In [ ]:
In [ ]:
In [ ]:
In [1]:
import src.utils.utils as utils
hello
In [ ]:
In [2]:
print(utils.get_mongodb.__doc__)
Returns the mongodb root database you specify from mongo
Args:
db_address (str): url for the machine on which the mongo instance
lives; defaults to the dept vm. passing 'andres' will go to
andres' machines
username (string): username for mongo
Password (string): default to the password
collection ('string'): the collection you want.
In [3]:
malware = utils.get_mongodb(username='populator')
In [ ]:
In [131]:
sampleset = malware.samples.find_one({'class': '5'})
In [4]:
malware.collection_names()
Out[4]:
[u'reduced', u'samples', u'system.indexes', u'test_samples']
In [ ]:
In [62]:
from pprint import pprint
pprint(sampleset['calls'].keys())
dict_keys(['cdecl', 'calls', 'cdecl_count', 'thiscall', 'total_calls', 'fastcall_count', 'stdcall_count', 'fastcall', 'thiscall_count', 'stdcall'])
In [ ]:
In [55]:
sampleset['dlls']
Out[55]:
['kernel32.dll', '"tapi32.dll"', 'ole32.dll', 'advapi32.dll', 'user32.dll']
In [112]:
malware.samples.find({'ida_comments':[]}).count()
Out[112]:
7
In [133]:
malware.samples.find({'dlls':[]}).count()
Out[133]:
304
In [27]:
comments = malware.test_samples.find({'calls': {'$exists' : True}})
In [ ]:
In [129]:
no_dll = malware.samples.find_one({'dlls':[]})
In [130]:
no_dll
Out[130]:
{'_id': ObjectId('5513a805127d27664d47bba2'),
'asm_info': {'num_instr': 0,
'num_uniq_instr': 0,
'seq': [],
'uniq_instr': []},
'calls': {'calls': [],
'cdecl': [],
'cdecl_count': 0,
'fastcall': [],
'fastcall_count': 0,
'stdcall': [],
'stdcall_count': 0,
'thiscall': [],
'thiscall_count': 0,
'total_calls': 0},
'class': '4',
'dlls': [],
'id': '60vgAOVtBRdxTMisJw5X',
'ida_comments': ['++',
'| This filehas been generated by The Interactive Disassembler (IDA) |',
'| Copyright(c) 2013 Hexrays.com> |',
'| License info: |',
'| Microsoft |',
'++',
'Format :Binary file',
'Base Address:0000h Range: 0000h - 1481Ch Loaded length: 1481Ch',
'Segment type:Pure code']}
In [ ]:
no_dlls = malware.samples.find({'dlls':[]})
In [127]:
classes = [d['class'] for d in no_dlls]
In [128]:
classes
Out[128]:
['4',
'7',
'4',
'1',
'1',
'8',
'4',
'4',
'4',
'4',
'1',
'1',
'1',
'1',
'4',
'4',
'1',
'4',
'4',
'4',
'4',
'4',
'4',
'8',
'7',
'8',
'7',
'7',
'7',
'7',
'4',
'8',
'2',
'7',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'8',
'2',
'8',
'4',
'4',
'4',
'4',
'4',
'2',
'9',
'4',
'4',
'7',
'4',
'8',
'8',
'8',
'8',
'3',
'3',
'3',
'2',
'7',
'4',
'7',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'8',
'7',
'4',
'8',
'8',
'8',
'8',
'8',
'8',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'8',
'8',
'8',
'8',
'8',
'8',
'8',
'8',
'8',
'8',
'8',
'8',
'8',
'9',
'9',
'4',
'4',
'4',
'4',
'4',
'8',
'8',
'8',
'8',
'3',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'8',
'3',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'8',
'8',
'4',
'2',
'2',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'2',
'2',
'4',
'4',
'8',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'4',
'8',
'4',
'4',
'4',
'4',
'4',
'6',
'4']
In [ ]:
In [119]:
for doc in no_dlls:
Out[119]:
<pymongo.cursor.Cursor at 0x10638c5c0>
In [115]:
allf = malware.samples.find()
In [116]:
alllen = [doc['calls']['total_calls'] for doc in allf]
---------------------------------------------------------------------------
KeyboardInterrupt Traceback (most recent call last)
<ipython-input-116-2054d0f5a525> in <module>()
----> 1 alllen = [doc['calls']['total_calls'] for doc in allf]
<ipython-input-116-2054d0f5a525> in <listcomp>(.0)
----> 1 alllen = [doc['calls']['total_calls'] for doc in allf]
/usr/local/lib/python3.4/site-packages/pymongo/cursor.py in __next__(self)
1074 raise StopIteration
1075 db = self.__collection.database
-> 1076 if len(self.__data) or self._refresh():
1077 if self.__manipulate:
1078 return db._fix_outgoing(self.__data.popleft(),
/usr/local/lib/python3.4/site-packages/pymongo/cursor.py in _refresh(self)
1035 self.__send_message(
1036 message.get_more(self.__collection.full_name,
-> 1037 limit, self.__id))
1038
1039 else: # Cursor id is zero nothing else to return
/usr/local/lib/python3.4/site-packages/pymongo/cursor.py in __send_message(self, message)
931
932 try:
--> 933 res = client._send_message_with_response(message, **kwargs)
934 self.__connection_id, (response, sock, pool) = res
935 if self.__exhaust:
/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in _send_message_with_response(self, message, _must_use_master, **kwargs)
1203 sock_info.sock.settimeout(kwargs["network_timeout"])
1204
-> 1205 response = self.__send_and_receive(message, sock_info)
1206
1207 if not exhaust:
/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __send_and_receive(self, message, sock_info)
1180 try:
1181 sock_info.sock.sendall(data)
-> 1182 return self.__receive_message_on_socket(1, request_id, sock_info)
1183 except:
1184 sock_info.close()
/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __receive_message_on_socket(self, operation, rqst_id, sock_info)
1172 assert operation == struct.unpack("<i", header[12:])[0]
1173
-> 1174 return self.__receive_data_on_socket(length - 16, sock_info)
1175
1176 def __send_and_receive(self, message, sock_info):
/usr/local/lib/python3.4/site-packages/pymongo/mongo_client.py in __receive_data_on_socket(self, length, sock_info)
1151 message = EMPTY
1152 while length:
-> 1153 chunk = sock_info.sock.recv(length)
1154 if chunk == EMPTY:
1155 raise ConnectionFailure("connection closed")
KeyboardInterrupt:
In [ ]:
In [93]:
doc = malware.samples.find_one({'class':'5'})
In [105]:
doc['id']
Out[105]:
'b59dlNEacoYUAyeR4Ipq'
In [104]:
doc['asm_info']
Out[104]:
{'num_instr': 1038,
'num_uniq_instr': 27,
'seq': ['in',
'push',
'mov',
'mov',
'push',
'push',
'call',
'push',
'call',
'pop',
'push',
'mov',
'mov',
'push',
'push',
'mov',
'push',
'call',
'add',
'mov',
'push',
'push',
'call',
'push',
'call',
'pop',
'push',
'mov',
'sub',
'mov',
'cmp',
'push',
'push',
'push',
'mov',
'push',
'lea',
'push',
'call',
'test',
'jz',
'mov',
'mov',
'cmp',
'jz',
'cmp',
'jz',
'cmp',
'jz',
'jmp',
'mov',
'jmp',
'jmp',
'xor',
'mov',
'pop',
'push',
'mov',
'sub',
'cmp',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'push',
'push',
'call',
'mov',
'push',
'push',
'call',
'mov',
'mov',
'mov',
'lea',
'push',
'call',
'and',
'test',
'xor',
'jmp',
'mov',
'mov',
'push',
'mov',
'push',
'push',
'push',
'push',
'push',
'push',
'push',
'push',
'push',
'push',
'push',
'call',
'mov',
'cmp',
'xor',
'jmp',
'mov',
'push',
'mov',
'push',
'call',
'mov',
'push',
'call',
'push',
'push',
'push',
'lea',
'push',
'call',
'mov',
'cmp',
'jz',
'cmp',
'jmp',
'lea',
'push',
'call',
'lea',
'push',
'call',
'jmp',
'mov',
'mov',
'pop',
'push',
'mov',
'push',
'push',
'push',
'call',
'mov',
'call',
'cmp',
'jz',
'jmp',
'pop',
'pop',
'pop',
'pop',
'push',
'mov',
'sub',
'cmp',
'jz',
'cmp',
'jz',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'cmp',
'jz',
'mov',
'mov',
'add',
'mov',
'mov',
'mov',
'add',
'mov',
'mov',
'mov',
'add',
'mov',
'mov',
'jmp',
'mov',
'add',
'mov',
'mov',
'mov',
'cmp',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'mov',
'movsx',
'test',
'jz',
'mov',
'shl',
'mov',
'shr',
'or',
'mov',
'mov',
'movsx',
'mov',
'xor',
'mov',
'mov',
'add',
'mov',
'jmp',
'mov',
'cmp',
'mov',
'mov',
'xor',
'mov',
'mov',
'mov',
'add',
'mov',
'jmp',
'jmp',
'xor',
'mov',
'pop',
'push',
'mov',
'sub',
'call',
'xor',
'mov',
'div',
'add',
'cmp',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'push',
'mov',
'push',
'call',
'mov',
'push',
'mov',
'push',
'call',
'mov',
'push',
'mov',
'push',
'call',
'mov',
'push',
'mov',
'push',
'call',
'mov',
'push',
'mov',
'push',
'call',
'mov',
'push',
'mov',
'push',
'call',
'mov',
'push',
'mov',
'push',
'call',
'mov',
'mov',
'pop',
'push',
'mov',
'sub',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'mov',
'add',
'mov',
'cmp',
'lea',
'push',
'call',
'add',
'test',
'jz',
'lea',
'push',
'call',
'add',
'test',
'jz',
'lea',
'push',
'call',
'add',
'test',
'jz',
'mov',
'mov',
'jmp',
'mov',
'sub',
'mov',
'cmp',
'jz',
'lea',
'push',
'call',
'add',
'mov',
'lea',
'mov',
'jmp',
'cmp',
'jz',
'mov',
'sub',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'jmp',
'mov',
'mov',
'mov',
'add',
'mov',
'mov',
'jmp',
'mov',
'xor',
'mov',
'mov',
'mov',
'add',
'mov',
'mov',
'and',
'add',
'mov',
'mov',
'shr',
'mov',
'cmp',
'jz',
'jmp',
'mov',
'sub',
'mov',
'cmp',
'jz',
'mov',
'sub',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'jmp',
'jmp',
'mov',
'mov',
'mov',
'mov',
'jmp',
'lea',
'push',
'call',
'add',
'mov',
'cmp',
'cmp',
'mov',
'mov',
'lea',
'push',
'call',
'add',
'mov',
'jmp',
'mov',
'sub',
'mov',
'cmp',
'jz',
'mov',
'sub',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'jmp',
'jmp',
'cmp',
'mov',
'sub',
'mov',
'jmp',
'mov',
'sub',
'mov',
'mov',
'shl',
'mov',
'mov',
'xor',
'mov',
'mov',
'add',
'mov',
'mov',
'add',
'mov',
'lea',
'push',
'call',
'add',
'mov',
'cmp',
'mov',
'add',
'mov',
'cmp',
'mov',
'add',
'mov',
'cmp',
'mov',
'add',
'mov',
'jmp',
'mov',
'sub',
'mov',
'cmp',
'jz',
'mov',
'sub',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'jmp',
'mov',
'mov',
'mov',
'jmp',
'mov',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'mov',
'add',
'mov',
'mov',
'jmp',
'mov',
'pop',
'push',
'mov',
'push',
'mov',
'mov',
'mov',
'mov',
'sub',
'mov',
'mov',
'test',
'mov',
'mov',
'xor',
'mov',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'shr',
'and',
'mov',
'mov',
'mov',
'shl',
'mov',
'mov',
'mov',
'mov',
'pop',
'push',
'mov',
'push',
'mov',
'mov',
'push',
'call',
'add',
'mov',
'lea',
'mov',
'mov',
'push',
'call',
'add',
'test',
'mov',
'mov',
'pop',
'push',
'mov',
'sub',
'push',
'push',
'push',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'mov',
'mov',
'mov',
'push',
'push',
'mov',
'push',
'push',
'call',
'mov',
'cmp',
'jz',
'mov',
'push',
'push',
'mov',
'push',
'call',
'add',
'mov',
'mov',
'push',
'mov',
'push',
'mov',
'push',
'call',
'add',
'mov',
'xor',
'mov',
'mov',
'lea',
'mov',
'mov',
'jmp',
'mov',
'add',
'mov',
'mov',
'xor',
'mov',
'cmp',
'mov',
'imul',
'mov',
'mov',
'push',
'mov',
'imul',
'mov',
'mov',
'add',
'push',
'mov',
'imul',
'mov',
'mov',
'add',
'push',
'call',
'add',
'jmp',
'mov',
'push',
'call',
'add',
'test',
'jz',
'mov',
'push',
'call',
'add',
'mov',
'jmp',
'mov',
'add',
'mov',
'mov',
'xor',
'mov',
'cmp',
'lea',
'push',
'mov',
'imul',
'mov',
'mov',
'shr',
'mov',
'push',
'mov',
'imul',
'mov',
'mov',
'push',
'mov',
'imul',
'mov',
'mov',
'add',
'push',
'call',
'jmp',
'push',
'push',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'pop',
'pop',
'mov',
'mov',
'add',
'jmp',
'push',
'push',
'mov',
'push',
'call',
'xor',
'pop',
'pop',
'pop',
'mov',
'pop',
'push',
'mov',
'sub',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'jmp',
'mov',
'add',
'mov',
'mov',
'cmp',
'jz',
'mov',
'mov',
'add',
'push',
'call',
'mov',
'cmp',
'xor',
'jmp',
'mov',
'cmp',
'mov',
'mov',
'add',
'mov',
'jmp',
'mov',
'mov',
'add',
'mov',
'jmp',
'mov',
'add',
'mov',
'mov',
'cmp',
'jz',
'mov',
'mov',
'and',
'test',
'jz',
'mov',
'mov',
'and',
'push',
'mov',
'push',
'call',
'mov',
'mov',
'jmp',
'mov',
'mov',
'mov',
'lea',
'push',
'mov',
'push',
'call',
'mov',
'mov',
'mov',
'cmp',
'xor',
'jmp',
'jmp',
'jmp',
'mov',
'mov',
'pop',
'push',
'mov',
'sub',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'mov',
'lea',
'push',
'call',
'mov',
'lea',
'push',
'call',
'mov',
'mov',
'jmp',
'mov',
'add',
'mov',
'cmp',
'mov',
'xor',
'mov',
'mov',
'and',
'add',
'xor',
'mov',
'mov',
'jmp',
'mov',
'pop',
'push',
'mov',
'sub',
'mov',
'mov',
'add',
'mov',
'cmp',
'jz',
'mov',
'mov',
'xor',
'mov',
'mov',
'mov',
'cmp',
'jz',
'mov',
'mov',
'mov',
'mov',
'mov',
'add',
'mov',
'cmp',
'jz',
'cmp',
'jz',
'mov',
'xor',
'sub',
'sbb',
'mov',
'mov',
'cmp',
'jz',
'mov',
'mov',
'mov',
'mov',
'sub',
'mov',
'mov',
'sub',
'mov',
'mov',
'shr',
'mov',
'mov',
'add',
'mov',
'mov',
'push',
'mov',
'push',
'mov',
'push',
'mov',
'mov',
'add',
'push',
'call',
'mov',
'cmp',
'xor',
'jmp',
'jmp',
'mov',
'mov',
'pop',
'push',
'mov',
'sub',
'push',
'push',
'push',
'call',
'test',
'jge',
'push',
'call',
'add',
'mov',
'cmp',
'jz',
'call',
'call',
'mov',
'push',
'push',
'call',
'add',
'mov',
'push',
'call',
'add',
'mov',
'push',
'mov',
'push',
'call',
'add',
'cmp',
'jz',
'push',
'push',
'push',
'mov',
'push',
'call',
'lea',
'push',
'lea',
'push',
'lea',
'push',
'call',
'mov',
'xor',
'mov',
'pop',
'in',
'push',
'mov',
'push',
'mov',
'push',
'mov',
'push',
'call',
'add',
'neg',
'sbb',
'inc',
'pop',
'mov',
'test',
'push',
'call',
'test',
'mov',
'or',
'mov',
'cmp',
'jz',
'push',
'push',
'call',
'test',
'mov',
'mov',
'jz',
'xor',
'jmp',
'mov',
'cmp',
'push',
'push',
'call',
'test',
'jz',
'or',
'jmp',
'mov',
'cmp',
...],
'uniq_instr': ['movzx',
'add',
'pop',
'jmp',
'or',
'sub',
'shr',
'movsx',
'div',
'jz',
'sbb',
'in',
'lea',
'lock',
'shl',
'and',
'inc',
'neg',
'call',
'push',
'not',
'test',
'xor',
'mov',
'jge',
'cmp',
'imul']}
In [ ]:
In [103]:
doc['ida_comments']
Out[103]:
['++',
'| This filehas been generated by The Interactive Disassembler (IDA) |',
'| Copyright(c) 2013 Hexrays.com> |',
'| License info: |',
'| Microsoft |',
'++',
'[00001000 BYTES: COLLAPSED SEGMENT HEADER. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'Format : Portableexecutable for 80386 (PE)',
'Imagebase : 400000',
'Section 1. (virtual address 00001000)',
'Virtual size : 00000E2F ( 3631.)',
'Section size in file : 00001000 ( 4096.)',
'Offsetto raw data forsection: 00001000',
'Flags 60000020: Text Executable Readable',
'Alignment : default',
'Segment type: Pure code',
'Segment permissions: Read/Execute',
'org 401000h',
'Attributes: bp-based frame',
'int __cdecl sub_401000(SIZE_T dwBytes)',
'CODE XREF: WinMain(x,x,x,x)+1D\x19p',
'DATA XREF: HEADER:00400114\x18o ...',
'dwBytes',
'dwFlags',
'hHeap',
'Attributes: bp-based frame',
'int __cdecl sub_401018(LPVOID lpMem, size_t)',
'CODE XREF: WinMain(x,x,x,x)+61\x19p',
'size_t',
'int',
'void *',
'lpMem',
'dwFlags',
'hHeap',
'Attributes: bp-based frame',
'int __stdcall sub_401042(HWND hWnd, int, int, int)',
'DATA XREF: .code:004010B6\x19o',
'CODE XREF: sub_401042:loc_401099\x19j',
'CODE XREF: sub_401042:loc_401097\x19j',
'wRemoveMsg',
'wMsgFilterMax',
'wMsgFilterMin',
'hWnd',
'lpMsg',
'CODE XREF: sub_401042+38\x18j',
'sub_401042+41\x18j ...',
'CODE XREF: sub_401042+4C\x18j',
'CODE XREF: sub_401042+29\x18j',
'CODE XREF: sub_401042+11\x18j',
'CODE XREF: .code:004010AD\x18j',
'.code:00401110\x18j',
'CODE XREF: .code:00401165\x18j',
'CODE XREF: .code:loc_4011BD\x19j',
'CODE XREF: .code:004011A5\x18j',
'CODE XREF: .code:004011A7\x18j',
'CODE XREF: .code:0040119F\x18j',
'CODE XREF: .code:00401114\x18j',
'.code:00401169\x18j',
'CODE XREF: .code:004011DE\x18j',
'Attributes: bp-based frame',
'CODE XREF: sub_4014E6+89\x19p',
'sub_4014E6+9E\x19p ...',
'CODE XREF: sub_4013F6:loc_4014D9\x19j',
'CODE XREF: sub_4013F6+62\x18j',
'CODE XREF: sub_4013F6+C0\x19j',
'CODE XREF: sub_4013F6+96\x18j',
'CODE XREF: sub_4013F6+C8\x18j',
'CODE XREF: sub_4013F6+A\x18j',
'sub_4013F6+14\x18j ...',
'CODE XREF: sub_4013F6+E1\x18j',
'Attributes: bp-based frame',
'CODE XREF: WinMain(x,x,x,x)+33\x19p',
'CODE XREF: sub_4014E6+1B\x18j',
'Attributes: bp-based frame',
'CODE XREF: WinMain(x,x,x,x)+41\x19p',
'CODE XREF: sub_4015FF:loc_40189A\x19j',
'CODE XREF: sub_4015FF+B9\x19j',
'CODE XREF: sub_4015FF+93\x18j',
'CODE XREF: sub_4015FF+A2\x18j',
'CODE XREF: sub_4015FF+BF\x18j',
'CODE XREF: sub_4015FF+D7\x18j',
'CODE XREF: sub_4015FF+83\x18j',
'CODE XREF: sub_4015FF+145\x19j',
'CODE XREF: sub_4015FF+11E\x18j',
'CODE XREF: sub_4015FF+12D\x18j',
'CODE XREF: sub_4015FF+11C\x18j',
'CODE XREF: sub_4015FF:loc_401746\x18j',
'CODE XREF: sub_4015FF+EF\x18j',
'CODE XREF: sub_4015FF+6F\x18j',
'CODE XREF: sub_4015FF+1B9\x19j',
'CODE XREF: sub_4015FF+192\x18j',
'CODE XREF: sub_4015FF+1A1\x18j',
'CODE XREF: sub_4015FF+175\x18j',
'sub_4015FF+17B\x18j',
'CODE XREF: sub_4015FF+1C4\x18j',
'CODE XREF: sub_4015FF+1CF\x18j',
'CODE XREF: sub_4015FF+211\x18j',
'CODE XREF: sub_4015FF+223\x18j',
'CODE XREF: sub_4015FF+235\x18j',
'CODE XREF: sub_4015FF+267\x19j',
'CODE XREF: sub_4015FF:loc_40183F\x18j',
'CODE XREF: sub_4015FF+24F\x18j',
'CODE XREF: sub_4015FF:loc_4017BA\x18j',
'CODE XREF: sub_4015FF:loc_40175C\x18j',
'CODE XREF: sub_4015FF+5B\x18j',
'CODE XREF: sub_4015FF:loc_401875\x18j',
'CODE XREF: sub_4015FF+47\x18j',
'Attributes: bp-based frame',
'CODE XREF: sub_4015FF+51\x18p',
'sub_4015FF+65\x18p ...',
'CODE XREF: sub_4018A3+1B\x18j',
'Attributes: bp-based frame',
'CODE XREF: sub_4015FF+166\x18p',
'sub_4015FF+187\x18p ...',
'CODE XREF: sub_40190A+2E\x19j',
'Attributes: bp-based frame',
'int __cdecl sub_401941(void *)',
'CODE XREF: WinMain(x,x,x,x)+4D\x19p',
'size_t',
'int',
'void *',
'size_t',
'void *',
'void *',
'CODE XREF: sub_401941+10A\x19j',
'CODE XREF: sub_401941+B9\x18j',
'size_t',
'void *',
'void *',
'CODE XREF: sub_401941+D0\x18j',
'CODE XREF: sub_401941+18A\x19j',
'CODE XREF: sub_401941+133\x18j',
'CODE XREF: sub_401941+14A\x18j',
'CODE XREF: sub_401941+11A\x18j',
'CODE XREF: sub_401941+70\x18j',
'CODE XREF: sub_401941+1B7\x18j',
'Attributes: bp-based frame',
'CODE XREF: sub_401941+124\x18p',
'CODE XREF: sub_401B14:loc_401BF2\x19j',
'CODE XREF: sub_401B14+1C\x18j',
'CODE XREF: sub_401B14+4B\x18j',
'CODE XREF: sub_401B14+5B\x18j',
'CODE XREF: sub_401B14+69\x18j',
'CODE XREF: sub_401B14:loc_401BF0\x19j',
'CODE XREF: sub_401B14:loc_401B8A\x18j',
'CODE XREF: sub_401B14+96\x18j',
'CODE XREF: sub_401B14+B2\x18j',
'CODE XREF: sub_401B14+D6\x18j',
'CODE XREF: sub_401B14+87\x18j',
'CODE XREF: sub_401B14+2E\x18j',
'CODE XREF: sub_401B14+4F\x18j',
'sub_401B14+DA\x18j',
'Attributes: bp-based frame',
'CODE XREF: WinMain(x,x,x,x)+2E\x19p',
'lpLibFileName',
'lpLibFileName',
'CODE XREF: sub_401C00+BD\x19j',
'CODE XREF: sub_401C00+87\x18j',
'CODE XREF: sub_401C00+99\x18j',
'Attributes: bp-based frame',
'CODE XREF: sub_401941+110\x18p',
'CODE XREF: sub_401CC3:loc_401D8B\x19j',
'CODE XREF: sub_401CC3+C2\x18j',
'CODE XREF: sub_401CC3+16\x18j',
'sub_401CC3+30\x18j ...',
'CODE XREF: sub_401CC3+C6\x18j',
'Attributes: bp-based frame',
'int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)',
'CODE XREF: start+C9\x19p',
'dwBytes',
'void *',
'size_t',
'lpMem',
'CODE XREF: WinMain(x,x,x,x)+16\x18j',
'WinMain(x,x,x,x)+2C\x18j ...',
'lpTimeAdjustmentDisabled',
'lpTimeIncrement',
'lpTimeAdjustment',
'Section 2. (virtual address 00002000)',
'Virtual size : 000029E6 ( 10726.)',
'Section size in file : 00003000 ( 12288.)',
'Offsetto raw data forsection: 00002000',
'Flags 60000020: Text Executable Readable',
'Alignment : default',
'Segment type: Pure code',
'Segment permissions: Read/Execute',
'org 402000h',
'Attributes: bp-based frame',
'int __cdecl sub_402000(void *,void *)',
'DATA XREF: HEADER:00400214\x18o',
'size_t',
'void *',
'void *',
'int __stdcall sub_40201C(LPCSTR lpProcName, int)',
'CODE XREF: sub_402067+13\x19p',
'"TAPI32.DLL"',
'CODE XREF: sub_40201C+7\x18j',
'sub_40201C+1B\x18j',
'lpProcName',
'hModule',
'CODE XREF: sub_40201C+28\x18j',
'sub_40201C+3D\x18j',
'CODE XREF: sub_40201C+41\x18j',
'CODE XREF: WinMain(x,x,x,x)+F\x18p',
'int',
'"phoneSetVolume"',
'CODE XREF: sub_402067+7\x18j',
'sub_402067+1A\x18j',
'CODE XREF: sub_402067+2D\x18j',
'dword_6367A4',
'CODE XREF: sub_402067+23\x18j',
'sub_402067+34\x18j',
'[00000058 BYTES: COLLAPSED FUNCTION _memset. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[000000AC BYTES: COLLAPSED FUNCTION _memcmp. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000335 BYTES: COLLAPSED FUNCTION _memcpy. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[000000F6 BYTES: COLLAPSED FUNCTION start. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000025 BYTES: COLLAPSED FUNCTION __amsg_exit. PRESSKEYPAD CTRL-"+"TO EXPAND]',
'[00000023 BYTES: COLLAPSED FUNCTION _fast_error_exit. PRESS KEYPAD CTRL-"+" TOEXPAND]',
'[0000002D BYTES: COLLAPSED FUNCTION __cinit. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000011 BYTES: COLLAPSED FUNCTION _exit. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000011 BYTES: COLLAPSED FUNCTION __exit. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000099 BYTES: COLLAPSED FUNCTION _doexit. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[0000001A BYTES: COLLAPSED FUNCTION __initterm. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000141 BYTES: COLLAPSED FUNCTION __XcptFilter. PRESS KEYPADCTRL-"+" TO EXPAND]',
'[00000043 BYTES: COLLAPSED FUNCTION _xcptlookup. PRESSKEYPAD CTRL-"+"TO EXPAND]',
'[00000058 BYTES: COLLAPSED FUNCTION __wincmdln. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[000000B9 BYTES: COLLAPSED FUNCTION __setenvp.PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000099 BYTES: COLLAPSED FUNCTION __setargv.PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[000001B4 BYTES: COLLAPSED FUNCTION _parse_cmdline. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000132 BYTES: COLLAPSED FUNCTION ___crtGetEnvironmentStringsA. PRESS KEYPADCTRL-"+" TO EXPAND]',
'[000001AB BYTES: COLLAPSED FUNCTION __ioinit. PRESS KEYPAD CTRL-"+" TOEXPAND]',
'[0000003C BYTES: COLLAPSED FUNCTION __heap_init. PRESSKEYPAD CTRL-"+"TO EXPAND]',
'[00000020 BYTES: COLLAPSED FUNCTION __global_unwind2. PRESS KEYPAD CTRL-"+" TOEXPAND]',
'[00000022 BYTES: COLLAPSED FUNCTION __unwind_handler. PRESS KEYPAD CTRL-"+" TOEXPAND]',
'[00000068 BYTES: COLLAPSED FUNCTION __local_unwind2. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000023 BYTES: COLLAPSED FUNCTION __abnormal_termination. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000018 BYTES: COLLAPSED FUNCTION __NLG_Notify. PRESS KEYPADCTRL-"+" TO EXPAND]',
'[000000BD BYTES: COLLAPSED FUNCTION __except_handler3.PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[0000001B BYTES: COLLAPSED FUNCTION _seh_longjmp_unwind(x). PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000039 BYTES: COLLAPSED FUNCTION __FF_MSGBANNER. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000153 BYTES: COLLAPSED FUNCTION __NMSG_WRITE. PRESS KEYPADCTRL-"+" TO EXPAND]',
'[00000011 BYTES: COLLAPSED FUNCTION __ismbblead. PRESSKEYPAD CTRL-"+"TO EXPAND]',
'CODE XREF: __ismbblead+8\x18p',
'CODE XREF: sub_4032A1+16\x18j',
'CODE XREF: sub_4032A1+24\x18j',
'CODE XREF: sub_4032A1+F\x18j',
'sub_4032A1+2A\x18j',
'[00000199 BYTES: COLLAPSED FUNCTION __setmbcp.PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[0000004A BYTES: COLLAPSED FUNCTION _getSystemCP. PRESS KEYPADCTRL-"+" TO EXPAND]',
'[00000033 BYTES: COLLAPSED FUNCTION _CPtoLCID.PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000029 BYTES: COLLAPSED FUNCTION _setSBCS. PRESS KEYPAD CTRL-"+" TOEXPAND]',
'[00000185 BYTES: COLLAPSED FUNCTION _setSBUpLow. PRESSKEYPAD CTRL-"+"TO EXPAND]',
'[0000001C BYTES: COLLAPSED FUNCTION ___initmbctable. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[0000002F BYTES: COLLAPSED FUNCTION _free. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000007 BYTES: COLLAPSED FUNCTION _strcpy. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[000000E0 BYTES: COLLAPSED FUNCTION _strcat. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000012 BYTES: COLLAPSED FUNCTION _malloc. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[0000002C BYTES: COLLAPSED FUNCTION __nh_malloc. PRESSKEYPAD CTRL-"+"TO EXPAND]',
'[00000036 BYTES: COLLAPSED FUNCTION __heap_alloc. PRESS KEYPADCTRL-"+" TO EXPAND]',
'[0000007B BYTES: COLLAPSED FUNCTION _strlen. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[0000003E BYTES: COLLAPSED FUNCTION ___sbh_heap_init. PRESS KEYPAD CTRL-"+" TOEXPAND]',
'[0000002B BYTES: COLLAPSED FUNCTION ___sbh_find_block.PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[0000032B BYTES: COLLAPSED FUNCTION ___sbh_free_block.PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000309 BYTES: COLLAPSED FUNCTION ___sbh_alloc_block. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[000000B1 BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_region. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[000000FB BYTES: COLLAPSED FUNCTION ___sbh_alloc_new_group. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000089 BYTES: COLLAPSED FUNCTION ___crtMessageBoxA.PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[000000FE BYTES: COLLAPSED FUNCTION _strncpy. PRESS KEYPAD CTRL-"+" TOEXPAND]',
'[00000224 BYTES: COLLAPSED FUNCTION ___crtLCMapStringA. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[0000002B BYTES: COLLAPSED FUNCTION _strncnt. PRESS KEYPAD CTRL-"+" TOEXPAND]',
'[00000149 BYTES: COLLAPSED FUNCTION ___crtGetStringTypeA. PRESS KEYPADCTRL-"+" TO EXPAND]',
'[0000001B BYTES: COLLAPSED FUNCTION __callnewh. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000335 BYTES: COLLAPSED FUNCTION _memcpy_0.PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[0000002F BYTES: COLLAPSED FUNCTION __alloca_probe. PRESS KEYPAD CTRL-"+" TO EXPAND]',
'[00000006 BYTES: COLLAPSED FUNCTION RtlUnwind.PRESS KEYPAD CTRL-"+" TO EXPAND]',
'Section 3. (virtual address 00005000)',
'Virtual size: 000011BE ( 4542.)',
'Section size in file: 00002000 ( 8192.)',
'Offset to rawdata for section: 00005000',
'Flags40000040: Data Readable',
'Alignment: default',
'Imports from ADVAPI32.dll',
'Segment type:Externs',
'_idata',
'PVOID__stdcall FreeSid(PSID pSid)',
'DATA XREF: HEADER:00400118\x18o',
'HEADER:004001C0\x18o ...',
'DWORD__stdcall GetLengthSid(PSID pSid)',
'BOOL __stdcall GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass,LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)',
'BOOL __stdcall InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor,DWORD dwRevision)',
'LSTATUS __stdcall RegCloseKey(HKEY hKey)',
'LSTATUS __stdcall RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey,DWORD Reserved,LPSTR lpClass, DWORD dwOptions,REGSAM samDesired, const LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition)',
'LSTATUS __stdcall RegEnumValueA(HKEY hKey, DWORD dwIndex, LPSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)',
'LSTATUS __stdcall RegQueryValueExA(HKEY hKey,LPCSTR lpValueName, LPDWORD lpReserved,LPDWORDlpType,LPBYTE lpData, LPDWORD lpcbData)',
'LSTATUS __stdcall RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)',
'BOOL __stdcall AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID*pSid)',
'Imports from KERNEL32.dll',
'BOOL __stdcall GetHandleInformation(HANDLE hObject, LPDWORD lpdwFlags)',
'DATA XREF: .rdata:004055CC\x19o',
'BOOL __stdcall GetFileTime(HANDLE hFile, LPFILETIME lpCreationTime, LPFILETIME lpLastAccessTime, LPFILETIME lpLastWriteTime)',
'DWORD__stdcall GetFileSize(HANDLE hFile, LPDWORD lpFileSizeHigh)',
'DWORD__stdcall GetCurrentThreadId()',
'CODE XREF: sub_4014E6+6\x18p',
'DATA XREF: sub_4014E6+6\x18r',
'BOOL __stdcall GetComputerNameA(LPSTRlpBuffer, LPDWORD nSize)',
'LPSTR__stdcall GetCommandLineA()',
'CODE XREF: start+74\x18p',
'DATA XREF: start+74\x18r',
'UINT __stdcall GetACP()',
'DATA XREF: _getSystemCP+2F\x18r',
'BOOL __stdcall FreeLibrary(HMODULE hLibModule)',
'HMODULE __stdcall LoadLibraryA(LPCSTRlpLibFileName)',
'CODE XREF: sub_401C00+66\x18p',
'sub_401C00+75\x18p ...',
'int __stdcalllstrlenA(LPCSTRlpString)',
'LPSTR__stdcall lstrcpynA(LPSTR lpString1, LPCSTR lpString2, int iMaxLength)',
'int __stdcalllstrcmpiA(LPCSTR lpString1, LPCSTR lpString2)',
'int __stdcalllstrcmpA(LPCSTRlpString1, LPCSTR lpString2)',
'LPSTR__stdcall lstrcpyA(LPSTR lpString1, LPCSTR lpString2)',
'LPSTR__stdcall lstrcatA(LPSTR lpString1, LPCSTR lpString2)',
'BOOL __stdcall SetEnvironmentVariableA(LPCSTRlpName,LPCSTR lpValue)',
'BOOL __stdcall FreeEnvironmentStringsA(LPCH)',
'CODE XREF: ___crtGetEnvironmentStringsA+11F\x18p',
'DATA XREF: ___crtGetEnvironmentStringsA+11F\x18r',
'LPCH __stdcall GetEnvironmentStrings()',
'CODE XREF: ___crtGetEnvironmentStringsA:loc_402C47\x18p',
'___crtGetEnvironmentStringsA+E1\x18p',
'DATA XREF: ...',
'BOOL __stdcall SetTimeZoneInformation(const TIME_ZONE_INFORMATION *lpTimeZoneInformation)',
'DWORD__stdcall GetTimeZoneInformation(LPTIME_ZONE_INFORMATION lpTimeZoneInformation)',
'void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'LONG __stdcall InterlockedCompareExchange(volatile LONG *Destination,LONG Exchange, LONG Comperand)',
'LONG __stdcall InterlockedIncrement(volatile LONG *lpAddend)',
'BOOL __stdcall GlobalUnlock(HGLOBAL hMem)',
'LPVOID __stdcall GlobalLock(HGLOBAL hMem)',
'HGLOBAL __stdcall GlobalReAlloc(HGLOBAL hMem,SIZE_T dwBytes,UINT uFlags)',
'void __stdcall ExitThread(DWORD dwExitCode)',
'void __stdcall ExitProcess(UINT uExitCode)',
'CODE XREF: _fast_error_exit+1D\x18p',
'_doexit+91\x18p',
'DATA XREF: ...',
'HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags,LPDWORDlpThreadId)',
'ATOM __stdcall GlobalFindAtomA(LPCSTRlpString)',
'ATOM __stdcall GlobalDeleteAtom(ATOM nAtom)',
'ATOM __stdcall GlobalAddAtomA(LPCSTR lpString)',
'ATOM __stdcall DeleteAtom(ATOM nAtom)',
'ATOM __stdcall AddAtomA(LPCSTR lpString)',
'UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize)',
'BOOL __stdcall DeleteFileA(LPCSTR lpFileName)',
'DWORD__stdcall SetFilePointer(HANDLEhFile, LONG lDistanceToMove, PLONG lpDistanceToMoveHigh, DWORD dwMoveMethod)',
'BOOL __stdcall FlushFileBuffers(HANDLE hFile)',
'BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite,LPDWORDlpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)',
'CODE XREF: __NMSG_WRITE+14A\x18p',
'DATA XREF: __NMSG_WRITE+14A\x18r',
'BOOL __stdcall ReadFile(HANDLE hFile,LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)',
'DWORD__stdcall GetLastError()',
'HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORDdwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLEhTemplateFile)',
'BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName, BOOL bFailIfExists)',
'DWORD__stdcall WaitForMultipleObjects(DWORD nCount, const HANDLE *lpHandles,BOOL bWaitAll, DWORD dwMilliseconds)',
'DWORD__stdcall WaitForSingleObjectEx(HANDLE hHandle,DWORD dwMilliseconds, BOOL bAlertable)',
'DWORD__stdcall WaitForSingleObject(HANDLE hHandle, DWORD dwMilliseconds)',
'BOOL __stdcall SetThreadPriority(HANDLE hThread, int nPriority)',
'HANDLE __stdcall CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState,LPCSTR lpName)',
'BOOL __stdcall ResetEvent(HANDLE hEvent)',
'HANDLE __stdcall OpenEventA(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName)',
'BOOL __stdcall SetEvent(HANDLE hEvent)',
'BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName)',
'LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes)',
'CODE XREF: ___sbh_alloc_new_region+28\x18p',
'DATA XREF: ___sbh_alloc_new_region+28\x18r',
'BOOL __stdcall ReleaseMutex(HANDLE hMutex)',
'HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName)',
'HANDLE __stdcall OpenMutexA(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName)',
'BOOL __stdcall TerminateThread(HANDLEhThread, DWORD dwExitCode)',
'LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex)',
'BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue)',
'BOOL __stdcall TlsFree(DWORD dwTlsIndex)',
'DWORD__stdcall TlsAlloc()',
'CODE XREF: .code:004011E4\x18j',
'DWORD__stdcall GetCurrentProcessId()',
'CODE XREF: .code:004011CE\x18p',
'.code:004011D6\x18p',
'DATA XREF: ...',
'BOOL __stdcall GetSystemTimeAdjustment(PDWORDlpTimeAdjustment, PDWORD lpTimeIncrement, PBOOLlpTimeAdjustmentDisabled)',
'CODE XREF: WinMain(x,x,x,x)+88\x18p',
'DATA XREF: WinMain(x,x,x,x)+88\x18r',
'BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr,int cchSrc, LPWORD lpCharType)',
'CODE XREF: ___crtGetStringTypeA+59\x18p',
'___crtGetStringTypeA+8D\x18p',
'DATA XREF: ...',
'int __stdcallLCMapStringW(LCID Locale, DWORDdwMapFlags, LPCWSTR lpSrcStr, int cchSrc, LPWSTR lpDestStr, intcchDest)',
'CODE XREF: ___crtLCMapStringA+42\x18p',
'___crtLCMapStringA+14D\x18p ...',
'int __stdcallLCMapStringA(LCID Locale, DWORDdwMapFlags, LPCSTR lpSrcStr, int cchSrc, LPSTR lpDestStr, int cchDest)',
'CODE XREF: ___crtLCMapStringA+5E\x18p',
'___crtLCMapStringA+A7\x18p',
'DATA XREF: ...',
'int __stdcallMultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr,int cchWideChar)',
'CODE XREF: ___crtLCMapStringA+DF\x18p',
'___crtLCMapStringA+137\x18p ...',
'LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)',
'CODE XREF: ___sbh_alloc_new_region+76\x18p',
'___sbh_alloc_new_group+51\x18p',
'DATA XREF: ...',
'UINT __stdcall GetOEMCP()',
'DATA XREF: _getSystemCP+1A\x18r',
'BOOL __stdcall GetCPInfo(UINTCodePage, LPCPINFO lpCPInfo)',
'CODE XREF: __setmbcp+48\x18p',
'_setSBUpLow+14\x18p',
'DATA XREF: ...',
'void __stdcall RtlUnwind(PVOID TargetFrame, PVOID TargetIp, PEXCEPTION_RECORDExceptionRecord, PVOID ReturnValue)',
'DATA XREF: RtlUnwind\x18r',
'BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)',
'CODE XREF: ___sbh_free_block+257\x18p',
'___sbh_free_block+2B2\x18p',
'DATA XREF: ...',
'HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)',
'CODE XREF: __heap_init+11\x18p',
'DATA XREF: __heap_init+11\x18r',
'BOOL __stdcall HeapDestroy(HANDLE hHeap)',
'CODE XREF: __heap_init+2F\x18p',
'DATA XREF: __heap_init+2F\x18r',
'DWORD__stdcall GetFileType(HANDLE hFile)',
'CODE XREF: __ioinit+FF\x18p',
'__ioinit+166\x18p',
'DATA XREF: ...',
'HANDLE __stdcall GetStdHandle(DWORD nStdHandle)',
'CODE XREF: __ioinit+158\x18p',
'__NMSG_WRITE+143\x18p',
'DATA XREF: ...',
'UINT __stdcall SetHandleCount(UINT uNumber)',
'CODE XREF: __ioinit+19D\x18p',
'DATA XREF: __ioinit+19D\x18r',
'LPWCH__stdcall GetEnvironmentStringsW()',
'CODE XREF: ___crtGetEnvironmentStringsA+1B\x18p',
'___crtGetEnvironmentStringsA+5B\x18p',
'DATA XREF: ...',
'int __stdcallWideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTRlpMultiByteStr,int cbMultiByte, LPCSTRlpDefaultChar, LPBOOL lpUsedDefaultChar)',
'CODE XREF: ___crtGetEnvironmentStringsA+93\x18p',
'___crtGetEnvironmentStringsA+B5\x18p ...',
'BOOL __stdcall FreeEnvironmentStringsW(LPWCH)',
'CODE XREF: ___crtGetEnvironmentStringsA+CE\x18p',
'DATA XREF: ___crtGetEnvironmentStringsA+CE\x18r',
'DWORD__stdcall GetModuleFileNameA(HMODULE hModule, LPSTR lpFilename,DWORD nSize)',
'CODE XREF: __setargv+23\x18p',
'__NMSG_WRITE+6D\x18p',
'DATA XREF: ...',
'LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)',
'CODE XREF: __XcptFilter+138\x18p',
'DATA XREF: __XcptFilter+138\x18r',
'void __stdcall GetLocalTime(LPSYSTEMTIME lpSystemTime)',
'void __stdcall GetStartupInfoA(LPSTARTUPINFOAlpStartupInfo)',
'CODE XREF: start+9F\x18p',
'__ioinit+59\x18p',
'DATA XREF: ...',
'void __stdcall GetSystemInfo(LPSYSTEM_INFO lpSystemInfo)',
'DWORD__stdcall GetTickCount()',
'BOOL __stdcall GetVersionExA(LPOSVERSIONINFOAlpVersionInformation)',
'BOOL __stdcall IsBadCodePtr(FARPROC lpfn)',
'void __stdcall OutputDebugStringA(LPCSTR lpOutputString)',
'BOOL __stdcall HeapFree(HANDLE hHeap,DWORD dwFlags, LPVOID lpMem)',
'CODE XREF: sub_401018+22\x18p',
'_free+27\x18p ...',
'HANDLE __stdcall GetProcessHeap()',
'CODE XREF: sub_401000+9\x18p',
'sub_401018+1B\x18p',
'DATA XREF: ...',
'BOOL __stdcall CloseHandle(HANDLE hObject)',
'LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)',
'CODE XREF: sub_401000+10\x18p',
'__heap_alloc+2E\x18p ...',
'HANDLE __stdcall GetCurrentProcess()',
'CODE XREF: _doexit+10\x18p',
'DATA XREF: _doexit+10\x18r',
'BOOL __stdcall TerminateProcess(HANDLE hProcess, UINTuExitCode)',
'CODE XREF: _doexit+17\x18p',
'DATA XREF: _doexit+17\x18r',
'DWORD__stdcall GetVersion()',
'CODE XREF: start+26\x18p',
'DATA XREF: start+26\x18r',
'HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)',
'CODE XREF: start+C2\x18p',
'DATA XREF: start+C2\x18r',
'FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)',
'CODE XREF: sub_40201C+2F\x18p',
'___crtMessageBoxA+2A\x18p ...',
'BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, intcchSrc,LPWORD lpCharType)',
'CODE XREF: ___crtGetStringTypeA+3F\x18p',
'___crtGetStringTypeA+12D\x18p',
'DATA XREF: ...',
'Imports from USER32.dll',
'BOOL __stdcall PeekMessageA(LPMSG lpMsg, HWNDhWnd, UINT wMsgFilterMin, UINT wMsgFilterMax, UINT wRemoveMsg)',
'CODE XREF: sub_401042+21\x18p',
'DATA XREF: sub_401042+21\x18r ...',
'LRESULT __stdcall DispatchMessageA(const MSG *lpMsg)',
'CODE XREF: .code:004011B7\x18p',
'DATA XREF: .code:004011B7\x18r',
'BOOL __stdcall TranslateMessage(constMSG *lpMsg)',
'CODE XREF: .code:004011AD\x18p',
'DATA XREF: .code:004011AD\x18r',
'BOOL __stdcall GetMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax)',
'CODE XREF: .code:00401192\x18p',
'DATA XREF: .code:00401192\x18r',
'BOOL __stdcall UpdateWindow(HWND hWnd)',
'CODE XREF: .code:00401182\x18p',
'DATA XREF: .code:00401182\x18r',
'BOOL __stdcall ShowWindow(HWND hWnd, int nCmdShow)',
'CODE XREF: .code:00401176\x18p',
'DATA XREF: .code:00401176\x18r',
'HWND __stdcall GetParent(HWNDhWnd)',
'int __stdcallGetWindowTextLengthA(HWND hWnd)',
'HDC __stdcallBeginPaint(HWNDhWnd, LPPAINTSTRUCT lpPaint)',
'BOOL __stdcall KillTimer(HWNDhWnd, UINT_PTR uIDEvent)',
'int __stdcallMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption,UINT uType)',
'BOOL __stdcall PostMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)',
'void __stdcall PostQuitMessage(int nExitCode)',
'UINT_PTR __stdcall SetTimer(HWND hWnd, UINT_PTR nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc)',
'int wsprintfA(LPSTR, LPCSTR, ...)',
'HICON__stdcall LoadIconA(HINSTANCE hInstance, LPCSTRlpIconName)',
'CODE XREF: .code:004010D8\x18p',
'DATA XREF: .code:004010D8\x18r',
'HCURSOR __stdcall LoadCursorA(HINSTANCE hInstance, LPCSTR lpCursorName)',
'CODE XREF: .code:004010E8\x18p',
'DATA XREF: .code:004010E8\x18r',
'ATOM __stdcall RegisterClassA(const WNDCLASSA*lpWndClass)',
'CODE XREF: .code:00401103\x18p',
'DATA XREF: .code:00401103\x18r',
'HWND __stdcall CreateWindowExA(DWORD dwExStyle, LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int X, int Y,int nWidth, intnHeight, HWND hWndParent, HMENUhMenu, HINSTANCE hInstance, LPVOID lpParam)',
'CODE XREF: .code:00401153\x18p',
'DATA XREF: .code:00401153\x18r',
'Imports from ole32.dll',
'void __stdcall CoUninitialize()',
'DATA XREF: .rdata:00405608\x19o',
'HRESULT __stdcall CoInitialize(LPVOIDpvReserved)',
'HRESULT __stdcall OleRun(LPUNKNOWN pUnknown)',
'HRESULT __stdcall OleSetClipboard(LPDATAOBJECT pDataObj)',
'HRESULT __stdcall OleSaveToStream(LPPERSISTSTREAM pPStm, LPSTREAM pStm)',
'HRESULT __stdcall CoGetMalloc(DWORD dwMemContext, LPMALLOC *ppMalloc)',
'Segment type:Pure data',
'Segment permissions: Read',
'org 405234h',
'char LibFileName[]',
'DATA XREF: sub_40201C+9\x18o',
'char aPhonesetvolume[]',
'DATA XREF: sub_402067+E\x18o',
'DATA XREF: start+5\x18o',
'SEH scope table for function 4024F5',
'DATA XREF: __NMSG_WRITE+119\x18o',
'char asc_405518[]',
'DATA XREF: __NMSG_WRITE+F1\x18o',
'char aRuntimeErrorPr[]',
'DATA XREF: __NMSG_WRITE+D3\x18o',
'char a___[]',
'DATA XREF: __NMSG_WRITE+BF\x18o',
'char aProgramNameUnk[]',
'DATA XREF: __NMSG_WRITE+7D\x18o',
'char aGetlastactivep[]',
'DATA XREF: ___crtMessageBoxA+3D\x18o',
'char aGetactivewindo[]',
'DATA XREF: ___crtMessageBoxA+35\x18o',
'char ProcName[]',
'DATA XREF: ___crtMessageBoxA+24\x18o',
'char aUser32_dll_0[]',
'DATA XREF: ___crtMessageBoxA+D\x18o',
'char byte_405590[]',
'DATA XREF: ___crtLCMapStringA+57\x18o',
'___crtGetStringTypeA+52\x18o',
'constWCHAR SrcStr',
'DATA XREF: ___crtLCMapStringA+36\x18o',
'___crtGetStringTypeA+39\x18o',
'DATA XREF: ___crtLCMapStringA+5\x18o',
'SEH scope table for function 4042AE',
'DATA XREF: ___crtGetStringTypeA+5\x18o',
'SEH scope table for function 4044FD',
'DATA XREF: HEADER:00400168\x18o',
'Import Name Table',
'Time stamp',
'Forwarder Chain',
'DLL Name',
'Import Address Table',
'Import Name Table',
'Time stamp',
'Forwarder Chain',
'DLL Name',
'Import Address Table',
'ImportName Table',
'Time stamp',
'Forwarder Chain',
'DLL Name',
'Import Address Table',
'Import Name Table',
'Time stamp',
'Forwarder Chain',
'DLL Name',
'Import Address Table',
'Import names for ADVAPI32.dll',
'DATA XREF: .rdata:__IMPORT_DESCRIPTOR_ADVAPI32\x18o',
'Import names for KERNEL32.dll',
'DATA XREF: .rdata:__IMPORT_DESCRIPTOR_KERNEL32\x18o',
'Import names for USER32.dll',
'DATA XREF: .rdata:__IMPORT_DESCRIPTOR_USER32\x18o',
'Import names for ole32.dll',
'DATA XREF: .rdata:__IMPORT_DESCRIPTOR_ole32\x18o',
'DATA XREF: .rdata:004057C8\x18o',
'DATA XREF: .rdata:004057C0\x18o',
'DATA XREF: .rdata:004057BC\x18o',
'DATA XREF: .rdata:004057B8\x18o',
'DATA XREF: .rdata:004057B4\x18o',
'DATA XREF: .rdata:004057B0\x18o',
'DATA XREF: .rdata:004057AC\x18o',
'DATA XREF: .rdata:004057A8\x18o',
'DATA XREF: .rdata:004057A4\x18o',
'DATA XREF: .rdata:004057A0\x18o',
'DATA XREF: .rdata:004056F8\x18o',
'DATA XREF: .rdata:off_40564C\x18o',
'DATA XREF: .rdata:00405650\x18o',
'DATA XREF: .rdata:00405654\x18o',
'DATA XREF: .rdata:00405658\x18o',
'DATA XREF: .rdata:0040565C\x18o',
'DATA XREF: .rdata:00405660\x18o',
'DATA XREF: .rdata:00405664\x18o',
'DATA XREF: .rdata:00405668\x18o',
'DATA XREF: .rdata:0040566C\x18o',
'DATA XREF: .rdata:00405670\x18o',
'DATA XREF: .rdata:00405674\x18o',
'DATA XREF: .rdata:00405678\x18o',
'DATA XREF: .rdata:0040567C\x18o',
'DATA XREF: .rdata:00405680\x18o',
'DATA XREF: .rdata:00405684\x18o',
'DATA XREF: .rdata:00405688\x18o',
'DATA XREF: .rdata:0040568C\x18o',
'DATA XREF: .rdata:00405690\x18o',
'DATA XREF: .rdata:00405694\x18o',
'DATA XREF: .rdata:00405698\x18o',
'DATA XREF: .rdata:0040569C\x18o',
'DATA XREF: .rdata:004056A0\x18o',
'DATA XREF: .rdata:004056A4\x18o',
'DATA XREF: .rdata:004056A8\x18o',
'DATA XREF: .rdata:004056AC\x18o',
'DATA XREF: .rdata:004056B0\x18o',
'DATA XREF: .rdata:004056B4\x18o',
'DATA XREF: .rdata:004056B8\x18o',
'DATA XREF: .rdata:004056BC\x18o',
'DATA XREF: .rdata:004056C0\x18o',
'DATA XREF: .rdata:004056C4\x18o',
'DATA XREF: .rdata:004056C8\x18o',
'DATA XREF: .rdata:004056CC\x18o',
'DATA XREF: .rdata:004056D0\x18o',
'DATA XREF: .rdata:004056D4\x18o',
'DATA XREF: .rdata:004056D8\x18o',
'DATA XREF: .rdata:004056DC\x18o',
'DATA XREF: .rdata:004056E0\x18o',
'DATA XREF: .rdata:004056E4\x18o',
'DATA XREF: .rdata:004056E8\x18o',
'DATA XREF: .rdata:004056EC\x18o',
'DATA XREF: .rdata:004056F0\x18o',
'DATA XREF: .rdata:004056F4\x18o',
'DATA XREF: .rdata:004057C4\x18o',
'DATA XREF: .rdata:004056FC\x18o',
'DATA XREF: .rdata:00405700\x18o',
'DATA XREF: .rdata:00405704\x18o',
'DATA XREF: .rdata:00405708\x18o',
'DATA XREF: .rdata:0040570C\x18o',
'DATA XREF: .rdata:00405710\x18o',
'DATA XREF: .rdata:00405714\x18o',
'DATA XREF: .rdata:00405718\x18o',
'DATA XREF: .rdata:0040571C\x18o',
'DATA XREF: .rdata:00405720\x18o',
'DATA XREF: .rdata:00405724\x18o',
'DATA XREF: .rdata:00405728\x18o',
'DATA XREF: .rdata:0040572C\x18o',
'DATA XREF: .rdata:00405730\x18o',
'DATA XREF: .rdata:00405734\x18o',
'DATA XREF: .rdata:00405738\x18o',
'DATA XREF: .rdata:0040573C\x18o',
'DATA XREF: .rdata:00405740\x18o',
'DATA XREF: .rdata:00405744\x18o',
'DATA XREF: .rdata:00405748\x18o',
'DATA XREF: .rdata:0040574C\x18o',
'DATA XREF: .rdata:00405750\x18o',
'DATA XREF: .rdata:004055C8\x18o',
'DATA XREF: .rdata:off_4057E8\x18o',
'DATA XREF: .rdata:004057EC\x18o',
'DATA XREF: .rdata:004057F0\x18o',
'DATA XREF: .rdata:004057F4\x18o',
'DATA XREF: .rdata:004057F8\x18o',
'DATA XREF: .rdata:004057FC\x18o',
'DATA XREF: .rdata:00405830\x18o',
'DATA XREF: .rdata:0040582C\x18o',
'DATA XREF: .rdata:00405828\x18o',
'DATA XREF: .rdata:00405824\x18o',
'DATA XREF: .rdata:00405820\x18o',
'DATA XREF: .rdata:0040581C\x18o',
'DATA XREF: .rdata:00405818\x18o',
'DATA XREF: .rdata:00405814\x18o',
'DATA XREF: .rdata:00405810\x18o',
'DATA XREF: .rdata:0040580C\x18o',
'DATA XREF: .rdata:00405808\x18o',
'DATA XREF: .rdata:00405804\x18o',
'DATA XREF: .rdata:00405800\x18o',
'DATA XREF: .rdata:004055DC\x18o',
'DATA XREF: .rdata:00405640\x18o',
'DATA XREF: .rdata:0040563C\x18o',
'DATA XREF: .rdata:00405638\x18o',
'DATA XREF: .rdata:00405634\x18o',
'DATA XREF: .rdata:00405630\x18o',
'DATA XREF: .rdata:0040562C\x18o',
'DATA XREF: .rdata:00405628\x18o',
'DATA XREF: .rdata:00405624\x18o',
'DATA XREF: .rdata:off_405620\x18o',
'DATA XREF: .rdata:00405644\x18o',
'DATA XREF: .rdata:004055F0\x18o',
'DATA XREF: .rdata:0040584C\x18o',
'DATA XREF: .rdata:off_405838\x18o',
'DATA XREF: .rdata:0040583C\x18o',
'DATA XREF: .rdata:00405840\x18o',
'DATA XREF: .rdata:00405844\x18o',
'DATA XREF: .rdata:00405848\x18o',
'DATA XREF: .rdata:00405604\x18o',
'DATA XREF: .rdata:004057DC\x18o',
'DATA XREF: .rdata:004057D8\x18o',
'DATA XREF: .rdata:004057D4\x18o',
'DATA XREF: .rdata:004057D0\x18o',
'DATA XREF: .rdata:004057CC\x18o',
'DATA XREF: .rdata:0040579C\x18o',
'DATA XREF: .rdata:00405798\x18o',
'DATA XREF: .rdata:00405794\x18o',
'DATA XREF: .rdata:00405790\x18o',
'DATA XREF: .rdata:0040578C\x18o',
'DATA XREF: .rdata:00405788\x18o',
'DATA XREF: .rdata:00405784\x18o',
'DATA XREF: .rdata:00405780\x18o',
'DATA XREF: .rdata:0040577C\x18o',
'DATA XREF: .rdata:00405778\x18o',
'DATA XREF: .rdata:00405774\x18o',
'DATA XREF: .rdata:00405770\x18o',
'DATA XREF: .rdata:0040576C\x18o',
'DATA XREF: .rdata:00405768\x18o',
'DATA XREF: .rdata:00405764\x18o',
'DATA XREF: .rdata:00405760\x18o',
'DATA XREF: .rdata:0040575C\x18o',
'DATA XREF: .rdata:00405758\x18o',
'DATA XREF: .rdata:00405754\x18o',
'DATA XREF: .rdata:004057E0\x18o',
'Section 4. (virtual address 00007000)',
'Virtual size : 0022FCFC (2292988.)',
'Section size in file : 0003C000 ( 245760.)',
'Offsetto raw data forsection: 00007000',
'Flags C0000040: Data Readable Writable',
'Alignment : default',
'Segment type: Pure data',
'Segment permissions: Read/Write',
'org 407000h',
'DATA XREF: HEADER:00400264\x18o',
'__cinit+1F\x18o',
'DATA XREF: __cinit+1A\x18o',
'DATA XREF: __cinit+10\x18o',
'DATA XREF: __cinit:loc_40263F\x18o',
'DATA XREF: _doexit+65\x18o',
'DATA XREF: _doexit:loc_4026E3\x18o',
'DATA XREF: _doexit+76\x18o',
'DATA XREF: _doexit:loc_4026F4\x18o',
'DATA XREF: sub_401C00+A0\x18r',
'sub_401C00+B7\x18w ...',
'DATA XREF: __amsg_exit+1C\x18r',
'DATA XREF: __FF_MSGBANNER+E\x18r',
'__NMSG_WRITE+46\x18r',
'DATA XREF: _xcptlookup+A\x18r',
'_xcptlookup+11\x18o',
'DATA XREF: __XcptFilter+58\x18r',
'DATA XREF: __XcptFilter+5E\x18r',
'DATA XREF: _xcptlookup+4\x18r',
'DATA XREF: __XcptFilter+82\x18r',
'__XcptFilter+8F\x18w ...',
'__NLG_Notify+2\x18o',
'DATA XREF: __NMSG_WRITE+E\x18o',
'__NMSG_WRITE+28\x18r',
'DATA XREF: __NMSG_WRITE+FC\x18r',
'__NMSG_WRITE+12D\x18o',
'DATA XREF: __NMSG_WRITE+1B\x18o',
'__setmbcp+E1\x18r',
'DATA XREF: __heap_alloc+5\x18r',
'DATA XREF: sub_4032A1+18\x18r',
'DATA XREF: sub_4014E6+B9\x18w',
'sub_401941+184\x18r',
'DATA XREF: sub_4014E6+110\x18w',
'sub_401CC3+B5\x18r',
'DATA XREF: sub_4014E6+104\x18r',
'sub_401C00+7B\x18w',
'DATA XREF: sub_4014E6+82\x18r',
'sub_4014E6+98\x18r ...',
'DATA XREF: sub_4014E6+8E\x18w',
'sub_401941+1C4\x18r',
'DATA XREF: sub_4014E6+E4\x18w',
'sub_401B14+A7\x18r ...',
'DATA XREF: .code:00401159\x18w',
'.code:0040115E\x18r ...',
'DATA XREF: sub_4014E6+FA\x18w',
'DATA XREF: sub_4014E6+CF\x18w',
'sub_401B14+3E\x18r',
'DATA XREF: .code:0040111C\x18w',
'.code:00401124\x18r',
'DATA XREF: sub_4014E6+A3\x18w',
'sub_401941+63\x18r',
'HMODULE hModule',
'DATA XREF: sub_40201C\x18r',
'sub_40201C+16\x18w ...',
'DATA XREF: sub_402067\x18r',
'sub_402067+9\x18o...',
'char *dword_6367D4',
'DATA XREF: start+84\x18w',
'__setenvp:loc_402924\x18r...',
'DATA XREF: __amsg_exit\x18r',
'_fast_error_exit\x18r ...',
'DATA XREF: start+52\x18w',
'DATA XREF: start+49\x18w',
'DATA XREF: start+3E\x18w',
'DATA XREF: start+30\x18w',
'DATA XREF: __setargv+91\x18w',
'DATA XREF: __setargv+89\x18w',
'DATA XREF: __setenvp+44\x18w',
'DATA XREF: __setargv+2E\x18w',
'DATA XREF: _doexit+2D\x18w',
'DATA XREF: _doexit+27\x18w',
'DATA XREF: _doexit+4\x18r',
'_doexit+8B\x18w',
'DATA XREF: __XcptFilter+3A\x18r',
'__XcptFilter+46\x18w ...',
'char Filename[260]',
'DATA XREF: __setargv:loc_4029E2\x18o',
'DATA XREF: ___crtGetEnvironmentStringsA+2\x18r',
'___crtGetEnvironmentStringsA+23\x18w ...',
'DATA XREF: __FF_MSGBANNER+21\x18r',
'DATA XREF: __setmbcp:loc_40344D\x18r',
'_getSystemCP+4\x18w ...',
'DATA XREF: ___crtMessageBoxA+3\x18r',
'___crtMessageBoxA+2E\x18w...',
'DATA XREF: ___crtMessageBoxA+43\x18w',
'___crtMessageBoxA:loc_404173\x18r',
'DATA XREF: ___crtMessageBoxA+4A\x18w',
'___crtMessageBoxA+60\x18r',
'DATA XREF: ___crtGetStringTypeA+7B\x18r',
'DATA XREF: _getSystemCP+3A\x18r',
'___crtLCMapStringA+C0\x18r ...',
'DATA XREF: ___crtLCMapStringA+28\x18r',
'___crtLCMapStringA+4C\x18w ...',
'DATA XREF: ___crtGetStringTypeA+26\x18r',
'___crtGetStringTypeA:loc_404567\x18w',
'DATA XREF: _malloc\x18r',
'DATA XREF: __callnewh\x18r',
'DATA XREF: ___sbh_heap_init+32\x18w',
'___sbh_alloc_new_region+5\x18r ...',
'DATA XREF: ___sbh_free_block+239\x18r',
'___sbh_free_block+259\x18r ...',
'DATA XREF: ___sbh_heap_init+2D\x18w',
'___sbh_free_block+310\x18w ...',
'void *dword_636988',
'DATA XREF: ___sbh_heap_init:loc_4038F8\x18w',
'___sbh_free_block+22C\x18r ...',
'DATA XREF: ___sbh_heap_init+24\x18w',
'___sbh_find_block\x18r ...',
'LPVOIDlpMem',
'DATA XREF: ___sbh_heap_init+15\x18w',
'___sbh_find_block+8\x18r ...',
'UINT CodePage',
'DATA XREF: __setmbcp+14\x18r',
'__setmbcp+65\x18w...',
'__setmbcp+171\x18o ...',
'DATA XREF: __setmbcp+108\x18w',
'__setmbcp+15D\x18w ...',
'DATA XREF: _setSBUpLow:loc_40361D\x18w',
'_setSBUpLow:loc_40363A\x18w ...',
'__setmbcp+AF\x18o...',
'DATA XREF: _parse_cmdline+3F\x18r',
'_parse_cmdline+84\x18r ...',
'LCID Locale',
'DATA XREF: __setmbcp+6E\x18w',
'__setmbcp+12B\x18w ...',
'HANDLEhHeap',
'DATA XREF: __heap_init+19\x18w',
'__heap_init+29\x18r ...',
'DATA XREF: __ioinit:loc_402D6A\x18w',
'__ioinit+45\x18r ...',
'UINT uNumber',
'DATA XREF: __ioinit+26\x18w',
'__ioinit:loc_402DD4\x18r ...',
'DATA XREF: __setenvp+AD\x18w',
'DATA XREF: __wincmdln\x18r',
'__setenvp+3\x18r ...',
'DATA XREF: _doexit+3E\x18r',
'DATA XREF: _doexit+35\x18r',
'_doexit+57\x18r',
'DATA XREF: __cinit\x18r',
'DATA XREF: start+7A\x18w',
'__wincmdln+F\x18r...']
In [98]:
doc['calls'].keys()
Out[98]:
dict_keys(['cdecl', 'calls', 'cdecl_count', 'thiscall', 'total_calls', 'fastcall_count', 'stdcall_count', 'fastcall', 'thiscall_count', 'stdcall'])
In [100]:
doc['dlls']
Out[100]:
['kernel32.dll', '"tapi32.dll"', 'ole32.dll', 'advapi32.dll', 'user32.dll']
In [101]:
doc['calls']
Out[101]:
{'calls': ['int __cdecl sub_401000(SIZE_T dwBytes)',
'int __cdecl sub_401018(LPVOID lpMem, size_t)',
'int __stdcall sub_401042(HWND hWnd, int, int, int)',
'int __cdecl sub_401941(void *)',
'int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)',
'int __cdecl sub_402000(void *,void *)',
'int __stdcall sub_40201C(LPCSTR lpProcName, int)',
'BOOL __stdcall GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass,LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)',
'BOOL __stdcall InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor,DWORD dwRevision)',
'LSTATUS __stdcall RegCloseKey(HKEY hKey)',
'LSTATUS __stdcall RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey,DWORD Reserved,LPSTR lpClass, DWORD dwOptions,REGSAM samDesired, const LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition)',
'LSTATUS __stdcall RegEnumValueA(HKEY hKey, DWORD dwIndex, LPSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)',
'LSTATUS __stdcall RegQueryValueExA(HKEY hKey,LPCSTR lpValueName, LPDWORD lpReserved,LPDWORDlpType,LPBYTE lpData, LPDWORD lpcbData)',
'LSTATUS __stdcall RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)',
'BOOL __stdcall AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID*pSid)',
'BOOL __stdcall GetHandleInformation(HANDLE hObject, LPDWORD lpdwFlags)',
'BOOL __stdcall GetFileTime(HANDLE hFile, LPFILETIME lpCreationTime, LPFILETIME lpLastAccessTime, LPFILETIME lpLastWriteTime)',
'BOOL __stdcall GetComputerNameA(LPSTRlpBuffer, LPDWORD nSize)',
'UINT __stdcall GetACP()',
'BOOL __stdcall FreeLibrary(HMODULE hLibModule)',
'HMODULE __stdcall LoadLibraryA(LPCSTRlpLibFileName)',
'BOOL __stdcall SetEnvironmentVariableA(LPCSTRlpName,LPCSTR lpValue)',
'BOOL __stdcall FreeEnvironmentStringsA(LPCH)',
'LPCH __stdcall GetEnvironmentStrings()',
'BOOL __stdcall SetTimeZoneInformation(const TIME_ZONE_INFORMATION *lpTimeZoneInformation)',
'void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'LONG __stdcall InterlockedCompareExchange(volatile LONG *Destination,LONG Exchange, LONG Comperand)',
'LONG __stdcall InterlockedIncrement(volatile LONG *lpAddend)',
'BOOL __stdcall GlobalUnlock(HGLOBAL hMem)',
'LPVOID __stdcall GlobalLock(HGLOBAL hMem)',
'HGLOBAL __stdcall GlobalReAlloc(HGLOBAL hMem,SIZE_T dwBytes,UINT uFlags)',
'void __stdcall ExitThread(DWORD dwExitCode)',
'void __stdcall ExitProcess(UINT uExitCode)',
'HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags,LPDWORDlpThreadId)',
'ATOM __stdcall GlobalFindAtomA(LPCSTRlpString)',
'ATOM __stdcall GlobalDeleteAtom(ATOM nAtom)',
'ATOM __stdcall GlobalAddAtomA(LPCSTR lpString)',
'ATOM __stdcall DeleteAtom(ATOM nAtom)',
'ATOM __stdcall AddAtomA(LPCSTR lpString)',
'UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize)',
'BOOL __stdcall DeleteFileA(LPCSTR lpFileName)',
'BOOL __stdcall FlushFileBuffers(HANDLE hFile)',
'BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite,LPDWORDlpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)',
'BOOL __stdcall ReadFile(HANDLE hFile,LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)',
'HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORDdwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLEhTemplateFile)',
'BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName, BOOL bFailIfExists)',
'BOOL __stdcall SetThreadPriority(HANDLE hThread, int nPriority)',
'HANDLE __stdcall CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState,LPCSTR lpName)',
'BOOL __stdcall ResetEvent(HANDLE hEvent)',
'HANDLE __stdcall OpenEventA(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName)',
'BOOL __stdcall SetEvent(HANDLE hEvent)',
'BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName)',
'LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes)',
'BOOL __stdcall ReleaseMutex(HANDLE hMutex)',
'HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName)',
'HANDLE __stdcall OpenMutexA(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName)',
'BOOL __stdcall TerminateThread(HANDLEhThread, DWORD dwExitCode)',
'LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex)',
'BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue)',
'BOOL __stdcall TlsFree(DWORD dwTlsIndex)',
'BOOL __stdcall GetSystemTimeAdjustment(PDWORDlpTimeAdjustment, PDWORD lpTimeIncrement, PBOOLlpTimeAdjustmentDisabled)',
'BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr,int cchSrc, LPWORD lpCharType)',
'LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)',
'UINT __stdcall GetOEMCP()',
'BOOL __stdcall GetCPInfo(UINTCodePage, LPCPINFO lpCPInfo)',
'void __stdcall RtlUnwind(PVOID TargetFrame, PVOID TargetIp, PEXCEPTION_RECORDExceptionRecord, PVOID ReturnValue)',
'BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)',
'HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)',
'BOOL __stdcall HeapDestroy(HANDLE hHeap)',
'HANDLE __stdcall GetStdHandle(DWORD nStdHandle)',
'UINT __stdcall SetHandleCount(UINT uNumber)',
'BOOL __stdcall FreeEnvironmentStringsW(LPWCH)',
'LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)',
'void __stdcall GetLocalTime(LPSYSTEMTIME lpSystemTime)',
'void __stdcall GetStartupInfoA(LPSTARTUPINFOAlpStartupInfo)',
'void __stdcall GetSystemInfo(LPSYSTEM_INFO lpSystemInfo)',
'BOOL __stdcall GetVersionExA(LPOSVERSIONINFOAlpVersionInformation)',
'BOOL __stdcall IsBadCodePtr(FARPROC lpfn)',
'void __stdcall OutputDebugStringA(LPCSTR lpOutputString)',
'BOOL __stdcall HeapFree(HANDLE hHeap,DWORD dwFlags, LPVOID lpMem)',
'HANDLE __stdcall GetProcessHeap()',
'BOOL __stdcall CloseHandle(HANDLE hObject)',
'LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)',
'HANDLE __stdcall GetCurrentProcess()',
'BOOL __stdcall TerminateProcess(HANDLE hProcess, UINTuExitCode)',
'HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)',
'FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)',
'BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, intcchSrc,LPWORD lpCharType)',
'BOOL __stdcall PeekMessageA(LPMSG lpMsg, HWNDhWnd, UINT wMsgFilterMin, UINT wMsgFilterMax, UINT wRemoveMsg)',
'LRESULT __stdcall DispatchMessageA(const MSG *lpMsg)',
'BOOL __stdcall TranslateMessage(constMSG *lpMsg)',
'BOOL __stdcall GetMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax)',
'BOOL __stdcall UpdateWindow(HWND hWnd)',
'BOOL __stdcall ShowWindow(HWND hWnd, int nCmdShow)',
'HWND __stdcall GetParent(HWNDhWnd)',
'BOOL __stdcall KillTimer(HWNDhWnd, UINT_PTR uIDEvent)',
'BOOL __stdcall PostMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)',
'void __stdcall PostQuitMessage(int nExitCode)',
'UINT_PTR __stdcall SetTimer(HWND hWnd, UINT_PTR nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc)',
'HCURSOR __stdcall LoadCursorA(HINSTANCE hInstance, LPCSTR lpCursorName)',
'ATOM __stdcall RegisterClassA(const WNDCLASSA*lpWndClass)',
'HWND __stdcall CreateWindowExA(DWORD dwExStyle, LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int X, int Y,int nWidth, intnHeight, HWND hWndParent, HMENUhMenu, HINSTANCE hInstance, LPVOID lpParam)',
'void __stdcall CoUninitialize()',
'HRESULT __stdcall CoInitialize(LPVOIDpvReserved)',
'HRESULT __stdcall OleRun(LPUNKNOWN pUnknown)',
'HRESULT __stdcall OleSetClipboard(LPDATAOBJECT pDataObj)',
'HRESULT __stdcall OleSaveToStream(LPPERSISTSTREAM pPStm, LPSTREAM pStm)',
'HRESULT __stdcall CoGetMalloc(DWORD dwMemContext, LPMALLOC *ppMalloc)'],
'cdecl': ['int __cdecl sub_401000(SIZE_T dwBytes)',
'int __cdecl sub_401018(LPVOID lpMem, size_t)',
'int __cdecl sub_401941(void *)',
'int __cdecl sub_402000(void *,void *)'],
'cdecl_count': 4,
'fastcall': [],
'fastcall_count': 0,
'stdcall': ['int __stdcall sub_401042(HWND hWnd, int, int, int)',
'int __stdcall WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)',
'int __stdcall sub_40201C(LPCSTR lpProcName, int)',
'BOOL __stdcall GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass,LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)',
'BOOL __stdcall InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor,DWORD dwRevision)',
'LSTATUS __stdcall RegCloseKey(HKEY hKey)',
'LSTATUS __stdcall RegCreateKeyExA(HKEY hKey, LPCSTR lpSubKey,DWORD Reserved,LPSTR lpClass, DWORD dwOptions,REGSAM samDesired, const LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult, LPDWORD lpdwDisposition)',
'LSTATUS __stdcall RegEnumValueA(HKEY hKey, DWORD dwIndex, LPSTR lpValueName, LPDWORD lpcchValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)',
'LSTATUS __stdcall RegQueryValueExA(HKEY hKey,LPCSTR lpValueName, LPDWORD lpReserved,LPDWORDlpType,LPBYTE lpData, LPDWORD lpcbData)',
'LSTATUS __stdcall RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)',
'BOOL __stdcall AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID*pSid)',
'BOOL __stdcall GetHandleInformation(HANDLE hObject, LPDWORD lpdwFlags)',
'BOOL __stdcall GetFileTime(HANDLE hFile, LPFILETIME lpCreationTime, LPFILETIME lpLastAccessTime, LPFILETIME lpLastWriteTime)',
'BOOL __stdcall GetComputerNameA(LPSTRlpBuffer, LPDWORD nSize)',
'UINT __stdcall GetACP()',
'BOOL __stdcall FreeLibrary(HMODULE hLibModule)',
'HMODULE __stdcall LoadLibraryA(LPCSTRlpLibFileName)',
'BOOL __stdcall SetEnvironmentVariableA(LPCSTRlpName,LPCSTR lpValue)',
'BOOL __stdcall FreeEnvironmentStringsA(LPCH)',
'LPCH __stdcall GetEnvironmentStrings()',
'BOOL __stdcall SetTimeZoneInformation(const TIME_ZONE_INFORMATION *lpTimeZoneInformation)',
'void __stdcall InitializeCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'void __stdcall DeleteCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'void __stdcall LeaveCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'void __stdcall EnterCriticalSection(LPCRITICAL_SECTION lpCriticalSection)',
'LONG __stdcall InterlockedCompareExchange(volatile LONG *Destination,LONG Exchange, LONG Comperand)',
'LONG __stdcall InterlockedIncrement(volatile LONG *lpAddend)',
'BOOL __stdcall GlobalUnlock(HGLOBAL hMem)',
'LPVOID __stdcall GlobalLock(HGLOBAL hMem)',
'HGLOBAL __stdcall GlobalReAlloc(HGLOBAL hMem,SIZE_T dwBytes,UINT uFlags)',
'void __stdcall ExitThread(DWORD dwExitCode)',
'void __stdcall ExitProcess(UINT uExitCode)',
'HANDLE __stdcall CreateThread(LPSECURITY_ATTRIBUTES lpThreadAttributes, SIZE_T dwStackSize, LPTHREAD_START_ROUTINE lpStartAddress, LPVOID lpParameter, DWORD dwCreationFlags,LPDWORDlpThreadId)',
'ATOM __stdcall GlobalFindAtomA(LPCSTRlpString)',
'ATOM __stdcall GlobalDeleteAtom(ATOM nAtom)',
'ATOM __stdcall GlobalAddAtomA(LPCSTR lpString)',
'ATOM __stdcall DeleteAtom(ATOM nAtom)',
'ATOM __stdcall AddAtomA(LPCSTR lpString)',
'UINT __stdcall GetWindowsDirectoryA(LPSTR lpBuffer, UINT uSize)',
'BOOL __stdcall DeleteFileA(LPCSTR lpFileName)',
'BOOL __stdcall FlushFileBuffers(HANDLE hFile)',
'BOOL __stdcall WriteFile(HANDLE hFile, LPCVOID lpBuffer, DWORD nNumberOfBytesToWrite,LPDWORDlpNumberOfBytesWritten,LPOVERLAPPED lpOverlapped)',
'BOOL __stdcall ReadFile(HANDLE hFile,LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped)',
'HANDLE __stdcall CreateFileA(LPCSTR lpFileName, DWORDdwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes,DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLEhTemplateFile)',
'BOOL __stdcall CopyFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName, BOOL bFailIfExists)',
'BOOL __stdcall SetThreadPriority(HANDLE hThread, int nPriority)',
'HANDLE __stdcall CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState,LPCSTR lpName)',
'BOOL __stdcall ResetEvent(HANDLE hEvent)',
'HANDLE __stdcall OpenEventA(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName)',
'BOOL __stdcall SetEvent(HANDLE hEvent)',
'BOOL __stdcall MoveFileA(LPCSTR lpExistingFileName, LPCSTR lpNewFileName)',
'LPVOID __stdcall HeapReAlloc(HANDLE hHeap, DWORD dwFlags, LPVOID lpMem, SIZE_T dwBytes)',
'BOOL __stdcall ReleaseMutex(HANDLE hMutex)',
'HANDLE __stdcall CreateMutexA(LPSECURITY_ATTRIBUTES lpMutexAttributes, BOOL bInitialOwner, LPCSTR lpName)',
'HANDLE __stdcall OpenMutexA(DWORD dwDesiredAccess, BOOL bInheritHandle, LPCSTR lpName)',
'BOOL __stdcall TerminateThread(HANDLEhThread, DWORD dwExitCode)',
'LPVOID __stdcall TlsGetValue(DWORD dwTlsIndex)',
'BOOL __stdcall TlsSetValue(DWORD dwTlsIndex, LPVOID lpTlsValue)',
'BOOL __stdcall TlsFree(DWORD dwTlsIndex)',
'BOOL __stdcall GetSystemTimeAdjustment(PDWORDlpTimeAdjustment, PDWORD lpTimeIncrement, PBOOLlpTimeAdjustmentDisabled)',
'BOOL __stdcall GetStringTypeA(LCID Locale, DWORD dwInfoType, LPCSTR lpSrcStr,int cchSrc, LPWORD lpCharType)',
'LPVOID __stdcall VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)',
'UINT __stdcall GetOEMCP()',
'BOOL __stdcall GetCPInfo(UINTCodePage, LPCPINFO lpCPInfo)',
'void __stdcall RtlUnwind(PVOID TargetFrame, PVOID TargetIp, PEXCEPTION_RECORDExceptionRecord, PVOID ReturnValue)',
'BOOL __stdcall VirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType)',
'HANDLE __stdcall HeapCreate(DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize)',
'BOOL __stdcall HeapDestroy(HANDLE hHeap)',
'HANDLE __stdcall GetStdHandle(DWORD nStdHandle)',
'UINT __stdcall SetHandleCount(UINT uNumber)',
'BOOL __stdcall FreeEnvironmentStringsW(LPWCH)',
'LONG __stdcall UnhandledExceptionFilter(struct _EXCEPTION_POINTERS *ExceptionInfo)',
'void __stdcall GetLocalTime(LPSYSTEMTIME lpSystemTime)',
'void __stdcall GetStartupInfoA(LPSTARTUPINFOAlpStartupInfo)',
'void __stdcall GetSystemInfo(LPSYSTEM_INFO lpSystemInfo)',
'BOOL __stdcall GetVersionExA(LPOSVERSIONINFOAlpVersionInformation)',
'BOOL __stdcall IsBadCodePtr(FARPROC lpfn)',
'void __stdcall OutputDebugStringA(LPCSTR lpOutputString)',
'BOOL __stdcall HeapFree(HANDLE hHeap,DWORD dwFlags, LPVOID lpMem)',
'HANDLE __stdcall GetProcessHeap()',
'BOOL __stdcall CloseHandle(HANDLE hObject)',
'LPVOID __stdcall HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes)',
'HANDLE __stdcall GetCurrentProcess()',
'BOOL __stdcall TerminateProcess(HANDLE hProcess, UINTuExitCode)',
'HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName)',
'FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName)',
'BOOL __stdcall GetStringTypeW(DWORD dwInfoType, LPCWSTR lpSrcStr, intcchSrc,LPWORD lpCharType)',
'BOOL __stdcall PeekMessageA(LPMSG lpMsg, HWNDhWnd, UINT wMsgFilterMin, UINT wMsgFilterMax, UINT wRemoveMsg)',
'LRESULT __stdcall DispatchMessageA(const MSG *lpMsg)',
'BOOL __stdcall TranslateMessage(constMSG *lpMsg)',
'BOOL __stdcall GetMessageA(LPMSG lpMsg, HWND hWnd, UINT wMsgFilterMin, UINT wMsgFilterMax)',
'BOOL __stdcall UpdateWindow(HWND hWnd)',
'BOOL __stdcall ShowWindow(HWND hWnd, int nCmdShow)',
'HWND __stdcall GetParent(HWNDhWnd)',
'BOOL __stdcall KillTimer(HWNDhWnd, UINT_PTR uIDEvent)',
'BOOL __stdcall PostMessageA(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)',
'void __stdcall PostQuitMessage(int nExitCode)',
'UINT_PTR __stdcall SetTimer(HWND hWnd, UINT_PTR nIDEvent, UINT uElapse, TIMERPROC lpTimerFunc)',
'HCURSOR __stdcall LoadCursorA(HINSTANCE hInstance, LPCSTR lpCursorName)',
'ATOM __stdcall RegisterClassA(const WNDCLASSA*lpWndClass)',
'HWND __stdcall CreateWindowExA(DWORD dwExStyle, LPCSTR lpClassName, LPCSTR lpWindowName, DWORD dwStyle, int X, int Y,int nWidth, intnHeight, HWND hWndParent, HMENUhMenu, HINSTANCE hInstance, LPVOID lpParam)',
'void __stdcall CoUninitialize()',
'HRESULT __stdcall CoInitialize(LPVOIDpvReserved)',
'HRESULT __stdcall OleRun(LPUNKNOWN pUnknown)',
'HRESULT __stdcall OleSetClipboard(LPDATAOBJECT pDataObj)',
'HRESULT __stdcall OleSaveToStream(LPPERSISTSTREAM pPStm, LPSTREAM pStm)',
'HRESULT __stdcall CoGetMalloc(DWORD dwMemContext, LPMALLOC *ppMalloc)'],
'stdcall_count': 107,
'thiscall': [],
'thiscall_count': 0,
'total_calls': 111}
In [ ]:
Content source: afruizc/microsoft_malware_challenge
Similar notebooks:
notebook.community | gallery | about