filenamemRGSS300.dll
size824320 (0xc9400)
md556629d3f4c272d6c3a2a28e7d90b0f6e
typePE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x5344
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xf0

Rich Header

lib idversiontimes used
9640351
1502041316
1493072967
109507273
1235072721
10328
13130729381
13230729144
146307291
148210221
145307291

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x4eb4fe70
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x2102
Magic0x10b
LinkerVersion9.0
SizeOfCode0xc9000
SizeOfInitializedData0x1000
SizeOfUninitializedData0x20a000
AddressOfEntryPoint0x2d24a0
BaseOfCode0x20b000
BaseOfData0x2d4000
ImageBase0x10000000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion5.0
ImageVersion0.0
SubsystemVersion5.0
Reserved10
SizeOfImage0x2d5000
SizeOfHeaders0x1000
CheckSum0
Subsystem2
DllCharacteristics0
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

UPX v2.00-V2.90 (Markus Oberhumer & Laszlo Molnar & John Reiser)

This file is packed with UPX. Analysis will be incomplete without unpacking.
We can unpack it for you.

»» Analyze unpacked file

Sections

namevavsizeraw sizeflags
UPX00x10000x20a0000RWX UDATA
UPX10x20b0000xc90000xc8200RWX IDATA
.rsrc0x2d40000x10000xe00RW- IDATA

Data Directory

typevasize
EXPORT0x2d49300x2dc
IMPORT0x2d46cc0x264
RESOURCE0x2d40000x6cc
EXCEPTION00
SECURITY00
BASERELOC0x2d4c0c0xc
DEBUG00
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG00
Bound_IAT00
IAT00
Delay_IAT00
CLR_Header00
typenamesizecp
DIALOG#2213501252
DIALOG#2229521252
DIALOG#22311681252
DIALOG#3213081252
DIALOG#3229641252
DIALOG#32310421252
STRING#134741252
STRING#142881252
STRING#191421252
STRING#204181252
ACCELERATORS#101241252
VERSION#16241252
MANIFEST#23461252
idlangstring
1920
10 eb 7e 61 77 4f bc 63  6e 72 e2 f3 f9 33 f9 0b  |..~awO.cnr...3..|
5e fa c0 47 7f ab e7 d8  4c 7e 68 10 a8 d0 8a 85  |^..G....L~h.....|
a4 3d ca fa 87 e3 d5 1b  4b 1d 3e e1 f8 66 5e 15  |.=......K.>..f^.|
4e 8d cc 00 c5 fe 5b 25  a9 c0 50 ff c7 ab 4b e1  |N.....[%..P...K.|
0e 39 f9 97 24 12 5b 80  15 e4 d3 11 4c d9 f7 b3  |.9..$.[.....L...|
51 8a 07 67 71 68 e3 89  cd dc 0c 81 bc 0f 97 73  |Q..gqh.........s|
ee 21 4e 86 27 aa 8f d8  5d 50 c8 af 04 c4 af aa  |.!N.'...]P......|
21 a3 07 77 35 a4 83 f8  88 51 9b 0d e6 1c 4a 66  |!..w5....Q....Jf|
8a 41 de bb 49 f4 25 8c  7b cd b1 9d 21 02 c4 75  |.A..I.%.{...!..u|
0d ee b7 a9 f9 1d 78 22  f5 42 8a 1f 91 cf a9 71  |......x".B.....q|
a8 16 f7 d3 88 6c ed f8  b5 c0 47 c7 9b ee 83 46  |.....l....G....F|
5a 24 f0 cc f9 22 8d 85  a7 42 b2 e6 d2 27 38 37  |Z$..."...B...'87|
18 f5 31 c9 32 c2 a6 67  a7 63 e5 04 8c 5d fa ab  |..1.2..g.c...]..|
2d c6 d9 ec c8 70 7e 75  63 d7 11 0e 0a 1e ea bb  |-....p~uc.......|
df c3 67 cd 50 45 3b 76  a1 b2 8a b8 38 b5 b7 cb  |..g.PE;v....8...|
df eb c9 8a c3 36 5a d0  89 d4 69 e2 51 23 91 1a  |.....6Z...i.Q#..|
9c 12 e8 90 a2 eb 8a 52  72 34 bc 06 5a 04 62 be  |.......Rr4..Z.b.|
9e 00 7c 9f 76 49 18 48  c5 25 4b af 4c 7d a3 dc  |..|.vI.H.%K.L}..|
9c 29 1a 84 fe cb 38 b1  87 02 1c 9a 4a 34 18 75  |.)....8.....J4.u|
c4 c7 ff 78 1f b9 f3 8f  ce 26 7b 71 e5 3d 23 d7  |...x.....&{q.=#.|
dc ee 75 66 97 eb 57 59  1d cf 2a 94 a2 94 4d 76  |..uf..WY..*...Mv|
bf 68 5a 44 87 6a e5 c7  5b b1 cb a0 89 e4 17 e1  |.hZD.j..[.......|
57 6e e7 20 0f af 2d c6  c1 d5 17 55 68 a8 d7 78  |Wn. ..-....Uh..x|
55 b3 fd 0c 3c 0b 54 04  99 1f 11 e4 01 1a e3 1b  |U...<.T.........|
14 e1 d1 2d 2b 42 ed 00  fe ec e1 cc 9c 58 95 90  |...-+B.......X..|
86 bf b9 42 58 95 ee 0f  84 21 81 2c 07 9f 2f a0  |...BX....!.,../.|
d6 66 85 29 6a 60 fd 07  b6 c7 0b c5 80 70 74 96  |.f.)j`.......pt.|
12 c2 7f df 2b d6 69 21  9b 15 4f 86 f1 be 37 a4  |....+.i!..O...7.|
47 91 75 b0 5d 06 35 75  87 3f e5 42 80 91 fa e0  |G.u.].5u.?.B....|
7c 07 a3 fd 56 98 fa 1e  2d 05                    ||...V...-.      |
2080
35 ec 0e f9 a8 57 11 95  7a 2d 5d a5 e6 22 27 b0  |5....W..z-].."'.|
2f 97 94 1c 8d ba 01 37  e4 10 0b cc e2 3c 4d 15  |/......7.....
2880
9b f3 96 5f 4a 6c 3f 13  d2 34 ee 5f 47 1d cb 3e  |..._Jl?..4._G..>|
f4 da 78 b2 71 b2 f7 ae  13 27 5f 1c 65 07 d4 5c  |..x.q....'_.e..\|
e6 db b9 90 1d 2b bb 34  4b 84 4d e5 ab f7 1f 04  |.....+.4K.M.....|
c5 fa 7f 92 6d 76 85 d7  72 f0 6b a9 9d 98 05 23  |....mv..r.k....#|
37 1a a7 79 68 95 fd 5d  c7 5a 64 42 69 89 eb 26  |7..yh..].ZdBi..&|
ef 0c a0 ff 82 88 d6 64  a1 29 00 a6 c5 50 64 c0  |.......d.)...Pd.|
30 9c e9 4d 6b d9 6b 8d  16 83 d0 b9 6b f7 71 6a  |0..Mk.k.....k.qj|
90 59 36 20 95 07 55 c7  98 fc e1 62 11 47 56 b4  |.Y6 ..U....b.GV.|
4f aa db 92 8f fe ee 3c  ef 25 d3 36 e6 34        |O......<.%.6.4  |
3040꽭㖅㭐冯Ḳ릠⯔묳ᴒµꙨ랰ર﮶嗤缉髧斔龪昸ﮎ컰莟畻쮳耾伺婵籦⎁隶໾뎎閛瀻쫓ሥ쁁軮鈢Ʌ举흦돡ⱗ宅柭喟팲妈ぶ猪죥骒齂沁檓哭엨ᓹ⯢矧曄梆໾ᯭ팕韺ᩰ謖줅獰憛⸸⟓욟Ɵ囡䤦麯㵛䘓ൈ聪撔㹱倪铐❛眮䃌ࠞ‚鵰䭉蝴볠績펖႕긦䪏髻钁䩞앃ꏪ讹䰹촕愎﹚廰봟Ꝭ뫟냍☻淂類ⴹ睈㊒鑼Ⰻꃰ峥뎒昫粕幤葖ߑ䔩؁ꆚⴺ⠂辦쨫胲먦턧ⷩꄧὅ氕㺙鬏ꉻ૜฻Ⴛ肴⟡孹ⰽᏵ헵ᢞ퀅ꡔ峛䄑汚뒧⨛簝ꤣힼᔻ臅傾臁舠籧ե쀴Ⅶ叄䄜᪤둚㨦嶰껀
module_namehintordfunction_name
KERNEL32.DLLLoadLibraryA
KERNEL32.DLLGetProcAddress
KERNEL32.DLLVirtualProtect
KERNEL32.DLLVirtualAlloc
KERNEL32.DLLVirtualFree
advapi32.dllRegCloseKey
comctl32.dllPropertySheetW
GDI32.dllBitBlt
msacm32.dllacmStreamOpen
ole32.dllCoInitialize
shell32.dllSHGetMalloc
user32.dllGetDC
winmm.dllmmioRead
ws2_32.dllsend
ordentry_vafunction_name
10x46b0RGSSAddRTPPath
20x3690RGSSAudioFinalize
30x35f0RGSSAudioInitialize
40x46d0RGSSClearRTPPath
50x40d0RGSSErrorMessage
60x40b0RGSSErrorType
70x3740RGSSEval
80x35e0RGSSFinalize
90x4700RGSSGC
100x36e0RGSSGameMain
110x3770RGSSGetBool
120x3820RGSSGetDouble
130x37a0RGSSGetInt
140x4100RGSSGetPathWithRTP
150x4690RGSSGetRTPPath
160x39e0RGSSGetStringACP
170x3b50RGSSGetStringUTF16
180x3990RGSSGetStringUTF8
190x3930RGSSGetSymbol
200x3890RGSSGetTable
210x35c0RGSSInitialize3
220x3c70RGSSSetString
230x3dd0RGSSSetStringACP
240x3f70RGSSSetStringUTF16
250x3d20RGSSSetStringUTF8
260x46e0RGSSSetupFonts
270x4230RGSSSetupRTP
module_nameRGSS300.dll
flags0
timestamp2011-11-05 09:14:24
version0.0
ordinal_base1
nFunctions27
nNames27
Names(27)0x2d49c4
Functions(27)0x2d4958
NameOrdinals(27)0x2d4a30

StringTable 040904b0

FileDescriptionRGSS3 Core
FileVersion3, 0, 0, 1
LegalCopyrightCopyright (C) 2011 Enterbrain, Inc. / Yoji Ojima
ProductNameRuby Game Scripting System
ProductVersion3, 0, 0, 1

VS_FIXEDFILEINFO

FileVersion3.0.0.1
ProductVersion3.0.0.1
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType2
FileSubtype0
offsetsizetypecomment
0824320DLL11/05/2011 09:14:24#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[!] string size(120352) > stringtable size(474). truncated to 472
[!] cannot convert "~awO\xBCcnr\xE2\xF3\xF93\xF9\v^\xFA"... to UTF-16
[!] string size(120938) > stringtable size(288). truncated to 286
[!] cannot convert "\x0E\xF9\xA8W\x11\x95z-]\xA5\xE6\"'\xB0/\x97"... to UTF-16
[!] string size(124726) > stringtable size(142). truncated to 140
[!] cannot convert "\x96_Jl?\x13\xD24\xEE_G\x1D\xCB>\xF4\xDA"... to UTF-16
[!] string size(15562) > stringtable size(418). truncated to 416