滴水逆向-导入表
课堂知识点
文字知识点
导入表 实现: 1.使用OD打开一个发布版的exe程序,定位到某个DLL的API 2.在没有加载的EXE中找到这个位置,观察加载前后的区别 导入表结构: typedef struct _IMAGE_IMPORT_DESCRIPTOR { union { DWORD Characteristics; DWORD OriginalFirstThunk; //RVA 指向IMAGE_THUNK_DATA结构数组 }; DWORD TimeDateStamp; //时间戳 DWORD ForwarderChain; DWORD Name; //RVA,指向dll名字,该名字已0结尾 DWORD FirstThunk; //RVA,指向IMAGE_THUNK_DATA结构数组 } IMAGE_IMPORT_DESCRIPTOR; typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR; typedef struct _IMAGE_THUNK_DATA32 { union { call [0x412356] PBYTE ForwarderString; PDWORD Function; DWORD Ordinal; //序号 PIMAGE_IMPORT_BY_NAME AddressOfData; //指向IMAGE_IMPORT_BY_NAME } u1; } IMAGE_THUNK_DATA32; typedef IMAGE_THUNK_DATA32 * PIMAGE_THUNK_DATA32; typedef struct _IMAGE_IMPORT_BY_NAME { WORD Hint; //可能为空,编译器决定 如果不为空 是函数在导出表中的索引 BYTE Name[1]; //函数名称,以0结尾 } IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; 输出导入表的过程: 1.定位导入表: 目录项目的第2个结构就是导入表 typedef struct _IMAGE_DATA_DIRECTORY { DWORD VirtualAddress; //RVA 指向导入表结构 DWORD Size; } IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY; 将RVA转换成FOA typedef struct _IMAGE_IMPORT_DESCRIPTOR { union { DWORD Characteristics; DWORD OriginalFirstThunk; }; DWORD TimeDateStamp; DWORD ForwarderChain; DWORD Name; DWORD FirstThunk; } IMAGE_IMPORT_DESCRIPTOR; typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR; ...... typedef struct _IMAGE_IMPORT_DESCRIPTOR { union { DWORD Characteristics; DWORD OriginalFirstThunk; }; DWORD TimeDateStamp; DWORD ForwarderChain; DWORD Name; DWORD FirstThunk; } IMAGE_IMPORT_DESCRIPTOR; typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR; sizeOf(IMAGE_IMPORT_DESCRIPTOR) 个 0 代表导入表结束 2.输出DLL名字 typedef struct _IMAGE_IMPORT_DESCRIPTOR { union { DWORD Characteristics; DWORD OriginalFirstThunk; }; DWORD TimeDateStamp; DWORD ForwarderChain; DWORD Name; RVA 指向一个以0结尾的字符串 是DLL的名字 DWORD FirstThunk; } IMAGE_IMPORT_DESCRIPTOR; typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR; 3.遍历OriginalFirstThunk OriginalFirstThunk IMAGE_THUNK_DATA32 判断最高位是否为1 如果时 那么除去最高位的值 IMAGE_THUNK_DATA32 就是函数的导出序号 IMAGE_THUNK_DATA32 IMAGE_THUNK_DATA32 如果不是,那么这个值是一个RVA 指向 IMAGE_THUNK_DATA32 IMAGE_IMPORT_BY_NAME IMAGE_THUNK_DATA32 .. GetProcAddr(m,函数的名字或者导出序号); .. .. IMAGE_IMPORT_BY_NAME .. HIT NAME .. .. 00000000000000000 typedef struct _IMAGE_IMPORT_BY_NAME { WORD Hint; IMAGE_THUNK_DATA32 BYTE Name[1]; 结构数组 以0结尾 } IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; 宽度4字节 HIT 2字节 NAME 长度不定 以'\0'结尾 4、遍历FirstThunk FirstThunk IMAGE_THUNK_DATA32 判断最高位是否为1 如果时 那么除去最高位的值 IMAGE_THUNK_DATA32 就是函数的导出序号 IMAGE_THUNK_DATA32 IMAGE_THUNK_DATA32 如果不是,那么这个值是一个RVA 指向 IMAGE_THUNK_DATA32 IMAGE_IMPORT_BY_NAME IMAGE_THUNK_DATA32 .. .. .. IMAGE_IMPORT_BY_NAME .. HIT NAME .. .. 00000000000000000 IMAGE_THUNK_DATA32 结构数组 以0结尾 宽度4字节 HIT 2字节 NAME 长度不定 以'\0'结尾
打印导入表代码
//导入表打印 VOID LogImportTable(IN PVOID pFileBuffer) { PIMAGE_DOS_HEADER pDosHeader = NULL; PIMAGE_NT_HEADERS pNTHeader = NULL; PIMAGE_FILE_HEADER pPEHeader = NULL; PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL; PIMAGE_SECTION_HEADER pSectionHeader = NULL; PIMAGE_DATA_DIRECTORY pDataDirectory = NULL; PIMAGE_DATA_DIRECTORY pDataDirectory_ImportTable = NULL; PIMAGE_IMPORT_DESCRIPTOR pImportTable = NULL; PIMAGE_IMPORT_BY_NAME pImportByName = NULL; PIMAGE_THUNK_DATA pOriginalFirstThunk = NULL; PIMAGE_THUNK_DATA pFirstThunk = NULL; if (pFileBuffer == NULL) { printf("FileBuffer获取失败!\r\n"); return; } //判断是否是有效的MZ标志 if (*((PWORD)pFileBuffer) != IMAGE_DOS_SIGNATURE) { printf("无效的MZ标识\r\n"); return; } pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer; //判断是否是有效的PE标志 if (*((PDWORD)((DWORD)pFileBuffer+pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE) { printf("无效的PE标记\r\n"); return; } //定位各种头 pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew); pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+0x04); pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER); pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader); pDataDirectory = (PIMAGE_DATA_DIRECTORY)pOptionHeader->DataDirectory; //根据可选PE头里面的数据目录这个数组准确定位到导入表位置,导入表是在数据目录的第二个位置,下面两种方式都可以 //pDataDirectory_ImportTable = &pDataDirectory[1]; pDataDirectory_ImportTable = &pDataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]; if (!pDataDirectory_ImportTable->VirtualAddress) { printf("pDataDirectory_ImportTable 这个程序不存在导入表\r\n"); return; } //验证打印导出表RVA和FOA地址 printf("Import Table RVA: %#010x\r\n",pDataDirectory_ImportTable->VirtualAddress); DWORD FOA_ImportTable = RvaToFileOffset(pFileBuffer,pDataDirectory_ImportTable->VirtualAddress); printf("Import Table FOA: %#010x\r\n",FOA_ImportTable); //确认好FOA地址之后,开始指针偏移到文件的导入表位置 pImportTable = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD)pDosHeader+FOA_ImportTable); /* 下面就开始操作系统加载程序的整个流程,期间PE的加载过程: 1.对应的exe程序将其拉伸贴到内存中; 2.贴入各种所需要的dll文件,期间如果所申请的地址被占用,申请其他内存地址,再根据重定位表修改变量; 3.完成之后开始操作导入表利用IAT表和导出表提取dll函数地址; 4.这期间下面要做的事情就是第三步; typedef struct _IMAGE_IMPORT_DESCRIPTOR { union { DWORD Characteristics; DWORD OriginalFirstThunk; //RVA 指向IMAGE_THUNK_DATA结构数组 }; DWORD TimeDateStamp; //时间戳 DWORD ForwarderChain; DWORD Name; //RVA,指向dll名字,该名字已0结尾 DWORD FirstThunk; //RVA,指向IMAGE_THUNK_DATA结构数组 } IMAGE_IMPORT_DESCRIPTOR; typedef IMAGE_IMPORT_DESCRIPTOR UNALIGNED *PIMAGE_IMPORT_DESCRIPTOR; OriginalFirstThunk -- 指向的INT表,就是导入名称表,是结构体IMAGE_THUNK_DATA,里面是联合体 她里面最大的宽度是4个字节,就看出4个字节宽度即可 FirstThunk -- 指向的IAT表,就是导入地址表, */ //首先是遍历所有的dll模块,这里是基于导入表结构体中的Name字段进行操作; //下面使用while循环,终止条件就是Name是否等于0,因为如果为0,就表示已经到结尾了,结束了; while (pImportTable->Name != 0) { //准备打印dll模块,将导入表里面的Name的RVA地址转换为FOA地址 DWORD FOA_DllName = RvaToFileOffset(pFileBuffer,pImportTable->Name); //得到FOA地址,开始进行指针偏移 PDWORD FOA_pDllName = (PDWORD)((DWORD)pDosHeader+FOA_DllName); //开始打印dll模块 printf("%s\r\n",FOA_pDllName); //准备打印OriginalFirstThunk,这里同样是导入表里面OriginalFirstThunk的RVA地址转换为FOA地址 DWORD FOA_OriginalFirstThunk = RvaToFileOffset(pFileBuffer,pImportTable->OriginalFirstThunk); //得到FOA地址,继续进行指针偏移 PDWORD FOA_pOriginalFirstThunk = (PDWORD)((DWORD)pDosHeader+FOA_OriginalFirstThunk); //开始打印OriginalFirstThunk printf("****************************FOA_OriginalFirstThunk:%#010x*********************************\r\n",FOA_OriginalFirstThunk); //上面的操作完成之后只是进入了导入表第一层的FOA地址位置,下面开始进入导入表里面一层IMAGE_THUNK_DATA /* typedef struct _IMAGE_THUNK_DATA32 { union { call [0x412356] PBYTE ForwarderString; PDWORD Function; DWORD Ordinal; //序号 PIMAGE_IMPORT_BY_NAME AddressOfData; //指向IMAGE_IMPORT_BY_NAME } u1; } IMAGE_THUNK_DATA32; typedef IMAGE_THUNK_DATA32 * PIMAGE_THUNK_DATA32; typedef struct _IMAGE_IMPORT_BY_NAME { WORD Hint; //可能为空,编译器决定 如果不为空 是函数在导出表中的索引 BYTE Name[1]; //函数名称,以0结尾 } IMAGE_IMPORT_BY_NAME, *PIMAGE_IMPORT_BY_NAME; */ pOriginalFirstThunk = (PIMAGE_THUNK_DATA)FOA_pOriginalFirstThunk; //打印OriginalFirstThunk里面关于IMAGE_THUNK_DATA和IMAGE_IMPORT_BY_NAME while (*(PDWORD)pOriginalFirstThunk) { DWORD value = *(PDWORD)pOriginalFirstThunk; //这个IMAGE_ORDINAL_FLAG32 是预定义的0x80000000,这样就可以通过得到地址与32位的二进制最高位是1 //进行与的关系得出结果是最高位为0或者1,最后通过右移31位得出最终结果是否为0或者1 DWORD cntf = (value & IMAGE_ORDINAL_FLAG32) >> 31; //上面算法就是得出最高位如果是1,就以序号方式输入,否则最高位为0,以函数名称方式输入 if (cntf) { //输入序号 value -= IMAGE_ORDINAL_FLAG32; printf("Import Ordinal --> %#010x\r\n",value); } else { //输入名称 DWORD FOA_ImportByName = RvaToFileOffset(pFileBuffer,value); PDWORD FOA_pImportByName = (PDWORD)((DWORD)pDosHeader+FOA_ImportByName); pImportByName = (PIMAGE_IMPORT_BY_NAME)FOA_pImportByName; printf("Import Hint Name --> %#-028s Import Address --> %#010x\r\n",pImportByName->Name,pImportByName->Hint); } pOriginalFirstThunk++; } //打印FirstThunk //这里操作跟上面操作OriginalFirstThunk的方式是一样的 DWORD FOA_FirstThunk = RvaToFileOffset(pFileBuffer,pImportTable->FirstThunk); PDWORD FOA_pFirstThunk = (PDWORD)((DWORD)pDosHeader+FOA_FirstThunk); printf("****************************FOA_FirstThunk:%#010x*********************************\r\n",FOA_FirstThunk); pFirstThunk = (PIMAGE_THUNK_DATA)FOA_pFirstThunk; while (*(PDWORD)pFirstThunk) { DWORD value = *(PDWORD)pFirstThunk; DWORD cntf = (value & IMAGE_ORDINAL_FLAG32) >> 31; //上面算法同样是得出最高位如果是1,就以序号方式输入,否则最高位为0,以函数名称方式输入 if (cntf) { //输入序号 value -= IMAGE_ORDINAL_FLAG32; printf("Import Ordinal --> %#010x\r\n",value); } else { //输入名称 DWORD FOA_ImportByName = RvaToFileOffset(pFileBuffer,value); PDWORD FOA_pImportByName = (PDWORD)((DWORD)pDosHeader+FOA_ImportByName); pImportByName = (PIMAGE_IMPORT_BY_NAME)FOA_pImportByName; printf("Import Hint Name --> %#-028s Import Address --> %#010x\r\n",pImportByName->Name,pImportByName->Hint); } pFirstThunk++; } printf("\r\n"); pImportTable++; } }
执行结果
打印ipmsg.exe导入表
打印notepad.exe导入表
上述打印导入表的结果,确实程序在未运行前其INT表和IAT表存储的内容一样
对比上面打印ipmsg.exe和notepad.exe这两个程序发现,notepad.exe没有导出序号,就是没有FirstThunk
打印出来的结果
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8804 for 80x86 Copyright (C) Microsoft Corp 1984-1998. All rights reserved. pelx.cpp Microsoft (R) Incremental Linker Version 6.00.8447 Copyright (C) Microsoft Corp 1992-1998. All rights reserved. FileBuffer: 0x65000 exe->filebuffer 返回值为计算所得文件大小:0x65000 Import Table RVA: 0x000500d0 Import Table FOA: 0x000500d0 KERNEL32.dll ****************************FOA_OriginalFirstThunk:0x00050278********************************* Import Hint Name --> GetDiskFreeSpaceA Import Address --> 0x00000100 Import Hint Name --> GetVolumeInformationA Import Address --> 0x00000177 Import Hint Name --> GetCommandLineA Import Address --> 0x000000ca Import Hint Name --> lstrcmpiA Import Address --> 0x000002ff Import Hint Name --> GetSystemDefaultLCID Import Address --> 0x00000157 Import Hint Name --> GetDriveTypeA Import Address --> 0x00000104 Import Hint Name --> GetThreadLocale Import Address --> 0x00000168 Import Hint Name --> GetCurrentProcess Import Address --> 0x000000f7 Import Hint Name --> SetPriorityClass Import Address --> 0x00000277 Import Hint Name --> GlobalLock Import Address --> 0x0000018c Import Hint Name --> GlobalUnlock Import Address --> 0x00000193 Import Hint Name --> SetFileTime Import Address --> 0x0000026c Import Hint Name --> SuspendThread Import Address --> 0x00000298 Import Hint Name --> ResumeThread Import Address --> 0x0000022c Import Hint Name --> LocalFree Import Address --> 0x000001cc Import Hint Name --> Sleep Import Address --> 0x00000296 Import Hint Name --> GetComputerNameW Import Address --> 0x000000cf Import Hint Name --> GetModuleHandleA Import Address --> 0x00000126 Import Hint Name --> GetProcAddress Import Address --> 0x0000013e Import Hint Name --> GetSystemTime Import Address --> 0x0000015d Import Hint Name --> SystemTimeToFileTime Import Address --> 0x0000029b Import Hint Name --> GetStartupInfoA Import Address --> 0x00000150 Import Hint Name --> SetThreadLocale Import Address --> 0x00000286 Import Hint Name --> SetUnhandledExceptionFilter Import Address --> 0x0000028b Import Hint Name --> GetLastError Import Address --> 0x0000011a Import Hint Name --> IsDBCSLeadByte Import Address --> 0x000001b9 Import Hint Name --> VirtualFree Import Address --> 0x000002bf Import Hint Name --> VirtualAlloc Import Address --> 0x000002bb Import Hint Name --> GetVersion Import Address --> 0x00000174 Import Hint Name --> GetWindowsDirectoryW Import Address --> 0x0000017e Import Hint Name --> GetFileInformationByHandle Import Address --> 0x00000111 Import Hint Name --> FormatMessageW Import Address --> 0x000000b0 Import Hint Name --> GetFileAttributesW Import Address --> 0x00000110 Import Hint Name --> SetFileAttributesW Import Address --> 0x00000269 Import Hint Name --> FindFirstFileW Import Address --> 0x00000097 Import Hint Name --> FindNextFileW Import Address --> 0x0000009e Import Hint Name --> CreateFileW Import Address --> 0x00000037 Import Hint Name --> MoveFileW Import Address --> 0x000001e0 Import Hint Name --> RemoveDirectoryW Import Address --> 0x00000228 Import Hint Name --> DeleteFileW Import Address --> 0x00000058 Import Hint Name --> CreateDirectoryW Import Address --> 0x00000030 Import Hint Name --> SetCurrentDirectoryW Import Address --> 0x0000025e Import Hint Name --> GetModuleFileNameW Import Address --> 0x00000125 Import Hint Name --> GetCurrentDirectoryW Import Address --> 0x000000f6 Import Hint Name --> GetDiskFreeSpaceW Import Address --> 0x00000103 Import Hint Name --> GetDriveTypeW Import Address --> 0x00000105 Import Hint Name --> GetFullPathNameW Import Address --> 0x00000117 Import Hint Name --> GetVolumeInformationW Import Address --> 0x00000178 Import Hint Name --> GetCommandLineW Import Address --> 0x000000cb Import Hint Name --> LoadLibraryW Import Address --> 0x000001c5 Import Hint Name --> lstrcmpiW Import Address --> 0x00000300 Import Hint Name --> GetLocalTime Import Address --> 0x0000011b Import Hint Name --> MultiByteToWideChar Import Address --> 0x000001e4 Import Hint Name --> WideCharToMultiByte Import Address --> 0x000002d2 Import Hint Name --> FindClose Import Address --> 0x00000090 Import Hint Name --> ExitThread Import Address --> 0x0000007e Import Hint Name --> UnmapViewOfFile Import Address --> 0x000002b0 Import Hint Name --> GetFileSize Import Address --> 0x00000112 Import Hint Name --> CreateFileMappingA Import Address --> 0x00000035 Import Hint Name --> lstrlenW Import Address --> 0x00000309 Import Hint Name --> FormatMessageA Import Address --> 0x000000af Import Hint Name --> MapViewOfFile Import Address --> 0x000001d6 Import Hint Name --> IsBadReadPtr Import Address --> 0x000001b5 Import Hint Name --> GetFileAttributesA Import Address --> 0x0000010d Import Hint Name --> SetFileAttributesA Import Address --> 0x00000268 Import Hint Name --> FindFirstFileA Import Address --> 0x00000094 Import Hint Name --> FindNextFileA Import Address --> 0x0000009d Import Hint Name --> CreateFileA Import Address --> 0x00000034 Import Hint Name --> MoveFileA Import Address --> 0x000001dd Import Hint Name --> CreateDirectoryA Import Address --> 0x0000002d Import Hint Name --> RemoveDirectoryA Import Address --> 0x00000227 Import Hint Name --> DeleteFileA Import Address --> 0x00000057 Import Hint Name --> GetCurrentDirectoryA Import Address --> 0x000000f5 Import Hint Name --> SetCurrentDirectoryA Import Address --> 0x0000025d Import Hint Name --> GetModuleFileNameA Import Address --> 0x00000124 Import Hint Name --> GetTickCount Import Address --> 0x0000016d Import Hint Name --> CreateThread Import Address --> 0x0000004a Import Hint Name --> SetFilePointer Import Address --> 0x0000026a Import Hint Name --> WriteFile Import Address --> 0x000002df Import Hint Name --> CreateMutexA Import Address --> 0x0000003f Import Hint Name --> WaitForSingleObject Import Address --> 0x000002ce Import Hint Name --> ReleaseMutex Import Address --> 0x00000225 Import Hint Name --> CloseHandle Import Address --> 0x0000001b Import Hint Name --> ExitProcess Import Address --> 0x0000007d Import Hint Name --> LoadLibraryA Import Address --> 0x000001c2 Import Hint Name --> GetFullPathNameA Import Address --> 0x00000116 Import Hint Name --> lstrlenA Import Address --> 0x00000308 ****************************FOA_FirstThunk:0x000460a4********************************* Import Hint Name --> GetDiskFreeSpaceA Import Address --> 0x00000100 Import Hint Name --> GetVolumeInformationA Import Address --> 0x00000177 Import Hint Name --> GetCommandLineA Import Address --> 0x000000ca Import Hint Name --> lstrcmpiA Import Address --> 0x000002ff Import Hint Name --> GetSystemDefaultLCID Import Address --> 0x00000157 Import Hint Name --> GetDriveTypeA Import Address --> 0x00000104 Import Hint Name --> GetThreadLocale Import Address --> 0x00000168 Import Hint Name --> GetCurrentProcess Import Address --> 0x000000f7 Import Hint Name --> SetPriorityClass Import Address --> 0x00000277 Import Hint Name --> GlobalLock Import Address --> 0x0000018c Import Hint Name --> GlobalUnlock Import Address --> 0x00000193 Import Hint Name --> SetFileTime Import Address --> 0x0000026c Import Hint Name --> SuspendThread Import Address --> 0x00000298 Import Hint Name --> ResumeThread Import Address --> 0x0000022c Import Hint Name --> LocalFree Import Address --> 0x000001cc Import Hint Name --> Sleep Import Address --> 0x00000296 Import Hint Name --> GetComputerNameW Import Address --> 0x000000cf Import Hint Name --> GetModuleHandleA Import Address --> 0x00000126 Import Hint Name --> GetProcAddress Import Address --> 0x0000013e Import Hint Name --> GetSystemTime Import Address --> 0x0000015d Import Hint Name --> SystemTimeToFileTime Import Address --> 0x0000029b Import Hint Name --> GetStartupInfoA Import Address --> 0x00000150 Import Hint Name --> SetThreadLocale Import Address --> 0x00000286 Import Hint Name --> SetUnhandledExceptionFilter Import Address --> 0x0000028b Import Hint Name --> GetLastError Import Address --> 0x0000011a Import Hint Name --> IsDBCSLeadByte Import Address --> 0x000001b9 Import Hint Name --> VirtualFree Import Address --> 0x000002bf Import Hint Name --> VirtualAlloc Import Address --> 0x000002bb Import Hint Name --> GetVersion Import Address --> 0x00000174 Import Hint Name --> GetWindowsDirectoryW Import Address --> 0x0000017e Import Hint Name --> GetFileInformationByHandle Import Address --> 0x00000111 Import Hint Name --> FormatMessageW Import Address --> 0x000000b0 Import Hint Name --> GetFileAttributesW Import Address --> 0x00000110 Import Hint Name --> SetFileAttributesW Import Address --> 0x00000269 Import Hint Name --> FindFirstFileW Import Address --> 0x00000097 Import Hint Name --> FindNextFileW Import Address --> 0x0000009e Import Hint Name --> CreateFileW Import Address --> 0x00000037 Import Hint Name --> MoveFileW Import Address --> 0x000001e0 Import Hint Name --> RemoveDirectoryW Import Address --> 0x00000228 Import Hint Name --> DeleteFileW Import Address --> 0x00000058 Import Hint Name --> CreateDirectoryW Import Address --> 0x00000030 Import Hint Name --> SetCurrentDirectoryW Import Address --> 0x0000025e Import Hint Name --> GetModuleFileNameW Import Address --> 0x00000125 Import Hint Name --> GetCurrentDirectoryW Import Address --> 0x000000f6 Import Hint Name --> GetDiskFreeSpaceW Import Address --> 0x00000103 Import Hint Name --> GetDriveTypeW Import Address --> 0x00000105 Import Hint Name --> GetFullPathNameW Import Address --> 0x00000117 Import Hint Name --> GetVolumeInformationW Import Address --> 0x00000178 Import Hint Name --> GetCommandLineW Import Address --> 0x000000cb Import Hint Name --> LoadLibraryW Import Address --> 0x000001c5 Import Hint Name --> lstrcmpiW Import Address --> 0x00000300 Import Hint Name --> GetLocalTime Import Address --> 0x0000011b Import Hint Name --> MultiByteToWideChar Import Address --> 0x000001e4 Import Hint Name --> WideCharToMultiByte Import Address --> 0x000002d2 Import Hint Name --> FindClose Import Address --> 0x00000090 Import Hint Name --> ExitThread Import Address --> 0x0000007e Import Hint Name --> UnmapViewOfFile Import Address --> 0x000002b0 Import Hint Name --> GetFileSize Import Address --> 0x00000112 Import Hint Name --> CreateFileMappingA Import Address --> 0x00000035 Import Hint Name --> lstrlenW Import Address --> 0x00000309 Import Hint Name --> FormatMessageA Import Address --> 0x000000af Import Hint Name --> MapViewOfFile Import Address --> 0x000001d6 Import Hint Name --> IsBadReadPtr Import Address --> 0x000001b5 Import Hint Name --> GetFileAttributesA Import Address --> 0x0000010d Import Hint Name --> SetFileAttributesA Import Address --> 0x00000268 Import Hint Name --> FindFirstFileA Import Address --> 0x00000094 Import Hint Name --> FindNextFileA Import Address --> 0x0000009d Import Hint Name --> CreateFileA Import Address --> 0x00000034 Import Hint Name --> MoveFileA Import Address --> 0x000001dd Import Hint Name --> CreateDirectoryA Import Address --> 0x0000002d Import Hint Name --> RemoveDirectoryA Import Address --> 0x00000227 Import Hint Name --> DeleteFileA Import Address --> 0x00000057 Import Hint Name --> GetCurrentDirectoryA Import Address --> 0x000000f5 Import Hint Name --> SetCurrentDirectoryA Import Address --> 0x0000025d Import Hint Name --> GetModuleFileNameA Import Address --> 0x00000124 Import Hint Name --> GetTickCount Import Address --> 0x0000016d Import Hint Name --> CreateThread Import Address --> 0x0000004a Import Hint Name --> SetFilePointer Import Address --> 0x0000026a Import Hint Name --> WriteFile Import Address --> 0x000002df Import Hint Name --> CreateMutexA Import Address --> 0x0000003f Import Hint Name --> WaitForSingleObject Import Address --> 0x000002ce Import Hint Name --> ReleaseMutex Import Address --> 0x00000225 Import Hint Name --> CloseHandle Import Address --> 0x0000001b Import Hint Name --> ExitProcess Import Address --> 0x0000007d Import Hint Name --> LoadLibraryA Import Address --> 0x000001c2 Import Hint Name --> GetFullPathNameA Import Address --> 0x00000116 Import Hint Name --> lstrlenA Import Address --> 0x00000308 USER32.dll ****************************FOA_OriginalFirstThunk:0x00050528********************************* Import Hint Name --> LoadAcceleratorsA Import Address --> 0x00000196 Import Hint Name --> SetTimer Import Address --> 0x00000252 Import Hint Name --> RegisterWindowMessageA Import Address --> 0x00000200 Import Hint Name --> MessageBoxA Import Address --> 0x000001be Import Hint Name --> KillTimer Import Address --> 0x00000195 Import Hint Name --> GetAsyncKeyState Import Address --> 0x000000e3 Import Hint Name --> GetMenuItemCount Import Address --> 0x00000122 Import Hint Name --> CreateMenu Import Address --> 0x00000057 Import Hint Name --> InvalidateRect Import Address --> 0x0000017a Import Hint Name --> MessageBeep Import Address --> 0x000001bd Import Hint Name --> DestroyMenu Import Address --> 0x0000008d Import Hint Name --> TrackPopupMenu Import Address --> 0x0000027c Import Hint Name --> GetMessagePos Import Address --> 0x0000012c Import Hint Name --> GetCursorPos Import Address --> 0x000000fc Import Hint Name --> GetSubMenu Import Address --> 0x00000142 Import Hint Name --> LoadMenuA Import Address --> 0x000001a6 Import Hint Name --> LoadCursorA Import Address --> 0x0000019a Import Hint Name --> LoadIconA Import Address --> 0x0000019e Import Hint Name --> SetForegroundWindow Import Address --> 0x00000230 Import Hint Name --> wsprintfA Import Address --> 0x000002ac Import Hint Name --> PostQuitMessage Import Address --> 0x000001e0 Import Hint Name --> FlashWindow Import Address --> 0x000000d9 Import Hint Name --> SetClassLongA Import Address --> 0x00000220 Import Hint Name --> SetDlgItemTextW Import Address --> 0x0000022d Import Hint Name --> GetParent Import Address --> 0x00000135 Import Hint Name --> GetDlgItem Import Address --> 0x00000102 Import Hint Name --> SendDlgItemMessageA Import Address --> 0x0000020f Import Hint Name --> GetWindowRect Import Address --> 0x0000015c Import Hint Name --> GetWindow Import Address --> 0x00000152 Import Hint Name --> SetCapture Import Address --> 0x0000021d Import Hint Name --> ScreenToClient Import Address --> 0x0000020a Import Hint Name --> ReleaseCapture Import Address --> 0x00000202 Import Hint Name --> UpdateWindow Import Address --> 0x00000291 Import Hint Name --> SetFocus Import Address --> 0x0000022f Import Hint Name --> CreatePopupMenu Import Address --> 0x00000058 Import Hint Name --> GetClientRect Import Address --> 0x000000f0 Import Hint Name --> BeginDeferWindowPos Import Address --> 0x0000000b Import Hint Name --> IsWindowEnabled Import Address --> 0x00000190 Import Hint Name --> DeferWindowPos Import Address --> 0x00000086 Import Hint Name --> EndDeferWindowPos Import Address --> 0x000000b8 Import Hint Name --> IsWindowVisible Import Address --> 0x00000192 Import Hint Name --> InvalidateRgn Import Address --> 0x0000017b Import Hint Name --> GetSysColor Import Address --> 0x00000143 Import Hint Name --> GetSystemMenu Import Address --> 0x00000145 Import Hint Name --> LoadBitmapA Import Address --> 0x00000198 Import Hint Name --> SendMessageA Import Address --> 0x00000214 Import Hint Name --> OpenClipboard Import Address --> 0x000001d3 Import Hint Name --> EnumClipboardFormats Import Address --> 0x000000be Import Hint Name --> CloseClipboard Import Address --> 0x0000003c Import Hint Name --> GetDesktopWindow Import Address --> 0x000000ff Import Hint Name --> GetDC Import Address --> 0x000000fd Import Hint Name --> ReleaseDC Import Address --> 0x00000203 Import Hint Name --> RegisterHotKey Import Address --> 0x000001fa Import Hint Name --> UnregisterHotKey Import Address --> 0x0000028e Import Hint Name --> SendMessageW Import Address --> 0x00000219 Import Hint Name --> IsIconic Import Address --> 0x0000018c Import Hint Name --> EnableWindow Import Address --> 0x000000b7 Import Hint Name --> ShowWindow Import Address --> 0x0000026a Import Hint Name --> GetWindowPlacement Import Address --> 0x0000015b Import Hint Name --> SetWindowPlacement Import Address --> 0x0000025a Import Hint Name --> CharLowerA Import Address --> 0x00000021 Import Hint Name --> CharUpperA Import Address --> 0x0000002f Import Hint Name --> ModifyMenuA Import Address --> 0x000001c4 Import Hint Name --> InsertMenuA Import Address --> 0x00000174 Import Hint Name --> CreateWindowExA Import Address --> 0x00000059 Import Hint Name --> FindWindowA Import Address --> 0x000000d5 Import Hint Name --> RegisterClassA Import Address --> 0x000001f2 Import Hint Name --> CallWindowProcA Import Address --> 0x00000016 Import Hint Name --> SetWindowLongA Import Address --> 0x00000258 Import Hint Name --> GetWindowLongA Import Address --> 0x00000156 Import Hint Name --> DialogBoxParamA Import Address --> 0x00000093 Import Hint Name --> CreateDialogParamA Import Address --> 0x0000004f Import Hint Name --> SetDlgItemTextA Import Address --> 0x0000022c Import Hint Name --> GetDlgItemTextA Import Address --> 0x00000104 Import Hint Name --> GetWindowTextLengthA Import Address --> 0x0000015f Import Hint Name --> SetWindowTextA Import Address --> 0x0000025e Import Hint Name --> GetWindowTextA Import Address --> 0x0000015e Import Hint Name --> CharUpperW Import Address --> 0x00000032 Import Hint Name --> CharLowerW Import Address --> 0x00000024 Import Hint Name --> ModifyMenuW Import Address --> 0x000001c5 Import Hint Name --> InsertMenuW Import Address --> 0x00000177 Import Hint Name --> CreateWindowExW Import Address --> 0x0000005a Import Hint Name --> FindWindowW Import Address --> 0x000000d8 Import Hint Name --> RegisterClassW Import Address --> 0x000001f5 Import Hint Name --> SetWindowLongW Import Address --> 0x00000259 Import Hint Name --> GetWindowLongW Import Address --> 0x00000157 Import Hint Name --> DialogBoxParamW Import Address --> 0x00000094 Import Hint Name --> CreateDialogParamW Import Address --> 0x00000050 Import Hint Name --> MessageBoxW Import Address --> 0x000001c3 Import Hint Name --> SendDlgItemMessageW Import Address --> 0x00000210 Import Hint Name --> PostMessageW Import Address --> 0x000001df Import Hint Name --> GetDlgItemTextW Import Address --> 0x00000105 Import Hint Name --> GetWindowTextLengthW Import Address --> 0x00000160 Import Hint Name --> SetWindowTextW Import Address --> 0x0000025f Import Hint Name --> GetWindowTextW Import Address --> 0x00000161 Import Hint Name --> AppendMenuW Import Address --> 0x00000008 Import Hint Name --> GetMenuStringW Import Address --> 0x00000129 Import Hint Name --> LoadStringW Import Address --> 0x000001ac Import Hint Name --> LoadStringA Import Address --> 0x000001ab Import Hint Name --> wsprintfW Import Address --> 0x000002ad Import Hint Name --> DispatchMessageA Import Address --> 0x00000095 Import Hint Name --> TranslateMessage Import Address --> 0x00000282 Import Hint Name --> GetMessageA Import Address --> 0x0000012a Import Hint Name --> DefWindowProcA Import Address --> 0x00000084 Import Hint Name --> PeekMessageA Import Address --> 0x000001dc Import Hint Name --> DestroyWindow Import Address --> 0x0000008e Import Hint Name --> IsWindow Import Address --> 0x0000018f Import Hint Name --> TranslateAcceleratorA Import Address --> 0x0000027f Import Hint Name --> GetDlgItemInt Import Address --> 0x00000103 Import Hint Name --> SetDlgItemInt Import Address --> 0x0000022b Import Hint Name --> CheckDlgButton Import Address --> 0x00000033 Import Hint Name --> IsDlgButtonChecked Import Address --> 0x0000018a Import Hint Name --> BringWindowToTop Import Address --> 0x0000000e Import Hint Name --> SetWindowPos Import Address --> 0x0000025b Import Hint Name --> SystemParametersInfoA Import Address --> 0x00000271 Import Hint Name --> AttachThreadInput Import Address --> 0x0000000a Import Hint Name --> GetWindowThreadProcessId Import Address --> 0x00000162 Import Hint Name --> GetForegroundWindow Import Address --> 0x00000108 Import Hint Name --> SetActiveWindow Import Address --> 0x0000021c Import Hint Name --> SetWindowWord Import Address --> 0x00000260 Import Hint Name --> GetWindowWord Import Address --> 0x00000163 Import Hint Name --> MoveWindow Import Address --> 0x000001c9 Import Hint Name --> IsDialogMessageA Import Address --> 0x00000188 Import Hint Name --> EndDialog Import Address --> 0x000000b9 Import Hint Name --> PostMessageA Import Address --> 0x000001de Import Hint Name --> CallWindowProcW Import Address --> 0x00000017 Import Hint Name --> SetCursor Import Address --> 0x00000226 Import Hint Name --> GetSystemMetrics Import Address --> 0x00000146 ****************************FOA_FirstThunk:0x00046354********************************* Import Hint Name --> LoadAcceleratorsA Import Address --> 0x00000196 Import Hint Name --> SetTimer Import Address --> 0x00000252 Import Hint Name --> RegisterWindowMessageA Import Address --> 0x00000200 Import Hint Name --> MessageBoxA Import Address --> 0x000001be Import Hint Name --> KillTimer Import Address --> 0x00000195 Import Hint Name --> GetAsyncKeyState Import Address --> 0x000000e3 Import Hint Name --> GetMenuItemCount Import Address --> 0x00000122 Import Hint Name --> CreateMenu Import Address --> 0x00000057 Import Hint Name --> InvalidateRect Import Address --> 0x0000017a Import Hint Name --> MessageBeep Import Address --> 0x000001bd Import Hint Name --> DestroyMenu Import Address --> 0x0000008d Import Hint Name --> TrackPopupMenu Import Address --> 0x0000027c Import Hint Name --> GetMessagePos Import Address --> 0x0000012c Import Hint Name --> GetCursorPos Import Address --> 0x000000fc Import Hint Name --> GetSubMenu Import Address --> 0x00000142 Import Hint Name --> LoadMenuA Import Address --> 0x000001a6 Import Hint Name --> LoadCursorA Import Address --> 0x0000019a Import Hint Name --> LoadIconA Import Address --> 0x0000019e Import Hint Name --> SetForegroundWindow Import Address --> 0x00000230 Import Hint Name --> wsprintfA Import Address --> 0x000002ac Import Hint Name --> PostQuitMessage Import Address --> 0x000001e0 Import Hint Name --> FlashWindow Import Address --> 0x000000d9 Import Hint Name --> SetClassLongA Import Address --> 0x00000220 Import Hint Name --> SetDlgItemTextW Import Address --> 0x0000022d Import Hint Name --> GetParent Import Address --> 0x00000135 Import Hint Name --> GetDlgItem Import Address --> 0x00000102 Import Hint Name --> SendDlgItemMessageA Import Address --> 0x0000020f Import Hint Name --> GetWindowRect Import Address --> 0x0000015c Import Hint Name --> GetWindow Import Address --> 0x00000152 Import Hint Name --> SetCapture Import Address --> 0x0000021d Import Hint Name --> ScreenToClient Import Address --> 0x0000020a Import Hint Name --> ReleaseCapture Import Address --> 0x00000202 Import Hint Name --> UpdateWindow Import Address --> 0x00000291 Import Hint Name --> SetFocus Import Address --> 0x0000022f Import Hint Name --> CreatePopupMenu Import Address --> 0x00000058 Import Hint Name --> GetClientRect Import Address --> 0x000000f0 Import Hint Name --> BeginDeferWindowPos Import Address --> 0x0000000b Import Hint Name --> IsWindowEnabled Import Address --> 0x00000190 Import Hint Name --> DeferWindowPos Import Address --> 0x00000086 Import Hint Name --> EndDeferWindowPos Import Address --> 0x000000b8 Import Hint Name --> IsWindowVisible Import Address --> 0x00000192 Import Hint Name --> InvalidateRgn Import Address --> 0x0000017b Import Hint Name --> GetSysColor Import Address --> 0x00000143 Import Hint Name --> GetSystemMenu Import Address --> 0x00000145 Import Hint Name --> LoadBitmapA Import Address --> 0x00000198 Import Hint Name --> SendMessageA Import Address --> 0x00000214 Import Hint Name --> OpenClipboard Import Address --> 0x000001d3 Import Hint Name --> EnumClipboardFormats Import Address --> 0x000000be Import Hint Name --> CloseClipboard Import Address --> 0x0000003c Import Hint Name --> GetDesktopWindow Import Address --> 0x000000ff Import Hint Name --> GetDC Import Address --> 0x000000fd Import Hint Name --> ReleaseDC Import Address --> 0x00000203 Import Hint Name --> RegisterHotKey Import Address --> 0x000001fa Import Hint Name --> UnregisterHotKey Import Address --> 0x0000028e Import Hint Name --> SendMessageW Import Address --> 0x00000219 Import Hint Name --> IsIconic Import Address --> 0x0000018c Import Hint Name --> EnableWindow Import Address --> 0x000000b7 Import Hint Name --> ShowWindow Import Address --> 0x0000026a Import Hint Name --> GetWindowPlacement Import Address --> 0x0000015b Import Hint Name --> SetWindowPlacement Import Address --> 0x0000025a Import Hint Name --> CharLowerA Import Address --> 0x00000021 Import Hint Name --> CharUpperA Import Address --> 0x0000002f Import Hint Name --> ModifyMenuA Import Address --> 0x000001c4 Import Hint Name --> InsertMenuA Import Address --> 0x00000174 Import Hint Name --> CreateWindowExA Import Address --> 0x00000059 Import Hint Name --> FindWindowA Import Address --> 0x000000d5 Import Hint Name --> RegisterClassA Import Address --> 0x000001f2 Import Hint Name --> CallWindowProcA Import Address --> 0x00000016 Import Hint Name --> SetWindowLongA Import Address --> 0x00000258 Import Hint Name --> GetWindowLongA Import Address --> 0x00000156 Import Hint Name --> DialogBoxParamA Import Address --> 0x00000093 Import Hint Name --> CreateDialogParamA Import Address --> 0x0000004f Import Hint Name --> SetDlgItemTextA Import Address --> 0x0000022c Import Hint Name --> GetDlgItemTextA Import Address --> 0x00000104 Import Hint Name --> GetWindowTextLengthA Import Address --> 0x0000015f Import Hint Name --> SetWindowTextA Import Address --> 0x0000025e Import Hint Name --> GetWindowTextA Import Address --> 0x0000015e Import Hint Name --> CharUpperW Import Address --> 0x00000032 Import Hint Name --> CharLowerW Import Address --> 0x00000024 Import Hint Name --> ModifyMenuW Import Address --> 0x000001c5 Import Hint Name --> InsertMenuW Import Address --> 0x00000177 Import Hint Name --> CreateWindowExW Import Address --> 0x0000005a Import Hint Name --> FindWindowW Import Address --> 0x000000d8 Import Hint Name --> RegisterClassW Import Address --> 0x000001f5 Import Hint Name --> SetWindowLongW Import Address --> 0x00000259 Import Hint Name --> GetWindowLongW Import Address --> 0x00000157 Import Hint Name --> DialogBoxParamW Import Address --> 0x00000094 Import Hint Name --> CreateDialogParamW Import Address --> 0x00000050 Import Hint Name --> MessageBoxW Import Address --> 0x000001c3 Import Hint Name --> SendDlgItemMessageW Import Address --> 0x00000210 Import Hint Name --> PostMessageW Import Address --> 0x000001df Import Hint Name --> GetDlgItemTextW Import Address --> 0x00000105 Import Hint Name --> GetWindowTextLengthW Import Address --> 0x00000160 Import Hint Name --> SetWindowTextW Import Address --> 0x0000025f Import Hint Name --> GetWindowTextW Import Address --> 0x00000161 Import Hint Name --> AppendMenuW Import Address --> 0x00000008 Import Hint Name --> GetMenuStringW Import Address --> 0x00000129 Import Hint Name --> LoadStringW Import Address --> 0x000001ac Import Hint Name --> LoadStringA Import Address --> 0x000001ab Import Hint Name --> wsprintfW Import Address --> 0x000002ad Import Hint Name --> DispatchMessageA Import Address --> 0x00000095 Import Hint Name --> TranslateMessage Import Address --> 0x00000282 Import Hint Name --> GetMessageA Import Address --> 0x0000012a Import Hint Name --> DefWindowProcA Import Address --> 0x00000084 Import Hint Name --> PeekMessageA Import Address --> 0x000001dc Import Hint Name --> DestroyWindow Import Address --> 0x0000008e Import Hint Name --> IsWindow Import Address --> 0x0000018f Import Hint Name --> TranslateAcceleratorA Import Address --> 0x0000027f Import Hint Name --> GetDlgItemInt Import Address --> 0x00000103 Import Hint Name --> SetDlgItemInt Import Address --> 0x0000022b Import Hint Name --> CheckDlgButton Import Address --> 0x00000033 Import Hint Name --> IsDlgButtonChecked Import Address --> 0x0000018a Import Hint Name --> BringWindowToTop Import Address --> 0x0000000e Import Hint Name --> SetWindowPos Import Address --> 0x0000025b Import Hint Name --> SystemParametersInfoA Import Address --> 0x00000271 Import Hint Name --> AttachThreadInput Import Address --> 0x0000000a Import Hint Name --> GetWindowThreadProcessId Import Address --> 0x00000162 Import Hint Name --> GetForegroundWindow Import Address --> 0x00000108 Import Hint Name --> SetActiveWindow Import Address --> 0x0000021c Import Hint Name --> SetWindowWord Import Address --> 0x00000260 Import Hint Name --> GetWindowWord Import Address --> 0x00000163 Import Hint Name --> MoveWindow Import Address --> 0x000001c9 Import Hint Name --> IsDialogMessageA Import Address --> 0x00000188 Import Hint Name --> EndDialog Import Address --> 0x000000b9 Import Hint Name --> PostMessageA Import Address --> 0x000001de Import Hint Name --> CallWindowProcW Import Address --> 0x00000017 Import Hint Name --> SetCursor Import Address --> 0x00000226 Import Hint Name --> GetSystemMetrics Import Address --> 0x00000146 GDI32.dll ****************************FOA_OriginalFirstThunk:0x00050244********************************* Import Hint Name --> GetTextExtentExPointW Import Address --> 0x0000016c Import Hint Name --> GetObjectA Import Address --> 0x0000014f Import Hint Name --> DeleteObject Import Address --> 0x00000053 Import Hint Name --> CreateFontIndirectA Import Address --> 0x00000037 Import Hint Name --> GetDeviceCaps Import Address --> 0x00000125 Import Hint Name --> CreateDIBitmap Import Address --> 0x00000030 Import Hint Name --> GetDIBits Import Address --> 0x00000124 ****************************FOA_FirstThunk:0x00046070********************************* Import Hint Name --> GetTextExtentExPointW Import Address --> 0x0000016c Import Hint Name --> GetObjectA Import Address --> 0x0000014f Import Hint Name --> DeleteObject Import Address --> 0x00000053 Import Hint Name --> CreateFontIndirectA Import Address --> 0x00000037 Import Hint Name --> GetDeviceCaps Import Address --> 0x00000125 Import Hint Name --> CreateDIBitmap Import Address --> 0x00000030 Import Hint Name --> GetDIBits Import Address --> 0x00000124 comdlg32.dll ****************************FOA_OriginalFirstThunk:0x00050798********************************* Import Hint Name --> GetOpenFileNameW Import Address --> 0x0000000a Import Hint Name --> GetOpenFileNameA Import Address --> 0x00000009 Import Hint Name --> GetSaveFileNameA Import Address --> 0x0000000b Import Hint Name --> ChooseFontA Import Address --> 0x00000002 Import Hint Name --> GetSaveFileNameW Import Address --> 0x0000000c ****************************FOA_FirstThunk:0x000465c4********************************* Import Hint Name --> GetOpenFileNameW Import Address --> 0x0000000a Import Hint Name --> GetOpenFileNameA Import Address --> 0x00000009 Import Hint Name --> GetSaveFileNameA Import Address --> 0x0000000b Import Hint Name --> ChooseFontA Import Address --> 0x00000002 Import Hint Name --> GetSaveFileNameW Import Address --> 0x0000000c ADVAPI32.dll ****************************FOA_OriginalFirstThunk:0x000501d4********************************* Import Hint Name --> RegEnumKeyExA Import Address --> 0x00000167 Import Hint Name --> RegCreateKeyExA Import Address --> 0x0000015f Import Hint Name --> RegOpenKeyExA Import Address --> 0x00000172 Import Hint Name --> RegQueryValueExA Import Address --> 0x0000017b Import Hint Name --> RegQueryValueA Import Address --> 0x0000017a Import Hint Name --> RegSetValueExA Import Address --> 0x00000186 Import Hint Name --> RegDeleteKeyA Import Address --> 0x00000162 Import Hint Name --> GetUserNameW Import Address --> 0x000000d8 Import Hint Name --> RegCloseKey Import Address --> 0x0000015b Import Hint Name --> RegCreateKeyExW Import Address --> 0x00000160 Import Hint Name --> RegOpenKeyExW Import Address --> 0x00000173 Import Hint Name --> RegQueryValueExW Import Address --> 0x0000017c Import Hint Name --> RegQueryValueW Import Address --> 0x0000017d Import Hint Name --> RegSetValueExW Import Address --> 0x00000187 Import Hint Name --> RegDeleteKeyW Import Address --> 0x00000163 Import Hint Name --> RegDeleteValueW Import Address --> 0x00000165 Import Hint Name --> RegEnumKeyExW Import Address --> 0x00000168 Import Hint Name --> RegEnumValueA Import Address --> 0x0000016a Import Hint Name --> RegDeleteValueA Import Address --> 0x00000164 Import Hint Name --> RegEnumValueW Import Address --> 0x0000016b ****************************FOA_FirstThunk:0x00046000********************************* Import Hint Name --> RegEnumKeyExA Import Address --> 0x00000167 Import Hint Name --> RegCreateKeyExA Import Address --> 0x0000015f Import Hint Name --> RegOpenKeyExA Import Address --> 0x00000172 Import Hint Name --> RegQueryValueExA Import Address --> 0x0000017b Import Hint Name --> RegQueryValueA Import Address --> 0x0000017a Import Hint Name --> RegSetValueExA Import Address --> 0x00000186 Import Hint Name --> RegDeleteKeyA Import Address --> 0x00000162 Import Hint Name --> GetUserNameW Import Address --> 0x000000d8 Import Hint Name --> RegCloseKey Import Address --> 0x0000015b Import Hint Name --> RegCreateKeyExW Import Address --> 0x00000160 Import Hint Name --> RegOpenKeyExW Import Address --> 0x00000173 Import Hint Name --> RegQueryValueExW Import Address --> 0x0000017c Import Hint Name --> RegQueryValueW Import Address --> 0x0000017d Import Hint Name --> RegSetValueExW Import Address --> 0x00000187 Import Hint Name --> RegDeleteKeyW Import Address --> 0x00000163 Import Hint Name --> RegDeleteValueW Import Address --> 0x00000165 Import Hint Name --> RegEnumKeyExW Import Address --> 0x00000168 Import Hint Name --> RegEnumValueA Import Address --> 0x0000016a Import Hint Name --> RegDeleteValueA Import Address --> 0x00000164 Import Hint Name --> RegEnumValueW Import Address --> 0x0000016b SHELL32.dll ****************************FOA_OriginalFirstThunk:0x000504f4********************************* Import Hint Name --> ExtractIconW Import Address --> 0x00000023 Import Hint Name --> SHGetMalloc Import Address --> 0x0000004b Import Hint Name --> DragFinish Import Address --> 0x00000012 Import Hint Name --> Shell_NotifyIconW Import Address --> 0x0000007a Import Hint Name --> DragQueryFileW Import Address --> 0x00000016 Import Hint Name --> ShellExecuteW Import Address --> 0x00000076 Import Hint Name --> ShellExecuteExW Import Address --> 0x00000075 Import Hint Name --> DragQueryFileA Import Address --> 0x00000014 Import Hint Name --> ShellExecuteA Import Address --> 0x00000072 Import Hint Name --> ShellExecuteExA Import Address --> 0x00000074 Import Hint Name --> SHGetPathFromIDListA Import Address --> 0x00000050 Import Hint Name --> SHBrowseForFolderA Import Address --> 0x00000039 ****************************FOA_FirstThunk:0x00046320********************************* Import Hint Name --> ExtractIconW Import Address --> 0x00000023 Import Hint Name --> SHGetMalloc Import Address --> 0x0000004b Import Hint Name --> DragFinish Import Address --> 0x00000012 Import Hint Name --> Shell_NotifyIconW Import Address --> 0x0000007a Import Hint Name --> DragQueryFileW Import Address --> 0x00000016 Import Hint Name --> ShellExecuteW Import Address --> 0x00000076 Import Hint Name --> ShellExecuteExW Import Address --> 0x00000075 Import Hint Name --> DragQueryFileA Import Address --> 0x00000014 Import Hint Name --> ShellExecuteA Import Address --> 0x00000072 Import Hint Name --> ShellExecuteExA Import Address --> 0x00000074 Import Hint Name --> SHGetPathFromIDListA Import Address --> 0x00000050 Import Hint Name --> SHBrowseForFolderA Import Address --> 0x00000039 ole32.dll ****************************FOA_OriginalFirstThunk:0x000507b0********************************* Import Hint Name --> CoUninitialize Import Address --> 0x00000053 Import Hint Name --> CoInitialize Import Address --> 0x0000002d Import Hint Name --> OleSetContainedObject Import Address --> 0x000000dd Import Hint Name --> OleDuplicateData Import Address --> 0x000000c3 Import Hint Name --> CoCreateInstance Import Address --> 0x0000000d Import Hint Name --> StgCreateDocfileOnILockBytes Import Address --> 0x000000fe Import Hint Name --> CreateILockBytesOnHGlobal Import Address --> 0x00000060 Import Hint Name --> ReleaseStgMedium Import Address --> 0x000000f0 Import Hint Name --> OleCreateStaticFromData Import Address --> 0x000000bf ****************************FOA_FirstThunk:0x000465dc********************************* Import Hint Name --> CoUninitialize Import Address --> 0x00000053 Import Hint Name --> CoInitialize Import Address --> 0x0000002d Import Hint Name --> OleSetContainedObject Import Address --> 0x000000dd Import Hint Name --> OleDuplicateData Import Address --> 0x000000c3 Import Hint Name --> CoCreateInstance Import Address --> 0x0000000d Import Hint Name --> StgCreateDocfileOnILockBytes Import Address --> 0x000000fe Import Hint Name --> CreateILockBytesOnHGlobal Import Address --> 0x00000060 Import Hint Name --> ReleaseStgMedium Import Address --> 0x000000f0 Import Hint Name --> OleCreateStaticFromData Import Address --> 0x000000bf COMCTL32.dll ****************************FOA_OriginalFirstThunk:0x00050228********************************* Import Hint Name --> ImageList_AddMasked Import Address --> 0x0000001e Import Hint Name --> ImageList_Add Import Address --> 0x0000001c Import Hint Name --> ImageList_Create Import Address --> 0x00000021 Import Hint Name --> ImageList_Destroy Import Address --> 0x00000022 Import Hint Name --> ImageList_SetOverlayImage Import Address --> 0x00000040 Import Ordinal --> 0x00000011 ****************************FOA_FirstThunk:0x00046054********************************* Import Hint Name --> ImageList_AddMasked Import Address --> 0x0000001e Import Hint Name --> ImageList_Add Import Address --> 0x0000001c Import Hint Name --> ImageList_Create Import Address --> 0x00000021 Import Hint Name --> ImageList_Destroy Import Address --> 0x00000022 Import Hint Name --> ImageList_SetOverlayImage Import Address --> 0x00000040 Import Ordinal --> 0x00000011 IMM32.dll ****************************FOA_OriginalFirstThunk:0x00050264********************************* Import Hint Name --> ImmGetOpenStatus Import Address --> 0x00000030 Import Hint Name --> ImmReleaseContext Import Address --> 0x0000004f Import Hint Name --> ImmSetOpenStatus Import Address --> 0x0000005e Import Hint Name --> ImmGetContext Import Address --> 0x0000001e ****************************FOA_FirstThunk:0x00046090********************************* Import Hint Name --> ImmGetOpenStatus Import Address --> 0x00000030 Import Hint Name --> ImmReleaseContext Import Address --> 0x0000004f Import Hint Name --> ImmSetOpenStatus Import Address --> 0x0000005e Import Hint Name --> ImmGetContext Import Address --> 0x0000001e WSOCK32.dll ****************************FOA_OriginalFirstThunk:0x00050738********************************* Import Ordinal --> 0x00000011 Import Ordinal --> 0x00000014 Import Ordinal --> 0x00000001 Import Ordinal --> 0x00000004 Import Ordinal --> 0x0000000e Import Ordinal --> 0x00000034 Import Ordinal --> 0x00000065 Import Ordinal --> 0x00000074 Import Ordinal --> 0x00000073 Import Ordinal --> 0x00000017 Import Ordinal --> 0x0000000b Import Ordinal --> 0x00000009 Import Ordinal --> 0x00000003 Import Ordinal --> 0x00000010 Import Ordinal --> 0x00000012 Import Ordinal --> 0x00000013 Import Ordinal --> 0x0000000a Import Ordinal --> 0x0000006f Import Ordinal --> 0x00000039 Import Ordinal --> 0x0000000d Import Ordinal --> 0x00000015 Import Ordinal --> 0x0000000c Import Ordinal --> 0x00000002 ****************************FOA_FirstThunk:0x00046564********************************* Import Ordinal --> 0x00000011 Import Ordinal --> 0x00000014 Import Ordinal --> 0x00000001 Import Ordinal --> 0x00000004 Import Ordinal --> 0x0000000e Import Ordinal --> 0x00000034 Import Ordinal --> 0x00000065 Import Ordinal --> 0x00000074 Import Ordinal --> 0x00000073 Import Ordinal --> 0x00000017 Import Ordinal --> 0x0000000b Import Ordinal --> 0x00000009 Import Ordinal --> 0x00000003 Import Ordinal --> 0x00000010 Import Ordinal --> 0x00000012 Import Ordinal --> 0x00000013 Import Ordinal --> 0x0000000a Import Ordinal --> 0x0000006f Import Ordinal --> 0x00000039 Import Ordinal --> 0x0000000d Import Ordinal --> 0x00000015 Import Ordinal --> 0x0000000c Import Ordinal --> 0x00000002 MSVCRT.dll ****************************FOA_OriginalFirstThunk:0x000503d8********************************* Import Hint Name --> _strcmpi Import Address --> 0x000001bd Import Hint Name --> _wcsdup Import Address --> 0x000001e9 Import Hint Name --> _strdup Import Address --> 0x000001bf Import Hint Name --> _stricmp Import Address --> 0x000001c1 Import Hint Name --> _controlfp Import Address --> 0x000000b7 Import Hint Name --> __set_app_type Import Address --> 0x00000081 Import Hint Name --> __p__fmode Import Address --> 0x0000006f Import Hint Name --> __p__commode Import Address --> 0x0000006a Import Hint Name --> _adjust_fdiv Import Address --> 0x0000009d Import Hint Name --> __setusermatherr Import Address --> 0x00000083 Import Hint Name --> _initterm Import Address --> 0x0000010f Import Hint Name --> __getmainargs Import Address --> 0x00000058 Import Hint Name --> _acmdln Import Address --> 0x0000008f Import Hint Name --> exit Import Address --> 0x00000249 Import Hint Name --> _XcptFilter Import Address --> 0x00000048 Import Hint Name --> _exit Import Address --> 0x000000d3 Import Hint Name --> ?terminate@@YAXXZ Import Address --> 0x0000002e Import Hint Name --> _except_handler3 Import Address --> 0x000000ca Import Hint Name --> ??2@YAPAXI@Z Import Address --> 0x0000000f Import Hint Name --> ??3@YAXPAX@Z Import Address --> 0x00000010 Import Hint Name --> __CxxFrameHandler Import Address --> 0x00000049 Import Hint Name --> free Import Address --> 0x0000025e Import Hint Name --> srand Import Address --> 0x000002b4 Import Hint Name --> strchr Import Address --> 0x000002b7 Import Hint Name --> atoi Import Address --> 0x0000023d Import Hint Name --> strncmp Import Address --> 0x000002c0 Import Hint Name --> sprintf Import Address --> 0x000002b2 Import Hint Name --> malloc Import Address --> 0x00000291 Import Hint Name --> strtoul Import Address --> 0x000002c9 Import Hint Name --> strrchr Import Address --> 0x000002c3 Import Hint Name --> atol Import Address --> 0x0000023e Import Hint Name --> strstr Import Address --> 0x000002c5 Import Hint Name --> memmove Import Address --> 0x00000298 Import Hint Name --> realloc Import Address --> 0x000002a7 Import Hint Name --> strpbrk Import Address --> 0x000002c2 Import Hint Name --> wcslen Import Address --> 0x000002e6 Import Hint Name --> rand Import Address --> 0x000002a6 Import Hint Name --> longjmp Import Address --> 0x00000290 Import Hint Name --> _setjmp3 Import Address --> 0x000001a8 Import Hint Name --> __CxxLongjmpUnwind Import Address --> 0x0000004a Import Hint Name --> wcschr Import Address --> 0x000002e0 Import Hint Name --> wcscpy Import Address --> 0x000002e3 Import Hint Name --> strcmp Import Address --> 0x000002b8 Import Hint Name --> _ftol Import Address --> 0x000000f1 Import Hint Name --> toupper Import Address --> 0x000002d4 Import Hint Name --> strtol Import Address --> 0x000002c8 Import Hint Name --> _snprintf Import Address --> 0x000001ae Import Hint Name --> floor Import Address --> 0x00000255 Import Hint Name --> modf Import Address --> 0x0000029b Import Hint Name --> frexp Import Address --> 0x00000260 Import Hint Name --> _CIpow Import Address --> 0x0000003b Import Hint Name --> gmtime Import Address --> 0x0000026e Import Hint Name --> fprintf Import Address --> 0x00000258 Import Hint Name --> _iob Import Address --> 0x00000113 Import Hint Name --> fwrite Import Address --> 0x00000266 Import Hint Name --> fflush Import Address --> 0x0000024f Import Hint Name --> atof Import Address --> 0x0000023c Import Hint Name --> fread Import Address --> 0x0000025d Import Hint Name --> strcpy Import Address --> 0x000002ba Import Hint Name --> strlen Import Address --> 0x000002be Import Hint Name --> _mbschr Import Address --> 0x00000158 Import Hint Name --> swprintf Import Address --> 0x000002cb Import Hint Name --> wcstol Import Address --> 0x000002f0 Import Hint Name --> wcstoul Import Address --> 0x000002f2 Import Hint Name --> wcsrchr Import Address --> 0x000002eb Import Hint Name --> _wcsnicmp Import Address --> 0x000001ee Import Hint Name --> wcscmp Import Address --> 0x000002e1 Import Hint Name --> _purecall Import Address --> 0x00000192 Import Hint Name --> _vsnprintf Import Address --> 0x000001e1 Import Hint Name --> _strnicmp Import Address --> 0x000001c5 ****************************FOA_FirstThunk:0x00046204********************************* Import Hint Name --> _strcmpi Import Address --> 0x000001bd Import Hint Name --> _wcsdup Import Address --> 0x000001e9 Import Hint Name --> _strdup Import Address --> 0x000001bf Import Hint Name --> _stricmp Import Address --> 0x000001c1 Import Hint Name --> _controlfp Import Address --> 0x000000b7 Import Hint Name --> __set_app_type Import Address --> 0x00000081 Import Hint Name --> __p__fmode Import Address --> 0x0000006f Import Hint Name --> __p__commode Import Address --> 0x0000006a Import Hint Name --> _adjust_fdiv Import Address --> 0x0000009d Import Hint Name --> __setusermatherr Import Address --> 0x00000083 Import Hint Name --> _initterm Import Address --> 0x0000010f Import Hint Name --> __getmainargs Import Address --> 0x00000058 Import Hint Name --> _acmdln Import Address --> 0x0000008f Import Hint Name --> exit Import Address --> 0x00000249 Import Hint Name --> _XcptFilter Import Address --> 0x00000048 Import Hint Name --> _exit Import Address --> 0x000000d3 Import Hint Name --> ?terminate@@YAXXZ Import Address --> 0x0000002e Import Hint Name --> _except_handler3 Import Address --> 0x000000ca Import Hint Name --> ??2@YAPAXI@Z Import Address --> 0x0000000f Import Hint Name --> ??3@YAXPAX@Z Import Address --> 0x00000010 Import Hint Name --> __CxxFrameHandler Import Address --> 0x00000049 Import Hint Name --> free Import Address --> 0x0000025e Import Hint Name --> srand Import Address --> 0x000002b4 Import Hint Name --> strchr Import Address --> 0x000002b7 Import Hint Name --> atoi Import Address --> 0x0000023d Import Hint Name --> strncmp Import Address --> 0x000002c0 Import Hint Name --> sprintf Import Address --> 0x000002b2 Import Hint Name --> malloc Import Address --> 0x00000291 Import Hint Name --> strtoul Import Address --> 0x000002c9 Import Hint Name --> strrchr Import Address --> 0x000002c3 Import Hint Name --> atol Import Address --> 0x0000023e Import Hint Name --> strstr Import Address --> 0x000002c5 Import Hint Name --> memmove Import Address --> 0x00000298 Import Hint Name --> realloc Import Address --> 0x000002a7 Import Hint Name --> strpbrk Import Address --> 0x000002c2 Import Hint Name --> wcslen Import Address --> 0x000002e6 Import Hint Name --> rand Import Address --> 0x000002a6 Import Hint Name --> longjmp Import Address --> 0x00000290 Import Hint Name --> _setjmp3 Import Address --> 0x000001a8 Import Hint Name --> __CxxLongjmpUnwind Import Address --> 0x0000004a Import Hint Name --> wcschr Import Address --> 0x000002e0 Import Hint Name --> wcscpy Import Address --> 0x000002e3 Import Hint Name --> strcmp Import Address --> 0x000002b8 Import Hint Name --> _ftol Import Address --> 0x000000f1 Import Hint Name --> toupper Import Address --> 0x000002d4 Import Hint Name --> strtol Import Address --> 0x000002c8 Import Hint Name --> _snprintf Import Address --> 0x000001ae Import Hint Name --> floor Import Address --> 0x00000255 Import Hint Name --> modf Import Address --> 0x0000029b Import Hint Name --> frexp Import Address --> 0x00000260 Import Hint Name --> _CIpow Import Address --> 0x0000003b Import Hint Name --> gmtime Import Address --> 0x0000026e Import Hint Name --> fprintf Import Address --> 0x00000258 Import Hint Name --> _iob Import Address --> 0x00000113 Import Hint Name --> fwrite Import Address --> 0x00000266 Import Hint Name --> fflush Import Address --> 0x0000024f Import Hint Name --> atof Import Address --> 0x0000023c Import Hint Name --> fread Import Address --> 0x0000025d Import Hint Name --> strcpy Import Address --> 0x000002ba Import Hint Name --> strlen Import Address --> 0x000002be Import Hint Name --> _mbschr Import Address --> 0x00000158 Import Hint Name --> swprintf Import Address --> 0x000002cb Import Hint Name --> wcstol Import Address --> 0x000002f0 Import Hint Name --> wcstoul Import Address --> 0x000002f2 Import Hint Name --> wcsrchr Import Address --> 0x000002eb Import Hint Name --> _wcsnicmp Import Address --> 0x000001ee Import Hint Name --> wcscmp Import Address --> 0x000002e1 Import Hint Name --> _purecall Import Address --> 0x00000192 Import Hint Name --> _vsnprintf Import Address --> 0x000001e1 Import Hint Name --> _strnicmp Import Address --> 0x000001c5 WINMM.dll ****************************FOA_OriginalFirstThunk:0x0005072c********************************* Import Hint Name --> PlaySoundW Import Address --> 0x0000000d Import Hint Name --> PlaySoundA Import Address --> 0x0000000c ****************************FOA_FirstThunk:0x00046558********************************* Import Hint Name --> PlaySoundW Import Address --> 0x0000000d Import Hint Name --> PlaySoundA Import Address --> 0x0000000c
迷茫的人生,需要不断努力,才能看清远方模糊的志向!
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
2020-09-28 Vulnhub-靶机-DIGITALWORLD.LOCAL: MERCY V2
2020-09-28 Upload-labs-09-10
2020-09-28 Upload-labs-07-08
2020-09-28 Upload-labs-04-06