|
-
August 1st, 2012, 03:31 AM
#9
Re: Lateloading of x86 / x64 bit DLL keyboard files and init defines
 Originally Posted by kwhat
from what I have gathered SysWOW64/KBDUS.DLL is not purely 32 bit.
That's something new to me. Module architecture cannot be not purely 32 bit or a little bit 64 bit. It's either x86 or x64.
C:\Windows\SysWOW64\KBDUS.DLL
Code:
Microsoft (R) COFF/PE Dumper Version 10.00.40219.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file KBDUS.DLL
PE signature found
File Type: DLL
FILE HEADER VALUES
14C machine (x86)
3 number of sections
4A5BDBD2 time date stamp Tue Jul 14 05:13:54 2009
0 file pointer to symbol table
0 number of symbols
E0 size of optional header
2102 characteristics
Executable
32 bit word machine
DLL
OPTIONAL HEADER VALUES
10B magic # (PE32)
9.00 linker version
0 size of code
1400 size of initialized data
0 size of uninitialized data
0 entry point
1000 base of code
1000 base of data
5FFE0000 image base (5FFE0000 to 5FFE3FFF)
1000 section alignment
200 file alignment
6.01 operating system version
6.01 image version
6.01 subsystem version
0 Win32 version
4000 size of image
400 size of headers
C01F checksum
1 subsystem (Native)
540 DLL characteristics
Dynamic base
NX compatible
No structured exception handler
40000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
1C90 [ 4F] RVA [size] of Export Directory
0 [ 0] RVA [size] of Import Directory
2000 [ 400] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
3000 [ B4] RVA [size] of Base Relocation Directory
1CE0 [ 1C] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
0 [ 0] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.data name
D2B virtual size
1000 virtual address (5FFE1000 to 5FFE1D2A)
E00 size of raw data
400 file pointer to raw data (00000400 to 000011FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000040 flags
Initialized Data
Execute Read
RAW DATA #1
5FFE1000: FF 00 1B 00 31 00 32 00 33 00 34 00 35 00 36 00 ÿ...1.2.3.4.5.6.
5FFE1010: 37 00 38 00 39 00 30 00 BD 00 BB 00 08 00 09 00 7.8.9.0.½.».....
5FFE1020: 51 00 57 00 45 00 52 00 54 00 59 00 55 00 49 00 Q.W.E.R.T.Y.U.I.
5FFE1030: 4F 00 50 00 DB 00 DD 00 0D 00 A2 00 41 00 53 00 O.P.Û.Ý...¢.A.S.
. . .
C:\Windows\system32\KBDUS.DLL
Code:
Microsoft (R) COFF/PE Dumper Version 10.00.40219.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file KBDUS.DLL
PE signature found
File Type: DLL
FILE HEADER VALUES
8664 machine (x64)
3 number of sections
4A5BDFCE time date stamp Tue Jul 14 05:30:54 2009
0 file pointer to symbol table
0 number of symbols
F0 size of optional header
2022 characteristics
Executable
Application can handle large (>2GB) addresses
DLL
OPTIONAL HEADER VALUES
20B magic # (PE32+)
9.00 linker version
0 size of code
1600 size of initialized data
0 size of uninitialized data
0 entry point
1000 base of code
5FFFFFF0000 image base (000005FFFFFF0000 to 000005FFFFFF3FFF)
1000 section alignment
200 file alignment
6.01 operating system version
6.01 image version
6.01 subsystem version
0 Win32 version
4000 size of image
400 size of headers
100BD checksum
1 subsystem (Native)
140 DLL characteristics
Dynamic base
NX compatible
40000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
1E20 [ 4F] RVA [size] of Export Directory
0 [ 0] RVA [size] of Import Directory
2000 [ 400] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
3000 [ B4] RVA [size] of Base Relocation Directory
1E70 [ 1C] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
0 [ 0] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.data name
EC0 virtual size
1000 virtual address (000005FFFFFF1000 to 000005FFFFFF1EBF)
1000 size of raw data
400 file pointer to raw data (00000400 to 000013FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000040 flags
Initialized Data
Execute Read
RAW DATA #1
000005FFFFFF1000: 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 ................
000005FFFFFF1010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000005FFFFFF1020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000005FFFFFF1030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000005FFFFFF1040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
. . .
Last edited by Igor Vartanov; August 1st, 2012 at 03:37 AM.
Best regards,
Igor
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
