Thread: e-mail weirdness.. Can someone help?
View Single Post
Old 07-17-2001, 06:03 PM  
boneprone
Hall Of Fame
 
boneprone's Avatar
 
Industry Role:
Join Date: Jan 2001
Location: Portland Oregon USA
Posts: 34,415
I fucking opened it.. this is what happened, and what I saw.

Fuck, here we go again!


Image File Header

Signature: 00004550

Machine: Intel 386

Number of Sections: 0008

Time Date Stamp: 2a425e19

Symbols Pointer: 00000000

Number of Symbols: 00000000

Size of Optional Header 00e0

Characteristics: File is executable (i.e. no unresolved external references).

Line numbers stripped from file.

Local symbols stripped from file.

Low bytes of machine word are reversed.

32 bit word machine.

High bytes of machine word are reversed.





Image Optional Header

Magic: 010b

Linker Version: 2.25

Size of Code: 0001a800

Size of Initialized Data: 00006c00

Size of Uninitialized Data: 00000000

Address of Entry Point: 0001a9a4

Base of Code: 00001000

Base of Data: 0001c000

Image Base: 00400000

Section Alignment: 00001000

File Alignment: 00000200

Operating System Version: 1.00

Image Version: 0.00

Subsystem Version: 4.00

Reserved1: 00000000

Size of Image: 00028000

Size of Headers: 00000400

Checksum: 00000000

Subsystem: Image runs in the Windows GUI subsystem.

DLL Characteristics: 0000

Size of Stack Reserve: 00100000

Size of Stack Commit: 00004000

Size of Heap Reserve: 00100000

Size of Heap Commit: 00001000

Loader Flags: 00000000

Size of Data Directory: 00000010

Import Directory Virtual Address: 0001f000

Import Directory Size: 000011ae

Resource Directory

Virtual Address: 00026000

Resource Directory Size: 00001800

Base Relocation Table

Virtual Address: 00023000

Base Relocation Table Size: 00002038

TLS Directory Virtual Address: 00022000

TLS Directory Size: 00000018





Import Table

kernel32.dll

Ordinal Function Name

0000 GetCurrentThreadId

0000 DeleteCriticalSection

0000 LeaveCriticalSection

0000 EnterCriticalSection

0000 InitializeCriticalSection

0000 VirtualFree

0000 VirtualAlloc

0000 LocalFree

0000 LocalAlloc

0000 VirtualQuery

0000 WideCharToMultiByte

0000 MultiByteToWideChar

0000 lstrlenA

0000 lstrcpynA

0000 lstrcpyA

0000 LoadLibraryExA

0000 GetThreadLocale

0000 GetStartupInfoA

0000 GetProcAddress

0000 GetModuleHandleA

0000 GetModuleFileNameA

0000 GetLocaleInfoA

0000 GetLastError

0000 GetCommandLineA

0000 FreeLibrary

0000 FindFirstFileA

0000 FindClose

0000 ExitProcess

0000 WriteFile

0000 UnhandledExceptionFilter

0000 SetFilePointer

0000 SetEndOfFile

0000 RtlUnwind

0000 ReadFile

0000 RaiseException

0000 GetStdHandle

0000 GetFileSize

0000 GetSystemTime

0000 GetFileType

0000 CreateFileA

0000 CloseHandle



user32.dll

Ordinal Function Name

0000 GetKeyboardType

0000 LoadStringA

0000 MessageBoxA

0000 CharNextA



advapi32.dll

Ordinal Function Name

0000 RegQueryValueExA

0000 RegOpenKeyExA

0000 RegCloseKey



oleaut32.dll

Ordinal Function Name

0000 VariantChangeTypeEx

0000 VariantCopyInd

0000 VariantClear

0000 SysStringLen

0000 SysFreeString

0000 SysReAllocStringLen

0000 SysAllocStringLen



kernel32.dll

Ordinal Function Name

0000 TlsSetValue

0000 TlsGetValue

0000 LocalAlloc

0000 GetModuleHandleA

0000 GetModuleFileNameA



advapi32.dll

Ordinal Function Name

0000 RegSetValueExA

0000 RegQueryValueExA

0000 RegOpenKeyExA

0000 RegFlushKey

0000 RegCreateKeyExA

0000 RegCloseKey

0000 GetUserNameA



kernel32.dll

Ordinal Function Name

0000 WriteFile

0000 WinExec

0000 WaitForSingleObject

0000 VirtualQuery

0000 VerLanguageNameA

0000 Sleep

0000 SetThreadPriority

0000 SetPriorityClass

0000 SetFilePointer

0000 SetFileAttributesA

0000 SetEndOfFile

0000 RemoveDirectoryA

0000 ReadFile

0000 MulDiv

0000 LoadLibraryA

0000 LeaveCriticalSection

0000 InitializeCriticalSection

0000 GlobalUnlock

0000 GlobalReAlloc

0000 GlobalHandle

0000 GlobalLock

0000 GlobalFree

0000 GlobalFindAtomA

0000 GlobalDeleteAtom

0000 GlobalAlloc

0000 GlobalAddAtomA

0000 GetWindowsDirectoryA

0000 GetVersionExA

0000 GetUserDefaultLangID

0000 GetTimeZoneInformation

0000 GetThreadLocale

0000 GetTempPathA

0000 GetSystemDirectoryA

0000 GetShortPathNameA

0000 GetProcAddress

0000 GetModuleHandleA

0000 GetModuleFileNameA

0000 GetLocaleInfoA

0000 GetLocalTime

0000 GetLastError

0000 GetDiskFreeSpaceA

0000 GetDateFormatA

0000 GetCurrentThreadId

0000 GetCurrentThread

0000 GetCurrentProcessId

0000 GetCurrentProcess

0000 GetCurrentDirectoryA

0000 GetComputerNameA

0000 GetCPInfo

0000 GetACP

0000 FormatMessageA

0000 FindNextFileA

0000 FindFirstFileA

0000 FindClose

0000 FileTimeToLocalFileTime

0000 FileTimeToDosDateTime

0000 EnumCalendarInfoA

0000 EnterCriticalSection

0000 DeleteFileA

0000 DeleteCriticalSection

0000 CreateFileA

0000 CreateEventA

0000 CopyFileA

0000 CompareStringA

0000 CloseHandle



mpr.dll

Ordinal Function Name

0000 WNetOpenEnumA

0000 WNetEnumResourceA



gdi32.dll

Ordinal Function Name

0000 UnrealizeObject

0000 StretchBlt

0000 SetTextColor

0000 SetROP2

0000 SetBkMode

0000 SetBkColor

0000 SelectPalette

0000 SelectObject

0000 RealizePalette

0000 MoveToEx

0000 GetTextMetricsA

0000 GetSystemPaletteEntries

0000 GetStockObject

0000 GetObjectA

0000 GetDeviceCaps

0000 GetDIBits

0000 GetCurrentPositionEx

0000 GetBitmapBits

0000 DeleteObject

0000 DeleteDC

0000 CreatePenIndirect

0000 CreatePalette

0000 CreateFontIndirectA

0000 CreateDIBitmap

0000 CreateCompatibleDC

0000 CreateCompatibleBitmap

0000 CreateBrushIndirect

0000 CreateBitmap



user32.dll

Ordinal Function Name

0000 ReleaseDC

0000 MessageBoxA

0000 LoadStringA

0000 LoadIconA

0000 GetSystemMetrics

0000 GetSysColor

0000 GetIconInfo

0000 GetDC

0000 DrawIconEx

0000 DestroyWindow

0000 DestroyIcon

0000 CreateIcon



shell32.dll

Ordinal Function Name

0000 ExtractIconA



wsock32.dll

Ordinal Function Name

0000 WSAStartup

0000 WSAGetLastError

0000 gethostname

0000 getservbyname

0000 getprotobynumber

0000 gethostbyname

0000 socket

0000 send

0000 select

0000 recv

0000 ioctlsocket

0000 inet_addr

0000 htons

0000 getsockname

0000 getpeername

0000 connect

0000 closesocket



wininet.dll

Ordinal Function Name

0000 InternetGetConnectedState



Section Table

Section name: CODE

Virtual Size: 0001a790

Virtual Address: 00001000

Size of raw data: 0001a800

Pointer to Raw Data: 00000400

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains code

Section is executable

Section is readable



Section name: DATA

Virtual Size: 00001c94

Virtual Address: 0001c000

Size of raw data: 00001e00

Pointer to Raw Data: 0001ac00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains initialized data

Section is readable

Section is writeable



Section name: BSS

Virtual Size: 00000f25

Virtual Address: 0001e000

Size of raw data: 00000000

Pointer to Raw Data: 0001ca00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section is readable

Section is writeable



Section name: .idata

Virtual Size: 000011ae

Virtual Address: 0001f000

Size of raw data: 00001200

Pointer to Raw Data: 0001ca00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains initialized data

Section is readable

Section is writeable



Section name: .tls

Virtual Size: 0000000c

Virtual Address: 00021000

Size of raw data: 00000000

Pointer to Raw Data: 0001dc00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section is readable

Section is writeable



Section name: .rdata

Virtual Size: 00000018

Virtual Address: 00022000

Size of raw data: 00000200

Pointer to Raw Data: 0001dc00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains initialized data

Section is shareable

Section is readable



Section name: .reloc

Virtual Size: 00002038

Virtual Address: 00023000

Size of raw data: 00002200

Pointer to Raw Data: 0001de00

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains initialized data

Section is shareable

Section is readable



Section name: .rsrc

Virtual Size: 00001800

Virtual Address: 00026000

Size of raw data: 00001800

Pointer to Raw Data: 00020000

Pointer to Relocations: 00000000

Pointer to Line Numbers: 00000000

Number of Relocations: 0000

Number of Line Numbers: 0000

Characteristics: Section contains initialized data

Section is shareable

Section is readable



Header Information

Signature: 5a4d

Last Page Size: 0050

Total Pages in File: 0002

Relocation Items: 0000

Paragraphs in Header: 0004

Minimum Extra Paragraphs: 000f

Maximum Extra Paragraphs: ffff

Initial Stack Segment: 0000

Initial Stack Pointer: 00b8

Complemented Checksum: 0000

Initial Instruction Pointer: 0000

Initial Code Segment: 0000

Relocation Table Offset: 0040

Overlay Number: 001a

Reserved: 0000 0000 0000 0000

0000 0000 0000 0000

0000 0000 0000 0000

0000 0000 0000 0000

Offset to New Header: 00000100

Memory Needed: 1K
boneprone is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote