filename | ntvdm.exe | |
---|---|---|
size | 229888 (0x38200) | |
md5 | 9e504e865668a2f287bf5cdb6ebd38ac | |
type | PE32 executable (console) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xe8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
TLS
raw start | raw end | index | callbks | zero fill | flags | |
---|---|---|---|---|---|---|
0x7b6019 | 0x7b6019 | 0x7b5830 | 0x4282a4 | 0 | 0 |
module_name | hint | ord | function_name |
---|---|---|---|
user32.dll | 483 | MessageBoxW | |
user32.dll | 470 | MapVirtualKeyW | |
user32.dll | 668 | ToAscii | |
gdi32.dll | 561 | SetPaletteEntries | |
gdi32.dll | 69 | CreatePalette | |
advapi32.dll | 506 | RegOpenKeyExW | |
advapi32.dll | 517 | RegQueryValueExW | |
advapi32.dll | 465 | RegCloseKey | |
msvcrt.dll | 744 | free | |
msvcrt.dll | 712 | calloc | |
msvcrt.dll | 853 | strncmp | |
msvcrt.dll | 120 | __lconv_init | |
msvcrt.dll | 652 | _winmajor | |
msvcrt.dll | 832 | signal | |
msvcrt.dll | 700 | abort | |
msvcrt.dll | 480 | _onexit | |
msvcrt.dll | 398 | _lock | |
msvcrt.dll | 107 | __dllonexit | |
msvcrt.dll | 588 | _unlock | |
msvcrt.dll | 348 | _iob | |
msvcrt.dll | 737 | fprintf | |
msvcrt.dll | 796 | malloc | |
msvcrt.dll | 194 | _amsg_exit | |
msvcrt.dll | 342 | _initterm | |
msvcrt.dll | 280 | _fpreset | |
msvcrt.dll | 607 | _wcmdln | |
msvcrt.dll | 169 | __winitenv | |
msvcrt.dll | 721 | exit | |
msvcrt.dll | 205 | _cexit | |
msvcrt.dll | 168 | __wgetmainargs | |
msvcrt.dll | 155 | __set_app_type | |
msvcrt.dll | 277 | _fmode | |
msvcrt.dll | 216 | _commode | |
msvcrt.dll | 157 | __setusermatherr | |
msvcrt.dll | 598 | _vsnwprintf | |
msvcrt.dll | 923 | wprintf | |
msvcrt.dll | 903 | wcslen | |
msvcrt.dll | 644 | _wfopen | |
msvcrt.dll | 732 | fgetws | |
msvcrt.dll | 724 | fclose | |
msvcrt.dll | 840 | strcat | |
msvcrt.dll | 862 | strtok | |
msvcrt.dll | 852 | strncat | |
msvcrt.dll | 804 | memcpy | |
msvcrt.dll | 851 | strlen | |
msvcrt.dll | 842 | strchr | |
msvcrt.dll | 854 | strncpy | |
msvcrt.dll | 867 | swprintf | |
msvcrt.dll | 845 | strcpy | |
msvcrt.dll | 808 | memset | |
msvcrt.dll | 806 | memmove | |
kernel32.dll | 544 | InitializeCriticalSection | |
kernel32.dll | 866 | TlsGetValue | |
kernel32.dll | 74 | CreateConsoleScreenBuffer | |
kernel32.dll | 129 | DeleteCriticalSection | |
kernel32.dll | 152 | EnterCriticalSection | |
kernel32.dll | 590 | LeaveCriticalSection | |
kernel32.dll | 379 | GetModuleHandleA | |
kernel32.dll | 875 | UnhandledExceptionFilter | |
kernel32.dll | 318 | GetCurrentProcess | |
kernel32.dll | 859 | TerminateProcess | |
kernel32.dll | 454 | GetSystemTimeAsFileTime | |
kernel32.dll | 319 | GetCurrentProcessId | |
kernel32.dll | 322 | GetCurrentThreadId | |
kernel32.dll | 436 | GetStartupInfoW | |
kernel32.dll | 547 | InterlockedCompareExchange | |
kernel32.dll | 851 | Sleep | |
kernel32.dll | 550 | InterlockedExchange | |
kernel32.dll | 839 | SetUnhandledExceptionFilter | |
kernel32.dll | 673 | QueryPerformanceFrequency | |
kernel32.dll | 475 | GetTickCount | |
kernel32.dll | 672 | QueryPerformanceCounter | |
kernel32.dll | 747 | SetConsoleCtrlHandler | |
kernel32.dll | 292 | GetConsoleCursorInfo | |
kernel32.dll | 591 | LoadLibraryA | |
kernel32.dll | 120 | DebugBreak | |
kernel32.dll | 339 | GetEnvironmentStringsW | |
kernel32.dll | 913 | WideCharToMultiByte | |
kernel32.dll | 243 | FreeEnvironmentStringsW | |
kernel32.dll | 316 | GetCurrentDirectoryA | |
kernel32.dll | 433 | GetShortPathNameA | |
kernel32.dll | 437 | GetStdHandle | |
kernel32.dll | 75 | CreateDirectoryA | |
kernel32.dll | 705 | RemoveDirectoryA | |
kernel32.dll | 131 | DeleteFileA | |
kernel32.dll | 790 | SetFileAttributesA | |
kernel32.dll | 102 | CreateProcessA | |
kernel32.dll | 342 | GetExitCodeProcess | |
kernel32.dll | 351 | GetFileSize | |
kernel32.dll | 85 | CreateFileMappingW | |
kernel32.dll | 613 | MapViewOfFile | |
kernel32.dll | 878 | UnmapViewOfFile | |
kernel32.dll | 346 | GetFileAttributesA | |
kernel32.dll | 775 | SetCurrentDirectoryA | |
kernel32.dll | 776 | SetCurrentDirectoryW | |
kernel32.dll | 210 | FindFirstFileA | |
kernel32.dll | 220 | FindNextFileA | |
kernel32.dll | 195 | FileTimeToDosDateTime | |
kernel32.dll | 234 | FlushFileBuffers | |
kernel32.dll | 762 | SetConsoleMode | |
kernel32.dll | 31 | Beep | |
kernel32.dll | 531 | HeapFree | |
kernel32.dll | 525 | HeapAlloc | |
kernel32.dll | 415 | GetProcessHeap | |
kernel32.dll | 307 | GetConsoleScreenBufferInfo | |
kernel32.dll | 683 | ReadConsoleOutputA | |
kernel32.dll | 744 | SetConsoleActiveScreenBuffer | |
kernel32.dll | 367 | GetLocalTime | |
kernel32.dll | 808 | SetLocalTime | |
kernel32.dll | 792 | SetFilePointer | |
kernel32.dll | 690 | ReadFile | |
kernel32.dll | 365 | GetLastError | |
kernel32.dll | 86 | CreateFileW | |
kernel32.dll | 805 | SetLastError | |
kernel32.dll | 52 | CloseHandle | |
kernel32.dll | 929 | WriteFile | |
kernel32.dll | 703 | ReleaseMutex | |
kernel32.dll | 909 | WaitForSingleObject | |
kernel32.dll | 111 | CreateThread | |
kernel32.dll | 97 | CreateMutexW | |
kernel32.dll | 682 | ReadConsoleInputW | |
kernel32.dll | 556 | InvalidateConsoleDIBits | |
kernel32.dll | 768 | SetConsolePalette | |
kernel32.dll | 354 | GetFileType | |
kernel32.dll | 716 | ResetEvent | |
kernel32.dll | 773 | SetConsoleWindowInfo | |
kernel32.dll | 769 | SetConsoleScreenBufferSize | |
kernel32.dll | 751 | SetConsoleCursorPosition | |
kernel32.dll | 749 | SetConsoleCursorInfo | |
kernel32.dll | 80 | CreateEventW | |
kernel32.dll | 244 | FreeLibrary | |
kernel32.dll | 412 | GetProcAddress | |
kernel32.dll | 594 | LoadLibraryW | |
kernel32.dll | 83 | CreateFileA | |
kernel32.dll | 303 | GetConsoleMode | |
ntdll.dll | 1184 | _allshr | |
ntdll.dll | 1189 | _aullshr | |
ntdll.dll | 1183 | _allshl | |
ntdll.dll | 16 | DbgPrint | |
ntdll.dll | 412 | RtlAssert | |
ntdll.dll | 117 | NtCreateFile | |
ntdll.dll | 628 | RtlInitUnicodeString | |
ntdll.dll | 148 | NtDeviceIoControlFile | |
ntdll.dll | 1180 | _allmul | |
ntdll.dll | 105 | NtClose | |
ntdll.dll | 96 | NtAllocateVirtualMemory | |
ntdll.dll | 165 | NtFreeVirtualMemory | |
ntdll.dll | 354 | NtVdmControl | |
ntdll.dll | 314 | NtSetInformationProcess | |
ntdll.dll | 394 | RtlAdjustPrivilege | |
ntdll.dll | 1182 | _allrem | |
ntdll.dll | 1188 | _aullrem | |
ntdll.dll | 1186 | _aulldiv |
ord | entry_va | function_name | |
---|---|---|---|
1 | 0xc640 | MGetVdmPointer | |
2 | 0xc600 | Sim32pGetVDMPointer | |
3 | 0xdcd0 | VDDDeInstallIOHook | |
4 | 0xdb00 | VDDInstallIOHook | |
5 | 0xc5f0 | VDDTerminateVDM | |
6 | 0xc660 | VdmMapFlat | |
7 | 0xe400 | c_getAF | |
8 | 0xde40 | c_getAH | |
9 | 0xde60 | c_getAL | |
10 | 0xde10 | c_getAX | |
11 | 0xded0 | c_getBH | |
12 | 0xdef0 | c_getBL | |
13 | 0xe0b0 | c_getBP | |
14 | 0xdea0 | c_getBX | |
15 | 0xe300 | c_getCF | |
16 | 0xdf60 | c_getCH | |
17 | 0xdf80 | c_getCL | |
18 | 0xe1e0 | c_getCS | |
19 | 0xdf30 | c_getCX | |
20 | 0xe540 | c_getDF | |
21 | 0xdff0 | c_getDH | |
22 | 0xe150 | c_getDI | |
23 | 0xe010 | c_getDL | |
24 | 0xe240 | c_getDS | |
25 | 0xdfc0 | c_getDX | |
26 | 0xddf0 | c_getEAX | |
27 | 0xe090 | c_getEBP | |
28 | 0xde80 | c_getEBX | |
29 | 0xdf10 | c_getECX | |
30 | 0xe130 | c_getEDI | |
31 | 0xdfa0 | c_getEDX | |
32 | 0xe180 | c_getEIP | |
33 | 0xe270 | c_getES | |
34 | 0xe0e0 | c_getESI | |
35 | 0xe030 | c_getESP | |
36 | 0xe2a0 | c_getFS | |
37 | 0xe2d0 | c_getGS | |
38 | 0xe4f0 | c_getIF | |
39 | 0xe1b0 | c_getIP | |
40 | 0xe600 | c_getMSW | |
41 | 0xe590 | c_getOF | |
42 | 0xe3b0 | c_getPF | |
43 | 0xe4a0 | c_getSF | |
44 | 0xe100 | c_getSI | |
45 | 0xe060 | c_getSP | |
46 | 0xe210 | c_getSS | |
47 | 0xe450 | c_getZF | |
48 | 0xe420 | c_setAF | |
49 | 0xde50 | c_setAH | |
50 | 0xde70 | c_setAL | |
51 | 0xde20 | c_setAX | |
52 | 0xdee0 | c_setBH | |
53 | 0xdf00 | c_setBL | |
54 | 0xe0c0 | c_setBP | |
55 | 0xdeb0 | c_setBX | |
56 | 0xe340 | c_setCF | |
57 | 0xdf70 | c_setCH | |
58 | 0xdf90 | c_setCL | |
59 | 0xe1f0 | c_setCS | |
60 | 0xdf40 | c_setCX | |
61 | 0xe560 | c_setDF | |
62 | 0xe000 | c_setDH | |
63 | 0xe160 | c_setDI | |
64 | 0xe020 | c_setDL | |
65 | 0xe250 | c_setDS | |
66 | 0xdfd0 | c_setDX | |
67 | 0xde00 | c_setEAX | |
68 | 0xe0a0 | c_setEBP | |
69 | 0xde90 | c_setEBX | |
70 | 0xdf20 | c_setECX | |
71 | 0xe140 | c_setEDI | |
72 | 0xdfb0 | c_setEDX | |
73 | 0xe190 | c_setEIP | |
74 | 0xe280 | c_setES | |
75 | 0xe0f0 | c_setESI | |
76 | 0xe040 | c_setESP | |
77 | 0xe2b0 | c_setFS | |
78 | 0xe2e0 | c_setGS | |
79 | 0xe510 | c_setIF | |
80 | 0xe1c0 | c_setIP | |
81 | 0xe610 | c_setMSW | |
82 | 0xe5b0 | c_setOF | |
83 | 0xe3d0 | c_setPF | |
84 | 0xe4c0 | c_setSF | |
85 | 0xe110 | c_setSI | |
86 | 0xe070 | c_setSP | |
87 | 0xe220 | c_setSS | |
88 | 0xe470 | c_setZF | |
89 | 0x5060 | call_ica_hw_interrupt | |
90 | 0xe400 | getAF | |
91 | 0xde40 | getAH | |
92 | 0xde60 | getAL | |
93 | 0xde10 | getAX | |
94 | 0xded0 | getBH | |
95 | 0xdef0 | getBL | |
96 | 0xe0b0 | getBP | |
97 | 0xdea0 | getBX | |
98 | 0xe300 | getCF | |
99 | 0xdf60 | getCH | |
100 | 0xdf80 | getCL | |
101 | 0xe1e0 | getCS | |
102 | 0xdf30 | getCX | |
103 | 0xe540 | getDF | |
104 | 0xdff0 | getDH | |
105 | 0xe150 | getDI | |
106 | 0xe010 | getDL | |
107 | 0xe240 | getDS | |
108 | 0xdfc0 | getDX | |
109 | 0xddf0 | getEAX | |
110 | 0xe090 | getEBP | |
111 | 0xde80 | getEBX | |
112 | 0xdf10 | getECX | |
113 | 0xe130 | getEDI | |
114 | 0xdfa0 | getEDX | |
115 | 0xe5e0 | getEFLAGS | |
116 | 0xe180 | getEIP | |
117 | 0xe270 | getES | |
118 | 0xe0e0 | getESI | |
119 | 0xe030 | getESP | |
120 | 0xe2a0 | getFS | |
121 | 0xe2d0 | getGS | |
122 | 0xe4f0 | getIF | |
123 | 0xe1b0 | getIP | |
124 | 0xddd0 | getIntelRegistersPointer | |
125 | 0xe600 | getMSW | |
126 | 0xe590 | getOF | |
127 | 0xe3b0 | getPF | |
128 | 0xe4a0 | getSF | |
129 | 0xe100 | getSI | |
130 | 0xe060 | getSP | |
131 | 0xe210 | getSS | |
132 | 0xe450 | getZF | |
133 | 0xe420 | setAF | |
134 | 0xde50 | setAH | |
135 | 0xde70 | setAL | |
136 | 0xde20 | setAX | |
137 | 0xdee0 | setBH | |
138 | 0xdf00 | setBL | |
139 | 0xe0c0 | setBP | |
140 | 0xdeb0 | setBX | |
141 | 0xe340 | setCF | |
142 | 0xdf70 | setCH | |
143 | 0xdf90 | setCL | |
144 | 0xe1f0 | setCS | |
145 | 0xdf40 | setCX | |
146 | 0xe560 | setDF | |
147 | 0xe000 | setDH | |
148 | 0xe160 | setDI | |
149 | 0xe020 | setDL | |
150 | 0xe250 | setDS | |
151 | 0xdfd0 | setDX | |
152 | 0xde00 | setEAX | |
153 | 0xe0a0 | setEBP | |
154 | 0xde90 | setEBX | |
155 | 0xdf20 | setECX | |
156 | 0xe140 | setEDI | |
157 | 0xdfb0 | setEDX | |
158 | 0xe5f0 | setEFLAGS | |
159 | 0xe190 | setEIP | |
160 | 0xe280 | setES | |
161 | 0xe0f0 | setESI | |
162 | 0xe040 | setESP | |
163 | 0xe2b0 | setFS | |
164 | 0xe2e0 | setGS | |
165 | 0xe510 | setIF | |
166 | 0xe1c0 | setIP | |
167 | 0xe610 | setMSW | |
168 | 0xe5b0 | setOF | |
169 | 0xe3d0 | setPF | |
170 | 0xe4c0 | setSF | |
171 | 0xe110 | setSI | |
172 | 0xe070 | setSP | |
173 | 0xe220 | setSS | |
174 | 0xe470 | setZF |
StringTable 040904b0
CompanyName | ReactOS Development Team |
FileDescription | ReactOS Virtual DOS Machine |
FileVersion | 0.4-SVN |
InternalName | ntvdm |
LegalCopyright | Copyright 1998-2014 ReactOS Team |
OriginalFilename | ntvdm.exe |
ProductName | ReactOS Operating System |
ProductVersion | 0.4-SVN |
VS_FIXEDFILEINFO
FileVersion | 0.4.0.0 |
ProductVersion | 0.4.0.0 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 1 |
FileSubtype | 0 |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
[?] can't find file_offset of VA 0x3b5830