=== MZ Header === signature: "MZ" bytes_in_last_block: 128 0x80 blocks_in_file: 1 1 num_relocs: 0 0 header_paragraphs: 4 4 min_extra_paragraphs: 0 0 max_extra_paragraphs: 65535 0xffff ss: 0 0 sp: 184 0xb8 checksum: 0 0 ip: 0 0 cs: 0 0 reloc_table_offset: 64 0x40 overlay_number: 0 0 reserved0: 0 0 oem_id: 0 0 oem_info: 0 0 reserved2: 0 0 reserved3: 0 0 reserved4: 0 0 reserved5: 0 0 reserved6: 0 0 lfanew: 128 0x80 === DOS STUB === 00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 69 73 20 61 20 57 69 6e 64 6f 77 73 20 |is is a Windows | 00000020: 4e 54 20 63 68 61 72 61 63 74 65 72 2d 6d 6f 64 |NT character-mod| 00000030: 65 20 65 78 65 63 75 74 61 62 6c 65 0d 0a 24 00 |e executable..$.| === PE Header === signature: "PE\x00\x00" # IMAGE_FILE_HEADER: Machine: 332 0x14c x86 NumberOfSections: 4 4 TimeDateStamp: "2010-05-25 12:37:12" PointerToSymbolTable: 0 0 NumberOfSymbols: 0 0 SizeOfOptionalHeader: 224 0xe0 Characteristics: 386 0x182 EXECUTABLE_IMAGE, BYTES_REVERSED_LO 32BIT_MACHINE # IMAGE_OPTIONAL_HEADER32: Magic: 267 0x10b 32-bit executable LinkerVersion: 2.18 SizeOfCode: 235008 0x39600 SizeOfInitializedData: 6656 0x1a00 SizeOfUninitializedData: 0 0 AddressOfEntryPoint: 186104 0x2d6f8 BaseOfCode: 4096 0x1000 BaseOfData: 241664 0x3b000 ImageBase: 4194304 0x400000 SectionAlignment: 4096 0x1000 FileAlignment: 512 0x200 OperatingSystemVersion: 1.11 ImageVersion: 0.0 SubsystemVersion: 4.0 Reserved1: 0 0 SizeOfImage: 278528 0x44000 SizeOfHeaders: 1024 0x400 CheckSum: 0 0 Subsystem: 3 3 WINDOWS_CUI DllCharacteristics: 0 0 SizeOfStackReserve: 65536 0x10000 SizeOfStackCommit: 65536 0x10000 SizeOfHeapReserve: 8192 0x2000 SizeOfHeapCommit: 4096 0x1000 LoaderFlags: 0 0 NumberOfRvaAndSizes: 16 0x10 === DATA DIRECTORY === EXPORT rva:0x 0 size:0x 0 IMPORT rva:0x 3b000 size:0x 5ee RESOURCE rva:0x 0 size:0x 0 EXCEPTION rva:0x 0 size:0x 0 SECURITY rva:0x 0 size:0x 0 BASERELOC rva:0x 41000 size:0x 24b0 DEBUG rva:0x 0 size:0x 0 ARCHITECTURE rva:0x 0 size:0x 0 GLOBALPTR rva:0x 0 size:0x 0 TLS rva:0x 0 size:0x 0 LOAD_CONFIG rva:0x 0 size:0x 0 Bound_IAT rva:0x 0 size:0x 0 IAT rva:0x 0 size:0x 0 Delay_IAT rva:0x 0 size:0x 0 CLR_Header rva:0x 0 size:0x 0 rva:0x 0 size:0x 0 === SECTIONS === NAME RVA VSZ RAW_SZ RAW_PTR nREL REL_PTR nLINE LINE_PTR FLAGS AUTO 1000 39516 39600 400 0 0 0 0 60000020 R-X CODE .idata 3b000 5ee 600 39a00 0 0 0 0 c0000040 RW- IDATA DGROUP 3c000 4860 1400 3a000 0 0 0 0 c0000040 RW- IDATA .reloc 41000 0 2600 3b400 0 0 0 0 42000040 R-- IDATA DISCARDABLE === IMPORTS === MODULE_NAME HINT ORD FUNCTION_NAME USER32.DLL 1 CharUpperA KERNEL32.DLL 1 CloseHandle KERNEL32.DLL 2 CreateEventA KERNEL32.DLL 3 CreateFileA KERNEL32.DLL 4 DeleteFileA KERNEL32.DLL 5 DosDateTimeToFileTime KERNEL32.DLL 6 ExitProcess KERNEL32.DLL 7 FileTimeToDosDateTime KERNEL32.DLL 8 FileTimeToLocalFileTime KERNEL32.DLL 9 FindClose KERNEL32.DLL a FindFirstFileA KERNEL32.DLL b FindNextFileA KERNEL32.DLL c FlushFileBuffers KERNEL32.DLL d FreeEnvironmentStringsA KERNEL32.DLL e GetACP KERNEL32.DLL f GetCPInfo KERNEL32.DLL 10 GetCommandLineA KERNEL32.DLL 11 GetCommandLineW KERNEL32.DLL 12 GetConsoleMode KERNEL32.DLL 13 GetCurrentDirectoryA KERNEL32.DLL 14 GetCurrentThreadId KERNEL32.DLL 15 GetDriveTypeA KERNEL32.DLL 16 GetEnvironmentStringsA KERNEL32.DLL 17 GetFileType KERNEL32.DLL 18 GetFullPathNameA KERNEL32.DLL 19 GetLastError KERNEL32.DLL 1a GetModuleFileNameA KERNEL32.DLL 1b GetModuleFileNameW KERNEL32.DLL 1c GetModuleHandleA KERNEL32.DLL 1d GetOEMCP KERNEL32.DLL 1e GetProcAddress KERNEL32.DLL 1f GetStdHandle KERNEL32.DLL 20 GetTimeZoneInformation KERNEL32.DLL 21 GetVersion KERNEL32.DLL 22 LoadLibraryA KERNEL32.DLL 23 LocalFileTimeToFileTime KERNEL32.DLL 24 MultiByteToWideChar KERNEL32.DLL 25 ReadConsoleInputA KERNEL32.DLL 26 ReadFile KERNEL32.DLL 27 SetConsoleCtrlHandler KERNEL32.DLL 28 SetConsoleMode KERNEL32.DLL 29 SetEnvironmentVariableA KERNEL32.DLL 2a SetEnvironmentVariableW KERNEL32.DLL 2b SetFilePointer KERNEL32.DLL 2c SetStdHandle KERNEL32.DLL 2d SetUnhandledExceptionFilter KERNEL32.DLL 2e UnhandledExceptionFilter KERNEL32.DLL 2f VirtualAlloc KERNEL32.DLL 30 VirtualFree KERNEL32.DLL 31 VirtualQuery KERNEL32.DLL 32 WideCharToMultiByte KERNEL32.DLL 33 WriteConsoleA KERNEL32.DLL 34 WriteFile === Packer / Compiler === MASM/TASM - sig4