Open after1990s opened 8 years ago
Seems to work:
$ file ntdll.dll ntdll.dll: PE32+ executable for MS Windows (DLL) (console) $ python -c 'import pefile; print pefile.PE("ntdll.dll").dump_info()' [...] ----------FILE_HEADER---------- [IMAGE_FILE_HEADER] 0xE4 0x0 Machine: 0x8664 0xE6 0x2 NumberOfSections: 0x9 0xE8 0x4 TimeDateStamp: 0x56540C3B [Tue Nov 24 07:05:31 2015 UTC] 0xEC 0x8 PointerToSymbolTable: 0x0 0xF0 0xC NumberOfSymbols: 0x0 0xF4 0x10 SizeOfOptionalHeader: 0xF0 0xF6 0x12 Characteristics: 0x2022 Flags: IMAGE_FILE_DLL, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_LARGE_ADDRESS_AWARE ----------OPTIONAL_HEADER---------- [IMAGE_OPTIONAL_HEADER64] 0xF8 0x0 Magic: 0x20B 0xFA 0x2 MajorLinkerVersion: 0xC 0xFB 0x3 MinorLinkerVersion: 0xA 0xFC 0x4 SizeOfCode: 0xFA600 0x100 0x8 SizeOfInitializedData: 0xBF600 0x104 0xC SizeOfUninitializedData: 0x0 0x108 0x10 AddressOfEntryPoint: 0x0 0x10C 0x14 BaseOfCode: 0x1000 0x110 0x18 ImageBase: 0x180000000 0x118 0x20 SectionAlignment: 0x1000 0x11C 0x24 FileAlignment: 0x200 0x120 0x28 MajorOperatingSystemVersion: 0xA 0x122 0x2A MinorOperatingSystemVersion: 0x0 0x124 0x2C MajorImageVersion: 0xA 0x126 0x2E MinorImageVersion: 0x0 0x128 0x30 MajorSubsystemVersion: 0xA 0x12A 0x32 MinorSubsystemVersion: 0x0 0x12C 0x34 Reserved1: 0x0 0x130 0x38 SizeOfImage: 0x1C1000 0x134 0x3C SizeOfHeaders: 0x400 0x138 0x40 CheckSum: 0x1C03AA 0x13C 0x44 Subsystem: 0x3 0x13E 0x46 DllCharacteristics: 0x4160 0x140 0x48 SizeOfStackReserve: 0x40000 0x148 0x50 SizeOfStackCommit: 0x1000 0x150 0x58 SizeOfHeapReserve: 0x100000 0x158 0x60 SizeOfHeapCommit: 0x1000 0x160 0x68 LoaderFlags: 0x0 0x164 0x6C NumberOfRvaAndSizes: 0x10 [...]
@nyx0 How the hell can ntdll.dll be a PE32+ DLL? Does PE32+ not mean .NET 64-bit?
ntdll.dll
Seems to work: