D:\Projects\PSFExtractor\obj\Release\PSFExtractor.pdb
Static task
static1
1 signatures
General
-
Target
Toolkit_v13.6.7z
-
Size
30.8MB
-
MD5
5f0373d708e7f6e1b2ed98bc9c75a066
-
SHA1
5a9e7e21c777c640178b9bd9ac468f6cd019785b
-
SHA256
2adffd551f7cdb9a15ef25987c91c797603d2b6e20232b03cd0ec2dd3dde57fd
-
SHA512
0f43c65717d7d8aec8a730382a9eb870578e67447bb1c9766bc11d2d645b3d0711cde615fc194081609c2a387c660669530bf23831b39eb5bd983c4d1faca58d
-
SSDEEP
393216:JweSQiqCtog34raVSx7s7rNdqpsUvhemJ6nYxhRAzdqV5B5nPObSE1doj:JweDi8aVSGrN8+u0h+AA/aSBj
Score
3/10
Malware Config
Signatures
-
Unsigned PE 105 IoCs
Checks for missing Authenticode signature.
resource unpack001/Bin/PSFExtractor.exe unpack001/Bin/ResourceHacker.exe unpack001/Bin/ToolKitHelper.exe unpack001/Bin/arm64/DISM10/en-us/VHDProvider.dll.mui unpack001/Bin/arm64/DISM10/en-us/dism.exe.mui unpack001/Bin/arm64/DISM10/en-us/dismapi.dll.mui unpack001/Bin/arm64/DISM10/en-us/dismcore.dll.mui unpack001/Bin/arm64/DISM10/en-us/dismprov.dll.mui unpack001/Bin/arm64/DISM10/en-us/ffuprovider.dll.mui unpack001/Bin/arm64/DISM10/en-us/folderprovider.dll.mui unpack001/Bin/arm64/DISM10/en-us/imagingprovider.dll.mui unpack001/Bin/arm64/DISM10/en-us/logprovider.dll.mui unpack001/Bin/arm64/DISM10/en-us/siloedpackageprovider.dll.mui unpack001/Bin/arm64/DISM10/en-us/wimgapi.dll.mui unpack001/Bin/arm64/DISM10/en-us/wimprovider.dll.mui unpack001/Bin/dvdburn.exe unpack001/Bin/esddecrypt.exe unpack001/Bin/x64/7z.dll unpack001/Bin/x64/7z.exe unpack001/Bin/x64/DISM10/en-us/VHDProvider.dll.mui unpack001/Bin/x64/DISM10/en-us/dism.exe.mui unpack001/Bin/x64/DISM10/en-us/dismapi.dll.mui unpack001/Bin/x64/DISM10/en-us/dismcore.dll.mui unpack001/Bin/x64/DISM10/en-us/dismprov.dll.mui unpack001/Bin/x64/DISM10/en-us/ffuprovider.dll.mui unpack001/Bin/x64/DISM10/en-us/folderprovider.dll.mui unpack001/Bin/x64/DISM10/en-us/imagingprovider.dll.mui unpack001/Bin/x64/DISM10/en-us/logprovider.dll.mui unpack001/Bin/x64/DISM10/en-us/siloedpackageprovider.dll.mui unpack001/Bin/x64/DISM10/en-us/wimgapi.dll.mui unpack001/Bin/x64/DISM10/en-us/wimprovider.dll.mui unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l1-1-0.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l1-1-1.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l2-1-0.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l2-1-1.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l3-1-0.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l4-1-0.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-kernel32-l1-1-0.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-kernel32-l2-1-0.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-ole32-l1-1-0.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-ole32-l1-1-1.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-shlwapi-l1-1-0.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-shlwapi-l1-1-1.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-user32-l1-1-0.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-user32-l1-1-1.dll unpack001/Bin/x64/DISM81/api-ms-win-downlevel-version-l1-1-0.dll unpack001/Bin/x64/DISM81/en-us/VHDProvider.dll.mui unpack001/Bin/x64/DISM81/en-us/compatprovider.dll.mui unpack001/Bin/x64/DISM81/en-us/dism.exe.mui unpack001/Bin/x64/DISM81/en-us/dismapi.dll.mui unpack001/Bin/x64/DISM81/en-us/dismcore.dll.mui unpack001/Bin/x64/DISM81/en-us/dismprov.dll.mui unpack001/Bin/x64/DISM81/en-us/folderprovider.dll.mui unpack001/Bin/x64/DISM81/en-us/imagingprovider.dll.mui unpack001/Bin/x64/DISM81/en-us/logprovider.dll.mui unpack001/Bin/x64/DISM81/en-us/wimgapi.dll.mui unpack001/Bin/x64/DISM81/en-us/wimprovider.dll.mui unpack001/Bin/x64/NSudo.exe unpack001/Bin/x64/esdtoolcore.exe unpack001/Bin/x64/libwim-15.dll unpack001/Bin/x64/wimlib-imagex.exe unpack001/Bin/x86/7z.dll unpack001/Bin/x86/7z.exe unpack001/Bin/x86/DISM10/en-us/VHDProvider.dll.mui unpack001/Bin/x86/DISM10/en-us/dism.exe.mui unpack001/Bin/x86/DISM10/en-us/dismapi.dll.mui unpack001/Bin/x86/DISM10/en-us/dismcore.dll.mui unpack001/Bin/x86/DISM10/en-us/dismprov.dll.mui unpack001/Bin/x86/DISM10/en-us/ffuprovider.dll.mui unpack001/Bin/x86/DISM10/en-us/folderprovider.dll.mui unpack001/Bin/x86/DISM10/en-us/imagingprovider.dll.mui unpack001/Bin/x86/DISM10/en-us/logprovider.dll.mui unpack001/Bin/x86/DISM10/en-us/siloedpackageprovider.dll.mui unpack001/Bin/x86/DISM10/en-us/wimgapi.dll.mui unpack001/Bin/x86/DISM10/en-us/wimprovider.dll.mui unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l1-1-0.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l1-1-1.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l2-1-0.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l2-1-1.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l3-1-0.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l4-1-0.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-kernel32-l1-1-0.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-kernel32-l2-1-0.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-ole32-l1-1-0.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-ole32-l1-1-1.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-shlwapi-l1-1-0.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-shlwapi-l1-1-1.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-user32-l1-1-0.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-user32-l1-1-1.dll unpack001/Bin/x86/DISM81/api-ms-win-downlevel-version-l1-1-0.dll unpack001/Bin/x86/DISM81/en-us/VHDProvider.dll.mui unpack001/Bin/x86/DISM81/en-us/compatprovider.dll.mui unpack001/Bin/x86/DISM81/en-us/dism.exe.mui unpack001/Bin/x86/DISM81/en-us/dismapi.dll.mui unpack001/Bin/x86/DISM81/en-us/dismcore.dll.mui unpack001/Bin/x86/DISM81/en-us/dismprov.dll.mui unpack001/Bin/x86/DISM81/en-us/folderprovider.dll.mui unpack001/Bin/x86/DISM81/en-us/imagingprovider.dll.mui unpack001/Bin/x86/DISM81/en-us/logprovider.dll.mui unpack001/Bin/x86/DISM81/en-us/wimgapi.dll.mui unpack001/Bin/x86/DISM81/en-us/wimprovider.dll.mui unpack001/Bin/x86/NSudo.exe unpack001/Bin/x86/esdtoolcore.exe unpack001/Bin/x86/libwim-15.dll unpack001/Bin/x86/wimlib-imagex.exe
Files
-
Toolkit_v13.6.7z.7z
-
Bin/AddFonts.ps1.ps1
-
Bin/AppLicense/AD2F1837.HPSupportAssistant_v10z8vjag6ke6.xml
-
Bin/AppLicense/AdvancedMicroDevicesInc-2.AMDLink_0a9344xs7nr4m.xml
-
Bin/AppLicense/AppUp.IntelGraphicsExperience_8j3eq9eme6ctt.xml
-
Bin/AppLicense/AppUp.ThunderboltControlCenter_8j3eq9eme6ctt.xml
-
Bin/AppLicense/CanonicalGroupLimited.Ubuntu18.04onWindows_79rhkp1fndgsc.xml
-
Bin/AppLicense/Clipchamp.Clipchamp_yxz26nhyzhsrt.xml
-
Bin/AppLicense/Microsoft.549981c3f5f10_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.AV1VideoExtension_8wekyb3d8bbwe.arm64.xml
-
Bin/AppLicense/Microsoft.AV1VideoExtension_8wekyb3d8bbwe.x64.xml
-
Bin/AppLicense/Microsoft.AV1VideoExtension_8wekyb3d8bbwe.x86.xml
-
Bin/AppLicense/Microsoft.BingFinance_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.BingFoodAndDrink_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.BingHealthAndFitness_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.BingMaps_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.BingNews_8wekyb3d8bbwe_w10.xml
-
Bin/AppLicense/Microsoft.BingNews_8wekyb3d8bbwe_w11.xml
-
Bin/AppLicense/Microsoft.BingNews_8wekyb3d8bbwe_w81.xml
-
Bin/AppLicense/Microsoft.BingSearch_8wekyb3d8bbwe.arm64.xml
-
Bin/AppLicense/Microsoft.BingSearch_8wekyb3d8bbwe.x64.xml
-
Bin/AppLicense/Microsoft.BingSports_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.BingTravel_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.BingWeather_8wekyb3d8bbwe_w10.xml
-
Bin/AppLicense/Microsoft.BingWeather_8wekyb3d8bbwe_w11.xml
-
Bin/AppLicense/Microsoft.BingWeather_8wekyb3d8bbwe_w81.xml
-
Bin/AppLicense/Microsoft.D3DMappingLayers_8wekyb3d8bbwe.arm64.xml
-
Bin/AppLicense/Microsoft.D3DMappingLayers_8wekyb3d8bbwe.x64.xml
-
Bin/AppLicense/Microsoft.DesktopAppInstaller_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.DolbyAudioExtensions_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.GamingApp_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.GetHelp_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Getstarted_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.HEIFImageExtension_8wekyb3d8bbwe.arm64.xml
-
Bin/AppLicense/Microsoft.HEIFImageExtension_8wekyb3d8bbwe.x64.xml
-
Bin/AppLicense/Microsoft.HEIFImageExtension_8wekyb3d8bbwe.x86.xml
-
Bin/AppLicense/Microsoft.HEVCVideoExtension_8wekyb3d8bbwe.arm64.xml
-
Bin/AppLicense/Microsoft.HEVCVideoExtension_8wekyb3d8bbwe.x64.xml
-
Bin/AppLicense/Microsoft.HEVCVideoExtension_8wekyb3d8bbwe.x86.xml
-
Bin/AppLicense/Microsoft.HelpAndTips_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.MPEG2VideoExtension_8wekyb3d8bbwe.arm64.xml
-
Bin/AppLicense/Microsoft.MPEG2VideoExtension_8wekyb3d8bbwe.x64.xml
-
Bin/AppLicense/Microsoft.MPEG2VideoExtension_8wekyb3d8bbwe.x86.xml
-
Bin/AppLicense/Microsoft.MSPaint_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Messaging_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Microsoft3DViewer_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.MicrosoftJournal_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.MicrosoftPowerBIForWindows_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.MicrosoftSkydrive_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.MinecraftEducationEdition_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.MixedReality.Portal_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Office.Excel_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Office.OneNote_8wekyb3d8bbwe_w10.xml
-
Bin/AppLicense/Microsoft.Office.OneNote_8wekyb3d8bbwe_w11.xml
-
Bin/AppLicense/Microsoft.Office.OneNote_8wekyb3d8bbwe_w81.xml
-
Bin/AppLicense/Microsoft.Office.PowerPoint_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Office.Word_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.OneConnect_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.OutlookForWindows_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Paint_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.People_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Print3D_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.RawImageExtension_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Reader_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.RemoteDesktop_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.ScreenSketch_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.SecHealthUI_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.SkypeApp_kzf8qxf38zg5c_w10.xml
-
Bin/AppLicense/Microsoft.SkypeApp_kzf8qxf38zg5c_w11.xml
-
Bin/AppLicense/Microsoft.SkypeApp_kzf8qxf38zg5c_w81.xml
-
Bin/AppLicense/Microsoft.StorePurchaseApp_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Todos_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.VP9VideoExtensions_8wekyb3d8bbwe.arm64.xml
-
Bin/AppLicense/Microsoft.VP9VideoExtensions_8wekyb3d8bbwe.x64.xml
-
Bin/AppLicense/Microsoft.VP9VideoExtensions_8wekyb3d8bbwe.x86.xml
-
Bin/AppLicense/Microsoft.Wallet_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.WebMediaExtensions_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.WebpImageExtension_8wekyb3d8bbwe.arm64.xml
-
Bin/AppLicense/Microsoft.WebpImageExtension_8wekyb3d8bbwe.x64.xml
-
Bin/AppLicense/Microsoft.WebpImageExtension_8wekyb3d8bbwe.x86.xml
-
Bin/AppLicense/Microsoft.Whiteboard_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Windows.Photos_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.WindowsAlarms_8wekyb3d8bbwe_w10.xml
-
Bin/AppLicense/Microsoft.WindowsAlarms_8wekyb3d8bbwe_w11.xml
-
Bin/AppLicense/Microsoft.WindowsAlarms_8wekyb3d8bbwe_w81.xml
-
Bin/AppLicense/Microsoft.WindowsCalculator_8wekyb3d8bbwe_w10.xml
-
Bin/AppLicense/Microsoft.WindowsCalculator_8wekyb3d8bbwe_w11.xml
-
Bin/AppLicense/Microsoft.WindowsCalculator_8wekyb3d8bbwe_w81.xml
-
Bin/AppLicense/Microsoft.WindowsCamera_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe_w10.xml
-
Bin/AppLicense/Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe_w11.xml
-
Bin/AppLicense/Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe_w81.xml
-
Bin/AppLicense/Microsoft.WindowsDVDPlayer_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.WindowsMaps_8wekyb3d8bbwe_w10.xml
-
Bin/AppLicense/Microsoft.WindowsMaps_8wekyb3d8bbwe_w11.xml
-
Bin/AppLicense/Microsoft.WindowsMaps_8wekyb3d8bbwe_w81.xml
-
Bin/AppLicense/Microsoft.WindowsNotepad_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.WindowsReadingList_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.WindowsScan_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe_w10.xml
-
Bin/AppLicense/Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe_w11.xml
-
Bin/AppLicense/Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe_w81.xml
-
Bin/AppLicense/Microsoft.WindowsStore_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.WindowsTerminal_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.Xbox.TCUI_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.XboxApp_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.XboxGameOverlay_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.XboxGamingOverlay_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.XboxIdentityProvider_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.XboxLIVEGames_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.YourPhone_8wekyb3d8bbwe.xml
-
Bin/AppLicense/Microsoft.ZuneMusic_8wekyb3d8bbwe_w10.xml
-
Bin/AppLicense/Microsoft.ZuneMusic_8wekyb3d8bbwe_w11.xml
-
Bin/AppLicense/Microsoft.ZuneMusic_8wekyb3d8bbwe_w81.xml
-
Bin/AppLicense/Microsoft.ZuneVideo_8wekyb3d8bbwe_w10.xml
-
Bin/AppLicense/Microsoft.ZuneVideo_8wekyb3d8bbwe_w11.xml
-
Bin/AppLicense/Microsoft.ZuneVideo_8wekyb3d8bbwe_w81.xml
-
Bin/AppLicense/MicrosoftCorporationII.MicrosoftFamily_8wekyb3d8bbwe.xml
-
Bin/AppLicense/MicrosoftCorporationII.QuickAssist_8wekyb3d8bbwe.xml
-
Bin/AppLicense/MicrosoftCorporationII.WindowsSubsystemforLinux_8wekyb3d8bbwe.xml
-
Bin/AppLicense/MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy.xml
-
Bin/AppLicense/NVIDIACorp.NVIDIAControlPanel_56jybvy8sckqj.xml
-
Bin/AppLicense/RealtekSemiconductorCorp.RealtekAudioControl_dt26b99r8h8gj.xml
-
Bin/AppLicense/RivetNetworks.KillerControlCenter_rh07ty8m5nkag.xml
-
Bin/AppLicense/WavesAudio.MaxxAudioProforDell2020_fh4rh281wavaa.xml
-
Bin/ConvertReg.ps1.ps1
-
Bin/LICENSES/7zip.txt
-
Bin/LICENSES/NSudo.txt
-
Bin/LICENSES/ResourceHacker.txt
-
Bin/LICENSES/ToolkitHelper.txt
-
Bin/LICENSES/Wimlib.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.10240.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.10586.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.14393.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.15063.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.16299.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.17134.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.17763.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.1836X.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W10_10.0.1904X.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W11_10.0.22000.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W11_10.0.2262X.txt
-
Bin/Lists/DISM_Templates/RemoveAppsList_W81.txt
-
Bin/Lists/DISM_Templates/RemovePkgsList_Server_LTSC_2022.txt
-
Bin/Lists/DISM_Templates/RemovePkgsList_W10.txt
-
Bin/Lists/DISM_Templates/RemovePkgsList_W11.txt
-
Bin/Lists/DISM_Templates/RemovePkgsList_W7.txt
-
Bin/Lists/DISM_Templates/RemovePkgsList_W81.txt
-
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.17763.txt
-
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.1836X.txt
-
Bin/Lists/Features_Templates/FeaturesList_W10_10.0.1904X.txt
-
Bin/Lists/Features_Templates/FeaturesList_W11_10.0.22000.txt
-
Bin/Lists/Features_Templates/FeaturesList_W11_10.0.2262X.txt
-
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.17763.txt
-
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.1836X.txt
-
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_10.0.1904X.txt
-
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_LTSC_2019.txt
-
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W10_LTSC_2021.txt
-
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W11_10.0.22000.txt
-
Bin/Lists/ToolkitHelper_Templates/RemovePkgsList_W11_10.0.2262X.txt
-
Bin/PSFExtractor.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/PSFExtractor.exe.config
-
Bin/Patches/W10CUFix/RS1CUFix.reg
-
Bin/Patches/W10CUFix/RS1CUFix.tpk
-
Bin/Patches/W10CUFix/TH1CUFix.tpk
-
Bin/Patches/W10CUFix/TH1CUFix_x64.reg
-
Bin/Patches/W10CUFix/TH1CUFix_x86.reg
-
Bin/Patches/W7ESU/ESU.tpk
-
Bin/Patches/WMCGActTokens.tpk
-
Bin/ResourceHacker.def
-
Bin/ResourceHacker.exe.exe windows:5 windows x86 arch:x86
cee6f2e56c9d0896337240f928b841b7
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
oleaut32
SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
VariantInit
SysFreeString
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
user32
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
ToAscii
SystemParametersInfoW
SubtractRect
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
SendDlgItemMessageW
ScrollWindowEx
ScrollWindow
ScrollDC
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
MapDialogRect
LockWindowUpdate
LoadStringW
LoadMenuIndirectW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenuBarInfo
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameW
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DeferWindowPos
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconFromResourceEx
CreateIconFromResource
CreateIcon
CreateDialogIndirectParamW
CreateCaret
CountClipboardFormats
CopyImage
CloseClipboard
ClipCursor
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
BeginDeferWindowPos
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
kernel32
Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenW
lstrcmpW
WritePrivateProfileStringW
WriteFile
WriteConsoleW
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFileTime
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsValidCodePage
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetTempFileNameW
GetSystemInfo
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FreeConsole
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringA
CompareStringW
CloseHandle
Sleep
MulDiv
gdi32
UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetDCPenColor
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePatternBrush
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
TranslateCharsetInfo
GetRandomRgn
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
netapi32
NetWkstaGetInfo
ole32
CreateStreamOnHGlobal
ReleaseStgMedium
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CreateDataAdviseHolder
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoDisconnectObject
CoUninitialize
CoInitialize
IsEqualGUID
comctl32
InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls
msvcrt
memset
memcpy
shell32
ShellExecuteW
Shell_NotifyIconW
DragQueryFileW
DragAcceptFiles
IsUserAnAdmin
SHGetDesktopFolder
comdlg32
ChooseFontW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameW
winspool.drv
OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW
shlwapi
PathIsRelativeW
winmm
timeGetTime
sndPlaySoundW
mciSendCommandW
mciGetErrorStringW
oleacc
LresultFromObject
Exports
Exports
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 89KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 160B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: - Virtual size: 76B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 93B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 267KB - Virtual size: 267KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/ToolKitHelper.exe.exe windows:5 windows x86 arch:x86
bf5a4aa99e5b160f8521cadd6bfe73b8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
ole32
OleInitialize
oleaut32
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString
Sections
.text Size: 102KB - Virtual size: 101KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15.1MB - Virtual size: 15.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/ToolKitHelper.exe.config.xml
-
Bin/XMLs/DefaultLayouts.xml.xml
-
Bin/XMLs/LayoutModification.json
-
Bin/XMLs/LayoutModification.xml
-
Bin/XMLs/w10_CustomAppsAssociation.xml.xml
-
Bin/XMLs/w11_CustomAppsAssociation.xml.xml
-
Bin/XMLs/w81_CustomAppsAssociation.xml.xml
-
Bin/arm64/DISM10/dism.Format.ps1xml.ps1
-
Bin/arm64/DISM10/dism.Types.ps1xml.xml
-
Bin/arm64/DISM10/dism.psd1
-
Bin/arm64/DISM10/dism.psm1
-
Bin/arm64/DISM10/en-us/VHDProvider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/dism.exe.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 28KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/dismapi.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/dismcore.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/dismprov.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/ffuprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/folderprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/imagingprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/logprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/siloedpackageprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/wimgapi.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/arm64/DISM10/en-us/wimprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 26KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/dvdburn.exe.exe windows:5 windows x86 arch:x86
29ed54be8e40a7c5481b525444010c27
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetSystemTimeAsFileTime
LocalFree
Sleep
ReadFile
SetLastError
LocalAlloc
GetFileInformationByHandle
DeviceIoControl
GetLastError
CloseHandle
CreateFileA
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetOverlappedResult
CreateEventA
msvcrt
_strnicmp
fflush
_iob
memmove
_c_exit
_exit
_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_vsnprintf
printf
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/esddecrypt.exe.exe windows:4 windows x86 arch:x86
994408c7129b7cb51ea935a492feb74e
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
advapi32
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext
crypt32
CryptStringToBinaryW
kernel32
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
msvcrt
__doserrno
__lconv_init
__p__fmode
__p__wcmdln
__pioinfo
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_chsize
_errno
_filelengthi64
_fileno
_initterm
_iob
_lseeki64
_onexit
_ui64tow_s
_wfopen_s
_write
_wsetlocale
abort
calloc
exit
fclose
fflush
fgetpos
fprintf
fread
free
fsetpos
fwprintf
fwrite
malloc
memcpy
signal
strlen
strncmp
swscanf_s
vfprintf
wcslen
wcsstr
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 1000B
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
Bin/wimgapi.dll.dll windows:10 windows x86 arch:x86
eeeabe85372d9f8dab340e7e32c5bbeb
Code Sign
33:00:00:05:e0:4b:b0:a2:29:8c:eb:8f:4a:00:00:00:00:05:e0Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before12/08/2021, 18:05Not After15/09/2022, 18:05SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
15:da:06:64:3b:94:f5:75:8c:0e:eb:f3:0d:63:29:87:f5:b0:d2:92:e6:01:67:6f:36:ff:2c:bf:7a:04:b2:cdSigner
Actual PE Digest15:da:06:64:3b:94:f5:75:8c:0e:eb:f3:0d:63:29:87:f5:b0:d2:92:e6:01:67:6f:36:ff:2c:bf:7a:04:b2:cdDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
wimgapi.pdb
Imports
msvcrt
towlower
strcpy_s
_wcslwr
_wcsrev
wcschr
memmove
_onexit
qsort
__dllonexit
_wcsupr
_unlock
_lock
_except_handler4_common
_XcptFilter
_initterm
swscanf_s
towupper
free
wcstoul
_amsg_exit
wcstok_s
_strnicmp
wcsrchr
memcpy
memcmp
_callnewh
_vscwprintf
_purecall
iswspace
memmove_s
_wcsicmp
_wcstoi64
memcpy_s
strncpy_s
wcsncmp
_wcsnicmp
wcsnlen
_vsnwprintf
malloc
wcsstr
_wtoi
memset
kernel32
CompareStringW
HeapFree
GetProcessHeap
SetLastError
DeleteFileW
CreateFileW
GetFileInformationByHandle
CloseHandle
LocalAlloc
HeapAlloc
GetSystemDirectoryW
LocalFree
GetVolumePathNameW
GetDriveTypeW
RemoveDirectoryW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
SetFileTime
GetFileAttributesW
FindFirstFileW
FindNextFileW
GetLastError
GetTempPathW
GetTempFileNameW
GetFileSize
SetFilePointer
ReadFile
SetFilePointerEx
DeleteCriticalSection
GetSystemInfo
InitializeCriticalSection
SetThreadIdealProcessor
GetCurrentThread
GetEnvironmentVariableW
GetOverlappedResult
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
CreateDirectoryW
WriteFile
SetEndOfFile
CreateEventW
LockFileEx
UnlockFileEx
GetFileSizeEx
DeviceIoControl
HeapReAlloc
GetHandleInformation
WaitForSingleObject
CreateMutexW
GetModuleHandleExW
GetModuleFileNameW
FormatMessageW
ReleaseMutex
WideCharToMultiByte
LocalFileTimeToFileTime
FindClose
DisableThreadLibraryCalls
Sleep
ExpandEnvironmentStringsW
OpenProcess
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GlobalMemoryStatusEx
GetFinalPathNameByHandleW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
OpenEventW
GetCurrentDirectoryW
GetLongPathNameW
DosDateTimeToFileTime
SetFileInformationByHandle
GetFileInformationByHandleEx
GetPrivateProfileSectionW
GetModuleHandleW
WaitForMultipleObjects
ReleaseSemaphore
SetEvent
CreateSemaphoreW
CreateThread
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCIDToLocaleName
CopyFileExW
GetVolumePathNamesForVolumeNameW
LoadLibraryW
WaitForMultipleObjectsEx
ResetEvent
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTickCount
GetLogicalDriveStringsW
Wow64DisableWow64FsRedirection
CreateProcessW
GetExitCodeProcess
Wow64RevertWow64FsRedirection
CreateSemaphoreExW
GetVolumeNameForVolumeMountPointW
bcrypt
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptCloseAlgorithmProvider
fltlib
FilterSendMessage
FilterAttach
FilterLoad
FilterConnectCommunicationPort
cabinet
ord22
ord20
ord23
advapi32
GetSecurityDescriptorControl
RegDeleteKeyExW
AdjustTokenPrivileges
SetThreadToken
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAccessAllowedAceEx
RevertToSelf
GetSecurityDescriptorLength
GetSecurityInfo
FreeSid
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegLoadKeyW
RegCloseKey
RegOpenKeyExW
version
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
user32
CharUpperW
ntdll
RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
NtQuerySecurityObject
RtlRaiseStatus
RtlDosPathNameToNtPathName_U_WithStatus
RtlInitializeCriticalSection
DbgPrintEx
NtUnloadKey2
RtlReAllocateHeap
NtYieldExecution
RtlDowncaseUnicodeChar
RtlGetVersion
NtSetSecurityObject
RtlFindAceByType
RtlSetControlSecurityDescriptor
RtlInitUnicodeString
RtlImpersonateSelf
NtQueryVolumeInformationFile
NtCreateFile
NtQueryEaFile
NtQueryInformationProcess
NtQueryInformationFile
RtlGetLastNtStatus
NtSetInformationFile
RtlSetIoCompletionCallback
RtlFreeHeap
NtClose
NtQueryDirectoryFile
RtlAllocateHeap
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
RtlNtStatusToDosError
NtSetEaFile
rpcrt4
RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
UuidCreate
UuidFromStringW
RpcStringFreeW
UuidToStringW
I_RpcMapWin32Status
NdrClientCall2
Exports
Exports
DllCanUnloadNow
DllMain
WIMAddImagePath
WIMAddImagePaths
WIMAddWimbootEntry
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMCreateWofCompressedFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImageDirectory
WIMExtractImagePath
WIMExtractImagePathByWimHandle
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromHandle
WIMGetMountedImages
WIMGetWIMBootEntries
WIMGetWIMBootWIMPath
WIMGetWimFileSize
WIMInitFileIOCallbacks
WIMInitializeWofDriver
WIMIsCurrentSystemWimboot
WIMIsReferenceWim
WIMLoadImage
WIMLoadOSInformation
WIMMountImage
WIMMountImageHandle
WIMProcessCustomImage
WIMReadFileEx
WIMReadImageFile
WIMRedirectFolderBeforeApply
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetCachedSigningLevel
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetImageUserSpecifiedCreationTime
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSetWimGuid
WIMSingleInstanceFile
WIMSplitFile
WIMUnmountImage
WIMUnmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback
WIMUpdateWIMBootEntry
WIMWriteFileWithIntegrity
Sections
.text Size: 564KB - Virtual size: 563KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/wimscript.ini
-
Bin/x64/7z.dll.dll windows:4 windows x64 arch:x64
928b316f3126865cdd91c5fd11b09dbf
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
oleaut32
SysStringLen
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
user32
CharUpperW
CharPrevExA
advapi32
SystemFunction036
msvcrt
strchr
_purecall
memset
free
malloc
strlen
__CxxFrameHandler
realloc
strstr
wcscmp
strcmp
memmove
_CxxThrowException
memcpy
memcmp
exit
__C_specific_handler
_beginthreadex
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
kernel32
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
Sleep
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
SetEvent
DeleteFileW
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
QueryPerformanceCounter
GetOEMCP
DeleteCriticalSection
LocalFileTimeToFileTime
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatusEx
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
WriteFile
ReadFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetFileInformationByHandle
FindClose
FindFirstFileW
GetModuleHandleA
GetFileAttributesW
Exports
Exports
CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 344KB - Virtual size: 343KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 76KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/7z.exe.exe windows:4 windows x64 arch:x64
bdfbfb77053146fee2c1f3bb5d54fc3b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
oleaut32
SysStringLen
VariantClear
VariantCopy
SysAllocString
SysStringByteLen
SysFreeString
SysAllocStringLen
user32
CharUpperW
advapi32
LookupPrivilegeValueW
GetFileSecurityW
SetFileSecurityW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
msvcrt
_c_exit
_XcptFilter
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_beginthreadex
_isatty
memcmp
memset
strlen
_exit
wcscmp
strcmp
memmove
fflush
fputc
fputs
_iob
fgetc
free
malloc
__CxxFrameHandler
_CxxThrowException
memcpy
_cexit
__initenv
exit
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
wcsstr
kernel32
WaitForSingleObject
ResumeThread
SetThreadAffinityMask
CreateEventW
SetEvent
InitializeCriticalSection
GetVersion
SetFileTime
VirtualFree
VirtualAlloc
GetConsoleMode
SetConsoleMode
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
GetProcessTimes
QueryPerformanceFrequency
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetProcessAffinityMask
OpenEventW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
IsProcessorFeaturePresent
GlobalMemoryStatusEx
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetFileInformationByHandle
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetLogicalDriveStringsW
DeviceIoControl
GetFileSize
Sections
.text Size: 376KB - Virtual size: 376KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 130KB - Virtual size: 130KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/Microsoft.Dism.Powershell.dll.dll windows:4 windows x64 arch:x64
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
41:fb:c3:42:50:9a:47:55:ef:20:8e:69:a5:10:d1:43:f9:45:66:34:a3:f7:8e:1b:f7:8e:ea:72:59:af:e8:c6Signer
Actual PE Digest41:fb:c3:42:50:9a:47:55:ef:20:8e:69:a5:10:d1:43:f9:45:66:34:a3:f7:8e:1b:f7:8e:ea:72:59:af:e8:c6Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Microsoft.Dism.PowerShell.pdb
Sections
.text Size: 139KB - Virtual size: 138KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/WimMountAdkSetupAmd64.exe.exe windows:10 windows x64 arch:x64
053788f1296dda0a0cefc7d50ff36955
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ca:c9:f5:7c:8a:98:e6:d2:6a:b6:68:fc:c7:3b:dd:13:18:72:24:22:0b:ec:09:c8:79:49:14:85:1e:94:48:ceSigner
Actual PE Digestca:c9:f5:7c:8a:98:e6:d2:6a:b6:68:fc:c7:3b:dd:13:18:72:24:22:0b:ec:09:c8:79:49:14:85:1e:94:48:ceDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
WimMountAdkSetupAmd64.pdb
Imports
msvcrt
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
__C_specific_handler
memcpy
__set_app_type
exit
_amsg_exit
towupper
wcschr
_XcptFilter
fwprintf
_exit
wcsncmp
__iob_func
memset
_cexit
vfwprintf
_wcsnicmp
__setusermatherr
__wgetmainargs
_initterm
_wfopen
fclose
_wcsicmp
memcpy_s
_vsnwprintf
ntdll
RtlFreeHeap
RtlAllocateHeap
RtlGetVersion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
kernel32
GetSystemInfo
GetDriveTypeW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetProcessHeap
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalFree
GetCurrentProcessId
HeapAlloc
GetNativeSystemInfo
GetLastError
GetModuleFileNameW
GetFullPathNameW
SetLastError
HeapFree
GetFileAttributesW
CloseHandle
advapi32
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
shell32
CommandLineToArgvW
user32
MessageBoxW
fltlib
FilterUnload
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 258KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 332B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/dism.Format.ps1xml.ps1
-
Bin/x64/DISM10/dism.Types.ps1xml.xml
-
Bin/x64/DISM10/dism.exe.exe windows:10 windows x64 arch:x64
f7d545a2fdb1dadc056f94a047e6e49a
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
96:e0:18:06:7d:86:cd:6f:a6:03:04:40:f6:c8:20:e4:de:00:aa:9b:31:9e:20:5a:a4:e2:8b:f7:84:c5:b1:b8Signer
Actual PE Digest96:e0:18:06:7d:86:cd:6f:a6:03:04:40:f6:c8:20:e4:de:00:aa:9b:31:9e:20:5a:a4:e2:8b:f7:84:c5:b1:b8Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
Dism.pdb
Imports
msvcrt
memcmp
??3@YAXPEAX@Z
memset
wcsstr
wcsncmp
_wcsnicmp
iswalpha
towlower
_snwscanf_s
realloc
_errno
_onexit
__dllonexit
_unlock
__RTDynamicCast
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcscpy_s
wcsrchr
calloc
malloc
_purecall
_wcsicmp
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcslwr_s
wcschr
wprintf
memmove_s
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
_lock
wcscmp
advapi32
IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidSubAuthority
GetSidLengthRequired
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventUnregister
EventRegister
EventWriteTransfer
EventActivityIdControl
UnregisterTraceGuids
InitiateSystemShutdownExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
TraceEvent
GetLengthSid
CopySid
IsValidSid
InitializeSid
kernel32
GetDriveTypeW
SearchPathW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandleEx
FindFirstFileNameW
DeviceIoControl
SetFileAttributesW
SetFileInformationByHandle
DeleteFileW
FindNextFileNameW
CopyFileExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetVersionExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
InitializeCriticalSection
EnterCriticalSection
SetEvent
LeaveCriticalSection
GetLastError
CloseHandle
SetThreadUILanguage
SetErrorMode
SetConsoleCtrlHandler
OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
Sleep
GetCurrentProcess
DeleteCriticalSection
RaiseException
GetCurrentThreadId
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetStdHandle
HeapAlloc
WriteConsoleW
LocalAlloc
WideCharToMultiByte
WriteFile
LocalFree
GetFileType
GetConsoleMode
GetModuleFileNameW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
MultiByteToWideChar
GetSystemInfo
OpenProcess
QueryFullProcessImageNameW
HeapSize
HeapReAlloc
HeapDestroy
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
LoadLibraryExW
ole32
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
user32
CharLowerBuffW
oleaut32
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
GetErrorInfo
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
SysFreeString
ntdll
NtQueryInformationProcess
RtlNtStatusToDosError
RtlGetVersion
NtSetInformationFile
RtlAllocateHeap
RtlFreeHeap
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
Sections
.text Size: 156KB - Virtual size: 153KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 96KB - Virtual size: 93KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/dism.psd1
-
Bin/x64/DISM10/dism.psm1
-
Bin/x64/DISM10/dismapi.dll.dll windows:10 windows x64 arch:x64
0e2ab706e0da69622bb44da2870a3982
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
14:72:80:2f:e9:37:73:3e:49:04:db:82:ef:32:2d:74:74:94:52:fa:d1:78:96:bf:a5:a6:0c:12:1e:a3:3e:a8Signer
Actual PE Digest14:72:80:2f:e9:37:73:3e:49:04:db:82:ef:32:2d:74:74:94:52:fa:d1:78:96:bf:a5:a6:0c:12:1e:a3:3e:a8Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DismApi.pdb
Imports
msvcrt
wcsstr
wcsncmp
wcsrchr
_vsnwprintf
towlower
_snwscanf_s
fclose
wcstok_s
_wfopen
_wcslwr_s
strrchr
_wcsnicmp
iswctype
memcmp
memset
realloc
fgetws
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcscpy_s
_wcstoui64
wcstoul
iswspace
swscanf_s
_wtoi
wcschr
iswalpha
_wcsicmp
feof
_errno
_purecall
_vscprintf
vsprintf_s
calloc
_vsnprintf
malloc
free
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
wcscmp
advapi32
OpenThreadToken
GetTokenInformation
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CheckTokenMembership
AddAccessAllowedAce
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetLengthSid
InitializeSecurityDescriptor
kernel32
GetTimeFormatEx
GetLocaleInfoEx
GetModuleFileNameA
MoveFileExW
GetVersionExW
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceExW
OutputDebugStringW
GetThreadUILanguage
OutputDebugStringA
GetModuleHandleExW
GetLastError
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
LoadLibraryExW
HeapFree
GetProcessHeap
MultiByteToWideChar
WaitForMultipleObjectsEx
WaitForSingleObject
FormatMessageW
LocalFree
GetSystemInfo
GetCommandLineW
GetFileAttributesW
IsWow64Process
TlsSetValue
CompareStringW
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetEnvironmentVariableW
GetFileInformationByHandleEx
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetSystemTime
SetErrorMode
CreateEventW
ResumeThread
DuplicateHandle
LoadLibraryExA
GetTempFileNameW
GetCurrentThread
ResetEvent
CreateThread
GetFinalPathNameByHandleW
GetLongPathNameW
SetLastError
CreateDirectoryW
CloseHandle
CreateFileW
SetFilePointer
GetFullPathNameW
ReadFile
GetSystemWindowsDirectoryW
UnmapViewOfFile
TlsAlloc
GetLocalTime
GetFileSize
ExitProcess
TlsGetValue
TlsFree
SetEvent
ExpandEnvironmentStringsW
GetFileSizeEx
FlushFileBuffers
CopyFileExW
FindNextFileNameW
DeleteFileW
SetFileInformationByHandle
GetFileInformationByHandle
SetFileAttributesW
FindClose
DeviceIoControl
FindNextFileW
FindFirstFileNameW
FindFirstFileW
FormatMessageA
CreateFileMappingW
MapViewOfFile
VirtualQuery
WriteFile
CreateMutexW
ReleaseMutex
DebugBreak
GetModuleHandleExA
GetWindowsDirectoryW
IsDebuggerPresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
VirtualProtect
SearchPathW
GetCurrentProcess
ole32
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
StringFromGUID2
user32
CharLowerBuffW
oleaut32
VarBstrCmp
SafeArrayGetUBound
VariantTimeToSystemTime
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
LoadTypeLi
LoadRegTypeLi
SysStringLen
SafeArrayGetLBound
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
VarBstrCat
SystemTimeToVariantTime
ntdll
NtReadFile
RtlReAllocateHeap
NtClose
RtlExpandEnvironmentStrings
NtQueryInformationFile
NtWaitForSingleObject
NtOpenFile
RtlInitUnicodeString
NtYieldExecution
DbgPrintEx
RtlDowncaseUnicodeChar
RtlRaiseStatus
RtlAllocateHeap
RtlGetVersion
NtSetInformationFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
RtlFreeHeap
NtWriteFile
version
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW
Exports
Exports
DismAddCapability
DismAddDriver
DismAddLanguage
DismAddPackage
DismAddProvisionedAppxPackage
DismApplyUnattend
DismCheckImageHealth
DismCleanupMountpoints
DismCloseSession
DismCommitImage
DismDelete
DismDisableFeature
DismEnableFeature
DismGetCapabilities
DismGetCapabilityInfo
DismGetDriverInfo
DismGetDrivers
DismGetFeatureInfo
DismGetFeatureParent
DismGetFeatures
DismGetImageInfo
DismGetLastErrorMessage
DismGetMountedImageInfo
DismGetPackageInfo
DismGetPackageInfoEx
DismGetPackages
DismGetProvisionedAppxPackages
DismGetReservedStorageState
DismInitialize
DismMountImage
DismOpenSession
DismRemountImage
DismRemoveCapability
DismRemoveDriver
DismRemoveLanguage
DismRemovePackage
DismRemoveProvisionedAppxPackage
DismRestoreImageHealth
DismSetReservedStorageState
DismShutdown
DismUnmountImage
_DismAddAppxPackageFamilyToUninstallBlocklist
_DismAddDriverEx
_DismAddPackageEx
_DismAddPackageFamilyToUninstallBlocklist
_DismAddProvisionedAppSharedPackageContainer
_DismAddProvisionedAppxPackage
_DismAddProvisionedAppxPackageEx
_DismApplyCustomDataImage
_DismApplyFfuImage
_DismApplyProvisioningPackage
_DismCaptureSoftwareInventory
_DismCleanImage
_DismEnableDisableFeature
_DismExportDriver
_DismExportSource
_DismGetCapabilitiesEx
_DismGetCapabilityInfoEx
_DismGetCurrentEdition
_DismGetDriversEx
_DismGetEffectiveSystemUILanguage
_DismGetFeaturesEx
_DismGetInstallLanguage
_DismGetKCacheBinaryValue
_DismGetKCacheDwordValue
_DismGetKCacheStringValue
_DismGetLastCBSSessionID
_DismGetNonRemovableAppsPolicy
_DismGetNonRemovableAppxAppsPolicy
_DismGetOSUninstallWindow
_DismGetOsInfo
_DismGetPackageInfoEx
_DismGetProductKeyInfo
_DismGetProvisionedAppSharedPackageContainers
_DismGetProvisionedAppxPackages
_DismGetProvisioningPackageInfo
_DismGetRegistryMountPoint
_DismGetStateFromCBSSessionID
_DismGetTargetCompositionEditions
_DismGetTargetEditions
_DismGetTargetVirtualEditions
_DismGetTemplateAbsolutePath
_DismGetTemplateString
_DismGetUsedSpace
_DismInitiateOSUninstall
_DismOpenSessionEx
_DismOptimizeImage
_DismOptimizeProvisionedAppxPackages
_DismRemoveAppxPackageFamilyFromUninstallBlocklist
_DismRemoveCapabilityEx
_DismRemoveLanguageEx
_DismRemoveOSUninstall
_DismRemovePackageEx
_DismRemovePackageFamilyFromUninstallBlocklist
_DismRemoveProvisionedAppSharedPackageContainer
_DismRemoveProvisionedAppxPackage
_DismRemoveProvisionedAppxPackageAllUsers
_DismRevertPendingActions
_DismSetAllIntlSettings
_DismSetAppXProvisionedDataFile
_DismSetAppxProvisionedDataFile
_DismSetEdition
_DismSetEdition2
_DismSetFirstBootCommandLine
_DismSetIntlSettings
_DismSetMachineName
_DismSetOSUninstallWindow
_DismSetProductKey
_DismSetSkuIntlDefaults
_DismSetTemplateString
_DismSplitFfuImage
_DismStage
_DismSysprepCleanup
_DismSysprepGeneralize
_DismSysprepSpecialize
_DismValidateProductKey
Sections
.text Size: 704KB - Virtual size: 701KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 352KB - Virtual size: 348KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 24KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/dismcore.dll.dll regsvr32 windows:10 windows x64 arch:x64
a938378251df3cf9225b641734205896
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
af:9b:c0:71:7f:4e:67:08:0b:19:bd:b4:3e:60:bc:c9:f9:28:21:cc:ae:9c:98:e3:5c:60:cc:c1:1c:61:c3:17Signer
Actual PE Digestaf:9b:c0:71:7f:4e:67:08:0b:19:bd:b4:3e:60:bc:c9:f9:28:21:cc:ae:9c:98:e3:5c:60:cc:c1:1c:61:c3:17Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DismCore.pdb
Imports
msvcrt
feof
fgetws
_wfopen
wcstok_s
fclose
iswctype
strrchr
_vsnprintf
_wtoi
towlower
swscanf_s
_vscprintf
vsprintf_s
iswalpha
_vsnwprintf
_wcsnicmp
wcsncmp
wcsstr
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcsncpy_s
wcscat_s
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
wcsrchr
wcschr
vswprintf_s
_vscwprintf
wcscpy_s
malloc
_resetstkoflw
free
??3@YAXPEAX@Z
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
memset
advapi32
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
GetTokenInformation
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
OpenThreadToken
kernel32
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
MultiByteToWideChar
HeapFree
GetProcessHeap
GetModuleHandleExW
FreeLibrary
Wow64RevertWow64FsRedirection
SetEvent
GetModuleFileNameW
GetModuleHandleW
GetNativeSystemInfo
Wow64DisableWow64FsRedirection
CopyFileExW
CreateEventW
WaitForSingleObject
TerminateProcess
GetEnvironmentVariableW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
GetProcAddress
LoadLibraryExW
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
CompareStringW
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetSystemDirectoryW
GetVersionExW
SearchPathW
GetSystemInfo
GetSystemWindowsDirectoryW
FormatMessageW
SetFileAttributesW
MoveFileExW
GetSystemTime
FindClose
FindNextFileW
FindFirstFileW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFileInformationByHandle
CreateDirectoryW
LocalFree
GetCurrentThread
GetFullPathNameW
GetTempFileNameW
CloseHandle
CreateFileW
SetThreadUILanguage
WriteFile
VirtualQuery
MapViewOfFile
CreateFileMappingW
FormatMessageA
TlsFree
TlsGetValue
ExitProcess
GetFileSize
GetLocalTime
GetLastError
DeleteFileW
TlsAlloc
UnmapViewOfFile
SetLastError
TlsSetValue
GetModuleFileNameA
SetFilePointer
ReadFile
DeleteCriticalSection
CreateMutexW
ReleaseMutex
DebugBreak
GetModuleHandleExA
GetFileSizeEx
GetWindowsDirectoryW
IsDebuggerPresent
FlushFileBuffers
GetFileInformationByHandleEx
FindFirstFileNameW
DeviceIoControl
SetFileInformationByHandle
FindNextFileNameW
GetLongPathNameW
GetFinalPathNameByHandleW
GetTempPathW
GetCurrentDirectoryW
GetDriveTypeW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessW
GetExitCodeProcess
LoadLibraryExA
DelayLoadFailureHook
GetFileAttributesW
DuplicateHandle
GetCurrentProcess
ole32
CoRegisterPSClsid
CoTaskMemFree
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
CoRevokeClassObject
StringFromCLSID
CoCreateGuid
CoSetProxyBlanket
CoRegisterClassObject
user32
CharNextW
LoadStringW
oleaut32
VariantTimeToSystemTime
RegisterTypeLi
UnRegisterTypeLi
GetErrorInfo
CreateErrorInfo
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
LoadTypeLibEx
SystemTimeToVariantTime
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
ntdll
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetSystemInformation
RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlAllocateHeap
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 204KB - Virtual size: 202KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 112KB - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 104KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/dismcoreps.dll.dll regsvr32 windows:10 windows x64 arch:x64
102e2534564eed89a8aa71a67d9a7545
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ff:40:68:ce:01:c0:bd:5f:64:d3:a2:14:b7:8d:46:68:35:a2:b6:1b:39:b8:1a:a1:57:67:bd:ba:e0:ee:33:69Signer
Actual PE Digestff:40:68:ce:01:c0:bd:5f:64:d3:a2:14:b7:8d:46:68:35:a2:b6:1b:39:b8:1a:a1:57:67:bd:ba:e0:ee:33:69Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
DismCorePS.pdb
Imports
msvcrt
_XcptFilter
_initterm
malloc
free
_amsg_exit
__C_specific_handler
memcmp
oleaut32
BSTR_UserUnmarshal64
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserFree64
BSTR_UserFree
BSTR_UserSize
BSTR_UserMarshal64
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize64
BSTR_UserSize64
rpcrt4
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
NdrStubCall3
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
kernel32
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllGetDismInterfaces
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 128KB - Virtual size: 126KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 492B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/dismprov.dll.dll regsvr32 windows:10 windows x64 arch:x64
832d125e110fa37081dab033a6430bda
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d5:03:42:8e:b1:97:52:da:74:32:42:0a:da:2b:af:f3:c7:8f:ae:16:a3:44:72:33:75:e5:72:58:27:2c:de:fdSigner
Actual PE Digestd5:03:42:8e:b1:97:52:da:74:32:42:0a:da:2b:af:f3:c7:8f:ae:16:a3:44:72:33:75:e5:72:58:27:2c:de:fdDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DISMProv.pdb
Imports
msvcrt
feof
fgetws
_wfopen
wcstok_s
fclose
_wcsicmp
_vsnwprintf
_wcsnicmp
wcsncmp
_vsnprintf
vsprintf_s
_vscprintf
swscanf_s
_wtoi
towlower
__RTDynamicCast
strrchr
iswctype
wcschr
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
wcscat_s
wcscpy_s
wcsrchr
memmove_s
_purecall
vswprintf_s
_vscwprintf
memcpy_s
free
malloc
wcsncpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
RtlFreeHeap
oleaut32
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
UnRegisterTypeLi
VarUI4FromStr
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
RegisterTypeLi
SystemTimeToVariantTime
SysAllocStringLen
VariantTimeToSystemTime
advapi32
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegQueryValueExW
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
kernel32
GetSystemInfo
GetCurrentThread
GetTempFileNameW
IsDebuggerPresent
GetWindowsDirectoryW
GetModuleHandleExA
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
DebugBreak
ReleaseMutex
CreateMutexW
GetModuleFileNameA
TlsSetValue
UnmapViewOfFile
TlsAlloc
GetLocalTime
GetFileSize
ExitProcess
TlsGetValue
TlsFree
FormatMessageA
CreateFileMappingW
MapViewOfFile
VirtualQuery
WriteFile
GetFileSizeEx
CreateFileW
GetLastError
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetModuleHandleExW
LockResource
CompareStringW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
GetEnvironmentVariableW
WideCharToMultiByte
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetLastError
DeviceIoControl
GetFileAttributesW
DeleteFileW
FlushFileBuffers
GetFullPathNameW
WaitForSingleObject
FormatMessageW
LocalFree
SetFilePointer
ole32
CoTaskMemRealloc
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
StringFromGUID2
CoCreateInstance
CoRegisterPSClsid
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree
user32
CharNextW
version
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 144KB - Virtual size: 142KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 92KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/VHDProvider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/dism.exe.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 28KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/dismapi.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/dismcore.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/dismprov.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/ffuprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/folderprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/imagingprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/logprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/siloedpackageprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/wimgapi.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/en-us/wimprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 26KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/ffuprovider.dll.dll regsvr32 windows:10 windows x64 arch:x64
62aad11dbf36bda8a23aa943eb13b3a2
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7c:65:a9:cc:90:0a:2c:76:6a:0f:e6:45:b4:78:d2:c1:ae:e4:b9:cb:01:12:7f:7b:85:42:7c:1f:f8:88:0a:36Signer
Actual PE Digest7c:65:a9:cc:90:0a:2c:76:6a:0f:e6:45:b4:78:d2:c1:ae:e4:b9:cb:01:12:7f:7b:85:42:7c:1f:f8:88:0a:36Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
FfuProvider.pdb
Imports
msvcrt
wcstoul
wcsrchr
swscanf
_vsnprintf
iswspace
wcscmp
_wcsnicmp
strchr
__RTDynamicCast
memcmp
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
malloc
_wcsicmp
_purecall
wcschr
wcstol
_vsnwprintf
_vscwprintf
memmove_s
memcpy_s
vswprintf_s
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
_stricmp
__CxxFrameHandler3
ntdll
RtlDowncaseUnicodeChar
DbgPrintEx
NtYieldExecution
RtlRaiseStatus
NtOpenFile
NtWaitForSingleObject
NtCreateFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
NtQueryInformationFile
RtlExpandEnvironmentStrings
NtClose
RtlReAllocateHeap
NtReadFile
NtSetInformationFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtWriteFile
RtlFreeHeap
RtlAllocateHeap
RtlRandom
RtlNumberOfSetBits
RtlFindSetBits
RtlSetBits
RtlClearAllBits
RtlInitializeBitMap
RtlVirtualUnwind
RtlAreBitsClear
advapi32
RegEnumKeyExW
RegUnLoadKeyW
RegLoadKeyW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegFlushKey
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
kernel32
TrySubmitThreadpoolCallback
GetSystemInfo
SetEvent
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeleteFileW
GetFirmwareEnvironmentVariableW
GetDiskFreeSpaceW
GetVolumePathNameW
GetFileTime
InitializeCriticalSectionAndSpinCount
LCIDToLocaleName
SetFilePointer
FreeLibrary
GetVolumeInformationByHandleW
CopyFileW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetOverlappedResult
DeviceIoControl
QueryPerformanceFrequency
DeleteVolumeMountPointW
FindClose
WaitForSingleObject
HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
SetLastError
GetModuleHandleW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSection
SetThreadUILanguage
SizeofResource
LockResource
LoadResource
FindResourceExW
FindFirstFileW
GetCurrentThreadId
GetCurrentProcessId
GetFileAttributesW
CompareStringW
CreateFileW
GetFileSizeEx
WriteFile
ReadFile
CloseHandle
CreateDirectoryW
RemoveDirectoryW
HeapSize
HeapReAlloc
HeapDestroy
MultiByteToWideChar
WideCharToMultiByte
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryExA
CreateEventW
CreateIoCompletionPort
SetFileAttributesW
FindNextFileW
LCMapStringW
GetDriveTypeW
MapViewOfFile
GetTempPathW
CopyFileExW
CreateMutexW
GetCurrentThread
SetFilePointerEx
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
VirtualQuery
GetSystemFirmwareTable
FormatMessageW
SearchPathW
ReleaseMutex
GetFullPathNameW
LocalAlloc
GetFileSize
LocalFree
OutputDebugStringW
CreateFileMappingW
UnmapViewOfFile
GetVersionExW
VirtualProtect
ole32
StringFromCLSID
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoTaskMemFree
ProgIDFromCLSID
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
user32
LoadStringW
CharLowerBuffW
CharNextW
oleaut32
VariantClear
CreateErrorInfo
SetErrorInfo
VariantInit
LoadRegTypeLi
VarBstrCmp
SysAllocStringLen
SysStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
SysAllocStringByteLen
GetErrorInfo
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
bcrypt
BCryptGetProperty
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 444KB - Virtual size: 442KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 164KB - Virtual size: 163KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 16KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 208B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 16KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/folderprovider.dll.dll regsvr32 windows:10 windows x64 arch:x64
5730a8496cffaa1fa44a285371ac8fb6
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4a:5a:da:7b:db:7f:23:33:a5:99:16:47:52:ec:0a:9b:dd:70:c8:71:ad:94:5c:62:0d:fa:27:9d:be:6f:2f:3dSigner
Actual PE Digest4a:5a:da:7b:db:7f:23:33:a5:99:16:47:52:ec:0a:9b:dd:70:c8:71:ad:94:5c:62:0d:fa:27:9d:be:6f:2f:3dDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
FolderProvider.pdb
Imports
msvcrt
_wcsnicmp
wcsncmp
wcschr
memcmp
??3@YAXPEAX@Z
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??1type_info@@UEAA@XZ
ntdll
RtlFreeHeap
RtlAllocateHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
advapi32
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
kernel32
SetLastError
GetFileAttributesW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFullPathNameW
ole32
CoCreateInstance
StringFromGUID2
user32
CharNextW
oleaut32
SysAllocStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
SysStringLen
RegisterTypeLi
SysFreeString
UnRegisterTypeLi
SysAllocString
LoadTypeLi
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 948B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/imagingprovider.dll.dll regsvr32 windows:10 windows x64 arch:x64
858c79d5a31fede418c474f6489e641b
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4a:5c:98:aa:af:61:00:30:2c:22:17:d4:7b:2b:bf:2c:9a:12:82:8d:a2:35:19:67:68:8d:41:d9:2e:bd:21:97Signer
Actual PE Digest4a:5c:98:aa:af:61:00:30:2c:22:17:d4:7b:2b:bf:2c:9a:12:82:8d:a2:35:19:67:68:8d:41:d9:2e:bd:21:97Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
ImagingProvider.pdb
Imports
msvcrt
_XcptFilter
_initterm
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memcmp
__RTDynamicCast
_amsg_exit
_vsnwprintf
iswalpha
towlower
wcschr
_snwscanf_s
wcsrchr
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_unlock
_lock
malloc
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
vswprintf_s
_vscwprintf
_wtoi64
wcstoul
_wcsnicmp
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset
ntdll
VerSetConditionMask
RtlVerifyVersionInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
advapi32
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
kernel32
FreeLibrary
SearchPathW
GetVersionExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetLastError
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetLocaleInfoW
GetNumberFormatW
HeapAlloc
GetProcessHeap
HeapFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
SetThreadUILanguage
FormatMessageW
LocalFree
CloseHandle
CreateFileW
ole32
CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2
user32
CharLowerBuffW
LoadStringW
CharNextW
oleaut32
SetErrorInfo
GetErrorInfo
VariantClear
CreateErrorInfo
LoadRegTypeLi
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 120KB - Virtual size: 118KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 64KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/logprovider.dll.dll regsvr32 windows:10 windows x64 arch:x64
e1bec6d4625d8d2e3a24bfd2d9b963fd
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3e:06:68:3a:27:4c:93:a5:9f:8d:53:5b:8a:e4:2c:da:92:fa:6c:b6:48:f1:8e:71:d3:59:3d:eb:b2:27:bc:c9Signer
Actual PE Digest3e:06:68:3a:27:4c:93:a5:9f:8d:53:5b:8a:e4:2c:da:92:fa:6c:b6:48:f1:8e:71:d3:59:3d:eb:b2:27:bc:c9Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
LogProvider.pdb
Imports
msvcrt
_amsg_exit
_XcptFilter
memmove
memcpy
?terminate@@YAXXZ
_lock
_unlock
memcmp
__dllonexit
_onexit
_initterm
wcsrchr
vsprintf_s
_vscprintf
??1type_info@@UEAA@XZ
swscanf_s
wcsncmp
_wcsnicmp
_wcsicmp
wcschr
towlower
strrchr
iswctype
fclose
_wtoi
wcstok_s
_wfopen
fgetws
feof
_vsnwprintf
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
calloc
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
_vsnprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlFreeHeap
RtlAllocateHeap
oleaut32
SysAllocStringLen
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SysStringLen
SystemTimeToVariantTime
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
VariantTimeToSystemTime
RegisterTypeLi
advapi32
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
kernel32
WriteFile
VirtualQuery
FormatMessageA
TlsFree
SearchPathW
FreeLibrary
GetSystemInfo
SetFilePointer
CreateMutexW
ReleaseMutex
GetModuleHandleExA
GetFileSizeEx
GetWindowsDirectoryW
IsDebuggerPresent
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
TlsGetValue
ExitProcess
GetFileSize
GetLocalTime
GetModuleFileNameA
TlsSetValue
DebugBreak
LocalFree
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapAlloc
GetProcessHeap
OutputDebugStringA
HeapFree
CreateDirectoryW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
GetEnvironmentVariableW
MultiByteToWideChar
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
CloseHandle
FormatMessageW
GetSystemWindowsDirectoryW
GetTempFileNameW
GetFullPathNameW
GetCurrentThread
WaitForSingleObject
GetFileAttributesW
SetLastError
DeviceIoControl
DeleteFileW
FlushFileBuffers
TlsAlloc
ole32
CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2
user32
LoadStringW
CharNextW
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 92KB - Virtual size: 90KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/pkgmgr.exe.exe windows:10 windows x64 arch:x64
e8faa85e646982bf5f01d040565013df
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
81:1f:26:47:a0:cd:92:d9:f4:29:af:30:0c:0d:3e:e7:69:29:b3:4c:48:b3:fe:13:45:3d:39:89:3e:a2:d1:cdSigner
Actual PE Digest81:1f:26:47:a0:cd:92:d9:f4:29:af:30:0c:0d:3e:e7:69:29:b3:4c:48:b3:fe:13:45:3d:39:89:3e:a2:d1:cdDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
pkgmgr.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initterm_e
api-ms-win-crt-private-l1-1-0
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcsnicmp
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstoul
__C_specific_handler
__current_exception
__current_exception_context
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o__exit
_o___p__commode
_o__errno
_o___p___wargv
_o___p___argc
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__free_base
wcsstr
wcschr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
memset
strcmp
api-ms-win-core-file-l1-1-0
FindNextFileW
RemoveDirectoryW
CompareFileTime
GetFileAttributesExW
GetFileAttributesW
CreateFileW
DeleteFileW
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
FindClose
api-ms-win-core-errorhandling-l1-1-0
SetLastError
UnhandledExceptionFilter
GetErrorMode
SetErrorMode
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
api-ms-win-core-libraryloader-l1-1-0
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleHandleExW
GetModuleFileNameW
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
DeleteProcThreadAttributeList
GetExitCodeProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessW
api-ms-win-eventing-controller-l1-1-0
StartTraceW
ControlTraceW
api-ms-win-eventing-legacy-l1-1-0
EnableTrace
api-ms-win-eventing-consumer-l1-1-0
CloseTrace
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-heap-obsolete-l1-1-0
LocalFree
LocalAlloc
api-ms-win-security-lsalookup-l2-1-0
LookupPrivilegeValueW
api-ms-win-security-base-l1-1-0
AdjustTokenPrivileges
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-shutdown-l1-1-0
InitiateSystemShutdownExW
api-ms-win-core-synch-l1-2-0
InitOnceBeginInitialize
Sleep
InitOnceComplete
api-ms-win-core-heap-l1-1-0
HeapFree
HeapAlloc
HeapDestroy
HeapSetInformation
HeapSize
HeapReAlloc
GetProcessHeap
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionEx
ReleaseMutex
LeaveCriticalSection
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
EnterCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
api-ms-win-core-kernel32-legacy-l1-1-0
LoadLibraryW
CopyFileW
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
api-ms-win-core-debug-l1-1-0
OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-com-l1-1-0
CoCreateGuid
CoGetMalloc
StringFromGUID2
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-registry-l2-1-0
RegOpenKeyTransactedW
api-ms-win-eventing-provider-l1-1-0
EventUnregister
EventWriteTransfer
EventRegister
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
user32
MessageBoxW
ntdll
RtlFreeHeap
RtlLengthSecurityDescriptor
NtOpenProcessToken
RtlSetOwnerSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
RtlRaiseStatus
RtlAllocateHeap
RtlAllocateAndInitializeSid
NtOpenThreadToken
NtPrivilegeCheck
RtlSetGroupSecurityDescriptor
RtlCreateSecurityDescriptor
DbgPrintEx
NtClose
api-ms-win-core-file-l1-2-0
GetTempPathW
Sections
.text Size: 128KB - Virtual size: 126KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 132KB - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/siloedpackageprovider.dll.dll regsvr32 windows:10 windows x64 arch:x64
97bc1718f10c3ff3c119a7d5a86c395e
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4c:61:93:b5:5f:12:32:e8:61:5d:0e:8b:09:79:71:ca:c8:de:cc:17:31:eb:ae:7a:d2:64:95:51:ab:0b:37:a8Signer
Actual PE Digest4c:61:93:b5:5f:12:32:e8:61:5d:0e:8b:09:79:71:ca:c8:de:cc:17:31:eb:ae:7a:d2:64:95:51:ab:0b:37:a8Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
SiloedPackageProvider.pdb
Imports
msvcrt
__RTDynamicCast
_vsnwprintf
wcsrchr
memcmp
??3@YAXPEAX@Z
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_unlock
_lock
malloc
_stricmp
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
vswprintf_s
_vscwprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??1type_info@@UEAA@XZ
memset
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
advapi32
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
kernel32
SetLastError
FreeLibrary
SearchPathW
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetSystemInfo
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
SetThreadUILanguage
FormatMessageW
LocalFree
CreateFileW
CloseHandle
VirtualProtect
LoadLibraryExA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ole32
CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2
user32
UnregisterClassA
LoadStringW
CharLowerBuffW
CharNextW
oleaut32
SysAllocString
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
SysStringLen
SysFreeString
UnRegisterTypeLi
LoadTypeLi
RegisterTypeLi
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 40KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/ssshim.dll.dll windows:10 windows x64 arch:x64
d0f6e2501bd35d196e0e868ed32ff584
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
16:e9:0e:30:59:c1:f3:93:1b:b2:51:47:8b:5c:c5:52:13:48:c1:16:8c:9b:34:69:83:b7:5c:b7:64:f0:14:3aSigner
Actual PE Digest16:e9:0e:30:59:c1:f3:93:1b:b2:51:47:8b:5c:c5:52:13:48:c1:16:8c:9b:34:69:83:b7:5c:b7:64:f0:14:3aDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
ssshim.pdb
Imports
ntdll
__C_specific_handler
LdrLockLoaderLock
LdrUnlockLoaderLock
RtlRaiseStatus
NtQueryAttributesFile
RtlPcToFileHeader
NtOpenKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
NtQueryPerformanceCounter
NtClose
RtlAllocateHeap
RtlFreeHeap
NtOpenFile
NtQueryDirectoryFile
NtCreateFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtSetInformationFile
RtlRaiseException
NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDelayExecution
RtlInitString
LdrGetProcedureAddress
RtlQueryEnvironmentVariable_U
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
DbgPrintEx
RtlReAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlEnterCriticalSection
strncmp
RtlInitializeCriticalSection
RtlLeaveCriticalSection
_snprintf_s
RtlDosPathNameToNtPathName_U
wcstoul
LdrGetDllHandleEx
DbgPrint
RtlCreateUnicodeStringFromAsciiz
NtQuerySystemTime
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
memmove
memcmp
memcpy
memset
Exports
Exports
SssBindServicingStack
SssGetServicingStackFilePath
SssGetServicingStackFilePathLength
SssGetServicingStackVersion
SssPreloadDownlevelDependencies
SssReleaseServicingStack
Sections
.text Size: 92KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 444B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/vhdprovider.dll.dll regsvr32 windows:10 windows x64 arch:x64
917ca5907f1e9c3f6c4c668279bcddb2
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:f3:66:6d:68:61:53:ba:bd:c9:a0:a5:96:f7:95:3e:98:8c:dc:53:01:76:e6:b0:f9:12:bf:88:23:7f:05:e2Signer
Actual PE Digest06:f3:66:6d:68:61:53:ba:bd:c9:a0:a5:96:f7:95:3e:98:8c:dc:53:01:76:e6:b0:f9:12:bf:88:23:7f:05:e2Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
VhdProvider.pdb
Imports
msvcrt
_initterm
_amsg_exit
_XcptFilter
towlower
??1type_info@@UEAA@XZ
__dllonexit
iswspace
wcschr
wcsrchr
iswalpha
_wcsnicmp
wcsncmp
_onexit
_vsnwprintf_s
wcstoul
towupper
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
memcmp
_callnewh
malloc
wcstok_s
_wcsupr
?terminate@@YAXXZ
_wtoi
_stricmp
_purecall
wcsncpy_s
wcscat_s
__C_specific_handler
calloc
_wcsicmp
wcsstr
_vsnwprintf
_vscwprintf
memmove_s
memcpy_s
vswprintf_s
iswctype
_snwscanf_s
??3@YAXPEAX@Z
free
wcscpy_s
??_V@YAXPEAX@Z
__CxxFrameHandler3
memset
advapi32
RegSetValueExW
AdjustTokenPrivileges
RegLoadKeyW
RegUnLoadKeyW
OpenThreadToken
OpenProcessToken
RegDeleteKeyExW
RegQueryValueExW
RegEnumValueW
RegDeleteTreeW
RegEnumKeyExW
RegFlushKey
DuplicateTokenEx
SetThreadToken
RegGetValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
kernel32
UnlockFileEx
SetEndOfFile
WriteFile
GetFileTime
SetFilePointerEx
GetFileSizeEx
ReadFile
FreeLibrary
LoadLibraryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LockFileEx
CloseHandle
SizeofResource
LockResource
LoadResource
FindResourceExW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetLastError
HeapFree
GetProcessHeap
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
Sleep
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
HeapAlloc
SetVolumeMountPointW
DeleteVolumeMountPointW
GetFileAttributesW
SetFileAttributesW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteFileW
GetVolumePathNamesForVolumeNameW
SetLastError
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
SetThreadUILanguage
CompareStringW
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
VirtualQuery
RtlCompareMemory
LoadLibraryExA
VirtualProtect
VirtualFree
VirtualAlloc
GetSystemDirectoryW
VerSetConditionMask
GetSystemInfo
GetDiskFreeSpaceExW
GetVolumeInformationW
GetModuleHandleExW
SearchPathW
CopyFileExW
GetDiskFreeSpaceW
GetTempPathW
FormatMessageW
LocalFree
GetVersionExW
UnmapViewOfFile
LCIDToLocaleName
CreateFileMappingW
GetFullPathNameW
MapViewOfFile
GetCurrentThread
SetFilePointer
MultiByteToWideChar
GetFileInformationByHandle
GetVolumePathNameW
FindFirstFileW
FindNextFileW
FindClose
CreateThread
GetLogicalDrives
DeviceIoControl
GetDriveTypeW
ole32
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
CoTaskMemFree
CoInitializeEx
user32
LoadStringW
CharNextW
oleaut32
SysAllocStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
CreateErrorInfo
SetErrorInfo
SysFreeString
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayDestroy
VariantClear
UnRegisterTypeLi
ntdll
DbgPrintEx
RtlDowncaseUnicodeChar
NtYieldExecution
NtQueryObject
RtlCompareUnicodeString
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtUnloadKey2
RtlAdjustPrivilege
RtlRaiseStatus
NtOpenFile
RtlReAllocateHeap
RtlSetThreadErrorMode
RtlGetThreadErrorMode
RtlVerifyVersionInfo
RtlFreeHeap
RtlAllocateHeap
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
RtlInitUnicodeString
rpcrt4
UuidToStringW
I_RpcMapWin32Status
RpcStringFreeW
UuidCreate
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 372KB - Virtual size: 368KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 148KB - Virtual size: 147KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/wimgapi.dll.dll windows:10 windows x64 arch:x64
85be11591e44cd787f118ee8878f57f5
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e0:71:85:8e:90:f1:35:af:63:ab:62:92:49:93:fd:b0:16:6e:f6:68:ec:c6:89:38:fd:49:25:1f:be:46:94:0bSigner
Actual PE Digeste0:71:85:8e:90:f1:35:af:63:ab:62:92:49:93:fd:b0:16:6e:f6:68:ec:c6:89:38:fd:49:25:1f:be:46:94:0bDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
wimgapi.pdb
Imports
msvcrt
strncpy_s
wcsncmp
_wcsnicmp
wcsnlen
wcsstr
_vsnwprintf
_wtoi
swscanf_s
_wcsupr
_wcsicmp
wcstoul
memmove
_onexit
__dllonexit
_unlock
_lock
memcpy_s
_wcsrev
wcstok_s
memcpy
memcmp
_initterm
malloc
free
_amsg_exit
_callnewh
_vscwprintf
_purecall
iswspace
memmove_s
_wcstoi64
_strnicmp
qsort
towupper
wcschr
towlower
strcpy_s
_wcslwr
__C_specific_handler
_XcptFilter
wcsrchr
memset
kernel32
LocalFree
CompareStringW
GetLastError
GetDriveTypeW
RemoveDirectoryW
HeapAlloc
LocalAlloc
CloseHandle
GetFileInformationByHandle
GetSystemDirectoryW
CreateFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetTempFileNameW
GetFileSize
SetFilePointer
ReadFile
DeleteFileW
DeleteCriticalSection
GetSystemInfo
SetLastError
SetThreadIdealProcessor
GetCurrentThread
GetEnvironmentVariableW
GetOverlappedResult
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
CreateDirectoryW
WriteFile
SetEndOfFile
CreateEventW
LockFileEx
UnlockFileEx
GetFileSizeEx
DeviceIoControl
HeapReAlloc
GetHandleInformation
WaitForSingleObject
CreateMutexW
GetModuleHandleExW
GetModuleFileNameW
FormatMessageW
ReleaseMutex
WideCharToMultiByte
GetProcessHeap
SetFilePointerEx
ExpandEnvironmentStringsW
OpenProcess
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
GlobalMemoryStatusEx
GetFinalPathNameByHandleW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TerminateProcess
GetCurrentProcess
OpenEventW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetPrivateProfileSectionW
GetModuleHandleW
WaitForMultipleObjects
ReleaseSemaphore
SetEvent
CreateThread
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
HeapFree
LCIDToLocaleName
CopyFileExW
GetCurrentDirectoryW
WaitForMultipleObjectsEx
ResetEvent
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLogicalDriveStringsW
Wow64DisableWow64FsRedirection
CreateProcessW
GetExitCodeProcess
Wow64RevertWow64FsRedirection
CreateSemaphoreExW
MultiByteToWideChar
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
InitializeCriticalSection
CreateSemaphoreW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
LoadLibraryW
GetVolumePathNamesForVolumeNameW
GetFileInformationByHandleEx
FindFirstFileNameW
SetFileInformationByHandle
FindNextFileNameW
GetLongPathNameW
GetTempPathW
bcrypt
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
fltlib
FilterSendMessage
FilterAttach
FilterConnectCommunicationPort
FilterLoad
cabinet
ord22
ord20
ord23
advapi32
LookupPrivilegeValueW
SetThreadToken
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAccessAllowedAceEx
RevertToSelf
GetSecurityDescriptorLength
GetSecurityInfo
FreeSid
RegDeleteKeyExW
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegLoadKeyW
RegCloseKey
RegOpenKeyExW
version
VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
user32
CharUpperW
ntdll
RtlDeleteResource
NtQuerySecurityObject
RtlRaiseStatus
RtlDosPathNameToNtPathName_U_WithStatus
RtlInitializeCriticalSection
DbgPrintEx
RtlReleaseResource
RtlReAllocateHeap
NtYieldExecution
RtlDowncaseUnicodeChar
RtlGetVersion
RtlAcquireResourceExclusive
RtlInitializeResource
NtUnloadKey2
NtSetEaFile
NtSetSecurityObject
RtlFindAceByType
RtlSetControlSecurityDescriptor
RtlInitUnicodeString
RtlImpersonateSelf
NtQueryVolumeInformationFile
NtCreateFile
NtQueryEaFile
NtQueryInformationProcess
NtQueryInformationFile
RtlGetLastNtStatus
NtSetInformationFile
RtlSetIoCompletionCallback
RtlFreeHeap
NtClose
NtQueryDirectoryFile
RtlAllocateHeap
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlAcquireResourceShared
rpcrt4
UuidCreate
RpcBindingFree
RpcBindingSetAuthInfoW
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
UuidFromStringW
NdrClientCall3
RpcStringBindingComposeW
RpcBindingFromStringBindingW
Exports
Exports
DllCanUnloadNow
DllMain
WIMAddImagePath
WIMAddImagePaths
WIMAddWimbootEntry
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMCreateWofCompressedFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImageDirectory
WIMExtractImagePath
WIMExtractImagePathByWimHandle
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromHandle
WIMGetMountedImages
WIMGetWIMBootEntries
WIMGetWIMBootWIMPath
WIMGetWimFileSize
WIMInitFileIOCallbacks
WIMInitializeWofDriver
WIMIsCurrentSystemWimboot
WIMIsReferenceWim
WIMLoadImage
WIMLoadOSInformation
WIMMountImage
WIMMountImageHandle
WIMProcessCustomImage
WIMReadFileEx
WIMReadImageFile
WIMRedirectFolderBeforeApply
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetCachedSigningLevel
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetImageUserSpecifiedCreationTime
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSetWimGuid
WIMSingleInstanceFile
WIMSplitFile
WIMUnmountImage
WIMUnmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback
WIMUpdateWIMBootEntry
WIMWriteFileWithIntegrity
Sections
.text Size: 644KB - Virtual size: 642KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 124KB - Virtual size: 122KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 852B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/wimmount.sys.sys windows:10 windows x64 arch:x64
16c64541f99f79aa06cfab320e53ad39
Code Sign
33:00:00:06:ad:ac:dd:3c:98:83:5e:29:49:00:00:00:00:06:adCertificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:37Not After15/09/2024, 22:37SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5d:ad:9d:68:3f:a4:f3:26:94:26:a7:37:93:f3:a2:dd:b3:7c:23:a4:f5:52:15:da:33:5f:00:a8:0d:e8:83:f6Signer
Actual PE Digest5d:ad:9d:68:3f:a4:f3:26:94:26:a7:37:93:f3:a2:dd:b3:7c:23:a4:f5:52:15:da:33:5f:00:a8:0d:e8:83:f6Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
wimmount.pdb
Imports
ntoskrnl.exe
ExFreePoolWithTag
KeBugCheckEx
RtlCompareMemory
ZwOpenProcess
ProbeForRead
ZwClose
ExEventObjectType
TmTransactionObjectType
ZwCreateEvent
ProbeForWrite
ObOpenObjectByPointer
PsProcessType
KeWaitForMultipleObjects
RtlAppendUnicodeStringToString
__C_specific_handler
ExInitializeResourceLite
KeWaitForSingleObject
KeInitializeEvent
RtlCompareUnicodeString
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IoGetTopLevelIrp
RtlGetVersion
ObReferenceObjectByHandle
KeSetEvent
PsGetCurrentProcessId
ExDeletePagedLookasideList
IoFileObjectType
ExQueryDepthSList
RtlInitUnicodeString
ExInitializePagedLookasideList
ExpInterlockedPushEntrySList
ObfDereferenceObject
ExDeleteResourceLite
ExpInterlockedPopEntrySList
ZwDuplicateObject
fltmgr.sys
FltSetCallbackDataDirty
FltAcquireResourceShared
FltGetVolumeFromFileObject
FltSendMessage
FltObjectReference
FltObjectDereference
FltCloseClientPort
FltGetVolumeName
FltCreateFileEx2
FltEnumerateInstances
FltFreeSecurityDescriptor
FltCloseCommunicationPort
FltGetRequestorProcessId
FltGetDiskDeviceObject
FltClose
FltSetStreamContext
FltDeleteStreamContext
FltReissueSynchronousIo
FltStartFiltering
FltGetStreamContext
FltReleaseFileNameInformation
FltQueryInformationFile
FltFsControlFile
FltGetFileNameInformation
FltIsDirectory
FltAcquireResourceExclusive
FltSetInformationFile
FltReleaseContext
FltCreateCommunicationPort
FltReleaseResource
FltBuildDefaultSecurityDescriptor
FltCreateFile
FltGetRoutineAddress
FltUntagFile
FltAllocateContext
FltRegisterFilter
FltUnregisterFilter
Sections
.text Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 828B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 12KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
GFIDS Size: 4KB - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/wimprovider.dll.dll regsvr32 windows:10 windows x64 arch:x64
68a332c1423d1c37ec40d4d997c3143a
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ac:ab:a3:02:1b:fb:10:75:f2:02:c2:5a:5a:2a:58:29:1c:2a:53:ce:ee:e7:57:a1:ca:77:a3:cf:48:0a:48:b7Signer
Actual PE Digestac:ab:a3:02:1b:fb:10:75:f2:02:c2:5a:5a:2a:58:29:1c:2a:53:ce:ee:e7:57:a1:ca:77:a3:cf:48:0a:48:b7Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
WimProvider.pdb
Imports
msvcrt
wcsstr
iswalpha
iswspace
??3@YAXPEAX@Z
_wtoi64
towupper
_vsnprintf_s
_wcsnicmp
__RTDynamicCast
memcmp
_errno
_onexit
__dllonexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_vsnwprintf_s
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
_callnewh
malloc
_wcsicmp
wcstoul
_vsnwprintf
wcsncmp
wcschr
wcscat_s
calloc
_wtol
wcscpy_s
wcsncpy_s
memmove_s
wcsrchr
free
_stricmp
_vscwprintf
_strnicmp
_purecall
vswprintf_s
memcpy_s
??_V@YAXPEAX@Z
__C_specific_handler
__CxxFrameHandler3
wcstok_s
wcspbrk
memset
advapi32
EventActivityIdControl
EventWriteTransfer
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
EventRegister
EventUnregister
kernel32
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetVersionExW
SearchPathW
WaitForSingleObject
GetPrivateProfileSectionW
GetDriveTypeW
GetFinalPathNameByHandleW
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DebugBreak
GetModuleFileNameA
SizeofResource
SetLastError
EnterCriticalSection
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
OutputDebugStringW
LockResource
FindResourceExW
LoadResource
DeleteCriticalSection
GetCurrentProcessId
GetModuleHandleW
LoadLibraryExW
HeapFree
IsDebuggerPresent
GetFullPathNameW
HeapReAlloc
HeapAlloc
GetLastError
CompareStringW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
LocalFree
CreateFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
DeleteFileW
GetLocaleInfoW
GetNumberFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
SystemTimeToFileTime
FindFirstFileNameW
FindNextFileNameW
FindClose
HeapSize
HeapDestroy
Sleep
InitializeCriticalSectionEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
WriteFile
SetFileAttributesW
GetFileAttributesW
DeviceIoControl
RemoveDirectoryW
LocalAlloc
CreateEventW
GetOverlappedResult
LoadLibraryW
GetVolumePathNamesForVolumeNameW
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemInfo
VirtualQuery
GetProcessHeap
SetThreadUILanguage
FormatMessageW
CreateDirectoryW
GetFileInformationByHandle
GetVolumePathNameW
FindNextFileW
FindFirstFileW
GetVolumeNameForVolumeMountPointW
ole32
CoTaskMemFree
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateGuid
CoCreateInstance
StringFromGUID2
user32
CharUpperW
CharLowerBuffW
CharNextW
LoadStringW
oleaut32
SysStringLen
VariantTimeToSystemTime
VarDateFromStr
VarBstrCmp
VariantClear
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SysAllocString
SysFreeString
LoadTypeLi
xmllite
CreateXmlReader
CreateXmlWriter
profapi
ord104
ntdll
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlRaiseStatus
NtYieldExecution
DbgPrintEx
RtlNtStatusToDosError
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 416KB - Virtual size: 412KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 164KB - Virtual size: 161KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 16KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/wimserv.exe.exe windows:10 windows x64 arch:x64
dcdc5158ac35f7a529d421af3ca6f38b
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ce:4d:16:d5:4f:be:0f:15:40:77:e1:b6:29:36:ad:ee:c6:4d:8b:3d:2e:50:64:6e:cf:f7:aa:c0:25:40:d8:cdSigner
Actual PE Digestce:4d:16:d5:4f:be:0f:15:40:77:e1:b6:29:36:ad:ee:c6:4d:8b:3d:2e:50:64:6e:cf:f7:aa:c0:25:40:d8:cdDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
wimserv.pdb
Imports
msvcrt
_wcsicmp
_vscwprintf
wcschr
_wcsnicmp
towupper
wcsncmp
wcsrchr
swscanf_s
_vsnwprintf
strcpy_s
memcpy_s
strncpy_s
iswspace
_purecall
malloc
_callnewh
free
_strnicmp
wcsstr
qsort
memcmp
memcpy
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
memset
__C_specific_handler
memmove_s
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
ntdll
DbgPrintEx
NtYieldExecution
RtlRaiseStatus
RtlReAllocateHeap
NtQueryEaFile
NtSetEaFile
NtSetSecurityObject
RtlFindAceByType
RtlDosPathNameToNtPathName_U
RtlGetLastNtStatus
NtQuerySecurityObject
NtQueryVolumeInformationFile
RtlImpersonateSelf
NtQueryInformationProcess
NtCreateFile
NtClose
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlAdjustPrivilege
RtlFreeHeap
RtlAllocateHeap
RtlSetControlSecurityDescriptor
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
kernel32
MultiByteToWideChar
LocalFileTimeToFileTime
GetVolumePathNameW
SetFileTime
DosDateTimeToFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateSemaphoreW
WaitForMultipleObjects
GetPrivateProfileSectionW
GetHandleInformation
UnlockFileEx
LockFileEx
LoadLibraryW
GetVolumePathNamesForVolumeNameW
SetEndOfFile
SetFilePointerEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
ResetEvent
Sleep
CreateMutexW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
GetCurrentProcessId
GetOverlappedResult
HeapAlloc
CreateThread
CloseHandle
RemoveDirectoryW
SetEvent
GetLastError
CreateEventW
WaitForMultipleObjectsEx
GetCurrentThread
HeapFree
LocalFree
CreateFileW
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSemaphore
GetModuleFileNameW
FormatMessageW
GetFileInformationByHandleEx
SetLastError
SetThreadIdealProcessor
InitializeCriticalSectionAndSpinCount
FindFirstFileNameW
SetFileInformationByHandle
GetEnvironmentVariableW
FindFirstFileW
FindClose
GetVolumeInformationW
GetFileInformationByHandle
OpenProcess
DuplicateHandle
GetDriveTypeW
FindNextFileW
GetFileSizeEx
ReadFile
GetModuleHandleExW
CompareStringW
GetProcAddress
LocalAlloc
WriteFile
ReleaseMutex
WideCharToMultiByte
SetFilePointer
FindNextFileNameW
GetLongPathNameW
GetTempPathW
GetCurrentDirectoryW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetVolumeNameForVolumeMountPointW
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileAttributesW
FlushFileBuffers
GetSystemInfo
DeviceIoControl
DeleteFileW
HeapReAlloc
SetFileAttributesW
GlobalMemoryStatusEx
CreateDirectoryW
LoadLibraryExW
FreeLibrary
user32
CharUpperW
TranslateMessage
DispatchMessageW
GetMessageW
rpcrt4
NdrServerCall2
RpcRevertToSelf
RpcServerRegisterAuthInfoW
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
I_RpcMapWin32Status
RpcServerListen
RpcServerRegisterIf
UuidCreate
RpcStringFreeW
UuidToStringW
NdrServerCallAll
RpcServerUseProtseqEpW
UuidFromStringW
RpcImpersonateClient
fltlib
FilterConnectCommunicationPort
FilterLoad
FilterSendMessage
FilterGetMessage
FilterReplyMessage
cabinet
ord23
ord22
ord20
advapi32
AllocateAndInitializeSid
EqualSid
AddAccessAllowedAce
GetTokenInformation
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
FreeSid
RegQueryValueExW
SetSecurityDescriptorDacl
RegEnumKeyExW
InitializeSecurityDescriptor
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
SetThreadToken
OpenThreadToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetAclInformation
OpenEncryptedFileRawW
WriteEncryptedFileRaw
CloseEncryptedFileRaw
RevertToSelf
bcrypt
BCryptDestroyHash
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptHashData
Sections
.text Size: 464KB - Virtual size: 460KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 844B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM10/wofadk.sys.sys windows:10 windows x64 arch:x64
4bd81f9e3c9fb1e47905c1cd33a6d66a
Code Sign
33:00:00:06:ad:ac:dd:3c:98:83:5e:29:49:00:00:00:00:06:adCertificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:37Not After15/09/2024, 22:37SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a8:f6:7e:5e:b0:07:c2:0d:49:00:16:e4:39:12:3b:ef:fe:1a:78:a4:95:f1:05:9e:c2:47:77:a2:24:00:3c:36Signer
Actual PE Digesta8:f6:7e:5e:b0:07:c2:0d:49:00:16:e4:39:12:3b:ef:fe:1a:78:a4:95:f1:05:9e:c2:47:77:a2:24:00:3c:36Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
wofadk.pdb
Imports
ntoskrnl.exe
RtlQueryFeatureConfiguration
RtlRegisterFeatureConfigurationChangeNotification
SeCaptureSubjectContext
ZwOpenKey
ZwClose
SeLockSubjectContext
ZwQueryValueKey
SeUnlockSubjectContext
SeReleaseSubjectContext
RtlEnumerateGenericTableAvl
ExAcquireRundownProtection
RtlLookupElementGenericTableAvl
RtlFreeUnicodeString
SeTokenIsAdmin
RtlDeleteElementGenericTableAvl
RtlAppendUnicodeStringToString
KeGetCurrentIrql
KeDelayExecutionThread
ExRundownCompleted
PsGetProcessImageFileName
IoGetCurrentProcess
ProbeForRead
FsRtlValidateReparsePointBuffer
FsRtlIsNtstatusExpected
TmCurrentTransaction
RtlCompareMemory
RtlInitUnicodeString
RtlEqualUnicodeString
MmMapLockedPagesSpecifyCache
ProbeForWrite
RtlInitializeGenericTableAvl
KeIsExecutingDpc
ExSetTimer
ExReleaseSpinLockExclusive
ExDeleteTimer
KeBugCheckEx
EtwSetInformation
ExAllocateTimer
ExTryAcquirePushLockExclusiveEx
ExReleaseSpinLockSharedFromDpcLevel
ExQueueWorkItem
ExAcquirePushLockExclusiveEx
ExReleasePushLockExclusiveEx
EtwWriteTransfer
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeSetEvent
ExAcquireSpinLockSharedAtDpcLevel
ExAcquireSpinLockExclusive
EtwUnregister
ExReleasePushLockSharedEx
ExAcquirePushLockSharedEx
ExInitializePagedLookasideList
KeWaitForSingleObject
KeQueryPriorityThread
MmMapViewOfSection
ExDeleteLookasideListEx
ZwDeviceIoControlFile
EtwEventEnabled
RtlCheckRegistryKey
ZwCreateSection
ZwQueryInformationThread
RtlSetBit
RtlAreBitsSet
PsInitialSystemProcess
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlRunOnceExecuteOnce
KeStackAttachProcess
KdRefreshDebuggerNotPresent
ZwSetInformationThread
ObReferenceObjectByHandle
swprintf_s
MmUnmapViewOfSection
RtlFindNextForwardRunClear
EtwWrite
IofCallDriver
RtlInitializeBitMap
ZwOpenFile
ExInitializeLookasideListEx
RtlTestBit
KeSetPriorityThread
KeUnstackDetachProcess
_i64tow_s
RtlClearAllBits
IoAllocateWorkItem
RtlAppendUnicodeToString
_wcsicmp
RtlCreateSystemVolumeInformationFolder
IoQueueWorkItemEx
IoFreeWorkItem
KeAllocateCalloutStackEx
IoGetRelatedDeviceObject
ExDeleteNPagedLookasideList
RtlGetCompressionWorkSpaceSize
KeFreeCalloutStack
ExInitializeNPagedLookasideList
KeInitializeMutex
KeReleaseMutex
RtlDecompressBufferEx
RtlDecompressFragment
KeAreAllApcsDisabled
KeInitializeDpc
KeInitializeTimerEx
RtlQueryRegistryValues
KeCancelTimer
KeFlushQueuedDpcs
KeSetCoalescableTimer
RtlCompressBuffer
KeQueryActiveProcessorCountEx
RtlNotifyFeatureUsage
RtlQueryFeatureConfigurationChangeStamp
RtlGetVersion
RtlUnregisterFeatureConfigurationChangeNotification
MmGetSystemRoutineAddress
IoWMIRegistrationControl
MmIsThisAnNtAsSystem
EtwRegister
KeReleaseSpinLock
__C_specific_handler
ExReleaseRundownProtection
ExAcquireFastMutex
ObfReferenceObject
ExQueryDepthSList
ExpInterlockedPushEntrySList
ExReleaseFastMutex
ExpInterlockedPopEntrySList
RtlCompareUnicodeString
ExInitializeRundownProtection
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
KeExpandKernelStackAndCalloutEx
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
ExDeletePagedLookasideList
RtlCopyUnicodeString
ExReInitializeRundownProtection
ExWaitForRundownProtectionRelease
ObfDereferenceObject
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
ObDereferenceObjectDeferDelete
_vsnwprintf
ZwQuerySymbolicLinkObject
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
wcscpy_s
ExAllocatePool2
strcpy_s
ZwOpenDirectoryObject
wcschr
_wcsnicmp
wcsrchr
DbgkWerCaptureLiveKernelDump
KeQueryTimeIncrement
KeAcquireSpinLockRaiseToDpc
__chkstk
fltmgr.sys
FltRegisterFilter
FltFreeGenericWorkItem
FltQueueGenericWorkItem
FltIsOperationSynchronous
FltSetIoPriorityHintIntoCallbackData
FltPerformAsynchronousIo
FltAllocateGenericWorkItem
FltInitializePushLock
FltDeletePushLock
FltFlushBuffers
FltAllocateDeferredIoWorkItem
FltQueueDeferredIoWorkItem
FltFreePoolAlignedWithTag
FltAcquirePushLockSharedEx
FltDeviceIoControlFile
FltReadFile
FltOpenVolume
FltFreeDeferredIoWorkItem
FltAllocatePoolAlignedWithTag
FltIsIoCanceled
FltCompletePendedPreOperation
FltAcquirePushLockExclusiveEx
FltGetIoPriorityHintFromCallbackData
FltReleasePushLockEx
FltInitExtraCreateParameterLookasideList
FltStartFiltering
FltGetRoutineAddress
FltQueryVolumeInformationFile
FltGetVolumeFromFileObject
FltCreateFileEx
FltAttachVolume
FltWriteFile
FltQueryInformationFile
FltObjectDereference
FltUntagFile
FltGetFileNameInformationUnsafe
FltParseFileNameInformation
FltCreateFileEx2
FltGetInstanceContext
FltEnumerateInstances
FltTagFile
FltIsDirectory
FltSetInformationFile
FltPerformSynchronousIo
FltLockUserBuffer
FltAllocateCallbackDataEx
FltFreeCallbackData
FltAllocateExtraCreateParameterList
FltInsertExtraCreateParameter
FltCancelFileOpen
FltDeleteStreamContext
FltReleaseFileNameInformation
FltFsControlFile
FltGetEcpListFromCallbackData
FltGetFileNameInformation
FltEnlistInTransaction
FltSetEcpListIntoCallbackData
FltFindExtraCreateParameter
FltAllocateExtraCreateParameterFromLookasideList
FltSetStreamContext
FltSetTransactionContext
FltReferenceContext
FltGetTransactionContext
FltSetStreamHandleContext
FltSetFileContext
FltDeleteInstanceContext
FltGetDiskDeviceObject
FltClose
FltUnregisterFilter
FltAllocateContext
FltGetVolumeProperties
FltQueryDirectoryFile
FltGetVolumeGuidName
FltReleaseContext
FltDeleteExtraCreateParameterLookasideList
FltGetStreamHandleContext
FltGetStreamContext
FltSetInstanceContext
cng.sys
BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
Sections
.text Size: 68KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 12KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NONPAGE Size: 4KB - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 112KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 864B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GFIDS Size: 4KB - Virtual size: 496B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/Microsoft.Dism.Powershell.dll.dll windows:4 windows x64 arch:x64
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22/04/2014, 17:39Not After22/07/2015, 17:39SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
88:88:f7:3d:82:84:84:fe:82:c0:57:50:dd:f0:8c:f9:bc:a1:f6:10:88:4a:53:17:22:66:fe:f6:83:98:07:53Signer
Actual PE Digest88:88:f7:3d:82:84:84:fe:82:c0:57:50:dd:f0:8c:f9:bc:a1:f6:10:88:4a:53:17:22:66:fe:f6:83:98:07:53Digest Algorithmsha256PE Digest Matchestrue62:70:41:53:77:de:2c:62:37:a5:a7:59:72:a8:5e:cd:ce:5b:bd:22Signer
Actual PE Digest62:70:41:53:77:de:2c:62:37:a5:a7:59:72:a8:5e:cd:ce:5b:bd:22Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Microsoft.Dism.PowerShell.pdb
Sections
.text Size: 113KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l1-1-0.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l1-1-0.pdb
Exports
Exports
AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddMandatoryAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
CheckTokenMembership
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
DeleteAce
DestroyPrivateObjectSecurity
DuplicateToken
DuplicateTokenEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventWriteString
EventWriteTransfer
FindFirstFreeAce
FreeSid
GetAce
GetAclInformation
GetFileSecurityW
GetKernelObjectSecurity
GetLengthSid
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsTokenRestricted
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
OpenThreadToken
PrivilegeCheck
PrivilegedServiceAuditAlarmW
QuerySecurityAccessMask
RegCloseKey
RegCopyTreeW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteTreeA
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegGetValueA
RegGetValueW
RegLoadAppKeyA
RegLoadAppKeyW
RegLoadKeyA
RegLoadKeyW
RegLoadMUIStringA
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExA
RegOpenKeyExW
RegOpenUserClassesRoot
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegRestoreKeyA
RegRestoreKeyW
RegSaveKeyExA
RegSaveKeyExW
RegSetKeySecurity
RegSetValueExA
RegSetValueExW
RegUnLoadKeyA
RegUnLoadKeyW
RegisterTraceGuidsW
RevertToSelf
SetAclInformation
SetFileSecurityW
SetKernelObjectSecurity
SetSecurityAccessMask
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorRMControl
SetSecurityDescriptorSacl
SetTokenInformation
TraceEvent
TraceMessage
TraceMessageVa
UnregisterTraceGuids
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l1-1-1.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l1-1-1.pdb
Exports
Exports
AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddMandatoryAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
CheckTokenMembership
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
DeleteAce
DestroyPrivateObjectSecurity
DuplicateToken
DuplicateTokenEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventWriteEx
EventWriteString
EventWriteTransfer
FindFirstFreeAce
FreeSid
GetAce
GetAclInformation
GetFileSecurityW
GetKernelObjectSecurity
GetLengthSid
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetWindowsAccountDomainSid
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsTokenRestricted
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
MakeAbsoluteSD
MakeSelfRelativeSD
MapGenericMask
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmW
OpenProcessToken
OpenThreadToken
PrivilegeCheck
PrivilegedServiceAuditAlarmW
QuerySecurityAccessMask
RegCloseKey
RegCopyTreeW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteTreeA
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegGetValueA
RegGetValueW
RegLoadAppKeyA
RegLoadAppKeyW
RegLoadKeyA
RegLoadKeyW
RegLoadMUIStringA
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExA
RegOpenKeyExW
RegOpenUserClassesRoot
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegRestoreKeyA
RegRestoreKeyW
RegSaveKeyExA
RegSaveKeyExW
RegSetKeySecurity
RegSetValueExA
RegSetValueExW
RegUnLoadKeyA
RegUnLoadKeyW
RegisterTraceGuidsW
RevertToSelf
SetAclInformation
SetFileSecurityW
SetKernelObjectSecurity
SetPrivateObjectSecurity
SetPrivateObjectSecurityEx
SetSecurityAccessMask
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorRMControl
SetSecurityDescriptorSacl
SetThreadToken
SetTokenInformation
TraceEvent
TraceMessageVa
UnregisterTraceGuids
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l2-1-0.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l2-1-0.pdb
Exports
Exports
CloseServiceHandle
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CredDeleteW
CredEnumerateW
CredFree
CredReadDomainCredentialsW
CredReadW
CredWriteDomainCredentialsW
CredWriteW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 26B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l2-1-1.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l2-1-1.pdb
Exports
Exports
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CloseServiceHandle
CloseTrace
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CreateServiceA
CreateServiceW
CredDeleteA
CredDeleteW
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProtectA
CredProtectW
CredReadA
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
DeleteService
EnableTraceEx2
EnumDependentServicesW
EnumServicesStatusExW
EnumerateTraceGuidsEx
EventAccessControl
EventAccessQuery
EventAccessRemove
NotifyServiceStatusChangeA
NotifyServiceStatusChangeW
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
OpenTraceW
ProcessTrace
QueryAllTracesA
QueryAllTracesW
QueryServiceConfig2A
QueryServiceConfig2W
QueryServiceConfigA
QueryServiceConfigW
QueryServiceObjectSecurity
QueryServiceStatus
QueryServiceStatusEx
RegisterServiceCtrlHandlerA
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerExW
RegisterServiceCtrlHandlerW
RegisterTraceGuidsA
RemoveTraceCallback
SetServiceObjectSecurity
SetServiceStatus
SetTraceCallback
StartServiceA
StartServiceCtrlDispatcherA
StartServiceCtrlDispatcherW
StartServiceW
StartTraceA
StartTraceW
StopTraceW
TraceSetInformation
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l3-1-0.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l3-1-0.pdb
Exports
Exports
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
GetSecurityInfo
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityInfo
Sections
.text Size: 1024B - Virtual size: 579B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-advapi32-l4-1-0.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l4-1-0.pdb
Exports
Exports
AbortSystemShutdownW
InitiateSystemShutdownExW
LookupAccountNameW
LookupAccountSidW
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
LookupPrivilegeValueW
LsaEnumerateTrustedDomains
LsaManageSidNameMapping
Sections
.text Size: 1024B - Virtual size: 808B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 26B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-kernel32-l1-1-0.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-kernel32-l1-1-0.pdb
Exports
Exports
AcquireSRWLockExclusive
AcquireSRWLockShared
AddSIDToBoundaryDescriptor
AddVectoredContinueHandler
AddVectoredExceptionHandler
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AttachConsole
Beep
CallbackMayRunLong
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelWaitableTimer
ChangeTimerQueueTimer
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseHandle
ClosePrivateNamespace
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ContinueDebugEvent
ConvertDefaultLocale
CopyFileExW
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFileA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceW
CreateProcessA
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateWaitableTimerExW
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DecodePointer
DecodeSystemPointer
DefineDosDeviceW
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EncodeSystemPointer
EnterCriticalSection
EnumLanguageGroupLocalesW
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceTypesExA
EnumResourceTypesExW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumUILanguagesW
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindResourceExW
FindStringOrdinal
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringW
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetCPInfo
GetCPInfoExW
GetCalendarInfoEx
GetCalendarInfoW
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetComputerNameExA
GetComputerNameExW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetConsoleTitleW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatEx
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetErrorMode
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileMUIInfo
GetFileMUIPath
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLargePageMinimum
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameA
GetLongPathNameW
GetMemoryErrorHandlingCapabilities
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNLSVersion
GetNLSVersionEx
GetNamedPipeClientComputerNameW
GetNativeSystemInfo
GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx
GetNumberFormatW
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetPhysicallyInstalledSystemMemory
GetPriorityClass
GetProcAddress
GetProcessGroupAffinity
GetProcessHandleCount
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessIdOfThread
GetProcessPreferredUILanguages
GetProcessPriorityBoost
GetProcessTimes
GetProcessVersion
GetProcessWorkingSetSizeEx
GetProductInfo
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLocaleName
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemFileCacheSize
GetSystemFirmwareTable
GetSystemInfo
GetSystemPreferredUILanguages
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadContext
GetThreadGroupAffinity
GetThreadIOPendingFlag
GetThreadId
GetThreadIdealProcessorEx
GetThreadInformation
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetThreadPriorityBoost
GetThreadTimes
GetThreadUILanguage
GetTickCount
GetTickCount64
GetTimeFormatA
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetTimeZoneInformationForYear
GetUILanguageInfo
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetUserDefaultUILanguage
GetUserGeoID
GetUserPreferredUILanguages
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetWriteWatch
GlobalMemoryStatusEx
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapQueryInformation
HeapReAlloc
HeapSetInformation
HeapSize
HeapUnlock
HeapValidate
HeapWalk
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDBCSLeadByte
IsDBCSLeadByteEx
IsDebuggerPresent
IsNLSDefinedString
IsProcessInJob
IsProcessorFeaturePresent
IsThreadAFiber
IsThreadpoolTimerSet
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
IsValidLocaleName
IsWow64Process
LCIDToLocaleName
LCMapStringA
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LeaveCriticalSectionWhenCallbackReturns
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFileTimeToFileTime
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MapUserPhysicalPages
MapViewOfFile
MapViewOfFileEx
MoveFileExW
MoveFileWithProgressW
MultiByteToWideChar
NeedCurrentDirectoryForExePathA
NeedCurrentDirectoryForExePathW
OpenEventA
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrivateNamespaceW
OpenProcess
OpenSemaphoreW
OpenThread
OpenWaitableTimerW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
PeekNamedPipe
PostQueuedCompletionStatus
ProcessIdToSessionId
PurgeComm
QueryDepthSList
QueryDosDeviceW
QueryFullProcessImageNameA
QueryFullProcessImageNameW
QueryIdleProcessorCycleTime
QueryIdleProcessorCycleTimeEx
QueryMemoryResourceNotification
QueryPerformanceCounter
QueryPerformanceFrequency
QueryProcessAffinityUpdateMode
QueryProcessCycleTime
QueryThreadCycleTime
QueryThreadpoolStackInformation
QueryUnbiasedInterruptTime
QueueUserAPC
QueueUserWorkItem
RaiseException
ReOpenFile
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
ReadFileEx
ReadFileScatter
ReadProcessMemory
RegisterBadMemoryNotification
ReleaseMutex
ReleaseMutexWhenCallbackReturns
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseSemaphoreWhenCallbackReturns
RemoveDirectoryA
RemoveDirectoryW
RemoveVectoredContinueHandler
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResetWriteWatch
ResolveLocaleName
RestoreLastError
ResumeThread
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetCalendarInfoW
SetCommBreak
SetCommConfig
SetCommMask
SetCommState
SetCommTimeouts
SetComputerNameExW
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferInfoEx
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleTitleW
SetConsoleWindowInfo
SetCriticalSectionSpinCount
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDynamicTimeZoneInformation
SetEndOfFile
SetEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetEventWhenCallbackReturns
Sections
.text Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-kernel32-l2-1-0.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-kernel32-l2-1-0.pdb
Exports
Exports
AddAtomA
AddAtomW
BackupRead
BackupWrite
BindIoCompletionCallback
ConvertFiberToThread
ConvertThreadToFiber
CopyFileA
CopyFileW
CreateFiber
CreateFileMappingA
CreateFileTransactedW
CreateMailslotA
CreateNamedPipeA
CreateSemaphoreW
DeleteAtom
DeleteFiber
DnsHostnameToComputerNameW
DosDateTimeToFileTime
FatalAppExitA
FatalAppExitW
FileTimeToDosDateTime
FindAtomA
FindAtomW
FindResourceA
FindResourceExA
FindResourceW
GetActiveProcessorCount
GetAtomNameA
GetAtomNameW
GetComputerNameA
GetComputerNameW
GetConsoleWindow
GetDurationFormatEx
GetFirmwareEnvironmentVariableW
GetMaximumProcessorGroupCount
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcessAffinityMask
GetProcessIoCounters
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameA
GetStartupInfoA
GetStringTypeExA
GetSystemPowerStatus
GetSystemWow64DirectoryA
GetSystemWow64DirectoryW
GetTapeParameters
GetTempPathA
GetThreadSelectorEntry
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
InitAtomTable
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFlags
LocalFree
LocalLock
LocalReAlloc
LocalSize
LocalUnlock
MoveFileA
MoveFileExA
MoveFileW
MulDiv
OpenFile
PulseEvent
RaiseFailFastException
RegisterWaitForSingleObject
SetConsoleTitleA
SetFileCompletionNotificationModes
SetFirmwareEnvironmentVariableW
SetHandleCount
SetMailslotInfo
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
SetVolumeLabelW
SwitchToFiber
UnregisterWait
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-ole32-l1-1-0.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-ole32-l1-1-0.pdb
Exports
Exports
CLSIDFromProgID
CLSIDFromString
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoDisconnectObject
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetApartmentType
CoGetClassObject
CoGetCurrentLogicalThreadId
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetObjectContext
CoGetStdMarshalEx
CoGetTreatAsClass
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMessageFilter
CoReleaseMarshalData
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoUnmarshalInterface
CoWaitForMultipleHandles
CreateStreamOnHGlobal
FreePropVariantArray
GetHGlobalFromStream
IIDFromString
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
StringFromCLSID
StringFromGUID2
StringFromIID
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 26B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-ole32-l1-1-1.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-ole32-l1-1-1.pdb
Exports
Exports
CLSIDFromProgID
CLSIDFromString
CoAddRefServerProcess
CoCancelCall
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoDisableCallCancellation
CoDisconnectContext
CoDisconnectObject
CoEnableCallCancellation
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetApartmentType
CoGetCallContext
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetDefaultContext
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetObjectContext
CoGetPSClsid
CoGetStandardMarshal
CoGetStdMarshalEx
CoGetTreatAsClass
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoInvalidateRemoteMachineBindings
CoIsHandlerConnected
CoLockObjectExternal
CoMarshalHresult
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterSurrogate
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoSetCancelObject
CoSetProxyBlanket
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTestCancel
CoUninitialize
CoUnmarshalHresult
CoUnmarshalInterface
CoWaitForMultipleHandles
CreateErrorInfo
CreateStreamOnHGlobal
FreePropVariantArray
GetErrorInfo
GetHGlobalFromStream
IIDFromString
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
SetErrorInfo
StringFromCLSID
StringFromGUID2
StringFromIID
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-shlwapi-l1-1-0.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-shlwapi-l1-1-0.pdb
Exports
Exports
GetAcceptLanguagesW
HashData
IsInternetESCEnabled
ParseURLW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathCanonicalizeA
PathCanonicalizeW
PathCommonPrefixA
PathCommonPrefixW
PathCreateFromUrlAlloc
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathGetArgsA
PathGetArgsW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLW
PathParseIconLocationA
PathParseIconLocationW
PathRelativePathToA
PathRelativePathToW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnquoteSpacesA
PathUnquoteSpacesW
QISearch
SHLoadIndirectString
SHRegCloseUSKey
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetUSValueA
SHRegSetUSValueW
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNCA
StrCmpNCW
StrCmpNIA
StrCmpNICA
StrCmpNICW
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrDupA
StrDupW
StrIsIntlEqualA
StrIsIntlEqualW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCreateFromPathW
UrlEscapeW
UrlFixupW
UrlGetLocationW
UrlGetPartW
UrlIsW
UrlUnescapeA
UrlUnescapeW
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-shlwapi-l1-1-1.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-shlwapi-l1-1-1.pdb
Exports
Exports
GetAcceptLanguagesW
HashData
IsCharSpaceA
IsCharSpaceW
IsInternetESCEnabled
ParseURLW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathCanonicalizeA
PathCanonicalizeW
PathCombineA
PathCombineW
PathCommonPrefixA
PathCommonPrefixW
PathCreateFromUrlAlloc
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathGetArgsA
PathGetArgsW
PathGetCharTypeA
PathGetCharTypeW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLW
PathMatchSpecA
PathMatchSpecExA
PathMatchSpecExW
PathMatchSpecW
PathParseIconLocationA
PathParseIconLocationW
PathQuoteSpacesA
PathQuoteSpacesW
PathRelativePathToA
PathRelativePathToW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSearchAndQualifyA
PathSearchAndQualifyW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnExpandEnvStringsA
PathUnExpandEnvStringsW
PathUnquoteSpacesA
PathUnquoteSpacesW
QISearch
SHLoadIndirectString
SHRegCloseUSKey
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetUSValueA
SHRegSetUSValueW
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNCA
StrCmpNCW
StrCmpNIA
StrCmpNICA
StrCmpNICW
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrDupA
StrDupW
StrIsIntlEqualA
StrIsIntlEqualW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCreateFromPathW
UrlEscapeW
UrlFixupW
UrlGetLocationW
UrlGetPartW
UrlIsW
UrlUnescapeA
UrlUnescapeW
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-user32-l1-1-0.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-user32-l1-1-0.pdb
Exports
Exports
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 26B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-user32-l1-1-1.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-user32-l1-1-1.pdb
Exports
Exports
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW
LoadStringA
LoadStringW
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/api-ms-win-downlevel-version-l1-1-0.dll.dll windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-version-l1-1-0.pdb
Exports
Exports
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerFindFileA
VerFindFileW
VerQueryValueA
VerQueryValueW
Sections
.text Size: 1024B - Virtual size: 540B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/compatprovider.dll.dll regsvr32 windows:6 windows x64 arch:x64
b39192a46aa822b7b253b1ba4865752f
Code Sign
33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2bCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/09/2012, 21:12Not After04/12/2013, 21:12SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/08/2012, 17:49Not After30/11/2013, 17:49SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6f:54:e5:99:83:dd:ac:67:2b:13:81:41:5f:b0:97:23:60:18:47:a1:cd:f1:68:5d:50:42:a3:b7:1c:45:7e:4fSigner
Actual PE Digest6f:54:e5:99:83:dd:ac:67:2b:13:81:41:5f:b0:97:23:60:18:47:a1:cd:f1:68:5d:50:42:a3:b7:1c:45:7e:4fDigest Algorithmsha256PE Digest Matchestrue0c:e0:a1:15:a6:d7:3f:20:85:2c:aa:40:55:31:85:02:57:8f:7d:5eSigner
Actual PE Digest0c:e0:a1:15:a6:d7:3f:20:85:2c:aa:40:55:31:85:02:57:8f:7d:5eDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
CompatProvider.pdb
Imports
msvcrt
_wcsnicmp
??0exception@@QEAA@XZ
?what@exception@@UEBAPEBDXZ
_purecall
vswprintf_s
wcsrchr
_wcsicmp
_vsnwprintf
wcschr
memset
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
wcsncpy_s
_XcptFilter
_amsg_exit
_initterm
?terminate@@YAXXZ
_lock
__RTDynamicCast
memcmp
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_vscwprintf
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
memcpy_s
malloc
wcscat_s
free
wcscpy_s
_unlock
memcpy
ntdll
RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAllocateHeap
kernel32
ExpandEnvironmentStringsW
MapViewOfFile
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
SetThreadUILanguage
GetVersionExW
SetEnvironmentVariableW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
LocalFree
CreateFileW
CloseHandle
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetNativeSystemInfo
GetFileAttributesW
ReadFile
SetFilePointer
GetStartupInfoW
FreeLibrary
GetExitCodeProcess
CreateProcessW
GetCurrentDirectoryW
WaitForSingleObject
UnmapViewOfFile
SetLastError
CreateFileMappingW
FindFirstFileW
SetFileAttributesW
FindNextFileW
DeviceIoControl
FindClose
SearchPathW
advapi32
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
user32
CharLowerBuffW
LoadStringW
CharNextW
ole32
StringFromGUID2
CoTaskMemFree
CoCreateGuid
StringFromCLSID
ProgIDFromCLSID
CoCreateInstance
oleaut32
SysFreeString
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
VarBstrCat
SetErrorInfo
CreateErrorInfo
VariantClear
SysAllocStringLen
LoadRegTypeLi
version
VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 115KB - Virtual size: 114KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/dism.Format.ps1xml.ps1
-
Bin/x64/DISM81/dism.Types.ps1xml.xml
-
Bin/x64/DISM81/dism.exe.exe windows:6 windows x64 arch:x64
24ffc8bf66aaab58a29d158512e9e38e
Code Sign
33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1a:7e:a9:55:fe:50:20:f2:6a:8a:36:c5:f9:d3:1a:42:be:b4:79:11:50:1e:1c:c0:71:8c:75:d7:61:52:27:d7Signer
Actual PE Digest1a:7e:a9:55:fe:50:20:f2:6a:8a:36:c5:f9:d3:1a:42:be:b4:79:11:50:1e:1c:c0:71:8c:75:d7:61:52:27:d7Digest Algorithmsha256PE Digest Matchestrued7:8b:51:45:b6:fb:89:cc:de:8b:5c:bd:7e:c4:ab:32:c0:6f:04:87Signer
Actual PE Digestd7:8b:51:45:b6:fb:89:cc:de:8b:5c:bd:7e:c4:ab:32:c0:6f:04:87Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
Dism.pdb
Imports
msvcrt
realloc
_errno
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
wcsstr
iswalpha
_wcsnicmp
??0exception@@QEAA@XZ
towlower
memcpy_s
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
wcscpy_s
memcpy
memcmp
_lock
__C_specific_handler
memset
wcsrchr
calloc
malloc
_purecall
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcslwr_s
_wcsicmp
wcschr
wprintf
memmove_s
__RTDynamicCast
wcscmp
api-ms-win-downlevel-kernel32-l1-1-0
GetCommandLineW
HeapFree
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceExW
Sleep
OutputDebugStringW
GetModuleHandleW
GetCurrentProcess
GetVersionExW
SearchPathW
MapViewOfFile
GetCurrentThreadId
DeleteCriticalSection
RaiseException
SetErrorMode
CompareStringW
SetThreadUILanguage
GetStdHandle
HeapAlloc
WriteConsoleW
SetConsoleCtrlHandler
WideCharToMultiByte
WriteFile
CloseHandle
GetFileType
GetConsoleMode
GetModuleFileNameW
UnmapViewOfFile
CreateFileMappingW
FindFirstFileW
CopyFileExW
GetLastError
FindClose
DeviceIoControl
FindNextFileW
SetFileAttributesW
GetDriveTypeW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
WaitForSingleObject
GetSystemInfo
HeapDestroy
HeapReAlloc
HeapSize
LoadLibraryExW
FreeLibrary
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetModuleHandleExW
LeaveCriticalSection
SetEvent
EnterCriticalSection
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
InitializeCriticalSection
GetProcAddress
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
ReadFile
SetFilePointer
api-ms-win-downlevel-advapi32-l1-1-1
IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
IsValidSid
CopySid
GetLengthSid
TraceEvent
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorDacl
OpenProcessToken
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceLoggerHandle
RegisterTraceGuidsW
GetTraceEnableLevel
api-ms-win-downlevel-advapi32-l4-1-0
LookupPrivilegeValueW
InitiateSystemShutdownExW
api-ms-win-downlevel-ole32-l1-1-1
CoCreateInstance
CoUninitialize
GetErrorInfo
CoInitializeEx
CoInitializeSecurity
api-ms-win-downlevel-kernel32-l2-1-0
LocalAlloc
LocalFree
api-ms-win-downlevel-user32-l1-1-1
CharLowerBuffW
ntdll
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlNtStatusToDosError
RtlGetVersion
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
oleaut32
SysFreeString
SysAllocString
VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
api-ms-win-downlevel-version-l1-1-0
GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW
Sections
.text Size: 213KB - Virtual size: 213KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/dism.psd1
-
Bin/x64/DISM81/dism.psm1
-
Bin/x64/DISM81/dismapi.dll.dll windows:6 windows x64 arch:x64
ed9d6ce3d8cf98009ecb16f7c00b3174
Code Sign
33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
2d:13:e5:7e:f4:63:ea:17:00:6c:1d:eb:f0:d8:4e:a0:92:cb:f0:65:70:f8:88:fc:c7:35:84:aa:0f:ba:a0:1cSigner
Actual PE Digest2d:13:e5:7e:f4:63:ea:17:00:6c:1d:eb:f0:d8:4e:a0:92:cb:f0:65:70:f8:88:fc:c7:35:84:aa:0f:ba:a0:1cDigest Algorithmsha256PE Digest Matchestrue0f:53:7e:46:8f:5f:8c:5c:29:93:2a:c8:ce:af:6e:89:c7:db:e7:49Signer
Actual PE Digest0f:53:7e:46:8f:5f:8c:5c:29:93:2a:c8:ce:af:6e:89:c7:db:e7:49Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DismApi.pdb
Imports
msvcrt
fclose
wcstok_s
fgetws
_wfopen
feof
iswctype
strrchr
rand
??0exception@@QEAA@XZ
_wcslwr_s
_wtoi
towlower
wcsstr
_vsnwprintf
wcsrchr
_wcsnicmp
memcpy_s
malloc
iswalpha
_wcsicmp
_purecall
wcstoul
_wcstoui64
wcschr
iswspace
swscanf_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
memcmp
memcpy
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
wcscpy_s
__C_specific_handler
memset
vsprintf_s
_vscprintf
calloc
_vsnprintf
?what@exception@@UEBAPEBDXZ
free
vswprintf_s
_vscwprintf
memmove_s
??0exception@@QEAA@AEBV0@@Z
wcscmp
api-ms-win-downlevel-kernel32-l1-1-0
FileTimeToLocalFileTime
FileTimeToSystemTime
SearchPathW
WaitForSingleObject
CompareStringW
HeapFree
GetProcessHeap
GetEnvironmentVariableW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetThreadUILanguage
OutputDebugStringA
GetModuleHandleExW
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetVersionExW
GetModuleHandleW
TlsAlloc
GetWindowsDirectoryW
TlsFree
CreateFileA
CreateMutexW
WaitForMultipleObjectsEx
GetFileSizeEx
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
GetVersion
DeleteFileA
DebugBreak
DeleteFileW
ReleaseMutex
CreateThread
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
MultiByteToWideChar
Sleep
QueryPerformanceCounter
OutputDebugStringW
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
WriteFile
GetLastError
ResetEvent
GetCurrentProcess
CreateFileMappingW
GetLocalTime
IsWow64Process
TlsSetValue
FormatMessageA
VirtualQuery
UnmapViewOfFile
MapViewOfFile
TlsGetValue
GetFileSize
ExitProcess
MoveFileExW
GetLocaleInfoW
GetFileAttributesW
GetSystemTime
GetTimeFormatW
SetFilePointer
GetSystemWindowsDirectoryW
CreateEventW
ResumeThread
DuplicateHandle
SetEvent
GetCommandLineW
GetTempFileNameW
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
FormatMessageW
GetFullPathNameW
FindFirstFileW
CopyFileExW
CreateFileW
FlushFileBuffers
GetTempPathW
SetLastError
FindClose
DeviceIoControl
FindNextFileW
CloseHandle
GetFileInformationByHandle
SetFileAttributesW
GetCurrentThread
GetSystemInfo
SetErrorMode
GetSystemTimeAsFileTime
CreateDirectoryW
FindResourceExW
api-ms-win-downlevel-advapi32-l1-1-1
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyExW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
AddAccessAllowedAce
EqualSid
OpenProcessToken
GetTokenInformation
OpenThreadToken
InitializeAcl
SetSecurityDescriptorDacl
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
InitializeSecurityDescriptor
GetLengthSid
api-ms-win-downlevel-ole32-l1-1-1
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx
GetErrorInfo
api-ms-win-downlevel-kernel32-l2-1-0
CreateFileMappingA
LocalFree
api-ms-win-downlevel-user32-l1-1-1
CharLowerBuffW
ntdll
RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlVirtualUnwind
RtlGetVersion
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateHeap
oleaut32
SystemTimeToVariantTime
SysAllocStringLen
VarBstrCat
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
LoadTypeLi
LoadRegTypeLi
VariantClear
VarBstrCmp
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantTimeToSystemTime
api-ms-win-downlevel-version-l1-1-0
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW
Exports
Exports
DismAddDriver
DismAddPackage
DismApplyUnattend
DismCheckImageHealth
DismCleanupMountpoints
DismCloseSession
DismCommitImage
DismDelete
DismDisableFeature
DismEnableFeature
DismGetDriverInfo
DismGetDrivers
DismGetFeatureInfo
DismGetFeatureParent
DismGetFeatures
DismGetImageInfo
DismGetLastErrorMessage
DismGetMountedImageInfo
DismGetPackageInfo
DismGetPackages
DismInitialize
DismMountImage
DismOpenSession
DismRemountImage
DismRemoveDriver
DismRemovePackage
DismRestoreImageHealth
DismShutdown
DismUnmountImage
_DismAddProvisionedAppxPackage
_DismEnableDisableFeature
_DismExportDriver
_DismGetCurrentEdition
_DismGetFeaturesEx
_DismGetKCacheBinaryValue
_DismGetKCacheDwordValue
_DismGetKCacheStringValue
_DismGetLastCBSSessionID
_DismGetOsInfo
_DismGetProductKeyInfo
_DismGetProvisionedAppxPackages
_DismGetRegistryMountPoint
_DismGetStateFromCBSSessionID
_DismGetTargetEditions
_DismOptimizeImage
_DismRemoveProvisionedAppxPackage
_DismSetAppXProvisionedDataFile
_DismSetEdition
_DismSetFirstBootCommandLine
_DismSetMachineName
_DismSetProductKey
_DismValidateProductKey
Sections
.text Size: 583KB - Virtual size: 583KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/dismcore.dll.dll regsvr32 windows:6 windows x64 arch:x64
ab165f57087b13a51f41e0da5dc834a3
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8b:b2:c3:3f:b8:78:cd:43:75:37:e4:e8:e6:78:a9:f8:e8:21:f4:2f:f5:c9:3b:da:41:a4:de:f2:e7:e0:46:ccSigner
Actual PE Digest8b:b2:c3:3f:b8:78:cd:43:75:37:e4:e8:e6:78:a9:f8:e8:21:f4:2f:f5:c9:3b:da:41:a4:de:f2:e7:e0:46:ccDigest Algorithmsha256PE Digest Matchestruea3:1e:93:0c:b0:f7:1a:d8:59:53:b8:8d:11:41:21:d1:9b:28:2f:19Signer
Actual PE Digesta3:1e:93:0c:b0:f7:1a:d8:59:53:b8:8d:11:41:21:d1:9b:28:2f:19Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DismCore.pdb
Imports
msvcrt
fclose
wcstok_s
swscanf_s
fgetws
_wfopen
feof
iswctype
strrchr
_vsnprintf
towlower
_wcsnicmp
_vsnwprintf
vsprintf_s
_vscprintf
rand
wcsstr
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
__CxxFrameHandler3
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
memset
wcscat_s
wcsncpy_s
calloc
_purecall
malloc
_resetstkoflw
wcscpy_s
vswprintf_s
_vscwprintf
wcschr
wcsrchr
_wcsicmp
memmove_s
memcpy_s
_wtoi
free
memcpy
api-ms-win-downlevel-kernel32-l1-1-0
TerminateProcess
GetModuleFileNameW
GetModuleHandleW
CopyFileExW
CreateFileA
TlsFree
CreateEventW
GetWindowsDirectoryW
TlsAlloc
GetLocalTime
TlsSetValue
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
FormatMessageA
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
VirtualQuery
GetProcAddress
LoadLibraryExW
WaitForSingleObject
SetEvent
FreeLibrary
TlsGetValue
GetFileSize
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetVersion
ExitProcess
CreateFileMappingW
SetLastError
GetVersionExW
CompareStringW
UnmapViewOfFile
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetModuleHandleExW
MapViewOfFile
SearchPathW
GetTempPathW
FindNextFileW
MultiByteToWideChar
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
SetThreadUILanguage
GetLastError
SetFileAttributesW
GetCurrentDirectoryW
GetDriveTypeW
DeviceIoControl
FindClose
FindFirstFileW
IsDebuggerPresent
FlushFileBuffers
GetFileSizeEx
DeleteFileA
DebugBreak
DeleteFileW
ReleaseMutex
CreateMutexA
LoadLibraryExA
GetModuleFileNameA
DuplicateHandle
WriteFile
ExpandEnvironmentStringsA
GetCurrentThread
CreateMutexW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
MoveFileExW
GetSystemDirectoryW
FormatMessageW
GetSystemWindowsDirectoryW
GetNativeSystemInfo
GetSystemInfo
CreateProcessW
GetEnvironmentStringsW
GetExitCodeProcess
FreeEnvironmentStringsW
SetFilePointer
ReadFile
GetFileAttributesW
api-ms-win-downlevel-ole32-l1-1-1
SetErrorInfo
CoTaskMemFree
StringFromCLSID
CreateErrorInfo
CoSetProxyBlanket
CoCreateGuid
GetErrorInfo
CoRegisterPSClsid
CoRevokeClassObject
StringFromGUID2
CoCreateInstance
CoRegisterClassObject
ProgIDFromCLSID
api-ms-win-downlevel-user32-l1-1-1
CharNextW
LoadStringW
api-ms-win-downlevel-advapi32-l1-1-1
AdjustTokenPrivileges
GetTokenInformation
EqualSid
OpenThreadToken
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
GetLengthSid
AllocateAndInitializeSid
CheckTokenMembership
RegOpenKeyExW
FreeSid
RegQueryInfoKeyW
InitializeSecurityDescriptor
OpenProcessToken
RegCloseKey
api-ms-win-downlevel-kernel32-l2-1-0
LocalFree
CreateFileMappingA
ntdll
RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtSetInformationFile
oleaut32
SysAllocStringLen
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLibEx
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
api-ms-win-downlevel-version-l1-1-0
GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW
api-ms-win-downlevel-advapi32-l4-1-0
LookupPrivilegeValueW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 230KB - Virtual size: 229KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 73KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/dismcoreps.dll.dll regsvr32 windows:6 windows x64 arch:x64
3a462efaace87409e839f94892aa61f5
Code Sign
33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5aCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2014, 17:13Not After23/08/2015, 17:13SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=WA,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22/04/2014, 17:39Not After22/07/2015, 17:39SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
32:e9:45:4c:c4:c6:e9:9c:23:22:55:6a:79:1b:1c:85:53:d8:9e:45:76:ef:d7:b7:a5:98:1c:cb:a1:52:4e:92Signer
Actual PE Digest32:e9:45:4c:c4:c6:e9:9c:23:22:55:6a:79:1b:1c:85:53:d8:9e:45:76:ef:d7:b7:a5:98:1c:cb:a1:52:4e:92Digest Algorithmsha256PE Digest Matchestrue13:ba:40:7d:8e:b0:90:e3:9e:68:01:25:38:5d:e8:6f:f2:8b:3d:fdSigner
Actual PE Digest13:ba:40:7d:8e:b0:90:e3:9e:68:01:25:38:5d:e8:6f:f2:8b:3d:fdDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
DismCorePS.pdb
Imports
msvcrt
_amsg_exit
free
malloc
_initterm
__C_specific_handler
_XcptFilter
memcmp
oleaut32
BSTR_UserMarshal
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserSize64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserSize
BSTR_UserSize64
BSTR_UserFree64
BSTR_UserUnmarshal64
BSTR_UserMarshal64
rpcrt4
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
IUnknown_AddRef_Proxy
NdrStubCall3
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
IUnknown_Release_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_CountRefs
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-downlevel-kernel32-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllGetDismInterfaces
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 408B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/dismprov.dll.dll regsvr32 windows:6 windows x64 arch:x64
653cb1447af8ec138aa22391936c3669
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
db:44:bb:0b:0a:e1:47:f5:00:aa:a5:ee:42:ae:2d:c9:7a:66:e8:4c:01:d5:19:87:b1:aa:18:00:62:43:b6:aaSigner
Actual PE Digestdb:44:bb:0b:0a:e1:47:f5:00:aa:a5:ee:42:ae:2d:c9:7a:66:e8:4c:01:d5:19:87:b1:aa:18:00:62:43:b6:aaDigest Algorithmsha256PE Digest Matchestrued7:0f:20:70:d2:ce:53:22:5f:fd:24:29:cc:4f:ad:b7:d6:89:88:26Signer
Actual PE Digestd7:0f:20:70:d2:ce:53:22:5f:fd:24:29:cc:4f:ad:b7:d6:89:88:26Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DISMProv.pdb
Imports
msvcrt
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
memset
_unlock
__dllonexit
wcscpy_s
calloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
wcsrchr
_purecall
vswprintf_s
_vscwprintf
_onexit
memcpy_s
memcmp
free
_wcsicmp
wcschr
_wcsnicmp
_vsnwprintf
_vsnprintf
rand
_vscprintf
vsprintf_s
_wtoi
towlower
strrchr
iswctype
feof
_wfopen
fgetws
swscanf_s
wcstok_s
fclose
malloc
__RTDynamicCast
wcsncpy_s
wcscat_s
memcpy
ntdll
RtlAllocateHeap
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
oleaut32
SysAllocString
VarUI4FromStr
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
RegisterTypeLi
UnRegisterTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen
api-ms-win-downlevel-kernel32-l1-1-0
TlsSetValue
GetLocalTime
CreateFileMappingW
TlsAlloc
GetWindowsDirectoryW
TlsFree
CreateFileA
CreateMutexW
CreateFileW
GetLastError
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetCurrentThread
ExpandEnvironmentStringsA
WriteFile
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
ReleaseMutex
LeaveCriticalSection
RaiseException
EnterCriticalSection
DeleteFileW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetModuleHandleExW
CompareStringW
LockResource
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
FormatMessageA
SetFilePointer
HeapDestroy
HeapAlloc
UnmapViewOfFile
HeapFree
HeapSize
GetProcessHeap
GetVersion
GetSystemInfo
WideCharToMultiByte
DebugBreak
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetFullPathNameW
GetFileAttributesW
FlushFileBuffers
GetTempPathW
SetLastError
DeviceIoControl
DeleteFileA
MapViewOfFile
TlsGetValue
WaitForSingleObject
GetFileSizeEx
GetFileSize
FormatMessageW
VirtualQuery
IsDebuggerPresent
HeapReAlloc
ExitProcess
GetTempFileNameW
api-ms-win-downlevel-ole32-l1-1-1
CoRegisterPSClsid
CoTaskMemFree
CoRevokeClassObject
CoTaskMemRealloc
CoCreateInstance
CoRegisterClassObject
StringFromGUID2
CoUnmarshalInterface
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
api-ms-win-downlevel-user32-l1-1-1
CharNextW
api-ms-win-downlevel-advapi32-l1-1-1
EqualSid
RegEnumKeyExW
RegQueryInfoKeyW
InitializeSecurityDescriptor
GetTokenInformation
OpenThreadToken
SetSecurityDescriptorDacl
OpenProcessToken
InitializeAcl
AddAccessAllowedAce
RegOpenKeyExW
RegSetValueExW
GetLengthSid
RegCreateKeyExW
RegDeleteValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
api-ms-win-downlevel-kernel32-l2-1-0
CreateFileMappingA
lstrcmpiW
LocalFree
api-ms-win-downlevel-version-l1-1-0
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 183KB - Virtual size: 182KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 17KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/VHDProvider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/compatprovider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/dism.exe.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 28KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/dismapi.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/dismcore.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/dismprov.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/folderprovider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/imagingprovider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 12KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/logprovider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/wimgapi.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 14KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/en-us/wimprovider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/folderprovider.dll.dll regsvr32 windows:6 windows x64 arch:x64
69bf22184878d8652491bf025bd98332
Code Sign
33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/08/2012, 17:49Not After30/11/2013, 17:49SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
fc:fe:e0:8e:86:f0:c6:c5:5a:13:f1:3e:5d:f4:77:c2:71:f6:d2:f3:77:ed:90:60:f0:34:91:91:61:91:7e:d3Signer
Actual PE Digestfc:fe:e0:8e:86:f0:c6:c5:5a:13:f1:3e:5d:f4:77:c2:71:f6:d2:f3:77:ed:90:60:f0:34:91:91:61:91:7e:d3Digest Algorithmsha256PE Digest Matchestrue5b:ae:f9:36:c2:bd:60:fd:5c:68:80:4c:9c:28:53:9d:83:1b:07:8eSigner
Actual PE Digest5b:ae:f9:36:c2:bd:60:fd:5c:68:80:4c:9c:28:53:9d:83:1b:07:8eDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
FolderProvider.pdb
Imports
msvcrt
__CxxFrameHandler3
_vsnwprintf
_wcsnicmp
wcschr
??1type_info@@UEAA@XZ
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
memmove_s
__C_specific_handler
memset
memcpy_s
_purecall
vswprintf_s
wcsncpy_s
_vscwprintf
wcscat_s
free
wcscpy_s
_onexit
memcmp
ntdll
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateHeap
api-ms-win-downlevel-kernel32-l1-1-0
GetFileAttributesW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapDestroy
HeapAlloc
HeapReAlloc
SetLastError
HeapSize
GetProcessHeap
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFullPathNameW
HeapFree
api-ms-win-downlevel-user32-l1-1-1
CharNextW
api-ms-win-downlevel-advapi32-l1-1-1
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
api-ms-win-downlevel-ole32-l1-1-1
CoCreateInstance
StringFromGUID2
oleaut32
SysFreeString
LoadRegTypeLi
SysAllocStringLen
RegisterTypeLi
SysStringLen
SysAllocStringByteLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysStringByteLen
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 36KB - Virtual size: 36KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 882B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/imagingprovider.dll.dll regsvr32 windows:6 windows x64 arch:x64
b6c9a20bf0991cbb53a24847e7c87df8
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
58:22:76:e9:fb:8b:88:ca:80:67:b3:cd:65:ce:54:49:f2:f5:a3:84:c6:1d:c0:ba:c1:ff:80:6b:d8:a5:9b:dbSigner
Actual PE Digest58:22:76:e9:fb:8b:88:ca:80:67:b3:cd:65:ce:54:49:f2:f5:a3:84:c6:1d:c0:ba:c1:ff:80:6b:d8:a5:9b:dbDigest Algorithmsha256PE Digest Matchestruec8:cd:48:e0:42:a9:91:09:e3:e3:60:a1:84:e4:4b:e6:e8:3f:be:68Signer
Actual PE Digestc8:cd:48:e0:42:a9:91:09:e3:e3:60:a1:84:e4:4b:e6:e8:3f:be:68Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
ImagingProvider.pdb
Imports
msvcrt
wcschr
towlower
__RTDynamicCast
memcmp
iswalpha
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_vsnwprintf
wcsncpy_s
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
__C_specific_handler
memset
calloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_purecall
memcpy_s
vswprintf_s
wcsrchr
_vscwprintf
_wcsicmp
wcstoul
_wcsnicmp
wcscat_s
free
wcscpy_s
ntdll
RtlVerifyVersionInfo
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-downlevel-kernel32-l1-1-0
MapViewOfFile
UnmapViewOfFile
SearchPathW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
CreateFileMappingW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetLocaleInfoW
GetNumberFormatW
HeapAlloc
GetProcessHeap
HeapFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CompareStringW
GetVersionExW
HeapDestroy
HeapReAlloc
HeapSize
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
SetThreadUILanguage
FormatMessageW
FindResourceExW
LoadResource
LockResource
CloseHandle
SetLastError
CreateFileW
FreeLibrary
api-ms-win-downlevel-user32-l1-1-1
LoadStringW
CharLowerBuffW
CharNextW
api-ms-win-downlevel-advapi32-l1-1-1
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
api-ms-win-downlevel-ole32-l1-1-1
StringFromGUID2
CoCreateInstance
GetErrorInfo
SetErrorInfo
CreateErrorInfo
ProgIDFromCLSID
CoTaskMemFree
api-ms-win-downlevel-kernel32-l2-1-0
LocalFree
oleaut32
VariantClear
LoadRegTypeLi
SysFreeString
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocStringLen
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 137KB - Virtual size: 137KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/logprovider.dll.dll regsvr32 windows:6 windows x64 arch:x64
37235cdd2854ed6aa4504d75e91e94ae
Code Sign
33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/08/2012, 17:49Not After30/11/2013, 17:49SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c9:6a:50:2f:5b:f8:50:f9:00:0b:2c:fb:47:de:63:78:11:1d:8a:35:eb:8a:01:5b:01:a7:95:61:62:82:9b:2dSigner
Actual PE Digestc9:6a:50:2f:5b:f8:50:f9:00:0b:2c:fb:47:de:63:78:11:1d:8a:35:eb:8a:01:5b:01:a7:95:61:62:82:9b:2dDigest Algorithmsha256PE Digest Matchestruea7:9d:f5:17:02:38:3b:76:33:79:6b:6b:d6:ac:ec:06:c6:cc:3d:07Signer
Actual PE Digesta7:9d:f5:17:02:38:3b:76:33:79:6b:6b:d6:ac:ec:06:c6:cc:3d:07Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
LogProvider.pdb
Imports
msvcrt
wcstok_s
fclose
memcmp
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
swscanf_s
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
fgetws
malloc
__C_specific_handler
memset
calloc
memmove_s
_purecall
memcpy_s
vswprintf_s
_vscwprintf
_vsnprintf
wcscat_s
free
_wfopen
wcscpy_s
feof
wcsncpy_s
__dllonexit
rand
_vscprintf
vsprintf_s
_vsnwprintf
_wcsicmp
wcsrchr
wcschr
_wtoi
_wcsnicmp
towlower
strrchr
iswctype
memcpy
ntdll
RtlAllocateHeap
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
oleaut32
LoadTypeLi
SysStringLen
RegisterTypeLi
SysFreeString
UnRegisterTypeLi
SysAllocStringLen
SetErrorInfo
CreateErrorInfo
LoadRegTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
api-ms-win-downlevel-kernel32-l1-1-0
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SearchPathW
ExitProcess
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileSize
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
TlsGetValue
VirtualQuery
FormatMessageA
TlsSetValue
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapAlloc
GetProcessHeap
OutputDebugStringA
HeapFree
CreateDirectoryW
GetLocalTime
TlsAlloc
GetWindowsDirectoryW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapReAlloc
HeapSize
GetVersion
TlsFree
CreateFileA
GetVersionExW
MultiByteToWideChar
GetCurrentThread
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
CloseHandle
FormatMessageW
CreateMutexW
ExpandEnvironmentStringsA
WriteFile
GetModuleFileNameA
GetSystemWindowsDirectoryW
GetSystemInfo
LoadLibraryExA
CreateMutexA
ReleaseMutex
DeleteFileW
GetTempFileNameW
GetFullPathNameW
DebugBreak
DeleteFileA
GetFileAttributesW
SetFilePointer
GetFileSizeEx
FreeLibrary
WaitForSingleObject
FlushFileBuffers
GetTempPathW
SetLastError
DeviceIoControl
IsDebuggerPresent
api-ms-win-downlevel-user32-l1-1-1
CharNextW
LoadStringW
api-ms-win-downlevel-advapi32-l1-1-1
EqualSid
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
OpenProcessToken
InitializeSecurityDescriptor
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
FreeSid
GetLengthSid
api-ms-win-downlevel-ole32-l1-1-1
CoTaskMemFree
StringFromGUID2
CoCreateInstance
ProgIDFromCLSID
api-ms-win-downlevel-kernel32-l2-1-0
LocalFree
CreateFileMappingA
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 96KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/pkgmgr.exe.exe windows:6 windows x64 arch:x64
3fde5e726066132875ab818c3cf2ba1d
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:84:5e:2e:68:12:0d:0b:07:bb:f4:46:b2:6a:ad:f8:e6:89:2c:cf:16:87:4f:ef:42:72:53:b0:58:b4:1b:70Signer
Actual PE Digest08:84:5e:2e:68:12:0d:0b:07:bb:f4:46:b2:6a:ad:f8:e6:89:2c:cf:16:87:4f:ef:42:72:53:b0:58:b4:1b:70Digest Algorithmsha256PE Digest Matchestrued6:86:0f:5e:b1:a3:89:3a:9e:6d:1b:c0:45:4c:48:a3:8c:e8:62:02Signer
Actual PE Digestd6:86:0f:5e:b1:a3:89:3a:9e:6d:1b:c0:45:4c:48:a3:8c:e8:62:02Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
pkgmgr.pdb
Imports
advapi32
StartTraceW
EnableTrace
ControlTraceW
CloseTrace
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
kernel32
FormatMessageW
GetFileAttributesW
CreateDirectoryW
GetFileAttributesExW
CreateFileW
FreeLibrary
MoveFileExW
GetSystemTime
GetProcAddress
LoadLibraryW
GetWindowsDirectoryW
DeleteFileW
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
OutputDebugStringA
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetFullPathNameW
GetLastError
ExpandEnvironmentStringsW
GetModuleFileNameW
GetEnvironmentVariableW
GetCurrentProcessId
SetEnvironmentVariableW
LocalFree
GetCurrentProcess
GetModuleHandleExW
LoadLibraryExW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
SetLastError
GetCommandLineW
HeapSetInformation
Sleep
CloseHandle
DeviceIoControl
user32
MessageBoxW
msvcrt
malloc
memmove
wcsrchr
_vsnwprintf
_wcsicmp
_vsnprintf
wcstoul
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
_wcsnicmp
wcschr
free
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_CxxThrowException
__CxxFrameHandler3
wcsstr
memset
?terminate@@YAXXZ
_errno
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memcpy_s
memmove_s
memcpy
strcmp
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sections
.text Size: 178KB - Virtual size: 177KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 790B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/ssshim.dll.dll windows:6 windows x64 arch:x64
bb129d3e7f9249ae5b71eb8b840f7923
Code Sign
33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2bCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/09/2012, 21:12Not After04/12/2013, 21:12SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/08/2012, 17:49Not After30/11/2013, 17:49SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
99:9a:47:78:9f:e2:1e:63:46:4f:10:22:59:f7:c4:af:4b:1a:41:74:1a:4f:f7:22:b7:10:6f:2a:a4:2c:99:29Signer
Actual PE Digest99:9a:47:78:9f:e2:1e:63:46:4f:10:22:59:f7:c4:af:4b:1a:41:74:1a:4f:f7:22:b7:10:6f:2a:a4:2c:99:29Digest Algorithmsha256PE Digest Matchestrue83:1e:4e:e1:ca:e8:bc:62:c1:a4:f4:45:16:b0:c7:e8:e3:e9:c7:b2Signer
Actual PE Digest83:1e:4e:e1:ca:e8:bc:62:c1:a4:f4:45:16:b0:c7:e8:e3:e9:c7:b2Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
ssshim.pdb
Imports
ntdll
LdrLockLoaderLock
LdrUnlockLoaderLock
NtQueryAttributesFile
RtlPcToFileHeader
LdrLoadDll
LdrUnloadDll
NtQueryPerformanceCounter
NtClose
RtlAllocateHeap
RtlFreeHeap
RtlRaiseStatus
NtOpenFile
NtQueryDirectoryFile
NtCreateFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtSetInformationFile
RtlQueryEnvironmentVariable_U
RtlRaiseException
NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDelayExecution
RtlInitString
LdrGetProcedureAddress
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
NtQuerySystemTime
RtlNtStatusToDosErrorNoTeb
DbgPrintEx
RtlDowncaseUnicodeChar
RtlUpcaseUnicodeChar
RtlReAllocateHeap
RtlTimeToTimeFields
strncmp
wcstoul
RtlCreateUnicodeStringFromAsciiz
LdrGetDllHandle
RtlDosPathNameToNtPathName_U
RtlUnicodeToMultiByteN
memset
DbgPrint
memcmp
memcpy
__C_specific_handler
Exports
Exports
SssBindServicingStack
SssGetServicingStackFilePath
SssGetServicingStackFilePathLength
SssPreloadDownlevelDependencies
SssReleaseServicingStack
Sections
.text Size: 112KB - Virtual size: 111KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/vhdprovider.dll.dll regsvr32 windows:6 windows x64 arch:x64
7601a7d76fdea99433b38a272ed50746
Code Sign
33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
59:52:fb:96:4a:96:cf:09:51:f2:17:92:fa:d6:44:7a:5b:56:dc:4b:a3:42:d0:8f:13:03:84:f6:dd:88:b2:54Signer
Actual PE Digest59:52:fb:96:4a:96:cf:09:51:f2:17:92:fa:d6:44:7a:5b:56:dc:4b:a3:42:d0:8f:13:03:84:f6:dd:88:b2:54Digest Algorithmsha256PE Digest Matchestrueab:f5:46:df:9d:46:84:5b:c8:0c:b4:6d:fe:06:71:db:f4:6b:0a:dcSigner
Actual PE Digestab:f5:46:df:9d:46:84:5b:c8:0c:b4:6d:fe:06:71:db:f4:6b:0a:dcDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
VhdProvider.pdb
Imports
msvcrt
memcmp
memcpy
bsearch
towupper
_wcsupr
qsort
wcscpy_s
wcsstr
iswalpha
wcsrchr
memmove
_onexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
__C_specific_handler
memset
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
_purecall
wcscat_s
wcsncpy_s
memmove_s
calloc
_wcsicmp
_vsnwprintf
_vscwprintf
memcpy_s
vswprintf_s
free
__dllonexit
iswctype
_wtoi
wcstoul
_wcsnicmp
towlower
wcschr
iswspace
ntdll
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
RtlEnterCriticalSection
NtQueryObject
NtOpenFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlRaiseStatus
NtYieldExecution
RtlAdjustPrivilege
RtlVerifyVersionInfo
VerSetConditionMask
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlDosPathNameToNtPathName_U
NtOpenDirectoryObject
NtClose
RtlNtStatusToDosError
NtQueryDirectoryObject
RtlInitUnicodeString
RtlVirtualUnwind
RtlCompareMemory
kernel32
GetVersionExW
GetCurrentThread
SearchPathW
MapViewOfFile
UnmapViewOfFile
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetLastError
CloseHandle
HeapFree
GetProcessHeap
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
Sleep
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
HeapAlloc
SetVolumeMountPointW
DeleteVolumeMountPointW
GetFileAttributesW
SetFileAttributesW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteFileW
GetVolumePathNamesForVolumeNameW
SetLastError
MultiByteToWideChar
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SetThreadUILanguage
CompareStringW
HeapDestroy
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
FindResourceExW
LoadResource
LockResource
LocalFree
GetFullPathNameW
GetFileInformationByHandle
GetVolumePathNameW
CreateThread
SetErrorMode
GetModuleHandleExW
GetSystemDirectoryW
ReadFile
SetFilePointer
FreeLibrary
CreateFileMappingW
SetFilePointerEx
GetFileSizeEx
GetFileTime
SetEndOfFile
UnlockFileEx
WriteFile
LockFileEx
LoadLibraryW
FindNextFileW
FindClose
GetDiskFreeSpaceW
FlushFileBuffers
CopyFileExW
FindFirstFileW
GetTempPathW
VirtualFree
VirtualAlloc
DeviceIoControl
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW
advapi32
RegOpenKeyExW
RegEnumKeyExW
RegFlushKey
RegEnumValueW
RegDeleteTreeW
RegUnLoadKeyW
OpenThreadToken
RegDeleteKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegLoadKeyW
OpenProcessToken
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
user32
LoadStringW
CharUpperBuffW
CharNextW
UnregisterClassA
ole32
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
CoTaskMemFree
CoInitializeEx
CoUninitialize
oleaut32
SysAllocString
RegisterTypeLi
SysStringLen
LoadTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadRegTypeLi
SetErrorInfo
SysFreeString
VariantClear
CreateErrorInfo
rpcrt4
UuidCreate
RpcStringFreeW
UuidToStringW
setupapi
CMP_WaitNoPendingInstallEvents
version
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 562KB - Virtual size: 561KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/wimgapi.dll.dll windows:6 windows x64 arch:x64
416ff891aa0619f5711eddb9c9f8f957
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:2a:fe:6a:97:79:ea:ec:83:18:f5:c8:3f:ee:90:87:79:91:6b:93:ea:e5:27:7e:08:92:a1:5f:3d:15:79:40Signer
Actual PE Digest05:2a:fe:6a:97:79:ea:ec:83:18:f5:c8:3f:ee:90:87:79:91:6b:93:ea:e5:27:7e:08:92:a1:5f:3d:15:79:40Digest Algorithmsha256PE Digest Matchestrued1:ea:36:7f:03:21:96:1a:9a:7c:7f:79:ce:75:1e:cd:10:85:e8:02Signer
Actual PE Digestd1:ea:36:7f:03:21:96:1a:9a:7c:7f:79:ce:75:1e:cd:10:85:e8:02Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
wimgapi.pdb
Imports
msvcrt
memmove_s
memcpy_s
iswspace
_purecall
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_vscwprintf
wcstoul
_wcsupr
qsort
wcschr
_wcsrev
_wcslwr
_snwprintf_s
towlower
towupper
_vsnwprintf
_wtoi
memmove
swscanf_s
wcsncmp
_wcsnicmp
wcsnlen
_wcsicmp
wcsrchr
bsearch
memcpy
memset
memcmp
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
ntdll
RtlDosPathNameToNtPathName_U_WithStatus
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
RtlEnterCriticalSection
RtlGetVersion
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlInitUnicodeString
RtlImpersonateSelf
NtCreateFile
NtQueryInformationFile
NtClose
NtQueryDirectoryFile
RtlAllocateHeap
NtOpenFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtSetSecurityObject
RtlSetControlSecurityDescriptor
NtSetInformationFile
NtQuerySecurityObject
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlRaiseStatus
NtYieldExecution
kernel32
TerminateProcess
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetModuleHandleW
GetCurrentDirectoryW
GetExitCodeProcess
CreateProcessW
LoadLibraryW
GetLogicalDriveStringsW
CopyFileExW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
GetLastError
CloseHandle
HeapFree
GetProcessHeap
SetLastError
DeleteFileW
RemoveDirectoryW
HeapAlloc
CompareStringW
GetDriveTypeW
GetVersionExW
FlushFileBuffers
GetFileSizeEx
GetSystemInfo
GetFileInformationByHandle
EnterCriticalSection
LeaveCriticalSection
DeviceIoControl
GetEnvironmentVariableW
SetThreadIdealProcessor
GetCurrentThread
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
CreateFileW
WriteFile
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
GetTempFileNameW
GetFileSize
SetFilePointer
ReadFile
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
GetFullPathNameW
GetHandleInformation
SetFilePointerEx
SetEndOfFile
CreateEventW
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
LocalFree
GetPrivateProfileSectionW
LockFileEx
UnlockFileEx
CreateSemaphoreExW
HeapReAlloc
CreateMutexW
FormatMessageW
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetModuleFileNameW
OpenEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVolumeInformationW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetSystemDirectoryW
SetEvent
WaitForMultipleObjectsEx
CreateThread
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
DuplicateHandle
advapi32
RegDeleteKeyExW
SetThreadToken
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RevertToSelf
GetSecurityInfo
AddAccessAllowedAceEx
FreeSid
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RegLoadKeyW
RegOpenKeyExW
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegUnLoadKeyW
RegFlushKey
RegCloseKey
RegSetValueExW
RegCreateKeyExW
LookupPrivilegeValueW
user32
CharUpperW
rpcrt4
RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
UuidCreate
UuidToStringW
RpcStringFreeW
UuidFromStringW
NdrClientCall3
RpcStringBindingComposeW
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
Exports
Exports
DllCanUnloadNow
DllMain
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImagePath
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromHandle
WIMGetMountedImages
WIMGetWIMBootEntries
WIMGetWIMBootWIMPath
WIMInitFileIOCallbacks
WIMLoadImage
WIMMountImage
WIMMountImageHandle
WIMProcessCustomImage
WIMReadImageFile
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSplitFile
WIMUnmountImage
WIMUnmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback
WIMUpdateWIMBootEntry
Sections
.text Size: 621KB - Virtual size: 621KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/wimmount.sys.sys windows:6 windows x64 arch:x64
8459d6ee015fae8752ed0f0e4b20ad12
Code Sign
33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2bCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/09/2012, 21:12Not After04/12/2013, 21:12SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/08/2012, 17:49Not After30/11/2013, 17:49SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
59:f6:38:24:42:e4:b8:56:47:31:40:a9:51:4b:82:2c:92:24:40:a8:db:d2:ab:97:88:a9:85:1a:08:de:b2:0bSigner
Actual PE Digest59:f6:38:24:42:e4:b8:56:47:31:40:a9:51:4b:82:2c:92:24:40:a8:db:d2:ab:97:88:a9:85:1a:08:de:b2:0bDigest Algorithmsha256PE Digest Matchestrue1f:96:3d:b6:9e:9d:cc:c0:38:69:0d:4f:52:1f:17:c9:74:b6:a2:9cSigner
Actual PE Digest1f:96:3d:b6:9e:9d:cc:c0:38:69:0d:4f:52:1f:17:c9:74:b6:a2:9cDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
wimmount.pdb
Imports
ntoskrnl.exe
KeBugCheckEx
RtlCompareMemory
ZwOpenProcess
ObOpenObjectByPointer
KeWaitForMultipleObjects
RtlAppendUnicodeStringToString
ZwClose
ExEventObjectType
MmGetSystemRoutineAddress
ProbeForWrite
ZwCreateEvent
PsProcessType
ProbeForRead
DbgPrint
ExInitializeResourceLite
ObfDereferenceObject
PsGetCurrentProcessId
IoGetTopLevelIrp
ExDeleteResourceLite
RtlCompareUnicodeString
ZwDuplicateObject
KeWaitForSingleObject
ObReferenceObjectByHandle
IoFileObjectType
KeInitializeEvent
KeSetEvent
RtlInitUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlUnwindEx
fltmgr.sys
FltDeleteStreamContext
FltAcquireResourceShared
FltGetVolumeName
FltObjectReference
FltGetVolumeFromFileObject
FltGetRoutineAddress
FltCloseClientPort
FltEnumerateInstances
FltSendMessage
FltObjectDereference
FltStartFiltering
FltReleaseFileNameInformation
FltRegisterFilter
FltAcquireResourceExclusive
FltFsControlFile
FltBuildDefaultSecurityDescriptor
FltCloseCommunicationPort
FltUnregisterFilter
FltGetFileNameInformation
FltAllocateContext
FltClose
FltReleaseContext
FltReleaseResource
FltQueryInformationFile
FltReissueSynchronousIo
FltCreateFile
FltIsDirectory
FltFreeSecurityDescriptor
FltGetDiskDeviceObject
FltSetInformationFile
FltUntagFile
FltGetStreamContext
FltGetRequestorProcessId
FltSetStreamContext
FltCreateCommunicationPort
FltSetCallbackDataDirty
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 360B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 124B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/wimmountadksetupamd64.exe.exe windows:6 windows x64 arch:x64
0ac5bf2150ae95b92f6479acf891a998
Code Sign
33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2bCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/09/2012, 21:12Not After04/12/2013, 21:12SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/08/2012, 17:49Not After30/11/2013, 17:49SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
96:6b:de:19:66:66:f9:95:c9:87:6c:2c:e9:18:d3:df:b7:f5:5a:53:38:b6:09:b5:1b:5e:77:43:58:24:d5:25Signer
Actual PE Digest96:6b:de:19:66:66:f9:95:c9:87:6c:2c:e9:18:d3:df:b7:f5:5a:53:38:b6:09:b5:1b:5e:77:43:58:24:d5:25Digest Algorithmsha256PE Digest Matchestrue5b:4d:0b:35:cb:1b:7c:3b:59:09:a5:aa:90:cc:5d:cc:48:3b:5c:91Signer
Actual PE Digest5b:4d:0b:35:cb:1b:7c:3b:59:09:a5:aa:90:cc:5d:cc:48:3b:5c:91Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
WimMountAdkSetupAmd64.pdb
Imports
advapi32
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
kernel32
CloseHandle
QueryPerformanceCounter
GetFileAttributesW
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
LocalFree
GetSystemInfo
SetLastError
GetLastError
GetModuleFileNameW
GetProcessHeap
HeapFree
GetDriveTypeW
GetNativeSystemInfo
GetFullPathNameW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
user32
MessageBoxW
msvcrt
__iob_func
_wfopen
_vsnwprintf
wcsncmp
_wcsnicmp
fwprintf
vfwprintf
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wcsicmp
fclose
wcschr
memset
shell32
CommandLineToArgvW
ntdll
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap
fltlib
FilterUnload
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 130KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 384B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 518B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/wimprovider.dll.dll regsvr32 windows:6 windows x64 arch:x64
e308c737cf6f8517a41180764640ab14
Code Sign
33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23/05/2014, 17:13Not After23/08/2015, 17:13SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=WA,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22/04/2014, 17:39Not After22/07/2015, 17:39SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
9b:b3:48:17:33:bb:a1:3c:a4:75:bb:51:0e:fc:a3:a1:88:18:8e:4f:52:4d:58:74:21:a5:a1:b3:9d:6d:50:7aSigner
Actual PE Digest9b:b3:48:17:33:bb:a1:3c:a4:75:bb:51:0e:fc:a3:a1:88:18:8e:4f:52:4d:58:74:21:a5:a1:b3:9d:6d:50:7aDigest Algorithmsha256PE Digest Matchestrue96:a9:55:f7:b2:8b:2a:24:26:d3:75:81:56:c9:20:e4:34:ce:fa:fbSigner
Actual PE Digest96:a9:55:f7:b2:8b:2a:24:26:d3:75:81:56:c9:20:e4:34:ce:fa:fbDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
WimProvider.pdb
Imports
msvcrt
towupper
memmove
_wcsnicmp
iswspace
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__RTDynamicCast
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
__C_specific_handler
memcmp
memset
_wtoi64
_wcsicmp
wcstoul
_vsnwprintf
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
wcsncmp
wcschr
wcscat_s
memmove_s
calloc
_wtol
wcscpy_s
memcpy_s
_purecall
wcsrchr
vswprintf_s
free
_vscwprintf
wcsncpy_s
_strnicmp
memcpy
api-ms-win-downlevel-kernel32-l1-1-0
LoadLibraryExW
GetModuleHandleExW
OutputDebugStringW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
HeapFree
GetProcessHeap
GetFullPathNameW
HeapReAlloc
HeapAlloc
GetLastError
CompareStringW
DisableThreadLibraryCalls
SetThreadLocale
RaiseException
GetFileAttributesW
GetProcAddress
GetModuleHandleW
FindFirstFileW
FindNextFileW
FindClose
SetLastError
DeleteFileW
GetLocaleInfoW
GetNumberFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
HeapDestroy
HeapSize
GetFileInformationByHandle
CloseHandle
CreateFileW
LockResource
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
LoadResource
FindResourceExW
FormatMessageW
LoadLibraryExA
SetThreadUILanguage
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetVersionExW
CreateFileMappingW
GetThreadLocale
api-ms-win-downlevel-ole32-l1-1-1
StringFromGUID2
CoCreateInstance
CreateErrorInfo
ProgIDFromCLSID
CoTaskMemFree
SetErrorInfo
api-ms-win-downlevel-user32-l1-1-1
CharUpperW
LoadStringW
CharLowerBuffW
CharNextW
api-ms-win-downlevel-advapi32-l1-1-1
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
api-ms-win-downlevel-kernel32-l2-1-0
GetPrivateProfileSectionW
LocalAlloc
LocalFree
ntdll
RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap
RtlEnterCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlLookupFunctionEntry
RtlCaptureContext
RtlRaiseStatus
NtYieldExecution
RtlVirtualUnwind
oleaut32
VarBstrCmp
VariantClear
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
SysFreeString
SysAllocString
SysStringLen
LoadTypeLi
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 432KB - Virtual size: 432KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 22KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/DISM81/wimserv.exe.exe windows:6 windows x64 arch:x64
612791beea076a63570ec28bbb501325
Code Sign
33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:2e:01:5a:7e:d8:21:2b:52:9d:ce:73:3d:f8:40:c6:fa:3e:a2:0b:55:3d:81:ce:cb:4c:b9:ab:ab:de:4d:30Signer
Actual PE Digest0c:2e:01:5a:7e:d8:21:2b:52:9d:ce:73:3d:f8:40:c6:fa:3e:a2:0b:55:3d:81:ce:cb:4c:b9:ab:ab:de:4d:30Digest Algorithmsha256PE Digest Matchestruefc:43:fa:15:f8:26:5e:93:8a:80:e5:f7:89:a0:d0:3f:38:c6:d7:a4Signer
Actual PE Digestfc:43:fa:15:f8:26:5e:93:8a:80:e5:f7:89:a0:d0:3f:38:c6:d7:a4Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
wimserv.pdb
Imports
kernel32
CreateSemaphoreExW
ReleaseSemaphore
LockFileEx
UnlockFileEx
CreateSemaphoreW
CreateFileMappingW
MapViewOfFile
CopyFileExW
GetCurrentDirectoryW
CreateThread
HeapSetInformation
WaitForMultipleObjects
CreateEventW
ResetEvent
Sleep
CreateMutexW
CloseHandle
GetLastError
GetProcessHeap
SetEvent
WaitForSingleObject
HeapFree
UnmapViewOfFile
HeapAlloc
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
CreateFileW
RemoveDirectoryW
GetVolumeInformationW
GetFileInformationByHandle
DuplicateHandle
GetDriveTypeW
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
ReadFile
GetTempPathW
DeviceIoControl
GetCurrentThread
LocalFree
FreeLibrary
LoadLibraryExW
GetProcAddress
WaitForMultipleObjectsEx
GetOverlappedResult
FormatMessageW
LocalAlloc
WriteFile
ReleaseMutex
WideCharToMultiByte
SetFilePointer
GetFullPathNameW
GetEnvironmentVariableW
SetFileAttributesW
GetFileAttributesW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFilePointerEx
DeleteCriticalSection
GetModuleHandleExW
CompareStringW
GetSystemDirectoryW
HeapReAlloc
GetHandleInformation
SetEndOfFile
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetVersionExW
FlushFileBuffers
GetSystemInfo
SetThreadIdealProcessor
GetTempFileNameW
user32
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
msvcrt
swscanf_s
_snwprintf_s
wcsnlen
_wtoi
qsort
wcsncmp
memmove_s
memcpy_s
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
wcsrchr
towupper
_vsnwprintf
_wcsnicmp
memmove
_vscwprintf
_XcptFilter
_amsg_exit
memcmp
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_wcsicmp
wcschr
_purecall
iswspace
memcpy
memset
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
ntdll
RtlInitializeCriticalSection
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlSetControlSecurityDescriptor
NtQuerySecurityObject
RtlImpersonateSelf
NtClose
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
RtlInitUnicodeString
NtCreateFile
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetSecurityObject
RtlGetVersion
RtlEnterCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlRaiseStatus
NtYieldExecution
rpcrt4
NdrServerCallAll
RpcRevertToSelf
RpcServerUseProtseqEpW
UuidFromStringW
RpcServerRegisterAuthInfoW
RpcImpersonateClient
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerListen
NdrServerCall2
RpcServerRegisterIf
RpcStringFreeW
UuidCreate
UuidToStringW
advapi32
RegEnumKeyExW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegLoadKeyW
RevertToSelf
EqualSid
AddAccessAllowedAce
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
SetThreadToken
OpenThreadToken
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetLengthSid
FreeSid
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
Sections
.text Size: 473KB - Virtual size: 473KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/NSudo.exe.exe windows:6 windows x64 arch:x64
1188b455132bc86c7e9e68ae98ce4171
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\Documents\Visual Studio 2019\Projects\NSudo\Source\Native\Output\Binaries\Release\x64\NSudoLG.pdb
Imports
kernel32
ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
CreateEventW
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
FindResourceExW
LoadResource
GetProcAddress
VerSetConditionMask
FreeLibrary
SleepEx
GetFileInformationByHandleEx
QueryPerformanceCounter
LoadLibraryExW
GetModuleHandleExW
ExitProcess
Sleep
RtlUnwindEx
OutputDebugStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
SizeofResource
GetLocalTime
GetCurrentProcessId
ResumeThread
WaitForSingleObjectEx
InitializeCriticalSection
GetCurrentProcess
SetPriorityClass
MulDiv
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
CloseHandle
GetThreadUILanguage
GetLastError
GetCurrentThreadId
GetFileAttributesW
CreateFileW
InitializeCriticalSectionEx
LeaveCriticalSection
SetThreadUILanguage
GetCommandLineW
EnterCriticalSection
SetLastError
HeapFree
VerifyVersionInfoW
ReadFile
RtlCaptureContext
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeCriticalSectionAndSpinCount
user32
LoadImageW
DialogBoxParamW
EndDialog
SendMessageW
GetWindowTextW
EndPaint
BeginPaint
DrawIconEx
GetClientRect
LoadIconW
ChangeWindowMessageFilter
DestroyIcon
UnregisterClassW
SetWindowLongPtrW
MonitorFromWindow
GetDC
GetDlgItem
SetWindowTextW
gdi32
DeleteDC
GetDeviceCaps
comdlg32
GetOpenFileNameW
advapi32
AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
AddAce
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
shell32
DragQueryFileW
DragFinish
ole32
CoInitializeEx
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
wtsapi32
WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken
WTSEnumerateSessionsW
msvcrt
strcpy_s
__pctype_func
tolower
___mb_cur_max_func
wcsnlen
wcstol
_mbtowc_l
?terminate@@YAXXZ
__wgetmainargs
_msize
_XcptFilter
_errno
_wcmdln
?_set_new_mode@@YAHH@Z
_commode
___lc_codepage_func
realloc
ceil
log10
_clearfp
_set_fmode
_initterm_e
_initterm
_callnewh
memcpy
_wcsnicmp
malloc
free
strncmp
_wcsicmp
strrchr
__DestructExceptionObject
_amsg_exit
memmove
memset
__C_specific_handler
_CxxThrowException
wcsstr
wcsrchr
abort
__set_app_type
memcmp
Sections
.text Size: 93KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 288B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/esdtoolcore.exe.exe windows:10 windows x86 arch:x86
41348224975c12f9caca4673907f7a55
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
EsdToolCore.pdb
Imports
msvcrt
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_purecall
wcschr
memcpy_s
_wtoi
_lock
wprintf
printf
_unlock
_vsnwprintf
_wcsicmp
__dllonexit
_onexit
?terminate@@YAXXZ
wcsrchr
_wcsnicmp
wcsncmp
_vscwprintf
towupper
swscanf_s
wcsnlen
_wcstoi64
wcsstr
strncpy_s
_strnicmp
_wcslwr
_wcsrev
qsort
towlower
_wcsupr
wcstoul
wcstok_s
strcpy_s
memmove_s
iswspace
_wcstoui64
_controlfp
_initterm
_except_handler4_common
memmove
memcpy
memcmp
_ftol2
_wtol
__CxxFrameHandler3
memset
ntdll
NtClose
RtlGetLastNtStatus
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryInformationProcess
NtQueryEaFile
NtCreateFile
RtlImpersonateSelf
RtlInitUnicodeString
NtUnloadKey2
RtlSetControlSecurityDescriptor
RtlFindAceByType
NtSetSecurityObject
NtSetEaFile
RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
RtlRaiseStatus
RtlInitializeCriticalSection
DbgPrintEx
NtQueryDirectoryFile
NtWriteFile
NtReadFile
RtlReAllocateHeap
RtlExpandEnvironmentStrings
NtWaitForSingleObject
NtYieldExecution
RtlDowncaseUnicodeChar
NtSetInformationThread
RtlGetVersion
NtShutdownSystem
NtSetInformationProcess
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
RtlAdjustPrivilege
NtOpenFile
fltlib
FilterSendMessage
FilterAttach
FilterLoad
cabinet
ord23
ord22
ord20
oleaut32
SysFreeString
SysAllocString
rpcrt4
UuidCreate
RpcStringFreeW
I_RpcMapWin32Status
UuidToStringW
UuidFromStringW
kernel32
GetTempFileNameW
CreateFileW
ReadFile
IsDebuggerPresent
DebugBreak
SetFilePointerEx
GetFileSizeEx
lstrcmpW
SetEndOfFile
WriteFile
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentThreadId
CreateDirectoryW
Sleep
FreeLibrary
LoadLibraryW
FindNextFileW
ExitProcess
MapViewOfFile
SetConsoleCtrlHandler
GetCurrentDirectoryW
FormatMessageW
DeleteCriticalSection
WideCharToMultiByte
GetFileSize
FindFirstFileW
GetVersionExA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFilePointer
CreateFileA
GetFileAttributesW
FindClose
DeleteFileW
VirtualQuery
GetSystemWindowsDirectoryW
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LoadLibraryExW
LocalFree
GetProcessHeap
GetProcAddress
IsWow64Process
GetCurrentProcess
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
DeviceIoControl
SetFileAttributesW
GetLongPathNameW
GetFinalPathNameByHandleW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
CreateFileMappingW
GetDriveTypeW
GetFileInformationByHandleEx
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileExW
FlushFileBuffers
GetModuleHandleExW
HeapFree
UnmapViewOfFile
GlobalMemoryStatusEx
GetSystemDirectoryW
TlsAlloc
ExpandEnvironmentStringsW
TlsFree
GetEnvironmentVariableW
TlsGetValue
TlsSetValue
GetFullPathNameW
CreateSemaphoreW
WaitForSingleObject
ResetEvent
ReleaseSemaphore
CreateThread
CreateEventW
SetLastError
CompareStringW
WaitForMultipleObjects
CloseHandle
SetEvent
GetTempPathW
LCIDToLocaleName
WaitForMultipleObjectsEx
CreateSemaphoreExW
GetOverlappedResult
GetSystemInfo
InitializeCriticalSection
SetThreadIdealProcessor
GetCurrentThread
HeapReAlloc
LocalAlloc
GetHandleInformation
GetVolumeInformationW
LockFileEx
UnlockFileEx
GetVolumePathNamesForVolumeNameW
SetPriorityClass
SetThreadPriority
GetExitCodeThread
GetThreadPriority
GetPriorityClass
OpenProcess
DuplicateHandle
RemoveDirectoryW
MultiByteToWideChar
GetPrivateProfileSectionW
setupapi
SetupFindNextLine
SetupFindFirstLineW
SetupCloseInfFile
SetupGetStringFieldW
SetupGetLineTextW
SetupOpenInfFileW
advapi32
RegDeleteValueW
GetSecurityInfo
AddAccessAllowedAce
CopySid
InitializeAcl
GetLengthSid
SetSecurityInfo
InitiateSystemShutdownExW
GetTokenInformation
OpenThreadToken
RegUnLoadKeyW
RegLoadKeyW
WriteEncryptedFileRaw
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegFlushKey
RegCreateKeyExW
RegQueryInfoKeyW
CloseEncryptedFileRaw
ReadEncryptedFileRaw
OpenEncryptedFileRawW
RegEnumKeyExW
RegEnumValueW
RevertToSelf
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
RegOpenKeyExW
CryptGetUserKey
CryptSetProvParam
CryptAcquireContextW
CryptExportKey
CryptGenKey
CryptDestroyKey
RegQueryValueExW
RegSetValueExW
RegCloseKey
GetSecurityDescriptorLength
CryptReleaseContext
GetNamedSecurityInfoW
ConvertSecurityDescriptorToStringSecurityDescriptorW
shlwapi
StrStrIW
user32
CharUpperW
version
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
bcrypt
BCryptDestroyHash
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptGetProperty
Sections
.text Size: 820KB - Virtual size: 820KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/imagex.exe.exe windows:10 windows x64 arch:x64
7c8827c5034850eb69314208ad369cec
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5d:5e:79:a6:69:f0:f3:36:10:d1:fd:eb:73:d2:0d:43:7a:a9:cf:97:00:8f:c6:00:2a:4f:4b:db:00:da:81:aaSigner
Actual PE Digest5d:5e:79:a6:69:f0:f3:36:10:d1:fd:eb:73:d2:0d:43:7a:a9:cf:97:00:8f:c6:00:2a:4f:4b:db:00:da:81:aaDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
imagex.pdb
Imports
msvcrt
towlower
qsort
_wcsrev
_wcslwr
_strnicmp
memcpy_s
strncpy_s
_wcstoi64
wcsnlen
wcsstr
swscanf_s
wcsncmp
_wcsupr
_wcsnicmp
wcschr
_vscwprintf
_wcsicmp
__iob_func
wcstoul
wcstok_s
memmove_s
iswspace
_purecall
malloc
_callnewh
strcpy_s
free
_vsnwprintf
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wtoi
wcsrchr
_wtol
fflush
printf
towupper
memset
ntdll
NtYieldExecution
RtlReAllocateHeap
DbgPrintEx
RtlInitializeCriticalSection
RtlRaiseStatus
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
NtUnloadKey2
RtlInitUnicodeString
NtQuerySecurityObject
RtlImpersonateSelf
NtSetSecurityObject
RtlFindAceByType
RtlSetControlSecurityDescriptor
NtCreateFile
NtQueryEaFile
NtQueryVolumeInformationFile
NtQueryInformationFile
RtlAdjustPrivilege
NtClose
NtQueryDirectoryFile
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlGetLastNtStatus
NtQueryInformationProcess
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
NtSetEaFile
RtlNtStatusToDosError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlDowncaseUnicodeChar
kernel32
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetTempFileNameW
GetCurrentProcessId
LocalAlloc
GetModuleHandleExW
CreateMutexW
HeapReAlloc
UnlockFileEx
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcess
UnhandledExceptionFilter
Sleep
GetLogicalDrives
ReleaseMutex
LockFileEx
CreateEventW
SetEndOfFile
GetDriveTypeW
OpenProcess
RemoveDirectoryW
SetFilePointerEx
SetFilePointer
GetFileSize
SetThreadIdealProcessor
GetSystemInfo
DeleteCriticalSection
GetOverlappedResult
lstrcmpW
InitializeCriticalSectionAndSpinCount
GetCurrentThread
GetVolumeInformationW
GetSystemWindowsDirectoryW
GetHandleInformation
FindClose
FindNextFileW
FindFirstFileW
SetConsoleCtrlHandler
GetModuleFileNameW
GetFullPathNameW
GetTickCount64
GetFileAttributesW
CompareStringW
SetLastError
LocalFree
FormatMessageW
HeapFree
LeaveCriticalSection
FillConsoleOutputCharacterW
EnterCriticalSection
GetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetTempPathW
GetFinalPathNameByHandleW
GetLongPathNameW
DeleteFileW
GetVolumePathNamesForVolumeNameW
LoadLibraryW
InitializeCriticalSection
GetStdHandle
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
MultiByteToWideChar
CreateSemaphoreExW
Wow64RevertWow64FsRedirection
GetExitCodeProcess
CreateProcessW
Wow64DisableWow64FsRedirection
GetLogicalDriveStringsW
SetConsoleCursorPosition
CreateDirectoryW
WriteConsoleW
GetConsoleScreenBufferInfo
LCIDToLocaleName
GetConsoleMode
WriteFile
WaitForMultipleObjectsEx
GetLastError
GetCommandLineW
WideCharToMultiByte
GetEnvironmentVariableW
GetProcessHeap
WaitForSingleObject
OpenEventW
HeapAlloc
SetEvent
CloseHandle
CreateThread
ResetEvent
DuplicateHandle
GetPrivateProfileSectionW
GetProcAddress
WaitForMultipleObjects
FreeLibrary
LoadLibraryExW
GetFileSizeEx
DeviceIoControl
CreateFileW
SetFileAttributesW
GetFileInformationByHandleEx
FindFirstFileNameW
GetFileInformationByHandle
SetFileInformationByHandle
FindNextFileNameW
CopyFileExW
FlushFileBuffers
ReleaseSemaphore
CreateSemaphoreW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalMemoryStatusEx
GetSystemDirectoryW
TlsAlloc
TlsFree
TlsGetValue
ReadFile
TlsSetValue
user32
CharNextW
CharPrevW
CharUpperW
LoadStringW
shlwapi
StrStrIW
PathMatchSpecW
setupapi
SetupGetLineTextW
SetupFindNextLine
SetupCloseInfFile
SetupFindFirstLineW
SetupOpenInfFileW
rpcrt4
RpcBindingFree
RpcBindingSetAuthInfoW
UuidToStringW
RpcStringFreeW
RpcBindingFromStringBindingW
UuidCreate
I_RpcMapWin32Status
UuidFromStringW
NdrClientCall3
RpcStringBindingComposeW
fltlib
FilterSendMessage
FilterAttach
FilterLoad
FilterConnectCommunicationPort
cabinet
ord22
ord20
ord23
advapi32
OpenProcessToken
FreeSid
CheckTokenMembership
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAccessAllowedAceEx
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
GetSecurityDescriptorLength
GetSecurityInfo
AdjustTokenPrivileges
RevertToSelf
ReadEncryptedFileRaw
RegQueryInfoKeyW
SetSecurityDescriptorDacl
LookupPrivilegeValueW
SetThreadToken
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegFlushKey
RegDeleteKeyExW
RegCloseKey
GetTokenInformation
OpenThreadToken
AllocateAndInitializeSid
RegLoadKeyW
RegUnLoadKeyW
EqualSid
version
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW
bcrypt
BCryptDestroyHash
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptHashData
Sections
.text Size: 628KB - Virtual size: 624KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 132KB - Virtual size: 128KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 56KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/libwim-15.dll.dll windows:4 windows x64 arch:x64
44c0b43fc6c236bd71bf360bb0a11eb1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
advapi32
AdjustTokenPrivileges
CloseEncryptedFileRaw
LookupPrivilegeValueW
OpenEncryptedFileRawW
OpenProcessToken
ReadEncryptedFileRaw
RegCloseKey
RegCreateKeyExW
RegFlushKey
RegLoadKeyW
RegSetValueExW
RegUnLoadKeyW
SystemFunction036
WriteEncryptedFileRaw
kernel32
CloseHandle
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
EnterCriticalSection
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageW
FreeLibrary
GetCurrentProcess
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTimeAsFileTime
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeConditionVariable
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MoveFileExW
MoveFileW
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
SetFilePointerEx
SetLastError
Sleep
SleepConditionVariableCS
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
msvcrt
___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_fstat64
_get_osfhandle
_gmtime64
_initterm
_lock
_lseeki64
_open_osfhandle
fwprintf
_telli64
_unlock
_waccess
_wassert
_wcserror_s
_wcsicmp
_wgetenv
_wmkdir
_wopen
_wstat64
_wtempnam
_wunlink
abort
calloc
fclose
feof
fflush
fgetwc
fputc
fputwc
fputws
fread
free
fwrite
getenv
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
qsort
realloc
strchr
strerror
strlen
strncmp
towlower
ungetwc
vfprintf
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcspbrk
wcsrchr
wcsstr
wcstol
wcstoul
_fdopen
_close
ntdll
NtClose
NtCreateFile
NtFsControlFile
NtOpenFile
NtOpenSymbolicLinkObject
NtQueryDirectoryFile
NtQueryEaFile
NtQueryInformationFile
NtQuerySecurityObject
NtQueryVolumeInformationFile
NtReadFile
NtSetEaFile
NtSetInformationFile
NtSetSecurityObject
NtWaitForSingleObject
NtWriteFile
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlNtStatusToDosError
user32
wsprintfW
Exports
Exports
wimlib_add_empty_image
wimlib_add_image
wimlib_add_image_multisource
wimlib_add_tree
wimlib_compress
wimlib_create_compressor
wimlib_create_decompressor
wimlib_create_new_wim
wimlib_decompress
wimlib_delete_image
wimlib_delete_path
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_free_compressor
wimlib_free_decompressor
wimlib_get_compression_type_string
wimlib_get_compressor_needed_memory
wimlib_get_error_string
wimlib_get_image_description
wimlib_get_image_name
wimlib_get_image_property
wimlib_get_version
wimlib_get_version_string
wimlib_get_wim_info
wimlib_get_xml_data
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join
wimlib_join_with_progress
wimlib_mount_image
wimlib_open_wim
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_rename_path
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_error_file
wimlib_set_error_file_by_name
wimlib_set_image_descripton
wimlib_set_image_flags
wimlib_set_image_name
wimlib_set_image_property
wimlib_set_memory_allocator
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_unmount_image
wimlib_unmount_image_with_progress
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd
Sections
.text Size: 336KB - Virtual size: 336KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 320B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 131KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/oscdimg.exe.exe windows:10 windows x64 arch:x64
2b559891862d734fae9c7518a336b076
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ba:a6:25:e0:6a:cd:5b:a0:76:48:7c:7e:ee:56:ae:2d:fe:93:70:13:a5:af:54:8f:47:26:48:12:e9:6d:cb:81Signer
Actual PE Digestba:a6:25:e0:6a:cd:5b:a0:76:48:7c:7e:ee:56:ae:2d:fe:93:70:13:a5:af:54:8f:47:26:48:12:e9:6d:cb:81Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
OSCDIMG.pdb
Imports
kernel32
GetVersionExA
SetErrorMode
GetSystemTime
SystemTimeToFileTime
SetFileApisToANSI
SetFileApisToOEM
GetTimeZoneInformation
GetFullPathNameA
GetFullPathNameW
lstrlenW
FindFirstFileW
FindFirstFileA
FindClose
GetLongPathNameW
GetLastError
GetLongPathNameA
HeapFree
CreateFileW
CreateFileA
CloseHandle
WaitForSingleObject
SetEvent
FileTimeToSystemTime
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
ReadFile
GetFileTime
GetFileInformationByHandle
FindNextFileA
FindNextFileW
GetOverlappedResult
SetEndOfFile
SetFilePointer
CreateEventA
WriteFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetModuleHandleA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
InitializeCriticalSection
VirtualFree
SetConsoleCtrlHandler
ExitProcess
FormatMessageA
GetProcessHeap
HeapAlloc
VirtualAlloc
VirtualLock
ResetEvent
GetProcAddress
ReleaseSemaphore
CreateThread
WaitForMultipleObjects
SetThreadPriority
CreateSemaphoreA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
Sleep
msvcrt
_wcsicmp
strrchr
_stricmp
wcscpy_s
wcscat_s
strtok
_wfopen
fgetws
feof
fclose
fopen
fgets
swprintf_s
_strnicmp
_strtoui64
strtoul
tolower
atoi
srand
time
__C_specific_handler
vfprintf
_ultoa
rand
_wcsnicmp
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
__setusermatherr
_initterm
_fmode
_commode
wcstok
?terminate@@YAXXZ
memset
wprintf
sprintf_s
strchr
wcschr
_strupr
wcsncmp
strcat_s
strcpy_s
exit
printf
fflush
wcsrchr
fprintf
__iob_func
memcmp
memcpy
strcmp
Sections
.text Size: 80KB - Virtual size: 77KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
fothk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 267KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 168B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x64/wimlib-imagex.exe.exe windows:4 windows x64 arch:x64
7e1c519c36253341efef99f577793739
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
libwim-15
wimlib_add_image_multisource
wimlib_create_new_wim
wimlib_delete_image
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_get_compression_type_string
wimlib_get_error_string
wimlib_get_image_property
wimlib_get_version_string
wimlib_get_wim_info
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join_with_progress
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_image_property
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd
advapi32
ConvertSecurityDescriptorToStringSecurityDescriptorW
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
msvcrt
__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__iob_func
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_commode
_errno
_fmode
_gmtime64
_initterm
_lock
_onexit
_putws
_setmode
fwprintf
_unlock
_wcmdln
_wcserror
_wcsicmp
_wfopen
_wgetenv
_wstat64
abort
calloc
exit
fclose
feof
ferror
fflush
fprintf
fputc
fputwc
fputws
fread
free
fwrite
getenv
iswctype
localeconv
malloc
memcpy
memmove
memset
realloc
signal
strerror
strlen
strncmp
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcstoul
_wcsdup
_isatty
Sections
.text Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 368B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 3KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 96B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 568B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/7z.dll.dll windows:4 windows x86 arch:x86
7f7b1b0ce265feb7c3c3540bd5d7e6c4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
oleaut32
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear
user32
CharPrevExA
CharUpperW
msvcrt
_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
exit
realloc
strchr
memset
free
malloc
strlen
wcscmp
strcmp
strstr
memmove
_CxxThrowException
memcpy
memcmp
_purecall
__CxxFrameHandler
kernel32
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
SetThreadAffinityMask
ResumeThread
WaitForSingleObject
InterlockedIncrement
GetVersion
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetOEMCP
DeleteCriticalSection
GetVersionExW
LocalFileTimeToFileTime
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
WriteFile
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
GetModuleHandleA
GetFileAttributesW
GetFileInformationByHandle
ReadFile
Exports
Exports
CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode
Sections
.text Size: 949KB - Virtual size: 948KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 126KB - Virtual size: 125KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sxdata Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/7z.exe.exe windows:4 windows x86 arch:x86
9f8555558343316d38d05850595ed341
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
oleaut32
SysStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear
user32
CharUpperW
advapi32
LookupPrivilegeValueW
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
OpenProcessToken
msvcrt
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
_ftol
memcmp
_purecall
memset
strlen
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
_iob
free
malloc
memcpy
_CxxThrowException
__CxxFrameHandler
_isatty
_fileno
kernel32
ResumeThread
SetThreadAffinityMask
CreateEventW
SetEvent
InitializeCriticalSection
GetVersion
CreateFileW
VirtualFree
VirtualAlloc
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
IsProcessorFeaturePresent
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
SetFilePointer
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetFileSize
WaitForSingleObject
Sections
.text Size: 263KB - Virtual size: 262KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.sxdata Size: 512B - Virtual size: 4B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/Microsoft.Dism.Powershell.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
81:3a:d4:75:cc:c6:66:88:2a:8b:8f:87:0e:5c:60:56:b2:f0:a8:72:4d:6d:0e:dc:d4:59:d6:c0:c8:ff:b2:94Signer
Actual PE Digest81:3a:d4:75:cc:c6:66:88:2a:8b:8f:87:0e:5c:60:56:b2:f0:a8:72:4d:6d:0e:dc:d4:59:d6:c0:c8:ff:b2:94Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Microsoft.Dism.PowerShell.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 139KB - Virtual size: 138KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/WimMountAdkSetupX86.exe.exe windows:10 windows x86 arch:x86
e1e6aa3141a4cdb47b5cc6e04aaa0f2c
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0f:d2:aa:e3:ab:13:20:0b:b6:c4:cf:9e:db:a8:b3:b7:76:01:d7:61:e1:0f:2d:91:3c:06:4e:df:dc:1d:4e:f4Signer
Actual PE Digest0f:d2:aa:e3:ab:13:20:0b:b6:c4:cf:9e:db:a8:b3:b7:76:01:d7:61:e1:0f:2d:91:3c:06:4e:df:dc:1d:4e:f4Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
WimMountAdkSetupX86.pdb
Imports
msvcrt
__iob_func
wcschr
memcpy
towupper
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
fwprintf
wcsncmp
vfwprintf
_wcsnicmp
_wfopen
fclose
_wcsicmp
memcpy_s
_vsnwprintf
memset
ntdll
RtlFreeHeap
RtlAllocateHeap
RtlGetVersion
RtlNtStatusToDosError
kernel32
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
LocalFree
GetDriveTypeW
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
GetSystemInfo
GetNativeSystemInfo
GetLastError
GetModuleFileNameW
GetFullPathNameW
SetLastError
HeapFree
GetFileAttributesW
CloseHandle
GetCurrentThreadId
advapi32
OpenProcessToken
RegDeleteValueW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
shell32
CommandLineToArgvW
user32
MessageBoxW
fltlib
FilterUnload
Sections
.text Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 257KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/dism.Format.ps1xml.ps1
-
Bin/x86/DISM10/dism.Types.ps1xml.xml
-
Bin/x86/DISM10/dism.exe.exe windows:10 windows x86 arch:x86
25f970b03f527f89c8f33c7f5c14c8d5
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
6e:89:36:3f:21:3d:79:5b:52:5b:c9:f7:f9:a2:88:31:66:7d:54:58:b8:68:ca:d1:64:ba:76:20:7a:bd:f7:3fSigner
Actual PE Digest6e:89:36:3f:21:3d:79:5b:52:5b:c9:f7:f9:a2:88:31:66:7d:54:58:b8:68:ca:d1:64:ba:76:20:7a:bd:f7:3fDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
Dism.pdb
Imports
msvcrt
??3@YAXPAX@Z
memcmp
_controlfp
wcsstr
wcsncmp
_wcsnicmp
iswalpha
towlower
_snwscanf_s
realloc
_errno
_onexit
__dllonexit
_unlock
__RTDynamicCast
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
wcscpy_s
wcsrchr
calloc
malloc
_purecall
_wcsicmp
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_wcslwr_s
wcschr
wprintf
memmove_s
memcpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
_lock
memset
advapi32
IsValidSecurityDescriptor
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
IsValidSid
GetSidLengthRequired
InitializeSid
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
EventUnregister
EventRegister
EventWriteTransfer
EventActivityIdControl
UnregisterTraceGuids
InitiateSystemShutdownExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
TraceEvent
GetLengthSid
CopySid
GetSidSubAuthority
kernel32
GetDriveTypeW
SearchPathW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandleEx
FindFirstFileNameW
DeviceIoControl
SetFileAttributesW
SetFileInformationByHandle
DeleteFileW
FindNextFileNameW
CopyFileExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetVersionExW
GetProcAddress
GetModuleHandleW
GetModuleHandleExW
FreeLibrary
InitializeCriticalSection
EnterCriticalSection
SetEvent
LeaveCriticalSection
GetLastError
CloseHandle
SetThreadUILanguage
SetErrorMode
SetConsoleCtrlHandler
OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
Sleep
GetCurrentProcess
DeleteCriticalSection
RaiseException
GetCurrentThreadId
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetStdHandle
HeapAlloc
WriteConsoleW
LocalAlloc
WideCharToMultiByte
WriteFile
LocalFree
GetFileType
GetConsoleMode
GetModuleFileNameW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
MultiByteToWideChar
GetSystemInfo
OpenProcess
QueryFullProcessImageNameW
HeapSize
HeapReAlloc
HeapDestroy
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
LoadLibraryExW
ole32
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx
user32
CharLowerBuffW
oleaut32
SysAllocString
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
SysAllocStringLen
VarBstrCmp
LoadRegTypeLi
SysStringLen
VariantClear
SysFreeString
GetErrorInfo
ntdll
NtQueryInformationProcess
RtlNtStatusToDosError
RtlGetVersion
NtSetInformationFile
RtlFreeHeap
RtlAllocateHeap
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
Sections
.text Size: 168KB - Virtual size: 168KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/dism.psd1
-
Bin/x86/DISM10/dism.psm1
-
Bin/x86/DISM10/dismapi.dll.dll windows:10 windows x86 arch:x86
c3d0840736061b4e76f6e78737541617
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
95:9f:2e:46:3c:5b:99:36:73:bc:e5:3c:e6:04:68:0d:5e:ee:2c:3d:01:7a:3e:68:2f:e9:b3:ed:be:21:41:4dSigner
Actual PE Digest95:9f:2e:46:3c:5b:99:36:73:bc:e5:3c:e6:04:68:0d:5e:ee:2c:3d:01:7a:3e:68:2f:e9:b3:ed:be:21:41:4dDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DismApi.pdb
Imports
msvcrt
wcsncmp
wcsrchr
_vsnwprintf
_wcsnicmp
feof
strrchr
iswctype
fclose
wcsstr
towlower
_snwscanf_s
_wcslwr_s
memcmp
realloc
_errno
??1type_info@@UAE@XZ
wcstok_s
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
wcscpy_s
_wcstoui64
wcstoul
iswspace
swscanf_s
_wtoi
wcschr
iswalpha
_wcsicmp
_purecall
_wfopen
_onexit
_vscprintf
vsprintf_s
calloc
_vsnprintf
malloc
free
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
fgetws
?terminate@@YAXXZ
??3@YAXPAX@Z
memset
advapi32
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CheckTokenMembership
AddAccessAllowedAce
OpenThreadToken
EqualSid
InitializeAcl
SetSecurityDescriptorDacl
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetLengthSid
InitializeSecurityDescriptor
kernel32
MoveFileExW
GetTimeFormatEx
GetSystemTime
SetErrorMode
GetVersionExW
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceExW
OutputDebugStringW
GetThreadUILanguage
OutputDebugStringA
GetModuleHandleExW
GetLastError
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
LoadLibraryExW
HeapFree
GetProcessHeap
MultiByteToWideChar
WaitForMultipleObjectsEx
WaitForSingleObject
FormatMessageW
LocalFree
GetSystemInfo
GetCommandLineW
GetLocaleInfoEx
IsWow64Process
GetCurrentProcess
CompareStringW
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetEnvironmentVariableW
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetLongPathNameW
CreateEventW
ResumeThread
DuplicateHandle
LoadLibraryExA
VirtualProtect
GetTempFileNameW
GetCurrentThread
ResetEvent
CreateThread
SetEvent
SetLastError
CreateDirectoryW
CloseHandle
CreateFileW
SetFilePointer
GetFullPathNameW
ReadFile
GetSystemWindowsDirectoryW
GetModuleFileNameA
TlsSetValue
UnmapViewOfFile
TlsAlloc
GetLocalTime
GetFileSize
ExitProcess
TlsGetValue
ExpandEnvironmentStringsW
GetFileSizeEx
FlushFileBuffers
CopyFileExW
FindNextFileNameW
DeleteFileW
SetFileInformationByHandle
GetFileInformationByHandle
SetFileAttributesW
FindClose
DeviceIoControl
FindNextFileW
FindFirstFileNameW
FindFirstFileW
GetFileInformationByHandleEx
TlsFree
FormatMessageA
CreateFileMappingW
MapViewOfFile
VirtualQuery
WriteFile
CreateMutexW
ReleaseMutex
DebugBreak
GetModuleHandleExA
GetWindowsDirectoryW
IsDebuggerPresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetFinalPathNameByHandleW
SearchPathW
GetFileAttributesW
ole32
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
StringFromGUID2
user32
CharLowerBuffW
oleaut32
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetUBound
LoadRegTypeLi
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
SysAllocString
SysFreeString
LoadTypeLi
SysAllocStringLen
VarBstrCat
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrCmp
ntdll
RtlInitUnicodeString
NtReadFile
RtlReAllocateHeap
NtClose
RtlExpandEnvironmentStrings
NtQueryInformationFile
NtWaitForSingleObject
NtOpenFile
RtlRaiseStatus
NtYieldExecution
DbgPrintEx
NtWriteFile
RtlDowncaseUnicodeChar
RtlAllocateHeap
RtlGetVersion
NtSetInformationFile
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
RtlFreeHeap
version
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW
Exports
Exports
DismAddCapability
DismAddDriver
DismAddLanguage
DismAddPackage
DismAddProvisionedAppxPackage
DismApplyUnattend
DismCheckImageHealth
DismCleanupMountpoints
DismCloseSession
DismCommitImage
DismDelete
DismDisableFeature
DismEnableFeature
DismGetCapabilities
DismGetCapabilityInfo
DismGetDriverInfo
DismGetDrivers
DismGetFeatureInfo
DismGetFeatureParent
DismGetFeatures
DismGetImageInfo
DismGetLastErrorMessage
DismGetMountedImageInfo
DismGetPackageInfo
DismGetPackageInfoEx
DismGetPackages
DismGetProvisionedAppxPackages
DismGetReservedStorageState
DismInitialize
DismMountImage
DismOpenSession
DismRemountImage
DismRemoveCapability
DismRemoveDriver
DismRemoveLanguage
DismRemovePackage
DismRemoveProvisionedAppxPackage
DismRestoreImageHealth
DismSetReservedStorageState
DismShutdown
DismUnmountImage
_DismAddAppxPackageFamilyToUninstallBlocklist
_DismAddDriverEx
_DismAddPackageEx
_DismAddPackageFamilyToUninstallBlocklist
_DismAddProvisionedAppSharedPackageContainer
_DismAddProvisionedAppxPackage
_DismAddProvisionedAppxPackageEx
_DismApplyCustomDataImage
_DismApplyFfuImage
_DismApplyProvisioningPackage
_DismCaptureSoftwareInventory
_DismCleanImage
_DismEnableDisableFeature
_DismExportDriver
_DismExportSource
_DismGetCapabilitiesEx
_DismGetCapabilityInfoEx
_DismGetCurrentEdition
_DismGetDriversEx
_DismGetEffectiveSystemUILanguage
_DismGetFeaturesEx
_DismGetInstallLanguage
_DismGetKCacheBinaryValue
_DismGetKCacheDwordValue
_DismGetKCacheStringValue
_DismGetLastCBSSessionID
_DismGetNonRemovableAppsPolicy
_DismGetNonRemovableAppxAppsPolicy
_DismGetOSUninstallWindow
_DismGetOsInfo
_DismGetPackageInfoEx
_DismGetProductKeyInfo
_DismGetProvisionedAppSharedPackageContainers
_DismGetProvisionedAppxPackages
_DismGetProvisioningPackageInfo
_DismGetRegistryMountPoint
_DismGetStateFromCBSSessionID
_DismGetTargetCompositionEditions
_DismGetTargetEditions
_DismGetTargetVirtualEditions
_DismGetTemplateAbsolutePath
_DismGetTemplateString
_DismGetUsedSpace
_DismInitiateOSUninstall
_DismOpenSessionEx
_DismOptimizeImage
_DismOptimizeProvisionedAppxPackages
_DismRemoveAppxPackageFamilyFromUninstallBlocklist
_DismRemoveCapabilityEx
_DismRemoveLanguageEx
_DismRemoveOSUninstall
_DismRemovePackageEx
_DismRemovePackageFamilyFromUninstallBlocklist
_DismRemoveProvisionedAppSharedPackageContainer
_DismRemoveProvisionedAppxPackage
_DismRemoveProvisionedAppxPackageAllUsers
_DismRevertPendingActions
_DismSetAllIntlSettings
_DismSetAppXProvisionedDataFile
_DismSetAppxProvisionedDataFile
_DismSetEdition
_DismSetEdition2
_DismSetFirstBootCommandLine
_DismSetIntlSettings
_DismSetMachineName
_DismSetOSUninstallWindow
_DismSetProductKey
_DismSetSkuIntlDefaults
_DismSetTemplateString
_DismSplitFfuImage
_DismStage
_DismSysprepCleanup
_DismSysprepGeneralize
_DismSysprepSpecialize
_DismValidateProductKey
Sections
.text Size: 758KB - Virtual size: 757KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/dismcore.dll.dll regsvr32 windows:10 windows x86 arch:x86
dfd04547b58756c1cfb73d1e744c3f27
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ca:01:7f:61:df:43:86:1a:1e:84:4d:42:e1:73:da:41:33:96:e3:70:7b:53:be:66:41:60:5d:60:2e:c5:80:f9Signer
Actual PE Digestca:01:7f:61:df:43:86:1a:1e:84:4d:42:e1:73:da:41:33:96:e3:70:7b:53:be:66:41:60:5d:60:2e:c5:80:f9Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DismCore.pdb
Imports
msvcrt
feof
fgetws
_wfopen
wcstok_s
fclose
iswctype
strrchr
_wtoi
towlower
swscanf_s
_vscprintf
vsprintf_s
iswalpha
_vsnwprintf
_wcsnicmp
wcsncmp
wcsstr
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
wcsncpy_s
wcscat_s
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
wcsrchr
wcschr
vswprintf_s
_vscwprintf
wcscpy_s
malloc
_resetstkoflw
??3@YAXPAX@Z
free
??_V@YAXPAX@Z
__CxxFrameHandler3
_vsnprintf
memset
advapi32
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegQueryValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
OpenProcessToken
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
OpenThreadToken
kernel32
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
MultiByteToWideChar
HeapFree
GetProcessHeap
GetModuleHandleExW
FreeLibrary
Wow64RevertWow64FsRedirection
SetEvent
GetModuleFileNameW
GetModuleHandleW
GetNativeSystemInfo
Wow64DisableWow64FsRedirection
CopyFileExW
CreateEventW
WaitForSingleObject
TerminateProcess
GetEnvironmentVariableW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
GetProcAddress
LoadLibraryExW
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
CompareStringW
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
InitializeCriticalSection
GetTickCount
OutputDebugStringA
GetSystemDirectoryW
GetVersionExW
SearchPathW
GetSystemInfo
GetSystemWindowsDirectoryW
FormatMessageW
SetFileAttributesW
MoveFileExW
GetSystemTime
FindClose
FindNextFileW
FindFirstFileW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetFileInformationByHandle
CreateDirectoryW
LocalFree
GetCurrentThread
GetFullPathNameW
GetTempFileNameW
CloseHandle
CreateFileW
SetThreadUILanguage
WriteFile
VirtualQuery
MapViewOfFile
CreateFileMappingW
FormatMessageA
TlsFree
TlsGetValue
ExitProcess
GetFileSize
GetLocalTime
DeleteFileW
TlsAlloc
GetLastError
UnmapViewOfFile
SetLastError
TlsSetValue
GetModuleFileNameA
SetFilePointer
ReadFile
DeleteCriticalSection
CreateMutexW
ReleaseMutex
DebugBreak
GetModuleHandleExA
GetFileSizeEx
GetWindowsDirectoryW
IsDebuggerPresent
FlushFileBuffers
GetFileInformationByHandleEx
FindFirstFileNameW
DeviceIoControl
SetFileInformationByHandle
FindNextFileNameW
GetLongPathNameW
GetFinalPathNameByHandleW
GetTempPathW
GetCurrentDirectoryW
GetDriveTypeW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessW
GetExitCodeProcess
LoadLibraryExA
DelayLoadFailureHook
GetFileAttributesW
DuplicateHandle
GetSystemTimeAsFileTime
ole32
CoRegisterPSClsid
CoTaskMemFree
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
CoRevokeClassObject
StringFromCLSID
CoCreateGuid
CoSetProxyBlanket
CoRegisterClassObject
user32
CharNextW
LoadStringW
oleaut32
VariantTimeToSystemTime
RegisterTypeLi
UnRegisterTypeLi
GetErrorInfo
CreateErrorInfo
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
LoadTypeLibEx
SystemTimeToVariantTime
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
ntdll
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetSystemInformation
RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile
RtlAllocateHeap
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 215KB - Virtual size: 215KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/dismcoreps.dll.dll regsvr32 windows:10 windows x86 arch:x86
9008fbb4297eda8bc58ac66d1b3b5368
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f6:a8:8a:d2:f9:27:a2:a8:c4:ca:62:f8:43:ef:45:a1:f9:1b:ea:4f:3e:ab:74:d3:7d:95:47:97:b6:68:67:acSigner
Actual PE Digestf6:a8:8a:d2:f9:27:a2:a8:c4:ca:62:f8:43:ef:45:a1:f9:1b:ea:4f:3e:ab:74:d3:7d:95:47:97:b6:68:67:acDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
DismCorePS.pdb
Imports
msvcrt
_XcptFilter
_initterm
malloc
free
_amsg_exit
_except_handler4_common
memcmp
oleaut32
BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserSize
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
BSTR_UserMarshal
rpcrt4
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
NdrStubForwardingFunction
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrStubCall2
kernel32
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllGetDismInterfaces
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 16KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/dismprov.dll.dll regsvr32 windows:10 windows x86 arch:x86
8eba3950906dc7e02c94ae3aa173a15a
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
78:bf:b0:bf:39:c5:02:02:9b:fb:47:18:2b:39:a3:0f:2a:12:a1:1e:c2:c6:cc:3d:96:84:b8:ad:d7:09:45:6fSigner
Actual PE Digest78:bf:b0:bf:39:c5:02:02:9b:fb:47:18:2b:39:a3:0f:2a:12:a1:1e:c2:c6:cc:3d:96:84:b8:ad:d7:09:45:6fDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DISMProv.pdb
Imports
msvcrt
strrchr
fclose
_wcsicmp
_vsnwprintf
wcschr
_wcsnicmp
wcsncmp
_vsnprintf
vsprintf_s
_vscprintf
swscanf_s
_wtoi
towlower
_wfopen
fgetws
feof
iswctype
__RTDynamicCast
wcstok_s
memcmp
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
wcscat_s
wcscpy_s
wcsrchr
memmove_s
_purecall
vswprintf_s
_vscwprintf
memcpy_s
free
malloc
wcsncpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
memset
ntdll
RtlAllocateHeap
RtlFreeHeap
oleaut32
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VarUI4FromStr
SysAllocString
SysAllocStringByteLen
RegisterTypeLi
UnRegisterTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringByteLen
SysFreeString
advapi32
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegQueryValueExW
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
kernel32
GetSystemInfo
IsDebuggerPresent
GetWindowsDirectoryW
GetFileSizeEx
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleFileNameA
TlsSetValue
UnmapViewOfFile
TlsAlloc
GetLocalTime
GetFileSize
ExitProcess
TlsGetValue
TlsFree
FormatMessageA
CreateFileMappingW
MapViewOfFile
VirtualQuery
WriteFile
SetFilePointer
CreateMutexW
ReleaseMutex
GetModuleHandleExA
DeleteFileW
CreateFileW
GetLastError
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleW
lstrcmpiW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetModuleHandleExW
LockResource
CompareStringW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
GetEnvironmentVariableW
WideCharToMultiByte
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetLastError
DeviceIoControl
GetFileAttributesW
FlushFileBuffers
GetFullPathNameW
WaitForSingleObject
FormatMessageW
LocalFree
GetTempFileNameW
GetCurrentThread
DebugBreak
ole32
CoTaskMemFree
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoUnmarshalInterface
StringFromGUID2
CoCreateInstance
CoRegisterPSClsid
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
user32
CharNextW
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 160KB - Virtual size: 159KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/VHDProvider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/dism.exe.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 28KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/dismapi.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/dismcore.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/dismprov.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/ffuprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/folderprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/imagingprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/logprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/siloedpackageprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/wimgapi.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/en-us/wimprovider.dll.mui.dll windows:10 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rdata Size: 512B - Virtual size: 224B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 26KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/ffuprovider.dll.dll regsvr32 windows:10 windows x86 arch:x86
f1706fdc59248e9fdc6b7017cbb8c085
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:bb:2e:19:9f:b7:44:2c:a2:3b:45:9f:0f:3a:2c:35:87:97:85:63:45:30:0a:1d:dc:c7:31:15:d4:20:bf:27Signer
Actual PE Digest61:bb:2e:19:9f:b7:44:2c:a2:3b:45:9f:0f:3a:2c:35:87:97:85:63:45:30:0a:1d:dc:c7:31:15:d4:20:bf:27Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
FfuProvider.pdb
Imports
msvcrt
wcstoul
wcsrchr
strchr
swscanf
iswspace
memset
_wcsnicmp
_vsnprintf
__RTDynamicCast
memcmp
??1type_info@@UAE@XZ
_except_handler4_common
_onexit
__dllonexit
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
malloc
_wcsicmp
_purecall
wcschr
wcstol
_vsnwprintf
_vscwprintf
memmove_s
memcpy_s
vswprintf_s
wcsncpy_s
wcscat_s
free
wcscpy_s
_stricmp
__CxxFrameHandler3
advapi32
RegUnLoadKeyW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegFlushKey
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyExW
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
kernel32
DeleteVolumeMountPointW
QueryPerformanceFrequency
WaitForSingleObject
TrySubmitThreadpoolCallback
GetSystemInfo
SetEvent
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DeleteFileW
GetFirmwareEnvironmentVariableW
GetDiskFreeSpaceW
GetVolumePathNameW
GetFileTime
InitializeCriticalSectionAndSpinCount
LCIDToLocaleName
SetFilePointer
FreeLibrary
FindFirstFileW
SetFileAttributesW
FindNextFileW
FindClose
HeapFree
GetModuleHandleExW
HeapAlloc
GetProcAddress
GetProcessHeap
SetLastError
GetModuleHandleW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
LoadLibraryExW
InitializeCriticalSection
SetThreadUILanguage
SizeofResource
LockResource
LoadResource
FindResourceExW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
GetFileAttributesW
CompareStringW
CreateFileW
GetFileSizeEx
WriteFile
LCMapStringW
CloseHandle
CreateDirectoryW
RemoveDirectoryW
HeapSize
HeapReAlloc
HeapDestroy
MultiByteToWideChar
WideCharToMultiByte
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetSystemFirmwareTable
GetVolumeInformationByHandleW
CopyFileW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetOverlappedResult
DeviceIoControl
CreateEventW
CreateIoCompletionPort
GetDriveTypeW
GetTempPathW
CopyFileExW
CreateMutexW
GetCurrentThread
SetFilePointerEx
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
VirtualQuery
FormatMessageW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
ReleaseMutex
GetFullPathNameW
LocalAlloc
GetFileSize
LocalFree
IsWow64Process
GetVersionExW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SearchPathW
ReadFile
ole32
CoInitializeEx
CoUninitialize
ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoCreateInstance
StringFromGUID2
CoSetProxyBlanket
user32
LoadStringW
CharLowerBuffW
CharNextW
oleaut32
VariantInit
VariantClear
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
VarBstrCmp
SysAllocStringLen
SysStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
SysAllocStringByteLen
GetErrorInfo
ntdll
RtlDowncaseUnicodeChar
DbgPrintEx
NtYieldExecution
RtlRaiseStatus
NtOpenFile
NtClose
RtlInitializeBitMap
RtlClearAllBits
NtWaitForSingleObject
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
RtlExpandEnvironmentStrings
RtlRandom
RtlReAllocateHeap
NtReadFile
NtSetInformationFile
RtlInitUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
NtWriteFile
RtlFreeHeap
RtlAllocateHeap
RtlNumberOfSetBits
RtlFindSetBits
RtlAreBitsClear
RtlSetBits
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
bcrypt
BCryptFinishHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptGetProperty
BCryptDestroyHash
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 441KB - Virtual size: 440KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/folderprovider.dll.dll regsvr32 windows:10 windows x86 arch:x86
9c33cb81ce3dced0ef58402b1cd14366
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
35:8b:b8:b3:2d:cf:ee:17:22:80:72:a3:ae:e4:ad:cb:ab:1d:d5:02:9b:d7:30:b8:5f:1e:41:ec:db:71:d1:c5Signer
Actual PE Digest35:8b:b8:b3:2d:cf:ee:17:22:80:72:a3:ae:e4:ad:cb:ab:1d:d5:02:9b:d7:30:b8:5f:1e:41:ec:db:71:d1:c5Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
FolderProvider.pdb
Imports
msvcrt
wcschr
_wcsnicmp
wcsncmp
??3@YAXPAX@Z
memcmp
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??1type_info@@UAE@XZ
advapi32
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
kernel32
SetLastError
GetFileAttributesW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFullPathNameW
ole32
StringFromGUID2
CoCreateInstance
user32
CharNextW
oleaut32
SysStringLen
SysAllocStringLen
SysFreeString
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
ntdll
RtlFreeHeap
RtlAllocateHeap
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/imagingprovider.dll.dll regsvr32 windows:10 windows x86 arch:x86
cd4a34e298a62720e1362500119bc15b
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ea:5a:b2:00:69:fe:2c:11:cb:90:aa:09:21:21:2e:9f:8f:c4:a6:2d:00:fd:2d:26:22:ed:2d:11:dc:ef:07:84Signer
Actual PE Digestea:5a:b2:00:69:fe:2c:11:cb:90:aa:09:21:21:2e:9f:8f:c4:a6:2d:00:fd:2d:26:22:ed:2d:11:dc:ef:07:84Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
ImagingProvider.pdb
Imports
msvcrt
_onexit
?terminate@@YAXXZ
_except_handler4_common
__RTDynamicCast
??1type_info@@UAE@XZ
_errno
realloc
memcmp
__dllonexit
_vsnwprintf
iswalpha
towlower
wcschr
_snwscanf_s
wcsrchr
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
_unlock
_lock
malloc
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
vswprintf_s
_vscwprintf
_wtoi64
wcstoul
_wcsnicmp
wcsncpy_s
wcscat_s
free
wcscpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
memset
advapi32
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
kernel32
SetLastError
FreeLibrary
SearchPathW
GetVersionExW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetLocaleInfoW
GetNumberFormatW
HeapAlloc
GetProcessHeap
HeapFree
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CompareStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetThreadUILanguage
FormatMessageW
LocalFree
CloseHandle
CreateFileW
ole32
CoTaskMemFree
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
user32
LoadStringW
CharLowerBuffW
CharNextW
oleaut32
GetErrorInfo
VariantClear
SetErrorInfo
CreateErrorInfo
SysAllocStringLen
LoadRegTypeLi
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
ntdll
VerSetConditionMask
RtlVerifyVersionInfo
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 121KB - Virtual size: 121KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/logprovider.dll.dll regsvr32 windows:10 windows x86 arch:x86
cd03423e8c2063fc7a8faa4f6d83c549
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b4:dc:04:59:3e:36:8b:4d:94:01:40:d9:ad:b9:fe:ec:4d:11:5d:e2:11:ad:22:27:56:0b:fd:e2:20:c2:c6:42Signer
Actual PE Digestb4:dc:04:59:3e:36:8b:4d:94:01:40:d9:ad:b9:fe:ec:4d:11:5d:e2:11:ad:22:27:56:0b:fd:e2:20:c2:c6:42Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
LogProvider.pdb
Imports
msvcrt
_initterm
_except_handler4_common
_lock
_unlock
__dllonexit
realloc
_onexit
memcmp
?terminate@@YAXXZ
wcsrchr
vsprintf_s
_vscprintf
_vsnwprintf
??1type_info@@UAE@XZ
wcsncmp
_wcsnicmp
_wcsicmp
wcschr
towlower
strrchr
iswctype
fclose
_wtoi
wcstok_s
_wfopen
fgetws
feof
swscanf_s
_errno
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
malloc
calloc
memmove_s
memcpy_s
_purecall
vswprintf_s
_vscwprintf
_vsnprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??3@YAXPAX@Z
memset
ntdll
RtlAllocateHeap
RtlFreeHeap
oleaut32
SysAllocStringLen
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SysStringLen
SystemTimeToVariantTime
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysFreeString
VariantTimeToSystemTime
RegisterTypeLi
advapi32
SetSecurityDescriptorDacl
EqualSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegQueryValueExW
FreeSid
RegQueryInfoKeyW
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExW
RegCloseKey
kernel32
WriteFile
GetVersionExW
SearchPathW
FreeLibrary
SetFilePointer
CreateMutexW
ReleaseMutex
DebugBreak
GetModuleHandleExA
GetWindowsDirectoryW
IsDebuggerPresent
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
FormatMessageA
TlsFree
TlsGetValue
ExitProcess
GetFileSize
GetModuleFileNameA
TlsSetValue
TlsAlloc
GetLocalTime
GetFileSizeEx
GetSystemWindowsDirectoryW
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapAlloc
GetProcessHeap
OutputDebugStringA
HeapFree
CreateDirectoryW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapDestroy
GetEnvironmentVariableW
MultiByteToWideChar
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
CloseHandle
FormatMessageW
LocalFree
GetSystemInfo
GetTempFileNameW
GetFullPathNameW
GetCurrentThread
WaitForSingleObject
GetFileAttributesW
SetLastError
DeviceIoControl
DeleteFileW
FlushFileBuffers
ole32
CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
StringFromGUID2
user32
LoadStringW
CharNextW
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/pkgmgr.exe.exe windows:10 windows x86 arch:x86
40476cffcaa40cd5a09ef705c35979ab
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
43:6f:a8:fc:72:65:6f:0d:be:8e:b7:ff:d4:7e:87:c4:de:a7:63:22:f6:8c:11:62:2e:f6:c3:74:83:dd:48:eaSigner
Actual PE Digest43:6f:a8:fc:72:65:6f:0d:be:8e:b7:ff:d4:7e:87:c4:de:a7:63:22:f6:8c:11:62:2e:f6:c3:74:83:dd:48:eaDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
pkgmgr.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
_initterm
api-ms-win-crt-private-l1-1-0
_o__free_base
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__exit
_o__wcsnicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_wcstoul
_except_handler4_common
__current_exception
__current_exception_context
_o__errno
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o__crt_atexit
_o__controlfp_s
_o___p__commode
_o___p___wargv
_o__configure_wide_argv
_o___p___argc
_o__configthreadlocale
_o__wcsicmp
_o__cexit
_o__callnewh
wcsstr
wcschr
wcsrchr
__CxxFrameHandler3
_CxxThrowException
memcmp
memcpy
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-core-file-l1-1-0
GetFullPathNameW
DeleteFileW
FindNextFileW
GetFileAttributesExW
GetFileAttributesW
CreateFileW
RemoveDirectoryW
FindClose
CreateDirectoryW
FindFirstFileW
CompareFileTime
api-ms-win-core-errorhandling-l1-1-0
SetErrorMode
SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetErrorMode
api-ms-win-core-processenvironment-l1-1-0
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCommandLineW
GetEnvironmentVariableW
api-ms-win-core-libraryloader-l1-1-0
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress
GetModuleFileNameW
api-ms-win-core-processthreads-l1-1-0
InitializeProcThreadAttributeList
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
DeleteProcThreadAttributeList
TerminateProcess
UpdateProcThreadAttribute
CreateProcessW
GetExitCodeProcess
api-ms-win-eventing-controller-l1-1-0
ControlTraceW
StartTraceW
api-ms-win-eventing-legacy-l1-1-0
EnableTrace
api-ms-win-eventing-consumer-l1-1-0
CloseTrace
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-heap-obsolete-l1-1-0
LocalAlloc
LocalFree
api-ms-win-security-lsalookup-l2-1-0
LookupPrivilegeValueW
api-ms-win-security-base-l1-1-0
AdjustTokenPrivileges
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-shutdown-l1-1-0
InitiateSystemShutdownExW
api-ms-win-core-synch-l1-2-0
InitOnceBeginInitialize
Sleep
InitOnceComplete
api-ms-win-core-heap-l1-1-0
HeapReAlloc
HeapSize
HeapSetInformation
GetProcessHeap
HeapDestroy
HeapAlloc
HeapFree
api-ms-win-core-synch-l1-1-0
InitializeCriticalSectionEx
ReleaseMutex
LeaveCriticalSection
ReleaseSemaphore
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
WaitForSingleObject
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
EnterCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
api-ms-win-core-kernel32-legacy-l1-1-0
LoadLibraryW
CopyFileW
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-debug-l1-1-0
DebugBreak
OutputDebugStringA
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-com-l1-1-0
CoCreateGuid
CoGetMalloc
StringFromGUID2
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
api-ms-win-core-file-l2-1-0
MoveFileExW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-registry-l2-1-0
RegOpenKeyTransactedW
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventRegister
EventUnregister
api-ms-win-core-threadpool-l1-2-0
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
user32
MessageBoxW
ntdll
RtlAllocateHeap
RtlLengthSecurityDescriptor
NtOpenProcessToken
RtlSetOwnerSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
RtlAllocateAndInitializeSid
NtOpenThreadToken
NtPrivilegeCheck
RtlSetGroupSecurityDescriptor
RtlCreateSecurityDescriptor
DbgPrintEx
NtClose
RtlRaiseStatus
RtlFreeHeap
api-ms-win-core-file-l1-2-0
GetTempPathW
Sections
.text Size: 213KB - Virtual size: 213KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/siloedpackageprovider.dll.dll regsvr32 windows:10 windows x86 arch:x86
d5dcf729345569dcf645ed0b964f656c
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4b:87:4e:6b:58:bb:fd:d3:91:40:41:02:d4:ed:55:ae:6b:7e:7a:08:d8:33:5c:a9:b7:b3:d6:f0:08:8b:15:5dSigner
Actual PE Digest4b:87:4e:6b:58:bb:fd:d3:91:40:41:02:d4:ed:55:ae:6b:7e:7a:08:d8:33:5c:a9:b7:b3:d6:f0:08:8b:15:5dDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
SiloedPackageProvider.pdb
Imports
msvcrt
wcsrchr
__RTDynamicCast
_vsnwprintf
??3@YAXPAX@Z
memcmp
realloc
_errno
_onexit
__dllonexit
_except_handler4_common
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
_callnewh
_unlock
_lock
malloc
_stricmp
calloc
memmove_s
memcpy_s
_purecall
_wcsicmp
vswprintf_s
_vscwprintf
wcsncpy_s
wcscat_s
free
wcscpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
??1type_info@@UAE@XZ
memset
advapi32
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
kernel32
SetLastError
GetVersionExW
UnmapViewOfFile
FreeLibrary
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetThreadUILanguage
FormatMessageW
LocalFree
CreateFileW
CloseHandle
CreateFileMappingW
MapViewOfFile
VirtualProtect
LoadLibraryExA
VirtualQuery
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SearchPathW
ole32
CoTaskMemFree
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
user32
UnregisterClassA
CharNextW
CharLowerBuffW
LoadStringW
oleaut32
SysStringLen
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysFreeString
UnRegisterTypeLi
SysAllocString
LoadTypeLi
SysAllocStringByteLen
RegisterTypeLi
VarBstrCmp
SysStringByteLen
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 62KB - Virtual size: 62KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/ssshim.dll.dll windows:10 windows x86 arch:x86
c2b683814925d0aa3dbbba53c2939c14
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e8:a0:78:f8:13:7d:5a:92:6f:8c:f5:3c:62:00:fd:27:e0:23:16:5b:75:51:7b:77:75:56:ba:10:1d:7f:d6:75Signer
Actual PE Digeste8:a0:78:f8:13:7d:5a:92:6f:8c:f5:3c:62:00:fd:27:e0:23:16:5b:75:51:7b:77:75:56:ba:10:1d:7f:d6:75Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
ssshim.pdb
Imports
ntdll
LdrLockLoaderLock
LdrUnlockLoaderLock
RtlRaiseStatus
NtQueryAttributesFile
RtlPcToFileHeader
NtOpenKey
NtQueryValueKey
LdrLoadDll
LdrUnloadDll
NtQueryPerformanceCounter
NtClose
RtlAllocateHeap
RtlFreeHeap
NtOpenFile
NtQueryDirectoryFile
NtCreateFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtSetInformationFile
RtlRaiseException
NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDelayExecution
RtlInitString
LdrGetProcedureAddress
RtlQueryEnvironmentVariable_U
NtTerminateProcess
RtlUnhandledExceptionFilter
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
DbgPrintEx
RtlReAllocateHeap
RtlNtStatusToDosErrorNoTeb
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlEnterCriticalSection
strncmp
RtlInitializeCriticalSection
RtlLeaveCriticalSection
_snprintf_s
RtlDosPathNameToNtPathName_U
wcstoul
LdrGetDllHandleEx
DbgPrint
RtlCreateUnicodeStringFromAsciiz
NtQuerySystemTime
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlWakeAllConditionVariable
RtlSleepConditionVariableSRW
RtlUnwind
memmove
memcmp
memcpy
memset
Exports
Exports
SssBindServicingStack
SssGetServicingStackFilePath
SssGetServicingStackFilePathLength
SssGetServicingStackVersion
SssPreloadDownlevelDependencies
SssReleaseServicingStack
Sections
.text Size: 97KB - Virtual size: 97KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/vhdprovider.dll.dll regsvr32 windows:10 windows x86 arch:x86
3a002a40965d46a77a1abbff3d5ee28c
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
9f:95:af:79:2d:28:64:57:96:8f:1b:30:c7:2a:a4:70:56:a6:3c:6f:ca:39:c5:82:60:dd:5f:2e:bf:a6:0e:34Signer
Actual PE Digest9f:95:af:79:2d:28:64:57:96:8f:1b:30:c7:2a:a4:70:56:a6:3c:6f:ca:39:c5:82:60:dd:5f:2e:bf:a6:0e:34Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
VhdProvider.pdb
Imports
msvcrt
iswalpha
_wcsnicmp
wcsncmp
wcscat_s
wcsncpy_s
_purecall
_stricmp
malloc
_callnewh
wcsrchr
wcschr
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??3@YAXPAX@Z
iswspace
_vsnwprintf_s
wcstoul
towupper
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
calloc
_wcsicmp
wcsstr
memmove
_lock
_vsnwprintf
_vscwprintf
_unlock
memmove_s
_wtoi
iswctype
qsort
wcstok_s
_wcsupr
_snwscanf_s
towlower
memcmp
_onexit
__dllonexit
_except_handler4_common
??1type_info@@UAE@XZ
memcpy_s
vswprintf_s
?terminate@@YAXXZ
_initterm
_amsg_exit
free
wcscpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
_XcptFilter
memset
advapi32
AdjustTokenPrivileges
RegLoadKeyW
RegUnLoadKeyW
DuplicateTokenEx
SetThreadToken
RegGetValueW
RegDeleteKeyExW
RegFlushKey
RegEnumKeyExW
RegDeleteTreeW
RegEnumValueW
OpenThreadToken
OpenProcessToken
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
kernel32
GetFileSizeEx
SetFilePointerEx
GetFileTime
SetFilePointer
MapViewOfFile
CreateFileMappingW
LCIDToLocaleName
UnmapViewOfFile
GetVersionExW
SearchPathW
CloseHandle
SizeofResource
LockResource
LoadResource
FindResourceExW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetLastError
HeapFree
GetProcessHeap
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
Sleep
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
HeapAlloc
SetVolumeMountPointW
DeleteVolumeMountPointW
GetFileAttributesW
SetFileAttributesW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteFileW
GetVolumePathNamesForVolumeNameW
SetLastError
MultiByteToWideChar
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
SetThreadUILanguage
CompareStringW
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
WriteFile
SetEndOfFile
UnlockFileEx
GetModuleHandleExW
GetVolumeInformationW
FreeLibrary
LockFileEx
LoadLibraryW
ReadFile
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
VerSetConditionMask
GetSystemInfo
VirtualQuery
CopyFileExW
GetDiskFreeSpaceW
FormatMessageW
LocalFree
GetDiskFreeSpaceExW
GetSystemDirectoryW
VirtualAlloc
GetFullPathNameW
VirtualFree
GetCurrentThread
VirtualProtect
LoadLibraryExA
GetTempPathW
GetFileInformationByHandle
GetVolumePathNameW
FindFirstFileW
FindNextFileW
FindClose
CreateThread
GetLogicalDrives
DeviceIoControl
GetDriveTypeW
ole32
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
user32
CharNextW
LoadStringW
oleaut32
LoadTypeLi
SysFreeString
SetErrorInfo
CreateErrorInfo
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
SysStringLen
RegisterTypeLi
SysAllocString
UnRegisterTypeLi
ntdll
DbgPrintEx
RtlDowncaseUnicodeChar
NtYieldExecution
RtlRaiseStatus
RtlCompareMemory
NtQueryObject
RtlCompareUnicodeString
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtUnloadKey2
RtlAdjustPrivilege
NtOpenFile
RtlReAllocateHeap
RtlSetThreadErrorMode
RtlGetThreadErrorMode
RtlVerifyVersionInfo
RtlFreeHeap
RtlAllocateHeap
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlNtStatusToDosError
NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
RtlInitUnicodeString
rpcrt4
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
UuidCreate
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 378KB - Virtual size: 378KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/wimgapi.dll.dll windows:10 windows x86 arch:x86
00c12361a9c97da47e36e4b0fb93bb84
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e0:dc:0a:c9:9b:21:67:86:7f:01:bf:bc:71:1b:e5:f5:5b:3b:50:a2:1a:c6:6a:f2:8a:c1:df:87:90:e0:71:6cSigner
Actual PE Digeste0:dc:0a:c9:9b:21:67:86:7f:01:bf:bc:71:1b:e5:f5:5b:3b:50:a2:1a:c6:6a:f2:8a:c1:df:87:90:e0:71:6cDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
wimgapi.pdb
Imports
msvcrt
strncpy_s
wcsncmp
_wcsnicmp
wcsnlen
wcsstr
_vsnwprintf
_wtoi
swscanf_s
_wcsupr
_wcsicmp
wcstoul
memmove
_onexit
__dllonexit
_unlock
_lock
memcpy_s
_wcsrev
wcstok_s
memcpy
memcmp
_initterm
malloc
free
_amsg_exit
_callnewh
_vscwprintf
_purecall
iswspace
memmove_s
_wcstoi64
_strnicmp
qsort
towupper
wcschr
towlower
strcpy_s
_wcslwr
_except_handler4_common
_XcptFilter
wcsrchr
memset
kernel32
GetDriveTypeW
RemoveDirectoryW
HeapFree
CompareStringW
GetLastError
SetLastError
LocalFree
GetSystemDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetTempFileNameW
GetFileSize
SetFilePointer
ReadFile
SetFilePointerEx
DeleteCriticalSection
GetSystemInfo
HeapAlloc
SetThreadIdealProcessor
LocalAlloc
GetEnvironmentVariableW
GetOverlappedResult
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
CreateDirectoryW
WriteFile
SetEndOfFile
CreateEventW
LockFileEx
UnlockFileEx
GetFileSizeEx
DeviceIoControl
HeapReAlloc
GetHandleInformation
WaitForSingleObject
CreateMutexW
GetModuleHandleExW
GetModuleFileNameW
FormatMessageW
ReleaseMutex
WideCharToMultiByte
GetProcessHeap
CloseHandle
GetFileInformationByHandle
CreateFileW
InitializeCriticalSection
OpenProcess
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
SetFileAttributesW
GlobalMemoryStatusEx
GetFinalPathNameByHandleW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
OpenEventW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetPrivateProfileSectionW
GetModuleHandleW
WaitForMultipleObjects
ReleaseSemaphore
SetEvent
CreateSemaphoreW
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
DeleteFileW
LCIDToLocaleName
CopyFileExW
GetCurrentDirectoryW
WaitForMultipleObjectsEx
ResetEvent
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetLogicalDriveStringsW
Wow64DisableWow64FsRedirection
CreateProcessW
GetExitCodeProcess
Wow64RevertWow64FsRedirection
CreateSemaphoreExW
MultiByteToWideChar
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetCurrentThread
CreateThread
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
LoadLibraryW
GetVolumePathNamesForVolumeNameW
GetFileInformationByHandleEx
FindFirstFileNameW
SetFileInformationByHandle
FindNextFileNameW
GetLongPathNameW
GetTempPathW
bcrypt
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
fltlib
FilterSendMessage
FilterAttach
FilterLoad
FilterConnectCommunicationPort
cabinet
ord23
ord22
ord20
advapi32
LookupPrivilegeValueW
SetThreadToken
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAccessAllowedAceEx
RevertToSelf
RegDeleteKeyExW
GetSecurityDescriptorLength
GetSecurityInfo
FreeSid
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegLoadKeyW
RegCloseKey
RegOpenKeyExW
version
VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
user32
CharUpperW
ntdll
RtlDeleteResource
NtQuerySecurityObject
RtlRaiseStatus
RtlDosPathNameToNtPathName_U_WithStatus
RtlInitializeCriticalSection
DbgPrintEx
RtlReleaseResource
RtlReAllocateHeap
NtYieldExecution
RtlDowncaseUnicodeChar
RtlGetVersion
RtlAcquireResourceExclusive
RtlInitializeResource
NtUnloadKey2
NtSetEaFile
NtSetSecurityObject
RtlFindAceByType
RtlSetControlSecurityDescriptor
RtlInitUnicodeString
RtlImpersonateSelf
NtQueryVolumeInformationFile
NtCreateFile
NtQueryEaFile
NtQueryInformationProcess
NtQueryInformationFile
RtlGetLastNtStatus
NtSetInformationFile
RtlSetIoCompletionCallback
RtlFreeHeap
NtClose
NtQueryDirectoryFile
RtlAllocateHeap
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlAcquireResourceShared
rpcrt4
UuidCreate
RpcBindingFree
RpcBindingSetAuthInfoW
I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
UuidFromStringW
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
Exports
Exports
DllCanUnloadNow
DllMain
WIMAddImagePath
WIMAddImagePaths
WIMAddWimbootEntry
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMCreateWofCompressedFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImageDirectory
WIMExtractImagePath
WIMExtractImagePathByWimHandle
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromHandle
WIMGetMountedImages
WIMGetWIMBootEntries
WIMGetWIMBootWIMPath
WIMGetWimFileSize
WIMInitFileIOCallbacks
WIMInitializeWofDriver
WIMIsCurrentSystemWimboot
WIMIsReferenceWim
WIMLoadImage
WIMLoadOSInformation
WIMMountImage
WIMMountImageHandle
WIMProcessCustomImage
WIMReadFileEx
WIMReadImageFile
WIMRedirectFolderBeforeApply
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetCachedSigningLevel
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetImageUserSpecifiedCreationTime
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSetWimGuid
WIMSingleInstanceFile
WIMSplitFile
WIMUnmountImage
WIMUnmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback
WIMUpdateWIMBootEntry
WIMWriteFileWithIntegrity
Sections
.text Size: 580KB - Virtual size: 580KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/wimmount.sys.sys windows:10 windows x86 arch:x86
bd282f682829ee21810e5022d0d11dc3
Code Sign
33:00:00:06:ad:ac:dd:3c:98:83:5e:29:49:00:00:00:00:06:adCertificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:37Not After15/09/2024, 22:37SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ed:9b:71:25:bb:d6:78:f6:77:f2:7e:c9:b3:4d:64:75:ed:fb:8b:cc:c0:ad:01:eb:24:93:49:f3:76:60:09:bfSigner
Actual PE Digested:9b:71:25:bb:d6:78:f6:77:f2:7e:c9:b3:4d:64:75:ed:fb:8b:cc:c0:ad:01:eb:24:93:49:f3:76:60:09:bfDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
wimmount.pdb
Imports
ntoskrnl.exe
KeWaitForSingleObject
RtlUnwind
KeBugCheckEx
RtlCompareMemory
ZwOpenProcess
ProbeForRead
ZwClose
ExEventObjectType
TmTransactionObjectType
ZwCreateEvent
ProbeForWrite
ObOpenObjectByPointer
PsProcessType
KeWaitForMultipleObjects
RtlAppendUnicodeStringToString
InterlockedPopEntrySList
ExInitializeResourceLite
InterlockedPushEntrySList
RtlCompareUnicodeString
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
MmGetSystemRoutineAddress
IoGetTopLevelIrp
RtlGetVersion
ObReferenceObjectByHandle
KeSetEvent
PsGetCurrentProcessId
ExDeletePagedLookasideList
IoFileObjectType
RtlInitUnicodeString
ExInitializePagedLookasideList
ObfDereferenceObject
ExDeleteResourceLite
ZwDuplicateObject
fltmgr.sys
FltUnregisterFilter
FltAcquireResourceShared
FltGetVolumeFromFileObject
FltSendMessage
FltObjectReference
FltObjectDereference
FltCloseClientPort
FltGetVolumeName
FltCreateFileEx2
FltEnumerateInstances
FltFreeSecurityDescriptor
FltCloseCommunicationPort
FltGetRequestorProcessId
FltGetDiskDeviceObject
FltClose
FltSetStreamContext
FltDeleteStreamContext
FltReissueSynchronousIo
FltStartFiltering
FltGetStreamContext
FltReleaseFileNameInformation
FltQueryInformationFile
FltFsControlFile
FltGetFileNameInformation
FltIsDirectory
FltAcquireResourceExclusive
FltSetInformationFile
FltReleaseContext
FltCreateCommunicationPort
FltReleaseResource
FltBuildDefaultSecurityDescriptor
FltCreateFile
FltGetRoutineAddress
FltUntagFile
FltAllocateContext
FltRegisterFilter
FltSetCallbackDataDirty
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/wimprovider.dll.dll regsvr32 windows:10 windows x86 arch:x86
29cfdde153cb63fe27925fc12376e42e
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b5:ed:77:e7:6c:34:87:a4:7f:74:4b:01:e8:3a:04:f7:e9:6f:7d:47:c9:2e:fb:96:87:de:b5:67:17:56:fa:2eSigner
Actual PE Digestb5:ed:77:e7:6c:34:87:a4:7f:74:4b:01:e8:3a:04:f7:e9:6f:7d:47:c9:2e:fb:96:87:de:b5:67:17:56:fa:2eDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
WimProvider.pdb
Imports
msvcrt
wcsstr
iswalpha
iswspace
??3@YAXPAX@Z
_wtoi64
towupper
_vsnprintf_s
_wcsnicmp
__RTDynamicCast
memcmp
_errno
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
_vsnwprintf_s
_unlock
_lock
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
_callnewh
malloc
_wcsicmp
wcstoul
_vsnwprintf
wcsncmp
wcschr
wcscat_s
calloc
_wtol
wcscpy_s
wcsncpy_s
memmove_s
wcsrchr
free
_stricmp
_vscwprintf
_strnicmp
_purecall
vswprintf_s
memcpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
wcstok_s
wcspbrk
memset
advapi32
EventActivityIdControl
EventWriteTransfer
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
EventRegister
EventUnregister
kernel32
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetVersionExW
SearchPathW
WaitForSingleObject
GetPrivateProfileSectionW
GetDriveTypeW
GetFinalPathNameByHandleW
CreateSemaphoreExW
ReleaseSemaphore
ReleaseMutex
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DebugBreak
GetModuleFileNameA
SizeofResource
SetLastError
EnterCriticalSection
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
OutputDebugStringW
LockResource
FindResourceExW
LoadResource
DeleteCriticalSection
GetCurrentProcessId
GetModuleHandleW
IsDebuggerPresent
HeapFree
GetProcessHeap
GetFullPathNameW
HeapReAlloc
HeapAlloc
GetLastError
CompareStringW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
LocalFree
CreateFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
DeleteFileW
GetLocaleInfoW
GetNumberFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
SystemTimeToFileTime
FindFirstFileNameW
FindNextFileNameW
FindClose
HeapSize
HeapDestroy
Sleep
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
WriteFile
SetFileAttributesW
GetFileAttributesW
DeviceIoControl
RemoveDirectoryW
LocalAlloc
CreateEventW
GetOverlappedResult
LoadLibraryW
GetVolumePathNamesForVolumeNameW
VirtualProtect
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemInfo
VirtualQuery
LoadLibraryExW
SetThreadUILanguage
FormatMessageW
CreateDirectoryW
GetFileInformationByHandle
GetVolumePathNameW
FindNextFileW
FindFirstFileW
GetVolumeNameForVolumeMountPointW
ole32
CoTaskMemFree
ProgIDFromCLSID
CLSIDFromString
StringFromCLSID
CoCreateGuid
CoCreateInstance
StringFromGUID2
user32
CharUpperW
CharLowerBuffW
CharNextW
LoadStringW
oleaut32
SysStringLen
VariantTimeToSystemTime
VarDateFromStr
VarBstrCmp
VariantClear
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
CreateErrorInfo
SetErrorInfo
LoadRegTypeLi
SysAllocString
SysFreeString
LoadTypeLi
xmllite
CreateXmlWriter
CreateXmlReader
profapi
ord104
ntdll
RtlFreeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlRaiseStatus
NtYieldExecution
DbgPrintEx
RtlNtStatusToDosError
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 399KB - Virtual size: 398KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 168B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/wimserv.exe.exe windows:10 windows x86 arch:x86
5a03a2d94430ac727ceb25c69e317d2a
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ec:77:38:73:17:4c:fc:e0:97:fa:bc:d5:1b:0c:17:03:1e:40:4d:0c:28:ac:6a:f3:21:71:cd:d1:e5:ea:89:25Signer
Actual PE Digestec:77:38:73:17:4c:fc:e0:97:fa:bc:d5:1b:0c:17:03:1e:40:4d:0c:28:ac:6a:f3:21:71:cd:d1:e5:ea:89:25Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
wimserv.pdb
Imports
msvcrt
_strnicmp
memcpy_s
strcpy_s
_wcsnicmp
_vsnwprintf
_wcsicmp
towupper
strncpy_s
_vscwprintf
wcsstr
iswspace
_purecall
malloc
_callnewh
free
qsort
memmove_s
memcpy
memcmp
wcsncmp
wcsrchr
swscanf_s
wcschr
memmove
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memset
kernel32
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
LoadLibraryW
LocalFileTimeToFileTime
DosDateTimeToFileTime
MultiByteToWideChar
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateSemaphoreW
WaitForMultipleObjects
GetPrivateProfileSectionW
GetHandleInformation
UnlockFileEx
LockFileEx
GetVolumePathNamesForVolumeNameW
SetFileTime
SetEndOfFile
SetFilePointerEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
ResetEvent
Sleep
CreateMutexW
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
GetCurrentProcessId
GetOverlappedResult
HeapAlloc
GetCurrentThread
CreateThread
LocalFree
CreateFileW
CreateSemaphoreExW
DeleteCriticalSection
ReleaseSemaphore
GetModuleFileNameW
CloseHandle
SetEvent
GetLastError
CreateEventW
WriteFile
WaitForMultipleObjectsEx
HeapFree
SetLastError
SetThreadIdealProcessor
InitializeCriticalSectionAndSpinCount
GetFileInformationByHandleEx
FindFirstFileNameW
GetEnvironmentVariableW
FindFirstFileW
FindClose
GetVolumeInformationW
GetFileInformationByHandle
OpenProcess
DuplicateHandle
GetDriveTypeW
FindNextFileW
GetFileSizeEx
ReadFile
GetModuleHandleExW
CompareStringW
FormatMessageW
LocalAlloc
SetFileInformationByHandle
ReleaseMutex
WideCharToMultiByte
SetFilePointer
FindNextFileNameW
GetLongPathNameW
GetTempPathW
GetCurrentDirectoryW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetFullPathNameW
GetFinalPathNameByHandleW
GetFileAttributesW
FlushFileBuffers
GetSystemInfo
DeviceIoControl
DeleteFileW
HeapReAlloc
SetFileAttributesW
GlobalMemoryStatusEx
CreateDirectoryW
LoadLibraryExW
FreeLibrary
GetProcAddress
RemoveDirectoryW
user32
GetMessageW
TranslateMessage
DispatchMessageW
CharUpperW
rpcrt4
UuidFromStringW
I_RpcMapWin32Status
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcMgmtWaitServerListen
RpcImpersonateClient
RpcRevertToSelf
UuidCreate
RpcStringFreeW
UuidToStringW
RpcServerListen
NdrServerCall2
RpcServerRegisterAuthInfoW
RpcMgmtStopServerListening
fltlib
FilterConnectCommunicationPort
FilterGetMessage
FilterSendMessage
FilterLoad
FilterReplyMessage
cabinet
ord20
ord23
ord22
ntdll
DbgPrintEx
NtYieldExecution
RtlRaiseStatus
RtlReAllocateHeap
NtQueryEaFile
NtSetEaFile
NtSetSecurityObject
RtlFindAceByType
RtlSetControlSecurityDescriptor
RtlDosPathNameToNtPathName_U
RtlGetLastNtStatus
NtQuerySecurityObject
NtQueryVolumeInformationFile
RtlImpersonateSelf
NtQueryInformationProcess
NtCreateFile
NtClose
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlAdjustPrivilege
RtlFreeHeap
RtlAllocateHeap
advapi32
InitializeSecurityDescriptor
RegQueryValueExW
RevertToSelf
EqualSid
AddAccessAllowedAce
GetTokenInformation
OpenProcessToken
GetSecurityDescriptorGroup
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
SetThreadToken
OpenThreadToken
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
AdjustTokenPrivileges
LookupPrivilegeValueW
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetAclInformation
OpenEncryptedFileRawW
WriteEncryptedFileRaw
CloseEncryptedFileRaw
GetSecurityDescriptorOwner
bcrypt
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
Sections
.text Size: 428KB - Virtual size: 427KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM10/wofadk.sys.sys windows:10 windows x86 arch:x86
94420aa445b41466ffa264d662193827
Code Sign
33:00:00:06:ad:ac:dd:3c:98:83:5e:29:49:00:00:00:00:06:adCertificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:37Not After15/09/2024, 22:37SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
dd:8a:a8:8c:a7:49:ce:c5:64:07:41:2e:71:58:73:bb:e5:60:fe:0e:bf:46:6c:50:6a:c1:cb:81:ed:8a:73:e9Signer
Actual PE Digestdd:8a:a8:8c:a7:49:ce:c5:64:07:41:2e:71:58:73:bb:e5:60:fe:0e:bf:46:6c:50:6a:c1:cb:81:ed:8a:73:e9Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
wofadk.pdb
Imports
ntoskrnl.exe
ExInitializePagedLookasideList
RtlInitializeGenericTableAvl
RtlQueryFeatureConfiguration
RtlRegisterFeatureConfigurationChangeNotification
SeCaptureSubjectContext
ZwOpenKey
ZwClose
SeLockSubjectContext
ZwQueryValueKey
SeUnlockSubjectContext
SeReleaseSubjectContext
RtlEnumerateGenericTableAvl
ExAcquireRundownProtection
RtlLookupElementGenericTableAvl
RtlFreeUnicodeString
SeTokenIsAdmin
RtlDeleteElementGenericTableAvl
RtlAppendUnicodeStringToString
KeDelayExecutionThread
ExRundownCompleted
PsGetProcessImageFileName
IoGetCurrentProcess
ProbeForRead
FsRtlValidateReparsePointBuffer
FsRtlIsNtstatusExpected
KeIsExecutingDpc
ExSetTimer
ExReleaseSpinLockExclusive
ExDeleteTimer
KeBugCheckEx
EtwSetInformation
TmCurrentTransaction
ExTryAcquirePushLockExclusiveEx
ExReleaseSpinLockSharedFromDpcLevel
ExQueueWorkItem
ExAcquirePushLockExclusiveEx
ExReleasePushLockExclusiveEx
EtwWriteTransfer
ExReleaseSpinLockShared
ExAcquireSpinLockShared
KeSetEvent
ExAcquireSpinLockSharedAtDpcLevel
ExAcquireSpinLockExclusive
EtwUnregister
ExReleasePushLockSharedEx
ExAcquirePushLockSharedEx
EtwRegister
KeWaitForSingleObject
KeQueryPriorityThread
KeGetCurrentThread
MmMapViewOfSection
RtlQueryFeatureConfigurationChangeStamp
ZwDeviceIoControlFile
EtwEventEnabled
RtlCheckRegistryKey
ZwCreateSection
ZwQueryInformationThread
RtlSetBit
RtlAreBitsSet
PsInitialSystemProcess
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlRunOnceExecuteOnce
KeStackAttachProcess
KdRefreshDebuggerNotPresent
ZwSetInformationThread
ObReferenceObjectByHandle
swprintf_s
MmUnmapViewOfSection
RtlFindNextForwardRunClear
EtwWrite
IofCallDriver
RtlInitializeBitMap
ZwOpenFile
ExInitializeLookasideListEx
RtlTestBit
KeSetPriorityThread
KeUnstackDetachProcess
_i64tow_s
RtlClearAllBits
IoAllocateWorkItem
RtlAppendUnicodeToString
_wcsicmp
RtlCreateSystemVolumeInformationFolder
IoQueueWorkItemEx
IoFreeWorkItem
KeAllocateCalloutStackEx
IoGetRelatedDeviceObject
ExDeleteNPagedLookasideList
RtlGetCompressionWorkSpaceSize
KeFreeCalloutStack
ExInitializeNPagedLookasideList
KeInitializeMutex
KeReleaseMutex
RtlDecompressBufferEx
RtlDecompressFragment
KeAreAllApcsDisabled
KeInitializeDpc
KeInitializeTimerEx
RtlQueryRegistryValues
KeCancelTimer
KeFlushQueuedDpcs
KeSetCoalescableTimer
RtlCompressBuffer
KeQueryActiveProcessorCountEx
RtlNotifyFeatureUsage
RtlGetVersion
RtlUnregisterFeatureConfigurationChangeNotification
MmGetSystemRoutineAddress
IoWMIRegistrationControl
MmIsThisAnNtAsSystem
memset
RtlUnwind
ExDeleteLookasideListEx
RtlCompareMemory
RtlInitUnicodeString
RtlEqualUnicodeString
MmMapLockedPagesSpecifyCache
ProbeForWrite
InterlockedPopEntrySList
ExReleaseRundownProtection
InterlockedPushEntrySList
ObfReferenceObject
RtlCompareUnicodeString
ExInitializeRundownProtection
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
KeExpandKernelStackAndCalloutEx
KeInitializeEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
ExDeletePagedLookasideList
RtlCopyUnicodeString
ExReInitializeRundownProtection
ExWaitForRundownProtectionRelease
ObfDereferenceObject
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
_vsnwprintf
ZwQuerySymbolicLinkObject
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
wcscpy_s
ExAllocatePool2
strcpy_s
ZwOpenDirectoryObject
wcschr
_wcsnicmp
wcsrchr
DbgkWerCaptureLiveKernelDump
KeQueryTimeIncrement
KeTickCount
ExAllocateTimer
ObDereferenceObjectDeferDelete
_alldiv
_alldvrm
_allmul
_allrem
_aulldiv
memcmp
memcpy
memmove
_alloca_probe
hal
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
fltmgr.sys
FltTagFile
FltQueryVolumeInformationFile
FltFreeGenericWorkItem
FltQueueGenericWorkItem
FltIsOperationSynchronous
FltSetIoPriorityHintIntoCallbackData
FltPerformAsynchronousIo
FltAllocateGenericWorkItem
FltInitializePushLock
FltDeletePushLock
FltFlushBuffers
FltAllocateDeferredIoWorkItem
FltQueueDeferredIoWorkItem
FltFreePoolAlignedWithTag
FltAcquirePushLockSharedEx
FltDeviceIoControlFile
FltReadFile
FltOpenVolume
FltFreeDeferredIoWorkItem
FltAllocatePoolAlignedWithTag
FltIsIoCanceled
FltCompletePendedPreOperation
FltAcquirePushLockExclusiveEx
FltGetIoPriorityHintFromCallbackData
FltReleasePushLockEx
FltReferenceContext
FltGetTransactionContext
FltInitExtraCreateParameterLookasideList
FltStartFiltering
FltGetRoutineAddress
FltRegisterFilter
FltGetVolumeFromFileObject
FltCreateFileEx
FltAttachVolume
FltWriteFile
FltQueryInformationFile
FltObjectDereference
FltUntagFile
FltGetFileNameInformationUnsafe
FltParseFileNameInformation
FltCreateFileEx2
FltGetInstanceContext
FltEnumerateInstances
FltSetTransactionContext
FltIsDirectory
FltSetInformationFile
FltPerformSynchronousIo
FltLockUserBuffer
FltAllocateCallbackDataEx
FltFreeCallbackData
FltAllocateExtraCreateParameterList
FltInsertExtraCreateParameter
FltCancelFileOpen
FltDeleteStreamContext
FltReleaseFileNameInformation
FltFsControlFile
FltGetEcpListFromCallbackData
FltGetFileNameInformation
FltEnlistInTransaction
FltSetEcpListIntoCallbackData
FltFindExtraCreateParameter
FltAllocateExtraCreateParameterFromLookasideList
FltSetStreamHandleContext
FltSetFileContext
FltDeleteInstanceContext
FltGetDiskDeviceObject
FltClose
FltSetStreamContext
FltUnregisterFilter
FltAllocateContext
FltGetVolumeProperties
FltQueryDirectoryFile
FltGetVolumeGuidName
FltReleaseContext
FltDeleteExtraCreateParameterLookasideList
FltGetStreamHandleContext
FltGetStreamContext
FltSetInstanceContext
cng.sys
BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
Sections
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NONPAGE Size: 512B - Virtual size: 128B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGER32C Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 88KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/Microsoft.Dism.Powershell.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22/04/2014, 17:39Not After22/07/2015, 17:39SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
86:eb:15:7a:b9:12:b6:d7:bb:60:52:3a:d8:3f:a4:3c:11:12:f2:36:89:36:c2:a1:e0:4e:30:5c:27:e1:d7:06Signer
Actual PE Digest86:eb:15:7a:b9:12:b6:d7:bb:60:52:3a:d8:3f:a4:3c:11:12:f2:36:89:36:c2:a1:e0:4e:30:5c:27:e1:d7:06Digest Algorithmsha256PE Digest Matchestrueb4:bc:92:94:e2:b4:ee:cf:4d:80:5d:e7:fe:41:e7:08:f8:2c:1a:45Signer
Actual PE Digestb4:bc:92:94:e2:b4:ee:cf:4d:80:5d:e7:fe:41:e7:08:f8:2c:1a:45Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Microsoft.Dism.PowerShell.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 113KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l1-1-0.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l1-1-0.pdb
Exports
Exports
AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddMandatoryAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
CheckTokenMembership
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
DeleteAce
DestroyPrivateObjectSecurity
DuplicateToken
DuplicateTokenEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventWriteString
EventWriteTransfer
FindFirstFreeAce
FreeSid
GetAce
GetAclInformation
GetFileSecurityW
GetKernelObjectSecurity
GetLengthSid
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsTokenRestricted
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
OpenThreadToken
PrivilegeCheck
PrivilegedServiceAuditAlarmW
QuerySecurityAccessMask
RegCloseKey
RegCopyTreeW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteTreeA
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegGetValueA
RegGetValueW
RegLoadAppKeyA
RegLoadAppKeyW
RegLoadKeyA
RegLoadKeyW
RegLoadMUIStringA
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExA
RegOpenKeyExW
RegOpenUserClassesRoot
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegRestoreKeyA
RegRestoreKeyW
RegSaveKeyExA
RegSaveKeyExW
RegSetKeySecurity
RegSetValueExA
RegSetValueExW
RegUnLoadKeyA
RegUnLoadKeyW
RegisterTraceGuidsW
RevertToSelf
SetAclInformation
SetFileSecurityW
SetKernelObjectSecurity
SetSecurityAccessMask
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorRMControl
SetSecurityDescriptorSacl
SetTokenInformation
TraceEvent
TraceMessage
TraceMessageVa
UnregisterTraceGuids
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l1-1-1.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l1-1-1.pdb
Exports
Exports
AccessCheck
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddMandatoryAce
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
CheckTokenMembership
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserW
CreateRestrictedToken
CreateWellKnownSid
DeleteAce
DestroyPrivateObjectSecurity
DuplicateToken
DuplicateTokenEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventUnregister
EventWrite
EventWriteEx
EventWriteString
EventWriteTransfer
FindFirstFreeAce
FreeSid
GetAce
GetAclInformation
GetFileSecurityW
GetKernelObjectSecurity
GetLengthSid
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetWindowsAccountDomainSid
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
IsTokenRestricted
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
MakeAbsoluteSD
MakeSelfRelativeSD
MapGenericMask
ObjectCloseAuditAlarmW
ObjectDeleteAuditAlarmW
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmW
OpenProcessToken
OpenThreadToken
PrivilegeCheck
PrivilegedServiceAuditAlarmW
QuerySecurityAccessMask
RegCloseKey
RegCopyTreeW
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteTreeA
RegDeleteTreeW
RegDeleteValueA
RegDeleteValueW
RegDisablePredefinedCacheEx
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegFlushKey
RegGetKeySecurity
RegGetValueA
RegGetValueW
RegLoadAppKeyA
RegLoadAppKeyW
RegLoadKeyA
RegLoadKeyW
RegLoadMUIStringA
RegLoadMUIStringW
RegNotifyChangeKeyValue
RegOpenCurrentUser
RegOpenKeyExA
RegOpenKeyExW
RegOpenUserClassesRoot
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegRestoreKeyA
RegRestoreKeyW
RegSaveKeyExA
RegSaveKeyExW
RegSetKeySecurity
RegSetValueExA
RegSetValueExW
RegUnLoadKeyA
RegUnLoadKeyW
RegisterTraceGuidsW
RevertToSelf
SetAclInformation
SetFileSecurityW
SetKernelObjectSecurity
SetPrivateObjectSecurity
SetPrivateObjectSecurityEx
SetSecurityAccessMask
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorRMControl
SetSecurityDescriptorSacl
SetThreadToken
SetTokenInformation
TraceEvent
TraceMessageVa
UnregisterTraceGuids
Sections
.text Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l2-1-0.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l2-1-0.pdb
Exports
Exports
CloseServiceHandle
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CredDeleteW
CredEnumerateW
CredFree
CredReadDomainCredentialsW
CredReadW
CredWriteDomainCredentialsW
CredWriteW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 26B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l2-1-1.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l2-1-1.pdb
Exports
Exports
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CloseServiceHandle
CloseTrace
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
CreateServiceA
CreateServiceW
CredDeleteA
CredDeleteW
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProtectA
CredProtectW
CredReadA
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
DeleteService
EnableTraceEx2
EnumDependentServicesW
EnumServicesStatusExW
EnumerateTraceGuidsEx
EventAccessControl
EventAccessQuery
EventAccessRemove
NotifyServiceStatusChangeA
NotifyServiceStatusChangeW
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
OpenTraceW
ProcessTrace
QueryAllTracesA
QueryAllTracesW
QueryServiceConfig2A
QueryServiceConfig2W
QueryServiceConfigA
QueryServiceConfigW
QueryServiceObjectSecurity
QueryServiceStatus
QueryServiceStatusEx
RegisterServiceCtrlHandlerA
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerExW
RegisterServiceCtrlHandlerW
RegisterTraceGuidsA
RemoveTraceCallback
SetServiceObjectSecurity
SetServiceStatus
SetTraceCallback
StartServiceA
StartServiceCtrlDispatcherA
StartServiceCtrlDispatcherW
StartServiceW
StartTraceA
StartTraceW
StopTraceW
TraceSetInformation
Sections
.text Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l3-1-0.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l3-1-0.pdb
Exports
Exports
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
GetSecurityInfo
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityInfo
Sections
.text Size: 1024B - Virtual size: 579B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-advapi32-l4-1-0.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-advapi32-l4-1-0.pdb
Exports
Exports
AbortSystemShutdownW
InitiateSystemShutdownExW
LookupAccountNameW
LookupAccountSidW
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
LookupPrivilegeValueW
LsaEnumerateTrustedDomains
LsaManageSidNameMapping
Sections
.text Size: 1024B - Virtual size: 808B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 26B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-kernel32-l1-1-0.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-kernel32-l1-1-0.pdb
Exports
Exports
AcquireSRWLockExclusive
AcquireSRWLockShared
AddSIDToBoundaryDescriptor
AddVectoredContinueHandler
AddVectoredExceptionHandler
AllocConsole
AllocateUserPhysicalPages
AllocateUserPhysicalPagesNuma
AttachConsole
Beep
CallbackMayRunLong
CancelIo
CancelIoEx
CancelSynchronousIo
CancelThreadpoolIo
CancelWaitableTimer
ChangeTimerQueueTimer
CheckRemoteDebuggerPresent
ClearCommBreak
ClearCommError
CloseHandle
ClosePrivateNamespace
CloseThreadpool
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolIo
CloseThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolWork
CompareFileTime
CompareStringA
CompareStringEx
CompareStringOrdinal
CompareStringW
ConnectNamedPipe
ContinueDebugEvent
ConvertDefaultLocale
CopyFileExW
CreateBoundaryDescriptorW
CreateConsoleScreenBuffer
CreateDirectoryA
CreateDirectoryExW
CreateDirectoryW
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateFileA
CreateFileMappingNumaW
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMemoryResourceNotification
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateNamedPipeW
CreatePipe
CreatePrivateNamespaceW
CreateProcessA
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThread
CreateThreadpool
CreateThreadpoolCleanupGroup
CreateThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait
CreateThreadpoolWork
CreateTimerQueue
CreateTimerQueueTimer
CreateWaitableTimerExW
DebugActiveProcess
DebugActiveProcessStop
DebugBreak
DecodePointer
DecodeSystemPointer
DefineDosDeviceW
DeleteBoundaryDescriptor
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueueEx
DeleteTimerQueueTimer
DeleteVolumeMountPointW
DeviceIoControl
DisableThreadLibraryCalls
DisassociateCurrentThreadFromCallback
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EncodeSystemPointer
EnterCriticalSection
EnumLanguageGroupLocalesW
EnumResourceLanguagesExA
EnumResourceLanguagesExW
EnumResourceNamesExA
EnumResourceNamesExW
EnumResourceTypesExA
EnumResourceTypesExW
EnumSystemFirmwareTables
EnumSystemGeoID
EnumSystemLanguageGroupsW
EnumSystemLocalesA
EnumSystemLocalesEx
EnumSystemLocalesW
EnumUILanguagesW
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FillConsoleOutputCharacterW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeW
FindNLSString
FindNLSStringEx
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindResourceExW
FindStringOrdinal
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushConsoleInputBuffer
FlushFileBuffers
FlushInstructionCache
FlushProcessWriteBuffers
FlushViewOfFile
FoldStringW
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
FreeLibraryWhenCallbackReturns
FreeResource
FreeUserPhysicalPages
GenerateConsoleCtrlEvent
GetACP
GetCPInfo
GetCPInfoExW
GetCalendarInfoEx
GetCalendarInfoW
GetCommConfig
GetCommMask
GetCommModemStatus
GetCommProperties
GetCommState
GetCommTimeouts
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeA
GetCompressedFileSizeW
GetComputerNameExA
GetComputerNameExW
GetConsoleCP
GetConsoleCursorInfo
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleScreenBufferInfoEx
GetConsoleTitleW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentProcessorNumberEx
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatEx
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetErrorMode
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileMUIInfo
GetFileMUIPath
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLargePageMinimum
GetLargestConsoleWindowSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameA
GetLongPathNameW
GetMemoryErrorHandlingCapabilities
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNLSVersion
GetNLSVersionEx
GetNamedPipeClientComputerNameW
GetNativeSystemInfo
GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx
GetNumberFormatW
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetPhysicallyInstalledSystemMemory
GetPriorityClass
GetProcAddress
GetProcessGroupAffinity
GetProcessHandleCount
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessIdOfThread
GetProcessPreferredUILanguages
GetProcessPriorityBoost
GetProcessTimes
GetProcessVersion
GetProcessWorkingSetSizeEx
GetProductInfo
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDefaultLocaleName
GetSystemDefaultUILanguage
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemFileCacheSize
GetSystemFirmwareTable
GetSystemInfo
GetSystemPreferredUILanguages
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadContext
GetThreadGroupAffinity
GetThreadIOPendingFlag
GetThreadId
GetThreadIdealProcessorEx
GetThreadInformation
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetThreadPriorityBoost
GetThreadTimes
GetThreadUILanguage
GetTickCount
GetTickCount64
GetTimeFormatA
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetTimeZoneInformationForYear
GetUILanguageInfo
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetUserDefaultUILanguage
GetUserGeoID
GetUserPreferredUILanguages
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetWriteWatch
GlobalMemoryStatusEx
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapQueryInformation
HeapReAlloc
HeapSetInformation
HeapSize
HeapUnlock
HeapValidate
HeapWalk
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDBCSLeadByte
IsDBCSLeadByteEx
IsDebuggerPresent
IsNLSDefinedString
IsProcessInJob
IsProcessorFeaturePresent
IsThreadAFiber
IsThreadpoolTimerSet
IsValidCodePage
IsValidLanguageGroup
IsValidLocale
IsValidLocaleName
IsWow64Process
LCIDToLocaleName
LCMapStringA
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LeaveCriticalSectionWhenCallbackReturns
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalFileTimeToFileTime
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MapUserPhysicalPages
MapViewOfFile
MapViewOfFileEx
MoveFileExW
MoveFileWithProgressW
MultiByteToWideChar
NeedCurrentDirectoryForExePathA
NeedCurrentDirectoryForExePathW
OpenEventA
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrivateNamespaceW
OpenProcess
OpenSemaphoreW
OpenThread
OpenWaitableTimerW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
PeekNamedPipe
PostQueuedCompletionStatus
ProcessIdToSessionId
PurgeComm
QueryDepthSList
QueryDosDeviceW
QueryFullProcessImageNameA
QueryFullProcessImageNameW
QueryIdleProcessorCycleTime
QueryIdleProcessorCycleTimeEx
QueryMemoryResourceNotification
QueryPerformanceCounter
QueryPerformanceFrequency
QueryProcessAffinityUpdateMode
QueryProcessCycleTime
QueryThreadCycleTime
QueryThreadpoolStackInformation
QueryUnbiasedInterruptTime
QueueUserAPC
QueueUserWorkItem
RaiseException
ReOpenFile
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
ReadFileEx
ReadFileScatter
ReadProcessMemory
RegisterBadMemoryNotification
ReleaseMutex
ReleaseMutexWhenCallbackReturns
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseSemaphoreWhenCallbackReturns
RemoveDirectoryA
RemoveDirectoryW
RemoveVectoredContinueHandler
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResetWriteWatch
ResolveLocaleName
RestoreLastError
ResumeThread
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetCalendarInfoW
SetCommBreak
SetCommConfig
SetCommMask
SetCommState
SetCommTimeouts
SetComputerNameExW
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleOutputCP
SetConsoleScreenBufferInfoEx
SetConsoleScreenBufferSize
SetConsoleTextAttribute
SetConsoleTitleW
SetConsoleWindowInfo
SetCriticalSectionSpinCount
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDynamicTimeZoneInformation
SetEndOfFile
SetEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetEventWhenCallbackReturns
Sections
.text Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-kernel32-l2-1-0.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-kernel32-l2-1-0.pdb
Exports
Exports
AddAtomA
AddAtomW
BackupRead
BackupWrite
BindIoCompletionCallback
ConvertFiberToThread
ConvertThreadToFiber
CopyFileA
CopyFileW
CreateFiber
CreateFileMappingA
CreateFileTransactedW
CreateMailslotA
CreateNamedPipeA
CreateSemaphoreW
DeleteAtom
DeleteFiber
DnsHostnameToComputerNameW
DosDateTimeToFileTime
FatalAppExitA
FatalAppExitW
FileTimeToDosDateTime
FindAtomA
FindAtomW
FindResourceA
FindResourceExA
FindResourceW
GetActiveProcessorCount
GetAtomNameA
GetAtomNameW
GetComputerNameA
GetComputerNameW
GetConsoleWindow
GetDurationFormatEx
GetFirmwareEnvironmentVariableW
GetMaximumProcessorGroupCount
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcessAffinityMask
GetProcessIoCounters
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameA
GetStartupInfoA
GetStringTypeExA
GetSystemPowerStatus
GetSystemWow64DirectoryA
GetSystemWow64DirectoryW
GetTapeParameters
GetTempPathA
GetThreadSelectorEntry
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
InitAtomTable
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFlags
LocalFree
LocalLock
LocalReAlloc
LocalSize
LocalUnlock
MoveFileA
MoveFileExA
MoveFileW
MulDiv
OpenFile
PulseEvent
RaiseFailFastException
RegisterWaitForSingleObject
SetConsoleTitleA
SetFileCompletionNotificationModes
SetFirmwareEnvironmentVariableW
SetHandleCount
SetMailslotInfo
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadIdealProcessor
SetVolumeLabelW
SwitchToFiber
UnregisterWait
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-ole32-l1-1-0.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-ole32-l1-1-0.pdb
Exports
Exports
CLSIDFromProgID
CLSIDFromString
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoDisconnectObject
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetApartmentType
CoGetClassObject
CoGetCurrentLogicalThreadId
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetObjectContext
CoGetStdMarshalEx
CoGetTreatAsClass
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMessageFilter
CoReleaseMarshalData
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoUnmarshalInterface
CoWaitForMultipleHandles
CreateStreamOnHGlobal
FreePropVariantArray
GetHGlobalFromStream
IIDFromString
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
StringFromCLSID
StringFromGUID2
StringFromIID
Sections
.text Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 26B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-ole32-l1-1-1.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-ole32-l1-1-1.pdb
Exports
Exports
CLSIDFromProgID
CLSIDFromString
CoAddRefServerProcess
CoCancelCall
CoCopyProxy
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoDisableCallCancellation
CoDisconnectContext
CoDisconnectObject
CoEnableCallCancellation
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetApartmentType
CoGetCallContext
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetDefaultContext
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetObjectContext
CoGetPSClsid
CoGetStandardMarshal
CoGetStdMarshalEx
CoGetTreatAsClass
CoImpersonateClient
CoInitializeEx
CoInitializeSecurity
CoInvalidateRemoteMachineBindings
CoIsHandlerConnected
CoLockObjectExternal
CoMarshalHresult
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterSurrogate
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoSetCancelObject
CoSetProxyBlanket
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTestCancel
CoUninitialize
CoUnmarshalHresult
CoUnmarshalInterface
CoWaitForMultipleHandles
CreateErrorInfo
CreateStreamOnHGlobal
FreePropVariantArray
GetErrorInfo
GetHGlobalFromStream
IIDFromString
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
SetErrorInfo
StringFromCLSID
StringFromGUID2
StringFromIID
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-shlwapi-l1-1-0.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-shlwapi-l1-1-0.pdb
Exports
Exports
GetAcceptLanguagesW
HashData
IsInternetESCEnabled
ParseURLW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathCanonicalizeA
PathCanonicalizeW
PathCommonPrefixA
PathCommonPrefixW
PathCreateFromUrlAlloc
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathGetArgsA
PathGetArgsW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLW
PathParseIconLocationA
PathParseIconLocationW
PathRelativePathToA
PathRelativePathToW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnquoteSpacesA
PathUnquoteSpacesW
QISearch
SHLoadIndirectString
SHRegCloseUSKey
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetUSValueA
SHRegSetUSValueW
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNCA
StrCmpNCW
StrCmpNIA
StrCmpNICA
StrCmpNICW
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrDupA
StrDupW
StrIsIntlEqualA
StrIsIntlEqualW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCreateFromPathW
UrlEscapeW
UrlFixupW
UrlGetLocationW
UrlGetPartW
UrlIsW
UrlUnescapeA
UrlUnescapeW
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-shlwapi-l1-1-1.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-shlwapi-l1-1-1.pdb
Exports
Exports
GetAcceptLanguagesW
HashData
IsCharSpaceA
IsCharSpaceW
IsInternetESCEnabled
ParseURLW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathCanonicalizeA
PathCanonicalizeW
PathCombineA
PathCombineW
PathCommonPrefixA
PathCommonPrefixW
PathCreateFromUrlAlloc
PathCreateFromUrlW
PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathGetArgsA
PathGetArgsW
PathGetCharTypeA
PathGetCharTypeW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLW
PathMatchSpecA
PathMatchSpecExA
PathMatchSpecExW
PathMatchSpecW
PathParseIconLocationA
PathParseIconLocationW
PathQuoteSpacesA
PathQuoteSpacesW
PathRelativePathToA
PathRelativePathToW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSearchAndQualifyA
PathSearchAndQualifyW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnExpandEnvStringsA
PathUnExpandEnvStringsW
PathUnquoteSpacesA
PathUnquoteSpacesW
QISearch
SHLoadIndirectString
SHRegCloseUSKey
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetUSValueA
SHRegSetUSValueW
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNCA
StrCmpNCW
StrCmpNIA
StrCmpNICA
StrCmpNICW
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrDupA
StrDupW
StrIsIntlEqualA
StrIsIntlEqualW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeW
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCreateFromPathW
UrlEscapeW
UrlFixupW
UrlGetLocationW
UrlGetPartW
UrlIsW
UrlUnescapeA
UrlUnescapeW
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-user32-l1-1-0.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-user32-l1-1-0.pdb
Exports
Exports
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 26B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-user32-l1-1-1.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-user32-l1-1-1.pdb
Exports
Exports
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerA
IsCharLowerW
IsCharUpperA
IsCharUpperW
LoadStringA
LoadStringW
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/api-ms-win-downlevel-version-l1-1-0.dll.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
api-ms-win-downlevel-version-l1-1-0.pdb
Exports
Exports
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerFindFileA
VerFindFileW
VerQueryValueA
VerQueryValueW
Sections
.text Size: 1024B - Virtual size: 540B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/compatprovider.dll.dll regsvr32 windows:6 windows x86 arch:x86
225eb014809aee6e84e3dd59feffd57d
Code Sign
33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
54:42:33:5e:a1:07:75:50:db:13:9e:90:76:84:ed:37:3b:22:3b:5d:18:c2:a9:38:fd:16:2a:74:3f:34:71:20Signer
Actual PE Digest54:42:33:5e:a1:07:75:50:db:13:9e:90:76:84:ed:37:3b:22:3b:5d:18:c2:a9:38:fd:16:2a:74:3f:34:71:20Digest Algorithmsha256PE Digest Matchestrue92:d3:49:5a:7a:51:f5:0f:24:da:e4:0b:3a:7e:97:61:8d:5d:52:8aSigner
Actual PE Digest92:d3:49:5a:7a:51:f5:0f:24:da:e4:0b:3a:7e:97:61:8d:5d:52:8aDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
CompatProvider.pdb
Imports
msvcrt
wcschr
_wcsicmp
__RTDynamicCast
memcmp
_vsnwprintf
_wcsnicmp
wcsncpy_s
wcsrchr
_except_handler4_common
realloc
_errno
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
memset
?what@exception@@UBEPBDXZ
calloc
_purecall
vswprintf_s
_vscwprintf
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
malloc
wcscat_s
free
wcscpy_s
memcpy
kernel32
WaitForSingleObject
SetFileAttributesW
FindNextFileW
DeviceIoControl
FindClose
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
SetThreadUILanguage
GetVersionExW
SetEnvironmentVariableW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentDirectoryW
CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
FormatMessageW
LocalFree
CreateFileW
CloseHandle
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetNativeSystemInfo
GetFileAttributesW
ReadFile
SetFilePointer
FreeLibrary
CreateProcessW
GetExitCodeProcess
GetStartupInfoW
FindFirstFileW
CreateFileMappingW
SetLastError
UnmapViewOfFile
MapViewOfFile
SearchPathW
ExpandEnvironmentStringsW
advapi32
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
user32
CharLowerBuffW
CharNextW
LoadStringW
ole32
CoCreateGuid
ProgIDFromCLSID
CoTaskMemFree
CoCreateInstance
StringFromGUID2
StringFromCLSID
oleaut32
LoadTypeLi
UnRegisterTypeLi
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
VarBstrCat
SetErrorInfo
CreateErrorInfo
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
SysFreeString
version
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW
ntdll
RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/dism.Format.ps1xml.ps1
-
Bin/x86/DISM81/dism.Types.ps1xml.xml
-
Bin/x86/DISM81/dism.exe.exe windows:6 windows x86 arch:x86
c32889e572eef3a734161be8e976fe00
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e1:c3:9d:a2:96:49:f7:8e:c0:61:fb:4f:bb:14:6b:dd:dc:59:86:75:31:71:b9:c9:78:27:97:ac:f0:11:42:47Signer
Actual PE Digeste1:c3:9d:a2:96:49:f7:8e:c0:61:fb:4f:bb:14:6b:dd:dc:59:86:75:31:71:b9:c9:78:27:97:ac:f0:11:42:47Digest Algorithmsha256PE Digest Matchestrue89:1d:47:97:c1:48:88:63:ce:7e:ab:1f:4a:e2:6c:56:e2:24:16:f5Signer
Actual PE Digest89:1d:47:97:c1:48:88:63:ce:7e:ab:1f:4a:e2:6c:56:e2:24:16:f5Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
Dism.pdb
Imports
msvcrt
_unlock
_lock
??1type_info@@UAE@XZ
wcsstr
iswalpha
_wcsnicmp
towlower
__dllonexit
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_onexit
__CxxFrameHandler3
_amsg_exit
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
wcscpy_s
_errno
realloc
_except_handler4_common
memset
wcsrchr
calloc
malloc
_purecall
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
free
_vsnwprintf
towupper
_getwch
vswprintf_s
_vscwprintf
_controlfp
_wcslwr_s
_wcsicmp
wcschr
wprintf
memmove_s
memcpy_s
?terminate@@YAXXZ
memcmp
_ftol2
__RTDynamicCast
memcpy
api-ms-win-downlevel-kernel32-l1-1-0
OutputDebugStringW
GetCommandLineW
HeapFree
GetProcessHeap
SizeofResource
SetThreadUILanguage
LoadResource
FindResourceExW
Sleep
SetConsoleCtrlHandler
CloseHandle
GetCurrentProcess
LockResource
GetLastError
LeaveCriticalSection
SetEvent
DeleteCriticalSection
RaiseException
EnterCriticalSection
SetErrorMode
CompareStringW
InitializeCriticalSection
GetStdHandle
HeapAlloc
WriteConsoleW
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
GetModuleFileNameW
GetProcAddress
GetVersionExW
GetModuleHandleW
SearchPathW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
FindFirstFileW
CopyFileExW
FindClose
DeviceIoControl
FindNextFileW
IsWow64Process
FormatMessageW
GetFileAttributesW
SetLastError
CreateFileW
WaitForSingleObject
GetSystemInfo
HeapDestroy
HeapReAlloc
HeapSize
MultiByteToWideChar
LoadLibraryExW
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetModuleHandleExW
SetFileAttributesW
GetDriveTypeW
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
GetCurrentThreadId
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
ReadFile
SetFilePointer
api-ms-win-downlevel-advapi32-l1-1-1
GetLengthSid
IsValidSecurityDescriptor
GetAclInformation
AddAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
InitializeAcl
RegOpenKeyExW
IsValidSid
GetTraceEnableFlags
CopySid
GetTraceLoggerHandle
UnregisterTraceGuids
api-ms-win-downlevel-advapi32-l4-1-0
InitiateSystemShutdownExW
LookupPrivilegeValueW
api-ms-win-downlevel-ole32-l1-1-1
GetErrorInfo
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize
api-ms-win-downlevel-kernel32-l2-1-0
LocalFree
LocalAlloc
api-ms-win-downlevel-user32-l1-1-1
CharLowerBuffW
oleaut32
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VarBstrCmp
VariantClear
api-ms-win-downlevel-version-l1-1-0
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW
ntdll
RtlNtStatusToDosError
RtlGetVersion
RtlAllocateHeap
RtlFreeHeap
NtSetInformationFile
Sections
.text Size: 148KB - Virtual size: 147KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/dism.psd1
-
Bin/x86/DISM81/dism.psm1
-
Bin/x86/DISM81/dismapi.dll.dll windows:6 windows x86 arch:x86
1677cfdc8e95d43f01da7bbbff5c7380
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
57:9d:51:e3:c4:8b:84:0f:a0:f7:cd:0b:1f:5a:d1:7b:78:1b:cb:98:ce:26:76:85:dd:e8:fa:ed:76:96:94:18Signer
Actual PE Digest57:9d:51:e3:c4:8b:84:0f:a0:f7:cd:0b:1f:5a:d1:7b:78:1b:cb:98:ce:26:76:85:dd:e8:fa:ed:76:96:94:18Digest Algorithmsha256PE Digest Matchestrue05:c2:2b:f8:5e:95:9c:3b:73:db:c5:12:1f:bb:51:ea:42:c0:6e:dcSigner
Actual PE Digest05:c2:2b:f8:5e:95:9c:3b:73:db:c5:12:1f:bb:51:ea:42:c0:6e:dcDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DismApi.pdb
Imports
msvcrt
fclose
wcstok_s
fgetws
_wfopen
feof
iswctype
strrchr
rand
_wcslwr_s
_wtoi
towlower
wcsstr
_vsnwprintf
wcsrchr
_wcsnicmp
_except_handler4_common
realloc
_errno
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QAE@XZ
wcscpy_s
memset
vsprintf_s
_vscprintf
calloc
_vsnprintf
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
swscanf_s
iswspace
wcschr
memcmp
_ftol2
_wcstoui64
wcstoul
_purecall
_wcsicmp
iswalpha
malloc
free
vswprintf_s
_vscwprintf
memmove_s
memcpy_s
memcpy
api-ms-win-downlevel-kernel32-l1-1-0
SearchPathW
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareStringW
HeapFree
GetProcessHeap
GetEnvironmentVariableW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetThreadUILanguage
OutputDebugStringA
GetModuleHandleExW
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetVersionExW
GetModuleHandleW
GetFileSize
TlsGetValue
MapViewOfFile
UnmapViewOfFile
VirtualQuery
WaitForSingleObject
IsDebuggerPresent
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
FormatMessageA
GetVersion
GetFileSizeEx
DeleteFileA
WaitForMultipleObjectsEx
DebugBreak
DeleteFileW
ReleaseMutex
MultiByteToWideChar
CreateMutexA
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
LoadLibraryExA
CreateThread
ExpandEnvironmentStringsW
TlsSetValue
GetLocalTime
CreateFileMappingW
TlsAlloc
GetWindowsDirectoryW
TlsFree
CreateFileA
CreateMutexW
ExpandEnvironmentStringsA
WriteFile
GetLastError
GetModuleFileNameA
ExitProcess
MoveFileExW
GetLocaleInfoW
GetSystemTime
GetTimeFormatW
SetFilePointer
GetSystemWindowsDirectoryW
CreateEventW
ResumeThread
DuplicateHandle
ResetEvent
GetCurrentProcess
IsWow64Process
GetTempFileNameW
GetFullPathNameW
FindFirstFileW
CopyFileExW
CreateFileW
FlushFileBuffers
GetTempPathW
SetLastError
FindClose
DeviceIoControl
FindNextFileW
CloseHandle
GetFileInformationByHandle
SetFileAttributesW
GetCurrentThread
GetSystemInfo
GetFileAttributesW
CreateDirectoryW
GetCommandLineW
GetTickCount
SetErrorMode
FindResourceExW
SetEvent
api-ms-win-downlevel-advapi32-l1-1-1
RegCreateKeyExW
AddAccessAllowedAce
EqualSid
RegOpenKeyExW
GetTokenInformation
OpenThreadToken
RegCloseKey
RegSetValueExW
OpenProcessToken
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegQueryValueExW
InitializeAcl
SetSecurityDescriptorDacl
GetTraceEnableFlags
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
InitializeSecurityDescriptor
GetLengthSid
api-ms-win-downlevel-ole32-l1-1-1
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
GetErrorInfo
api-ms-win-downlevel-kernel32-l2-1-0
LocalFree
CreateFileMappingA
api-ms-win-downlevel-user32-l1-1-1
CharLowerBuffW
oleaut32
SafeArrayUnaccessData
SysStringByteLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VarBstrCat
SysAllocStringByteLen
SysAllocString
SysStringLen
VarBstrCmp
VariantClear
LoadRegTypeLi
LoadTypeLi
SafeArrayAccessData
SafeArrayDestroy
SysFreeString
ntdll
RtlAllocateHeap
RtlFreeHeap
RtlGetVersion
RtlNtStatusToDosError
NtSetInformationFile
api-ms-win-downlevel-version-l1-1-0
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
Exports
Exports
DismAddDriver
DismAddPackage
DismApplyUnattend
DismCheckImageHealth
DismCleanupMountpoints
DismCloseSession
DismCommitImage
DismDelete
DismDisableFeature
DismEnableFeature
DismGetDriverInfo
DismGetDrivers
DismGetFeatureInfo
DismGetFeatureParent
DismGetFeatures
DismGetImageInfo
DismGetLastErrorMessage
DismGetMountedImageInfo
DismGetPackageInfo
DismGetPackages
DismInitialize
DismMountImage
DismOpenSession
DismRemountImage
DismRemoveDriver
DismRemovePackage
DismRestoreImageHealth
DismShutdown
DismUnmountImage
_DismAddProvisionedAppxPackage
_DismEnableDisableFeature
_DismExportDriver
_DismGetCurrentEdition
_DismGetFeaturesEx
_DismGetKCacheBinaryValue
_DismGetKCacheDwordValue
_DismGetKCacheStringValue
_DismGetLastCBSSessionID
_DismGetOsInfo
_DismGetProductKeyInfo
_DismGetProvisionedAppxPackages
_DismGetRegistryMountPoint
_DismGetStateFromCBSSessionID
_DismGetTargetEditions
_DismOptimizeImage
_DismRemoveProvisionedAppxPackage
_DismSetAppXProvisionedDataFile
_DismSetEdition
_DismSetFirstBootCommandLine
_DismSetMachineName
_DismSetProductKey
_DismValidateProductKey
Sections
.text Size: 381KB - Virtual size: 380KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/dismcore.dll.dll regsvr32 windows:6 windows x86 arch:x86
2329fbd73c4ef2cc461fbcef83716787
Code Sign
33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
af:74:09:5d:56:10:cd:b4:ea:55:c5:37:fa:ae:06:b5:b4:77:e7:e8:6d:df:1a:84:b5:09:40:4b:df:fc:2f:f3Signer
Actual PE Digestaf:74:09:5d:56:10:cd:b4:ea:55:c5:37:fa:ae:06:b5:b4:77:e7:e8:6d:df:1a:84:b5:09:40:4b:df:fc:2f:f3Digest Algorithmsha256PE Digest Matchestrue80:02:77:f2:77:c1:84:49:2f:2c:87:06:ab:11:52:4c:e2:58:2a:91Signer
Actual PE Digest80:02:77:f2:77:c1:84:49:2f:2c:87:06:ab:11:52:4c:e2:58:2a:91Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DismCore.pdb
Imports
msvcrt
fclose
wcstok_s
swscanf_s
fgetws
_wfopen
iswctype
strrchr
_vsnprintf
memmove_s
towlower
_wcsnicmp
_wtoi
_vsnwprintf
vsprintf_s
_vscprintf
rand
wcsstr
_wcsicmp
wcsrchr
wcschr
_vscwprintf
vswprintf_s
wcscpy_s
_resetstkoflw
malloc
_purecall
calloc
wcsncpy_s
wcscat_s
memset
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
__CxxFrameHandler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
feof
??0exception@@QAE@XZ
memcmp
_ftol2
memcpy_s
free
memcpy
api-ms-win-downlevel-kernel32-l1-1-0
TerminateProcess
GetModuleFileNameW
GetModuleHandleW
CopyFileExW
WaitForSingleObject
CreateMutexW
CreateEventW
SetEvent
CreateFileA
TlsFree
GetWindowsDirectoryW
TlsAlloc
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceExW
GetLocalTime
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
RaiseException
TlsSetValue
GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleHandleExW
GetTempPathW
FormatMessageA
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetVersion
VirtualQuery
TlsGetValue
GetFileSize
ExitProcess
MultiByteToWideChar
CompareStringW
SetLastError
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetVersionExW
OutputDebugStringW
UnmapViewOfFile
MapViewOfFile
SearchPathW
ExpandEnvironmentStringsA
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
GetDriveTypeW
GetCurrentDirectoryW
SetFileAttributesW
FindNextFileW
DeviceIoControl
FindClose
FindFirstFileW
IsDebuggerPresent
FlushFileBuffers
GetFileSizeEx
DeleteFileA
DebugBreak
DeleteFileW
ReleaseMutex
CreateMutexA
SetThreadUILanguage
LoadLibraryExA
GetModuleFileNameA
GetLastError
GetCurrentThread
WriteFile
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
MoveFileExW
GetSystemDirectoryW
FormatMessageW
DuplicateHandle
CreateProcessW
GetEnvironmentStringsW
GetSystemWindowsDirectoryW
GetNativeSystemInfo
GetSystemInfo
GetExitCodeProcess
FreeEnvironmentStringsW
CreateFileMappingW
GetFileAttributesW
ReadFile
SetFilePointer
api-ms-win-downlevel-ole32-l1-1-1
CoSetProxyBlanket
CoCreateGuid
SetErrorInfo
CoRegisterPSClsid
ProgIDFromCLSID
CoRegisterClassObject
CoTaskMemFree
CreateErrorInfo
GetErrorInfo
StringFromGUID2
CoRevokeClassObject
StringFromCLSID
CoCreateInstance
api-ms-win-downlevel-user32-l1-1-1
CharNextW
LoadStringW
api-ms-win-downlevel-advapi32-l1-1-1
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
EqualSid
RegQueryInfoKeyW
RegOpenKeyExW
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
AddAccessAllowedAce
GetLengthSid
api-ms-win-downlevel-kernel32-l2-1-0
LocalFree
CreateFileMappingA
oleaut32
SystemTimeToVariantTime
LoadTypeLibEx
VariantTimeToSystemTime
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
api-ms-win-downlevel-version-l1-1-0
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
api-ms-win-downlevel-advapi32-l4-1-0
LookupPrivilegeValueW
ntdll
RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
NtSetInformationFile
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 165KB - Virtual size: 164KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 73KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/dismcoreps.dll.dll regsvr32 windows:6 windows x86 arch:x86
9c9ef7ff09516fac6d9f5a330a92a91c
Code Sign
33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
29:a1:cc:d8:16:ef:74:c2:11:02:41:f9:6d:89:e3:a8:bf:cb:65:86:dc:e2:c0:f2:43:19:a0:75:43:e3:13:66Signer
Actual PE Digest29:a1:cc:d8:16:ef:74:c2:11:02:41:f9:6d:89:e3:a8:bf:cb:65:86:dc:e2:c0:f2:43:19:a0:75:43:e3:13:66Digest Algorithmsha256PE Digest Matchestruef4:0c:a1:c3:2b:f2:ed:8d:39:67:2b:eb:6c:22:42:38:e8:95:86:3aSigner
Actual PE Digestf4:0c:a1:c3:2b:f2:ed:8d:39:67:2b:eb:6c:22:42:38:e8:95:86:3aDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
DismCorePS.pdb
Imports
msvcrt
_amsg_exit
free
malloc
_initterm
_except_handler4_common
_XcptFilter
memcmp
oleaut32
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
LPSAFEARRAY_UserSize
rpcrt4
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllGetClassObject
NdrDllUnregisterProxy
CStdStubBuffer_AddRef
IUnknown_QueryInterface_Proxy
NdrStubCall2
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_CountRefs
api-ms-win-downlevel-kernel32-l1-1-0
DisableThreadLibraryCalls
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllGetDismInterfaces
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.orpc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/dismprov.dll.dll regsvr32 windows:6 windows x86 arch:x86
0cb2eb57ed354b426a5d346eafc02385
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
94:f9:f2:48:45:bf:73:48:67:0b:f2:9a:a1:40:fe:c8:c3:ea:63:af:34:09:ac:12:e7:a7:57:0c:62:5b:ae:03Signer
Actual PE Digest94:f9:f2:48:45:bf:73:48:67:0b:f2:9a:a1:40:fe:c8:c3:ea:63:af:34:09:ac:12:e7:a7:57:0c:62:5b:ae:03Digest Algorithmsha256PE Digest Matchestrue1b:37:5a:f9:04:15:2f:05:2f:07:58:0d:35:e3:d3:e1:d3:7f:f3:83Signer
Actual PE Digest1b:37:5a:f9:04:15:2f:05:2f:07:58:0d:35:e3:d3:e1:d3:7f:f3:83Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
DISMProv.pdb
Imports
msvcrt
realloc
_errno
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
memset
_except_handler4_common
wcscat_s
calloc
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
wcsrchr
_purecall
vswprintf_s
memcmp
_vscwprintf
_lock
memcpy_s
_wcsicmp
wcschr
_wcsnicmp
_vsnwprintf
_vsnprintf
rand
_vscprintf
vsprintf_s
_wtoi
towlower
strrchr
iswctype
feof
_wfopen
fgetws
swscanf_s
wcstok_s
fclose
free
__RTDynamicCast
_unlock
__dllonexit
wcsncpy_s
_onexit
malloc
wcscpy_s
memcpy
ntdll
RtlAllocateHeap
RtlFreeHeap
oleaut32
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
RegisterTypeLi
UnRegisterTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString
api-ms-win-downlevel-kernel32-l1-1-0
GetWindowsDirectoryW
TlsFree
CreateFileA
CreateMutexW
GetCurrentThread
CreateFileW
GetLastError
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetFileSize
ExitProcess
GetProcAddress
LoadLibraryExW
GetModuleHandleW
ExpandEnvironmentStringsA
WriteFile
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
ReleaseMutex
DeleteFileW
LeaveCriticalSection
RaiseException
EnterCriticalSection
MultiByteToWideChar
DebugBreak
LoadResource
FindResourceExW
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetModuleHandleExW
CompareStringW
LockResource
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
TlsAlloc
GetVersion
SetFilePointer
WideCharToMultiByte
GetSystemInfo
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
GetFullPathNameW
GetFileAttributesW
FlushFileBuffers
GetTempPathW
SetLastError
DeviceIoControl
CreateFileMappingW
GetLocalTime
TlsSetValue
WaitForSingleObject
FormatMessageW
FormatMessageA
VirtualQuery
DeleteFileA
UnmapViewOfFile
GetFileSizeEx
IsDebuggerPresent
MapViewOfFile
GetProcessHeap
TlsGetValue
SizeofResource
GetTempFileNameW
api-ms-win-downlevel-ole32-l1-1-1
CoRevokeClassObject
CoTaskMemFree
CoRegisterClassObject
CoRegisterPSClsid
CoCreateInstance
StringFromGUID2
CoUnmarshalInterface
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemRealloc
api-ms-win-downlevel-user32-l1-1-1
CharNextW
api-ms-win-downlevel-advapi32-l1-1-1
InitializeSecurityDescriptor
EqualSid
RegQueryInfoKeyW
RegCloseKey
SetSecurityDescriptorDacl
GetTokenInformation
OpenThreadToken
InitializeAcl
OpenProcessToken
AddAccessAllowedAce
RegEnumKeyExW
RegOpenKeyExW
GetLengthSid
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
api-ms-win-downlevel-kernel32-l2-1-0
lstrcmpiW
CreateFileMappingA
LocalFree
api-ms-win-downlevel-version-l1-1-0
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/VHDProvider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/compatprovider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/dism.exe.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 28KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/dismapi.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/dismcore.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 6KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/dismprov.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/folderprovider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/imagingprovider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 12KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/logprovider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/wimgapi.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 14KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/en-us/wimprovider.dll.mui.dll windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/folderprovider.dll.dll regsvr32 windows:6 windows x86 arch:x86
39b95571bf5f2db51cf93877fe2ae9b4
Code Sign
33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/08/2012, 17:49Not After30/11/2013, 17:49SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7b:e1:64:8b:3b:0f:e8:d6:48:39:41:39:f3:86:81:a6:52:43:4a:cb:4e:18:fa:68:13:8e:bf:8e:11:03:b9:92Signer
Actual PE Digest7b:e1:64:8b:3b:0f:e8:d6:48:39:41:39:f3:86:81:a6:52:43:4a:cb:4e:18:fa:68:13:8e:bf:8e:11:03:b9:92Digest Algorithmsha256PE Digest Matchestrue48:e1:f7:18:00:e6:47:76:bc:2c:2e:69:77:1d:93:13:6f:4f:c4:84Signer
Actual PE Digest48:e1:f7:18:00:e6:47:76:bc:2c:2e:69:77:1d:93:13:6f:4f:c4:84Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
FolderProvider.pdb
Imports
msvcrt
wcschr
wcsncpy_s
__CxxFrameHandler3
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
_vsnwprintf
malloc
memmove_s
memset
_wcsnicmp
memcpy_s
_purecall
vswprintf_s
_vscwprintf
wcscat_s
free
wcscpy_s
??1type_info@@UAE@XZ
memcmp
api-ms-win-downlevel-kernel32-l1-1-0
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SetLastError
GetFileAttributesW
GetCurrentThreadId
OutputDebugStringW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetFullPathNameW
GetCurrentProcessId
api-ms-win-downlevel-user32-l1-1-1
CharNextW
api-ms-win-downlevel-advapi32-l1-1-1
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
api-ms-win-downlevel-ole32-l1-1-1
StringFromGUID2
CoCreateInstance
oleaut32
UnRegisterTypeLi
LoadRegTypeLi
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
LoadTypeLi
SysAllocString
SysStringLen
RegisterTypeLi
ntdll
RtlFreeHeap
RtlAllocateHeap
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/imagingprovider.dll.dll regsvr32 windows:6 windows x86 arch:x86
f603a837bf1baa758be24d7ab511380a
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a6:24:ee:fa:45:28:46:6f:64:4e:4d:02:ac:9d:8d:d9:cf:29:79:bd:6f:cc:bf:66:9b:48:c3:f0:18:95:35:2cSigner
Actual PE Digesta6:24:ee:fa:45:28:46:6f:64:4e:4d:02:ac:9d:8d:d9:cf:29:79:bd:6f:cc:bf:66:9b:48:c3:f0:18:95:35:2cDigest Algorithmsha256PE Digest Matchestruefc:ca:c6:a3:2f:d8:6e:d4:fd:e4:d8:5f:46:26:5b:e7:73:df:05:f0Signer
Actual PE Digestfc:ca:c6:a3:2f:d8:6e:d4:fd:e4:d8:5f:46:26:5b:e7:73:df:05:f0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
ImagingProvider.pdb
Imports
msvcrt
memcmp
__RTDynamicCast
wcsrchr
wcschr
towlower
_except_handler4_common
iswalpha
_vsnwprintf
realloc
_errno
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
malloc
memset
calloc
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
wcsncpy_s
_purecall
memcpy_s
vswprintf_s
_vscwprintf
_wcsicmp
wcstoul
_wcsnicmp
wcscat_s
free
wcscpy_s
api-ms-win-downlevel-kernel32-l1-1-0
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
MapViewOfFile
UnmapViewOfFile
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
GetLocaleInfoW
GetNumberFormatW
HeapAlloc
GetProcessHeap
HeapFree
FileTimeToLocalFileTime
GetVersionExW
GetDateFormatW
GetTimeFormatW
CompareStringW
CreateFileMappingW
HeapDestroy
HeapReAlloc
HeapSize
SetLastError
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetThreadUILanguage
FormatMessageW
FindResourceExW
LoadResource
LockResource
CloseHandle
CreateFileW
FreeLibrary
FileTimeToSystemTime
SearchPathW
api-ms-win-downlevel-user32-l1-1-1
LoadStringW
CharNextW
CharLowerBuffW
api-ms-win-downlevel-advapi32-l1-1-1
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
api-ms-win-downlevel-ole32-l1-1-1
SetErrorInfo
GetErrorInfo
CoCreateInstance
StringFromGUID2
CreateErrorInfo
ProgIDFromCLSID
CoTaskMemFree
api-ms-win-downlevel-kernel32-l2-1-0
LocalFree
oleaut32
SysFreeString
RegisterTypeLi
VariantClear
LoadRegTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocStringLen
ntdll
RtlVerifyVersionInfo
VerSetConditionMask
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 89KB - Virtual size: 88KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/logprovider.dll.dll regsvr32 windows:6 windows x86 arch:x86
f1b04dcdcdc47e7f36aa63318efeaafb
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
a8:1c:83:5f:7e:45:a2:02:73:e8:6d:a6:da:16:0b:44:7b:cc:c3:ac:38:13:3f:e4:df:3d:a0:e5:12:dc:61:20Signer
Actual PE Digesta8:1c:83:5f:7e:45:a2:02:73:e8:6d:a6:da:16:0b:44:7b:cc:c3:ac:38:13:3f:e4:df:3d:a0:e5:12:dc:61:20Digest Algorithmsha256PE Digest Matchestrue8a:bf:e6:36:3e:3b:31:f7:e7:83:5c:33:87:1e:e3:9d:47:c1:53:27Signer
Actual PE Digest8a:bf:e6:36:3e:3b:31:f7:e7:83:5c:33:87:1e:e3:9d:47:c1:53:27Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
LogProvider.pdb
Imports
msvcrt
_except_handler4_common
realloc
_errno
__CxxFrameHandler3
??1type_info@@UAE@XZ
_onexit
memcmp
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
memset
calloc
memmove_s
_purecall
memcpy_s
vswprintf_s
_vscwprintf
_vsnprintf
wcscat_s
free
fclose
wcscpy_s
wcstok_s
wcsncpy_s
__dllonexit
rand
_vscprintf
vsprintf_s
_vsnwprintf
_wcsicmp
wcsrchr
wcschr
_wtoi
_wcsnicmp
towlower
strrchr
iswctype
feof
_wfopen
fgetws
swscanf_s
memcpy
ntdll
RtlAllocateHeap
RtlFreeHeap
oleaut32
SetErrorInfo
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
CreateErrorInfo
SysFreeString
RegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
LoadRegTypeLi
api-ms-win-downlevel-kernel32-l1-1-0
UnmapViewOfFile
CreateFileMappingW
ExitProcess
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MapViewOfFile
GetLastError
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetFileSize
TlsGetValue
VirtualQuery
SearchPathW
SetThreadUILanguage
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringW
HeapAlloc
GetProcessHeap
OutputDebugStringA
HeapFree
CreateDirectoryW
FormatMessageA
TlsSetValue
WideCharToMultiByte
GetLocalTime
LockResource
LoadResource
FindResourceExW
HeapDestroy
HeapReAlloc
HeapSize
GetVersion
TlsAlloc
GetWindowsDirectoryW
TlsFree
CreateFileA
MultiByteToWideChar
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
CloseHandle
FormatMessageW
CreateMutexW
ExpandEnvironmentStringsA
WriteFile
GetSystemWindowsDirectoryW
GetSystemInfo
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
GetTempFileNameW
GetFullPathNameW
GetVersionExW
GetCurrentThread
ReleaseMutex
GetFileAttributesW
SetFilePointer
DeleteFileW
FreeLibrary
WaitForSingleObject
FlushFileBuffers
GetTempPathW
SetLastError
DeviceIoControl
DebugBreak
DeleteFileA
GetFileSizeEx
IsDebuggerPresent
SizeofResource
api-ms-win-downlevel-user32-l1-1-1
CharNextW
LoadStringW
api-ms-win-downlevel-advapi32-l1-1-1
EqualSid
FreeSid
CheckTokenMembership
GetTokenInformation
OpenThreadToken
InitializeSecurityDescriptor
OpenProcessToken
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
GetLengthSid
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
AllocateAndInitializeSid
api-ms-win-downlevel-ole32-l1-1-1
StringFromGUID2
CoCreateInstance
CoTaskMemFree
ProgIDFromCLSID
api-ms-win-downlevel-kernel32-l2-1-0
LocalFree
CreateFileMappingA
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 70KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/pkgmgr.exe.exe windows:6 windows x86 arch:x86
23df54cc733b5d47543a8b235b7f377b
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8f:8b:3b:f0:34:6e:47:ff:6e:e2:36:62:e1:c6:23:79:b5:51:85:43:d9:18:b5:b3:21:e2:b6:be:fc:5e:6d:ccSigner
Actual PE Digest8f:8b:3b:f0:34:6e:47:ff:6e:e2:36:62:e1:c6:23:79:b5:51:85:43:d9:18:b5:b3:21:e2:b6:be:fc:5e:6d:ccDigest Algorithmsha256PE Digest Matchestrueca:68:42:a9:71:d2:e0:71:dd:4e:46:32:d2:73:37:bf:a1:80:d3:10Signer
Actual PE Digestca:68:42:a9:71:d2:e0:71:dd:4e:46:32:d2:73:37:bf:a1:80:d3:10Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
pkgmgr.pdb
Imports
advapi32
StartTraceW
EnableTrace
ControlTraceW
CloseTrace
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
kernel32
SetEnvironmentVariableW
DeviceIoControl
GetFileAttributesW
CreateDirectoryW
GetFileAttributesExW
CreateFileW
FreeLibrary
MoveFileExW
GetSystemTime
GetProcAddress
LoadLibraryW
GetWindowsDirectoryW
DeleteFileW
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
OutputDebugStringA
TerminateProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetFullPathNameW
GetLastError
ExpandEnvironmentStringsW
GetModuleFileNameW
GetEnvironmentVariableW
GetCurrentProcessId
FormatMessageW
GetModuleHandleExW
LoadLibraryExW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
SetLastError
GetCommandLineW
HeapSetInformation
Sleep
CloseHandle
GetCurrentProcess
LocalFree
user32
MessageBoxW
msvcrt
malloc
memmove
wcsrchr
_vsnwprintf
_wcsicmp
_vsnprintf
wcstoul
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_wcsnicmp
wcschr
free
??3@YAXPAX@Z
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler3
wcsstr
memcpy
_controlfp
?terminate@@YAXXZ
_except_handler4_common
_errno
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
memmove_s
memcmp
memset
Sections
.text Size: 162KB - Virtual size: 162KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/ssshim.dll.dll windows:6 windows x86 arch:x86
6dedd39118a4761aaad08c8ece7a7625
Code Sign
33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/08/2012, 17:49Not After30/11/2013, 17:49SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c4:69:34:58:11:a2:57:5b:56:eb:85:36:fa:0d:22:14:4b:16:b4:4d:c1:42:e1:eb:33:1d:c7:16:15:d4:44:ccSigner
Actual PE Digestc4:69:34:58:11:a2:57:5b:56:eb:85:36:fa:0d:22:14:4b:16:b4:4d:c1:42:e1:eb:33:1d:c7:16:15:d4:44:ccDigest Algorithmsha256PE Digest Matchestruedc:d1:b8:60:64:53:6b:f0:06:7f:50:da:3a:3f:73:1c:d8:8f:41:ebSigner
Actual PE Digestdc:d1:b8:60:64:53:6b:f0:06:7f:50:da:3a:3f:73:1c:d8:8f:41:ebDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
ssshim.pdb
Imports
ntdll
LdrLockLoaderLock
LdrUnlockLoaderLock
NtQueryAttributesFile
RtlPcToFileHeader
LdrLoadDll
LdrUnloadDll
NtQueryPerformanceCounter
NtClose
RtlAllocateHeap
RtlFreeHeap
RtlRaiseStatus
NtOpenFile
NtQueryDirectoryFile
NtCreateFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtSetInformationFile
RtlQueryEnvironmentVariable_U
RtlRaiseException
NtQueryObject
NtQueryInformationProcess
NtOpenProcess
NtDelayExecution
RtlInitString
LdrGetProcedureAddress
NtTerminateProcess
RtlCaptureContext
RtlUnhandledExceptionFilter
memmove
NtQuerySystemTime
RtlNtStatusToDosErrorNoTeb
DbgPrintEx
RtlDowncaseUnicodeChar
RtlUpcaseUnicodeChar
RtlReAllocateHeap
RtlTimeToTimeFields
strncmp
wcstoul
RtlCreateUnicodeStringFromAsciiz
LdrGetDllHandle
RtlDosPathNameToNtPathName_U
_aulldvrm
RtlUnicodeToMultiByteN
memset
DbgPrint
memcmp
memcpy
RtlUnwind
Exports
Exports
SssBindServicingStack
SssGetServicingStackFilePath
SssGetServicingStackFilePathLength
SssPreloadDownlevelDependencies
SssReleaseServicingStack
Sections
.text Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 964B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/vhdprovider.dll.dll regsvr32 windows:6 windows x86 arch:x86
7519c05de92cae46fd71a5091be0bc25
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
31:8f:c9:28:7a:7a:69:60:8b:d1:9a:55:94:e7:cc:07:31:cd:b7:10:54:db:9a:51:fb:8c:d9:b7:05:e2:80:47Signer
Actual PE Digest31:8f:c9:28:7a:7a:69:60:8b:d1:9a:55:94:e7:cc:07:31:cd:b7:10:54:db:9a:51:fb:8c:d9:b7:05:e2:80:47Digest Algorithmsha256PE Digest Matchestrue10:66:ea:fa:39:53:e1:d5:60:f0:a3:60:16:5f:d6:99:d3:24:0d:9bSigner
Actual PE Digest10:66:ea:fa:39:53:e1:d5:60:f0:a3:60:16:5f:d6:99:d3:24:0d:9bDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
VhdProvider.pdb
Imports
msvcrt
memmove
iswctype
_wtoi
wcstoul
_wcsnicmp
towlower
towupper
iswspace
wcsrchr
iswalpha
wcsstr
_wcsupr
qsort
bsearch
wcschr
_except_handler4_common
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
malloc
memset
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
_purecall
wcscat_s
wcsncpy_s
memmove_s
calloc
_wcsicmp
_vsnwprintf
_vscwprintf
memcpy_s
vswprintf_s
free
wcscpy_s
memcpy
memcmp
kernel32
SetEndOfFile
GetFileTime
GetFileSizeEx
SetFilePointerEx
CreateFileMappingW
OutputDebugStringW
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
GetLastError
CloseHandle
HeapFree
GetProcessHeap
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
Sleep
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
HeapAlloc
SetVolumeMountPointW
DeleteVolumeMountPointW
GetFileAttributesW
SetFileAttributesW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteFileW
GetVolumePathNamesForVolumeNameW
SetLastError
MultiByteToWideChar
DisableThreadLibraryCalls
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
SetThreadUILanguage
CompareStringW
UnlockFileEx
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
FormatMessageW
FindResourceExW
LoadResource
LockResource
LocalFree
GetFullPathNameW
GetFileInformationByHandle
GetVolumePathNameW
CreateThread
SetErrorMode
GetModuleHandleExW
GetSystemDirectoryW
ReadFile
SetFilePointer
FreeLibrary
WriteFile
LockFileEx
LoadLibraryW
GetTempPathW
DeviceIoControl
GetLogicalDrives
UnmapViewOfFile
MapViewOfFile
SearchPathW
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW
HeapDestroy
VirtualFree
VirtualAlloc
FindFirstFileW
CopyFileExW
FlushFileBuffers
GetDiskFreeSpaceW
FindClose
FindNextFileW
GetCurrentThread
GetVersionExW
advapi32
RegLoadKeyW
RegUnLoadKeyW
OpenProcessToken
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegFlushKey
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
OpenThreadToken
user32
LoadStringW
CharNextW
CharUpperBuffW
UnregisterClassA
ole32
CoUninitialize
CoCreateInstance
StringFromGUID2
ProgIDFromCLSID
CoTaskMemFree
CoInitializeEx
oleaut32
SysAllocStringByteLen
SysAllocStringLen
LoadRegTypeLi
VariantClear
SysStringByteLen
UnRegisterTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
SysAllocString
CreateErrorInfo
SetErrorInfo
SysFreeString
ntdll
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
NtQueryObject
NtOpenFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlRaiseStatus
NtYieldExecution
RtlAdjustPrivilege
RtlEnterCriticalSection
RtlVerifyVersionInfo
VerSetConditionMask
RtlInitUnicodeString
NtQueryDirectoryObject
RtlAllocateHeap
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtOpenDirectoryObject
NtClose
RtlNtStatusToDosError
RtlCompareMemory
rpcrt4
UuidToStringW
UuidCreate
RpcStringFreeW
setupapi
CMP_WaitNoPendingInstallEvents
version
GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 362KB - Virtual size: 361KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/wimgapi.dll.dll windows:6 windows x86 arch:x86
e024500126be52bdb4d2125bbe04c1ee
Code Sign
33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8d:4e:b1:7b:d5:b6:bf:28:9b:18:57:b5:1a:9a:8c:5e:71:ac:7c:50:ee:1b:85:b6:31:87:9d:8b:c5:8e:c1:feSigner
Actual PE Digest8d:4e:b1:7b:d5:b6:bf:28:9b:18:57:b5:1a:9a:8c:5e:71:ac:7c:50:ee:1b:85:b6:31:87:9d:8b:c5:8e:c1:feDigest Algorithmsha256PE Digest Matchestruee8:db:1d:af:ec:88:71:7a:a0:8f:92:c6:e6:a7:87:20:9b:b3:03:beSigner
Actual PE Digeste8:db:1d:af:ec:88:71:7a:a0:8f:92:c6:e6:a7:87:20:9b:b3:03:beDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
wimgapi.pdb
Imports
msvcrt
memmove_s
memcpy_s
bsearch
memcpy
memset
memcmp
iswspace
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_vscwprintf
wcstoul
_wcsupr
qsort
wcschr
_wcsrev
_wcslwr
_snwprintf_s
towlower
towupper
_vsnwprintf
_wtoi
memmove
swscanf_s
wcsncmp
_wcsnicmp
wcsnlen
_wcsicmp
wcsrchr
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
kernel32
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetModuleHandleW
GetCurrentDirectoryW
GetExitCodeProcess
CreateProcessW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
DisableThreadLibraryCalls
GetLastError
CloseHandle
HeapFree
GetProcessHeap
SetLastError
DeleteFileW
RemoveDirectoryW
HeapAlloc
CompareStringW
GetDriveTypeW
GetVersionExW
FlushFileBuffers
GetFileSizeEx
GetSystemInfo
GetFileInformationByHandle
EnterCriticalSection
LeaveCriticalSection
DeviceIoControl
GetEnvironmentVariableW
SetThreadIdealProcessor
GetCurrentThread
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
CreateFileW
WriteFile
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
GetTempFileNameW
GetFileSize
SetFilePointer
ReadFile
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
GetFullPathNameW
GetHandleInformation
SetFilePointerEx
SetEndOfFile
CreateEventW
InitializeCriticalSectionAndSpinCount
GetOverlappedResult
LocalFree
GetPrivateProfileSectionW
LockFileEx
UnlockFileEx
DuplicateHandle
LoadLibraryW
CreateMutexW
FormatMessageW
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
GetModuleFileNameW
OpenEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetVolumeInformationW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetSystemDirectoryW
SetEvent
WaitForMultipleObjectsEx
CreateThread
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
CreateSemaphoreExW
CopyFileExW
GetLogicalDriveStringsW
HeapReAlloc
ntdll
RtlDosPathNameToNtPathName_U_WithStatus
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlReAllocateHeap
RtlEnterCriticalSection
RtlGetVersion
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlInitUnicodeString
RtlImpersonateSelf
NtCreateFile
NtQueryInformationFile
NtClose
NtQueryDirectoryFile
RtlAllocateHeap
NtOpenFile
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtSetSecurityObject
RtlSetControlSecurityDescriptor
NtSetInformationFile
NtQuerySecurityObject
RtlAdjustPrivilege
RtlNtStatusToDosError
RtlRaiseStatus
NtYieldExecution
advapi32
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyExW
SetThreadToken
RegQueryValueExW
RegEnumKeyExW
RegLoadKeyW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RevertToSelf
GetSecurityInfo
AddAccessAllowedAceEx
FreeSid
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegUnLoadKeyW
RegFlushKey
user32
CharUpperW
rpcrt4
RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
UuidCreate
UuidToStringW
RpcStringFreeW
UuidFromStringW
NdrClientCall2
RpcStringBindingComposeW
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
Exports
Exports
DllCanUnloadNow
DllMain
WIMApplyImage
WIMCaptureImage
WIMCloseHandle
WIMCommitImageHandle
WIMCopyFile
WIMCreateFile
WIMCreateImageFile
WIMDeleteImage
WIMDeleteImageMounts
WIMEnumImageFiles
WIMExportImage
WIMExtractImagePath
WIMFindFirstImageFile
WIMFindNextImageFile
WIMGetAttributes
WIMGetImageCount
WIMGetImageInformation
WIMGetMessageCallbackCount
WIMGetMountedImageHandle
WIMGetMountedImageInfo
WIMGetMountedImageInfoFromHandle
WIMGetMountedImages
WIMGetWIMBootEntries
WIMGetWIMBootWIMPath
WIMInitFileIOCallbacks
WIMLoadImage
WIMMountImage
WIMMountImageHandle
WIMProcessCustomImage
WIMReadImageFile
WIMRegisterLogFile
WIMRegisterMessageCallback
WIMRemountImage
WIMSetBootImage
WIMSetFileIOCallbackTemporaryPath
WIMSetImageInformation
WIMSetReferenceFile
WIMSetTemporaryPath
WIMSplitFile
WIMUnmountImage
WIMUnmountImageHandle
WIMUnregisterLogFile
WIMUnregisterMessageCallback
WIMUpdateWIMBootEntry
Sections
.text Size: 506KB - Virtual size: 506KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/wimmount.sys.sys windows:6 windows x86 arch:x86
2c5e2ea9029b499daea37942675b781a
Code Sign
33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/08/2012, 17:49Not After30/11/2013, 17:49SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b5:25:42:c1:1b:62:47:44:4e:31:02:0a:60:04:d9:99:da:ef:d5:30:c1:6d:4b:c0:86:67:fa:f7:e2:57:ff:14Signer
Actual PE Digestb5:25:42:c1:1b:62:47:44:4e:31:02:0a:60:04:d9:99:da:ef:d5:30:c1:6d:4b:c0:86:67:fa:f7:e2:57:ff:14Digest Algorithmsha256PE Digest Matchestruec0:2c:d9:51:f4:ff:99:2d:4f:de:01:7e:f9:5c:ac:16:98:30:33:a4Signer
Actual PE Digestc0:2c:d9:51:f4:ff:99:2d:4f:de:01:7e:f9:5c:ac:16:98:30:33:a4Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
wimmount.pdb
Imports
ntoskrnl.exe
KeBugCheckEx
RtlCompareMemory
ZwOpenProcess
ObOpenObjectByPointer
KeWaitForMultipleObjects
RtlAppendUnicodeStringToString
ZwClose
ExEventObjectType
MmGetSystemRoutineAddress
ProbeForWrite
memmove
ZwCreateEvent
PsProcessType
ProbeForRead
DbgPrint
ExInitializeResourceLite
ObfDereferenceObject
PsGetCurrentProcessId
IoGetTopLevelIrp
ExDeleteResourceLite
RtlCompareUnicodeString
ZwDuplicateObject
KeWaitForSingleObject
ObReferenceObjectByHandle
IoFileObjectType
KeInitializeEvent
KeSetEvent
RtlInitUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlUnwind
fltmgr.sys
FltSetStreamContext
FltAcquireResourceShared
FltGetVolumeName
FltObjectReference
FltGetVolumeFromFileObject
FltGetRoutineAddress
FltCloseClientPort
FltEnumerateInstances
FltSendMessage
FltObjectDereference
FltStartFiltering
FltReleaseFileNameInformation
FltRegisterFilter
FltAcquireResourceExclusive
FltFsControlFile
FltBuildDefaultSecurityDescriptor
FltCloseCommunicationPort
FltUnregisterFilter
FltGetFileNameInformation
FltAllocateContext
FltClose
FltReleaseContext
FltReleaseResource
FltQueryInformationFile
FltReissueSynchronousIo
FltCreateFile
FltIsDirectory
FltFreeSecurityDescriptor
FltGetDiskDeviceObject
FltSetInformationFile
FltCreateCommunicationPort
FltUntagFile
FltGetStreamContext
FltGetRequestorProcessId
FltDeleteStreamContext
FltSetCallbackDataDirty
Sections
.text Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 812B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 208B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/wimmountadksetupx86.exe.exe windows:6 windows x86 arch:x86
9f701f226d9d5efbc88d2373417a3a2f
Code Sign
33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before27/03/2013, 20:08Not After27/06/2014, 20:08SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before30/08/2012, 17:49Not After30/11/2013, 17:49SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f8:b3:2f:fe:36:77:12:f7:8c:b5:c1:33:c2:13:96:70:48:6b:f2:89:da:ee:68:23:33:2f:1b:df:09:4a:ad:daSigner
Actual PE Digestf8:b3:2f:fe:36:77:12:f7:8c:b5:c1:33:c2:13:96:70:48:6b:f2:89:da:ee:68:23:33:2f:1b:df:09:4a:ad:daDigest Algorithmsha256PE Digest Matchestruecd:11:68:46:c5:97:57:f1:1b:d0:8d:3b:53:3f:78:97:40:76:e1:24Signer
Actual PE Digestcd:11:68:46:c5:97:57:f1:1b:d0:8d:3b:53:3f:78:97:40:76:e1:24Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
WimMountAdkSetupX86.pdb
Imports
advapi32
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
kernel32
CloseHandle
GetCurrentProcessId
GetFileAttributesW
HeapAlloc
TerminateProcess
LocalFree
GetSystemInfo
SetLastError
GetLastError
GetModuleFileNameW
GetProcessHeap
HeapFree
GetDriveTypeW
GetNativeSystemInfo
GetFullPathNameW
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
user32
MessageBoxW
msvcrt
__iob_func
_wfopen
_vsnwprintf
wcsncmp
_wcsnicmp
fwprintf
vfwprintf
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wcsicmp
fclose
wcschr
shell32
CommandLineToArgvW
ntdll
RtlNtStatusToDosError
RtlFreeHeap
RtlAllocateHeap
fltlib
FilterUnload
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 129KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/wimprovider.dll.dll regsvr32 windows:6 windows x86 arch:x86
58dc712111ae37f171fda65548396cf4
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before22/04/2014, 17:39Not After22/07/2015, 17:39SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:c3:62:88:2b:1d:45:32:28:0b:67:9c:c1:94:76:b7:c2:0f:21:48:88:bc:cf:27:df:cb:e3:bb:f1:e2:9d:b1Signer
Actual PE Digest61:c3:62:88:2b:1d:45:32:28:0b:67:9c:c1:94:76:b7:c2:0f:21:48:88:bc:cf:27:df:cb:e3:bb:f1:e2:9d:b1Digest Algorithmsha256PE Digest Matchestruea2:16:e0:69:41:28:4f:f5:0a:9f:a7:f4:23:52:6f:fd:be:b7:5f:29Signer
Actual PE Digesta2:16:e0:69:41:28:4f:f5:0a:9f:a7:f4:23:52:6f:fd:be:b7:5f:29Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
WimProvider.pdb
Imports
msvcrt
towupper
_strnicmp
_except_handler4_common
_onexit
__dllonexit
memmove
_wcsnicmp
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
_callnewh
iswspace
malloc
memset
_wtoi64
_wcsicmp
wcstoul
_vsnwprintf
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
wcsncmp
wcschr
wcscat_s
memmove_s
calloc
_wtol
wcscpy_s
memcpy_s
_purecall
wcsrchr
vswprintf_s
free
_vscwprintf
wcsncpy_s
memcmp
memcpy
__RTDynamicCast
api-ms-win-downlevel-kernel32-l1-1-0
LoadLibraryExW
GetModuleHandleExW
OutputDebugStringW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
HeapFree
GetProcessHeap
GetFullPathNameW
HeapReAlloc
HeapAlloc
GetLastError
CompareStringW
DisableThreadLibraryCalls
SetThreadLocale
RaiseException
GetProcAddress
GetModuleHandleW
GetFileAttributesW
FindFirstFileW
FindClose
SetLastError
DeleteFileW
GetLocaleInfoW
GetNumberFormatW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
HeapDestroy
HeapSize
GetFileInformationByHandle
CloseHandle
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
CreateFileW
LockResource
LoadResource
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetVersionExW
CreateFileMappingW
FindNextFileW
LoadLibraryExA
GetThreadLocale
FindResourceExW
FormatMessageW
SetThreadUILanguage
api-ms-win-downlevel-ole32-l1-1-1
CoTaskMemFree
SetErrorInfo
StringFromGUID2
ProgIDFromCLSID
CreateErrorInfo
CoCreateInstance
api-ms-win-downlevel-user32-l1-1-1
CharUpperW
CharNextW
CharLowerBuffW
LoadStringW
api-ms-win-downlevel-advapi32-l1-1-1
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
api-ms-win-downlevel-kernel32-l2-1-0
GetPrivateProfileSectionW
LocalAlloc
LocalFree
oleaut32
SysStringLen
VarBstrCmp
VariantClear
SysAllocStringLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
SysFreeString
LoadTypeLi
SysAllocString
ntdll
RtlEnterCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlFreeHeap
RtlNtStatusToDosError
RtlRaiseStatus
NtYieldExecution
RtlAllocateHeap
Exports
Exports
DLLGetDISMProviderCLSID
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 310KB - Virtual size: 309KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/DISM81/wimserv.exe.exe windows:6 windows x86 arch:x86
292660bc107b273a71fb0b3af81f3c77
Code Sign
33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before11/11/2013, 22:11Not After11/02/2015, 22:11SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/01/2013, 22:33Not After24/04/2014, 22:33SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:33:56:f6:94:1d:9a:8c:bd:e5:00:00:00:00:00:33Certificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/09/2013, 17:35Not After24/12/2014, 17:35SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
58:bf:04:86:84:5d:9e:be:0c:7a:28:b6:62:5f:ed:1d:7f:ed:92:9e:7e:e9:69:73:b3:3d:b5:ec:59:80:ee:25Signer
Actual PE Digest58:bf:04:86:84:5d:9e:be:0c:7a:28:b6:62:5f:ed:1d:7f:ed:92:9e:7e:e9:69:73:b3:3d:b5:ec:59:80:ee:25Digest Algorithmsha256PE Digest Matchestrue91:c6:d2:b9:fe:cf:ea:30:22:cb:58:a4:0d:3f:39:60:1c:b8:be:f2Signer
Actual PE Digest91:c6:d2:b9:fe:cf:ea:30:22:cb:58:a4:0d:3f:39:60:1c:b8:be:f2Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
wimserv.pdb
Imports
kernel32
CreateSemaphoreW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileExW
GetCurrentDirectoryW
GetModuleHandleW
CreateThread
HeapSetInformation
WaitForMultipleObjects
CreateEventW
ResetEvent
Sleep
CreateMutexW
CloseHandle
GetLastError
GetProcessHeap
SetEvent
WaitForSingleObject
HeapFree
HeapAlloc
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
CreateFileW
RemoveDirectoryW
GetVolumeInformationW
GetFileInformationByHandle
DuplicateHandle
GetDriveTypeW
FindFirstFileW
FindNextFileW
FindClose
GetFileSizeEx
ReadFile
GetTempPathW
DeviceIoControl
GetCurrentThread
LocalFree
FreeLibrary
LoadLibraryExW
GetProcAddress
WaitForMultipleObjectsEx
GetOverlappedResult
FormatMessageW
LocalAlloc
WriteFile
ReleaseMutex
WideCharToMultiByte
SetFilePointer
GetFullPathNameW
GetEnvironmentVariableW
SetFileAttributesW
GetFileAttributesW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFilePointerEx
DeleteCriticalSection
GetModuleHandleExW
CompareStringW
GetSystemDirectoryW
HeapReAlloc
GetHandleInformation
SetEndOfFile
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetVersionExW
FlushFileBuffers
GetSystemInfo
SetThreadIdealProcessor
GetTempFileNameW
CreateSemaphoreExW
ReleaseSemaphore
LockFileEx
UnlockFileEx
user32
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
msvcrt
_wtoi
qsort
memmove_s
wcsnlen
memset
memcpy
iswspace
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_snwprintf_s
swscanf_s
wcsncmp
wcsrchr
towupper
_XcptFilter
memcmp
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_vsnwprintf
_wcsnicmp
memmove
_vscwprintf
_wcsicmp
wcschr
memcpy_s
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_wcmdln
_initterm
__setusermatherr
__p__fmode
_cexit
rpcrt4
RpcRevertToSelf
RpcServerUseProtseqEpW
UuidFromStringW
RpcServerRegisterAuthInfoW
RpcImpersonateClient
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerListen
NdrServerCall2
RpcServerRegisterIf
RpcStringFreeW
UuidCreate
UuidToStringW
advapi32
RegEnumKeyExW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegUnLoadKeyW
RegFlushKey
RegSetValueExW
RegLoadKeyW
RevertToSelf
EqualSid
AddAccessAllowedAce
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetThreadToken
OpenThreadToken
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetLengthSid
FreeSid
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ntdll
RtlInitializeCriticalSection
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlInitializeResource
NtSetSecurityObject
RtlSetControlSecurityDescriptor
NtQuerySecurityObject
RtlImpersonateSelf
NtClose
RtlDosPathNameToNtPathName_U
RtlAdjustPrivilege
RtlInitUnicodeString
NtCreateFile
NtSetInformationFile
NtQueryInformationFile
RtlNtStatusToDosError
RtlAllocateHeap
RtlFreeHeap
RtlAcquireResourceExclusive
RtlGetVersion
RtlEnterCriticalSection
RtlReAllocateHeap
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlRaiseStatus
NtYieldExecution
Sections
.text Size: 387KB - Virtual size: 387KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/NSudo.exe.exe windows:6 windows x86 arch:x86
16026b739637a8b250930b6e8e3c054c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\Documents\Visual Studio 2019\Projects\NSudo\Source\Native\Output\Binaries\Release\Win32\NSudoLG.pdb
Imports
kernel32
ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
CreateEventW
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
FindResourceExW
LoadResource
GetProcAddress
VerSetConditionMask
FreeLibrary
SleepEx
GetFileInformationByHandleEx
QueryPerformanceCounter
LoadLibraryExW
GetModuleHandleExW
ExitProcess
Sleep
OutputDebugStringW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SizeofResource
GetLocalTime
GetCurrentProcessId
ResumeThread
WaitForSingleObjectEx
InitializeCriticalSection
GetCurrentProcess
SetPriorityClass
MulDiv
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
CloseHandle
GetThreadUILanguage
GetLastError
GetCurrentThreadId
GetFileAttributesW
CreateFileW
InitializeCriticalSectionEx
LeaveCriticalSection
SetThreadUILanguage
GetCommandLineW
EnterCriticalSection
SetLastError
HeapFree
ReadFile
VerifyVersionInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
user32
EndPaint
BeginPaint
DrawIconEx
GetClientRect
GetWindowTextW
LoadIconW
ChangeWindowMessageFilter
DestroyIcon
UnregisterClassW
MonitorFromWindow
GetDC
SendMessageW
EndDialog
SetWindowLongW
DialogBoxParamW
LoadImageW
GetDlgItem
SetWindowTextW
gdi32
DeleteDC
GetDeviceCaps
comdlg32
GetOpenFileNameW
advapi32
AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
AddAce
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
shell32
DragQueryFileW
DragFinish
ole32
CoInitializeEx
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
wtsapi32
WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken
msvcrt
_initterm_e
_set_fmode
__p__commode
_controlfp_s
_errno
strcpy_s
__pctype_func
tolower
___mb_cur_max_func
wcsnlen
wcstol
_mbtowc_l
_wcsicmp
__wgetmainargs
strrchr
_msize
_XcptFilter
__set_app_type
malloc
_callnewh
?_set_new_mode@@YAHH@Z
___lc_codepage_func
realloc
_CIlog10
ceil
_clearfp
_except_handler4_common
_amsg_exit
memmove
memset
free
_CxxThrowException
wcsstr
wcsrchr
__CxxFrameHandler3
_initterm
_wcsnicmp
_wcmdln
strncmp
memcpy
?terminate@@YAXXZ
Sections
.text Size: 71KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/esdtoolcore.exe.exe windows:10 windows x86 arch:x86
9d8f20ce9cd9416d0035fc5c5e92389a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
EsdToolCore.pdb
Imports
msvcrt
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_purecall
wcschr
memcpy_s
_wtoi
_lock
_wtol
wprintf
_unlock
__dllonexit
_onexit
wcsrchr
_wcsnicmp
wcsncmp
__setusermatherr
_vscwprintf
towupper
swscanf_s
wcsnlen
_wcstoi64
wcsstr
strncpy_s
_strnicmp
_wcslwr
_wcsrev
qsort
towlower
_wcsupr
wcstoul
wcstok_s
strcpy_s
memmove_s
iswspace
_wcstoui64
printf
_vsnwprintf
_wcsicmp
?terminate@@YAXXZ
_controlfp
_except_handler4_common
memmove
memcpy
memcmp
_initterm
__CxxFrameHandler3
memset
ntdll
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryEaFile
NtCreateFile
RtlImpersonateSelf
RtlInitUnicodeString
NtUnloadKey2
RtlSetControlSecurityDescriptor
RtlFindAceByType
NtSetSecurityObject
NtSetEaFile
RtlInitializeResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlDeleteResource
RtlRaiseStatus
RtlInitializeCriticalSection
DbgPrintEx
RtlGetLastNtStatus
NtReadFile
RtlReAllocateHeap
RtlExpandEnvironmentStrings
NtWaitForSingleObject
NtYieldExecution
RtlDowncaseUnicodeChar
NtSetInformationThread
RtlGetVersion
NtShutdownSystem
NtSetInformationProcess
NtQueryDirectoryFile
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
NtQueryInformationProcess
RtlDosPathNameToNtPathName_U_WithStatus
NtWriteFile
RtlNtStatusToDosError
RtlAdjustPrivilege
NtClose
fltlib
FilterSendMessage
FilterLoad
FilterAttach
cabinet
ord23
ord22
ord20
oleaut32
SysFreeString
SysAllocString
rpcrt4
UuidCreate
RpcStringFreeW
I_RpcMapWin32Status
UuidToStringW
UuidFromStringW
kernel32
WriteFile
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentThreadId
FreeLibrary
LoadLibraryW
SetLastError
ExitProcess
GetSystemDirectoryW
SetConsoleCtrlHandler
GetCurrentDirectoryW
FormatMessageW
DeleteCriticalSection
WideCharToMultiByte
GetFileSize
MultiByteToWideChar
GetVersionExA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFilePointer
CreateFileA
GetFullPathNameW
WaitForSingleObject
VirtualQuery
GetSystemWindowsDirectoryW
OutputDebugStringW
CreateThread
CreateEventW
CompareStringW
CloseHandle
LoadLibraryExW
GetTempPathW
LocalFree
SetEvent
RemoveDirectoryW
IsWow64Process
GetCurrentProcess
CreateDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
lstrcmpW
GetSystemTimeAsFileTime
GetTickCount
DeviceIoControl
SetFileAttributesW
GetLongPathNameW
GetFinalPathNameByHandleW
GetVolumePathNameW
GlobalMemoryStatusEx
GetDriveTypeW
GetFileInformationByHandleEx
FindFirstFileNameW
GetFileInformationByHandle
SetFileInformationByHandle
FindNextFileNameW
CopyFileExW
FlushFileBuffers
Sleep
FindNextFileW
FindFirstFileW
GetFileAttributesW
FindClose
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcessHeap
GetProcAddress
HeapAlloc
GetModuleHandleExW
HeapFree
ExpandEnvironmentStringsW
TlsAlloc
GetEnvironmentVariableW
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
GetFileSizeEx
ResetEvent
MapViewOfFile
SetFilePointerEx
DebugBreak
CreateFileMappingW
IsDebuggerPresent
SetEndOfFile
ReadFile
CreateFileW
GetCurrentProcessId
GetTempFileNameW
GetCurrentThread
LCIDToLocaleName
WaitForMultipleObjectsEx
CreateSemaphoreExW
GetVolumePathNamesForVolumeNameW
SetPriorityClass
SetThreadPriority
GetExitCodeThread
GetThreadPriority
GetPriorityClass
GetOverlappedResult
GetSystemInfo
InitializeCriticalSection
SetThreadIdealProcessor
HeapReAlloc
GetVolumeNameForVolumeMountPointW
LocalAlloc
GetHandleInformation
GetVolumeInformationW
LockFileEx
UnlockFileEx
OpenProcess
DuplicateHandle
GetPrivateProfileSectionW
WaitForMultipleObjects
ReleaseSemaphore
CreateSemaphoreW
setupapi
SetupOpenInfFileW
SetupFindFirstLineW
SetupFindNextLine
SetupCloseInfFile
SetupGetStringFieldW
SetupGetLineTextW
advapi32
GetSecurityInfo
RegUnLoadKeyW
RegLoadKeyW
RegFlushKey
RegCreateKeyExW
RegEnumKeyExW
SetSecurityInfo
InitiateSystemShutdownExW
RegDeleteValueW
RegEnumValueW
WriteEncryptedFileRaw
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegQueryInfoKeyW
CloseEncryptedFileRaw
CopySid
OpenThreadToken
GetTokenInformation
ReadEncryptedFileRaw
OpenEncryptedFileRawW
RevertToSelf
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegOpenKeyExW
CryptGetUserKey
CryptSetProvParam
CryptAcquireContextW
CryptExportKey
CryptGenKey
CryptDestroyKey
RegQueryValueExW
RegSetValueExW
RegCloseKey
CryptReleaseContext
GetNamedSecurityInfoW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorLength
shlwapi
StrStrIW
user32
CharUpperW
version
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
bcrypt
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptGetProperty
Sections
.text Size: 837KB - Virtual size: 837KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/imagex.exe.exe windows:10 windows x86 arch:x86
75d506820b9cc92feb7d89eda62fc2ff
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
78:27:f6:42:e1:20:0e:03:cb:b5:75:88:5d:6e:96:26:fc:69:b0:45:bc:45:f6:c9:a0:92:4f:1c:23:4b:c4:1eSigner
Actual PE Digest78:27:f6:42:e1:20:0e:03:cb:b5:75:88:5d:6e:96:26:fc:69:b0:45:bc:45:f6:c9:a0:92:4f:1c:23:4b:c4:1eDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
PDB Paths
imagex.pdb
Imports
msvcrt
_wcsupr
strcpy_s
towlower
qsort
_wcsrev
_wcslwr
_strnicmp
memcpy_s
strncpy_s
_wcstoi64
wcsnlen
wcsstr
wcstok_s
wcsncmp
towupper
_wcsnicmp
wcschr
_vscwprintf
_wcsicmp
__iob_func
memmove_s
iswspace
_purecall
malloc
_callnewh
free
wcstoul
_vsnwprintf
memcmp
memcpy
memmove
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wtoi
wcsrchr
_wtol
fflush
printf
swscanf_s
memset
ntdll
NtYieldExecution
RtlReAllocateHeap
DbgPrintEx
RtlInitializeCriticalSection
RtlRaiseStatus
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
NtUnloadKey2
RtlInitUnicodeString
NtQuerySecurityObject
RtlImpersonateSelf
NtSetEaFile
NtSetSecurityObject
RtlSetControlSecurityDescriptor
NtCreateFile
NtQueryEaFile
NtQueryVolumeInformationFile
NtQueryInformationFile
RtlAdjustPrivilege
NtClose
NtQueryDirectoryFile
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlGetLastNtStatus
NtQueryInformationProcess
RtlFreeHeap
RtlAllocateHeap
NtSetInformationFile
RtlFindAceByType
RtlNtStatusToDosError
RtlDowncaseUnicodeChar
kernel32
GetTickCount
GetVolumeInformationW
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetLogicalDrives
ReleaseMutex
LocalAlloc
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetModuleHandleW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OpenProcess
GetModuleHandleExW
CreateMutexW
HeapReAlloc
UnlockFileEx
LockFileEx
CreateEventW
SetEndOfFile
DeleteFileW
GetTempFileNameW
RemoveDirectoryW
SetFilePointerEx
SetFilePointer
GetFileSize
SetThreadIdealProcessor
GetSystemInfo
GetDriveTypeW
GetOverlappedResult
ReadFile
GetHandleInformation
lstrcmpW
GetCurrentThread
DuplicateHandle
GetSystemWindowsDirectoryW
FindClose
FindNextFileW
FindFirstFileW
SetConsoleCtrlHandler
GetModuleFileNameW
GetFullPathNameW
GetTickCount64
GetFileAttributesW
CompareStringW
SetLastError
LocalFree
FormatMessageW
HeapFree
LeaveCriticalSection
FillConsoleOutputCharacterW
GetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetTempPathW
Sleep
GetVolumePathNamesForVolumeNameW
LoadLibraryW
EnterCriticalSection
InitializeCriticalSection
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
MultiByteToWideChar
CreateSemaphoreExW
Wow64RevertWow64FsRedirection
GetExitCodeProcess
CreateProcessW
Wow64DisableWow64FsRedirection
GetLogicalDriveStringsW
GetStdHandle
GetFinalPathNameByHandleW
GetLongPathNameW
CreateDirectoryW
LCIDToLocaleName
SetConsoleCursorPosition
GetCommandLineW
WriteConsoleW
GetEnvironmentVariableW
GetConsoleScreenBufferInfo
WaitForSingleObject
OpenEventW
GetConsoleMode
WriteFile
SetEvent
GetLastError
WideCharToMultiByte
GetProcessHeap
CreateThread
ResetEvent
HeapAlloc
GetPrivateProfileSectionW
GetProcAddress
WaitForMultipleObjects
FreeLibrary
LoadLibraryExW
GetFileSizeEx
DeviceIoControl
CreateFileW
SetFileAttributesW
GetFileInformationByHandleEx
FindFirstFileNameW
GetFileInformationByHandle
SetFileInformationByHandle
FindNextFileNameW
CopyFileExW
FlushFileBuffers
ReleaseSemaphore
CreateSemaphoreW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalMemoryStatusEx
GetSystemDirectoryW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForMultipleObjectsEx
DeleteCriticalSection
CloseHandle
user32
CharNextW
CharPrevW
CharUpperW
LoadStringW
shlwapi
StrStrIW
PathMatchSpecW
setupapi
SetupOpenInfFileW
SetupFindFirstLineW
SetupCloseInfFile
SetupGetLineTextW
SetupFindNextLine
rpcrt4
RpcBindingFree
RpcBindingSetAuthInfoW
UuidToStringW
RpcStringFreeW
RpcBindingFromStringBindingW
UuidCreate
I_RpcMapWin32Status
UuidFromStringW
NdrClientCall2
RpcStringBindingComposeW
fltlib
FilterSendMessage
FilterAttach
FilterLoad
FilterConnectCommunicationPort
cabinet
ord22
ord20
ord23
advapi32
ReadEncryptedFileRaw
RevertToSelf
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CheckTokenMembership
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAccessAllowedAceEx
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
GetSecurityDescriptorLength
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegQueryInfoKeyW
SetThreadToken
RegQueryValueExW
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegFlushKey
RegDeleteKeyExW
RegCloseKey
GetTokenInformation
GetSecurityInfo
OpenThreadToken
RegLoadKeyW
RegUnLoadKeyW
EqualSid
version
VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
bcrypt
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptHashData
Sections
.text Size: 590KB - Virtual size: 590KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/libwim-15.dll.dll windows:4 windows x86 arch:x86
5246d9411a3af41e1bb12a7f476de9a6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
advapi32
AdjustTokenPrivileges
CloseEncryptedFileRaw
LookupPrivilegeValueW
OpenEncryptedFileRawW
OpenProcessToken
ReadEncryptedFileRaw
RegCloseKey
RegCreateKeyExW
RegFlushKey
RegLoadKeyW
RegSetValueExW
RegUnLoadKeyW
SystemFunction036
WriteEncryptedFileRaw
kernel32
CloseHandle
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
EnterCriticalSection
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageW
FreeLibrary
GetCurrentProcess
GetDiskFreeSpaceExW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTimeAsFileTime
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeConditionVariable
InitializeCriticalSection
IsDBCSLeadByteEx
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MoveFileExW
MoveFileW
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
SetFilePointerEx
SetLastError
Sleep
SleepConditionVariableCS
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
msvcrt
__mb_cur_max
_amsg_exit
_assert
_errno
_fstat64
_get_osfhandle
_gmtime64
_initterm
_iob
_lock
_lseeki64
_open_osfhandle
fwprintf
_telli64
_unlock
_waccess
_wcserror_s
_wcsicmp
_wgetenv
_wmkdir
_wopen
_wtempnam
_wunlink
abort
atoi
calloc
fclose
feof
fflush
fgetwc
fputc
fputwc
fputws
fread
free
fwrite
getenv
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
qsort
realloc
setlocale
strchr
strerror
strlen
strncmp
towlower
ungetwc
vfprintf
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcspbrk
wcsrchr
wcsstr
wcstol
wcstombs
wcstoul
_wstat64
_fdopen
_close
ntdll
NtClose
NtCreateFile
NtFsControlFile
NtOpenFile
NtOpenSymbolicLinkObject
NtQueryDirectoryFile
NtQueryEaFile
NtQueryInformationFile
NtQuerySecurityObject
NtQueryVolumeInformationFile
NtReadFile
NtSetEaFile
NtSetInformationFile
NtSetSecurityObject
NtWaitForSingleObject
NtWriteFile
RtlDosPathNameToNtPathName_U
RtlInitUnicodeString
RtlNtStatusToDosError
user32
wsprintfW
Exports
Exports
wimlib_add_empty_image
wimlib_add_image
wimlib_add_image_multisource
wimlib_add_tree
wimlib_compress
wimlib_create_compressor
wimlib_create_decompressor
wimlib_create_new_wim
wimlib_decompress
wimlib_delete_image
wimlib_delete_path
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_free_compressor
wimlib_free_decompressor
wimlib_get_compression_type_string
wimlib_get_compressor_needed_memory
wimlib_get_error_string
wimlib_get_image_description
wimlib_get_image_name
wimlib_get_image_property
wimlib_get_version
wimlib_get_version_string
wimlib_get_wim_info
wimlib_get_xml_data
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join
wimlib_join_with_progress
wimlib_mount_image
wimlib_open_wim
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_rename_path
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_error_file
wimlib_set_error_file_by_name
wimlib_set_image_descripton
wimlib_set_image_flags
wimlib_set_image_name
wimlib_set_image_property
wimlib_set_memory_allocator
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_unmount_image
wimlib_unmount_image_with_progress
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd
Sections
.text Size: 351KB - Virtual size: 350KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 50KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 130KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/oscdimg.exe.exe windows:10 windows x86 arch:x86
e13c5064ed79dccef09e9c3a0be87abb
Code Sign
33:00:00:06:a2:bd:67:bc:48:63:a2:ae:9d:00:00:00:00:06:a2Certificate
IssuerCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2023, 22:36Not After15/09/2024, 22:36SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before28/05/2014, 17:33Not After28/05/2029, 17:43SubjectCN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ac:43:88:9f:05:54:61:36:2a:13:4e:d2:a5:fd:00:d8:52:8e:03:22:92:04:1f:96:b8:72:a6:c5:59:69:3a:f4Signer
Actual PE Digestac:43:88:9f:05:54:61:36:2a:13:4e:d2:a5:fd:00:d8:52:8e:03:22:92:04:1f:96:b8:72:a6:c5:59:69:3a:f4Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
OSCDIMG.pdb
Imports
kernel32
GetVersionExA
SetErrorMode
GetSystemTime
SystemTimeToFileTime
SetFileApisToANSI
SetFileApisToOEM
GetTimeZoneInformation
GetFullPathNameA
GetFullPathNameW
lstrlenW
FindFirstFileW
FindFirstFileA
FindClose
GetLongPathNameW
GetLastError
GetLongPathNameA
HeapFree
CreateFileW
CreateFileA
CloseHandle
WaitForSingleObject
SetEvent
FileTimeToSystemTime
DeleteFileA
MultiByteToWideChar
WideCharToMultiByte
GetFileSize
ReadFile
GetFileTime
GetFileInformationByHandle
FindNextFileA
FindNextFileW
GetOverlappedResult
SetEndOfFile
SetFilePointer
CreateEventA
WriteFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetModuleHandleA
GetProcessWorkingSetSize
SetProcessWorkingSetSize
InitializeCriticalSection
VirtualFree
SetConsoleCtrlHandler
ExitProcess
FormatMessageA
GetProcessHeap
HeapAlloc
VirtualAlloc
VirtualLock
ResetEvent
GetProcAddress
ReleaseSemaphore
CreateThread
WaitForMultipleObjects
SetThreadPriority
CreateSemaphoreA
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
msvcrt
sprintf_s
wprintf
wcsrchr
_wcsicmp
strrchr
_stricmp
wcscpy_s
wcscat_s
strtok
_wfopen
fgetws
feof
fclose
fopen
fgets
swprintf_s
_strnicmp
_strtoui64
strtoul
tolower
atoi
srand
time
vfprintf
_ultoa
rand
_wcsnicmp
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
wcstok
_except_handler4_common
?terminate@@YAXXZ
_controlfp
memcpy
wcschr
_strupr
wcsncmp
strcat_s
strcpy_s
exit
printf
fflush
fprintf
strchr
__iob_func
memcmp
memset
Sections
.text Size: 93KB - Virtual size: 92KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 264KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Bin/x86/wimlib-imagex.exe.exe windows:4 windows x86 arch:x86
78477e4f732fb9f2e42908debcac154e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
libwim-15
wimlib_add_image_multisource
wimlib_create_new_wim
wimlib_delete_image
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_get_compression_type_string
wimlib_get_error_string
wimlib_get_image_property
wimlib_get_version_string
wimlib_get_wim_info
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join_with_progress
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_image_property
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd
advapi32
ConvertSecurityDescriptorToStringSecurityDescriptorW
kernel32
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
msvcrt
__mb_cur_max
__p__commode
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_errno
_gmtime64
_initterm
_iob
_lock
_onexit
_putws
_setmode
fwprintf
_unlock
_wcserror
_wcsicmp
_wfopen
_wgetenv
abort
atoi
calloc
exit
fclose
feof
ferror
fflush
fprintf
fputc
fputwc
fputws
fread
free
fwrite
getenv
iswctype
localeconv
malloc
memcpy
memmove
memset
realloc
setlocale
signal
strchr
strerror
strlen
strncmp
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcstoul
_wstat64
_wcsdup
_isatty
Sections
.text Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/4 Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 3KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
CREDITS.txt
-
Changelog.txt
-
DONATE.jpg.jpg
-
DONATE.txt
-
LICENSE.txt
-
Packs/Apps/GettingApps.txt
-
Packs/IE11/DownloadExtract.cmd.cmd .vbs
-
Packs/MediaFeaturePack/w7/DownloadExtract.cmd.cmd .vbs
-
Packs/MediaFeaturePack/w81/DownloadExtract.cmd.cmd .vbs
-
Packs/NetFX462/DownloadExtract.cmd.cmd .vbs
-
Packs/NetFX48/w10/DownloadExtract.cmd.cmd .vbs
-
Packs/NetFX48/w7/DownloadExtract.cmd.cmd .vbs
-
Packs/NetFX48/w81/DownloadExtract.cmd.cmd .vbs
-
Packs/NetFX481/DownloadExtract.cmd.cmd .vbs
-
Packs/PowerShell7/DownloadExtract.cmd.cmd .vbs
-
Packs/RDP81/DownloadExtract.cmd.cmd .vbs
-
Packs/RSAT/w7/DownloadExtract.cmd.cmd .vbs
-
Packs/RSAT/w81/DownloadExtract.cmd.cmd .vbs
-
Packs/VCRuntime/w7/DownloadExtract.cmd.cmd .vbs
-
Packs/VCRuntime/w81/DownloadExtract.cmd.cmd .vbs
-
Packs/VCRuntime/w81/Windows8.1-KB3118401-x64.txt
-
Packs/VCRuntime/w81/Windows8.1-KB3118401-x86.txt
-
Packs/WMF/w7/DownloadExtract.cmd.cmd .vbs
-
Packs/WMF/w7/InstallOrder.txt
-
Packs/WMF/w81/DownloadExtract.cmd.cmd .vbs
-
README.txt
-
Start.cmd
-
Toolkit.cmd.cmd .vbs
-
Website.url