----------DOS_HEADER---------- [IMAGE_DOS_HEADER] e_magic: 0x5A4D e_cblp: 0x90 e_cp: 0x3 e_crlc: 0x0 e_cparhdr: 0x4 e_minalloc: 0x0 e_maxalloc: 0xFFFF e_ss: 0x0 e_sp: 0xB8 e_csum: 0x0 e_ip: 0x0 e_cs: 0x0 e_lfarlc: 0x40 e_ovno: 0x0 e_res: e_oemid: 0x0 e_oeminfo: 0x0 e_res2: e_lfanew: 0x80 ----------NT_HEADERS---------- [IMAGE_NT_HEADERS] Signature: 0x4550 ----------FILE_HEADER---------- [IMAGE_FILE_HEADER] Machine: 0x14C NumberOfSections: 0x3 TimeDateStamp: 0x47314123 [Wed Nov 07 04:37:55 2007 UTC] PointerToSymbolTable: 0x0 NumberOfSymbols: 0x0 SizeOfOptionalHeader: 0xE0 Characteristics: 0x210E Flags: IMAGE_FILE_LOCAL_SYMS_STRIPPED, IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_DLL, IMAGE_FILE_LINE_NUMS_STRIPPED ----------OPTIONAL_HEADER---------- [IMAGE_OPTIONAL_HEADER] Magic: 0x10B MajorLinkerVersion: 0x8 MinorLinkerVersion: 0x0 SizeOfCode: 0x19F000 SizeOfInitializedData: 0x2000 SizeOfUninitializedData: 0x0 AddressOfEntryPoint: 0x1A032E BaseOfCode: 0x2000 BaseOfData: 0x1A2000 ImageBase: 0x10000000 SectionAlignment: 0x2000 FileAlignment: 0x1000 MajorOperatingSystemVersion: 0x4 MinorOperatingSystemVersion: 0x0 MajorImageVersion: 0x0 MinorImageVersion: 0x0 MajorSubsystemVersion: 0x4 MinorSubsystemVersion: 0x0 Reserved1: 0x0 SizeOfImage: 0x1A6000 SizeOfHeaders: 0x1000 CheckSum: 0x1A9FEE Subsystem: 0x3 DllCharacteristics: 0x540 SizeOfStackReserve: 0x100000 SizeOfStackCommit: 0x1000 SizeOfHeapReserve: 0x100000 SizeOfHeapCommit: 0x1000 LoaderFlags: 0x0 NumberOfRvaAndSizes: 0x10 DllCharacteristics: IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE, IMAGE_DLL_CHARACTERISTICS_NX_COMPAT, IMAGE_DLL_CHARACTERISTICS_NO_SEH ----------PE Sections---------- [IMAGE_SECTION_HEADER] Name: .text Misc: 0x19E334 Misc_PhysicalAddress: 0x19E334 Misc_VirtualSize: 0x19E334 VirtualAddress: 0x2000 SizeOfRawData: 0x19F000 PointerToRawData: 0x1000 PointerToRelocations: 0x0 PointerToLinenumbers: 0x0 NumberOfRelocations: 0x0 NumberOfLinenumbers: 0x0 Characteristics: 0x60000020 Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ Entropy: 5.530206 (Min=0.0, Max=8.0) MD5 hash: 8b6243a53b761f1c340d075296db2a89 SHA-1 hash: eda5511d7e0915ff36971ce9e3089caa03b956a7 [IMAGE_SECTION_HEADER] Name: .rsrc Misc: 0x5B8 Misc_PhysicalAddress: 0x5B8 Misc_VirtualSize: 0x5B8 VirtualAddress: 0x1A2000 SizeOfRawData: 0x1000 PointerToRawData: 0x1A0000 PointerToRelocations: 0x0 PointerToLinenumbers: 0x0 NumberOfRelocations: 0x0 NumberOfLinenumbers: 0x0 Characteristics: 0x40000040 Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ Entropy: 1.481805 (Min=0.0, Max=8.0) MD5 hash: c7ee9bab4d4dd220801b6ceba74c2bc7 SHA-1 hash: 40e44fa662413f184497a8b0f3bc5c9fa0feb196 [IMAGE_SECTION_HEADER] Name: .reloc Misc: 0xC Misc_PhysicalAddress: 0xC Misc_VirtualSize: 0xC VirtualAddress: 0x1A4000 SizeOfRawData: 0x1000 PointerToRawData: 0x1A1000 PointerToRelocations: 0x0 PointerToLinenumbers: 0x0 NumberOfRelocations: 0x0 NumberOfLinenumbers: 0x0 Characteristics: 0x42000040 Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ Entropy: 0.013127 (Min=0.0, Max=8.0) MD5 hash: 20dea9ae7c1eb02fcb6ac80cbf77a986 SHA-1 hash: 447bf40d19ef6343249011268dec75e00f4184e5 ----------Directories---------- [IMAGE_DIRECTORY_ENTRY_EXPORT] VirtualAddress: 0x0 Size: 0x0 [IMAGE_DIRECTORY_ENTRY_IMPORT] VirtualAddress: 0x1A02DC Size: 0x4F [IMAGE_DIRECTORY_ENTRY_RESOURCE] VirtualAddress: 0x1A2000 Size: 0x5B8 [IMAGE_DIRECTORY_ENTRY_EXCEPTION] VirtualAddress: 0x0 Size: 0x0 [IMAGE_DIRECTORY_ENTRY_SECURITY] VirtualAddress: 0x1A2000 Size: 0x2400 [IMAGE_DIRECTORY_ENTRY_BASERELOC] VirtualAddress: 0x1A4000 Size: 0xC [IMAGE_DIRECTORY_ENTRY_DEBUG] VirtualAddress: 0x1A0268 Size: 0x1C [IMAGE_DIRECTORY_ENTRY_COPYRIGHT] VirtualAddress: 0x0 Size: 0x0 [IMAGE_DIRECTORY_ENTRY_GLOBALPTR] VirtualAddress: 0x0 Size: 0x0 [IMAGE_DIRECTORY_ENTRY_TLS] VirtualAddress: 0x0 Size: 0x0 [IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG] VirtualAddress: 0x0 Size: 0x0 [IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT] VirtualAddress: 0x0 Size: 0x0 [IMAGE_DIRECTORY_ENTRY_IAT] VirtualAddress: 0x2000 Size: 0x8 [IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT] VirtualAddress: 0x0 Size: 0x0 [IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR] VirtualAddress: 0x2008 Size: 0x48 [IMAGE_DIRECTORY_ENTRY_RESERVED] VirtualAddress: 0x0 Size: 0x0 ----------Version Information---------- [VS_VERSIONINFO] Length: 0x3F8 ValueLength: 0x34 Type: 0x0 [VS_FIXEDFILEINFO] Signature: 0xFEEF04BD StrucVersion: 0x10000 FileVersionMS: 0x30005 FileVersionLS: 0x521E0008 ProductVersionMS: 0x30005 ProductVersionLS: 0x521E0008 FileFlagsMask: 0x3F FileFlags: 0x8 FileOS: 0x4 FileType: 0x2 FileSubtype: 0x0 FileDateMS: 0x0 FileDateLS: 0x0 [StringFileInfo] Length: 0x356 ValueLength: 0x0 Type: 0x1 [StringTable] Length: 0x332 ValueLength: 0x0 Type: 0x1 LangID: 040904B0 LegalCopyright: u'\xa9' Microsoft Corporation. All rights reserved. InternalName: mscorcfg.dll FileVersion: 3.5.21022.8 (RTM.021022-0800) CompanyName: Microsoft Corporation PrivateBuild: DDBLD634 Comments: Flavor=Retail ProductName: Microsoftu'\xae' .NET Framework ProductVersion: 3.5.21022.8 FileDescription: Unmanaged code to assist CLR Admin tool OriginalFilename: mscorcfg.dll [VarFileInfo] Length: 0x44 ValueLength: 0x0 Type: 0x1 [Var] Length: 0x24 ValueLength: 0x4 Type: 0x0 Translation: 0x0409 0x04b0 ----------Imported symbols---------- [IMAGE_IMPORT_DESCRIPTOR] OriginalFirstThunk: 0x1A0304 Characteristics: 0x1A0304 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC] ForwarderChain: 0x0 Name: 0x1A031E FirstThunk: 0x2000 mscoree.dll._CorDllMain Hint[0] ----------Resource directory---------- [IMAGE_RESOURCE_DIRECTORY] Characteristics: 0x0 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC] MajorVersion: 0x0 MinorVersion: 0x0 NumberOfNamedEntries: 0x0 NumberOfIdEntries: 0x2 Id: [0x5] (RT_DIALOG) [IMAGE_RESOURCE_DIRECTORY_ENTRY] Name: 0x5 OffsetToData: 0x80000020 [IMAGE_RESOURCE_DIRECTORY] Characteristics: 0x0 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC] MajorVersion: 0x0 MinorVersion: 0x0 NumberOfNamedEntries: 0x2 NumberOfIdEntries: 0x0 Name: [IDD_WFCWRAPPERPROP] [IMAGE_RESOURCE_DIRECTORY_ENTRY] Name: 0x800000D0 OffsetToData: 0x80000058 [IMAGE_RESOURCE_DIRECTORY] Characteristics: 0x0 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC] MajorVersion: 0x0 MinorVersion: 0x0 NumberOfNamedEntries: 0x0 NumberOfIdEntries: 0x1 [IMAGE_RESOURCE_DIRECTORY_ENTRY] Name: 0x409 OffsetToData: 0xA0 [IMAGE_RESOURCE_DATA_ENTRY] OffsetToData: 0x1A2120 Size: 0x4A CodePage: 0x0 Reserved: 0x0 Name: [IDD_WFCWRAPPERWIZARD] [IMAGE_RESOURCE_DIRECTORY_ENTRY] Name: 0x800000F6 OffsetToData: 0x80000070 [IMAGE_RESOURCE_DIRECTORY] Characteristics: 0x0 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC] MajorVersion: 0x0 MinorVersion: 0x0 NumberOfNamedEntries: 0x0 NumberOfIdEntries: 0x1 [IMAGE_RESOURCE_DIRECTORY_ENTRY] Name: 0x409 OffsetToData: 0xB0 [IMAGE_RESOURCE_DATA_ENTRY] OffsetToData: 0x1A2170 Size: 0x4A CodePage: 0x0 Reserved: 0x0 Id: [0x10] (RT_VERSION) [IMAGE_RESOURCE_DIRECTORY_ENTRY] Name: 0x10 OffsetToData: 0x80000040 [IMAGE_RESOURCE_DIRECTORY] Characteristics: 0x0 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC] MajorVersion: 0x0 MinorVersion: 0x0 NumberOfNamedEntries: 0x0 NumberOfIdEntries: 0x1 Id: [0x1] [IMAGE_RESOURCE_DIRECTORY_ENTRY] Name: 0x1 OffsetToData: 0x80000088 [IMAGE_RESOURCE_DIRECTORY] Characteristics: 0x0 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC] MajorVersion: 0x0 MinorVersion: 0x0 NumberOfNamedEntries: 0x0 NumberOfIdEntries: 0x1 [IMAGE_RESOURCE_DIRECTORY_ENTRY] Name: 0x409 OffsetToData: 0xC0 [IMAGE_RESOURCE_DATA_ENTRY] OffsetToData: 0x1A21C0 Size: 0x3F8 CodePage: 0x0 Reserved: 0x0 ----------Debug information---------- [IMAGE_DEBUG_DIRECTORY] Characteristics: 0x0 TimeDateStamp: 0x47314123 [Wed Nov 07 04:37:55 2007 UTC] MajorVersion: 0x0 MinorVersion: 0x0 Type: 0x2 SizeOfData: 0x25 AddressOfRawData: 0x1A0284 PointerToRawData: 0x19F284 Type: IMAGE_DEBUG_TYPE_CODEVIEW ----------Base relocations---------- [IMAGE_BASE_RELOCATION] VirtualAddress: 0x1A0000 SizeOfBlock: 0xC 001A0330h HIGHLOW 001A0000h ABSOLUTE