4de033db9fbc9b3814df3d8f9bb6021e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4de033db9fbc9b3814df3d8f9bb6021e_JaffaCakes118
Size

3.6MB
MD5

4de033db9fbc9b3814df3d8f9bb6021e
SHA1

2dc5326e69fcb4d5fcaffa425d26da9078105471
SHA256

fad489fe0b2faa9dd686667136dd9b7895c941614b5d2b80308fc675874b4339
SHA512

5e6821dc0191a0bddc6bd4b9ad6686222b2147add94e2cb4d220e5f8904868774af205d09d5a6fe6c7a49902e79da5039755239588908287a486422c67e2b381
SSDEEP

98304:pLIFNPOUR4Zpw1tyUeGcBAx91ylzPtn7z/:pLIFIGUJUeZAAn7z/

Score

7^/10

upx aspackv2

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/PLUGIN/GODUP.dll	acprotect
static1/unpack001/PLUGIN/mapgen.plw	acprotect
static1/unpack001/PLUGIN/备用/ustrref.dll	acprotect

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/PLUGIN/wingraph32.exe	aspack_v212_v242
static1/unpack001/Tools/API地址专家/API地址专家.exe	aspack_v212_v242

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/PLUGIN/GODUP.dll	upx
static1/unpack001/PLUGIN/dumpsig.exe	upx
static1/unpack001/PLUGIN/mapgen.plw	upx
static1/unpack001/PLUGIN/备用/ustrref.dll	upx
static1/unpack001/英文配置补丁/配置文件恢复为英文补丁.exe	upx

Unsigned PE 59 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FixOD/AutoPath.dll
unpack001/FixOD/Ollydbg.exe
unpack001/Labeler.dll
unpack001/Ollydbg.exe
unpack001/PLUGIN/AJunk.dll
unpack001/PLUGIN/ApiBreak.dll
unpack001/PLUGIN/Asm2Clipboard.dll
unpack001/PLUGIN/BOOKMARK.DLL
unpack001/PLUGIN/CMDLINE.DLL
unpack001/PLUGIN/CleanupEx.dll
unpack001/PLUGIN/CmdBar.dll
unpack001/PLUGIN/DBGHELP.DLL
unpack001/PLUGIN/DeJunk.dll
unpack001/PLUGIN/GODUP.dll
unpack001/PLUGIN/HideCapt.dll
unpack001/PLUGIN/HideDebugger.dll
unpack001/PLUGIN/IsDebug V1.4.dll
unpack001/PLUGIN/Labeler.dll
unpack001/PLUGIN/Labelmaster.dll
unpack001/PLUGIN/LoadMap.dll
unpack001/PLUGIN/MapConv.dll
unpack001/PLUGIN/MemoryManage.dll
unpack001/PLUGIN/ODbgScript.dll
unpack001/PLUGIN/OllyDump.dll
unpack001/PLUGIN/OllyFlow.dll
unpack001/PLUGIN/OllyHelper.dll
unpack001/PLUGIN/OllyMachine.dll
unpack001/PLUGIN/OllyScript.dll
unpack001/PLUGIN/StayOntop.dll
unpack001/PLUGIN/TracKid.dll
unpack001/PLUGIN/UnhExcFlt.DLL
unpack001/PLUGIN/WatchMan.dll
unpack001/PLUGIN/dumpsig.exe
unpack003/out.upx
unpack001/PLUGIN/extracopy.dll
unpack001/PLUGIN/mapgen.plw
unpack004/out.upx
unpack001/PLUGIN/pedumper.dll
unpack001/PLUGIN/ustrrefadd.dll
unpack001/PLUGIN/windowinfos.dll
unpack001/PLUGIN/windowjuggler.dll
unpack001/PLUGIN/wingraph32.exe
unpack001/PLUGIN/备用/OllyDump_2.21.dll
unpack001/PLUGIN/备用/PuntosMagicos.dll
unpack001/PLUGIN/备用/olly_bp_man.dll
unpack001/PLUGIN/备用/ustrref.dll
unpack005/out.upx
unpack001/PSAPI.DLL
unpack001/Tools/API地址专家/API地址专家.exe
unpack001/Tools/IDT Protector/IDTProt.exe
unpack001/Tools/IDT Protector/cyclotron.sys
unpack001/Tools/IDTools For WinXP/IdtTool.exe
unpack001/Tools/IDTools For WinXP/IdtTool.sys
unpack001/Tools/IDTools For WinXP/osrloader.exe
unpack001/Tools/OSCEditor/OSEditor.exe
unpack001/Tools/dll_loader/Dll_LoadEx.exe
unpack001/loaddll.exe
unpack001/原版界面/Ollydbg.exe
unpack001/英文配置补丁/配置文件恢复为英文补丁.exe

Files

4de033db9fbc9b3814df3d8f9bb6021e_JaffaCakes118
.rar
FixOD/AutoPach使用说明.txt
FixOD/AutoPath.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FixOdPath

Sections

CODE
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FixOD/Ollydbg.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

_Addsorteddata
_Addtolist
_Analysecode
_Animate
_Assemble
_Attachtoactiveprocess
_Broadcast
_Browsefilename
_Calculatecrc
_Checkcondition
_Compress
_Createdumpwindow
_Createlistwindow
_Createpatchwindow
_Createprofilewindow
_Creatertracewindow
_Createsorteddata
_Createthreadwindow
_Createwatchwindow
_Createwinwindow
_Decodeaddress
_Decodeascii
_Decodecharacter
_Decodefullvarname
_Decodeknownargument
_Decodename
_Decoderange
_Decoderelativeoffset
_Decodethreadname
_Decodeunicode
_Decompress
_Defaultbar
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletehardwarebreakpoint
_Deletenamerange
_Deletenonconfirmedsorteddata
_Deleteruntrace
_Deletesorteddata
_Deletesorteddatarange
_Deletewatch
_Demanglename
_Destroysorteddata
_Disasm
_Disassembleback
_Disassembleforward
_Discardquicknames
_Dumpbackup
_Error
_Expression
_Findallcommands
_Findalldllcalls
_Findallsequences
_Finddecode
_Findfileoffset
_Findfixup
_Findhittrace
_Findimportbyname
_Findlabel
_Findlabelbyname
_Findmemory
_Findmodule
_Findname
_Findnextname
_Findnextproc
_Findnextruntraceip
_Findprevproc
_Findprevruntraceip
_Findprocbegin
_Findprocend
_Findreferences
_Findsorteddata
_Findsorteddataindex
_Findsorteddatarange
_Findstrings
_Findsymbolicname
_Findthread
_Findunknownfunction
_Flash
_Followcall
_Get3dnow
_Get3dnowxy
_Getaddressfromline
_Getasmfindmodel
_Getasmfindmodelxy
_Getbprelname
_Getbreakpointtype
_Getbreakpointtypecount
_Getcputhreadid
_Getdisassemblerrange
_Getfloat
_Getfloat10
_Getfloat10xy
_Getfloatxy
_Gethexstring
_Gethexstringxy
_Getline
_Getlinefromaddress
_Getlinexy
_Getlong
_Getlongxy
_Getmmx
_Getmmxxy
_Getnextbreakpoint
_Getoriginaldatasize
_Getproclimits
_Getregxy
_Getresourcestring
_Getruntraceprofile
_Getruntraceregisters
_Getsortedbyselection
_Getsourcefilelimits
_Getstatus
_Gettableselectionxy
_Gettext
_Gettextxy
_Getwatch
_Go
_Guardmemory
_Hardbreakpoints
_Havecopyofmemory
_Infoline
_Injectcode
_Insertname
_Insertwatch
_Isfilling
_Isprefix
_Isretaddr
_Issuspicious
_IstextA
_IstextW
_Listmemory
_Manualbreakpoint
_Mergequicknames
_Message
_Modifyhittrace
_Newtablewindow
_OpenEXEfile
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Pluginwritestringtoini
_Print3dnow
_Printfloat10
_Printfloat4
_Printfloat8
_Printsse
_Progress
_Quickinsertname
_Quicktablewindow
_Readcommand
_Readmemory
_Redrawdisassembler
_Registerotclass
_Registerpluginclass
_Restoreallthreads
_Runsinglethread
_Runtracesize
_Scrollruntracewindow
_Selectandscroll
_Sendshortcut
_Setbreakpoint
_Setbreakpointext
_Setcpu
_Setdisasm
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Settracecount
_Settracepauseoncommands
_Showsourcefromaddress
_Sortsorteddata
_Startruntrace
_Stringtotext
_Suspendprocess
_Tablefunction
_Tempbreakpoint
_Unregisterpluginclass
_Updatelist
_Walkreference
_Walkreferenceex
_Writememory
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 698KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.patch
Size: 253B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
FixOD/下载说明.htm
.html .js polyglot
LIB/MFC42.Lib
LIB/mfc71.Lib
LIB/下载说明.htm
.html .js polyglot
Labeler.def
Labeler.dll
.dll windows:4 windows x86 arch:x86

06ea2d72a19948d127c668a02c20d871

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Deletenamerange
_Disasm
_Finddecode
_Findlabel
_Findmemory
_Findmodule
_Findthread
_Getcputhreadid
_Getstatus
_Insertname
_Plugingetvalue
_Readmemory
_Redrawdisassembler
_Setcpu

kernel32

CloseHandle
CreateFileA
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA

comctl32

InitCommonControlsEx

shell32

ShellExecuteA

user32

CallWindowProcA
ClientToScreen
DestroyMenu
DialogBoxParamA
EnableWindow
EndDialog
EnumThreadWindows
GetCursorPos
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetSubMenu
GetSystemMetrics
GetWindowRect
GetWindowTextLengthA
IsDlgButtonChecked
LoadMenuA
MessageBoxA
MoveWindow
SendMessageA
SetDlgItemInt
SetDlgItemTextA
SetWindowLongA
TrackPopupMenu
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
___CPPdebugHook

Sections

.text
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OLLYDBG.HLP
OLLYDBG_EN.HLP
OMS/HelloWorld.oms
OMS/Include.oms
OMS/UPX.omb
OMS/UPX.oms
OMS/下载说明.htm
.html .js polyglot
Ollydbg.exe
.exe windows:4 windows x86 arch:x86

601aae4d9b90819ecbda85f5864d7478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
ContinueDebugEvent
CreateDirectoryA
CreateFileA
CreateProcessA
DebugActiveProcess
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushInstructionCache
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ResumeThread
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetPriorityClass
SetThreadContext
SetThreadLocale
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerLanguageNameA
VirtualAlloc
VirtualFree
VirtualProtect
WaitForDebugEvent
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
lstrcmpiW
lstrcpyA
lstrcpyW
lstrlenW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord17

comdlg32

ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

AddFontResourceA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateFontIndirectA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesA
ExcludeClipRect
ExtTextOutA
ExtTextOutW
GetClipBox
GetDCOrgEx
GetNearestColor
GetObjectA
GetObjectType
GetStockObject
GetTextMetricsA
IntersectClipRect
LineTo
MoveToEx
RemoveFontResourceA
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetTextAlign
SetTextColor

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteA

user32

AdjustWindowRect
AppendMenuA
BeginPaint
CallWindowProcA
CheckDlgButton
CheckMenuItem
CheckRadioButton
ClientToScreen
CloseClipboard
CreateCaret
CreateDialogParamA
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCaret
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawMenuBar
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FrameRect
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemTextA
GetKeyState
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetParent
GetScrollPos
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InsertMenuA
IntersectRect
InvalidateRect
IsDlgButtonChecked
IsIconic
IsWindow
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MapDialogRect
MapVirtualKeyA
MessageBoxA
MoveWindow
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
RedrawWindow
RegisterClassA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowCaret
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnregisterClassA
UpdateWindow
WinHelpA
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

_Addsorteddata
_Addtolist
_Analysecode
_Animate
_Assemble
_Attachtoactiveprocess
_Broadcast
_Browsefilename
_Calculatecrc
_Checkcondition
_Compress
_Createdumpwindow
_Createlistwindow
_Createpatchwindow
_Createprofilewindow
_Creatertracewindow
_Createsorteddata
_Createthreadwindow
_Createwatchwindow
_Createwinwindow
_Decodeaddress
_Decodeascii
_Decodecharacter
_Decodefullvarname
_Decodeknownargument
_Decodename
_Decoderange
_Decoderelativeoffset
_Decodethreadname
_Decodeunicode
_Decompress
_Defaultbar
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletehardwarebreakpoint
_Deletenamerange
_Deletenonconfirmedsorteddata
_Deleteruntrace
_Deletesorteddata
_Deletesorteddatarange
_Deletewatch
_Demanglename
_Destroysorteddata
_Disasm
_Disassembleback
_Disassembleforward
_Discardquicknames
_Dumpbackup
_Error
_Expression
_Findallcommands
_Findalldllcalls
_Findallsequences
_Finddecode
_Findfileoffset
_Findfixup
_Findhittrace
_Findimportbyname
_Findlabel
_Findlabelbyname
_Findmemory
_Findmodule
_Findname
_Findnextname
_Findnextproc
_Findnextruntraceip
_Findprevproc
_Findprevruntraceip
_Findprocbegin
_Findprocend
_Findreferences
_Findsorteddata
_Findsorteddataindex
_Findsorteddatarange
_Findstrings
_Findsymbolicname
_Findthread
_Findunknownfunction
_Flash
_Followcall
_Get3dnow
_Get3dnowxy
_Getaddressfromline
_Getasmfindmodel
_Getasmfindmodelxy
_Getbprelname
_Getbreakpointtype
_Getbreakpointtypecount
_Getcputhreadid
_Getdisassemblerrange
_Getfloat
_Getfloat10
_Getfloat10xy
_Getfloatxy
_Gethexstring
_Gethexstringxy
_Getline
_Getlinefromaddress
_Getlinexy
_Getlong
_Getlongxy
_Getmmx
_Getmmxxy
_Getnextbreakpoint
_Getoriginaldatasize
_Getproclimits
_Getregxy
_Getresourcestring
_Getruntraceprofile
_Getruntraceregisters
_Getsortedbyselection
_Getsourcefilelimits
_Getstatus
_Gettableselectionxy
_Gettext
_Gettextxy
_Getwatch
_Go
_Guardmemory
_Hardbreakpoints
_Havecopyofmemory
_Infoline
_Injectcode
_Insertname
_Insertwatch
_Isfilling
_Isprefix
_Isretaddr
_Issuspicious
_IstextA
_IstextW
_Listmemory
_Manualbreakpoint
_Mergequicknames
_Message
_Modifyhittrace
_Newtablewindow
_OpenEXEfile
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Pluginwritestringtoini
_Print3dnow
_Printfloat10
_Printfloat4
_Printfloat8
_Printsse
_Progress
_Quickinsertname
_Quicktablewindow
_Readcommand
_Readmemory
_Redrawdisassembler
_Registerotclass
_Registerpluginclass
_Restoreallthreads
_Runsinglethread
_Runtracesize
_Scrollruntracewindow
_Selectandscroll
_Sendshortcut
_Setbreakpoint
_Setbreakpointext
_Setcpu
_Setdisasm
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Settracecount
_Settracepauseoncommands
_Showsourcefromaddress
_Sortsorteddata
_Startruntrace
_Stringtotext
_Suspendprocess
_Tablefunction
_Tempbreakpoint
_Unregisterpluginclass
_Updatelist
_Walkreference
_Walkreferenceex
_Writememory
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 698KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/AJunk.dll
.dll windows:4 windows x86 arch:x86

ffe44f26c0d9297089f8f0ce09ddcbeb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord102
ord101
ord117

kernel32

GetCPInfo
GetOEMCP
GetCommandLineA
RtlUnwind
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
WriteFile
GetCurrentProcess
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
GetModuleHandleA
GetProcAddress
SetLastError
WritePrivateProfileStringA
GlobalFlags
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
GetCurrentThreadId
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
CloseHandle
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetStartupInfoA

user32

RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
PostQuitMessage
SystemParametersInfoA
IsIconic
PostMessageA
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
GetWindowRect

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginshortcut

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/APIBREAK.GID
PLUGIN/APIBREAK.HLP
PLUGIN/ApiBreak.dll
.dll windows:4 windows x86 arch:x86

d1b047fb25cf87c47f56c7c1f6c36481

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
GetModuleHandleA
lstrcpyA

user32

SendDlgItemMessageA
IsDlgButtonChecked
EndDialog
DialogBoxParamA
MessageBoxA

ollydbg.exe

ord30
ord106
ord89
ord88
ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/Asm2Clipboard.dll
.dll windows:4 windows x86 arch:x86

e61f2f894125bb9afbf614ac34b38d66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
RtlUnwind
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc

user32

wsprintfA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
InvalidateRect
MessageBoxA

ollydbg.exe

ord88
ord101
ord44
ord38
ord31
ord12
ord1
ord49
ord46
ord114
ord30
ord28
ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/BOOKMARK.DLL
.dll windows:4 windows x86 arch:x86

da6b10b05e8674fb7aecee87da89a0b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addsorteddata
_Addtolist
_Createsorteddata
_Deletesorteddata
_Deletesorteddatarange
_Destroysorteddata
_Disasm
_Finddecode
_Findmemory
_Findname
_Findsorteddata
_Flash
_Getsortedbyselection
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Quicktablewindow
_Readmemory
_Registerpluginclass
_Setcpu
_Tablefunction
_Unregisterpluginclass

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LCMapStringW
LoadLibraryA
MultiByteToWideChar
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

AppendMenuA
CreatePopupMenu
DefMDIChildProcA
DestroyMenu
EnumThreadWindows
GetKeyState
InvalidateRect
MessageBoxA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord
___CPPdebugHook

Sections

.text
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/CMDLINE.DLL
.dll windows:4 windows x86 arch:x86

579abc59a4397386f6b066abf5b0a808

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Animate
_Assemble
_Broadcast
_Createwatchwindow
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletenamerange
_Dumpbackup
_Expression
_Findalldllcalls
_Findlabel
_Findmemory
_Findthread
_Getcputhreadid
_Getstatus
_Go
_Hardbreakpoints
_Insertname
_Insertwatch
_OpenEXEfile
_Plugingetvalue
_Pluginreadintfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Registerpluginclass
_Runtracesize
_Sendshortcut
_Setbreakpoint
_Setcpu
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Startruntrace
_Unregisterpluginclass
_Writememory

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LCMapStringW
LoadLibraryA
MultiByteToWideChar
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

gdi32

CreateSolidBrush
DeleteObject

user32

BeginPaint
CallWindowProcA
ChildWindowFromPoint
CreateWindowExA
DefWindowProcA
EndPaint
EnumThreadWindows
FillRect
GetClientRect
GetSysColor
GetSystemMetrics
GetWindowRect
GetWindowTextA
MessageBoxA
SendMessageA
SetFocus
SetForegroundWindow
SetWindowLongA
SetWindowTextA
WinHelpA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord
___CPPdebugHook

Sections

.text
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/CMDLINE.GID
PLUGIN/CMDLINE.HLP
PLUGIN/CleanupEx.dll
.dll windows:4 windows x86 arch:x86

0fe2f15fa556a8a4f603d1aa98436e5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addsorteddata
_Addtolist
_Createsorteddata
_Deletesorteddata
_Destroysorteddata
_Getsortedbyselection
_Infoline
_Message
_Painttable
_Plugingetvalue
_Quicktablewindow
_Registerpluginclass
_Tablefunction

kernel32

CloseHandle
CreateFileA
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA
lstrcmpiA

user32

AppendMenuA
CreatePopupMenu
DefMDIChildProcA
DestroyMenu
DialogBoxParamA
EndDialog
EnumThreadWindows
GetDlgItem
GetKeyState
GetSystemMetrics
GetWindowRect
InvalidateRect
IsDlgButtonChecked
MessageBoxA
MoveWindow
SendMessageA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu
___CPPdebugHook

Sections

.text
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/CmdBar.dll
.dll windows:4 windows x86 arch:x86

8237a071a93d3584cd8637b75759e33d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Animate
_Assemble
_Broadcast
_Createwatchwindow
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletenamerange
_Disasm
_Dumpbackup
_Expression
_Findalldllcalls
_Findlabel
_Findmemory
_Findthread
_Getcputhreadid
_Getstatus
_Go
_Hardbreakpoints
_Insertname
_Insertwatch
_OpenEXEfile
_Plugingetvalue
_Pluginsaverecord
_Registerpluginclass
_Runtracesize
_Sendshortcut
_Setbreakpoint
_Setcpu
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Startruntrace
_Unregisterpluginclass
_Writememory

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LoadLibraryA
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile
WritePrivateProfileStringA
lstrlenA

comdlg32

ChooseFontA

gdi32

CreateFontIndirectA
CreateSolidBrush
DeleteObject

user32

BeginPaint
CallWindowProcA
CreateWindowExA
DefWindowProcA
EndPaint
EnumThreadWindows
FillRect
GetClientRect
GetSysColor
GetWindow
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InvalidateRect
MessageBoxA
MoveWindow
ScreenToClient
SendMessageA
SetFocus
SetWindowLongA
SetWindowTextA
ShowWindow
WinHelpA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugincmd
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord
___CPPdebugHook

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/CmdBar.ini
PLUGIN/DBGHELP.DLL
.dll windows:5 windows x86 arch:x86

515ee46e8930abe46e0569a1a18643ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_initterm
_adjust_fdiv
__dllonexit
_except_handler3
wcscmp
memmove
_ftol
swprintf
calloc
wcscat
_ltoa
__CxxFrameHandler
_wcsicmp
_wsplitpath
_wcsnicmp
towlower
wcsncmp
__unDName
wcsncpy
_wfopen
fopen
_osver
fclose
fread
fseek
_CxxThrowException
bsearch
_snwprintf
mbstowcs
wcstol
_mbsnbcpy
fflush
_iob
time
_wmakepath
wcsrchr
_strnicmp
_wcsdup
ftell
_wgetenv
_mbsicmp
_fullpath
_access
_fsopen
_wfsopen
_sopen
_wsopen
_wfullpath
_read
_write
_lseeki64
_chsize
_close
_open_osfhandle
_waccess
_mbscmp
_memicmp
wcsncat
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_itoa
printf
_vsnprintf
strncat
tolower
_strcmpi
_makepath
_purecall
malloc
free
_strlwr
isspace
ctime
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
qsort
strncmp
isxdigit
wcslen
sprintf
_onexit
wcscpy
strrchr
strncpy
_splitpath
_stricmp
strchr
wprintf

kernel32

CreateFileMappingW
DeviceIoControl
ExpandEnvironmentStringsW
CopyFileA
Sleep
CopyFileW
GetFileAttributesW
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
GetDriveTypeW
GetDriveTypeA
SetEndOfFile
MapViewOfFileEx
FlushViewOfFile
SetFileAttributesA
CreateThread
TerminateThread
SuspendThread
GetThreadSelectorEntry
GetCurrentThreadId
GetCurrentProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetLastError
CloseHandle
CreateFileA
GetLastError
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetFullPathNameA
LocalAlloc
LocalFree
lstrcpyA
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
MapViewOfFile
CreateFileMappingA
FreeLibrary
GetFileSize
LoadLibraryA
DuplicateHandle
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
VirtualFree
SetErrorMode
GetFileAttributesA
ReadProcessMemory
VirtualProtect
VirtualAlloc
DeleteFileW
WriteFile
CreateFileW
OutputDebugStringA
GetSystemInfo
GetSystemTimeAsFileTime
VirtualQueryEx
GetProcessHeap
ResumeThread
GetThreadContext

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymSetSymWithAddr64
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
lm
lmi
omap
srcfiles
sym
vc7fpo

Sections

.text
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/DeJunk.dll
.dll windows:4 windows x86 arch:x86

5c7e6e129f3d0db37da67a25bf1c7c2d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
GetModuleFileNameA
GetPrivateProfileIntA
SetHandleCount
GetStdHandle
RtlUnwind
FlushFileBuffers
CloseHandle
GetStringTypeA
LCMapStringW
GetStringTypeW
MultiByteToWideChar
SetStdHandle
LCMapStringA
LoadLibraryA
GetProcAddress
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
ExitProcess
GetPrivateProfileStringA
GetCurrentProcess
GetOEMCP
GetEnvironmentStringsW
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
DisableThreadLibraryCalls
WriteFile
GetLastError
SetFilePointer
GetCPInfo
GetACP

user32

GetDlgItemTextA
DialogBoxParamA
DefMDIChildProcA
MessageBoxA
GetDlgItem
SendMessageA
SetWindowPos
SetDlgItemTextA
EndDialog

ollydbg.exe

ord101
ord117

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/DeJunk.ini
PLUGIN/DeJunk.sfv
PLUGIN/GODUP.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

UPX0
Size: - Virtual size: 644KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 302KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PLUGIN/HideCapt.dll
.dll windows:4 windows x86 arch:x86

aac81007ee11dd5bd3becaca32d8f557

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Plugingetvalue
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginwriteinttoini
_Pluginwritestringtoini

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LCMapStringA
LoadLibraryA
MultiByteToWideChar
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA

user32

CallNextHookEx
DialogBoxParamA
EndDialog
EnumChildWindows
EnumThreadWindows
GetDlgItem
GetParent
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDlgButtonChecked
MessageBoxA
MoveWindow
ScreenToClient
SendMessageA
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
___CPPdebugHook

Sections

.text
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/HideDebugger.dll
.dll windows:4 windows x86 arch:x86

650c3e9a8e7dd4b7fd346d6390f402dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowTextA
SendMessageA
MessageBoxA
IsDlgButtonChecked
GetWindowTextA
EndDialog
DialogBoxParamA
CheckDlgButton

kernel32

lstrcpyA
lstrcmpiA
lstrcatA
WriteProcessMemory
CloseHandle
ContinueDebugEvent
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetVersionExA
OpenProcess
ReadProcessMemory
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
WaitForDebugEvent
WritePrivateProfileStringA

ollydbg.exe

ord88
ord53
ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/HideDebugger.ini
PLUGIN/IsDebug V1.4.dll
.dll windows:4 windows x86 arch:x86

68c17316b24998c2b049601d0b1cb191

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
CreateThread
ExitThread
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
Sleep
WriteFile
lstrcpyA

user32

SetDlgItemTextA
SendMessageA
MessageBoxA
GetDlgItem
EndDialog
DialogBoxParamA
wsprintfA
GetDlgItemTextA

ollydbg.exe

ord88
ord89
ord92
ord114
ord117
ord101
ord60
ord53
ord2
ord35
ord54

comdlg32

GetSaveFileNameA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/Junkdb.cfg
PLUGIN/Labeler.def
PLUGIN/Labeler.dll
.dll windows:4 windows x86 arch:x86

06ea2d72a19948d127c668a02c20d871

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Deletenamerange
_Disasm
_Finddecode
_Findlabel
_Findmemory
_Findmodule
_Findthread
_Getcputhreadid
_Getstatus
_Insertname
_Plugingetvalue
_Readmemory
_Redrawdisassembler
_Setcpu

kernel32

CloseHandle
CreateFileA
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA

comctl32

InitCommonControlsEx

shell32

ShellExecuteA

user32

CallWindowProcA
ClientToScreen
DestroyMenu
DialogBoxParamA
EnableWindow
EndDialog
EnumThreadWindows
GetCursorPos
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetSubMenu
GetSystemMetrics
GetWindowRect
GetWindowTextLengthA
IsDlgButtonChecked
LoadMenuA
MessageBoxA
MoveWindow
SendMessageA
SetDlgItemInt
SetDlgItemTextA
SetWindowLongA
TrackPopupMenu
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
___CPPdebugHook

Sections

.text
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/Labelmaster.dll
.dll windows:4 windows x86 arch:x86

eda943ffeef7e454ec8615ec94f3283c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Browsefilename
_Findname
_Mergequicknames
_Plugingetvalue
_Quickinsertname
_Redrawdisassembler

kernel32

CloseHandle
CreateFileA
DeleteFileA
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset
___CPPdebugHook

Sections

.text
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/LoadMap.dll
.dll windows:4 windows x86 arch:x86

3f99bf734aac3ee09ec3cf76b1a38a22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\win32\MapConv\Release\LoadMap.pdb

Imports

user32

MessageBoxA

ollydbg.exe

ord88
ord45
ord6
ord99
ord84
ord107
ord2

kernel32

UnhandledExceptionFilter
HeapSize
SetEndOfFile
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
GetLastError
CloseHandle
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
RtlUnwind
InterlockedExchange
VirtualQuery
ReadFile
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetLocaleInfoA
GetACP
GetOEMCP
CreateFileA
InitializeCriticalSection
LoadLibraryA
SetFilePointer
VirtualProtect
GetSystemInfo
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/MapConv.dll
.dll windows:4 windows x86 arch:x86

b94d712b8fa0d054b21e650b95d330eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Browsefilename
_Findmodule
_Findthread
_Getcputhreadid
_Insertname
_Plugingetvalue
_Setcpu

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CompareStringA
CreateEventA
CreateFileA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
EnumCalendarInfoA
ExitProcess
FindClose
FindFirstFileA
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetStringTypeW
GetThreadLocale
GetVersion
GetVersionExA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEvent
SetFilePointer
SetHandleCount
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

user32

CharNextA
EnumThreadWindows
GetKeyboardType
GetSystemMetrics
LoadStringA
MessageBoxA
wsprintfA

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VarBoolFromStr
VarBstrFromBool
VarBstrFromCy
VarBstrFromDate
VarCyFromStr
VarDateFromStr
VarI4FromStr
VarNeg
VarNot
VarR8FromStr
VariantChangeTypeEx
VariantClear
VariantCopy
VariantCopyInd
VariantInit

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu
___CPPdebugHook

Sections

.text
Size: 117KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/MapConv.txt
PLUGIN/MemoryManage.dll
.dll windows:4 windows x86 arch:x86

8edd555285671dd08f37de21556e2210

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Visual Studio Projects\Crack\OllyDbg\MemoryManage\Release\MemoryManage.pdb

Imports

ollydbg.exe

ord85
ord186
ord88
ord91
ord9
ord21
ord146
ord78
ord2

kernel32

HeapReAlloc
CloseHandle
FlushFileBuffers
SetStdHandle
SetFilePointer
ReadFile
LocalFree
FormatMessageA
GetLastError
VirtualAllocEx
VirtualQueryEx
WriteProcessMemory
VirtualFreeEx
ReadProcessMemory
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
RaiseException
RtlUnwind
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
InterlockedExchange
VirtualQuery
MultiByteToWideChar
VirtualProtect
GetSystemInfo
LoadLibraryA

user32

ShowWindow
SetDlgItemTextA
SendMessageA
GetDlgItem
GetDlgItemTextA
DestroyWindow
CreateDialogParamA
MessageBoxA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginuddrecord

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/ODbgScript.dll
.dll windows:4 windows x86 arch:x86

5b9bf3a8bd6f4682c0bd5436ae6ff14a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

ord169
ord101
ord93
ord90
ord89
ord104
ord12
ord2
ord53
ord60
ord73
ord92
ord114
ord107
ord113
ord71
ord87
ord100
ord1
ord105
ord124
ord161
ord174
ord13
ord33
ord157
ord44
ord75
ord109
ord108
ord88
ord79
ord25
ord106
ord23
ord4
ord117
ord5
ord45
ord3
ord172
ord28

kernel32

FreeLibrary
LoadLibraryA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
GetFullPathNameA
GetThreadContext
GetFileSize
ReadFile
HeapCreate
HeapAlloc
HeapFree
CreateFileA
SetFilePointer
WriteFile
CloseHandle
GetModuleHandleA

user32

SetDlgItemTextA
EndDialog
GetDlgItemTextA
MessageBoxA
AppendMenuA
DefMDIChildProcA
GetDlgItem
InvalidateRect
DestroyMenu
CreatePopupMenu
wsprintfA
DialogBoxParamA
PostMessageA
GetKeyState
SetFocus

shlwapi

PathFileExistsA

comdlg32

GetOpenFileNameA

msvcp60

?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?readsome@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHPADH@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?fail@ios_base@std@@QBE_NXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?getline@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@1@AAV21@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Bios_base@std@@QBEPAXXZ

msvcrt

__CxxFrameHandler
tolower
_ultoa
strtoul
malloc
strncpy
strrchr
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??2@YAPAXI@Z
sprintf
toupper
isalpha
strstr
ceil
_ftol
strncmp
free
__lconv_init
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_stricmp
_itoa

Exports

Exports

ExecuteScript
_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginshortcut

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/OllyDump.dll
.dll windows:4 windows x86 arch:x86

5a3ef0fd287f0ec4556b6cfd980bb4f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Deleteruntrace
_Disasm
_Findmemory
_Findmodule
_Findthread
_Getcputhreadid
_Getstatus
_Plugingetvalue
_Readmemory
_Sendshortcut
_Setcpu
_Settracecondition
_Startruntrace
_Updatelist

comdlg32

GetSaveFileNameA

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
IsBadStringPtrA
LCMapStringA
LoadLibraryA
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile
WritePrivateProfileStringA

user32

CallWindowProcA
ClientToScreen
DestroyMenu
DialogBoxParamA
EndDialog
EnumThreadWindows
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetSubMenu
GetSystemMetrics
GetWindowRect
GetWindowTextLengthA
IsDlgButtonChecked
LoadMenuA
MessageBoxA
MoveWindow
SendMessageA
SetDlgItemInt
SetDlgItemTextA
SetWindowLongA
SetWindowTextA
TrackPopupMenu
UpdateWindow
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
___CPPdebugHook

Sections

.text
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/OllyDump.ini
PLUGIN/OllyFlow.dll
.dll windows:4 windows x86 arch:x86

506afa0cf48ee2fe0ef045543f83b1ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WritePrivateProfileStringA
CreateFileA
GetTempFileNameA
GetTempPathA
GetPrivateProfileStringA
CloseHandle
WriteFile
FindClose
GetLastError
FindNextFileA
DeleteFileA
FindFirstFileA
GetModuleFileNameA
RtlUnwind
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
HeapReAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc

user32

MessageBoxA

shell32

ShellExecuteA

ollydbg.exe

ord46
ord101
ord32
ord134
ord53
ord172
ord45
ord35
ord135
ord38
ord157
ord33
ord31
ord88
ord147
ord6
ord60
ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/OllyHelper.dll
.dll windows:4 windows x86 arch:x86

a0d01e71f240618f72e04b3154723f8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\MyDevelop\cpp\OllyHelper\Release\OllyHelper.pdb

Imports

ollydbg.exe

_Addtolist
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginwriteinttoini
_Pluginwritestringtoini
_Readmemory
_Setbreakpoint
_Getcputhreadid
_Findthread
_Setcpu
_Writememory
_Flash
_Listmemory
_Message
_Error

kernel32

IsBadCodePtr
IsBadReadPtr
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
VirtualFreeEx
WaitForDebugEvent
GetModuleFileNameA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
GetPrivateProfileStringA
GetModuleHandleA
GetLastError
GetProcAddress
VirtualAllocEx
GetVersion
GlobalUnlock
lstrcpyA
GlobalLock
GlobalAlloc
lstrlenA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
lstrcpynA
WriteProcessMemory
SetCurrentDirectoryA
GetCurrentDirectoryA
VirtualProtectEx
ReadProcessMemory
Sleep
SetThreadPriority
GetThreadPriority
GetCurrentThread
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetEnvironmentVariableA
SetEnvironmentVariableA
MultiByteToWideChar
CloseHandle
GetFileInformationByHandle
CreateFileA
QueryDosDeviceA
GetLogicalDrives
SearchPathA
LoadLibraryA
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
SetUnhandledExceptionFilter
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
RtlUnwind
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
HeapSize
HeapReAlloc
HeapDestroy
GetFileType

user32

IsDlgButtonChecked
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
GetWindowLongA
CheckDlgButton
EndDialog
MessageBoxA
DialogBoxParamA
IsDialogMessageA
SetWindowLongA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowTextLengthA
GetWindowTextA
GetDlgItem
SendDlgItemMessageA
SendMessageA
UnregisterClassA
SetWindowPos

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

ShellExecuteA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/OllyMachine 手册.chm
.chm
PLUGIN/OllyMachine.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

RunOMFile
_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginshortcut

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/OllyMachine.ini
PLUGIN/OllyScript.dll
.dll windows:4 windows x86 arch:x86

64396bbdb5c627bbaf0d0a7c8d690e5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Richard\My Documents\Visual Studio Projects\OllyScript\Release\OllyScript.pdb

Imports

ollydbg.exe

ord124
ord101
ord2
ord73
ord53
ord60
ord172
ord109
ord117
ord75
ord3
ord45
ord114
ord90
ord93
ord13
ord33
ord157
ord44
ord4
ord88
ord161
ord174
ord108
ord169
ord79
ord25
ord106
ord23
ord5

kernel32

EnterCriticalSection
SetEndOfFile
GetLocaleInfoW
SetStdHandle
GetOEMCP
GetACP
GetSystemInfo
VirtualProtect
IsBadCodePtr
IsBadReadPtr
HeapSize
VirtualQuery
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
HeapFree
CloseHandle
ReadFile
HeapAlloc
HeapCreate
GetFileSize
CreateFileA
WriteFile
SetFilePointer
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
GetThreadContext
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
FlushFileBuffers
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetCPInfo
LCMapStringA
MultiByteToWideChar
GetLastError
LCMapStringW
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue

user32

SetFocus
GetDlgItem
SetDlgItemTextA
EndDialog
GetDlgItemTextA
MessageBoxA
PostMessageA
wsprintfA
DialogBoxParamA

comdlg32

GetOpenFileNameA

Exports

Exports

ExecuteScript
_ODBG_Pausedex
_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/OllyScript中文说明.txt
PLUGIN/StayOntop.dll
.dll windows:4 windows x86 arch:x86

9260652e20586b72289e6453ec96f112

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MoveWindow
SetClassLongA
DefMDIChildProcA
GetClientRect
ShowScrollBar
FindWindowExA
SendMessageA
SetWindowPos
GetWindowTextA
KillTimer
GetWindowRect
ScreenToClient
GetSysColor
CreateWindowExA
SetTimer

gdi32

GetStockObject
CreateSolidBrush

ollydbg.exe

_Addtolist
_Newtablewindow
_Plugingetvalue
_Registerpluginclass
_Pluginwritestringtoini
_Pluginreadintfromini
_Pluginwriteinttoini
_Pluginreadstringfromini

msvcrt

_adjust_fdiv
malloc
sscanf
_snprintf
strcpy
free
_initterm

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugininit

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/TracKid.dll
.dll windows:4 windows x86 arch:x86

97c3807720f0f6f83a1750bbbba2de94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateDirectoryA
DeleteFileA
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSection
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

CallNextHookEx
MessageBoxA
UnhookWindowsHookEx
SetWindowsHookExA

ollydbg.exe

ord73
ord53
ord88
ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/UnhExcFlt.DLL
.dll windows:1 windows x86 arch:x86

4fe780c7e8f5ca7f06f744a177dc9d91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

wsprintfA
MessageBoxA

kernel32

lstrcpyA
GetModuleHandleA
GetProcAddress

ollydbg.exe

_Readmemory
_Addtolist
_Writememory
_Unregisterpluginclass

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

CODE
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/UnhExcFlt.txt
PLUGIN/WatchMan.dll
.dll windows:4 windows x86 arch:x86

5c68a0c6cac471c2955db195e9827dc6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Deletewatch
_Getstatus
_Getwatch
_Insertwatch

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile

user32

DialogBoxParamA
EnableWindow
EndDialog
EnumThreadWindows
GetCursorPos
GetDlgItem
GetDlgItemTextA
GetSystemMetrics
GetWindowRect
GetWindowTextLengthA
IsDlgButtonChecked
MessageBoxA
MoveWindow
SendMessageA
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu
___CPPdebugHook

Sections

.text
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/dejunk 1.2.txt
PLUGIN/dumpsig.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

@demangle
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/extracopy.dll
.dll windows:4 windows x86 arch:x86

4ff0fb7a18877b21e2fd37dc5295776d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
RtlUnwind
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
HeapReAlloc
VirtualAlloc
HeapAlloc
SetFilePointer
GetLastError
WriteFile
DisableThreadLibraryCalls
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetVersion
ExitProcess
CloseHandle

user32

OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA
CreatePopupMenu
AppendMenuA
DestroyMenu
GetKeyState
InvalidateRect
DefMDIChildProcA

ollydbg.exe

ord4
ord170
ord117
ord79
ord12
ord1
ord49
ord114
ord28
ord100
ord44
ord101
ord38
ord31
ord46
ord113
ord71
ord107
ord87
ord104
ord30
ord2
ord88
ord89

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginshortcut

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/mapgen.plw
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PLUGIN

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 148B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/olly2html.pl
.pl .sh linux
PLUGIN/pedumper.dll
.dll windows:4 windows x86 arch:x86

b0ecd0eb613df2039cc7fc8ad77ec216

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\MSVS\Projects\PEDumper\Release\PEDumper.pdb

Imports

ollydbg.exe

ord45
ord44
ord101
ord60
ord53
ord88
ord73
ord2

kernel32

RtlUnwind
ExitProcess
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
WritePrivateProfileStringA
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetOEMCP
GetCPInfo
InterlockedIncrement
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
InterlockedDecrement
GetModuleFileNameA
SetLastError
MulDiv
GlobalAlloc
FormatMessageA
LocalFree
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcatA
lstrcmpW
lstrcpynA
GetProcAddress
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
CreateFileA
GetFileSize
ReadFile
CloseHandle
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleHandleA
SetUnhandledExceptionFilter

user32

LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMessageA
TranslateMessage
ValidateRect
SetCursor
PostQuitMessage
ReleaseDC
GetDC
DestroyMenu
wsprintfA
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
EnableWindow
SendMessageA
GetSubMenu
LoadMenuA
GetCursorPos
MessageBoxA
CharUpperA
EndDialog
GetNextDlgTabItem
GetParent
TrackPopupMenu
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
PostMessageA
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetCapture
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
GetSystemMetrics
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
PtInRect
CopyRect
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos

gdi32

GetStockObject
DeleteDC
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
Escape
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
SetViewportOrgEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17
ImageList_Destroy

shlwapi

PathIsUNCA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/pedumper.txt
PLUGIN/ustrrefadd.dll
.dll windows:4 windows x86 arch:x86

a01cccc8e3ba52324654aff7eb74f12a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DefMDIChildProcA
GetKeyState
CreatePopupMenu
AppendMenuA
DestroyMenu
MessageBoxA
InvalidateRect

ollydbg.exe

ord28
ord61
ord157
ord1
ord98
ord78
ord60
ord53
ord114
ord92
ord12
ord104
ord30
ord2
ord88
ord89
ord100
ord113
ord87
ord107
ord74
ord71
ord54
ord105
ord44
ord101
ord38
ord31
ord79

kernel32

CloseHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
SetFilePointer
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LeaveCriticalSection
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/windowinfos.dll
.dll windows:4 windows x86 arch:x86

c488b1f3e4ae48af92ad4f0457f5cd8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetCursorPos
WindowFromPoint
wsprintfA
SetDlgItemTextA
SetTimer
EndDialog
DialogBoxParamA

ollydbg.exe

_Addtolist

msvcrt

_adjust_fdiv
strcpy
malloc
_initterm
free

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugininit

Sections

.rdata
Size: 1024B - Virtual size: 571B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/windowjuggler.dll
.dll windows:4 windows x86 arch:x86

20719683fbe13dd831fa72bb684ec1d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
Sleep
GetExitCodeThread
HeapFree
HeapAlloc
GetProcessHeap
lstrcpyA

user32

DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
ShowWindow
RegisterClassExA
CreateDialogParamA
PostQuitMessage
SetWindowLongA
GetDlgItem
SetWindowTextA
SetWindowPos
EnableWindow
RedrawWindow
DefWindowProcA
wsprintfA
GetWindowTextW
DestroyWindow
CreateWindowExA
EmptyClipboard
OpenClipboard
GetWindowTextA
GetWindowTextLengthA
GetClassNameA
GetClassNameW
GetWindowLongA
GetCursorPos
GetAsyncKeyState
IsWindowEnabled
SetDlgItemTextW
SetDlgItemTextA
GetParent
IsWindowVisible
WindowFromPoint
EnumChildWindows
PtInRect
GetWindowRect
CloseClipboard
MessageBoxA
SetClipboardData
SendMessageA
SendMessageW

ollydbg.exe

ord104
ord2
ord88
ord114

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/wingraph32.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@@About@Finalize
@@About@Initialize
@@Help@Finalize
@@Help@Initialize
@@Unit1@Finalize
@@Unit1@Initialize
@@Wait@Finalize
@@Wait@Initialize
_AboutForm
_Form1
_HelpForm
_WaitForm
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 291KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PLUGIN/下载说明.htm
.html .js polyglot
PLUGIN/备用/OllyDump_2.21.dll
.dll windows:4 windows x86 arch:x86

e6d1da18fcee526ee7459f2bd43b4f00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ollydbg.exe

_Addtolist
_Broadcast
_Deleteruntrace
_Disasm
_Findmemory
_Findmodule
_Findthread
_Getcputhreadid
_Getstatus
_Plugingetvalue
_Readmemory
_Sendshortcut
_Setcpu
_Settracecondition
_Startruntrace
_Updatelist

comdlg32

GetSaveFileNameA

kernel32

CloseHandle
CreateFileA
ExitProcess
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentThreadId
GetEnvironmentStrings
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
IsBadStringPtrA
LCMapStringA
LoadLibraryA
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WriteFile
WritePrivateProfileStringA

user32

CallWindowProcA
ClientToScreen
DestroyMenu
DialogBoxParamA
EndDialog
EnumThreadWindows
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetSubMenu
GetSystemMetrics
GetWindowRect
GetWindowTextLengthA
IsDlgButtonChecked
LoadMenuA
MessageBoxA
MoveWindow
SendMessageA
SetDlgItemInt
SetDlgItemTextA
SetWindowLongA
SetWindowTextA
TrackPopupMenu
wsprintfA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
___CPPdebugHook

Sections

.text
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PLUGIN/备用/PuntosMagicos.dll
.dll windows:4 windows x86 arch:x86

a7a0643acd26728f7f35d1b9352818ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Reverse Engineering\Herramientas\OllyDbg\plug108\Vc50\cmdline.pdb

Imports

kernel32

GetSystemInfo
VirtualProtect
GetLocaleInfoA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LCMapStringA
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
LoadLibraryA
LCMapStringW
lstrcmpA
GetTickCount
QueryPerformanceCounter
SetStdHandle
VirtualQuery
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
VirtualAlloc
GetCPInfo
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
CloseHandle

user32

DefWindowProcA
GetClientRect
GetSysColor
FillRect
EndPaint
CreateWindowExA
SendMessageA
SetForegroundWindow
SetWindowTextA
MessageBoxA
wsprintfA
BeginPaint

gdi32

DeleteObject
CreateSolidBrush

ollydbg.exe

ord104
ord2
ord23
ord5
ord106
ord79
ord25
ord88
ord114

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginsaveudd
_ODBG_Pluginshortcut
_ODBG_Pluginuddrecord

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/备用/olly_bp_man.dll
.dll windows:4 windows x86 arch:x86

267dcf9ab873041acf68448fd4586747

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Repositories\olly_bp_man\Release\olly_bp_man.pdb

Imports

ollydbg.exe

ord79
ord73
ord46
ord45
ord71
ord106
ord2
ord88

kernel32

SetLastError
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetProcAddress
LoadLibraryA
GetModuleHandleA
CloseHandle
UnmapViewOfFile
GetCurrentProcess
MapViewOfFile
CreateFileMappingA
GetFileSize
GetLocaleInfoA
ExitProcess
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
TerminateProcess
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
FlushFileBuffers
CreateFileA
InitializeCriticalSection
MultiByteToWideChar
VirtualProtect
GetSystemInfo
SetFilePointer
GetACP
GetOEMCP
GetCPInfo
SetEndOfFile
ReadFile
HeapSize

user32

MessageBoxA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PLUGIN/备用/ustrref.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PSAPI.DLL
.dll windows:5 windows x86 arch:x86

cc0703efce46b4b2d90e7279fd0456d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

NtAllocateVirtualMemory
RtlNtStatusToDosError
atoi
RtlUnwind
_stricmp
_chkstk
NtStopProfile
sprintf
RtlMultiByteToUnicodeN
DbgPrint
RtlUnicodeToOemN
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
RtlAdjustPrivilege
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

MultiByteToWideChar
GetProcessWorkingSetSize
WideCharToMultiByte
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
CreateFileA
CloseHandle
DisableThreadLibraryCalls
HeapAlloc
lstrlenA
SetLastError
LocalFree
LocalAlloc
SetProcessWorkingSetSize
GetProcessHeap
GetSystemInfo
lstrcpyA

imagehlp

SymLoadModule
SymGetModuleInfo
SymGetSymFromAddr
SymUnloadModule
SymSetOptions
SymInitialize
SymGetSearchPath

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 830B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Scripts/32Lite 0.03a.txt
Scripts/ARMADiLLO DETECTiVE v1.00.txt
Scripts/ASPR 1.23RC4.txt
Scripts/ASPR 1.23RC4findOEP.txt
Scripts/ASProtect 1.2-1.2c.txt
Scripts/ASProtect 1.22 - 1.23 Beta 21-Rc1.txt
Scripts/ASProtect 2.0 Unpack.txt
Scripts/ASpack 1.x-2.x.txt
Scripts/Arm 3.7Std_release.txt
Scripts/Asprotect1.x.txt
Scripts/Crunch v1.0.txt
Scripts/CrunchPE Heuristic.txt
Scripts/Dxpack 0.86.txt
Scripts/EXE Stealth2.72.txt
Scripts/EXE Stealth2.74.txt
Scripts/EXE32Pack 1.3X.txt
Scripts/EZIP 1.0.txt
Scripts/JDPack 1.01.txt
Scripts/Krypton0.5.txt
Scripts/MoleBox2.X 跳过IAT加密.TXT
Scripts/NSpack 1.3.txt
Scripts/Neolite 2.0 .txt
Scripts/PC Shrinker 0.71.txt
Scripts/PC-Guard 5.0.txt
Scripts/PE-SHiELD V0.25.txt
Scripts/PECompact 2.x.txt
Scripts/PECompact 2.xx.txt
Scripts/PEDiminishe 0.1.txt
Scripts/PEPack 1.0.txt
Scripts/PESpin V0.1.txt
Scripts/PEbundle V2.3 Oep+ Patch IAT.txt
Scripts/PEncrypt 4.0.TXT
Scripts/PKLITE32 1.1.txt
Scripts/PeLock1.06c.txt
Scripts/Pecompact 1.x.txt
Scripts/Petite 2.2 Patch IAT.txt
Scripts/Petite 2.2.txt
Scripts/Stolen code Finder.txt
Scripts/Telock0.98x.txt
Scripts/UPX-Scrambler RC1.x.txt
Scripts/UPX.osc
Scripts/UPXShit 0.x.txt
Scripts/Upx 1.x.txt
Scripts/VGCrypt PE Encryptor V0.75.txt
Scripts/WWPack32 1.x.txt
Scripts/anti-debug_lastex.txt
Scripts/arma_detach.txt
Scripts/arma_unpack.txt
Scripts/aspack.txt
Scripts/aspack_1.08.02.txt
Scripts/aspack_212.txt
Scripts/aspr_123_rc4.txt
Scripts/aspr_130b.txt
Scripts/aspr_131b.txt
Scripts/aspr_generic.txt
Scripts/asprbp.txt
Scripts/asprotect 1.23 RC4.txt
Scripts/asprotect_13b_stolen_code.txt
Scripts/asprsoep.txt
Scripts/asprsto.txt
Scripts/dbpe2x.txt
Scripts/dbpe_2.x.txt
Scripts/execryptor_1.5x.txt
Scripts/exeshield_0x.txt
Scripts/exestealth_2.7.txt
Scripts/exestealth_2.74.txt
Scripts/ezip_10.txt
Scripts/fsg2.0.txt
Scripts/fsg_1.33.txt
Scripts/fsg_1.33_2.txt
Scripts/fsg_2_0.txt
Scripts/krypton_0.5.txt
Scripts/lastex.txt
Scripts/mew10_1_0.txt
Scripts/molebox_2x.txt
Scripts/morphine_1.2.txt
Scripts/morphine_13.txt
Scripts/neolite 2.0.txt
Scripts/neolite20.txt
Scripts/obsidium_1_0061.txt
Scripts/pcguard_150.txt
Scripts/pebundle_2x.txt
Scripts/pecompact_1_76.txt
Scripts/pecompact_1_84.txt
Scripts/pediminisher_1_0.txt
Scripts/pelock_204.txt
Scripts/pepack10.txt
Scripts/peshield.txt
Scripts/pespin_0.3.txt
Scripts/pespin_0304_vb.txt
Scripts/pespin_07.txt
Scripts/petite22.txt
Scripts/pex_0_99.txt
Scripts/pklite32_1.1.txt
Scripts/protection_plus_oep.txt
Scripts/stolen bytes.txt
Scripts/svkp_13x.txt
Scripts/svkpoep.txt
Scripts/tElock 0.9-1.0 OEP Finder.txt
Scripts/telock098.osc
Scripts/telock098.txt
Scripts/telock_0.9.txt
Scripts/uprot1_def.txt
Scripts/uprot1_vb.txt
Scripts/upx.txt
Scripts/upx_upxprot.txt
Scripts/upxprotector_10x.txt
Scripts/upxscr_rc1.txt
Scripts/upxshit006.txt
Scripts/virogen_075.txt
Scripts/y0da_crypter_1.2.txt
Scripts/yoda's Crypter V1.2-1.3.txt
Scripts/yoda's cryptor 1.x modified.txt
Scripts/下载说明.htm
.html .js polyglot
Scripts/中文ReadMe.txt
Scripts/变形fsg1.33.txt
Scripts/普通fsg1.33.txt
Scripts/普通变形 fsg1.33.txt
Signs.txt
Tools/API地址专家/API地址专家.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 178KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Tools/IDT Protector/IDTProt.exe
.exe windows:4 windows x86 arch:x86

4026a1632994b3e2bbfb45b4791f5f45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
DeviceIoControl
GetCurrentDirectoryA
GetModuleHandleA
GetLastError
ExitProcess
CreateFileA
CreateMutexA
SetEndOfFile
WriteFile
CloseHandle

user32

SendDlgItemMessageA
SetDlgItemTextA
ShowWindow
SendMessageA
MessageBoxA
LoadIconA
DialogBoxParamA
wsprintfA
EndDialog
GetDlgItem

advapi32

StartServiceA
ControlService
CreateServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/IDT Protector/cyclotron.sys
.sys windows:4 windows x86 arch:x86

f6f312186fcbea7e206cd83593bb86d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
IoDeleteSymbolicLink

Sections

.text
Size: 320B - Virtual size: 308B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 320B - Virtual size: 300B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/IDT Protector/readme.txt
Tools/IDTools For WinXP/IdtTool.exe
.exe windows:4 windows x86 arch:x86

105e8604e5e2cbcaa7cc7f3eda5d2e39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
MessageBoxA
GetDlgItem
EndDialog
DialogBoxParamA
wsprintfA

kernel32

ExitProcess
GetFullPathNameA
GetModuleHandleA
CloseHandle
CreateFileA
DeviceIoControl

comctl32

InitCommonControls

advapi32

StartServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 974B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Tools/IDTools For WinXP/IdtTool.sys
.sys windows:4 windows x86 arch:x86

f6f312186fcbea7e206cd83593bb86d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
IoDeleteSymbolicLink

Sections

.text
Size: 352B - Virtual size: 324B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 320B - Virtual size: 300B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/IDTools For WinXP/osrloader.exe
.exe windows:4 windows x86 arch:x86

78ba2a8c49c789dd4d35b2b39406811e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetCPInfo
TerminateProcess
GetACP
HeapReAlloc
HeapSize
GetOEMCP
LCMapStringW
LCMapStringA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapAlloc
ExitProcess
UnhandledExceptionFilter
VirtualFree
GetStartupInfoA
RaiseException
HeapFree
SetEndOfFile
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoA
GetLocaleInfoW
CompareStringA
CompareStringW
GetFileType
HeapDestroy
GetCommandLineA
CloseHandle
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetSystemTime
GetModuleHandleA
GetLocalTime
SetEnvironmentVariableA
GetTimeZoneInformation
SetCurrentDirectoryA
RtlUnwind
SetErrorMode
GlobalGetAtomNameA
GlobalAddAtomA
GetFileAttributesA
GetFileSize
GetCurrentDirectoryA
WritePrivateProfileStringA
GetProcessVersion
GetVersionExA
TlsSetValue
TlsGetValue
LocalReAlloc
LeaveCriticalSection
EnterCriticalSection
GlobalReAlloc
DeleteCriticalSection
GlobalHandle
LocalAlloc
TlsAlloc
InitializeCriticalSection
FileTimeToLocalFileTime
SizeofResource
GlobalFlags
FileTimeToSystemTime
GetModuleFileNameA
GetFullPathNameA
SetUnhandledExceptionFilter
FindClose
MultiByteToWideChar
GetVolumeInformationA
FindFirstFileA
GetProcAddress
lstrcpyA
LoadLibraryA
FreeLibrary
VirtualAlloc
UnlockFile
WideCharToMultiByte
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
MulDiv
GetStringTypeA
GetStringTypeW
HeapCreate
GetProfileStringA
LockResource
GetWindowsDirectoryA
GetLastError
LocalFree
FormatMessageA
GetFileTime
GetDriveTypeA
LoadResource
FindResourceA
lstrlenA
GlobalFree
GlobalUnlock
GlobalLock
GetCurrentThreadId
lstrcatA
GetVersion
InterlockedIncrement
InterlockedDecrement

user32

ValidateRect
TranslateMessage
GetMessageA
DestroyMenu
GetWindowDC
BeginPaint
GetCursorPos
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
CharUpperA
GetClassNameA
PtInRect
ClientToScreen
GetDesktopWindow
LoadCursorA
GetSysColorBrush
FindWindowA
InvalidateRect
OffsetRect
IntersectRect
InflateRect
ReleaseCapture
WindowFromPoint
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
PostMessageA
UpdateWindow
SendDlgItemMessageA
SystemParametersInfoA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
IsWindowVisible
ScreenToClient
LoadStringA
SetScrollInfo
ShowScrollBar
SetScrollRange
GetScrollPos
SetScrollPos
MessageBoxA
PostQuitMessage
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetMenu
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
DefWindowProcA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
SetPropA
UnhookWindowsHookEx
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetWindow
GetWindowRect
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetDC
ReleaseDC
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
ShowOwnedPopups
wvsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
SetWindowTextA
IsDialogMessageA
LoadIconA
EnableWindow
SendMessageA
IsChild
SetCursor
GetCapture
ScrollWindow
GetTopWindow
EndDeferWindowPos
CharNextA
ShowCaret
ExcludeUpdateRgn
HideCaret
DrawFocusRect
DefDlgProcA
UnregisterClassA
IsWindowUnicode

gdi32

GetTextMetricsA
SetBkColor
GetObjectA
CreateBitmap
PatBlt
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetViewportOrgEx
OffsetViewportOrgEx
SetMapMode
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetDeviceCaps
CreateSolidBrush
PtVisible
TextOutA
ExtTextOutA
RectVisible
GetTextExtentPointA
Escape
CreateCompatibleDC
CreateDIBitmap
BitBlt
SetTextColor
GetClipBox

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
EnumServicesStatusA
RegEnumKeyExA
RegDeleteValueA
RegCloseKey
QueryServiceConfigA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA
RegOpenKeyExA
RegQueryValueExA

shell32

DragFinish
DragQueryFileA

comctl32

ord17
ImageList_Destroy

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/OSCEditor/Chinese.Lng
Tools/OSCEditor/Chinese.lst
Tools/OSCEditor/English.Lng
Tools/OSCEditor/English.lst
Tools/OSCEditor/OSEditor.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Tools/OSCEditor/OllyScripts/ACprotect1.22D.TXT
Tools/OSCEditor/OllyScripts/ACprotect1.22VB.TXT
Tools/OSCEditor/OllyScripts/ALEX Protector1.0.txt
Tools/OSCEditor/OllyScripts/ASPACKDLL.txt
Tools/OSCEditor/OllyScripts/ASPR13b.TXT
Tools/OSCEditor/OllyScripts/Arm3.7Std_release.txt
Tools/OSCEditor/OllyScripts/EPE2003518.txt
Tools/OSCEditor/OllyScripts/EXE Shield v0.5.txt
Tools/OSCEditor/OllyScripts/EXECryptor1.53.TXT
Tools/OSCEditor/OllyScripts/EZip 1.0.txt
Tools/OSCEditor/OllyScripts/ExEStealth2.74.txt
Tools/OSCEditor/OllyScripts/Krypton0.5.txt
Tools/OSCEditor/OllyScripts/MoleBox2.TXT
Tools/OSCEditor/OllyScripts/Obsidium1.061vb.txt
Tools/OSCEditor/OllyScripts/Obsidium114.txt
Tools/OSCEditor/OllyScripts/PCGURAD5.TXT
Tools/OSCEditor/OllyScripts/PEBundle 2.0x.txt
Tools/OSCEditor/OllyScripts/PELock1.x.txt
Tools/OSCEditor/OllyScripts/PESPIN v0.7.TXT
Tools/OSCEditor/OllyScripts/PESpin0.3sc.TXT
Tools/OSCEditor/OllyScripts/PETITE2.2.txt
Tools/OSCEditor/OllyScripts/PePack1.0.txt
Tools/OSCEditor/OllyScripts/Pecompact.txt
Tools/OSCEditor/OllyScripts/SoftSentry3.txt
Tools/OSCEditor/OllyScripts/TELOCK 0.9.TXT
Tools/OSCEditor/OllyScripts/UPX.txt
Tools/OSCEditor/OllyScripts/a.txt
Tools/OSCEditor/OllyScripts/arm.txt
Tools/OSCEditor/OllyScripts/asp2test.txt
Tools/OSCEditor/OllyScripts/aspack.txt
Tools/OSCEditor/OllyScripts/aspr1.23rc1.txt
Tools/OSCEditor/OllyScripts/aspr1.23rc4.txt
Tools/OSCEditor/OllyScripts/dbpe2x.txt
Tools/OSCEditor/OllyScripts/fsg1.33.txt
Tools/OSCEditor/OllyScripts/jdpack.txt
Tools/OSCEditor/OllyScripts/morphine1.2.TXT
Tools/OSCEditor/OllyScripts/neolite 2.0.txt
Tools/OSCEditor/OllyScripts/pecompact208.TXT
Tools/OSCEditor/OllyScripts/svk1.32.TXT
Tools/OSCEditor/OllyScripts/tElock098.txt
Tools/OSCEditor/OllyScripts/telock-forgot.txt
Tools/OSCEditor/OllyScripts/upxshit.txt
Tools/OSCEditor/config.ini
Tools/OSCEditor/help.chm
.chm
Tools/dll_loader/Dll_LoadEx.exe
.exe windows:4 windows x86 arch:x86

e545064de16acbfb75832a11d68a3dd7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2976
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord2554
ord2512
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord800
ord2514
ord2621
ord1134
ord537
ord5265
ord4376
ord4853
ord4998
ord4710
ord3081
ord4274
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord4673
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord860
ord540
ord2362
ord2370
ord4160
ord2863
ord2379
ord755
ord470
ord858
ord3499
ord2515
ord355
ord6334
ord941
ord939
ord2818
ord4224
ord4486
ord6375
ord6052
ord4078
ord3749
ord1576

msvcrt

_acmdln
__getmainargs
exit
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_onexit
_XcptFilter
_mbscmp
__CxxFrameHandler
__dllonexit
_setmbcp

kernel32

FreeLibrary
GetModuleHandleA
LoadLibraryA
GetStartupInfoA

user32

GetSystemMenu
DrawIcon
AppendMenuA
GetClientRect
SendMessageA
IsIconic
EnableWindow
GetSystemMetrics
LoadIconA

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tools/下载说明.htm
.html .js polyglot
license.txt
loaddll.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Arg1
Arg10
Arg2
Arg3
Arg4
Arg5
Arg6
Arg7
Arg8
Arg9
CallDLL
Finished
Firstbp
Patcharea
Prepatch
WndProc

Sections

CODE
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ollydbg.ini
readme.txt
register.txt
下载说明.htm
.html .js polyglot
原版界面/Ollydbg.exe
.exe windows:4 windows x86 arch:x86

601aae4d9b90819ecbda85f5864d7478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

kernel32

CloseHandle
ContinueDebugEvent
CreateDirectoryA
CreateFileA
CreateProcessA
DebugActiveProcess
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushInstructionCache
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDirectoryA
GetThreadContext
GetThreadPriority
GetThreadSelectorEntry
GetTickCount
GetUserDefaultLCID
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
IsValidLocale
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MoveFileA
MulDiv
MultiByteToWideChar
OpenProcess
RaiseException
ReadFile
ReadProcessMemory
ResumeThread
RtlUnwind
SearchPathA
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetPriorityClass
SetThreadContext
SetThreadLocale
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerLanguageNameA
VirtualAlloc
VirtualFree
VirtualProtect
WaitForDebugEvent
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
WriteProcessMemory
lstrcmpiW
lstrcpyA
lstrcpyW
lstrlenW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ord17

comdlg32

ChooseFontA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

AddFontResourceA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateFontIndirectA
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
EnumFontFamiliesA
ExcludeClipRect
ExtTextOutA
ExtTextOutW
GetClipBox
GetDCOrgEx
GetNearestColor
GetObjectA
GetObjectType
GetStockObject
GetTextMetricsA
IntersectClipRect
LineTo
MoveToEx
RemoveFontResourceA
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetTextAlign
SetTextColor

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
ShellExecuteA

user32

AdjustWindowRect
AppendMenuA
BeginPaint
CallWindowProcA
CheckDlgButton
CheckMenuItem
CheckRadioButton
ClientToScreen
CloseClipboard
CreateCaret
CreateDialogParamA
CreateMDIWindowA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DestroyCaret
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawMenuBar
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumThreadWindows
EnumWindows
FillRect
FrameRect
GetCapture
GetClassInfoA
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemTextA
GetKeyState
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetParent
GetScrollPos
GetSubMenu
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
InsertMenuA
IntersectRect
InvalidateRect
IsDlgButtonChecked
IsIconic
IsWindow
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MapDialogRect
MapVirtualKeyA
MessageBoxA
MoveWindow
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
PostThreadMessageA
RedrawWindow
RegisterClassA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowCaret
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnregisterClassA
UpdateWindow
WinHelpA
WindowFromPoint
wsprintfA
wsprintfW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

_Addsorteddata
_Addtolist
_Analysecode
_Animate
_Assemble
_Attachtoactiveprocess
_Broadcast
_Browsefilename
_Calculatecrc
_Checkcondition
_Compress
_Createdumpwindow
_Createlistwindow
_Createpatchwindow
_Createprofilewindow
_Creatertracewindow
_Createsorteddata
_Createthreadwindow
_Createwatchwindow
_Createwinwindow
_Decodeaddress
_Decodeascii
_Decodecharacter
_Decodefullvarname
_Decodeknownargument
_Decodename
_Decoderange
_Decoderelativeoffset
_Decodethreadname
_Decodeunicode
_Decompress
_Defaultbar
_Deletebreakpoints
_Deletehardwarebreakbyaddr
_Deletehardwarebreakpoint
_Deletenamerange
_Deletenonconfirmedsorteddata
_Deleteruntrace
_Deletesorteddata
_Deletesorteddatarange
_Deletewatch
_Demanglename
_Destroysorteddata
_Disasm
_Disassembleback
_Disassembleforward
_Discardquicknames
_Dumpbackup
_Error
_Expression
_Findallcommands
_Findalldllcalls
_Findallsequences
_Finddecode
_Findfileoffset
_Findfixup
_Findhittrace
_Findimportbyname
_Findlabel
_Findlabelbyname
_Findmemory
_Findmodule
_Findname
_Findnextname
_Findnextproc
_Findnextruntraceip
_Findprevproc
_Findprevruntraceip
_Findprocbegin
_Findprocend
_Findreferences
_Findsorteddata
_Findsorteddataindex
_Findsorteddatarange
_Findstrings
_Findsymbolicname
_Findthread
_Findunknownfunction
_Flash
_Followcall
_Get3dnow
_Get3dnowxy
_Getaddressfromline
_Getasmfindmodel
_Getasmfindmodelxy
_Getbprelname
_Getbreakpointtype
_Getbreakpointtypecount
_Getcputhreadid
_Getdisassemblerrange
_Getfloat
_Getfloat10
_Getfloat10xy
_Getfloatxy
_Gethexstring
_Gethexstringxy
_Getline
_Getlinefromaddress
_Getlinexy
_Getlong
_Getlongxy
_Getmmx
_Getmmxxy
_Getnextbreakpoint
_Getoriginaldatasize
_Getproclimits
_Getregxy
_Getresourcestring
_Getruntraceprofile
_Getruntraceregisters
_Getsortedbyselection
_Getsourcefilelimits
_Getstatus
_Gettableselectionxy
_Gettext
_Gettextxy
_Getwatch
_Go
_Guardmemory
_Hardbreakpoints
_Havecopyofmemory
_Infoline
_Injectcode
_Insertname
_Insertwatch
_Isfilling
_Isprefix
_Isretaddr
_Issuspicious
_IstextA
_IstextW
_Listmemory
_Manualbreakpoint
_Mergequicknames
_Message
_Modifyhittrace
_Newtablewindow
_OpenEXEfile
_Painttable
_Plugingetvalue
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginsaverecord
_Pluginwriteinttoini
_Pluginwritestringtoini
_Print3dnow
_Printfloat10
_Printfloat4
_Printfloat8
_Printsse
_Progress
_Quickinsertname
_Quicktablewindow
_Readcommand
_Readmemory
_Redrawdisassembler
_Registerotclass
_Registerpluginclass
_Restoreallthreads
_Runsinglethread
_Runtracesize
_Scrollruntracewindow
_Selectandscroll
_Sendshortcut
_Setbreakpoint
_Setbreakpointext
_Setcpu
_Setdisasm
_Setdumptype
_Sethardwarebreakpoint
_Setmembreakpoint
_Settracecondition
_Settracecount
_Settracepauseoncommands
_Showsourcefromaddress
_Sortsorteddata
_Startruntrace
_Stringtotext
_Suspendprocess
_Tablefunction
_Tempbreakpoint
_Unregisterpluginclass
_Updatelist
_Walkreference
_Walkreferenceex
_Writememory
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 698KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 214KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
原版界面/下载说明.htm
.html .js polyglot
汉化说明.txt
英文配置补丁/下载说明.htm
.html .js polyglot
英文配置补丁/配置文件恢复为英文补丁.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX3
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 500KB - Virtual size: 500KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 73B

.reloc Size: 37KB - Virtual size: 37KB

.rsrc Size: 31KB - Virtual size: 31KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 698KB - Virtual size: 700KB

.data Size: 116KB - Virtual size: 364KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 7KB - Virtual size: 8KB

.edata Size: 5KB - Virtual size: 8KB

.rsrc Size: 393KB - Virtual size: 393KB

.reloc Size: 47KB - Virtual size: 48KB

.patch Size: 253B - Virtual size: 4KB

06ea2d72a19948d127c668a02c20d871

Headers

File Characteristics

Imports

ollydbg.exe

kernel32

comctl32

shell32

user32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 56KB

.data Size: 11KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

601aae4d9b90819ecbda85f5864d7478

Headers

File Characteristics

Imports

advapi32

kernel32

version

comctl32

comdlg32

gdi32

shell32

user32

ole32

Exports

Exports

Sections

.text Size: 698KB - Virtual size: 700KB

.data Size: 116KB - Virtual size: 364KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 7KB - Virtual size: 8KB

.edata Size: 5KB - Virtual size: 8KB

.rsrc Size: 393KB - Virtual size: 393KB

.reloc Size: 47KB - Virtual size: 48KB

ffe44f26c0d9297089f8f0ce09ddcbeb

Headers

File Characteristics

Imports

ollydbg.exe

kernel32

CODE
Size: 500KB - Virtual size: 500KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 73B

.reloc
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 31KB - Virtual size: 31KB

.text
Size: 698KB - Virtual size: 700KB

.data
Size: 116KB - Virtual size: 364KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 7KB - Virtual size: 8KB

.edata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 393KB - Virtual size: 393KB

.reloc
Size: 47KB - Virtual size: 48KB

.patch
Size: 253B - Virtual size: 4KB

.text
Size: 55KB - Virtual size: 56KB

.data
Size: 11KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB

.text
Size: 698KB - Virtual size: 700KB

.data
Size: 116KB - Virtual size: 364KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 7KB - Virtual size: 8KB

.edata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 393KB - Virtual size: 393KB

.reloc
Size: 47KB - Virtual size: 48KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 664B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 40KB

.data
Size: 10KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB