Microsoft (R) COFF/PE Dumper Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file csrss.exe PE signature found File Type: EXECUTABLE IMAGE FILE HEADER VALUES 14C machine (x86) 3 number of sections 3E800160 time date stamp Tue Mar 25 16:12:32 2003 0 file pointer to symbol table 0 number of symbols E0 size of optional header 10E characteristics Executable Line numbers stripped Symbols stripped 32 bit word machine OPTIONAL HEADER VALUES 10B magic # (PE32) 7.10 linker version 600 size of code 600 size of initialized data 0 size of uninitialized data 10EA entry point (4A6810EA) 1000 base of code 2000 base of data 4A680000 image base (4A680000 to 4A683FFF) 1000 section alignment 200 file alignment 5.02 operating system version 5.02 image version 5.02 subsystem version 0 Win32 version 4000 size of image 400 size of headers BE31 checksum 1 subsystem (Native) 400 DLL characteristics No structured exception handler 40000 size of stack reserve 3000 size of stack commit 100000 size of heap reserve 1000 size of heap commit 0 loader flags 10 number of directories 0 [ 0] RVA [size] of Export Directory 1344 [ 3C] RVA [size] of Import Directory 2000 [ 3F0] RVA [size] of Resource Directory 0 [ 0] RVA [size] of Exception Directory 0 [ 0] RVA [size] of Certificates Directory 3000 [ 28] RVA [size] of Base Relocation Directory 1030 [ 1C] RVA [size] of Debug Directory 0 [ 0] RVA [size] of Architecture Directory 0 [ 0] RVA [size] of Global Pointer Directory 0 [ 0] RVA [size] of Thread Storage Directory 0 [ 0] RVA [size] of Load Configuration Directory 238 [ 30] RVA [size] of Bound Import Directory 1000 [ 30] RVA [size] of Import Address Table Directory 0 [ 0] RVA [size] of Delay Import Directory 0 [ 0] RVA [size] of COM Descriptor Directory 0 [ 0] RVA [size] of Reserved Directory SECTION HEADER #1 .text name 4B0 virtual size 1000 virtual address (4A681000 to 4A6814AF) 600 size of raw data 400 file pointer to raw data (00000400 to 000009FF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60000020 flags Code Execute Read Debug Directories Time Type Size RVA Pointer -------- ------ -------- -------- -------- 3E800160 cv 1A 0000104C 44C Format: NB10, 3E800160, 1, csrss.pdb Section contains the following imports: ntdll.dll 4A681008 Import Address Table 4A681388 Import Name Table FFFFFFFF time date stamp FFFFFFFF Index of first forwarder reference 77F4360B 17E NtTerminateProcess 77F72BB2 345 RtlSetProcessIsCritical 77F4361F 17F NtTerminateThread 77F433C7 161 NtSetInformationProcess 77F43847 F DbgBreakPoint 77F472DC 1B9 RtlAllocateHeap 77F47D27 262 RtlFreeAnsiString 77F482BA 36F RtlUnicodeStringToAnsiString 77F5A11D 2F2 RtlNormalizeProcessParams CSRSRV.dll 4A681000 Import Address Table 4A681380 Import Name Table FFFFFFFF time date stamp FFFFFFFF Index of first forwarder reference 75A52E6B 19 CsrServerInitialization Header contains the following bound import information: Bound to ntdll.dll [3E802494] Tue Mar 25 18:42:44 2003 Bound to CSRSRV.dll [3E8024A2] Tue Mar 25 18:42:58 2003 SECTION HEADER #2 .rsrc name 3F0 virtual size 2000 virtual address (4A682000 to 4A6823EF) 400 size of raw data A00 file pointer to raw data (00000A00 to 00000DFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 42000040 flags Initialized Data Discardable Read Only SECTION HEADER #3 .reloc name 4A virtual size 3000 virtual address (4A683000 to 4A683049) 200 size of raw data E00 file pointer to raw data (00000E00 to 00000FFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 42000040 flags Initialized Data Discardable Read Only Summary 1000 .reloc 1000 .rsrc 1000 .text