QuickTimeInstaller.exe : TECHNICAL FILE INFORMATION
QuickTimeInstaller.exe
File Type Description : Portable Executable (PE)
Entry Point RVA: 0000A8C4h
Entry Point RAW: 0000A8C4h
FILE CHARACTERISTICS :
Relocation info stripped from file
File is executable (i.e. no unresolved external references)
Machine based on 32-bit-word architecture
FILE HEADER :
Machine: 014Ch (i386 or later, and compatible)
Number of Sections: 0004h
Time Date Stamp: 55CE8EF0h -> 15/08/2015 03:59:28
Symbols Pointer: 00000000h
Number Of Symbols: 00000000h
Size Of Optional Header: 00E0h
Flags: 0103h
OPTIONAL HEADER :
Magic 010Bh ( PE32 : normal 32-bit )
Linker version 8.00
Size of code 00011000h
Size of initialized data 027E7000h
Size of uninitialized data 00000000h
Address of Entry Point (RVA) 0000A8C4h
Base of code 00001000h
Base of data 00012000h
Image base 00400000h
Section Alignment 00001000h
File Alignment 00001000h
Required OS version 4.00
Image version 0.00
Subsystem version 4.00
Reserved1 0
Size of image 027F9000h ( 41914368 bytes)
Size of headers 00001000h
Checksum 027FA8F5h
Subsystem 0002h (Image runs in the Windows GUI subsystem)
DLL Characteristics 0000h
Size of Stack Reserve 00100000h
Size of Stack Commit 00001000h
Size of Heap Reserve 00100000h
Size of Heap Commit 00001000h
loader flags 00000000h (obsolete)
Number of Data Directory 00000010h
DATA DIRECTORY (Virtual Address and Size)
Export Directory rva:
Import Directory rva: 0001438Ch size: 0000003Ch
Resource Directory rva: 0001B000h size: 027DDB80h
Exception table rva:
Security table rva: 027F5000h size: 00001940h
Base Relocation table rva:
Debug Directory rva: 000121D0h size: 0000001Ch
Architecture Specific Data rva:
Global Pointer rva:
TLS Directory rva:
Load config table rva: 00013DE8h size: 00000040h
Bound Import table rva:
Import Address Table rva: 00012000h size: 00000184h
Delay import descriptor rva:
COM descriptor rva:
unused rva:
SECTION TABLE
01 .text
VirtAddr: 00001000h VirtSize: 00010B94h
raw data offs: 00001000h raw data size: 00011000h
relocation offs: 00000000h relocations: 00000000h
line # offs: 00000000h line #'s: 00000000h
characteristics: 60000020h
CODE EXECUTE READ ALIGN_DEFAULT(16)
02 .rdata
VirtAddr: 00012000h VirtSize: 00002C04h
raw data offs: 00012000h raw data size: 00003000h
relocation offs: 00000000h relocations: 00000000h
line # offs: 00000000h line #'s: 00000000h
characteristics: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
03 .data
VirtAddr: 00015000h VirtSize: 000052DCh
raw data offs: 00015000h raw data size: 00002000h
relocation offs: 00000000h relocations: 00000000h
line # offs: 00000000h line #'s: 00000000h
characteristics: C0000040h
INITIALIZED_DATA READ WRITE ALIGN_DEFAULT(16)
04 .rsrc
VirtAddr: 0001B000h VirtSize: 027DDB80h
raw data offs: 00017000h raw data size: 027DE000h
relocation offs: 00000000h relocations: 00000000h
line # offs: 00000000h line #'s: 00000000h
characteristics: 40000040h
INITIALIZED_DATA READ ALIGN_DEFAULT(16)
IMPORTS TABLE:
msi.dll
Import Lookup Table RVA: 00014544h (Unbound IAT)
TimeDateStamp: 00000000h
ForwarderChain: 00000000h
DLL Name RVA: 0001454Ch
Import Address Table RVA: 0001217Ch
First thunk RVA: 0001217Ch
Ordn Name
----- -----
112
KERNEL32.dll
Import Lookup Table RVA: 000143C8h (Unbound IAT)
TimeDateStamp: 00000000h
ForwarderChain: 00000000h
DLL Name RVA: 00014778h
Import Address Table RVA: 00012000h
First thunk RVA: 00012000h
Ordn Name
784 SetEndOfFile
600 LocalAlloc
604 LocalFree
853 SizeofResource
613 LockResource
599 LoadResource
227 FindResourceA
381 GetModuleFileNameA
250 FreeResource
793 SetFileAttributesA
52 CloseHandle
799 SetFileTime
602 LocalFileTimeToFileTime
143 DosDateTimeToFileTime
83 CreateFileA
708 RemoveDirectoryA
131 DeleteFileA
346 GetExitCodeProcess
912 WaitForSingleObject
102 CreateProcessA
821 SetProcessWorkingSetSize
322 GetCurrentProcess
449 GetSystemDirectoryA
75 CreateDirectoryA
479 GetTickCount
369 GetLastError
96 CreateMutexA
323 GetCurrentProcessId
469 GetTempPathA
823 SetStdHandle
371 GetLocalTime
358 GetFileType
629 MultiByteToWideChar
693 ReadFile
932 WriteFile
916 WideCharToMultiByte
290 GetConsoleCP
307 GetConsoleMode
795 SetFilePointer
534 HeapFree
416 GetProcAddress
383 GetModuleHandleA
185 ExitProcess
152 EnterCriticalSection
593 LeaveCriticalSection
272 GetCommandLineA
489 GetVersionExA
528 HeapAlloc
419 GetProcessHeap
439 GetStartupInfoA
862 TerminateProcess
878 UnhandledExceptionFilter
842 SetUnhandledExceptionFilter
569 IsDebuggerPresent
804 SetHandleCount
441 GetStdHandle
129 DeleteCriticalSection
854 Sleep
921 WriteConsoleA
309 GetConsoleOutputCP
931 WriteConsoleW
869 TlsGetValue
867 TlsAlloc
870 TlsSetValue
868 TlsFree
556 InterlockedIncrement
808 SetLastError
326 GetCurrentThreadId
552 InterlockedDecrement
532 HeapDestroy
530 HeapCreate
899 VirtualFree
897 VirtualAlloc
538 HeapReAlloc
238 FlushFileBuffers
594 LoadLibraryA
547 InitializeCriticalSection
260 GetCPInfo
253 GetACP
403 GetOEMCP
575 IsValidCodePage
580 LCMapStringA
581 LCMapStringW
246 FreeEnvironmentStringsA
341 GetEnvironmentStrings
247 FreeEnvironmentStringsW
343 GetEnvironmentStringsW
675 QueryPerformanceCounter
458 GetSystemTimeAsFileTime
727 RtlUnwind
540 HeapSize
372 GetLocaleInfoA
442 GetStringTypeA
445 GetStringTypeW
DOS HEADER
Header Information :
Signature : 5A4Dh
Bytes on last page of file : 0090h
Total Pages in File : 0003h
Relocation Items : 0000h
Size of header in paragraphs : 0004h
Minimum Extra Paragraphs : 0000h
Maximum Extra Paragraphs : FFFFh
Initial Stack Segment : 0000h
Initial Stack Pointer : 00B8h
Complemented Checksum : 0000h
Initial Instruction Pointer : 0000h
Initial Code Segment : 0000h
Relocation Table Offset : 0040h
Overlay Number : 0000h
Extra Header Information :
Reserved WORD 0: 0000h
Reserved WORD 1: 0000h
Reserved WORD 2: 0000h
Reserved WORD 3: 0000h
OEM identifier : 0000h
OEM information : 0000h
Reserved WORD 0: 0000h
Reserved WORD 1: 0000h
Reserved WORD 2: 0000h
Reserved WORD 3: 0000h
Reserved WORD 4: 0000h
Reserved WORD 5: 0000h
Reserved WORD 6: 0000h
Reserved WORD 7: 0000h
Reserved WORD 8: 0000h
Reserved WORD 9: 0000h
New Header Address : 000000E8h
Memory Needed : 1680 B ( 1 KB )
Комментариев нет:
Отправить комментарий