testdll.dll: file format pei-i386 Characteristics 0x2206 executable line numbers stripped debugging information removed DLL Time/Date Sun Apr 20 12:40:52 2003 ImageBase 00000000 SectionAlignment 00001000 FileAlignment 00000200 MajorOSystemVersion 4 MinorOSystemVersion 0 MajorImageVersion 1 MinorImageVersion 0 MajorSubsystemVersion 4 MinorSubsystemVersion 0 Win32Version 00000000 SizeOfImage 00009000 SizeOfHeaders 00000400 CheckSum 0000759d Subsystem 00000003 (Windows CUI) DllCharacteristics 00000000 SizeOfStackReserve 00200000 SizeOfStackCommit 00001000 SizeOfHeapReserve 00100000 SizeOfHeapCommit 00001000 LoaderFlags 00000000 NumberOfRvaAndSizes 00000010 The Data Directory Entry 0 00006000 00000048 Export Directory [.edata (or where ever we found it)] Entry 1 00007000 00000258 Import Directory [parts of .idata] Entry 2 00000000 00000000 Resource Directory [.rsrc] Entry 3 00000000 00000000 Exception Directory [.pdata] Entry 4 00000000 00000000 Security Directory Entry 5 00008000 0000011c Base Relocation Directory [.reloc] Entry 6 00000000 00000000 Debug Directory Entry 7 00000000 00000000 Description Directory Entry 8 00000000 00000000 Special Directory Entry 9 00000000 00000000 Thread Storage Directory [.tls] Entry a 00000000 00000000 Load Configuration Directory Entry b 00000000 00000000 Bound Import Directory Entry c 00000000 00000000 Import Address Table Directory Entry d 00000000 00000000 Delay Import Directory Entry e 00000000 00000000 Reserved Entry f 00000000 00000000 Reserved There is an import table in .idata at 0x7000 The Import Tables (interpreted .idata section contents) vma: Hint Time Forward DLL First Table Stamp Chain Name Thunk 00007000 00007040 00000000 00000000 0000722c 00007098 DLL Name: cygwin1.dll vma: Hint/Ord Member-Name Bound-To 70ec 568 abort 70f4 614 calloc 7100 666 cygwin_detach_dll 7114 668 cygwin_internal 7128 687 dll_dllcrt0 7138 771 free 7140 974 malloc 714c 994 memset 7158 1039 printf 7164 1082 pthread_mutex_lock 717c 1085 pthread_mutex_unlock 7194 1124 realloc 71a0 1287 strlen 71ac 1310 strtoul 00007014 00007080 00000000 00000000 00007248 000070d8 DLL Name: KERNEL32.dll vma: Hint/Ord Member-Name Bound-To 71b8 0 AddAtomA 71c4 148 FindAtomA 71d0 193 GetAtomNameA 71e0 299 GetModuleHandleA 00007028 00000000 00000000 00000000 00000000 00000000 There is an export table in .edata at 0x6000 The Export Tables (interpreted .edata section contents) Export Flags 0 Time/Date stamp 3ea27934 Major/Minor 0/0 Name 0000603c testdll Ordinal Base 1 Number in: Export Address Table 00000002 [Name Pointer/Ordinal] Table 00000002 Table Addresses Export Address Table 00006028 Name Pointer Table 00006030 Ordinal Table 00006038 Export Address Table -- Ordinal Base 1 [ 0] +base[ 1] 107c Export RVA [ 1] +base[ 2] 10a0 Export RVA [Ordinal/Name Pointer] Table [ 0] b [ 1] a PE File Base Relocations (interpreted .reloc section contents) Virtual Address: 00001000 Chunk size 80 (0x50) Number of fixups 36 reloc 0 offset f [100f] HIGHLOW reloc 1 offset 16 [1016] HIGHLOW reloc 2 offset 39 [1039] HIGHLOW reloc 3 offset 67 [1067] HIGHLOW reloc 4 offset 85 [1085] HIGHLOW reloc 5 offset a9 [10a9] HIGHLOW reloc 6 offset 1cf [11cf] HIGHLOW reloc 7 offset 1d4 [11d4] HIGHLOW reloc 8 offset 1d8 [11d8] HIGHLOW reloc 9 offset 1dc [11dc] HIGHLOW reloc 10 offset 1e0 [11e0] HIGHLOW reloc 11 offset 1e4 [11e4] HIGHLOW reloc 12 offset 1e8 [11e8] HIGHLOW reloc 13 offset 1ec [11ec] HIGHLOW reloc 14 offset 1f0 [11f0] HIGHLOW reloc 15 offset 1f4 [11f4] HIGHLOW reloc 16 offset 1f8 [11f8] HIGHLOW reloc 17 offset 1fc [11fc] HIGHLOW reloc 18 offset 200 [1200] HIGHLOW reloc 19 offset 204 [1204] HIGHLOW reloc 20 offset 2e7 [12e7] HIGHLOW reloc 21 offset 2f2 [12f2] HIGHLOW reloc 22 offset 303 [1303] HIGHLOW reloc 23 offset 3bf [13bf] HIGHLOW reloc 24 offset 3ca [13ca] HIGHLOW reloc 25 offset 3db [13db] HIGHLOW reloc 26 offset 469 [1469] HIGHLOW reloc 27 offset 474 [1474] HIGHLOW reloc 28 offset 495 [1495] HIGHLOW reloc 29 offset 4d0 [14d0] HIGHLOW reloc 30 offset 4f1 [14f1] HIGHLOW reloc 31 offset f91 [1f91] HIGHLOW reloc 32 offset f9b [1f9b] HIGHLOW reloc 33 offset fc1 [1fc1] HIGHLOW reloc 34 offset fe3 [1fe3] HIGHLOW reloc 35 offset 0 [1000] ABSOLUTE Virtual Address: 00002000 Chunk size 148 (0x94) Number of fixups 70 reloc 0 offset 1b [201b] HIGHLOW reloc 1 offset 28 [2028] HIGHLOW reloc 2 offset 161 [2161] HIGHLOW reloc 3 offset 268 [2268] HIGHLOW reloc 4 offset 281 [2281] HIGHLOW reloc 5 offset 369 [2369] HIGHLOW reloc 6 offset 382 [2382] HIGHLOW reloc 7 offset 42d [242d] HIGHLOW reloc 8 offset 4af [24af] HIGHLOW reloc 9 offset 4cc [24cc] HIGHLOW reloc 10 offset 4d3 [24d3] HIGHLOW reloc 11 offset 55a [255a] HIGHLOW reloc 12 offset 562 [2562] HIGHLOW reloc 13 offset 56a [256a] HIGHLOW reloc 14 offset 575 [2575] HIGHLOW reloc 15 offset 57b [257b] HIGHLOW reloc 16 offset 5f0 [25f0] HIGHLOW reloc 17 offset 607 [2607] HIGHLOW reloc 18 offset 60f [260f] HIGHLOW reloc 19 offset 618 [2618] HIGHLOW reloc 20 offset 6aa [26aa] HIGHLOW reloc 21 offset 6bc [26bc] HIGHLOW reloc 22 offset 6c4 [26c4] HIGHLOW reloc 23 offset 6ce [26ce] HIGHLOW reloc 24 offset 6d4 [26d4] HIGHLOW reloc 25 offset 6df [26df] HIGHLOW reloc 26 offset 6e9 [26e9] HIGHLOW reloc 27 offset 712 [2712] HIGHLOW reloc 28 offset 722 [2722] HIGHLOW reloc 29 offset 732 [2732] HIGHLOW reloc 30 offset 742 [2742] HIGHLOW reloc 31 offset 752 [2752] HIGHLOW reloc 32 offset 762 [2762] HIGHLOW reloc 33 offset 772 [2772] HIGHLOW reloc 34 offset 782 [2782] HIGHLOW reloc 35 offset 792 [2792] HIGHLOW reloc 36 offset 7b2 [27b2] HIGHLOW reloc 37 offset 7d3 [27d3] HIGHLOW reloc 38 offset 7e2 [27e2] HIGHLOW reloc 39 offset 841 [2841] HIGHLOW reloc 40 offset 848 [2848] HIGHLOW reloc 41 offset 84f [284f] HIGHLOW reloc 42 offset 860 [2860] HIGHLOW reloc 43 offset 871 [2871] HIGHLOW reloc 44 offset 878 [2878] HIGHLOW reloc 45 offset 87f [287f] HIGHLOW reloc 46 offset 889 [2889] HIGHLOW reloc 47 offset 890 [2890] HIGHLOW reloc 48 offset 89a [289a] HIGHLOW reloc 49 offset 8a1 [28a1] HIGHLOW reloc 50 offset 8a8 [28a8] HIGHLOW reloc 51 offset 8b1 [28b1] HIGHLOW reloc 52 offset 8ca [28ca] HIGHLOW reloc 53 offset 8d1 [28d1] HIGHLOW reloc 54 offset 8d8 [28d8] HIGHLOW reloc 55 offset 8df [28df] HIGHLOW reloc 56 offset 8f7 [28f7] HIGHLOW reloc 57 offset 932 [2932] HIGHLOW reloc 58 offset 989 [2989] HIGHLOW reloc 59 offset 991 [2991] HIGHLOW reloc 60 offset 999 [2999] HIGHLOW reloc 61 offset 9b2 [29b2] HIGHLOW reloc 62 offset 9c2 [29c2] HIGHLOW reloc 63 offset a12 [2a12] HIGHLOW reloc 64 offset a22 [2a22] HIGHLOW reloc 65 offset a32 [2a32] HIGHLOW reloc 66 offset a42 [2a42] HIGHLOW reloc 67 offset a52 [2a52] HIGHLOW reloc 68 offset a84 [2a84] HIGHLOW reloc 69 offset a90 [2a90] HIGHLOW Virtual Address: 00004000 Chunk size 56 (0x38) Number of fixups 24 reloc 0 offset 1c [401c] HIGHLOW reloc 1 offset 3c [403c] HIGHLOW reloc 2 offset 6c [406c] HIGHLOW reloc 3 offset 94 [4094] HIGHLOW reloc 4 offset b4 [40b4] HIGHLOW reloc 5 offset dc [40dc] HIGHLOW reloc 6 offset 104 [4104] HIGHLOW reloc 7 offset 124 [4124] HIGHLOW reloc 8 offset 144 [4144] HIGHLOW reloc 9 offset 16c [416c] HIGHLOW reloc 10 offset 18c [418c] HIGHLOW reloc 11 offset 1ac [41ac] HIGHLOW reloc 12 offset 1cc [41cc] HIGHLOW reloc 13 offset 1fc [41fc] HIGHLOW reloc 14 offset 228 [4228] HIGHLOW reloc 15 offset 254 [4254] HIGHLOW reloc 16 offset 280 [4280] HIGHLOW reloc 17 offset 2ac [42ac] HIGHLOW reloc 18 offset 2d8 [42d8] HIGHLOW reloc 19 offset 304 [4304] HIGHLOW reloc 20 offset 330 [4330] HIGHLOW reloc 21 offset 360 [4360] HIGHLOW reloc 22 offset 38c [438c] HIGHLOW reloc 23 offset 0 [4000] ABSOLUTE