Skip to content

Instantly share code, notes, and snippets.

@evmar

evmar/gist:0878ec6dc629fda3f97333432dd707d9

Created April 27, 2025 03:45
Show Gist options
  • Save evmar/0878ec6dc629fda3f97333432dd707d9 to your computer and use it in GitHub Desktop.
Save evmar/0878ec6dc629fda3f97333432dd707d9 to your computer and use it in GitHub Desktop.
Download ZIP
retrowin32 unpack
Raw
gistfile1.txt
$ llvm-objdump -x scratch/2025-04-14/unpacked.exe
scratch/2025-04-14/unpacked.exe: file format coff-i386
architecture: i386
start address: 0x0002e9ec
Characteristics 0x10f
relocations stripped
executable
line numbers stripped
symbols stripped
32 bit words
Time/Date Sun Apr 16 11:53:05 2000
Magic 010b (PE32)
MajorLinkerVersion 6
MinorLinkerVersion 0
SizeOfCode 0000a000
SizeOfInitializedData 00001000
SizeOfUninitializedData 0002d000
AddressOfEntryPoint 0002e9ec
BaseOfCode 0002e000
BaseOfData 00038000
ImageBase 00400000
SectionAlignment 00001000
FileAlignment 00000200
MajorOSystemVersion 4
MinorOSystemVersion 0
MajorImageVersion 0
MinorImageVersion 0
MajorSubsystemVersion 4
MinorSubsystemVersion 0
Win32Version 00000000
SizeOfImage 00039000
SizeOfHeaders 00001000
CheckSum 00000000
Subsystem 00000002 (Windows GUI)
DllCharacteristics 00000000
SizeOfStackReserve 00100000
SizeOfStackCommit 00001000
SizeOfHeapReserve 00100000
SizeOfHeapCommit 00001000
LoaderFlags 00000000
NumberOfRvaAndSizes 00000010
The Data Directory
Entry 0 00000000 00000000 Export Directory [.edata (or where ever we found it)]
Entry 1 00039000 00000064 Import Directory [parts of .idata]
Entry 2 00000000 00000000 Resource Directory [.rsrc]
Entry 3 00000000 00000000 Exception Directory [.pdata]
Entry 4 00000000 00000000 Security Directory
Entry 5 00000000 00000000 Base Relocation Directory [.reloc]
Entry 6 00000000 00000000 Debug Directory
Entry 7 00000000 00000000 Description Directory
Entry 8 00000000 00000000 Special Directory
Entry 9 00000000 00000000 Thread Storage Directory [.tls]
Entry a 00000000 00000000 Load Configuration Directory
Entry b 00000000 00000000 Bound Import Directory
Entry c 00000000 00000000 Import Address Table Directory
Entry d 00000000 00000000 Delay Import Directory
Entry e 00000000 00000000 CLR Runtime Header
Entry f 00000000 00000000 Reserved
The Import Tables:
lookup 00000000 time 00000000 fwd 00000000 name 000380bb addr 00032038
DLL Name: MSVCRT.dll
Hint/Ord Name
256 __getmainargs
256 _XcptFilter
256 exit
256 memset
256 memcpy
256 ??2@YAPAXI@Z
256 cos
256 sin
256 _ftol
256 ??3@YAXPAX@Z
256 sqrt
256 __CxxFrameHandler
256 _EH_prolog
256 _exit
256 __p__commode
256 _adjust_fdiv
256 _acmdln
256 _initterm
256 __setusermatherr
256 _controlfp
256 __p__fmode
256 __set_app_type
256 _except_handler3
lookup 00000000 time 00000000 fwd 00000000 name 000380a4 addr 00032008
DLL Name: KERNEL32.DLL
Hint/Ord Name
256 GetStartupInfoA
256 GlobalFree
256 CreateThread
256 GetModuleHandleA
256 SetEvent
256 SetThreadPriority
256 CreateEventA
256 GlobalAlloc
256 WaitForSingleObject
256 VirtualProtect
256 GetCurrentThread
lookup 00000000 time 00000000 fwd 00000000 name 000380c6 addr 00032098
DLL Name: USER32.dll
Hint/Ord Name
256 DestroyWindow
256 GetWindowRect
256 DispatchMessageA
256 TranslateMessage
256 MessageBoxA
256 UpdateWindow
256 ShowWindow
256 CreateWindowExA
256 RegisterClassA
256 ShowCursor
256 PeekMessageA
256 DefWindowProcA
256 PostQuitMessage
lookup 00000000 time 00000000 fwd 00000000 name 000380d1 addr 000320d0
DLL Name: WINMM.dll
Hint/Ord Name
256 waveOutGetNumDevs
256 waveOutPrepareHeader
256 waveOutGetDevCapsA
256 waveOutOpen
256 waveOutWrite
256 waveOutUnprepareHeader
256 waveOutReset
256 waveOutClose
256 timeSetEvent
256 timeKillEvent
lookup 00000000 time 00000000 fwd 00000000 name 000380b1 addr 00032000
DLL Name: DDRAW.dll
Hint/Ord Name
256 DirectDrawCreate
Sections:
Idx Name Size VMA Type
0 "UPX0" ( 0002d000 00401000
1 "UPX1" ( 0000a000 0042e000
2 "UPX2" ( 00001000 00438000
3 rw32 iat 00000064 00439000
SYMBOL TABLE:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment