Microsoft (R) COFF/PE Dumper Version 8.00.50727.42 Copyright (C) Microsoft Corporation. All rights reserved. Dump of file tiny.exe PE signature found File Type: EXECUTABLE IMAGE FILE HEADER VALUES 14C machine (x86) 3 number of sections 4545BD2E time date stamp Mon Oct 30 00:51:58 2006 0 file pointer to symbol table 0 number of symbols E0 size of optional header 103 characteristics Relocations stripped Executable 32 bit word machine OPTIONAL HEADER VALUES 10B magic # (PE32) 8.00 linker version 7000 size of code 4000 size of initialized data 0 size of uninitialized data 1225 entry point (00401225) 1000 base of code 8000 base of data 400000 image base (00400000 to 0040BFFF) 1000 section alignment 1000 file alignment 4.00 operating system version 0.00 image version 4.00 subsystem version 0 Win32 version C000 size of image 1000 size of headers 0 checksum 3 subsystem (Windows CUI) 0 DLL characteristics 100000 size of stack reserve 1000 size of stack commit 100000 size of heap reserve 1000 size of heap commit 0 loader flags 10 number of directories 0 [ 0] RVA [size] of Export Directory 94F4 [ 28] RVA [size] of Import Directory 0 [ 0] RVA [size] of Resource Directory 0 [ 0] RVA [size] of Exception Directory 0 [ 0] RVA [size] of Certificates Directory 0 [ 0] RVA [size] of Base Relocation Directory 0 [ 0] RVA [size] of Debug Directory 0 [ 0] RVA [size] of Architecture Directory 0 [ 0] RVA [size] of Global Pointer Directory 0 [ 0] RVA [size] of Thread Storage Directory 9200 [ 40] RVA [size] of Load Configuration Directory 0 [ 0] RVA [size] of Bound Import Directory 8000 [ F0] RVA [size] of Import Address Table Directory 0 [ 0] RVA [size] of Delay Import Directory 0 [ 0] RVA [size] of COM Descriptor Directory 0 [ 0] RVA [size] of Reserved Directory SECTION HEADER #1 .text name 60D4 virtual size 1000 virtual address (00401000 to 004070D3) 7000 size of raw data 1000 file pointer to raw data (00001000 to 00007FFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60000020 flags Code Execute Read SECTION HEADER #2 .rdata name 1A4C virtual size 8000 virtual address (00408000 to 00409A4B) 2000 size of raw data 8000 file pointer to raw data (00008000 to 00009FFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 40000040 flags Initialized Data Read Only Section contains the following imports: KERNEL32.dll 408000 Import Address Table 40951C Import Name Table 0 time date stamp 0 Index of first forwarder reference 110 GetCommandLineA 216 HeapFree 1E9 GetVersionExA 210 HeapAlloc 1A3 GetProcessHeap 1A0 GetProcAddress 17F GetModuleHandleA B9 ExitProcess 3A4 WriteFile 1B9 GetStdHandle 17D GetModuleFileNameA 36E UnhandledExceptionFilter F6 FreeEnvironmentStringsA 155 GetEnvironmentStrings F7 FreeEnvironmentStringsW 394 WideCharToMultiByte 171 GetLastError 157 GetEnvironmentStringsW 324 SetHandleCount 166 GetFileType 1B7 GetStartupInfoA 81 DeleteCriticalSection 365 TlsGetValue 363 TlsAlloc 366 TlsSetValue 364 TlsFree 22C InterlockedIncrement 328 SetLastError 146 GetCurrentThreadId 228 InterlockedDecrement 214 HeapDestroy 212 HeapCreate 383 VirtualFree 2A3 QueryPerformanceCounter 1DF GetTickCount 143 GetCurrentProcessId 1CA GetSystemTimeAsFileTime 251 LeaveCriticalSection 98 EnterCriticalSection 35E TerminateProcess 142 GetCurrentProcess 34A SetUnhandledExceptionFilter 239 IsDebuggerPresent 252 LoadLibraryA 223 InitializeCriticalSection 356 Sleep 104 GetCPInfo FD GetACP 193 GetOEMCP 381 VirtualAlloc 21A HeapReAlloc 2D7 RtlUnwind 21C HeapSize 275 MultiByteToWideChar 174 GetLocaleInfoA 244 LCMapStringA 245 LCMapStringW 1BA GetStringTypeA 1BD GetStringTypeW Section contains the following load config: 00000048 size 0 time date stamp 0.00 Version 0 GlobalFlags Clear 0 GlobalFlags Set 0 Critical Section Default Timeout 0 Decommit Free Block Threshold 0 Decommit Total Free Threshold 00000000 Lock Prefix Table 0 Maximum Allocation Size 0 Virtual Memory Threshold 0 Process Heap Flags 0 Process Affinity Mask 0 CSD Version 0000 Reserved 00000000 Edit list 0040AA58 Security Cookie 00409250 Safe Exception Handler Table 3 Safe Exception Handler Count Safe Exception Handler Table Address -------- 004025B0 00404F8C 0040664C SECTION HEADER #3 .data name 185C virtual size A000 virtual address (0040A000 to 0040B85B) 1000 size of raw data A000 file pointer to raw data (0000A000 to 0000AFFF) 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0000040 flags Initialized Data Read Write Summary 2000 .data 2000 .rdata 7000 .text