____ _ _ | _ \ _____ _| |__ (_)_ __ | | | |/ _ \ \/ / '_ \| | '_ \ | |_| | (_) > <| |_) | | | | | |____/ \___/_/\_\_.__/|_|_| |_|
Title:ot
Created:Sep 28th, 2020
Created by: Anonymous
Views: 251
Comments: 1
Username: Anonymous - (Login)
Please note that all posted information is publicly available and must follow our TOS.
// PE // Todos os nós da árvore abaixo usam o editor hexadecimal para modificar o arquivo PE // // 00000000 - 0000003F Cabeçalho DOS // // IMAGE_DOS_HEADER: // 00000000 - 00000001 5A4D = e_magic // 00000002 - 00000003 0090 = e_cblp // 00000004 - 00000005 0003 = e_cp // 00000006 - 00000007 0000 = e_crlc // 00000008 - 00000009 0004 = e_cparhdr // 0000000A - 0000000B 0000 = e_minalloc // 0000000C - 0000000D FFFF = e_maxalloc // 0000000E - 0000000F 0000 = e_ss // 00000010 - 00000011 00B8 = e_sp // 00000012 - 00000013 0000 = e_csum // 00000014 - 00000015 0000 = e_ip // 00000016 - 00000017 0000 = e_cs // 00000018 - 00000019 0040 = e_lfarlc // 0000001A - 0000001B 0000 = e_ovno // 0000001C - 0000001D 0000 = e_res[0] // 0000001E - 0000001F 0000 = e_res[1] // 00000020 - 00000021 0000 = e_res[2] // 00000022 - 00000023 0000 = e_res[3] // 00000024 - 00000025 0000 = e_oemid // 00000026 - 00000027 0000 = e_oeminfo // 00000028 - 00000029 0000 = e_res2[0] // 0000002A - 0000002B 0000 = e_res2[1] // 0000002C - 0000002D 0000 = e_res2[2] // 0000002E - 0000002F 0000 = e_res2[3] // 00000030 - 00000031 0000 = e_res2[4] // 00000032 - 00000033 0000 = e_res2[5] // 00000034 - 00000035 0000 = e_res2[6] // 00000036 - 00000037 0000 = e_res2[7] // 00000038 - 00000039 0000 = e_res2[8] // 0000003A - 0000003B 0000 = e_res2[9] // 0000003C - 0000003F 000000F0 = e_lfanew // // 000000F4 - 00000107 Cabeçalho do Arquivo // // IMAGE_FILE_HEADER: // 000000F4 - 000000F5 014C = Machine // 000000F6 - 000000F7 0004 = NumberOfSections // 000000F8 - 000000FB 5EF15549 = TimeDateStamp // 000000FC - 000000FF 00000000 = PointerToSymbolTable // 00000100 - 00000103 00000000 = NumberOfSymbols // 00000104 - 00000105 00E0 = SizeOfOptionalHeader // 00000106 - 00000107 2102 = Characteristics // // 00000108 - 000001E7 Cabeçalho Opcional (32-bit) // // IMAGE_OPTIONAL_HEADER32: // 00000108 - 00000109 010B = Magic // 0000010A - 0000010A 0E = MajorLinkerVersion // 0000010B - 0000010B 17 = MinorLinkerVersion // 0000010C - 0000010F 0001EC00 = SizeOfCode // 00000110 - 00000113 008A1800 = SizeOfInitializedData // 00000114 - 00000117 00000000 = SizeOfUninitializedData // 00000118 - 0000011B 0000482F = AddressOfEntryPoint // 0000011C - 0000011F 00001000 = BaseOfCode // 00000120 - 00000123 00020000 = BaseOfData // 00000124 - 00000127 10000000 = ImageBase // 00000128 - 0000012B 00001000 = SectionAlignment // 0000012C - 0000012F 00000200 = FileAlignment // 00000130 - 00000131 0006 = MajorOperatingSystemVersion // 00000132 - 00000133 0000 = MinorOperatingSystemVersion // 00000134 - 00000135 0000 = MajorImageVersion // 00000136 - 00000137 0000 = MinorImageVersion // 00000138 - 00000139 0006 = MajorSubsystemVersion // 0000013A - 0000013B 0000 = MinorSubsystemVersion // 0000013C - 0000013F 00000000 = Win32VersionValue // 00000140 - 00000143 008C2000 = SizeOfImage // 00000144 - 00000147 00000400 = SizeOfHeaders // 00000148 - 0000014B 00000000 = CheckSum // 0000014C - 0000014D 0002 = Subsystem // 0000014E - 0000014F 0140 = DllCharacteristics // 00000150 - 00000153 00100000 = SizeOfStackReserve // 00000154 - 00000157 00001000 = SizeOfStackCommit // 00000158 - 0000015B 00100000 = SizeOfHeapReserve // 0000015C - 0000015F 00001000 = SizeOfHeapCommit // 00000160 - 00000163 00000000 = LoaderFlags // 00000164 - 00000167 00000010 = NumberOfRvaAndSizes // 00000168 - 0000016B 00000000 = Export.VirtualAddress // 0000016C - 0000016F 00000000 = Export.Size // 00000170 - 00000173 000418A4 = Import.VirtualAddress // 00000174 - 00000177 000000C8 = Import.Size // 00000178 - 0000017B 00000000 = Resource.VirtualAddress // 0000017C - 0000017F 00000000 = Resource.Size // 00000180 - 00000183 00000000 = Exception.VirtualAddress // 00000184 - 00000187 00000000 = Exception.Size // 00000188 - 0000018B 00000000 = Security.VirtualAddress // 0000018C - 0000018F 00000000 = Security.Size // 00000190 - 00000193 008C1000 = Base Reloc.VirtualAddress // 00000194 - 00000197 00000914 = Base Reloc.Size // 00000198 - 0000019B 00041160 = Debug.VirtualAddress // 0000019C - 0000019F 00000038 = Debug.Size // 000001A0 - 000001A3 00000000 = Architecture.VirtualAddress // 000001A4 - 000001A7 00000000 = Architecture.Size // 000001A8 - 000001AB 00000000 = Global Ptr.VirtualAddress // 000001AC - 000001AF 00000000 = Global Ptr.Size // 000001B0 - 000001B3 0004123C = TLS.VirtualAddress // 000001B4 - 000001B7 00000018 = TLS.Size // 000001B8 - 000001BB 00041198 = Load Config.VirtualAddress // 000001BC - 000001BF 00000040 = Load Config.Size // 000001C0 - 000001C3 00000000 = Bound Import.VirtualAddress // 000001C4 - 000001C7 00000000 = Bound Import.Size // 000001C8 - 000001CB 00020000 = IAT.VirtualAddress // 000001CC - 000001CF 0000010C = IAT.Size // 000001D0 - 000001D3 00000000 = Delay Import.VirtualAddress // 000001D4 - 000001D7 00000000 = Delay Import.Size // 000001D8 - 000001DB 00000000 = .NET.VirtualAddress // 000001DC - 000001DF 00000000 = .NET.Size // 000001E0 - 000001E3 00000000 = Reserved15.VirtualAddress // 000001E4 - 000001E7 00000000 = Reserved15.Size // // 000001E8 - 0000020F Seção #0: .text // // IMAGE_SECTION_HEADER: // 000001E8 - 000001EF .text = Name // 000001F0 - 000001F3 0001EA65 = VirtualSize // 000001F4 - 000001F7 00001000 = VirtualAddress // 000001F8 - 000001FB 0001EC00 = SizeOfRawData // 000001FC - 000001FF 00000400 = PointerToRawData // 00000200 - 00000203 00000000 = PointerToRelocations // 00000204 - 00000207 00000000 = PointerToLinenumbers // 00000208 - 00000209 0000 = NumberOfRelocations // 0000020A - 0000020B 0000 = NumberOfLinenumbers // 0000020C - 0000020F 60000020 = Characteristics // // 00000210 - 00000237 Seção #1: .rdata // // IMAGE_SECTION_HEADER: // 00000210 - 00000217 .rdata = Name // 00000218 - 0000021B 00021FDE = VirtualSize // 0000021C - 0000021F 00020000 = VirtualAddress // 00000220 - 00000223 00022000 = SizeOfRawData // 00000224 - 00000227 0001F000 = PointerToRawData // 00000228 - 0000022B 00000000 = PointerToRelocations // 0000022C - 0000022F 00000000 = PointerToLinenumbers // 00000230 - 00000231 0000 = NumberOfRelocations // 00000232 - 00000233 0000 = NumberOfLinenumbers // 00000234 - 00000237 40000040 = Characteristics // // 00000238 - 0000025F Seção #2: .data // // IMAGE_SECTION_HEADER: // 00000238 - 0000023F .data = Name // 00000240 - 00000243 0087ED24 = VirtualSize // 00000244 - 00000247 00042000 = VirtualAddress // 00000248 - 0000024B 0087CC00 = SizeOfRawData // 0000024C - 0000024F 00041000 = PointerToRawData // 00000250 - 00000253 00000000 = PointerToRelocations // 00000254 - 00000257 00000000 = PointerToLinenumbers // 00000258 - 00000259 0000 = NumberOfRelocations // 0000025A - 0000025B 0000 = NumberOfLinenumbers // 0000025C - 0000025F C0000040 = Characteristics // // 00000260 - 00000287 Seção #3: .reloc // // IMAGE_SECTION_HEADER: // 00000260 - 00000267 .reloc = Name // 00000268 - 0000026B 00000914 = VirtualSize // 0000026C - 0000026F 008C1000 = VirtualAddress // 00000270 - 00000273 00000A00 = SizeOfRawData // 00000274 - 00000277 008BDC00 = PointerToRawData // 00000278 - 0000027B 00000000 = PointerToRelocations // 0000027C - 0000027F 00000000 = PointerToLinenumbers // 00000280 - 00000281 0000 = NumberOfRelocations // 00000282 - 00000283 0000 = NumberOfLinenumbers // 00000284 - 00000287 42000040 = Characteristics
4 years ago