filename | t.exe | |
---|---|---|
size | 259584 (0x3f600) | |
md5 | 2f6a22d6f91cdd5b0c2a6c26727e8cbf | |
type | PE32 executable (console) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xe0 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
name | va | vsize | raw size | flags | |
---|---|---|---|---|---|
.text | 0x1000 | 0x232fe | 0x23400 | R-X CODE | |
.data | 0x25000 | 0x3520 | 0x1200 | RW- IDATA | |
.rsrc | 0x29000 | 0x1aaa8 | 0x1ac00 | R-- IDATA |
Data Directory
type | name | size | cp | |
---|---|---|---|---|
STRING | #7 | 656 | 0 | |
STRING | #8 | 540 | 0 | |
STRING | #13 | 166 | 0 | |
STRING | #19 | 288 | 0 | |
STRING | #20 | 378 | 0 | |
STRING | #32 | 694 | 0 | |
STRING | #33 | 34 | 0 | |
STRING | #35 | 372 | 0 | |
STRING | #36 | 872 | 0 | |
STRING | #37 | 114 | 0 | |
STRING | #51 | 386 | 0 | |
VERSION | #1 | 928 | 0 | |
HTML | MOFFILE | 103020 | 0 |
id | lang | string |
---|---|---|
103 | 1033 | logfile`*`*`Event Trace log file to process. |
104 | 1033 | output`o`*`Text (CSV) output file. Default is dumpfile.csv. |
105 | 1033 | define`df`*`Microsoft specific event definition file. |
106 | 1033 | report`*`*`Text output report file. Default is workload.txt. |
108 | 1033 | realtime`rt`session_name`Real-time Event Trace Session data source. |
111 | 1033 | extended`ex`*`Extended format |
113 | 1033 | summary`*`*`Summary report text file (CSV) file. Default is summary.txt. |
114 | 1033 | merge`g`*`Merge Event Trace Session files into specified file. |
115 | 1033 | comp`int`*`Dump interpreted event structure into specified file. |
116 | 1033 | force`y`*`Answer yes to all questions without prompting. |
200 | 1033 | dumpfile.csv |
201 | 1033 | mofdata.guid |
202 | 1033 | workload.txt |
203 | 1033 | summary.txt |
204 | 1033 | merged.etl |
205 | 1033 | result.txt |
300 | 1033 | Input ---------------- |
301 | 1033 | Output ---------------- |
302 | 1033 | Error: A file specified is not an Event Trace Session (*.ets) file. |
303 | 1033 | Logger(s): |
304 | 1033 | File(s): |
305 | 1033 | Event Definitions: %1!s! |
306 | 1033 | Text (CSV): %1!s! |
307 | 1033 | Report: %1!s! |
308 | 1033 | Summary: %1!s! |
310 | 1033 | Resource |
311 | 1033 | Merged: %1!s! |
312 | 1033 | Interpreted MOF: %1!s! |
500 | 1033 | Tracerpt processes binary Event Trace Session log files or real-time streams from instrumented Event Trace providers and creates a report or a text (CSV) file describing the events generated. |
501 | 1033 | debug`d`level`Debug |
502 | 1033 | h`?`*`Displays context sensitive help. |
503 | 1033 | value |
504 | 1033 | filename |
505 | 1033 | [[hh:]mm:]ss |
506 | 1033 | date |
511 | 1033 | ini`config`*`Settings file containing command options. |
512 | 1033 | y |
550 | 1033 | Duplicate argument found for %1!s!: %2!s! |
551 | 1033 | Invalid syntax: |
552 | 1033 | Unknown parameter "%1!s!" |
553 | 1033 | and |
554 | 1033 | requires |
555 | 1033 | Missing parameter: |
556 | 1033 | Missing VERB%n |
557 | 1033 | Unknown |
558 | 1033 | Error: |
559 | 1033 | are mutually exclusive. |
560 | 1033 | VERB |
561 | 1033 | Verbs: |
562 | 1033 | [options] |
563 | 1033 | Parameters: |
564 | 1033 | %1!s!Options: |
565 | 1033 | Long Syntax Short Syntax |
566 | 1033 | Usage: |
567 | 1033 | Warning: Ignoring "%1!s!" assuming 24 hour format. |
568 | 1033 | The syntax of the command is incorrect. |
569 | 1033 | The file "%1!s!" already exists, overwrite? [y/n] |
570 | 1033 | Microsoft ® |
571 | 1033 | The command completed successfully. |
572 | 1033 | Default |
573 | 1033 | Note: Where [-] is listed, an extra - negates the option. For example --%1!s! turns off the -%1!s! option. |
575 | 1033 | Error: 0x%1!08x! |
576 | 1033 | Warning: 0x%1!08x! |
577 | 1033 | Warning: |
578 | 1033 | Examples: |
800 | 1033 | tracerpt logfile1.etl logfile2.etl -o -report |
801 | 1033 | tracerpt logfile.etl -o logdmp.csv -summary logdmp.txt -report logrpt.txt |
802 | 1033 | tracerpt -rt EVENT_SESSION_1 EVENT_SESSION_2 -o logfile.csv |
module_name | hint | ord | function_name |
---|---|---|---|
ADVAPI32.dll | 458 | RegCloseKey | |
ADVAPI32.dll | 494 | RegQueryValueExW | |
ADVAPI32.dll | 484 | RegOpenKeyExW | |
ADVAPI32.dll | 519 | RegisterTraceGuidsW | |
ADVAPI32.dll | 580 | StartTraceW | |
ADVAPI32.dll | 622 | TraceEvent | |
ADVAPI32.dll | 327 | LookupAccountSidA | |
ADVAPI32.dll | 328 | LookupAccountSidW | |
ADVAPI32.dll | 433 | OpenTraceW | |
ADVAPI32.dll | 438 | ProcessTrace | |
ADVAPI32.dll | 63 | CloseTrace | |
ADVAPI32.dll | 582 | StopTraceW | |
KERNEL32.dll | 204 | FindClose | |
KERNEL32.dll | 218 | FindNextFileW | |
KERNEL32.dll | 211 | FindFirstFileW | |
KERNEL32.dll | 812 | SetThreadLocale | |
KERNEL32.dll | 435 | GetSystemDefaultLCID | |
KERNEL32.dll | 302 | GetConsoleOutputCP | |
KERNEL32.dll | 460 | GetThreadLocale | |
KERNEL32.dll | 471 | GetUserDefaultUILanguage | |
KERNEL32.dll | 587 | LocalFree | |
KERNEL32.dll | 907 | WriteFile | |
KERNEL32.dll | 906 | WriteConsoleW | |
KERNEL32.dll | 350 | GetFileType | |
KERNEL32.dll | 236 | FormatMessageW | |
KERNEL32.dll | 376 | GetModuleHandleW | |
KERNEL32.dll | 372 | GetModuleFileNameW | |
KERNEL32.dll | 673 | ReadConsoleW | |
KERNEL32.dll | 612 | MultiByteToWideChar | |
KERNEL32.dll | 675 | ReadFile | |
KERNEL32.dll | 746 | SetConsoleMode | |
KERNEL32.dll | 300 | GetConsoleMode | |
KERNEL32.dll | 49 | CloseHandle | |
KERNEL32.dll | 82 | CreateFileW | |
KERNEL32.dll | 835 | SystemTimeToFileTime | |
KERNEL32.dll | 240 | FreeLibrary | |
KERNEL32.dll | 580 | LoadLibraryW | |
KERNEL32.dll | 130 | DeleteFileW | |
KERNEL32.dll | 596 | LockResource | |
KERNEL32.dll | 582 | LoadResource | |
KERNEL32.dll | 226 | FindResourceW | |
KERNEL32.dll | 657 | QueryPerformanceCounter | |
KERNEL32.dll | 465 | GetTickCount | |
KERNEL32.dll | 318 | GetCurrentThreadId | |
KERNEL32.dll | 316 | GetCurrentProcessId | |
KERNEL32.dll | 445 | GetSystemTimeAsFileTime | |
KERNEL32.dll | 838 | TerminateProcess | |
KERNEL32.dll | 315 | GetCurrentProcess | |
KERNEL32.dll | 855 | UnhandledExceptionFilter | |
KERNEL32.dll | 818 | SetUnhandledExceptionFilter | |
KERNEL32.dll | 475 | GetVersionExA | |
KERNEL32.dll | 182 | ExitProcess | |
KERNEL32.dll | 360 | GetLastError | |
KERNEL32.dll | 373 | GetModuleHandleA | |
KERNEL32.dll | 246 | GetACP | |
KERNEL32.dll | 394 | GetOEMCP | |
KERNEL32.dll | 253 | GetCPInfo | |
KERNEL32.dll | 371 | GetModuleFileNameA | |
KERNEL32.dll | 238 | FreeEnvironmentStringsA | |
KERNEL32.dll | 333 | GetEnvironmentStrings | |
KERNEL32.dll | 239 | FreeEnvironmentStringsW | |
KERNEL32.dll | 335 | GetEnvironmentStringsW | |
KERNEL32.dll | 265 | GetCommandLineA | |
KERNEL32.dll | 266 | GetCommandLineW | |
KERNEL32.dll | 783 | SetHandleCount | |
KERNEL32.dll | 428 | GetStartupInfoA | |
KERNEL32.dll | 518 | HeapDestroy | |
KERNEL32.dll | 516 | HeapCreate | |
KERNEL32.dll | 877 | VirtualFree | |
KERNEL32.dll | 894 | WideCharToMultiByte | |
KERNEL32.dll | 880 | VirtualProtect | |
KERNEL32.dll | 440 | GetSystemInfo | |
KERNEL32.dll | 882 | VirtualQuery | |
KERNEL32.dll | 563 | LCMapStringA | |
KERNEL32.dll | 564 | LCMapStringW | |
KERNEL32.dll | 708 | RtlUnwind | |
KERNEL32.dll | 538 | InterlockedExchange | |
KERNEL32.dll | 431 | GetStringTypeA | |
KERNEL32.dll | 434 | GetStringTypeW | |
KERNEL32.dll | 577 | LoadLibraryA | |
KERNEL32.dll | 874 | VirtualAlloc | |
KERNEL32.dll | 524 | HeapReAlloc | |
KERNEL32.dll | 774 | SetFilePointer | |
KERNEL32.dll | 363 | GetLocaleInfoA | |
KERNEL32.dll | 662 | RaiseException | |
KERNEL32.dll | 801 | SetStdHandle | |
KERNEL32.dll | 230 | FlushFileBuffers | |
KERNEL32.dll | 765 | SetEndOfFile | |
KERNEL32.dll | 830 | Sleep | |
KERNEL32.dll | 947 | lstrlenA | |
KERNEL32.dll | 194 | FileTimeToLocalFileTime | |
KERNEL32.dll | 195 | FileTimeToSystemTime | |
KERNEL32.dll | 787 | SetLastError | |
KERNEL32.dll | 186 | ExpandEnvironmentStringsW | |
KERNEL32.dll | 433 | GetStringTypeExW | |
KERNEL32.dll | 364 | GetLocaleInfoW | |
KERNEL32.dll | 754 | SetConsoleTextAttribute | |
KERNEL32.dll | 430 | GetStdHandle | |
KERNEL32.dll | 304 | GetConsoleScreenBufferInfo | |
KERNEL32.dll | 410 | GetProcessHeap | |
KERNEL32.dll | 514 | HeapAlloc | |
KERNEL32.dll | 520 | HeapFree | |
KERNEL32.dll | 407 | GetProcAddress | |
KERNEL32.dll | 769 | SetEvent | |
KERNEL32.dll | 948 | lstrlenW | |
KERNEL32.dll | 362 | GetLocalTime | |
VERSION.dll | 2 | GetFileVersionInfoSizeW | |
VERSION.dll | 3 | GetFileVersionInfoW | |
VERSION.dll | 13 | VerQueryValueW | |
USER32.dll | 457 | LoadStringW | |
USER32.dll | 51 | CharToOemW | |
USER32.dll | 729 | wsprintfW | |
RPCRT4.dll | 481 | UuidCreate | |
ole32.dll | 16 | CoCreateInstance | |
ole32.dll | 58 | CoInitialize | |
ole32.dll | 95 | CoSetProxyBlanket | |
OLEAUT32.dll | 24 | ||
OLEAUT32.dll | 9 | ||
OLEAUT32.dll | 2 | ||
OLEAUT32.dll | 20 | ||
OLEAUT32.dll | 19 | ||
OLEAUT32.dll | 23 | ||
OLEAUT32.dll | 6 | ||
OLEAUT32.dll | 25 | ||
OLEAUT32.dll | 8 | ||
OLEAUT32.dll | 12 | ||
OLEAUT32.dll | 16 | ||
ntdll.dll | 690 | RtlLeaveCriticalSection | |
ntdll.dll | 491 | RtlDeleteCriticalSection | |
ntdll.dll | 635 | RtlInitializeCriticalSection | |
ntdll.dll | 581 | RtlFreeUnicodeString | |
ntdll.dll | 812 | RtlStringFromGUID | |
ntdll.dll | 530 | RtlEnterCriticalSection | |
ntdll.dll | 399 | RtlAnsiCharToUnicodeChar |
StringTable 040904B0
CompanyName | Microsoft Corporation |
FileDescription | Event Trace Report Tool |
FileVersion | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) |
InternalName | TraceRpt.Exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | TraceRpt.Exe |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 5.1.2600.2180 |
VS_FIXEDFILEINFO
FileVersion | 5.1.2600.2180 |
ProductVersion | 5.1.2600.2180 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 1 |
FileSubtype | 0 |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] can't find file_offset of VA 0x250