msg

17408 bytes

NT Headers	Data Directory	Section Headers
Export Directory	.: RESiSTANCE IS FUTiLE 2004 :.	Import Directory

IMAGE_DOS_HEADER

Offset	RVA	Description	Value
00000000	00000000	e_magic	"MZ"
00000002	00000002	e_cblp	0050
00000004	00000004	e_cp	0002
00000006	00000006	e_crlc	0000
00000008	00000008	e_cparhdr	0004
0000000A	0000000A	e_minalloc	000F
0000000C	0000000C	e_maxalloc	FFFF
0000000E	0000000E	e_ss	0000
00000010	00000010	e_sp	00B8
00000012	00000012	e_csum	0000
00000014	00000014	e_ip	0000
00000016	00000016	e_cs	0000
00000018	00000018	e_lfarlc	0040
0000001A	0000001A	e_ovno	001A
0000001C	0000001C	e_res	0000000000000000
00000024	00000024	e_oemid	0000
00000026	00000026	e_oeminfo	0000
00000028	00000028	e_res2	0000000000000000000000000000000000000000
0000003C	0000003C	e_lfanew	00000100

IMAGE_NT_HEADERS

Offset	RVA	Description	Value
00000100	00000100	Signature	"PE"

IMAGE_FILE_HEADER

Offset	RVA	Description	Value
00000104	00000104	Machine	014C
			Intel i860
00000106	00000106	NumberOfSections	0009
00000108	00000108	TimeDateStamp	2A425E19
0000010C	0000010C	PointerToSymbolTable	00000000
00000110	00000110	NumberOfSymbols	00000000
00000114	00000114	SizeOfOptionalHeader	00E0
00000116	00000116	Characteristics	818E
			File is Exe

IMAGE_OPTIONAL_HEADER

Offset	RVA	Description	Value
00000118	00000118	Magic	010B
0000011A	0000011A	MajorLinkerVersion	02
0000011B	0000011B	MinorLinkerVersion	19
			02.19
0000011C	0000011C	SizeOfCode	00002C00
00000120	00000120	SizeOfInitializedData	00001400
00000124	00000124	SizeOfUninitializedData	00000000
00000128	00000128	AddressOfEntryPoint	000040AC
			".itext"
0000012C	0000012C	BaseOfCode	00001000
			".text"
00000130	00000130	BaseOfData	00005000
			".data"
00000134	00000134	ImageBase	00400000
00000138	00000138	SectionAlignment	00001000
0000013C	0000013C	FileAlignment	00000200
00000140	00000140	MajorOperatingSystemVersion	0004
00000142	00000142	MinorOperatingSystemVersion	0000
			0004.0000
00000144	00000144	MajorImageVersion	0000
00000146	00000146	MinorImageVersion	0000
			0000.0000
00000148	00000148	MajorSubsystemVersion	0004
0000014A	0000014A	MinorSubsystemVersion	0000
			0004.0000
0000014C	0000014C	Win32VersionValue	00000000
00000150	00000150	SizeOfImage	0000E000
00000154	00000154	SizeOfHeaders	00000400
00000158	00000158	CheckSum	00000000
0000015C	0000015C	Subsystem	0002
			Windows GUI
0000015E	0000015E	DllCharacteristics	0000
00000160	00000160	SizeOfStackReserve	00100000
00000164	00000164	SizeOfStackCommit	00004000
00000168	00000168	SizeOfHeapReserve	00100000
0000016C	0000016C	SizeOfHeapCommit	00001000
00000170	00000170	LoaderFlags	00000000
00000174	00000174	NumberOfRvaAndSizes	00000010

IMAGE_DATA_DIRECTORY

Offset	RVA	Description	Value
00000178	00000178	Export.VirtualAddress	00000000
0000017C	0000017C	Export.isize	00000000
00000180	00000180	Import.VirtualAddress	00009000
00000184	00000184	Import.isize	0000038C
			".idata"
00000188	00000188	Resource.VirtualAddress	0000D000
0000018C	0000018C	Resource.isize	00000200
			".rsrc"
00000190	00000190	Exception.VirtualAddress	00000000
00000194	00000194	Exception.isize	00000000
00000198	00000198	Security.VirtualAddress	00000000
0000019C	0000019C	Security.isize	00000000
000001A0	000001A0	BaseReloc.VirtualAddress	0000C000
000001A4	000001A4	BaseReloc.isize	000002E4
			".reloc"
000001A8	000001A8	Debug.VirtualAddress	00000000
000001AC	000001AC	Debug.isize	00000000
000001B0	000001B0	Copyright.VirtualAddress	00000000
000001B4	000001B4	Copyright.isize	00000000
000001B8	000001B8	GlobalPtr.VirtualAddress	00000000
000001BC	000001BC	GlobalPtr.isize	00000000
000001C0	000001C0	TLS.VirtualAddress	0000B000
000001C4	000001C4	TLS.isize	00000018
			".rdata"
000001C8	000001C8	Load Config.VirtualAddress	00000000
000001CC	000001CC	Load Config.isize	00000000
000001D0	000001D0	Bound Import.VirtualAddress	00000000
000001D4	000001D4	Bound Import.isize	00000000
000001D8	000001D8	IAT.VirtualAddress	00009110
000001DC	000001DC	IAT.isize	00000084
			".idata"

IMAGE_SECTION_HEADER

Offset	RVA	Description	Value
000001F8	000001F8	Name1	".text"
00000200	00000200	Misc.VirtualSize	000028D4
00000204	00000204	VirtualAddress	00001000
00000208	00000208	SizeOfRawData	00002A00
0000020C	0000020C	PointerToRawData	00000400
00000210	00000210	PointerToRelocations	00000000
00000214	00000214	PointerToLinenumbers	00000000
00000218	00000218	NumberOfRelocations	0000
0000021A	0000021A	NumberOfLinenumbers	0000
0000021C	0000021C	Characteristics	60000020
			Readable \|\| Executable \|\| Code

IMAGE_SECTION_HEADER

Offset	RVA	Description	Value
00000220	00000220	Name1	".itext"
00000228	00000228	Misc.VirtualSize	000000E4
0000022C	0000022C	VirtualAddress	00004000
00000230	00000230	SizeOfRawData	00000200
00000234	00000234	PointerToRawData	00002E00
00000238	00000238	PointerToRelocations	00000000
0000023C	0000023C	PointerToLinenumbers	00000000
00000240	00000240	NumberOfRelocations	0000
00000242	00000242	NumberOfLinenumbers	0000
00000244	00000244	Characteristics	60000020
			Readable \|\| Executable \|\| Code

IMAGE_SECTION_HEADER

Offset	RVA	Description	Value
00000248	00000248	Name1	".data"
00000250	00000250	Misc.VirtualSize	00000790
00000254	00000254	VirtualAddress	00005000
00000258	00000258	SizeOfRawData	00000800
0000025C	0000025C	PointerToRawData	00003000
00000260	00000260	PointerToRelocations	00000000
00000264	00000264	PointerToLinenumbers	00000000
00000268	00000268	NumberOfRelocations	0000
0000026A	0000026A	NumberOfLinenumbers	0000
0000026C	0000026C	Characteristics	C0000040
			Writeable \|\| Readable \|\| Data

IMAGE_SECTION_HEADER

Offset	RVA	Description	Value
00000270	00000270	Name1	".bss"
00000278	00000278	Misc.VirtualSize	000027F0
0000027C	0000027C	VirtualAddress	00006000
00000280	00000280	SizeOfRawData	00000000
00000284	00000284	PointerToRawData	00003800
00000288	00000288	PointerToRelocations	00000000
0000028C	0000028C	PointerToLinenumbers	00000000
00000290	00000290	NumberOfRelocations	0000
00000292	00000292	NumberOfLinenumbers	0000
00000294	00000294	Characteristics	C0000000
			Writeable \|\| Readable

IMAGE_SECTION_HEADER

Offset	RVA	Description	Value
00000298	00000298	Name1	".idata"
000002A0	000002A0	Misc.VirtualSize	0000038C
000002A4	000002A4	VirtualAddress	00009000
000002A8	000002A8	SizeOfRawData	00000400
000002AC	000002AC	PointerToRawData	00003800
000002B0	000002B0	PointerToRelocations	00000000
000002B4	000002B4	PointerToLinenumbers	00000000
000002B8	000002B8	NumberOfRelocations	0000
000002BA	000002BA	NumberOfLinenumbers	0000
000002BC	000002BC	Characteristics	C0000040
			Writeable \|\| Readable \|\| Data

IMAGE_SECTION_HEADER

Offset	RVA	Description	Value
000002C0	000002C0	Name1	".tls"
000002C8	000002C8	Misc.VirtualSize	00000008
000002CC	000002CC	VirtualAddress	0000A000
000002D0	000002D0	SizeOfRawData	00000000
000002D4	000002D4	PointerToRawData	00003C00
000002D8	000002D8	PointerToRelocations	00000000
000002DC	000002DC	PointerToLinenumbers	00000000
000002E0	000002E0	NumberOfRelocations	0000
000002E2	000002E2	NumberOfLinenumbers	0000
000002E4	000002E4	Characteristics	C0000000
			Writeable \|\| Readable

IMAGE_SECTION_HEADER

Offset	RVA	Description	Value
000002E8	000002E8	Name1	".rdata"
000002F0	000002F0	Misc.VirtualSize	00000018
000002F4	000002F4	VirtualAddress	0000B000
000002F8	000002F8	SizeOfRawData	00000200
000002FC	000002FC	PointerToRawData	00003C00
00000300	00000300	PointerToRelocations	00000000
00000304	00000304	PointerToLinenumbers	00000000
00000308	00000308	NumberOfRelocations	0000
0000030A	0000030A	NumberOfLinenumbers	0000
0000030C	0000030C	Characteristics	40000040
			Readable \|\| Data

IMAGE_SECTION_HEADER

Offset	RVA	Description	Value
00000310	00000310	Name1	".reloc"
00000318	00000318	Misc.VirtualSize	000002E4
0000031C	0000031C	VirtualAddress	0000C000
00000320	00000320	SizeOfRawData	00000400
00000324	00000324	PointerToRawData	00003E00
00000328	00000328	PointerToRelocations	00000000
0000032C	0000032C	PointerToLinenumbers	00000000
00000330	00000330	NumberOfRelocations	0000
00000332	00000332	NumberOfLinenumbers	0000
00000334	00000334	Characteristics	42000040
			Readable \|\| Discardable \|\| Data

IMAGE_SECTION_HEADER

Offset	RVA	Description	Value
00000338	00000338	Name1	".rsrc"
00000340	00000340	Misc.VirtualSize	00000200
00000344	00000344	VirtualAddress	0000D000
00000348	00000348	SizeOfRawData	00000200
0000034C	0000034C	PointerToRawData	00004200
00000350	00000350	PointerToRelocations	00000000
00000354	00000354	PointerToLinenumbers	00000000
00000358	00000358	NumberOfRelocations	0000
0000035A	0000035A	NumberOfLinenumbers	0000
0000035C	0000035C	Characteristics	40000040
			Readable \|\| Data

IMAGE_IMPORT_DESCRIPTOR

Offset	RVA	Description	Value
00003800	00009000	OriginalFirstThunk	0000908C
00003804	00009004	TimeDateStamp	00000000
00003808	00009008	ForwarderChain	00000000
0000380C	0000900C	Name1	00009194 "advapi32.dll"
00003810	00009010	FirstThunk	00009110

DESCRIPTION :

Thunk (ILT)	Ord	Name	Thunk (IAT)	Ord	Name
91A2	0000	RegQueryValueExA	91A2	0000	RegQueryValueExA
91B6	0000	RegOpenKeyExA	91B6	0000	RegOpenKeyExA
91C6	0000	RegCloseKey	91C6	0000	RegCloseKey

IMAGE_IMPORT_DESCRIPTOR

Offset	RVA	Description	Value
00003814	00009014	OriginalFirstThunk	0000909C
00003818	00009018	TimeDateStamp	00000000
0000381C	0000901C	ForwarderChain	00000000
00003820	00009020	Name1	000091D4 "user32.dll"
00003824	00009024	FirstThunk	00009120

DESCRIPTION :

Thunk (ILT)	Ord	Name	Thunk (IAT)	Ord	Name
91E0	0000	GetKeyboardType	91E0	0000	GetKeyboardType
91F2	0000	DestroyWindow	91F2	0000	DestroyWindow
9202	0000	MessageBoxA	9202	0000	MessageBoxA

IMAGE_IMPORT_DESCRIPTOR

Offset	RVA	Description	Value
00003828	00009028	OriginalFirstThunk	000090AC
0000382C	0000902C	TimeDateStamp	00000000
00003830	00009030	ForwarderChain	00000000
00003834	00009034	Name1	00009210 "kernel32.dll"
00003838	00009038	FirstThunk	00009130

DESCRIPTION :

Thunk (ILT)	Ord	Name	Thunk (IAT)	Ord	Name
921E	0000	GetACP	921E	0000	GetACP
9228	0000	Sleep	9228	0000	Sleep
9230	0000	VirtualFree	9230	0000	VirtualFree
923E	0000	VirtualAlloc	923E	0000	VirtualAlloc
924E	0000	GetCurrentThreadId	924E	0000	GetCurrentThreadId
9264	0000	VirtualQuery	9264	0000	VirtualQuery
9274	0000	GetStartupInfoA	9274	0000	GetStartupInfoA
9286	0000	GetCommandLineA	9286	0000	GetCommandLineA
9298	0000	FreeLibrary	9298	0000	FreeLibrary
92A6	0000	ExitProcess	92A6	0000	ExitProcess
92B4	0000	WriteFile	92B4	0000	WriteFile
92C0	0000	UnhandledExceptionFilter	92C0	0000	UnhandledExceptionFilter
92DC	0000	RtlUnwind	92DC	0000	RtlUnwind
92E8	0000	RaiseException	92E8	0000	RaiseException
92FA	0000	GetStdHandle	92FA	0000	GetStdHandle

IMAGE_IMPORT_DESCRIPTOR

Offset	RVA	Description	Value
0000383C	0000903C	OriginalFirstThunk	000090EC
00003840	00009040	TimeDateStamp	00000000
00003844	00009044	ForwarderChain	00000000
00003848	00009048	Name1	0000930A "kernel32.dll"
0000384C	0000904C	FirstThunk	00009170

DESCRIPTION :

Thunk (ILT)	Ord	Name	Thunk (IAT)	Ord	Name
9318	0000	TlsSetValue	9318	0000	TlsSetValue
9326	0000	TlsGetValue	9326	0000	TlsGetValue
9334	0000	LocalAlloc	9334	0000	LocalAlloc
9342	0000	GetModuleHandleA	9342	0000	GetModuleHandleA

IMAGE_IMPORT_DESCRIPTOR

Offset	RVA	Description	Value
00003850	00009050	OriginalFirstThunk	00009100
00003854	00009054	TimeDateStamp	00000000
00003858	00009058	ForwarderChain	00000000
0000385C	0000905C	Name1	00009356 "user32.dll"
00003860	00009060	FirstThunk	00009184

DESCRIPTION :

Thunk (ILT)	Ord	Name	Thunk (IAT)	Ord	Name
9362	0000	MessageBoxA	9362	0000	MessageBoxA

IMAGE_IMPORT_DESCRIPTOR

Offset	RVA	Description	Value
00003864	00009064	OriginalFirstThunk	00009108
00003868	00009068	TimeDateStamp	00000000
0000386C	0000906C	ForwarderChain	00000000
00003870	00009070	Name1	00009370 "kernel32.dll"
00003874	00009074	FirstThunk	0000918C

DESCRIPTION :

Thunk (ILT)	Ord	Name	Thunk (IAT)	Ord	Name
937E	0000	FreeLibrary	937E	0000	FreeLibrary

Created with PE2HTML v2.1 - by the Dr. rED mEAT and Jupiter
RESiSTANCE IS FUTiLE