VBoxGuestAdditions_7[.]0[.]6[.]iso

Sharing

Copy URL Twitter E-mail

General

Target

VBoxGuestAdditions_7.0.6.iso
Size

50.6MB
MD5

04598822893ff5d5d10ccc8530d5a4d5
SHA1

c98546002a049e81593866795f1b74936298864a
SHA256

21e0f407d2a4f5c286084a70718aa20235ea75969eca0cab6cfab43a3499a010
SHA512

ba948b05209cad10d0772009af7529339faa44c31f75e0e10811887bd280f5fb7ed545dec315380ea99532bcbfc72833740c3c8b55502e8ec883d809c2bce47f
SSDEEP

786432:emk+V1pw8Yqwkz/a0/RuxGdT0Xj1NxIXWlbCAcTVMUJBZL2:emTV4q1PTUjTaOCAcTeUJBZK

Score

3^/10

Malware Config

Signatures

Unsigned PE 66 IoCs

Checks for missing Authenticode signature.

resource
unpack002/NT3x/VBoxControl.exe
unpack002/NT3x/VBoxGuest.sys
unpack004/$0/VBoxGuest/VBoxControl.exe
unpack004/$0/VBoxGuest/VBoxGuest.sys
unpack004/$0/VBoxGuest/VBoxTray.exe
unpack004/$0/VBoxMouse/VBoxMouse.sys
unpack004/$0/VBoxSF/VBoxSF.sys
unpack004/$0/VBoxVideo/VBoxDisp.dll
unpack004/$0/VBoxWddm/VBoxDX-x86.dll
unpack004/$0/VBoxWddm/VBoxDX.dll
unpack004/$0/VBoxWddm/VBoxDispD3D-x86.dll
unpack004/$0/VBoxWddm/VBoxDispD3D.dll
unpack004/$0/VBoxWddm/VBoxGL-x86.dll
unpack004/$0/VBoxWddm/VBoxGL.dll
unpack004/$0/VBoxWddm/VBoxNine-x86.dll
unpack004/$0/VBoxWddm/VBoxNine.dll
unpack004/$0/VBoxWddm/VBoxSVGA-x86.dll
unpack004/$0/VBoxWddm/VBoxSVGA.dll
unpack004/$0/VBoxWddm/VBoxWddm.sys
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/nsDialogs.dll
unpack004/VBoxControl.exe
unpack004/VBoxDX-x86.dll
unpack004/VBoxDX.dll
unpack004/VBoxDisp.dll
unpack004/VBoxDispD3D-x86.dll
unpack004/VBoxDispD3D.dll
unpack004/VBoxGL-x86.dll
unpack004/VBoxGL.dll
unpack004/VBoxGuest.sys
unpack004/VBoxMouse.sys
unpack004/VBoxNine-x86.dll
unpack004/VBoxNine.dll
unpack004/VBoxSVGA-x86.dll
unpack004/VBoxSVGA.dll
unpack004/VBoxTray.exe
unpack004/VBoxWddm.sys
unpack005/$0/VBoxGuest/VBoxControl.exe
unpack005/$0/VBoxGuest/VBoxGuest.sys
unpack005/$0/VBoxGuest/VBoxTray.exe
unpack005/$0/VBoxMouse/VBoxMouse.sys
unpack005/$0/VBoxSF/VBoxSF.sys
unpack005/$0/VBoxVideo/VBoxDisp.dll
unpack005/$0/VBoxWddm/VBoxDX.dll
unpack005/$0/VBoxWddm/VBoxDispD3D.dll
unpack005/$0/VBoxWddm/VBoxGL.dll
unpack005/$0/VBoxWddm/VBoxNine.dll
unpack005/$0/VBoxWddm/VBoxSVGA.dll
unpack005/$0/VBoxWddm/VBoxWddm.sys
unpack005/$PLUGINSDIR/System.dll
unpack005/$PLUGINSDIR/nsDialogs.dll
unpack005/$SYSDIR/VBoxControl.exe
unpack005/$SYSDIR/VBoxDisp.dll
unpack005/$SYSDIR/VBoxTray.exe
unpack005/$SYSDIR/drivers/VBoxGuest.sys
unpack005/VBoxControl.exe
unpack005/VBoxDX.dll
unpack005/VBoxDisp.dll
unpack005/VBoxDispD3D.dll
unpack005/VBoxGL.dll
unpack005/VBoxGuest.sys
unpack005/VBoxMouse.sys
unpack005/VBoxNine.dll
unpack005/VBoxSVGA.dll
unpack005/VBoxTray.exe
unpack005/VBoxWddm.sys

Files

VBoxGuestAdditions_7.0.6.iso
.iso
out.iso
.iso
AUTORUN.INF
NT3x/Readme.txt
NT3x/VBoxAddInstallNt3x.exe
.exe windows:1 windows x86 arch:x86

e7ef6d3b129020bbd3c8fb273a070be5

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:0a:ba:2e:8e:4b:8e:5d:ff:e7:a1:fe:09:4b:1c:e0:5b:32:42:02:fc:d3:b1:b7:64:1b:09:20:eb:14:5b:72
Signer

Actual PE Digest

38:0a:ba:2e:8e:4b:8e:5d:ff:e7:a1:fe:09:4b:1c:e0:5b:32:42:02:fc:d3:b1:b7:64:1b:09:20:eb:14:5b:72

Digest Algorithm

sha256

PE Digest Matches

true

9e:b5:9f:8d:e9:72:67:be:ae:eb:13:75:18:5d:7a:88:b7:63:6d:bd
Signer

Actual PE Digest

9e:b5:9f:8d:e9:72:67:be:ae:eb:13:75:18:5d:7a:88:b7:63:6d:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxAddInstallNt3x\VBoxAddInstallNt3x.pdb

Imports

kernel32

CopyFileW
GetStdHandle
GetConsoleMode
GetCurrentProcess
TerminateProcess
WideCharToMultiByte
GetACP
SetFilePointer
WriteFile
CloseHandle
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetModuleHandleW
GetSystemDirectoryW
GetCurrentThreadId
TlsGetValue
GetEnvironmentVariableW
RtlUnwind
GetModuleFileNameW
GetTickCount
GetVersion
Sleep
SetLastError
GetLastError
SetFileAttributesW
GetProcAddress
GetFileAttributesW

advapi32

QueryServiceStatus
OpenServiceW
OpenSCManagerW
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW

ntdll

NtClose
NtQueryVolumeInformationFile
NtTerminateProcess
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtProtectVirtualMemory

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NT3x/VBoxControl.exe
.exe windows:1 windows x86 arch:x86

c070f49e423addd5a8f7d84fc4b72de8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxControl\VBoxControl.pdb

Imports

kernel32

GetFileType
GetLastError
GetConsoleMode
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
DuplicateHandle
SetLastError
DeviceIoControl
GetCurrentProcess
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
MoveFileExW
TerminateProcess
GetCurrentProcessId
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetTickCount
GetTimeZoneInformation
SetThreadPriority
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetNamedPipeInfo
CreateDirectoryW
VirtualAlloc
VirtualFree
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
CreateFileA
PeekNamedPipe
GetOverlappedResult
ResetEvent
CreateEventA
GetNamedPipeHandleStateA
RtlUnwind
GetStdHandle
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
GetCommandLineW
GetModuleHandleA

user32

EnumDisplayDevicesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegOpenKeyExW

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile
NtQueryObject
NtTerminateProcess
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtQueryDirectoryFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtProtectVirtualMemory
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtCancelIoFile

Exports

Exports

g_abRTZero16K
g_abRTZero32K
g_abRTZero4K
g_abRTZero64K
g_abRTZero8K
g_abRTZeroPage
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NT3x/VBoxGuest.sys
.sys windows:6 windows x86 arch:x86

87f400735742d99e416c11acd9ff13ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxGuest\VBoxGuest.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoDisconnectInterrupt
ZwClose
ZwQueryInformationToken
ZwOpenProcessToken
KeGetCurrentThread
KeDelayExecutionThread
KeInitializeTimer
KeSetTimer
IoGetCurrentProcess
MmIsAddressValid
KeInitializeEvent
KeRemoveQueueDpc
KeNumberProcessors
KeResetEvent
KeCancelTimer
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
RtlUnwind
KeInsertQueueDpc
KeInitializeDpc
RtlInitUnicodeString
DbgPrint
RtlQueryRegistryValues

hal

HalTranslateBusAddress
HalGetInterruptVector
KeGetCurrentIrql
HalGetBusData

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTCritSectRwDelete
RTCritSectRwEnterExcl
RTCritSectRwEnterExclDebug
RTCritSectRwEnterShared
RTCritSectRwEnterSharedDebug
RTCritSectRwGetReadCount
RTCritSectRwGetWriteRecursion
RTCritSectRwGetWriterReadRecursion
RTCritSectRwInit
RTCritSectRwInitEx
RTCritSectRwIsReadOwner
RTCritSectRwIsWriteOwner
RTCritSectRwLeaveExcl
RTCritSectRwLeaveShared
RTCritSectRwSetSubClass
RTCritSectRwTryEnterExcl
RTCritSectRwTryEnterExclDebug
RTCritSectRwTryEnterShared
RTCritSectRwTryEnterSharedDebug
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNCmp
RTStrNICmpAscii
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreateEx
RTTimerDestroy
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16ICmpAscii
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NT3x/VBoxMouseNT.sys
.sys windows:6 windows x86 arch:x86

992a51222357af9cfb8733c614830fab

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:fd:e3:80:af:73:91:25:3c:82:94:55:7e:40:ca:ff:6c:f0:05:9f:c8:76:0a:5d:8f:fa:33:c5:d6:eb:5d:c4
Signer

Actual PE Digest

9a:fd:e3:80:af:73:91:25:3c:82:94:55:7e:40:ca:ff:6c:f0:05:9f:c8:76:0a:5d:8f:fa:33:c5:d6:eb:5d:c4

Digest Algorithm

sha256

PE Digest Matches

true

e5:03:7a:1f:0b:b1:d8:89:95:27:12:ac:ef:60:fe:5b:b0:8b:3c:c1
Signer

Actual PE Digest

e5:03:7a:1f:0b:b1:d8:89:95:27:12:ac:ef:60:fe:5b:b0:8b:3c:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxMouseNT\VBoxMouseNT.pdb

Imports

ntoskrnl.exe

RtlAppendUnicodeToString
RtlFreeAnsiString
KeInitializeDpc
KeInsertQueueDpc
KeSynchronizeExecution
KeInitializeTimer
KeCancelTimer
KeSetTimer
KeInitializeSpinLock
KeQueryTimeIncrement
ExAllocatePool
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoAcquireCancelSpinLock
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDisconnectInterrupt
IoReleaseCancelSpinLock
IoStartNextPacket
IoStartPacket
RtlAppendUnicodeStringToString
IoReportResourceUsage
KeGetCurrentThread
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
IoGetCurrentProcess
MmIsAddressValid
DbgPrint
KeNumberProcessors
KeRemoveQueueDpc
KeInitializeEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeQuerySystemTime
KeQueryTickCount
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlUnwind
KeReadStateMutex
RtlCopyUnicodeString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlIntegerToUnicodeString
RtlWriteRegistryValue
RtlQueryRegistryValues
IoQueryDeviceDescription
strstr
KeInitializeMutex
KeReleaseMutex

hal

HalGetBusData
HalTranslateBusAddress
HalGetInterruptVector
KeStallExecutionProcessor
WRITE_PORT_UCHAR
READ_PORT_UCHAR
KeGetCurrentIrql

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NT3x/VBoxService.exe
.exe windows:1 windows x86 arch:x86

2750b8884e9fac16bee220471572a25b

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:6c:a9:f5:83:4f:75:e9:b9:30:1b:a9:f2:04:f8:80:35:82:8b:4f:f6:3d:3f:d2:22:7b:df:55:7d:a2:e0:12
Signer

Actual PE Digest

b4:6c:a9:f5:83:4f:75:e9:b9:30:1b:a9:f2:04:f8:80:35:82:8b:4f:f6:3d:3f:d2:22:7b:df:55:7d:a2:e0:12

Digest Algorithm

sha256

PE Digest Matches

true

ce:d8:18:ec:31:50:40:6a:ee:7a:22:ef:0d:e6:ae:27:43:38:67:4a
Signer

Actual PE Digest

ce:d8:18:ec:31:50:40:6a:ee:7a:22:ef:0d:e6:ae:27:43:38:67:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetFileType
CreateFileA
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetStdHandle
SetEvent
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
CreateEventW
RtlUnwind
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
LocalFree
GetModuleFileNameA
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
GetConsoleMode
MoveFileExW

user32

GetUserObjectSecurity
SetUserObjectSecurity
GetProcessWindowStation
SetProcessWindowStation
OpenWindowStationA
OpenDesktopA
CloseDesktop

advapi32

GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountSidA
IsValidSid
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtResetEvent
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtQueryObject
NtOpenDirectoryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlGetNtProductType
RtlFreeUnicodeString
NtTerminateProcess
NtOpenProcess
NtProtectVirtualMemory

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OS2/VBoxControl.exe
OS2/VBoxGuest.sys
OS2/VBoxMouse.sys
OS2/VBoxOs2AdditionsInstall.exe
OS2/VBoxReplaceDll.exe
OS2/VBoxSF.ifs
OS2/VBoxService.exe
OS2/gengradd.dll
OS2/libc06.dll
OS2/libc061.dll
OS2/libc062.dll
OS2/libc063.dll
OS2/libc064.dll
OS2/libc065.dll
OS2/libc066.dll
OS2/readme.txt
VBoxDarwinAdditions.pkg
.pkg macos
VBoxDarwinAdditionsUninstall.tool
.sh linux
VBoxLinuxAdditions.run
.sh linux
VBoxSolarisAdditions.pkg
VBoxWindowsAdditions-amd64.exe
.exe windows:4 windows x86 arch:x86

59b8ea9c7392c40cfbac34d0d968ab59

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:4f:20:bf:18:f2:13:5c:ec:61:61:d1:20:9b:45:d0:b5:2e:96:b4:8c:a5:62:2e:19:53:47:10:97:53:d4:23
Signer

Actual PE Digest

1d:4f:20:bf:18:f2:13:5c:ec:61:61:d1:20:9b:45:d0:b5:2e:96:b4:8c:a5:62:2e:19:53:47:10:97:53:d4:23

Digest Algorithm

sha256

PE Digest Matches

true

09:bf:13:af:18:ba:aa:96:2f:1b:05:46:83:21:9e:02:9f:24:3e:ea
Signer

Actual PE Digest

09:bf:13:af:18:ba:aa:96:2f:1b:05:46:83:21:9e:02:9f:24:3e:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongW
GetWindowLongW
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
CreateFileW
WriteFile
RemoveDirectoryW
CreateProcessW
lstrcmpiA
CreateThread
GlobalLock
CreateDirectoryW
GetDiskFreeSpaceW
WideCharToMultiByte
GlobalUnlock
lstrlenW
SetErrorMode
lstrcpynW
GetCommandLineW
GetTempPathW
GetVersionExW
SetEnvironmentVariableW
CopyFileW
GetWindowsDirectoryW
GetCurrentProcess
GetModuleFileNameW
ExitProcess
GetTickCount
Sleep
GetFileSize
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 244KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/Bin/VBoxService.exe
.exe windows:5 windows x64 arch:x64

68d13acadc6fa23938208623f7f8474b

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:ff:59:14:b4:76:19:c7:57:c5:21:54:1e:0f:d9:39:1f:b3:59:eb:fb:1a:10:89:60:0f:99:ad:1c:cf:03:97
Signer

Actual PE Digest

a6:ff:59:14:b4:76:19:c7:57:c5:21:54:1e:0f:d9:39:1f:b3:59:eb:fb:1a:10:89:60:0f:99:ad:1c:cf:03:97

Digest Algorithm

sha256

PE Digest Matches

true

5b:70:32:b2:cd:fb:b7:42:04:dc:c8:30:2f:22:19:c5:31:ad:8c:01
Signer

Actual PE Digest

5b:70:32:b2:cd:fb:b7:42:04:dc:c8:30:2f:22:19:c5:31:ad:8c:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetFileType
CreateFileA
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetStdHandle
SetEvent
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
RtlUnwindEx
CreateEventW
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
LocalFree
GetModuleFileNameA
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
GetConsoleMode
MoveFileExW

user32

GetUserObjectSecurity
SetUserObjectSecurity
GetProcessWindowStation
SetProcessWindowStation
OpenWindowStationA
OpenDesktopA
CloseDesktop

advapi32

GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountSidA
IsValidSid
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtResetEvent
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtQueryObject
NtOpenDirectoryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlFreeUnicodeString
NtTerminateProcess
NtOpenProcess

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/Tools/DIFxAPI.dll
.dll windows:6 windows x64 arch:x64

fa7bbfc375651121b7223cafa40dc7b8

Code Sign

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:15:23:0f:00:00:00:00:00:0a
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 21:57

Not After

07/03/2011, 21:57

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

6b:55:60:61:36:ea:2b:db:06:1f:e0:d9:92:1a:27:14:39:e5:af:db
Signer

Actual PE Digest

6b:55:60:61:36:ea:2b:db:06:1f:e0:d9:92:1a:27:14:39:e5:af:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

difxapi.pdb

Imports

msvcrt

_unlock
__dllonexit
_lock
_onexit
??3@YAXPEAX@Z
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
memcpy
??1type_info@@UEAA@XZ
_amsg_exit
_XcptFilter
__C_specific_handler
memset
_wcsupr
_wcslwr
_errno
__CxxFrameHandler
iswdigit
_vscwprintf
wcsrchr
wcspbrk
_wcsnicmp
iswalpha
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_fileno
_lseeki64
wcsstr
wcschr
_write
_isatty
_CxxThrowException
??2@YAPEAX_K@Z
_wcsicmp
??_U@YAPEAX_K@Z
memmove
_initterm
_vsnwprintf
_resetstkoflw
malloc
free
??_V@YAXPEAX@Z
memcmp

ntdll

RtlNtStatusToDosError
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

WaitForSingleObjectEx
SetEndOfFile
WaitForMultipleObjectsEx
GetThreadLocale
LCMapStringW
SetFilePointer
CreateEventW
SetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExA
RaiseException
HeapSize
VirtualProtect
Sleep
GetProcessHeap
GetSystemTimeAsFileTime
DeviceIoControl
ReleaseMutex
WaitForSingleObject
CreateMutexW
LocalReAlloc
LocalAlloc
GetSystemDirectoryW
LocalFree
CompareStringW
WideCharToMultiByte
GetEnvironmentVariableW
GetSystemWindowsDirectoryW
CopyFileW
HeapReAlloc
HeapAlloc
HeapFree
InitializeCriticalSection
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
OutputDebugStringA
GetLastError
lstrcmpiW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
VerifyVersionInfoW
SetFileAttributesW
DeleteFileW
GetFullPathNameW
GetFileAttributesW
CreateDirectoryW
GetTempFileNameW
MoveFileExW
CreateFileW
CloseHandle
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
RemoveDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
UnmapViewOfFile

user32

UnregisterClassA
CharLowerW

setupapi

pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupDiClassNameFromGuidW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiSetClassInstallParamsW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
CM_Get_Device_IDW
SetupDiSetDeviceRegistryPropertyW
CM_Setup_DevNode
CM_Query_And_Remove_SubTreeW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CM_Enumerate_Classes
SetupDiOpenClassRegKey
SetupGetTargetPathW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupQueueCopyW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupCloseFileQueue
SetupOpenFileQueue
SetupCopyOEMInfW
SetupOpenInfFileW
SetupCloseInfFile
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupOpenAppendInfFileW
SetupFindFirstLineW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupFindNextLine
SetupFindNextMatchLineW
SetupGetStringFieldW
SetupGetIntField
SetupGetFieldCount

advapi32

DeleteService
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ControlService
StartServiceW
RegCloseKey
CloseServiceHandle

ole32

CoInitialize
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

crypt32

CertGetCTLContextProperty
CertFreeCertificateContext
CertFreeCTLContext
CryptQueryObject

Exports

Exports

DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/Tools/VBoxDrvInst.exe
.exe windows:5 windows x64 arch:x64

c70f9195cc2cd78ccdb20598fd507143

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:d2:e6:65:ab:4f:35:82:85:1b:77:5f:28:6f:0b:6f:c4:50:91:a6:18:61:5a:4a:f5:16:26:41:27:60:ac:3b
Signer

Actual PE Digest

2b:d2:e6:65:ab:4f:35:82:85:1b:77:5f:28:6f:0b:6f:c4:50:91:a6:18:61:5a:4a:f5:16:26:41:27:60:ac:3b

Digest Algorithm

sha256

PE Digest Matches

true

93:d2:81:20:3a:a9:a7:62:41:92:56:52:18:56:2c:e2:9b:9d:5e:44
Signer

Actual PE Digest

93:d2:81:20:3a:a9:a7:62:41:92:56:52:18:56:2c:e2:9b:9d:5e:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDrvInst\VBoxDrvInst.pdb

Imports

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiInstallDevice
SetupDiSetDeviceInstallParamsW
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiRegisterDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallback
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW

kernel32

GetStdHandle
CreateFileW
GetFullPathNameW
WriteFile
CloseHandle
GetLastError
SetLastError
GetSystemTime
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
FormatMessageW
lstrcmpiW
GetConsoleMode
WriteConsoleW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
GetACP
GetCurrentProcess
TerminateProcess

advapi32

UnlockServiceDatabase
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

ntdll

NtTerminateProcess

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxControl.exe
.exe windows:5 windows x64 arch:x64

0a23ff706f714702dc6f56795902bd3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxControl\VBoxControl.pdb

Imports

kernel32

GetFileType
GetLastError
GetConsoleMode
SetErrorMode
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
DuplicateHandle
SetLastError
DeviceIoControl
GetCurrentProcess
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
MoveFileExW
TerminateProcess
GetCommandLineW
GetCurrentProcessId
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetVersion
GetTickCount
GetTimeZoneInformation
SetThreadPriority
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetNamedPipeInfo
CreateDirectoryW
VirtualAlloc
VirtualFree
RtlUnwindEx
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
CreateFileA
PeekNamedPipe
GetOverlappedResult
ResetEvent
CreateEventA
GetNamedPipeHandleStateA
GetStdHandle
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
OutputDebugStringA
GetModuleHandleA

user32

EnumDisplayDevicesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegOpenKeyExW

ntdll

NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile
NtQueryObject
NtTerminateProcess
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtQueryDirectoryFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtCancelIoFile

Exports

Exports

g_abRTZero16K
g_abRTZero32K
g_abRTZero4K
g_abRTZero64K
g_abRTZero8K
g_abRTZeroPage
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxGuest.cat
$0/VBoxGuest/VBoxGuest.inf
$0/VBoxGuest/VBoxGuest.sys
.sys windows:6 windows x64 arch:x64

2917b61a8abfffb42bd208b10cdced8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxGuest\VBoxGuest.pdb

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
KeInitializeDpc
KeInsertQueueDpc
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
MmMapIoSpace
MmUnmapIoSpace
PsGetVersion
RtlQueryRegistryValues
IofCallDriver
IofCompleteRequest
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoDisconnectInterrupt
ZwClose
ZwQueryInformationToken
ZwOpenProcessToken
ObReferenceObjectByHandle
IoAttachDeviceToDeviceStack
RtlInitUnicodeString
strchr
DbgPrint
ZwQuerySystemInformation
__C_specific_handler
strcmp
MmSystemRangeStart
KeResetEvent
ExAcquireFastMutex
ExReleaseFastMutex
KeRemoveQueueDpc
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
IoGetCurrentProcess
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmIsAddressValid
KeNumberProcessors
__chkstk
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmProtectMdlSystemAddress
MmUnmapLockedPages
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
KeSetPriorityThread
PsCreateSystemThread
ObfDereferenceObject

Exports

Exports

ASMAtomicBitClear
ASMAtomicCmpXchgU8
ASMAtomicXchgU8
ASMGetFlags
ASMNopPause
ASMSetFlags
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTCritSectRwDelete
RTCritSectRwEnterExcl
RTCritSectRwEnterExclDebug
RTCritSectRwEnterShared
RTCritSectRwEnterSharedDebug
RTCritSectRwGetReadCount
RTCritSectRwGetWriteRecursion
RTCritSectRwGetWriterReadRecursion
RTCritSectRwInit
RTCritSectRwInitEx
RTCritSectRwIsReadOwner
RTCritSectRwIsWriteOwner
RTCritSectRwLeaveExcl
RTCritSectRwLeaveShared
RTCritSectRwSetSubClass
RTCritSectRwTryEnterExcl
RTCritSectRwTryEnterExclDebug
RTCritSectRwTryEnterShared
RTCritSectRwTryEnterSharedDebug
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNCmp
RTStrNICmpAscii
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreateEx
RTTimerDestroy
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16ICmpAscii
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcmp

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxHook.dll
.dll windows:5 windows x64 arch:x64

874ae42215bf30b7d8d566f6758b97a3

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:62:3f:12:03:b8:fa:ee:0b:71:9e:ea:3e:15:92:9d:6f:df:0c:a3:93:a4:46:74:cc:74:8f:f8:53:ca:09:d1
Signer

Actual PE Digest

de:62:3f:12:03:b8:fa:ee:0b:71:9e:ea:3e:15:92:9d:6f:df:0c:a3:93:a4:46:74:cc:74:8f:f8:53:ca:09:d1

Digest Algorithm

sha256

PE Digest Matches

true

1c:fe:a2:85:8c:ce:d2:c1:df:f1:97:9d:99:29:e7:89:de:d4:44:48
Signer

Actual PE Digest

1c:fe:a2:85:8c:ce:d2:c1:df:f1:97:9d:99:29:e7:89:de:d4:44:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxHook\VBoxHook.pdb

Imports

kernel32

SetEvent
OpenEventA
GetCurrentProcess
TerminateProcess
GetLastError
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetProcessHeap

user32

SetWinEventHook
UnhookWinEvent
GetWindowLongA

ole32

CoUninitialize
CoInitialize

Exports

Exports

VBoxHookInstallActiveDesktopTracker
VBoxHookInstallWindowTracker
VBoxHookRemoveActiveDesktopTracker
VBoxHookRemoveWindowTracker
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxTray.exe
.exe windows:5 windows x64 arch:x64

45cec31cafce2061f4586782350eab96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxTray\VBoxTray.pdb

Imports

kernel32

SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
RaiseException
GetCurrentProcess
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateFileW
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
LocalAlloc
LocalFree
GetStdHandle
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetModuleFileNameW
GetSystemDirectoryW
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetFileType
GetConsoleMode
GetCommandLineW
OutputDebugStringA
DeleteFileW
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
RtlUnwindEx
CreateFileA
CreateDirectoryW
GetSystemTime
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
SetEnvironmentVariableW
SetLastError
lstrlenW
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalAlloc
GetCurrentThreadId
GetTickCount
GetProcAddress
GetModuleHandleA
CreateThread
RemoveDirectoryW
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersion
InitializeCriticalSection
GetModuleHandleW
SetThreadPriority
GetCurrentThread
CreateEventA
CreateMutexA
SetEvent
GetLastError
SetErrorMode
CloseHandle

user32

MessageBoxW
ShowCursor
WindowFromPoint
GetWindowThreadProcessId
SetWindowPos
GetClipboardOwner
SetClipboardData
GetClipboardData
RegisterClipboardFormatA
SendMessageTimeoutA
SendMessageCallbackA
OpenClipboard
CloseClipboard
SetClipboardViewer
GetClipboardViewer
ChangeClipboardChain
EnumClipboardFormats
GetClipboardFormatNameA
EmptyClipboard
TrackMouseEvent
ShowWindow
GetSystemMetrics
ClientToScreen
SetWindowLongA
GetWindowLongPtrA
SetWindowLongPtrA
GetClipboardFormatNameW
AttachThreadInput
EnumDisplayDevicesA
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowRgn
EnumDisplaySettingsA
ReleaseDC
GetDC
GetClassInfoExA
PostQuitMessage
PostThreadMessageA
GetMessageA
DestroyIcon
LoadIconA
LoadCursorA
FindWindowExA
GetDesktopWindow
GetCursorPos
MessageBoxA
SetForegroundWindow
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostMessageA
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
RegisterWindowMessageA
ChangeDisplaySettingsA
SystemParametersInfoA
EnumWindows
GetClassNameA
FindWindowA

gdi32

DeleteDC
CreateDCA
CreateSolidBrush
SetRectRgn
OffsetRgn
GetRegionData
DeleteObject
CreateRectRgn
ExtEscape
CombineRgn

advapi32

RegSetValueExW
GetUserNameW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegCloseKey
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
InitializeAcl

shell32

Shell_NotifyIconA
DragQueryFileA
DragQueryFileW

ole32

ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
DoDragDrop
CoLockObjectExternal
RegisterDragDrop
OleUninitialize
RevokeDragDrop
OleInitialize

ntdll

NtOpenProcess
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryDirectoryFile
NtTerminateProcess
NtSetInformationFile
NtCancelIoFile
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
NtQueryInformationProcess
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
RtlFreeUnicodeString
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/vboxguest.cat
$0/VBoxMouse/VBoxMouse.cat
$0/VBoxMouse/VBoxMouse.inf
$0/VBoxMouse/VBoxMouse.sys
.sys windows:6 windows x64 arch:x64

c38be29df8b64a6d1bb10dd81e9616cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxMouse\VBoxMouse.pdb

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
IofCallDriver
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockAndWaitEx
PoCallDriver
PoStartNextPowerIrp
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
IoReleaseRemoveLockEx
IoGetDeviceProperty
ObfReferenceObject
ObfDereferenceObject
ExAcquireFastMutex
DbgPrint
PsGetVersion
MmIsAddressValid
__C_specific_handler
KeNumberProcessors
MmGetSystemRoutineAddress
ZwQuerySystemInformation
strcmp
MmSystemRangeStart
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
__chkstk
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
strchr
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExReleaseFastMutex

Exports

Exports

ASMAtomicBitClear
ASMAtomicCmpXchgU8
ASMAtomicXchgU8
ASMGetFlags
ASMNopPause
ASMSetFlags
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcmp
memcpy
memmove

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxMouse/vboxmouse.cat
$0/VBoxSF/VBoxSF.sys
.sys windows:6 windows x64 arch:x64

d133e0fc2feb775c0d68e9582c71a5dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxSF\VBoxSF.pdb

Imports

ntoskrnl.exe

ExAcquireFastMutex
ExReleaseFastMutex
ExTryToAcquireFastMutex
IofCompleteRequest
IoCreateSymbolicLink
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObReferenceObjectByPointer
ObfDereferenceObject
ZwCreateFile
ZwClose
__C_specific_handler
IoFileObjectType
IoGetCurrentProcess
CcPurgeCacheSection
CcFlushCache
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmCanFileBeTruncated
CcSetFileSizes
ExIsResourceAcquiredExclusiveLite
ExAllocatePoolWithTag
ExFreePoolWithTag
IoIsOperationSynchronous
ExpInterlockedPopEntrySList
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExQueryDepthSList
ExpInterlockedPushEntrySList
KeWaitForSingleObject
KeSetEvent
DbgPrint
ExAcquireSharedStarveExclusive
ExAcquireSharedWaitForExclusive
ExIsResourceAcquiredSharedLite
KeReleaseMutex
ExReleaseResourceForThreadLite
ExAcquireResourceSharedLite
ExRaiseStatus
SeTokenIsRestricted
SeQueryAuthenticationIdToken
SeQuerySessionIdToken
SeQueryInformationToken
ExInitializeResourceLite
FsRtlInitializeFileLock
ExDeleteResourceLite
FsRtlUninitializeFileLock
KeBugCheckEx
MmQuerySystemSize
RtlGetVersion
ZwQuerySystemInformation
KeInitializeQueue
KeRundownQueue
PsIsThreadTerminating
PsCreateSystemThread
KeResetEvent
PsTerminateSystemThread
PsThreadType
KeRemoveQueue
KeInsertQueue
MmProbeAndLockPages
IoAllocateMdl
IoFreeMdl
FsRtlIsNtstatusExpected
MmMapLockedPagesSpecifyCache
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
MmUnlockPages
MmForceSectionClosed
MmFlushImageSection
KeQueryTimeIncrement
RtlUpcaseUnicodeChar
RtlEqualUnicodeString
ExConvertExclusiveToSharedLite
IoAllocateIrp
IofCallDriver
IoCancelIrp
IoFreeIrp
IoGetTopLevelIrp
IoSetTopLevelIrp
KeInitializeDpc
KeInitializeTimer
KeInitializeEvent
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
KeSetTimer
IoCreateDevice
IoRegisterFileSystem
FsRtlRegisterUncProvider
IoDeleteDevice
IoUnregisterFileSystem
FsRtlDeregisterUncProvider
SeCaptureSubjectContext
SeReleaseSubjectContext
MmGetSystemRoutineAddress
KeEnterCriticalRegion
KeLeaveCriticalRegion
IoGetStackLimits
KeInitializeMutex
ExFreePool
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
IoWMIRegistrationControl
ZwOpenKey
ZwQueryValueKey
RtlIntegerToUnicodeString
RtlAppendUnicodeStringToString
FsRtlDoesNameContainWildCards
IoCheckShareAccess
IoSetShareAccess
IoUpdateShareAccess
_stricmp
RtlCopyUnicodeString
IoGetRequestorProcess
PsGetProcessImageFileName
RtlLengthSecurityDescriptor
ExQueueWorkItem
IoReleaseCancelSpinLock
FsRtlProcessFileLock
FsRtlFastUnlockSingle
ExSetResourceOwnerPointer
_local_unwind
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
IoRaiseInformationalHardError
FsRtlFastCheckLockForRead
FsRtlFastCheckLockForWrite
KeClearEvent
CcMdlReadComplete
CcMdlWriteComplete
CcUninitializeCacheMap
FsRtlPostStackOverflow
FsRtlCheckLockForReadAccess
CcInitializeCacheMap
CcCopyRead
CcMdlRead
CcSetReadAheadGranularity
CcSetAdditionalCacheAttributes
IoRemoveShareAccess
FsRtlFastUnlockAll
RtlCompareMemory
IoCheckEaBufferValidity
FsRtlNormalizeNtstatus
RtlFreeUnicodeString
ProbeForRead
ProbeForWrite
wcschr
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlCreateUnicodeString
ZwOpenDirectoryObject
FsRtlCheckLockForWriteAccess
CcCanIWrite
CcDeferWrite
CcCopyWrite
CcPrepareMdlWrite
ExInterlockedAddUlong
CcFastCopyRead
IoGetRelatedDeviceObject
CcZeroData
CcFastCopyWrite
KeSetPriorityThread
KeCancelTimer
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
strcmp
MmSystemRangeStart
MmIsAddressValid
MmHighestUserAddress
strchr
KeReadStateMutex
ExAllocatePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
PsGetVersion
KeNumberProcessors
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
KeInsertQueueDpc
KeRemoveQueueDpc
__chkstk
LsaFreeReturnBuffer

ksecdd.sys

GetSecurityUserInfo

Exports

Exports

ASMAtomicBitClear
ASMAtomicCmpXchgU8
ASMAtomicXchgU8
ASMGetFlags
ASMNopPause
ASMSetFlags
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelLogger
RTLogRelLoggerV
RTLogRelPrintf
RTLogRelPrintfV
RTLogRelSetBuffering
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemAreKrnlAndUsrDifferent
RTR0MemKernelCopyFrom
RTR0MemKernelCopyTo
RTR0MemKernelIsValidAddr
RTR0MemUserCopyFrom
RTR0MemUserCopyTo
RTR0MemUserIsValidAddr
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcmp

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxVideo/VBoxDisp.dll
.dll windows:6 windows x64 arch:x64

7d169efd38bae25431ee9dc7d4dd657e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDisp\VBoxDisp.pdb

Imports

win32k.sys

EngCreateBitmap
EngCreateDeviceSurface
EngDeleteSurface
EngLockSurface
EngUnlockSurface
EngAssociateSurface
EngAllocMem
EngFreeMem
EngDeviceIoControl
EngCopyBits
PALOBJ_cGetColors
EngCreatePalette
EngDeletePalette
PATHOBJ_vGetBounds
EngBitBlt
EngLineTo
EngStretchBlt
EngTextOut
EngStrokePath
EngFillPath
EngPaint
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
PATHOBJ_vEnumStart
PATHOBJ_bEnum
FONTOBJ_vGetInfo
STROBJ_vEnumStart
STROBJ_bEnum

Exports

Exports

ASMAtomicCmpXchgU8
ASMAtomicXchgU8
RTCrc64
RTCrc64Finish
RTCrc64Process
RTCrc64Start
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogFormatV
RTLogWriteUser
RTStrCopy
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
memcmp
memcpy
memmove
memset

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 749B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxVideo/VBoxVideo.cat
$0/VBoxVideo/VBoxVideo.inf
$0/VBoxVideo/VBoxVideo.sys
.dll windows:6 windows x64 arch:x64

788f4d110fa0615f9d415adfedaabad5

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:2e:8c:e5:04:32:a6:42:b8:7c:e0:dd:22:21:76:34:58:6e:fe:32:9c:37:cb:83:95:bf:bd:08:38:72:0b:04
Signer

Actual PE Digest

aa:2e:8c:e5:04:32:a6:42:b8:7c:e0:dd:22:21:76:34:58:6e:fe:32:9c:37:cb:83:95:bf:bd:08:38:72:0b:04

Digest Algorithm

sha256

PE Digest Matches

true

d8:6f:c6:f0:4f:70:2a:5c:5b:f9:a3:d4:46:83:ce:e1:06:46:4a:87
Signer

Actual PE Digest

d8:6f:c6:f0:4f:70:2a:5c:5b:f9:a3:d4:46:83:ce:e1:06:46:4a:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxVideo\VBoxVideo.pdb

Imports

videoprt.sys

VideoPortGetAccessRanges
VideoPortInitialize
VideoPortReadPortUshort
VideoPortReadPortUlong
VideoPortSetRegistryParameters
VideoPortWritePortUshort
VideoPortWritePortUlong
VideoPortZeroMemory
VideoPortGetRegistryParameters
VideoPortMapMemory
VideoPortMoveMemory
VideoPortUnmapMemory
VideoPortWritePortUchar
VideoPortSynchronizeExecution

ntoskrnl.exe

PsGetVersion
KeAcquireSpinLockRaiseToDpc
RtlInitUnicodeString
KeInitializeEvent
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
IofCallDriver
IoGetDeviceObjectPointer
ObfDereferenceObject
strchr
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExAcquireFastMutex
ExReleaseFastMutex
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
DbgPrint
MmIsAddressValid
__C_specific_handler
KeNumberProcessors
IoGetCurrentProcess
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
MmGetSystemRoutineAddress
ZwQuerySystemInformation
strcmp
MmSystemRangeStart
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetEvent
__chkstk
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeReleaseSpinLock

Exports

Exports

ASMAtomicBitClear
ASMAtomicCmpXchgU8
ASMAtomicXchgU8
ASMGetFlags
ASMNopPause
ASMSetFlags
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcmp

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 773B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxDX-x86.dll
.dll windows:6 windows x86 arch:x86

c25f6cc6ba63993eb756bb9449e2e8c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDX-x86\VBoxDX-x86.pdb

Imports

kernel32

GetProcessHeap
GetCurrentProcessId
Sleep
GetCurrentThreadId
SetErrorMode
GetVersion
GetModuleHandleW
GetProcAddress
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetCommandLineW
OutputDebugStringA
GetStdHandle
WriteFile
CloseHandle
RaiseException
GetCurrentProcess
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
GetEnvironmentVariableW
SetLastError
GetSystemTime
GetTickCount
SystemTimeToFileTime
CreateFileW
HeapReAlloc
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
TerminateProcess
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind
HeapFree
DeleteFileW
HeapAlloc

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtProtectVirtualMemory
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter10
OpenAdapter10_2
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxDX.dll
.dll windows:6 windows x64 arch:x64

e01e574bc1eff7b90c082f938753014c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDX\VBoxDX.pdb

Imports

kernel32

GetProcessHeap
GetCurrentProcessId
Sleep
GetCurrentThreadId
SetErrorMode
GetModuleHandleW
GetProcAddress
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetCommandLineW
OutputDebugStringA
GetStdHandle
WriteFile
CloseHandle
RaiseException
GetCurrentProcess
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
GetEnvironmentVariableW
SetLastError
GetSystemTime
GetVersion
GetTickCount
SystemTimeToFileTime
CreateFileW
HeapReAlloc
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
TerminateProcess
GetConsoleMode
RtlUnwindEx
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
GetACP
HeapFree
DeleteFileW
HeapAlloc

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter10
OpenAdapter10_2
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxDispD3D-x86.dll
.dll windows:6 windows x86 arch:x86

9e8d2160071cd8815ae2135fe514a2ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDispD3D-x86\VBoxDispD3D-x86.pdb

Imports

psapi

GetModuleInformation

kernel32

GetLastError
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetSystemDirectoryA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
WriteFile
GetCommandLineW
CloseHandle
RaiseException
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetEnvironmentVariableW
GetSystemTime
GetTickCount
SystemTimeToFileTime
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
GetStdHandle
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind

user32

GetCursorPos
EnumDisplayDevicesW

gdi32

CreateDCW
DeleteDC

ntdll

RtlGetNtProductType
NtProtectVirtualMemory
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxDispD3D.dll
.dll windows:6 windows x64 arch:x64

7d8b5bd6463873c82bfb7e74643944f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDispD3D\VBoxDispD3D.pdb

Imports

psapi

GetModuleInformation

kernel32

GetLastError
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetSystemDirectoryA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
SetErrorMode
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
GetStdHandle
WriteFile
GetCurrentProcess
CloseHandle
RaiseException
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetEnvironmentVariableW
GetSystemTime
GetVersion
GetTickCount
SystemTimeToFileTime
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
GetCommandLineW
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
GetConsoleMode
RtlUnwindEx
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
GetACP

user32

GetCursorPos
EnumDisplayDevicesW

gdi32

CreateDCW
DeleteDC

ntdll

NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxGL-x86.dll
.dll windows:6 windows x86 arch:x86

57d7b966d88dc2186a1affa965ffdae9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxGL-x86\VBoxGL-x86.pdb

Imports

kernel32

GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
SetErrorMode
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
TlsFree
SetThreadPriority
SetLastError
RtlUnwind
GetLastError
GetTickCount
GetSystemDirectoryA
LoadLibraryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
Thread32First
Thread32Next
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessorNumber
SetThreadAffinityMask
InitOnceExecuteOnce
GetModuleFileNameA
SleepConditionVariableCS
HeapAlloc
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetSystemTimeAsFileTime
GetProcessTimes
VirtualFree
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapFree
HeapReAlloc
VirtualAlloc
SetFilePointer
SetFileAttributesW
SetEndOfFile
ReadFile
GetACP
WideCharToMultiByte
GetFileType
GetConsoleMode

user32

LoadIconA
LoadCursorA
AdjustWindowRectEx
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
GetWindowRect
WindowFromDC
EnumDisplayDevicesA
EnumDisplaySettingsA
UnhookWindowsHookEx
GetDC
ReleaseDC
GetClientRect
SetWindowsHookExA
CallNextHookEx
ClientToScreen

gdi32

SetPixelFormat
GetPixelFormat
DescribePixelFormat
DeleteDC
CreateDCA
GetGlyphOutlineA

ntdll

NtProtectVirtualMemory
RtlFreeUnicodeString
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtQueryDirectoryObject

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
_glActiveShaderProgram@8
_glActiveTexture@4
_glActiveTextureARB@4
_glAlphaFuncx@8
_glAreTexturesResidentEXT@12
_glArrayElementEXT@4
_glAttachObjectARB@8
_glAttachShader@8
_glBeginConditionalRender@8
_glBeginConditionalRenderNV@8
_glBeginQuery@8
_glBeginQueryARB@8
_glBeginQueryIndexed@12
_glBeginTransformFeedback@4
_glBindAttribLocation@12
_glBindAttribLocationARB@12
_glBindBuffer@8
_glBindBufferARB@8
_glBindBufferBase@12
_glBindBufferRange@20
_glBindBuffersBase@16
_glBindBuffersRange@24
_glBindFragDataLocation@12
_glBindFragDataLocationEXT@12
_glBindFragDataLocationIndexed@16
_glBindFramebuffer@8
_glBindFramebufferEXT@8
_glBindImageTexture@28
_glBindImageTextures@12
_glBindProgramARB@8
_glBindProgramPipeline@4
_glBindRenderbuffer@8
_glBindRenderbufferEXT@8
_glBindSampler@8
_glBindSamplers@12
_glBindTextureEXT@8
_glBindTextures@12
_glBindTransformFeedback@8
_glBindVertexArray@4
_glBindVertexBuffer@16
_glBindVertexBuffers@20
_glBlendBarrier@0
_glBlendColor@16
_glBlendColorEXT@16
_glBlendEquation@4
_glBlendEquationEXT@4
_glBlendEquationSeparate@8
_glBlendEquationSeparatei@12
_glBlendEquationSeparateiARB@12
_glBlendEquationi@8
_glBlendEquationiARB@8
_glBlendFuncSeparate@16
_glBlendFuncSeparateEXT@16
_glBlendFuncSeparatei@20
_glBlendFuncSeparateiARB@20
_glBlendFunci@12
_glBlendFunciARB@12
_glBlitFramebuffer@40
_glBufferData@16
_glBufferDataARB@16
_glBufferStorage@16
_glBufferSubData@16
_glBufferSubDataARB@16
_glCheckFramebufferStatus@4
_glCheckFramebufferStatusEXT@4
_glClampColor@8
_glClampColorARB@8
_glClearBufferData@20
_glClearBufferSubData@28
_glClearBufferfi@16
_glClearBufferfv@12
_glClearBufferiv@12
_glClearBufferuiv@12
_glClearColorIiEXT@16
_glClearColorIuiEXT@16
_glClearColorx@16
_glClearDepthf@4
_glClearDepthx@4
_glClearTexImage@20
_glClearTexSubImage@44
_glClientActiveTexture@4
_glClientActiveTextureARB@4
_glClientWaitSync@16
_glClipPlanef@8
_glClipPlanex@8
_glColor4x@16
_glColorMaskIndexedEXT@20
_glColorMaski@20
_glColorP3ui@8
_glColorP3uiv@8
_glColorP4ui@8
_glColorP4uiv@8
_glColorPointerEXT@20
_glColorSubTable@24
_glColorTable@24
_glColorTableParameterfv@12
_glColorTableParameteriv@12
_glCompileShader@4
_glCompileShaderARB@4
_glCompressedTexImage1D@28
_glCompressedTexImage1DARB@28
_glCompressedTexImage2D@32
_glCompressedTexImage2DARB@32
_glCompressedTexImage3D@36
_glCompressedTexImage3DARB@36
_glCompressedTexSubImage1D@28
_glCompressedTexSubImage1DARB@28
_glCompressedTexSubImage2D@36
_glCompressedTexSubImage2DARB@36
_glCompressedTexSubImage3D@44
_glCompressedTexSubImage3DARB@44
_glConvolutionFilter1D@24
_glConvolutionFilter2D@28
_glConvolutionParameterf@12
_glConvolutionParameterfv@12
_glConvolutionParameteri@12
_glConvolutionParameteriv@12
_glCopyBufferSubData@20
_glCopyColorSubTable@20
_glCopyColorTable@20
_glCopyConvolutionFilter1D@20
_glCopyConvolutionFilter2D@24
_glCopyImageSubData@60
_glCopyTexSubImage3D@36
_glCopyTexSubImage3DEXT@36
_glCreateProgram@0
_glCreateProgramObjectARB@0
_glCreateShader@4
_glCreateShaderObjectARB@4
_glCreateShaderProgramv@12
_glDebugMessageCallback@8
_glDebugMessageCallbackARB@8
_glDebugMessageControl@24
_glDebugMessageControlARB@24
_glDebugMessageInsert@24
_glDebugMessageInsertARB@24
_glDeleteBuffers@8
_glDeleteBuffersARB@8
_glDeleteFramebuffers@8
_glDeleteFramebuffersEXT@8
_glDeleteObjectARB@4
_glDeleteProgram@4
_glDeleteProgramPipelines@8
_glDeleteProgramsARB@8
_glDeleteQueries@8
_glDeleteQueriesARB@8
_glDeleteRenderbuffers@8
_glDeleteRenderbuffersEXT@8
_glDeleteSamplers@8
_glDeleteShader@4
_glDeleteSync@4
_glDeleteTexturesEXT@8
_glDeleteTransformFeedbacks@8
_glDeleteVertexArrays@8
_glDepthRangeArrayv@12
_glDepthRangeIndexed@20
_glDepthRangef@8
_glDepthRangex@8
_glDetachObjectARB@8
_glDetachShader@8
_glDisableIndexedEXT@8
_glDisableVertexAttribArray@4
_glDisableVertexAttribArrayARB@4
_glDisablei@8
_glDispatchCompute@12
_glDispatchComputeIndirect@4
_glDrawArraysEXT@12
_glDrawArraysIndirect@8
_glDrawArraysInstanced@16
_glDrawArraysInstancedARB@16
_glDrawArraysInstancedBaseInstance@20
_glDrawArraysInstancedEXT@16
_glDrawBuffers@8
_glDrawBuffersARB@8
_glDrawBuffersATI@8
_glDrawElementsBaseVertex@20
_glDrawElementsIndirect@12
_glDrawElementsInstanced@20
_glDrawElementsInstancedARB@20
_glDrawElementsInstancedBaseInstance@24
_glDrawElementsInstancedBaseVertex@24
_glDrawElementsInstancedBaseVertexBaseInstance@28
_glDrawElementsInstancedEXT@20
_glDrawRangeElements@24
_glDrawRangeElementsBaseVertex@28
_glDrawRangeElementsEXT@24
_glDrawTransformFeedback@8
_glDrawTransformFeedbackInstanced@12
_glDrawTransformFeedbackStream@12
_glDrawTransformFeedbackStreamInstanced@16
_glEdgeFlagPointerEXT@12
_glEnableIndexedEXT@8
_glEnableVertexAttribArray@4
_glEnableVertexAttribArrayARB@4
_glEnablei@8
_glEndConditionalRender@0
_glEndConditionalRenderNV@0
_glEndQuery@4
_glEndQueryARB@4
_glEndQueryIndexed@8
_glEndTransformFeedback@0
_glFenceSync@8
_glFlushMappedBufferRange@12
_glFogCoordPointer@12
_glFogCoordPointerEXT@12
_glFogCoordd@8
_glFogCoorddEXT@8
_glFogCoorddv@4
_glFogCoorddvEXT@4
_glFogCoordf@4
_glFogCoordfEXT@4
_glFogCoordfv@4
_glFogCoordfvEXT@4
_glFogx@8
_glFogxv@8
_glFramebufferParameteri@12
_glFramebufferRenderbuffer@16
_glFramebufferRenderbufferEXT@16
_glFramebufferTexture1D@20
_glFramebufferTexture1DEXT@20
_glFramebufferTexture2D@20
_glFramebufferTexture2DEXT@20
_glFramebufferTexture3D@24
_glFramebufferTexture3DEXT@24
_glFramebufferTexture@16
_glFramebufferTextureLayer@20
_glFramebufferTextureLayerEXT@20
_glFrustumf@24
_glFrustumx@24
_glGenBuffers@8
_glGenBuffersARB@8
_glGenFramebuffers@8
_glGenFramebuffersEXT@8
_glGenProgramPipelines@8
_glGenProgramsARB@8
_glGenQueries@8
_glGenQueriesARB@8
_glGenRenderbuffers@8
_glGenRenderbuffersEXT@8
_glGenSamplers@8
_glGenTexturesEXT@8
_glGenTransformFeedbacks@8
_glGenVertexArrays@8
_glGenerateMipmap@4
_glGenerateMipmapEXT@4
_glGetActiveAtomicCounterBufferiv@16
_glGetActiveAttrib@28
_glGetActiveAttribARB@28
_glGetActiveUniform@28
_glGetActiveUniformARB@28
_glGetActiveUniformBlockName@20
_glGetActiveUniformBlockiv@16
_glGetActiveUniformName@20
_glGetActiveUniformsiv@20
_glGetAttachedObjectsARB@16
_glGetAttachedShaders@16
_glGetAttribLocation@8
_glGetAttribLocationARB@8
_glGetBooleanIndexedvEXT@12
_glGetBooleani_v@12
_glGetBufferParameteri64v@12
_glGetBufferParameteriv@12
_glGetBufferParameterivARB@12
_glGetBufferPointerv@12
_glGetBufferPointervARB@12
_glGetBufferSubData@16
_glGetBufferSubDataARB@16
_glGetClipPlanef@8
_glGetClipPlanex@8
_glGetColorTable@16
_glGetColorTableParameterfv@12
_glGetColorTableParameteriv@12
_glGetCompressedTexImage@12
_glGetCompressedTexImageARB@12
_glGetConvolutionFilter@16
_glGetConvolutionParameterfv@12
_glGetConvolutionParameteriv@12
_glGetDebugMessageLog@32
_glGetDebugMessageLogARB@32
_glGetDoublei_v@12
_glGetFixedv@8
_glGetFloati_v@12
_glGetFragDataIndex@8
_glGetFragDataLocation@8
_glGetFragDataLocationEXT@8
_glGetFramebufferAttachmentParameteriv@16
_glGetFramebufferAttachmentParameterivEXT@16
_glGetFramebufferParameteriv@12
_glGetGraphicsResetStatus@0
_glGetGraphicsResetStatusARB@0
_glGetHandleARB@4
_glGetHistogram@20
_glGetHistogramParameterfv@12
_glGetHistogramParameteriv@12
_glGetInfoLogARB@16
_glGetInteger64i_v@12
_glGetInteger64v@8
_glGetIntegerIndexedvEXT@12
_glGetIntegeri_v@12
_glGetLightxv@12
_glGetMaterialxv@12
_glGetMinmax@20
_glGetMinmaxParameterfv@12
_glGetMinmaxParameteriv@12
_glGetMultisamplefv@12
_glGetObjectLabel@20
_glGetObjectParameterfvARB@12
_glGetObjectParameterivARB@12
_glGetObjectPtrLabel@16
_glGetPointervEXT@8
_glGetProgramBinary@20
_glGetProgramEnvParameterdvARB@12
_glGetProgramEnvParameterfvARB@12
_glGetProgramInfoLog@16
_glGetProgramInterfaceiv@16
_glGetProgramLocalParameterdvARB@12
_glGetProgramLocalParameterfvARB@12
_glGetProgramPipelineInfoLog@16
_glGetProgramPipelineiv@12
_glGetProgramResourceIndex@12
_glGetProgramResourceLocation@12
_glGetProgramResourceName@24
_glGetProgramResourceiv@32
_glGetProgramStringARB@12
_glGetProgramiv@12
_glGetProgramivARB@12
_glGetQueryIndexediv@16
_glGetQueryObjectiv@12
_glGetQueryObjectivARB@12
_glGetQueryObjectuiv@12
_glGetQueryObjectuivARB@12
_glGetQueryiv@12
_glGetQueryivARB@12
_glGetRenderbufferParameteriv@12
_glGetRenderbufferParameterivEXT@12
_glGetSamplerParameterIiv@12
_glGetSamplerParameterIuiv@12
_glGetSamplerParameterfv@12
_glGetSamplerParameteriv@12
_glGetSeparableFilter@24
_glGetShaderInfoLog@16
_glGetShaderPrecisionFormat@16
_glGetShaderSource@16
_glGetShaderSourceARB@16
_glGetShaderiv@12
_glGetStringi@8
_glGetSynciv@20
_glGetTexEnvxv@12
_glGetTexParameterIiv@12
_glGetTexParameterIivEXT@12
_glGetTexParameterIuiv@12
_glGetTexParameterIuivEXT@12
_glGetTexParameterxv@12
_glGetTransformFeedbackVarying@28
_glGetUniformBlockIndex@8
_glGetUniformIndices@16
_glGetUniformLocation@8
_glGetUniformLocationARB@8
_glGetUniformfv@12
_glGetUniformfvARB@12
_glGetUniformiv@12
_glGetUniformivARB@12
_glGetUniformuiv@12
_glGetUniformuivEXT@12
_glGetVertexAttribIiv@12
_glGetVertexAttribIivEXT@12
_glGetVertexAttribIuiv@12
_glGetVertexAttribIuivEXT@12
_glGetVertexAttribPointerv@12
_glGetVertexAttribPointervARB@12
_glGetVertexAttribdv@12
_glGetVertexAttribdvARB@12
_glGetVertexAttribfv@12
_glGetVertexAttribfvARB@12
_glGetVertexAttribiv@12
_glGetVertexAttribivARB@12
_glGetnColorTableARB@20
_glGetnCompressedTexImageARB@16
_glGetnConvolutionFilterARB@20
_glGetnHistogramARB@24
_glGetnMapdvARB@16
_glGetnMapfvARB@16
_glGetnMapivARB@16
_glGetnMinmaxARB@24
_glGetnPixelMapfvARB@12
_glGetnPixelMapuivARB@12
_glGetnPixelMapusvARB@12
_glGetnPolygonStippleARB@8
_glGetnSeparableFilterARB@32
_glGetnTexImageARB@24
_glGetnUniformdvARB@16
_glGetnUniformfv@16
_glGetnUniformfvARB@16
_glGetnUniformiv@16
_glGetnUniformivARB@16
_glGetnUniformuiv@16
_glGetnUniformuivARB@16
_glHistogram@16
_glIndexPointerEXT@16
_glInvalidateBufferData@4
_glInvalidateBufferSubData@12
_glInvalidateFramebuffer@12
_glInvalidateSubFramebuffer@28
_glInvalidateTexImage@8
_glInvalidateTexSubImage@32
_glIsBuffer@4
_glIsBufferARB@4
_glIsEnabledIndexedEXT@8
_glIsEnabledi@8
_glIsFramebuffer@4
_glIsFramebufferEXT@4
_glIsProgram@4
_glIsProgramARB@4
_glIsProgramPipeline@4
_glIsQuery@4
_glIsQueryARB@4
_glIsRenderbuffer@4
_glIsRenderbufferEXT@4
_glIsSampler@4
_glIsShader@4
_glIsSync@4
_glIsTextureEXT@4
_glIsTransformFeedback@4
_glIsVertexArray@4
_glLightModelx@8
_glLightModelxv@8
_glLightx@12
_glLightxv@12
_glLineWidthx@4
_glLinkProgram@4
_glLinkProgramARB@4
_glLoadMatrixx@4
_glLoadTransposeMatrixd@4
_glLoadTransposeMatrixdARB@4
_glLoadTransposeMatrixf@4
_glLoadTransposeMatrixfARB@4
_glLockArraysEXT@8
_glMapBuffer@8
_glMapBufferARB@8
_glMapBufferRange@16
_glMaterialx@12
_glMaterialxv@12
_glMemoryBarrier@4
_glMemoryBarrierByRegion@4
_glMinSampleShading@4
_glMinSampleShadingARB@4
_glMinmax@12
_glMultMatrixx@4
_glMultTransposeMatrixd@4
_glMultTransposeMatrixdARB@4
_glMultTransposeMatrixf@4
_glMultTransposeMatrixfARB@4
_glMultiDrawArrays@16
_glMultiDrawArraysEXT@16
_glMultiDrawArraysIndirect@16
_glMultiDrawElements@20
_glMultiDrawElementsBaseVertex@24
_glMultiDrawElementsEXT@20
_glMultiDrawElementsIndirect@20
_glMultiTexCoord1d@12
_glMultiTexCoord1dARB@12
_glMultiTexCoord1dv@8
_glMultiTexCoord1dvARB@8
_glMultiTexCoord1f@8
_glMultiTexCoord1fARB@8
_glMultiTexCoord1fv@8
_glMultiTexCoord1fvARB@8
_glMultiTexCoord1i@8
_glMultiTexCoord1iARB@8
_glMultiTexCoord1iv@8
_glMultiTexCoord1ivARB@8
_glMultiTexCoord1s@8
_glMultiTexCoord1sARB@8
_glMultiTexCoord1sv@8
_glMultiTexCoord1svARB@8
_glMultiTexCoord2d@20
_glMultiTexCoord2dARB@20
_glMultiTexCoord2dv@8
_glMultiTexCoord2dvARB@8
_glMultiTexCoord2f@12
_glMultiTexCoord2fARB@12

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxGL.dll
.dll windows:5 windows x64 arch:x64

4d1118852576b769b804795333b86e69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxGL\VBoxGL.pdb

Imports

kernel32

GetModuleFileNameW
GetStdHandle
WriteFile
SetErrorMode
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
RtlUnwindEx
TlsFree
SetThreadPriority
SetLastError
GetLastError
GetVersion
GetTickCount
GetSystemDirectoryA
LoadLibraryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
Thread32First
Thread32Next
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessorNumber
SetThreadAffinityMask
InitOnceExecuteOnce
GetModuleFileNameA
HeapAlloc
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetSystemTimeAsFileTime
GetProcessTimes
VirtualFree
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapFree
HeapReAlloc
VirtualAlloc
SetFilePointer
SetFileAttributesW
SetEndOfFile
ReadFile
GetACP
GetFileType
GetConsoleMode
WideCharToMultiByte

user32

LoadIconA
LoadCursorA
AdjustWindowRectEx
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
GetClientRect
WindowFromDC
EnumDisplayDevicesA
SetWindowsHookExA
UnhookWindowsHookEx
GetDC
ReleaseDC
CallNextHookEx
ClientToScreen
GetWindowRect
EnumDisplaySettingsA

gdi32

SetPixelFormat
GetPixelFormat
DescribePixelFormat
DeleteDC
CreateDCA
GetGlyphOutlineA

ntdll

RtlFreeUnicodeString
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtQueryDirectoryObject

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
glAccum
glActiveShaderProgram
glActiveTexture
glActiveTextureARB
glAlphaFunc
glAlphaFuncx
glAreTexturesResident
glAreTexturesResidentEXT
glArrayElement
glArrayElementEXT
glAttachObjectARB
glAttachShader
glBegin
glBeginConditionalRender
glBeginConditionalRenderNV
glBeginQuery
glBeginQueryARB
glBeginQueryIndexed
glBeginTransformFeedback
glBindAttribLocation
glBindAttribLocationARB
glBindBuffer
glBindBufferARB
glBindBufferBase
glBindBufferRange
glBindBuffersBase
glBindBuffersRange
glBindFragDataLocation
glBindFragDataLocationEXT
glBindFragDataLocationIndexed
glBindFramebuffer
glBindFramebufferEXT
glBindImageTexture
glBindImageTextures
glBindProgramARB
glBindProgramPipeline
glBindRenderbuffer
glBindRenderbufferEXT
glBindSampler
glBindSamplers
glBindTexture
glBindTextureEXT
glBindTextures
glBindTransformFeedback
glBindVertexArray
glBindVertexBuffer
glBindVertexBuffers
glBitmap
glBlendBarrier
glBlendColor
glBlendColorEXT
glBlendEquation
glBlendEquationEXT
glBlendEquationSeparate
glBlendEquationSeparatei
glBlendEquationSeparateiARB
glBlendEquationi
glBlendEquationiARB
glBlendFunc
glBlendFuncSeparate
glBlendFuncSeparateEXT
glBlendFuncSeparatei
glBlendFuncSeparateiARB
glBlendFunci
glBlendFunciARB
glBlitFramebuffer
glBufferData
glBufferDataARB
glBufferStorage
glBufferSubData
glBufferSubDataARB
glCallList
glCallLists
glCheckFramebufferStatus
glCheckFramebufferStatusEXT
glClampColor
glClampColorARB
glClear
glClearAccum
glClearBufferData
glClearBufferSubData
glClearBufferfi
glClearBufferfv
glClearBufferiv
glClearBufferuiv
glClearColor
glClearColorIiEXT
glClearColorIuiEXT
glClearColorx
glClearDepth
glClearDepthf
glClearDepthx
glClearIndex
glClearStencil
glClearTexImage
glClearTexSubImage
glClientActiveTexture
glClientActiveTextureARB
glClientWaitSync
glClipPlane
glClipPlanef
glClipPlanex
glColor3b
glColor3bv
glColor3d
glColor3dv
glColor3f
glColor3fv
glColor3i
glColor3iv
glColor3s
glColor3sv
glColor3ub
glColor3ubv
glColor3ui
glColor3uiv
glColor3us
glColor3usv
glColor4b
glColor4bv
glColor4d
glColor4dv
glColor4f
glColor4fv
glColor4i
glColor4iv
glColor4s
glColor4sv
glColor4ub
glColor4ubv
glColor4ui
glColor4uiv
glColor4us
glColor4usv
glColor4x
glColorMask
glColorMaskIndexedEXT
glColorMaski
glColorMaterial
glColorP3ui
glColorP3uiv
glColorP4ui
glColorP4uiv
glColorPointer
glColorPointerEXT
glColorSubTable
glColorTable
glColorTableParameterfv
glColorTableParameteriv
glCompileShader
glCompileShaderARB
glCompressedTexImage1D
glCompressedTexImage1DARB
glCompressedTexImage2D
glCompressedTexImage2DARB
glCompressedTexImage3D
glCompressedTexImage3DARB
glCompressedTexSubImage1D
glCompressedTexSubImage1DARB
glCompressedTexSubImage2D
glCompressedTexSubImage2DARB
glCompressedTexSubImage3D
glCompressedTexSubImage3DARB
glConvolutionFilter1D
glConvolutionFilter2D
glConvolutionParameterf
glConvolutionParameterfv
glConvolutionParameteri
glConvolutionParameteriv
glCopyBufferSubData
glCopyColorSubTable
glCopyColorTable
glCopyConvolutionFilter1D
glCopyConvolutionFilter2D
glCopyImageSubData
glCopyPixels
glCopyTexImage1D
glCopyTexImage2D
glCopyTexSubImage1D
glCopyTexSubImage2D
glCopyTexSubImage3D
glCopyTexSubImage3DEXT
glCreateProgram
glCreateProgramObjectARB
glCreateShader
glCreateShaderObjectARB
glCreateShaderProgramv
glCullFace
glDebugMessageCallback
glDebugMessageCallbackARB
glDebugMessageControl
glDebugMessageControlARB
glDebugMessageInsert
glDebugMessageInsertARB
glDeleteBuffers
glDeleteBuffersARB
glDeleteFramebuffers
glDeleteFramebuffersEXT
glDeleteLists
glDeleteObjectARB
glDeleteProgram
glDeleteProgramPipelines
glDeleteProgramsARB
glDeleteQueries
glDeleteQueriesARB
glDeleteRenderbuffers
glDeleteRenderbuffersEXT
glDeleteSamplers
glDeleteShader
glDeleteSync
glDeleteTextures
glDeleteTexturesEXT
glDeleteTransformFeedbacks
glDeleteVertexArrays
glDepthFunc
glDepthMask
glDepthRange
glDepthRangeArrayv
glDepthRangeIndexed
glDepthRangef
glDepthRangex
glDetachObjectARB
glDetachShader
glDisable
glDisableClientState
glDisableIndexedEXT
glDisableVertexAttribArray
glDisableVertexAttribArrayARB
glDisablei
glDispatchCompute
glDispatchComputeIndirect
glDrawArrays
glDrawArraysEXT
glDrawArraysIndirect
glDrawArraysInstanced
glDrawArraysInstancedARB
glDrawArraysInstancedBaseInstance
glDrawArraysInstancedEXT
glDrawBuffer
glDrawBuffers
glDrawBuffersARB
glDrawBuffersATI
glDrawElements
glDrawElementsBaseVertex
glDrawElementsIndirect
glDrawElementsInstanced
glDrawElementsInstancedARB
glDrawElementsInstancedBaseInstance
glDrawElementsInstancedBaseVertex
glDrawElementsInstancedBaseVertexBaseInstance
glDrawElementsInstancedEXT
glDrawPixels
glDrawRangeElements
glDrawRangeElementsBaseVertex
glDrawRangeElementsEXT
glDrawTransformFeedback
glDrawTransformFeedbackInstanced
glDrawTransformFeedbackStream
glDrawTransformFeedbackStreamInstanced
glEdgeFlag
glEdgeFlagPointer
glEdgeFlagPointerEXT
glEdgeFlagv
glEnable
glEnableClientState
glEnableIndexedEXT
glEnableVertexAttribArray
glEnableVertexAttribArrayARB
glEnablei
glEnd
glEndConditionalRender
glEndConditionalRenderNV
glEndList
glEndQuery
glEndQueryARB
glEndQueryIndexed
glEndTransformFeedback
glEvalCoord1d
glEvalCoord1dv
glEvalCoord1f
glEvalCoord1fv
glEvalCoord2d
glEvalCoord2dv
glEvalCoord2f
glEvalCoord2fv
glEvalMesh1
glEvalMesh2
glEvalPoint1
glEvalPoint2
glFeedbackBuffer
glFenceSync
glFinish
glFlush
glFlushMappedBufferRange
glFogCoordPointer
glFogCoordPointerEXT
glFogCoordd
glFogCoorddEXT
glFogCoorddv
glFogCoorddvEXT
glFogCoordf
glFogCoordfEXT
glFogCoordfv
glFogCoordfvEXT
glFogf
glFogfv
glFogi
glFogiv
glFogx
glFogxv
glFramebufferParameteri
glFramebufferRenderbuffer
glFramebufferRenderbufferEXT
glFramebufferTexture
glFramebufferTexture1D
glFramebufferTexture1DEXT
glFramebufferTexture2D
glFramebufferTexture2DEXT
glFramebufferTexture3D
glFramebufferTexture3DEXT
glFramebufferTextureLayer
glFramebufferTextureLayerEXT
glFrontFace
glFrustum
glFrustumf
glFrustumx
glGenBuffers
glGenBuffersARB
glGenFramebuffers
glGenFramebuffersEXT
glGenLists
glGenProgramPipelines
glGenProgramsARB
glGenQueries
glGenQueriesARB
glGenRenderbuffers
glGenRenderbuffersEXT
glGenSamplers
glGenTextures
glGenTexturesEXT
glGenTransformFeedbacks
glGenVertexArrays
glGenerateMipmap
glGenerateMipmapEXT
glGetActiveAtomicCounterBufferiv
glGetActiveAttrib
glGetActiveAttribARB
glGetActiveUniform
glGetActiveUniformARB
glGetActiveUniformBlockName
glGetActiveUniformBlockiv
glGetActiveUniformName
glGetActiveUniformsiv
glGetAttachedObjectsARB
glGetAttachedShaders
glGetAttribLocation
glGetAttribLocationARB
glGetBooleanIndexedvEXT
glGetBooleani_v
glGetBooleanv
glGetBufferParameteri64v
glGetBufferParameteriv
glGetBufferParameterivARB
glGetBufferPointerv
glGetBufferPointervARB
glGetBufferSubData
glGetBufferSubDataARB
glGetClipPlane
glGetClipPlanef
glGetClipPlanex
glGetColorTable
glGetColorTableParameterfv
glGetColorTableParameteriv
glGetCompressedTexImage
glGetCompressedTexImageARB
glGetConvolutionFilter
glGetConvolutionParameterfv
glGetConvolutionParameteriv
glGetDebugMessageLog
glGetDebugMessageLogARB
glGetDoublei_v
glGetDoublev
glGetError
glGetFixedv
glGetFloati_v
glGetFloatv
glGetFragDataIndex
glGetFragDataLocation
glGetFragDataLocationEXT
glGetFramebufferAttachmentParameteriv
glGetFramebufferAttachmentParameterivEXT
glGetFramebufferParameteriv
glGetGraphicsResetStatus
glGetGraphicsResetStatusARB
glGetHandleARB
glGetHistogram
glGetHistogramParameterfv
glGetHistogramParameteriv
glGetInfoLogARB
glGetInteger64i_v
glGetInteger64v
glGetIntegerIndexedvEXT
glGetIntegeri_v
glGetIntegerv
glGetLightfv
glGetLightiv
glGetLightxv
glGetMapdv
glGetMapfv
glGetMapiv
glGetMaterialfv
glGetMaterialiv
glGetMaterialxv
glGetMinmax
glGetMinmaxParameterfv
glGetMinmaxParameteriv
glGetMultisamplefv
glGetObjectLabel
glGetObjectParameterfvARB
glGetObjectParameterivARB
glGetObjectPtrLabel
glGetPixelMapfv
glGetPixelMapuiv
glGetPixelMapusv
glGetPointerv
glGetPointervEXT
glGetPolygonStipple
glGetProgramBinary
glGetProgramEnvParameterdvARB
glGetProgramEnvParameterfvARB
glGetProgramInfoLog
glGetProgramInterfaceiv
glGetProgramLocalParameterdvARB
glGetProgramLocalParameterfvARB
glGetProgramPipelineInfoLog
glGetProgramPipelineiv
glGetProgramResourceIndex
glGetProgramResourceLocation
glGetProgramResourceName
glGetProgramResourceiv
glGetProgramStringARB
glGetProgramiv
glGetProgramivARB
glGetQueryIndexediv
glGetQueryObjectiv
glGetQueryObjectivARB
glGetQueryObjectuiv
glGetQueryObjectuivARB
glGetQueryiv
glGetQueryivARB
glGetRenderbufferParameteriv
glGetRenderbufferParameterivEXT
glGetSamplerParameterIiv
glGetSamplerParameterIuiv
glGetSamplerParameterfv
glGetSamplerParameteriv
glGetSeparableFilter
glGetShaderInfoLog
glGetShaderPrecisionFormat
glGetShaderSource
glGetShaderSourceARB
glGetShaderiv
glGetString
glGetStringi
glGetSynciv
glGetTexEnvfv
glGetTexEnviv
glGetTexEnvxv
glGetTexGendv
glGetTexGenfv
glGetTexGeniv
glGetTexImage
glGetTexLevelParameterfv
glGetTexLevelParameteriv
glGetTexParameterIiv
glGetTexParameterIivEXT
glGetTexParameterIuiv
glGetTexParameterIuivEXT
glGetTexParameterfv
glGetTexParameteriv
glGetTexParameterxv

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxNine-x86.dll
.dll windows:6 windows x86 arch:x86

b650ef5c2983e9fcdf52c54df0131d44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxNine-x86\VBoxNine-x86.pdb

Imports

kernel32

DeleteCriticalSection
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
TerminateProcess
GetLastError
GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
LeaveCriticalSection
FreeLibrary
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
TlsFree
SetThreadPriority
SetLastError
RtlUnwind
GetTickCount
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
VirtualAlloc
EnterCriticalSection
GetSystemDirectoryW
InitializeCriticalSection
GetConsoleWindow
OutputDebugStringA
IsDebuggerPresent
SetThreadAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
InitOnceExecuteOnce
GetSystemTimeAsFileTime
GetSystemInfo
GetProcessTimes
GetFileType
GetConsoleMode
WideCharToMultiByte
GetACP
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
VirtualFree

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtResetEvent
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryDirectoryFile
NtCreateFile
NtSetEvent
NtCreateEvent
NtWaitForSingleObject
NtClose
RtlFreeUnicodeString
NtProtectVirtualMemory

Exports

Exports

GaNineD3DAdapter9Create
GaNinePipeContextFromDevice
GaNinePipeResourceFromSurface
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabs
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2f
nocrt_lrint
nocrt_lrintf
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxNine.dll
.dll windows:5 windows x64 arch:x64

a985d6ccb4f44bfe29e4653bf1388394

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxNine\VBoxNine.pdb

Imports

kernel32

DeleteCriticalSection
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
TerminateProcess
GetLastError
GetModuleFileNameW
GetStdHandle
WriteFile
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
GetSystemDirectoryW
LeaveCriticalSection
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
RtlUnwindEx
TlsFree
SetThreadPriority
SetLastError
GetVersion
GetTickCount
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
VirtualFree
EnterCriticalSection
FreeLibrary
InitializeCriticalSection
GetConsoleWindow
OutputDebugStringA
IsDebuggerPresent
SetThreadAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
InitOnceExecuteOnce
GetSystemTimeAsFileTime
GetSystemInfo
GetProcessTimes
GetFileType
GetConsoleMode
WideCharToMultiByte
GetACP
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
VirtualAlloc

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryDirectoryFile
NtCreateFile
NtSetEvent
NtCreateEvent
NtWaitForSingleObject
NtClose
RtlFreeUnicodeString
NtResetEvent

Exports

Exports

GaNineD3DAdapter9Create
GaNinePipeContextFromDevice
GaNinePipeResourceFromSurface
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2f
nocrt_lrint
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxSVGA-x86.dll
.dll windows:6 windows x86 arch:x86

aca5580ddf789fb7b4e85cdee28ec9c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxSVGA-x86\VBoxSVGA-x86.pdb

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetStdHandle
GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
GetVersion
WideCharToMultiByte
GetACP
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
GetCurrentThread
GetCurrentThreadId
TlsAlloc
InitializeConditionVariable
TlsSetValue
GetModuleHandleA
GetProcAddress
Sleep
GetModuleHandleW
TlsFree
GetTickCount
GetCurrentProcessId
RtlUnwind
VirtualAlloc
VirtualFree
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
EnterCriticalSection
LeaveCriticalSection
WakeAllConditionVariable
SleepConditionVariableCS
SetThreadAffinityMask
DeleteCriticalSection
TlsGetValue
InitializeCriticalSection
InitOnceExecuteOnce
QueryPerformanceFrequency
QueryPerformanceCounter
GetCommandLineA

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtCreateEvent
NtSetEvent
NtProtectVirtualMemory
NtQueryVolumeInformationFile
NtClose
NtWaitForSingleObject

Exports

Exports

GaDrvContextFlush
GaDrvGetContextId
GaDrvGetSurfaceId
GaDrvGetWDDMEnv
GaDrvScreenCreate
GaDrvScreenDestroy
nocrt_atan2f
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabs
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2
nocrt_log2f
nocrt_logf
nocrt_lrint
nocrt_lrintf
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 823KB - Virtual size: 823KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxSVGA.dll
.dll windows:5 windows x64 arch:x64

5a30537e9c8f1dae3735ce51a7196591

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxSVGA\VBoxSVGA.pdb

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetStdHandle
GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
WideCharToMultiByte
GetACP
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
InitializeConditionVariable
GetModuleHandleA
GetProcAddress
Sleep
GetModuleHandleW
TlsFree
GetVersion
GetTickCount
GetCurrentProcessId
VirtualAlloc
VirtualFree
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
EnterCriticalSection
LeaveCriticalSection
WakeAllConditionVariable
SleepConditionVariableCS
SetThreadAffinityMask
DeleteCriticalSection
TlsSetValue
InitializeCriticalSection
InitOnceExecuteOnce
QueryPerformanceFrequency
QueryPerformanceCounter
GetCommandLineA

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtSetEvent
NtWaitForSingleObject
NtQueryVolumeInformationFile
NtClose
NtCreateEvent

Exports

Exports

GaDrvContextFlush
GaDrvGetContextId
GaDrvGetSurfaceId
GaDrvGetWDDMEnv
GaDrvScreenCreate
GaDrvScreenDestroy
nocrt_atan2f
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2
nocrt_log2f
nocrt_logf
nocrt_lrint
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxWddm.cat
$0/VBoxWddm/VBoxWddm.inf
$0/VBoxWddm/VBoxWddm.sys
.sys windows:6 windows x64 arch:x64

2b47de3931407da4f8970704722c2ba5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxWddm\VBoxWddm.pdb

Imports

ntoskrnl.exe

KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExAllocatePoolWithTag
ExFreePoolWithTag
PsGetVersion
IoGetDeviceProperty
IoOpenDeviceRegistryKey
ZwClose
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
__C_specific_handler
KeSetEvent
ObReferenceObjectByHandle
ObfDereferenceObject
ExEventObjectType
RtlInitializeBitMap
RtlClearBits
DbgPrint
KeInitializeEvent
KeDelayExecutionThread
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
ExAcquireFastMutex
ExReleaseFastMutex
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
PsCreateSystemThread
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetValueKey
KeWaitForSingleObject
KeInitializeDpc
IofCallDriver
IoAllocateMdl
ZwLoadDriver
IoGetDeviceObjectPointer
ZwUnloadDriver
IoFreeMdl
RtlGetVersion
IoBuildDeviceIoControlRequest
strchr
ZwYieldExecution
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
PsGetCurrentProcessId
MmIsAddressValid
KeNumberProcessors
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmProtectMdlSystemAddress
IoBuildPartialMdl
MmGetSystemRoutineAddress
ZwQuerySystemInformation
strcmp
MmSystemRangeStart
KeInsertQueueDpc
KeRemoveQueueDpc
__chkstk
KeSetPriorityThread
KeResetEvent
KeBugCheckEx
RtlInitUnicodeString

Exports

Exports

?CrSaAdd@@YAHPEAUCR_SORTARRAY@@_K@Z
?CrSaCleanup@@YAXPEAUCR_SORTARRAY@@@Z
?CrSaClone@@YAHPEBUCR_SORTARRAY@@PEAU1@@Z
?CrSaCmp@@YAHPEBUCR_SORTARRAY@@0@Z
?CrSaContains@@YA_NPEBUCR_SORTARRAY@@_K@Z
?CrSaCovers@@YA_NPEBUCR_SORTARRAY@@0@Z
?CrSaInit@@YAHPEAUCR_SORTARRAY@@I@Z
?CrSaIntersect@@YAXPEAUCR_SORTARRAY@@PEBU1@@Z
?CrSaIntersected@@YAHPEAUCR_SORTARRAY@@PEBU1@0@Z
?CrSaRemove@@YAHPEAUCR_SORTARRAY@@_K@Z
?CrSaUnited@@YAHPEBUCR_SORTARRAY@@0PEAU1@@Z
ASMAtomicBitClear
ASMAtomicCmpXchgU8
ASMAtomicXchgU8
ASMBitFirstClear
ASMBitFirstSet
ASMBitNextSet
ASMGetFlags
ASMNopPause
ASMSetFlags
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTAvlU32Destroy
RTAvlU32DoWithAll
RTAvlU32Get
RTAvlU32GetBestFit
RTAvlU32Insert
RTAvlU32Remove
RTAvlU32RemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/vboxwddm.cat
$0/license.rtf
.rtf
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0
.dll windows:5 windows x64 arch:x64

874ae42215bf30b7d8d566f6758b97a3

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:62:3f:12:03:b8:fa:ee:0b:71:9e:ea:3e:15:92:9d:6f:df:0c:a3:93:a4:46:74:cc:74:8f:f8:53:ca:09:d1
Signer

Actual PE Digest

de:62:3f:12:03:b8:fa:ee:0b:71:9e:ea:3e:15:92:9d:6f:df:0c:a3:93:a4:46:74:cc:74:8f:f8:53:ca:09:d1

Digest Algorithm

sha256

PE Digest Matches

true

1c:fe:a2:85:8c:ce:d2:c1:df:f1:97:9d:99:29:e7:89:de:d4:44:48
Signer

Actual PE Digest

1c:fe:a2:85:8c:ce:d2:c1:df:f1:97:9d:99:29:e7:89:de:d4:44:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxHook\VBoxHook.pdb

Imports

kernel32

SetEvent
OpenEventA
GetCurrentProcess
TerminateProcess
GetLastError
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetProcessHeap

user32

SetWinEventHook
UnhookWinEvent
GetWindowLongA

ole32

CoUninitialize
CoInitialize

Exports

Exports

VBoxHookInstallActiveDesktopTracker
VBoxHookInstallWindowTracker
VBoxHookRemoveActiveDesktopTracker
VBoxHookRemoveWindowTracker
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_51_/$0
.exe windows:5 windows x64 arch:x64

68d13acadc6fa23938208623f7f8474b

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:ff:59:14:b4:76:19:c7:57:c5:21:54:1e:0f:d9:39:1f:b3:59:eb:fb:1a:10:89:60:0f:99:ad:1c:cf:03:97
Signer

Actual PE Digest

a6:ff:59:14:b4:76:19:c7:57:c5:21:54:1e:0f:d9:39:1f:b3:59:eb:fb:1a:10:89:60:0f:99:ad:1c:cf:03:97

Digest Algorithm

sha256

PE Digest Matches

true

5b:70:32:b2:cd:fb:b7:42:04:dc:c8:30:2f:22:19:c5:31:ad:8c:01
Signer

Actual PE Digest

5b:70:32:b2:cd:fb:b7:42:04:dc:c8:30:2f:22:19:c5:31:ad:8c:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetFileType
CreateFileA
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetStdHandle
SetEvent
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
RtlUnwindEx
CreateEventW
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
LocalFree
GetModuleFileNameA
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
GetConsoleMode
MoveFileExW

user32

GetUserObjectSecurity
SetUserObjectSecurity
GetProcessWindowStation
SetProcessWindowStation
OpenWindowStationA
OpenDesktopA
CloseDesktop

advapi32

GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountSidA
IsValidSid
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtResetEvent
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtQueryObject
NtOpenDirectoryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlFreeUnicodeString
NtTerminateProcess
NtOpenProcess

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_51_/VBoxService.exe
.exe windows:5 windows x64 arch:x64

68d13acadc6fa23938208623f7f8474b

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:ff:59:14:b4:76:19:c7:57:c5:21:54:1e:0f:d9:39:1f:b3:59:eb:fb:1a:10:89:60:0f:99:ad:1c:cf:03:97
Signer

Actual PE Digest

a6:ff:59:14:b4:76:19:c7:57:c5:21:54:1e:0f:d9:39:1f:b3:59:eb:fb:1a:10:89:60:0f:99:ad:1c:cf:03:97

Digest Algorithm

sha256

PE Digest Matches

true

5b:70:32:b2:cd:fb:b7:42:04:dc:c8:30:2f:22:19:c5:31:ad:8c:01
Signer

Actual PE Digest

5b:70:32:b2:cd:fb:b7:42:04:dc:c8:30:2f:22:19:c5:31:ad:8c:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetFileType
CreateFileA
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetStdHandle
SetEvent
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
RtlUnwindEx
CreateEventW
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
LocalFree
GetModuleFileNameA
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
GetConsoleMode
MoveFileExW

user32

GetUserObjectSecurity
SetUserObjectSecurity
GetProcessWindowStation
SetProcessWindowStation
OpenWindowStationA
OpenDesktopA
CloseDesktop

advapi32

GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountSidA
IsValidSid
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtResetEvent
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtQueryObject
NtOpenDirectoryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlFreeUnicodeString
NtTerminateProcess
NtOpenProcess

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DIFxAPI.dll
.dll windows:6 windows x64 arch:x64

fa7bbfc375651121b7223cafa40dc7b8

Code Sign

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:15:23:0f:00:00:00:00:00:0a
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 21:57

Not After

07/03/2011, 21:57

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

6b:55:60:61:36:ea:2b:db:06:1f:e0:d9:92:1a:27:14:39:e5:af:db
Signer

Actual PE Digest

6b:55:60:61:36:ea:2b:db:06:1f:e0:d9:92:1a:27:14:39:e5:af:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

difxapi.pdb

Imports

msvcrt

_unlock
__dllonexit
_lock
_onexit
??3@YAXPEAX@Z
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
memcpy
??1type_info@@UEAA@XZ
_amsg_exit
_XcptFilter
__C_specific_handler
memset
_wcsupr
_wcslwr
_errno
__CxxFrameHandler
iswdigit
_vscwprintf
wcsrchr
wcspbrk
_wcsnicmp
iswalpha
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_fileno
_lseeki64
wcsstr
wcschr
_write
_isatty
_CxxThrowException
??2@YAPEAX_K@Z
_wcsicmp
??_U@YAPEAX_K@Z
memmove
_initterm
_vsnwprintf
_resetstkoflw
malloc
free
??_V@YAXPEAX@Z
memcmp

ntdll

RtlNtStatusToDosError
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

WaitForSingleObjectEx
SetEndOfFile
WaitForMultipleObjectsEx
GetThreadLocale
LCMapStringW
SetFilePointer
CreateEventW
SetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExA
RaiseException
HeapSize
VirtualProtect
Sleep
GetProcessHeap
GetSystemTimeAsFileTime
DeviceIoControl
ReleaseMutex
WaitForSingleObject
CreateMutexW
LocalReAlloc
LocalAlloc
GetSystemDirectoryW
LocalFree
CompareStringW
WideCharToMultiByte
GetEnvironmentVariableW
GetSystemWindowsDirectoryW
CopyFileW
HeapReAlloc
HeapAlloc
HeapFree
InitializeCriticalSection
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
OutputDebugStringA
GetLastError
lstrcmpiW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
VerifyVersionInfoW
SetFileAttributesW
DeleteFileW
GetFullPathNameW
GetFileAttributesW
CreateDirectoryW
GetTempFileNameW
MoveFileExW
CreateFileW
CloseHandle
FindFirstFileW
lstrcmpW
FindNextFileW
FindClose
RemoveDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
UnmapViewOfFile

user32

UnregisterClassA
CharLowerW

setupapi

pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupDiClassNameFromGuidW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiSetClassInstallParamsW
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
CM_Get_Device_IDW
SetupDiSetDeviceRegistryPropertyW
CM_Setup_DevNode
CM_Query_And_Remove_SubTreeW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CM_Enumerate_Classes
SetupDiOpenClassRegKey
SetupGetTargetPathW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDefaultQueueCallbackW
SetupCommitFileQueueW
SetupQueueCopyW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupCloseFileQueue
SetupOpenFileQueue
SetupCopyOEMInfW
SetupOpenInfFileW
SetupCloseInfFile
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupOpenAppendInfFileW
SetupFindFirstLineW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupFindNextLine
SetupFindNextMatchLineW
SetupGetStringFieldW
SetupGetIntField
SetupGetFieldCount

advapi32

DeleteService
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ControlService
StartServiceW
RegCloseKey
CloseServiceHandle

ole32

CoInitialize
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance

wintrust

CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust

crypt32

CertGetCTLContextProperty
CertFreeCertificateContext
CertFreeCTLContext
CryptQueryObject

Exports

Exports

DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxControl.exe
.exe windows:5 windows x64 arch:x64

0a23ff706f714702dc6f56795902bd3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxControl\VBoxControl.pdb

Imports

kernel32

GetFileType
GetLastError
GetConsoleMode
SetErrorMode
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
DuplicateHandle
SetLastError
DeviceIoControl
GetCurrentProcess
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
MoveFileExW
TerminateProcess
GetCommandLineW
GetCurrentProcessId
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetVersion
GetTickCount
GetTimeZoneInformation
SetThreadPriority
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetNamedPipeInfo
CreateDirectoryW
VirtualAlloc
VirtualFree
RtlUnwindEx
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
CreateFileA
PeekNamedPipe
GetOverlappedResult
ResetEvent
CreateEventA
GetNamedPipeHandleStateA
GetStdHandle
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
OutputDebugStringA
GetModuleHandleA

user32

EnumDisplayDevicesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegOpenKeyExW

ntdll

NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile
NtQueryObject
NtTerminateProcess
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtQueryDirectoryFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtCancelIoFile

Exports

Exports

g_abRTZero16K
g_abRTZero32K
g_abRTZero4K
g_abRTZero64K
g_abRTZero8K
g_abRTZeroPage
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDX-x86.dll
.dll windows:6 windows x86 arch:x86

c25f6cc6ba63993eb756bb9449e2e8c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDX-x86\VBoxDX-x86.pdb

Imports

kernel32

GetProcessHeap
GetCurrentProcessId
Sleep
GetCurrentThreadId
SetErrorMode
GetVersion
GetModuleHandleW
GetProcAddress
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetCommandLineW
OutputDebugStringA
GetStdHandle
WriteFile
CloseHandle
RaiseException
GetCurrentProcess
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
GetEnvironmentVariableW
SetLastError
GetSystemTime
GetTickCount
SystemTimeToFileTime
CreateFileW
HeapReAlloc
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
TerminateProcess
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind
HeapFree
DeleteFileW
HeapAlloc

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtProtectVirtualMemory
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter10
OpenAdapter10_2
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDX.dll
.dll windows:6 windows x64 arch:x64

e01e574bc1eff7b90c082f938753014c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDX\VBoxDX.pdb

Imports

kernel32

GetProcessHeap
GetCurrentProcessId
Sleep
GetCurrentThreadId
SetErrorMode
GetModuleHandleW
GetProcAddress
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetCommandLineW
OutputDebugStringA
GetStdHandle
WriteFile
CloseHandle
RaiseException
GetCurrentProcess
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
GetEnvironmentVariableW
SetLastError
GetSystemTime
GetVersion
GetTickCount
SystemTimeToFileTime
CreateFileW
HeapReAlloc
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
TerminateProcess
GetConsoleMode
RtlUnwindEx
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
GetACP
HeapFree
DeleteFileW
HeapAlloc

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter10
OpenAdapter10_2
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDisp.dll
.dll windows:6 windows x64 arch:x64

7d169efd38bae25431ee9dc7d4dd657e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDisp\VBoxDisp.pdb

Imports

win32k.sys

EngCreateBitmap
EngCreateDeviceSurface
EngDeleteSurface
EngLockSurface
EngUnlockSurface
EngAssociateSurface
EngAllocMem
EngFreeMem
EngDeviceIoControl
EngCopyBits
PALOBJ_cGetColors
EngCreatePalette
EngDeletePalette
PATHOBJ_vGetBounds
EngBitBlt
EngLineTo
EngStretchBlt
EngTextOut
EngStrokePath
EngFillPath
EngPaint
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
PATHOBJ_vEnumStart
PATHOBJ_bEnum
FONTOBJ_vGetInfo
STROBJ_vEnumStart
STROBJ_bEnum

Exports

Exports

ASMAtomicCmpXchgU8
ASMAtomicXchgU8
RTCrc64
RTCrc64Finish
RTCrc64Process
RTCrc64Start
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogFormatV
RTLogWriteUser
RTStrCopy
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
memcmp
memcpy
memmove
memset

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 749B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDispD3D-x86.dll
.dll windows:6 windows x86 arch:x86

9e8d2160071cd8815ae2135fe514a2ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDispD3D-x86\VBoxDispD3D-x86.pdb

Imports

psapi

GetModuleInformation

kernel32

GetLastError
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetSystemDirectoryA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
WriteFile
GetCommandLineW
CloseHandle
RaiseException
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetEnvironmentVariableW
GetSystemTime
GetTickCount
SystemTimeToFileTime
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
GetStdHandle
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind

user32

GetCursorPos
EnumDisplayDevicesW

gdi32

CreateDCW
DeleteDC

ntdll

RtlGetNtProductType
NtProtectVirtualMemory
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDispD3D.dll
.dll windows:6 windows x64 arch:x64

7d8b5bd6463873c82bfb7e74643944f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDispD3D\VBoxDispD3D.pdb

Imports

psapi

GetModuleInformation

kernel32

GetLastError
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetSystemDirectoryA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
SetErrorMode
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
GetStdHandle
WriteFile
GetCurrentProcess
CloseHandle
RaiseException
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetEnvironmentVariableW
GetSystemTime
GetVersion
GetTickCount
SystemTimeToFileTime
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
GetCommandLineW
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
GetConsoleMode
RtlUnwindEx
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
GetACP

user32

GetCursorPos
EnumDisplayDevicesW

gdi32

CreateDCW
DeleteDC

ntdll

NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDrvInst.exe
.exe windows:5 windows x64 arch:x64

c70f9195cc2cd78ccdb20598fd507143

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:d2:e6:65:ab:4f:35:82:85:1b:77:5f:28:6f:0b:6f:c4:50:91:a6:18:61:5a:4a:f5:16:26:41:27:60:ac:3b
Signer

Actual PE Digest

2b:d2:e6:65:ab:4f:35:82:85:1b:77:5f:28:6f:0b:6f:c4:50:91:a6:18:61:5a:4a:f5:16:26:41:27:60:ac:3b

Digest Algorithm

sha256

PE Digest Matches

true

93:d2:81:20:3a:a9:a7:62:41:92:56:52:18:56:2c:e2:9b:9d:5e:44
Signer

Actual PE Digest

93:d2:81:20:3a:a9:a7:62:41:92:56:52:18:56:2c:e2:9b:9d:5e:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxDrvInst\VBoxDrvInst.pdb

Imports

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiInstallDevice
SetupDiSetDeviceInstallParamsW
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiRegisterDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallback
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW

kernel32

GetStdHandle
CreateFileW
GetFullPathNameW
WriteFile
CloseHandle
GetLastError
SetLastError
GetSystemTime
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
FormatMessageW
lstrcmpiW
GetConsoleMode
WriteConsoleW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
GetACP
GetCurrentProcess
TerminateProcess

advapi32

UnlockServiceDatabase
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

ntdll

NtTerminateProcess

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxGL-x86.dll
.dll windows:6 windows x86 arch:x86

57d7b966d88dc2186a1affa965ffdae9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxGL-x86\VBoxGL-x86.pdb

Imports

kernel32

GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
SetErrorMode
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
TlsFree
SetThreadPriority
SetLastError
RtlUnwind
GetLastError
GetTickCount
GetSystemDirectoryA
LoadLibraryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
Thread32First
Thread32Next
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessorNumber
SetThreadAffinityMask
InitOnceExecuteOnce
GetModuleFileNameA
SleepConditionVariableCS
HeapAlloc
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetSystemTimeAsFileTime
GetProcessTimes
VirtualFree
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapFree
HeapReAlloc
VirtualAlloc
SetFilePointer
SetFileAttributesW
SetEndOfFile
ReadFile
GetACP
WideCharToMultiByte
GetFileType
GetConsoleMode

user32

LoadIconA
LoadCursorA
AdjustWindowRectEx
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
GetWindowRect
WindowFromDC
EnumDisplayDevicesA
EnumDisplaySettingsA
UnhookWindowsHookEx
GetDC
ReleaseDC
GetClientRect
SetWindowsHookExA
CallNextHookEx
ClientToScreen

gdi32

SetPixelFormat
GetPixelFormat
DescribePixelFormat
DeleteDC
CreateDCA
GetGlyphOutlineA

ntdll

NtProtectVirtualMemory
RtlFreeUnicodeString
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtQueryDirectoryObject

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
_glActiveShaderProgram@8
_glActiveTexture@4
_glActiveTextureARB@4
_glAlphaFuncx@8
_glAreTexturesResidentEXT@12
_glArrayElementEXT@4
_glAttachObjectARB@8
_glAttachShader@8
_glBeginConditionalRender@8
_glBeginConditionalRenderNV@8
_glBeginQuery@8
_glBeginQueryARB@8
_glBeginQueryIndexed@12
_glBeginTransformFeedback@4
_glBindAttribLocation@12
_glBindAttribLocationARB@12
_glBindBuffer@8
_glBindBufferARB@8
_glBindBufferBase@12
_glBindBufferRange@20
_glBindBuffersBase@16
_glBindBuffersRange@24
_glBindFragDataLocation@12
_glBindFragDataLocationEXT@12
_glBindFragDataLocationIndexed@16
_glBindFramebuffer@8
_glBindFramebufferEXT@8
_glBindImageTexture@28
_glBindImageTextures@12
_glBindProgramARB@8
_glBindProgramPipeline@4
_glBindRenderbuffer@8
_glBindRenderbufferEXT@8
_glBindSampler@8
_glBindSamplers@12
_glBindTextureEXT@8
_glBindTextures@12
_glBindTransformFeedback@8
_glBindVertexArray@4
_glBindVertexBuffer@16
_glBindVertexBuffers@20
_glBlendBarrier@0
_glBlendColor@16
_glBlendColorEXT@16
_glBlendEquation@4
_glBlendEquationEXT@4
_glBlendEquationSeparate@8
_glBlendEquationSeparatei@12
_glBlendEquationSeparateiARB@12
_glBlendEquationi@8
_glBlendEquationiARB@8
_glBlendFuncSeparate@16
_glBlendFuncSeparateEXT@16
_glBlendFuncSeparatei@20
_glBlendFuncSeparateiARB@20
_glBlendFunci@12
_glBlendFunciARB@12
_glBlitFramebuffer@40
_glBufferData@16
_glBufferDataARB@16
_glBufferStorage@16
_glBufferSubData@16
_glBufferSubDataARB@16
_glCheckFramebufferStatus@4
_glCheckFramebufferStatusEXT@4
_glClampColor@8
_glClampColorARB@8
_glClearBufferData@20
_glClearBufferSubData@28
_glClearBufferfi@16
_glClearBufferfv@12
_glClearBufferiv@12
_glClearBufferuiv@12
_glClearColorIiEXT@16
_glClearColorIuiEXT@16
_glClearColorx@16
_glClearDepthf@4
_glClearDepthx@4
_glClearTexImage@20
_glClearTexSubImage@44
_glClientActiveTexture@4
_glClientActiveTextureARB@4
_glClientWaitSync@16
_glClipPlanef@8
_glClipPlanex@8
_glColor4x@16
_glColorMaskIndexedEXT@20
_glColorMaski@20
_glColorP3ui@8
_glColorP3uiv@8
_glColorP4ui@8
_glColorP4uiv@8
_glColorPointerEXT@20
_glColorSubTable@24
_glColorTable@24
_glColorTableParameterfv@12
_glColorTableParameteriv@12
_glCompileShader@4
_glCompileShaderARB@4
_glCompressedTexImage1D@28
_glCompressedTexImage1DARB@28
_glCompressedTexImage2D@32
_glCompressedTexImage2DARB@32
_glCompressedTexImage3D@36
_glCompressedTexImage3DARB@36
_glCompressedTexSubImage1D@28
_glCompressedTexSubImage1DARB@28
_glCompressedTexSubImage2D@36
_glCompressedTexSubImage2DARB@36
_glCompressedTexSubImage3D@44
_glCompressedTexSubImage3DARB@44
_glConvolutionFilter1D@24
_glConvolutionFilter2D@28
_glConvolutionParameterf@12
_glConvolutionParameterfv@12
_glConvolutionParameteri@12
_glConvolutionParameteriv@12
_glCopyBufferSubData@20
_glCopyColorSubTable@20
_glCopyColorTable@20
_glCopyConvolutionFilter1D@20
_glCopyConvolutionFilter2D@24
_glCopyImageSubData@60
_glCopyTexSubImage3D@36
_glCopyTexSubImage3DEXT@36
_glCreateProgram@0
_glCreateProgramObjectARB@0
_glCreateShader@4
_glCreateShaderObjectARB@4
_glCreateShaderProgramv@12
_glDebugMessageCallback@8
_glDebugMessageCallbackARB@8
_glDebugMessageControl@24
_glDebugMessageControlARB@24
_glDebugMessageInsert@24
_glDebugMessageInsertARB@24
_glDeleteBuffers@8
_glDeleteBuffersARB@8
_glDeleteFramebuffers@8
_glDeleteFramebuffersEXT@8
_glDeleteObjectARB@4
_glDeleteProgram@4
_glDeleteProgramPipelines@8
_glDeleteProgramsARB@8
_glDeleteQueries@8
_glDeleteQueriesARB@8
_glDeleteRenderbuffers@8
_glDeleteRenderbuffersEXT@8
_glDeleteSamplers@8
_glDeleteShader@4
_glDeleteSync@4
_glDeleteTexturesEXT@8
_glDeleteTransformFeedbacks@8
_glDeleteVertexArrays@8
_glDepthRangeArrayv@12
_glDepthRangeIndexed@20
_glDepthRangef@8
_glDepthRangex@8
_glDetachObjectARB@8
_glDetachShader@8
_glDisableIndexedEXT@8
_glDisableVertexAttribArray@4
_glDisableVertexAttribArrayARB@4
_glDisablei@8
_glDispatchCompute@12
_glDispatchComputeIndirect@4
_glDrawArraysEXT@12
_glDrawArraysIndirect@8
_glDrawArraysInstanced@16
_glDrawArraysInstancedARB@16
_glDrawArraysInstancedBaseInstance@20
_glDrawArraysInstancedEXT@16
_glDrawBuffers@8
_glDrawBuffersARB@8
_glDrawBuffersATI@8
_glDrawElementsBaseVertex@20
_glDrawElementsIndirect@12
_glDrawElementsInstanced@20
_glDrawElementsInstancedARB@20
_glDrawElementsInstancedBaseInstance@24
_glDrawElementsInstancedBaseVertex@24
_glDrawElementsInstancedBaseVertexBaseInstance@28
_glDrawElementsInstancedEXT@20
_glDrawRangeElements@24
_glDrawRangeElementsBaseVertex@28
_glDrawRangeElementsEXT@24
_glDrawTransformFeedback@8
_glDrawTransformFeedbackInstanced@12
_glDrawTransformFeedbackStream@12
_glDrawTransformFeedbackStreamInstanced@16
_glEdgeFlagPointerEXT@12
_glEnableIndexedEXT@8
_glEnableVertexAttribArray@4
_glEnableVertexAttribArrayARB@4
_glEnablei@8
_glEndConditionalRender@0
_glEndConditionalRenderNV@0
_glEndQuery@4
_glEndQueryARB@4
_glEndQueryIndexed@8
_glEndTransformFeedback@0
_glFenceSync@8
_glFlushMappedBufferRange@12
_glFogCoordPointer@12
_glFogCoordPointerEXT@12
_glFogCoordd@8
_glFogCoorddEXT@8
_glFogCoorddv@4
_glFogCoorddvEXT@4
_glFogCoordf@4
_glFogCoordfEXT@4
_glFogCoordfv@4
_glFogCoordfvEXT@4
_glFogx@8
_glFogxv@8
_glFramebufferParameteri@12
_glFramebufferRenderbuffer@16
_glFramebufferRenderbufferEXT@16
_glFramebufferTexture1D@20
_glFramebufferTexture1DEXT@20
_glFramebufferTexture2D@20
_glFramebufferTexture2DEXT@20
_glFramebufferTexture3D@24
_glFramebufferTexture3DEXT@24
_glFramebufferTexture@16
_glFramebufferTextureLayer@20
_glFramebufferTextureLayerEXT@20
_glFrustumf@24
_glFrustumx@24
_glGenBuffers@8
_glGenBuffersARB@8
_glGenFramebuffers@8
_glGenFramebuffersEXT@8
_glGenProgramPipelines@8
_glGenProgramsARB@8
_glGenQueries@8
_glGenQueriesARB@8
_glGenRenderbuffers@8
_glGenRenderbuffersEXT@8
_glGenSamplers@8
_glGenTexturesEXT@8
_glGenTransformFeedbacks@8
_glGenVertexArrays@8
_glGenerateMipmap@4
_glGenerateMipmapEXT@4
_glGetActiveAtomicCounterBufferiv@16
_glGetActiveAttrib@28
_glGetActiveAttribARB@28
_glGetActiveUniform@28
_glGetActiveUniformARB@28
_glGetActiveUniformBlockName@20
_glGetActiveUniformBlockiv@16
_glGetActiveUniformName@20
_glGetActiveUniformsiv@20
_glGetAttachedObjectsARB@16
_glGetAttachedShaders@16
_glGetAttribLocation@8
_glGetAttribLocationARB@8
_glGetBooleanIndexedvEXT@12
_glGetBooleani_v@12
_glGetBufferParameteri64v@12
_glGetBufferParameteriv@12
_glGetBufferParameterivARB@12
_glGetBufferPointerv@12
_glGetBufferPointervARB@12
_glGetBufferSubData@16
_glGetBufferSubDataARB@16
_glGetClipPlanef@8
_glGetClipPlanex@8
_glGetColorTable@16
_glGetColorTableParameterfv@12
_glGetColorTableParameteriv@12
_glGetCompressedTexImage@12
_glGetCompressedTexImageARB@12
_glGetConvolutionFilter@16
_glGetConvolutionParameterfv@12
_glGetConvolutionParameteriv@12
_glGetDebugMessageLog@32
_glGetDebugMessageLogARB@32
_glGetDoublei_v@12
_glGetFixedv@8
_glGetFloati_v@12
_glGetFragDataIndex@8
_glGetFragDataLocation@8
_glGetFragDataLocationEXT@8
_glGetFramebufferAttachmentParameteriv@16
_glGetFramebufferAttachmentParameterivEXT@16
_glGetFramebufferParameteriv@12
_glGetGraphicsResetStatus@0
_glGetGraphicsResetStatusARB@0
_glGetHandleARB@4
_glGetHistogram@20
_glGetHistogramParameterfv@12
_glGetHistogramParameteriv@12
_glGetInfoLogARB@16
_glGetInteger64i_v@12
_glGetInteger64v@8
_glGetIntegerIndexedvEXT@12
_glGetIntegeri_v@12
_glGetLightxv@12
_glGetMaterialxv@12
_glGetMinmax@20
_glGetMinmaxParameterfv@12
_glGetMinmaxParameteriv@12
_glGetMultisamplefv@12
_glGetObjectLabel@20
_glGetObjectParameterfvARB@12
_glGetObjectParameterivARB@12
_glGetObjectPtrLabel@16
_glGetPointervEXT@8
_glGetProgramBinary@20
_glGetProgramEnvParameterdvARB@12
_glGetProgramEnvParameterfvARB@12
_glGetProgramInfoLog@16
_glGetProgramInterfaceiv@16
_glGetProgramLocalParameterdvARB@12
_glGetProgramLocalParameterfvARB@12
_glGetProgramPipelineInfoLog@16
_glGetProgramPipelineiv@12
_glGetProgramResourceIndex@12
_glGetProgramResourceLocation@12
_glGetProgramResourceName@24
_glGetProgramResourceiv@32
_glGetProgramStringARB@12
_glGetProgramiv@12
_glGetProgramivARB@12
_glGetQueryIndexediv@16
_glGetQueryObjectiv@12
_glGetQueryObjectivARB@12
_glGetQueryObjectuiv@12
_glGetQueryObjectuivARB@12
_glGetQueryiv@12
_glGetQueryivARB@12
_glGetRenderbufferParameteriv@12
_glGetRenderbufferParameterivEXT@12
_glGetSamplerParameterIiv@12
_glGetSamplerParameterIuiv@12
_glGetSamplerParameterfv@12
_glGetSamplerParameteriv@12
_glGetSeparableFilter@24
_glGetShaderInfoLog@16
_glGetShaderPrecisionFormat@16
_glGetShaderSource@16
_glGetShaderSourceARB@16
_glGetShaderiv@12
_glGetStringi@8
_glGetSynciv@20
_glGetTexEnvxv@12
_glGetTexParameterIiv@12
_glGetTexParameterIivEXT@12
_glGetTexParameterIuiv@12
_glGetTexParameterIuivEXT@12
_glGetTexParameterxv@12
_glGetTransformFeedbackVarying@28
_glGetUniformBlockIndex@8
_glGetUniformIndices@16
_glGetUniformLocation@8
_glGetUniformLocationARB@8
_glGetUniformfv@12
_glGetUniformfvARB@12
_glGetUniformiv@12
_glGetUniformivARB@12
_glGetUniformuiv@12
_glGetUniformuivEXT@12
_glGetVertexAttribIiv@12
_glGetVertexAttribIivEXT@12
_glGetVertexAttribIuiv@12
_glGetVertexAttribIuivEXT@12
_glGetVertexAttribPointerv@12
_glGetVertexAttribPointervARB@12
_glGetVertexAttribdv@12
_glGetVertexAttribdvARB@12
_glGetVertexAttribfv@12
_glGetVertexAttribfvARB@12
_glGetVertexAttribiv@12
_glGetVertexAttribivARB@12
_glGetnColorTableARB@20
_glGetnCompressedTexImageARB@16
_glGetnConvolutionFilterARB@20
_glGetnHistogramARB@24
_glGetnMapdvARB@16
_glGetnMapfvARB@16
_glGetnMapivARB@16
_glGetnMinmaxARB@24
_glGetnPixelMapfvARB@12
_glGetnPixelMapuivARB@12
_glGetnPixelMapusvARB@12
_glGetnPolygonStippleARB@8
_glGetnSeparableFilterARB@32
_glGetnTexImageARB@24
_glGetnUniformdvARB@16
_glGetnUniformfv@16
_glGetnUniformfvARB@16
_glGetnUniformiv@16
_glGetnUniformivARB@16
_glGetnUniformuiv@16
_glGetnUniformuivARB@16
_glHistogram@16
_glIndexPointerEXT@16
_glInvalidateBufferData@4
_glInvalidateBufferSubData@12
_glInvalidateFramebuffer@12
_glInvalidateSubFramebuffer@28
_glInvalidateTexImage@8
_glInvalidateTexSubImage@32
_glIsBuffer@4
_glIsBufferARB@4
_glIsEnabledIndexedEXT@8
_glIsEnabledi@8
_glIsFramebuffer@4
_glIsFramebufferEXT@4
_glIsProgram@4
_glIsProgramARB@4
_glIsProgramPipeline@4
_glIsQuery@4
_glIsQueryARB@4
_glIsRenderbuffer@4
_glIsRenderbufferEXT@4
_glIsSampler@4
_glIsShader@4
_glIsSync@4
_glIsTextureEXT@4
_glIsTransformFeedback@4
_glIsVertexArray@4
_glLightModelx@8
_glLightModelxv@8
_glLightx@12
_glLightxv@12
_glLineWidthx@4
_glLinkProgram@4
_glLinkProgramARB@4
_glLoadMatrixx@4
_glLoadTransposeMatrixd@4
_glLoadTransposeMatrixdARB@4
_glLoadTransposeMatrixf@4
_glLoadTransposeMatrixfARB@4
_glLockArraysEXT@8
_glMapBuffer@8
_glMapBufferARB@8
_glMapBufferRange@16
_glMaterialx@12
_glMaterialxv@12
_glMemoryBarrier@4
_glMemoryBarrierByRegion@4
_glMinSampleShading@4
_glMinSampleShadingARB@4
_glMinmax@12
_glMultMatrixx@4
_glMultTransposeMatrixd@4
_glMultTransposeMatrixdARB@4
_glMultTransposeMatrixf@4
_glMultTransposeMatrixfARB@4
_glMultiDrawArrays@16
_glMultiDrawArraysEXT@16
_glMultiDrawArraysIndirect@16
_glMultiDrawElements@20
_glMultiDrawElementsBaseVertex@24
_glMultiDrawElementsEXT@20
_glMultiDrawElementsIndirect@20
_glMultiTexCoord1d@12
_glMultiTexCoord1dARB@12
_glMultiTexCoord1dv@8
_glMultiTexCoord1dvARB@8
_glMultiTexCoord1f@8
_glMultiTexCoord1fARB@8
_glMultiTexCoord1fv@8
_glMultiTexCoord1fvARB@8
_glMultiTexCoord1i@8
_glMultiTexCoord1iARB@8
_glMultiTexCoord1iv@8
_glMultiTexCoord1ivARB@8
_glMultiTexCoord1s@8
_glMultiTexCoord1sARB@8
_glMultiTexCoord1sv@8
_glMultiTexCoord1svARB@8
_glMultiTexCoord2d@20
_glMultiTexCoord2dARB@20
_glMultiTexCoord2dv@8
_glMultiTexCoord2dvARB@8
_glMultiTexCoord2f@12
_glMultiTexCoord2fARB@12

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxGL.dll
.dll windows:5 windows x64 arch:x64

4d1118852576b769b804795333b86e69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxGL\VBoxGL.pdb

Imports

kernel32

GetModuleFileNameW
GetStdHandle
WriteFile
SetErrorMode
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
RtlUnwindEx
TlsFree
SetThreadPriority
SetLastError
GetLastError
GetVersion
GetTickCount
GetSystemDirectoryA
LoadLibraryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
Thread32First
Thread32Next
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessorNumber
SetThreadAffinityMask
InitOnceExecuteOnce
GetModuleFileNameA
HeapAlloc
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetSystemTimeAsFileTime
GetProcessTimes
VirtualFree
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapFree
HeapReAlloc
VirtualAlloc
SetFilePointer
SetFileAttributesW
SetEndOfFile
ReadFile
GetACP
GetFileType
GetConsoleMode
WideCharToMultiByte

user32

LoadIconA
LoadCursorA
AdjustWindowRectEx
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
GetClientRect
WindowFromDC
EnumDisplayDevicesA
SetWindowsHookExA
UnhookWindowsHookEx
GetDC
ReleaseDC
CallNextHookEx
ClientToScreen
GetWindowRect
EnumDisplaySettingsA

gdi32

SetPixelFormat
GetPixelFormat
DescribePixelFormat
DeleteDC
CreateDCA
GetGlyphOutlineA

ntdll

RtlFreeUnicodeString
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtQueryDirectoryObject

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
glAccum
glActiveShaderProgram
glActiveTexture
glActiveTextureARB
glAlphaFunc
glAlphaFuncx
glAreTexturesResident
glAreTexturesResidentEXT
glArrayElement
glArrayElementEXT
glAttachObjectARB
glAttachShader
glBegin
glBeginConditionalRender
glBeginConditionalRenderNV
glBeginQuery
glBeginQueryARB
glBeginQueryIndexed
glBeginTransformFeedback
glBindAttribLocation
glBindAttribLocationARB
glBindBuffer
glBindBufferARB
glBindBufferBase
glBindBufferRange
glBindBuffersBase
glBindBuffersRange
glBindFragDataLocation
glBindFragDataLocationEXT
glBindFragDataLocationIndexed
glBindFramebuffer
glBindFramebufferEXT
glBindImageTexture
glBindImageTextures
glBindProgramARB
glBindProgramPipeline
glBindRenderbuffer
glBindRenderbufferEXT
glBindSampler
glBindSamplers
glBindTexture
glBindTextureEXT
glBindTextures
glBindTransformFeedback
glBindVertexArray
glBindVertexBuffer
glBindVertexBuffers
glBitmap
glBlendBarrier
glBlendColor
glBlendColorEXT
glBlendEquation
glBlendEquationEXT
glBlendEquationSeparate
glBlendEquationSeparatei
glBlendEquationSeparateiARB
glBlendEquationi
glBlendEquationiARB
glBlendFunc
glBlendFuncSeparate
glBlendFuncSeparateEXT
glBlendFuncSeparatei
glBlendFuncSeparateiARB
glBlendFunci
glBlendFunciARB
glBlitFramebuffer
glBufferData
glBufferDataARB
glBufferStorage
glBufferSubData
glBufferSubDataARB
glCallList
glCallLists
glCheckFramebufferStatus
glCheckFramebufferStatusEXT
glClampColor
glClampColorARB
glClear
glClearAccum
glClearBufferData
glClearBufferSubData
glClearBufferfi
glClearBufferfv
glClearBufferiv
glClearBufferuiv
glClearColor
glClearColorIiEXT
glClearColorIuiEXT
glClearColorx
glClearDepth
glClearDepthf
glClearDepthx
glClearIndex
glClearStencil
glClearTexImage
glClearTexSubImage
glClientActiveTexture
glClientActiveTextureARB
glClientWaitSync
glClipPlane
glClipPlanef
glClipPlanex
glColor3b
glColor3bv
glColor3d
glColor3dv
glColor3f
glColor3fv
glColor3i
glColor3iv
glColor3s
glColor3sv
glColor3ub
glColor3ubv
glColor3ui
glColor3uiv
glColor3us
glColor3usv
glColor4b
glColor4bv
glColor4d
glColor4dv
glColor4f
glColor4fv
glColor4i
glColor4iv
glColor4s
glColor4sv
glColor4ub
glColor4ubv
glColor4ui
glColor4uiv
glColor4us
glColor4usv
glColor4x
glColorMask
glColorMaskIndexedEXT
glColorMaski
glColorMaterial
glColorP3ui
glColorP3uiv
glColorP4ui
glColorP4uiv
glColorPointer
glColorPointerEXT
glColorSubTable
glColorTable
glColorTableParameterfv
glColorTableParameteriv
glCompileShader
glCompileShaderARB
glCompressedTexImage1D
glCompressedTexImage1DARB
glCompressedTexImage2D
glCompressedTexImage2DARB
glCompressedTexImage3D
glCompressedTexImage3DARB
glCompressedTexSubImage1D
glCompressedTexSubImage1DARB
glCompressedTexSubImage2D
glCompressedTexSubImage2DARB
glCompressedTexSubImage3D
glCompressedTexSubImage3DARB
glConvolutionFilter1D
glConvolutionFilter2D
glConvolutionParameterf
glConvolutionParameterfv
glConvolutionParameteri
glConvolutionParameteriv
glCopyBufferSubData
glCopyColorSubTable
glCopyColorTable
glCopyConvolutionFilter1D
glCopyConvolutionFilter2D
glCopyImageSubData
glCopyPixels
glCopyTexImage1D
glCopyTexImage2D
glCopyTexSubImage1D
glCopyTexSubImage2D
glCopyTexSubImage3D
glCopyTexSubImage3DEXT
glCreateProgram
glCreateProgramObjectARB
glCreateShader
glCreateShaderObjectARB
glCreateShaderProgramv
glCullFace
glDebugMessageCallback
glDebugMessageCallbackARB
glDebugMessageControl
glDebugMessageControlARB
glDebugMessageInsert
glDebugMessageInsertARB
glDeleteBuffers
glDeleteBuffersARB
glDeleteFramebuffers
glDeleteFramebuffersEXT
glDeleteLists
glDeleteObjectARB
glDeleteProgram
glDeleteProgramPipelines
glDeleteProgramsARB
glDeleteQueries
glDeleteQueriesARB
glDeleteRenderbuffers
glDeleteRenderbuffersEXT
glDeleteSamplers
glDeleteShader
glDeleteSync
glDeleteTextures
glDeleteTexturesEXT
glDeleteTransformFeedbacks
glDeleteVertexArrays
glDepthFunc
glDepthMask
glDepthRange
glDepthRangeArrayv
glDepthRangeIndexed
glDepthRangef
glDepthRangex
glDetachObjectARB
glDetachShader
glDisable
glDisableClientState
glDisableIndexedEXT
glDisableVertexAttribArray
glDisableVertexAttribArrayARB
glDisablei
glDispatchCompute
glDispatchComputeIndirect
glDrawArrays
glDrawArraysEXT
glDrawArraysIndirect
glDrawArraysInstanced
glDrawArraysInstancedARB
glDrawArraysInstancedBaseInstance
glDrawArraysInstancedEXT
glDrawBuffer
glDrawBuffers
glDrawBuffersARB
glDrawBuffersATI
glDrawElements
glDrawElementsBaseVertex
glDrawElementsIndirect
glDrawElementsInstanced
glDrawElementsInstancedARB
glDrawElementsInstancedBaseInstance
glDrawElementsInstancedBaseVertex
glDrawElementsInstancedBaseVertexBaseInstance
glDrawElementsInstancedEXT
glDrawPixels
glDrawRangeElements
glDrawRangeElementsBaseVertex
glDrawRangeElementsEXT
glDrawTransformFeedback
glDrawTransformFeedbackInstanced
glDrawTransformFeedbackStream
glDrawTransformFeedbackStreamInstanced
glEdgeFlag
glEdgeFlagPointer
glEdgeFlagPointerEXT
glEdgeFlagv
glEnable
glEnableClientState
glEnableIndexedEXT
glEnableVertexAttribArray
glEnableVertexAttribArrayARB
glEnablei
glEnd
glEndConditionalRender
glEndConditionalRenderNV
glEndList
glEndQuery
glEndQueryARB
glEndQueryIndexed
glEndTransformFeedback
glEvalCoord1d
glEvalCoord1dv
glEvalCoord1f
glEvalCoord1fv
glEvalCoord2d
glEvalCoord2dv
glEvalCoord2f
glEvalCoord2fv
glEvalMesh1
glEvalMesh2
glEvalPoint1
glEvalPoint2
glFeedbackBuffer
glFenceSync
glFinish
glFlush
glFlushMappedBufferRange
glFogCoordPointer
glFogCoordPointerEXT
glFogCoordd
glFogCoorddEXT
glFogCoorddv
glFogCoorddvEXT
glFogCoordf
glFogCoordfEXT
glFogCoordfv
glFogCoordfvEXT
glFogf
glFogfv
glFogi
glFogiv
glFogx
glFogxv
glFramebufferParameteri
glFramebufferRenderbuffer
glFramebufferRenderbufferEXT
glFramebufferTexture
glFramebufferTexture1D
glFramebufferTexture1DEXT
glFramebufferTexture2D
glFramebufferTexture2DEXT
glFramebufferTexture3D
glFramebufferTexture3DEXT
glFramebufferTextureLayer
glFramebufferTextureLayerEXT
glFrontFace
glFrustum
glFrustumf
glFrustumx
glGenBuffers
glGenBuffersARB
glGenFramebuffers
glGenFramebuffersEXT
glGenLists
glGenProgramPipelines
glGenProgramsARB
glGenQueries
glGenQueriesARB
glGenRenderbuffers
glGenRenderbuffersEXT
glGenSamplers
glGenTextures
glGenTexturesEXT
glGenTransformFeedbacks
glGenVertexArrays
glGenerateMipmap
glGenerateMipmapEXT
glGetActiveAtomicCounterBufferiv
glGetActiveAttrib
glGetActiveAttribARB
glGetActiveUniform
glGetActiveUniformARB
glGetActiveUniformBlockName
glGetActiveUniformBlockiv
glGetActiveUniformName
glGetActiveUniformsiv
glGetAttachedObjectsARB
glGetAttachedShaders
glGetAttribLocation
glGetAttribLocationARB
glGetBooleanIndexedvEXT
glGetBooleani_v
glGetBooleanv
glGetBufferParameteri64v
glGetBufferParameteriv
glGetBufferParameterivARB
glGetBufferPointerv
glGetBufferPointervARB
glGetBufferSubData
glGetBufferSubDataARB
glGetClipPlane
glGetClipPlanef
glGetClipPlanex
glGetColorTable
glGetColorTableParameterfv
glGetColorTableParameteriv
glGetCompressedTexImage
glGetCompressedTexImageARB
glGetConvolutionFilter
glGetConvolutionParameterfv
glGetConvolutionParameteriv
glGetDebugMessageLog
glGetDebugMessageLogARB
glGetDoublei_v
glGetDoublev
glGetError
glGetFixedv
glGetFloati_v
glGetFloatv
glGetFragDataIndex
glGetFragDataLocation
glGetFragDataLocationEXT
glGetFramebufferAttachmentParameteriv
glGetFramebufferAttachmentParameterivEXT
glGetFramebufferParameteriv
glGetGraphicsResetStatus
glGetGraphicsResetStatusARB
glGetHandleARB
glGetHistogram
glGetHistogramParameterfv
glGetHistogramParameteriv
glGetInfoLogARB
glGetInteger64i_v
glGetInteger64v
glGetIntegerIndexedvEXT
glGetIntegeri_v
glGetIntegerv
glGetLightfv
glGetLightiv
glGetLightxv
glGetMapdv
glGetMapfv
glGetMapiv
glGetMaterialfv
glGetMaterialiv
glGetMaterialxv
glGetMinmax
glGetMinmaxParameterfv
glGetMinmaxParameteriv
glGetMultisamplefv
glGetObjectLabel
glGetObjectParameterfvARB
glGetObjectParameterivARB
glGetObjectPtrLabel
glGetPixelMapfv
glGetPixelMapuiv
glGetPixelMapusv
glGetPointerv
glGetPointervEXT
glGetPolygonStipple
glGetProgramBinary
glGetProgramEnvParameterdvARB
glGetProgramEnvParameterfvARB
glGetProgramInfoLog
glGetProgramInterfaceiv
glGetProgramLocalParameterdvARB
glGetProgramLocalParameterfvARB
glGetProgramPipelineInfoLog
glGetProgramPipelineiv
glGetProgramResourceIndex
glGetProgramResourceLocation
glGetProgramResourceName
glGetProgramResourceiv
glGetProgramStringARB
glGetProgramiv
glGetProgramivARB
glGetQueryIndexediv
glGetQueryObjectiv
glGetQueryObjectivARB
glGetQueryObjectuiv
glGetQueryObjectuivARB
glGetQueryiv
glGetQueryivARB
glGetRenderbufferParameteriv
glGetRenderbufferParameterivEXT
glGetSamplerParameterIiv
glGetSamplerParameterIuiv
glGetSamplerParameterfv
glGetSamplerParameteriv
glGetSeparableFilter
glGetShaderInfoLog
glGetShaderPrecisionFormat
glGetShaderSource
glGetShaderSourceARB
glGetShaderiv
glGetString
glGetStringi
glGetSynciv
glGetTexEnvfv
glGetTexEnviv
glGetTexEnvxv
glGetTexGendv
glGetTexGenfv
glGetTexGeniv
glGetTexImage
glGetTexLevelParameterfv
glGetTexLevelParameteriv
glGetTexParameterIiv
glGetTexParameterIivEXT
glGetTexParameterIuiv
glGetTexParameterIuivEXT
glGetTexParameterfv
glGetTexParameteriv
glGetTexParameterxv

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxGuest.cat
VBoxGuest.inf
VBoxGuest.sys
.sys windows:6 windows x64 arch:x64

2917b61a8abfffb42bd208b10cdced8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxGuest\VBoxGuest.pdb

Imports

ntoskrnl.exe

MmGetSystemRoutineAddress
KeInitializeDpc
KeInsertQueueDpc
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
KeAcquireSpinLockAtDpcLevel
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
KeReleaseSpinLockFromDpcLevel
MmMapIoSpace
MmUnmapIoSpace
PsGetVersion
RtlQueryRegistryValues
IofCallDriver
IofCompleteRequest
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoDisconnectInterrupt
ZwClose
ZwQueryInformationToken
ZwOpenProcessToken
ObReferenceObjectByHandle
IoAttachDeviceToDeviceStack
RtlInitUnicodeString
strchr
DbgPrint
ZwQuerySystemInformation
__C_specific_handler
strcmp
MmSystemRangeStart
KeResetEvent
ExAcquireFastMutex
ExReleaseFastMutex
KeRemoveQueueDpc
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
IoGetCurrentProcess
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmIsAddressValid
KeNumberProcessors
__chkstk
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmProtectMdlSystemAddress
MmUnmapLockedPages
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
KeSetPriorityThread
PsCreateSystemThread
ObfDereferenceObject

Exports

Exports

ASMAtomicBitClear
ASMAtomicCmpXchgU8
ASMAtomicXchgU8
ASMGetFlags
ASMNopPause
ASMSetFlags
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTCritSectRwDelete
RTCritSectRwEnterExcl
RTCritSectRwEnterExclDebug
RTCritSectRwEnterShared
RTCritSectRwEnterSharedDebug
RTCritSectRwGetReadCount
RTCritSectRwGetWriteRecursion
RTCritSectRwGetWriterReadRecursion
RTCritSectRwInit
RTCritSectRwInitEx
RTCritSectRwIsReadOwner
RTCritSectRwIsWriteOwner
RTCritSectRwLeaveExcl
RTCritSectRwLeaveShared
RTCritSectRwSetSubClass
RTCritSectRwTryEnterExcl
RTCritSectRwTryEnterExclDebug
RTCritSectRwTryEnterShared
RTCritSectRwTryEnterSharedDebug
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNCmp
RTStrNICmpAscii
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreateEx
RTTimerDestroy
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16ICmpAscii
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcmp

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxMouse.cat
VBoxMouse.inf
VBoxMouse.sys
.sys windows:6 windows x64 arch:x64

c38be29df8b64a6d1bb10dd81e9616cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxMouse\VBoxMouse.pdb

Imports

ntoskrnl.exe

IoAttachDeviceToDeviceStack
IofCallDriver
IofCompleteRequest
IoCreateDevice
IoDeleteDevice
IoDetachDevice
IoInitializeRemoveLockEx
IoAcquireRemoveLockEx
IoReleaseRemoveLockAndWaitEx
PoCallDriver
PoStartNextPowerIrp
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
IoReleaseRemoveLockEx
IoGetDeviceProperty
ObfReferenceObject
ObfDereferenceObject
ExAcquireFastMutex
DbgPrint
PsGetVersion
MmIsAddressValid
__C_specific_handler
KeNumberProcessors
MmGetSystemRoutineAddress
ZwQuerySystemInformation
strcmp
MmSystemRangeStart
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
__chkstk
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
strchr
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExReleaseFastMutex

Exports

Exports

ASMAtomicBitClear
ASMAtomicCmpXchgU8
ASMAtomicXchgU8
ASMGetFlags
ASMNopPause
ASMSetFlags
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcmp
memcpy
memmove

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxNine-x86.dll
.dll windows:6 windows x86 arch:x86

b650ef5c2983e9fcdf52c54df0131d44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxNine-x86\VBoxNine-x86.pdb

Imports

kernel32

DeleteCriticalSection
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
TerminateProcess
GetLastError
GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
LeaveCriticalSection
FreeLibrary
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
TlsFree
SetThreadPriority
SetLastError
RtlUnwind
GetTickCount
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
VirtualAlloc
EnterCriticalSection
GetSystemDirectoryW
InitializeCriticalSection
GetConsoleWindow
OutputDebugStringA
IsDebuggerPresent
SetThreadAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
InitOnceExecuteOnce
GetSystemTimeAsFileTime
GetSystemInfo
GetProcessTimes
GetFileType
GetConsoleMode
WideCharToMultiByte
GetACP
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
VirtualFree

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtResetEvent
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryDirectoryFile
NtCreateFile
NtSetEvent
NtCreateEvent
NtWaitForSingleObject
NtClose
RtlFreeUnicodeString
NtProtectVirtualMemory

Exports

Exports

GaNineD3DAdapter9Create
GaNinePipeContextFromDevice
GaNinePipeResourceFromSurface
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabs
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2f
nocrt_lrint
nocrt_lrintf
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxNine.dll
.dll windows:5 windows x64 arch:x64

a985d6ccb4f44bfe29e4653bf1388394

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxNine\VBoxNine.pdb

Imports

kernel32

DeleteCriticalSection
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
TerminateProcess
GetLastError
GetModuleFileNameW
GetStdHandle
WriteFile
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
GetSystemDirectoryW
LeaveCriticalSection
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
RtlUnwindEx
TlsFree
SetThreadPriority
SetLastError
GetVersion
GetTickCount
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
VirtualFree
EnterCriticalSection
FreeLibrary
InitializeCriticalSection
GetConsoleWindow
OutputDebugStringA
IsDebuggerPresent
SetThreadAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
InitOnceExecuteOnce
GetSystemTimeAsFileTime
GetSystemInfo
GetProcessTimes
GetFileType
GetConsoleMode
WideCharToMultiByte
GetACP
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
VirtualAlloc

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryDirectoryFile
NtCreateFile
NtSetEvent
NtCreateEvent
NtWaitForSingleObject
NtClose
RtlFreeUnicodeString
NtResetEvent

Exports

Exports

GaNineD3DAdapter9Create
GaNinePipeContextFromDevice
GaNinePipeResourceFromSurface
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2f
nocrt_lrint
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxSVGA-x86.dll
.dll windows:6 windows x86 arch:x86

aca5580ddf789fb7b4e85cdee28ec9c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxSVGA-x86\VBoxSVGA-x86.pdb

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetStdHandle
GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
GetVersion
WideCharToMultiByte
GetACP
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
GetCurrentThread
GetCurrentThreadId
TlsAlloc
InitializeConditionVariable
TlsSetValue
GetModuleHandleA
GetProcAddress
Sleep
GetModuleHandleW
TlsFree
GetTickCount
GetCurrentProcessId
RtlUnwind
VirtualAlloc
VirtualFree
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
EnterCriticalSection
LeaveCriticalSection
WakeAllConditionVariable
SleepConditionVariableCS
SetThreadAffinityMask
DeleteCriticalSection
TlsGetValue
InitializeCriticalSection
InitOnceExecuteOnce
QueryPerformanceFrequency
QueryPerformanceCounter
GetCommandLineA

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtCreateEvent
NtSetEvent
NtProtectVirtualMemory
NtQueryVolumeInformationFile
NtClose
NtWaitForSingleObject

Exports

Exports

GaDrvContextFlush
GaDrvGetContextId
GaDrvGetSurfaceId
GaDrvGetWDDMEnv
GaDrvScreenCreate
GaDrvScreenDestroy
nocrt_atan2f
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabs
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2
nocrt_log2f
nocrt_logf
nocrt_lrint
nocrt_lrintf
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 823KB - Virtual size: 823KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxSVGA.dll
.dll windows:5 windows x64 arch:x64

5a30537e9c8f1dae3735ce51a7196591

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxSVGA\VBoxSVGA.pdb

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetStdHandle
GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
WideCharToMultiByte
GetACP
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
InitializeConditionVariable
GetModuleHandleA
GetProcAddress
Sleep
GetModuleHandleW
TlsFree
GetVersion
GetTickCount
GetCurrentProcessId
VirtualAlloc
VirtualFree
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
EnterCriticalSection
LeaveCriticalSection
WakeAllConditionVariable
SleepConditionVariableCS
SetThreadAffinityMask
DeleteCriticalSection
TlsSetValue
InitializeCriticalSection
InitOnceExecuteOnce
QueryPerformanceFrequency
QueryPerformanceCounter
GetCommandLineA

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtSetEvent
NtWaitForSingleObject
NtQueryVolumeInformationFile
NtClose
NtCreateEvent

Exports

Exports

GaDrvContextFlush
GaDrvGetContextId
GaDrvGetSurfaceId
GaDrvGetWDDMEnv
GaDrvScreenCreate
GaDrvScreenDestroy
nocrt_atan2f
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2
nocrt_log2f
nocrt_logf
nocrt_lrint
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxTray.exe
.exe windows:5 windows x64 arch:x64

45cec31cafce2061f4586782350eab96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxTray\VBoxTray.pdb

Imports

kernel32

SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
RaiseException
GetCurrentProcess
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateFileW
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
LocalAlloc
LocalFree
GetStdHandle
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetModuleFileNameW
GetSystemDirectoryW
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetFileType
GetConsoleMode
GetCommandLineW
OutputDebugStringA
DeleteFileW
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
RtlUnwindEx
CreateFileA
CreateDirectoryW
GetSystemTime
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
SetEnvironmentVariableW
SetLastError
lstrlenW
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalAlloc
GetCurrentThreadId
GetTickCount
GetProcAddress
GetModuleHandleA
CreateThread
RemoveDirectoryW
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersion
InitializeCriticalSection
GetModuleHandleW
SetThreadPriority
GetCurrentThread
CreateEventA
CreateMutexA
SetEvent
GetLastError
SetErrorMode
CloseHandle

user32

MessageBoxW
ShowCursor
WindowFromPoint
GetWindowThreadProcessId
SetWindowPos
GetClipboardOwner
SetClipboardData
GetClipboardData
RegisterClipboardFormatA
SendMessageTimeoutA
SendMessageCallbackA
OpenClipboard
CloseClipboard
SetClipboardViewer
GetClipboardViewer
ChangeClipboardChain
EnumClipboardFormats
GetClipboardFormatNameA
EmptyClipboard
TrackMouseEvent
ShowWindow
GetSystemMetrics
ClientToScreen
SetWindowLongA
GetWindowLongPtrA
SetWindowLongPtrA
GetClipboardFormatNameW
AttachThreadInput
EnumDisplayDevicesA
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowRgn
EnumDisplaySettingsA
ReleaseDC
GetDC
GetClassInfoExA
PostQuitMessage
PostThreadMessageA
GetMessageA
DestroyIcon
LoadIconA
LoadCursorA
FindWindowExA
GetDesktopWindow
GetCursorPos
MessageBoxA
SetForegroundWindow
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostMessageA
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
RegisterWindowMessageA
ChangeDisplaySettingsA
SystemParametersInfoA
EnumWindows
GetClassNameA
FindWindowA

gdi32

DeleteDC
CreateDCA
CreateSolidBrush
SetRectRgn
OffsetRgn
GetRegionData
DeleteObject
CreateRectRgn
ExtEscape
CombineRgn

advapi32

RegSetValueExW
GetUserNameW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegCloseKey
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
InitializeAcl

shell32

Shell_NotifyIconA
DragQueryFileA
DragQueryFileW

ole32

ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
DoDragDrop
CoLockObjectExternal
RegisterDragDrop
OleUninitialize
RevokeDragDrop
OleInitialize

ntdll

NtOpenProcess
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryDirectoryFile
NtTerminateProcess
NtSetInformationFile
NtCancelIoFile
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
NtQueryInformationProcess
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
RtlFreeUnicodeString
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxVideo.cat
VBoxVideo.inf
VBoxVideo.sys
.dll windows:6 windows x64 arch:x64

788f4d110fa0615f9d415adfedaabad5

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:2e:8c:e5:04:32:a6:42:b8:7c:e0:dd:22:21:76:34:58:6e:fe:32:9c:37:cb:83:95:bf:bd:08:38:72:0b:04
Signer

Actual PE Digest

aa:2e:8c:e5:04:32:a6:42:b8:7c:e0:dd:22:21:76:34:58:6e:fe:32:9c:37:cb:83:95:bf:bd:08:38:72:0b:04

Digest Algorithm

sha256

PE Digest Matches

true

d8:6f:c6:f0:4f:70:2a:5c:5b:f9:a3:d4:46:83:ce:e1:06:46:4a:87
Signer

Actual PE Digest

d8:6f:c6:f0:4f:70:2a:5c:5b:f9:a3:d4:46:83:ce:e1:06:46:4a:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxVideo\VBoxVideo.pdb

Imports

videoprt.sys

VideoPortGetAccessRanges
VideoPortInitialize
VideoPortReadPortUshort
VideoPortReadPortUlong
VideoPortSetRegistryParameters
VideoPortWritePortUshort
VideoPortWritePortUlong
VideoPortZeroMemory
VideoPortGetRegistryParameters
VideoPortMapMemory
VideoPortMoveMemory
VideoPortUnmapMemory
VideoPortWritePortUchar
VideoPortSynchronizeExecution

ntoskrnl.exe

PsGetVersion
KeAcquireSpinLockRaiseToDpc
RtlInitUnicodeString
KeInitializeEvent
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
IofCallDriver
IoGetDeviceObjectPointer
ObfDereferenceObject
strchr
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExAcquireFastMutex
ExReleaseFastMutex
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
DbgPrint
MmIsAddressValid
__C_specific_handler
KeNumberProcessors
IoGetCurrentProcess
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
MmGetSystemRoutineAddress
ZwQuerySystemInformation
strcmp
MmSystemRangeStart
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetEvent
__chkstk
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeReleaseSpinLock

Exports

Exports

ASMAtomicBitClear
ASMAtomicCmpXchgU8
ASMAtomicXchgU8
ASMGetFlags
ASMNopPause
ASMSetFlags
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcmp

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 773B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxWddm.cat
VBoxWddm.inf
VBoxWddm.sys
.sys windows:6 windows x64 arch:x64

2b47de3931407da4f8970704722c2ba5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\tinderbox\add\out\win.amd64\release\obj\VBoxWddm\VBoxWddm.pdb

Imports

ntoskrnl.exe

KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExAllocatePoolWithTag
ExFreePoolWithTag
PsGetVersion
IoGetDeviceProperty
IoOpenDeviceRegistryKey
ZwClose
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
__C_specific_handler
KeSetEvent
ObReferenceObjectByHandle
ObfDereferenceObject
ExEventObjectType
RtlInitializeBitMap
RtlClearBits
DbgPrint
KeInitializeEvent
KeDelayExecutionThread
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
ExAcquireFastMutex
ExReleaseFastMutex
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
PsCreateSystemThread
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetValueKey
KeWaitForSingleObject
KeInitializeDpc
IofCallDriver
IoAllocateMdl
ZwLoadDriver
IoGetDeviceObjectPointer
ZwUnloadDriver
IoFreeMdl
RtlGetVersion
IoBuildDeviceIoControlRequest
strchr
ZwYieldExecution
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
PsGetCurrentProcessId
MmIsAddressValid
KeNumberProcessors
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmProtectMdlSystemAddress
IoBuildPartialMdl
MmGetSystemRoutineAddress
ZwQuerySystemInformation
strcmp
MmSystemRangeStart
KeInsertQueueDpc
KeRemoveQueueDpc
__chkstk
KeSetPriorityThread
KeResetEvent
KeBugCheckEx
RtlInitUnicodeString

Exports

Exports

?CrSaAdd@@YAHPEAUCR_SORTARRAY@@_K@Z
?CrSaCleanup@@YAXPEAUCR_SORTARRAY@@@Z
?CrSaClone@@YAHPEBUCR_SORTARRAY@@PEAU1@@Z
?CrSaCmp@@YAHPEBUCR_SORTARRAY@@0@Z
?CrSaContains@@YA_NPEBUCR_SORTARRAY@@_K@Z
?CrSaCovers@@YA_NPEBUCR_SORTARRAY@@0@Z
?CrSaInit@@YAHPEAUCR_SORTARRAY@@I@Z
?CrSaIntersect@@YAXPEAUCR_SORTARRAY@@PEBU1@@Z
?CrSaIntersected@@YAHPEAUCR_SORTARRAY@@PEBU1@0@Z
?CrSaRemove@@YAHPEAUCR_SORTARRAY@@_K@Z
?CrSaUnited@@YAHPEBUCR_SORTARRAY@@0PEAU1@@Z
ASMAtomicBitClear
ASMAtomicCmpXchgU8
ASMAtomicXchgU8
ASMBitFirstClear
ASMBitFirstSet
ASMBitNextSet
ASMGetFlags
ASMNopPause
ASMSetFlags
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTAvlU32Destroy
RTAvlU32DoWithAll
RTAvlU32Get
RTAvlU32GetBestFit
RTAvlU32Insert
RTAvlU32Remove
RTAvlU32RemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vboxguest.cat
vboxmouse.cat
vboxwddm.cat
VBoxWindowsAdditions-x86.exe
.exe windows:4 windows x86 arch:x86

59b8ea9c7392c40cfbac34d0d968ab59

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:f2:10:c1:fc:2e:28:cf:54:a6:3a:36:42:52:34:5e:56:2a:61:cf:58:55:42:a8:bd:c6:64:ae:84:12:f7:44
Signer

Actual PE Digest

65:f2:10:c1:fc:2e:28:cf:54:a6:3a:36:42:52:34:5e:56:2a:61:cf:58:55:42:a8:bd:c6:64:ae:84:12:f7:44

Digest Algorithm

sha256

PE Digest Matches

true

21:d4:f1:a3:97:58:b6:e2:53:b0:b6:22:0c:13:c2:05:a2:86:58:00
Signer

Actual PE Digest

21:d4:f1:a3:97:58:b6:e2:53:b0:b6:22:0c:13:c2:05:a2:86:58:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongW
GetWindowLongW
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
CreateFileW
WriteFile
RemoveDirectoryW
CreateProcessW
lstrcmpiA
CreateThread
GlobalLock
CreateDirectoryW
GetDiskFreeSpaceW
WideCharToMultiByte
GlobalUnlock
lstrlenW
SetErrorMode
lstrcpynW
GetCommandLineW
GetTempPathW
GetVersionExW
SetEnvironmentVariableW
CopyFileW
GetWindowsDirectoryW
GetCurrentProcess
GetModuleFileNameW
ExitProcess
GetTickCount
Sleep
GetFileSize
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 244KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/Bin/VBoxService.exe
.exe windows:1 windows x86 arch:x86

2750b8884e9fac16bee220471572a25b

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:6c:a9:f5:83:4f:75:e9:b9:30:1b:a9:f2:04:f8:80:35:82:8b:4f:f6:3d:3f:d2:22:7b:df:55:7d:a2:e0:12
Signer

Actual PE Digest

b4:6c:a9:f5:83:4f:75:e9:b9:30:1b:a9:f2:04:f8:80:35:82:8b:4f:f6:3d:3f:d2:22:7b:df:55:7d:a2:e0:12

Digest Algorithm

sha256

PE Digest Matches

true

ce:d8:18:ec:31:50:40:6a:ee:7a:22:ef:0d:e6:ae:27:43:38:67:4a
Signer

Actual PE Digest

ce:d8:18:ec:31:50:40:6a:ee:7a:22:ef:0d:e6:ae:27:43:38:67:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetFileType
CreateFileA
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetStdHandle
SetEvent
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
CreateEventW
RtlUnwind
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
LocalFree
GetModuleFileNameA
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
GetConsoleMode
MoveFileExW

user32

GetUserObjectSecurity
SetUserObjectSecurity
GetProcessWindowStation
SetProcessWindowStation
OpenWindowStationA
OpenDesktopA
CloseDesktop

advapi32

GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountSidA
IsValidSid
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtResetEvent
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtQueryObject
NtOpenDirectoryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlGetNtProductType
RtlFreeUnicodeString
NtTerminateProcess
NtOpenProcess
NtProtectVirtualMemory

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/Tools/DIFxAPI.dll
.dll windows:6 windows x86 arch:x86

bced6390751f7df672767c6c60fd16dc

Code Sign

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:15:23:0f:00:00:00:00:00:0a
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 21:57

Not After

07/03/2011, 21:57

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b4:3a:2e:c6:32:74:1f:7f:5a:ac:1d:1e:5f:70:f7:d0:71:69:58:ba
Signer

Actual PE Digest

b4:3a:2e:c6:32:74:1f:7f:5a:ac:1d:1e:5f:70:f7:d0:71:69:58:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

difxapi.pdb

Imports

ntdll

RtlNtStatusToDosError
VerSetConditionMask
RtlUnwind

kernel32

VerifyVersionInfoW
GetVersionExW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
SetFileAttributesW
GetEnvironmentVariableW
CompareStringW
GetFileAttributesW
MoveFileExW
GetTempFileNameW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetSystemWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
GetFullPathNameW
CopyFileW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateDirectoryW
LocalReAlloc
LocalAlloc
GetProcessHeap
ReleaseMutex
DeviceIoControl
WaitForSingleObject
CreateMutexW
GetSystemTimeAsFileTime
Sleep
RaiseException
GetVersionExA
HeapSize
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsGetValue
SetLastError
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
LoadLibraryExA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetThreadLocale
WaitForMultipleObjectsEx
InterlockedCompareExchange
WaitForSingleObjectEx
SetEvent
CreateEventW
SetEndOfFile
InterlockedExchange
lstrcmpiW
GetLastError
InterlockedIncrement
InterlockedDecrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
HeapReAlloc
EnterCriticalSection
HeapAlloc
LeaveCriticalSection
HeapDestroy
GetModuleHandleW
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringA
HeapCreate
InitializeCriticalSection
TlsAlloc
CreateFileA

user32

UnregisterClassA
CharLowerW

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupQueueCopyIndirectW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Query_And_Remove_SubTreeW
SetupDiOpenClassRegKey
SetupGetTargetPathW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupCloseFileQueue
SetupFindFirstLineW
SetupCopyOEMInfW
SetupCloseInfFile
SetupGetLineCountW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupOpenAppendInfFileW
CM_Enumerate_Classes
CM_Setup_DevNode
SetupGetIntField
SetupGetFieldCount
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupGetStringFieldW

advapi32

RegCloseKey
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
QueryServiceStatus
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
FreeSid

ole32

StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

wintrust

WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

crypt32

CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCTLContext

Exports

Exports

DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/Tools/VBoxDrvInst.exe
.exe windows:1 windows x86 arch:x86

ee6cace482f58654405797362644e323

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:50:d0:39:d8:03:ab:e6:79:23:3a:7c:27:fc:e4:22:f0:ae:c5:5e:ac:a0:10:49:a3:dc:f5:93:b2:17:68:13
Signer

Actual PE Digest

19:50:d0:39:d8:03:ab:e6:79:23:3a:7c:27:fc:e4:22:f0:ae:c5:5e:ac:a0:10:49:a3:dc:f5:93:b2:17:68:13

Digest Algorithm

sha256

PE Digest Matches

true

63:95:a4:3c:d2:6b:00:53:c3:b8:86:90:28:9c:6c:98:ec:96:ab:a1
Signer

Actual PE Digest

63:95:a4:3c:d2:6b:00:53:c3:b8:86:90:28:9c:6c:98:ec:96:ab:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxDrvInst\VBoxDrvInst.pdb

Imports

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiInstallDevice
SetupDiSetDeviceInstallParamsW
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiRegisterDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallback
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW

kernel32

RtlUnwind
GetStdHandle
CreateFileW
GetFullPathNameW
WriteFile
CloseHandle
GetLastError
SetLastError
GetSystemTime
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadLibraryW
FormatMessageW
lstrcmpiW
GetConsoleMode
WriteConsoleW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
GetACP
GetCurrentProcess
TerminateProcess
GetVersion

advapi32

UnlockServiceDatabase
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

ntdll

NtTerminateProcess
NtProtectVirtualMemory

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxControl.exe
.exe windows:1 windows x86 arch:x86

c070f49e423addd5a8f7d84fc4b72de8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxControl\VBoxControl.pdb

Imports

kernel32

GetFileType
GetLastError
GetConsoleMode
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
DuplicateHandle
SetLastError
DeviceIoControl
GetCurrentProcess
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
MoveFileExW
TerminateProcess
GetCurrentProcessId
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetTickCount
GetTimeZoneInformation
SetThreadPriority
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetNamedPipeInfo
CreateDirectoryW
VirtualAlloc
VirtualFree
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
CreateFileA
PeekNamedPipe
GetOverlappedResult
ResetEvent
CreateEventA
GetNamedPipeHandleStateA
RtlUnwind
GetStdHandle
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
GetCommandLineW
GetModuleHandleA

user32

EnumDisplayDevicesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegOpenKeyExW

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile
NtQueryObject
NtTerminateProcess
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtQueryDirectoryFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtProtectVirtualMemory
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtCancelIoFile

Exports

Exports

g_abRTZero16K
g_abRTZero32K
g_abRTZero4K
g_abRTZero64K
g_abRTZero8K
g_abRTZeroPage
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxGuest.cat
$0/VBoxGuest/VBoxGuest.inf
$0/VBoxGuest/VBoxGuest.sys
.sys windows:6 windows x86 arch:x86

87f400735742d99e416c11acd9ff13ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxGuest\VBoxGuest.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoDisconnectInterrupt
ZwClose
ZwQueryInformationToken
ZwOpenProcessToken
KeGetCurrentThread
KeDelayExecutionThread
KeInitializeTimer
KeSetTimer
IoGetCurrentProcess
MmIsAddressValid
KeInitializeEvent
KeRemoveQueueDpc
KeNumberProcessors
KeResetEvent
KeCancelTimer
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
RtlUnwind
KeInsertQueueDpc
KeInitializeDpc
RtlInitUnicodeString
DbgPrint
RtlQueryRegistryValues

hal

HalTranslateBusAddress
HalGetInterruptVector
KeGetCurrentIrql
HalGetBusData

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTCritSectRwDelete
RTCritSectRwEnterExcl
RTCritSectRwEnterExclDebug
RTCritSectRwEnterShared
RTCritSectRwEnterSharedDebug
RTCritSectRwGetReadCount
RTCritSectRwGetWriteRecursion
RTCritSectRwGetWriterReadRecursion
RTCritSectRwInit
RTCritSectRwInitEx
RTCritSectRwIsReadOwner
RTCritSectRwIsWriteOwner
RTCritSectRwLeaveExcl
RTCritSectRwLeaveShared
RTCritSectRwSetSubClass
RTCritSectRwTryEnterExcl
RTCritSectRwTryEnterExclDebug
RTCritSectRwTryEnterShared
RTCritSectRwTryEnterSharedDebug
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNCmp
RTStrNICmpAscii
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreateEx
RTTimerDestroy
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16ICmpAscii
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxHook.dll
.dll windows:5 windows x86 arch:x86

4a967e911fe447bf09ae7f26caed745a

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:19:05:3d:37:27:f9:fb:5f:56:5e:1e:e5:e0:a7:29:cb:43:59:6c:a3:d3:56:ad:51:c4:23:f8:a0:c5:f9:03
Signer

Actual PE Digest

00:19:05:3d:37:27:f9:fb:5f:56:5e:1e:e5:e0:a7:29:cb:43:59:6c:a3:d3:56:ad:51:c4:23:f8:a0:c5:f9:03

Digest Algorithm

sha256

PE Digest Matches

true

cb:39:83:cf:34:bc:61:d1:87:0c:0e:7e:7a:f6:7e:e5:64:68:25:1c
Signer

Actual PE Digest

cb:39:83:cf:34:bc:61:d1:87:0c:0e:7e:7a:f6:7e:e5:64:68:25:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxHook\VBoxHook.pdb

Imports

kernel32

SetEvent
OpenEventA
GetCurrentProcess
TerminateProcess
GetLastError
GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
RtlUnwind

user32

SetWinEventHook
UnhookWinEvent
GetWindowLongA

ole32

CoUninitialize
CoInitialize

ntdll

NtProtectVirtualMemory

Exports

Exports

VBoxHookInstallActiveDesktopTracker
VBoxHookInstallWindowTracker
VBoxHookRemoveActiveDesktopTracker
VBoxHookRemoveWindowTracker
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxTray.exe
.exe windows:1 windows x86 arch:x86

23da4e1b0676646043e2b75888050b54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxTray\VBoxTray.pdb

Imports

kernel32

SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
RaiseException
GetCurrentProcess
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateFileW
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
LocalAlloc
LocalFree
GetStdHandle
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetModuleFileNameW
GetSystemDirectoryW
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetFileType
GetConsoleMode
GetCommandLineW
OutputDebugStringA
DeleteFileW
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
CreateFileA
RtlUnwind
CreateDirectoryW
GetSystemTime
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
SetEnvironmentVariableW
SetLastError
lstrlenW
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalAlloc
GetCurrentThreadId
GetTickCount
GetProcAddress
GetModuleHandleA
CreateThread
RemoveDirectoryW
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersion
InitializeCriticalSection
GetModuleHandleW
SetThreadPriority
GetCurrentThread
CreateEventA
CreateMutexA
SetEvent
GetLastError
SetErrorMode
CloseHandle

user32

MessageBoxW
ShowCursor
WindowFromPoint
GetWindowThreadProcessId
SetWindowPos
GetClipboardOwner
SetClipboardData
GetClipboardData
RegisterClipboardFormatA
SendMessageTimeoutA
SendMessageCallbackA
OpenClipboard
CloseClipboard
SetClipboardViewer
GetClipboardViewer
ChangeClipboardChain
EnumClipboardFormats
GetClipboardFormatNameA
EmptyClipboard
TrackMouseEvent
ShowWindow
GetSystemMetrics
ClientToScreen
SetWindowLongA
GetClipboardFormatNameW
AttachThreadInput
EnumWindows
EnumDisplayDevicesA
GetWindowRect
GetWindowTextA
GetWindowRgn
EnumDisplaySettingsA
ReleaseDC
GetDC
GetClassInfoExA
PostQuitMessage
PostThreadMessageA
GetMessageA
DestroyIcon
LoadIconA
LoadCursorA
FindWindowExA
GetDesktopWindow
GetCursorPos
MessageBoxA
SetForegroundWindow
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostMessageA
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
RegisterWindowMessageA
ChangeDisplaySettingsA
SystemParametersInfoA
GetWindowLongA
GetClassNameA
FindWindowA

gdi32

DeleteDC
CreateDCA
CreateSolidBrush
SetRectRgn
OffsetRgn
GetRegionData
DeleteObject
CreateRectRgn
ExtEscape
CombineRgn

advapi32

RegSetValueExW
GetUserNameW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegCloseKey
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
InitializeAcl

shell32

Shell_NotifyIconA
DragQueryFileA
DragQueryFileW

ole32

ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
DoDragDrop
CoLockObjectExternal
RegisterDragDrop
OleUninitialize
RevokeDragDrop
OleInitialize

ntdll

NtProtectVirtualMemory
NtOpenProcess
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryDirectoryFile
NtTerminateProcess
NtCancelIoFile
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
NtQueryInformationProcess
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
RtlGetNtProductType
RtlFreeUnicodeString
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/vboxguest.cat
$0/VBoxMouse/NT4/VBoxMouseNT.sys
.sys windows:6 windows x86 arch:x86

992a51222357af9cfb8733c614830fab

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:fd:e3:80:af:73:91:25:3c:82:94:55:7e:40:ca:ff:6c:f0:05:9f:c8:76:0a:5d:8f:fa:33:c5:d6:eb:5d:c4
Signer

Actual PE Digest

9a:fd:e3:80:af:73:91:25:3c:82:94:55:7e:40:ca:ff:6c:f0:05:9f:c8:76:0a:5d:8f:fa:33:c5:d6:eb:5d:c4

Digest Algorithm

sha256

PE Digest Matches

true

e5:03:7a:1f:0b:b1:d8:89:95:27:12:ac:ef:60:fe:5b:b0:8b:3c:c1
Signer

Actual PE Digest

e5:03:7a:1f:0b:b1:d8:89:95:27:12:ac:ef:60:fe:5b:b0:8b:3c:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxMouseNT\VBoxMouseNT.pdb

Imports

ntoskrnl.exe

RtlAppendUnicodeToString
RtlFreeAnsiString
KeInitializeDpc
KeInsertQueueDpc
KeSynchronizeExecution
KeInitializeTimer
KeCancelTimer
KeSetTimer
KeInitializeSpinLock
KeQueryTimeIncrement
ExAllocatePool
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoAcquireCancelSpinLock
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDisconnectInterrupt
IoReleaseCancelSpinLock
IoStartNextPacket
IoStartPacket
RtlAppendUnicodeStringToString
IoReportResourceUsage
KeGetCurrentThread
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
IoGetCurrentProcess
MmIsAddressValid
DbgPrint
KeNumberProcessors
KeRemoveQueueDpc
KeInitializeEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeQuerySystemTime
KeQueryTickCount
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlUnwind
KeReadStateMutex
RtlCopyUnicodeString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlIntegerToUnicodeString
RtlWriteRegistryValue
RtlQueryRegistryValues
IoQueryDeviceDescription
strstr
KeInitializeMutex
KeReleaseMutex

hal

HalGetBusData
HalTranslateBusAddress
HalGetInterruptVector
KeStallExecutionProcessor
WRITE_PORT_UCHAR
READ_PORT_UCHAR
KeGetCurrentIrql

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxMouse/VBoxMouse.cat
$0/VBoxMouse/VBoxMouse.inf
$0/VBoxMouse/VBoxMouse.sys
.sys windows:6 windows x86 arch:x86

71e97405bd828b33ec0ba3d704275bbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxMouse\VBoxMouse.pdb

Imports

ntoskrnl.exe

IoAcquireRemoveLockEx
IoReleaseRemoveLockAndWaitEx
PoCallDriver
PoStartNextPowerIrp
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
KeInitializeSpinLock
IoReleaseRemoveLockEx
IoGetDeviceProperty
ObfReferenceObject
ObfDereferenceObject
IoDetachDevice
IoDeleteDevice
IoCreateDevice
IoInitializeRemoveLockEx
DbgPrint
PsGetVersion
MmIsAddressValid
_except_handler3
KeNumberProcessors
ZwQuerySystemInformation
IofCompleteRequest
KeInsertQueueDpc
KeRemoveQueueDpc
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
KeGetCurrentThread
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
strchr
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IofCallDriver
IoAttachDeviceToDeviceStack
KeInitializeDpc
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
memset

hal

ExReleaseFastMutex
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxMouse/vboxmouse.cat
$0/VBoxSF/VBoxSF.sys
.sys windows:6 windows x86 arch:x86

1604e90e6741f4de59b52af7a63c8b64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxSF\VBoxSF.pdb

Imports

hal

ExAcquireFastMutex
ExReleaseFastMutex
ExTryToAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

ntoskrnl.exe

IoCreateSymbolicLink
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObReferenceObjectByPointer
ObfDereferenceObject
ZwCreateFile
ZwClose
_except_handler3
memcpy
memset
IoFileObjectType
IoGetCurrentProcess
CcPurgeCacheSection
CcFlushCache
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmCanFileBeTruncated
CcSetFileSizes
_alldiv
_allmul
ExIsResourceAcquiredExclusiveLite
ExAllocatePoolWithTag
ExFreePoolWithTag
MmGetSystemRoutineAddress
KeWaitForSingleObject
KeSetEvent
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
KeGetCurrentThread
DbgPrint
IoIsOperationSynchronous
ExIsResourceAcquiredSharedLite
KeReleaseMutex
ExReleaseResourceForThreadLite
ExAcquireResourceSharedLite
ExRaiseStatus
ExAcquireSharedWaitForExclusive
ExAcquireSharedStarveExclusive
memmove
ExInitializeResourceLite
FsRtlInitializeFileLock
SeQuerySessionIdToken
SeQueryAuthenticationIdToken
SeTokenIsRestricted
SeQueryInformationToken
ExDeleteResourceLite
FsRtlUninitializeFileLock
KeInitializeSpinLock
KeInitializeQueue
PsCreateSystemThread
KeInsertQueue
PsTerminateSystemThread
KeRemoveQueue
PsThreadType
ZwQuerySystemInformation
MmQuerySystemSize
KeRundownQueue
PsIsThreadTerminating
KeResetEvent
FsRtlIsNtstatusExpected
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
MmUnlockPages
MmForceSectionClosed
MmFlushImageSection
RtlGetCallersAddress
KeQueryTimeIncrement
KeTickCount
RtlUpcaseUnicodeChar
ExConvertExclusiveToSharedLite
RtlEqualUnicodeString
IoFreeIrp
IoCancelIrp
IoSetTopLevelIrp
IoGetTopLevelIrp
IofCompleteRequest
IofCallDriver
KeCancelTimer
KeSetTimer
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeTimer
KeInitializeDpc
IoDeleteDevice
IoUnregisterFileSystem
FsRtlDeregisterUncProvider
IoRegisterFileSystem
FsRtlRegisterUncProvider
IoCreateDevice
SeReleaseSubjectContext
SeCaptureSubjectContext
IoGetStackLimits
KeLeaveCriticalRegion
KeEnterCriticalRegion
ZwOpenKey
ZwQueryValueKey
KeInitializeMutex
ExInitializeNPagedLookasideList
ExFreePool
IoWMIRegistrationControl
ExDeleteNPagedLookasideList
ExQueueWorkItem
RtlLengthSecurityDescriptor
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlCopyUnicodeString
FsRtlDoesNameContainWildCards
IoUpdateShareAccess
IoSetShareAccess
IoCheckShareAccess
_stricmp
IoGetRequestorProcess
FsRtlFastUnlockSingle
ExSetResourceOwnerPointer
FsRtlProcessFileLock
KeBugCheckEx
IoReleaseCancelSpinLock
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeQuerySystemTime
IoRaiseInformationalHardError
IoCheckEaBufferValidity
CcUninitializeCacheMap
IoRemoveShareAccess
FsRtlFastUnlockAll
RtlCreateUnicodeString
RtlPrefixUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
wcschr
RtlFreeUnicodeString
ProbeForWrite
ProbeForRead
RtlCompareMemory
CcInitializeCacheMap
FsRtlNormalizeNtstatus
ExfInterlockedAddUlong
CcPrepareMdlWrite
CcCopyWrite
CcSetReadAheadGranularity
FsRtlCheckLockForWriteAccess
CcDeferWrite
CcCanIWrite
CcMdlRead
CcCopyRead
CcSetAdditionalCacheAttributes
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
CcMdlReadComplete
CcMdlWriteComplete
KeClearEvent
FsRtlFastCheckLockForWrite
FsRtlFastCheckLockForRead
CcFastCopyRead
IoGetRelatedDeviceObject
CcFastCopyWrite
CcZeroData
RtlUnwind
KeSetPriorityThread
KeInitializeEvent
InterlockedCompareExchange
RtlInitUnicodeString
IoAllocateIrp
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
KeQueryTickCount
MmIsAddressValid
strchr
KeReadStateMutex
ExAllocatePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
PsGetVersion
KeNumberProcessors
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
KeInsertQueueDpc
KeRemoveQueueDpc
LsaFreeReturnBuffer

ksecdd.sys

GetSecurityUserInfo

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelLogger
RTLogRelLoggerV
RTLogRelPrintf
RTLogRelPrintfV
RTLogRelSetBuffering
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemAreKrnlAndUsrDifferent
RTR0MemKernelCopyFrom
RTR0MemKernelCopyTo
RTR0MemKernelIsValidAddr
RTR0MemUserCopyFrom
RTR0MemUserCopyTo
RTR0MemUserIsValidAddr
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_PsGetProcessImageFileName@4
_RtlGetVersion@4
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxVideo/VBoxDisp.dll
.dll windows:6 windows x86 arch:x86

7d169efd38bae25431ee9dc7d4dd657e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxDisp\VBoxDisp.pdb

Imports

win32k.sys

EngCreateBitmap
EngCreateDeviceSurface
EngDeleteSurface
EngLockSurface
EngUnlockSurface
EngAssociateSurface
EngAllocMem
EngFreeMem
EngDeviceIoControl
EngCopyBits
PALOBJ_cGetColors
EngCreatePalette
EngDeletePalette
PATHOBJ_vGetBounds
EngBitBlt
EngLineTo
EngStretchBlt
EngTextOut
EngStrokePath
EngFillPath
EngPaint
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
PATHOBJ_vEnumStart
PATHOBJ_bEnum
FONTOBJ_vGetInfo
STROBJ_vEnumStart
STROBJ_bEnum

Exports

Exports

ASMAtomicCmpXchgU8
RTCrc64
RTCrc64Finish
RTCrc64Process
RTCrc64Start
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogFormatV
RTLogWriteUser
RTStrCopy
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
memcpy
memmove
memset

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxVideo/VBoxVideo.cat
$0/VBoxVideo/VBoxVideo.inf
$0/VBoxVideo/VBoxVideo.sys
.dll windows:6 windows x86 arch:x86

81519e6db00db4256b7a5a15e29d098d

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:70:76:6b:13:12:96:7e:2d:35:3d:88:16:c5:c6:8f:7a:43:37:c4:ac:b0:35:30:62:d5:21:06:40:06:3f:17
Signer

Actual PE Digest

a9:70:76:6b:13:12:96:7e:2d:35:3d:88:16:c5:c6:8f:7a:43:37:c4:ac:b0:35:30:62:d5:21:06:40:06:3f:17

Digest Algorithm

sha256

PE Digest Matches

true

fe:18:8e:75:6b:be:33:ff:fc:3d:37:4f:11:14:12:e5:85:19:d7:e4
Signer

Actual PE Digest

fe:18:8e:75:6b:be:33:ff:fc:3d:37:4f:11:14:12:e5:85:19:d7:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxVideo\VBoxVideo.pdb

Imports

videoprt.sys

VideoPortGetRegistryParameters
VideoPortMapMemory
VideoPortZeroMemory
VideoPortUnmapMemory
VideoPortWritePortUchar
VideoPortSynchronizeExecution
VideoPortWritePortUlong
VideoPortWritePortUshort
VideoPortSetRegistryParameters
VideoPortReadPortUlong
VideoPortReadPortUshort
VideoPortInitialize
VideoPortMoveMemory
VideoPortGetAccessRanges

ntoskrnl.exe

ObfDereferenceObject
strchr
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
IofCallDriver
DbgPrint
MmIsAddressValid
KeNumberProcessors
IoGetCurrentProcess
PsGetCurrentProcessId
KeGetCurrentThread
KeDelayExecutionThread
ZwYieldExecution
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ZwQuerySystemInformation
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeInitializeSpinLock
RtlUnwind
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
KeInitializeEvent
RtlInitUnicodeString
IoGetDeviceObjectPointer
PsGetVersion
MmGetPhysicalAddress

hal

KfRaiseIrql
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memmove

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 727B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxDX.dll
.dll windows:6 windows x86 arch:x86

c25f6cc6ba63993eb756bb9449e2e8c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxDX\VBoxDX.pdb

Imports

kernel32

GetProcessHeap
GetCurrentProcessId
Sleep
GetCurrentThreadId
SetErrorMode
GetVersion
GetModuleHandleW
GetProcAddress
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetCommandLineW
OutputDebugStringA
GetStdHandle
WriteFile
CloseHandle
RaiseException
GetCurrentProcess
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
GetEnvironmentVariableW
SetLastError
GetSystemTime
GetTickCount
SystemTimeToFileTime
CreateFileW
HeapReAlloc
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
TerminateProcess
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind
HeapFree
DeleteFileW
HeapAlloc

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtProtectVirtualMemory
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter10
OpenAdapter10_2
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxDispD3D.dll
.dll windows:6 windows x86 arch:x86

9e8d2160071cd8815ae2135fe514a2ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxDispD3D\VBoxDispD3D.pdb

Imports

psapi

GetModuleInformation

kernel32

GetLastError
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetSystemDirectoryA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
WriteFile
GetCommandLineW
CloseHandle
RaiseException
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetEnvironmentVariableW
GetSystemTime
GetTickCount
SystemTimeToFileTime
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
GetStdHandle
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind

user32

GetCursorPos
EnumDisplayDevicesW

gdi32

CreateDCW
DeleteDC

ntdll

RtlGetNtProductType
NtProtectVirtualMemory
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxGL.dll
.dll windows:6 windows x86 arch:x86

57d7b966d88dc2186a1affa965ffdae9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxGL\VBoxGL.pdb

Imports

kernel32

GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
SetErrorMode
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
TlsFree
SetThreadPriority
SetLastError
RtlUnwind
GetLastError
GetTickCount
GetSystemDirectoryA
LoadLibraryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
Thread32First
Thread32Next
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessorNumber
SetThreadAffinityMask
InitOnceExecuteOnce
GetModuleFileNameA
SleepConditionVariableCS
HeapAlloc
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetSystemTimeAsFileTime
GetProcessTimes
VirtualFree
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapFree
HeapReAlloc
VirtualAlloc
SetFilePointer
SetFileAttributesW
SetEndOfFile
ReadFile
GetACP
WideCharToMultiByte
GetFileType
GetConsoleMode

user32

LoadIconA
LoadCursorA
AdjustWindowRectEx
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
GetWindowRect
WindowFromDC
EnumDisplayDevicesA
EnumDisplaySettingsA
UnhookWindowsHookEx
GetDC
ReleaseDC
GetClientRect
SetWindowsHookExA
CallNextHookEx
ClientToScreen

gdi32

SetPixelFormat
GetPixelFormat
DescribePixelFormat
DeleteDC
CreateDCA
GetGlyphOutlineA

ntdll

NtProtectVirtualMemory
RtlFreeUnicodeString
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtQueryDirectoryObject

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
_glActiveShaderProgram@8
_glActiveTexture@4
_glActiveTextureARB@4
_glAlphaFuncx@8
_glAreTexturesResidentEXT@12
_glArrayElementEXT@4
_glAttachObjectARB@8
_glAttachShader@8
_glBeginConditionalRender@8
_glBeginConditionalRenderNV@8
_glBeginQuery@8
_glBeginQueryARB@8
_glBeginQueryIndexed@12
_glBeginTransformFeedback@4
_glBindAttribLocation@12
_glBindAttribLocationARB@12
_glBindBuffer@8
_glBindBufferARB@8
_glBindBufferBase@12
_glBindBufferRange@20
_glBindBuffersBase@16
_glBindBuffersRange@24
_glBindFragDataLocation@12
_glBindFragDataLocationEXT@12
_glBindFragDataLocationIndexed@16
_glBindFramebuffer@8
_glBindFramebufferEXT@8
_glBindImageTexture@28
_glBindImageTextures@12
_glBindProgramARB@8
_glBindProgramPipeline@4
_glBindRenderbuffer@8
_glBindRenderbufferEXT@8
_glBindSampler@8
_glBindSamplers@12
_glBindTextureEXT@8
_glBindTextures@12
_glBindTransformFeedback@8
_glBindVertexArray@4
_glBindVertexBuffer@16
_glBindVertexBuffers@20
_glBlendBarrier@0
_glBlendColor@16
_glBlendColorEXT@16
_glBlendEquation@4
_glBlendEquationEXT@4
_glBlendEquationSeparate@8
_glBlendEquationSeparatei@12
_glBlendEquationSeparateiARB@12
_glBlendEquationi@8
_glBlendEquationiARB@8
_glBlendFuncSeparate@16
_glBlendFuncSeparateEXT@16
_glBlendFuncSeparatei@20
_glBlendFuncSeparateiARB@20
_glBlendFunci@12
_glBlendFunciARB@12
_glBlitFramebuffer@40
_glBufferData@16
_glBufferDataARB@16
_glBufferStorage@16
_glBufferSubData@16
_glBufferSubDataARB@16
_glCheckFramebufferStatus@4
_glCheckFramebufferStatusEXT@4
_glClampColor@8
_glClampColorARB@8
_glClearBufferData@20
_glClearBufferSubData@28
_glClearBufferfi@16
_glClearBufferfv@12
_glClearBufferiv@12
_glClearBufferuiv@12
_glClearColorIiEXT@16
_glClearColorIuiEXT@16
_glClearColorx@16
_glClearDepthf@4
_glClearDepthx@4
_glClearTexImage@20
_glClearTexSubImage@44
_glClientActiveTexture@4
_glClientActiveTextureARB@4
_glClientWaitSync@16
_glClipPlanef@8
_glClipPlanex@8
_glColor4x@16
_glColorMaskIndexedEXT@20
_glColorMaski@20
_glColorP3ui@8
_glColorP3uiv@8
_glColorP4ui@8
_glColorP4uiv@8
_glColorPointerEXT@20
_glColorSubTable@24
_glColorTable@24
_glColorTableParameterfv@12
_glColorTableParameteriv@12
_glCompileShader@4
_glCompileShaderARB@4
_glCompressedTexImage1D@28
_glCompressedTexImage1DARB@28
_glCompressedTexImage2D@32
_glCompressedTexImage2DARB@32
_glCompressedTexImage3D@36
_glCompressedTexImage3DARB@36
_glCompressedTexSubImage1D@28
_glCompressedTexSubImage1DARB@28
_glCompressedTexSubImage2D@36
_glCompressedTexSubImage2DARB@36
_glCompressedTexSubImage3D@44
_glCompressedTexSubImage3DARB@44
_glConvolutionFilter1D@24
_glConvolutionFilter2D@28
_glConvolutionParameterf@12
_glConvolutionParameterfv@12
_glConvolutionParameteri@12
_glConvolutionParameteriv@12
_glCopyBufferSubData@20
_glCopyColorSubTable@20
_glCopyColorTable@20
_glCopyConvolutionFilter1D@20
_glCopyConvolutionFilter2D@24
_glCopyImageSubData@60
_glCopyTexSubImage3D@36
_glCopyTexSubImage3DEXT@36
_glCreateProgram@0
_glCreateProgramObjectARB@0
_glCreateShader@4
_glCreateShaderObjectARB@4
_glCreateShaderProgramv@12
_glDebugMessageCallback@8
_glDebugMessageCallbackARB@8
_glDebugMessageControl@24
_glDebugMessageControlARB@24
_glDebugMessageInsert@24
_glDebugMessageInsertARB@24
_glDeleteBuffers@8
_glDeleteBuffersARB@8
_glDeleteFramebuffers@8
_glDeleteFramebuffersEXT@8
_glDeleteObjectARB@4
_glDeleteProgram@4
_glDeleteProgramPipelines@8
_glDeleteProgramsARB@8
_glDeleteQueries@8
_glDeleteQueriesARB@8
_glDeleteRenderbuffers@8
_glDeleteRenderbuffersEXT@8
_glDeleteSamplers@8
_glDeleteShader@4
_glDeleteSync@4
_glDeleteTexturesEXT@8
_glDeleteTransformFeedbacks@8
_glDeleteVertexArrays@8
_glDepthRangeArrayv@12
_glDepthRangeIndexed@20
_glDepthRangef@8
_glDepthRangex@8
_glDetachObjectARB@8
_glDetachShader@8
_glDisableIndexedEXT@8
_glDisableVertexAttribArray@4
_glDisableVertexAttribArrayARB@4
_glDisablei@8
_glDispatchCompute@12
_glDispatchComputeIndirect@4
_glDrawArraysEXT@12
_glDrawArraysIndirect@8
_glDrawArraysInstanced@16
_glDrawArraysInstancedARB@16
_glDrawArraysInstancedBaseInstance@20
_glDrawArraysInstancedEXT@16
_glDrawBuffers@8
_glDrawBuffersARB@8
_glDrawBuffersATI@8
_glDrawElementsBaseVertex@20
_glDrawElementsIndirect@12
_glDrawElementsInstanced@20
_glDrawElementsInstancedARB@20
_glDrawElementsInstancedBaseInstance@24
_glDrawElementsInstancedBaseVertex@24
_glDrawElementsInstancedBaseVertexBaseInstance@28
_glDrawElementsInstancedEXT@20
_glDrawRangeElements@24
_glDrawRangeElementsBaseVertex@28
_glDrawRangeElementsEXT@24
_glDrawTransformFeedback@8
_glDrawTransformFeedbackInstanced@12
_glDrawTransformFeedbackStream@12
_glDrawTransformFeedbackStreamInstanced@16
_glEdgeFlagPointerEXT@12
_glEnableIndexedEXT@8
_glEnableVertexAttribArray@4
_glEnableVertexAttribArrayARB@4
_glEnablei@8
_glEndConditionalRender@0
_glEndConditionalRenderNV@0
_glEndQuery@4
_glEndQueryARB@4
_glEndQueryIndexed@8
_glEndTransformFeedback@0
_glFenceSync@8
_glFlushMappedBufferRange@12
_glFogCoordPointer@12
_glFogCoordPointerEXT@12
_glFogCoordd@8
_glFogCoorddEXT@8
_glFogCoorddv@4
_glFogCoorddvEXT@4
_glFogCoordf@4
_glFogCoordfEXT@4
_glFogCoordfv@4
_glFogCoordfvEXT@4
_glFogx@8
_glFogxv@8
_glFramebufferParameteri@12
_glFramebufferRenderbuffer@16
_glFramebufferRenderbufferEXT@16
_glFramebufferTexture1D@20
_glFramebufferTexture1DEXT@20
_glFramebufferTexture2D@20
_glFramebufferTexture2DEXT@20
_glFramebufferTexture3D@24
_glFramebufferTexture3DEXT@24
_glFramebufferTexture@16
_glFramebufferTextureLayer@20
_glFramebufferTextureLayerEXT@20
_glFrustumf@24
_glFrustumx@24
_glGenBuffers@8
_glGenBuffersARB@8
_glGenFramebuffers@8
_glGenFramebuffersEXT@8
_glGenProgramPipelines@8
_glGenProgramsARB@8
_glGenQueries@8
_glGenQueriesARB@8
_glGenRenderbuffers@8
_glGenRenderbuffersEXT@8
_glGenSamplers@8
_glGenTexturesEXT@8
_glGenTransformFeedbacks@8
_glGenVertexArrays@8
_glGenerateMipmap@4
_glGenerateMipmapEXT@4
_glGetActiveAtomicCounterBufferiv@16
_glGetActiveAttrib@28
_glGetActiveAttribARB@28
_glGetActiveUniform@28
_glGetActiveUniformARB@28
_glGetActiveUniformBlockName@20
_glGetActiveUniformBlockiv@16
_glGetActiveUniformName@20
_glGetActiveUniformsiv@20
_glGetAttachedObjectsARB@16
_glGetAttachedShaders@16
_glGetAttribLocation@8
_glGetAttribLocationARB@8
_glGetBooleanIndexedvEXT@12
_glGetBooleani_v@12
_glGetBufferParameteri64v@12
_glGetBufferParameteriv@12
_glGetBufferParameterivARB@12
_glGetBufferPointerv@12
_glGetBufferPointervARB@12
_glGetBufferSubData@16
_glGetBufferSubDataARB@16
_glGetClipPlanef@8
_glGetClipPlanex@8
_glGetColorTable@16
_glGetColorTableParameterfv@12
_glGetColorTableParameteriv@12
_glGetCompressedTexImage@12
_glGetCompressedTexImageARB@12
_glGetConvolutionFilter@16
_glGetConvolutionParameterfv@12
_glGetConvolutionParameteriv@12
_glGetDebugMessageLog@32
_glGetDebugMessageLogARB@32
_glGetDoublei_v@12
_glGetFixedv@8
_glGetFloati_v@12
_glGetFragDataIndex@8
_glGetFragDataLocation@8
_glGetFragDataLocationEXT@8
_glGetFramebufferAttachmentParameteriv@16
_glGetFramebufferAttachmentParameterivEXT@16
_glGetFramebufferParameteriv@12
_glGetGraphicsResetStatus@0
_glGetGraphicsResetStatusARB@0
_glGetHandleARB@4
_glGetHistogram@20
_glGetHistogramParameterfv@12
_glGetHistogramParameteriv@12
_glGetInfoLogARB@16
_glGetInteger64i_v@12
_glGetInteger64v@8
_glGetIntegerIndexedvEXT@12
_glGetIntegeri_v@12
_glGetLightxv@12
_glGetMaterialxv@12
_glGetMinmax@20
_glGetMinmaxParameterfv@12
_glGetMinmaxParameteriv@12
_glGetMultisamplefv@12
_glGetObjectLabel@20
_glGetObjectParameterfvARB@12
_glGetObjectParameterivARB@12
_glGetObjectPtrLabel@16
_glGetPointervEXT@8
_glGetProgramBinary@20
_glGetProgramEnvParameterdvARB@12
_glGetProgramEnvParameterfvARB@12
_glGetProgramInfoLog@16
_glGetProgramInterfaceiv@16
_glGetProgramLocalParameterdvARB@12
_glGetProgramLocalParameterfvARB@12
_glGetProgramPipelineInfoLog@16
_glGetProgramPipelineiv@12
_glGetProgramResourceIndex@12
_glGetProgramResourceLocation@12
_glGetProgramResourceName@24
_glGetProgramResourceiv@32
_glGetProgramStringARB@12
_glGetProgramiv@12
_glGetProgramivARB@12
_glGetQueryIndexediv@16
_glGetQueryObjectiv@12
_glGetQueryObjectivARB@12
_glGetQueryObjectuiv@12
_glGetQueryObjectuivARB@12
_glGetQueryiv@12
_glGetQueryivARB@12
_glGetRenderbufferParameteriv@12
_glGetRenderbufferParameterivEXT@12
_glGetSamplerParameterIiv@12
_glGetSamplerParameterIuiv@12
_glGetSamplerParameterfv@12
_glGetSamplerParameteriv@12
_glGetSeparableFilter@24
_glGetShaderInfoLog@16
_glGetShaderPrecisionFormat@16
_glGetShaderSource@16
_glGetShaderSourceARB@16
_glGetShaderiv@12
_glGetStringi@8
_glGetSynciv@20
_glGetTexEnvxv@12
_glGetTexParameterIiv@12
_glGetTexParameterIivEXT@12
_glGetTexParameterIuiv@12
_glGetTexParameterIuivEXT@12
_glGetTexParameterxv@12
_glGetTransformFeedbackVarying@28
_glGetUniformBlockIndex@8
_glGetUniformIndices@16
_glGetUniformLocation@8
_glGetUniformLocationARB@8
_glGetUniformfv@12
_glGetUniformfvARB@12
_glGetUniformiv@12
_glGetUniformivARB@12
_glGetUniformuiv@12
_glGetUniformuivEXT@12
_glGetVertexAttribIiv@12
_glGetVertexAttribIivEXT@12
_glGetVertexAttribIuiv@12
_glGetVertexAttribIuivEXT@12
_glGetVertexAttribPointerv@12
_glGetVertexAttribPointervARB@12
_glGetVertexAttribdv@12
_glGetVertexAttribdvARB@12
_glGetVertexAttribfv@12
_glGetVertexAttribfvARB@12
_glGetVertexAttribiv@12
_glGetVertexAttribivARB@12
_glGetnColorTableARB@20
_glGetnCompressedTexImageARB@16
_glGetnConvolutionFilterARB@20
_glGetnHistogramARB@24
_glGetnMapdvARB@16
_glGetnMapfvARB@16
_glGetnMapivARB@16
_glGetnMinmaxARB@24
_glGetnPixelMapfvARB@12
_glGetnPixelMapuivARB@12
_glGetnPixelMapusvARB@12
_glGetnPolygonStippleARB@8
_glGetnSeparableFilterARB@32
_glGetnTexImageARB@24
_glGetnUniformdvARB@16
_glGetnUniformfv@16
_glGetnUniformfvARB@16
_glGetnUniformiv@16
_glGetnUniformivARB@16
_glGetnUniformuiv@16
_glGetnUniformuivARB@16
_glHistogram@16
_glIndexPointerEXT@16
_glInvalidateBufferData@4
_glInvalidateBufferSubData@12
_glInvalidateFramebuffer@12
_glInvalidateSubFramebuffer@28
_glInvalidateTexImage@8
_glInvalidateTexSubImage@32
_glIsBuffer@4
_glIsBufferARB@4
_glIsEnabledIndexedEXT@8
_glIsEnabledi@8
_glIsFramebuffer@4
_glIsFramebufferEXT@4
_glIsProgram@4
_glIsProgramARB@4
_glIsProgramPipeline@4
_glIsQuery@4
_glIsQueryARB@4
_glIsRenderbuffer@4
_glIsRenderbufferEXT@4
_glIsSampler@4
_glIsShader@4
_glIsSync@4
_glIsTextureEXT@4
_glIsTransformFeedback@4
_glIsVertexArray@4
_glLightModelx@8
_glLightModelxv@8
_glLightx@12
_glLightxv@12
_glLineWidthx@4
_glLinkProgram@4
_glLinkProgramARB@4
_glLoadMatrixx@4
_glLoadTransposeMatrixd@4
_glLoadTransposeMatrixdARB@4
_glLoadTransposeMatrixf@4
_glLoadTransposeMatrixfARB@4
_glLockArraysEXT@8
_glMapBuffer@8
_glMapBufferARB@8
_glMapBufferRange@16
_glMaterialx@12
_glMaterialxv@12
_glMemoryBarrier@4
_glMemoryBarrierByRegion@4
_glMinSampleShading@4
_glMinSampleShadingARB@4
_glMinmax@12
_glMultMatrixx@4
_glMultTransposeMatrixd@4
_glMultTransposeMatrixdARB@4
_glMultTransposeMatrixf@4
_glMultTransposeMatrixfARB@4
_glMultiDrawArrays@16
_glMultiDrawArraysEXT@16
_glMultiDrawArraysIndirect@16
_glMultiDrawElements@20
_glMultiDrawElementsBaseVertex@24
_glMultiDrawElementsEXT@20
_glMultiDrawElementsIndirect@20
_glMultiTexCoord1d@12
_glMultiTexCoord1dARB@12
_glMultiTexCoord1dv@8
_glMultiTexCoord1dvARB@8
_glMultiTexCoord1f@8
_glMultiTexCoord1fARB@8
_glMultiTexCoord1fv@8
_glMultiTexCoord1fvARB@8
_glMultiTexCoord1i@8
_glMultiTexCoord1iARB@8
_glMultiTexCoord1iv@8
_glMultiTexCoord1ivARB@8
_glMultiTexCoord1s@8
_glMultiTexCoord1sARB@8
_glMultiTexCoord1sv@8
_glMultiTexCoord1svARB@8
_glMultiTexCoord2d@20
_glMultiTexCoord2dARB@20
_glMultiTexCoord2dv@8
_glMultiTexCoord2dvARB@8
_glMultiTexCoord2f@12
_glMultiTexCoord2fARB@12

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxNine.dll
.dll windows:6 windows x86 arch:x86

b650ef5c2983e9fcdf52c54df0131d44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxNine\VBoxNine.pdb

Imports

kernel32

DeleteCriticalSection
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
TerminateProcess
GetLastError
GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
LeaveCriticalSection
FreeLibrary
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
TlsFree
SetThreadPriority
SetLastError
RtlUnwind
GetTickCount
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
VirtualAlloc
EnterCriticalSection
GetSystemDirectoryW
InitializeCriticalSection
GetConsoleWindow
OutputDebugStringA
IsDebuggerPresent
SetThreadAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
InitOnceExecuteOnce
GetSystemTimeAsFileTime
GetSystemInfo
GetProcessTimes
GetFileType
GetConsoleMode
WideCharToMultiByte
GetACP
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
VirtualFree

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtResetEvent
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryDirectoryFile
NtCreateFile
NtSetEvent
NtCreateEvent
NtWaitForSingleObject
NtClose
RtlFreeUnicodeString
NtProtectVirtualMemory

Exports

Exports

GaNineD3DAdapter9Create
GaNinePipeContextFromDevice
GaNinePipeResourceFromSurface
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabs
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2f
nocrt_lrint
nocrt_lrintf
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxSVGA.dll
.dll windows:6 windows x86 arch:x86

aca5580ddf789fb7b4e85cdee28ec9c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxSVGA\VBoxSVGA.pdb

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetStdHandle
GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
GetVersion
WideCharToMultiByte
GetACP
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
GetCurrentThread
GetCurrentThreadId
TlsAlloc
InitializeConditionVariable
TlsSetValue
GetModuleHandleA
GetProcAddress
Sleep
GetModuleHandleW
TlsFree
GetTickCount
GetCurrentProcessId
RtlUnwind
VirtualAlloc
VirtualFree
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
EnterCriticalSection
LeaveCriticalSection
WakeAllConditionVariable
SleepConditionVariableCS
SetThreadAffinityMask
DeleteCriticalSection
TlsGetValue
InitializeCriticalSection
InitOnceExecuteOnce
QueryPerformanceFrequency
QueryPerformanceCounter
GetCommandLineA

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtCreateEvent
NtSetEvent
NtProtectVirtualMemory
NtQueryVolumeInformationFile
NtClose
NtWaitForSingleObject

Exports

Exports

GaDrvContextFlush
GaDrvGetContextId
GaDrvGetSurfaceId
GaDrvGetWDDMEnv
GaDrvScreenCreate
GaDrvScreenDestroy
nocrt_atan2f
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabs
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2
nocrt_log2f
nocrt_logf
nocrt_lrint
nocrt_lrintf
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 823KB - Virtual size: 823KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxWddm.cat
$0/VBoxWddm/VBoxWddm.inf
$0/VBoxWddm/VBoxWddm.sys
.sys windows:6 windows x86 arch:x86

aae9599db86979d8e0c0dba62738f58e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxWddm\VBoxWddm.pdb

Imports

ntoskrnl.exe

memcpy
memset
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
_except_handler3
KeSetEvent
ObReferenceObjectByHandle
ObfDereferenceObject
ExEventObjectType
RtlInitializeBitMap
RtlClearBits
KeInitializeDpc
KeInitializeEvent
KeDelayExecutionThread
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeQuerySystemTime
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
PsCreateSystemThread
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetValueKey
_alldiv
_allmul
_allrem
_aulldiv
KeWaitForSingleObject
DbgPrint
ZwClose
IoOpenDeviceRegistryKey
IoGetDeviceProperty
PsGetVersion
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCallDriver
IoAllocateMdl
ZwLoadDriver
IoGetDeviceObjectPointer
ZwUnloadDriver
IoFreeMdl
RtlGetVersion
IoBuildDeviceIoControlRequest
strchr
KeGetCurrentThread
ZwYieldExecution
KeQueryTimeIncrement
KeQueryTickCount
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
PsGetCurrentProcessId
MmIsAddressValid
KeNumberProcessors
MmBuildMdlForNonPagedPool
MmMapLockedPages
IoBuildPartialMdl
ZwQuerySystemInformation
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetPriorityThread
KeResetEvent
KeBugCheckEx
RtlUnwind
KeInitializeSpinLock
RtlInitUnicodeString

hal

KfRaiseIrql
KfLowerIrql
KfReleaseSpinLock
KeGetCurrentIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfAcquireSpinLock

Exports

Exports

?CrSaAdd@@YAHPAUCR_SORTARRAY@@_K@Z
?CrSaCleanup@@YAXPAUCR_SORTARRAY@@@Z
?CrSaClone@@YAHPBUCR_SORTARRAY@@PAU1@@Z
?CrSaCmp@@YAHPBUCR_SORTARRAY@@0@Z
?CrSaContains@@YA_NPBUCR_SORTARRAY@@_K@Z
?CrSaCovers@@YA_NPBUCR_SORTARRAY@@0@Z
?CrSaInit@@YAHPAUCR_SORTARRAY@@I@Z
?CrSaIntersect@@YAXPAUCR_SORTARRAY@@PBU1@@Z
?CrSaIntersected@@YAHPAUCR_SORTARRAY@@PBU1@0@Z
?CrSaRemove@@YAHPAUCR_SORTARRAY@@_K@Z
?CrSaUnited@@YAHPBUCR_SORTARRAY@@0PAU1@@Z
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTAvlU32Destroy
RTAvlU32DoWithAll
RTAvlU32Get
RTAvlU32GetBestFit
RTAvlU32Insert
RTAvlU32Remove
RTAvlU32RemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memmove

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/vboxwddm.cat
$0/license.rtf
.rtf
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0
.dll windows:5 windows x86 arch:x86

4a967e911fe447bf09ae7f26caed745a

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:19:05:3d:37:27:f9:fb:5f:56:5e:1e:e5:e0:a7:29:cb:43:59:6c:a3:d3:56:ad:51:c4:23:f8:a0:c5:f9:03
Signer

Actual PE Digest

00:19:05:3d:37:27:f9:fb:5f:56:5e:1e:e5:e0:a7:29:cb:43:59:6c:a3:d3:56:ad:51:c4:23:f8:a0:c5:f9:03

Digest Algorithm

sha256

PE Digest Matches

true

cb:39:83:cf:34:bc:61:d1:87:0c:0e:7e:7a:f6:7e:e5:64:68:25:1c
Signer

Actual PE Digest

cb:39:83:cf:34:bc:61:d1:87:0c:0e:7e:7a:f6:7e:e5:64:68:25:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxHook\VBoxHook.pdb

Imports

kernel32

SetEvent
OpenEventA
GetCurrentProcess
TerminateProcess
GetLastError
GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
RtlUnwind

user32

SetWinEventHook
UnhookWinEvent
GetWindowLongA

ole32

CoUninitialize
CoInitialize

ntdll

NtProtectVirtualMemory

Exports

Exports

VBoxHookInstallActiveDesktopTracker
VBoxHookInstallWindowTracker
VBoxHookRemoveActiveDesktopTracker
VBoxHookRemoveWindowTracker
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBoxControl.exe
.exe windows:1 windows x86 arch:x86

c070f49e423addd5a8f7d84fc4b72de8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxControl\VBoxControl.pdb

Imports

kernel32

GetFileType
GetLastError
GetConsoleMode
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
DuplicateHandle
SetLastError
DeviceIoControl
GetCurrentProcess
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
MoveFileExW
TerminateProcess
GetCurrentProcessId
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetTickCount
GetTimeZoneInformation
SetThreadPriority
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetNamedPipeInfo
CreateDirectoryW
VirtualAlloc
VirtualFree
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
CreateFileA
PeekNamedPipe
GetOverlappedResult
ResetEvent
CreateEventA
GetNamedPipeHandleStateA
RtlUnwind
GetStdHandle
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
GetCommandLineW
GetModuleHandleA

user32

EnumDisplayDevicesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegOpenKeyExW

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile
NtQueryObject
NtTerminateProcess
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtQueryDirectoryFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtProtectVirtualMemory
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtCancelIoFile

Exports

Exports

g_abRTZero16K
g_abRTZero32K
g_abRTZero4K
g_abRTZero64K
g_abRTZero8K
g_abRTZeroPage
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBoxDisp.dll
.dll windows:6 windows x86 arch:x86

7d169efd38bae25431ee9dc7d4dd657e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxDisp\VBoxDisp.pdb

Imports

win32k.sys

EngCreateBitmap
EngCreateDeviceSurface
EngDeleteSurface
EngLockSurface
EngUnlockSurface
EngAssociateSurface
EngAllocMem
EngFreeMem
EngDeviceIoControl
EngCopyBits
PALOBJ_cGetColors
EngCreatePalette
EngDeletePalette
PATHOBJ_vGetBounds
EngBitBlt
EngLineTo
EngStretchBlt
EngTextOut
EngStrokePath
EngFillPath
EngPaint
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
PATHOBJ_vEnumStart
PATHOBJ_bEnum
FONTOBJ_vGetInfo
STROBJ_vEnumStart
STROBJ_bEnum

Exports

Exports

ASMAtomicCmpXchgU8
RTCrc64
RTCrc64Finish
RTCrc64Process
RTCrc64Start
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogFormatV
RTLogWriteUser
RTStrCopy
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
memcpy
memmove
memset

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBoxHook.dll
.dll windows:5 windows x86 arch:x86

4a967e911fe447bf09ae7f26caed745a

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:19:05:3d:37:27:f9:fb:5f:56:5e:1e:e5:e0:a7:29:cb:43:59:6c:a3:d3:56:ad:51:c4:23:f8:a0:c5:f9:03
Signer

Actual PE Digest

00:19:05:3d:37:27:f9:fb:5f:56:5e:1e:e5:e0:a7:29:cb:43:59:6c:a3:d3:56:ad:51:c4:23:f8:a0:c5:f9:03

Digest Algorithm

sha256

PE Digest Matches

true

cb:39:83:cf:34:bc:61:d1:87:0c:0e:7e:7a:f6:7e:e5:64:68:25:1c
Signer

Actual PE Digest

cb:39:83:cf:34:bc:61:d1:87:0c:0e:7e:7a:f6:7e:e5:64:68:25:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxHook\VBoxHook.pdb

Imports

kernel32

SetEvent
OpenEventA
GetCurrentProcess
TerminateProcess
GetLastError
GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
RtlUnwind

user32

SetWinEventHook
UnhookWinEvent
GetWindowLongA

ole32

CoUninitialize
CoInitialize

ntdll

NtProtectVirtualMemory

Exports

Exports

VBoxHookInstallActiveDesktopTracker
VBoxHookInstallWindowTracker
VBoxHookRemoveActiveDesktopTracker
VBoxHookRemoveWindowTracker
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBoxService.exe
.exe windows:1 windows x86 arch:x86

2750b8884e9fac16bee220471572a25b

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:6c:a9:f5:83:4f:75:e9:b9:30:1b:a9:f2:04:f8:80:35:82:8b:4f:f6:3d:3f:d2:22:7b:df:55:7d:a2:e0:12
Signer

Actual PE Digest

b4:6c:a9:f5:83:4f:75:e9:b9:30:1b:a9:f2:04:f8:80:35:82:8b:4f:f6:3d:3f:d2:22:7b:df:55:7d:a2:e0:12

Digest Algorithm

sha256

PE Digest Matches

true

ce:d8:18:ec:31:50:40:6a:ee:7a:22:ef:0d:e6:ae:27:43:38:67:4a
Signer

Actual PE Digest

ce:d8:18:ec:31:50:40:6a:ee:7a:22:ef:0d:e6:ae:27:43:38:67:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetFileType
CreateFileA
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetStdHandle
SetEvent
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
CreateEventW
RtlUnwind
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
LocalFree
GetModuleFileNameA
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
GetConsoleMode
MoveFileExW

user32

GetUserObjectSecurity
SetUserObjectSecurity
GetProcessWindowStation
SetProcessWindowStation
OpenWindowStationA
OpenDesktopA
CloseDesktop

advapi32

GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountSidA
IsValidSid
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtResetEvent
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtQueryObject
NtOpenDirectoryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlGetNtProductType
RtlFreeUnicodeString
NtTerminateProcess
NtOpenProcess
NtProtectVirtualMemory

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBoxTray.exe
.exe windows:1 windows x86 arch:x86

23da4e1b0676646043e2b75888050b54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxTray\VBoxTray.pdb

Imports

kernel32

SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
RaiseException
GetCurrentProcess
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateFileW
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
LocalAlloc
LocalFree
GetStdHandle
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetModuleFileNameW
GetSystemDirectoryW
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetFileType
GetConsoleMode
GetCommandLineW
OutputDebugStringA
DeleteFileW
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
CreateFileA
RtlUnwind
CreateDirectoryW
GetSystemTime
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
SetEnvironmentVariableW
SetLastError
lstrlenW
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalAlloc
GetCurrentThreadId
GetTickCount
GetProcAddress
GetModuleHandleA
CreateThread
RemoveDirectoryW
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersion
InitializeCriticalSection
GetModuleHandleW
SetThreadPriority
GetCurrentThread
CreateEventA
CreateMutexA
SetEvent
GetLastError
SetErrorMode
CloseHandle

user32

MessageBoxW
ShowCursor
WindowFromPoint
GetWindowThreadProcessId
SetWindowPos
GetClipboardOwner
SetClipboardData
GetClipboardData
RegisterClipboardFormatA
SendMessageTimeoutA
SendMessageCallbackA
OpenClipboard
CloseClipboard
SetClipboardViewer
GetClipboardViewer
ChangeClipboardChain
EnumClipboardFormats
GetClipboardFormatNameA
EmptyClipboard
TrackMouseEvent
ShowWindow
GetSystemMetrics
ClientToScreen
SetWindowLongA
GetClipboardFormatNameW
AttachThreadInput
EnumWindows
EnumDisplayDevicesA
GetWindowRect
GetWindowTextA
GetWindowRgn
EnumDisplaySettingsA
ReleaseDC
GetDC
GetClassInfoExA
PostQuitMessage
PostThreadMessageA
GetMessageA
DestroyIcon
LoadIconA
LoadCursorA
FindWindowExA
GetDesktopWindow
GetCursorPos
MessageBoxA
SetForegroundWindow
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostMessageA
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
RegisterWindowMessageA
ChangeDisplaySettingsA
SystemParametersInfoA
GetWindowLongA
GetClassNameA
FindWindowA

gdi32

DeleteDC
CreateDCA
CreateSolidBrush
SetRectRgn
OffsetRgn
GetRegionData
DeleteObject
CreateRectRgn
ExtEscape
CombineRgn

advapi32

RegSetValueExW
GetUserNameW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegCloseKey
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
InitializeAcl

shell32

Shell_NotifyIconA
DragQueryFileA
DragQueryFileW

ole32

ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
DoDragDrop
CoLockObjectExternal
RegisterDragDrop
OleUninitialize
RevokeDragDrop
OleInitialize

ntdll

NtProtectVirtualMemory
NtOpenProcess
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryDirectoryFile
NtTerminateProcess
NtCancelIoFile
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
NtQueryInformationProcess
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
RtlGetNtProductType
RtlFreeUnicodeString
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/drivers/VBoxGuest.sys
.sys windows:6 windows x86 arch:x86

87f400735742d99e416c11acd9ff13ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxGuest\VBoxGuest.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoDisconnectInterrupt
ZwClose
ZwQueryInformationToken
ZwOpenProcessToken
KeGetCurrentThread
KeDelayExecutionThread
KeInitializeTimer
KeSetTimer
IoGetCurrentProcess
MmIsAddressValid
KeInitializeEvent
KeRemoveQueueDpc
KeNumberProcessors
KeResetEvent
KeCancelTimer
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
RtlUnwind
KeInsertQueueDpc
KeInitializeDpc
RtlInitUnicodeString
DbgPrint
RtlQueryRegistryValues

hal

HalTranslateBusAddress
HalGetInterruptVector
KeGetCurrentIrql
HalGetBusData

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTCritSectRwDelete
RTCritSectRwEnterExcl
RTCritSectRwEnterExclDebug
RTCritSectRwEnterShared
RTCritSectRwEnterSharedDebug
RTCritSectRwGetReadCount
RTCritSectRwGetWriteRecursion
RTCritSectRwGetWriterReadRecursion
RTCritSectRwInit
RTCritSectRwInitEx
RTCritSectRwIsReadOwner
RTCritSectRwIsWriteOwner
RTCritSectRwLeaveExcl
RTCritSectRwLeaveShared
RTCritSectRwSetSubClass
RTCritSectRwTryEnterExcl
RTCritSectRwTryEnterExclDebug
RTCritSectRwTryEnterShared
RTCritSectRwTryEnterSharedDebug
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNCmp
RTStrNICmpAscii
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreateEx
RTTimerDestroy
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16ICmpAscii
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/drivers/VBoxMouseNT.sys
.sys windows:6 windows x86 arch:x86

992a51222357af9cfb8733c614830fab

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:fd:e3:80:af:73:91:25:3c:82:94:55:7e:40:ca:ff:6c:f0:05:9f:c8:76:0a:5d:8f:fa:33:c5:d6:eb:5d:c4
Signer

Actual PE Digest

9a:fd:e3:80:af:73:91:25:3c:82:94:55:7e:40:ca:ff:6c:f0:05:9f:c8:76:0a:5d:8f:fa:33:c5:d6:eb:5d:c4

Digest Algorithm

sha256

PE Digest Matches

true

e5:03:7a:1f:0b:b1:d8:89:95:27:12:ac:ef:60:fe:5b:b0:8b:3c:c1
Signer

Actual PE Digest

e5:03:7a:1f:0b:b1:d8:89:95:27:12:ac:ef:60:fe:5b:b0:8b:3c:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxMouseNT\VBoxMouseNT.pdb

Imports

ntoskrnl.exe

RtlAppendUnicodeToString
RtlFreeAnsiString
KeInitializeDpc
KeInsertQueueDpc
KeSynchronizeExecution
KeInitializeTimer
KeCancelTimer
KeSetTimer
KeInitializeSpinLock
KeQueryTimeIncrement
ExAllocatePool
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoAcquireCancelSpinLock
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDisconnectInterrupt
IoReleaseCancelSpinLock
IoStartNextPacket
IoStartPacket
RtlAppendUnicodeStringToString
IoReportResourceUsage
KeGetCurrentThread
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
IoGetCurrentProcess
MmIsAddressValid
DbgPrint
KeNumberProcessors
KeRemoveQueueDpc
KeInitializeEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeQuerySystemTime
KeQueryTickCount
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlUnwind
KeReadStateMutex
RtlCopyUnicodeString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlIntegerToUnicodeString
RtlWriteRegistryValue
RtlQueryRegistryValues
IoQueryDeviceDescription
strstr
KeInitializeMutex
KeReleaseMutex

hal

HalGetBusData
HalTranslateBusAddress
HalGetInterruptVector
KeStallExecutionProcessor
WRITE_PORT_UCHAR
READ_PORT_UCHAR
KeGetCurrentIrql

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/drivers/VBoxVideo.sys
.dll windows:6 windows x86 arch:x86

81519e6db00db4256b7a5a15e29d098d

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:70:76:6b:13:12:96:7e:2d:35:3d:88:16:c5:c6:8f:7a:43:37:c4:ac:b0:35:30:62:d5:21:06:40:06:3f:17
Signer

Actual PE Digest

a9:70:76:6b:13:12:96:7e:2d:35:3d:88:16:c5:c6:8f:7a:43:37:c4:ac:b0:35:30:62:d5:21:06:40:06:3f:17

Digest Algorithm

sha256

PE Digest Matches

true

fe:18:8e:75:6b:be:33:ff:fc:3d:37:4f:11:14:12:e5:85:19:d7:e4
Signer

Actual PE Digest

fe:18:8e:75:6b:be:33:ff:fc:3d:37:4f:11:14:12:e5:85:19:d7:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxVideo\VBoxVideo.pdb

Imports

videoprt.sys

VideoPortGetRegistryParameters
VideoPortMapMemory
VideoPortZeroMemory
VideoPortUnmapMemory
VideoPortWritePortUchar
VideoPortSynchronizeExecution
VideoPortWritePortUlong
VideoPortWritePortUshort
VideoPortSetRegistryParameters
VideoPortReadPortUlong
VideoPortReadPortUshort
VideoPortInitialize
VideoPortMoveMemory
VideoPortGetAccessRanges

ntoskrnl.exe

ObfDereferenceObject
strchr
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
IofCallDriver
DbgPrint
MmIsAddressValid
KeNumberProcessors
IoGetCurrentProcess
PsGetCurrentProcessId
KeGetCurrentThread
KeDelayExecutionThread
ZwYieldExecution
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ZwQuerySystemInformation
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeInitializeSpinLock
RtlUnwind
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
KeInitializeEvent
RtlInitUnicodeString
IoGetDeviceObjectPointer
PsGetVersion
MmGetPhysicalAddress

hal

KfRaiseIrql
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memmove

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 727B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_51_/$0
.exe windows:1 windows x86 arch:x86

2750b8884e9fac16bee220471572a25b

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:6c:a9:f5:83:4f:75:e9:b9:30:1b:a9:f2:04:f8:80:35:82:8b:4f:f6:3d:3f:d2:22:7b:df:55:7d:a2:e0:12
Signer

Actual PE Digest

b4:6c:a9:f5:83:4f:75:e9:b9:30:1b:a9:f2:04:f8:80:35:82:8b:4f:f6:3d:3f:d2:22:7b:df:55:7d:a2:e0:12

Digest Algorithm

sha256

PE Digest Matches

true

ce:d8:18:ec:31:50:40:6a:ee:7a:22:ef:0d:e6:ae:27:43:38:67:4a
Signer

Actual PE Digest

ce:d8:18:ec:31:50:40:6a:ee:7a:22:ef:0d:e6:ae:27:43:38:67:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetFileType
CreateFileA
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetStdHandle
SetEvent
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
CreateEventW
RtlUnwind
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
LocalFree
GetModuleFileNameA
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
GetConsoleMode
MoveFileExW

user32

GetUserObjectSecurity
SetUserObjectSecurity
GetProcessWindowStation
SetProcessWindowStation
OpenWindowStationA
OpenDesktopA
CloseDesktop

advapi32

GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountSidA
IsValidSid
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtResetEvent
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtQueryObject
NtOpenDirectoryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlGetNtProductType
RtlFreeUnicodeString
NtTerminateProcess
NtOpenProcess
NtProtectVirtualMemory

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_51_/VBoxService.exe
.exe windows:1 windows x86 arch:x86

2750b8884e9fac16bee220471572a25b

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:6c:a9:f5:83:4f:75:e9:b9:30:1b:a9:f2:04:f8:80:35:82:8b:4f:f6:3d:3f:d2:22:7b:df:55:7d:a2:e0:12
Signer

Actual PE Digest

b4:6c:a9:f5:83:4f:75:e9:b9:30:1b:a9:f2:04:f8:80:35:82:8b:4f:f6:3d:3f:d2:22:7b:df:55:7d:a2:e0:12

Digest Algorithm

sha256

PE Digest Matches

true

ce:d8:18:ec:31:50:40:6a:ee:7a:22:ef:0d:e6:ae:27:43:38:67:4a
Signer

Actual PE Digest

ce:d8:18:ec:31:50:40:6a:ee:7a:22:ef:0d:e6:ae:27:43:38:67:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
GetFileType
CreateFileA
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetStdHandle
SetEvent
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
CreateEventW
RtlUnwind
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
LocalFree
GetModuleFileNameA
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
GetConsoleMode
MoveFileExW

user32

GetUserObjectSecurity
SetUserObjectSecurity
GetProcessWindowStation
SetProcessWindowStation
OpenWindowStationA
OpenDesktopA
CloseDesktop

advapi32

GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountSidA
IsValidSid
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtResetEvent
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtQueryObject
NtOpenDirectoryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlGetNtProductType
RtlFreeUnicodeString
NtTerminateProcess
NtOpenProcess
NtProtectVirtualMemory

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DIFxAPI.dll
.dll windows:6 windows x86 arch:x86

bced6390751f7df672767c6c60fd16dc

Code Sign

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:15:23:0f:00:00:00:00:00:0a
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 21:57

Not After

07/03/2011, 21:57

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b4:3a:2e:c6:32:74:1f:7f:5a:ac:1d:1e:5f:70:f7:d0:71:69:58:ba
Signer

Actual PE Digest

b4:3a:2e:c6:32:74:1f:7f:5a:ac:1d:1e:5f:70:f7:d0:71:69:58:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

difxapi.pdb

Imports

ntdll

RtlNtStatusToDosError
VerSetConditionMask
RtlUnwind

kernel32

VerifyVersionInfoW
GetVersionExW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
SetFileAttributesW
GetEnvironmentVariableW
CompareStringW
GetFileAttributesW
MoveFileExW
GetTempFileNameW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetSystemWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
GetFullPathNameW
CopyFileW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateDirectoryW
LocalReAlloc
LocalAlloc
GetProcessHeap
ReleaseMutex
DeviceIoControl
WaitForSingleObject
CreateMutexW
GetSystemTimeAsFileTime
Sleep
RaiseException
GetVersionExA
HeapSize
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsGetValue
SetLastError
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
LoadLibraryExA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetThreadLocale
WaitForMultipleObjectsEx
InterlockedCompareExchange
WaitForSingleObjectEx
SetEvent
CreateEventW
SetEndOfFile
InterlockedExchange
lstrcmpiW
GetLastError
InterlockedIncrement
InterlockedDecrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
HeapReAlloc
EnterCriticalSection
HeapAlloc
LeaveCriticalSection
HeapDestroy
GetModuleHandleW
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringA
HeapCreate
InitializeCriticalSection
TlsAlloc
CreateFileA

user32

UnregisterClassA
CharLowerW

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupQueueCopyIndirectW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Query_And_Remove_SubTreeW
SetupDiOpenClassRegKey
SetupGetTargetPathW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupCloseFileQueue
SetupFindFirstLineW
SetupCopyOEMInfW
SetupCloseInfFile
SetupGetLineCountW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupOpenAppendInfFileW
CM_Enumerate_Classes
CM_Setup_DevNode
SetupGetIntField
SetupGetFieldCount
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupGetStringFieldW

advapi32

RegCloseKey
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
QueryServiceStatus
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
FreeSid

ole32

StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

wintrust

WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

crypt32

CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCTLContext

Exports

Exports

DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxControl.exe
.exe windows:1 windows x86 arch:x86

c070f49e423addd5a8f7d84fc4b72de8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxControl\VBoxControl.pdb

Imports

kernel32

GetFileType
GetLastError
GetConsoleMode
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
DuplicateHandle
SetLastError
DeviceIoControl
GetCurrentProcess
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
MoveFileExW
TerminateProcess
GetCurrentProcessId
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetTickCount
GetTimeZoneInformation
SetThreadPriority
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetNamedPipeInfo
CreateDirectoryW
VirtualAlloc
VirtualFree
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
CreateFileA
PeekNamedPipe
GetOverlappedResult
ResetEvent
CreateEventA
GetNamedPipeHandleStateA
RtlUnwind
GetStdHandle
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
GetCommandLineW
GetModuleHandleA

user32

EnumDisplayDevicesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegOpenKeyExW

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile
NtQueryObject
NtTerminateProcess
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtQueryDirectoryFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtProtectVirtualMemory
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtCancelIoFile

Exports

Exports

g_abRTZero16K
g_abRTZero32K
g_abRTZero4K
g_abRTZero64K
g_abRTZero8K
g_abRTZeroPage
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDX.dll
.dll windows:6 windows x86 arch:x86

c25f6cc6ba63993eb756bb9449e2e8c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxDX\VBoxDX.pdb

Imports

kernel32

GetProcessHeap
GetCurrentProcessId
Sleep
GetCurrentThreadId
SetErrorMode
GetVersion
GetModuleHandleW
GetProcAddress
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetCommandLineW
OutputDebugStringA
GetStdHandle
WriteFile
CloseHandle
RaiseException
GetCurrentProcess
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
GetEnvironmentVariableW
SetLastError
GetSystemTime
GetTickCount
SystemTimeToFileTime
CreateFileW
HeapReAlloc
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
TerminateProcess
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind
HeapFree
DeleteFileW
HeapAlloc

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtProtectVirtualMemory
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter10
OpenAdapter10_2
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDisp.dll
.dll windows:6 windows x86 arch:x86

7d169efd38bae25431ee9dc7d4dd657e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxDisp\VBoxDisp.pdb

Imports

win32k.sys

EngCreateBitmap
EngCreateDeviceSurface
EngDeleteSurface
EngLockSurface
EngUnlockSurface
EngAssociateSurface
EngAllocMem
EngFreeMem
EngDeviceIoControl
EngCopyBits
PALOBJ_cGetColors
EngCreatePalette
EngDeletePalette
PATHOBJ_vGetBounds
EngBitBlt
EngLineTo
EngStretchBlt
EngTextOut
EngStrokePath
EngFillPath
EngPaint
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
PATHOBJ_vEnumStart
PATHOBJ_bEnum
FONTOBJ_vGetInfo
STROBJ_vEnumStart
STROBJ_bEnum

Exports

Exports

ASMAtomicCmpXchgU8
RTCrc64
RTCrc64Finish
RTCrc64Process
RTCrc64Start
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogFormatV
RTLogWriteUser
RTStrCopy
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
memcpy
memmove
memset

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDispD3D.dll
.dll windows:6 windows x86 arch:x86

9e8d2160071cd8815ae2135fe514a2ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxDispD3D\VBoxDispD3D.pdb

Imports

psapi

GetModuleInformation

kernel32

GetLastError
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetSystemDirectoryA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
WriteFile
GetCommandLineW
CloseHandle
RaiseException
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetEnvironmentVariableW
GetSystemTime
GetTickCount
SystemTimeToFileTime
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
GetStdHandle
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind

user32

GetCursorPos
EnumDisplayDevicesW

gdi32

CreateDCW
DeleteDC

ntdll

RtlGetNtProductType
NtProtectVirtualMemory
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDrvInst.exe
.exe windows:1 windows x86 arch:x86

ee6cace482f58654405797362644e323

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:50:d0:39:d8:03:ab:e6:79:23:3a:7c:27:fc:e4:22:f0:ae:c5:5e:ac:a0:10:49:a3:dc:f5:93:b2:17:68:13
Signer

Actual PE Digest

19:50:d0:39:d8:03:ab:e6:79:23:3a:7c:27:fc:e4:22:f0:ae:c5:5e:ac:a0:10:49:a3:dc:f5:93:b2:17:68:13

Digest Algorithm

sha256

PE Digest Matches

true

63:95:a4:3c:d2:6b:00:53:c3:b8:86:90:28:9c:6c:98:ec:96:ab:a1
Signer

Actual PE Digest

63:95:a4:3c:d2:6b:00:53:c3:b8:86:90:28:9c:6c:98:ec:96:ab:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxDrvInst\VBoxDrvInst.pdb

Imports

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiInstallDevice
SetupDiSetDeviceInstallParamsW
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiRegisterDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallback
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW

kernel32

RtlUnwind
GetStdHandle
CreateFileW
GetFullPathNameW
WriteFile
CloseHandle
GetLastError
SetLastError
GetSystemTime
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadLibraryW
FormatMessageW
lstrcmpiW
GetConsoleMode
WriteConsoleW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
GetACP
GetCurrentProcess
TerminateProcess
GetVersion

advapi32

UnlockServiceDatabase
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

ntdll

NtTerminateProcess
NtProtectVirtualMemory

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxGL.dll
.dll windows:6 windows x86 arch:x86

57d7b966d88dc2186a1affa965ffdae9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxGL\VBoxGL.pdb

Imports

kernel32

GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
SetErrorMode
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
TlsFree
SetThreadPriority
SetLastError
RtlUnwind
GetLastError
GetTickCount
GetSystemDirectoryA
LoadLibraryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
Thread32First
Thread32Next
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessorNumber
SetThreadAffinityMask
InitOnceExecuteOnce
GetModuleFileNameA
SleepConditionVariableCS
HeapAlloc
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetSystemTimeAsFileTime
GetProcessTimes
VirtualFree
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapFree
HeapReAlloc
VirtualAlloc
SetFilePointer
SetFileAttributesW
SetEndOfFile
ReadFile
GetACP
WideCharToMultiByte
GetFileType
GetConsoleMode

user32

LoadIconA
LoadCursorA
AdjustWindowRectEx
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
GetWindowRect
WindowFromDC
EnumDisplayDevicesA
EnumDisplaySettingsA
UnhookWindowsHookEx
GetDC
ReleaseDC
GetClientRect
SetWindowsHookExA
CallNextHookEx
ClientToScreen

gdi32

SetPixelFormat
GetPixelFormat
DescribePixelFormat
DeleteDC
CreateDCA
GetGlyphOutlineA

ntdll

NtProtectVirtualMemory
RtlFreeUnicodeString
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtQueryDirectoryObject

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
_glActiveShaderProgram@8
_glActiveTexture@4
_glActiveTextureARB@4
_glAlphaFuncx@8
_glAreTexturesResidentEXT@12
_glArrayElementEXT@4
_glAttachObjectARB@8
_glAttachShader@8
_glBeginConditionalRender@8
_glBeginConditionalRenderNV@8
_glBeginQuery@8
_glBeginQueryARB@8
_glBeginQueryIndexed@12
_glBeginTransformFeedback@4
_glBindAttribLocation@12
_glBindAttribLocationARB@12
_glBindBuffer@8
_glBindBufferARB@8
_glBindBufferBase@12
_glBindBufferRange@20
_glBindBuffersBase@16
_glBindBuffersRange@24
_glBindFragDataLocation@12
_glBindFragDataLocationEXT@12
_glBindFragDataLocationIndexed@16
_glBindFramebuffer@8
_glBindFramebufferEXT@8
_glBindImageTexture@28
_glBindImageTextures@12
_glBindProgramARB@8
_glBindProgramPipeline@4
_glBindRenderbuffer@8
_glBindRenderbufferEXT@8
_glBindSampler@8
_glBindSamplers@12
_glBindTextureEXT@8
_glBindTextures@12
_glBindTransformFeedback@8
_glBindVertexArray@4
_glBindVertexBuffer@16
_glBindVertexBuffers@20
_glBlendBarrier@0
_glBlendColor@16
_glBlendColorEXT@16
_glBlendEquation@4
_glBlendEquationEXT@4
_glBlendEquationSeparate@8
_glBlendEquationSeparatei@12
_glBlendEquationSeparateiARB@12
_glBlendEquationi@8
_glBlendEquationiARB@8
_glBlendFuncSeparate@16
_glBlendFuncSeparateEXT@16
_glBlendFuncSeparatei@20
_glBlendFuncSeparateiARB@20
_glBlendFunci@12
_glBlendFunciARB@12
_glBlitFramebuffer@40
_glBufferData@16
_glBufferDataARB@16
_glBufferStorage@16
_glBufferSubData@16
_glBufferSubDataARB@16
_glCheckFramebufferStatus@4
_glCheckFramebufferStatusEXT@4
_glClampColor@8
_glClampColorARB@8
_glClearBufferData@20
_glClearBufferSubData@28
_glClearBufferfi@16
_glClearBufferfv@12
_glClearBufferiv@12
_glClearBufferuiv@12
_glClearColorIiEXT@16
_glClearColorIuiEXT@16
_glClearColorx@16
_glClearDepthf@4
_glClearDepthx@4
_glClearTexImage@20
_glClearTexSubImage@44
_glClientActiveTexture@4
_glClientActiveTextureARB@4
_glClientWaitSync@16
_glClipPlanef@8
_glClipPlanex@8
_glColor4x@16
_glColorMaskIndexedEXT@20
_glColorMaski@20
_glColorP3ui@8
_glColorP3uiv@8
_glColorP4ui@8
_glColorP4uiv@8
_glColorPointerEXT@20
_glColorSubTable@24
_glColorTable@24
_glColorTableParameterfv@12
_glColorTableParameteriv@12
_glCompileShader@4
_glCompileShaderARB@4
_glCompressedTexImage1D@28
_glCompressedTexImage1DARB@28
_glCompressedTexImage2D@32
_glCompressedTexImage2DARB@32
_glCompressedTexImage3D@36
_glCompressedTexImage3DARB@36
_glCompressedTexSubImage1D@28
_glCompressedTexSubImage1DARB@28
_glCompressedTexSubImage2D@36
_glCompressedTexSubImage2DARB@36
_glCompressedTexSubImage3D@44
_glCompressedTexSubImage3DARB@44
_glConvolutionFilter1D@24
_glConvolutionFilter2D@28
_glConvolutionParameterf@12
_glConvolutionParameterfv@12
_glConvolutionParameteri@12
_glConvolutionParameteriv@12
_glCopyBufferSubData@20
_glCopyColorSubTable@20
_glCopyColorTable@20
_glCopyConvolutionFilter1D@20
_glCopyConvolutionFilter2D@24
_glCopyImageSubData@60
_glCopyTexSubImage3D@36
_glCopyTexSubImage3DEXT@36
_glCreateProgram@0
_glCreateProgramObjectARB@0
_glCreateShader@4
_glCreateShaderObjectARB@4
_glCreateShaderProgramv@12
_glDebugMessageCallback@8
_glDebugMessageCallbackARB@8
_glDebugMessageControl@24
_glDebugMessageControlARB@24
_glDebugMessageInsert@24
_glDebugMessageInsertARB@24
_glDeleteBuffers@8
_glDeleteBuffersARB@8
_glDeleteFramebuffers@8
_glDeleteFramebuffersEXT@8
_glDeleteObjectARB@4
_glDeleteProgram@4
_glDeleteProgramPipelines@8
_glDeleteProgramsARB@8
_glDeleteQueries@8
_glDeleteQueriesARB@8
_glDeleteRenderbuffers@8
_glDeleteRenderbuffersEXT@8
_glDeleteSamplers@8
_glDeleteShader@4
_glDeleteSync@4
_glDeleteTexturesEXT@8
_glDeleteTransformFeedbacks@8
_glDeleteVertexArrays@8
_glDepthRangeArrayv@12
_glDepthRangeIndexed@20
_glDepthRangef@8
_glDepthRangex@8
_glDetachObjectARB@8
_glDetachShader@8
_glDisableIndexedEXT@8
_glDisableVertexAttribArray@4
_glDisableVertexAttribArrayARB@4
_glDisablei@8
_glDispatchCompute@12
_glDispatchComputeIndirect@4
_glDrawArraysEXT@12
_glDrawArraysIndirect@8
_glDrawArraysInstanced@16
_glDrawArraysInstancedARB@16
_glDrawArraysInstancedBaseInstance@20
_glDrawArraysInstancedEXT@16
_glDrawBuffers@8
_glDrawBuffersARB@8
_glDrawBuffersATI@8
_glDrawElementsBaseVertex@20
_glDrawElementsIndirect@12
_glDrawElementsInstanced@20
_glDrawElementsInstancedARB@20
_glDrawElementsInstancedBaseInstance@24
_glDrawElementsInstancedBaseVertex@24
_glDrawElementsInstancedBaseVertexBaseInstance@28
_glDrawElementsInstancedEXT@20
_glDrawRangeElements@24
_glDrawRangeElementsBaseVertex@28
_glDrawRangeElementsEXT@24
_glDrawTransformFeedback@8
_glDrawTransformFeedbackInstanced@12
_glDrawTransformFeedbackStream@12
_glDrawTransformFeedbackStreamInstanced@16
_glEdgeFlagPointerEXT@12
_glEnableIndexedEXT@8
_glEnableVertexAttribArray@4
_glEnableVertexAttribArrayARB@4
_glEnablei@8
_glEndConditionalRender@0
_glEndConditionalRenderNV@0
_glEndQuery@4
_glEndQueryARB@4
_glEndQueryIndexed@8
_glEndTransformFeedback@0
_glFenceSync@8
_glFlushMappedBufferRange@12
_glFogCoordPointer@12
_glFogCoordPointerEXT@12
_glFogCoordd@8
_glFogCoorddEXT@8
_glFogCoorddv@4
_glFogCoorddvEXT@4
_glFogCoordf@4
_glFogCoordfEXT@4
_glFogCoordfv@4
_glFogCoordfvEXT@4
_glFogx@8
_glFogxv@8
_glFramebufferParameteri@12
_glFramebufferRenderbuffer@16
_glFramebufferRenderbufferEXT@16
_glFramebufferTexture1D@20
_glFramebufferTexture1DEXT@20
_glFramebufferTexture2D@20
_glFramebufferTexture2DEXT@20
_glFramebufferTexture3D@24
_glFramebufferTexture3DEXT@24
_glFramebufferTexture@16
_glFramebufferTextureLayer@20
_glFramebufferTextureLayerEXT@20
_glFrustumf@24
_glFrustumx@24
_glGenBuffers@8
_glGenBuffersARB@8
_glGenFramebuffers@8
_glGenFramebuffersEXT@8
_glGenProgramPipelines@8
_glGenProgramsARB@8
_glGenQueries@8
_glGenQueriesARB@8
_glGenRenderbuffers@8
_glGenRenderbuffersEXT@8
_glGenSamplers@8
_glGenTexturesEXT@8
_glGenTransformFeedbacks@8
_glGenVertexArrays@8
_glGenerateMipmap@4
_glGenerateMipmapEXT@4
_glGetActiveAtomicCounterBufferiv@16
_glGetActiveAttrib@28
_glGetActiveAttribARB@28
_glGetActiveUniform@28
_glGetActiveUniformARB@28
_glGetActiveUniformBlockName@20
_glGetActiveUniformBlockiv@16
_glGetActiveUniformName@20
_glGetActiveUniformsiv@20
_glGetAttachedObjectsARB@16
_glGetAttachedShaders@16
_glGetAttribLocation@8
_glGetAttribLocationARB@8
_glGetBooleanIndexedvEXT@12
_glGetBooleani_v@12
_glGetBufferParameteri64v@12
_glGetBufferParameteriv@12
_glGetBufferParameterivARB@12
_glGetBufferPointerv@12
_glGetBufferPointervARB@12
_glGetBufferSubData@16
_glGetBufferSubDataARB@16
_glGetClipPlanef@8
_glGetClipPlanex@8
_glGetColorTable@16
_glGetColorTableParameterfv@12
_glGetColorTableParameteriv@12
_glGetCompressedTexImage@12
_glGetCompressedTexImageARB@12
_glGetConvolutionFilter@16
_glGetConvolutionParameterfv@12
_glGetConvolutionParameteriv@12
_glGetDebugMessageLog@32
_glGetDebugMessageLogARB@32
_glGetDoublei_v@12
_glGetFixedv@8
_glGetFloati_v@12
_glGetFragDataIndex@8
_glGetFragDataLocation@8
_glGetFragDataLocationEXT@8
_glGetFramebufferAttachmentParameteriv@16
_glGetFramebufferAttachmentParameterivEXT@16
_glGetFramebufferParameteriv@12
_glGetGraphicsResetStatus@0
_glGetGraphicsResetStatusARB@0
_glGetHandleARB@4
_glGetHistogram@20
_glGetHistogramParameterfv@12
_glGetHistogramParameteriv@12
_glGetInfoLogARB@16
_glGetInteger64i_v@12
_glGetInteger64v@8
_glGetIntegerIndexedvEXT@12
_glGetIntegeri_v@12
_glGetLightxv@12
_glGetMaterialxv@12
_glGetMinmax@20
_glGetMinmaxParameterfv@12
_glGetMinmaxParameteriv@12
_glGetMultisamplefv@12
_glGetObjectLabel@20
_glGetObjectParameterfvARB@12
_glGetObjectParameterivARB@12
_glGetObjectPtrLabel@16
_glGetPointervEXT@8
_glGetProgramBinary@20
_glGetProgramEnvParameterdvARB@12
_glGetProgramEnvParameterfvARB@12
_glGetProgramInfoLog@16
_glGetProgramInterfaceiv@16
_glGetProgramLocalParameterdvARB@12
_glGetProgramLocalParameterfvARB@12
_glGetProgramPipelineInfoLog@16
_glGetProgramPipelineiv@12
_glGetProgramResourceIndex@12
_glGetProgramResourceLocation@12
_glGetProgramResourceName@24
_glGetProgramResourceiv@32
_glGetProgramStringARB@12
_glGetProgramiv@12
_glGetProgramivARB@12
_glGetQueryIndexediv@16
_glGetQueryObjectiv@12
_glGetQueryObjectivARB@12
_glGetQueryObjectuiv@12
_glGetQueryObjectuivARB@12
_glGetQueryiv@12
_glGetQueryivARB@12
_glGetRenderbufferParameteriv@12
_glGetRenderbufferParameterivEXT@12
_glGetSamplerParameterIiv@12
_glGetSamplerParameterIuiv@12
_glGetSamplerParameterfv@12
_glGetSamplerParameteriv@12
_glGetSeparableFilter@24
_glGetShaderInfoLog@16
_glGetShaderPrecisionFormat@16
_glGetShaderSource@16
_glGetShaderSourceARB@16
_glGetShaderiv@12
_glGetStringi@8
_glGetSynciv@20
_glGetTexEnvxv@12
_glGetTexParameterIiv@12
_glGetTexParameterIivEXT@12
_glGetTexParameterIuiv@12
_glGetTexParameterIuivEXT@12
_glGetTexParameterxv@12
_glGetTransformFeedbackVarying@28
_glGetUniformBlockIndex@8
_glGetUniformIndices@16
_glGetUniformLocation@8
_glGetUniformLocationARB@8
_glGetUniformfv@12
_glGetUniformfvARB@12
_glGetUniformiv@12
_glGetUniformivARB@12
_glGetUniformuiv@12
_glGetUniformuivEXT@12
_glGetVertexAttribIiv@12
_glGetVertexAttribIivEXT@12
_glGetVertexAttribIuiv@12
_glGetVertexAttribIuivEXT@12
_glGetVertexAttribPointerv@12
_glGetVertexAttribPointervARB@12
_glGetVertexAttribdv@12
_glGetVertexAttribdvARB@12
_glGetVertexAttribfv@12
_glGetVertexAttribfvARB@12
_glGetVertexAttribiv@12
_glGetVertexAttribivARB@12
_glGetnColorTableARB@20
_glGetnCompressedTexImageARB@16
_glGetnConvolutionFilterARB@20
_glGetnHistogramARB@24
_glGetnMapdvARB@16
_glGetnMapfvARB@16
_glGetnMapivARB@16
_glGetnMinmaxARB@24
_glGetnPixelMapfvARB@12
_glGetnPixelMapuivARB@12
_glGetnPixelMapusvARB@12
_glGetnPolygonStippleARB@8
_glGetnSeparableFilterARB@32
_glGetnTexImageARB@24
_glGetnUniformdvARB@16
_glGetnUniformfv@16
_glGetnUniformfvARB@16
_glGetnUniformiv@16
_glGetnUniformivARB@16
_glGetnUniformuiv@16
_glGetnUniformuivARB@16
_glHistogram@16
_glIndexPointerEXT@16
_glInvalidateBufferData@4
_glInvalidateBufferSubData@12
_glInvalidateFramebuffer@12
_glInvalidateSubFramebuffer@28
_glInvalidateTexImage@8
_glInvalidateTexSubImage@32
_glIsBuffer@4
_glIsBufferARB@4
_glIsEnabledIndexedEXT@8
_glIsEnabledi@8
_glIsFramebuffer@4
_glIsFramebufferEXT@4
_glIsProgram@4
_glIsProgramARB@4
_glIsProgramPipeline@4
_glIsQuery@4
_glIsQueryARB@4
_glIsRenderbuffer@4
_glIsRenderbufferEXT@4
_glIsSampler@4
_glIsShader@4
_glIsSync@4
_glIsTextureEXT@4
_glIsTransformFeedback@4
_glIsVertexArray@4
_glLightModelx@8
_glLightModelxv@8
_glLightx@12
_glLightxv@12
_glLineWidthx@4
_glLinkProgram@4
_glLinkProgramARB@4
_glLoadMatrixx@4
_glLoadTransposeMatrixd@4
_glLoadTransposeMatrixdARB@4
_glLoadTransposeMatrixf@4
_glLoadTransposeMatrixfARB@4
_glLockArraysEXT@8
_glMapBuffer@8
_glMapBufferARB@8
_glMapBufferRange@16
_glMaterialx@12
_glMaterialxv@12
_glMemoryBarrier@4
_glMemoryBarrierByRegion@4
_glMinSampleShading@4
_glMinSampleShadingARB@4
_glMinmax@12
_glMultMatrixx@4
_glMultTransposeMatrixd@4
_glMultTransposeMatrixdARB@4
_glMultTransposeMatrixf@4
_glMultTransposeMatrixfARB@4
_glMultiDrawArrays@16
_glMultiDrawArraysEXT@16
_glMultiDrawArraysIndirect@16
_glMultiDrawElements@20
_glMultiDrawElementsBaseVertex@24
_glMultiDrawElementsEXT@20
_glMultiDrawElementsIndirect@20
_glMultiTexCoord1d@12
_glMultiTexCoord1dARB@12
_glMultiTexCoord1dv@8
_glMultiTexCoord1dvARB@8
_glMultiTexCoord1f@8
_glMultiTexCoord1fARB@8
_glMultiTexCoord1fv@8
_glMultiTexCoord1fvARB@8
_glMultiTexCoord1i@8
_glMultiTexCoord1iARB@8
_glMultiTexCoord1iv@8
_glMultiTexCoord1ivARB@8
_glMultiTexCoord1s@8
_glMultiTexCoord1sARB@8
_glMultiTexCoord1sv@8
_glMultiTexCoord1svARB@8
_glMultiTexCoord2d@20
_glMultiTexCoord2dARB@20
_glMultiTexCoord2dv@8
_glMultiTexCoord2dvARB@8
_glMultiTexCoord2f@12
_glMultiTexCoord2fARB@12

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxGuest.cat
VBoxGuest.inf
VBoxGuest.sys
.sys windows:6 windows x86 arch:x86

87f400735742d99e416c11acd9ff13ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxGuest\VBoxGuest.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoDisconnectInterrupt
ZwClose
ZwQueryInformationToken
ZwOpenProcessToken
KeGetCurrentThread
KeDelayExecutionThread
KeInitializeTimer
KeSetTimer
IoGetCurrentProcess
MmIsAddressValid
KeInitializeEvent
KeRemoveQueueDpc
KeNumberProcessors
KeResetEvent
KeCancelTimer
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
RtlUnwind
KeInsertQueueDpc
KeInitializeDpc
RtlInitUnicodeString
DbgPrint
RtlQueryRegistryValues

hal

HalTranslateBusAddress
HalGetInterruptVector
KeGetCurrentIrql
HalGetBusData

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTCritSectRwDelete
RTCritSectRwEnterExcl
RTCritSectRwEnterExclDebug
RTCritSectRwEnterShared
RTCritSectRwEnterSharedDebug
RTCritSectRwGetReadCount
RTCritSectRwGetWriteRecursion
RTCritSectRwGetWriterReadRecursion
RTCritSectRwInit
RTCritSectRwInitEx
RTCritSectRwIsReadOwner
RTCritSectRwIsWriteOwner
RTCritSectRwLeaveExcl
RTCritSectRwLeaveShared
RTCritSectRwSetSubClass
RTCritSectRwTryEnterExcl
RTCritSectRwTryEnterExclDebug
RTCritSectRwTryEnterShared
RTCritSectRwTryEnterSharedDebug
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNCmp
RTStrNICmpAscii
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreateEx
RTTimerDestroy
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16ICmpAscii
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxMouse.cat
VBoxMouse.inf
VBoxMouse.sys
.sys windows:6 windows x86 arch:x86

71e97405bd828b33ec0ba3d704275bbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxMouse\VBoxMouse.pdb

Imports

ntoskrnl.exe

IoAcquireRemoveLockEx
IoReleaseRemoveLockAndWaitEx
PoCallDriver
PoStartNextPowerIrp
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
KeInitializeSpinLock
IoReleaseRemoveLockEx
IoGetDeviceProperty
ObfReferenceObject
ObfDereferenceObject
IoDetachDevice
IoDeleteDevice
IoCreateDevice
IoInitializeRemoveLockEx
DbgPrint
PsGetVersion
MmIsAddressValid
_except_handler3
KeNumberProcessors
ZwQuerySystemInformation
IofCompleteRequest
KeInsertQueueDpc
KeRemoveQueueDpc
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
KeGetCurrentThread
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
strchr
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IofCallDriver
IoAttachDeviceToDeviceStack
KeInitializeDpc
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
memset

hal

ExReleaseFastMutex
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxNine.dll
.dll windows:6 windows x86 arch:x86

b650ef5c2983e9fcdf52c54df0131d44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxNine\VBoxNine.pdb

Imports

kernel32

DeleteCriticalSection
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
TerminateProcess
GetLastError
GetVersion
GetModuleFileNameW
GetStdHandle
WriteFile
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
CloseHandle
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleA
Sleep
LeaveCriticalSection
FreeLibrary
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFullPathNameW
TlsFree
SetThreadPriority
SetLastError
RtlUnwind
GetTickCount
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
VirtualAlloc
EnterCriticalSection
GetSystemDirectoryW
InitializeCriticalSection
GetConsoleWindow
OutputDebugStringA
IsDebuggerPresent
SetThreadAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
InitOnceExecuteOnce
GetSystemTimeAsFileTime
GetSystemInfo
GetProcessTimes
GetFileType
GetConsoleMode
WideCharToMultiByte
GetACP
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
VirtualFree

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtResetEvent
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryDirectoryFile
NtCreateFile
NtSetEvent
NtCreateEvent
NtWaitForSingleObject
NtClose
RtlFreeUnicodeString
NtProtectVirtualMemory

Exports

Exports

GaNineD3DAdapter9Create
GaNinePipeContextFromDevice
GaNinePipeResourceFromSurface
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabs
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2f
nocrt_lrint
nocrt_lrintf
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxSVGA.dll
.dll windows:6 windows x86 arch:x86

aca5580ddf789fb7b4e85cdee28ec9c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxSVGA\VBoxSVGA.pdb

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetStdHandle
GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
GetVersion
WideCharToMultiByte
GetACP
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
GetCurrentThread
GetCurrentThreadId
TlsAlloc
InitializeConditionVariable
TlsSetValue
GetModuleHandleA
GetProcAddress
Sleep
GetModuleHandleW
TlsFree
GetTickCount
GetCurrentProcessId
RtlUnwind
VirtualAlloc
VirtualFree
IsDebuggerPresent
OutputDebugStringA
GetSystemInfo
GetConsoleWindow
EnterCriticalSection
LeaveCriticalSection
WakeAllConditionVariable
SleepConditionVariableCS
SetThreadAffinityMask
DeleteCriticalSection
TlsGetValue
InitializeCriticalSection
InitOnceExecuteOnce
QueryPerformanceFrequency
QueryPerformanceCounter
GetCommandLineA

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtCreateEvent
NtSetEvent
NtProtectVirtualMemory
NtQueryVolumeInformationFile
NtClose
NtWaitForSingleObject

Exports

Exports

GaDrvContextFlush
GaDrvGetContextId
GaDrvGetSurfaceId
GaDrvGetWDDMEnv
GaDrvScreenCreate
GaDrvScreenDestroy
nocrt_atan2f
nocrt_ceil
nocrt_ceilf
nocrt_cos
nocrt_cosf
nocrt_exp2f
nocrt_fabs
nocrt_fabsf
nocrt_feraiseexcept
nocrt_floor
nocrt_floorf
nocrt_ldexp
nocrt_ldexpf
nocrt_llrint
nocrt_log2
nocrt_log2f
nocrt_logf
nocrt_lrint
nocrt_lrintf
nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_pow
nocrt_powf
nocrt_rint
nocrt_rintf
nocrt_sin
nocrt_sinf
nocrt_sqrt
nocrt_sqrtf
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp
nocrt_strncpy
nocrt_trunc
nocrt_truncf

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 823KB - Virtual size: 823KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxTray.exe
.exe windows:1 windows x86 arch:x86

23da4e1b0676646043e2b75888050b54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxTray\VBoxTray.pdb

Imports

kernel32

SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
RaiseException
GetCurrentProcess
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateFileW
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
LocalAlloc
LocalFree
GetStdHandle
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetModuleFileNameW
GetSystemDirectoryW
LoadLibraryExW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetFileType
GetConsoleMode
GetCommandLineW
OutputDebugStringA
DeleteFileW
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
CreateFileA
RtlUnwind
CreateDirectoryW
GetSystemTime
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
SetEnvironmentVariableW
SetLastError
lstrlenW
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalReAlloc
GlobalAlloc
GetCurrentThreadId
GetTickCount
GetProcAddress
GetModuleHandleA
CreateThread
RemoveDirectoryW
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersion
InitializeCriticalSection
GetModuleHandleW
SetThreadPriority
GetCurrentThread
CreateEventA
CreateMutexA
SetEvent
GetLastError
SetErrorMode
CloseHandle

user32

MessageBoxW
ShowCursor
WindowFromPoint
GetWindowThreadProcessId
SetWindowPos
GetClipboardOwner
SetClipboardData
GetClipboardData
RegisterClipboardFormatA
SendMessageTimeoutA
SendMessageCallbackA
OpenClipboard
CloseClipboard
SetClipboardViewer
GetClipboardViewer
ChangeClipboardChain
EnumClipboardFormats
GetClipboardFormatNameA
EmptyClipboard
TrackMouseEvent
ShowWindow
GetSystemMetrics
ClientToScreen
SetWindowLongA
GetClipboardFormatNameW
AttachThreadInput
EnumWindows
EnumDisplayDevicesA
GetWindowRect
GetWindowTextA
GetWindowRgn
EnumDisplaySettingsA
ReleaseDC
GetDC
GetClassInfoExA
PostQuitMessage
PostThreadMessageA
GetMessageA
DestroyIcon
LoadIconA
LoadCursorA
FindWindowExA
GetDesktopWindow
GetCursorPos
MessageBoxA
SetForegroundWindow
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostMessageA
SendMessageA
PeekMessageA
DispatchMessageA
TranslateMessage
RegisterWindowMessageA
ChangeDisplaySettingsA
SystemParametersInfoA
GetWindowLongA
GetClassNameA
FindWindowA

gdi32

DeleteDC
CreateDCA
CreateSolidBrush
SetRectRgn
OffsetRgn
GetRegionData
DeleteObject
CreateRectRgn
ExtEscape
CombineRgn

advapi32

RegSetValueExW
GetUserNameW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegCloseKey
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
InitializeAcl

shell32

Shell_NotifyIconA
DragQueryFileA
DragQueryFileW

ole32

ReleaseStgMedium
CoTaskMemFree
CoTaskMemAlloc
OleDuplicateData
DoDragDrop
CoLockObjectExternal
RegisterDragDrop
OleUninitialize
RevokeDragDrop
OleInitialize

ntdll

NtProtectVirtualMemory
NtOpenProcess
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryDirectoryFile
NtTerminateProcess
NtCancelIoFile
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
NtQueryInformationProcess
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
RtlGetNtProductType
RtlFreeUnicodeString
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxVideo.cat
VBoxVideo.inf
VBoxVideo.sys
.dll windows:6 windows x86 arch:x86

81519e6db00db4256b7a5a15e29d098d

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:70:76:6b:13:12:96:7e:2d:35:3d:88:16:c5:c6:8f:7a:43:37:c4:ac:b0:35:30:62:d5:21:06:40:06:3f:17
Signer

Actual PE Digest

a9:70:76:6b:13:12:96:7e:2d:35:3d:88:16:c5:c6:8f:7a:43:37:c4:ac:b0:35:30:62:d5:21:06:40:06:3f:17

Digest Algorithm

sha256

PE Digest Matches

true

fe:18:8e:75:6b:be:33:ff:fc:3d:37:4f:11:14:12:e5:85:19:d7:e4
Signer

Actual PE Digest

fe:18:8e:75:6b:be:33:ff:fc:3d:37:4f:11:14:12:e5:85:19:d7:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxVideo\VBoxVideo.pdb

Imports

videoprt.sys

VideoPortGetRegistryParameters
VideoPortMapMemory
VideoPortZeroMemory
VideoPortUnmapMemory
VideoPortWritePortUchar
VideoPortSynchronizeExecution
VideoPortWritePortUlong
VideoPortWritePortUshort
VideoPortSetRegistryParameters
VideoPortReadPortUlong
VideoPortReadPortUshort
VideoPortInitialize
VideoPortMoveMemory
VideoPortGetAccessRanges

ntoskrnl.exe

ObfDereferenceObject
strchr
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
IofCallDriver
DbgPrint
MmIsAddressValid
KeNumberProcessors
IoGetCurrentProcess
PsGetCurrentProcessId
KeGetCurrentThread
KeDelayExecutionThread
ZwYieldExecution
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ZwQuerySystemInformation
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeInitializeSpinLock
RtlUnwind
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
KeInitializeEvent
RtlInitUnicodeString
IoGetDeviceObjectPointer
PsGetVersion
MmGetPhysicalAddress

hal

KfRaiseIrql
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memmove

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 727B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxWddm.cat
VBoxWddm.inf
VBoxWddm.sys
.sys windows:6 windows x86 arch:x86

aae9599db86979d8e0c0dba62738f58e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxWddm\VBoxWddm.pdb

Imports

ntoskrnl.exe

memcpy
memset
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
_except_handler3
KeSetEvent
ObReferenceObjectByHandle
ObfDereferenceObject
ExEventObjectType
RtlInitializeBitMap
RtlClearBits
KeInitializeDpc
KeInitializeEvent
KeDelayExecutionThread
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeQuerySystemTime
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
PsCreateSystemThread
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetValueKey
_alldiv
_allmul
_allrem
_aulldiv
KeWaitForSingleObject
DbgPrint
ZwClose
IoOpenDeviceRegistryKey
IoGetDeviceProperty
PsGetVersion
ExFreePoolWithTag
ExAllocatePoolWithTag
IofCallDriver
IoAllocateMdl
ZwLoadDriver
IoGetDeviceObjectPointer
ZwUnloadDriver
IoFreeMdl
RtlGetVersion
IoBuildDeviceIoControlRequest
strchr
KeGetCurrentThread
ZwYieldExecution
KeQueryTimeIncrement
KeQueryTickCount
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
PsGetCurrentProcessId
MmIsAddressValid
KeNumberProcessors
MmBuildMdlForNonPagedPool
MmMapLockedPages
IoBuildPartialMdl
ZwQuerySystemInformation
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetPriorityThread
KeResetEvent
KeBugCheckEx
RtlUnwind
KeInitializeSpinLock
RtlInitUnicodeString

hal

KfRaiseIrql
KfLowerIrql
KfReleaseSpinLock
KeGetCurrentIrql
ExReleaseFastMutex
ExAcquireFastMutex
KfAcquireSpinLock

Exports

Exports

?CrSaAdd@@YAHPAUCR_SORTARRAY@@_K@Z
?CrSaCleanup@@YAXPAUCR_SORTARRAY@@@Z
?CrSaClone@@YAHPBUCR_SORTARRAY@@PAU1@@Z
?CrSaCmp@@YAHPBUCR_SORTARRAY@@0@Z
?CrSaContains@@YA_NPBUCR_SORTARRAY@@_K@Z
?CrSaCovers@@YA_NPBUCR_SORTARRAY@@0@Z
?CrSaInit@@YAHPAUCR_SORTARRAY@@I@Z
?CrSaIntersect@@YAXPAUCR_SORTARRAY@@PBU1@@Z
?CrSaIntersected@@YAHPAUCR_SORTARRAY@@PBU1@0@Z
?CrSaRemove@@YAHPAUCR_SORTARRAY@@_K@Z
?CrSaUnited@@YAHPBUCR_SORTARRAY@@0PAU1@@Z
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTAvlU32Destroy
RTAvlU32DoWithAll
RTAvlU32Get
RTAvlU32GetBestFit
RTAvlU32Insert
RTAvlU32Remove
RTAvlU32RemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memmove

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vboxguest.cat
vboxmouse.cat
vboxwddm.cat
VBoxWindowsAdditions.exe
.exe windows:1 windows x86 arch:x86

d819e7eb681a888b7e9dfeccd1085279

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:c3:e0:0b:48:78:cf:98:07:15:14:58:08:ae:93:69:15:1e:9c:78:79:6f:2a:55:66:79:66:b4:bf:64:55:8e
Signer

Actual PE Digest

d4:c3:e0:0b:48:78:cf:98:07:15:14:58:08:ae:93:69:15:1e:9c:78:79:6f:2a:55:66:79:66:b4:bf:64:55:8e

Digest Algorithm

sha256

PE Digest Matches

true

d2:fd:de:83:ec:29:03:90:7c:7b:2d:93:f0:d6:4e:d0:67:b2:fd:a3
Signer

Actual PE Digest

d2:fd:de:83:ec:29:03:90:7c:7b:2d:93:f0:d6:4e:d0:67:b2:fd:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxWindowsAdditions\VBoxWindowsAdditions.pdb

Imports

kernel32

GetStdHandle
GetCommandLineW
GetCurrentDirectoryW
WriteFile
CloseHandle
GetLastError
SetLastError
WaitForSingleObjectEx
GetCurrentProcess
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
GetConsoleMode
WriteConsoleW
WideCharToMultiByte
GetACP
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetVersion
RtlUnwind

user32

DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
PeekMessageA

shell32

ShellExecuteExW

ole32

CoInitializeEx

ntdll

NtTerminateProcess
NtProtectVirtualMemory

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
autorun.sh
.sh linux
cert/VBoxCertUtil.exe
.exe windows:1 windows x86 arch:x86

deed3562446091d078d05980e72f07c2

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/02/2021, 00:00

Not After

16/04/2024, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:e3:f7:ea:77:6d:bd:9c:4e:d1:9a:f9:f3:a5:d4:15:d0:e0:6a:6c:1f:2d:e4:9a:8b:32:ec:dd:68:2f:3a:61
Signer

Actual PE Digest

10:e3:f7:ea:77:6d:bd:9c:4e:d1:9a:f9:f3:a5:d4:15:d0:e0:6a:6c:1f:2d:e4:9a:8b:32:ec:dd:68:2f:3a:61

Digest Algorithm

sha256

PE Digest Matches

true

5a:7f:8f:c6:a0:73:02:51:d5:f9:b5:aa:67:98:c9:d9:17:7b:8d:91
Signer

Actual PE Digest

5a:7f:8f:c6:a0:73:02:51:d5:f9:b5:aa:67:98:c9:d9:17:7b:8d:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\tinderbox\add\out\win.x86\release\obj\VBoxCertUtil\VBoxCertUtil.pdb

Imports

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertCreateCertificateContext
CertFreeCertificateContext
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CertEnumSystemStoreLocation
CertEnumSystemStore
CertCompareCertificate
CertCompareCertificateName
CertNameToStrW
CertStrToNameW
CertGetNameStringW

kernel32

GetLastError
GetCurrentProcessId
GetStdHandle
GetFileType
GetConsoleMode
GetConsoleScreenBufferInfo
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
SetErrorMode
GetVersion
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateFileW
GetFileAttributesW
GetFullPathNameW
CloseHandle
MoveFileExW
WideCharToMultiByte
GetACP
DeleteFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
SetLastError
DeviceIoControl
GetCurrentProcess
TerminateProcess
GetCommandLineW
OutputDebugStringA
RaiseException
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetTickCount
SystemTimeToFileTime
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
RtlUnwind

ntdll

RtlGetNtProductType
NtQueryVolumeInformationFile
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtClose
NtOpenDirectoryObject
NtQueryDirectoryObject
NtTerminateProcess
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtProtectVirtualMemory
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cert/vbox-sha1-root.cer
cert/vbox-sha1-timestamp-root.cer
cert/vbox-sha1.cer
cert/vbox-sha256-root.cer
cert/vbox-sha256-timestamp-root.cer
cert/vbox-sha256.cer
runasroot.sh
.sh linux
windows11-bypass.reg

Sharing

General

Malware Config

Signatures

Files

e7ef6d3b129020bbd3c8fb273a070be5

Code Sign

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3eCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ecCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

38:0a:ba:2e:8e:4b:8e:5d:ff:e7:a1:fe:09:4b:1c:e0:5b:32:42:02:fc:d3:b1:b7:64:1b:09:20:eb:14:5b:72Signer

9e:b5:9f:8d:e9:72:67:be:ae:eb:13:75:18:5d:7a:88:b7:63:6d:bdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 2KB - Virtual size: 17KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 560B

.reloc Size: 3KB - Virtual size: 3KB

c070f49e423addd5a8f7d84fc4b72de8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ntdll

Exports

Exports

Sections

.text Size: 302KB - Virtual size: 301KB

.zero Size: - Virtual size: 64KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 3KB - Virtual size: 20KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

87f400735742d99e416c11acd9ff13ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

38:0a:ba:2e:8e:4b:8e:5d:ff:e7:a1:fe:09:4b:1c:e0:5b:32:42:02:fc:d3:b1:b7:64:1b:09:20:eb:14:5b:72
Signer

9e:b5:9f:8d:e9:72:67:be:ae:eb:13:75:18:5d:7a:88:b7:63:6d:bd
Signer

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 2KB - Virtual size: 17KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 560B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 302KB - Virtual size: 301KB

.zero
Size: - Virtual size: 64KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 3KB - Virtual size: 20KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 2KB - Virtual size: 54KB

.edata
Size: 12KB - Virtual size: 12KB

INIT
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 8KB - Virtual size: 7KB

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0f:52:65:06:cc:82:88:11:7d:a6:be:d3:a5:ab:ec:20
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

9a:fd:e3:80:af:73:91:25:3c:82:94:55:7e:40:ca:ff:6c:f0:05:9f:c8:76:0a:5d:8f:fa:33:c5:d6:eb:5d:c4
Signer

e5:03:7a:1f:0b:b1:d8:89:95:27:12:ac:ef:60:fe:5b:b0:8b:3c:c1
Signer

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 55KB

.edata
Size: 11KB - Virtual size: 10KB

INIT
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 6KB - Virtual size: 5KB

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate