ntvdm_my.exe - ntvdm.exe - ReactOS Virtual DOS Machine

info
MZ
PE
resources
imports
exports
foremost
version info
hexdump
disasm
log
discuss
donate

filename	ntvdm_my.exe
size	229888 (0x38200)
md5	f7e58eb5cf6d311a2da5cfca1e3e2e38

type	PE32 executable (console) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	OK
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xd8

Rich Header

lib id	version	times used
158	40219	2
156	40219	13
1	0	150
170	40219	43
155	40219	1
154	40219	1
157	40219	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	6
TimeDateStamp	0x52d6f4a3
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x102
Magic	0x10b
LinkerVersion	10.0
SizeOfCode	0x26c00
SizeOfInitializedData	0x393a00
SizeOfUninitializedData	0
AddressOfEntryPoint	0x26300
BaseOfCode	0x1000
BaseOfData	0x28000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.1
ImageVersion	0.0
SubsystemVersion	5.1
Reserved1	0
SizeOfImage	0x3be000
SizeOfHeaders	0x400
CheckSum	0x3927a
Subsystem	3
DllCharacteristics	0x8140
SizeOfStackReserve	0x989680
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MASM/TASM - sig4

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x26a9e	0x26c00	R-X CODE
.rdata	0x28000	0x2ae7	0x2c00	R-- IDATA
.data	0x2b000	0x38a974	0x8200	RW- IDATA
.tls	0x3b6000	0x1a	0x200	RW- IDATA
.rsrc	0x3b7000	0x20d0	0x2200	R-- IDATA
.reloc	0x3ba000	0x3f3c	0x4000	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0x29e50	0xc47
IMPORT	0x2913c	0x8c
RESOURCE	0x3b7000	0x20d0
EXCEPTION	0	0
SECURITY	0	0
BASERELOC	0x3ba000	0x1ba4
DEBUG	0x282b0	0x1c
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x3b6000	0x18
LOAD_CONFIG	0	0
Bound_IAT	0	0
IAT	0x28000	0x270
Delay_IAT	0	0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x7b6019	0x7b6019	0x7b5750	0x428298	0	0

show previews

type	name	size
ICON	#1	744
ICON	#2	2216
ICON	#3	4264
GROUP_ICON	#1	48
VERSION	#1	792

module_name	hint	function_name
user32.dll	483	MessageBoxW
user32.dll	470	MapVirtualKeyW
user32.dll	668	ToAscii
gdi32.dll	561	SetPaletteEntries
gdi32.dll	69	CreatePalette
advapi32.dll	506	RegOpenKeyExW
advapi32.dll	517	RegQueryValueExW
advapi32.dll	465	RegCloseKey
msvcrt.dll	744	free
msvcrt.dll	712	calloc
msvcrt.dll	853	strncmp
msvcrt.dll	120	__lconv_init
msvcrt.dll	652	_winmajor
msvcrt.dll	832	signal
msvcrt.dll	700	abort
msvcrt.dll	480	_onexit
msvcrt.dll	398	_lock
msvcrt.dll	107	__dllonexit
msvcrt.dll	588	_unlock
msvcrt.dll	348	_iob
msvcrt.dll	737	fprintf
msvcrt.dll	796	malloc
msvcrt.dll	194	_amsg_exit
msvcrt.dll	342	_initterm
msvcrt.dll	280	_fpreset
msvcrt.dll	607	_wcmdln
msvcrt.dll	169	__winitenv
msvcrt.dll	721	exit
msvcrt.dll	205	_cexit
msvcrt.dll	168	__wgetmainargs
msvcrt.dll	155	__set_app_type
msvcrt.dll	277	_fmode
msvcrt.dll	216	_commode
msvcrt.dll	157	__setusermatherr
msvcrt.dll	598	_vsnwprintf
msvcrt.dll	923	wprintf
msvcrt.dll	903	wcslen
msvcrt.dll	644	_wfopen
msvcrt.dll	732	fgetws
msvcrt.dll	724	fclose
msvcrt.dll	840	strcat
msvcrt.dll	862	strtok
msvcrt.dll	852	strncat
msvcrt.dll	804	memcpy
msvcrt.dll	851	strlen
msvcrt.dll	842	strchr
msvcrt.dll	854	strncpy
msvcrt.dll	867	swprintf
msvcrt.dll	845	strcpy
msvcrt.dll	808	memset
msvcrt.dll	806	memmove
kernel32.dll	544	InitializeCriticalSection
kernel32.dll	866	TlsGetValue
kernel32.dll	768	SetConsolePalette
kernel32.dll	129	DeleteCriticalSection
kernel32.dll	152	EnterCriticalSection
kernel32.dll	590	LeaveCriticalSection
kernel32.dll	379	GetModuleHandleA
kernel32.dll	875	UnhandledExceptionFilter
kernel32.dll	318	GetCurrentProcess
kernel32.dll	859	TerminateProcess
kernel32.dll	454	GetSystemTimeAsFileTime
kernel32.dll	319	GetCurrentProcessId
kernel32.dll	322	GetCurrentThreadId
kernel32.dll	436	GetStartupInfoW
kernel32.dll	547	InterlockedCompareExchange
kernel32.dll	851	Sleep
kernel32.dll	550	InterlockedExchange
kernel32.dll	839	SetUnhandledExceptionFilter
kernel32.dll	673	QueryPerformanceFrequency
kernel32.dll	475	GetTickCount
kernel32.dll	672	QueryPerformanceCounter
kernel32.dll	747	SetConsoleCtrlHandler
kernel32.dll	292	GetConsoleCursorInfo
kernel32.dll	591	LoadLibraryA
kernel32.dll	120	DebugBreak
kernel32.dll	339	GetEnvironmentStringsW
kernel32.dll	913	WideCharToMultiByte
kernel32.dll	243	FreeEnvironmentStringsW
kernel32.dll	316	GetCurrentDirectoryA
kernel32.dll	433	GetShortPathNameA
kernel32.dll	437	GetStdHandle
kernel32.dll	75	CreateDirectoryA
kernel32.dll	705	RemoveDirectoryA
kernel32.dll	131	DeleteFileA
kernel32.dll	790	SetFileAttributesA
kernel32.dll	102	CreateProcessA
kernel32.dll	342	GetExitCodeProcess
kernel32.dll	351	GetFileSize
kernel32.dll	85	CreateFileMappingW
kernel32.dll	613	MapViewOfFile
kernel32.dll	878	UnmapViewOfFile
kernel32.dll	346	GetFileAttributesA
kernel32.dll	775	SetCurrentDirectoryA
kernel32.dll	776	SetCurrentDirectoryW
kernel32.dll	210	FindFirstFileA
kernel32.dll	220	FindNextFileA
kernel32.dll	195	FileTimeToDosDateTime
kernel32.dll	234	FlushFileBuffers
kernel32.dll	762	SetConsoleMode
kernel32.dll	31	Beep
kernel32.dll	531	HeapFree
kernel32.dll	525	HeapAlloc
kernel32.dll	415	GetProcessHeap
kernel32.dll	307	GetConsoleScreenBufferInfo
kernel32.dll	683	ReadConsoleOutputA
kernel32.dll	744	SetConsoleActiveScreenBuffer
kernel32.dll	367	GetLocalTime
kernel32.dll	808	SetLocalTime
kernel32.dll	792	SetFilePointer
kernel32.dll	690	ReadFile
kernel32.dll	365	GetLastError
kernel32.dll	86	CreateFileW
kernel32.dll	805	SetLastError
kernel32.dll	52	CloseHandle
kernel32.dll	929	WriteFile
kernel32.dll	703	ReleaseMutex
kernel32.dll	909	WaitForSingleObject
kernel32.dll	111	CreateThread
kernel32.dll	97	CreateMutexW
kernel32.dll	682	ReadConsoleInputW
kernel32.dll	556	InvalidateConsoleDIBits
kernel32.dll	354	GetFileType
kernel32.dll	74	CreateConsoleScreenBuffer
kernel32.dll	716	ResetEvent
kernel32.dll	773	SetConsoleWindowInfo
kernel32.dll	769	SetConsoleScreenBufferSize
kernel32.dll	751	SetConsoleCursorPosition
kernel32.dll	749	SetConsoleCursorInfo
kernel32.dll	80	CreateEventW
kernel32.dll	244	FreeLibrary
kernel32.dll	412	GetProcAddress
kernel32.dll	594	LoadLibraryW
kernel32.dll	83	CreateFileA
kernel32.dll	303	GetConsoleMode
ntdll.dll	1184	_allshr
ntdll.dll	1189	_aullshr
ntdll.dll	1183	_allshl
ntdll.dll	16	DbgPrint
ntdll.dll	412	RtlAssert
ntdll.dll	117	NtCreateFile
ntdll.dll	628	RtlInitUnicodeString
ntdll.dll	148	NtDeviceIoControlFile
ntdll.dll	1180	_allmul
ntdll.dll	105	NtClose
ntdll.dll	96	NtAllocateVirtualMemory
ntdll.dll	165	NtFreeVirtualMemory
ntdll.dll	1182	_allrem
ntdll.dll	1188	_aullrem
ntdll.dll	1186	_aulldiv

ord	entry_va	function_name
1	0xc5b0	MGetVdmPointer
2	0xc570	Sim32pGetVDMPointer
3	0xdc20	VDDDeInstallIOHook
4	0xda50	VDDInstallIOHook
5	0xc560	VDDTerminateVDM
6	0xc5d0	VdmMapFlat
7	0xe350	c_getAF
8	0xdd90	c_getAH
9	0xddb0	c_getAL
10	0xdd60	c_getAX
11	0xde20	c_getBH
12	0xde40	c_getBL
13	0xe000	c_getBP
14	0xddf0	c_getBX
15	0xe250	c_getCF
16	0xdeb0	c_getCH
17	0xded0	c_getCL
18	0xe130	c_getCS
19	0xde80	c_getCX
20	0xe490	c_getDF
21	0xdf40	c_getDH
22	0xe0a0	c_getDI
23	0xdf60	c_getDL
24	0xe190	c_getDS
25	0xdf10	c_getDX
26	0xdd40	c_getEAX
27	0xdfe0	c_getEBP
28	0xddd0	c_getEBX
29	0xde60	c_getECX
30	0xe080	c_getEDI
31	0xdef0	c_getEDX
32	0xe0d0	c_getEIP
33	0xe1c0	c_getES
34	0xe030	c_getESI
35	0xdf80	c_getESP
36	0xe1f0	c_getFS
37	0xe220	c_getGS
38	0xe440	c_getIF
39	0xe100	c_getIP
40	0xe550	c_getMSW
41	0xe4e0	c_getOF
42	0xe300	c_getPF
43	0xe3f0	c_getSF
44	0xe050	c_getSI
45	0xdfb0	c_getSP
46	0xe160	c_getSS
47	0xe3a0	c_getZF
48	0xe370	c_setAF
49	0xdda0	c_setAH
50	0xddc0	c_setAL
51	0xdd70	c_setAX
52	0xde30	c_setBH
53	0xde50	c_setBL
54	0xe010	c_setBP
55	0xde00	c_setBX
56	0xe290	c_setCF
57	0xdec0	c_setCH
58	0xdee0	c_setCL
59	0xe140	c_setCS
60	0xde90	c_setCX
61	0xe4b0	c_setDF
62	0xdf50	c_setDH
63	0xe0b0	c_setDI
64	0xdf70	c_setDL
65	0xe1a0	c_setDS
66	0xdf20	c_setDX
67	0xdd50	c_setEAX
68	0xdff0	c_setEBP
69	0xdde0	c_setEBX
70	0xde70	c_setECX
71	0xe090	c_setEDI
72	0xdf00	c_setEDX
73	0xe0e0	c_setEIP
74	0xe1d0	c_setES
75	0xe040	c_setESI
76	0xdf90	c_setESP
77	0xe200	c_setFS
78	0xe230	c_setGS
79	0xe460	c_setIF
80	0xe110	c_setIP
81	0xe560	c_setMSW
82	0xe500	c_setOF
83	0xe320	c_setPF
84	0xe410	c_setSF
85	0xe060	c_setSI
86	0xdfc0	c_setSP
87	0xe170	c_setSS
88	0xe3c0	c_setZF
89	0x5060	call_ica_hw_interrupt
90	0xe350	getAF
91	0xdd90	getAH
92	0xddb0	getAL
93	0xdd60	getAX
94	0xde20	getBH
95	0xde40	getBL
96	0xe000	getBP
97	0xddf0	getBX
98	0xe250	getCF
99	0xdeb0	getCH
100	0xded0	getCL
101	0xe130	getCS
102	0xde80	getCX
103	0xe490	getDF
104	0xdf40	getDH
105	0xe0a0	getDI
106	0xdf60	getDL
107	0xe190	getDS
108	0xdf10	getDX
109	0xdd40	getEAX
110	0xdfe0	getEBP
111	0xddd0	getEBX
112	0xde60	getECX
113	0xe080	getEDI
114	0xdef0	getEDX
115	0xe530	getEFLAGS
116	0xe0d0	getEIP
117	0xe1c0	getES
118	0xe030	getESI
119	0xdf80	getESP
120	0xe1f0	getFS
121	0xe220	getGS
122	0xe440	getIF
123	0xe100	getIP
124	0xdd20	getIntelRegistersPointer
125	0xe550	getMSW
126	0xe4e0	getOF
127	0xe300	getPF
128	0xe3f0	getSF
129	0xe050	getSI
130	0xdfb0	getSP
131	0xe160	getSS
132	0xe3a0	getZF
133	0xe370	setAF
134	0xdda0	setAH
135	0xddc0	setAL
136	0xdd70	setAX
137	0xde30	setBH
138	0xde50	setBL
139	0xe010	setBP
140	0xde00	setBX
141	0xe290	setCF
142	0xdec0	setCH
143	0xdee0	setCL
144	0xe140	setCS
145	0xde90	setCX
146	0xe4b0	setDF
147	0xdf50	setDH
148	0xe0b0	setDI
149	0xdf70	setDL
150	0xe1a0	setDS
151	0xdf20	setDX
152	0xdd50	setEAX
153	0xdff0	setEBP
154	0xdde0	setEBX
155	0xde70	setECX
156	0xe090	setEDI
157	0xdf00	setEDX
158	0xe540	setEFLAGS
159	0xe0e0	setEIP
160	0xe1d0	setES
161	0xe040	setESI
162	0xdf90	setESP
163	0xe200	setFS
164	0xe230	setGS
165	0xe460	setIF
166	0xe110	setIP
167	0xe560	setMSW
168	0xe500	setOF
169	0xe320	setPF
170	0xe410	setSF
171	0xe060	setSI
172	0xdfc0	setSP
173	0xe170	setSS
174	0xe3c0	setZF

module_name	ntvdm.exe
flags	0
timestamp	2014-01-15 20:50:43
version	0.0
ordinal_base	1
nFunctions	174
nNames	174
Names(174)	0x2a130
Functions(174)	0x29e78
NameOrdinals(174)	0x2a3e8

StringTable 040904b0

CompanyName	ReactOS Development Team
FileDescription	ReactOS Virtual DOS Machine
FileVersion	0.4-SVN
InternalName	ntvdm
LegalCopyright	Copyright 1998-2014 ReactOS Team
OriginalFilename	ntvdm.exe
ProductName	ReactOS Operating System
ProductVersion	0.4-SVN

VS_FIXEDFILEINFO

FileVersion	0.4.0.0
ProductVersion	0.4.0.0
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	1
FileSubtype	0

show previews

offset	size	type	comment
0	229888	EXE	01/15/2014 20:50:43	#
15c1	15	HTM		#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi
Yandex.Money
Thank you!

[?] can't find file_offset of VA 0x3b5750

ntvdm_my.exe-

MZ Header

Rich Header

DOS stub

PE Header

Packer / Compiler

Sections

Data Directory

TLS

StringTable 040904b0

VS_FIXEDFILEINFO

ntvdm_my.exe
-