Microsoft (R) COFF/PE Dumper Version 11.00.61030.0 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file shell32.dll PE signature found File Type: DLL FILE HEADER VALUES 14C machine (x86) B number of sections 5E3221EB time date stamp Thu Jan 30 09:23:07 2020 8E2800 file pointer to symbol table 0 number of symbols E0 size of optional header 2102 characteristics Executable 32 bit word machine DLL OPTIONAL HEADER VALUES 10B magic # (PE32) 2.23 linker version D1800 size of code 7BD000 size of initialized data 1E00 size of uninitialized data B8D91 entry point (7B0D8D91) 1000 base of code D3000 base of data 7B020000 image base (7B020000 to 7B90AFFF) 1000 section alignment 200 file alignment 5.01 operating system version 5.01 image version 4.00 subsystem version 0 Win32 version 8EB000 size of image 600 size of headers 8F01AB checksum 3 subsystem (Windows CUI) 0 DLL characteristics 200000 size of stack reserve 1000 size of stack commit 100000 size of heap reserve 1000 size of heap commit 0 loader flags 10 number of directories 104000 [ 36FF] RVA [size] of Export Directory 108000 [ 4C18] RVA [size] of Import Directory 10F000 [ 6A64FC] RVA [size] of Resource Directory 0 [ 0] RVA [size] of Exception Directory 0 [ 0] RVA [size] of Certificates Directory 7B6000 [ EE20] RVA [size] of Base Relocation Directory 0 [ 0] RVA [size] of Debug Directory 0 [ 0] RVA [size] of Architecture Directory 0 [ 0] RVA [size] of Global Pointer Directory F99EC [ 18] RVA [size] of Thread Storage Directory 0 [ 0] RVA [size] of Load Configuration Directory 0 [ 0] RVA [size] of Bound Import Directory 108C10 [ B34] RVA [size] of Import Address Table Directory 0 [ 0] RVA [size] of Delay Import Directory 0 [ 0] RVA [size] of COM Descriptor Directory 0 [ 0] RVA [size] of Reserved Directory SECTION HEADER #1 .text name D16A8 virtual size 1000 virtual address (7B021000 to 7B0F26A7) D1800 size of raw data 600 file pointer to raw data (00000600 to 000D1DFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60500060 flags Code Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Execute Read SECTION HEADER #2 .data name 62D0 virtual size D3000 virtual address (7B0F3000 to 7B0F92CF) 6400 size of raw data D1E00 file pointer to raw data (000D1E00 to 000D81FF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0600040 flags Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Read Write SECTION HEADER #3 .rdata name 27400 virtual size DA000 virtual address (7B0FA000 to 7B1213FF) 27400 size of raw data D8200 file pointer to raw data (000D8200 to 000FF5FF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 40600040 flags Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Read Only SECTION HEADER #4 .bss name 1C40 virtual size 102000 virtual address (7B122000 to 7B123C3F) 0 size of raw data 0 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0600080 flags Uninitialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Read Write SECTION HEADER #5 .edata name 36FF virtual size 104000 virtual address (7B124000 to 7B1276FE) 3800 size of raw data FF600 file pointer to raw data (000FF600 to 00102DFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 40300040 flags Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Read Only Section contains the following exports for shell32.dll 00000000 characteristics 5E3221EA time date stamp Thu Jan 30 09:23:06 2020 0.00 version 1 ordinal base 756 number of functions 309 number of names ordinal hint RVA name 105 0 00062F8F Activate_RunDLL 106 1 00062FE3 AppCompat_RunDLLW 700 2 00061F7F CDefFolderMenu_Create 701 3 00068E3C CDefFolderMenu_Create2 166 4 000849D1 CallCPLEntry16 107 5 0009591C CheckEscapesA 108 6 0009583C CheckEscapesW 109 7 0008A286 CommandLineToArgvW 110 8 0008492A Control_FillCache_RunDLL 111 9 0008492A Control_FillCache_RunDLLA 112 A 000848BA Control_FillCache_RunDLLW 113 B 000847D4 Control_RunDLL 114 C 000847D4 Control_RunDLLA 115 D 0006302A Control_RunDLLAsUserW 116 E 0008429C Control_RunDLLW 129 F 0008FACC DAD_AutoScroll 131 10 0008FB90 DAD_DragEnterEx 22 11 00062D9B DAD_DragEnterEx2 132 12 0008FC4B DAD_DragLeave 134 13 0008FBF1 DAD_DragMove 136 14 0008FC9B DAD_SetDragImage 137 15 0008FCFD DAD_ShowDragImage 1 16 000264E7 DllCanUnloadNow 117 17 00026500 DllGetClassObject 118 18 00026222 DllGetVersion 120 19 000266CA DllInstall 124 1A 00026749 DllRegisterServer 125 1B 000267DE DllUnregisterServer 135 1C 0009030F DoEnvironmentSubstA 138 1D 0009042D DoEnvironmentSubstW 139 1E 0008CF8C DragAcceptFiles 140 1F 0008CFE6 DragFinish 141 20 0008D2AC DragQueryFile 142 21 0008D2AC DragQueryFileA 143 22 00063071 DragQueryFileAorW 144 23 0008D0C2 DragQueryFileW 150 24 0008D03B DragQueryPoint 64 25 0009008B DriveType 199 26 0008BA4A DuplicateIcon 206 27 0002527A ExtractAssociatedIconA 207 28 00025478 ExtractAssociatedIconExA 208 29 000253F8 ExtractAssociatedIconExW 216 2A 0002510D ExtractAssociatedIconW 217 2B 0008BC33 ExtractIconA 218 2C 00024FC3 ExtractIconEx 219 2D 00024FC3 ExtractIconExA 220 2E 00024E74 ExtractIconExW 221 2F 0006339F ExtractIconResInfoA 222 30 000633F3 ExtractIconResInfoW 223 31 0008BAEC ExtractIconW 224 32 00063447 ExtractVersionResource16W 225 33 0006349B FindExeDlgProc 226 34 0004BCA7 FindExecutableA 227 35 0004BB1E FindExecutableW 228 36 0008C704 FreeIconList 63 37 0008DD05 GetFileNameFromBrowse 154 38 00086083 ILAppendID 18 39 0008546D ILClone 19 3A 0008585C ILCloneFirst 25 3B 00085516 ILCombine 157 3C 00085BA3 ILCreateFromPath 189 3D 00085A8D ILCreateFromPathA 190 3E 00085B18 ILCreateFromPathW 24 3F 00088A3E ILFindChild 16 40 00085955 ILFindLastID 155 41 000859D3 ILFree 153 42 000857AE ILGetNext 152 43 00085256 ILGetSize 21 44 00088C7B ILIsEqual 23 45 00088B89 ILIsParent 26 46 00084CC6 ILLoadFromStream 17 47 00086009 ILRemoveLastID 27 48 0008538D ILSaveToStream 229 49 00063543 InternalExtractIconListA 238 4A 000634EF InternalExtractIconListW 119 4B 00091F7A IsLFNDrive 41 4C 00091EB2 IsLFNDriveA 42 4D 00091F16 IsLFNDriveW 66 4E 000521A8 IsNetDrive 680 4F 00091722 IsUserAnAdmin 81 50 0004ED35 OpenAs_RunDLL 101 51 0004ED35 OpenAs_RunDLLA 104 52 0004EC91 OpenAs_RunDLLW 85 53 OpenRegStream (forwarded to shlwapi.SHOpenRegStreamA) 255 54 0001C46A Options_RunDLL 260 55 0001C495 Options_RunDLLA 261 56 0001C4C0 Options_RunDLLW 171 57 000922A9 PathCleanupSpec 92 58 00091C82 PathGetShortPath 43 59 00091D87 PathIsExe 240 5A 0006388B PathIsSlowA 239 5B 00063837 PathIsSlowW 47 5C 00091FAB PathMakeUniqueName 653 5D 00092600 PathProcessCommand 49 5E 00092468 PathQualify 51 5F 0009251E PathResolve 75 60 00092103 PathYetAnotherMakeUniqueName 62 61 00007351 PickIconDlg 13 62 00062D47 PifMgr_CloseProperties 10 63 00062BF7 PifMgr_GetProperties 9 64 00062BA3 PifMgr_OpenProperties 11 65 00062C4B PifMgr_SetProperties 262 66 000629D2 PrintersGetCommand_RunDLL 263 67 00062A19 PrintersGetCommand_RunDLLA 264 68 00062A60 PrintersGetCommand_RunDLLW 654 69 0008FD58 ReadCabinetState 524 6A 000521D6 RealDriveType 265 6B 00062912 RealShellExecuteA 266 6C 0006286A RealShellExecuteExA 267 6D 000628BE RealShellExecuteExW 268 6E 00062972 RealShellExecuteW 269 6F 00025D23 RegenerateUserEnvironment 59 70 00006F99 RestartDialog 730 71 00006E54 RestartDialogEx 167 72 00090707 SHAddFromPropSheetExtArray 270 73 0008E82F SHAddToRecentDocs 196 74 0008CEC0 SHAlloc 520 75 SHAllocShared (forwarded to shlwapi.SHAllocShared) 271 76 0008BFB5 SHAppBarMessage 272 77 000861F7 SHBindToParent 273 78 0007F820 SHBrowseForFolder 274 79 0007F820 SHBrowseForFolderA 275 7A 0007F787 SHBrowseForFolderW 147 7B 0008CE1C SHCLSIDFromString 644 7C 00080CD0 SHChangeNotification_Lock 645 7D 00080DDB SHChangeNotification_Unlock 276 7E 000800A6 SHChangeNotify 4 7F 0007FF85 SHChangeNotifyDeregister 2 80 0008119E SHChangeNotifyRegister 277 81 00062816 SHChangeNotifySuspendResume 89 82 00085158 SHCloneSpecialIDList 102 83 0008C8E7 SHCoCreateInstance 165 84 00051FB0 SHCreateDirectory 278 85 00051E79 SHCreateDirectoryExA 279 86 00051CB3 SHCreateDirectoryExW 743 87 00022654 SHCreateFileExtractIconW 280 88 00098214 SHCreateLocalServerRunDll 281 89 000627C2 SHCreateProcessAsUserW 168 8A 00090C8D SHCreatePropSheetExtArray 282 8B 0008D9A9 SHCreateQueryCancelAutoPlayMoniker 256 8C 0005FFBF SHCreateShellFolderView 174 8D 0005FED7 SHCreateShellFolderViewEx 283 8E 00027588 SHCreateShellItem 74 8F 00090D9B SHCreateStdEnumFmtEtc 3 90 000256C9 SHDefExtractIconA 6 91 000255A5 SHDefExtractIconW 169 92 0009088B SHDestroyPropSheetExtArray 88 93 0008E6C9 SHDoDragDrop 284 94 00043321 SHEmptyRecycleBinA 285 95 00042F00 SHEmptyRecycleBinW 286 96 00098272 SHEnableServiceObject 287 97 000619AC SHEnumerateUnreadMailAccountsW 288 98 SHExtractIconsW (forwarded to user32.PrivateExtractIconsW) 289 99 0005595A SHFileOperation 290 9A 0005595A SHFileOperationA 291 9B 00054273 SHFileOperationW 90 9C 00090E53 SHFindFiles 149 9D 0009738B SHFind_InitMenuPopup 121 9E 000901D3 SHFlushClipboard 526 9F 00091593 SHFlushSFCache 292 A0 0000A7EA SHFormatDrive 195 A1 0008CF2F SHFree 293 A2 00051FD7 SHFreeNameMappings 523 A3 SHFreeShared (forwarded to shlwapi.SHFreeShared) 750 A4 0009864E SHGetAttributesFromDataObject 294 A5 000894D1 SHGetDataFromIDListA 295 A6 00089205 SHGetDataFromIDListW 296 A7 00032D96 SHGetDesktopFolder 297 A8 SHGetDiskFreeSpaceA (forwarded to kernel32.GetDiskFreeSpaceExA) 298 A9 SHGetDiskFreeSpaceExA (forwarded to kernel32.GetDiskFreeSpaceExA) 299 AA SHGetDiskFreeSpaceExW (forwarded to kernel32.GetDiskFreeSpaceExW) 300 AB 0008B852 SHGetFileInfo 301 AC 0008B852 SHGetFileInfoA 302 AD 0008A789 SHGetFileInfoW 303 AE 0009476F SHGetFolderLocation 304 AF 000944D0 SHGetFolderPathA 305 B0 00093C0D SHGetFolderPathAndSubDirA 306 B1 000933AF SHGetFolderPathAndSubDirW 307 B2 00093EA2 SHGetFolderPathW 308 B3 00025812 SHGetIconOverlayIndexA 309 B4 00025884 SHGetIconOverlayIndexW 727 B5 00091598 SHGetImageList 310 B6 0008FA0E SHGetInstanceExplorer 311 B7 0008CE5B SHGetMalloc 312 B8 00091302 SHGetNewLinkInfo 179 B9 00091302 SHGetNewLinkInfoA 180 BA 000910DE SHGetNewLinkInfoW 313 BB 000865ED SHGetPathFromIDList 314 BC 000865ED SHGetPathFromIDListA 315 BD 000863A5 SHGetPathFromIDListW 98 BE 00085639 SHGetRealIDL 709 BF 00061DE8 SHGetSetFolderCustomSettingsW 68 C0 0008E1B5 SHGetSetSettings 316 C1 0008DE3D SHGetSettings 749 C2 000985F0 SHGetShellStyleHInstance 317 C3 000949C0 SHGetSpecialFolderLocation 318 C4 000946D9 SHGetSpecialFolderPathA 319 C5 00094724 SHGetSpecialFolderPathW 320 C6 00061904 SHGetUnreadMailCountW 193 C7 00090FE8 SHHandleUpdateImage 321 C8 0008C254 SHHelpShortcuts_RunDLL 322 C9 0008C254 SHHelpShortcuts_RunDLLA 323 CA 0008C2C4 SHHelpShortcuts_RunDLLW 28 CB 0008510B SHILCreateFromPath 324 CC 0006276E SHInvokePrinterCommandA 325 CD 0006271A SHInvokePrinterCommandW 326 CE 00051678 SHIsFileAvailableOffline 747 CF 00061808 SHLimitInputEdit 327 D0 0008C334 SHLoadInProc 328 D1 0008C752 SHLoadNonloadedIconOverlayIdentifiers 151 D2 00090030 SHLoadOLE 521 D3 SHLockShared (forwarded to shlwapi.SHLockShared) 148 D4 00024BAF SHMapIDListToImageListIndexAsync 77 D5 00024ACB SHMapPIDLToSystemImageListIndex 716 D6 00061C9C SHMultiFileProperties 178 D7 00091043 SHObjectProperties 329 D8 00056A52 SHOpenFolderAndSelectItems 80 D9 00061EE4 SHOpenPropSheetW 330 DA 00085E7D SHParseDisplayName 331 DB 0005240A SHPathPrepareForWriteA 332 DC 000521FF SHPathPrepareForWriteW 685 DD 0008D4B1 SHPropStgCreate 688 DE 0008D77D SHPropStgReadMultiple 689 DF 0008D893 SHPropStgWriteMultiple 333 E0 000436D8 SHQueryRecycleBinA 334 E1 0004361C SHQueryRecycleBinW 170 E2 000907C2 SHReplaceFromPropSheetExtArray 100 E3 000977B0 SHRestricted 161 E4 0008F943 SHRunControlPanel 176 E5 0008F9B5 SHSetInstanceExplorer 335 E6 00091476 SHSetLocalizedName 336 E7 00061958 SHSetUnreadMailCountW 73 E8 0008E227 SHShellFolderView_Message 162 E9 00085E4C SHSimpleIDListFromPath 14 EA 00062CF3 SHStartNetConnectionDialogW 245 EB 00091639 SHTestTokenMembership 522 EC SHUnlockShared (forwarded to shlwapi.SHUnlockShared) 191 ED 00090F75 SHUpdateImageA 192 EE 00090F02 SHUpdateImageW 337 EF 00042EB0 SHUpdateRecycleBinIcon 173 F0 00090296 SHValidateUNC 338 F1 00052154 SheChangeDirA 339 F2 000626C6 SheChangeDirExA 340 F3 00062672 SheChangeDirExW 341 F4 0005217E SheChangeDirW 342 F5 0006261E SheConvertPathW 343 F6 000625CA SheFullPathA 344 F7 00062576 SheFullPathW 345 F8 00062526 SheGetCurDrive 346 F9 00052004 SheGetDirA 347 FA 000624D2 SheGetDirExW 348 FB 000520AC SheGetDirW 349 FC 0006247E SheGetPathOffsetW 350 FD 0006242A SheRemoveQuotesA 351 FE 000623D6 SheRemoveQuotesW 352 FF 00062382 SheSetCurDrive 353 100 0006232E SheShortenPathA 354 101 000622DA SheShortenPathW 355 102 0008C571 ShellAboutA 356 103 0008C468 ShellAboutW 357 104 00062205 ShellExec_RunDLL 358 105 0006224C ShellExec_RunDLLA 359 106 00062293 ShellExec_RunDLLW 360 107 0004E8BB ShellExecuteA 361 108 0004E4FC ShellExecuteEx 362 109 0004E4FC ShellExecuteExA 363 10A 0004E4D6 ShellExecuteExW 364 10B 0004BE7B ShellExecuteW 365 10C 000621B1 ShellHookProc 183 10D 0008E479 ShellMessageBoxA 182 10E 0008E31B ShellMessageBoxW 72 10F 00024E01 Shell_GetCachedImageIndex 71 110 000248AE Shell_GetImageLists 67 111 000973FB Shell_MergeMenus 366 112 00063E1B Shell_NotifyIcon 367 113 00063E1B Shell_NotifyIconA 368 114 00063BC4 Shell_NotifyIconW 103 115 0008E7D4 SignalFileOpen 369 116 StrChrA (forwarded to shlwapi.StrChrA) 370 117 StrChrIA (forwarded to shlwapi.StrChrIA) 371 118 StrChrIW (forwarded to shlwapi.StrChrIW) 372 119 StrChrW (forwarded to shlwapi.StrChrW) 373 11A StrCmpNA (forwarded to shlwapi.StrCmpNA) 374 11B StrCmpNIA (forwarded to shlwapi.StrCmpNIA) 375 11C StrCmpNIW (forwarded to shlwapi.StrCmpNIW) 376 11D StrCmpNW (forwarded to shlwapi.StrCmpNW) 377 11E StrCpyNA (forwarded to kernel32.lstrcpynA) 378 11F StrCpyNW (forwarded to shlwapi.StrCpyNW) 379 120 StrNCmpA (forwarded to shlwapi.StrCmpNA) 380 121 StrNCmpIA (forwarded to shlwapi.StrCmpNIA) 381 122 StrNCmpIW (forwarded to shlwapi.StrCmpNIW) 382 123 StrNCmpW (forwarded to shlwapi.StrCmpNW) 383 124 StrNCpyA (forwarded to kernel32.lstrcpynA) 384 125 StrNCpyW (forwarded to shlwapi.StrCpyNW) 385 126 StrRChrA (forwarded to shlwapi.StrRChrA) 386 127 StrRChrIA (forwarded to shlwapi.StrRChrIA) 387 128 StrRChrIW (forwarded to shlwapi.StrRChrIW) 388 129 StrRChrW (forwarded to shlwapi.StrRChrW) 389 12A 0006215D StrRStrA 390 12B StrRStrIA (forwarded to shlwapi.StrRStrIA) 391 12C StrRStrIW (forwarded to shlwapi.StrRStrIW) 392 12D 00062109 StrRStrW 393 12E StrStrA (forwarded to shlwapi.StrStrA) 394 12F StrStrIA (forwarded to shlwapi.StrStrIA) 395 130 StrStrIW (forwarded to shlwapi.StrStrIW) 396 131 StrStrW (forwarded to shlwapi.StrStrW) 397 132 0004E9F0 WOWShellExecute 164 133 00051C97 Win32DeleteFile 652 134 0008FEBC WriteCabinetState 5 00080036 [NONAME] 7 00062AFB [NONAME] 8 00062B4F [NONAME] 12 00062C9F [NONAME] 15 00086CB1 [NONAME] 20 000852E4 [NONAME] 29 00091CAB [NONAME] 30 000B8670 [NONAME] 31 000B8680 [NONAME] 32 000B8668 [NONAME] 33 000B86E8 [NONAME] 34 000B8688 [NONAME] 35 00091C51 [NONAME] 36 00091C03 [NONAME] 37 000B8678 [NONAME] 38 000B8700 [NONAME] 39 000B86C0 [NONAME] 40 000B86B0 [NONAME] 44 00097FE0 [NONAME] 45 00091E81 [NONAME] 46 000B86C8 [NONAME] 48 000B86F8 [NONAME] 50 000B8708 [NONAME] 52 000B8698 [NONAME] 53 00062DEF [NONAME] 54 00006F26 [NONAME] 55 000B86D8 [NONAME] 56 000B8710 [NONAME] 57 000B86A0 [NONAME] 58 0008DCAA [NONAME] 60 00007061 [NONAME] 61 00006D52 [NONAME] 65 000900BF [NONAME] 69 00062E3F [NONAME] 70 00026141 [NONAME] 76 00062E93 [NONAME] 78 000956DE [NONAME] 79 00095590 [NONAME] 82 00062EE7 [NONAME] 83 00090CBB [NONAME] 84 00062F3B [NONAME] 86 0008E5D4 [NONAME] 87 0008E66C [NONAME] 91 000617B4 [NONAME] 93 00051888 [NONAME] 94 000518A2 [NONAME] 95 000851F6 [NONAME] 96 00095419 [NONAME] 97 000901DD [NONAME] 99 0008FFCE [NONAME] 122 00084957 [NONAME] 123 0008FA82 [NONAME] 126 0009016A [NONAME] 127 0008F8D3 [NONAME] 128 00026500 [NONAME] 130 0008FB35 [NONAME] 145 000B8690 [NONAME] 146 00090246 [NONAME] 156 00085A30 [NONAME] 158 00091C42 [NONAME] 159 000B86A8 [NONAME] 160 000630C5 [NONAME] 163 00095474 [NONAME] 172 000569DB [NONAME] 175 00094724 [NONAME] 177 00063119 [NONAME] 181 0008E290 [NONAME] 184 0008E761 [NONAME] 185 0006316D [NONAME] 186 00086D50 [NONAME] 187 000631B4 [NONAME] 188 000B1B4F [NONAME] 194 0009090F [NONAME] 197 00063208 [NONAME] 198 0009011A [NONAME] 200 000B0C52 [NONAME] 201 000B0CDE [NONAME] 202 0009803E [NONAME] 203 00025C4D [NONAME] 204 00061760 [NONAME] 205 0008BD52 [NONAME] 209 000632A3 [NONAME] 210 000632F7 [NONAME] 211 0006324F [NONAME] 212 0006334B [NONAME] 213 0008BEA9 [NONAME] 214 0008BF60 [NONAME] 215 000913FD [NONAME] 230 00063597 [NONAME] 231 000635EB [NONAME] 232 0006363F [NONAME] 233 00063693 [NONAME] 234 000636E7 [NONAME] 235 0006373B [NONAME] 236 0006378F [NONAME] 237 000637E3 [NONAME] 241 000638DF [NONAME] 242 0006393F [NONAME] 243 [NONAME] (forwarded to user32.SetShellWindowEx) 244 000979A3 [NONAME] 246 0009809C [NONAME] 247 000980FA [NONAME] 248 00063993 [NONAME] 249 000B86D0 [NONAME] 250 000B86F0 [NONAME] 251 000B86E0 [NONAME] 252 [NONAME] (forwarded to shlwapi.PathIsURLW) 253 00098158 [NONAME] 254 000981B6 [NONAME] 257 00062AA7 [NONAME] 258 000914EF [NONAME] 259 0009153F [NONAME] 525 000620B5 [NONAME] 640 00081459 [NONAME] 641 00080E38 [NONAME] 643 0006206E [NONAME] 646 00061FD3 [NONAME] 648 00062027 [NONAME] 650 000B86B8 [NONAME] 651 0008FD58 [NONAME] 660 0008FFC2 [NONAME] 681 [NONAME] (forwarded to shlwapi.SHGetAppCompatFlags) 683 000982D0 [NONAME] 684 0009832E [NONAME] 690 0009838C [NONAME] 691 000983EA [NONAME] 702 00061F38 [NONAME] 703 0009059E [NONAME] 704 000905F2 [NONAME] 707 00061E90 [NONAME] 708 00061E3C [NONAME] 711 00061D98 [NONAME] 712 00061D44 [NONAME] 713 00090631 [NONAME] 714 0009069C [NONAME] 715 00061CF0 [NONAME] 719 00061C48 [NONAME] 720 00061BF4 [NONAME] 721 00061BA0 [NONAME] 722 00098448 [NONAME] 723 00094F01 [NONAME] 724 00061B50 [NONAME] 725 00061AFC [NONAME] 726 00061AA8 [NONAME] 731 000984A6 [NONAME] 732 00061A62 [NONAME] 733 00061A1C [NONAME] 740 000984D6 [NONAME] 744 00098534 [NONAME] 745 00098592 [NONAME] 748 0006185C [NONAME] 751 000986AC [NONAME] 752 000639F1 [NONAME] 753 000639E7 [NONAME] 754 0009870A [NONAME] 755 000618B0 [NONAME] 756 00098768 [NONAME] SECTION HEADER #6 .idata name 4C18 virtual size 108000 virtual address (7B128000 to 7B12CC17) 4E00 size of raw data 102E00 file pointer to raw data (00102E00 to 00107BFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0300040 flags Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Read Write Section contains the following imports: ntdll.dll 7B128C10 Import Address Table 7B1280DC Import Name Table 0 time date stamp 0 Index of first forwarder reference 10 DbgPrint 1D4 RtlAssert 20F RtlCreateUnicodeStringFromAsciiz 27C RtlFreeUnicodeString 27E RtlGUIDFromString 2B1 RtlInitUnicodeString 32F RtlRaiseException 566 vDbgPrintExWithPrefix advapi32.dll 7B128C34 Import Address Table 7B128100 Import Name Table 0 time date stamp 0 Index of first forwarder reference 1C AdjustTokenPrivileges 1D AllocateAndInitializeSid 38 CheckTokenMembership 3E CloseServiceHandle 40 CommandLineFromMsiDescriptor 50 ConvertSidToStringSidW E1 FreeSid 119 GetTokenInformation 14F LookupPrivilegeValueW 1AB OpenProcessToken 1AD OpenSCManagerW 1AF OpenServiceW 1C3 QueryServiceStatusEx 1CA RegCloseKey 1D0 RegCreateKeyExA 1D1 RegCreateKeyExW 1D2 RegCreateKeyW 1D3 RegDeleteKeyA 1D6 RegDeleteKeyW 1DE RegEnumKeyExW 1DF RegEnumKeyW 1E1 RegEnumValueW 1E4 RegGetValueA 1E5 RegGetValueW 1EA RegOpenKeyA 1EB RegOpenKeyExA 1EC RegOpenKeyExW 1ED RegOpenKeyW 1F1 RegQueryInfoKeyW 1F5 RegQueryValueA 1F6 RegQueryValueExA 1F7 RegQueryValueExW 1F8 RegQueryValueW 204 RegSetValueExW comctl32.dll 7B128CD0 Import Address Table 7B12819C Import Name Table 0 time date stamp 0 Index of first forwarder reference Ordinal 167 Ordinal 401 Ordinal 71 Ordinal 151 Ordinal 400 3 CreatePropertySheetPageW Ordinal 328 Ordinal 336 Ordinal 329 Ordinal 386 Ordinal 332 Ordinal 334 Ordinal 339 Ordinal 338 Ordinal 320 Ordinal 327 Ordinal 388 Ordinal 387 Ordinal 323 Ordinal 324 Ordinal 154 Ordinal 403 Ordinal 169 Ordinal 73 Ordinal 152 1E ImageList_Add 20 ImageList_AddMasked 21 ImageList_BeginDrag 23 ImageList_Create 24 ImageList_Destroy 25 ImageList_DragEnter 26 ImageList_DragLeave 27 ImageList_DragMove 29 ImageList_Draw 2D ImageList_EndDrag 31 ImageList_GetIcon 3B ImageList_Remove 3D ImageList_ReplaceIcon 46 InitCommonControls 47 InitCommonControlsEx 4F PropertySheetW comdlg32.dll 7B128D78 Import Address Table 7B128244 Import Name Table 0 time date stamp 0 Index of first forwarder reference 8 GetFileTitleW A GetOpenFileNameW kernel32.dll 7B128DA4 Import Address Table 7B128270 Import Name Table 0 time date stamp 0 Index of first forwarder reference 0 ActivateActCtx 2A CancelIo 34 CloseHandle 39 CompareFileTime 3B CompareStringW 45 CopyFileExW 46 CopyFileW 49 CreateActCtxW 4E CreateDirectoryW 55 CreateFileMappingW 56 CreateFileW 69 CreateProcessW 6B CreateSemaphoreA 75 DeactivateActCtx 81 DeleteCriticalSection 83 DeleteFileA 84 DeleteFileW 8A DeviceIoControl 8B DisableThreadLibraryCalls 8F DosDateTimeToFileTime 98 EnterCriticalSection A6 EnumResourceNamesW BC ExpandEnvironmentStringsA BD ExpandEnvironmentStringsW C3 FileTimeToDosDateTime C4 FileTimeToLocalFileTime C5 FileTimeToSystemTime CE FindClose D5 FindFirstFileW DD FindNextFileW E6 FindResourceW EF FlushInstructionCache F3 FormatMessageA F4 FormatMessageW F7 FreeEnvironmentStringsW F8 FreeLibrary 102 GetBinaryTypeW 140 GetCurrentDirectoryA 141 GetCurrentDirectoryW 142 GetCurrentProcess 143 GetCurrentProcessId 146 GetCurrentThreadId 147 GetDateFormatA 148 GetDateFormatW 14E GetDiskFreeSpaceExA 14F GetDiskFreeSpaceExW 150 GetDiskFreeSpaceW 153 GetDriveTypeA 154 GetDriveTypeW 157 GetEnvironmentStringsW 158 GetEnvironmentVariableA 159 GetEnvironmentVariableW 15E GetFileAttributesA 160 GetFileAttributesExW 161 GetFileAttributesW 163 GetFileSize 165 GetFileTime 16A GetFullPathNameW 171 GetLastError 175 GetLocaleInfoW 178 GetLogicalDrives 17B GetLongPathNameW 17E GetModuleFileNameW 17F GetModuleHandleA 181 GetModuleHandleExW 182 GetModuleHandleW 190 GetNumberFormatW 198 GetPrivateProfileIntW 19E GetPrivateProfileStringW 1A1 GetProcAddress 1A4 GetProcessHeap 1B4 GetProfileStringW 1B6 GetShortPathNameA 1B7 GetShortPathNameW 1C3 GetSystemDirectoryW 1C9 GetSystemTime 1CB GetSystemTimeAsFileTime 1D0 GetSystemWow64DirectoryW 1DB GetThreadLocale 1E0 GetTickCount 1E1 GetTimeFormatA 1E2 GetTimeFormatW 1E9 GetVersion 1EC GetVolumeInformationA 1ED GetVolumeInformationW 1F5 GetWindowsDirectoryW 1F9 GlobalAlloc 200 GlobalFree 204 GlobalLock 206 GlobalMemoryStatusEx 20B GlobalUnlock 211 HeapAlloc 217 HeapFree 21B HeapReAlloc 21D HeapSize 224 InitializeCriticalSection 244 IsWow64Process 252 LeaveCriticalSection 253 LoadLibraryA 255 LoadLibraryExW 256 LoadLibraryW 258 LoadResource 259 LocalAlloc 25D LocalFree 260 LocalReAlloc 266 LockResource 269 MapViewOfFile 272 MoveFileW 274 MoveFileWithProgressW 276 MultiByteToWideChar 28E OutputDebugStringA 2A4 QueryPerformanceCounter 2A6 QueueUserAPC 2A8 RaiseException 2B5 ReadDirectoryChangesW 2B6 ReadFile 2C4 ReleaseSemaphore 2C6 RemoveDirectoryW 2DD SearchPathW 30B SetCurrentDirectoryA 30C SetCurrentDirectoryW 311 SetEndOfFile 315 SetEnvironmentVariableW 316 SetErrorMode 31B SetFileAttributesW 31D SetFilePointer 32A SetLastError 34C SetUnhandledExceptionFilter 350 SetVolumeLabelW 357 SizeofResource 358 Sleep 359 SleepEx 35D SystemTimeToFileTime 360 TerminateProcess 365 TlsAlloc 366 TlsFree 367 TlsGetValue 368 TlsSetValue 370 UnhandledExceptionFilter 373 UnmapViewOfFile 383 VirtualAlloc 385 VirtualFree 388 VirtualProtect 38A VirtualQuery 392 WaitForSingleObject 393 WaitForSingleObjectEx 396 WideCharToMultiByte 3A6 WriteFile 3AC WritePrivateProfileStringW 3BF lstrcatA 3C0 lstrcatW 3C3 lstrcmpW 3C5 lstrcmpiA 3C6 lstrcmpiW 3C8 lstrcpyA 3C9 lstrcpyW 3CB lstrcpynA 3CC lstrcpynW 3CE lstrlenA 3CF lstrlenW msvcrt.dll 7B129040 Import Address Table 7B12850C Import Name Table 0 time date stamp 0 Index of first forwarder reference 69 __dllonexit BD _amsg_exit BE _assert C4 _beginthreadex 135 _initterm 139 _iob 164 _lock 1A8 _memicmp 1B0 _onexit 1DF _snwprintf 1F2 _stricmp 1FE _strupr 213 _unlock 217 _vscwprintf 218 _vsnprintf 219 _vsnwprintf 220 _wcsdup 222 _wcsicmp 224 _wcslwr 226 _wcsnicmp 22D _wcsupr 269 _wtoi 272 abort 274 acos 27B atoi 27D bsearch 27E calloc 282 cos 297 fputc 298 fputs 29C free 2A4 fwrite 2B5 isprint 2C3 iswspace 2CF malloc 2D4 memcmp 2D5 memcpy 2D6 memmove 2D7 memset 2E2 qsort 2E5 realloc 2EE sin 2F0 sprintf 2F5 strchr 2F6 strcmp 2F8 strcpy 2F9 strcspn 2FC strlen 2FE strncmp 301 strrchr 309 swprintf 311 tolower 314 towupper 317 vfprintf 31A vsprintf 31B vswprintf 31D wcscat 31E wcschr 31F wcscmp 321 wcscpy 324 wcslen 329 wcsrchr 32B wcsstr 32E wcstol 330 wcstoul shlwapi.dll 7B129204 Import Address Table 7B1286D0 Import Name Table 0 time date stamp 0 Index of first forwarder reference 8 AssocQueryStringW Ordinal 164 Ordinal 256 Ordinal 172 Ordinal 481 Ordinal 509 Ordinal 176 Ordinal 484 Ordinal 163 Ordinal 174 Ordinal 478 Ordinal 479 Ordinal 2 17 PathAddBackslashW 19 PathAddExtensionW 1A PathAppendA 1B PathAppendW 1D PathBuildRootW 21 PathCombineW 29 PathCreateFromUrlW 2A PathFileExistsA 2B PathFileExistsW 2C PathFindExtensionA 2D PathFindExtensionW 2F PathFindFileNameW 33 PathFindOnPathW 37 PathGetArgsW 38 PathGetCharTypeA 39 PathGetCharTypeW 3B PathGetDriveNumberW 40 PathIsDirectoryEmptyW 41 PathIsDirectoryW 43 PathIsFileSpecW 47 PathIsNetworkPathW 4B PathIsRelativeW 4C PathIsRootA 4D PathIsRootW 4F PathIsSameRootW 57 PathIsUNCW 59 PathIsURLW 5F PathMatchSpecW 61 PathParseIconLocationW 63 PathQuoteSpacesW 67 PathRemoveArgsW 69 PathRemoveBackslashW 6B PathRemoveBlanksW 6D PathRemoveExtensionW 6E PathRemoveFileSpecA 6F PathRemoveFileSpecW 73 PathSearchAndQualifyW 75 PathSetDlgItemPathW 78 PathStripPathA 79 PathStripPathW 7B PathStripToRootW 7D PathUnExpandEnvStringsW 82 PathUnquoteSpacesA 83 PathUnquoteSpacesW Ordinal 20 Ordinal 7 Ordinal 215 86 SHCopyKeyW 89 SHCreateStreamOnFileEx 8A SHCreateStreamOnFileW Ordinal 16 Ordinal 278 90 SHDeleteKeyW Ordinal 464 Ordinal 460 Ordinal 22 Ordinal 545 Ordinal 19 Ordinal 10 9C SHGetValueW Ordinal 8 Ordinal 179 A4 SHQueryValueExA A5 SHQueryValueExW Ordinal 18 B7 SHRegGetUSValueW C3 SHRegSetUSValueW Ordinal 21 CA SHSetValueW Ordinal 165 Ordinal 186 Ordinal 24 Ordinal 217 Ordinal 9 Ordinal 17 DB StrChrW DC StrCmpIW E2 StrCmpW E3 StrCpyNW E6 StrDupW E7 StrFormatByteSize64A E9 StrFormatByteSizeW EA StrFormatKBSizeA EB StrFormatKBSizeW F3 StrPBrkW F7 StrRChrW FA StrRetToBSTR FC StrRetToBufW FE StrRetToStrW 109 StrToIntA 10C StrToIntW 10E StrTrimW 126 UrlIsW 12A wnsprintfW msvcrt.dll 7B129400 Import Address Table 7B1288CC Import Name Table 0 time date stamp 0 Index of first forwarder reference E _write gdi32.dll 7B129408 Import Address Table 7B1288D4 Import Name Table 0 time date stamp 0 Index of first forwarder reference 12 BitBlt 27 CreateBitmap 2C CreateCompatibleBitmap 2D CreateCompatibleDC 32 CreateDIBSection 3D CreateFontIndirectW 3E CreateFontW 42 CreateICW 47 CreatePen 50 CreateSolidBrush 8E DeleteDC 91 DeleteObject 96 Ellipse E0 ExtTextOutW 16D GetDIBits 16E GetDeviceCaps 19A GetObjectW 1A8 GetStockObject 1B8 GetTextExtentPoint32W 1C0 GetTextMetricsW 1D0 LineTo 1D1 MaskBlt 1D4 MoveToEx 1E2 Pie 211 SelectObject 218 SetBkColor 219 SetBkMode 222 SetDIBits 23F SetTextColor 24C StretchBlt user32.dll 7B129490 Import Address Table 7B12895C Import Name Table 0 time date stamp 0 Index of first forwarder reference 1 AdjustWindowRect 9 AppendMenuW C BeginDeferWindowPos D BeginPaint F BringWindowToTop 1A CallNextHookEx 1C CallWindowProcW 28 CharLowerBuffW 29 CharLowerW 39 CheckMenuItem 3A CheckMenuRadioItem 3B CheckRadioButton 40 ClientToScreen 48 CopyIcon 49 CopyImage 56 CreateDialogParamW 5A CreateIconIndirect 5D CreateMenu 5E CreatePopupMenu 61 CreateWindowExW 67 DdeAccessData 69 DdeClientTransaction 6B DdeConnect 6F DdeCreateStringHandleW 70 DdeDisconnect 73 DdeFreeDataHandle 74 DdeFreeStringHandle 76 DdeGetLastError 79 DdeInitializeA 7A DdeInitializeW 7C DdeNameService 81 DdeQueryStringW 85 DdeUnaccessData 86 DdeUninitialize 8F DefWindowProcW 90 DeferWindowPos 91 DeleteMenu 92 DeregisterShellHookWindow 96 DestroyIcon 97 DestroyMenu 99 DestroyWindow 9D DialogBoxIndirectParamW 9F DialogBoxParamW A2 DispatchMessageW B3 DrawFocusRect B5 DrawFrameControl B7 DrawIconEx BE DrawTextExW BF DrawTextW C2 EnableMenuItem C4 EnableWindow C5 EndDeferWindowPos C6 EndDialog C8 EndPaint DE EnumWindows E1 ExitWindowsEx E2 FillRect E5 FindWindowExW E6 FindWindowW E9 FrameRect EF GetAncestor F2 GetAsyncKeyState F3 GetCapture FD GetClassNameW FF GetClientRect 102 GetClipboardFormatNameA 10B GetCursorPos 10C GetDC 10E GetDesktopWindow 110 GetDlgCtrlID 111 GetDlgItem 112 GetDlgItemInt 114 GetDlgItemTextW 116 GetFocus 117 GetForegroundWindow 11A GetIconInfo 121 GetKeyState 130 GetMenuDefaultItem 131 GetMenuInfo 132 GetMenuItemCount 133 GetMenuItemID 135 GetMenuItemInfoW 136 GetMenuItemRect 13C GetMessagePos 13E GetMessageW 145 GetParent 14B GetPropW 156 GetScrollPos 159 GetSubMenu 15A GetSysColor 15B GetSysColorBrush 15C GetSystemMenu 15D GetSystemMetrics 16A GetWindow 16C GetWindowDC 16E GetWindowLongA 16F GetWindowLongW 174 GetWindowRect 179 GetWindowTextLengthW 17A GetWindowTextW 18A InflateRect 18D InsertMenuA 18F InsertMenuItemW 190 InsertMenuW 193 InvalidateRect 19E IsChild 1A3 IsDlgButtonChecked 1AD IsWindow 1B5 KillTimer 1B7 LoadAcceleratorsW 1BA LoadCursorA 1BD LoadCursorW 1BF LoadIconW 1C1 LoadImageW 1C9 LoadMenuW 1CB LoadStringA 1CC LoadStringW 1DA MapWindowPoints 1DF MessageBoxA 1E6 MessageBoxW 1EC MoveWindow 1F5 OffsetRect 1FE PaintDesktop 203 PostMessageW 204 PostQuitMessage 20B PrivateExtractIconsW 20C PtInRect 218 RegisterClassExW 21A RegisterClipboardFormatA 21B RegisterClipboardFormatW 223 RegisterShellHookWindow 229 ReleaseCapture 22A ReleaseDC 22D RemovePropW 230 ScreenToClient 236 SendDlgItemMessageW 23A SendMessageA 23F SendMessageW 242 SetActiveWindow 243 SetCapture 24C SetCursor 251 SetDlgItemInt 253 SetDlgItemTextW 255 SetFocus 256 SetForegroundWindow 25E SetMenuDefaultItem 25F SetMenuInfo 262 SetMenuItemInfoW 265 SetParent 26A SetPropW 26B SetRect 271 SetShellWindowEx 277 SetTaskmanWindow 279 SetTimer 27F SetWindowLongA 280 SetWindowLongW 282 SetWindowPos 285 SetWindowTextA 286 SetWindowTextW 28A SetWindowsHookExW 291 ShowWindow 299 SystemParametersInfoW 2A3 TrackPopupMenu 2A4 TrackPopupMenuEx 2A7 TranslateAcceleratorW 2A9 TranslateMessage 2AD UnhookWindowsHookEx 2BB UpdateWindow 2CD WaitForInputIdle 2D3 WindowFromPoint 2D6 wsprintfA 2D7 wsprintfW SECTION HEADER #7 .CRT name 2C virtual size 10D000 virtual address (7B12D000 to 7B12D02B) 200 size of raw data 107C00 file pointer to raw data (00107C00 to 00107DFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0300040 flags Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Read Write SECTION HEADER #8 .tls name 8 virtual size 10E000 virtual address (7B12E000 to 7B12E007) 200 size of raw data 107E00 file pointer to raw data (00107E00 to 00107FFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0300040 flags Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Read Write SECTION HEADER #9 .rsrc name 6A64FC virtual size 10F000 virtual address (7B12F000 to 7B7D54FB) 6A6600 size of raw data 108000 file pointer to raw data (00108000 to 007AE5FF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0300040 flags Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Read Write SECTION HEADER #A .reloc name EE20 virtual size 7B6000 virtual address (7B7D6000 to 7B7E4E1F) F000 size of raw data 7AE600 file pointer to raw data (007AE600 to 007BD5FF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 42300040 flags Initialized Data RESERVED - UNKNOWN RESERVED - UNKNOWN Discardable Read Only SECTION HEADER #B .rossym name 125148 virtual size 7C5000 virtual address (7B7E5000 to 7B90A147) 125200 size of raw data 7BD600 file pointer to raw data (007BD600 to 008E27FF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 42000802 flags RESERVED - UNKNOWN Remove Discardable Read Only Summary 1000 .CRT 2000 .bss 7000 .data 4000 .edata 5000 .idata 28000 .rdata F000 .reloc 126000 .rossym 6A7000 .rsrc D2000 .text 1000 .tls