SlideShare ist ein Scribd-Unternehmen logo

International Burmese democratic forces and friends of Burma who

Burma Democratic Concern (BDC)
Burma Democratic Concern (BDC)
TechnologieBildung
1 von 19
Downloaden Sie, um offline zu lesen
WINDOWS EXECUTABLE 32bit for Windows 95 and Windows NT Technical File Information: Image File Header Signature: 00004550 Machine: Intel 386 Number of Sections: 0008 Time Date Stamp: 2a425e19 Symbols Pointer: 00000000 Number of Symbols: 00000000 Size of Optional Header 00e0 Characteristics: File is executable (i.e. no unresolved external references). Line numbers stripped from file. Local symbols stripped from file. Low bytes of machine word are reversed. 32 bit word machine. High bytes of machine word are reversed. Image Optional Header Magic: 010b Linker Version: 2.25 Size of Code: 00017000 Size of Initialized Data: 00004c00 Size of Uninitialized Data: 00000000 Address of Entry Point: 00017de0 Base of Code: 00001000
Base of Data: 00018000 Image Base: 00400000 Section Alignment: 00001000 File Alignment: 00000200 Operating System Version: 4.00 Image Version: 0.00 Subsystem Version: 4.00 Reserved1: 00000000 Size of Image: 00022000 Size of Headers: 00000400 Checksum: 00026338 Subsystem: Image runs in the Windows GUI subsystem. DLL Characteristics: 0000 Size of Stack Reserve: 00100000 Size of Stack Commit: 00004000 Size of Heap Reserve: 00100000 Size of Heap Commit: 00001000 Loader Flags: 00000000 Size of Data Directory: 00000010 Import Directory Virtual Address: 0001a000 Import Directory Size: 000014d0 Resource Directory Virtual Address: 00020000 Resource Directory Size: 000018c8 Base Relocation Table Virtual Address: 0001e000 Base Relocation Table Size: 000011c4
TLS Directory Virtual Address: 0001d000 TLS Directory Size: 00000018 Import Table kernel32.dll Ordinal Function Name 0000 GetCurrentThreadId 0000 WideCharToMultiByte 0000 ExitProcess 0000 UnhandledExceptionFilter 0000 RtlUnwind 0000 RaiseException 0000 TlsSetValue 0000 TlsGetValue 0000 LocalAlloc 0000 GetModuleHandleA 0000 FreeLibrary 0000 HeapFree 0000 HeapReAlloc 0000 HeapAlloc 0000 GetProcessHeap
oleaut32.dll Ordinal Function Name 0000 SysFreeString 0000 SysReAllocStringLen advapi32.dll Ordinal Function Name 0000 RegSetValueExA 0000 RegQueryValueExA 0000 RegQueryInfoKeyA 0000 RegOpenKeyExA 0000 RegEnumKeyExA 0000 RegCreateKeyExA 0000 RegCloseKey 0000 OpenThreadToken 0000 OpenProcessToken 0000 LookupPrivilegeValueA 0000 GetUserNameA 0000 GetTokenInformation 0000 FreeSid 0000 EqualSid 0000 AllocateAndInitializeSid
0000 AdjustTokenPrivileges kernel32.dll Ordinal Function Name 0000 WritePrivateProfileStringA 0000 WriteFile 0000 WinExec 0000 WaitForSingleObject 0000 TerminateProcess 0000 Sleep 0000 SetFileTime 0000 SetFilePointer 0000 SetFileAttributesA 0000 SetErrorMode 0000 SetEndOfFile 0000 SetCurrentDirectoryA 0000 RemoveDirectoryA 0000 ReadFile 0000 OpenProcess 0000 MultiByteToWideChar 0000 LocalFileTimeToFileTime 0000 LoadLibraryA 0000 GlobalFree 0000 GlobalAlloc
0000 GetWindowsDirectoryA 0000 GetVersionExA 0000 GetVersion 0000 GetUserDefaultLangID 0000 GetTimeFormatA 0000 GetTempPathA 0000 GetSystemDirectoryA 0000 GetShortPathNameA 0000 GetProcAddress 0000 GetPrivateProfileStringA 0000 GetModuleHandleA 0000 GetModuleFileNameA 0000 GetLastError 0000 GetFullPathNameA 0000 GetFileTime 0000 GetFileSize 0000 GetFileAttributesA 0000 GetExitCodeProcess 0000 GetDiskFreeSpaceA 0000 GetDateFormatA 0000 GetCurrentThread 0000 GetCurrentProcess 0000 GetComputerNameA 0000 GetCommandLineA 0000 FreeLibrary 0000 FormatMessageA 0000 FindNextFileA
0000 FindFirstFileA 0000 FindClose 0000 FileTimeToSystemTime 0000 FileTimeToLocalFileTime 0000 ExpandEnvironmentStringsA 0000 DosDateTimeToFileTime 0000 DeleteFileA 0000 CreateFileA 0000 CreateDirectoryA 0000 CompareStringA 0000 CloseHandle gdi32.dll Ordinal Function Name 0000 StretchDIBits 0000 StretchBlt 0000 SetWindowOrgEx 0000 SetTextColor 0000 SetStretchBltMode 0000 SetRectRgn 0000 SetROP2 0000 SetPixel 0000 SetDIBits 0000 SetBrushOrgEx
0000 SetBkMode 0000 SetBkColor 0000 SelectObject 0000 SaveDC 0000 RestoreDC 0000 OffsetRgn 0000 MoveToEx 0000 IntersectClipRect 0000 GetTextExtentPoint32A 0000 GetStockObject 0000 GetPixel 0000 GetObjectA 0000 GetDIBits 0000 ExtSelectClipRgn 0000 ExcludeClipRect 0000 DeleteObject 0000 DeleteDC 0000 CreateSolidBrush 0000 CreateRectRgn 0000 CreateFontIndirectA 0000 CreateDIBSection 0000 CreateCompatibleDC 0000 CreateCompatibleBitmap 0000 CreateBrushIndirect 0000 CombineRgn 0000 BitBlt 0000 AddFontResourceA
user32.dll Ordinal Function Name 0000 wvsprintfA 0000 WaitMessage 0000 ValidateRect 0000 TranslateMessage 0000 ShowWindow 0000 SetWindowPos 0000 SetWindowLongA 0000 SetTimer 0000 SetPropA 0000 SetParent 0000 SetForegroundWindow 0000 SetFocus 0000 SetCursor 0000 SendMessageA 0000 ScreenToClient 0000 RemovePropA 0000 ReleaseDC 0000 RegisterClassA 0000 PostQuitMessage 0000 PostMessageA 0000 PeekMessageA
0000 OffsetRect 0000 MessageBoxA 0000 LoadIconA 0000 LoadCursorA 0000 KillTimer 0000 IsZoomed 0000 IsWindowVisible 0000 IsWindowEnabled 0000 IsWindow 0000 IsIconic 0000 InvalidateRect 0000 GetWindowTextLengthA 0000 GetWindowTextA 0000 GetWindowRgn 0000 GetWindowRect 0000 GetWindowLongA 0000 GetWindowDC 0000 GetUpdateRgn 0000 GetSystemMetrics 0000 GetSystemMenu 0000 GetSysColor 0000 GetPropA 0000 GetParent 0000 GetWindow 0000 GetKeyState 0000 GetFocus 0000 GetDCEx
0000 GetDC 0000 GetCursorPos 0000 GetClientRect 0000 GetClassLongA 0000 GetClassInfoA 0000 GetCapture 0000 FindWindowA 0000 FillRect 0000 ExitWindowsEx 0000 EnumWindows 0000 EndPaint 0000 EnableWindow 0000 EnableMenuItem 0000 DrawTextA 0000 DrawIcon 0000 DispatchMessageA 0000 DestroyWindow 0000 DestroyIcon 0000 DeleteMenu 0000 DefWindowProcA 0000 CopyImage 0000 ClientToScreen 0000 CheckRadioButton 0000 CallWindowProcA 0000 BeginPaint 0000 CharLowerBuffA
winmm.dll Ordinal Function Name 0000 timeKillEvent 0000 timeSetEvent user32.dll Ordinal Function Name 0000 CreateWindowExA oleaut32.dll Ordinal Function Name 0000 SysAllocStringLen ole32.dll Ordinal Function Name 0000 OleInitialize
comctl32.dll Ordinal Function Name 0000 ImageList_Draw 0000 ImageList_SetBkColor 0000 ImageList_Create 0000 InitCommonControls shell32.dll Ordinal Function Name 0000 SHGetFileInfoA shell32.dll Ordinal Function Name 0000 ShellExecuteExA 0000 ShellExecuteA cabinet.dll Ordinal Function Name
0000 FDIDestroy 0000 FDICopy 0000 FDICreate ole32.dll Ordinal Function Name 0000 OleInitialize 0000 CoTaskMemFree 0000 CoCreateInstance 0000 CoUninitialize 0000 CoInitialize shell32.dll Ordinal Function Name 0000 SHGetSpecialFolderLocation 0000 SHGetPathFromIDListA 0000 SHGetMalloc 0000 SHChangeNotify 0000 SHBrowseForFolderA Section Table
Section name: CODE Virtual Size: 00016e44 Virtual Address: 00001000 Size of raw data: 00017000 Pointer to Raw Data: 00000400 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains code Section is executable Section is readable Section name: DATA Virtual Size: 00000700 Virtual Address: 00018000 Size of raw data: 00000800 Pointer to Raw Data: 00017400 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains initialized data Section is readable Section is writeable Section name: BSS
Virtual Size: 000008ad Virtual Address: 00019000 Size of raw data: 00000000 Pointer to Raw Data: 00017c00 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section is readable Section is writeable Section name: .idata Virtual Size: 000014d0 Virtual Address: 0001a000 Size of raw data: 00001600 Pointer to Raw Data: 00017c00 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains initialized data Section is readable Section is writeable Section name: .tls Virtual Size: 00000008
Virtual Address: 0001c000 Size of raw data: 00000000 Pointer to Raw Data: 00019200 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section is readable Section is writeable Section name: .rdata Virtual Size: 00000018 Virtual Address: 0001d000 Size of raw data: 00000200 Pointer to Raw Data: 00019200 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains initialized data Section is shareable Section is readable Section name: .reloc Virtual Size: 000011c4 Virtual Address: 0001e000
Size of raw data: 00001200 Pointer to Raw Data: 00019400 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains initialized data Section is shareable Section is readable Section name: .rsrc Virtual Size: 000018c8 Virtual Address: 00020000 Size of raw data: 00001a00 Pointer to Raw Data: 0001a600 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains initialized data Section is shareable Section is readable Header Information Signature: 5a4d Last Page Size: 0050 Total Pages in File: 0002 Relocation Items: 0000
Paragraphs in Header: 0004 Minimum Extra Paragraphs: 000f Maximum Extra Paragraphs: ffff Initial Stack Segment: 0000 Initial Stack Pointer: 00b8 Complemented Checksum: 0000 Initial Instruction Pointer: 0000 Initial Code Segment: 0000 Relocation Table Offset: 0040 Overlay Number: 001a Reserved: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 Offset to New Header: 00000100 Memory Needed: 1K

Empfohlen

Data & Analytics - Session 3 - Under the Covers with Amazon DynamoDB
Data & Analytics - Session 3 - Under the Covers with Amazon DynamoDBData & Analytics - Session 3 - Under the Covers with Amazon DynamoDB
Data & Analytics - Session 3 - Under the Covers with Amazon DynamoDBAmazon Web Services
 
23-11-2010
23-11-201023-11-2010
23-11-2010Burma Democratic Concern (BDC)
 
news on Nov 26
news on Nov 26news on Nov 26
news on Nov 26Burma Democratic Concern (BDC)
 
dialogue and Burma by Khin Ma Ma Myo
dialogue and Burma by Khin Ma Ma Myodialogue and Burma by Khin Ma Ma Myo
dialogue and Burma by Khin Ma Ma MyoBurma Democratic Concern (BDC)
 
FBE.13th.Conference.London.Agenda.12.06.09
FBE.13th.Conference.London.Agenda.12.06.09FBE.13th.Conference.London.Agenda.12.06.09
FBE.13th.Conference.London.Agenda.12.06.09Burma Democratic Concern (BDC)
 
NYN 11.1.2011
NYN 11.1.2011NYN 11.1.2011
NYN 11.1.2011Burma Democratic Concern (BDC)
 
31 July 2010
31 July 201031 July 2010
31 July 2010Burma Democratic Concern (BDC)
 
Burma (Myanmar): Press release constitutional reform network 2013
Burma (Myanmar): Press release constitutional reform network 2013Burma (Myanmar): Press release constitutional reform network 2013
Burma (Myanmar): Press release constitutional reform network 2013Burma Democratic Concern (BDC)
 

Empfohlen

Data & Analytics - Session 3 - Under the Covers with Amazon DynamoDB
Data & Analytics - Session 3 - Under the Covers with Amazon DynamoDBData & Analytics - Session 3 - Under the Covers with Amazon DynamoDB
Data & Analytics - Session 3 - Under the Covers with Amazon DynamoDBAmazon Web Services
 
23-11-2010
23-11-201023-11-2010
23-11-2010Burma Democratic Concern (BDC)
 
news on Nov 26
news on Nov 26news on Nov 26
news on Nov 26Burma Democratic Concern (BDC)
 
dialogue and Burma by Khin Ma Ma Myo
dialogue and Burma by Khin Ma Ma Myodialogue and Burma by Khin Ma Ma Myo
dialogue and Burma by Khin Ma Ma MyoBurma Democratic Concern (BDC)
 
FBE.13th.Conference.London.Agenda.12.06.09
FBE.13th.Conference.London.Agenda.12.06.09FBE.13th.Conference.London.Agenda.12.06.09
FBE.13th.Conference.London.Agenda.12.06.09Burma Democratic Concern (BDC)
 
NYN 11.1.2011
NYN 11.1.2011NYN 11.1.2011
NYN 11.1.2011Burma Democratic Concern (BDC)
 
31 July 2010
31 July 201031 July 2010
31 July 2010Burma Democratic Concern (BDC)
 
Burma (Myanmar): Press release constitutional reform network 2013
Burma (Myanmar): Press release constitutional reform network 2013Burma (Myanmar): Press release constitutional reform network 2013
Burma (Myanmar): Press release constitutional reform network 2013Burma Democratic Concern (BDC)
 
PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)Ange Albertini
 
Moving beyond moving bytes
Moving beyond moving bytesMoving beyond moving bytes
Moving beyond moving bytesSuneel Marthi
 
Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...
Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...
Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...Flink Forward
 
The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31Mahmoud Samir Fayed
 
The Ring programming language version 1.5.1 book - Part 43 of 180
The Ring programming language version 1.5.1 book - Part 43 of 180The Ring programming language version 1.5.1 book - Part 43 of 180
The Ring programming language version 1.5.1 book - Part 43 of 180Mahmoud Samir Fayed
 
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory DumpsAccelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory DumpsDmitry Vostokov
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
201403 microsoft mvp com camp 2014-한주성
201403 microsoft mvp com camp 2014-한주성201403 microsoft mvp com camp 2014-한주성
201403 microsoft mvp com camp 2014-한주성주성 한
 
Runtime Symbol Resolution
Runtime Symbol ResolutionRuntime Symbol Resolution
Runtime Symbol ResolutionKen Kawamoto
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
MySQL under the siege
MySQL under the siegeMySQL under the siege
MySQL under the siegeSource Ministry
 
Symbolic Debugging with DWARF
Symbolic Debugging with DWARFSymbolic Debugging with DWARF
Symbolic Debugging with DWARFSamy Bahra
 
The Ring programming language version 1.9 book - Part 53 of 210
The Ring programming language version 1.9 book - Part 53 of 210The Ring programming language version 1.9 book - Part 53 of 210
The Ring programming language version 1.9 book - Part 53 of 210Mahmoud Samir Fayed
 
Beyond PHP - it's not (just) about the code
Beyond PHP - it's not (just) about the codeBeyond PHP - it's not (just) about the code
Beyond PHP - it's not (just) about the codeWim Godden
 
Computer shop billing system
Computer shop billing systemComputer shop billing system
Computer shop billing systemMayur Solanki
 
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Alex Matrosov
 
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...Positive Hack Days
 
DICOM structure
DICOM structureDICOM structure
DICOM structureShiju P K
 
The Ring programming language version 1.5 book - Part 8 of 31
The Ring programming language version 1.5 book - Part 8 of 31The Ring programming language version 1.5 book - Part 8 of 31
The Ring programming language version 1.5 book - Part 8 of 31Mahmoud Samir Fayed
 
Fundamentals of Physical Memory Analysis
Fundamentals of Physical Memory AnalysisFundamentals of Physical Memory Analysis
Fundamentals of Physical Memory AnalysisDmitry Vostokov
 
Sayar Myo Presentation Regarding Election Law
Sayar Myo Presentation Regarding Election LawSayar Myo Presentation Regarding Election Law
Sayar Myo Presentation Regarding Election LawBurma Democratic Concern (BDC)
 
Burma democratic concern (bdc) new year resolution for 2015
Burma democratic concern (bdc) new year resolution for 2015Burma democratic concern (bdc) new year resolution for 2015
Burma democratic concern (bdc) new year resolution for 2015Burma Democratic Concern (BDC)
 

Weitere ähnliche Inhalte

Ähnlich wie International Burmese democratic forces and friends of Burma who

PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)Ange Albertini
 
Moving beyond moving bytes
Moving beyond moving bytesMoving beyond moving bytes
Moving beyond moving bytesSuneel Marthi
 
Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...
Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...
Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...Flink Forward
 
The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31Mahmoud Samir Fayed
 
The Ring programming language version 1.5.1 book - Part 43 of 180
The Ring programming language version 1.5.1 book - Part 43 of 180The Ring programming language version 1.5.1 book - Part 43 of 180
The Ring programming language version 1.5.1 book - Part 43 of 180Mahmoud Samir Fayed
 
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory DumpsAccelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory DumpsDmitry Vostokov
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
201403 microsoft mvp com camp 2014-한주성
201403 microsoft mvp com camp 2014-한주성201403 microsoft mvp com camp 2014-한주성
201403 microsoft mvp com camp 2014-한주성주성 한
 
Runtime Symbol Resolution
Runtime Symbol ResolutionRuntime Symbol Resolution
Runtime Symbol ResolutionKen Kawamoto
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeWim Godden
 
Symbolic Debugging with DWARF
Symbolic Debugging with DWARFSymbolic Debugging with DWARF
Symbolic Debugging with DWARFSamy Bahra
 
The Ring programming language version 1.9 book - Part 53 of 210
The Ring programming language version 1.9 book - Part 53 of 210The Ring programming language version 1.9 book - Part 53 of 210
The Ring programming language version 1.9 book - Part 53 of 210Mahmoud Samir Fayed
 
Beyond PHP - it's not (just) about the code
Beyond PHP - it's not (just) about the codeBeyond PHP - it's not (just) about the code
Beyond PHP - it's not (just) about the codeWim Godden
 
Computer shop billing system
Computer shop billing systemComputer shop billing system
Computer shop billing systemMayur Solanki
 
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Alex Matrosov
 
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...Positive Hack Days
 
DICOM structure
DICOM structureDICOM structure
DICOM structureShiju P K
 
The Ring programming language version 1.5 book - Part 8 of 31
The Ring programming language version 1.5 book - Part 8 of 31The Ring programming language version 1.5 book - Part 8 of 31
The Ring programming language version 1.5 book - Part 8 of 31Mahmoud Samir Fayed
 
Fundamentals of Physical Memory Analysis
Fundamentals of Physical Memory AnalysisFundamentals of Physical Memory Analysis
Fundamentals of Physical Memory AnalysisDmitry Vostokov
 

Ähnlich wie International Burmese democratic forces and friends of Burma who (20)

PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)PE102 - a Windows executable format overview (booklet V1)
PE102 - a Windows executable format overview (booklet V1)
 
Moving beyond moving bytes
Moving beyond moving bytesMoving beyond moving bytes
Moving beyond moving bytes
 
Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...
Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...
Flink Forward Berlin 2017: Joey Frazee, Suneel Marthi - Moving Beyond Moving ...
 
The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31The Ring programming language version 1.4.1 book - Part 13 of 31
The Ring programming language version 1.4.1 book - Part 13 of 31
 
The Ring programming language version 1.5.1 book - Part 43 of 180
The Ring programming language version 1.5.1 book - Part 43 of 180The Ring programming language version 1.5.1 book - Part 43 of 180
The Ring programming language version 1.5.1 book - Part 43 of 180
 
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory DumpsAccelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory Dumps
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the code
 
201403 microsoft mvp com camp 2014-한주성
201403 microsoft mvp com camp 2014-한주성201403 microsoft mvp com camp 2014-한주성
201403 microsoft mvp com camp 2014-한주성
 
Runtime Symbol Resolution
Runtime Symbol ResolutionRuntime Symbol Resolution
Runtime Symbol Resolution
 
Beyond php - it's not (just) about the code
Beyond php - it's not (just) about the codeBeyond php - it's not (just) about the code
Beyond php - it's not (just) about the code
 
MySQL under the siege
MySQL under the siegeMySQL under the siege
MySQL under the siege
 
Symbolic Debugging with DWARF
Symbolic Debugging with DWARFSymbolic Debugging with DWARF
Symbolic Debugging with DWARF
 
The Ring programming language version 1.9 book - Part 53 of 210
The Ring programming language version 1.9 book - Part 53 of 210The Ring programming language version 1.9 book - Part 53 of 210
The Ring programming language version 1.9 book - Part 53 of 210
 
Beyond PHP - it's not (just) about the code
Beyond PHP - it's not (just) about the codeBeyond PHP - it's not (just) about the code
Beyond PHP - it's not (just) about the code
 
Computer shop billing system
Computer shop billing systemComputer shop billing system
Computer shop billing system
 
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
 
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
 
DICOM structure
DICOM structureDICOM structure
DICOM structure
 
The Ring programming language version 1.5 book - Part 8 of 31
The Ring programming language version 1.5 book - Part 8 of 31The Ring programming language version 1.5 book - Part 8 of 31
The Ring programming language version 1.5 book - Part 8 of 31
 
Fundamentals of Physical Memory Analysis
Fundamentals of Physical Memory AnalysisFundamentals of Physical Memory Analysis
Fundamentals of Physical Memory Analysis
 

Mehr von Burma Democratic Concern (BDC)

Burma democratic concern (bdc) new year resolution for 2015
Burma democratic concern (bdc) new year resolution for 2015Burma democratic concern (bdc) new year resolution for 2015
Burma democratic concern (bdc) new year resolution for 2015Burma Democratic Concern (BDC)
 

Mehr von Burma Democratic Concern (BDC) (20)

Sayar Myo Presentation Regarding Election Law
Sayar Myo Presentation Regarding Election LawSayar Myo Presentation Regarding Election Law
Sayar Myo Presentation Regarding Election Law
 
Burma democratic concern (bdc) new year resolution for 2015
Burma democratic concern (bdc) new year resolution for 2015Burma democratic concern (bdc) new year resolution for 2015
Burma democratic concern (bdc) new year resolution for 2015
 
Burma; Bengali planning to invade
Burma; Bengali planning to invade Burma; Bengali planning to invade
Burma; Bengali planning to invade
 
Myanmar: Bengali and Geopolitics by U Khin Mg Saw
Myanmar: Bengali and Geopolitics by U Khin Mg SawMyanmar: Bengali and Geopolitics by U Khin Mg Saw
Myanmar: Bengali and Geopolitics by U Khin Mg Saw
 
Soldiers in parliament
Soldiers in parliamentSoldiers in parliament
Soldiers in parliament
 
Bayda institute for burma democratization
Bayda institute for burma democratizationBayda institute for burma democratization
Bayda institute for burma democratization
 
Self identification clarification
Self identification clarificationSelf identification clarification
Self identification clarification
 
Democratization & Good Governance (10 Dec 2012)
Democratization & Good Governance (10 Dec 2012)Democratization & Good Governance (10 Dec 2012)
Democratization & Good Governance (10 Dec 2012)
 
World System Theory & Burma
World System Theory & BurmaWorld System Theory & Burma
World System Theory & Burma
 
Globalization, Borders & Immigration
Globalization, Borders & ImmigrationGlobalization, Borders & Immigration
Globalization, Borders & Immigration
 
Human Rights Day
Human Rights DayHuman Rights Day
Human Rights Day
 
SYCB monthly Bulletin for November (Vol.4, Issue-46)
SYCB monthly Bulletin for November (Vol.4, Issue-46)SYCB monthly Bulletin for November (Vol.4, Issue-46)
SYCB monthly Bulletin for November (Vol.4, Issue-46)
 
14th FBE Resolution final
14th FBE Resolution final14th FBE Resolution final
14th FBE Resolution final
 
Pilon
PilonPilon
Pilon
 
Tbm
TbmTbm
Tbm
 
Final Draft Mirror Online statement
Final Draft Mirror Online statementFinal Draft Mirror Online statement
Final Draft Mirror Online statement
 
1996 02 12 - NLD Attitude for Ethnic Nationalities
1996 02 12 - NLD Attitude for Ethnic Nationalities1996 02 12 - NLD Attitude for Ethnic Nationalities
1996 02 12 - NLD Attitude for Ethnic Nationalities
 
Windsor family tree
Windsor family treeWindsor family tree
Windsor family tree
 
my idea
my ideamy idea
my idea
 
VOB792KK
VOB792KKVOB792KK
VOB792KK
 

Kürzlich hochgeladen

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 

Kürzlich hochgeladen (20)

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 

International Burmese democratic forces and friends of Burma who

  • 1. WINDOWS EXECUTABLE 32bit for Windows 95 and Windows NT Technical File Information: Image File Header Signature: 00004550 Machine: Intel 386 Number of Sections: 0008 Time Date Stamp: 2a425e19 Symbols Pointer: 00000000 Number of Symbols: 00000000 Size of Optional Header 00e0 Characteristics: File is executable (i.e. no unresolved external references). Line numbers stripped from file. Local symbols stripped from file. Low bytes of machine word are reversed. 32 bit word machine. High bytes of machine word are reversed. Image Optional Header Magic: 010b Linker Version: 2.25 Size of Code: 00017000 Size of Initialized Data: 00004c00 Size of Uninitialized Data: 00000000 Address of Entry Point: 00017de0 Base of Code: 00001000
  • 2. Base of Data: 00018000 Image Base: 00400000 Section Alignment: 00001000 File Alignment: 00000200 Operating System Version: 4.00 Image Version: 0.00 Subsystem Version: 4.00 Reserved1: 00000000 Size of Image: 00022000 Size of Headers: 00000400 Checksum: 00026338 Subsystem: Image runs in the Windows GUI subsystem. DLL Characteristics: 0000 Size of Stack Reserve: 00100000 Size of Stack Commit: 00004000 Size of Heap Reserve: 00100000 Size of Heap Commit: 00001000 Loader Flags: 00000000 Size of Data Directory: 00000010 Import Directory Virtual Address: 0001a000 Import Directory Size: 000014d0 Resource Directory Virtual Address: 00020000 Resource Directory Size: 000018c8 Base Relocation Table Virtual Address: 0001e000 Base Relocation Table Size: 000011c4
  • 3. TLS Directory Virtual Address: 0001d000 TLS Directory Size: 00000018 Import Table kernel32.dll Ordinal Function Name 0000 GetCurrentThreadId 0000 WideCharToMultiByte 0000 ExitProcess 0000 UnhandledExceptionFilter 0000 RtlUnwind 0000 RaiseException 0000 TlsSetValue 0000 TlsGetValue 0000 LocalAlloc 0000 GetModuleHandleA 0000 FreeLibrary 0000 HeapFree 0000 HeapReAlloc 0000 HeapAlloc 0000 GetProcessHeap
  • 4. oleaut32.dll Ordinal Function Name 0000 SysFreeString 0000 SysReAllocStringLen advapi32.dll Ordinal Function Name 0000 RegSetValueExA 0000 RegQueryValueExA 0000 RegQueryInfoKeyA 0000 RegOpenKeyExA 0000 RegEnumKeyExA 0000 RegCreateKeyExA 0000 RegCloseKey 0000 OpenThreadToken 0000 OpenProcessToken 0000 LookupPrivilegeValueA 0000 GetUserNameA 0000 GetTokenInformation 0000 FreeSid 0000 EqualSid 0000 AllocateAndInitializeSid
  • 5. 0000 AdjustTokenPrivileges kernel32.dll Ordinal Function Name 0000 WritePrivateProfileStringA 0000 WriteFile 0000 WinExec 0000 WaitForSingleObject 0000 TerminateProcess 0000 Sleep 0000 SetFileTime 0000 SetFilePointer 0000 SetFileAttributesA 0000 SetErrorMode 0000 SetEndOfFile 0000 SetCurrentDirectoryA 0000 RemoveDirectoryA 0000 ReadFile 0000 OpenProcess 0000 MultiByteToWideChar 0000 LocalFileTimeToFileTime 0000 LoadLibraryA 0000 GlobalFree 0000 GlobalAlloc
  • 6. 0000 GetWindowsDirectoryA 0000 GetVersionExA 0000 GetVersion 0000 GetUserDefaultLangID 0000 GetTimeFormatA 0000 GetTempPathA 0000 GetSystemDirectoryA 0000 GetShortPathNameA 0000 GetProcAddress 0000 GetPrivateProfileStringA 0000 GetModuleHandleA 0000 GetModuleFileNameA 0000 GetLastError 0000 GetFullPathNameA 0000 GetFileTime 0000 GetFileSize 0000 GetFileAttributesA 0000 GetExitCodeProcess 0000 GetDiskFreeSpaceA 0000 GetDateFormatA 0000 GetCurrentThread 0000 GetCurrentProcess 0000 GetComputerNameA 0000 GetCommandLineA 0000 FreeLibrary 0000 FormatMessageA 0000 FindNextFileA
  • 7. 0000 FindFirstFileA 0000 FindClose 0000 FileTimeToSystemTime 0000 FileTimeToLocalFileTime 0000 ExpandEnvironmentStringsA 0000 DosDateTimeToFileTime 0000 DeleteFileA 0000 CreateFileA 0000 CreateDirectoryA 0000 CompareStringA 0000 CloseHandle gdi32.dll Ordinal Function Name 0000 StretchDIBits 0000 StretchBlt 0000 SetWindowOrgEx 0000 SetTextColor 0000 SetStretchBltMode 0000 SetRectRgn 0000 SetROP2 0000 SetPixel 0000 SetDIBits 0000 SetBrushOrgEx
  • 8. 0000 SetBkMode 0000 SetBkColor 0000 SelectObject 0000 SaveDC 0000 RestoreDC 0000 OffsetRgn 0000 MoveToEx 0000 IntersectClipRect 0000 GetTextExtentPoint32A 0000 GetStockObject 0000 GetPixel 0000 GetObjectA 0000 GetDIBits 0000 ExtSelectClipRgn 0000 ExcludeClipRect 0000 DeleteObject 0000 DeleteDC 0000 CreateSolidBrush 0000 CreateRectRgn 0000 CreateFontIndirectA 0000 CreateDIBSection 0000 CreateCompatibleDC 0000 CreateCompatibleBitmap 0000 CreateBrushIndirect 0000 CombineRgn 0000 BitBlt 0000 AddFontResourceA
  • 9. user32.dll Ordinal Function Name 0000 wvsprintfA 0000 WaitMessage 0000 ValidateRect 0000 TranslateMessage 0000 ShowWindow 0000 SetWindowPos 0000 SetWindowLongA 0000 SetTimer 0000 SetPropA 0000 SetParent 0000 SetForegroundWindow 0000 SetFocus 0000 SetCursor 0000 SendMessageA 0000 ScreenToClient 0000 RemovePropA 0000 ReleaseDC 0000 RegisterClassA 0000 PostQuitMessage 0000 PostMessageA 0000 PeekMessageA
  • 10. 0000 OffsetRect 0000 MessageBoxA 0000 LoadIconA 0000 LoadCursorA 0000 KillTimer 0000 IsZoomed 0000 IsWindowVisible 0000 IsWindowEnabled 0000 IsWindow 0000 IsIconic 0000 InvalidateRect 0000 GetWindowTextLengthA 0000 GetWindowTextA 0000 GetWindowRgn 0000 GetWindowRect 0000 GetWindowLongA 0000 GetWindowDC 0000 GetUpdateRgn 0000 GetSystemMetrics 0000 GetSystemMenu 0000 GetSysColor 0000 GetPropA 0000 GetParent 0000 GetWindow 0000 GetKeyState 0000 GetFocus 0000 GetDCEx
  • 11. 0000 GetDC 0000 GetCursorPos 0000 GetClientRect 0000 GetClassLongA 0000 GetClassInfoA 0000 GetCapture 0000 FindWindowA 0000 FillRect 0000 ExitWindowsEx 0000 EnumWindows 0000 EndPaint 0000 EnableWindow 0000 EnableMenuItem 0000 DrawTextA 0000 DrawIcon 0000 DispatchMessageA 0000 DestroyWindow 0000 DestroyIcon 0000 DeleteMenu 0000 DefWindowProcA 0000 CopyImage 0000 ClientToScreen 0000 CheckRadioButton 0000 CallWindowProcA 0000 BeginPaint 0000 CharLowerBuffA
  • 12. winmm.dll Ordinal Function Name 0000 timeKillEvent 0000 timeSetEvent user32.dll Ordinal Function Name 0000 CreateWindowExA oleaut32.dll Ordinal Function Name 0000 SysAllocStringLen ole32.dll Ordinal Function Name 0000 OleInitialize
  • 13. comctl32.dll Ordinal Function Name 0000 ImageList_Draw 0000 ImageList_SetBkColor 0000 ImageList_Create 0000 InitCommonControls shell32.dll Ordinal Function Name 0000 SHGetFileInfoA shell32.dll Ordinal Function Name 0000 ShellExecuteExA 0000 ShellExecuteA cabinet.dll Ordinal Function Name
  • 14. 0000 FDIDestroy 0000 FDICopy 0000 FDICreate ole32.dll Ordinal Function Name 0000 OleInitialize 0000 CoTaskMemFree 0000 CoCreateInstance 0000 CoUninitialize 0000 CoInitialize shell32.dll Ordinal Function Name 0000 SHGetSpecialFolderLocation 0000 SHGetPathFromIDListA 0000 SHGetMalloc 0000 SHChangeNotify 0000 SHBrowseForFolderA Section Table
  • 15. Section name: CODE Virtual Size: 00016e44 Virtual Address: 00001000 Size of raw data: 00017000 Pointer to Raw Data: 00000400 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains code Section is executable Section is readable Section name: DATA Virtual Size: 00000700 Virtual Address: 00018000 Size of raw data: 00000800 Pointer to Raw Data: 00017400 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains initialized data Section is readable Section is writeable Section name: BSS
  • 16. Virtual Size: 000008ad Virtual Address: 00019000 Size of raw data: 00000000 Pointer to Raw Data: 00017c00 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section is readable Section is writeable Section name: .idata Virtual Size: 000014d0 Virtual Address: 0001a000 Size of raw data: 00001600 Pointer to Raw Data: 00017c00 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains initialized data Section is readable Section is writeable Section name: .tls Virtual Size: 00000008
  • 17. Virtual Address: 0001c000 Size of raw data: 00000000 Pointer to Raw Data: 00019200 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section is readable Section is writeable Section name: .rdata Virtual Size: 00000018 Virtual Address: 0001d000 Size of raw data: 00000200 Pointer to Raw Data: 00019200 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains initialized data Section is shareable Section is readable Section name: .reloc Virtual Size: 000011c4 Virtual Address: 0001e000
  • 18. Size of raw data: 00001200 Pointer to Raw Data: 00019400 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains initialized data Section is shareable Section is readable Section name: .rsrc Virtual Size: 000018c8 Virtual Address: 00020000 Size of raw data: 00001a00 Pointer to Raw Data: 0001a600 Pointer to Relocations: 00000000 Pointer to Line Numbers: 00000000 Number of Relocations: 0000 Number of Line Numbers: 0000 Characteristics: Section contains initialized data Section is shareable Section is readable Header Information Signature: 5a4d Last Page Size: 0050 Total Pages in File: 0002 Relocation Items: 0000
  • 19. Paragraphs in Header: 0004 Minimum Extra Paragraphs: 000f Maximum Extra Paragraphs: ffff Initial Stack Segment: 0000 Initial Stack Pointer: 00b8 Complemented Checksum: 0000 Initial Instruction Pointer: 0000 Initial Code Segment: 0000 Relocation Table Offset: 0040 Overlay Number: 001a Reserved: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 Offset to New Header: 00000100 Memory Needed: 1K