| Objdump |
binaries/24e324b5dd98a29989f7294d06de09a4: file format efi-app-ia32
binaries/24e324b5dd98a29989f7294d06de09a4
architecture: i386, flags 0x0000010a:
EXEC_P, HAS_DEBUG, D_PAGED
start address 0x000000000041805f
Characteristics 0x10f
relocations stripped
executable
line numbers stripped
symbols stripped
32 bit words
Time/Date Wed Jul 12 17:30:57 2006
ImageBase 0000000000400000
SectionAlignment 0000000000001000
FileAlignment 0000000000000200
MajorOSystemVersion 4
MinorOSystemVersion 0
MajorImageVersion 0
MinorImageVersion 0
MajorSubsystemVersion 4
MinorSubsystemVersion 0
Win32Version 00000000
SizeOfImage 00116000
SizeOfHeaders 00000400
CheckSum 0004782b
Subsystem 00000002 (Windows GUI)
DllCharacteristics 00000000
SizeOfStackReserve 0000000000100000
SizeOfStackCommit 0000000000001000
SizeOfHeapReserve 0000000000100000
SizeOfHeapCommit 0000000000001000
LoaderFlags 00000000
NumberOfRvaAndSizes 00000010
The Data Directory
Entry 0 0000000000000000 00000000 Export Directory [.edata (or where ever we found it)]
Entry 1 0000000000020ad8 0000003c Import Directory [parts of .idata]
Entry 2 0000000000000000 00000000 Resource Directory [.rsrc]
Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
Entry 4 0000000000000000 00000000 Security Directory
Entry 5 0000000000000000 00000000 Base Relocation Directory [.reloc]
Entry 6 0000000000000000 00000000 Debug Directory
Entry 7 0000000000000000 00000000 Description Directory
Entry 8 0000000000000000 00000000 Special Directory
Entry 9 0000000000000000 00000000 Thread Storage Directory [.tls]
Entry a 0000000000000000 00000000 Load Configuration Directory
Entry b 0000000000000000 00000000 Bound Import Directory
Entry c 0000000000020000 000001fc Import Address Table Directory
Entry d 0000000000000000 00000000 Delay Import Directory
Entry e 0000000000000000 00000000 CLR Runtime Header
Entry f 0000000000000000 00000000 Reserved
There is an import table in .rdata at 0x420ad8
The Import Tables (interpreted .rdata section contents)
vma: Hint Time Forward DLL First
Table Stamp Chain Name Thunk
00020ad8 00020cc4 00000000 00000000 00020d10 000201b0
DLL Name: WS2_32.dll
vma: Hint/Ord Member-Name Bound-To
80000074 116
80000073 115
80000015 21
80000002 2
8000000d 13
80000012 18
80000097 151
80000001 1
80000034 52
80000016 22
8000000b 11
80000009 9
80000010 16
80000013 19
80000017 23
8000000a 10
80000004 4
80000003 3
00020aec 00020b14 00000000 00000000 000214ac 00020000
DLL Name: KERNEL32.dll
vma: Hint/Ord Member-Name Bound-To
2106a 470 MapViewOfFile
21492 610 SetEnvironmentVariableA
21480 34 CompareStringW
2146e 33 CompareStringA
2145e 609 SetEndOfFile
2144a 170 FlushFileBuffers
2143a 636 SetStdHandle
21428 342 GetStringTypeW
21416 339 GetStringTypeA
2140a 559 RtlUnwind
213fc 277 GetFileType
213ec 338 GetStdHandle
213da 621 SetHandleCount
213c0 264 GetEnvironmentStringsW
213a8 262 GetEnvironmentStrings
2138e 179 FreeEnvironmentStringsW
21374 178 FreeEnvironmentStringsA
21358 685 UnhandledExceptionFilter
2134c 305 GetOEMCP
20d1c 126 ExitThread
20d2a 365 GetTickCount
20d3a 518 QueryPerformanceCounter
20d54 519 QueryPerformanceFrequency
20d70 662 Sleep
20d78 345 GetSystemDirectoryA
20d8e 283 GetLocalTime
20d9e 484 MultiByteToWideChar
20db4 536 ReadFile
20dc0 27 CloseHandle
20dce 735 WriteFile
20dda 679 TransactNamedPipe
20dee 52 CreateFileA
20dfc 292 GetModuleFileNameA
20e12 366 GetTimeFormatA
20e24 251 GetDateFormatA
20e36 282 GetLastError
20e46 74 CreateThread
20e56 274 GetFileSize
20e64 269 GetFileAttributesA
20e7a 144 FindClose
20e86 138 FileTimeToSystemTime
20e9e 137 FileTimeToLocalFileTime
20eb8 157 FindNextFileA
20ec8 148 FindFirstFileA
20eda 618 SetFilePointer
20eec 449 LeaveCriticalSection
20f04 102 EnterCriticalSection
20f1c 427 InitializeCriticalSectionAndSpinCount
20f44 85 DeleteCriticalSection
20f5c 180 FreeLibrary
20f6a 266 GetEnvironmentVariableW
20f84 318 GetProcAddress
20f96 450 LoadLibraryA
20fa6 415 HeapFree
20fb2 409 HeapAlloc
20fbe 320 GetProcessHeap
20fd0 711 VirtualQueryEx
20fe2 540 ReadProcessMemory
20ff6 347 GetSystemInfo
21006 495 OpenProcess
21014 294 GetModuleHandleA
21028 175 FormatMessageA
2103a 403 GlobalUnlock
2104a 396 GlobalLock
21058 688 UnmapViewOfFile
2107a 53 CreateFileMappingA
21090 620 SetFileTime
2109e 276 GetFileTime
210ac 68 CreateProcessA
210be 128 ExpandEnvironmentStringsA
210da 616 SetFileAttributesA
210f0 357 GetTempPathA
21100 267 GetExitCodeProcess
21116 505 PeekNamedPipe
21126 99 DuplicateHandle
21138 247 GetCurrentProcess
2114c 67 CreatePipe
2115a 373 GetVersionExA
2116a 397 GlobalMemoryStatus
21180 125 ExitProcess
2118e 722 WideCharToMultiByte
211a4 206 GetComputerNameA
211b8 87 DeleteFileA
211c6 248 GetCurrentProcessId
211dc 40 CopyFileA
211e8 718 WaitForSingleObject
211fe 63 CreateMutexA
2120e 671 TerminateThread
21220 477 MoveFileA
2122c 670 TerminateProcess
21240 767 lstrcmpiA
2124c 284 GetLocaleInfoA
2125e 288 GetLogicalDrives
21272 368 GetTimeZoneInformation
2128c 349 GetSystemTime
2129c 418 HeapReAlloc
212aa 336 GetStartupInfoA
212bc 202 GetCommandLineA
212ce 372 GetVersion
212dc 413 HeapDestroy
212ea 411 HeapCreate
212f8 703 VirtualFree
21306 699 VirtualAlloc
21316 447 LCMapStringA
21326 448 LCMapStringW
21336 191 GetCPInfo
21342 185 GetACP
00020b00 00000000 00000000 00000000 00000000 00000000
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 0001e921 0000000000401000 0000000000401000 00000400 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
1 .rdata 000014ba 0000000000420000 0000000000420000 0001ee00 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .data 00018600 0000000000422000 0000000000422000 00020400 2**2
CONTENTS, ALLOC, LOAD, DATA
SYMBOL TABLE:
no symbols |