filename | fwmemmap.sys | |
---|---|---|
size | 7168 (0x1c00) | |
md5 | 64d1e19261c90c09e1b1f35d245c44e9 | |
type | PE32 executable (native) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xd8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Sections
Data Directory
module_name | hint | ord | function_name |
---|---|---|---|
ntoskrnl.exe | 459 | IoCreateSymbolicLink | |
ntoskrnl.exe | 449 | IoCreateDevice | |
ntoskrnl.exe | 469 | IoDeleteDevice | |
ntoskrnl.exe | 471 | IoDeleteSymbolicLink | |
ntoskrnl.exe | 807 | KeTickCount | |
ntoskrnl.exe | 642 | IofCompleteRequest | |
ntoskrnl.exe | 1902 | memcpy | |
ntoskrnl.exe | 1904 | memset | |
ntoskrnl.exe | 125 | ExFreePoolWithTag | |
ntoskrnl.exe | 1350 | RtlInitUnicodeString | |
ntoskrnl.exe | 103 | ExAllocatePoolWithTag | |
HAL.dll | 105 | x86BiosCall | |
HAL.dll | 107 | x86BiosReadMemory | |
HAL.dll | 104 | x86BiosAllocateBuffer | |
HAL.dll | 108 | x86BiosWriteMemory | |
HAL.dll | 106 | x86BiosFreeBuffer |
StringTable 040904B0
CompanyName | Geoff Chappell |
FileDescription | Firmware Memory Map Provider |
FileVersion | 1.0.0.0 built by: WinDDK |
InternalName | fwmemmap.sys |
LegalCopyright | Copyright (C) 2009. Geoff Chappell. All rights reserved. |
OriginalFilename | fwmemmap.sys |
ProductName | Firmware Memory Map Tool |
ProductVersion | 1.0.0.0 |
VS_FIXEDFILEINFO
FileVersion | 1.0.0.0 |
ProductVersion | 1.0.0.0 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 3 |
FileSubtype | 7 |
Signers (1)
issuer: /CN=My Own Testing Authority
serial: 30D43F0573AF32AC45202E65B68619D3
Certificates (1)
Certificate: Data: Version: 3 (0x2) Serial Number: 30:d4:3f:05:73:af:32:ac:45:20:2e:65:b6:86:19:d3 Signature Algorithm: md5WithRSAEncryption Issuer: CN=My Own Testing Authority Validity Not Before: Feb 12 06:45:23 2009 GMT Not After : Dec 31 23:59:59 2039 GMT Subject: CN=My Own Testing Authority Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (1024 bit) Modulus: 00:c7:80:34:94:50:d1:3a:39:62:ac:17:69:fb:ab: 76:5d:43:74:a5:13:16:e2:54:d9:59:87:c0:f1:bf: ed:8d:7a:62:c0:0d:b6:68:07:4a:4c:67:63:fb:1a: e6:59:a4:49:ae:85:7b:5e:61:19:7f:eb:3a:a0:56: 32:f9:18:f8:6f:ca:5e:c8:fb:03:da:52:54:65:f2: 4f:bb:61:4b:fd:32:cc:09:0c:52:93:be:20:9b:71: d6:97:39:44:e2:16:75:bc:18:93:33:bf:63:5e:f6: 78:cd:70:fb:6e:e0:79:6c:8e:75:1d:aa:99:8a:77: 79:49:e9:95:4e:5b:a6:4c:b9 Exponent: 65537 (0x10001) X509v3 extensions: 2.5.29.1: 0K...\.W.#.{%/.......%0#1!0...U....My Own Testing Authority..0.?.s.2.E .e.... Signature Algorithm: md5WithRSAEncryption 95:55:fc:af:74:03:cf:f6:32:fc:e3:e3:e1:98:5b:38:ba:fa: f0:61:75:da:7e:c0:9b:1e:3e:76:ac:cf:e1:30:90:d9:f5:a1: 9a:78:6d:48:8c:33:ca:a0:a5:41:bd:54:d6:60:e7:4b:36:ed: 7f:a6:6d:f6:b7:70:39:99:8c:3c:bb:82:f7:5f:18:52:7c:60: b7:ca:4f:64:44:cf:ba:38:24:8d:57:35:77:75:bd:6b:c6:8c: 35:81:72:85:d3:04:9c:72:8f:54:8b:ea:48:c7:c1:9a:2f:b9: 1a:1b:80:04:3c:14:b7:f4:f7:02:bf:f7:3e:91:e9:82:83:4d: da:b8
pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
b1 36 a0 39 da ff cf 20 a6 a7 83 4c cc 6a c6 1d |.6.9... ...L.j..| a2 6d ce 14 |.m.. |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- 30:D4:3F:05:73:AF:32:AC:45:20:2E:65:B6:86:19:D3
- RSA-MD5: nil
- CN: My Own Testing Authority
- 2009-02-12 06:45:23 UTC: 2039-12-31 23:59:59 UTC
- CN: My Own Testing Authority
- #5
- rsaEncryption: nil
- C7:80:34:94:50:D1:3A:39:62:AC:17:69:FB:AB:76:5D:
43:74:A5:13:16:E2:54:D9:59:87:C0:F1:BF:ED:8D:7A:
62:C0:0D:B6:68:07:4A:4C:67:63:FB:1A:E6:59:A4:49:
AE:85:7B:5E:61:19:7F:EB:3A:A0:56:32:F9:18:F8:6F:
CA:5E:C8:FB:03:DA:52:54:65:F2:4F:BB:61:4B:FD:32:
CC:09:0C:52:93:BE:20:9B:71:D6:97:39:44:E2:16:75:
BC:18:93:33:BF:63:5E:F6:78:CD:70:FB:6E:E0:79:6C:
8E:75:1D:AA:99:8A:77:79:49:E9:95:4E:5B:A6:4C:B9: 0x010001
- 2.5.29.1
aa 5c b9 57 a5 23 a7 7b 25 2f ad 1b ba 18 1c f2 |.\.W.#.{%/......|
- CN: My Own Testing Authority
30 d4 3f 05 73 af 32 ac 45 20 2e 65 b6 86 19 d3 |0.?.s.2.E .e....|
- RSA-MD5:
95 55 fc af 74 03 cf f6 32 fc e3 e3 e1 98 5b 38 |.U..t...2.....[8| ba fa f0 61 75 da 7e c0 9b 1e 3e 76 ac cf e1 30 |...au.~...>v...0| 90 d9 f5 a1 9a 78 6d 48 8c 33 ca a0 a5 41 bd 54 |.....xmH.3...A.T| d6 60 e7 4b 36 ed 7f a6 6d f6 b7 70 39 99 8c 3c |.`.K6...m..p9..<| bb 82 f7 5f 18 52 7c 60 b7 ca 4f 64 44 cf ba 38 |..._.R|`..OdD..8| 24 8d 57 35 77 75 bd 6b c6 8c 35 81 72 85 d3 04 |$.W5wu.k..5.r...| 9c 72 8f 54 8b ea 48 c7 c1 9a 2f b9 1a 1b 80 04 |.r.T..H.../.....| 3c 14 b7 f4 f7 02 bf f7 3e 91 e9 82 83 4d da b8 |<.......>....M..|
- 2
- 1
- #0
- CN: My Own Testing Authority
- 30:D4:3F:05:73:AF:32:AC:45:20:2E:65:B6:86:19:D3
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
33 7e dc 06 fe f5 e5 e2 ab 55 ee a9 ee 38 51 a1 |3~.......U...8Q.| b0 10 1b 35 |...5 |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
a8 f9 36 c8 42 a4 c2 86 32 7e 75 18 c4 b4 8c 9d |..6.B...2~u.....| 84 e1 10 2e 90 15 4e 2e 1a 9d 04 aa c3 56 06 5c |......N......V.\| c2 d1 04 f7 50 df 6d c0 f2 ae c2 77 f1 f1 e5 18 |....P.m....w....| 25 29 e7 eb a2 d3 ab 37 d5 e8 0e 61 4c 48 ae ff |%).....7...aLH..| 55 4f cd d8 b7 68 66 1b ee 17 8e b2 af 0a 03 d0 |UO...hf.........| 9c 03 ce eb ac 5d b4 0f 68 5c f1 4d b8 05 76 a9 |.....]..h\.M..v.| e5 d3 52 1c 2d b2 00 2b 29 c7 df 85 b7 3f 14 f6 |..R.-..+)....?..| d3 3e 0e 88 19 3d be d5 bf ad 68 26 97 72 d5 13 |.>...=....h&.r..|
- #0
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK