binaries/08e2b18f8dd2d51b456eb2dc170d3ea4:     file format efi-app-ia32
binaries/08e2b18f8dd2d51b456eb2dc170d3ea4
architecture: i386, flags 0x0000010a:
EXEC_P, HAS_DEBUG, D_PAGED
start address 0x0000000000401000

Characteristics 0x10f
	relocations stripped
	executable
	line numbers stripped
	symbols stripped
	32 bit words

Time/Date		Tue Nov  2 19:57:12 2004

ImageBase		0000000000400000
SectionAlignment	0000000000001000
FileAlignment		0000000000000200
MajorOSystemVersion	4
MinorOSystemVersion	0
MajorImageVersion	0
MinorImageVersion	0
MajorSubsystemVersion	4
MinorSubsystemVersion	0
Win32Version		00000000
SizeOfImage		00030000
SizeOfHeaders		00000600
CheckSum		00000000
Subsystem		00000002	(Windows GUI)
DllCharacteristics	00000000
SizeOfStackReserve	0000000000100000
SizeOfStackCommit	0000000000002000
SizeOfHeapReserve	0000000000100000
SizeOfHeapCommit	0000000000001000
LoaderFlags		00000000
NumberOfRvaAndSizes	00000010

The Data Directory
Entry 0 0000000000019000 0000006d Export Directory [.edata (or where ever we found it)]
Entry 1 0000000000018000 00000c4f Import Directory [parts of .idata]
Entry 2 000000000001a000 00005c00 Resource Directory [.rsrc]
Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
Entry 4 0000000000000000 00000000 Security Directory
Entry 5 0000000000000000 00000000 Base Relocation Directory [.reloc]
Entry 6 0000000000000000 00000000 Debug Directory
Entry 7 0000000000000000 00000000 Description Directory
Entry 8 0000000000000000 00000000 Special Directory
Entry 9 0000000000017000 00000018 Thread Storage Directory [.tls]
Entry a 0000000000000000 00000000 Load Configuration Directory
Entry b 0000000000000000 00000000 Bound Import Directory
Entry c 0000000000000000 00000000 Import Address Table Directory
Entry d 0000000000000000 00000000 Delay Import Directory
Entry e 0000000000000000 00000000 CLR Runtime Header
Entry f 0000000000000000 00000000 Reserved

There is an import table in .idata at 0x418000

The Import Tables (interpreted .idata section contents)
 vma:            Hint    Time      Forward  DLL       First
                 Table   Stamp     Chain    Name      Thunk
 00018000	0001808c 00000000 00000000 00018454 0001809c

	DLL Name: OLE32.DLL
	vma:  Hint/Ord Member-Name Bound-To
	18499	    0  CoCreateInstance
	184ad	    0  OleInitialize
	184bd	    0  OleUninitialize

 00018014	000180ac 00000000 00000000 0001845e 000180d4

	DLL Name: ADVAPI32.DLL
	vma:  Hint/Ord Member-Name Bound-To
	184cf	    0  RegCloseKey
	184dd	    0  RegCreateKeyExA
	184ef	    0  RegDeleteKeyA
	184ff	    0  RegDeleteValueA
	18511	    0  RegEnumKeyExA
	18521	    0  RegEnumValueA
	18531	    0  RegOpenKeyExA
	18541	    0  RegQueryValueExA
	18555	    0  RegSetValueExA

 00018028	000180fc 00000000 00000000 0001846b 00018208

	DLL Name: KERNEL32.DLL
	vma:  Hint/Ord Member-Name Bound-To
	18567	    0  CloseHandle
	18575	    0  CompareStringA
	18587	    0  CreateDirectoryA
	1859b	    0  CreateFileA
	185a9	    0  CreateFileW
	185b7	    0  CreateProcessA
	185c9	    0  DeleteFileA
	185d7	    0  DeleteFileW
	185e5	    0  ExitProcess
	185f3	    0  FindResourceA
	18603	    0  FreeLibrary
	18611	    0  GetACP
	1861b	    0  GetCPInfo
	18627	    0  GetCommandLineA
	18639	    0  GetCurrentDirectoryA
	18651	    0  GetCurrentThreadId
	18667	    0  GetEnvironmentStrings
	1867f	    0  GetEnvironmentVariableA
	18699	    0  GetFileAttributesA
	186af	    0  GetFileAttributesW
	186c5	    0  GetFileType
	186d3	    0  GetLastError
	186e3	    0  GetLocalTime
	186f3	    0  GetModuleFileNameA
	18709	    0  GetModuleHandleA
	1871d	    0  GetOEMCP
	18729	    0  GetProcAddress
	1873b	    0  GetProcessHeap
	1874d	    0  GetShortPathNameA
	18761	    0  GetStartupInfoA
	18773	    0  GetStdHandle
	18783	    0  GetStringTypeW
	18795	    0  GetTempPathA
	187a5	    0  GetVersion
	187b3	    0  GetVersionExA
	187c3	    0  GetWindowsDirectoryA
	187db	    0  GlobalMemoryStatus
	187f1	    0  HeapAlloc
	187fd	    0  HeapFree
	18809	    0  IsDBCSLeadByte
	1881b	    0  LCMapStringA
	1882b	    0  LoadLibraryA
	1883b	    0  MoveFileA
	18847	    0  MoveFileExA
	18855	    0  MultiByteToWideChar
	1886b	    0  RaiseException
	1887d	    0  ReadFile
	18889	    0  RemoveDirectoryA
	1889d	    0  RtlUnwind
	188a9	    0  SetConsoleCtrlHandler
	188c1	    0  SetCurrentDirectoryA
	188d9	    0  SetFileAttributesA
	188ef	    0  SetFilePointer
	18901	    0  SetHandleCount
	18913	    0  Sleep
	1891b	    0  TlsAlloc
	18927	    0  TlsFree
	18931	    0  TlsGetValue
	1893f	    0  TlsSetValue
	1894d	    0  UnhandledExceptionFilter
	18969	    0  VirtualAlloc
	18979	    0  VirtualFree
	18987	    0  WaitForSingleObject
	1899d	    0  WideCharToMultiByte
	189b3	    0  WriteFile
	189bf	    0  WritePrivateProfileStringA

 0001803c	00018314 00000000 00000000 00018478 00018320

	DLL Name: GDI32.DLL
	vma:  Hint/Ord Member-Name Bound-To
	189dd	    0  CreateFontA
	189eb	    0  DeleteObject

 00018050	0001832c 00000000 00000000 00018482 00018348

	DLL Name: SHELL32.DLL
	vma:  Hint/Ord Member-Name Bound-To
	189fb	    0  SHChangeNotify
	18a0d	    0  SHFileOperationA
	18a21	    0  SHGetMalloc
	18a2f	    0  SHGetSpecialFolderLocation
	18a4d	    0  ShellExecuteA
	18a5d	    0  SHGetPathFromIDListA

 00018064	00018364 00000000 00000000 0001848e 000183dc

	DLL Name: USER32.DLL
	vma:  Hint/Ord Member-Name Bound-To
	18a75	    0  CheckDlgButton
	18a87	    0  DialogBoxParamA
	18a99	    0  EnableWindow
	18aa9	    0  EndDialog
	18ab5	    0  EnumThreadWindows
	18ac9	    0  GetClassNameA
	18ad9	    0  GetClientRect
	18ae9	    0  GetDlgItem
	18af7	    0  GetParent
	18b03	    0  GetSysColor
	18b11	    0  GetSystemMetrics
	18b25	    0  GetWindow
	18b31	    0  GetWindowLongA
	18b43	    0  GetWindowRect
	18b53	    0  GetWindowTextA
	18b65	    0  InvalidateRect
	18b77	    0  IsDlgButtonChecked
	18b8d	    0  LoadIconA
	18b99	    0  LoadStringA
	18ba7	    0  MessageBoxA
	18bb5	    0  SendDlgItemMessageA
	18bcb	    0  SendMessageA
	18bdb	    0  SetDlgItemTextA
	18bed	    0  SetForegroundWindow
	18c03	    0  SetWindowLongA
	18c15	    0  SetWindowPos
	18c25	    0  SetWindowTextA
	18c37	    0  WinHelpA
	18c43	    0  wsprintfA

 00018078	00000000 00000000 00000000 00000000 00000000

There is an export table in .edata at 0x419000

The Export Tables (interpreted .edata section contents)

Export Flags 			0
Time/Date stamp 		0
Major/Minor 			0/0
Name 				000000000001903c uninstall.exe
Ordinal Base 			1
Number in:
	Export Address Table 		00000002
	[Name Pointer/Ordinal] Table	00000002
Table Addresses
	Export Address Table 		0000000000019028
	Name Pointer Table 		0000000000019030
	Ordinal Table 			0000000000019038

Export Address Table -- Ordinal Base 1
	[   0] +base[   1] 1059 Export RVA
	[   1] +base[   2] f130 Export RVA

[Ordinal/Name Pointer] Table
	[   0] __GetExceptDLLinfo
	[   1] ___CPPdebugHook

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .text         0000e000  0000000000401000  0000000000401000  00000600  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
  1 .data         00002a00  000000000040f000  000000000040f000  0000e600  2**2
                  CONTENTS, ALLOC, LOAD, DATA
  2 .tls          00000200  0000000000416000  0000000000416000  00011000  2**2
                  CONTENTS, ALLOC, LOAD, DATA
  3 .rdata        00000200  0000000000417000  0000000000417000  00011200  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA, SHARED
  4 .idata        00000e00  0000000000418000  0000000000418000  00011400  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .edata        00000200  0000000000419000  0000000000419000  00012200  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .rsrc         000152ff  000000000041a000  000000000041a000  00012400  2**2
                  CONTENTS, ALLOC, LOAD, CODE, DATA
SYMBOL TABLE:
no symbols