Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: 9dfb3ec65b098b029596958fcd53f501 --

Hashes
MD5: 9dfb3ec65b098b029596958fcd53f501
SHA1: 40eec26d41224b8ecce30f6bae0f71e02f119586
SHA256: 2b9471b806b00f61622bf5e930f3185781e87e19c34d5263317e429a821c4fb6
SSDEEP: 384:ovvO2wvS0pql7UfH5nMvQ6iMvkxmTV9qDN4oaNEdGwSIv2guh71z/TUWaHzq6sR/:4mTvzptW2QTroNN5fuh7efTqHJ
Details
File Type: 80386
Yara Hits
CuckooSandbox/shellcode | CuckooSandbox/embedded_win_api | YRP/maldoc_find_kernel32_base_method_1 | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library |
Source
http://103.68.190.250/Sources//Advance/BJWJ/Builds/BOT_PLUG/Objs/Release%20DEBUGCONFIG/GetApi.obj
Strings
		.drectve
.debug$S
.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.rdata
0@.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.text
`.debug$S
B.debug$T
B   /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"uuid.lib" /DEFAULTLIB:"LIBCMT" /DEFAULTLIB:"OLDNAMES" 
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\GetApi.obj
Microsoft (R) Optimizing Compiler
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG
D:\Program Files\Microsoft Visual Studio 9.0\VC\bin\cl.exe
-O1 -Oi -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\BootkitDropper -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Misc -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Common -Ie:\Projects\progs\Petrosjan\BJWJ\Source\Core -Ie:\Projects\progs\Petrosjan\BJWJ\Source -Ie:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Modules -Ie:\Projects\progs\Petrosjan\BJWJ\include -Ie:\Projects\progs\Petrosjan\BJWJ\Source\RuBnk -DWIN32 -DNDEBUG -D_WINDOWS -D_USRDLL -DWHITE_JOE_DLL_EXPORTS -DDEBUGCONFIG -DBOTPLUG -D_WINDLL -FD -MT -GS- -Gy -GR- -Fo"e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\\" -Fd"e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\vc90.pdb" -W3 -c -Zi -TP -nologo -errorreport:prompt -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\include" -I"D:\Program Files\Microsoft Visual Studio 9.0\VC\atlmfc\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -I"C:\Program Files\Microsoft SDKs\Windows\v6.0A\include" -X
..\..\Source\Core\GetApi.cpp
e:\Projects\progs\Petrosjan\BJWJ\Builds\BOT_PLUG\Objs\Release DEBUGCONFIG\vc90.pdb
PARSE_CANONICALIZE
PARSE_FRIENDLY
PARSE_SECURITY_URL
PARSE_ROOTDOCUMENT
PARSE_DOCUMENT
PARSE_ENCODE
PARSE_DECODE
PARSE_PATH_FROM_URL
PARSE_URL_FROM_PATH
PARSE_MIME
PARSE_SERVER
PARSE_SCHEMA
PARSE_SITE
PARSE_DOMAIN
PARSE_LOCATION
PARSE_SECURITY_DOMAIN
PARSE_ESCAPE
PSU_DEFAULT
BINDSTATUS_FINDINGRESOURCE
QUERY_IS_INSTALLEDENTRY
BINDSTATUS_CONNECTING
BINDSTATUS_REDIRECTING
BINDSTATUS_BEGINDOWNLOADDATA
BINDSTATUS_ENDDOWNLOADDATA
BINDSTATUS_BEGINDOWNLOADCOMPONENTS
BINDSTATUS_INSTALLINGCOMPONENTS
BINDSTATUS_ENDDOWNLOADCOMPONENTS
BINDSTATUS_USINGCACHEDCOPY
BINDSTATUS_SENDINGREQUEST
BINDSTATUS_MIMETYPEAVAILABLE
BINDSTATUS_CACHEFILENAMEAVAILABLE
BINDSTATUS_BEGINSYNCOPERATION
BINDSTATUS_ENDSYNCOPERATION
BINDSTATUS_BEGINUPLOADDATA
BINDSTATUS_ENDUPLOADDATA
BINDSTATUS_PROTOCOLCLASSID
BINDSTATUS_ENCODING
BINDSTATUS_VERIFIEDMIMETYPEAVAILABLE
BINDSTATUS_CLASSINSTALLLOCATION
BINDSTATUS_DECODING
BINDSTATUS_LOADINGMIMEHANDLER
BINDSTATUS_CONTENTDISPOSITIONATTACH
SYS_WIN32
SYS_MAC
BINDSTATUS_CLSIDCANINSTANTIATE
BINDSTATUS_IUNKNOWNAVAILABLE
BINDSTATUS_DIRECTBIND
BINDSTATUS_RAWMIMETYPE
BINDSTATUS_PROXYDETECTING
BINDSTATUS_ACCEPTRANGES
BINDSTATUS_COOKIE_SENT
BINDSTATUS_COMPACT_POLICY_RECEIVED
BINDSTATUS_COOKIE_SUPPRESSED
BINDSTATUS_COOKIE_STATE_ACCEPT
BINDSTATUS_COOKIE_STATE_REJECT
BINDSTATUS_COOKIE_STATE_PROMPT
kernel32_dll
advapi32_dll
user32_dll
BINDSTATUS_PERSISTENT_COOKIE_RECEIVED
ws2_32_dll
ntdll_dll
BINDSTATUS_CACHECONTROL
winsta_dll
BINDSTATUS_CONTENTDISPOSITIONFILENAME
shell32_dll
BINDSTATUS_MIMETEXTPLAINMISMATCH
wininet_dll
BINDSTATUS_PUBLISHERAVAILABLE
BINDSTATUS_DISPLAYNAMEAVAILABLE
urlmon_dll
nspr4_dll
ssl3_dll
winmm_dll
cabinet_dll
opera_dll
gdi32_dll
gdiPlus_dll
crypt32_dll
Iphlpapi_dll
winspool_drv
odbc32_dll
commdlg32_dll
psapi_dll
shlwapi_dll
version_dll
imagehelp_dll
ole32_dll
cryptDll_dll
DLL_KERNEL32
DLL_ADVAPI32
FEATURE_OBJECT_CACHING
FEATURE_ZONE_ELEVATION
DLL_USER32
DLL_WINSOCK
FEATURE_MIME_HANDLING
FEATURE_MIME_SNIFFING
DLL_NTDLL
FEATURE_WINDOW_RESTRICTIONS
DLL_WINSTA
DLL_SHELL32
FEATURE_WEBOC_POPUPMANAGEMENT
FEATURE_BEHAVIORS
DLL_WININET
FEATURE_DISABLE_MK_PROTOCOL
DLL_URLMON
DLL_NSPR4
FEATURE_LOCALMACHINE_LOCKDOWN
FEATURE_SECURITYBAND
DLL_SSL3
DLL_WINMM
FEATURE_RESTRICT_ACTIVEXINSTALL
DLL_CABINET
DLL_OPERA
FEATURE_RESTRICT_FILEDOWNLOAD
FEATURE_ADDON_MANAGEMENT
DLL_GDI
DLL_GDIPLUS
FEATURE_PROTOCOL_LOCKDOWN
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
DLL_CRYPT32
FEATURE_SAFE_BINDTOOBJECT
DLL_PSAPI
FEATURE_UNC_SAVEDFILECHECK
DLL_SHLWAPI
FEATURE_GET_URL_DOM_FILEPATH_UNENCODED
DLL_IPHLPAPI
TKIND_INTERFACE
FEATURE_TABBED_BROWSING
DLL_WINSPOOL
FEATURE_SSLUX
TKIND_DISPATCH
DLL_COMMDLG32
DLL_ODBC32
FEATURE_DISABLE_NAVIGATION_SOUNDS
FEATURE_DISABLE_LEGACY_COMPRESSION
TKIND_ALIAS
DLL_VERSION
FEATURE_FORCE_ADDR_AND_STATUS
DLL_OLE32
DLL_IMAGEHLP
FEATURE_XMLHTTP
FEATURE_DISABLE_TELNET_PROTOCOL
DLL_CRYPTDLL
FEATURE_FEEDS
FEATURE_BLOCK_INPUT_PROMPTS
CIP_DISK_FULL
CIP_ACCESS_DENIED
CIP_NEWER_VERSION_EXISTS
CHANGEKIND_ADDMEMBER
CIP_OLDER_VERSION_EXISTS
CIP_NAME_CONFLICT
CHANGEKIND_DELETEMEMBER
CIP_TRUST_VERIFICATION_COMPONENT_MISSING
CHANGEKIND_SETNAMES
CIP_EXE_SELF_REGISTERATION_TIMEOUT
CHANGEKIND_SETDOCUMENTATION
CHANGEKIND_GENERAL
CIP_UNSAFE_TO_ABORT
CHANGEKIND_INVALIDATE
CIP_NEED_REBOOT
CHANGEKIND_CHANGEFAILED
Uri_PROPERTY_STRING_START
Uri_PROPERTY_AUTHORITY
Uri_PROPERTY_DISPLAY_URI
Uri_PROPERTY_STRING_LAST
Uri_PROPERTY_ZONE
Uri_HOST_DNS
Uri_HOST_IPV4
CC_CDECL
CC_MSCPASCAL
CC_PASCAL
CC_MACPASCAL
CC_STDCALL
CC_FPFASTCALL
CC_SYSCALL
CC_MPWCDECL
CC_MPWPASCAL
ApiCacheSize
COR_VERSION_MAJOR_V2
VAR_STATIC
IdleShutdown
URLZONE_INTRANET
NoAccess
ReadWrite
URLZONEREG_DEFAULT
URLZONEREG_HKLM
SA_Yes
SA_Maybe
SA_NoAccess
SA_Read
SA_Write
SA_ReadWrite
VT_BSTR
VT_DISPATCH
VT_RECORD
VT_RESERVED
TYSPEC_MIMETYPE
TYSPEC_FILENAME
TYSPEC_PROGID
TYSPEC_PACKAGENAME
DESCKIND_IMPLICITAPPOBJ
BINDSTRING_POST_COOKIE
BINDSTRING_FLAG_BIND_TO_OBJECT
GlobalApiCache
KernelModuleAddr
NODE_INVALID
NODE_ELEMENT
NODE_ATTRIBUTE
NODE_TEXT
NODE_CDATA_SECTION
NODE_ENTITY_REFERENCE
NODE_ENTITY
NODE_COMMENT
NODE_DOCUMENT
NODE_DOCUMENT_TYPE
NODE_DOCUMENT_FRAGMENT
XMLELEMTYPE_DOCUMENT
tagPARAMDESC
tagPARAMDESCEX
tagBINDPTR
LPPARAMDESCEX
CALLCONV
STRING
BINDPTR
TYPEKIND
FUNCKIND
PARAMDESC
HINSTANCE
tagTLIBATTR
_SYSTEM_STRINGS
PIMAGE_NT_HEADERS32
ELEMDESC
VARIANTARG
SAFEARRAYBOUND
tagELEMDESC
DESCKIND
TYPEDESC
tagEXCEPINFO
_NT_TIB
tagSTATSTG
VARKIND
_RTL_DRIVE_LETTER_CURDIR
LPOLESTR
tagFUNCDESC
NTSTATUS
tagIDLDESC
_UNICODE_STRING
TMemory
PPEBLOCKROUTINE
LONGLONG
tagApplicationType
tagCABSTR
PIDMSI_STATUS_VALUE
LONG_PTR
PROPVAR_PAD3
LPVOID
STRBUF::TStrRec
FUNCDESC
tagCACLSID
tagCADBL
_RTL_BITMAP
SIZE_T
BOOLEAN
PTEXT_INFO
KAFFINITY
HREFTYPE
tagTYPEKIND
UNICODE_STRING
tagDESCKIND
tagCACY
PIMAGE_DATA_DIRECTORY
tagSYSKIND
_STRING
PIMAGE_OPTIONAL_HEADER32
tagXMLEMEM_TYPE
OLECHAR
tagVARKIND
PPEB_LDR_DATA
EXCEPINFO
_FILETIME
ULONGLONG
VARDESC
LPCOLESTR
IUnknown
MEMBERID
tagARRAYDESC
DOUBLE
tagVARDESC
tagBINDSTRING
DECIMAL
_IMAGE_OPTIONAL_HEADER
CLIENT_ID
SYSKIND
__MIDL_IUri_0001
BSTRBLOB
_LDR_DATA_TABLE_ENTRY
tagCAH
_tagQUERYOPTION
PIMAGE_NT_HEADERS
_TP_CALLBACK_ENVIRON
_TP_CALLBACK_ENVIRON::<unnamed-type-u>
_TP_CALLBACK_ENVIRON::<unnamed-type-u>::<unnamed-type-s>
ITypeComp
PLDR_DATA_TABLE_ENTRY
tagCAUI
tagCAFILETIME
_IMAGE_FILE_HEADER
tagDISPPARAMS
VARIANT_BOOL
tagSAFEARRAY
PROPVARIANT
LIST_ENTRY
CAPROPVARIANT
PLIST_ENTRY
tagTYSPEC
tagTYPEDESC
IMAGE_EXPORT_DIRECTORY
tagCLIPDATA
PSYSTEM_STRINGS
RTL_DRIVE_LETTER_CURDIR
CADATE
tagCAC
IDLDESC
PTP_CALLBACK_INSTANCE
tagTYPEATTR
tagSAFEARRAYBOUND
tagBLOB
tagURLZONE
_LARGE_INTEGER
_LARGE_INTEGER::<unnamed-type-u>
ReplacesCorHdrNumericDefines
_ULARGE_INTEGER
_ULARGE_INTEGER::<unnamed-type-u>
_PEB_LDR_DATA
ISequentialStream
PRTL_BITMAP
VARENUM
_CLIENT_ID
PPEB_FREE_BLOCK
tagCAI
tagCAUB
tagFUNCKIND
PCUWSTR
LPSAFEARRAY
_URLZONEREG
tagBSTRBLOB
TLIBATTR
LARGE_INTEGER
IEnumSTATSTG
VARTYPE
TP_VERSION
ITypeLib
tagDEC
CLIPDATA
TYPEATTR
tagVARIANT
DISPID
vc_attributes::YesNoMaybe
vc_attributes::PreAttribute
vc_attributes::PostAttribute
vc_attributes::AccessType
USHORT
tagCADATE
HMODULE
tagCAUH
ULARGE_INTEGER
IRecordInfo
ldiv_t
DWORD_PTR
CASCODE
PPROCESS_PARAMETERS
IMAGE_OPTIONAL_HEADER32
CAFILETIME
_CURDIR
DISPPARAMS
LPVARIANT
INVOKEKIND
STATSTG
__MIDL_IUri_0002
_TEXT_INFO
HANDLE
tagCALPWSTR
_IMAGE_DOS_HEADER
PIMAGE_IMPORT_DESCRIPTOR
NT_TIB
_tagPSUACTION
PROPVAR_PAD1
CALPSTR
PTP_POOL
STRUTILS<wchar_t>
LPBYTE
SAFEARRAY
tagCABOOL
IStorage
PIMAGE_EXPORT_DIRECTORY
IMAGE_DATA_DIRECTORY
PIMAGE_OPTIONAL_HEADER
CALPWSTR
PUWSTR
TString<char>
TBotObject
_LIST_ENTRY
tagCALPSTR
ITypeInfo
LPWSTR
LPVERSIONEDSTREAM
IStream
size_t
PDWORD
CURDIR
PIMAGE_IMPORT_BY_NAME
_PROCESS_PARAMETERS
tagPROPVARIANT
CABSTRBLOB
_IMAGE_DATA_DIRECTORY
_IMAGE_NT_HEADERS
tagVersionedStream
FILETIME
tagCAFLT
tagCACLIPDATA
TDllId
tagBINDSTATUS
VARIANT
IDispatch
tagDOMNodeType
tagShutdownType
_IMAGE_EXPORT_DIRECTORY
tagCAL
tagCAPROPVARIANT
_PEB_FREE_BLOCK
PHANDLE
tagCABSTRBLOB
PTP_SIMPLE_CALLBACK
_IMAGE_IMPORT_BY_NAME
tagCHANGEKIND
CACLIPDATA
PTP_CLEANUP_GROUP_CANCEL_CALLBACK
KSPIN_LOCK
IMAGE_FILE_HEADER
PTP_CALLBACK_ENVIRON
PTP_CLEANUP_GROUP
CACLSID
IMAGE_IMPORT_DESCRIPTOR
ULONG_PTR
HINSTANCE__
LDR_DATA_TABLE_ENTRY
_IMAGE_IMPORT_DESCRIPTOR
STRUTILS<char>
PROPVAR_PAD2
_ldiv_t
__MIDL_ICodeInstall_0001
HRESULT
tagCALLCONV
_tagINTERNETFEATURELIST
CABOOL
string
_tagPARSEACTION
PIMAGE_DOS_HEADER
TStrEnum
tagCASCODE
tagCAUL
CABSTR
Iakytp[O:ac
c:\program files\microsoft sdks\windows\v6.0a\include\msxml.h
c:\program files\microsoft sdks\windows\v6.0a\include\cguid.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnetwk.h
c:\program files\microsoft sdks\windows\v6.0a\include\nb30.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdcep.h
c:\program files\microsoft sdks\windows\v6.0a\include\winefs.h
c:\program files\microsoft sdks\windows\v6.0a\include\mcx.h
d:\program files\microsoft visual studio 9.0\vc\include\vadefs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnt.h
d:\program files\microsoft visual studio 9.0\vc\include\ctype.h
c:\program files\microsoft sdks\windows\v6.0a\include\wincon.h
e:\projects\progs\petrosjan\bjwj\source\core\getapi.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\guiddef.h
c:\program files\microsoft sdks\windows\v6.0a\include\oaidl.h
e:\projects\progs\petrosjan\bjwj\source\core\ntdll.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpc.h
c:\program files\microsoft sdks\windows\v6.0a\include\winerror.h
e:\projects\progs\petrosjan\bjwj\source\core\ntstatus.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcdce.h
c:\program files\microsoft sdks\windows\v6.0a\include\wingdi.h
e:\projects\progs\petrosjan\bjwj\source\core\getapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\winbase.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack8.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack4.h
d:\program files\microsoft visual studio 9.0\vc\include\string.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsock.h
c:\program files\microsoft sdks\windows\v6.0a\include\winreg.h
e:\projects\progs\petrosjan\bjwj\source\core\strings.h
e:\projects\progs\petrosjan\bjwj\source\core\memory.h
c:\program files\microsoft sdks\windows\v6.0a\include\propidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\ole2.h
c:\program files\microsoft sdks\windows\v6.0a\include\objbase.h
d:\program files\microsoft visual studio 9.0\vc\include\stdlib.h
d:\program files\microsoft visual studio 9.0\vc\include\limits.h
c:\program files\microsoft sdks\windows\v6.0a\include\winspool.h
c:\program files\microsoft sdks\windows\v6.0a\include\poppack.h
c:\program files\microsoft sdks\windows\v6.0a\include\prsht.h
c:\program files\microsoft sdks\windows\v6.0a\include\winver.h
c:\program files\microsoft sdks\windows\v6.0a\include\tvout.h
e:\projects\progs\petrosjan\bjwj\source\core\strimplementation.cpp
c:\program files\microsoft sdks\windows\v6.0a\include\imm.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnterr.h
c:\program files\microsoft sdks\windows\v6.0a\include\commdlg.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcasync.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsi.h
c:\program files\microsoft sdks\windows\v6.0a\include\winperf.h
c:\program files\microsoft sdks\windows\v6.0a\include\shellapi.h
c:\program files\microsoft sdks\windows\v6.0a\include\dlgs.h
c:\program files\microsoft sdks\windows\v6.0a\include\winscard.h
c:\program files\microsoft sdks\windows\v6.0a\include\urlmon.h
c:\program files\microsoft sdks\windows\v6.0a\include\wtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsmcrd.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcndr.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcnsip.h
c:\program files\microsoft sdks\windows\v6.0a\include\winnls.h
c:\program files\microsoft sdks\windows\v6.0a\include\servprov.h
c:\program files\microsoft sdks\windows\v6.0a\include\bcrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\stralign.h
c:\program files\microsoft sdks\windows\v6.0a\include\lzexpand.h
c:\program files\microsoft sdks\windows\v6.0a\include\ddeml.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings.h
c:\program files\microsoft sdks\windows\v6.0a\include\wincrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_adt.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack2.h
c:\program files\microsoft sdks\windows\v6.0a\include\reason.h
c:\program files\microsoft sdks\windows\v6.0a\include\winsvc.h
c:\program files\microsoft sdks\windows\v6.0a\include\ncrypt.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_strict.h
c:\program files\microsoft sdks\windows\v6.0a\include\specstrings_undef.h
c:\program files\microsoft sdks\windows\v6.0a\include\basetsd.h
c:\program files\microsoft sdks\windows\v6.0a\include\winioctl.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleauto.h
c:\program files\microsoft sdks\windows\v6.0a\include\winuser.h
c:\program files\microsoft sdks\windows\v6.0a\include\rpcsal.h
c:\program files\microsoft sdks\windows\v6.0a\include\cderr.h
c:\program files\microsoft sdks\windows\v6.0a\include\ktmtypes.h
c:\program files\microsoft sdks\windows\v6.0a\include\dde.h
c:\program files\microsoft sdks\windows\v6.0a\include\windows.h
c:\program files\microsoft sdks\windows\v6.0a\include\sdkddkver.h
d:\program files\microsoft visual studio 9.0\vc\include\excpt.h
d:\program files\microsoft visual studio 9.0\vc\include\crtdefs.h
d:\program files\microsoft visual studio 9.0\vc\include\sal.h
c:\program files\microsoft sdks\windows\v6.0a\include\objidl.h
d:\program files\microsoft visual studio 9.0\vc\include\codeanalysis\sourceannotations.h
d:\program files\microsoft visual studio 9.0\vc\include\stdarg.h
c:\program files\microsoft sdks\windows\v6.0a\include\pshpack1.h
c:\program files\microsoft sdks\windows\v6.0a\include\windef.h
c:\program files\microsoft sdks\windows\v6.0a\include\oleidl.h
c:\program files\microsoft sdks\windows\v6.0a\include\unknwn.h
c:\program files\microsoft sdks\windows\v6.0a\include\inaddr.h
c:\program files\microsoft sdks\windows\v6.0a\include\mmsystem.h
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 260 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 12 - ^ =
$T0 .raSearch = $eip $T0 ^ = $esp $T0 4 + = $ebx $T0 4 - ^ =
$T0 $ebp = $eip $T0 4 + ^ = $ebp $T0 ^ = $esp $T0 8 + = $L $T0 .cbSavedRegs - = $P $T0 8 + .cbParams + = $ebx $T0 20 - ^ =
kernel32.dll
advapi32.dll
user32.dll
ws2_32.dll
ntdll.dll
winsta.dll
shell32.dll
wininet.dll
urlmon.dll
nspr4.dll
ssl3.dll
winmm.dll
cabinet.dll
opera.dll
Gdi32.dll
gdiplus.dll
crypt32.dll
Iphlpapi.dll
winspool.drv
odbc32.dll
comdlg32.dll
psapi.dll
shlwapi.dll
version.dll
Imagehlp.dll
ole32.dll
cryptdll.dll
GetImageBase
procAddr
GetPEB
GetDLLName
TBotObject::operator new
TBotObject::operator new[]
TBotObject::operator delete
Pointer
TBotObject::operator delete[]
Pointer
STRUTILS<wchar_t>::Hash
LowerCase
STRUTILS<char>::IsEmpty
STRUTILS<char>::Scan
pushargEx<1,2760730466,43,char *>
newfunc
GetDllBase
DllHash
GetForvardedProc
DLLName
GetApiAddr
Module
ProcNameHash
DataSize
OrdinalTable
GetKernel32
GetProcAddressEx
dwModule
dwProcNameHash
GetProcAddressEx2
dwModule
dwProcNameHash
CacheIndex
pushargEx<1,1769630462,9,int,unsigned int,int,int>
newfunc
pushargEx<1,3366748198,2,char *>
newfunc
BuildBotImportTable
_pGetProcAddress
_pLoadLibraryA
handle
thunkRef
InitializeAPI
e:\projects\progs\petrosjan\bjwj\builds\bot_plug\objs\release debugconfig\vc90.pdb
@comp.id	x
@feat.00
.drectve
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.rdata
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$S
.debug$T
?GlobalApiCache@@3PAPAXA
?KernelModuleAddr@@3PAUHINSTANCE__@@A
_kernel32_dll
_advapi32_dll
_user32_dll
_ws2_32_dll
_ntdll_dll
_winsta_dll
_shell32_dll
_wininet_dll
_urlmon_dll
_nspr4_dll
_ssl3_dll
_winmm_dll
_cabinet_dll
_opera_dll
_gdi32_dll
_gdiPlus_dll
_crypt32_dll
_Iphlpapi_dll
_winspool_drv
_odbc32_dll
_commdlg32_dll
_psapi_dll
_shlwapi_dll
_version_dll
_imagehelp_dll
_ole32_dll
_cryptDll_dll
?GetImageBase@@YGKPAX@Z
?GetPEB@@YAPAXXZ
?GetDLLName@@YAPADW4TDllId@@@Z
??2TBotObject@@SAPAXI@Z
?Alloc@HEAP@@YAPAXK@Z
??_UTBotObject@@SAPAXI@Z
??3TBotObject@@SAXPAX@Z
?Free@HEAP@@YAXPAX@Z
??_VTBotObject@@SAXPAX@Z
?Hash@?$STRUTILS@_W@@SAKPB_WK_N@Z
?IsEmpty@?$STRUTILS@D@@SA_NPBD@Z
?Scan@?$STRUTILS@D@@SAPADPBDD@Z
??$pushargEx@$00$0KEINGHGC@$0CL@PAD@@YAPAXPAD@Z
?GetDllBase@@YAPAUHINSTANCE__@@K@Z
?GetForvardedProc@@YAPAXPAD@Z
?GetHash@STR@@YAKPADK_N@Z
?m_atoi@@YAHPBD@Z
?m_lstrcat@@YGXPADPBD@Z
??_C@_04HLONOPDM@?4dll?$AA@
?m_memcpy@@YAPAXPAXPBXH@Z
?m_memset@@YAPAXPAXKK@Z
?GetApiAddr@@YAPAXPAUHINSTANCE__@@K@Z
?GetKernel32@@YAPAUHINSTANCE__@@XZ
?GetProcAddressEx@@YAPAXPADKK@Z
?GetProcAddressEx2@@YAPAXPADKKH@Z
??$pushargEx@$00$0GJHKGKPO@$08HIHH@@YAPAXHIHH@Z
??$pushargEx@$00$0MIKMIACG@$01PAD@@YAPAXPAD@Z
?BuildBotImportTable@@YA_NXZ
?InitializeAPI@@YAHXZ