deviceaccess.dll - Device Broker And Policy COM Server

info
MZ
PE
resources
imports
exports
foremost
version info
hexdump
disasm
log
discuss
donate

filename	deviceaccess.dll
size	147968 (0x24200)
md5	4491e85c62a83cb3be7b82da974f73c4

type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xf0

Rich Header

lib id	version	times used
147	30729	68
205	65501	5
207	65501	1
1	0	283
203	65501	9
202	65501	1
216	65501	58
206	65501	20
201	65501	1
204	65501	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	7
TimeDateStamp	0x52df5c17
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x2102
Magic	0x10b
LinkerVersion	11.0
SizeOfCode	0x1ce00
SizeOfInitializedData	0x7600
SizeOfUninitializedData	0
AddressOfEntryPoint	0x7879
BaseOfCode	0x1000
BaseOfData	0x1f000
ImageBase	0x10000000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	6.3
ImageVersion	6.3
SubsystemVersion	6.3
Reserved1	0
SizeOfImage	0x29000
SizeOfHeaders	0x400
CheckSum	0x2df3c
Subsystem	3
DllCharacteristics	0x140
SizeOfStackReserve	0x40000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ v7.0 DLL

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x1c986	0x1ca00	R-X CODE
.orpc	0x1e000	0x2cc	0x400	R-X CODE
.data	0x1f000	0x90c	0x400	RW- IDATA
.idata	0x20000	0x2116	0x2200	R-- IDATA
minATL	0x23000	0x18	0x200	R-- IDATA
.rsrc	0x24000	0x1df0	0x1e00	R-- IDATA
.reloc	0x26000	0x29a6	0x2a00	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0x1d8d0	0xb6
IMPORT	0x20400	0x2e4
RESOURCE	0x24000	0x1df0
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0x26000	0x1ac8
DEBUG	0x1020	0x38
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0x2dd0	0x5c
Bound_IAT	0	0
IAT	0x20000	0x400
Delay_IAT	0x1d434	0x160
CLR_Header	0	0

show previews

type	name	size
MUI	#1	240
WEVT_TEMPLATE	#1	5426
VERSION	#1	964
MANIFEST	#2	666

module_name	hint	ord	function_name
msvcrt.dll	779		_onexit
msvcrt.dll	159		__dllonexit
msvcrt.dll	966		_unlock
msvcrt.dll	123		__CxxFrameHandler3
msvcrt.dll	490		_initterm
msvcrt.dll	1279		malloc
msvcrt.dll	1223		free
msvcrt.dll	275		_amsg_exit
msvcrt.dll	113		_XcptFilter
msvcrt.dll	1006		_vsnwprintf
msvcrt.dll	364		_except_handler4_common
msvcrt.dll	1291		memcpy
msvcrt.dll	1290		memcmp
msvcrt.dll	1409		wcsrchr
msvcrt.dll	1394		wcschr
msvcrt.dll	610		_lock
msvcrt.dll	796		_purecall
msvcrt.dll	1295		memset
ntdll.dll	1511		WinSqmAddToStream
ntdll.dll	924		RtlGUIDFromString
ntdll.dll	1529		WinSqmIsOptedInEx
ntdll.dll	1135		RtlNtStatusToDosErrorNoTeb
ntdll.dll	723		RtlCompareUnicodeString
ntdll.dll	437		NtQueryInformationToken
ntdll.dll	804		RtlDeleteCriticalSection
ntdll.dll	917		RtlFreeHeap
ntdll.dll	1198		RtlReAllocateHeap
ntdll.dll	671		RtlAllocateHeap
ntdll.dll	1155		RtlPublishWnfStateData
ntdll.dll	301		NtDeleteWnfStateName
ntdll.dll	286		NtCreateWnfStateName
ntdll.dll	641		RtlAddAccessAllowedAce
ntdll.dll	630		RtlAbsoluteToSelfRelativeSD
ntdll.dll	1095		RtlLengthSecurityDescriptor
ntdll.dll	1267		RtlSetOwnerSecurityDescriptor
ntdll.dll	1254		RtlSetDaclSecurityDescriptor
ntdll.dll	642		RtlAddAccessAllowedAceEx
ntdll.dll	754		RtlCreateAcl
ntdll.dll	772		RtlCreateSecurityDescriptor
ntdll.dll	668		RtlAllocateAndInitializeSid
ntdll.dll	434		NtQueryInformationProcess
ntdll.dll	720		RtlCompareMemory
ntdll.dll	537		NtSetInformationProcess
ntdll.dll	1007		RtlInitUnicodeString
ntdll.dll	1134		RtlNtStatusToDosError
ntdll.dll	252		NtCreateFile
api-ms-win-eventing-classicprovider-l1-1-0.dll	5		TraceMessage
api-ms-win-eventing-classicprovider-l1-1-0.dll	7		UnregisterTraceGuids
api-ms-win-eventing-classicprovider-l1-1-0.dll	1		GetTraceEnableLevel
api-ms-win-eventing-classicprovider-l1-1-0.dll	3		RegisterTraceGuidsW
api-ms-win-eventing-classicprovider-l1-1-0.dll	2		GetTraceLoggerHandle
api-ms-win-eventing-classicprovider-l1-1-0.dll			GetTraceEnableFlags
api-ms-win-core-file-l1-2-1.dll	5		CreateFileW
api-ms-win-core-errorhandling-l1-1-1.dll	11		UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll	3		GetLastError
api-ms-win-core-errorhandling-l1-1-1.dll	10		SetUnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll	4		RaiseException
api-ms-win-core-registry-l1-1-0.dll	28		RegOpenKeyExW
api-ms-win-core-registry-l1-1-0.dll	7		RegDeleteTreeW
api-ms-win-core-registry-l1-1-0.dll			RegCloseKey
api-ms-win-core-registry-l1-1-0.dll	12		RegEnumKeyExW
api-ms-win-core-registry-l1-1-0.dll	31		RegQueryInfoKeyW
api-ms-win-core-registry-l1-1-0.dll	40		RegSetValueExW
api-ms-win-core-registry-l1-1-0.dll	9		RegDeleteValueW
api-ms-win-core-registry-l1-1-0.dll	3		RegCreateKeyExW
api-ms-win-core-registry-l1-1-0.dll	5		RegDeleteKeyExW
api-ms-win-core-registry-l1-1-0.dll	33		RegQueryValueExW
api-ms-win-core-registry-l1-1-0.dll	18		RegGetValueW
api-ms-win-core-registry-l1-1-0.dll	26		RegOpenCurrentUser
api-ms-win-core-processthreads-l1-1-2.dll	63		TerminateProcess
api-ms-win-core-processthreads-l1-1-2.dll	44		OpenThreadToken
api-ms-win-core-processthreads-l1-1-2.dll	18		GetExitCodeProcess
api-ms-win-core-processthreads-l1-1-2.dll	5		CreateThread
api-ms-win-core-processthreads-l1-1-2.dll	15		GetCurrentThread
api-ms-win-core-processthreads-l1-1-2.dll	16		GetCurrentThreadId
api-ms-win-core-processthreads-l1-1-2.dll	43		OpenThread
api-ms-win-core-processthreads-l1-1-2.dll	41		OpenProcess
api-ms-win-core-processthreads-l1-1-2.dll	12		GetCurrentProcessId
api-ms-win-core-processthreads-l1-1-2.dll	11		GetCurrentProcess
api-ms-win-core-processthreads-l1-1-2.dll	42		OpenProcessToken
api-ms-win-security-base-l1-2-0.dll	44		FreeSid
api-ms-win-security-base-l1-2-0.dll	63		GetSidSubAuthorityCount
api-ms-win-security-base-l1-2-0.dll	64		GetTokenInformation
api-ms-win-security-base-l1-2-0.dll	42		EqualSid
api-ms-win-security-base-l1-2-0.dll	38		DuplicateToken
api-ms-win-security-base-l1-2-0.dll	62		GetSidSubAuthority
api-ms-win-security-base-l1-2-0.dll	51		GetLengthSid
api-ms-win-security-base-l1-2-0.dll	30		CopySid
api-ms-win-security-base-l1-2-0.dll	26		CheckTokenCapability
api-ms-win-security-base-l1-2-0.dll	22		AllocateAndInitializeSid
api-ms-win-core-heap-l1-2-0.dll	6		HeapFree
api-ms-win-core-heap-l1-2-0.dll	2		HeapAlloc
api-ms-win-core-heap-l1-2-0.dll			GetProcessHeap
api-ms-win-core-com-l1-1-1.dll	63		CoTaskMemFree
api-ms-win-core-com-l1-1-1.dll	5		CoCopyProxy
api-ms-win-core-com-l1-1-1.dll	59		CoSetProxyBlanket
api-ms-win-core-com-l1-1-1.dll	71		CreateStreamOnHGlobal
api-ms-win-core-com-l1-1-1.dll	45		CoMarshalInterface
api-ms-win-core-com-l1-1-1.dll	53		CoReleaseMarshalData
api-ms-win-core-com-l1-1-1.dll	69		CoWaitForMultipleHandles
api-ms-win-core-com-l1-1-1.dll	78		RoGetAgileReference
api-ms-win-core-com-l1-1-1.dll	56		CoRevertToSelf
api-ms-win-core-com-l1-1-1.dll	36		CoImpersonateClient
api-ms-win-core-com-l1-1-1.dll	6		CoCreateFreeThreadedMarshaler
api-ms-win-core-com-l1-1-1.dll	8		CoCreateInstance
api-ms-win-core-com-l1-1-1.dll	38		CoInitializeEx
api-ms-win-core-com-l1-1-1.dll	62		CoTaskMemAlloc
api-ms-win-core-com-l1-1-1.dll	66		CoUninitialize
api-ms-win-core-com-l1-1-1.dll	80		StringFromGUID2
api-ms-win-core-handle-l1-1-0.dll	1		DuplicateHandle
api-ms-win-core-handle-l1-1-0.dll			CloseHandle
api-ms-win-core-libraryloader-l1-2-0.dll	24		LoadStringW
api-ms-win-core-libraryloader-l1-2-0.dll	19		GetProcAddress
api-ms-win-core-libraryloader-l1-2-0.dll	17		GetModuleHandleExW
api-ms-win-core-libraryloader-l1-2-0.dll	1		DisableThreadLibraryCalls
api-ms-win-core-libraryloader-l1-2-0.dll	10		FreeLibrary
api-ms-win-core-synch-l1-2-0.dll	6		CreateEventW
api-ms-win-core-synch-l1-2-0.dll	27		LeaveCriticalSection
api-ms-win-core-synch-l1-2-0.dll	15		EnterCriticalSection
api-ms-win-core-synch-l1-2-0.dll	35		ReleaseSRWLockShared
api-ms-win-core-synch-l1-2-0.dll	19		InitOnceExecuteOnce
api-ms-win-core-synch-l1-2-0.dll	51		WaitForSingleObject
api-ms-win-core-synch-l1-2-0.dll	39		SetEvent
api-ms-win-core-synch-l1-2-0.dll	5		CreateEventExW
api-ms-win-core-synch-l1-2-0.dll	1		AcquireSRWLockShared
api-ms-win-core-synch-l1-2-0.dll	22		InitializeCriticalSection
api-ms-win-core-synch-l1-2-0.dll			AcquireSRWLockExclusive
api-ms-win-core-synch-l1-2-0.dll	34		ReleaseSRWLockExclusive
api-ms-win-core-synch-l1-2-0.dll	37		ResetEvent
api-ms-win-core-synch-l1-2-0.dll	13		DeleteCriticalSection
api-ms-win-core-synch-l1-2-0.dll	43		Sleep
api-ms-win-core-winrt-error-l1-1-1.dll	10		RoOriginateErrorW
api-ms-win-core-winrt-error-l1-1-1.dll	18		SetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1.dll			GetRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1.dll	6		RoGetMatchingRestrictedErrorInfo
api-ms-win-core-winrt-error-l1-1-1.dll	16		RoTransformError
api-ms-win-core-winrt-error-l1-1-1.dll	9		RoOriginateError
api-ms-win-core-winrt-error-l1-1-1.dll	1		IsErrorPropagationEnabled
api-ms-win-core-winrt-error-l1-1-1.dll	12		RoReportFailedDelegate
api-ms-win-core-util-l1-1-0.dll	1		DecodePointer
api-ms-win-core-util-l1-1-0.dll	3		EncodePointer
api-ms-win-core-winrt-string-l1-1-0.dll	18		WindowsStringHasEmbeddedNull
api-ms-win-core-winrt-string-l1-1-0.dll	7		WindowsCreateStringReference
api-ms-win-core-winrt-string-l1-1-0.dll	12		WindowsGetStringRawBuffer
api-ms-win-core-winrt-string-l1-1-0.dll	14		WindowsIsStringEmpty
api-ms-win-core-winrt-string-l1-1-0.dll	6		WindowsCreateString
api-ms-win-core-io-l1-1-1.dll	1		CancelIoEx
api-ms-win-core-io-l1-1-1.dll	4		DeviceIoControl
api-ms-win-core-io-l1-1-1.dll	6		GetOverlappedResultEx
api-ms-win-core-io-l1-1-1.dll	2		CancelSynchronousIo
api-ms-win-core-threadpool-l1-2-0.dll	30		StartThreadpoolIo
api-ms-win-core-threadpool-l1-2-0.dll	1		CancelThreadpoolIo
api-ms-win-core-threadpool-l1-2-0.dll	5		CloseThreadpoolIo
api-ms-win-core-threadpool-l1-2-0.dll	32		TrySubmitThreadpoolCallback
api-ms-win-core-threadpool-l1-2-0.dll	8		CloseThreadpoolWork
api-ms-win-core-threadpool-l1-2-0.dll	36		WaitForThreadpoolWorkCallbacks
api-ms-win-core-threadpool-l1-2-0.dll	16		FreeLibraryWhenCallbackReturns
api-ms-win-core-threadpool-l1-2-0.dll	11		CreateThreadpoolIo
api-ms-win-core-threadpool-l1-2-0.dll	14		CreateThreadpoolWork
api-ms-win-core-threadpool-l1-2-0.dll	31		SubmitThreadpoolWork
api-ms-win-core-threadpool-l1-2-0.dll	33		WaitForThreadpoolIoCallbacks
api-ms-win-security-sddl-l1-1-0.dll	3		ConvertStringSidToSidW
api-ms-win-security-sddl-l1-1-0.dll	1		ConvertSidToStringSidW
api-ms-win-core-winrt-l1-1-0.dll	1		RoGetActivationFactory
api-ms-win-core-sysinfo-l1-2-1.dll	17		GetSystemTimeAsFileTime
api-ms-win-core-sysinfo-l1-2-1.dll	22		GetTickCount64
api-ms-win-core-sysinfo-l1-2-1.dll	21		GetTickCount
api-ms-win-core-debug-l1-1-1.dll	5		IsDebuggerPresent
api-ms-win-eventing-provider-l1-1-0.dll	3		EventRegister
api-ms-win-eventing-provider-l1-1-0.dll	5		EventUnregister
api-ms-win-eventing-provider-l1-1-0.dll	6		EventWrite
api-ms-win-core-string-l1-1-0.dll	1		CompareStringOrdinal
api-ms-win-core-profile-l1-1-0.dll			QueryPerformanceCounter
RPCRT4.dll	311		NdrStubForwardingFunction
RPCRT4.dll	310		NdrStubCall2
RPCRT4.dll	17		IUnknown_Release_Proxy
RPCRT4.dll	264		NdrOleFree
RPCRT4.dll	15		IUnknown_AddRef_Proxy
RPCRT4.dll			CStdStubBuffer_AddRef
RPCRT4.dll	2		CStdStubBuffer_CountRefs
RPCRT4.dll	3		CStdStubBuffer_DebugServerQueryInterface
RPCRT4.dll	8		CStdStubBuffer_QueryInterface
RPCRT4.dll	4		CStdStubBuffer_DebugServerRelease
RPCRT4.dll	5		CStdStubBuffer_Disconnect
RPCRT4.dll	16		IUnknown_QueryInterface_Proxy
RPCRT4.dll	7		CStdStubBuffer_IsIIDSupported
RPCRT4.dll	206		NdrDllGetClassObject
RPCRT4.dll	1		CStdStubBuffer_Connect
RPCRT4.dll	6		CStdStubBuffer_Invoke
RPCRT4.dll	78		I_RpcOpenClientProcess
RPCRT4.dll	446		RpcServerInqCallAttributesW
RPCRT4.dll	153		NdrCStdStubBuffer_Release
RPCRT4.dll	152		NdrCStdStubBuffer2_Release
RPCRT4.dll	205		NdrDllCanUnloadNow
RPCRT4.dll	263		NdrOleAllocate
api-ms-win-core-string-obsolete-l1-1-0.dll	4		lstrcmpiW
api-ms-win-core-heap-obsolete-l1-1-0.dll	10		LocalFree
api-ms-win-core-kernel32-legacy-l1-1-1.dll	68		WaitForMultipleObjects
api-ms-win-core-kernel32-legacy-l1-1-1.dll	37		GetSystemPowerStatus
api-ms-win-devices-query-l1-1-1.dll	9		DevFreeObjects
api-ms-win-devices-query-l1-1-1.dll	10		DevGetObjectProperties
api-ms-win-devices-query-l1-1-1.dll	8		DevFreeObjectProperties
api-ms-win-devices-query-l1-1-1.dll	12		DevGetObjects
api-ms-win-core-wow64-l1-1-0.dll			IsWow64Process
api-ms-win-core-apiquery-l1-1-0.dll			ApiSetQueryApiSetPresence
combase.dll		8
combase.dll		4
combase.dll		9
combase.dll		3
combase.dll		34
combase.dll		5
combase.dll		32
combase.dll		6
combase.dll		7
combase.dll		33
combase.dll		2
api-ms-win-core-localization-l1-2-1.dll	48		LCMapStringW
api-ms-win-core-atoms-l1-1-0.dll	15		GlobalGetAtomNameW
api-ms-win-core-delayload-l1-1-1.dll	1		ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-1.dll			DelayLoadFailureHook

ord	entry_va	function_name
1	0xdcf7	CreateDeviceAccessInstance
2	0x73a0	DllCanUnloadNow
3	0xcbd8	DllGetActivationFactory
4	0x6d90	DllGetClassObject

module_name	deviceaccess.dll
flags	0
timestamp	2014-01-22 01:29:26
version	0.0
ordinal_base	1
nFunctions	4
nNames	4
Names(4)	0x1d908
Functions(4)	0x1d8f8
NameOrdinals(4)	0x1d918

StringTable 040904B0

CompanyName	Microsoft Corporation
FileDescription	Device Broker And Policy COM Server
FileVersion	6.3.9600.16519 (winblue_gdr.140121-1609)
InternalName	DeviceAccess
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	DeviceAccess.dll
ProductName	Microsoft® Windows® Operating System
ProductVersion	6.3.9600.16519

VS_FIXEDFILEINFO

FileVersion	6.3.9600.16519
ProductVersion	6.3.9600.16519
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	1
FileSubtype	0

show previews

offset	size	type	comment
0	147968	DLL	01/22/2014 05:50:15	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

everything is OK

deviceaccess.dll-

MZ Header

Rich Header

DOS stub

PE Header

Packer / Compiler

Sections

Data Directory

StringTable 040904B0

VS_FIXEDFILEINFO

deviceaccess.dll
-