| filename | fwmemmap.exe | |
|---|---|---|
| size | 9728 (0x2600) | |
| md5 | e206cd5c916c74240f5ef95db66799f1 | |
| type | PE32 executable (console) Intel 80386, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xd8 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
| name | va | vsize | raw size | flags | |
|---|---|---|---|---|---|
| .text | 0x1000 | 0x1578 | 0x1600 | R-X CODE | |
| .data | 0x3000 | 0x37c | 0x200 | RW- IDATA | |
| .rsrc | 0x4000 | 0x3d8 | 0x400 | R-- IDATA | |
| .reloc | 0x5000 | 0x1fe | 0x200 | R-- IDATA DISCARDABLE |
Data Directory
| module_name | hint | ord | function_name |
|---|---|---|---|
| ADVAPI32.dll | 704 | StartServiceA | |
| ADVAPI32.dll | 83 | CloseServiceHandle | |
| ADVAPI32.dll | 124 | CreateServiceA | |
| ADVAPI32.dll | 498 | OpenSCManagerA | |
| ADVAPI32.dll | 88 | ControlService | |
| ADVAPI32.dll | 500 | OpenServiceA | |
| ADVAPI32.dll | 214 | DeleteService | |
| KERNEL32.dll | 486 | GetLastError | |
| KERNEL32.dll | 120 | CreateFileA | |
| KERNEL32.dll | 67 | CloseHandle | |
| KERNEL32.dll | 202 | DeviceIoControl | |
| KERNEL32.dll | 425 | GetCurrentProcess | |
| KERNEL32.dll | 1069 | TerminateProcess | |
| KERNEL32.dll | 591 | GetSystemTimeAsFileTime | |
| KERNEL32.dll | 426 | GetCurrentProcessId | |
| KERNEL32.dll | 429 | GetCurrentThreadId | |
| KERNEL32.dll | 614 | GetTickCount | |
| KERNEL32.dll | 852 | QueryPerformanceCounter | |
| KERNEL32.dll | 502 | GetModuleHandleA | |
| KERNEL32.dll | 1045 | SetUnhandledExceptionFilter | |
| KERNEL32.dll | 698 | InterlockedCompareExchange | |
| KERNEL32.dll | 1057 | Sleep | |
| KERNEL32.dll | 701 | InterlockedExchange | |
| KERNEL32.dll | 1086 | UnhandledExceptionFilter | |
| msvcrt.dll | 469 | _initterm | |
| msvcrt.dll | 212 | __setusermatherr | |
| msvcrt.dll | 245 | _adjust_fdiv | |
| msvcrt.dll | 185 | __p__commode | |
| msvcrt.dll | 190 | __p__fmode | |
| msvcrt.dll | 210 | __set_app_type | |
| msvcrt.dll | 55 | void __cdecl terminate(void) ?terminate@@YAXXZ | |
| msvcrt.dll | 345 | _except_handler4_common | |
| msvcrt.dll | 295 | _controlfp | |
| msvcrt.dll | 1167 | exit | |
| msvcrt.dll | 106 | _XcptFilter | |
| msvcrt.dll | 354 | _exit | |
| msvcrt.dll | 276 | _cexit | |
| msvcrt.dll | 145 | __getmainargs | |
| msvcrt.dll | 1348 | vprintf | |
| msvcrt.dll | 1258 | memcpy | |
| msvcrt.dll | 407 | _fullpath | |
| msvcrt.dll | 1190 | free | |
| msvcrt.dll | 1267 | printf | |
| msvcrt.dll | 18 | void * __cdecl operator new(unsigned int) ??2@YAPAXI@Z | |
| msvcrt.dll | 20 | void __cdecl operator delete(void *) ??3@YAXPAX@Z | |
| msvcrt.dll | 257 | _amsg_exit |
StringTable 040904B0
| CompanyName | Geoff Chappell |
| FileDescription | Firmware Memory Map Retriever |
| FileVersion | 1.0.0.0 built by: WinDDK |
| InternalName | fwmemmap.exe |
| LegalCopyright | Copyright (C) 2009. Geoff Chappell. All rights reserved. |
| OriginalFilename | fwmemmap.exe |
| ProductName | Firmware Memory Map Tool |
| ProductVersion | 1.0.0.0 |
VS_FIXEDFILEINFO
| FileVersion | 1.0.0.0 |
| ProductVersion | 1.0.0.0 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 1 |
| FileSubtype | 0 |
Signers (1)
issuer: /CN=My Own Testing Authority
serial: 30D43F0573AF32AC45202E65B68619D3
Certificates (1)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:d4:3f:05:73:af:32:ac:45:20:2e:65:b6:86:19:d3
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=My Own Testing Authority
Validity
Not Before: Feb 12 06:45:23 2009 GMT
Not After : Dec 31 23:59:59 2039 GMT
Subject: CN=My Own Testing Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Modulus:
00:c7:80:34:94:50:d1:3a:39:62:ac:17:69:fb:ab:
76:5d:43:74:a5:13:16:e2:54:d9:59:87:c0:f1:bf:
ed:8d:7a:62:c0:0d:b6:68:07:4a:4c:67:63:fb:1a:
e6:59:a4:49:ae:85:7b:5e:61:19:7f:eb:3a:a0:56:
32:f9:18:f8:6f:ca:5e:c8:fb:03:da:52:54:65:f2:
4f:bb:61:4b:fd:32:cc:09:0c:52:93:be:20:9b:71:
d6:97:39:44:e2:16:75:bc:18:93:33:bf:63:5e:f6:
78:cd:70:fb:6e:e0:79:6c:8e:75:1d:aa:99:8a:77:
79:49:e9:95:4e:5b:a6:4c:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
2.5.29.1:
0K...\.W.#.{%/.......%0#1!0...U....My Own Testing Authority..0.?.s.2.E .e....
Signature Algorithm: md5WithRSAEncryption
95:55:fc:af:74:03:cf:f6:32:fc:e3:e3:e1:98:5b:38:ba:fa:
f0:61:75:da:7e:c0:9b:1e:3e:76:ac:cf:e1:30:90:d9:f5:a1:
9a:78:6d:48:8c:33:ca:a0:a5:41:bd:54:d6:60:e7:4b:36:ed:
7f:a6:6d:f6:b7:70:39:99:8c:3c:bb:82:f7:5f:18:52:7c:60:
b7:ca:4f:64:44:cf:ba:38:24:8d:57:35:77:75:bd:6b:c6:8c:
35:81:72:85:d3:04:9c:72:8f:54:8b:ea:48:c7:c1:9a:2f:b9:
1a:1b:80:04:3c:14:b7:f4:f7:02:bf:f7:3e:91:e9:82:83:4d:
da:b8pkcs7-signedData
- 1
- SHA1: nil
- 1.3.6.1.4.1.311.2.1.4
- #0
- 1.3.6.1.4.1.311.2.1.15
- :
00 3c 00 3c 00 3c 00 4f 00 62 00 73 00 6f 00 6c |.<.<.<.O.b.s.o.l| 00 65 00 74 00 65 00 3e 00 3e 00 3e |.e.t.e.>.>.> |
- :
- SHA1
8c ae 38 64 7b c9 8d 23 77 54 27 16 e6 35 17 83 |..8d{..#wT'..5..| 28 dd 7b 22 |(.{" |
- 1.3.6.1.4.1.311.2.1.15
- #0
- #2
- 2
- 30:D4:3F:05:73:AF:32:AC:45:20:2E:65:B6:86:19:D3
- RSA-MD5: nil
- CN: My Own Testing Authority
- 2009-02-12 06:45:23 UTC: 2039-12-31 23:59:59 UTC
- CN: My Own Testing Authority
- #5
- rsaEncryption: nil
- C7:80:34:94:50:D1:3A:39:62:AC:17:69:FB:AB:76:5D:
43:74:A5:13:16:E2:54:D9:59:87:C0:F1:BF:ED:8D:7A:
62:C0:0D:B6:68:07:4A:4C:67:63:FB:1A:E6:59:A4:49:
AE:85:7B:5E:61:19:7F:EB:3A:A0:56:32:F9:18:F8:6F:
CA:5E:C8:FB:03:DA:52:54:65:F2:4F:BB:61:4B:FD:32:
CC:09:0C:52:93:BE:20:9B:71:D6:97:39:44:E2:16:75:
BC:18:93:33:BF:63:5E:F6:78:CD:70:FB:6E:E0:79:6C:
8E:75:1D:AA:99:8A:77:79:49:E9:95:4E:5B:A6:4C:B9: 0x010001
- 2.5.29.1
aa 5c b9 57 a5 23 a7 7b 25 2f ad 1b ba 18 1c f2 |.\.W.#.{%/......|- CN: My Own Testing Authority
30 d4 3f 05 73 af 32 ac 45 20 2e 65 b6 86 19 d3 |0.?.s.2.E .e....|
- RSA-MD5:
95 55 fc af 74 03 cf f6 32 fc e3 e3 e1 98 5b 38 |.U..t...2.....[8| ba fa f0 61 75 da 7e c0 9b 1e 3e 76 ac cf e1 30 |...au.~...>v...0| 90 d9 f5 a1 9a 78 6d 48 8c 33 ca a0 a5 41 bd 54 |.....xmH.3...A.T| d6 60 e7 4b 36 ed 7f a6 6d f6 b7 70 39 99 8c 3c |.`.K6...m..p9..<| bb 82 f7 5f 18 52 7c 60 b7 ca 4f 64 44 cf ba 38 |..._.R|`..OdD..8| 24 8d 57 35 77 75 bd 6b c6 8c 35 81 72 85 d3 04 |$.W5wu.k..5.r...| 9c 72 8f 54 8b ea 48 c7 c1 9a 2f b9 1a 1b 80 04 |.r.T..H.../.....| 3c 14 b7 f4 f7 02 bf f7 3e 91 e9 82 83 4d da b8 |<.......>....M..|
- 2
- 1
- #0
- CN: My Own Testing Authority
- 30:D4:3F:05:73:AF:32:AC:45:20:2E:65:B6:86:19:D3
- SHA1: nil
- #2
- 1.3.6.1.4.1.311.2.1.12
- nil
- contentType: 1.3.6.1.4.1.311.2.1.4
- messageDigest:
ac 5f e4 d4 65 e2 e2 2b 3c ca 72 f9 a1 88 84 4c |._..e..+<.r....L| 09 7a a7 4d |.z.M |
- 1.3.6.1.4.1.311.2.1.12
- rsaEncryption:
1a e2 47 b3 9a ce 98 53 3d 6f 65 ee 29 00 bb 73 |..G....S=oe.)..s| 26 ec 11 39 5c cd 57 c4 16 30 d6 b0 72 51 1d b8 |&..9\.W..0..rQ..| 5c 00 b5 77 f1 a1 38 9a e9 19 4d 05 98 c8 28 fa |\..w..8...M...(.| 8c 97 be ab bb 6b 40 01 0a ab 1b 41 0d 26 09 da |.....k@....A.&..| b3 56 9d 93 16 2e e0 dd fd 5d f2 29 03 17 91 e4 |.V.......].)....| 83 48 09 3b 80 c4 1d 35 de ea 4d 51 98 75 62 8b |.H.;...5..MQ.ub.| a0 bc 30 cc 9f 22 5e f1 33 37 b8 62 af a0 1c b7 |..0.."^.37.b....| ff af 6e c6 44 b6 44 b1 b3 cf 7d 1d 2d 4d ba 59 |..n.D.D...}.-M.Y|
- #0
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK