- DOS Header
- NT Header
- Rich Header
- Sections
- Imports
- Resource
- Exceptions
- Relocations
- Debugs
- TLS
- Load config
- IAT
- Delay import
IAT
| # | rva | value | meaning |
|---|---|---|---|
| 0 | 0x4f000 | 0x728c0 | ADVAPI32.dll!RegCreateKeyExW |
| 1 | 0x4f008 | 0x728ce | ADVAPI32.dll!RegOpenKeyExW |
| 2 | 0x4f010 | 0x728e0 | ADVAPI32.dll!RegQueryValueExW |
| 3 | 0x4f018 | 0x728f0 | ADVAPI32.dll!RegOpenKeyExA |
| 4 | 0x4f020 | 0x72904 | ADVAPI32.dll!EventRegister |
| 5 | 0x4f028 | 0x72914 | ADVAPI32.dll!EventUnregister |
| 6 | 0x4f030 | 0x72924 | ADVAPI32.dll!EventWrite |
| 7 | 0x4f038 | 0x72936 | ADVAPI32.dll!EventWriteTransfer |
| 8 | 0x4f040 | 0x72944 | |
| 9 | 0x4f048 | 0x0 | KERNEL32.dll!WideCharToMultiByte |
| 10 | 0x4f050 | 0x7295a | KERNEL32.dll!QueryPerformanceCounter |
| 11 | 0x4f058 | 0x72970 | KERNEL32.dll!GetCurrentProcessId |
| 12 | 0x4f060 | 0x7298a | KERNEL32.dll!GetCurrentThreadId |
| 13 | 0x4f068 | 0x729a0 | KERNEL32.dll!GetSystemTimeAsFileTime |
| 14 | 0x4f070 | 0x729b6 | KERNEL32.dll!InitializeSListHead |
| 15 | 0x4f078 | 0x729d0 | KERNEL32.dll!RtlCaptureContext |
| 16 | 0x4f080 | 0x729e6 | KERNEL32.dll!RtlLookupFunctionEntry |
| 17 | 0x4f088 | 0x729fa | KERNEL32.dll!RtlVirtualUnwind |
| 18 | 0x4f090 | 0x72a14 | KERNEL32.dll!IsDebuggerPresent |
| 19 | 0x4f098 | 0x72a28 | KERNEL32.dll!UnhandledExceptionFilter |