DeviceUpdateAgent.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
setup.msi
Resource
win7-20240705-en
windows7-x64
10 signatures
300 seconds
Behavioral task
behavioral2
Sample
setup.msi
Resource
win10v2004-20240709-en
windows10-2004-x64
10 signatures
300 seconds
Behavioral task
behavioral3
Sample
setup.msi
Resource
win11-20240709-en
windows11-21h2-x64
10 signatures
300 seconds
General
-
Target
x64__installer__x32_.zip
-
Size
32.2MB
-
MD5
7b9c6520dd70d5b8ce7fa581af4c33e6
-
SHA1
1dd3f69d97aeff3de909dcae18ec2d477fe099e6
-
SHA256
46676b869653e6b46392f93e017a18bfce50b097f505ba7afcacba903806dce9
-
SHA512
646be80c4753d0fc33384b1a947f85740ae1d6f14580517c7437cd311dd0c2584d0130b4b12d2e2d9d25cf7163cc188c9b962b73efa56870f5186d2964b6b2e5
-
SSDEEP
786432:RiiSARz9JXFPKkptzAyiulEXKY2Vd/63qVyXV46CfW:RhZzXeK5/ykoNkW
Score
3/10
Malware Config
Signatures
-
Unsigned PE 12 IoCs
Checks for missing Authenticode signature.
resource unpack001/ifsutil/DeviceUpdateAgent.dll unpack001/ifsutil/dmutil.dll unpack001/ifsutil/dnsrslvr.dll unpack001/setupcln/perfdisk.dll unpack001/setupcln/setupcln.dll unpack001/srclient/ReInfo.dll unpack001/srclient/srclient.dll unpack001/srclient/usoapi.dll unpack001/srcore/SettingsHandlers_Region.dll unpack001/srcore/networkhelper.dll unpack001/srcore/srcore.dll unpack001/srcore/uireng.dll
Files
-
x64__installer__x32_.zip.zip
-
ifsutil/DeviceUpdateAgent.dll.dll windows:10 windows x64 arch:x64
4164d9f7e0ac459a4e84e311ff4f7808
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
msvcrt
strchr
memcpy
_set_errno
_XcptFilter
__CxxFrameHandler3
memcpy_s
sprintf_s
_purecall
wcsrchr
_onexit
__dllonexit
_unlock
_errno
iswdigit
_wtoi64
strncpy_s
strrchr
strtol
_lock
__C_specific_handler
_initterm
_vsnwprintf
malloc
free
_amsg_exit
wcschr
_wcsicmp
memmove
memset
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapFree
HeapAlloc
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableLevel
RegisterTraceGuidsW
GetTraceEnableFlags
TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
api-ms-win-core-com-l1-1-0
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
rpcrt4
RpcStringFreeW
I_RpcMapWin32Status
UuidCreate
UuidToStringW
api-ms-win-core-file-l1-1-0
GetFileAttributesW
DeleteFileW
GetFileSizeEx
CreateFileW
CreateDirectoryW
ReadFile
FindClose
FindNextFileW
FindFirstFileW
oleaut32
SysFreeString
VariantInit
SysAllocString
VariantClear
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTime
GetSystemTimeAsFileTime
api-ms-win-devices-config-l1-1-1
CM_Get_DevNode_PropertyW
CM_Get_DevNode_Status
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_MapCrToWin32Err
api-ms-win-core-sysinfo-l1-2-0
GetNativeSystemInfo
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-security-base-l1-1-0
AllocateAndInitializeSid
IsValidSid
CheckTokenMembership
FreeSid
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
cabapi
Cab_Extract
drvstore
DriverStoreClose
DriverStoreOpenW
DriverPackageClose
DriverPackageEnumDriversW
DriverPackageOpenW
DriverStoreFindW
DriverStoreGetObjectPropertyW
DriverStoreEnumW
bcrypt
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
CreateDeploymentSessionEx
Sections
.text Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 308B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ifsutil/dmutil.dll.dll windows:10 windows x64 arch:x64
24071240120dbc007b40a31bd28ae0f4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dmutil.pdb
Imports
msvcrt
_vsnwprintf
__C_specific_handler
memcpy
_amsg_exit
_XcptFilter
_callnewh
mbstowcs
free
malloc
_wgetenv
wcstok
_vsnprintf
_initterm
memset
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask
NtClose
NtDeviceIoControlFile
NtReadFile
NtWriteFile
RtlVirtualUnwind
NtSetInformationFile
NtQueryInformationFile
NtSetBootEntryOrder
NtQueryBootEntryOrder
NtAddBootEntry
RtlFreeUnicodeString
NtOpenFile
RtlCreateUnicodeString
RtlAdjustPrivilege
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
kernel32
GetCurrentProcess
lstrlenW
GetCurrentDirectoryW
Sleep
HeapFree
HeapAlloc
GetProcessHeap
CreateThread
LocalFree
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
lstrcmpW
VerifyVersionInfoW
DelayLoadFailureHook
ResolveDelayLoadedAPI
LoadLibraryW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
lstrlenA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
GetProcAddress
Exports
Exports
AddEntryBootFileGpt
AddEntryBootFileMbr
CoDisableDynamicVolumes
DisplayError
DisplayErrorRgszw
DllMain
DmCommonNtOpenFile
DynamicSupport
FTrace
FTraceValist
FreeRgszw
GetErrorData
GetInstallDirectoryPath
GetSystemVolume
IsPersonalSKU
LowAcquirePrivilege
LowGetPartitionInfo
LowNtAddBootEntry
LowNtReadFile
LowNtReadOnlyAttributeOff
LowNtWriteFile
RgszwDupRgszw
RgszwFromArgs
RgszwFromValist
SafeLoadVdsService
ShowMessage
ShowMessageValist
SzwDupSzw
SzwFromSza
TranslateError
Sections
.text Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 72B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ifsutil/dnsrslvr.dll.dll windows:10 windows x64 arch:x64
d1b5eab1649c98b5354a440b730c2c2a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dnsrslvr.pdb
Imports
api-ms-win-core-crt-l1-1-0
_vsnprintf_s
swprintf_s
_wtol
atoi
strnlen
wcsnlen
wcscpy_s
memcmp
memcpy
memset
_wcsnicmp
wcstok_s
memcpy_s
wcschr
wcsstr
_wcsicmp
_vsnwprintf_s
wcscmp
api-ms-win-core-crt-l2-1-0
_initterm_e
_initterm
ntdll
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
EtwTraceMessageVa
NtQueryLicenseValue
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlGUIDFromString
RtlStringFromGUIDEx
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
RtlIdnToAscii
EtwGetTraceEnableFlags
RtlGetPersistedStateLocation
RtlAllocateHeap
RtlFreeUnicodeString
RtlFreeHeap
NtCreateFile
RtlCanonicalizeDomainName
RtlGetCurrentServiceSessionId
RtlInitUnicodeString
RtlNtStatusToDosError
RtlPublishWnfStateData
RtlCompareMemory
RtlRandom
NtCreateWnfStateName
RtlLookupFunctionEntry
RtlVirtualUnwind
EtwRegisterTraceGuidsW
qsort
bsearch
__C_specific_handler
EtwUnregisterTraceGuids
RtlIdnToUnicode
NtDeleteWnfStateName
RtlCaptureContext
ws2_32
WSAStartup
WSACleanup
closesocket
WSACreateEvent
WSAEventSelect
accept
getsockname
WSAResetEvent
WSAGetLastError
WSAIoctl
WSASocketA
setsockopt
rpcrt4
RpcServerUseProtseqEpW
RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerSubscribeForNotification
RpcRevertToSelf
RpcImpersonateClient
RpcServerInqCallAttributesW
RpcServerUnsubscribeForNotification
RpcAsyncCompleteCall
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrAsyncServerCall
NdrServerCall2
RpcServerUnregisterIfEx
NdrClientCall3
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcServerRegisterIf3
I_RpcMapWin32Status
RpcExceptionFilter
RpcServerInqBindings
RpcServerUnregisterIf
RpcServerRegisterIfEx
RpcBindingVectorFree
RpcEpUnregister
dnsapi
NetInfo_Clean
DnsCheckNrptRuleIntegrity
DnsGetPolicyTableInfoPrivate
DnsGetProxyInfoPrivate
DnsGetApplicationIdentifier
NetInfo_IsAddrConfig
Query_Main
NetInfo_CopyNetworkIndex
Query_Cancel
AddRefQueryBlobEx
DeRefQueryBlobEx
DnsCleanupTcpConnections
AdaptiveTimeout_ClearInterfaceSpecificConfiguration
Util_IsRunningOnXboxOne
HostsFile_Close
HostsFile_ReadLine
HostsFile_Open
GetCurrentTimeInSeconds
DnsNameCompare_W
AdaptiveTimeout_ResetAdaptiveTimeout
Dns_InitializeMsgBuf
Send_MessagePrivate
Dns_AddRecordsToMessage
Dns_SetRecordsTtl
Dns_SetRecordsSection
Dns_BuildPacket
DnsRecordCopyEx
Send_MessagePrivateEx
Dns_ExtractRecordsFromMessage
Coalesce_UpdateNetVersion
DnsFreePolicyConfig
NetInfo_GetAdapterByName
DnsFreeAdaptersInfo
DnsConnectionDeletePolicyEntriesPrivate
DnsConnectionSetPolicyEntriesPrivate
DnsFreeNrptRule
IpHelp_IsAddrOnLink
Dns_ReadPacketName
Socket_RecvFrom
Dns_RecvTcp
Local_GetRecordsForLocalNameEx
DnsQuery_W
NetInfo_GetAdapterByAddress
Dns_AllocateMsgBuf
Socket_SetTtl
Socket_TcpListen
Socket_SetMulticastLoopBack
Socket_JoinMulticast
WriteDnsNrptRulesToRegistry
Socket_Create
Dns_FreeMsgBuf
Socket_CloseEx
DnsQueryEx
DnsFree
DnsCancelQuery
NetInfo_UpdateDnsInterfaceConfigChange
NetInfo_IsTcpipConfigChange
NetInfo_GetAdapterByInterfaceIndex
DelaySortDAServerlist
Trace_Reset
DnsUpdateMachinePresence
FlushDnsPolicyUnreachableStatus
NetInfo_UpdateServerReachability
NetInfo_Copy
NetInfo_Build
NetInfo_ResetServerPriorities
NetInfo_CreatePerNetworkNetinfo
NetInfo_UpdateNetworkProperties
NetInfo_Free
DnsLogEvent
DnsApiFree
DnsApiAlloc
Dns_CacheServiceInit
Reg_ReadGlobalsEx
DnsGlobals
DnsTraceServerConfig
Dns_CacheServiceStopIssued
Dns_CacheServiceCleanup
Security_ContextListTimeout
Reg_ReadUpdateInfo
Reg_FreeUpdateInfo
Reg_GetValueEx
ExtraInfo_Init
DnsModifyRecordsInSet_W
Update_ReplaceAddressRecordsW
Faz_AreServerListsInSameNameSpace
DnsReplaceRecordSetW
DnsCheckNrptRules
winnsi
NsiRpcDeregisterChangeNotification
NsiDisconnectFromServer
NsiConnectToServer
NsiRpcRegisterChangeNotification
nsi
NsiAllocateAndGetTable
NsiGetAllParameters
NsiFreeTable
NsiGetParameter
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter
api-ms-win-core-file-l1-1-0
FindFirstChangeNotificationW
FindNextChangeNotification
CompareFileTime
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
GetProcAddress
api-ms-win-core-localization-l1-2-0
LCMapStringW
api-ms-win-core-registry-l1-1-0
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
api-ms-win-eventing-provider-l1-1-0
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
api-ms-win-core-synch-l1-1-0
ReleaseSRWLockShared
LeaveCriticalSection
ResetEvent
AcquireSRWLockExclusive
EnterCriticalSection
TryAcquireSRWLockExclusive
OpenEventW
SetEvent
ReleaseSRWLockExclusive
InitializeSRWLock
WaitForSingleObject
WaitForMultipleObjectsEx
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateEventA
CreateEventW
api-ms-win-core-processthreads-l1-1-0
GetCurrentThread
OpenThreadToken
GetCurrentProcessId
TerminateProcess
CreateThread
TerminateThread
GetCurrentProcess
GetCurrentThreadId
api-ms-win-service-core-l1-1-0
RegisterServiceCtrlHandlerExW
SetServiceStatus
api-ms-win-core-sysinfo-l1-1-0
GetTickCount64
GetSystemDirectoryW
GetLocalTime
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolWorkCallbacks
CreateThreadpoolTimer
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CloseThreadpoolWork
CreateThreadpoolWork
SetThreadpoolTimer
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-security-base-l1-1-0
AllocateAndInitializeSid
GetTokenInformation
AccessCheck
MapGenericMask
IsValidSecurityDescriptor
InitializeAcl
FreeSid
AddAccessAllowedAce
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetLengthSid
api-ms-win-core-realtime-l1-1-0
QueryUnbiasedInterruptTime
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-string-l1-1-0
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
api-ms-win-core-threadpool-legacy-l1-1-0
UnregisterWaitEx
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
LoadGPExtension
Reg_DoRegisterAdapter
ServiceMain
SvchostPushServiceGlobals
Sections
.text Size: 220KB - Virtual size: 219KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.wpp_sf Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 75KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 248B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ifsutil/ifsutil.dll.dll windows:10 windows x64 arch:x64
6bf5710dfd8eadaf925e48746f08a0cb
Code Sign
33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/12/2020, 21:29Not After02/12/2021, 21:29SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
d3:4c:2b:a4:f4:13:b8:d6:4f:3b:e2:99:11:e1:49:33:c6:c3:1c:b2:dd:3c:76:a1:28:79:3a:f6:52:c7:aa:e0Signer
Actual PE Digestd3:4c:2b:a4:f4:13:b8:d6:4f:3b:e2:99:11:e1:49:33:c6:c3:1c:b2:dd:3c:76:a1:28:79:3a:f6:52:c7:aa:e0Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
ifsutil.pdb
Imports
msvcrt
memcmp
_initterm
memcpy
memmove
_local_unwind
malloc
free
_amsg_exit
_XcptFilter
_vsnprintf
_purecall
__C_specific_handler
_wcstoui64
wcstoul
swscanf
_wgetenv
_vsnwprintf
wcscat_s
wcscpy_s
_wcsicmp
memset
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
TraceMessage
RegisterTraceGuidsW
GetTraceEnableLevel
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
ExitProcess
TerminateProcess
CreateThread
api-ms-win-core-errorhandling-l1-1-0
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
api-ms-win-devices-config-l1-1-1
CM_Get_Parent
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
LoadLibraryExW
FreeLibrary
ntdll
RtlInitializeCriticalSection
RtlDeleteCriticalSection
NtQueryDirectoryFile
RtlLeaveCriticalSection
RtlTryEnterCriticalSection
RtlEnterCriticalSection
WinSqmEndSession
WinSqmSetString
WinSqmSetDWORD64
WinSqmSetDWORD
WinSqmStartSession
RtlRandomEx
NtSetThreadExecutionState
NtSetVolumeInformationFile
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlDeleteElementGenericTableAvlEx
RtlInsertElementGenericTableFullAvl
RtlLookupElementGenericTableFullAvl
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlLookupFirstMatchingElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlVerifyVersionInfo
RtlTimeToTimeFields
RtlGetVersion
NtQueryInformationProcess
RtlValidRelativeSecurityDescriptor
NtSetInformationFile
NtQuerySystemEnvironmentValue
RtlAdjustPrivilege
RtlExpandEnvironmentStrings_U
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtQuerySystemInformation
NtQuerySystemTime
RtlDosPathNameToNtPathName_U
RtlRaiseStatus
NtReadFile
NtCreateFile
NtWriteFile
RtlGetLastWin32Error
RtlInitUnicodeString
NtQueryVolumeInformationFile
NtDeviceIoControlFile
NtFsControlFile
NtQueryInformationFile
NtOpenFile
RtlNumberOfSetBits
RtlEnumerateGenericTableWithoutSplaying
RtlDeleteElementGenericTable
RtlFindSetBits
RtlClearBits
RtlLookupElementGenericTable
RtlSetBits
RtlInitializeBitMap
RtlInsertElementGenericTable
RtlInitializeGenericTable
RtlNtStatusToDosError
NtResetEvent
NtAllocateVirtualMemory
NtFreeVirtualMemory
RtlInitializeSRWLock
RtlAllocateHeap
NtDelayExecution
RtlFreeHeap
RtlQueryRegistryValuesEx
RtlWriteRegistryValue
RtlGetPersistedStateLocation
RtlDeleteSecurityObject
NtOpenProcessToken
NtClose
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
RtlAddAce
RtlCreateAcl
RtlQueryInformationAcl
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAce
NtCreateEvent
NtSetEvent
NtWaitForSingleObject
NtQueryPerformanceCounter
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlFreeUnicodeString
api-ms-win-core-file-l1-1-0
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
CreateFileW
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
api-ms-win-core-synch-l1-1-0
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
api-ms-win-core-console-l1-1-0
SetConsoleCtrlHandler
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
ulib
??1ADMINFILEPRIVS@@QEAA@XZ
?Initialize@SVILOGFILES@@QEAAEPEBG00K@Z
?EnablePrivileges@ADMINFILEPRIVS@@QEAAJXZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z
?Initialize@PATH@@QEAAEPEBVWSTRING@@E@Z
??1PATH@@UEAA@XZ
??0PATH@@QEAA@XZ
?MakeFileToken@MESSAGE@@SA_KPEBD@Z
?DisplayMsg@MESSAGE@@QEAAEKW4MESSAGE_TYPE@@KPEBDZZ
?Insert@ARRAY@@QEAAEPEAVOBJECT@@K@Z
?GetCompareArgument@ARRAY@@SAPEAVOBJECT@@PEAX@Z
?Sort@ARRAY@@UEAAEP6AHPEAX0@Z@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
?DisplayMsg@MESSAGE@@QEAAEKW4MESSAGE_TYPE@@K@Z
?Display@MESSAGE@@QEAAEPEBDZZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?Resize@HMEM@@QEAAEKK@Z
?Strchr@WSTRING@@QEBAKGK@Z
?Initialize@WSTRING@@QEAAEXZ
?QueryChAt@WSTRING@@QEBAGK@Z
??1ARRAY@@UEAA@XZ
??1FSTRING@@UEAA@XZ
?LogMsg@MESSAGE@@QEAAEKPEBDZZ
?Acquire@HMEM@@UEAAPEAXKK@Z
?Initialize@HMEM@@QEAAEXZ
??1HMEM@@UEAA@XZ
??0HMEM@@QEAA@XZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?Initialize@FSTRING@@QEAAPEAVWSTRING@@PEAGK@Z
??0FSTRING@@QEAA@XZ
?DeleteAllMembers@ARRAY@@UEAAEXZ
?GetAt@ARRAY@@UEBAPEAVOBJECT@@K@Z
?QueryMemberCount@ARRAY@@UEBAKXZ
?Split@WSTRING@@QEBAEPEAVARRAY@@PEBV1@E@Z
?DisplayMsg@MESSAGE@@QEAAEKPEBDZZ
?DisplayMsg@MESSAGE@@QEAAEK@Z
??0ADMINFILEPRIVS@@QEAA@XZ
??1BITVECTOR@@UEAA@XZ
??0BITVECTOR@@QEAA@XZ
?Alloc@MEM_BLOCK_MGR@@QEAAPEAXXZ
?Allocate@MEM_ALLOCATOR@@QEAAPEAXK@Z
?Initialize@MEM_ALLOCATOR@@QEAAE_KK@Z
?Initialize@MEM_BLOCK_MGR@@QEAAEKK@Z
?Construct@OBJECT@@IEAAXXZ
??1MEM_ALLOCATOR@@UEAA@XZ
??0MEM_ALLOCATOR@@QEAA@XZ
??1MEM_BLOCK_MGR@@UEAA@XZ
??0MEM_BLOCK_MGR@@QEAA@XZ
??8WSTRING@@QEBAEAEBV0@@Z
?Initialize@MESSAGE@@QEAAEXZ
?Initialize@WSTRING@@QEAAEPEBDK@Z
??1MESSAGE@@UEAA@XZ
??0MESSAGE@@QEAA@XZ
?FreeLibraryHandle@SYSTEM@@SAXPEAX@Z
?QueryLibraryEntryPoint@SYSTEM@@SAP6A_JXZPEBVWSTRING@@0PEAPEAX@Z
?Replace@WSTRING@@QEAAEKKPEBV1@KK@Z
UlibRealloc
?SPrintf@DSTRING@@UEAAEPEBGZZ
?GetWSTR@WSTRING@@QEBAPEBGXZ
?Stricmp@WSTRING@@SAHPEAG0@Z
??0ARRAY@@QEAA@XZ
?Strstr@WSTRING@@QEBAKPEBV1@@Z
?Strupr@WSTRING@@QEAAPEAV1@XZ
?Stricmp@WSTRING@@QEBAJPEBV1@KKKK@Z
?Stricmp@WSTRING@@QEBAJPEBV1@@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?QueryWSTR@WSTRING@@QEBAPEAGKKPEAGKE@Z
?QueryChCount@WSTRING@@QEBAKXZ
?DebugDump@OBJECT@@UEBAXE@Z
?Compare@OBJECT@@UEBAJPEBV1@@Z
?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?SetClassDescriptor@OBJECT@@IEAAXPEBVCLASS_DESCRIPTOR@@@Z
??1DSTRING@@UEAA@XZ
??0DSTRING@@QEAA@XZ
??1OBJECT@@UEAA@XZ
??0OBJECT@@IEAA@XZ
?Initialize@BITVECTOR@@QEAAEKW4BIT@@PEAK@Z
?Initialize@ARRAY@@QEAAEKK@Z
?InsertString@WSTRING@@QEAAEKPEBV1@KK@Z
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
devobj
DevObjOpenDeviceInterface
DevObjGetDeviceInterfaceDetail
DevObjDeleteDevice
DevObjDestroyDeviceInfoList
DevObjCreateDeviceInfoList
cfgmgr32
CM_Reenumerate_DevNode
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
??0BLOCK_CACHE@@QEAA@XZ
??0CANNED_SECURITY@@QEAA@XZ
??0DIGRAPH@@QEAA@XZ
??0DIGRAPH_EDGE@@QEAA@XZ
??0DP_DRIVE@@QEAA@XZ
??0INTSTACK@@QEAA@XZ
??0LOG_IO_DP_DRIVE@@QEAA@XZ
??0MEDIA_TRACK_INFORMATION@@QEAA@XZ
??0MOUNT_POINT_MAP@@QEAA@XZ
??0MOUNT_POINT_TUPLE@@QEAA@XZ
??0NUMBER_SET@@QEAA@XZ
??0POW_CACHE@@QEAA@XZ
??0POW_TRACK@@QEAA@XZ
??0READ_AHEAD_CACHE@@QEAA@XZ
??0READ_CACHE@@QEAA@XZ
??0READ_MODIFY_WRITE_CACHE@@QEAA@XZ
??0READ_WRITE_CACHE@@QEAA@XZ
??0SECRUN@@QEAA@XZ
??0SNAPSHOT@@AEAA@XZ
??0SPARSE_SET@@QEAA@XZ
??0SUPERAREA@@IEAA@XZ
??0TLINK@@QEAA@XZ
??0VOL_LIODPDRV@@IEAA@XZ
??0WRITEVIEW_CACHE@@QEAA@XZ
??0WRITEVIEW_CACHE_ENTRY@@QEAA@PEAVWRITEVIEW_CACHE@@G@Z
??0WRITE_ONCE_CACHE@@QEAA@XZ
??1BLOCK_CACHE@@UEAA@XZ
??1CANNED_SECURITY@@UEAA@XZ
??1DIGRAPH@@UEAA@XZ
??1DP_DRIVE@@UEAA@XZ
??1INTSTACK@@UEAA@XZ
??1LOG_IO_DP_DRIVE@@UEAA@XZ
??1MOUNT_POINT_MAP@@UEAA@XZ
??1NUMBER_SET@@UEAA@XZ
??1SECRUN@@UEAA@XZ
??1SNAPSHOT@@EEAA@XZ
??1SPARSE_SET@@UEAA@XZ
??1SUPERAREA@@UEAA@XZ
??1TLINK@@UEAA@XZ
??1VOL_LIODPDRV@@UEAA@XZ
??1WRITEVIEW_CACHE@@UEAA@XZ
??1WRITEVIEW_CACHE_ENTRY@@QEAA@XZ
?Add@NUMBER_SET@@QEAAEPEBV1@@Z
?Add@NUMBER_SET@@QEAAEVBIG_INT@@0@Z
?Add@NUMBER_SET@@QEAAEVBIG_INT@@@Z
?Add@SPARSE_SET@@QEAAEPEBV1@@Z
?Add@SPARSE_SET@@QEAAEVBIG_INT@@@Z
?AddDriveName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?AddEdge@DIGRAPH@@QEAAEKK@Z
?AddEntry@AUTOREG@@SAEPEBVWSTRING@@@Z
?AddVolumeName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?AdjustCacheSize@BLOCK_CACHE@@UEAAXPEA_K0@Z
?AdjustCacheSize@IO_DP_DRIVE@@QEAAXPEA_K0@Z
?AdjustCacheSize@WRITEVIEW_CACHE@@UEAAXPEA_K0@Z
?Check@SPARSE_SET@@QEAAEVBIG_INT@@@Z
?CheckAndAdd@NUMBER_SET@@QEAAEVBIG_INT@@PEAE@Z
?CheckAndAdd@SPARSE_SET@@QEAAEVBIG_INT@@PEAE@Z
?CheckAndRemove@NUMBER_SET@@QEAAEVBIG_INT@@PEAE@Z
?CheckAndRemove@SPARSE_SET@@QEAAEVBIG_INT@@PEAE@Z
?CheckLinkList@TLINK@@QEAAXXZ
?CheckSnapshotPresence@SNAPSHOT@@QEAAEXZ
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SAEKPEAU_SECURITY_DESCRIPTOR@@@Z
?ChkDsk@VOL_LIODPDRV@@QEAAEW4FIX_LEVEL@@PEAVMESSAGE@@KKGPEAKPEBVWSTRING@@@Z
?CleanupBackingStore@WRITEVIEW_BACKINGSTORE@@SAEPEAVWSTRING@@@Z
?CloseDriveHandle@DP_DRIVE@@QEAAXXZ
?ComputeVolId@SUPERAREA@@SAKK@Z
?CreateTrack@DP_DRIVE@@QEAAEKEW4NwaType@1@@Z
?CreateTrack@MEDIA_TRACK_INFORMATION@@QEAAPEAV1@KE@Z
?Delete@WRITEVIEW_CACHE@@QEAAXPEAVWRITEVIEW_CACHE_ENTRY@@@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@00@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@0@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@E@Z
?Destroy@WRITEVIEW_CACHE@@QEAAXXZ
?DestroyWrites@WRITEVIEW_CACHE@@QEAAXXZ
?DismountAndLock@IO_DP_DRIVE@@QEAAEXZ
?DismountVolume@IFS_SYSTEM@@SAEPEBVWSTRING@@@Z
?DoesIntersectSet@NUMBER_SET@@QEBAEVBIG_INT@@0@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?DumpHashTable@SPARSE_SET@@QEAAXXZ
?EliminateCycles@DIGRAPH@@QEAAEPEAVCONTAINER@@PEAE@Z
?EnableFileSystem@IFS_SYSTEM@@SAEPEBVWSTRING@@@Z
?EnableVolumeCompression@IFS_SYSTEM@@SAEPEBVWSTRING@@@Z
?EnableVolumeIntegrity@IFS_SYSTEM@@SAEPEBVWSTRING@@G@Z
?EnableVolumeUpgrade@IFS_SYSTEM@@SAEPEBVWSTRING@@@Z
?Enumerate@NUMBER_SET@@QEBAEEPEAVBIG_INT@@0@Z
?Export@FORMAT_SQM@@QEAAEH@Z
?FileSetAttributes@IFS_SYSTEM@@SAEPEBVWSTRING@@KPEAK@Z
?FlushCache@IO_DP_DRIVE@@QEAAEXZ
?ForceAutochk@VOL_LIODPDRV@@QEAAEEKKGPEBVWSTRING@@@Z
?Format@VOL_LIODPDRV@@QEAA?AW4FORMAT_ERROR_CODE@@PEBVWSTRING@@PEAVMESSAGE@@KKK@Z
?FormatScaleQuickFormatVerify@IFS_SYSTEM@@SAE_KPEAK11PEA_K@Z
?FormatScaleTotalFreeClusters@IFS_SYSTEM@@SAE_K0PEAK1PEA_K2@Z
?GenerateLabelNotification@SUPERAREA@@SAJPEBVWSTRING@@PEAV2@PEAU_FILE_FS_SIZE_INFORMATION@@PEAU_FILE_FS_VOLUME_INFORMATION@@@Z
?GetAt@MOUNT_POINT_MAP@@QEAAEKPEAVWSTRING@@0@Z
?GetAt@MOUNT_POINT_MAP@@QEAAEKPEAVWSTRING@@0PEAE@Z
?GetBuffer@TLINK@@QEAAPEAXPEAX@Z
?GetCannedSecurity@IFS_SYSTEM@@SAPEAVCANNED_SECURITY@@XZ
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QEAAPEAXW4_CANNED_SECURITY_TYPE@@PEAK@Z
?GetCurrentSnapshot@SNAPSHOT@@SAPEAV1@XZ
?GetData@TLINK@@QEAAAEAVBIG_INT@@G@Z
?GetData@TLINK@@QEAAAEAVBIG_INT@@PEAX@Z
?GetDrive@SECRUN@@QEAAPEAVIO_DP_DRIVE@@XZ
?GetDrive@SUPERAREA@@QEAAPEAVIO_DP_DRIVE@@XZ
?GetFileSystemName@VOL_LIODPDRV@@QEAAPEBGXZ
?GetFirst@TLINK@@QEAAPEAXXZ
?GetIoErrorDisplayFlags@IO_DP_DRIVE@@QEBAKXZ
?GetMessageW@IO_DP_DRIVE@@QEAAPEAVMESSAGE@@XZ
?GetMessageW@SUPERAREA@@QEAAPEAVMESSAGE@@XZ
?GetNext@TLINK@@QEAAPEAXPEAX@Z
?GetNextDataSlot@TLINK@@QEAAAEAVBIG_INT@@XZ
?GetPerfFreq@BLOCK_CACHE@@QEAA_KXZ
?GetPhaseSubPhase@DRIVE_CACHE@@SAXPEAPEAG0@Z
?GetSnapshotErrorMessage@SNAPSHOT@@SAEJPEAVWSTRING@@@Z
?GetSnapshotGlobalDeviceName@SNAPSHOT@@QEAAPEAGXZ
?GetSnapshotNtDeviceName@SNAPSHOT@@QEAAPEAGXZ
?GetSortedFirst@TLINK@@QEAAPEAXXZ
?GetSortedNext@TLINK@@QEAAPEAXPEAX@Z
?GetSystemTime@IFS_SYSTEM@@SAXPEAU_TIME_FIELDS@@@Z
?GetVolumeSnapshot@SNAPSHOT@@SAJPEAVWSTRING@@PEAPEAV1@@Z
?HardRead@IO_DP_DRIVE@@QEAAEVBIG_INT@@KPEAX@Z
?HardWrite@IO_DP_DRIVE@@QEAAEVBIG_INT@@KPEAXE@Z
?Initialize@BLOCK_CACHE@@QEAAEPEAVIO_DP_DRIVE@@@Z
?Initialize@CANNED_SECURITY@@QEAAEXZ
?Initialize@DIGRAPH@@QEAAEK@Z
?Initialize@DP_DRIVE@@QEAAEPEBVWSTRING@@0PEAVMESSAGE@@EE@Z
?Initialize@DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@EE@Z
?Initialize@FORMAT_SQM@@QEAAEPEAVDP_DRIVE@@PEBGKK@Z
?Initialize@INTSTACK@@QEAAEXZ
?Initialize@LOG_IO_DP_DRIVE@@QEAAEPEAXE@Z
?Initialize@LOG_IO_DP_DRIVE@@QEAAEPEBVWSTRING@@0PEAVMESSAGE@@E@Z
?Initialize@LOG_IO_DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@E@Z
?Initialize@MEDIA_TRACK_INFORMATION@@QEAAXPEAU_TRACK_INFORMATION2@@@Z
?Initialize@MEDIA_TRACK_INFORMATION_SORTED_BY_SIZE@@QEAAXPEAVMEDIA_TRACK_INFORMATION@@@Z
?Initialize@MOUNT_POINT_MAP@@QEAAEXZ
?Initialize@NUMBER_SET@@QEAAEXZ
?Initialize@POW_CACHE@@QEAAEKKKKK@Z
?Initialize@POW_CACHE@@QEAAEPEAVIO_DP_DRIVE@@@Z
?Initialize@READ_AHEAD_CACHE@@QEAAEPEAVIO_DP_DRIVE@@KK@Z
?Initialize@READ_CACHE@@QEAAEPEAVIO_DP_DRIVE@@K@Z
?Initialize@READ_MODIFY_WRITE_CACHE@@QEAAEPEAVIO_DP_DRIVE@@KKEE@Z
?Initialize@READ_WRITE_CACHE@@QEAAEPEAVIO_DP_DRIVE@@KE@Z
?Initialize@SECRUN@@QEAAEPEAVMEM@@PEAVIO_DP_DRIVE@@VBIG_INT@@K@Z
?Initialize@SNAPSHOT@@AEAAJPEAG@Z
?Initialize@SPARSE_SET@@QEAAEXZ
?Initialize@SUPERAREA@@IEAAEPEAVMEM@@PEAVLOG_IO_DP_DRIVE@@KPEAVMESSAGE@@@Z
?Initialize@TLINK@@QEAAEG@Z
?Initialize@VOL_LIODPDRV@@IEAA?AW4FORMAT_ERROR_CODE@@PEBVWSTRING@@PEAVSUPERAREA@@PEAVMESSAGE@@EEW4_MEDIA_TYPE@@GEIE@Z
?Initialize@VOL_LIODPDRV@@IEAAEPEBVWSTRING@@0PEAVSUPERAREA@@PEAVMESSAGE@@E@Z
?Initialize@WRITEVIEW_CACHE@@QEAAEPEAVIO_DP_DRIVE@@PEAVDRIVE_CACHE@@PEBVWSTRING@@GEE@Z
?Initialize@WRITE_ONCE_CACHE@@QEAAEPEAVIO_DP_DRIVE@@KKK@Z
?InitializePowTrackConfiguration@DP_DRIVE@@QEAAEEPEAE@Z
?InvalidateVolume@IO_DP_DRIVE@@QEAAEXZ
?IsArcSystemPartition@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAE@Z
?IsBootCriticalVolume@DP_DRIVE@@QEAAEXZ
?IsDax@IO_DP_DRIVE@@QEAAEXZ
?IsEntryPresent@AUTOREG@@SAEPEBVWSTRING@@0@Z
?IsEntryPresent@AUTOREG@@SAEPEBVWSTRING@@@Z
?IsFatalError@SNAPSHOT@@SAEJ@Z
?IsFileSystemEnabled@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAE@Z
?IsFrontEndPresent@AUTOREG@@SAEPEBVWSTRING@@0@Z
?IsLocked@IO_DP_DRIVE@@QEAAEXZ
?IsMember@INTSTACK@@QEBAEVBIG_INT@@@Z
?IsThinlyProvisioned@DP_DRIVE@@QEAAEXZ
?IsThisNtfs@IFS_SYSTEM@@SAEVBIG_INT@@KPEAX@Z
?IsThisReFS@IFS_SYSTEM@@SAEVBIG_INT@@KPEAX@Z
?IsTotalDeviceFailure@IFS_SYSTEM@@SAEJ@Z
?IsUdfMediaWritable@DP_DRIVE@@QEAAEXZ
?IsVolumeDirty@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAE1PEAJ@Z
?IsVolumeWriteable@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAEPEAJ@Z
?IssueDeleteNotification@IO_DP_DRIVE@@QEAAE_KK@Z
?Lock@IO_DP_DRIVE@@QEAAEXZ
?Look@INTSTACK@@QEBA?AVBIG_INT@@K@Z
?NtDeviceNameToDosDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?Pop@INTSTACK@@QEAAXK@Z
?PowForceAllocation@IO_DP_DRIVE@@QEAAEKKPEAKW4NwaType@DP_DRIVE@@@Z
?Prefetch@IO_DP_DRIVE@@QEAAEVBIG_INT@@K@Z
?Purge@WRITEVIEW_CACHE@@QEAAXVBIG_INT@@K@Z
?Push@INTSTACK@@QEAAEVBIG_INT@@@Z
?PushEntry@AUTOREG@@SAEPEBVWSTRING@@@Z
?QueryAutochkTimeOut@VOL_LIODPDRV@@SAEPEAK@Z
?QueryCacheSize@BLOCK_CACHE@@UEAAXPEA_K0@Z
?QueryCacheSize@IO_DP_DRIVE@@QEAAXPEA_K0@Z
?QueryCacheSize@WRITEVIEW_CACHE@@UEAAXPEA_K0@Z
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?QueryChildren@DIGRAPH@@QEBAEKPEAVNUMBER_SET@@@Z
?QueryCluster@IFS_SYSTEM@@SAEPEAE@Z
?QueryClusterFunctionalLevel@IFS_SYSTEM@@SAEPEAK0@Z
?QueryCompressedInteger@BIG_INT@@QEBAXPEAE0@Z
?QueryContainingRange@NUMBER_SET@@QEBAEVBIG_INT@@PEAV2@1@Z
?QueryCorruptionState@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAKPEAEPEAJ@Z
?QueryDataRedundancyCount@DP_DRIVE@@UEAAJPEAK0@Z
?QueryDiscStatus@DP_DRIVE@@QEAAEPEAK0@Z
?QueryDisjointRange@NUMBER_SET@@QEBAXKPEAVBIG_INT@@0@Z
?QueryDisjointRangeAndAssignBuffer@TLINK@@QEAAPEAXPEAVBIG_INT@@PEAG1PEAXK2@Z
?QueryDriveHandle@DP_DRIVE@@QEBAPEAXXZ
?QueryDriveName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?QueryDriveType@DP_DRIVE@@QEBA?AW4DRIVE_TYPE@@XZ
?QueryEccBlockSizeInSectors@DP_DRIVE@@QEAAGXZ
?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z
?QueryFileSystemNameByHandle@IFS_SYSTEM@@SAEPEAXPEAVWSTRING@@PEAJ1@Z
?QueryFirstBlockInLastNonEmptySession@DP_DRIVE@@QEAAEPEAK@Z
?QueryFirstBlockInLastSession@DP_DRIVE@@QEAAEPEAK@Z
?QueryFreeBlocksInLastTrack@DP_DRIVE@@QEAAEPEAK@Z
?QueryFreeBlocksInLastTrack@DP_DRIVE@@SAEPEAXPEAK@Z
?QueryFreeDiskSpace@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAVBIG_INT@@@Z
?QueryHighestTrackAddress@DP_DRIVE@@QEAAEPEAK@Z
?QueryHotPlugInfo@DP_DRIVE@@QEBAEXZ
?QueryID@DP_DRIVE@@QEAAEPEAU_GUID@@PEBVWSTRING@@@Z
?QueryID@DP_DRIVE@@QEAAEPEAVWSTRING@@PEBV2@@Z
?QueryIsSystemPartition@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@PEAE@Z
?QueryIsSystemUEFI@IFS_SYSTEM@@SAEXZ
?QueryLastRecordedAddress@DP_DRIVE@@QEAAEPEAK@Z
?QueryLastWritableAddress@DP_DRIVE@@QEAAEPEAKW4NwaType@1@@Z
?QueryMediaByte@DP_DRIVE@@QEBAEXZ
?QueryMemberCount@TLINK@@QEBAGXZ
?QueryMemoryLimit@IO_DP_DRIVE@@QEAAEPEA_KPEAE@Z
?QueryMemoryLimit@WRITEVIEW_CACHE@@UEAAEPEA_KPEAE@Z
?QueryMrwSupport@DP_DRIVE@@SAEPEAX@Z
?QueryNextWritableAddress@DP_DRIVE@@QEAAEPEAKW4NwaType@1@@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SAJPEAXPEAE@Z
?QueryNtfsTime@IFS_SYSTEM@@SAXPEAT_LARGE_INTEGER@@@Z
?QueryNtfsVersion@IFS_SYSTEM@@SAEPEAE0PEAVLOG_IO_DP_DRIVE@@PEAX@Z
?QueryNumChildren@DIGRAPH@@QEBAKK@Z
?QueryNumParents@DIGRAPH@@QEBAKK@Z
?QueryNumber@NUMBER_SET@@QEBA?AVBIG_INT@@V2@@Z
?QueryOpenSessionBounds@DP_DRIVE@@QEAAEPEAK0@Z
?QueryPageSize@IFS_SYSTEM@@SAKXZ
?QueryParents@DIGRAPH@@QEBAEKPEAVNUMBER_SET@@@Z
?QueryParentsWithChildren@DIGRAPH@@QEBAEPEAVNUMBER_SET@@K@Z
?QueryPartitionInfo@DP_DRIVE@@UEAAEPEAU_PARTITION_INFORMATION_EX@@@Z
?QueryPersistentVolumeFlags@IFS_SYSTEM@@SAEPEAVWSTRING@@KPEAKPEAEPEAJ@Z
?QueryPhysicalSectorSize@DP_DRIVE@@QEAAKXZ
?QueryProcessPrivateMemory@IFS_SYSTEM@@SAEPEAXPEA_K@Z
?QueryProcessorInformation@IFS_SYSTEM@@SAEPEAVDSTRING@@PEAKPEA_K@Z
?QueryReadAndVerifiedUsage@IO_DP_DRIVE@@QEAAXPEA_K0@Z
?QueryReadCacheSize@DP_DRIVE@@UEAAJPEA_K@Z
?QueryReadUsage@IO_DP_DRIVE@@QEAAXPEA_K0@Z
?QueryRecommendedMediaType@DP_DRIVE@@QEBA?AW4_MEDIA_TYPE@@XZ
?QueryRewritableMOSupport@DP_DRIVE@@QEAAEXZ
?QuerySectorSize@DP_DRIVE@@UEBAKXZ
?QuerySectorSize@POW_CACHE@@QEAAKXZ
?QuerySectors@DP_DRIVE@@UEBA?AVBIG_INT@@XZ
?QueryServer@IFS_SYSTEM@@SAEPEAE@Z
?QuerySize@TLINK@@QEBAGXZ
?QuerySnapshotDiffAreaVolume@SNAPSHOT@@QEAAEPEAVWSTRING@@@Z
?QueryStorageAdapterProperty@IFS_SYSTEM@@SAEPEAXPEAVDSTRING@@1@Z
?QueryStorageDeviceProperty@IFS_SYSTEM@@SAEPEAXPEAVDSTRING@@11PEAE2@Z
?QuerySystemMemory@IFS_SYSTEM@@SAEPEAKPEA_K11@Z
?QuerySystemVersion@IFS_SYSTEM@@SAEPEAVDSTRING@@@Z
?QueryTierCount@DP_DRIVE@@UEAAJPEAK@Z
?QueryUdfMediaHasPow@DP_DRIVE@@QEAAEXZ
?QueryUdfMediaNeedsLowLevelFormat@DP_DRIVE@@QEAAEXZ
?QueryUdfMediaNeedsSparing@DP_DRIVE@@QEAAEXZ
?QueryUdfMediaNeedsVat@DP_DRIVE@@QEAAEXZ
?QueryUdfMediaSupportsBackgroundFormat@DP_DRIVE@@QEAAEXZ
?QueryUdfMediaSupportsQuickGrow@DP_DRIVE@@QEAAEXZ
?QueryUdfMediaType@DP_DRIVE@@QEAAKXZ
?QueryVerifyHandle@IO_DP_DRIVE@@QEAAPEAXXZ
?QueryVolumeBounds@DP_DRIVE@@QEAAEPEAK0@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@0@Z
?QueryVolumeSize@IFS_SYSTEM@@SAEPEBVWSTRING@@PEA_K@Z
?QueryWriteBlockSize@DP_DRIVE@@UEBAKXZ
?QueryWriteUsage@IO_DP_DRIVE@@QEAAXPEA_K0@Z
?Read@IO_DP_DRIVE@@QEAAEVBIG_INT@@KPEAX@Z
?Read@SECRUN@@UEAAEXZ
?ReadFormattableCapacity@DP_DRIVE@@QEAAEEPEAKPEAE0@Z
?Recover@VOL_LIODPDRV@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@@Z
?ReinitializeDriveParameters@DP_DRIVE@@QEAAEPEAVMESSAGE@@@Z
?ReinitiateBackgroundFormat@DP_DRIVE@@QEAAEXZ
?ReleaseVolumeSnapshot@SNAPSHOT@@SAEPEAV1@@Z
?Remove@NUMBER_SET@@QEAAEPEBV1@@Z
?Remove@NUMBER_SET@@QEAAEVBIG_INT@@0@Z
?Remove@NUMBER_SET@@QEAAEVBIG_INT@@@Z
?Remove@WRITEVIEW_CACHE@@QEAAXPEAVWRITEVIEW_CACHE_ENTRY@@@Z
?RemoveAll@NUMBER_SET@@QEAAEXZ
?RemoveAll@SPARSE_SET@@QEAAEXZ
?RemoveEdge@DIGRAPH@@QEAAEKK@Z
?ReverseCopy@INTSTACK@@QEAAEPEAV1@@Z
?SearchForMatch@DIGRAPH@@QEAAEKPEAVBITVECTOR@@PEAVNUMBER_SET@@PEAEPEAVBIG_INT@@@Z
?SendPowLowLevelFormat@DP_DRIVE@@QEAAEPEAVMESSAGE@@@Z
?SendSonyMSFormatCmd@DP_DRIVE@@QEAAEE@Z
?SendSonyMSInquiryCmd@DP_DRIVE@@QEAAEPEAUSONY_MS_INQUIRY_DATA@@@Z
?SendSonyMSModeSenseCmd@DP_DRIVE@@QEAAEPEAUSONY_MS_MODE_SENSE_DATA@@@Z
?SendSonyMSRequestSenseCmd@DP_DRIVE@@QEAAEPEAU_SENSE_DATA@@@Z
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QEAAEPEAU_SENSE_DATA@@@Z
?Set@BIG_INT@@QEAAXEPEBE@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SAEK@Z
?SetCache@IO_DP_DRIVE@@QEAAXPEAVDRIVE_CACHE@@@Z
?SetDaxAttribute@IO_DP_DRIVE@@QEAA?AW4FORMAT_ERROR_CODE@@E@Z
?SetFileSystemName@VOL_LIODPDRV@@QEAAEPEBG@Z
?SetIoErrorDisplayFlags@IO_DP_DRIVE@@QEAAXK@Z
?SetIsSystemPartition@MOUNT_POINT_MAP@@QEAAEPEAVWSTRING@@E@Z
?SetLastStatus@DP_DRIVE@@QEAAXJ@Z
?SetPersistentVolumeFlags@IFS_SYSTEM@@SAEPEAVWSTRING@@KKPEAEPEAJ@Z
?SetPhaseSubPhase@DRIVE_CACHE@@SAXPEAG0@Z
?SetPowTrackConfiguration@DP_DRIVE@@QEAAEE@Z
?SetSectors@DP_DRIVE@@QEAAXVBIG_INT@@@Z
?SetSystemId@LOG_IO_DP_DRIVE@@QEAAEE@Z
?SetVerifyHandle@IO_DP_DRIVE@@QEAAPEAXPEAX@Z
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@@Z
?ShellSort@TLINK@@QEAAXXZ
?Sort@TLINK@@QEAAXXZ
?SqmExport@BLOCK_CACHE@@UEAAEP6AEPEAXKEPEADZZ0@Z
?SqmExport@IO_DP_DRIVE@@QEAAEPEBVWSTRING@@P6AEPEAXKEPEADZZ1@Z
?SqmExport@WRITEVIEW_CACHE@@UEAAEP6AEPEAXKEPEADZZ0@Z
?Subtract@NUMBER_SET@@QEAAEPEAV1@0@Z
?TraverseLinkList@TLINK@@QEAAXXZ
?Verify@IO_DP_DRIVE@@QEAAEVBIG_INT@@0@Z
?Verify@IO_DP_DRIVE@@QEAAEVBIG_INT@@0PEAVNUMBER_SET@@@Z
?VerifyRead@IO_DP_DRIVE@@QEAAEVBIG_INT@@KPEAX@Z
?VerifyRead@SECRUN@@UEAAEPEAE@Z
?WaitForUnit@DP_DRIVE@@QEAAEPEAVMESSAGE@@@Z
?WaitForWriteCompletion@DP_DRIVE@@QEAAEPEAVMESSAGE@@@Z
?Write@IO_DP_DRIVE@@QEAAEVBIG_INT@@KPEAX@Z
?Write@SECRUN@@UEAAEXZ
?WriteEntireDrive@VOL_LIODPDRV@@UEAA?AW4FORMAT_ERROR_CODE@@PEAVMESSAGE@@PEAXKII@Z
?WriteToFile@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAXKE@Z
GetDefaultFileSystemIfs
InvalidateFve
NotifyFveAfterFormat
QueryPersistRegistryKeyValueWithFallback
RegisterExtensionCallbacks
RestoreThreadExecutionState
WritePersistRegistryKeyValue
Sections
.text Size: 155KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 80B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 528B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
setup.msi.msi
-
setupcln/ReAgent.dll.dll windows:10 windows x64 arch:x64
69b8547cc70479063e783239d816f920
Code Sign
33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/12/2020, 21:29Not After02/12/2021, 21:29SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8b:26:d3:ce:fc:97:3c:60:a9:d3:0a:be:0a:8c:9f:6e:ee:61:3b:f8:19:97:05:91:79:61:b2:e9:75:25:2b:96Signer
Actual PE Digest8b:26:d3:ce:fc:97:3c:60:a9:d3:0a:be:0a:8c:9f:6e:ee:61:3b:f8:19:97:05:91:79:61:b2:e9:75:25:2b:96Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
ReAgent.pdb
Imports
msvcrt
wcschr
??1type_info@@UEAA@XZ
_purecall
?terminate@@YAXXZ
_CxxThrowException
_wcsnicmp
atol
_atoi64
_vsnprintf
wcsrchr
__CxxFrameHandler3
??0exception@@QEAA@AEBV0@@Z
memcmp
memcpy
memmove
?what@exception@@UEBAPEBDXZ
strcmp
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
_wtoi64
_wcsicmp
_vsnwprintf
free
_onexit
__dllonexit
_unlock
_lock
swscanf_s
wcsncmp
wcsnlen
wcsstr
memcpy_s
_wcslwr
qsort
towupper
strcpy_s
_wcsupr
wcstoul
memmove_s
iswspace
wcscpy_s
wcscat_s
swprintf_s
_ultow_s
_vsnwprintf_s
_snwscanf_s
strncmp
wprintf
_vscwprintf
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
memset
wcscmp
ntdll
ZwOpenMutant
ZwClose
RtlAppendUnicodeToString
ZwQueryAttributesFile
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwCreateKey
ZwLoadKey
RtlAddAccessAllowedAceEx
RtlAllocateAndInitializeSid
RtlLengthSid
ZwDeleteValueKey
RtlFreeSid
ZwDeleteKey
ZwEnumerateKey
ZwQueryValueKey
RtlCreateAcl
ZwSetSecurityObject
ZwUnloadKey
RtlCreateSecurityDescriptor
ZwSetValueKey
ZwOpenKey
ZwAllocateUuids
LdrGetProcedureAddress
LdrGetDllHandle
ZwQueryInformationProcess
RtlInitAnsiString
ZwQueryInformationFile
ZwOpenProcess
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
ZwOpenFile
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
NtOpenSymbolicLinkObject
NtOpenKey
NtQuerySymbolicLinkObject
NtDeviceIoControlFile
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
RtlCompareMemory
NtYieldExecution
ZwQueryKey
ZwWaitForSingleObject
RtlStringFromGUID
RtlFreeUnicodeString
ZwQuerySystemInformation
NtQuerySystemInformation
NtAdjustPrivilegesToken
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNtStatusToDosError
RtlGUIDFromString
RtlRaiseStatus
NtClose
RtlInitUnicodeString
RtlAdjustPrivilege
RtlFreeHeap
RtlGetLastNtStatus
RtlSetControlSecurityDescriptor
RtlFindAceByType
RtlReAllocateHeap
DbgPrintEx
RtlDeleteResource
RtlReleaseResource
RtlAcquireResourceShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlImpersonateSelf
NtSetEaFile
NtCreateFile
NtSetInformationFile
NtQueryInformationProcess
NtQueryVolumeInformationFile
NtQueryInformationFile
RtlAllocateHeap
NtOpenFile
RtlDosPathNameToNtPathName_U
NtSetSecurityObject
ZwReleaseMutant
kernel32
GetFileInformationByHandleEx
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetLongPathNameW
IsDebuggerPresent
DebugBreak
AcquireSRWLockShared
CreateMutexExW
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
GetLastError
SetLastError
GetProcessHeap
HeapFree
TlsGetValue
HeapAlloc
GetSystemDirectoryW
CreateFileW
CloseHandle
GetFileAttributesExW
GetVolumeNameForVolumeMountPointW
DeviceIoControl
FindFirstVolumeW
GetDriveTypeW
GetDiskFreeSpaceExW
FindNextVolumeW
FindVolumeClose
GetFileAttributesW
GetFullPathNameW
GetVolumePathNameW
MultiByteToWideChar
GetFileSize
ReadFile
SetEndOfFile
WriteFile
FlushFileBuffers
MoveFileExW
SetFileAttributesW
DeleteFileW
OpenSemaphoreW
CopyFileW
GetVersionExW
CopyFileExW
GetSystemWindowsDirectoryW
GetWindowsDirectoryW
GetTempPathW
CreateDirectoryW
GetFileSizeEx
GetModuleHandleW
GetProcAddress
GetTickCount64
CompareStringW
FindFirstFileW
FindNextFileW
FindClose
GetVolumePathNamesForVolumeNameW
WaitForSingleObject
WritePrivateProfileStringW
GetPrivateProfileStringW
GetFileInformationByHandle
SetFirmwareEnvironmentVariableW
LoadLibraryExW
FreeLibrary
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleHandleExW
GetHandleInformation
SetFilePointerEx
GetEnvironmentVariableW
GetOverlappedResult
EnterCriticalSection
SleepConditionVariableSRW
LocalFree
DeleteCriticalSection
RaiseException
SetThreadIdealProcessor
GetCurrentThread
SetFilePointer
InitializeCriticalSection
HeapReAlloc
SetFileInformationByHandle
GetVolumeInformationW
GetFinalPathNameByHandleW
CreateEventW
InitializeCriticalSectionAndSpinCount
LockFileEx
UnlockFileEx
LocalAlloc
GetModuleFileNameW
FormatMessageW
ReleaseMutex
WideCharToMultiByte
OpenProcess
DuplicateHandle
GetPrivateProfileSectionW
WaitForMultipleObjects
ReleaseSemaphore
SetEvent
CreateSemaphoreW
CreateThread
GetVolumeInformationByHandleW
GlobalMemoryStatusEx
WaitForMultipleObjectsEx
ResetEvent
CreateSemaphoreExW
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
LoadLibraryW
CreateProcessW
GetExitCodeProcess
SetVolumeMountPointW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
VirtualProtect
GetFirmwareEnvironmentVariableW
LoadLibraryExA
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
Sleep
TlsFree
TlsSetValue
TlsAlloc
VirtualQuery
GetSystemInfo
WakeAllConditionVariable
LeaveCriticalSection
VirtualFree
RemoveDirectoryW
VirtualAlloc
bcrypt
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptOpenAlgorithmProvider
cabinet
ord20
ord22
ord23
advapi32
OpenThreadToken
GetAclInformation
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegEnumValueW
EventWriteTransfer
EventUnregister
EventRegister
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
SetNamedSecurityInfoW
AddAccessAllowedAceEx
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
RegCreateKeyExW
InitiateSystemShutdownExW
RegUnLoadKeyW
RegLoadKeyW
RegSetValueExW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegGetValueW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
DuplicateTokenEx
RegDeleteTreeW
TraceMessage
SetThreadToken
EventWrite
RegDeleteKeyExW
RevertToSelf
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
user32
CharUpperW
LoadStringW
imagehlp
ImageNtHeader
ole32
CoCreateInstance
CoUninitialize
StringFromCLSID
CoInitializeEx
CoCreateGuid
CoInitialize
CoTaskMemFree
CLSIDFromString
oleaut32
SysFreeString
SysAllocString
VariantClear
VariantInit
rpcrt4
UuidCompare
UuidToStringW
RpcStringFreeW
UuidCreate
Exports
Exports
WinRECheckGuid
WinREUseNewPBRImage
WinRE_Generalize
WinRE_Specialize
WinRE_Specialize_Offline
WinReAddTrustedBootApp
WinReClearBootApp
WinReClearError
WinReClearOemImagePath
WinReConfigureTask
WinReCopyDiagnosticFiles
WinReCopyLogFilesToRamdisk
WinReCreateLogInstance
WinReCreateLogInstanceEx
WinReDeleteLogFiles
WinReGetConfig
WinReGetCustomization
WinReGetError
WinReGetLogDirPath
WinReGetTrustedBootApps
WinReGetWIMInfo
WinReHashBootApp
WinReHashWimFile
WinReInitiateOfflineScanning
WinReInstall
WinReInstallOnTargetOS
WinReIsInstalledOnSystemPartition
WinReIsWimBootEnabled
WinReIsWinPE
WinReOobeInstall
WinReOpenLogInstance
WinRePostBCDRepair
WinReQueueRecoveryBoot
WinReReinstall
WinReRemoveTrustedBootApp
WinReRepair
WinReRestoreConfigAfterPBR
WinReRestoreLogFiles
WinReSetBootApp
WinReSetConfig
WinReSetCustomization
WinReSetError
WinReSetNarratorScheduled
WinReSetRecoveryAction
WinReSetTriggerFile
WinReSetupBackupWinRE
WinReSetupCheckWinRE
WinReSetupInstall
WinReSetupMigrateData
WinReSetupRemoveWinRE
WinReSetupRestoreWinREEx
WinReSetupSetImage
WinReUnInstall
WinReUpdateLogInstance
WinReValidateRecoveryWim
WinReValidateWimFile
winreFindInstallMedia
winreGetBinaryArch
Sections
.text Size: 752KB - Virtual size: 751KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 296KB - Virtual size: 296KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
setupcln/perfdisk.dll.dll windows:10 windows x64 arch:x64
e7d11a3569d92706ecf2a740a57b7cf6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
perfdisk.pdb
Imports
msvcrt
__C_specific_handler
memmove
_initterm
malloc
memcpy
_amsg_exit
_XcptFilter
towupper
_wtol
_wcsnicmp
wcsstr
_ltow_s
_vsnwprintf
wcsncmp
free
memset
ntdll
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryValueKey
NtOpenKey
NtOpenFile
NtQueryVolumeInformationFile
RtlVirtualUnwind
NtDeviceIoControlFile
RtlInitUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtClose
NtQuerySystemInformation
RtlNtStatusToDosError
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
SetErrorMode
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleW
FreeLibraryAndExitThread
GetModuleHandleExW
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventUnregister
EventRegister
api-ms-win-core-synch-l1-1-0
WaitForSingleObject
SetEvent
CreateEventW
api-ms-win-core-profile-l1-1-0
QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
CreateThread
GetCurrentThreadId
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
api-ms-win-core-file-l1-1-0
CreateFileW
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-synch-l1-2-0
Sleep
wmiclnt
WmiCloseBlock
WmiOpenBlock
WmiQueryAllDataW
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
CloseDiskObject
CollectDiskObjectData
OpenDiskObject
Sections
.text Size: 23KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 816B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 120B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 116B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
setupcln/setupcln.dll.dll regsvr32 windows:10 windows x64 arch:x64
215b924634cd15660a8ce3b0864922d2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
setupcln.pdb
Imports
msvcrt
_onexit
__CxxFrameHandler3
memset
wcsncmp
_errno
_unlock
__dllonexit
_lock
??1type_info@@UEAA@XZ
wprintf
_wtof
wcstoul
?terminate@@YAXXZ
_initterm
_wtoi
_amsg_exit
_wcsnicmp
_XcptFilter
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
memmove
memcpy
malloc
free
wcscpy_s
_vsnwprintf
_wcsicmp
_vsnprintf
__C_specific_handler
wcsrchr
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
wcschr
memcpy_s
sprintf_s
wcscmp
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetErrorMode
SetErrorMode
GetLastError
SetLastError
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-registry-l1-1-0
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegGetValueW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyExW
RegEnumValueW
RegCloseKey
RegDeleteTreeW
RegQueryInfoKeyW
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister
api-ms-win-core-heap-l1-1-0
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
HeapSize
api-ms-win-core-libraryloader-l1-2-0
LockResource
GetModuleHandleW
FindResourceExW
SizeofResource
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
LoadResource
GetModuleFileNameA
GetModuleFileNameW
rpcrt4
UuidCreate
api-ms-win-core-synch-l1-1-0
OpenMutexW
WaitForSingleObject
ReleaseMutex
CreateMutexW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseSemaphore
CreateSemaphoreExW
api-ms-win-core-string-l1-1-0
CompareStringW
MultiByteToWideChar
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId
ExitProcess
TerminateProcess
api-ms-win-core-file-l1-1-0
GetFinalPathNameByHandleW
GetLongPathNameW
SetFileInformationByHandle
CreateDirectoryW
FindNextFileW
SetFileAttributesW
FindFirstFileW
RemoveDirectoryW
DeleteFileW
GetFullPathNameW
GetDiskFreeSpaceW
GetFileAttributesW
FindClose
CreateFileW
GetFileInformationByHandle
api-ms-win-core-file-l2-1-0
MoveFileExW
GetFileInformationByHandleEx
api-ms-win-core-com-l1-1-0
CLSIDFromString
CoGetMalloc
CoInitializeEx
CoUninitialize
StringFromGUID2
CoCreateGuid
api-ms-win-core-sysinfo-l1-1-0
GetWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-core-string-l2-1-0
IsCharAlphaNumericW
IsCharAlphaW
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
GetCurrentDirectoryW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
OutputDebugStringW
DebugBreak
OutputDebugStringA
api-ms-win-core-kernel32-legacy-l1-1-0
WTSGetActiveConsoleSessionId
user32
MessageBoxW
wdscore
CurrentIP
WdsSetupLogMessageW
ConstructPartialMsgVW
WdsTerminate
WdsInitialize
wintrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
crypt32
CertVerifyCertificateChainPolicy
vssapi
VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal
api-ms-win-security-base-l1-1-0
ImpersonateLoggedOnUser
AdjustTokenPrivileges
RevertToSelf
api-ms-win-core-heap-l2-1-0
GlobalFree
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-file-l1-2-0
GetTempPathW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-security-lsalookup-l2-1-0
LookupPrivilegeValueW
api-ms-win-core-file-l2-1-2
CopyFileW
winhttp
WinHttpSetCredentials
WinHttpGetDefaultProxyConfiguration
WinHttpReceiveResponse
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryDataAvailable
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryAuthSchemes
WinHttpOpen
WinHttpSendRequest
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReadData
api-ms-win-core-version-l1-1-1
GetFileVersionInfoW
GetFileVersionInfoSizeW
api-ms-win-core-version-l1-1-0
VerQueryValueW
api-ms-win-security-credentials-l1-1-0
CredReadW
ntdll
RtlInitUnicodeString
NtQueryLicenseValue
RtlNtStatusToDosError
NtSetInformationFile
NtOpenFile
RtlAllocateHeap
NtQueryInformationToken
RtlFreeHeap
version
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
wtsapi32
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 108KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 336B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
setupcln/shlwapi.dll.dll windows:10 windows x64 arch:x64
b9caba56c3d01e42910aad421dff25d2
Code Sign
33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before05/05/2022, 19:23Not After04/05/2023, 19:23SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5c:b7:fc:99:63:60:b2:e9:27:9d:25:6c:0c:b0:19:89:f0:2c:4a:69:80:d1:59:13:98:9b:81:8a:59:fd:7f:91Signer
Actual PE Digest5c:b7:fc:99:63:60:b2:e9:27:9d:25:6c:0c:b0:19:89:f0:2c:4a:69:80:d1:59:13:98:9b:81:8a:59:fd:7f:91Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
shlwapi.pdb
Imports
ntdll
wcschr
EtwEventEnabled
EtwEventRegister
_wcsicmp
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
_vsnwprintf
memmove
EtwGetTraceLoggerHandle
EtwEventWrite
RtlNtStatusToDosError
NtClose
NtQueryInformationToken
NtOpenProcessToken
_vsnprintf
memcpy_s
EtwEventUnregister
__chkstk
memcmp
memcpy
memset
msvcrt
free
_XcptFilter
__CxxFrameHandler3
_onexit
__dllonexit
_get_errno
_unlock
_lock
_set_errno
__C_specific_handler
_initterm
malloc
_amsg_exit
api-ms-win-core-string-l2-1-1
SHLoadIndirectString
api-ms-win-core-libraryloader-l1-2-0
LoadResource
GetProcAddress
GetModuleHandleW
FindResourceExW
LoadLibraryExW
GetModuleFileNameA
SizeofResource
LockResource
GetModuleFileNameW
LoadStringA
FreeLibrary
GetModuleHandleExW
LoadLibraryExA
LoadStringW
DisableThreadLibraryCalls
api-ms-win-core-synch-l1-1-0
ReleaseSemaphore
WaitForSingleObjectEx
WaitForSingleObject
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
ReleaseMutex
CreateMutexExW
CreateEventExW
SetEvent
CreateSemaphoreExW
AcquireSRWLockShared
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapFree
HeapAlloc
api-ms-win-core-errorhandling-l1-1-0
SetErrorMode
SetLastError
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentThread
OpenThreadToken
GetCurrentProcessId
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
api-ms-win-core-localization-l1-2-0
GetLocaleInfoW
LCMapStringA
SetThreadPreferredUILanguages
LCMapStringW
FormatMessageA
FormatMessageW
IsDBCSLeadByte
GetThreadPreferredUILanguages
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-heap-l2-1-0
GlobalFree
GlobalAlloc
LocalReAlloc
LocalAlloc
LocalFree
api-ms-win-core-file-l1-1-0
SetFileAttributesA
SetFileTime
GetFileAttributesA
FindNextFileW
FindClose
FindNextFileA
FindFirstFileA
GetFileAttributesW
SetFileAttributesW
CreateFileW
CreateFileA
FindFirstFileW
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemDirectoryW
GetWindowsDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryW
GetSystemTimeAsFileTime
api-ms-win-core-processenvironment-l1-1-0
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetEnvironmentVariableA
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegOpenCurrentUser
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyExW
api-ms-win-core-path-l1-1-0
PathCchRemoveFileSpec
api-ms-win-core-version-l1-1-0
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceExecuteOnce
api-ms-win-security-base-l1-1-0
GetTokenInformation
GetSidSubAuthority
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-url-l1-1-0
UrlCombineA
UrlIsOpaqueA
UrlApplySchemeW
UrlCanonicalizeW
UrlCompareA
PathCreateFromUrlA
GetAcceptLanguagesA
HashData
IsInternetESCEnabled
PathCreateFromUrlAlloc
UrlUnescapeW
UrlCombineW
UrlIsNoHistoryA
UrlIsNoHistoryW
ParseURLA
UrlHashA
PathCreateFromUrlW
UrlApplySchemeA
UrlGetPartA
UrlIsW
PathIsURLW
UrlUnescapeA
UrlGetLocationW
UrlHashW
GetAcceptLanguagesW
UrlCompareW
UrlIsA
PathIsURLA
UrlEscapeW
UrlEscapeA
UrlIsOpaqueW
UrlGetPartW
UrlFixupW
UrlCanonicalizeA
UrlGetLocationA
ParseURLW
UrlCreateFromPathA
UrlCreateFromPathW
api-ms-win-core-registryuserspecific-l1-1-0
SHRegQueryUSValueA
SHRegEnumUSKeyW
SHRegCreateUSKeyA
SHRegDeleteUSValueA
SHRegEnumUSValueA
SHRegCloseUSKey
SHRegDeleteUSValueW
SHRegGetBoolUSValueA
SHRegOpenUSKeyA
SHRegCreateUSKeyW
SHRegEnumUSValueW
SHRegGetUSValueW
SHRegGetBoolUSValueW
SHRegEnumUSKeyA
SHRegWriteUSValueW
SHRegGetUSValueA
SHRegSetUSValueW
SHRegWriteUSValueA
SHRegQueryInfoUSKeyA
SHRegSetUSValueA
SHRegDeleteEmptyUSKeyA
SHRegQueryUSValueW
SHRegDeleteEmptyUSKeyW
SHRegOpenUSKeyW
SHRegQueryInfoUSKeyW
api-ms-win-core-sidebyside-l1-1-0
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
api-ms-win-core-shlwapi-legacy-l1-1-0
PathGetArgsA
PathIsUNCServerA
PathRemoveBackslashW
PathUnExpandEnvStringsA
PathIsUNCServerShareW
PathIsRootA
PathIsPrefixA
PathRenameExtensionW
PathCommonPrefixW
PathParseIconLocationA
PathIsSameRootW
PathFindExtensionA
IsCharBlankW
PathIsSameRootA
PathSkipRootA
PathGetCharTypeA
PathIsLFNFileSpecW
PathFindExtensionW
PathIsUNCServerShareA
PathStripToRootA
PathGetDriveNumberA
SHExpandEnvironmentStringsA
PathSkipRootW
PathAddBackslashA
PathStripPathW
PathUnquoteSpacesW
PathAppendW
PathIsUNCW
PathIsRelativeW
PathStripPathA
PathSearchAndQualifyW
PathCanonicalizeW
PathMatchSpecExW
PathIsRootW
PathMatchSpecA
PathRemoveBackslashA
PathIsFileSpecW
PathRemoveExtensionA
PathUnExpandEnvStringsW
PathRemoveFileSpecA
PathIsUNCServerW
PathFindNextComponentW
PathFileExistsA
PathRemoveBlanksA
PathGetCharTypeW
PathAddExtensionW
PathFileExistsW
PathIsFileSpecA
PathGetArgsW
PathAddBackslashW
PathIsPrefixW
PathAddExtensionA
PathSearchAndQualifyA
PathRelativePathToW
PathRenameExtensionA
PathUnquoteSpacesA
IsCharPunctW
PathFindNextComponentA
IsCharSpaceW
SHTruncateString
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindFileNameW
IsCharSpaceA
IsCharCntrlW
PathCombineW
IsCharDigitW
PathFindFileNameA
PathIsRelativeA
PathIsUNCA
PathQuoteSpacesW
SHExpandEnvironmentStringsW
PathMatchSpecExA
PathRelativePathToA
PathAppendA
PathCanonicalizeA
PathCommonPrefixA
PathRemoveBlanksW
PathCombineA
PathStripToRootW
PathGetDriveNumberW
PathIsLFNFileSpecA
PathQuoteSpacesA
PathMatchSpecW
PathParseIconLocationW
IsCharXDigitW
api-ms-win-core-kernel32-legacy-l1-1-0
MulDiv
api-ms-win-core-threadpool-legacy-l1-1-0
CreateTimerQueueTimer
DeleteTimerQueueTimer
api-ms-win-core-shlwapi-obsolete-l1-1-0
StrPBrkA
StrCSpnIA
StrPBrkW
StrCmpNA
StrCmpNCW
StrToIntW
StrCmpNICW
StrToInt64ExA
StrStrIW
StrCSpnIW
StrChrA
StrIsIntlEqualA
StrStrIA
StrCatChainW
StrDupW
StrCmpNW
StrCmpLogicalW
StrRStrIW
StrCmpW
StrStrNW
StrCpyNW
StrChrNIW
StrRChrA
StrCmpNIW
StrCmpNIA
StrToIntA
StrTrimA
StrSpnA
StrCmpCA
StrCpyNXA
StrSpnW
StrCmpIW
StrRChrIW
StrChrIA
StrCmpCW
QISearch
StrStrW
StrIsIntlEqualW
StrCmpNICA
StrToIntExA
StrCmpNCA
StrCSpnA
StrCatBuffW
StrDupA
StrTrimW
StrRChrIA
StrChrW
StrCatBuffA
StrStrNIW
StrRStrIA
StrToIntExW
StrCSpnW
StrCpyNXW
StrChrNW
StrRChrW
StrStrA
StrChrIW
StrCmpICA
StrCmpICW
StrToInt64ExW
api-ms-win-core-stringansi-l1-1-0
CharNextA
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
lstrcmpW
lstrlenW
lstrcmpA
lstrcmpiA
lstrlenA
api-ms-win-core-localization-obsolete-l1-2-0
GetUserDefaultUILanguage
CompareStringA
api-ms-win-core-versionansi-l1-1-0
GetFileVersionInfoExA
GetFileVersionInfoSizeExA
VerQueryValueA
api-ms-win-core-heap-obsolete-l1-1-0
GlobalLock
LocalSize
GlobalUnlock
api-ms-win-core-privateprofile-l1-1-0
GetPrivateProfileStringW
WritePrivateProfileStringW
kernelbase
ChrCmpIW
ChrCmpIA
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
AssocCreate
AssocGetPerceivedType
AssocIsDangerous
AssocQueryKeyA
AssocQueryKeyW
AssocQueryStringA
AssocQueryStringByKeyA
AssocQueryStringByKeyW
AssocQueryStringW
ChrCmpIA
ChrCmpIW
ColorAdjustLuma
ColorHLSToRGB
ColorRGBToHLS
ConnectToConnectionPoint
DelayLoadFailureHook
DllGetClassObject
DllGetVersion
GUIDFromStringW
GetAcceptLanguagesA
GetAcceptLanguagesW
GetMenuPosFromID
HashData
IStream_Copy
IStream_Read
IStream_ReadPidl
IStream_ReadStr
IStream_Reset
IStream_Size
IStream_Write
IStream_WritePidl
IStream_WriteStr
IUnknown_AtomicRelease
IUnknown_Exec
IUnknown_GetSite
IUnknown_GetWindow
IUnknown_QueryService
IUnknown_QueryStatus
IUnknown_Set
IUnknown_SetSite
IntlStrEqWorkerA
IntlStrEqWorkerW
IsCharSpaceA
IsCharSpaceW
IsInternetESCEnabled
IsOS
MLLoadLibraryA
MLLoadLibraryW
ParseURLA
ParseURLW
PathAddBackslashA
PathAddBackslashW
PathAddExtensionA
PathAddExtensionW
PathAppendA
PathAppendW
PathBuildRootA
PathBuildRootW
PathCanonicalizeA
PathCanonicalizeW
PathCombineA
PathCombineW
PathCommonPrefixA
PathCommonPrefixW
PathCompactPathA
PathCompactPathExA
PathCompactPathExW
PathCompactPathW
PathCreateFromUrlA
PathCreateFromUrlAlloc
PathCreateFromUrlW
PathFileExistsA
PathFileExistsAndAttributesW
PathFileExistsW
PathFindExtensionA
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathFindNextComponentA
PathFindNextComponentW
PathFindOnPathA
PathFindOnPathW
PathFindSuffixArrayA
PathFindSuffixArrayW
PathGetArgsA
PathGetArgsW
PathGetCharTypeA
PathGetCharTypeW
PathGetDriveNumberA
PathGetDriveNumberW
PathIsContentTypeA
PathIsContentTypeW
PathIsDirectoryA
PathIsDirectoryEmptyA
PathIsDirectoryEmptyW
PathIsDirectoryW
PathIsFileSpecA
PathIsFileSpecW
PathIsLFNFileSpecA
PathIsLFNFileSpecW
PathIsNetworkPathA
PathIsNetworkPathW
PathIsPrefixA
PathIsPrefixW
PathIsRelativeA
PathIsRelativeW
PathIsRootA
PathIsRootW
PathIsSameRootA
PathIsSameRootW
PathIsSystemFolderA
PathIsSystemFolderW
PathIsUNCA
PathIsUNCServerA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathIsUNCServerW
PathIsUNCW
PathIsURLA
PathIsURLW
PathMakePrettyA
PathMakePrettyW
PathMakeSystemFolderA
PathMakeSystemFolderW
PathMatchSpecA
PathMatchSpecExA
PathMatchSpecExW
PathMatchSpecW
PathParseIconLocationA
PathParseIconLocationW
PathQuoteSpacesA
PathQuoteSpacesW
PathRelativePathToA
PathRelativePathToW
PathRemoveArgsA
PathRemoveArgsW
PathRemoveBackslashA
PathRemoveBackslashW
PathRemoveBlanksA
PathRemoveBlanksW
PathRemoveExtensionA
PathRemoveExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathRenameExtensionA
PathRenameExtensionW
PathSearchAndQualifyA
PathSearchAndQualifyW
PathSetDlgItemPathA
PathSetDlgItemPathW
PathSkipRootA
PathSkipRootW
PathStripPathA
PathStripPathW
PathStripToRootA
PathStripToRootW
PathUnExpandEnvStringsA
PathUnExpandEnvStringsW
PathUndecorateA
PathUndecorateW
PathUnmakeSystemFolderA
PathUnmakeSystemFolderW
PathUnquoteSpacesA
PathUnquoteSpacesW
QISearch
SHAllocShared
SHAnsiToAnsi
SHAnsiToUnicode
SHAutoComplete
SHCopyKeyA
SHCopyKeyW
SHCreateMemStream
SHCreateShellPalette
SHCreateStreamOnFileA
SHCreateStreamOnFileEx
SHCreateStreamOnFileW
SHCreateStreamWrapper
SHCreateThread
SHCreateThreadRef
SHCreateThreadWithHandle
SHCreateWorkerWindowW
SHDeleteEmptyKeyA
SHDeleteEmptyKeyW
SHDeleteKeyA
SHDeleteKeyW
SHDeleteOrphanKeyA
SHDeleteOrphanKeyW
SHDeleteValueA
SHDeleteValueW
SHEnumKeyExA
SHEnumKeyExW
SHEnumValueA
SHEnumValueW
SHFormatDateTimeA
SHFormatDateTimeW
SHFreeShared
SHGetInverseCMAP
SHGetThreadRef
SHGetValueA
SHGetValueW
SHGetViewStatePropertyBag
SHIsChildOrSelf
SHIsLowMemoryMachine
SHLoadIndirectString
SHLockShared
SHMessageBoxCheckA
SHMessageBoxCheckW
SHOpenRegStream2A
SHOpenRegStream2W
SHOpenRegStreamA
SHOpenRegStreamW
SHPackDispParamsV
SHPinDllOfCLSID
SHPropertyBag_ReadStrAlloc
SHPropertyBag_WriteBSTR
SHQueryInfoKeyA
SHQueryInfoKeyW
SHQueryValueExA
SHQueryValueExW
SHRegCloseUSKey
SHRegCreateUSKeyA
SHRegCreateUSKeyW
SHRegDeleteEmptyUSKeyA
SHRegDeleteEmptyUSKeyW
SHRegDeleteUSValueA
SHRegDeleteUSValueW
SHRegDuplicateHKey
SHRegEnumUSKeyA
SHRegEnumUSKeyW
SHRegEnumUSValueA
SHRegEnumUSValueW
SHRegGetBoolUSValueA
SHRegGetBoolUSValueW
SHRegGetBoolValueFromHKCUHKLM
SHRegGetIntW
SHRegGetPathA
SHRegGetPathW
SHRegGetUSValueA
SHRegGetUSValueW
SHRegGetValueA
SHRegGetValueFromHKCUHKLM
SHRegGetValueW
SHRegOpenUSKeyA
SHRegOpenUSKeyW
SHRegQueryInfoUSKeyA
SHRegQueryInfoUSKeyW
SHRegQueryUSValueA
SHRegQueryUSValueW
SHRegSetPathA
SHRegSetPathW
SHRegSetUSValueA
SHRegSetUSValueW
SHRegWriteUSValueA
SHRegWriteUSValueW
SHRegisterValidateTemplate
SHReleaseThreadRef
SHRunIndirectRegClientCommand
SHSendMessageBroadcastA
SHSendMessageBroadcastW
SHSetThreadRef
SHSetValueA
SHSetValueW
SHSkipJunction
SHStrDupA
SHStrDupW
SHStripMneumonicA
SHStripMneumonicW
SHUnicodeToAnsi
SHUnicodeToAnsiCP
SHUnicodeToUnicode
SHUnlockShared
ShellMessageBoxA
ShellMessageBoxW
StrCSpnA
StrCSpnIA
StrCSpnIW
StrCSpnW
StrCatBuffA
StrCatBuffW
StrCatChainW
StrCatW
StrChrA
StrChrIA
StrChrIW
StrChrNIW
StrChrNW
StrChrW
StrCmpCA
StrCmpCW
StrCmpICA
StrCmpICW
StrCmpIW
StrCmpLogicalW
StrCmpNA
StrCmpNCA
StrCmpNCW
StrCmpNIA
StrCmpNICA
StrCmpNICW
StrCmpNIW
StrCmpNW
StrCmpW
StrCpyNW
StrCpyW
StrDupA
StrDupW
StrFormatByteSize64A
StrFormatByteSizeA
StrFormatByteSizeEx
StrFormatByteSizeW
StrFormatKBSizeA
StrFormatKBSizeW
StrFromTimeIntervalA
StrFromTimeIntervalW
StrIsIntlEqualA
StrIsIntlEqualW
StrNCatA
StrNCatW
StrPBrkA
StrPBrkW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrRetToBSTR
StrRetToBufA
StrRetToBufW
StrRetToStrA
StrRetToStrW
StrSpnA
StrSpnW
StrStrA
StrStrIA
StrStrIW
StrStrNIW
StrStrNW
StrStrW
StrToInt64ExA
StrToInt64ExW
StrToIntA
StrToIntExA
StrToIntExW
StrToIntW
StrTrimA
StrTrimW
UrlApplySchemeA
UrlApplySchemeW
UrlCanonicalizeA
UrlCanonicalizeW
UrlCombineA
UrlCombineW
UrlCompareA
UrlCompareW
UrlCreateFromPathA
UrlCreateFromPathW
UrlEscapeA
UrlEscapeW
UrlFixupW
UrlGetLocationA
UrlGetLocationW
UrlGetPartA
UrlGetPartW
UrlHashA
UrlHashW
UrlIsA
UrlIsNoHistoryA
UrlIsNoHistoryW
UrlIsOpaqueA
UrlIsOpaqueW
UrlIsW
UrlUnescapeA
UrlUnescapeW
WhichPlatform
wnsprintfA
wnsprintfW
wvnsprintfA
wvnsprintfW
Sections
.text Size: 178KB - Virtual size: 178KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 125KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
srclient/ReInfo.dll.dll windows:10 windows x64 arch:x64
a9b073efbb798425ec12638924bf2b2e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
ReInfo.pdb
Imports
msvcrt
_amsg_exit
_XcptFilter
free
_vsnprintf
malloc
atol
_initterm
__C_specific_handler
_wcsicmp
wcschr
memcmp
??3@YAXPEAX@Z
_vsnwprintf
_purecall
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
__CxxFrameHandler3
memcpy
_atoi64
memcpy_s
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_callnewh
_CxxThrowException
memset
api-ms-win-core-errorhandling-l1-1-0
GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter
api-ms-win-core-heap-l1-1-0
HeapAlloc
HeapFree
GetProcessHeap
api-ms-win-core-registry-l1-1-0
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
api-ms-win-core-com-l1-1-0
CoTaskMemFree
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcessId
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
api-ms-win-core-file-l1-1-0
GetFileSize
FindNextVolumeW
GetDiskFreeSpaceExW
FlushFileBuffers
GetDriveTypeW
FindVolumeClose
FindFirstVolumeW
CreateFileW
WriteFile
GetFileAttributesExW
ReadFile
SetEndOfFile
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-file-l1-2-0
GetVolumeNameForVolumeMountPointW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
ntdll
RtlRaiseStatus
RtlGUIDFromString
NtYieldExecution
RtlAllocateHeap
RtlFreeHeap
NtClose
DbgPrintEx
RtlReAllocateHeap
RtlNtStatusToDosError
Exports
Exports
WinReGetConfig
Sections
.text Size: 132KB - Virtual size: 131KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 620B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
srclient/spwizeng.dll.dll windows:10 windows x64 arch:x64
b9b5a59046cfc37a3a8e7318584d3e5d
Code Sign
33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/03/2020, 18:30Not After03/03/2021, 18:30SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/10/2011, 18:41Not After19/10/2026, 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
35:96:e9:d0:56:ca:ad:96:bd:7a:93:03:de:5f:1c:ad:14:c2:6c:58:e8:ab:69:19:1b:a6:1e:96:1b:09:3a:6aSigner
Actual PE Digest35:96:e9:d0:56:ca:ad:96:bd:7a:93:03:de:5f:1c:ad:14:c2:6c:58:e8:ab:69:19:1b:a6:1e:96:1b:09:3a:6aDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL
PDB Paths
spwizeng.pdb
Imports
msvcrt
__CxxFrameHandler3
__RTDynamicCast
memcmp
_wcsnicmp
wcsncmp
bsearch
_vsnwprintf
memmove
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
wcscpy_s
_callnewh
wcsncpy_s
swprintf_s
__C_specific_handler
wcscspn
malloc
memmove_s
wcsrchr
memcpy
_wcsicoll
wcscoll
free
_wcslwr_s
wcsspn
_wcsupr_s
wcsstr
wcschr
_vscwprintf
wcspbrk
_purecall
vswprintf_s
iswspace
_wcsrev
_wcsicmp
memcpy_s
calloc
?terminate@@YAXXZ
memset
wdscore
ConstructPartialMsgVW
WdsSetupLogMessageW
CurrentIP
user32
GetMessageW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
SetForegroundWindow
GetKeyState
IsWindowEnabled
LoadBitmapW
CreateDialogIndirectParamW
GetNextDlgTabItem
SetWindowRgn
CreateDialogParamW
PostMessageW
UnregisterClassW
GetClassInfoW
DefFrameProcW
IsDialogMessageW
RegisterClassW
DefMDIChildProcW
SetLayeredWindowAttributes
DialogBoxParamW
IsWindowVisible
EnableWindow
MonitorFromWindow
GetSystemMetrics
GetMonitorInfoW
PostQuitMessage
SystemParametersInfoW
EnumChildWindows
GetIconInfo
ShowWindow
SetTimer
GetWindowDC
DrawIconEx
LoadImageW
GetDlgCtrlID
GetWindowTextLengthW
GetWindow
DestroyWindow
FillRect
GetDlgItem
GetClientRect
CreateWindowExW
ScreenToClient
EndDialog
RegisterClassExW
LoadStringW
IsWindow
InvalidateRgn
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
IsChild
SendDlgItemMessageW
DialogBoxIndirectParamW
MoveWindow
CreateAcceleratorTableW
SetFocus
CharNextW
SetPropW
SetWindowContextHelpId
GetClassNameW
SetCapture
UnregisterClassA
GetCursor
CreateIconIndirect
SetWindowLongPtrW
SetWindowPos
GetDC
GetFocus
GetWindowRect
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetCursor
LoadCursorW
TrackMouseEvent
EndPaint
BeginPaint
GetParent
GetWindowTextW
ReleaseCapture
RegisterWindowMessageW
GetClassInfoExW
GetDesktopWindow
SetWindowLongW
MapDialogRect
FindWindowExW
GetPropW
SetClassLongPtrW
NotifyWinEvent
SetThreadDesktop
ReleaseDC
InvalidateRect
UpdateWindow
DrawTextW
GetSysColor
FrameRect
MapWindowPoints
CopyRect
GetWindowLongPtrW
SetWindowTextW
KillTimer
SendMessageW
gdi32
Rectangle
CreateRoundRectRgn
CreatePen
RoundRect
AddFontResourceExW
RemoveFontResourceExW
CreatePatternBrush
GetStockObject
GetDeviceCaps
CreateDIBSection
GetLayout
StretchBlt
SetLayout
GetPixel
SetBkColor
CreateBitmap
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetTextMetricsW
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
GetObjectW
DeleteObject
CreateSolidBrush
CreateFontIndirectW
SetTextAlign
SetTextCharacterExtra
RemoveFontMemResourceEx
SetStretchBltMode
SetBrushOrgEx
GdiAlphaBlend
AddFontMemResourceEx
CreateDIBitmap
SetGraphicsMode
GetTextAlign
TextOutW
SetMapMode
SetWorldTransform
comctl32
InitCommonControlsEx
comdlg32
GetSaveFileNameW
oleaut32
LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
VarBstrCmp
VarUI4FromStr
VariantInit
SysFreeString
SysReAllocStringLen
SysAllocStringLen
VariantChangeType
VariantClear
SysStringLen
kernel32
GetLocaleInfoW
SetThreadPreferredUILanguages
GetFullPathNameW
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
GetCurrentProcess
VirtualFree
HeapDestroy
HeapSize
GetTickCount
WaitForSingleObject
CreateMutexW
SetThreadPriority
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
GetTempFileNameW
CloseHandle
DeleteFileW
SetFileAttributesW
CreateFileW
GetTempPathW
WriteFile
CompareStringW
GetFileSizeEx
ReadFile
WideCharToMultiByte
GetVersionExW
VerSetConditionMask
LocalAlloc
GetSystemDirectoryW
GetModuleHandleExW
GetSystemDefaultUILanguage
GetLocaleInfoEx
ReleaseMutex
CreateEventW
GetExitCodeThread
SetEvent
SearchPathW
GetUserDefaultUILanguage
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetFileAttributesW
CreateThread
GetWindowsDirectoryW
LoadLibraryW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls
MulDiv
lstrcmpW
GlobalUnlock
CopyFileW
GlobalLock
SizeofResource
GetEnvironmentVariableW
MultiByteToWideChar
FormatMessageW
LockResource
RaiseException
FindResourceExW
LoadResource
LocalFree
FindResourceW
Sleep
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GlobalHandle
SetLastError
GetModuleFileNameW
GetCurrentThreadId
GlobalAlloc
GlobalFree
ole32
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
OleLockRunning
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CoTaskMemFree
advapi32
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
shell32
ShellExecuteW
rpcrt4
RpcStringFreeW
UuidToStringW
UuidCreate
uxlib
?GetLocaleName@CLocale@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??1CLayeredDriver@@QEAA@XZ
?GetName@CLayeredDriver@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetID@CLayeredDriver@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetAbbrevName@CLocale@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??1CLayeredDrivers@@QEAA@XZ
??1CKeyboardLayout@@QEAA@XZ
?GetLayoutID@CKeyboardLayout@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetLayoutName@CKeyboardLayout@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??0CLayeredDrivers@@QEAA@XZ
??1CLocales@@QEAA@XZ
?GetLocalizedName@CLanguage@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??0CKeyboardLayouts@@QEAA@XZ
??1CKeyboardLayouts@@QEAA@XZ
?GetDefaultLayout@CKeyboardLayouts@@QEAA?AVCKeyboardLayout@@XZ
?IsLanguageEnabled@CInternationalUtils@@SAHV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@0@Z
??1CLanguage@@QEAA@XZ
?GetAbbrevName@CLanguage@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?GetNativeDisplayName@CLanguage@@QEAA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
??0CLanguages@@QEAA@XZ
??1CLanguages@@QEAA@XZ
?GetLanguageNativeDisplayNameCount@CLanguages@@QEAAHXZ
??0CInternationalUtils@@QEAA@XZ
??1CInternationalUtils@@QEAA@XZ
??1CLocale@@QEAA@XZ
??0CLocales@@QEAA@XZ
ntdll
RtlFreeHeap
RtlAllocateHeap
RtlVerifyVersionInfo
NtQuerySystemInformation
Exports
Exports
??0?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAA@XZ
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@AEBV01@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@AEBV?$CSimpleStringT@G$00@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEBGHPEAUIAtlStringMgr@1@@Z
??0?$CSimpleStringT@G$0A@@ATL@@QEAA@PEBGPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBUtagVARIANT@@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBUtagVARIANT@@PEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@AEBV01@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@DH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@GH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBD@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDHPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBDPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBE@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBEPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBG@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGH@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGHPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@PEBGPEAUIAtlStringMgr@1@@Z
??0?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ
??0AppWindow@@QEAA@AEBV0@@Z
??0AppWindow@@QEAA@PEAVWizardUI@@I@Z
??0BranchWizStrategy@@QEAA@$$QEAV0@@Z
??0BranchWizStrategy@@QEAA@AEBV0@@Z
??0BranchWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0CAnimation@@QEAA@AEBV0@@Z
??0CAnimation@@QEAA@XZ
??0CAnimationControl@@QEAA@AEBV0@@Z
??0CAnimationControl@@QEAA@XZ
??0CAttachDataDlg@@QEAA@AEBV0@@Z
??0CAttachDataDlg@@QEAA@PEAUHINSTANCE__@@0@Z
??0CCritSec@@QEAA@AEBV0@@Z
??0CCritSec@@QEAA@XZ
??0CCtlText@@QEAA@AEBV0@@Z
??0CCtlText@@QEAA@XZ
??0CCursor@@AEAA@XZ
??0CCursor@@QEAA@AEBV0@@Z
??0CCustomButtonEx@@AEAA@XZ
??0CCustomButtonEx@@QEAA@AEBV0@@Z
??0CCustomGraphicEx@@QEAA@AEBV0@@Z
??0CCustomGraphicEx@@QEAA@XZ
??0CDIB@@QEAA@XZ
??0CDrawBackground@@QEAA@AEBV0@@Z
??0CDrawBackground@@QEAA@XZ
??0CDrawItem@@QEAA@AEBV0@@Z
??0CDrawItem@@QEAA@XZ
??0CDrawItemComposite@@QEAA@AEBV0@@Z
??0CDrawItemComposite@@QEAA@XZ
??0CGenericNavWindow@@QEAA@AEBV0@@Z
??0CGenericNavWindow@@QEAA@PEAVAppWindow@@@Z
??0CHighContrast@@AEAA@XZ
??0CHighContrast@@QEAA@AEBV0@@Z
??0CResourceModule@@QEAA@AEBV0@@Z
??0CResourceModule@@QEAA@PEAUHINSTANCE__@@@Z
??0CResourceModule@@QEAA@PEAUHINSTANCE__@@PEBG@Z
??0CResourceModule@@QEAA@PEBG@Z
??0CRichEditControl@@QEAA@XZ
??0CScreenDIB@@QEAA@$$QEAV0@@Z
??0CScreenDIB@@QEAA@AEBV0@@Z
??0CScreenDIB@@QEAA@XZ
??0CScreenText@@QEAA@AEBV0@@Z
??0CScreenText@@QEAA@XZ
??0CWndObj@@QEAA@AEBV0@@Z
??0CWndObj@@QEAA@XZ
??0ChoiceWizStrategy@@QEAA@$$QEAV0@@Z
??0ChoiceWizStrategy@@QEAA@AEBV0@@Z
??0ChoiceWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0ICreateNavbarWnd@@QEAA@AEBV0@@Z
??0ICreateNavbarWnd@@QEAA@XZ
??0ICreateProgressWnd@@QEAA@AEBV0@@Z
??0ICreateProgressWnd@@QEAA@XZ
??0IResourceModuleEvent@@QEAA@$$QEAU0@@Z
??0IResourceModuleEvent@@QEAA@AEBU0@@Z
??0IResourceModuleEvent@@QEAA@XZ
??0LanguageNeutralSelectionDialogBase@@QEAA@AEBV0@@Z
??0LanguageNeutralSelectionDialogBase@@QEAA@XZ
??0LanguageSelectionDialogBase@@QEAA@AEBV0@@Z
??0LanguageSelectionDialogBase@@QEAA@XZ
??0MyString@@QEAA@XZ
??0NavWindow@@QEAA@AEBV0@@Z
??0NavWindow@@QEAA@PEAVAppWindow@@@Z
??0NavigationStack@@QEAA@AEBV0@@Z
??0NavigationStack@@QEAA@XZ
??0Navigator@@AEAA@XZ
??0Navigator@@QEAA@AEBV0@@Z
??0PIDStringView@@QEAA@AEBV0@@Z
??0PIDStringView@@QEAA@XZ
??0PageContainer@@QEAA@AEBV0@@Z
??0PageContainer@@QEAA@XZ
??0ProtoPageDimensions@@QEAA@USimpleRect@@USimpleSize@@HH11MM@Z
??0ProtoPageDimensions@@QEAA@XZ
??0ProtoPageList@@QEAA@AEBV0@@Z
??0ProtoPageList@@QEAA@PEAVWizardDesciption@@KKKHPEAVICreateProgressWnd@@HPEAUtagSIZE@@PEAVICreateNavbarWnd@@UProtoPageDimensions@@KKH@Z
??0ProtoPageList@@QEAA@XZ
??0ScrWindow@@QEAA@AEBV0@@Z
??0ScrWindow@@QEAA@PEAVWizardUI@@I@Z
??0SimpleDialogBase@@QEAA@$$QEAV0@@Z
??0SimpleDialogBase@@QEAA@AEBV0@@Z
??0SimpleDialogBase@@QEAA@XZ
??0SimpleRect@@QEAA@HHHH@Z
??0SimpleRect@@QEAA@XZ
??0SimpleSize@@QEAA@HH@Z
??0SimpleSize@@QEAA@XZ
??0SimpleWizStrategy@@QEAA@$$QEAV0@@Z
??0SimpleWizStrategy@@QEAA@AEBV0@@Z
??0SimpleWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0SummaryWizStrategy@@QEAA@$$QEAV0@@Z
??0SummaryWizStrategy@@QEAA@AEBV0@@Z
??0SummaryWizStrategy@@QEAA@PEAVWizardEx@@@Z
??0VariationWizStrategy@@QEAA@$$QEAV0@@Z
??0VariationWizStrategy@@QEAA@AEBV0@@Z
??0VariationWizStrategy@@QEAA@PEAVWizardEx@@AEBV?$CSimpleMap@HHV?$CSimpleMapEqualHelper@HH@ATL@@@ATL@@H@Z
??0Win32Navigator@@AEAA@XZ
??0Win32Navigator@@QEAA@AEBV0@@Z
??0Wiz_Node@@QEAA@AEBV0@@Z
??0Wiz_Node@@QEAA@I@Z
??0WizardBranch@@QEAA@$$QEAV0@@Z
??0WizardBranch@@QEAA@AEBV0@@Z
??0WizardBranch@@QEAA@IPEAPEAVWiz_Node@@@Z
??0WizardCollection@@QEAA@$$QEAV0@@Z
??0WizardCollection@@QEAA@AEBV0@@Z
??0WizardCollection@@QEAA@IIPEAPEAVWiz_Node@@@Z
??0WizardDesciption@@QEAA@$$QEAV0@@Z
??0WizardDesciption@@QEAA@AEBV0@@Z
??0WizardDesciption@@QEAA@IPEAPEAVWiz_Node@@@Z
??0WizardDialogPost@@QEAA@$$QEAV0@@Z
??0WizardDialogPost@@QEAA@AEBV0@@Z
??0WizardDialogPost@@QEAA@XZ
??0WizardDialogPre@@QEAA@$$QEAV0@@Z
??0WizardDialogPre@@QEAA@AEBV0@@Z
??0WizardDialogPre@@QEAA@XZ
??0WizardEx@@QEAA@AEBV0@@Z
??0WizardEx@@QEAA@XZ
??0WizardHandler@@QEAA@$$QEAV0@@Z
??0WizardHandler@@QEAA@AEBV0@@Z
??0WizardHandler@@QEAA@XZ
??0WizardNode@@QEAA@AEBV0@@Z
??0WizardNode@@QEAA@IIPEAVWizardEx@@PEAVWizardUI@@@Z
??0WizardNode@@QEAA@XZ
??0WizardPage@@QEAA@AEBV0@@Z
??0WizardPage@@QEAA@IIPEAVWizardEx@@PEAVWizardUI@@@Z
??0WizardRoot@@QEAA@AEBV0@@Z
??0WizardRoot@@QEAA@XZ
??0WizardStrategy@@QEAA@AEBV0@@Z
??0WizardStrategy@@QEAA@PEAVWizardEx@@@Z
??0WizardSummary@@QEAA@$$QEAV0@@Z
??0WizardSummary@@QEAA@AEBV0@@Z
??0WizardSummary@@QEAA@IPEAPEAVWiz_Node@@@Z
??0WizardUI@@QEAA@XZ
??0WizardVariation@@QEAA@AEBV0@@Z
??0WizardVariation@@QEAA@IPEAPEAVWiz_Node@@AEBV?$CSimpleMap@HHV?$CSimpleMapEqualHelper@HH@ATL@@@ATL@@PEBG@Z
??0Wizard_PageDesciption@@QEAA@AEBV0@@Z
??0Wizard_PageDesciption@@QEAA@KPEBG0KP6APEAVWizardRoot@@PEAVWizardPage@@@ZK@Z
??1?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAA@XZ
??1?$CSimpleStringT@G$0A@@ATL@@QEAA@XZ
??1?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAA@XZ
??1AppWindow@@UEAA@XZ
??1BranchWizStrategy@@UEAA@XZ
??1CAnimation@@UEAA@XZ
??1CAnimationControl@@UEAA@XZ
??1CAttachDataDlg@@QEAA@XZ
??1CCritSec@@UEAA@XZ
??1CCtlText@@UEAA@XZ
??1CCursor@@EEAA@XZ
??1CCustomButtonEx@@EEAA@XZ
??1CCustomGraphicEx@@UEAA@XZ
??1CDIB@@QEAA@XZ
??1CDrawBackground@@UEAA@XZ
??1CDrawItem@@UEAA@XZ
??1CDrawItemComposite@@UEAA@XZ
??1CGenericNavWindow@@UEAA@XZ
??1CHighContrast@@EEAA@XZ
??1CResourceModule@@QEAA@XZ
??1CScreenDIB@@UEAA@XZ
??1CScreenText@@UEAA@XZ
??1CWndObj@@UEAA@XZ
??1ChoiceWizStrategy@@UEAA@XZ
??1ICreateNavbarWnd@@UEAA@XZ
??1ICreateProgressWnd@@UEAA@XZ
??1LanguageNeutralSelectionDialogBase@@QEAA@XZ
??1LanguageSelectionDialogBase@@QEAA@XZ
??1NavWindow@@UEAA@XZ
??1NavigationStack@@UEAA@XZ
??1Navigator@@EEAA@XZ
??1PIDStringView@@UEAA@XZ
??1PageContainer@@UEAA@XZ
??1ScrWindow@@UEAA@XZ
??1SimpleWizStrategy@@UEAA@XZ
??1SummaryWizStrategy@@UEAA@XZ
??1VariationWizStrategy@@UEAA@XZ
??1Win32Navigator@@EEAA@XZ
??1Wiz_Node@@UEAA@XZ
??1WizardBranch@@UEAA@XZ
??1WizardCollection@@UEAA@XZ
??1WizardDesciption@@UEAA@XZ
??1WizardEx@@UEAA@XZ
??1WizardNode@@UEAA@XZ
??1WizardPage@@UEAA@XZ
??1WizardRoot@@UEAA@XZ
??1WizardStrategy@@UEAA@XZ
??1WizardSummary@@UEAA@XZ
??1WizardUI@@QEAA@XZ
??1WizardVariation@@UEAA@XZ
??1Wizard_PageDesciption@@UEAA@XZ
??4?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@AEBV?$CSimpleStringT@G$00@1@@Z
??4?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@PEBG@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBUtagVARIANT@@@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBV01@@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@D@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@G@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBD@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBE@Z
??4?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBG@Z
??4AppWindow@@QEAAAEAV0@AEBV0@@Z
??4BranchWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4BranchWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4CAnimation@@QEAAAEAV0@AEBV0@@Z
??4CAnimationControl@@QEAAAEAV0@AEBV0@@Z
??4CAttachDataDlg@@QEAAAEAV0@AEBV0@@Z
??4CCritSec@@QEAAAEAV0@AEBV0@@Z
??4CCtlText@@QEAAAEAV0@AEBV0@@Z
??4CCursor@@QEAAAEAV0@AEBV0@@Z
??4CCustomButtonEx@@QEAAAEAV0@AEBV0@@Z
??4CCustomGraphicEx@@QEAAAEAV0@AEBV0@@Z
??4CDIB@@QEAAAEAV0@AEBV0@@Z
??4CDrawBackground@@QEAAAEAV0@AEBV0@@Z
??4CDrawItem@@QEAAAEAV0@AEBV0@@Z
??4CDrawItemComposite@@QEAAAEAV0@AEBV0@@Z
??4CGenericNavWindow@@QEAAAEAV0@AEBV0@@Z
??4CHighContrast@@QEAAAEAV0@AEBV0@@Z
??4CResourceModule@@QEAAAEAV0@AEBV0@@Z
??4CResourceModuleFactory@@QEAAAEAV0@$$QEAV0@@Z
??4CResourceModuleFactory@@QEAAAEAV0@AEBV0@@Z
??4CRichEditControl@@QEAAAEAV0@$$QEAV0@@Z
??4CRichEditControl@@QEAAAEAV0@AEBV0@@Z
??4CScreenDIB@@QEAAAEAV0@$$QEAV0@@Z
??4CScreenDIB@@QEAAAEAV0@AEBV0@@Z
??4CScreenText@@QEAAAEAV0@AEBV0@@Z
??4CWndObj@@QEAAAEAV0@AEBV0@@Z
??4ChoiceWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4ChoiceWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4ICreateNavbarWnd@@QEAAAEAV0@AEBV0@@Z
??4ICreateProgressWnd@@QEAAAEAV0@AEBV0@@Z
??4IResourceModuleEvent@@QEAAAEAU0@$$QEAU0@@Z
??4IResourceModuleEvent@@QEAAAEAU0@AEBU0@@Z
??4LanguageNeutralSelectionDialogBase@@QEAAAEAV0@AEBV0@@Z
??4LanguageSelectionDialogBase@@QEAAAEAV0@AEBV0@@Z
??4MyString@@QEAAAEAV0@$$QEAV0@@Z
??4MyString@@QEAAAEAV0@AEBV0@@Z
??4NavWindow@@QEAAAEAV0@AEBV0@@Z
??4NavigationStack@@QEAAAEAV0@AEBV0@@Z
??4Navigator@@QEAAAEAV0@AEBV0@@Z
??4PIDStringView@@QEAAAEAV0@AEBV0@@Z
??4PageContainer@@QEAAAEAV0@AEBV0@@Z
??4PageDef@@QEAAAEAU0@$$QEAU0@@Z
??4PageDef@@QEAAAEAU0@AEBU0@@Z
??4ProgressCreateStruct@@QEAAAEAU0@$$QEAU0@@Z
??4ProgressCreateStruct@@QEAAAEAU0@AEBU0@@Z
??4ProtoPageDimensions@@QEAAAEAU0@$$QEAU0@@Z
??4ProtoPageDimensions@@QEAAAEAU0@AEBU0@@Z
??4ProtoPageList@@QEAAAEAV0@AEBV0@@Z
??4ScrWindow@@QEAAAEAV0@AEBV0@@Z
??4SimpleDialogBase@@QEAAAEAV0@$$QEAV0@@Z
??4SimpleDialogBase@@QEAAAEAV0@AEBV0@@Z
??4SimpleRect@@QEAAAEAU0@$$QEAU0@@Z
??4SimpleRect@@QEAAAEAU0@AEBU0@@Z
??4SimpleSize@@QEAAAEAU0@$$QEAU0@@Z
??4SimpleSize@@QEAAAEAU0@AEBU0@@Z
??4SimpleWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4SimpleWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4SummaryWizStrategy@@QEAAAEAV0@$$QEAV0@@Z
??4SummaryWizStrategy@@QEAAAEAV0@AEBV0@@Z
??4Win32Navigator@@QEAAAEAV0@AEBV0@@Z
??4Wiz_Node@@QEAAAEAV0@AEBV0@@Z
??4WizardBranch@@QEAAAEAV0@$$QEAV0@@Z
??4WizardBranch@@QEAAAEAV0@AEBV0@@Z
??4WizardCollection@@QEAAAEAV0@$$QEAV0@@Z
??4WizardCollection@@QEAAAEAV0@AEBV0@@Z
??4WizardDesciption@@QEAAAEAV0@$$QEAV0@@Z
??4WizardDesciption@@QEAAAEAV0@AEBV0@@Z
??4WizardDialogPost@@QEAAAEAV0@$$QEAV0@@Z
??4WizardDialogPost@@QEAAAEAV0@AEBV0@@Z
??4WizardDialogPre@@QEAAAEAV0@$$QEAV0@@Z
??4WizardDialogPre@@QEAAAEAV0@AEBV0@@Z
??4WizardEx@@QEAAAEAV0@AEBV0@@Z
??4WizardHandler@@QEAAAEAV0@$$QEAV0@@Z
??4WizardHandler@@QEAAAEAV0@AEBV0@@Z
??4WizardNode@@QEAAAEAV0@AEBV0@@Z
??4WizardPage@@QEAAAEAV0@AEBV0@@Z
??4WizardRoot@@QEAAAEAV0@AEBV0@@Z
??4WizardStrategy@@QEAAAEAV0@AEBV0@@Z
??4WizardSummary@@QEAAAEAV0@$$QEAV0@@Z
??4WizardSummary@@QEAAAEAV0@AEBV0@@Z
??4WizardUI@@QEAAAEAV0@AEBV0@@Z
??4Wizard_PageDesciption@@QEAAAEAV0@AEBV0@@Z
??A?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAAAEAPEAGH@Z
??A?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEBAAEBQEAGH@Z
??A?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAAAEAPEAUIResourceModuleEvent@@H@Z
??A?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEBAAEBQEAUIResourceModuleEvent@@H@Z
??A?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAAAEAPEAUKEYBOARD@@H@Z
??A?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEBAAEBQEAUKEYBOARD@@H@Z
??A?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAAAEAPEAULANGUAGE@@H@Z
??A?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEBAAEBQEAULANGUAGE@@H@Z
??A?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAAAEAPEAULOCALE@@H@Z
??A?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEBAAEBQEAULOCALE@@H@Z
??A?$CSimpleStringT@G$0A@@ATL@@QEBAGH@Z
??B?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV?$CSimpleStringT@G$00@1@XZ
??B?$CSimpleStringT@G$0A@@ATL@@QEBAPEBGXZ
??B?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV?$CSimpleStringT@G$00@1@XZ
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@AEBV01@@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@D@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@E@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@G@Z
??Y?$CSimpleStringT@G$0A@@ATL@@QEAAAEAV01@PEBG@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBUtagVARIANT@@@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@AEBV?$CSimpleStringT@G$0A@@1@@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@D@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@E@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@G@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBD@Z
??Y?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAAEAV01@PEBG@Z
??_7AppWindow@@6BIWndObj@@@
??_7AppWindow@@6BIWndProp@@@
??_7BranchWizStrategy@@6B@
??_7CAnimation@@6B@
??_7CAnimationControl@@6B@
??_7CAttachDataDlg@@6B@
??_7CCritSec@@6B@
??_7CCtlText@@6B@
??_7CCursor@@6B@
??_7CCustomButtonEx@@6B@
??_7CCustomGraphicEx@@6B@
??_7CDrawBackground@@6B@
??_7CDrawItem@@6B@
??_7CDrawItemComposite@@6B@
??_7CGenericNavWindow@@6B@
??_7CHighContrast@@6B@
??_7CScreenDIB@@6B@
??_7CScreenText@@6B@
??_7CWndObj@@6BIWndObj@@@
??_7CWndObj@@6BIWndProp@@@
??_7ChoiceWizStrategy@@6B@
??_7ICreateNavbarWnd@@6B@
??_7ICreateProgressWnd@@6B@
??_7IResourceModuleEvent@@6B@
??_7LanguageNeutralSelectionDialogBase@@6B@
??_7LanguageSelectionDialogBase@@6B@
??_7NavWindow@@6B@
??_7NavigationStack@@6B@
??_7Navigator@@6B@
??_7PIDStringView@@6B@
??_7PageContainer@@6B@
??_7ScrWindow@@6BIWndObj@@@
??_7ScrWindow@@6BIWndProp@@@
??_7SimpleDialogBase@@6B@
??_7SimpleWizStrategy@@6B@
??_7SummaryWizStrategy@@6B@
??_7VariationWizStrategy@@6B@
??_7Win32Navigator@@6B@
??_7Wiz_Node@@6B@
??_7WizardBranch@@6B@
??_7WizardCollection@@6B@
??_7WizardDesciption@@6B@
??_7WizardDialogPost@@6B@
??_7WizardDialogPre@@6B@
??_7WizardEx@@6BINavigationNode@@@
??_7WizardEx@@6BWizardNode@@@
??_7WizardHandler@@6B@
??_7WizardNode@@6B@
??_7WizardPage@@6B@
??_7WizardRoot@@6B@
??_7WizardStrategy@@6B@
??_7WizardSummary@@6B@
??_7WizardVariation@@6B@
??_7Wizard_PageDesciption@@6B@
?Add@?$CSimpleArray@PEAGV?$CSimpleArrayEqualHelper@PEAG@ATL@@@ATL@@QEAAHAEBQEAG@Z
?Add@?$CSimpleArray@PEAUIResourceModuleEvent@@V?$CSimpleArrayEqualHelper@PEAUIResourceModuleEvent@@@ATL@@@ATL@@QEAAHAEBQEAUIResourceModuleEvent@@@Z
?Add@?$CSimpleArray@PEAUKEYBOARD@@V?$CSimpleArrayEqualHelper@PEAUKEYBOARD@@@ATL@@@ATL@@QEAAHAEBQEAUKEYBOARD@@@Z
?Add@?$CSimpleArray@PEAULANGUAGE@@V?$CSimpleArrayEqualHelper@PEAULANGUAGE@@@ATL@@@ATL@@QEAAHAEBQEAULANGUAGE@@@Z
?Add@?$CSimpleArray@PEAULOCALE@@V?$CSimpleArrayEqualHelper@PEAULOCALE@@@ATL@@@ATL@@QEAAHAEBQEAULOCALE@@@Z
?AddItem@CDrawItemComposite@@QEAAXPEAVCDrawItem@@@Z
?AddPage@PageContainer@@QEAAXPEAVWizardPage@@@Z
?AddPage@WizardUI@@QEAAHPEAVWizardPage@@@Z
?AddRef@CWndObj@@UEAAKXZ
?AllocSysString@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAPEAGXZ
?Append@?$CSimpleStringT@G$0A@@ATL@@QEAAXAEBV12@@Z
?Append@?$CSimpleStringT@G$0A@@ATL@@QEAAXPEBG@Z
?Append@?$CSimpleStringT@G$0A@@ATL@@QEAAXPEBGH@Z
?AppendChar@?$CSimpleStringT@G$0A@@ATL@@QEAAXG@Z
?AppendFormat@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXIZZ
?AppendFormat@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXPEBGZZ
?AppendFormatV@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXPEBGPEAD@Z
?Attach@?$CSimpleStringT@G$0A@@ATL@@AEAAXPEAUCStringData@2@@Z
?Back@Navigator@@UEAAPEAVWizardPage@@PEAVWizardNode@@@Z
?Back@WizardEx@@UEAAPEAVWizardPage@@PEAVWizardNode@@@Z
?BlendNormal32@CDIB@@CAXPEAV1@0@Z
?ButtonContinue@WizardHandler@@QEAAPEAVCCustomButtonEx@@XZ
?ButtonContinue@WizardRoot@@QEAAAEAPEAVCCustomButtonEx@@XZ
?ButtonFinish@WizardHandler@@QEAAPEAVCCustomButtonEx@@XZ
?ButtonFinish@WizardRoot@@QEAAAEAPEAVCCustomButtonEx@@XZ
?CStringExpandEnvironmentStrings@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@V12@@Z
?CStringGetModuleFileName@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PEAUHINSTANCE__@@@Z
?CStringGetPrivateProfileString@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PEBG000@Z
?CStringGetWindowText@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@PEAUHWND__@@@Z
?CStringGetWindowsDirectory@@YA?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@XZ
?CalcAppSize@WizardUI@@AEAAXXZ
?CanPageBeActivated@LanguageNeutralSelectionDialogBase@@UEAAHW4Direction@@PEAH@Z
?CanPageBeActivated@LanguageSelectionDialogBase@@UEAAHW4Direction@@PEAH@Z
?CanPageBeActivated@WizardHandler@@EEAAHW4Direction@@PEAH@Z
?CanPageBeActivated@WizardRoot@@UEAAHW4Direction@@PEAH@Z
?CanPageBeActivatedWrapper@WizardHandler@@QEAAHW4Direction@@PEAH@Z
?Cancel@Navigator@@UEAAPEAVWizardPage@@XZ
?CenterApp@WizardUI@@AEAAXPEAUHWND__@@UtagRECT@@@Z
?ChangeUiLanguage@CResourceModule@@SAHPEBG@Z
?CharToOemA@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAXXZ
?CheckImplicitLoad@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@AEAA_NPEBX@Z
?ClearCursorWait@CCursor@@QEAAXXZ
?ClearString@MyString@@QEAAXXZ
?ClearString@PIDStringView@@QEAAXXZ
?CloneData@?$CSimpleStringT@G$0A@@ATL@@CAPEAUCStringData@2@PEAU32@@Z
?Collate@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?CollateNoCase@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?CommandHandled@WizardRoot@@QEAAAEAHXZ
?Compare@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?CompareNoCase@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEBAHPEBG@Z
?ComposeOffscreen@CDrawItem@@UEAAXPEAUHWND__@@@Z
?ComposeOffscreen@CDrawItemComposite@@UEAAXPEAUHWND__@@@Z
?ComposeOffscreen@CScreenText@@UEAAXPEAUHWND__@@@Z
?Concatenate@?$CSimpleStringT@G$0A@@ATL@@KAXAEAV12@PEBGH1H@Z
?Construct@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@SAXPEAV12@@Z
?ConvertColorKeyToAlpha@CDIB@@QEAAXXZ
?CopyChars@?$CSimpleStringT@G$0A@@ATL@@SAXPEAGPEBGH@Z
?CopyChars@?$CSimpleStringT@G$0A@@ATL@@SAXPEAG_KPEBGH@Z
?CopyCharsOverlapped@?$CSimpleStringT@G$0A@@ATL@@SAXPEAGPEBGH@Z
?CopyCharsOverlapped@?$CSimpleStringT@G$0A@@ATL@@SAXPEAG_KPEBGH@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@I@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@IPEAUHDC__@@1@Z
?Create@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@PEAUHDC__@@1@Z
?CreateAppWindow@WizardUI@@AEAAXXZ
?CreateEx@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@IQEAU_Button_Data@@PEAUHDC__@@1@Z
?CreateEx@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@QEAU_Button_Data@@PEAUHDC__@@1@Z
?CreateFromHwnd@CDIB@@QEAAHPEAUHWND__@@@Z
?CreateIndirect@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@IQEAU_Button_Data@@@Z
?CreateIndirect@CCustomButtonEx@@SAPEAV1@PEAUHINSTANCE__@@0PEAUHWND__@@QEAU_Button_Data@@@Z
?CreateNavWindow@WizardUI@@AEAAHXZ
?CreateNode@WizardBranch@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@WizardDesciption@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@WizardSummary@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@WizardVariation@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNode@Wizard_PageDesciption@@UEAAPEAVWizardNode@@IPEAVWizardEx@@PEAVWizardUI@@@Z
?CreateNodeHelper@WizardCollection@@QEAAPEAVWizardEx@@IPEAV2@PEAVWizardUI@@@Z
?CreateProgressWindow@WizardUI@@AEAAHXZ
?CreatePropertySheet@WizardUI@@AEAAXXZ
?CreateScrWindow@WizardUI@@AEAAXXZ
?CreateWindows@WizardUI@@AEAAXXZ
?Delete@?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@QEAAHHH@Z
?DeleteBackground@WizardUI@@CAXXZ
?Destroy@CCustomButtonEx@@SAXPEAV1@@Z
?DestroyAllStandardButtons@WizardRoot@@QEAAXXZ
?DestroyAppWindow@WizardUI@@AEAAXXZ
?DestroyDialog@CAttachDataDlg@@QEAAXI_K_J@Z
?DestroyDialog@CGenericNavWindow@@AEAAXXZ
?DestroyNavWindow@WizardUI@@AEAAXXZ
?DestroyProgressWindow@WizardUI@@AEAAXXZ
?DestroyPropertySheet@WizardUI@@AEAAXXZ
?DestroyScrWindow@WizardUI@@AEAAXXZ
?DestroyStandardButton@WizardRoot@@QEAAXPEAVCCustomButtonEx@@@Z
?DestroyWindows@WizardUI@@AEAAXXZ
?DibHeight@CDIB@@QEBAJXZ
?DibWidth@CDIB@@QEBAJXZ
?DoCancel@Win32Navigator@@UEAAXXZ
?DoGoToPageIndex@Win32Navigator@@UEAAXH@Z
?Draw@CAnimation@@UEAAHPEAUHDC__@@@Z
?Draw@CDIB@@QEAAHPEAUHDC__@@HH@Z
?Draw@CDIB@@QEAAHPEAUHDC__@@HHUtagRECT@@@Z
?Draw@CDrawBackground@@UEAAHPEAUHDC__@@@Z
?Draw@CDrawItem@@QEAAHPEAUHWND__@@@Z
Sections
.text Size: 301KB - Virtual size: 300KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 178KB - Virtual size: 178KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 140KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
srclient/srclient.dll.dll windows:10 windows x64 arch:x64
64156df8ca5ead107cb03bb6ce0c24fa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
srclient.pdb
Imports
msvcrt
_vscwprintf
memcmp
memcpy
_vsnwprintf
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_wcsicmp
wcschr
memmove_s
wcsrchr
_wcsnicmp
strchr
_purecall
memcpy_s
memset
spp
SxTracerGetThreadContextRetail
SxTracerShouldTrackFailure
SxTracerDebuggerBreak
SppFreeGroupPropArray
kernel32
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
DisableThreadLibraryCalls
GetModuleFileNameW
GetCommandLineW
MultiByteToWideChar
FormatMessageW
GetSystemTimeAsFileTime
FindFirstFileW
FindNextFileW
FindClose
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetTickCount
CreateFileW
GetCurrentThread
IsWow64Process
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
DeleteFileW
GetSystemDirectoryW
DeviceIoControl
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
LocalFree
ntdll
RtlInitializeCriticalSection
RtlDeleteCriticalSection
NtQueryValueKey
NtCreateFile
NtQueryVolumeInformationFile
RtlGetSuiteMask
RtlGetNtSystemRoot
NtClose
WinSqmAddToStreamEx
NtSetInformationFile
NtQueryInformationFile
RtlGetLastNtStatus
RtlSetThreadErrorMode
RtlNtStatusToDosError
EtwTraceMessage
RtlGetCurrentTransaction
RtlSetCurrentTransaction
NtOpenKey
RtlRunOnceExecuteOnce
ole32
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
advapi32
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
RegDeleteValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
DeregisterEventSource
ReportEventW
RegisterEventSourceW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
powrprof
CallNtPowerInformation
Exports
Exports
DisableSR
DisableSRInternal
EnableSR
EnableSREx
EnableSRInternal
SRNewSystemId
SRRemoveRestorePoint
SRSetRestorePointA
SRSetRestorePointInternal
SRSetRestorePointW
SetSRStateAfterSetup
SysprepCleanup
SysprepGeneralize
Sections
.text Size: 82KB - Virtual size: 81KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 18KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
srclient/usoapi.dll.dll windows:10 windows x64 arch:x64
ce527af7beb86c4b904f558ed44fd6c5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
UsoApi.pdb
Imports
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
memcmp
_o__wcsicmp
_o_free
_o_malloc
_o_terminate
_o_wcsncpy_s
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memcpy
__C_specific_handler
__std_terminate
__CxxFrameHandler4
oleaut32
SysFreeString
VARIANT_UserMarshal64
BSTR_UserFree
SysStringLen
LoadRegTypeLi
BSTR_UserUnmarshal64
VARIANT_UserFree
VariantInit
VariantClear
VARIANT_UserUnmarshal
VarUI4FromStr
VARIANT_UserSize
LoadTypeLi
BSTR_UserMarshal64
BSTR_UserUnmarshal
VARIANT_UserMarshal
BSTR_UserMarshal
BSTR_UserSize
VARIANT_UserFree64
SystemTimeToVariantTime
VARIANT_UserUnmarshal64
BSTR_UserFree64
BSTR_UserSize64
VARIANT_UserSize64
rpcrt4
NdrOleAllocate
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Invoke
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_Connect
NdrStubForwardingFunction
NdrStubCall3
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrDllCanUnloadNow
api-ms-win-core-com-midlproxystub-l1-1-0
ObjectStublessClient31
CStdStubBuffer2_Disconnect
CStdStubBuffer2_CountRefs
ObjectStublessClient14
ObjectStublessClient12
CStdStubBuffer2_QueryInterface
ObjectStublessClient25
ObjectStublessClient4
ObjectStublessClient11
ObjectStublessClient24
ObjectStublessClient21
ObjectStublessClient29
ObjectStublessClient16
ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient27
ObjectStublessClient18
ObjectStublessClient28
ObjectStublessClient20
ObjectStublessClient30
ObjectStublessClient10
ObjectStublessClient17
ObjectStublessClient26
ObjectStublessClient15
ObjectStublessClient23
CStdStubBuffer2_Connect
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient5
ObjectStublessClient19
ObjectStublessClient9
ObjectStublessClient6
ObjectStublessClient8
api-ms-win-core-libraryloader-l1-2-0
LoadLibraryExW
GetProcAddress
FindResourceExW
LoadResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetModuleHandleExW
FreeLibrary
api-ms-win-core-com-l1-1-0
CoTaskMemRealloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoCreateInstance
api-ms-win-core-string-l2-1-0
CharNextW
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError
api-ms-win-core-registry-l1-1-0
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
api-ms-win-core-synch-l1-1-0
CreateMutexExW
LeaveCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
EnterCriticalSection
CreateSemaphoreExW
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
api-ms-win-core-string-l1-1-0
MultiByteToWideChar
api-ms-win-core-rtlsupport-l1-1-0
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
api-ms-win-core-debug-l1-1-0
IsDebuggerPresent
DebugBreak
OutputDebugStringW
api-ms-win-core-processthreads-l1-1-0
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
api-ms-win-core-string-obsolete-l1-1-0
lstrcmpiW
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-service-management-l2-1-0
ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceConfig2W
QueryServiceConfigW
api-ms-win-service-management-l1-1-0
OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceW
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-sysinfo-l1-2-0
VerSetConditionMask
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-service-winsvc-l1-1-0
QueryServiceStatus
api-ms-win-security-base-l1-1-0
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
api-ms-win-core-kernel32-legacy-l1-1-1
VerifyVersionInfoW
Exports
Exports
DllCanUnloadNow
DllGetClassObject
Sections
.text Size: 48KB - Virtual size: 47KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 76KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
srcore/SettingsHandlers_Region.dll.dll windows:10 windows x64 arch:x64
95bd90ee02c4f844813fa104647a2ee4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
SettingsHandlers_Region.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
_initterm_e
_initterm
api-ms-win-crt-private-l1-1-0
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o_bsearch_s
_o_free
_o_malloc
_o_realloc
_o_terminate
_o_toupper
_o_wcstol
__C_specific_handler
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__execute_onexit_table
_o__errno
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vswprintf
_o__crt_atexit
_o___stdio_common_vsnprintf_s
__std_terminate
_o___std_type_info_destroy_list
_o___std_exception_destroy
__CxxFrameHandler4
memcmp
memcpy
_o___std_exception_copy
api-ms-win-crt-string-l1-1-0
memset
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameA
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
api-ms-win-core-synch-l1-2-0
Sleep
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
ReleaseSemaphore
WaitForSingleObjectEx
CreateEventW
InitializeSRWLock
CreateSemaphoreExW
OpenSemaphoreW
EnterCriticalSection
ResetEvent
InitializeCriticalSectionEx
SetEvent
AcquireSRWLockExclusive
WaitForSingleObject
ReleaseSRWLockShared
ReleaseMutex
CreateMutexExW
CreateEventExW
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapAlloc
HeapFree
api-ms-win-core-errorhandling-l1-1-0
SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError
UnhandledExceptionFilter
api-ms-win-core-util-l1-1-0
DecodePointer
EncodePointer
api-ms-win-core-string-l1-1-0
CompareStringEx
CompareStringOrdinal
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
CreateThread
OpenThreadToken
GetCurrentThread
TerminateProcess
api-ms-win-core-localization-l1-2-0
GetUserDefaultLocaleName
FormatMessageW
GetCalendarInfoEx
GetLocaleInfoEx
GetCalendarInfoW
SetLocaleInfoW
api-ms-win-core-debug-l1-1-0
DebugBreak
IsDebuggerPresent
OutputDebugStringW
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-winrt-error-l1-1-0
RoOriginateError
RoTransformError
api-ms-win-core-winrt-string-l1-1-0
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateString
api-ms-win-core-rtlsupport-l1-1-0
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
api-ms-win-core-processthreads-l1-1-1
IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0
InitializeSListHead
winlangdb
SetUserLanguages
SetUserLanguagesCore
GetRegionalFormatList
EnsureLanguageProfileExists
bcp47langs
Bcp47GetMuiForm
AppendUserLanguageInputMethods
GetAppropriateUserLocaleForUserLanguages
GetUserLanguages
GetUserLocaleFromLanguageProfileOptOut
Bcp47Normalize
ClearUserLocaleFromLanguageProfileOptOut
SetUserLocaleFromLanguageProfileOptOut
GetPendingUserDisplayLanguage
Bcp47GetDistance
Bcp47GetIsoLanguageCode
Bcp47GetIsoScriptCode
shcore
SHStrDupW
ord162
msvcp_win
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
api-ms-win-eventing-provider-l1-1-0
EventActivityIdControl
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
EventProviderEnabled
api-ms-win-core-localization-l1-2-3
SetUserGeoName
GetGeoInfoEx
GetUserDefaultGeoName
EnumSystemGeoNames
api-ms-win-core-winrt-error-l1-1-1
RoReportFailedDelegate
RoGetMatchingRestrictedErrorInfo
IsErrorPropagationEnabled
api-ms-win-core-com-l1-1-0
CoUninitialize
CoGetMalloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoDecrementMTAUsage
CoWaitForMultipleHandles
CoIncrementMTAUsage
CoGetApartmentType
CoTaskMemRealloc
api-ms-win-core-heap-l2-1-0
LocalAlloc
LocalFree
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
RoUninitialize
RoInitialize
api-ms-win-core-datetime-l1-1-1
GetDateFormatEx
GetTimeFormatEx
api-ms-win-core-localization-l2-1-0
EnumCalendarInfoExEx
EnumTimeFormatsEx
api-ms-win-core-threadpool-legacy-l1-1-0
QueueUserWorkItem
api-ms-win-security-base-l1-1-0
RevertToSelf
ImpersonateLoggedOnUser
api-ms-win-core-threadpool-l1-2-0
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
api-ms-win-core-localization-obsolete-l1-2-0
GetUserDefaultUILanguage
EnumUILanguagesW
coremessaging
CoreUICreate
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-localization-private-l1-1-0
NlsUpdateLocale
NlsCheckPolicy
ntdll
RtlIsMultiUsersInSessionSku
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
Exports
Exports
DllCanUnloadNow
DllGetClassObject
GetSetting
Sections
.text Size: 161KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
srcore/networkhelper.dll.dll windows:10 windows x64 arch:x64
a27bcbd490e1101d8155e000cd94272f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
NetworkHelper.pdb
Imports
msvcrt
memmove
realloc
_onexit
__dllonexit
_unlock
memcpy
_purecall
_wsplitpath_s
swprintf_s
wcsncpy_s
_vsnwprintf
memcpy_s
__CxxFrameHandler3
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
memcmp
_strnicmp
__C_specific_handler
memset
ntdll
NtQuerySystemInformation
RtlReportException
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlLengthSid
RtlAllocateHeap
api-ms-win-core-com-l1-1-0
CoInitializeEx
CoUninitialize
CoCreateInstance
api-ms-win-eventing-provider-l1-1-0
EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
api-ms-win-core-synch-l1-1-0
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ResetEvent
ReleaseSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
AcquireSRWLockShared
ReleaseSemaphore
SetEvent
CreateEventW
EnterCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
CreateSemaphoreExW
ReleaseSRWLockExclusive
CreateMutexExW
AcquireSRWLockExclusive
ReleaseMutex
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException
GetLastError
api-ms-win-core-synch-l1-2-0
WakeAllConditionVariable
SleepConditionVariableSRW
Sleep
InitOnceBeginInitialize
InitOnceComplete
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
api-ms-win-core-sysinfo-l1-1-0
GetSystemTime
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
api-ms-win-core-debug-l1-1-0
OutputDebugStringW
IsDebuggerPresent
DebugBreak
api-ms-win-core-winrt-l1-1-0
RoGetActivationFactory
api-ms-win-core-winrt-string-l1-1-0
WindowsCreateStringReference
api-ms-win-core-threadpool-l1-2-0
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
api-ms-win-security-base-l1-1-0
GetTokenInformation
api-ms-win-core-heap-l2-1-0
LocalFree
LocalAlloc
api-ms-win-core-handle-l1-1-0
DuplicateHandle
CloseHandle
api-ms-win-core-registry-l1-1-0
RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
RegQueryValueExW
RegGetValueW
RegOpenKeyExW
RegSetValueExW
api-ms-win-core-timezone-l1-1-0
SystemTimeToFileTime
api-ms-win-core-libraryloader-l1-2-0
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
FreeLibrary
GetModuleHandleW
api-ms-win-core-file-l1-1-0
CreateFileW
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-heap-l1-1-0
GetProcessHeap
HeapFree
HeapAlloc
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-kernel32-legacy-l1-1-0
RegisterWaitForSingleObject
umpdc
Pdcv2ActivationClientDeactivate
Pdcv2ActivationClientActivate
Pdcv2ActivationClientRegister
Pdcv2ActivationClientUnregister
Pdcv2ActivationClientRenewActivation
syncutil
ord9
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-threadpool-legacy-l1-1-0
UnregisterWaitEx
Exports
Exports
CHttpTransport_CreateInstance
CheckPdcRenewal
CreateControlChannelTriggerConnectionManager
GetOrCreateNullPowerDependencyCoordinatorManager
GetSerializedAppMetadata
InitializePowerDependencyCoordinatorManager
IsNetworkConnectionCostRestricted
ProgressStatus
ReleasePowerDependencyCoordinatorManager
ReportSyncProgress
SyncPdcReference_WatchdogReport
SyncPdcReference_WatchdogsEnabled
SyncWerReportComponentName
SyncWerReportGenerator
Sections
.text Size: 79KB - Virtual size: 79KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 160B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 524B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
srcore/srcore.dll.dll regsvr32 windows:10 windows x64 arch:x64
4b0696026fb387c2fee04b5aa55758e8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
srcore.pdb
Imports
msvcrt
memcmp
memcpy
memmove
wcsnlen
iswspace
wcsrchr
_vscwprintf
_wcslwr
wcsstr
strchr
wcspbrk
memset
_onexit
__dllonexit
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
_callnewh
_vsnwprintf
wcstoul
_wcsupr
wcsncmp
wcschr
_wcsicmp
realloc
wcscat_s
malloc
free
__C_specific_handler
_purecall
_wcsnicmp
wcscmp
kernel32
SetThreadExecutionState
DebugBreak
CloseHandle
ReadFile
WriteFile
GetFileSizeEx
SetLastError
DeleteFileW
CreateDirectoryW
SetFileAttributesW
SetFileShortNameW
QueryPerformanceCounter
MoveFileExW
RemoveDirectoryW
GetSystemTimeAsFileTime
BackupRead
QueryPerformanceFrequency
WerRegisterFile
FindFirstFileW
FindNextFileW
FindClose
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
WaitForMultipleObjects
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
UnmapViewOfFile
GetCurrentThread
DuplicateHandle
MapViewOfFile
CreateFileMappingW
CreateProcessW
SetThreadErrorMode
SetErrorMode
VirtualFree
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
LocalFree
HeapDestroy
DisableThreadLibraryCalls
InitializeProcThreadAttributeList
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
lstrcpynW
lstrcmpiW
GetModuleHandleW
GetProcessId
GetSystemDirectoryW
IsWow64Process2
FindVolumeClose
FormatMessageW
HeapFree
DeviceIoControl
LoadLibraryExW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetProcessHeap
HeapAlloc
VirtualUnlock
GetProcAddress
GetLastError
FreeLibrary
GetFileAttributesW
GetFileType
BackupWrite
GetVolumePathNameW
CreateDirectoryExW
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
ExpandEnvironmentStringsW
GetDiskFreeSpaceExW
GetFullPathNameW
GetDriveTypeW
FindFirstVolumeW
FindNextVolumeW
TerminateProcess
user32
CharPrevW
CharNextW
GetSystemMetrics
LoadStringW
ktmw32
CommitTransaction
RollbackTransaction
CreateTransaction
ntdll
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlSetCurrentTransaction
RtlGetCurrentTransaction
WinSqmAddToStream
RtlDeleteElementGenericTableAvl
RtlEnumerateGenericTableAvl
RtlInitializeGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlComputeCrc32
RtlDosPathNameToNtPathName_U
DbgPrintEx
NtClose
RtlWerpReportException
NtSetSystemInformation
RtlTryAcquirePebLock
RtlReleasePebLock
NtClearEvent
RtlDecodeSystemPointer
RtlEnumerateGenericTableWithoutSplayingAvl
EtwTraceMessage
NtQuerySecurityObject
RtlValidRelativeSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
NtSetSecurityObject
RtlNtStatusToDosError
RtlInitUnicodeString
RtlCreateSystemVolumeInformationFolder
RtlFreeHeap
RtlGetLastNtStatus
RtlLockBootStatusData
RtlGetSetBootStatusData
RtlFreeUnicodeString
RtlSetBits
RtlInitializeBitMap
NtSetInformationProcess
NtQueryInformationProcess
WinSqmAddToStreamEx
RtlUnlockBootStatusData
NtQueryInformationFile
NtOpenFile
NtSetInformationFile
rpcrt4
NdrMesTypeEncode3
NdrMesTypeDecode3
MesEncodeDynBufferHandleCreate
I_RpcExceptionFilter
MesDecodeBufferHandleCreate
MesHandleFree
ole32
CoGetMalloc
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
StringFromCLSID
StringFromGUID2
CLSIDFromString
oleaut32
SysAllocString
VarUI4FromStr
SysFreeString
advapi32
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyExW
RegOpenKeyTransactedW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegCloseKey
RegReplaceKeyW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegLoadKeyW
RegUnLoadKeyW
TraceMessage
RegQueryValueExW
LookupPrivilegeValueW
EventRegister
EventEnabled
EventWrite
EventUnregister
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenThreadToken
OpenProcessToken
ControlTraceW
StartTraceW
EnableTraceEx2
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AdjustTokenPrivileges
vssapi
GetProviderMgmtInterfaceInternal
wer
WerReportAddFile
WerReportSetParameter
WerReportSubmit
WerReportCloseHandle
WerReportCreate
spp
SxTracerDebuggerBreak
SxTracerShouldTrackFailure
SxTracerGetThreadContextRetail
SppFreeGroupPropArray
bcd
BcdEnumerateObjects
BcdOpenSystemStore
BcdCloseObject
BcdGetElementData
BcdOpenObject
BcdCloseStore
api-ms-win-core-wow64-l1-1-1
GetSystemWow64Directory2W
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShutdownContinuation
SrFreeRestoreStatus
SrFreeRpPropArray
Sections
.text Size: 336KB - Virtual size: 336KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 83KB - Virtual size: 83KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
srcore/uireng.dll.dll windows:10 windows x64 arch:x64
c2ca58b2270719afbdbaea723f8d2d76
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
uireng.pdb
Imports
msvcrt
wcsrchr
wcschr
memcpy
memmove
_wcsnicmp
_CxxThrowException
_wtoi
wcstol
_wcsupr
wcsstr
wcstoul
_wcstoui64
_itow_s
wcscpy_s
__CxxFrameHandler3
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
_purecall
_vsnprintf
_wcsicmp
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
_snwscanf_s
_vscwprintf
wcscmp
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
EventUnregister
StartTraceW
UnregisterTraceGuids
RegOpenKeyW
RegisterTraceGuidsW
GetTraceEnableFlags
EnableTrace
FlushTraceW
EnableTraceEx
ControlTraceW
EventWriteString
OpenTraceW
ProcessTrace
CloseTrace
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
gdi32
CreateSolidBrush
StretchBlt
CreateCompatibleDC
CreateDCW
ExcludeClipRect
DeleteObject
CreatePen
SelectObject
GetStockObject
Rectangle
ExtCreatePen
MoveToEx
LineTo
PolyBezier
SetDCBrushColor
Ellipse
DeleteDC
GetCurrentObject
CreateCompatibleBitmap
BitBlt
GetObjectW
gdiplus
GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipCloneImage
kernel32
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
ExitProcess
OpenProcess
K32GetModuleFileNameExW
LocalFree
GetSystemTimeAsFileTime
ReadProcessMemory
GetTimeFormatW
GetFileAttributesW
RemoveDirectoryW
ExpandEnvironmentStringsW
CreateDirectoryW
WaitForMultipleObjects
CreateThread
Sleep
UnregisterWait
RegisterWaitForSingleObject
FindFirstFileW
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
ReadFile
FreeLibrary
GetWindowsDirectoryW
LoadLibraryW
ResumeThread
GetSystemDirectoryW
FindNextFileW
GetDriveTypeW
GetLongPathNameW
SizeofResource
WriteFile
UnmapViewOfFile
MultiByteToWideChar
LockResource
DeleteFileW
LoadResource
FindResourceW
GetFileSize
WideCharToMultiByte
CreateFileMappingW
SearchPathW
DuplicateHandle
ResetEvent
GetThreadPriority
GetCurrentThread
MapViewOfFile
SetEvent
CreateEventW
InitializeConditionVariable
SetThreadPriority
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
HeapReAlloc
DeleteCriticalSection
LoadLibraryExW
FindClose
GetVersionExW
GetProductInfo
FileTimeToSystemTime
MoveFileExW
GetDateFormatW
SystemTimeToTzSpecificLocalTime
QueryFullProcessImageNameW
msdrm
DRMIsWindowProtected
ntdll
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
RtlGetFullPathName_UEx
RtlInitUnicodeString
NtApphelpCacheControl
NtQueryValueKey
NtClose
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeStringEx
NtQueryInformationProcess
ZwClose
ZwOpenKey
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlFormatCurrentUserKeyPath
ZwCreateFile
ole32
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateGuid
CLSIDFromString
oleacc
GetRoleTextW
oleaut32
SysFreeString
VariantClear
VariantInit
SysAllocString
SysStringLen
shell32
CommandLineToArgvW
ShellExecuteW
SHFileOperationW
shlwapi
PathRemoveBlanksW
PathRemoveExtensionW
SHCreateStreamOnFileEx
PathFindFileNameW
PathCombineW
user32
CallNextHookEx
SetWindowsHookExW
GetClientRect
SetLayeredWindowAttributes
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
ShowWindow
RegisterWindowMessageW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
WindowFromPoint
GetWindowThreadProcessId
GetGUIThreadInfo
GetCursorInfo
ReleaseDC
UnhookWindowsHookEx
GetDC
GetDesktopWindow
DrawIcon
GetIconInfo
LoadCursorW
GetWindowRect
GetClassNameW
InternalGetWindowText
GetParent
GetWindowLongPtrW
GetKeyState
GetKeyNameTextW
MapVirtualKeyW
GetWindowInfo
PtInRect
GetAsyncKeyState
LoadImageW
GetSystemMetrics
GetDoubleClickTime
IsHungAppWindow
GetRawInputDeviceInfoW
GetPointerDevices
DestroyWindow
RegisterRawInputDevices
RegisterClassExW
CreateWindowExW
UnregisterClassW
FillRect
SetWindowLongPtrW
CopyImage
SetWindowPos
GetWindowTextW
EnableWindow
ReleaseCapture
SystemParametersInfoW
GetDlgItem
SwitchDesktop
SetCapture
GetProcessDefaultLayout
FindWindowW
LoadIconW
IsRectEmpty
CreateDesktopW
ClientToScreen
IsDialogMessageW
CloseDesktop
GetThreadDesktop
SetThreadDesktop
SendMessageW
SetProcessDefaultLayout
CreateDialogParamW
GetWindowTextLengthW
GetCursorPos
InvalidateRect
UpdateWindow
FindWindowExW
WindowFromPhysicalPoint
DefWindowProcW
GetRawInputData
EndPaint
SetWinEventHook
GetWindowLongW
ShowWindowAsync
UnhookWinEvent
PhysicalToLogicalPointForPerMonitorDPI
EnumWindows
BeginPaint
aepic
PicFreeFileInfo
PicRetrieveFileInfo
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
xmllite
CreateXmlWriter
hid
HidP_GetLinkCollectionNodes
HidP_GetValueCaps
HidP_GetUsageValue
HidP_GetUsages
HidP_GetCaps
msimg32
AlphaBlend
rpcrt4
RpcServerListen
RpcServerRegisterIf2
NdrServerCall2
RpcServerUseProtseqEpW
NdrServerCallAll
Exports
Exports
UirGetScreenComment
UirInitializeEngine
UirIsRecordingActive
UirOutCreateOutputFile
UirPauseRecordingSession
UirResumeRecordingSession
UirStartRecordingSession
UirStopRecordingSession
UirUninitializeEngine
UirUpdateRecordingSession
Sections
.text Size: 156KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 84KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 188B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ