Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Sep-01 22:59:28 |
Detected languages |
Chinese - PRC
English - United States |
Debug artifacts |
c:\x64_dbg\bin\x96dbg.pdb
|
FileDescription | x64dbg |
FileVersion | 0.0.2.5 |
LegalCopyright | x64dbg.com |
ProductName | x64dbg |
ProductVersion | 0.0.2.5 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to debugging or reversing tools:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Open Source Developer
Issuer: Certum Code Signing CA SHA2 |
Safe | VirusTotal score: 0/67 (Scanned on 2018-09-08 13:33:19) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2018-Sep-01 22:59:28 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32 |
---|---|
LinkerVersion | 12.0 |
SizeOfCode | 0x11600 |
SizeOfInitializedData | 0x15200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000061E2 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x13000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x2b000 |
SizeOfHeaders | 0x400 |
Checksum | 0x31f9a |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
SHLWAPI.dll |
PathIsRelativeW
PathRemoveFileSpecW PathAppendW |
---|---|
KERNEL32.dll |
WriteFile
CloseHandle MapViewOfFile UnmapViewOfFile CreateFileMappingW GetModuleFileNameW GetModuleHandleW GetCommandLineW OutputDebugStringW GetPrivateProfileStringW WritePrivateProfileStringW GetCurrentDirectoryW CreateFileW InitializeCriticalSectionAndSpinCount GetVersionExW IsWow64Process GetConsoleMode GetConsoleCP OpenProcess GetCPInfo GetOEMCP GetACP IsValidCodePage LoadLibraryExW LeaveCriticalSection GetFileAttributesW GetCurrentProcess LocalFree GetProcAddress SetFilePointerEx SetStdHandle WriteConsoleW EnterCriticalSection LCMapStringW FreeEnvironmentStringsW HeapReAlloc RtlUnwind EncodePointer DecodePointer IsDebuggerPresent IsProcessorFeaturePresent RaiseException FlushFileBuffers GetCommandLineA GetLastError HeapFree HeapAlloc ExitProcess GetModuleHandleExW MultiByteToWideChar WideCharToMultiByte HeapSize UnhandledExceptionFilter SetUnhandledExceptionFilter SetLastError Sleep TerminateProcess TlsAlloc TlsGetValue TlsSetValue TlsFree GetStartupInfoW GetCurrentThreadId GetStringTypeW GetProcessHeap GetStdHandle GetFileType DeleteCriticalSection GetModuleFileNameA QueryPerformanceCounter GetCurrentProcessId GetSystemTimeAsFileTime GetEnvironmentStringsW |
USER32.dll |
LoadStringW
MessageBoxW EnableWindow SetDlgItemTextW GetDlgItem EndDialog DialogBoxParamW SendMessageW wsprintfW LoadIconW |
COMDLG32.dll |
GetOpenFileNameW
|
ADVAPI32.dll |
RegSetValueExW
RegOpenKeyExW RegCreateKeyW RegCloseKey |
SHELL32.dll |
CommandLineToArgvW
SHGetSpecialFolderPathW ShellExecuteW SHChangeNotify |
ole32.dll |
CoCreateInstance
CoInitialize |
OLEAUT32.dll |
#6
#2 |
COMCTL32.dll |
#17
|
Setup |
Error |
Error getting module path! |
Question |
Do you want to register a shell extension? |
Do you want to create Desktop Shortcuts? |
Done! |
New configuration written! |
安装 |
错误 |
获取模块路径时出错! |
温馨提示 |
您想要为调试器注册右键菜单吗? |
您想要创建桌面快捷方式吗? |
完成! |
新的配置已经写入! |
Path to x32dbg not specified in launcher configuration... |
Path to x64dbg not specified in launcher configuration... |
Invalid PE File! |
File not found or in use! |
A Debugger for the future! |
Running as Admin? |
RegCreateKey failed! |
RegSetValueEx failed! |
RegOpenKeyEx Failed! |
BridgeInit Error |
Debug with x64dbg |
Do you want to register the database icon? |
BridgeStart Error |
启动器的配置文件中没有指定x32dbg的路径... |
启动器的配置文件中没有指定x64dbg的路径... |
无效的PE文件! |
文件没找到,或者已被占用! |
一个面向未来的调试器! |
您确定以管理员权限运行本程序了吗? |
RegCreateKey 失败! |
RegSetValueEx 失败! |
RegOpenKeyEx 失败! |
BridgeInit 发生错误 |
用x64dbg调试 |
您想为调试数据库设置图标吗? |
BridgeStart 发生错误 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.0.2.5 |
ProductVersion | 0.0.2.5 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_UNKNOWN
|
Language | English - United States |
FileDescription | x64dbg |
FileVersion (#2) | 0.0.2.5 |
LegalCopyright | x64dbg.com |
ProductName | x64dbg |
ProductVersion (#2) | 0.0.2.5 |
Resource LangID | UNKNOWN |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Sep-01 22:59:28 |
Version | 0.0 |
SizeofData | 50 |
AddressOfRawData | 0x18a70 |
PointerToRawData | 0x17470 |
Referenced File | c:\x64_dbg\bin\x96dbg.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Sep-01 22:59:28 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x18aa4 |
PointerToRawData | 0x174a4 |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x41b190 |
SEHandlerTable | 0x418e00 |
SEHandlerCount | 14 |
XOR Key | 0x1bf6b60d |
---|---|
Unmarked objects | 0 |
ASM objects (VS2013 build 21005) | 21 |
C objects (VS2013 build 21005) | 122 |
C++ objects (VS2013 build 21005) | 48 |
C objects (VS2008 SP1 build 30729) | 3 |
Imports (VS2008 SP1 build 30729) | 19 |
Total imports | 115 |
C++ objects (VS2013 UPD5 build 40629) | 1 |
Resource objects (VS2013 build 21005) | 1 |
151 | 2 |
Linker (VS2013 UPD5 build 40629) | 1 |