filenamet.exe
size259584 (0x3f600)
md52f6a22d6f91cdd5b0c2a6c26727e8cbf
typePE32 executable (console) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0xe0

Rich Header

lib idversiontimes used
93403517
10144
9640356
15403516
9440351
954035130
9040351

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

SignaturePE
Machine0x14c
NumberOfSections3
TimeDateStamp0x41107d99
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x10f
Magic0x10b
LinkerVersion7.10
SizeOfCode0x23400
SizeOfInitializedData0x1e200
SizeOfUninitializedData0
AddressOfEntryPoint0xafe6
BaseOfCode0x1000
BaseOfData0x25000
ImageBase0x1000000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion5.1
ImageVersion5.1
SubsystemVersion4.0
Reserved10
SizeOfImage0x44000
SizeOfHeaders0x400
CheckSum0x4e4aa
Subsystem3
DllCharacteristics0x8000
SizeOfStackReserve0x40000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Packer / Compiler

MS Visual C++ 7.0

Sections

namevavsizeraw sizeflags
.text0x10000x232fe0x23400R-X CODE
.data0x250000x35200x1200RW- IDATA
.rsrc0x290000x1aaa80x1ac00R-- IDATA

Data Directory

typevasize
EXPORT00
IMPORT0x236e00xb4
RESOURCE0x290000x1aaa8
EXCEPTION00
SECURITY00
BASERELOC00
DEBUG0x12400x1c
ARCHITECTURE00
GLOBALPTR00
TLS00
LOAD_CONFIG0x68f80x40
Bound_IAT0x2500xb0
IAT0x10000x238
Delay_IAT00
CLR_Header00
typenamesizecp
STRING#76560
STRING#85400
STRING#131660
STRING#192880
STRING#203780
STRING#326940
STRING#33340
STRING#353720
STRING#368720
STRING#371140
STRING#513860
VERSION#19280
HTMLMOFFILE1030200
idlangstring
1031033logfile`*`*`Event Trace log file to process.
1041033output`o`*`Text (CSV) output file. Default is dumpfile.csv.
1051033define`df`*`Microsoft specific event definition file.
1061033report`*`*`Text output report file. Default is workload.txt.
1081033realtime`rt`session_name`Real-time Event Trace Session data source.
1111033extended`ex`*`Extended format
1131033summary`*`*`Summary report text file (CSV) file. Default is summary.txt.
1141033merge`g`*`Merge Event Trace Session files into specified file.
1151033comp`int`*`Dump interpreted event structure into specified file.
1161033force`y`*`Answer yes to all questions without prompting.
2001033dumpfile.csv
2011033mofdata.guid
2021033workload.txt
2031033summary.txt
2041033merged.etl
2051033result.txt
3001033 Input ----------------
3011033 Output ----------------
3021033Error: A file specified is not an Event Trace Session (*.ets) file.
3031033Logger(s):
3041033File(s):
3051033Event Definitions: %1!s!
3061033Text (CSV): %1!s!
3071033Report: %1!s!
3081033Summary: %1!s!
3101033Resource
3111033Merged: %1!s!
3121033Interpreted MOF: %1!s!
5001033Tracerpt processes binary Event Trace Session log files or real-time streams from instrumented Event Trace providers and creates a report or a text (CSV) file describing the events generated.
5011033debug`d`level`Debug
5021033h`?`*`Displays context sensitive help.
5031033value
5041033filename
5051033[[hh:]mm:]ss
5061033date
5111033ini`config`*`Settings file containing command options.
5121033y
5501033Duplicate argument found for %1!s!: %2!s!
5511033Invalid syntax:
5521033Unknown parameter "%1!s!"
5531033and
5541033requires
5551033Missing parameter:
5561033Missing VERB%n
5571033Unknown
5581033 Error:
5591033are mutually exclusive.
5601033VERB
5611033Verbs:
5621033[options]
5631033Parameters:
5641033%1!s!Options:
5651033 Long Syntax Short Syntax
5661033Usage:
5671033Warning: Ignoring "%1!s!" assuming 24 hour format.
5681033 The syntax of the command is incorrect.
5691033The file "%1!s!" already exists, overwrite? [y/n]
5701033Microsoft ®
5711033The command completed successfully.
5721033Default
5731033 Note: Where [-] is listed, an extra - negates the option. For example --%1!s! turns off the -%1!s! option.
5751033 Error: 0x%1!08x!
5761033 Warning: 0x%1!08x!
5771033 Warning:
5781033 Examples:
8001033tracerpt logfile1.etl logfile2.etl -o -report
8011033tracerpt logfile.etl -o logdmp.csv -summary logdmp.txt -report logrpt.txt
8021033tracerpt -rt EVENT_SESSION_1 EVENT_SESSION_2 -o logfile.csv
module_namehintordfunction_name
ADVAPI32.dll458RegCloseKey
ADVAPI32.dll494RegQueryValueExW
ADVAPI32.dll484RegOpenKeyExW
ADVAPI32.dll519RegisterTraceGuidsW
ADVAPI32.dll580StartTraceW
ADVAPI32.dll622TraceEvent
ADVAPI32.dll327LookupAccountSidA
ADVAPI32.dll328LookupAccountSidW
ADVAPI32.dll433OpenTraceW
ADVAPI32.dll438ProcessTrace
ADVAPI32.dll63CloseTrace
ADVAPI32.dll582StopTraceW
KERNEL32.dll204FindClose
KERNEL32.dll218FindNextFileW
KERNEL32.dll211FindFirstFileW
KERNEL32.dll812SetThreadLocale
KERNEL32.dll435GetSystemDefaultLCID
KERNEL32.dll302GetConsoleOutputCP
KERNEL32.dll460GetThreadLocale
KERNEL32.dll471GetUserDefaultUILanguage
KERNEL32.dll587LocalFree
KERNEL32.dll907WriteFile
KERNEL32.dll906WriteConsoleW
KERNEL32.dll350GetFileType
KERNEL32.dll236FormatMessageW
KERNEL32.dll376GetModuleHandleW
KERNEL32.dll372GetModuleFileNameW
KERNEL32.dll673ReadConsoleW
KERNEL32.dll612MultiByteToWideChar
KERNEL32.dll675ReadFile
KERNEL32.dll746SetConsoleMode
KERNEL32.dll300GetConsoleMode
KERNEL32.dll49CloseHandle
KERNEL32.dll82CreateFileW
KERNEL32.dll835SystemTimeToFileTime
KERNEL32.dll240FreeLibrary
KERNEL32.dll580LoadLibraryW
KERNEL32.dll130DeleteFileW
KERNEL32.dll596LockResource
KERNEL32.dll582LoadResource
KERNEL32.dll226FindResourceW
KERNEL32.dll657QueryPerformanceCounter
KERNEL32.dll465GetTickCount
KERNEL32.dll318GetCurrentThreadId
KERNEL32.dll316GetCurrentProcessId
KERNEL32.dll445GetSystemTimeAsFileTime
KERNEL32.dll838TerminateProcess
KERNEL32.dll315GetCurrentProcess
KERNEL32.dll855UnhandledExceptionFilter
KERNEL32.dll818SetUnhandledExceptionFilter
KERNEL32.dll475GetVersionExA
KERNEL32.dll182ExitProcess
KERNEL32.dll360GetLastError
KERNEL32.dll373GetModuleHandleA
KERNEL32.dll246GetACP
KERNEL32.dll394GetOEMCP
KERNEL32.dll253GetCPInfo
KERNEL32.dll371GetModuleFileNameA
KERNEL32.dll238FreeEnvironmentStringsA
KERNEL32.dll333GetEnvironmentStrings
KERNEL32.dll239FreeEnvironmentStringsW
KERNEL32.dll335GetEnvironmentStringsW
KERNEL32.dll265GetCommandLineA
KERNEL32.dll266GetCommandLineW
KERNEL32.dll783SetHandleCount
KERNEL32.dll428GetStartupInfoA
KERNEL32.dll518HeapDestroy
KERNEL32.dll516HeapCreate
KERNEL32.dll877VirtualFree
KERNEL32.dll894WideCharToMultiByte
KERNEL32.dll880VirtualProtect
KERNEL32.dll440GetSystemInfo
KERNEL32.dll882VirtualQuery
KERNEL32.dll563LCMapStringA
KERNEL32.dll564LCMapStringW
KERNEL32.dll708RtlUnwind
KERNEL32.dll538InterlockedExchange
KERNEL32.dll431GetStringTypeA
KERNEL32.dll434GetStringTypeW
KERNEL32.dll577LoadLibraryA
KERNEL32.dll874VirtualAlloc
KERNEL32.dll524HeapReAlloc
KERNEL32.dll774SetFilePointer
KERNEL32.dll363GetLocaleInfoA
KERNEL32.dll662RaiseException
KERNEL32.dll801SetStdHandle
KERNEL32.dll230FlushFileBuffers
KERNEL32.dll765SetEndOfFile
KERNEL32.dll830Sleep
KERNEL32.dll947lstrlenA
KERNEL32.dll194FileTimeToLocalFileTime
KERNEL32.dll195FileTimeToSystemTime
KERNEL32.dll787SetLastError
KERNEL32.dll186ExpandEnvironmentStringsW
KERNEL32.dll433GetStringTypeExW
KERNEL32.dll364GetLocaleInfoW
KERNEL32.dll754SetConsoleTextAttribute
KERNEL32.dll430GetStdHandle
KERNEL32.dll304GetConsoleScreenBufferInfo
KERNEL32.dll410GetProcessHeap
KERNEL32.dll514HeapAlloc
KERNEL32.dll520HeapFree
KERNEL32.dll407GetProcAddress
KERNEL32.dll769SetEvent
KERNEL32.dll948lstrlenW
KERNEL32.dll362GetLocalTime
VERSION.dll2GetFileVersionInfoSizeW
VERSION.dll3GetFileVersionInfoW
VERSION.dll13VerQueryValueW
USER32.dll457LoadStringW
USER32.dll51CharToOemW
USER32.dll729wsprintfW
RPCRT4.dll481UuidCreate
ole32.dll16CoCreateInstance
ole32.dll58CoInitialize
ole32.dll95CoSetProxyBlanket
OLEAUT32.dll24
OLEAUT32.dll9
OLEAUT32.dll2
OLEAUT32.dll20
OLEAUT32.dll19
OLEAUT32.dll23
OLEAUT32.dll6
OLEAUT32.dll25
OLEAUT32.dll8
OLEAUT32.dll12
OLEAUT32.dll16
ntdll.dll690RtlLeaveCriticalSection
ntdll.dll491RtlDeleteCriticalSection
ntdll.dll635RtlInitializeCriticalSection
ntdll.dll581RtlFreeUnicodeString
ntdll.dll812RtlStringFromGUID
ntdll.dll530RtlEnterCriticalSection
ntdll.dll399RtlAnsiCharToUnicodeChar

StringTable 040904B0

CompanyNameMicrosoft Corporation
FileDescriptionEvent Trace Report Tool
FileVersion5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalNameTraceRpt.Exe
LegalCopyright© Microsoft Corporation. All rights reserved.
OriginalFilenameTraceRpt.Exe
ProductNameMicrosoft® Windows® Operating System
ProductVersion5.1.2600.2180

VS_FIXEDFILEINFO

FileVersion5.1.2600.2180
ProductVersion5.1.2600.2180
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType1
FileSubtype0
offsetsizetypecomment
0259584EXE08/04/2004 06:09:29#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable











[?] can't find file_offset of VA 0x250