMenuW

gdi32

ExtTextOutW
SetBkColor
SetBkMode
SetTextColor
GetTextExtentPoint32W
PatBlt
CreatePen
CreateSolidBrush
Rectangle
CreateBitmap
DeleteObject
CreateFontW
GetDeviceCaps
GetObjectW
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

LookupAccountSidW
EnumServicesStatusExW
CloseServiceHandle
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
CreateServiceW
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceW
DeleteService
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW

shell32

SHGetFolderPathW
ShellExecuteExW
ord190
SHOpenFolderAndSelectItems
ord155
ExtractIconExW
ShellExecuteW
SHGetFileInfoW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_Destroy
InitCommonControlsEx
ord413
ord412
ord410
ImageList_GetIcon
ImageList_Draw
ImageList_Remove

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dumper64.exe
.exe windows:5 windows x64 arch:x64

eb50beaec78015d27c307ebc52e98d6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetThreadTimes
Thread32First
Wow64GetThreadContext
Wow64SuspendThread
SetThreadPriority
TerminateThread
SetPriorityClass
TerminateProcess
DeleteFileW
GetSystemInfo
GetSystemWow64DirectoryW
GetWindowsDirectoryW
SetFilePointerEx
GetFileSizeEx
GetFileSize
FormatMessageW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableW
GetSystemDirectoryW
FindClose
FindFirstFileW
ReadProcessMemory
DeviceIoControl
GetVersionExW
FreeResource
LockResource
LoadResource
FindResourceW
EnumResourceNamesW
LoadLibraryExW
GetVersion
SetLastError
DuplicateHandle
GetNativeSystemInfo
GetTickCount
GetTempFileNameW
GetTempPathW
CreateDirectoryW
CopyFileW
HeapCreate
HeapDestroy
UnmapViewOfFile
Thread32Next
CreateFileMappingW
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
WriteConsoleW
SetStdHandle
HeapReAlloc
SetEnvironmentVariableA
CompareStringW
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapSize
InitializeCriticalSectionAndSpinCount
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
ExitProcess
HeapSetInformation
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetCommandLineA
RtlPcToFileHeader
RaiseException
DecodePointer
EncodePointer
RtlUnwindEx
Module32NextW
GetProcessTimes
MulDiv
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Process32NextW
WideCharToMultiByte
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentProcess
VirtualQueryEx
OpenProcess
GetProcessHeap
FlushFileBuffers
HeapAlloc
HeapFree
GetCurrentThreadId
OpenThread
SuspendThread
GetThreadContext
ResumeThread
RtlCaptureContext
IsBadReadPtr
RtlLookupFunctionEntry
RtlVirtualUnwind
FreeLibrary
GetCurrentProcessId
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
WaitNamedPipeW
ResetEvent
ReadFile
GetLastError
WaitForMultipleObjects
SetEvent
IsBadWritePtr
CreateEventW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateThread
WaitForSingleObject
CloseHandle
Sleep
SetFilePointer
CreateFileW
WriteFile
IsBadCodePtr
MapViewOfFile
MultiByteToWideChar

user32

IsRectEmpty
GetParent
GetClassNameW
SetCapture
LoadBitmapW
GetPropW
MapWindowPoints
IntersectRect
EqualRect
InsertMenuItemW
DestroyMenu
TrackPopupMenuEx
GetSysColor
GetMenuItemRect
PtInRect
OffsetRect
CreateIconIndirect
GetIconInfo
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
EnableMenuItem
CheckMenuItem
SetMenuItemInfoW
GetMenuItemInfoW
SetPropW
CreatePopupMenu
GetMenuState
LoadIconW
GetClassInfoExW
GetWindowDC
IsWindow
IsWindowVisible
WindowFromPoint
ReleaseCapture
TrackMouseEvent
FillRect
DrawIconEx
GetSysColorBrush
PostMessageW
SendMessageW
GetDlgItem
SetWindowTextW
ShowWindow
GetClientRect
GetWindowTextW
LoadImageW
SetWindowPos
DestroyIcon
ReleaseDC
SetMenuInfo
RemovePropW
GetFocus
RegisterClassExW
UpdateWindow
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
IsIconic
DefWindowProcW
MoveWindow
CreateWindowExW
GetKeyState
KillTimer
GetMenuInfo
ClientToScreen
CreateDialogParamW
SetCursor
LoadCursorW
GetCursorPos
EnumThreadWindows
RealGetWindowClassW
DestroyWindow
GetWindow
GetWindowLongW
ScreenToClient
RedrawWindow
GetWindowThreadProcessId
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetWindowTextLengthW
GetWindowRect
GetSystemMetrics
BringWindowToTop
SetForegroundWindow
SetFocus
GetWindowLongPtrW
SetWindowLongPtrW
DialogBoxParamW
EndDialog
SetDlgItemTextW
MessageBoxW
GetDC

gdi32

ExtTextOutW
SetBkColor
SetBkMode
SetTextColor
GetTextExtentPoint32W
PatBlt
CreatePen
CreateSolidBrush
Rectangle
CreateBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
GetDeviceCaps
DeleteObject
CreateFontW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

LookupAccountSidW
EnumServicesStatusExW
CloseServiceHandle
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
CreateServiceW
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceW
DeleteService
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW

shell32

ShellExecuteExW
ord190
SHOpenFolderAndSelectItems
ord155
ExtractIconExW
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_Destroy
InitCommonControlsEx
ord413
ord412
ord410
ImageList_GetIcon
ImageList_Draw
ImageList_Remove

psapi

GetModuleFileNameExW

Sections

.text
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GccUnmangle.dll
.dll windows:4 windows x86 arch:x86

815bc86e03154ab556f685c02700d243

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
ReleaseMutex
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_write
__dllonexit
__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
_unlock
abort
atoi
calloc
fputc
fputs
free
fwrite
getenv
localeconv
malloc
memcmp
memcpy
memset
realloc
setlocale
sprintf
strchr
strcmp
strerror
strlen
strncmp
strncpy
wcslen

Exports

Exports

GccUnmangle

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GccUnmangle64.dll
.dll windows:4 windows x64 arch:x64

c450dcb1e85a4496bf7379068bf1e5dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CloseHandle
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
ReleaseMutex
ReleaseSemaphore
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_write
__dllonexit
__iob_func
__mb_cur_max
_amsg_exit
_errno
_initterm
_lock
_onexit
_unlock
abort
atoi
calloc
fputc
fputs
free
fwrite
getenv
localeconv
malloc
memcmp
memcpy
memset
realloc
setlocale
signal
sprintf
strchr
strcmp
strerror
strlen
strncmp
strncpy
wcslen

Exports

Exports

GccUnmangle

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HeapWalker.exe
.exe windows:5 windows x86 arch:x86

34b6ebd380368608b0bd2c6fc5fab160

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\_programmation\APIOverride\HeapWalker\Release Unicode\HeapWalker.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
FormatMessageW
LoadLibraryW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetTickCount
IsBadWritePtr
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
GetVersion
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
ReadProcessMemory
OpenProcess
GetModuleFileNameW
ReadFile
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapCreate
GetLocaleInfoA
WritePrivateProfileStringW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
HeapReAlloc
VirtualAlloc
VirtualFree
GetStartupInfoA
GetCommandLineA
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetCommandLineW
LocalFree
IsBadReadPtr
CreateThread
MulDiv
Heap32First
WaitForSingleObject
Heap32Next
IsBadCodePtr
CreateToolhelp32Snapshot
Heap32ListFirst
CloseHandle
Heap32ListNext
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetNativeSystemInfo
CreateEventW
ResetEvent
Process32FirstW
Module32FirstW
Process32NextW
HeapAlloc
HeapFree
SetEvent
GetStringTypeW
HeapDestroy
GetLastError

user32

InsertMenuItemW
SetPropW
MapWindowPoints
RemovePropW
DestroyMenu
SetForegroundWindow
TrackPopupMenuEx
GetSysColor
GetMenuItemRect
PtInRect
DrawIconEx
CreateIconIndirect
GetIconInfo
GetMenuItemCount
AppendMenuW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetKeyState
KillTimer
LoadCursorW
SetCursor
GetCursorPos
RedrawWindow
ScreenToClient
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetParent
SetActiveWindow
SendDlgItemMessageW
GetWindowRect
GetSystemMetrics
CharUpperBuffA
CharUpperBuffW
GetDlgItemTextA
SetFocus
CreateWindowExW
LoadImageW
ShowWindow
DestroyIcon
SetWindowPos
SetWindowTextW
GetDC
ReleaseDC
PostMessageW
DialogBoxParamW
GetWindowLongW
SetWindowLongW
EndDialog
IsDlgButtonChecked
GetWindowTextW
GetDlgItemTextW
MessageBoxW
CheckDlgButton
SetDlgItemInt
SetDlgItemTextW
GetDlgItem
SendMessageW
RegisterClipboardFormatW

gdi32

CreateSolidBrush
Rectangle
CreateBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
GetDeviceCaps
CreateFontW
DeleteObject
CreatePen

comdlg32

GetSaveFileNameW

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteW
SHGetFileInfoW
CommandLineToArgvW

comctl32

ord410
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Destroy
ImageList_Create
InitCommonControlsEx
ord17
ord413
ord412

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HeapWalker64.exe
.exe windows:5 windows x64 arch:x64

10b8e455eb750e3908fc1622632bdbd6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\Serveur Web\www\myweb\src\winapioverride32_src - with license\HeapWalker\Release Unicode\Unicode\x64\HeapWalker64.pdb

Imports

kernel32

GetModuleHandleW
FormatMessageW
LoadLibraryW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetTickCount
IsBadWritePtr
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
GetVersion
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
ReadProcessMemory
OpenProcess
GetModuleFileNameW
ReadFile
WriteConsoleW
SetStdHandle
GetProcAddress
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
HeapSize
Sleep
FlsAlloc
SetLastError
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
ExitProcess
HeapSetInformation
GetStartupInfoW
GetCommandLineA
FlushFileBuffers
RtlPcToFileHeader
RaiseException
EncodePointer
DecodePointer
RtlUnwindEx
RtlLookupFunctionEntry
WritePrivateProfileStringW
CreateFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
ResetEvent
Process32FirstW
Module32FirstW
Process32NextW
HeapAlloc
HeapFree
SetEvent
HeapDestroy
HeapCreate
GetCommandLineW
LocalFree
IsBadReadPtr
CreateThread
MulDiv
Heap32First
WaitForSingleObject
Heap32Next
IsBadCodePtr
CreateToolhelp32Snapshot
Heap32ListFirst
CloseHandle
Heap32ListNext
WideCharToMultiByte
MultiByteToWideChar
HeapReAlloc
GetLastError

user32

InsertMenuItemW
DestroyMenu
SetForegroundWindow
TrackPopupMenuEx
GetSysColor
GetMenuItemRect
PtInRect
SetPropW
CreateIconIndirect
GetIconInfo
GetMenuItemCount
AppendMenuW
MapWindowPoints
RemovePropW
DrawIconEx
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetKeyState
KillTimer
LoadCursorW
SetCursor
GetCursorPos
RedrawWindow
ScreenToClient
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetParent
SetActiveWindow
SendDlgItemMessageW
GetWindowRect
GetSystemMetrics
CharUpperBuffA
CharUpperBuffW
GetDlgItemTextA
SetFocus
CreateWindowExW
LoadImageW
ShowWindow
DestroyIcon
SetWindowPos
SetWindowTextW
GetDC
ReleaseDC
PostMessageW
DialogBoxParamW
GetWindowLongPtrW
SetWindowLongPtrW
EndDialog
IsDlgButtonChecked
GetWindowTextW
GetDlgItemTextW
MessageBoxW
CheckDlgButton
SetDlgItemInt
SetDlgItemTextW
GetDlgItem
SendMessageW

gdi32

CreatePen
CreateSolidBrush
Rectangle
CreateBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
GetDeviceCaps
CreateFontW
DeleteObject

comdlg32

GetSaveFileNameW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHGetFileInfoW
CommandLineToArgvW
ShellExecuteW

comctl32

ord17
InitCommonControlsEx
ord413
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ord412
ord410
ImageList_Create

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookCom.dll
.dll windows:5 windows x86 arch:x86

8ad479d13172cfb99cfb6044a9277d13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\ReleaseUnicode\HookComWin32.pdb

Imports

kernel32

CloseHandle
HeapFree
GetProcessHeap
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
CreateEventW
ReadFile
WriteFile
WaitForSingleObject
SetEvent
IsBadWritePtr
GetLastError
WaitForMultipleObjects
CreateThread
ResetEvent
IsBadCodePtr
CreateFileW
WaitNamedPipeW
HeapCreate
HeapDestroy
HeapAlloc
IsBadReadPtr
GetModuleFileNameW
GetSystemInfo
TlsSetValue
TlsGetValue
Sleep
GetTickCount
TlsFree
TlsAlloc
VirtualProtect
GetUserDefaultLCID
GetCurrentThreadId
WideCharToMultiByte
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
SetFilePointer
GetFileSizeEx
InterlockedIncrement
InterlockedDecrement
GetCurrentProcessId
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
RtlUnwind
RaiseException
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetLastError
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
GetModuleHandleA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
LCMapStringA
GetStringTypeA

advapi32

RegQueryValueW
RegOpenKeyExW
RegCloseKey

ole32

CoCreateInstance
IIDFromString
StringFromIID
OleRegGetUserType
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoTaskMemFree
OleInitialize
OleUninitialize

oleaut32

OleCreatePropertyFrameIndirect
SysAllocString
SysFreeString

Exports

Exports

_AddCOMObjectCreationCallBack@4
_AddCOMObjectDeletionCallBack@4
_AddHookComFakingDefinition@28
_AddHookComMonitoringDefinition@24
_ClearUserDataTypeCache@0
_InitializeHookCom@4
_PrepareDllUnload@0
_ReleaseCreatedCOMObjectsForStaticHooks@0
_RemoveCOMObjectCreationCallBack@4
_RemoveCOMObjectDeletionCallBack@4
_SetHookComOptions@4
_ShowCOMInteraction@0
_StartAutoHooking@0
_StartHookingCreatedCOMObjects@0
_StopAutoHooking@0
_StopHookingCreatedCOMObjects@0
_UnHookAllComObjects@0

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookCom64.dll
.dll windows:5 windows x64 arch:x64

342cbe4cafd20bd0f1ce4bf155a0136d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\HookComx64.pdb

Imports

kernel32

CloseHandle
HeapFree
GetProcessHeap
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
CreateEventW
ReadFile
WriteFile
WaitForSingleObject
SetEvent
IsBadWritePtr
WaitForMultipleObjects
GetLastError
CreateThread
ResetEvent
IsBadCodePtr
CreateFileW
WaitNamedPipeW
HeapCreate
HeapDestroy
HeapAlloc
IsBadReadPtr
GetModuleFileNameW
GetSystemInfo
TlsSetValue
TlsGetValue
Sleep
GetTickCount
TlsFree
TlsAlloc
VirtualProtect
GetUserDefaultLCID
GetCurrentThreadId
WideCharToMultiByte
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
SetFilePointer
GetFileSizeEx
GetCurrentProcessId
WriteConsoleW
SetStdHandle
HeapReAlloc
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
RtlLookupFunctionEntry
RtlUnwindEx
DecodePointer
EncodePointer
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSetInformation
GetVersion
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
LCMapStringW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
FlushFileBuffers

advapi32

RegQueryValueW
RegOpenKeyExW
RegCloseKey

ole32

CoCreateInstance
IIDFromString
StringFromIID
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoTaskMemFree
OleInitialize
OleUninitialize
OleRegGetUserType

oleaut32

OleCreatePropertyFrameIndirect
SysAllocString
SysFreeString

Exports

Exports

AddCOMObjectCreationCallBack
AddCOMObjectDeletionCallBack
AddHookComFakingDefinition
AddHookComMonitoringDefinition
ClearUserDataTypeCache
InitializeHookCom
PrepareDllUnload
ReleaseCreatedCOMObjectsForStaticHooks
RemoveCOMObjectCreationCallBack
RemoveCOMObjectDeletionCallBack
SetHookComOptions
ShowCOMInteraction
StartAutoHooking
StartHookingCreatedCOMObjects
StopAutoHooking
StopHookingCreatedCOMObjects
UnHookAllComObjects

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookComGui.dll
.dll windows:5 windows x86 arch:x86

7372d87e534412a24e60acf3dc4f8276

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\ReleaseUnicode\HookComGui.pdb

Imports

kernel32

WriteFile
IsBadCodePtr
ReadFile
MultiByteToWideChar
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
OpenThread
DeleteCriticalSection
GetCurrentThreadId
HeapAlloc
HeapFree
SetEvent
GetTickCount
HeapDestroy
HeapCreate
CreateEventW
GetVersion
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WideCharToMultiByte
Module32FirstW
CreateToolhelp32Snapshot
Module32NextW
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
ResetEvent
WaitForMultipleObjects
CreateThread
GetCurrentProcess
SetLastError
DuplicateHandle
GetUserDefaultLCID
InterlockedIncrement
InterlockedDecrement
GetCurrentProcessId
GetSystemInfo
CreateFileA
WaitForSingleObject
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
ExitProcess
GetModuleFileNameA
GetStdHandle
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapReAlloc
VirtualAlloc
VirtualFree
RtlUnwind
RaiseException
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetModuleHandleA
UnhandledExceptionFilter
TerminateProcess
SetFilePointer
GetFileSizeEx
GetModuleFileNameW
IsBadWritePtr
LockResource
LoadLibraryExW
LoadResource
FindResourceW
FreeResource
EnumResourceNamesW
FindClose
FindFirstFileW
GetWindowsDirectoryW
CloseHandle
CreateFileW
GetSystemDirectoryW
GetEnvironmentVariableW
GlobalFree
GlobalUnlock
GlobalAlloc
IsBadReadPtr
GlobalLock
GetProcAddress
GetLastError
FormatMessageW
LoadLibraryW
GetModuleHandleW
FreeLibrary
MulDiv

user32

DrawIconEx
SetForegroundWindow
GetMenuItemInfoW
PtInRect
GetMessagePos
MapWindowPoints
FindWindowExW
SetWindowTextW
SendMessageW
SetWindowPos
EndDialog
GetDlgItem
GetWindowTextW
GetDC
GetClientRect
MessageBoxW
SetClipboardData
OpenClipboard
EmptyClipboard
GetWindowTextLengthW
GetDlgItemTextW
SendDlgItemMessageW
InsertMenuItemW
CreateIconIndirect
GetIconInfo
GetMenuItemRect
TrackPopupMenuEx
AppendMenuW
GetMenuState
CreatePopupMenu
SetMenuInfo
ReleaseDC
GetMenuItemCount
DestroyMenu
DestroyIcon
FillRect
KillTimer
GetKeyState
GetFocus
GetParent
SetFocus
GetSysColor
IsDlgButtonChecked
DestroyWindow
SetCursor
RealGetWindowClassW
ScreenToClient
GetWindowRect
LoadImageW
PostMessageW
DialogBoxParamW
LoadCursorW
GetWindowLongW
SetWindowLongW
RedrawWindow
GetCursorPos
ShowWindow
CreateDialogParamW
GetSystemMetrics
EnableWindow
GetWindowThreadProcessId
EnumThreadWindows
CloseClipboard
GetMenuInfo

gdi32

BitBlt
DeleteDC
CreateDIBSection
CreateFontW
DeleteObject
GetDeviceCaps
CreateSolidBrush
ExtTextOutW
SetBkMode
SetBkColor
SetTextColor
GetTextExtentPoint32W
CreatePen
GetObjectW
Rectangle
CreateCompatibleDC
CreateBitmap
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueW

shell32

ShellExecuteW

ole32

OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize
ProgIDFromCLSID
IIDFromString
CoTaskMemFree
StringFromIID
OleRegGetUserType
CLSIDFromString
StringFromCLSID
CLSIDFromProgID

oleaut32

SysAllocString
SysFreeString

comctl32

ord413
ImageList_Destroy
ImageList_Draw
ord410
ord412
InitCommonControlsEx

shlwapi

SHAutoComplete

Exports

Exports

_CloseCurrentGuis@4
_RemoteGuiServerStart@4
_RemoteGuiServerStop@4
_ShowMethodsAddress@0

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookComGui64.dll
.dll windows:5 windows x64 arch:x64

0b56ab1bdd96e2740f90dcd84077424a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\HookComGui64.pdb

Imports

kernel32

WaitForSingleObject
WriteFile
IsBadCodePtr
ReadFile
MultiByteToWideChar
InitializeCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
OpenThread
DeleteCriticalSection
GetCurrentThreadId
HeapAlloc
HeapFree
SetEvent
GetTickCount
HeapDestroy
HeapCreate
CreateEventW
GetVersion
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WideCharToMultiByte
Module32FirstW
CreateToolhelp32Snapshot
Module32NextW
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
ResetEvent
WaitForMultipleObjects
CreateThread
GetCurrentProcess
SetLastError
DuplicateHandle
GetUserDefaultLCID
GetCurrentProcessId
GetSystemInfo
SetFilePointer
SetStdHandle
HeapReAlloc
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
RtlUnwindEx
HeapSize
ExitProcess
GetStdHandle
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
FlsFree
FlsGetValue
HeapSetInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RaiseException
GetCommandLineA
FlsSetValue
DecodePointer
EncodePointer
GetFileSizeEx
WriteConsoleW
GetModuleFileNameW
IsBadWritePtr
LockResource
LoadLibraryExW
LoadResource
FindResourceW
FreeResource
EnumResourceNamesW
FindClose
FindFirstFileW
GetWindowsDirectoryW
CloseHandle
CreateFileW
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetEnvironmentVariableW
GlobalFree
GlobalUnlock
GlobalAlloc
IsBadReadPtr
GlobalLock
GetProcAddress
GetLastError
FormatMessageW
LoadLibraryW
GetModuleHandleW
FreeLibrary
MulDiv

user32

DrawIconEx
SetForegroundWindow
GetMenuItemInfoW
PtInRect
InsertMenuItemW
CreateIconIndirect
GetIconInfo
GetMenuItemRect
TrackPopupMenuEx
AppendMenuW
GetMenuState
CreatePopupMenu
SetMenuInfo
GetMenuItemCount
MapWindowPoints
FindWindowExW
GetWindowTextW
SetWindowTextW
SendMessageW
SetWindowPos
EndDialog
GetDlgItem
ReleaseDC
GetDC
GetClientRect
MessageBoxW
SetClipboardData
OpenClipboard
EmptyClipboard
GetWindowTextLengthW
GetDlgItemTextW
SendDlgItemMessageW
GetMenuInfo
DestroyMenu
DestroyIcon
FillRect
KillTimer
GetKeyState
GetFocus
GetMessagePos
GetParent
SetFocus
GetSysColor
IsDlgButtonChecked
DestroyWindow
SetCursor
RealGetWindowClassW
ScreenToClient
GetWindowRect
LoadImageW
PostMessageW
DialogBoxParamW
LoadCursorW
GetWindowLongPtrW
RedrawWindow
GetCursorPos
ShowWindow
CreateDialogParamW
GetSystemMetrics
SetWindowLongPtrW
EnableWindow
GetWindowThreadProcessId
EnumThreadWindows
CloseClipboard

gdi32

BitBlt
DeleteDC
CreateDIBSection
CreateBitmap
SelectObject
CreateCompatibleDC
Rectangle
GetObjectW
CreatePen
GetTextExtentPoint32W
SetTextColor
SetBkColor
SetBkMode
ExtTextOutW
CreateSolidBrush
CreateFontW
GetDeviceCaps
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueW

shell32

ShellExecuteW

ole32

OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize
ProgIDFromCLSID
IIDFromString
CoTaskMemFree
StringFromIID
OleRegGetUserType
CLSIDFromString
StringFromCLSID
CLSIDFromProgID

oleaut32

SysAllocString
SysFreeString

comctl32

ord413
ImageList_Destroy
ImageList_Draw
ord410
ord412
InitCommonControlsEx

shlwapi

SHAutoComplete

Exports

Exports

CloseCurrentGuis
RemoteGuiServerStart
RemoteGuiServerStop
ShowMethodsAddress

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookCsrss.dll
.dll windows:5 windows x86 arch:x86

b93575749fe1634cecf9f57626a339aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleW
CreateEventW
ReadFile
WriteFile
CloseHandle
WaitForSingleObject
SetEvent
GetLastError
ResetEvent
CreateFileW
WaitNamedPipeW
QueryFullProcessImageNameW
GetThreadId
GetProcessId
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapAlloc
RaiseException
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

_GetAPIOverrideBuildVersion@0
_GetFakeAPIArray@0
_GetFakeAPIEncoding@0
_GetPostAPICallArray@0
_GetPreAPICallArray@0
_InitializeFakeDll@4

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookCsrss64.dll
.dll windows:5 windows x64 arch:x64

6c5f6f0977cd06ce3a5bf8a2d0340363

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleW
CreateEventW
ReadFile
WriteFile
CloseHandle
WaitForSingleObject
SetEvent
GetLastError
ResetEvent
CreateFileW
WaitNamedPipeW
QueryFullProcessImageNameW
GetThreadId
GetProcessId
RtlLookupFunctionEntry
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
HeapAlloc
RaiseException
RtlPcToFileHeader
HeapFree
FlsGetValue
FlsFree
SetLastError
FlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW

Exports

Exports

GetAPIOverrideBuildVersion
GetFakeAPIArray
GetFakeAPIEncoding
GetPostAPICallArray
GetPreAPICallArray
InitializeFakeDll

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookNet.dll
.dll regsvr32 windows:5 windows x86 arch:x86

eba82e45dd0d755e41ab0d75ef9218ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\ReleaseUnicode\HookNetWin32.pdb

Imports

kernel32

CreateFileW
GetEnvironmentVariableW
GetWindowsDirectoryW
GetSystemDirectoryW
FindClose
FindFirstFileW
FreeResource
LockResource
LoadResource
FindResourceW
EnumResourceNamesW
LoadLibraryExW
GetCurrentProcessId
IsBadReadPtr
IsBadWritePtr
GetModuleHandleW
GetProcAddress
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
SetFilePointer
ReadFile
MultiByteToWideChar
GetVersionExW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
IsBadCodePtr
CreateEventW
SetEvent
GetLastError
CloseHandle
ResetEvent
WaitNamedPipeW
GetModuleFileNameW
TlsFree
TlsAlloc
Sleep
OpenEventW
VirtualProtect
TlsGetValue
SetLastError
InterlockedDecrement
InterlockedIncrement
TlsSetValue
HeapCreate
HeapDestroy
WritePrivateProfileStringW
SetFilePointerEx
GetFileSizeEx
CopyFileW
DeleteFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentThreadId
WaitForSingleObject
LoadLibraryW
FreeLibrary
CreateThread
GetTickCount
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
RtlUnwind
RaiseException
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetStdHandle
GetModuleFileNameA
ExitProcess
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetStdHandle
WriteConsoleA

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemFree
StringFromIID

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_AddHookNetFakingDefinition@28
_AddHookNetFromTokenForJittedFuntions@4
_AddHookNetMonitoringDefinition@24
_ClearUserDataTypeCache@0
_EnumLoadedNetFrameWorks@8
_GetHookNetOptions@4
_GetModuleNameAndRelativeAddressFromCallerAbsoluteAddress@16
_GetNetCompiledFunctionAddress@4
_GetNetCompiledFunctionSize@4
_GetNetFrameWorkStringType@0
_InitializeHookNet@4
_RemoveHookNetFakingDefinition@4
_RemoveHookNetFromTokenForJittedFuntions@4
_RemoveHookNetMonitoringDefinition@4
_SetHookNetOptions@4
_ShowNetInteraction@0
_StartAutoHooking@0
_StopAutoHooking@0
_UnHookAllNetMethods@0
_Uninitialize@0

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookNet64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

d3378112d550e255131b0c308d0bb079

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\HookNetx64.pdb

Imports

kernel32

CreateFileW
GetEnvironmentVariableW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetSystemDirectoryW
FindClose
FindFirstFileW
FreeResource
LockResource
LoadResource
FindResourceW
EnumResourceNamesW
LoadLibraryExW
GetCurrentProcessId
IsBadReadPtr
IsBadWritePtr
GetModuleHandleW
GetProcAddress
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
SetFilePointer
ReadFile
MultiByteToWideChar
GetVersionExW
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
IsBadCodePtr
CreateEventW
SetEvent
CloseHandle
CreateThread
ResetEvent
WaitNamedPipeW
GetModuleFileNameW
TlsFree
TlsAlloc
Sleep
OpenEventW
VirtualProtect
TlsGetValue
SetLastError
TlsSetValue
HeapCreate
HeapDestroy
WritePrivateProfileStringW
SetFilePointerEx
GetFileSizeEx
DeleteFileW
CopyFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentThreadId
WaitForSingleObject
LoadLibraryW
FreeLibrary
GetLastError
GetTickCount
WriteConsoleW
SetStdHandle
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
FlsGetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
HeapSize
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSetInformation
GetVersion
GetStdHandle
ExitProcess
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetConsoleCP
GetConsoleMode
GetStringTypeW
FlushFileBuffers

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW

ole32

CoTaskMemFree
StringFromIID

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

AddHookNetFakingDefinition
AddHookNetFromTokenForJittedFuntions
AddHookNetMonitoringDefinition
ClearUserDataTypeCache
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnumLoadedNetFrameWorks
GetHookNetOptions
GetModuleNameAndRelativeAddressFromCallerAbsoluteAddress
GetNetCompiledFunctionAddress
GetNetCompiledFunctionSize
GetNetFrameWorkStringType
InitializeHookNet
RemoveHookNetFakingDefinition
RemoveHookNetFromTokenForJittedFuntions
RemoveHookNetMonitoringDefinition
SetHookNetOptions
ShowNetInteraction
StartAutoHooking
StopAutoHooking
UnHookAllNetMethods
Uninitialize

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookNetGui.dll
.dll windows:5 windows x86 arch:x86

9b3f32a456b4b5a12bce2fa50631f3e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\ReleaseUnicode\HookNetGui.pdb

Imports

kernel32

HeapDestroy
HeapCreate
CreateEventW
GetVersion
GetPrivateProfileStringW
GetPrivateProfileIntW
GetProcessHeap
WideCharToMultiByte
GetVersionExW
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
ResetEvent
WaitForMultipleObjects
CreateThread
GetCurrentProcess
SetLastError
DuplicateHandle
MulDiv
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetTickCount
GetStringTypeW
GetStringTypeA
HeapSize
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringA
ExitProcess
LCMapStringW
GetModuleFileNameA
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RaiseException
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetEvent
HeapFree
HeapAlloc
GetCurrentThreadId
DeleteCriticalSection
OpenThread
EnterCriticalSection
GetModuleHandleA
LeaveCriticalSection
Sleep
InitializeCriticalSection
MultiByteToWideChar
ReadFile
IsBadCodePtr
WriteFile
WaitForSingleObject
SetFilePointer
CloseHandle
GetFileSizeEx
CreateFileW
GetModuleFileNameW
IsBadWritePtr
CreateDirectoryW
GlobalFree
GlobalUnlock
GlobalAlloc
IsBadReadPtr
GlobalLock
GetProcAddress
GetLastError
FormatMessageW
LoadLibraryW
GetModuleHandleW
FreeLibrary

user32

SetWindowTextW
FindWindowExW
RemovePropW
SetPropW
IntersectRect
EqualRect
MapWindowPoints
FlashWindow
SystemParametersInfoW
GetWindowTextW
MessageBoxW
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
EnumThreadWindows
GetWindowThreadProcessId
SendMessageW
GetWindowTextLengthW
GetPropW
DrawIconEx
SetForegroundWindow
PtInRect
InsertMenuItemW
CreateIconIndirect
GetIconInfo
GetDC
GetMenuItemRect
TrackPopupMenuEx
AppendMenuW
ReleaseDC
EnableMenuItem
GetMenuState
CreatePopupMenu
SetMenuInfo
GetMenuItemCount
RemoveMenu
GetMenuInfo
InsertMenuW
DestroyMenu
DestroyIcon
SetMenuItemInfoW
FillRect
KillTimer
GetKeyState
GetFocus
GetParent
SetFocus
GetSysColor
CreateWindowExW
DestroyWindow
SetCursor
RealGetWindowClassW
ScreenToClient
GetWindowRect
LoadImageW
PostMessageW
DialogBoxParamW
LoadCursorW
GetClientRect
GetWindowLongW
GetDlgItem
SetWindowLongW
EndDialog
RedrawWindow
SetWindowPos
GetCursorPos
ShowWindow
CreateDialogParamW
GetSystemMetrics
GetMenuItemInfoW

gdi32

GetStockObject
CreateSolidBrush
ExtTextOutW
DeleteObject
SetBkMode
SetBkColor
SetTextColor
GetTextExtentPoint32W
CreatePen
GetObjectW
Rectangle
CreateCompatibleDC
SelectObject
CreateBitmap
CreateDIBSection
DeleteDC
BitBlt
GetDeviceCaps
CreateFontW

comdlg32

GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

SysFreeString

comctl32

ImageList_ReplaceIcon
ord413
ImageList_Destroy
ImageList_Draw
ImageList_Create
ord410
ImageList_Remove
ord412
ImageList_GetIcon
InitCommonControlsEx

Exports

Exports

_CloseCurrentGuis@4
_RemoteGuiServerStart@4
_RemoteGuiServerStop@4

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookNetGui64.dll
.dll windows:5 windows x64 arch:x64

b8b28d12bf6770e25a3fd337d15ed540

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\HookNetGui64.pdb

Imports

kernel32

HeapDestroy
HeapCreate
CreateEventW
GetVersion
GetPrivateProfileStringW
GetPrivateProfileIntW
GetProcessHeap
WideCharToMultiByte
GetVersionExW
ConnectNamedPipe
CreateNamedPipeW
TerminateThread
DisconnectNamedPipe
FlushFileBuffers
ResetEvent
WaitForMultipleObjects
CreateThread
GetCurrentProcess
SetLastError
DuplicateHandle
MulDiv
SetStdHandle
HeapReAlloc
SetEnvironmentVariableA
CompareStringW
GetStringTypeW
HeapSize
GetConsoleMode
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
ExitProcess
LCMapStringW
GetStdHandle
HeapSetInformation
FlsAlloc
FlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlPcToFileHeader
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
FlsSetValue
RtlUnwindEx
EncodePointer
DecodePointer
SetEvent
HeapFree
HeapAlloc
GetCurrentThreadId
DeleteCriticalSection
OpenThread
EnterCriticalSection
LeaveCriticalSection
Sleep
InitializeCriticalSection
MultiByteToWideChar
ReadFile
IsBadCodePtr
WriteConsoleW
WriteFile
WaitForSingleObject
SetFilePointer
CloseHandle
GetFileSizeEx
CreateFileW
GetModuleFileNameW
IsBadWritePtr
CreateDirectoryW
GlobalFree
GlobalUnlock
GlobalAlloc
IsBadReadPtr
GlobalLock
GetProcAddress
GetLastError
FormatMessageW
LoadLibraryW
GetModuleHandleW
GetConsoleCP
FreeLibrary

user32

SetWindowTextW
FindWindowExW
RemovePropW
SetPropW
IntersectRect
EqualRect
MapWindowPoints
GetPropW
DrawIconEx
FlashWindow
GetMenuItemInfoW
PtInRect
InsertMenuItemW
CreateIconIndirect
GetWindowTextLengthW
GetDC
TrackPopupMenuEx
AppendMenuW
SystemParametersInfoW
SetForegroundWindow
GetWindowTextW
MessageBoxW
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
EnumThreadWindows
GetWindowThreadProcessId
SendMessageW
GetIconInfo
ReleaseDC
EnableMenuItem
GetMenuState
CreatePopupMenu
SetMenuInfo
GetMenuItemCount
RemoveMenu
GetMenuInfo
InsertMenuW
DestroyMenu
DestroyIcon
SetMenuItemInfoW
FillRect
KillTimer
GetKeyState
GetFocus
GetParent
SetFocus
GetSysColor
CreateWindowExW
DestroyWindow
SetCursor
RealGetWindowClassW
ScreenToClient
GetWindowRect
LoadImageW
PostMessageW
DialogBoxParamW
LoadCursorW
GetWindowLongPtrW
GetClientRect
GetDlgItem
EndDialog
RedrawWindow
SetWindowPos
GetCursorPos
ShowWindow
CreateDialogParamW
GetSystemMetrics
SetWindowLongPtrW
GetMenuItemRect

gdi32

GetStockObject
GetDeviceCaps
CreateFontW
BitBlt
DeleteDC
CreateDIBSection
CreateBitmap
SelectObject
CreateCompatibleDC
Rectangle
GetObjectW
CreatePen
GetTextExtentPoint32W
CreateSolidBrush
ExtTextOutW
DeleteObject
SetBkMode
SetTextColor
SetBkColor

comdlg32

GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

SysFreeString

comctl32

ImageList_ReplaceIcon
ord413
ImageList_Destroy
ImageList_Draw
ImageList_Create
ord410
ImageList_Remove
ord412
ImageList_GetIcon
InitCommonControlsEx

Exports

Exports

CloseCurrentGuis
RemoteGuiServerStart
RemoteGuiServerStop

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HookedOnlyModuleList.txt
HtmlViewer.dll
.dll windows:5 windows x86 arch:x86

f418f714f98c2e3fae9dad5d833b4567

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
WideCharToMultiByte
MultiByteToWideChar
GetLastError
IsBadCodePtr
WaitForSingleObject
SetEvent
GetModuleHandleW
LoadLibraryW
CopyFileW
IsBadWritePtr
GetModuleFileNameW
GetProcAddress
ResetEvent
CreateEventW
WaitForMultipleObjects
CloseHandle
FindResourceW
LoadResource
IsBadReadPtr
SizeofResource
LockResource
GetProcessHeap
WriteFile
HeapAlloc
HeapFree
InterlockedIncrement
InterlockedDecrement
CreateDirectoryW
ReadFile
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentThreadId
SetFilePointer
SetStdHandle
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
GetConsoleCP
GetConsoleMode
HeapSize
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

CreateWindowExW
LoadCursorW
SetCursor
PeekMessageW
TranslateMessage
MessageBoxW
DispatchMessageW

comdlg32

GetSaveFileNameW

ole32

CoCreateInstance
OleInitialize

oleaut32

SysFreeString
SysAllocString

Exports

Exports

_AddHtmlContentToBodyA@8
_AddHtmlContentToBodyW@8
_AddHtmlContentToElementA@12
_AddHtmlContentToElementW@12
_AddScriptA@16
_AddScriptW@16
_AppendChildToBodyA@20
_AppendChildToBodyW@20
_AppendChildToElementA@24
_AppendChildToElementW@24
_CreateHtmlViewer@24
_CreateHtmlViewerFromHwnd@4
_DestroyHtmlViewer@4
_EnableContextMenu@8
_EnableSelection@8
_ExecScriptA@8
_ExecScriptEx2A@16
_ExecScriptEx2W@16
_ExecScriptExA@12
_ExecScriptExW@12
_ExecScriptW@8
_GetHTMLDocument@4
_GetHTMLElementA@8
_GetHTMLElementW@8
_GetWebBrowser@4
_LoadEmptyPageAndSetBodyContentA@8
_LoadEmptyPageAndSetBodyContentW@8
_NavigateA@8
_NavigateW@8
_Save@8
_SaveAsA@12
_SaveAsW@12
_SetElementInnerHtmlA@12
_SetElementInnerHtmlW@12
_SetElementSrcA@12
_SetElementSrcW@12
_SetElementsEventsCallBack@12
_SetElementsEventsCallBackEx@12
_SetFocusToHtmlViewer@4
_TranslateAcceleratorForWebBrowser@8
_WaitForPageCompleted@8

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HtmlViewer64.dll
.dll windows:5 windows x64 arch:x64

1fe1d6aa377b0248b6fc04fd284050a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
WideCharToMultiByte
MultiByteToWideChar
GetLastError
IsBadCodePtr
WaitForSingleObject
SetEvent
GetModuleHandleW
LoadLibraryW
CopyFileW
IsBadWritePtr
GetModuleFileNameW
GetProcAddress
ResetEvent
CreateEventW
WaitForMultipleObjects
CloseHandle
FindResourceW
LoadResource
IsBadReadPtr
SizeofResource
LockResource
WriteFile
GetCurrentThreadId
HeapAlloc
HeapFree
CreateDirectoryW
ReadFile
WriteConsoleW
SetStdHandle
HeapReAlloc
LCMapStringW
GetProcessHeap
SetFilePointer
GetStringTypeW
HeapSize
GetConsoleMode
GetConsoleCP
DecodePointer
EncodePointer
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
ExitProcess
GetStdHandle
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
Sleep
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
FlushFileBuffers

user32

CreateWindowExW
LoadCursorW
SetCursor
PeekMessageW
TranslateMessage
MessageBoxW
DispatchMessageW

comdlg32

GetSaveFileNameW

ole32

CoCreateInstance
OleInitialize

oleaut32

SysFreeString
SysAllocString

Exports

Exports

AddHtmlContentToBodyA
AddHtmlContentToBodyW
AddHtmlContentToElementA
AddHtmlContentToElementW
AddScriptA
AddScriptW
AppendChildToBodyA
AppendChildToBodyW
AppendChildToElementA
AppendChildToElementW
CreateHtmlViewer
CreateHtmlViewerFromHwnd
DestroyHtmlViewer
EnableContextMenu
EnableSelection
ExecScriptA
ExecScriptEx2A
ExecScriptEx2W
ExecScriptExA
ExecScriptExW
ExecScriptW
GetHTMLDocument
GetHTMLElementA
GetHTMLElementW
GetWebBrowser
LoadEmptyPageAndSetBodyContentA
LoadEmptyPageAndSetBodyContentW
NavigateA
NavigateW
Save
SaveAsA
SaveAsW
SetElementInnerHtmlA
SetElementInnerHtmlW
SetElementSrcA
SetElementSrcW
SetElementsEventsCallBack
SetElementsEventsCallBackEx
SetFocusToHtmlViewer
TranslateAcceleratorForWebBrowser
WaitForPageCompleted

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IATLoader.dll
.dll windows:5 windows x86 arch:x86

c6b8af0561cfd11a000aadf5c950e2cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\Tools\Process\APIOverride\IATLoader\Release\IATLoaderWin32.pdb

Imports

kernel32

ExitProcess
OutputDebugStringW
LoadLibraryW
CloseHandle
WaitForSingleObject
OpenEventW
GetCurrentProcessId
GetProcAddress
GetModuleHandleW
CreateFileW
WriteFile
IsBadReadPtr
GetModuleFileNameW
GetLastError
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
HeapAlloc
RaiseException
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount

Exports

Exports

_Initialize@0

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IATLoader64.dll
.dll windows:5 windows x64 arch:x64

3c4dbd98d2b827db225847a11257ce25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\Tools\Process\APIOverride\IATLoader\Release\IATLoaderx64.pdb

Imports

kernel32

ExitProcess
OutputDebugStringW
LoadLibraryW
CloseHandle
WaitForSingleObject
OpenEventW
GetCurrentProcessId
GetProcAddress
GetModuleHandleW
CreateFileW
WriteFile
IsBadReadPtr
GetModuleFileNameW
GetLastError
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapFree
HeapAlloc
RaiseException
RtlPcToFileHeader
Sleep
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
HeapSize
HeapReAlloc

Exports

Exports

Initialize

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InjLib.dll
.dll windows:5 windows x86 arch:x86

20415961a277ce3da2c52a57016456f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\InjLibWin32.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
HeapFree
HeapAlloc
WaitForSingleObject
CloseHandle
GetCurrentThreadId
WriteFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetCurrentProcessId
OpenProcess
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
lstrlenW
lstrcmpiW
RtlUnwind
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
LoadLibraryA
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount

Exports

Exports

_EjectLibA@8
_EjectLibW@8
_InjectLibA@8
_InjectLibW@8

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InjLib64.dll
.dll windows:5 windows x64 arch:x64

c464b571a99d95f4c050d6aff3d92046

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\InjLibx64.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
SetEvent
HeapFree
HeapAlloc
WaitForSingleObject
IsBadReadPtr
IsBadWritePtr
CreateEventW
GetProcessHeap
CloseHandle
GetCurrentThreadId
LoadLibraryW
CreateFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetNativeSystemInfo
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetCurrentProcessId
OpenProcess
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
lstrlenW
lstrcmpiW
DecodePointer
EncodePointer
RtlLookupFunctionEntry
RtlUnwindEx
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
GetStdHandle
GetModuleFileNameW
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
ExitProcess
Sleep
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapSize
LCMapStringW
GetStringTypeW
HeapReAlloc

Exports

Exports

EjectLibA
EjectLibW
InjectLibA
InjectLibW

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KernelMemoryAccess.sys
.dll windows:4 windows x86 arch:x86

ad06d079a7ea286f39a912b8d2b9ceaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmIsAddressValid
IofCompleteRequest
ExFreePoolWithTag
ExAllocatePoolWithTag
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 1024B - Virtual size: 797B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KernelMemoryAccess64.sys
.dll windows:5 windows x64 arch:x64

4a9ba7156017d532c70054c67a36491c

Code Sign

6e:6f:50:06:7b:0e:45:a1:4a:10:1c:f5:d2:eb:3e:06
Certificate

Issuer

CN=TestCertforWDK

Not Before

08/09/2012, 20:35

Not After

31/12/2039, 23:59

Subject

CN=TestCertforWDK

3b:49:21:ce:f7:91:32:31:91:f6:94:b3:f9:e9:15:c3:76:51:9d:e2
Signer

Actual PE Digest

3b:49:21:ce:f7:91:32:31:91:f6:94:b3:f9:e9:15:c3:76:51:9d:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

MmIsAddressValid
IofCompleteRequest
ExAllocatePoolWithTag
ExFreePoolWithTag
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KnownSequences/FileSearchA.ini
KnownSequences/FileSearchW.ini
KnownSequences/ModuleSearch.ini
KnownSequences/ProcessSearch.ini
MonitoringFileBuilder.exe
.exe windows:5 windows x86 arch:x86

ad51d6104b5ae6c2a8fa3ded29fd3cf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\_programmation\APIOverride\MonitoringFileBuilder\Win32ReleaseUnicode\MonitoringFileBuilderWin32.pdb

Imports

kernel32

CreateProcessW
CreateFileW
SetFilePointer
CreateEventW
GetModuleFileNameW
DeleteFileW
CreateThread
GetTickCount
Sleep
HeapAlloc
WideCharToMultiByte
SizeofResource
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetEnvironmentVariableW
ReadFile
SetFilePointerEx
GetModuleHandleExW
GetCurrentThreadId
HeapCreate
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersion
GetFileSizeEx
CreateDirectoryW
GetUserDefaultLangID
InterlockedIncrement
InterlockedDecrement
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringA
ExitProcess
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RaiseException
RtlUnwind
TerminateProcess
WriteFile
ResetEvent
GetSystemDirectoryW
SetEvent
GetVersionExW
IsBadWritePtr
MultiByteToWideChar
GetLastError
SetLastError
FormatMessageW
GetPrivateProfileIntW
GetPrivateProfileStringW
FreeLibrary
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapFree
CloseHandle
IsBadCodePtr
WaitForSingleObject
IsBadReadPtr
FindNextFileW
LoadLibraryExW
EnumResourceNamesW
FindResourceW
LoadResource
LockResource
FreeResource
GetWindowsDirectoryW
FindFirstFileW
FindClose
LoadLibraryW
FlushFileBuffers

user32

GetWindowLongW
SetWindowPos
ShowWindow
GetDlgItem
LoadCursorW
SetCursor
SetDlgItemTextW
EndDialog
SendMessageW
SetFocus
MessageBoxW
SetWindowLongW
DialogBoxParamW
EnableWindow
SendDlgItemMessageW
LoadImageW
IsDlgButtonChecked
DestroyIcon
WindowFromPoint
ClientToScreen
GetDlgItemTextW
DestroyWindow
InsertMenuItemW
DestroyMenu
SetForegroundWindow
TrackPopupMenuEx
GetMenuItemRect
PtInRect
DrawIconEx
GetDC
ReleaseDC
CreateIconIndirect
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetSystemMetrics
ScreenToClient
RedrawWindow
GetWindow
CreateWindowExW
GetComboBoxInfo
GetWindowRect
GetCursorPos
FillRect
GetSysColor
GetFocus
KillTimer
GetIconInfo
GetMenuItemCount
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetParent
GetKeyState
PostMessageW
RegisterClipboardFormatW

gdi32

DeleteObject
SetBkColor
SetBkMode
GetTextExtentPoint32W
SelectObject
CreateSolidBrush
DeleteDC
CreateCompatibleDC
CreateBitmap
Rectangle
CreatePen
ExtTextOutW
CreateDIBSection
BitBlt
GetObjectW
SetTextColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

DragQueryPoint
DragQueryFileW
DragFinish
DragAcceptFiles
ShellExecuteW

ole32

StringFromIID
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

LoadTypeLibEx
QueryPathOfRegTypeLi
SysAllocString
SysFreeString

shlwapi

SHAutoComplete

wininet

HttpSendRequestW
InternetOpenW
InternetCrackUrlW
HttpQueryInfoW
InternetReadFile
InternetConnectW
HttpOpenRequestW
InternetCloseHandle

comctl32

ImageList_Destroy
InitCommonControlsEx
ord410
ord412
ord413
ord17
ImageList_Draw

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MonitoringFileBuilder64.exe
.exe windows:5 windows x64 arch:x64

4082d68f3ac0badc8ae425308ac38524

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\_programmation\APIOverride\MonitoringFileBuilder\x64ReleaseUnicode\MonitoringFileBuilder64x64.pdb

Imports

kernel32

CreateProcessW
CreateFileW
SetFilePointer
CreateEventW
GetModuleFileNameW
DeleteFileW
CreateThread
GetTickCount
Sleep
HeapAlloc
WideCharToMultiByte
SizeofResource
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetEnvironmentVariableW
GetSystemWow64DirectoryW
ReadFile
SetFilePointerEx
GetModuleHandleExW
RtlLookupFunctionEntry
GetCurrentThreadId
HeapCreate
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersion
GetFileSizeEx
CreateDirectoryW
GetUserDefaultLangID
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
CompareStringW
GetExitCodeProcess
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
ExitProcess
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
GetStdHandle
HeapSetInformation
GetStartupInfoW
GetCommandLineA
RtlPcToFileHeader
RaiseException
RtlUnwindEx
EncodePointer
DecodePointer
TerminateProcess
WriteFile
ResetEvent
GetSystemDirectoryW
SetEvent
GetVersionExW
IsBadWritePtr
MultiByteToWideChar
GetLastError
SetLastError
FormatMessageW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
FlushFileBuffers
GetProcAddress
GetProcessHeap
HeapFree
CloseHandle
IsBadCodePtr
WaitForSingleObject
IsBadReadPtr
FindNextFileW
LoadLibraryExW
EnumResourceNamesW
FindResourceW
LoadResource
LockResource
FreeResource
GetWindowsDirectoryW
FindFirstFileW
FindClose
LoadLibraryW
HeapReAlloc
FreeLibrary

user32

GetIconInfo
CreateIconIndirect
ReleaseDC
GetDC
DrawIconEx
PtInRect
SetFocus
SendMessageW
EndDialog
SetDlgItemTextW
SetCursor
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowPos
ShowWindow
GetDlgItem
LoadCursorW
GetMenuItemRect
TrackPopupMenuEx
DestroyMenu
InsertMenuItemW
DestroyWindow
MessageBoxW
SetWindowLongW
GetWindowLongW
DialogBoxParamW
EnableWindow
SendDlgItemMessageW
LoadImageW
IsDlgButtonChecked
DestroyIcon
WindowFromPoint
GetMenuItemCount
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
ClientToScreen
GetDlgItemTextW
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetSystemMetrics
SetForegroundWindow
ScreenToClient
RedrawWindow
GetWindow
CreateWindowExW
GetComboBoxInfo
GetWindowRect
GetCursorPos
FillRect
GetSysColor
GetFocus
SetMenuInfo
GetMenuState
GetKeyState
PostMessageW
GetParent
KillTimer

gdi32

GetTextExtentPoint32W
SetTextColor
SetBkMode
SetBkColor
DeleteObject
CreateSolidBrush
ExtTextOutW
GetObjectW
BitBlt
SelectObject
CreateDIBSection
DeleteDC
CreateCompatibleDC
CreateBitmap
CreatePen
Rectangle

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueW
RegQueryValueExW

shell32

DragAcceptFiles
DragFinish
ShellExecuteW
DragQueryPoint
DragQueryFileW

ole32

StringFromIID
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
QueryPathOfRegTypeLi
LoadTypeLibEx
SysFreeString

shlwapi

SHAutoComplete

wininet

HttpSendRequestW
InternetOpenW
InternetCrackUrlW
HttpQueryInfoW
InternetReadFile
InternetConnectW
HttpOpenRequestW
InternetCloseHandle

comctl32

ord17
ord413
ord412
ord410
ImageList_Draw
InitCommonControlsEx
ImageList_Destroy

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NotHookedModuleList.txt
Overriding Dll SDK/API/ExeInternal (with target sample)/FakeAPI.cpp
Overriding Dll SDK/API/ExeInternal (with target sample)/FakeExeInternal 2003.sln
Overriding Dll SDK/API/ExeInternal (with target sample)/FakeExeInternal.sln
Overriding Dll SDK/API/ExeInternal (with target sample)/FakeExeInternal.vcproj
.xml
Overriding Dll SDK/API/ExeInternal (with target sample)/FakeExeInternal.vcxproj
Overriding Dll SDK/API/ExeInternal (with target sample)/FakeExeInternal.vcxproj.filters
Overriding Dll SDK/API/ExeInternal (with target sample)/ReadMe.txt
Overriding Dll SDK/API/ExeInternal (with target sample)/ReleaseUnicode/FakeExeInternal.dll
.dll windows:5 windows x86 arch:x86

4e1b61525e1e60b23ce7bc7bc455b974

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\ExeInternal (with target sample)\ReleaseUnicode\FakeExeInternal.pdb

Imports

kernel32

GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Exports

Exports

_GetAPIOverrideBuildVersion@0
_GetFakeAPIArray@0
_GetFakeAPIEncoding@0
_GetPostAPICallArray@0
_GetPreAPICallArray@0
_InitializeFakeDll@4

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/ExeInternal (with target sample)/ReleaseUnicode/TargetSample.exe
.exe windows:5 windows x86 arch:x86

704f73e11d135cf5e43a1d213a0a4eb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\ExeInternal (with target sample)\ReleaseUnicode\TargetSample.pdb

Imports

user32

EndDialog
MessageBoxW
DialogBoxParamW

comctl32

ord17

kernel32

HeapCreate
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
MultiByteToWideChar
LoadLibraryW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
HeapSize
CreateFileW
CloseHandle
FlushFileBuffers

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/ExeInternal (with target sample)/ReleaseUnicode64/FakeExeInternal64.dll
.dll windows:5 windows x64 arch:x64

dc505ed8384fb4c5da63ecc3f56e722e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\ExeInternal (with target sample)\ReleaseUnicode64\FakeExeInternal64.pdb

Imports

kernel32

GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Exports

Exports

GetAPIOverrideBuildVersion
GetFakeAPIArray
GetFakeAPIEncoding
GetPostAPICallArray
GetPreAPICallArray
InitializeFakeDll

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/ExeInternal (with target sample)/ReleaseUnicode64/TargetSample64.exe
.exe windows:5 windows x64 arch:x64

0f4a64ee6ba0761cdab71cf58bc0eac9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\ExeInternal (with target sample)\ReleaseUnicode64\TargetSample64.pdb

Imports

user32

DialogBoxParamW
EndDialog
MessageBoxW

comctl32

ord17

kernel32

FlsAlloc
GetCommandLineA
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
TerminateProcess
GetCurrentProcess
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
RtlUnwindEx
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetLastError
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
MultiByteToWideChar
LoadLibraryW
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
HeapAlloc
HeapReAlloc
HeapSize
CreateFileW
CloseHandle
FlushFileBuffers

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/ExeInternal (with target sample)/TargetSample/TargetSample.vcproj
.xml
Overriding Dll SDK/API/ExeInternal (with target sample)/TargetSample/TargetSample.vcxproj
Overriding Dll SDK/API/ExeInternal (with target sample)/TargetSample/TargetSample.vcxproj.filters
Overriding Dll SDK/API/ExeInternal (with target sample)/TargetSample/main.cpp
Overriding Dll SDK/API/ExeInternal (with target sample)/TargetSample/resource.h
Overriding Dll SDK/API/ExeInternal (with target sample)/TargetSample/resource.rc
Overriding Dll SDK/API/GetDriveType/FakeAPI.cpp
Overriding Dll SDK/API/GetDriveType/GetDriveType 2003.sln
Overriding Dll SDK/API/GetDriveType/GetDriveType.sln
Overriding Dll SDK/API/GetDriveType/GetDriveType.vcproj
.xml
Overriding Dll SDK/API/GetDriveType/GetDriveType.vcxproj
Overriding Dll SDK/API/GetDriveType/GetDriveType.vcxproj.filters
Overriding Dll SDK/API/GetDriveType/ReadMe.txt
Overriding Dll SDK/API/GetDriveType/ReleaseUnicode/GetDriveType.dll
.dll windows:5 windows x86 arch:x86

4e1b61525e1e60b23ce7bc7bc455b974

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\GetDriveType\ReleaseUnicode\GetDriveType.pdb

Imports

kernel32

GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Exports

Exports

_GetAPIOverrideBuildVersion@0
_GetFakeAPIArray@0
_GetFakeAPIEncoding@0
_GetPostAPICallArray@0
_GetPreAPICallArray@0
_InitializeFakeDll@4

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/GetDriveType/ReleaseUnicode64/GetDriveType64.dll
.dll windows:5 windows x64 arch:x64

dc505ed8384fb4c5da63ecc3f56e722e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\GetDriveType\ReleaseUnicode64\GetDriveType64.pdb

Imports

kernel32

GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Exports

Exports

GetAPIOverrideBuildVersion
GetFakeAPIArray
GetFakeAPIEncoding
GetPostAPICallArray
GetPreAPICallArray
InitializeFakeDll

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/HideMe/APIError.cpp
Overriding Dll SDK/API/HideMe/APIError.h
Overriding Dll SDK/API/HideMe/FakeAPI.cpp
Overriding Dll SDK/API/HideMe/HideMe 2003.sln
Overriding Dll SDK/API/HideMe/HideMe.h
Overriding Dll SDK/API/HideMe/HideMe.sln
Overriding Dll SDK/API/HideMe/HideMe.vcproj
.xml
Overriding Dll SDK/API/HideMe/HideMe.vcxproj
Overriding Dll SDK/API/HideMe/HideMe.vcxproj.filters
Overriding Dll SDK/API/HideMe/PEB_TEB.h
Overriding Dll SDK/API/HideMe/ProcessAndThreadID.cpp
Overriding Dll SDK/API/HideMe/ProcessAndThreadID.h
Overriding Dll SDK/API/HideMe/ReadMe.txt
Overriding Dll SDK/API/HideMe/ReleaseUnicode/HideMe.dll
.dll windows:5 windows x86 arch:x86

83119f330526e556eb628fdafbb12e63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\HideMe\ReleaseUnicode\HideMe.pdb

Imports

kernel32

CloseHandle
Module32FirstW
CreateToolhelp32Snapshot
IsBadCodePtr
Process32NextW
Process32FirstW
GetCurrentProcessId
GetProcAddress
GetModuleHandleW
FormatMessageW
GetUserDefaultLangID
GetLastError
SetLastError
DuplicateHandle
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteFile
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

EnumDesktopWindows
EnumWindows
GetParent
InternalGetWindowText
MessageBoxW

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

Exports

Exports

_GetAPIOverrideBuildVersion@0
_GetFakeAPIArray@0
_GetFakeAPIEncoding@0
_GetPostAPICallArray@0
_GetPreAPICallArray@0
_InitializeFakeDll@4

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/HideMe/ReleaseUnicode64/HideMe64.dll
.dll windows:5 windows x64 arch:x64

1b0d5cb17736ec88e09a6de2aeb3b58c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\HideMe\ReleaseUnicode64\HideMe64.pdb

Imports

kernel32

CloseHandle
Module32FirstW
CreateToolhelp32Snapshot
IsBadCodePtr
Process32NextW
Process32FirstW
GetCurrentProcessId
GetProcAddress
GetModuleHandleW
FormatMessageW
GetUserDefaultLangID
GetLastError
SetLastError
DuplicateHandle
GetCurrentProcess
HeapReAlloc
GetModuleFileNameW
WriteFile
HeapSize
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
TerminateProcess
HeapAlloc
RaiseException
RtlPcToFileHeader
RtlUnwindEx
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW

user32

EnumDesktopWindows
EnumWindows
GetParent
InternalGetWindowText
MessageBoxW

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

Exports

Exports

GetAPIOverrideBuildVersion
GetFakeAPIArray
GetFakeAPIEncoding
GetPostAPICallArray
GetPreAPICallArray
InitializeFakeDll

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/IsDebuggerPresent/FakeAPI.cpp
Overriding Dll SDK/API/IsDebuggerPresent/FakeIsDebuggerPresent 2003.sln
Overriding Dll SDK/API/IsDebuggerPresent/FakeIsDebuggerPresent.sln
Overriding Dll SDK/API/IsDebuggerPresent/FakeIsDebuggerPresent.vcproj
.xml
Overriding Dll SDK/API/IsDebuggerPresent/FakeIsDebuggerPresent.vcxproj
Overriding Dll SDK/API/IsDebuggerPresent/FakeIsDebuggerPresent.vcxproj.filters
Overriding Dll SDK/API/IsDebuggerPresent/ReadMe.txt
Overriding Dll SDK/API/MessageBox/FakeAPI.cpp
Overriding Dll SDK/API/MessageBox/FakeMsgBox 2003.sln
Overriding Dll SDK/API/MessageBox/FakeMsgBox.sln
Overriding Dll SDK/API/MessageBox/FakeMsgBox.vcproj
.xml
Overriding Dll SDK/API/MessageBox/FakeMsgBox.vcxproj
Overriding Dll SDK/API/MessageBox/FakeMsgBox.vcxproj.filters
Overriding Dll SDK/API/MessageBox/ReadMe.txt
Overriding Dll SDK/API/MessageBox/ReleaseUnicode/FakeMsgBox.dll
.dll windows:5 windows x86 arch:x86

b04fac284a7ae380bb3c3f177555095a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\MessageBox\ReleaseUnicode\FakeMsgBoxWin32.pdb

Imports

user32

MessageBoxW
MessageBoxA

kernel32

GetModuleFileNameA
IsProcessorFeaturePresent
HeapSize
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW

Exports

Exports

_GetAPIOverrideBuildVersion@0
_GetFakeAPIArray@0
_GetFakeAPIEncoding@0
_GetPostAPICallArray@0
_GetPreAPICallArray@0
_InitializeFakeDll@4

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/MessageBox/ReleaseUnicode64/FakeMsgBox64.dll
.dll windows:5 windows x64 arch:x64

f16bbc664ffd21dfa06da6bb95256dc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\MessageBox\ReleaseUnicode64\FakeMsgBox64x64.pdb

Imports

user32

MessageBoxW
MessageBoxA

kernel32

DeleteCriticalSection
HeapSize
GetStringTypeW
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar

Exports

Exports

GetAPIOverrideBuildVersion
GetFakeAPIArray
GetFakeAPIEncoding
GetPostAPICallArray
GetPreAPICallArray
InitializeFakeDll

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/PrePostHooksMsgBox/FakeAPI.cpp
Overriding Dll SDK/API/PrePostHooksMsgBox/PrePostHooksMsgBox 2003.sln
Overriding Dll SDK/API/PrePostHooksMsgBox/PrePostHooksMsgBox.sln
Overriding Dll SDK/API/PrePostHooksMsgBox/PrePostHooksMsgBox.vcproj
.xml
Overriding Dll SDK/API/PrePostHooksMsgBox/PrePostHooksMsgBox.vcxproj
Overriding Dll SDK/API/PrePostHooksMsgBox/PrePostHooksMsgBox.vcxproj.filters
Overriding Dll SDK/API/PrePostHooksMsgBox/ReadMe.txt
Overriding Dll SDK/API/PrePostHooksMsgBox/ReleaseUnicode/FakePrePostHooksMsgBox.dll
.dll windows:5 windows x86 arch:x86

bfdd9b042677ad2fdcf4d525657f6287

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\PrePostHooksMsgBox\ReleaseUnicode\FakePrePostHooksMsgBox.pdb

Imports

kernel32

IsBadWritePtr
OutputDebugStringA
OutputDebugStringW
IsBadReadPtr
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

_GetAPIOverrideBuildVersion@0
_GetFakeAPIArray@0
_GetFakeAPIEncoding@0
_GetPostAPICallArray@0
_GetPreAPICallArray@0
_InitializeFakeDll@4

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/API/PrePostHooksMsgBox/ReleaseUnicode64/FakePrePostHooksMsgBox64.dll
.dll windows:5 windows x64 arch:x64

784d4c597171cbc5fc1400b8f53cd527

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\API\PrePostHooksMsgBox\ReleaseUnicode64\FakePrePostHooksMsgBox64.pdb

Imports

kernel32

IsBadWritePtr
OutputDebugStringA
OutputDebugStringW
IsBadReadPtr
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Exports

Exports

GetAPIOverrideBuildVersion
GetFakeAPIArray
GetFakeAPIEncoding
GetPostAPICallArray
GetPreAPICallArray
InitializeFakeDll

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64 MonitoringFile.txt
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64 OverridingDll/FakeASM64.cpp
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64 OverridingDll/FakeAsm64.Asm
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64 OverridingDll/MakeAsm64.bat
.bat .vbs
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64 OverridingDll/OverrideAsm64.dll
.dll windows:5 windows x64 arch:x64

b296ab13eb777bd0093006375ce14bd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\ASM\AsmExeInternal (with asm target sample)\x64 example\Asm Target64 OverridingDll\x64\Release\OverrideAsm64.pdb

Imports

msvcr100

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__crt_debugger_hook
__CppXcptFilter
__C_specific_handler
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt

kernel32

DecodePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
Sleep

Exports

Exports

GetAPIOverrideBuildVersion
GetFakeAPIArray
GetFakeAPIEncoding
GetPostAPICallArray
GetPreAPICallArray
InitializeFakeDll

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64 OverridingDll/OverrideAsm64.sln
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64 OverridingDll/OverrideAsm64.vcxproj
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64 OverridingDll/OverrideAsm64.vcxproj.filters
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64/Asm Target64.exe
.exe windows:5 windows x64 arch:x64

058d9c08bfb60c0f6bbab5ef3b649333

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\__Overriding Dll SDK\ASM\AsmExeInternal (with asm target sample)\x64 example\Asm Target64\x64\Release\Asm Target64.pdb

Imports

user32

MessageBoxW

msvcr100

__crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
__dllonexit
_lock
_onexit
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_amsg_exit
_unlock

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
GetStartupInfoW
Sleep
GetCurrentProcessId

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64/Asm Target64.sln
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64/Asm Target64.vcxproj
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64/Asm Target64.vcxproj.filters
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64/MakeAsm64.bat
.bat .vbs
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64/Target64.Asm
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x64 example/Asm Target64/main.cpp
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x86 example/Asm Target32 MonitoringFile.txt
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x86 example/Asm Target32 OverridingDll/AsmExeInternal.sln
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x86 example/Asm Target32 OverridingDll/AsmExeInternal.vcproj
.xml
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x86 example/Asm Target32 OverridingDll/FakeASM.cpp
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x86 example/Asm Target32 OverridingDll/MakeMasmSub.bat
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x86 example/Asm Target32 OverridingDll/MasmSub.asm
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x86 example/Asm Target32/Target32.Asm
Overriding Dll SDK/ASM/AsmExeInternal (with asm target sample)/x86 example/Asm Target32/Target32.exe
.exe windows:4 windows x86 arch:x86

f3720bfc8fa137f70e61544b1b4db7f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
ExitProcess

user32

MessageBoxA
SendMessageA

Sections

.text
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 61B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Overriding Dll SDK/ASM/ReadMe.txt
Overriding Dll SDK/COM/COMObjectCreationSpy/COMObjectCreationSpy 2003.sln
Overriding Dll SDK/COM/COMObjectCreationSpy/COMObjectCreationSpy.cpp
Overriding Dll SDK/COM/COMObjectCreationSpy/COMObjectCreationSpy.sln
Overriding Dll SDK/COM/COMObjectCreationSpy/COMObjectCreationSpy.vcproj
.xml
Overriding Dll SDK/COM/COMObjectCreationSpy/COMObjectCreationSpy.vcxproj
Overriding Dll SDK/COM/COMObjectCreationSpy/COMObjectCreationSpy.vcxproj.filters
Overriding Dll SDK/COM/COMObjectCreationSpy/ReadMe.txt
Overriding Dll SDK/COM/QueryInterfaceRestriction/COMQueryInterfaceRestriction 2003.sln
Overriding Dll SDK/COM/QueryInterfaceRestriction/COMQueryInterfaceRestriction.sln
Overriding Dll SDK/COM/QueryInterfaceRestriction/COMQueryInterfaceRestriction.vcproj
.xml
Overriding Dll SDK/COM/QueryInterfaceRestriction/COMQueryInterfaceRestriction.vcxproj
Overriding Dll SDK/COM/QueryInterfaceRestriction/COMQueryInterfaceRestriction.vcxproj.filters
Overriding Dll SDK/COM/QueryInterfaceRestriction/FakeAPI.cpp
Overriding Dll SDK/COM/QueryInterfaceRestriction/ReadMe.txt
Overriding Dll SDK/NET/NET exe/FakeAPI.cpp
Overriding Dll SDK/NET/NET exe/FakeNET 2003.sln
Overriding Dll SDK/NET/NET exe/FakeNET.sln
Overriding Dll SDK/NET/NET exe/FakeNET.vcproj
.xml
Overriding Dll SDK/NET/NET exe/FakeNET.vcxproj
Overriding Dll SDK/NET/NET exe/FakeNET.vcxproj.filters
Overriding Dll SDK/NET/NET exe/ReadMe.txt
Overriding Dll SDK/NET/NET exe/target 2003/App.ico
Overriding Dll SDK/NET/NET exe/target 2003/AssemblyInfo.cs
Overriding Dll SDK/NET/NET exe/target 2003/Form1.cs
Overriding Dll SDK/NET/NET exe/target 2003/Form1.resx
.vbs .xml polyglot
Overriding Dll SDK/NET/NET exe/target 2003/NET_Target.csproj
Overriding Dll SDK/NET/NET exe/target 2003/NET_Target.sln
Overriding Dll SDK/NET/NET exe/target/App.ico
Overriding Dll SDK/NET/NET exe/target/AssemblyInfo.cs
Overriding Dll SDK/NET/NET exe/target/Form1.cs
Overriding Dll SDK/NET/NET exe/target/Form1.resx
.vbs .xml polyglot
Overriding Dll SDK/NET/NET exe/target/NET_Target.csproj
Overriding Dll SDK/NET/NET exe/target/NET_Target.sln
Overriding Dll SDK/_Common_Files/ExportedStructs.h
Overriding Dll SDK/_Common_Files/GenericFakeAPI.cpp
Overriding Dll SDK/_Common_Files/GenericFakeAPI.h
Overriding Dll SDK/_Common_Files/Registers.h
Plugin SDK/Example/Example vs2003.sln
Plugin SDK/Example/Example.rc
Plugin SDK/Example/Example.sln
Plugin SDK/Example/Example.vcproj
.xml
Plugin SDK/Example/Example.vcxproj
Plugin SDK/Example/Example.vcxproj.filters
Plugin SDK/Example/PluginMain.cpp
Plugin SDK/Example/resource.h
Plugin SDK/Example/resources/icon1.ico
Plugin SDK/Example/resources/icon2.ico
Plugin SDK/Example/resources/icon3.ico
Plugin SDK/Example/resources/icon4.ico
Plugin SDK/MultiConfigurationsManager/MultiConfigManager vs2003.sln
Plugin SDK/MultiConfigurationsManager/MultiConfigManager.rc
Plugin SDK/MultiConfigurationsManager/MultiConfigManager.sln
Plugin SDK/MultiConfigurationsManager/MultiConfigManager.vcproj
.xml
Plugin SDK/MultiConfigurationsManager/MultiConfigManager.vcxproj
Plugin SDK/MultiConfigurationsManager/MultiConfigManager.vcxproj.filters
Plugin SDK/MultiConfigurationsManager/PluginMain.cpp
Plugin SDK/MultiConfigurationsManager/Tools/StdFileOperations.cpp
Plugin SDK/MultiConfigurationsManager/Tools/StdFileOperations.h
Plugin SDK/MultiConfigurationsManager/resource.h
Plugin SDK/MultiConfigurationsManager/resources/load.ico
Plugin SDK/MultiConfigurationsManager/resources/multiconf.ico
Plugin SDK/MultiConfigurationsManager/resources/save.ico
Plugin SDK/_Common_Files/CallingConvention.h
Plugin SDK/_Common_Files/HookCom/HookComOptions.h
Plugin SDK/_Common_Files/HookNet/HookNetOptions.h
Plugin SDK/_Common_Files/IApiOverride.h
Plugin SDK/_Common_Files/IWinApiOverride.h
Plugin SDK/_Common_Files/IWinApiOverrideLogs.h
Plugin SDK/_Common_Files/IWinApiOverrideMenu.h
Plugin SDK/_Common_Files/IWinApiOverrideOptions.h
Plugin SDK/_Common_Files/IWinApiOverridePlugin.h
Plugin SDK/_Common_Files/InterProcessCommunication.h
Plugin SDK/_Common_Files/Registers.h
Plugins/MultiConfigManager.dll
.dll windows:5 windows x86 arch:x86

83817e409cbfdc16d414495d0c8769bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\Plugin SDK\MultiConfigurationsManager\Win32ReleaseUnicode\MultiConfigManagerWin32.pdb

Imports

kernel32

GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
CloseHandle
CreateFileW
WritePrivateProfileStringW
GetLastError
CreateDirectoryW
FlushFileBuffers
GetModuleHandleW
DisableThreadLibraryCalls
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapFree
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

user32

LoadImageW
MessageBoxW

comdlg32

GetSaveFileNameW

Exports

Exports

_GetPluginObject@0

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plugins64/MultiConfigManager64.dll
.dll windows:5 windows x64 arch:x64

91258c7e5d35ca2f44b9079c617ea933

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\Plugin SDK\MultiConfigurationsManager\x64ReleaseUnicode\MultiConfigManager64x64.pdb

Imports

kernel32

GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
CloseHandle
CreateFileW
WritePrivateProfileStringW
GetLastError
CreateDirectoryW
WriteConsoleW
SetStdHandle
LoadLibraryW
GetModuleHandleW
DisableThreadLibraryCalls
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringW
GetStringTypeW
HeapReAlloc
FlushFileBuffers

user32

LoadImageW
MessageBoxW

comdlg32

GetSaveFileNameW

Exports

Exports

GetPluginObject

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProcMonDrvJP.sys
.dll windows:5 windows x86 arch:x86

ce691bf019ba231fe4d6f6db3faa3550

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeInitializeEvent
ExAllocatePoolWithTag
KeSetEvent
ExFreePoolWithTag
KeWaitForSingleObject
memset
memcpy
IofCompleteRequest
IoCancelIrp
IoReleaseCancelSpinLock
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProcMonDrvJP64.sys
.dll windows:5 windows x64 arch:x64

2b3233794a7e443faa94cdd6376b7bff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

KeInitializeEvent
ExAllocatePoolWithTag
KeSetEvent
ExFreePoolWithTag
KeWaitForSingleObject
IofCompleteRequest
IoCancelIrp
IoReleaseCancelSpinLock
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RemoteStack64.dll
.dll windows:5 windows x64 arch:x64

5f92119fa0d030f44d02fe646196fd62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GetProcAddress
WaitForSingleObject
SetEvent
WriteFile
IsBadCodePtr
IsBadWritePtr
ReadFile
GetOverlappedResult
GetLastError
ResetEvent
CreateEventW
WaitForMultipleObjects
CloseHandle
CreateThread
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
FlushFileBuffers
GetThreadContext
RtlCaptureContext
IsBadReadPtr
RtlVirtualUnwind
RtlLookupFunctionEntry
OpenThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetCurrentProcessId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
EncodePointer
DecodePointer
HeapAlloc
RaiseException
RtlPcToFileHeader
RtlUnwindEx
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
CreateFileW

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SetEnvVarProc.dll
.dll windows:5 windows x86 arch:x86

87b50693ab683d515cab958d3301450d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\Tools\Process\SetEnvVarProc\src\Win32ReleaseUnicode\SetEnvVarProcWin32.pdb

Imports

kernel32

SetEnvironmentVariableW
UnmapViewOfFile
CloseHandle
MapViewOfFile
GetLastError
CreateFileMappingW
DisableThreadLibraryCalls
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

_SetEnvironmentVariables@8

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SetEnvVarProc64.dll
.dll windows:5 windows x64 arch:x64

15ba743c1cabbae2e0ccf85e52e253a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

V:\_programmation\APIOverride\Tools\Process\SetEnvVarProc\src\x64ReleaseUnicode\SetEnvVarProc64x64.pdb

Imports

kernel32

SetEnvironmentVariableW
UnmapViewOfFile
CloseHandle
MapViewOfFile
GetLastError
CreateFileMappingW
DisableThreadLibraryCalls
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Exports

Exports

SetEnvironmentVariables

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StaticImportFinder.chm
.chm
StaticImportFinder.exe
.exe windows:5 windows x86 arch:x86

885412b6c53bc0ebe725aa01cf8b40f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\_programmation\APIOverride\StaticImportFinder\ReleaseUnicode\StaticImportFinder.pdb

Imports

kernel32

TerminateThread
CreateThread
ResetEvent
CreateEventW
GetNativeSystemInfo
GetLastError
WideCharToMultiByte
FormatMessageW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
CreateFileW
GetEnvironmentVariableW
GetSystemDirectoryW
FindNextFileW
IsBadCodePtr
GetCurrentThreadId
HeapCreate
HeapDestroy
GetTickCount
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ReadFile
GetVersion
GetModuleFileNameW
CreateDirectoryW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameW
GetStringTypeW
GetStringTypeA
LCMapStringA
GetVersionExW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
HeapSize
ExitProcess
Sleep
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
FlushFileBuffers
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
GetFileAttributesW
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapFree
CloseHandle
LoadLibraryExW
EnumResourceNamesW
FreeLibrary
FindResourceW
GetWindowsDirectoryW
LoadLibraryW
MultiByteToWideChar
IsBadWritePtr
IsBadReadPtr
WaitForSingleObject
HeapAlloc
SetEvent
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
GetLocaleInfoA
SetCurrentDirectoryW
LoadResource
FreeResource
LockResource
FindFirstFileW
FindClose

user32

GetWindowTextW
PostMessageW
SendMessageW
RemovePropW
MapWindowPoints
SetPropW
GetSysColorBrush
SetClassLongW
InsertMenuItemW
DestroyMenu
SetForegroundWindow
TrackPopupMenuEx
GetSysColor
GetWindowTextLengthW
InvalidateRect
RedrawWindow
LoadImageW
GetMenuItemRect
PtInRect
DestroyIcon
DrawIconEx
GetDC
ReleaseDC
CreateIconIndirect
GetMenuItemCount
InsertMenuW
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetParent
GetKeyState
RegisterClipboardFormatW
KillTimer
LoadCursorW
SetCursor
GetCursorPos
SetFocus
GetComboBoxInfo
SetWindowLongW
SetLayeredWindowAttributes
ScreenToClient
GetWindowLongW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetSystemMetrics
ShowWindow
GetDlgItemTextW
MessageBoxW
GetClientRect
SetWindowTextW
DialogBoxParamW
GetDlgItem
SetDlgItemTextW
EndDialog
CreateWindowExW
DestroyWindow
SetWindowPos
GetWindowRect
GetIconInfo

gdi32

CreateSolidBrush
Rectangle
CreateBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
CreateFontW
DeleteObject
CreatePen

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc

ole32

CoUninitialize
CoInitialize

shlwapi

SHAutoComplete

comctl32

ord413
InitCommonControlsEx
ord17
ImageList_Remove
ImageList_ReplaceIcon
ImageList_Create
ord412
ord410
ImageList_Destroy

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StaticImportFinder64.exe
.exe windows:5 windows x64 arch:x64

6f4b8aed5b510357b7314407248d910a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\_programmation\APIOverride\StaticImportFinder\ReleaseUnicode\Unicode\x64\StaticImportFinder64.pdb

Imports

kernel32

TerminateThread
CreateThread
ResetEvent
CreateEventW
GetLastError
WideCharToMultiByte
FormatMessageW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
CreateFileW
GetEnvironmentVariableW
GetSystemWow64DirectoryW
GetSystemDirectoryW
FindNextFileW
IsBadCodePtr
GetCurrentThreadId
HeapCreate
HeapDestroy
GetTickCount
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ReadFile
GetVersion
GetModuleFileNameW
CreateDirectoryW
WriteConsoleW
SetStdHandle
HeapReAlloc
SetEnvironmentVariableA
CompareStringW
GetVersionExW
GetStringTypeW
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
HeapSize
Sleep
InitializeCriticalSectionAndSpinCount
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
HeapSetInformation
FlsAlloc
SetLastError
FlsFree
FlsSetValue
FlsGetValue
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetCommandLineA
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlUnwindEx
FlushFileBuffers
RtlLookupFunctionEntry
LoadLibraryW
MultiByteToWideChar
IsBadWritePtr
IsBadReadPtr
WaitForSingleObject
HeapAlloc
SetEvent
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapFree
CloseHandle
LoadLibraryExW
EnumResourceNamesW
FreeLibrary
FindResourceW
LoadResource
LockResource
FreeResource
GetWindowsDirectoryW
FindFirstFileW
FindClose

user32

DestroyMenu
SetForegroundWindow
TrackPopupMenuEx
GetSysColor
InsertMenuItemW
PtInRect
SetClassLongPtrW
GetSysColorBrush
SetPropW
MapWindowPoints
RemovePropW
PostMessageW
SendMessageW
GetWindowTextW
GetMenuItemRect
DestroyIcon
DrawIconEx
GetDC
ReleaseDC
CreateIconIndirect
GetIconInfo
GetMenuItemCount
InsertMenuW
GetWindowTextLengthW
InvalidateRect
RedrawWindow
LoadImageW
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetKeyState
GetParent
KillTimer
LoadCursorW
SetCursor
GetCursorPos
SetFocus
GetComboBoxInfo
SetWindowLongPtrW
SetLayeredWindowAttributes
ScreenToClient
GetWindowLongPtrW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetSystemMetrics
ShowWindow
GetDlgItemTextW
MessageBoxW
GetClientRect
SetWindowTextW
DialogBoxParamW
GetDlgItem
SetDlgItemTextW
EndDialog
DestroyWindow
CreateWindowExW
SetWindowPos
GetWindowRect

gdi32

CreatePen
CreateSolidBrush
Rectangle
CreateBitmap
CreateCompatibleDC
DeleteObject
CreateFontW
GetObjectW
BitBlt
SelectObject
DeleteDC
CreateDIBSection

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

shlwapi

SHAutoComplete

comctl32

ord412
ord413
ord410
ImageList_ReplaceIcon
ImageList_Remove
ord17
InitCommonControlsEx
ImageList_Destroy
ImageList_Create

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StubResolver.exe
.exe windows:5 windows x86 arch:x86

ec63d052a584a05382474442dc16a6f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\_programmation\APIOverride\StubResolver\Release\StubResolver.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
Sleep
CloseHandle
WaitForSingleObject
OpenThread
GetCurrentThreadId
LeaveCriticalSection
CreateFileW
SetEvent
CreateEventW
HeapCreate
HeapDestroy
GetTickCount
WriteFile
SetFilePointer
GetVersionExW
ReadFile
GetVersion
GetModuleFileNameW
CreateDirectoryW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeA
LCMapStringA
GlobalAlloc
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetModuleFileNameA
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
GlobalLock
GlobalFree
GlobalUnlock
LoadLibraryW
FormatMessageW
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
GetLastError
GetSystemDirectoryW
MultiByteToWideChar
HeapFree
HeapAlloc
IsBadReadPtr
IsBadWritePtr
GetProcessHeap
GetPrivateProfileStringW
WritePrivateProfileStringW
GetStringTypeW

user32

InsertMenuItemW
DestroyMenu
SetForegroundWindow
TrackPopupMenuEx
GetMenuItemRect
PtInRect
DestroyIcon
DrawIconEx
GetDC
ReleaseDC
CreateIconIndirect
GetIconInfo
GetMenuItemCount
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetParent
GetKeyState
RegisterClipboardFormatW
KillTimer
GetFocus
GetSysColor
FillRect
SetFocus
CreateDialogParamW
DialogBoxParamW
SetCursor
GetSystemMetrics
LoadCursorW
GetCursorPos
EnumThreadWindows
RealGetWindowClassW
SetWindowLongW
EndDialog
DestroyWindow
GetWindowRect
ScreenToClient
InvalidateRect
GetComboBoxInfo
GetWindowLongW
GetWindowThreadProcessId
LoadImageW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
MessageBoxW
SetWindowPos
SetWindowTextW
GetDlgItem
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SendMessageW
PostMessageW

gdi32

Rectangle
CreateBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
GetObjectW
ExtTextOutW
CreateSolidBrush
DeleteObject
SetBkColor
SetBkMode
SetTextColor
GetTextExtentPoint32W
CreatePen

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

DragFinish
DragQueryFileW
ShellExecuteW

shlwapi

SHAutoComplete

comctl32

ord413
ord412
ord410
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StubResolver64.exe
.exe windows:5 windows x64 arch:x64

9267bbf76cb6904b3311409498a24df5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\_programmation\APIOverride\StubResolver\Release\StubResolver64.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
Sleep
CloseHandle
WaitForSingleObject
OpenThread
GetCurrentThreadId
LeaveCriticalSection
CreateFileW
SetEvent
CreateEventW
HeapCreate
HeapDestroy
GetTickCount
WriteFile
SetFilePointer
GetVersionExW
ReadFile
GetVersion
GetModuleFileNameW
CreateDirectoryW
HeapReAlloc
WriteConsoleW
SetStdHandle
GlobalAlloc
GetStringTypeW
HeapSize
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetStdHandle
HeapSetInformation
FlsAlloc
SetLastError
FlsFree
FlsSetValue
FlsGetValue
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetCommandLineA
RtlPcToFileHeader
FlushFileBuffers
RaiseException
DecodePointer
EncodePointer
RtlUnwindEx
RtlLookupFunctionEntry
GlobalLock
GlobalFree
GlobalUnlock
LoadLibraryW
FormatMessageW
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
GetLastError
GetSystemDirectoryW
MultiByteToWideChar
HeapFree
HeapAlloc
IsBadReadPtr
IsBadWritePtr
GetProcessHeap
GetPrivateProfileStringW
WritePrivateProfileStringW

user32

PtInRect
DestroyIcon
GetMenuItemRect
GetDC
ReleaseDC
TrackPopupMenuEx
SetForegroundWindow
DestroyMenu
InsertMenuItemW
DrawIconEx
CreateIconIndirect
GetIconInfo
GetMenuItemCount
GetMenuItemInfoW
GetMenuInfo
CreatePopupMenu
SetMenuInfo
GetMenuState
GetParent
KillTimer
GetFocus
GetSysColor
FillRect
SetFocus
CreateDialogParamW
DialogBoxParamW
SetCursor
GetSystemMetrics
LoadCursorW
GetCursorPos
EnumThreadWindows
RealGetWindowClassW
SetWindowLongPtrW
EndDialog
DestroyWindow
GetWindowRect
ScreenToClient
InvalidateRect
GetComboBoxInfo
GetWindowLongPtrW
GetWindowThreadProcessId
LoadImageW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
MessageBoxW
SetWindowPos
SetWindowTextW
GetDlgItem
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SendMessageW
PostMessageW
GetKeyState

gdi32

CreateDIBSection
Rectangle
CreateBitmap
CreateCompatibleDC
DeleteDC
SelectObject
GetTextExtentPoint32W
SetTextColor
SetBkMode
SetBkColor
DeleteObject
CreateSolidBrush
ExtTextOutW
CreatePen
BitBlt
GetObjectW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

ShellExecuteW
DragQueryFileW
DragFinish

shlwapi

SHAutoComplete

comctl32

InitCommonControlsEx
ImageList_Draw
ord410
ord412
ord413
ImageList_Destroy

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserDefines/kernel32.dll/CreateFile_CreationDisposition.txt
UserDefines/kernel32.dll/CreateFile_DesiredAccess.txt
UserDefines/kernel32.dll/CreateFile_FlagsAndAttributes.txt
UserDefines/kernel32.dll/CreateFile_ShareMode.txt
UserDefines/user32.dll/MessageBox_Return.txt
UserDefines/user32.dll/MessageBox_Type.txt
UserTypes/ACL.txt
UserTypes/ADDRINFOA.txt
UserTypes/ADDRINFOW.txt
UserTypes/BROWSEINFOA.txt
UserTypes/BROWSEINFOW.txt
UserTypes/CHAR_INFO.txt
UserTypes/CHOOSECOLORA.txt
UserTypes/CHOOSECOLORW.txt
UserTypes/CHOOSEFONTA.txt
UserTypes/CHOOSEFONTW.txt
UserTypes/CLIENT_ID.txt
UserTypes/COLORMAP.txt
UserTypes/COMMCONFIG.txt
UserTypes/COMMTIMEOUTS.txt
UserTypes/CRITICAL_SECTION.txt
UserTypes/CredHandle.txt
UserTypes/CtxtHandle.txt
UserTypes/DCB.txt
UserTypes/DLGTEMPLATE.txt
UserTypes/FILE.txt
UserTypes/FINDREPLACEA.txt
UserTypes/FINDREPLACEW.txt
UserTypes/GENERIC_MAPPING.txt
UserTypes/HEAPENTRY32.txt
UserTypes/IN_ADDR.txt
UserTypes/IO_STATUS_BLOCK.txt
UserTypes/IUnknown.txt
UserTypes/LIST_ENTRY.txt
UserTypes/LOGFONTA.txt
UserTypes/LOGFONTW.txt
UserTypes/LUID.txt
UserTypes/MEMORY_BASIC_INFORMATION.txt
UserTypes/MODULEENTRY32.txt
UserTypes/MODULEENTRY32W.txt
UserTypes/MSG.txt
UserTypes/MULTI_QI.txt
UserTypes/NOTIFYICONDATAA.txt
UserTypes/NOTIFYICONDATAW.txt
UserTypes/OBJECT_ATTRIBUTES.txt
UserTypes/OPENFILENAMEA.txt
UserTypes/OPENFILENAMEW.txt
UserTypes/OVERLAPPED.txt
UserTypes/PAGESETUPDLGA.txt
UserTypes/PAGESETUPDLGW.txt
UserTypes/PRINTDLGA.txt
UserTypes/PRINTDLGEXA.txt
UserTypes/PRINTDLGEXW.txt
UserTypes/PRINTDLGW.txt
UserTypes/PROCESSENTRY32.txt
UserTypes/PROCESSENTRY32W.txt
UserTypes/PROCESS_HEAP_ENTRY.txt
UserTypes/PROPSHEETPAGE.txt
UserTypes/PROPSHEETPAGEW.txt
UserTypes/RTL_CRITICAL_SECTION.txt
UserTypes/RTL_CRITICAL_SECTION_DEBUG.txt
UserTypes/SCARD_ATRMASK.txt
UserTypes/SCARD_IO_REQUEST.txt
UserTypes/SCARD_READERSTATE.txt
UserTypes/SECURITY_ATTRIBUTES.txt
UserTypes/SHELLEXECUTEINFOA.txt
UserTypes/SHELLEXECUTEINFOW.txt
UserTypes/SHFILEINFOA.txt
UserTypes/SHFILEINFOW.txt
UserTypes/SHGDNF.txt
UserTypes/SMALL_RECT.txt
UserTypes/SOCKADDR.txt
UserTypes/SOCKADDR_IN.txt
UserTypes/STARTUPINFOA.txt
UserTypes/STARTUPINFOW.txt
UserTypes/SecHandle.txt
UserTypes/THREADENTRY32.txt
UserTypes/VARENUM.txt
UserTypes/WIN32_FIND_DATAA.txt
UserTypes/WIN32_FIND_DATAW.txt
UserTypes/WNDCLASSA.txt
UserTypes/WNDCLASSEXA.txt
UserTypes/WNDCLASSEXW.txt
UserTypes/WNDCLASSW.txt
UserTypes/WSABUF.txt
UserTypes/WSADATA.txt
UserTypes/WSADATA64.txt
UserTypes/WSAPROTOCOLCHAIN.txt
UserTypes/WSAPROTOCOL_INFOA.txt
UserTypes/WSAPROTOCOL_INFOW.txt
UserTypes/fd_set.txt
UserTypes/hostent.txt
UserTypes/kernel32.dll/CHAR_INFO.txt
UserTypes/kernel32.dll/COMSTAT.txt
UserTypes/kernel32.dll/CONSOLE_CURSOR_INFO.txt
UserTypes/kernel32.dll/COORD.txt
UserTypes/kernel32.dll/CREATE_PROCESS_DEBUG_INFO.txt
UserTypes/kernel32.dll/CREATE_THREAD_DEBUG_INFO.txt
UserTypes/kernel32.dll/DEBUG_EVENT.txt
UserTypes/kernel32.dll/EXCEPTION_DEBUG_INFO.txt
UserTypes/kernel32.dll/EXCEPTION_RECORD.txt
UserTypes/kernel32.dll/EXIT_PROCESS_DEBUG_INFO.txt
UserTypes/kernel32.dll/EXIT_THREAD_DEBUG_INFO.txt
UserTypes/kernel32.dll/FOCUS_EVENT_RECORD.txt
UserTypes/kernel32.dll/INPUT_RECORD.txt
UserTypes/kernel32.dll/KEY_EVENT_RECORD.txt
UserTypes/kernel32.dll/KNONVOLATILE_CONTEXT_POINTERS.txt
UserTypes/kernel32.dll/LOAD_DLL_DEBUG_INFO.txt
UserTypes/kernel32.dll/MEMORYSTATUS.txt
UserTypes/kernel32.dll/MEMORYSTATUSEX.txt
UserTypes/kernel32.dll/MENU_EVENT_RECORD.txt
UserTypes/kernel32.dll/MOUSE_EVENT_RECORD.txt
UserTypes/kernel32.dll/OFSTRUCT.txt
UserTypes/kernel32.dll/OSVERSIONINFOA.txt
UserTypes/kernel32.dll/OSVERSIONINFOEXA.txt
UserTypes/kernel32.dll/OSVERSIONINFOEXW.txt
UserTypes/kernel32.dll/OSVERSIONINFOW.txt
UserTypes/kernel32.dll/OUTPUT_DEBUG_STRING_INFO.txt
UserTypes/kernel32.dll/PROCESS_INFORMATION.txt
UserTypes/kernel32.dll/RIP_INFO.txt
UserTypes/kernel32.dll/SINGLE_LIST_ENTRY.txt
UserTypes/kernel32.dll/SLIST_HEADER.txt
UserTypes/kernel32.dll/SMALL_RECT.txt
UserTypes/kernel32.dll/TIME_ZONE_INFORMATION.txt
UserTypes/kernel32.dll/UNLOAD_DLL_DEBUG_INFO.txt
UserTypes/kernel32.dll/WINDOW_BUFFER_SIZE_RECORD.txt
UserTypes/timeval.txt
UserTypes/wininet.dll/GROUPID.txt
UserTypes/wininet.dll/INTERNET_BUFFERSA.txt
UserTypes/wininet.dll/INTERNET_BUFFERSW.txt
UserTypesAndDefinesChecker.exe
.exe windows:5 windows x86 arch:x86

53dc47c6b9cbf6916728c34de98d6c73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\_validation\UserDataTypes\UserTypesAndDefinesChecker\Release\UserTypesAndDefinesChecker.pdb

Imports

kernel32

FindFirstFileW
IsBadReadPtr
WaitForSingleObject
IsBadCodePtr
CloseHandle
HeapFree
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetFileAttributesW
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
LoadLibraryW
DeleteCriticalSection
EnterCriticalSection
Sleep
OpenThread
GetCurrentThreadId
LeaveCriticalSection
MultiByteToWideChar
GetLastError
WideCharToMultiByte
SetEvent
HeapAlloc
IsBadWritePtr
CreateEventW
GetModuleFileNameW
CreateFileW
GetFileSizeEx
WriteFile
SetFilePointer
FindNextFileW
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
ReadFile
FindClose
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
GetModuleFileNameA
RtlUnwind
GetCommandLineA
GetStartupInfoA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
GetStdHandle

user32

ClientToScreen
WindowFromPoint
GetWindowTextW
SetWindowTextW
CreateDialogParamW
DialogBoxParamW
SetCursor
GetSystemMetrics
EnumThreadWindows
RealGetWindowClassW
PostMessageW
SetWindowLongW
EndDialog
DestroyWindow
MessageBoxW
RedrawWindow
GetWindowLongW
GetWindowThreadProcessId
SendMessageW
LoadImageW
GetDlgItem

comdlg32

GetOpenFileNameW

shell32

DragQueryFileW
DragQueryPoint
DragFinish

shlwapi

SHAutoComplete

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UserTypesAndDefinesChecker64.exe
.exe windows:5 windows x64 arch:x64

c4482458bad49d3ebbf8bc4f1be46b7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\_validation\UserDataTypes\UserTypesAndDefinesChecker\Release64\UserTypesAndDefinesChecker64.pdb

Imports

kernel32

FindFirstFileW
IsBadReadPtr
WaitForSingleObject
IsBadCodePtr
CloseHandle
HeapFree
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetFileAttributesW
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
LoadLibraryW
DeleteCriticalSection
EnterCriticalSection
Sleep
OpenThread
GetCurrentThreadId
LeaveCriticalSection
MultiByteToWideChar
GetLastError
WideCharToMultiByte
SetEvent
HeapAlloc
IsBadWritePtr
CreateEventW
GetModuleFileNameW
CreateFileW
GetFileSizeEx
WriteFile
FindNextFileW
ReadFile
WriteConsoleW
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
IsValidCodePage
GetOEMCP
FlushFileBuffers
GetACP
GetCPInfo
FlsAlloc
SetFilePointer
FindClose
SetLastError
FlsFree
FlsSetValue
FlsGetValue
HeapCreate
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
GetCommandLineA
GetStartupInfoW
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
GetVersion

user32

ClientToScreen
WindowFromPoint
GetWindowTextW
CreateDialogParamW
DialogBoxParamW
SetCursor
GetSystemMetrics
EnumThreadWindows
RealGetWindowClassW
PostMessageW
SetWindowLongPtrW
EndDialog
DestroyWindow
MessageBoxW
RedrawWindow
GetWindowLongPtrW
GetWindowThreadProcessId
SendMessageW
LoadImageW
GetDlgItem
SetWindowTextW

comdlg32

GetOpenFileNameW

shell32

DragQueryFileW
DragQueryPoint
DragFinish

shlwapi

SHAutoComplete

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinAPIOverride.chm
.chm
WinAPIOverride32.exe
.exe windows:5 windows x86 arch:x86

70fe4c22b70fc869eacfa684c831aeca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\WinAPIOverrideWin32.pdb

Imports

kernel32

GetTickCount
ExpandEnvironmentStringsW
WideCharToMultiByte
IsBadWritePtr
GetVersionExW
MulDiv
GetFileAttributesExW
CreateMutexW
Process32FirstW
Process32NextW
ReleaseMutex
GetCommandLineW
MoveFileW
FindNextFileW
DeleteFileW
GetNativeSystemInfo
GetSystemTimeAsFileTime
FormatMessageW
TerminateProcess
lstrlenW
FileTimeToLocalFileTime
SetFileAttributesW
GetSystemInfo
GetModuleFileNameW
GetLocalTime
GetEnvironmentVariableW
CreateProcessW
SetEnvironmentVariableW
GetCurrentThread
CreateRemoteThread
GetSystemDirectoryW
InitializeCriticalSectionAndSpinCount
GetSystemWow64DirectoryW
SetThreadPriority
VirtualProtectEx
GetExitCodeThread
GetThreadPriority
OpenEventW
SuspendThread
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetMailslotInfo
CreateMailslotW
GetVersion
ReadProcessMemory
GetCurrentProcessId
ResumeThread
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
GetLogicalDriveStringsW
QueryDosDeviceW
DeviceIoControl
GetTempFileNameW
CreateDirectoryW
GetTempPathW
FileTimeToSystemTime
InterlockedIncrement
DosDateTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetFileType
FileTimeToDosDateTime
GetFileInformationByHandle
FindResourceExW
Module32NextW
Module32FirstW
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetLocaleInfoW
CreateFileA
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
ExitProcess
GetStdHandle
SetHandleCount
RaiseException
HeapReAlloc
VirtualAlloc
VirtualFree
GetStartupInfoA
GetCommandLineA
RtlUnwind
SetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DuplicateHandle
CreateToolhelp32Snapshot
SetLastError
Thread32Next
Thread32First
GetCurrentProcess
GetLastError
FlushFileBuffers
DisconnectNamedPipe
GetOverlappedResult
TerminateThread
CreateNamedPipeW
ConnectNamedPipe
OpenProcess
CopyFileW
GetFileSize
HeapCreate
HeapDestroy
LocalFree
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
WaitForMultipleObjects
GetModuleHandleA
CreateEventW
ResetEvent
SetEvent
CreateThread
GetCurrentThreadId
DeleteCriticalSection
OpenThread
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
InitializeCriticalSection
Sleep
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
LoadLibraryExW
FreeLibrary
FreeResource
EnumResourceNamesW
GetWindowsDirectoryW
FindClose
FindFirstFileW
HeapAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileAttributesW
GetProcessHeap
HeapFree
GetFullPathNameW
GetFileSizeEx
SetFilePointerEx
IsBadCodePtr
WaitForSingleObject
GetProcAddress
MultiByteToWideChar
GetVolumeNameForVolumeMountPointW
GetComputerNameExW
GetSystemWindowsDirectoryW
ReadFile
CloseHandle
LockResource
CreateFileW
SizeofResource
WriteFile
IsBadReadPtr
GetModuleHandleW
LoadResource
FindResourceW
InterlockedDecrement
SetFilePointer

user32

AppendMenuW
EnableMenuItem
GetMenuState
CreatePopupMenu
SetMenuInfo
GetMenuItemCount
RemoveMenu
GetMenuInfo
InsertMenuW
DestroyMenu
SetMenuItemInfoW
CheckMenuItem
SetTimer
KillTimer
IsDialogMessageW
FindWindowExW
SetLayeredWindowAttributes
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
SendMessageTimeoutW
SendMessageA
InsertMenuItemW
GetMenuItemInfoW
GetMenuStringW
TrackPopupMenuEx
GetPropW
MapWindowPoints
EqualRect
IntersectRect
IsRectEmpty
GetIconInfo
ReleaseCapture
IsWindow
LoadBitmapW
GetClassNameW
OffsetRect
SetCapture
GetWindowDC
GetSysColorBrush
MessageBoxW
UpdateWindow
SendMessageW
GetSysColor
GetWindowLongW
InvalidateRect
LoadCursorW
GetFocus
FillRect
SetCursor
GetWindowTextW
PostMessageW
TrackMouseEvent
SetClassLongW
DrawIconEx
GetMenuItemRect
SystemParametersInfoW
GetCursor
GetDlgItemTextA
DestroyIcon
GetKeyState
CallNextHookEx
PtInRect
BringWindowToTop
SetWindowsHookExW
UnhookWindowsHookEx
SendDlgItemMessageW
SetForegroundWindow
IsWindowVisible
CreateIconIndirect
UnionRect
SetRectEmpty
SetPropW
GetWindowTextLengthW
EnumThreadWindows
GetWindow
GetWindowThreadProcessId
EnableWindow
GetSystemMetrics
GetComboBoxInfo
CreateDialogParamW
ShowWindow
GetCursorPos
SetWindowPos
RedrawWindow
EndDialog
RemovePropW
SetFocus
CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
ClientToScreen
WindowFromPoint
GetParent
GetDC
ReleaseDC
GetMessageW
PostQuitMessage
IsIconic
GetClassInfoExW
TranslateMessage
RegisterClassExW
LoadIconW
CreateWindowExW
DefWindowProcW
MoveWindow
DispatchMessageW
SetWindowTextW
DestroyWindow
RealGetWindowClassW
ScreenToClient
GetWindowRect
LoadImageW
DialogBoxParamW
GetClientRect
SetCursorPos
GetDlgItem
SetWindowLongW
RegisterClipboardFormatW

gdi32

CreateFontIndirectW
GetObjectW
GetDeviceCaps
CreateSolidBrush
ExtTextOutW
DeleteObject
SelectObject
GetTextExtentPoint32W
CreatePen
Rectangle
CreateCompatibleDC
CreateBitmap
CreateDIBSection
DeleteDC
BitBlt
PatBlt
GetStockObject
SetBkMode
SetBkColor
CreateFontW
SetTextColor

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

SetNamedSecurityInfoW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
DeleteService
CreateServiceW
RegSetValueExW
RegDeleteValueW
RegOpenKeyW
RegQueryValueW
RegEnumKeyExW
RegQueryInfoKeyW
EnumServicesStatusExW
OpenSCManagerW
CloseServiceHandle
CreateProcessWithLogonW
SetEntriesInAclW
GetNamedSecurityInfoW
FreeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetEffectiveRightsFromAclW
LookupAccountNameW
GetSecurityInfo
BuildTrusteeWithSidW
AllocateAndInitializeSid
IsValidSid

shell32

SHGetFolderPathW
ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
ord2
ord155
ord645
ord4
SHGetPathFromIDListW
DragAcceptFiles
ord644
SHGetDesktopFolder
CommandLineToArgvW
DragFinish
DragQueryPoint
DragQueryFileW
ShellExecuteW

ole32

ProgIDFromCLSID
CoTaskMemFree
StringFromIID
OleRegGetUserType
CLSIDFromString
StringFromCLSID
CLSIDFromProgID
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

secur32

GetUserNameExW

comctl32

ord17
ImageList_Destroy
InitCommonControlsEx
ImageList_GetIcon
ord412
ord410
ord413
ImageList_Remove
ImageList_Create
ImageList_ReplaceIcon
ImageList_Draw

shlwapi

SHAutoComplete

netapi32

NetUserEnum
NetApiBufferFree

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

HttpSendRequestW
InternetCrackUrlW
InternetOpenW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
InternetReadFile
InternetConnectW

psapi

GetProcessImageFileNameW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinAPIOverride64.exe
.exe windows:5 windows x64 arch:x64

6d3b2cc3406179bfcef43003c225dfd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

V:\_programmation\APIOverride\WinAPIOverride32\output\releaseunicode\WinAPIOverridex64.pdb

Imports

kernel32

GetTickCount
ExpandEnvironmentStringsW
WideCharToMultiByte
IsBadWritePtr
GetVersionExW
MulDiv
GetFileAttributesExW
CreateMutexW
Process32FirstW
Process32NextW
ReleaseMutex
GetCommandLineW
MoveFileW
FindNextFileW
DeleteFileW
GetSystemTimeAsFileTime
FormatMessageW
TerminateProcess
lstrlenW
LocalAlloc
FileTimeToLocalFileTime
SetFileAttributesW
GetSystemInfo
GetModuleFileNameW
GetLocalTime
GetEnvironmentVariableW
CreateProcessW
SetEnvironmentVariableW
GetCurrentThread
CreateRemoteThread
GetSystemDirectoryW
InitializeCriticalSectionAndSpinCount
GetSystemWow64DirectoryW
GetExitCodeProcess
SetThreadPriority
VirtualProtectEx
GetExitCodeThread
GetThreadPriority
OpenEventW
SuspendThread
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetMailslotInfo
CreateMailslotW
GetVersion
GetNativeSystemInfo
ReadProcessMemory
GetCurrentProcessId
ResumeThread
VirtualFreeEx
VirtualAllocEx
WriteProcessMemory
GetLogicalDriveStringsW
QueryDosDeviceW
DeviceIoControl
GetTempFileNameW
GetTempPathW
FileTimeToSystemTime
DosDateTimeToFileTime
SystemTimeToFileTime
SetFileTime
GetFileType
FileTimeToDosDateTime
GetFileInformationByHandle
FindResourceExW
Module32NextW
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
WriteConsoleW
CreateFileA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
HeapSize
ExitProcess
GetStdHandle
SetHandleCount
RtlPcToFileHeader
RaiseException
HeapSetInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetCommandLineA
RtlUnwindEx
SetStdHandle
DecodePointer
EncodePointer
Module32FirstW
DuplicateHandle
CreateToolhelp32Snapshot
SetLastError
Thread32Next
Thread32First
GetCurrentProcess
GetLastError
FlushFileBuffers
DisconnectNamedPipe
GetOverlappedResult
TerminateThread
CreateNamedPipeW
ConnectNamedPipe
OpenProcess
CopyFileW
GetFileSize
HeapCreate
HeapDestroy
LocalFree
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
WaitForMultipleObjects
CreateEventW
ResetEvent
SetEvent
SetFilePointer
CreateThread
GetCurrentThreadId
DeleteCriticalSection
OpenThread
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
InitializeCriticalSection
Sleep
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
LoadLibraryExW
FreeLibrary
FreeResource
EnumResourceNamesW
GetWindowsDirectoryW
FindClose
FindFirstFileW
HeapAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileAttributesW
GetProcessHeap
HeapFree
GetFullPathNameW
GetFileSizeEx
SetFilePointerEx
IsBadCodePtr
WaitForSingleObject
GetProcAddress
MultiByteToWideChar
GetVolumeNameForVolumeMountPointW
GetComputerNameExW
GetSystemWindowsDirectoryW
ReadFile
CloseHandle
LockResource
CreateFileW
SizeofResource
WriteFile
IsBadReadPtr
GetModuleHandleW
LoadResource
FindResourceW
CreateDirectoryW

user32

AppendMenuW
EnableMenuItem
GetMenuState
CreatePopupMenu
SetMenuInfo
GetMenuItemCount
RemoveMenu
GetMenuInfo
InsertMenuW
DestroyMenu
SetMenuItemInfoW
CheckMenuItem
SetTimer
KillTimer
RegisterClipboardFormatW
IsDialogMessageW
FindWindowExW
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
SendMessageTimeoutW
SendMessageA
SystemParametersInfoW
GetCursor
GetDlgItemTextA
DestroyIcon
GetKeyState
CallNextHookEx
TrackPopupMenuEx
InsertMenuItemW
GetMenuItemInfoW
TrackMouseEvent
GetMenuStringW
DrawIconEx
GetIconInfo
MapWindowPoints
EqualRect
IntersectRect
IsRectEmpty
IsWindowVisible
ReleaseCapture
IsWindow
LoadBitmapW
GetClassNameW
OffsetRect
SetCapture
GetWindowDC
MessageBoxW
UpdateWindow
SendMessageW
GetSysColor
InvalidateRect
GetWindowLongPtrW
LoadCursorW
GetFocus
FillRect
SetCursor
GetWindowTextW
PostMessageW
SetClassLongPtrW
PtInRect
GetMenuItemRect
BringWindowToTop
SetWindowsHookExW
UnhookWindowsHookEx
SendDlgItemMessageW
SetForegroundWindow
SetFocus
CheckDlgButton
IsDlgButtonChecked
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
GetPropW
CreateIconIndirect
UnionRect
SetRectEmpty
SetPropW
GetWindowTextLengthW
EnumThreadWindows
GetWindow
GetWindowThreadProcessId
EnableWindow
SetWindowLongPtrW
GetSystemMetrics
GetComboBoxInfo
CreateDialogParamW
ShowWindow
GetCursorPos
SetWindowPos
RedrawWindow
RemovePropW
GetSysColorBrush
ClientToScreen
WindowFromPoint
GetParent
GetDC
ReleaseDC
GetMessageW
PostQuitMessage
IsIconic
GetClassInfoExW
TranslateMessage
RegisterClassExW
LoadIconW
CreateWindowExW
DefWindowProcW
MoveWindow
DispatchMessageW
SetWindowTextW
DestroyWindow
RealGetWindowClassW
ScreenToClient
GetWindowRect
LoadImageW
DialogBoxParamW
GetClientRect
SetCursorPos
GetWindowLongW
GetDlgItem
EndDialog
SetLayeredWindowAttributes

gdi32

CreateFontIndirectW
GetStockObject
GetObjectW
CreateFontW
SetTextColor
SetBkColor
SetBkMode
DeleteObject
SelectObject
GetTextExtentPoint32W
CreatePen
Rectangle
CreateCompatibleDC
CreateBitmap
CreateDIBSection
DeleteDC
BitBlt
PatBlt
ExtTextOutW
GetDeviceCaps
CreateSolidBrush

comdlg32

ChooseColorW
GetSaveFileNameW
GetOpenFileNameW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
DeleteService
CreateServiceW
RegSetValueExW
RegDeleteValueW
RegOpenKeyW
RegQueryValueW
RegEnumKeyExW
RegQueryInfoKeyW
EnumServicesStatusExW
OpenSCManagerW
CloseServiceHandle
CreateProcessWithLogonW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
FreeSid
IsValidSid
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetEffectiveRightsFromAclW
LookupAccountNameW
GetSecurityInfo
BuildTrusteeWithSidW

shell32

ord644
SHGetFolderPathW
ExtractIconExW
ShellExecuteExW
SHGetFileInfoW
ord2
ord155
ord645
ord4
SHGetPathFromIDListW
DragAcceptFiles
DragQueryPoint
SHGetDesktopFolder
CommandLineToArgvW
DragFinish
DragQueryFileW
ShellExecuteW

ole32

ProgIDFromCLSID
CoTaskMemFree
StringFromIID
OleRegGetUserType
CLSIDFromString
StringFromCLSID
CLSIDFromProgID
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

secur32

GetUserNameExW

comctl32

ord17
ImageList_Destroy
InitCommonControlsEx
ImageList_GetIcon
ord412
ord410
ord413
ImageList_Remove
ImageList_Create
ImageList_ReplaceIcon
ImageList_Draw

shlwapi

SHAutoComplete

netapi32

NetUserEnum
NetApiBufferFree

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

HttpSendRequestW
InternetCrackUrlW
InternetOpenW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
InternetReadFile
InternetConnectW

psapi

GetProcessImageFileNameW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSxS/Win7x64/dbghelp.dll
.dll windows:6 windows x64 arch:x64

3d64c0b7659a72157d6f0180ea1141c1

Code Sign

61:05:f7:1e:00:00:00:00:00:32
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2009, 23:00

Not After

13/10/2010, 23:10

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:b5:29:00:00:00:00:00:10
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/01/2010, 21:12

Not After

04/01/2013, 21:22

Subject

CN=Microsoft Time-Stamp Service,OU=nCipher+OU=nCipher DSE ESN:ACD3-AE66-E0B5,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:b5:29:00:00:00:00:00:10
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/01/2010, 21:12

Not After

04/01/2013, 21:22

Subject

CN=Microsoft Time-Stamp Service,OU=nCipher+OU=nCipher DSE ESN:ACD3-AE66-E0B5,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

e8:5b:d3:92:b4:88:bf:c8:c3:bd:86:0c:de:15:56:93:dd:70:8d:9c
Signer

Actual PE Digest

e8:5b:d3:92:b4:88:bf:c8:c3:bd:86:0c:de:15:56:93:dd:70:8d:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
??1type_info@@UEAA@XZ
ferror
wctomb
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
_onexit
_lock
__dllonexit
_unlock
_CxxThrowException
memset
memcpy
_ismbblead
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
memmove
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
_wctime
time
??_V@YAXPEAX@Z
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
free
_strlwr
wcsrchr
strstr
_wcsicmp
qsort
iswxdigit
wcsncmp
_vsnwprintf
iswprint
fprintf
fflush
atol
fclose
__unDName
iswdigit
memcmp
bsearch
_wfsopen
fread
fseek
wcstol
strchr
??_U@YAPEAX_K@Z
_time64
_wfullpath
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
_wgetenv
wcsstr
wcschr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wsopen

kernel32

MoveFileW
SetFilePointer
DeleteFileW
CreateDirectoryW
FlushViewOfFile
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
__chkstk
CreateFileMappingW
LCMapStringW
LocalFree
GetVersion
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
VirtualQueryEx
GetThreadTimes
GetThreadPriority
GetPriorityClass
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
IsProcessorFeaturePresent
GetSystemInfo
GetSystemTimeAsFileTime
lstrcmpiW
Sleep
DelayLoadFailureHook
LoadLibraryExA
ReadProcessMemory
GetProcessHeap
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesA
SetErrorMode
GetVersionExW
OutputDebugStringW
OutputDebugStringA
WriteFile
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
VirtualProtect
VirtualAlloc
CreateDirectoryA
GetFileAttributesW
GetFullPathNameW
WideCharToMultiByte
MultiByteToWideChar
SetLastError
FindFirstFileW
FindClose
FindNextFileW
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetLastError
TlsGetValue
TlsSetValue
LoadLibraryA
GetProcAddress
FreeLibrary
TlsAlloc
TlsFree
GetVersionExA
InitializeCriticalSection
HeapCreate
HeapDestroy
DeleteCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
CopyFileW
ExpandEnvironmentStringsW

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSxS/Win7x64/msdia100.dll
.dll regsvr32 windows:5 windows x64 arch:x64

1b7ac8744fe782a1d0182354d04b2612

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d3:09:5b:36:cc:02:e2:fb:1a:b0:6d:d7:c6:2c:09:c7:7c:bd:83:cf
Signer

Actual PE Digest

d3:09:5b:36:cc:02:e2:fb:1a:b0:6d:d7:c6:2c:09:c7:7c:bd:83:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msdia100.pdb

Imports

kernel32

SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
LocalAlloc
LocalFree
GetModuleFileNameW
GetLastError
GetSystemInfo
GetVersion
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetProcAddress
FreeLibrary
LoadLibraryA
RaiseException
GetCurrentThreadId
FlsSetValue
GetCommandLineA
DecodePointer
EncodePointer
HeapFree
HeapAlloc
RtlUnwindEx
FlsGetValue
FlsFree
FlsAlloc
Sleep
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapSize
SetFilePointer
ReadFile
HeapReAlloc
LoadLibraryW
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetFileAttributesW
GetFileAttributesW
CopyFileW
VirtualAlloc
VirtualFree
DeleteFileW
DeviceIoControl
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetDriveTypeW
MapViewOfFileEx
FlushViewOfFile
GetFullPathNameW
CompareStringW
SetEnvironmentVariableW
RtlPcToFileHeader

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 685KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSxS/Win7x64/symsrv.dll
.dll windows:6 windows x64 arch:x64

5d54f5d721e301667338323ac07578e3

Code Sign

61:05:f7:1e:00:00:00:00:00:32
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2009, 23:00

Not After

13/10/2010, 23:10

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

42:7a:2b:33:4d:c7:52:a5:93:71:4e:8a:01:94:82:dd:13:04:5b:13
Signer

Actual PE Digest

42:7a:2b:33:4d:c7:52:a5:93:71:4e:8a:01:94:82:dd:13:04:5b:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

symsrv.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
wctomb
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
memset
memcpy
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
_errno
_wtoi64
_wcslwr
strrchr
wcsstr
??2@YAPEAX_K@Z
fclose
??3@YAXPEAX@Z
wcsrchr
fgetws
_wfopen
_stricmp
getenv
iswspace
tolower
isspace
towlower
_wcsnicmp
_wcsicmp
wcschr
memcmp

kernel32

SetLastError
FreeLibrary
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
Sleep
GlobalFree
ReleaseMutex
OpenMutexW
LoadLibraryW
GetSystemDirectoryW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetModuleFileNameW
LocalFileTimeToFileTime
ExpandEnvironmentStringsW
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFileTime
SetFilePointer
CreateFileA
DosDateTimeToFileTime
FileTimeToDosDateTime
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetSystemTime
DeleteFileW
GetFileTime
CreateWaitableTimerW
MoveFileW
ReadFile
WaitForSingleObject
SetWaitableTimer
CopyFileExW
GetFileSize
LoadLibraryA
LocalFree
DebugBreak
CloseHandle
RemoveDirectoryW
LocalAlloc
GetProcAddress
MultiByteToWideChar
CreateFileW
LocalReAlloc
GetVersionExW
FormatMessageW
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GetModuleHandleW
OutputDebugStringW
CreateDirectoryW
GetCurrentProcess
CopyFileW
LeaveCriticalSection
GetFileAttributesW
GetLastError
GetEnvironmentVariableW
EnterCriticalSection
RaiseException

advapi32

RegQueryValueExW
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegEnumValueW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
EqualSid

Exports

Exports

EulaDlgProc
RunDllEntry
SymbolServer
SymbolServerByIndex
SymbolServerByIndexW
SymbolServerClose
SymbolServerDeltaName
SymbolServerDeltaNameW
SymbolServerGetIndexString
SymbolServerGetIndexStringW
SymbolServerGetOptions
SymbolServerGetSupplement
SymbolServerGetSupplementW
SymbolServerGetVersion
SymbolServerIsStore
SymbolServerIsStoreW
SymbolServerPing
SymbolServerPingW
SymbolServerSetOptions
SymbolServerSetOptionsW
SymbolServerStoreFile
SymbolServerStoreFileW
SymbolServerStoreSupplement
SymbolServerStoreSupplementW
SymbolServerW
httpCloseHandle
httpOpenFileHandle
httpOpenFileHandleW
httpQueryDataAvailable
httpReadFile

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSxS/Win7x64/symsrv.yes
WinSxS/Win7x86/dbghelp.dll
.dll windows:6 windows x86 arch:x86

fa6b094f828920cf8999743ff0004319

Code Sign

61:05:f7:1e:00:00:00:00:00:32
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2009, 23:00

Not After

13/10/2010, 23:10

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

Actual PE Digest

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
fflush
fprintf
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapFree
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
HeapCreate
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSxS/Win7x86/msdia100.dll
.dll regsvr32 windows:5 windows x86 arch:x86

f8115427f66dee9021c2d21b9ab61b46

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a2:79:b5:c3:83:0c:c5:bb:6d:7c:bc:3c:3c:d7:74:a7:9d:24:8d:80
Signer

Actual PE Digest

a2:79:b5:c3:83:0c:c5:bb:6d:7c:bc:3c:3c:d7:74:a7:9d:24:8d:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msdia100.pdb

Imports

kernel32

SetLastError
InterlockedDecrement
InterlockedIncrement
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
LocalAlloc
LocalFree
GetModuleFileNameW
GetLastError
GetSystemInfo
GetVersion
EnterCriticalSection
LeaveCriticalSection
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
CloseHandle
UnmapViewOfFile
GetProcAddress
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
HeapFree
HeapAlloc
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
HeapSize
IsProcessorFeaturePresent
SetFilePointer
ReadFile
RtlUnwind
HeapReAlloc
LoadLibraryW
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetFileAttributesW
GetFileAttributesW
CopyFileW
VirtualAlloc
VirtualFree
DeleteFileW
DeviceIoControl
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetDriveTypeW
MapViewOfFileEx
FlushViewOfFile
GetFullPathNameW
CompareStringW
SetEnvironmentVariableW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 669KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSxS/Win7x86/symsrv.dll
.dll windows:6 windows x86 arch:x86

94d035a14122a420b1c395c66a73d849

Code Sign

61:05:f7:1e:00:00:00:00:00:32
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2009, 23:00

Not After

13/10/2010, 23:10

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:04:b3:f5:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:13

Not After

25/07/2011, 19:23

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

cb:b7:8d:df:a9:50:73:86:f3:b2:2d:69:ec:34:36:04:3a:3a:c5:3e
Signer

Actual PE Digest

cb:b7:8d:df:a9:50:73:86:f3:b2:2d:69:ec:34:36:04:3a:3a:c5:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

symsrv.pdb

Imports

msvcrt

__badioinfo
__pioinfo
ferror
_fileno
_lseeki64
_write
_isatty
wctomb
_itoa
_snprintf
isleadbyte
mbtowc
_amsg_exit
_initterm
free
malloc
_XcptFilter
_iob
__mb_cur_max
_errno
_wtoi64
_wcslwr
memcpy
strrchr
wcsstr
_wfopen
fgetws
wcsrchr
fclose
_stricmp
tolower
getenv
isspace
iswspace
towlower
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
_wcsnicmp
wcschr
memset

kernel32

GetModuleHandleA
FreeLibrary
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
GlobalFree
ReleaseMutex
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
DeleteFileA
SetFilePointer
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
DeleteCriticalSection
InitializeCriticalSection
GetFileSize
GetFileTime
ReadFile
CreateThread
GetSystemTime
SetWaitableTimer
WaitForSingleObject
LoadLibraryA
DebugBreak
GetSystemTimeAsFileTime
GetCurrentProcess
WriteFile
CloseHandle
LocalFree
LocalReAlloc
LocalAlloc
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
RaiseException

advapi32

RegCloseKey
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid

Exports

Exports

EulaDlgProc
RunDllEntry
SymbolServer
SymbolServerByIndex
SymbolServerByIndexW
SymbolServerClose
SymbolServerDeltaName
SymbolServerDeltaNameW
SymbolServerGetIndexString
SymbolServerGetIndexStringW
SymbolServerGetOptions
SymbolServerGetSupplement
SymbolServerGetSupplementW
SymbolServerGetVersion
SymbolServerIsStore
SymbolServerIsStoreW
SymbolServerPing
SymbolServerPingW
SymbolServerSetOptions
SymbolServerSetOptionsW
SymbolServerStoreFile
SymbolServerStoreFileW
SymbolServerStoreSupplement
SymbolServerStoreSupplementW
SymbolServerW
httpCloseHandle
httpOpenFileHandle
httpOpenFileHandleW
httpQueryDataAvailable
httpReadFile

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSxS/Win7x86/symsrv.yes
WinSxS/WinXPx86/dbghelp.dll
.dll windows:6 windows x86 arch:x86

fe461dae40106df756b0a449890d1ecc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

kernel32

FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetEnvironmentVariableA
DeleteFileA
CreateDirectoryA
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
GetFullPathNameA
GetFileAttributesA
SetFilePointer
FindClose
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
VirtualFree
ReadProcessMemory
WriteFile
DeleteFileW
CreateFileW
SetErrorMode
DebugBreak
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
lstrlenA
GetModuleHandleA
GetProcAddress
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
TlsFree
TlsAlloc
GetVersionExA
InitializeCriticalSection
FlushViewOfFile
MapViewOfFileEx
SetEndOfFile
GetDriveTypeA
GetDriveTypeW
LCMapStringW
LCMapStringA
CreateFileMappingW
GetFileType
DeviceIoControl
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
CopyFileA
SetFileAttributesA
CopyFileW
GetFileAttributesW
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
FormatMessageA
GetThreadSelectorEntry
CreateThread
TerminateThread
LoadLibraryW
VirtualQueryEx
GetThreadContext
ResumeThread
SuspendThread
GetProcessHeap
GetVersionExW
GetSystemInfo
HeapCreate
DeleteCriticalSection
HeapDestroy
TlsGetValue
LocalFree
TlsSetValue
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
FindFirstFileA
FindNextFileA
SetLastError
OutputDebugStringA

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
_snprintf
isprint
sprintf
_vsnwprintf
memmove
calloc
wcscat
strncat
_itoa
_vsnprintf
_write
_strcmpi
strrchr
tolower
_close
_open
time
wcsncpy
_ltoa
_strnicmp
vsprintf
strncpy
_stricmp
_purecall
isspace
ctime
malloc
__CxxFrameHandler
fclose
_wcsicmp
wcscmp
wcsncmp
_wsplitpath
_wcsnicmp
__unDName
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
wcstol
_mbsnbcpy
fflush
_iob
_wmakepath
wcsrchr
wcscpy
_wcsdup
ftell
_wgetenv
_mbsicmp
printf
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_lseeki64
_chsize
_get_osfhandle
_open_osfhandle
_winminor
_winmajor
_mbscmp
_memicmp
wcsncat
??1type_info@@UAE@XZ
?terminate@@YAXXZ
towlower
_strlwr
free
_except_handler3
wcslen
qsort
strchr
strstr
strncmp
isxdigit
??2@YAPAXI@Z
??3@YAXPAX@Z
_splitpath
wprintf

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymAddSymbol
SymCleanup
SymDeleteSymbol
SymEnumLines
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromIndex
SymFromName
SymFromToken
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetScope
SymGetSearchPath
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileToken
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSetContext
SymSetHomeDirectory
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
fptr
lm
lmi
omap
srcfiles
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 689KB - Virtual size: 689KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSxS/WinXPx86/msdia80.dll
.dll regsvr32 windows:5 windows x86 arch:x86

ef36075b91a3d62d2dd774ba9cf1bc2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msdia80.pdb

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetSystemInfo
GetVersion
HeapAlloc
GetProcessHeap
HeapFree
LocalAlloc
LocalFree
DisableThreadLibraryCalls
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
LCMapStringW
LCMapStringA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileW
UnmapViewOfFile
SetLastError
GetLastError
GetProcAddress
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
WriteFile
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
VirtualAlloc
HeapReAlloc
HeapSize
ReadFile
SetFilePointer
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFileAttributesW
GetFileAttributesW
CopyFileW
SetFileAttributesA
GetFileAttributesA
CopyFileA
DeleteFileW
DeleteFileA
DeviceIoControl
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
GetDriveTypeA
MapViewOfFileEx
FlushViewOfFile
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
SetEnvironmentVariableW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 511KB - Virtual size: 511KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSxS/WinXPx86/symsrv.dll
.dll windows:6 windows x86 arch:x86

c8f4182105f4b55bd7cd162e39832f58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

symsrv.pdb

Imports

kernel32

OutputDebugStringA
SetLastError
GetEnvironmentVariableA
GetLastError
GetFileAttributesA
FormatMessageA
GetModuleHandleA
CreateDirectoryA
RemoveDirectoryA
GetProcAddress
LoadLibraryA
CloseHandle
ReleaseMutex
WaitForSingleObject
OpenMutexA
LocalFree
LocalAlloc
ReadFile
GetFileSize
CreateFileA
GetSystemTime
CopyFileA
CopyFileExA
DeleteFileA
WriteFile
HeapAlloc
GetProcessHeap
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFilePointer
GetSystemDirectoryA
GetModuleFileNameA
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
RtlUnwind
FreeLibrary
InterlockedExchange
RaiseException

Exports

Exports

AppendHexStringWithDWORD
AppendHexStringWithGUID
AppendHexStringWithOldGUID
EnsureTrailingBackslash
EulaDlgProc
RunDllEntry
SymbolServer
SymbolServerClose
SymbolServerGetOptions
SymbolServerPing
SymbolServerSetOptions
httpOpenFileHandle
httpQueryDataAvailable
httpReadFile

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinSxS/WinXPx86/symsrv.yes
__driver test-signing__/Create Debug Certificate.bat
.bat .vbs
__driver test-signing__/Disable Test Signing.bat
__driver test-signing__/Do All.bat
__driver test-signing__/Enable Test Signing.bat
__driver test-signing__/Sign binary.bat
.bat .vbs
__driver test-signing__/__ReadMeFirst__.txt
monitoring files/COM/{00000000-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000001-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000002-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000003-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0000000F-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000010-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000018-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000019-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000100-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000101-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000109-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0000010a-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0000010b-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0000010c-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0000010d-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000112-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000113-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000114-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000115-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000116-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000117-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000118-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000119-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0000011a-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0000011b-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0000011d-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000122-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00000126-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0000013D-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0000013E-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000001C1-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00020400-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00020401-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00020402-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214E2-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214E3-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214E4-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214E5-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214E6-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214E8-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214E9-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214EA-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214EC-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214EE-0000-0000-C000-000000000046}.txt
monitoring files/COM/{000214F9-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0002DF05-0000-0000-C000-000000000046}.txt
monitoring files/COM/{0002E013-0000-0000-C000-000000000046}.txt
monitoring files/COM/{00D18159-8466-11D0-AC63-00C04FD97575}.txt
monitoring files/COM/{012dd920-7b26-11d0-8ca9-00a0c92dbfe8}.txt
monitoring files/COM/{01E44665-24AC-101B-84ED-08002B2EC713}.txt
monitoring files/COM/{06675a80-3b9b-11d2-b92f-00609797ea5b}.txt
monitoring files/COM/{08C75162-3C9C-11D1-91FE-00C04FD701A5}.txt
monitoring files/COM/{0B2B8630-AD35-11D0-8EA6-00609797EA5B}.txt
monitoring files/COM/{0E689C9A-053D-44a0-9D92-DB0E3D750F86}.txt
monitoring files/COM/{148BD527-A2AB-11CE-B11F-00AA00530503}.txt
monitoring files/COM/{15e65ec0-3b9c-11d2-b92f-00609797ea5b}.txt
monitoring files/COM/{1B36BB7B-09B7-410a-B445-7D1430D7B33F}.txt
monitoring files/COM/{1DD9E8DA-1C77-4d40-B0CF-98FEFDFF9512}.txt
monitoring files/COM/{342D1EA0-AE25-11D1-89C5-006008C3FBFC}.txt
monitoring files/COM/{3EE5B968-2ACA-4c34-8BB5-7E0C3D19B750}.txt
monitoring files/COM/{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}.txt
monitoring files/COM/{4B8AAAFA-140F-42ba-9131-597EAFAA2EAD}.txt
monitoring files/COM/{4B9F0EE0-0D7E-11D0-9B06-00A0C903A3B8}.txt
monitoring files/COM/{55980BA0-35AA-11CF-B671-00AA004CD6D8}.txt
monitoring files/COM/{57805885-6eec-11cf-9441-a82303c10e27}.txt
monitoring files/COM/{593817A0-7DB3-11CF-A2DE-00AA00b93356}.txt
monitoring files/COM/{69C11C3E-B46B-11D1-AD7A-00C04FC29B4E}.txt
monitoring files/COM/{6BA90C00-3910-11D1-ACB3-00C04FD97575}.txt
monitoring files/COM/{6C14DB80-A733-11CE-A521-0020AF0BE560}.txt
monitoring files/COM/{6C14DB81-A733-11CE-A521-0020AF0BE560}.txt
monitoring files/COM/{6C14DB84-A733-11CE-A521-0020AF0BE560}.txt
monitoring files/COM/{6D0ECB23-9968-11D0-AC6E-00C04FD97575}.txt
monitoring files/COM/{6d5140c1-7436-11ce-8034-00aa006009fa}.txt
monitoring files/COM/{7385E5DF-8FE8-41D5-86B6-D7B48547B6CF}.txt
monitoring files/COM/{757a7d9f-919a-4118-99d7-dbb208c8cc66}.txt
monitoring files/COM/{79eac9e7-baf9-11ce-8c82-00aa004ba90b}.txt
monitoring files/COM/{79eac9ed-baf9-11ce-8c82-00aa004ba90b}.txt
monitoring files/COM/{79eac9ee-baf9-11ce-8c82-00aa004ba90b}.txt
monitoring files/COM/{79eac9ef-baf9-11ce-8c82-00aa004ba90b}.txt
monitoring files/COM/{7FD52380-4E07-101B-AE2D-08002B2EC713}.txt
monitoring files/COM/{85CB6900-4D95-11CF-960C-0080C7F4EE85}.txt
monitoring files/COM/{88E39E80-3578-11CF-AE69-08002B2E1262}.txt
monitoring files/COM/{8AEEEAC7-05F9-44d4-B591-000B0DF1CB95}.txt
monitoring files/COM/{928C088B-76B9-4C6B-A536-A590853876CD}.txt
monitoring files/COM/{93F2F68C-1D1B-11d3-A30E-00C04F79ABD1}.txt
monitoring files/COM/{98BBE491-2EED-11D1-ACAC-00C04FD97575}.txt
monitoring files/COM/{9C2CAD80-3424-11CF-B670-00AA004CD6D8}.txt
monitoring files/COM/{9c59509a-39bd-11d1-8c4a-00c04fd930c5}.txt
monitoring files/COM/{A7B93C80-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/COM/{A7B93C83-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/COM/{A7B93C85-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/COM/{A7B93C87-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/COM/{A7B93C89-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/COM/{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/COM/{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/COM/{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/COM/{A7B93C91-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/COM/{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/COM/{B0913412-3B44-11D1-ACBA-00C04FD97575}.txt
monitoring files/COM/{B196B283-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/COM/{B196B284-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/COM/{B196B285-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/COM/{B196B286-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/COM/{B196B287-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/COM/{B196B288-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/COM/{B196B28D-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/COM/{B196B28F-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/COM/{B3A6F3E0-2B43-11CF-A2DE-00AA00B93356}.txt
monitoring files/COM/{B4211CFA-51B9-4a9f-AB78-DB99B2BB678E}.txt
monitoring files/COM/{B722BCC5-4E68-101B-A2BC-00AA00404770}.txt
monitoring files/COM/{B722BCC6-4E68-101B-A2BC-00AA00404770}.txt
monitoring files/COM/{B722BCC7-4E68-101B-A2BC-00AA00404770}.txt
monitoring files/COM/{B722BCCB-4E68-101B-A2BC-00AA00404770}.txt
monitoring files/COM/{B96EEBCA-B326-4ea5-882F-2FF5BAE021DD}.txt
monitoring files/COM/{CF51ED10-62FE-11CF-BF86-00A0C9034836}.txt
monitoring files/COM/{D30C1661-CDAF-11d0-8A3E-00C04FC9E26E}.txt
monitoring files/COM/{D7A6D440-8872-11D1-9EC6-00C04FD7081F}.txt
monitoring files/COM/{DA044E00-69B2-11D0-A1D5-00AA00B8DFBB}.txt
monitoring files/COM/{E4CDD575-2866-4f01-B12E-7EECE1EC9358}.txt
monitoring files/COM/{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}.txt
monitoring files/COM/{EB0FE172-1A3A-11D0-89B3-00A0C90A90AC}.txt
monitoring files/COM/{EB0FE173-1A3A-11D0-89B3-00A0C90A90AC}.txt
monitoring files/COM/{EBBC7C04-315E-11d2-B62F-006097DF5BD4}.txt
monitoring files/COM/{F490EB00-1240-11D1-9888-006097DEACF9}.txt
monitoring files/COM/{FC4801A3-2BA9-11CF-A229-00AA003D7352}.txt
monitoring files/COM/{cb728b20-f786-11ce-92ad-00aa00a74cd0}.txt
monitoring files/CreateProcess.txt
monitoring files/InputTextDataRetrival.txt
monitoring files/LoadedLib.txt
monitoring files/Loadedfunc.txt
monitoring files/MessageBox.txt
monitoring files/ProcessesWatch.txt
monitoring files/Registry 7 x64.txt
monitoring files/Registry 7 x86.txt
monitoring files/Registry XP x86.txt
monitoring files/Services.txt
monitoring files/SetText.txt
monitoring files/User32 XP x86.txt
monitoring files/User32.txt
monitoring files/WinSCard.txt
monitoring files/WindowAndDialogBox.txt
monitoring files/advapi32.txt
monitoring files/comctl32.txt
monitoring files/comdlg32.txt
monitoring files/crypt32.txt
monitoring files/dbghelp.txt
monitoring files/default/COM/{00000000-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000001-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000002-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000003-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0000000F-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000010-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000018-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000019-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000100-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000101-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000109-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0000010a-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0000010b-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0000010c-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0000010d-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000112-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000113-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000114-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000115-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000116-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000117-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000118-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000119-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0000011a-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0000011b-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0000011d-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000122-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00000126-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0000013D-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0000013E-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000001C1-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00020400-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00020401-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00020402-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214E2-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214E3-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214E4-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214E5-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214E6-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214E8-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214E9-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214EA-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214EC-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214EE-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{000214F9-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0002DF05-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{0002E013-0000-0000-C000-000000000046}.txt
monitoring files/default/COM/{00D18159-8466-11D0-AC63-00C04FD97575}.txt
monitoring files/default/COM/{012dd920-7b26-11d0-8ca9-00a0c92dbfe8}.txt
monitoring files/default/COM/{01E44665-24AC-101B-84ED-08002B2EC713}.txt
monitoring files/default/COM/{06675a80-3b9b-11d2-b92f-00609797ea5b}.txt
monitoring files/default/COM/{08C75162-3C9C-11D1-91FE-00C04FD701A5}.txt
monitoring files/default/COM/{0B2B8630-AD35-11D0-8EA6-00609797EA5B}.txt
monitoring files/default/COM/{0E689C9A-053D-44a0-9D92-DB0E3D750F86}.txt
monitoring files/default/COM/{148BD527-A2AB-11CE-B11F-00AA00530503}.txt
monitoring files/default/COM/{15e65ec0-3b9c-11d2-b92f-00609797ea5b}.txt
monitoring files/default/COM/{1B36BB7B-09B7-410a-B445-7D1430D7B33F}.txt
monitoring files/default/COM/{1DD9E8DA-1C77-4d40-B0CF-98FEFDFF9512}.txt
monitoring files/default/COM/{342D1EA0-AE25-11D1-89C5-006008C3FBFC}.txt
monitoring files/default/COM/{3EE5B968-2ACA-4c34-8BB5-7E0C3D19B750}.txt
monitoring files/default/COM/{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}.txt
monitoring files/default/COM/{4B8AAAFA-140F-42ba-9131-597EAFAA2EAD}.txt
monitoring files/default/COM/{4B9F0EE0-0D7E-11D0-9B06-00A0C903A3B8}.txt
monitoring files/default/COM/{55980BA0-35AA-11CF-B671-00AA004CD6D8}.txt
monitoring files/default/COM/{57805885-6eec-11cf-9441-a82303c10e27}.txt
monitoring files/default/COM/{593817A0-7DB3-11CF-A2DE-00AA00b93356}.txt
monitoring files/default/COM/{69C11C3E-B46B-11D1-AD7A-00C04FC29B4E}.txt
monitoring files/default/COM/{6BA90C00-3910-11D1-ACB3-00C04FD97575}.txt
monitoring files/default/COM/{6C14DB80-A733-11CE-A521-0020AF0BE560}.txt
monitoring files/default/COM/{6C14DB81-A733-11CE-A521-0020AF0BE560}.txt
monitoring files/default/COM/{6C14DB84-A733-11CE-A521-0020AF0BE560}.txt
monitoring files/default/COM/{6D0ECB23-9968-11D0-AC6E-00C04FD97575}.txt
monitoring files/default/COM/{6d5140c1-7436-11ce-8034-00aa006009fa}.txt
monitoring files/default/COM/{7385E5DF-8FE8-41D5-86B6-D7B48547B6CF}.txt
monitoring files/default/COM/{757a7d9f-919a-4118-99d7-dbb208c8cc66}.txt
monitoring files/default/COM/{79eac9e7-baf9-11ce-8c82-00aa004ba90b}.txt
monitoring files/default/COM/{79eac9ed-baf9-11ce-8c82-00aa004ba90b}.txt
monitoring files/default/COM/{79eac9ee-baf9-11ce-8c82-00aa004ba90b}.txt
monitoring files/default/COM/{79eac9ef-baf9-11ce-8c82-00aa004ba90b}.txt
monitoring files/default/COM/{7FD52380-4E07-101B-AE2D-08002B2EC713}.txt
monitoring files/default/COM/{85CB6900-4D95-11CF-960C-0080C7F4EE85}.txt
monitoring files/default/COM/{88E39E80-3578-11CF-AE69-08002B2E1262}.txt
monitoring files/default/COM/{8AEEEAC7-05F9-44d4-B591-000B0DF1CB95}.txt
monitoring files/default/COM/{928C088B-76B9-4C6B-A536-A590853876CD}.txt
monitoring files/default/COM/{93F2F68C-1D1B-11d3-A30E-00C04F79ABD1}.txt
monitoring files/default/COM/{98BBE491-2EED-11D1-ACAC-00C04FD97575}.txt
monitoring files/default/COM/{9C2CAD80-3424-11CF-B670-00AA004CD6D8}.txt
monitoring files/default/COM/{9c59509a-39bd-11d1-8c4a-00c04fd930c5}.txt
monitoring files/default/COM/{A7B93C80-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/default/COM/{A7B93C83-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/default/COM/{A7B93C85-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/default/COM/{A7B93C87-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/default/COM/{A7B93C89-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/default/COM/{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/default/COM/{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/default/COM/{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/default/COM/{A7B93C91-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/default/COM/{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}.txt
monitoring files/default/COM/{B0913412-3B44-11D1-ACBA-00C04FD97575}.txt
monitoring files/default/COM/{B196B283-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/default/COM/{B196B284-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/default/COM/{B196B285-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/default/COM/{B196B286-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/default/COM/{B196B287-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/default/COM/{B196B288-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/default/COM/{B196B28D-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/default/COM/{B196B28F-BAB4-101A-B69C-00AA00341D07}.txt
monitoring files/default/COM/{B3A6F3E0-2B43-11CF-A2DE-00AA00B93356}.txt
monitoring files/default/COM/{B4211CFA-51B9-4a9f-AB78-DB99B2BB678E}.txt
monitoring files/default/COM/{B722BCC5-4E68-101B-A2BC-00AA00404770}.txt
monitoring files/default/COM/{B722BCC6-4E68-101B-A2BC-00AA00404770}.txt
monitoring files/default/COM/{B722BCC7-4E68-101B-A2BC-00AA00404770}.txt
monitoring files/default/COM/{B722BCCB-4E68-101B-A2BC-00AA00404770}.txt
monitoring files/default/COM/{B96EEBCA-B326-4ea5-882F-2FF5BAE021DD}.txt
monitoring files/default/COM/{CF51ED10-62FE-11CF-BF86-00A0C9034836}.txt
monitoring files/default/COM/{D30C1661-CDAF-11d0-8A3E-00C04FC9E26E}.txt
monitoring files/default/COM/{D7A6D440-8872-11D1-9EC6-00C04FD7081F}.txt
monitoring files/default/COM/{DA044E00-69B2-11D0-A1D5-00AA00B8DFBB}.txt
monitoring files/default/COM/{E4CDD575-2866-4f01-B12E-7EECE1EC9358}.txt
monitoring files/default/COM/{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}.txt
monitoring files/default/COM/{EB0FE172-1A3A-11D0-89B3-00A0C90A90AC}.txt
monitoring files/default/COM/{EB0FE173-1A3A-11D0-89B3-00A0C90A90AC}.txt
monitoring files/default/COM/{EBBC7C04-315E-11d2-B62F-006097DF5BD4}.txt
monitoring files/default/COM/{F490EB00-1240-11D1-9888-006097DEACF9}.txt
monitoring files/default/COM/{FC4801A3-2BA9-11CF-A229-00AA003D7352}.txt
monitoring files/default/COM/{cb728b20-f786-11ce-92ad-00aa00a74cd0}.txt
monitoring files/default/CreateProcess.txt
monitoring files/default/InputTextDataRetrival.txt
monitoring files/default/LoadedLib.txt
monitoring files/default/Loadedfunc.txt
monitoring files/default/MessageBox.txt
monitoring files/default/ProcessesWatch.txt
monitoring files/default/Registry 7 x64.txt
monitoring files/default/Registry 7 x86.txt
monitoring files/default/Registry XP x86.txt
monitoring files/default/Services.txt
monitoring files/default/SetText.txt
monitoring files/default/User32 XP x86.txt
monitoring files/default/User32.txt
monitoring files/default/WinSCard.txt
monitoring files/default/WindowAndDialogBox.txt
monitoring files/default/advapi32.txt
monitoring files/default/comctl32.txt
monitoring files/default/comdlg32.txt
monitoring files/default/crypt32.txt
monitoring files/default/dbghelp.txt
monitoring files/default/gdi32.txt
monitoring files/default/ini.txt
monitoring files/default/kernel32 7 x64.txt
monitoring files/default/kernel32 7 x86.txt
monitoring files/default/kernel32 XP x86.txt
monitoring files/default/kernel32.txt
monitoring files/default/msvcrt.txt
monitoring files/default/ntdll 7 x64.txt
monitoring files/default/ntdll 7 x86.txt
monitoring files/default/ntdll XP x86.txt
monitoring files/default/ntdll.txt
monitoring files/default/ole32.txt
monitoring files/default/psapi.txt
monitoring files/default/rasapi32.txt
monitoring files/default/secur32.txt
monitoring files/default/serial ports.txt
monitoring files/default/shell32 7 x64.txt
monitoring files/default/shell32 7 x86.txt
monitoring files/default/shell32 XP x86.txt
monitoring files/default/shell32.txt
monitoring files/default/user32 7 x64.txt
monitoring files/default/user32 7 x86.txt
monitoring files/default/wininet.txt
monitoring files/default/ws2_32.txt
monitoring files/gdi32.txt
monitoring files/ini.txt
monitoring files/kernel32 7 x64.txt
monitoring files/kernel32 7 x86.txt
monitoring files/kernel32 XP x86.txt
monitoring files/kernel32.txt
monitoring files/msvcrt.txt
monitoring files/ntdll 7 x64.txt
monitoring files/ntdll 7 x86.txt
monitoring files/ntdll XP x86.txt
monitoring files/ntdll.txt
monitoring files/ole32.txt
monitoring files/psapi.txt
monitoring files/rasapi32.txt
monitoring files/secur32.txt
monitoring files/serial ports.txt
monitoring files/shell32 7 x64.txt
monitoring files/shell32 7 x86.txt
monitoring files/shell32 XP x86.txt
monitoring files/shell32.txt
monitoring files/user32 7 x64.txt
monitoring files/user32 7 x86.txt
monitoring files/wininet.txt
monitoring files/ws2_32.txt
proxy.txt
x86CrossCompatibility.exe
.exe windows:5 windows x64 arch:x64

8a9c66ea6b20799724edc385b1e6e5e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
GetProcAddress
GetCurrentProcess
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
SetEvent
Sleep
IsBadCodePtr
GetMailslotInfo
ReadFile
CreateMailslotW
ResetEvent
CreateEventW
WaitForMultipleObjects
CreateThread
WriteFile
CreateFileW
VirtualQueryEx
OpenProcess
FormatMessageW
VirtualProtectEx
WriteProcessMemory
Module32FirstW
CreateToolhelp32Snapshot
GetCurrentThreadId
Module32NextW
GetCurrentProcessId
GetCommandLineW
OutputDebugStringW
OpenEventW
LocalFree
HeapReAlloc
WriteConsoleW
LoadLibraryW
GetModuleHandleW
ReadProcessMemory
SetStdHandle
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DecodePointer
EncodePointer
HeapSetInformation
GetVersion
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameW
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
HeapSize
LCMapStringW
GetStringTypeW
FlushFileBuffers

user32

MessageBoxW

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

shell32

CommandLineToArgvW

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86GetProcAddress.exe
.exe windows:5 windows x86 arch:x86

fea4bedb8243adce577fbea5e5bbe7ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\_programmation\APIOverride\Tools\Process\x86GetProcAddress\x86GetProcAddress\Release\x86GetProcAddress.pdb

Imports

kernel32

GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
LoadLibraryW
GetModuleHandleW
LocalFree
GetCommandLineW
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

shell32

CommandLineToArgvW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ef08d77da22bdc159576bf4a9e4c27f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 44KB - Virtual size: 103KB

.reloc Size: 18KB - Virtual size: 18KB

9a526800c2596f88d5c5f18db63711f7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 384KB - Virtual size: 383KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 48KB - Virtual size: 142KB

.pdata Size: 16KB - Virtual size: 15KB

.reloc Size: 3KB - Virtual size: 3KB

70edf9a931d932ff81a1cd9167c7026a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 203KB - Virtual size: 202KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 9KB - Virtual size: 15KB

.tls Size: 8KB - Virtual size: 8KB

.rsrc Size: 75KB - Virtual size: 75KB

.reloc Size: 18KB - Virtual size: 17KB

86a0700600b253c49bb821dc3c5167ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 224KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 10KB - Virtual size: 18KB

.pdata Size: 11KB - Virtual size: 10KB

.tls Size: 9KB - Virtual size: 8KB

.rsrc Size: 75KB - Virtual size: 75KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 44KB - Virtual size: 103KB

.reloc
Size: 18KB - Virtual size: 18KB

.text
Size: 384KB - Virtual size: 383KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 48KB - Virtual size: 142KB

.pdata
Size: 16KB - Virtual size: 15KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 203KB - Virtual size: 202KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 9KB - Virtual size: 15KB

.tls
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 75KB - Virtual size: 75KB

.reloc
Size: 18KB - Virtual size: 17KB

.text
Size: 224KB - Virtual size: 224KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 10KB - Virtual size: 18KB

.pdata
Size: 11KB - Virtual size: 10KB

.tls
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 75KB - Virtual size: 75KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 33KB - Virtual size: 40KB

.tls
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 229KB - Virtual size: 229KB

.rdata
Size: 109KB - Virtual size: 108KB

.data
Size: 35KB - Virtual size: 43KB

.pdata
Size: 12KB - Virtual size: 12KB

.tls
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 150KB - Virtual size: 150KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 15KB

.tls
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 32KB - Virtual size: 31KB