-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathloadtest64.exe.txt
222 lines (205 loc) · 8.11 KB
/
loadtest64.exe.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
Microsoft (R) COFF/PE Dumper Version 11.00.61030.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file loadtest64.exe
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
8664 machine (x64)
5 number of sections
5E335AF4 time date stamp Fri Jan 31 07:38:44 2020
0 file pointer to symbol table
0 number of symbols
F0 size of optional header
22 characteristics
Executable
Application can handle large (>2GB) addresses
OPTIONAL HEADER VALUES
20B magic # (PE32+)
11.00 linker version
7800 size of code
AA00 size of initialized data
0 size of uninitialized data
1374 entry point (0000000140001374)
1000 base of code
140000000 image base (0000000140000000 to 0000000140015FFF)
1000 section alignment
200 file alignment
6.00 operating system version
0.00 image version
6.00 subsystem version
0 Win32 version
16000 size of image
400 size of headers
0 checksum
3 subsystem (Windows CUI)
8160 DLL characteristics
High Entropy Virtual Addresses
Dynamic base
NX compatible
Terminal Server Aware
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
E9F4 [ 28] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
14000 [ 7C8] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
15000 [ 52C] RVA [size] of Base Relocation Directory
0 [ 0] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
E240 [ 70] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
9000 [ 218] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
76BC virtual size
1000 virtual address (0000000140001000 to 00000001400086BB)
7800 size of raw data
400 file pointer to raw data (00000400 to 00007BFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
SECTION HEADER #2
.rdata name
610C virtual size
9000 virtual address (0000000140009000 to 000000014000F10B)
6200 size of raw data
7C00 file pointer to raw data (00007C00 to 0000DDFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
Section contains the following imports:
KERNEL32.dll
140009000 Import Address Table
14000EA20 Import Name Table
0 time date stamp
0 Index of first forwarder reference
1BE FreeLibrary
3C3 LoadLibraryA
1E8 GetCommandLineA
386 IsDebuggerPresent
140 EncodePointer
118 DecodePointer
38B IsProcessorFeaturePresent
144 EnterCriticalSection
3C0 LeaveCriticalSection
4C8 RtlUnwindEx
2E4 GetStdHandle
25E GetFileType
36F InitializeCriticalSectionAndSpinCount
11F DeleteCriticalSection
2DE GetStartupInfoW
270 GetLastError
525 SetLastError
22E GetCurrentThreadId
173 ExitProcess
286 GetModuleHandleExW
2BC GetProcAddress
3EF MultiByteToWideChar
601 WriteFile
283 GetModuleFileNameW
2C1 GetProcessHeap
282 GetModuleFileNameA
43F QueryPerformanceCounter
22A GetCurrentProcessId
2FB GetSystemTimeAsFileTime
247 GetEnvironmentStringsW
1BD FreeEnvironmentStringsW
5ED WideCharToMultiByte
4BB RtlCaptureContext
4C2 RtlLookupFunctionEntry
4C9 RtlVirtualUnwind
5A0 UnhandledExceptionFilter
55F SetUnhandledExceptionFilter
229 GetCurrentProcess
57E TerminateProcess
590 TlsAlloc
592 TlsGetValue
593 TlsSetValue
591 TlsFree
287 GetModuleHandleW
35A HeapFree
56E Sleep
1FC GetConsoleCP
20E GetConsoleMode
518 SetFilePointerEx
390 IsValidCodePage
1C4 GetACP
2A7 GetOEMCP
1D3 GetCPInfo
3C5 LoadLibraryExW
418 OutputDebugStringW
3C6 LoadLibraryW
1B3 FlushFileBuffers
356 HeapAlloc
35D HeapReAlloc
53D SetStdHandle
600 WriteConsoleW
2E9 GetStringTypeW
35F HeapSize
3B4 LCMapStringW
8E CloseHandle
D6 CreateFileW
SECTION HEADER #3
.data name
3668 virtual size
10000 virtual address (0000000140010000 to 0000000140013667)
1400 size of raw data
DE00 file pointer to raw data (0000DE00 to 0000F1FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write
SECTION HEADER #4
.pdata name
7C8 virtual size
14000 virtual address (0000000140014000 to 00000001400147C7)
800 size of raw data
F200 file pointer to raw data (0000F200 to 0000F9FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
SECTION HEADER #5
.reloc name
684 virtual size
15000 virtual address (0000000140015000 to 0000000140015683)
800 size of raw data
FA00 file pointer to raw data (0000FA00 to 000101FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42000040 flags
Initialized Data
Discardable
Read Only
Summary
4000 .data
1000 .pdata
7000 .rdata
1000 .reloc
8000 .text