.Hi Reversers,
I like security as a hobby and I not so often I read and play with a few simple KeyGen games and I enjoy it.
Reversing and KeyGen is very interesting but I'm a beginner and my questions are probably very dumb but I will be very thankful if you could help me.
Until the moment I have reversed simple keygen applications using techniques such as:
- Look for string text reference to find the interesting code area.
- Keygen fishing.
- And bypass IsDebugPresent check.
Yeah, I know, really basic stuff. Here is a video similar to what I do in general�
http://www.youtube.com/watch?v=tJY_Tv7o5bE
Just for learning sometimes I try to reverse a few small and medium application that I buy for Windows and looks like simple products without many protections.
This is a software that I acquired 2 months ago and the whole installation is around 50MB. One of the motivations to try apply my basic knowledge here is because I like to see if what I learned in keygens really work in real-life, my experience that medium softwares are much harder since keygens are very small and easy to find the routines that you want. :)
*** Just to keep it very clear, I have a license for this program and my intention is only learn and increase my knowledge. Since I have no commercial intention in break it or create any damage I will not disclosure the application - I hope you understand. ***
OK, let's go. The application consist of one main executable (~33MB), 6 DLLs (very small ones and some of them are libeay32.dll, etc) and around 90 .xsd files (XML format). My first step was try to identify the programming language used and if a packer was present, please, see screenshots below:
It really appears to be developed in Delphi, with CFF I confirmed it. Also, there is no section that points for an packer looking at CFF information and EXE Information and RDG also say it's clean. However, RDG found IsDebugPresent and pointed for an protection software as you may see. However, I'm not sure if it's a false-positive.
On my application the serial is entered in a field like that:
And once I enter a wrong serial number (30 chars long) I get a message like that:
I guess it's not a MessageBox, or at least it's very custom one. For this kind of messages should I keep breakpoints at MessageBoxA, etc? Or there is a different API?
Below is a screenshot once I attach to the application running:
When I press "run" at OllyDB it's what I get:
Here is a list of SEH chain:
Here are the "Windows" available, including the one that I would like to disassemble, examine and put a breakpoint:
However it fails to debug, see below, please:
Is it some kind of protection? How to disable this part of code, put breakpoints, etc?
Looking at "Text String References" I'm able to see just partial messages and not the one displayed on my custom "MessageBox".
Also, There are many parts that looks like an message that will be completed on the fly, for example "A chave informata esta" which means "They key entered is" or "Chave incorrecta n" which means "Wrong key at".
Additionally, I noted that are parts of the application when some texts are not stored as a "TextString", instead I see "char by char" in sequence at OllyDb creating a few strings (also not very useful to me).
If I define a breakpoint in any of these TextStrings it's what happen - an exception:
Is it a protection? Any idea how to bypass it?
From here the only thing that I'm able to do it pass control to the application and all is over. :(
Also, if I refuse to pass control to the application and I continue with F7/F8 I get something like that:
It ends with an instruction not recognized by OllyDB. Any idea?
I also tried to set breakpoints in Names from User32.dll such as GetDlgItemTextA and GetDlgItemTextW since I believe they are the APIs used to read my entered serial number. The strange thing is that they are exported and not imported as demonstrated below. Is it normal?
Once I created the breakpoint and stated stepping into I got this exception again and I was forced to pass control to application and game over again. :(
I was thinking it could be some basic Anti-debugging protections, so I enabled "aadp4olly" and "Olly Advanced" with many options but it was unable to solve the issues, so, I'm not so sure anymore about what is issue is.
Here is the full list of names available in User32 for this application:
Names in USER32
Address Section Type ( Name Comment
766D89CB .text Export #1500
766D8091 .text Export #1501
766D3355 .text Export #1550
766D33E1 .text Export #1551
766D33A9 .text Export #1552
766D33FF .text Export #1553
766D3454 .text Export #1554
766D348F .text Export #1555
766D34C5 .text Export #1556
766B9F10 .text Export #2000
766CC0CA .text Export #2001
766CC11F .text Export #2002
766D89EB .text Export #2005
76660000 Export #2338
766B88C7 .text Export #2500
766B88EC .text Export #2501
766B891E .text Export #2502
7668D6C0 .text Export ( ActivateKeyboardLayout
76670400 .text Import ( KERNEL32.AddAtomA
766703FC .text Import ( KERNEL32.AddAtomW
766D7DB7 .text Export AddClipboardFormatListener
7668C6C6 .text Export ( AdjustWindowRect
766851E2 .text Export ( AdjustWindowRectEx
766D93BC .text Export AlignRects
7667013C .text Import ntdll._alldiv
766700B8 .text Import ntdll._allmul
766B9E68 .text Export AllowForegroundActivation
76686697 .text Export AllowSetForegroundWindow
766700B0 .text Import ntdll._allshr
7668B531 .text Export AnimateWindow
766D548C .text Export ( AnyPopup
766D67FB .text Export ( AppendMenuA
766BC099 .text Export ( AppendMenuW
7668C0AE .text Export ( ArrangeIconicWindows
7669F188 .text Export ( AttachThreadInput
76670144 .text Import ntdll._aulldvrm
766863B5 .text Export ( BeginDeferWindowPos
76681361 .text Export ( BeginPaint
76670330 .text Import ( GDI32.BitBlt
766D7DD7 .text Export BlockInput
76687B3B .text Export ( BringWindowToTop
766D68A2 .text Export ( BroadcastSystemMessageA
766D687B .text Export BroadcastSystemMessageExA
766BC119 .text Export BroadcastSystemMessageExW
766BC140 .text Export ( BroadcastSystemMessageW
766D2FF5 .text Export BuildReasonArray
766833B1 .text Export CalcMenuBar
766D7E17 .text Export CalculatePopupWindowPosition
766D6E4A .text Export ( CallMsgFilterA
7669D1E8 .text Export ( CallMsgFilterW
76686285 .text Export ( CallNextHookEx
7668792F .text Export ( CallWindowProcA
76680D32 .text Export ( CallWindowProcW
766C0A7F .text Export CancelShutdown
766B9979 .text Export CascadeChildWindows
766CCF08 .text Export ( CascadeWindows
7668C17B .text Export ( ChangeClipboardChain
766D706C .text Export ( ChangeDisplaySettingsA
766D6DA0 .text Export ( ChangeDisplaySettingsExA
766C07D7 .text Export ( ChangeDisplaySettingsExW
766C08B5 .text Export ( ChangeDisplaySettingsW
766CD2E9 .text Export ChangeMenuA
766CD244 .text Export ChangeMenuW
7667B6D2 .text Export ChangeWindowMessageFilter
7667F285 .text Export ChangeWindowMessageFilterEx
76683E75 .text Export ( CharLowerA
76684F38 .text Export ( CharLowerBuffA
7667760B .text Export ( CharLowerBuffW
76677647 .text Export ( CharLowerW
76677A1B .text Export ( CharNextA
766D4DA0 .text Export CharNextExA
76678151 .text Export ( CharNextW
76683EF2 .text Export ( CharPrevA
766D4DD7 .text Export CharPrevExA
7667768C .text Export ( CharPrevW
76684FEE .text Export ( CharToOemA
7668B1B0 .text Export ( CharToOemBuffA
766D1A7D .text Export ( CharToOemBuffW
766D1A26 .text Export ( CharToOemW
7667FDCA .text Export ( CharUpperA
7667FE47 .text Export ( CharUpperBuffA
7667FC5D .text Export ( CharUpperBuffW
7667F350 .text Export ( CharUpperW
766D7E97 .text Export CheckDesktopByThreadId
7669BE9A .text Export ( CheckDlgButton
7668A88C .text Export ( CheckMenuItem
766CD3EB .text Export ( CheckMenuRadioItem
7669BC9D .text Export ( CheckRadioButton
76670540 .text Import ADVAPI32.CheckTokenMembership
766D7EB7 .text Export CheckWindowThreadDesktop
766B8CF0 .text Export ( ChildWindowFromPoint
7668CD46 .text Export ( ChildWindowFromPointEx
766700C0 .text Import ntdll._chkstk
76679DA3 .text Export ClientThreadSetup
76682606 .text Export ( ClientToScreen
766B4D0D .text Export CliImmSetHotKey
76691353 .text Export ( ClipCursor
76688E8D .text Export ( CloseClipboard
766800FA .text Export ( CloseDesktop
766B89CF .text Export CloseGestureInfoHandle
76670418 .text Import ( KERNEL32.CloseHandle
766BD2DA .text Export CloseTouchInputHandle
766B999A .text Export ( CloseWindow
766800B9 .text Export ( CloseWindowStation
766702B0 .text Import ( GDI32.CombineRgn
76670420 .text Import ( KERNEL32.CompareStringW
766C0B35 .text Export ConsoleControl
766D86CB .text Export ControlMagnification
766703EC .text Import KERNEL32.ConvertDefaultLocale
76698960 .text Export ( CopyAcceleratorTableA
766854C8 .text Export ( CopyAcceleratorTableW
766701D4 .text Import ( GDI32.CopyEnhMetaFileW
766871E5 .text Export ( CopyIcon
76684A09 .text Export ( CopyImage
766701D8 .text Import ( GDI32.CopyMetaFileW
76682534 .text Export ( CopyRect
7668C486 .text Export ( CountClipboardFormats
7668D0F4 .text Export ( CreateAcceleratorTableA
76684E04 .text Export ( CreateAcceleratorTableW
766702CC .text Import ( GDI32.CreateBitmap
766701CC .text Import ( GDI32.CreateBrushIndirect
7669F4D2 .text Export ( CreateCaret
7667027C .text Import ( GDI32.CreateCompatibleBitmap
7667029C .text Import ( GDI32.CreateCompatibleDC
766BCE88 .text Export ( CreateCursor
76670274 .text Import ( GDI32.CreateDCW
766B9783 .text Export ( CreateDesktopA
766B9691 .text Export CreateDesktopExA
766B97AC .text Export CreateDesktopExW
766B97FC .text Export ( CreateDesktopW
7668B029 .text Export ( CreateDialogIndirectParamA
766A10A0 .text Export CreateDialogIndirectParamAorW
7668C63E .text Export ( CreateDialogIndirectParamW
76695246 .text Export ( CreateDialogParamA
766A10DC .text Export ( CreateDialogParamW
76670278 .text Import ( GDI32.CreateDIBitmap
76670260 .text Import ( GDI32.CreateDIBSection
766701A4 .text Import ( GDI32.CreateEllipticRgn
7667038C .text Import ( KERNEL32.CreateFileMappingW
76670528 .text Import ( KERNEL32.CreateFileW
76670210 .text Import ( GDI32.CreateFontIndirectW
7668DA0A .text Export ( CreateIcon
766BD15F .text Export ( CreateIconFromResource
7668725D .text Export ( CreateIconFromResourceEx
76687018 .text Export ( CreateIconIndirect
76698F33 .text Export ( CreateMDIWindowA
7668C92E .text Export ( CreateMDIWindowW
766857A4 .text Export ( CreateMenu
766701E0 .text Import ( GDI32.CreatePalette
766701AC .text Import ( GDI32.CreatePen
7669D359 .text Export ( CreatePopupMenu
76670408 .text Import ( KERNEL32.CreateProcessW
76670188 .text Import ( GDI32.CreateRectRgn
7667018C .text Import ( GDI32.CreateRectRgnIndirect
76670298 .text Import ( GDI32.CreateSolidBrush
766D5522 .text Export CreateSystemThreads
7667043C .text Import ( KERNEL32.CreateThread
7667D22E .text Export ( CreateWindowExA
76678A29 .text Export ( CreateWindowExW
766BBED7 .text Export ( CreateWindowStationA
766BBF1E .text Export ( CreateWindowStationW
766700E4 .text Import ntdll.CsrAllocateCaptureBuffer
766700F0 .text Import ntdll.CsrAllocateMessagePointer
766C0ACA .text Export CsrBroadcastSystemMessageExW
766700E0 .text Import ntdll.CsrCaptureMessageBuffer
766700D8 .text Import ntdll.CsrClientCallServer
766700DC .text Import ntdll.CsrFreeCaptureBuffer
766BC563 .text Export CtxInitUser32
766D668C .text Export ( DdeAbandonTransaction
766C8282 .text Export ( DdeAccessData
766C85E5 .text Export ( DdeAddData
766D5F66 .text Export ( DdeClientTransaction
766C8C45 .text Export ( DdeCmpStringHandles
766BEB7F .text Export ( DdeConnect
766BEE95 .text Export ( DdeConnectList
7668F938 .text Export ( DdeCreateDataHandle
7668D253 .text Export ( DdeCreateStringHandleA
7668E849 .text Export ( DdeCreateStringHandleW
766BED7D .text Export ( DdeDisconnect
766BEDF4 .text Export ( DdeDisconnectList
766B7C08 .text Export ( DdeEnableCallback
7668F9D2 .text Export ( DdeFreeDataHandle
7668E10D .text Export ( DdeFreeStringHandle
7668FBCE .text Export ( DdeGetData
766C1B4C .text Export ( DdeGetLastError
766BE5DC .text Export DdeGetQualityOfService
766C1B8D .text Export ( DdeImpersonateClient
7668D213 .text Export ( DdeInitializeA
7668E821 .text Export ( DdeInitializeW
766C8D03 .text Export ( DdeKeepStringHandle
7668DF51 .text Export ( DdeNameService
766D5C57 .text Export ( DdePostAdvise
766D64AD .text Export ( DdeQueryConvInfo
766BE71B .text Export ( DdeQueryNextServer
766C8D90 .text Export ( DdeQueryStringA
76690A7E .text Export ( DdeQueryStringW
766BEC2A .text Export ( DdeReconnect
766BE5D1 .text Export DdeSetQualityOfService
766D6631 .text Export ( DdeSetUserHandle
766C82F4 .text Export ( DdeUnaccessData
7668E1B9 .text Export ( DdeUninitialize
7668640F .text Export ( DeferWindowPos
76687FBB .text Export ( DefFrameProcA
766885C1 .text Export ( DefFrameProcW
7668810C .text Export ( DefMDIChildProcA
766886B4 .text Export ( DefMDIChildProcW
766BC7D4 .text Export DefRawInputProc
76670364 .text Import KERNEL32.DelayLoadFailureHook
766704DC .text Import ( KERNEL32.DeleteAtom
76670284 .text Import ( GDI32.DeleteDC
76670310 .text Import ( GDI32.DeleteEnhMetaFile
76686D2A .text Export ( DeleteMenu
7667030C .text Import ( GDI32.DeleteMetaFile
76670308 .text Import ( GDI32.DeleteObject
7669DA4C .text Export DeregisterShellHookWindow
76683DB6 .text Export ( DestroyAcceleratorTable
7669F4C5 .text Export ( DestroyCaret
766849B2 .text Export ( DestroyIcon
76683E26 .text Export ( DestroyMenu
766D29F9 .text Export DestroyReasons
76679A55 .text Export ( DestroyWindow
766DA82E .text Export DeviceEventWorker
766BCE64 .text Export ( DialogBoxIndirectParamA
7669CE54 .text Export DialogBoxIndirectParamAorW
7669CBF3 .text Export ( DialogBoxIndirectParamW
766BCB0C .text Export ( DialogBoxParamA
7669CFCA .text Export ( DialogBoxParamW
766B9E75 .text Export DisableProcessWindowsGhosting
76670468 .text Import ( KERNEL32.DisableThreadLibraryCalls
76677BBB .text Export ( DispatchMessageA
7667787B .text Export ( DispatchMessageW
766D7A5C .text Export DisplayConfigGetDeviceInfo
766D7A79 .text Export DisplayConfigSetDeviceInfo
766C0DA3 .text Export DisplayExitWindowsWarnings
766CB27D .text Export ( DlgDirListA
766BE184 .text Export ( DlgDirListComboBoxA
766BE212 .text Export ( DlgDirListComboBoxW
766CB30C .text Export ( DlgDirListW
766BE24A .text Export ( DlgDirSelectComboBoxExA
766BE11F .text Export ( DlgDirSelectComboBoxExW
766CB4D5 .text Export ( DlgDirSelectExA
766CB53B .text Export ( DlgDirSelectExW
766D7F57 .text Export DoSoundConnect
766D7F75 .text Export DoSoundDisconnect
766D7F93 .text Export ( DragDetect
766D7FB3 .text Export DragObject
766D7FD3 .text Export ( DrawAnimatedRects
766D178E .text Export ( DrawCaption
766D6F28 .text Export DrawCaptionTempA
766C0817 .text Export DrawCaptionTempW
76685823 .text Export ( DrawEdge
766889C2 .text Export ( DrawFocusRect
766D969E .text Export DrawFrame
766912A1 .text Export ( DrawFrameControl
76688DEB .text Export ( DrawIcon
76684879 .text Export ( DrawIconEx
76686ED0 .text Export ( DrawMenuBar
766CD3B5 .text Export DrawMenuBarTemp
766CDA3E .text Export ( DrawStateA
7669FC44 .text Export ( DrawStateW
7668AEA1 .text Export ( DrawTextA
7668AED8 .text Export ( DrawTextExA
7668149E .text Export ( DrawTextExW
766825CF .text Export ( DrawTextW
766D32DF .text Export DwmGetDxSharedSurface
766D8053 .text Export DwmStartRedirection
766D8073 .text Export DwmStopRedirection
7669175A .text Export EditWndProc
766701A0 .text Import ( GDI32.Ellipse
766D7CB9 .text Export ( EmptyClipboard
766702BC .text Import GDI32.EnableEUDC
76686F50 .text Export ( EnableMenuItem
76688D3A .text Export ( EnableScrollBar
76682DA4 .text Export ( EnableWindow
766863D7 .text Export ( EndDeferWindowPos
7669B99C .text Export ( EndDialog
7668D6E0 .text Export ( EndMenu
76681341 .text Export ( EndPaint
766DA7EE .text Export EndTask
766D239C .text Export EnterReaderModeHelper
76680E94 .text Export ( EnumChildWindows
7668C449 .text Export ( EnumClipboardFormats
766801CE .text Export ( EnumDesktopsA
766B86D1 .text Export ( EnumDesktopsW
76685F53 .text Export ( EnumDesktopWindows
76684572 .text Export ( EnumDisplayDevicesA
7669E567 .text Export ( EnumDisplayDevicesW
7668451A .text Export EnumDisplayMonitors
7669E27C .text Export ( EnumDisplaySettingsA
7669E2A8 .text Export EnumDisplaySettingsExA
7669E474 .text Export EnumDisplaySettingsExW
7669E446 .text Export ( EnumDisplaySettingsW
76670214 .text Import ( GDI32.EnumFontsW
766B863E .text Export ( EnumPropsA
766B8678 .text Export ( EnumPropsExA
766B8696 .text Export ( EnumPropsExW
766B865B .text Export ( EnumPropsW
7667040C .text Import KERNEL32.EnumResourceNamesExW
76683961 .text Export ( EnumThreadWindows
7667D1CF .text Export ( EnumWindows
766802D6 .text Export ( EnumWindowStationsA
766B86B4 .text Export ( EnumWindowStationsW
76680988 .text Export ( EqualRect
76670198 .text Import ( GDI32.ExcludeClipRect
76688F47 .text Export ( ExcludeUpdateRgn
76670444 .text Import ( KERNEL32.ExitThread
766C1497 .text Export ( ExitWindowsEx
76670458 .text Import ( KERNEL32.ExpandEnvironmentStringsW
76670174 .text Import ( GDI32.ExtSelectClipRgn
766701EC .text Import ( GDI32.ExtTextOutA
76670258 .text Import ( GDI32.ExtTextOutW
76680EB6 .text Export ( FillRect
766703D8 .text Import ( KERNEL32.FindClose
766703D0 .text Import ( KERNEL32.FindFirstFileW
766703D4 .text Import ( KERNEL32.FindNextFileW
7667046C .text Import ( KERNEL32.FindResourceExA
76670470 .text Import ( KERNEL32.FindResourceExW
7667041C .text Import ( KERNEL32.FindResourceW
7667FFE6 .text Export ( FindWindowA
766800D9 .text Export ( FindWindowExA
7669F588 .text Export ( FindWindowExW
766798FD .text Export ( FindWindowW
7668BFD7 .text Export ( FlashWindow
7668C016 .text Export FlashWindowEx
76670434 .text Import KERNEL32.FoldStringW
7668899D .text Export ( FrameRect
766C20F1 .text Export ( FreeDDElParam
766704E0 .text Import ( KERNEL32.FreeLibrary
766D80D1 .text Export FrostCrashedWindow
76675FC8 .text Export gapfnScSendMessage
76670244 .text Import GDI32.GdiAddFontResourceW
76670328 .text Import GDI32.GdiConvertAndCheckDC
766702A0 .text Import GDI32.GdiConvertBitmapV5
76670318 .text Import GDI32.GdiConvertEnhMetaFile
76670314 .text Import GDI32.GdiConvertMetaFilePict
766702C0 .text Import GDI32.GdiConvertToDevmodeW
766702A4 .text Import GDI32.GdiCreateLocalEnhMetaFile
766702A8 .text Import GDI32.GdiCreateLocalMetaFilePict
7667028C .text Import GDI32.GdiDllInitialize
766701A8 .text Import GDI32.GdiFixUpHandle
76670304 .text Import GDI32.GdiGetBitmapBitsSize
76670238 .text Import GDI32.GdiGetCharDimensions
76670224 .text Import GDI32.GdiGetCodePage
76670240 .text Import GDI32.GdiLoadType1Fonts
7667023C .text Import GDI32.GdiPrinterThunk
76670290 .text Import GDI32.GdiProcessSetup
7667031C .text Import GDI32.GdiReleaseDC
76670288 .text Import GDI32.GdiValidateHandle
766704A4 .text Import ( KERNEL32.GetACP
7669F5C7 .text Export ( GetActiveWindow
766D7048 .text Export GetAltTabInfoA
766C0891 .text Export GetAltTabInfoW
76679785 .text Export ( GetAncestor
766861EC .text Export GetAppCompatFlags
76676BE4 .text Export GetAppCompatFlags2
7669EB96 .text Export ( GetAsyncKeyState
766703F8 .text Import ( KERNEL32.GetAtomNameA
766703F4 .text Import ( KERNEL32.GetAtomNameW
766702E4 .text Import ( GDI32.GetBkColor
7667022C .text Import ( GDI32.GetBkMode
76670194 .text Import ( GDI32.GetBoundsRect
76682AAC .text Export ( GetCapture
76688E4C .text Export ( GetCaretBlinkTime
7669EEF6 .text Export ( GetCaretPos
76670204 .text Import ( GDI32.GetCharABCWidthsA
76670208 .text Import ( GDI32.GetCharABCWidthsW
766701FC .text Import ( GDI32.GetCharWidthA
766701F8 .text Import GDI32.GetCharWidthInfo
76686ADE .text Export ( GetClassInfoA
7668695F .text Export ( GetClassInfoExA
7667B238 .text Export ( GetClassInfoExW
7667B422 .text Export ( GetClassInfoW
766886F9 .text Export ( GetClassLongA
766783A8 .text Export ( GetClassLongW
766879DF .text Export ( GetClassNameA
766782A9 .text Export ( GetClassNameW
7668EA55 .text Export ( GetClassWord
76680C62 .text Export ( GetClientRect
766B9F1D .text Export ( GetClipboardData
766868EF .text Export ( GetClipboardFormatNameA
766877FA .text Export ( GetClipboardFormatNameW
7668E360 .text Export ( GetClipboardOwner
76688696 .text Export GetClipboardSequenceNumber
766D8111 .text Export ( GetClipboardViewer
76670184 .text Import ( GDI32.GetClipBox
766D80F1 .text Export ( GetClipCursor
76670170 .text Import ( GDI32.GetClipRgn
766A0B60 .text Export GetComboBoxInfo
76670424 .text Import ( KERNEL32.GetCPInfo
766703E8 .text Import ( KERNEL32.GetCurrentDirectoryW
766701BC .text Import ( GDI32.GetCurrentObject
7667044C .text Import ( KERNEL32.GetCurrentProcess
766703C0 .text Import ( KERNEL32.GetCurrentProcessId
76670448 .text Import ( KERNEL32.GetCurrentThread
7667048C .text Import ( KERNEL32.GetCurrentThreadId
7669F6E0 .text Export ( GetCursor
7669D0AB .text Export GetCursorFrameInfo
766D812F .text Export ( GetCursorInfo
76681218 .text Export ( GetCursorPos
766772C4 .text Export ( GetDC
76683391 .text Export ( GetDCEx
76680A19 .text Export ( GetDesktopWindow
766702FC .text Import ( GDI32.GetDeviceCaps
76698941 .text Export ( GetDialogBaseUnits
76670300 .text Import ( GDI32.GetDIBColorTable
7667025C .text Import ( GDI32.GetDIBits
766D79E4 .text Export GetDisplayConfigBufferSizes
766813B6 .text Export ( GetDlgCtrlID
7669F1BA .text Export ( GetDlgItem
7669BD10 .text Export ( GetDlgItemInt
766D6B36 .text Export ( GetDlgItemTextA
7669BC18 .text Export ( GetDlgItemTextW
76684216 .text Export ( GetDoubleClickTime
76670440 .text Import ( KERNEL32.GetExitCodeThread
76670394 .text Import ( KERNEL32.GetFileSize
76680DEE .text Export ( GetFocus
76682320 .text Export ( GetForegroundWindow
766D816F .text Export GetGestureConfig
766B89BB .text Export GetGestureExtraArgs
766B8952 .text Export GetGestureInfo
766D81CF .text Export GetGuiResources
766781D3 .text Export ( GetGUIThreadInfo
76670178 .text Import GDI32.GetHFONT
766849EA .text Export ( GetIconInfo
766BCC31 .text Export GetIconInfoExA
766BCB78 .text Export GetIconInfoExW
766B99E5 .text Export GetInputDesktop
766D820F .text Export GetInputLocaleInfo
76688639 .text Export ( GetInputState
766D822F .text Export GetInternalWindowPos
766B9EB8 .text Export ( GetKBCodePage
76678D26 .text Export ( GetKeyboardLayout
76682E69 .text Export ( GetKeyboardLayoutList
766D6BD9 .text Export ( GetKeyboardLayoutNameA
766C07B1 .text Export ( GetKeyboardLayoutNameW
7669EC68 .text Export ( GetKeyboardState
766B9AC4 .text Export ( GetKeyboardType
766D6B6F .text Export ( GetKeyNameTextA
766C07A1 .text Export ( GetKeyNameTextW
7668291F .text Export ( GetKeyState
7669CA93 .text Export ( GetLastActivePopup
7667050C .text Import ( KERNEL32.GetLastError
7668B382 .text Export GetLastInputInfo
766D828F .text Export GetLayeredWindowAttributes
766702F4 .text Import GDI32.GetLayout
766D82AF .text Export GetListBoxInfo
76670348 .text Import ( KERNEL32.GetLocaleInfoW
766703DC .text Import ( KERNEL32.GetLogicalDrives
766CBFCB .text Export GetMagnificationDesktopColorEffect
766CC064 .text Export GetMagnificationDesktopMagnification
766D86EB .text Export GetMagnificationLensCtxInformation
7667017C .text Import ( GDI32.GetMapMode
76685041 .text Export ( GetMenu
76685764 .text Export GetMenuBarInfo
766CD544 .text Export ( GetMenuCheckMarkDimensions
766CD38E .text Export ( GetMenuContextHelpId
766CD1F0 .text Export ( GetMenuDefaultItem
7669C151 .text Export GetMenuInfo
7668563B .text Export ( GetMenuItemCount
7668A725 .text Export ( GetMenuItemID
766873A1 .text Export ( GetMenuItemInfoA
76685B20 .text Export ( GetMenuItemInfoW
766D82EF .text Export ( GetMenuItemRect
7668A7C1 .text Export ( GetMenuState
766D676E .text Export ( GetMenuStringA
766874D4 .text Export ( GetMenuStringW
76677BD3 .text Export ( GetMessageA
7669ED76 .text Export ( GetMessageExtraInfo
76682A8D .text Export ( GetMessagePos
7669F600 .text Export ( GetMessageTime
766778E2 .text Export ( GetMessageW
76670370 .text Import ( KERNEL32.GetModuleFileNameA
766704F8 .text Import ( KERNEL32.GetModuleFileNameW
7667036C .text Import ( KERNEL32.GetModuleHandleA
76670488 .text Import ( KERNEL32.GetModuleHandleW
76684413 .text Export GetMonitorInfoA
76683000 .text Export GetMonitorInfoW
766D830F .text Export GetMouseMovePointsEx
766C23A7 .text Export ( GetNextDlgGroupItem
7668DB73 .text Export ( GetNextDlgTabItem
76670324 .text Import ( GDI32.GetObjectType
766702E8 .text Import ( GDI32.GetObjectW
76670510 .text Import ( KERNEL32.GetOEMCP
7668C468 .text Export ( GetOpenClipboardWindow
766701DC .text Import ( GDI32.GetPaletteEntries
76680F68 .text Export ( GetParent
766B9EDB .text Export GetPhysicalCursorPos
766701E8 .text Import ( GDI32.GetPixel
766D832F .text Export ( GetPriorityClipboardFormat
766704AC .text Import ( KERNEL32.GetPrivateProfileStringW
766704E4 .text Import ( KERNEL32.GetProcAddress
766B9E38 .text Export GetProcessDefaultLayout
76679EEA .text Export ( GetProcessWindowStation
766B9BD0 .text Export GetProgmanWindow
76687B5A .text Export ( GetPropA
76677227 .text Export ( GetPropW
76683924 .text Export ( GetQueueStatus
766C816C .text Export GetRawInputBuffer
766D836F .text Export GetRawInputData
766D690B .text Export GetRawInputDeviceInfoA
766BC1A9 .text Export GetRawInputDeviceInfoW
766D83AF .text Export GetRawInputDeviceList
766D31C1 .text Export GetReasonTitleFromReasonCode
766D83CF .text Export GetRegisteredRawInputDevices
766702AC .text Import ( GDI32.GetRgnBox
76683FF8 .text Export GetScrollBarInfo
76684018 .text Export ( GetScrollInfo
76684234 .text Export ( GetScrollPos
766890C4 .text Export ( GetScrollRange
766B9EC3 .text Export GetSendMessageReceiver
7669E8A8 .text Export GetShellWindow
76670294 .text Import ( GDI32.GetStockObject
76670428 .text Import ( KERNEL32.GetStringTypeA
7667042C .text Import ( KERNEL32.GetStringTypeW
76686D73 .text Export ( GetSubMenu
76676C3C .text Export ( GetSysColor
766835A4 .text Export ( GetSysColorBrush
766703A0 .text Import ( KERNEL32.GetSystemDefaultLangID
76670460 .text Import ( KERNEL32.GetSystemDirectoryW
76686EA6 .text Export ( GetSystemMenu
76677D2F .text Export ( GetSystemMetrics
76670358 .text Import ( KERNEL32.GetSystemTimeAsFileTime
76670404 .text Import KERNEL32.GetSystemWindowsDirectoryW
766C18E8 .text Export ( GetTabbedTextExtentA
766C18BE .text Export ( GetTabbedTextExtentW
766B9C3E .text Export GetTaskmanWindow
766702D4 .text Import ( GDI32.GetTextAlign
766701B4 .text Import ( GDI32.GetTextCharacterExtra
76670228 .text Import ( GDI32.GetTextCharset
766701F0 .text Import ( GDI32.GetTextCharsetInfo
76670220 .text Import ( GDI32.GetTextColor
766702C4 .text Import ( GDI32.GetTextExtentPointA
766702C8 .text Import ( GDI32.GetTextExtentPointW
76670218 .text Import GDI32.GetTextFaceAliasW
76670200 .text Import ( GDI32.GetTextFaceW
7667021C .text Import ( GDI32.GetTextMetricsW
76676C63 .text Export ( GetThreadDesktop
766703CC .text Import ( KERNEL32.GetThreadLocale
7667037C .text Import ( KERNEL32.GetTickCount
76681DDA .text Export GetTitleBarInfo
766D83EF .text Export GetTopLevelWindow
76687887 .text Export ( GetTopWindow
766BD580 .text Export GetTouchInputInfo
766D842F .text Export GetUpdatedClipboardFormats
7669D41F .text Export ( GetUpdateRect
76686222 .text Export ( GetUpdateRgn
766704C0 .text Import ( KERNEL32.GetUserDefaultLCID
7669D396 .text Export ( GetUserObjectInformationA
76678068 .text Export ( GetUserObjectInformationW
766B94B5 .text Export ( GetUserObjectSecurity
766703B4 .text Import ( KERNEL32.GetVersionExW
76670230 .text Import ( GDI32.GetViewportExtEx
766701C0 .text Import ( GDI32.GetViewportOrgEx
7667926E .text Export ( GetWindow
7667F462 .text Export GetWindowCompositionAttribute
766D846F .text Export GetWindowCompositionInfo
766B9CAC .text Export ( GetWindowContextHelpId
76678048 .text Export ( GetWindowDC
766D848F .text Export GetWindowDisplayAffinity
76670234 .text Import ( GDI32.GetWindowExtEx
76681BBF .text Export GetWindowInfo
7667D156 .text Export ( GetWindowLongA
76676FFE .text Export ( GetWindowLongW
766D84AF .text Export GetWindowMinimizeRect
766D68C8 .text Export ( GetWindowModuleFileNameA
766BC166 .text Export ( GetWindowModuleFileNameW
76682ACA .text Export ( GetWindowPlacement
76677F34 .text Export ( GetWindowRect
766855A2 .text Export ( GetWindowRgn
7667F41D .text Export GetWindowRgnBox
766D84CF .text Export GetWindowRgnEx
76680029 .text Export ( GetWindowTextA
7668B29A .text Export ( GetWindowTextLengthA
7669D1A9 .text Export ( GetWindowTextLengthW
7668205E .text Export ( GetWindowTextW
766791B4 .text Export ( GetWindowThreadProcessId
7668913C .text Export ( GetWindowWord
766B951B .text Export GetWinStationInfo
766D84EF .text Export GhostWindowFromHungWindow
76670368 .text Import ( KERNEL32.GlobalAddAtomA
76670450 .text Import ( KERNEL32.GlobalAddAtomW
7667051C .text Import ( KERNEL32.GlobalAlloc
766704D4 .text Import ( KERNEL32.GlobalDeleteAtom
76670374 .text Import ( KERNEL32.GlobalFindAtomA
76670534 .text Import ( KERNEL32.GlobalFindAtomW
76670504 .text Import ( KERNEL32.GlobalFlags
766704FC .text Import ( KERNEL32.GlobalFree
766704F0 .text Import ( KERNEL32.GlobalGetAtomNameA
766704F4 .text Import ( KERNEL32.GlobalGetAtomNameW
76670438 .text Import ( KERNEL32.GlobalHandle
766704C8 .text Import ( KERNEL32.GlobalLock
76670514 .text Import ( KERNEL32.GlobalReAlloc
766704CC .text Import ( KERNEL32.GlobalSize
766704C4 .text Import ( KERNEL32.GlobalUnlock
766B9455 .text Export ( GrayStringA
766B9485 .text Export ( GrayStringW
766E04E0 .data Export gSharedInfo
76682DC6 .text Export ( HideCaret
766D850F .text Export ( HiliteMenuItem
766D852F .text Export HungWindowFromGhostWindow
766D858F .text Export ( ImpersonateDdeClientWindow
766D7331 .text Export IMPGetIMEA
766D7320 .text Export IMPGetIMEW
766D7353 .text Export IMPQueryIMEA
766D7342 .text Export IMPQueryIMEW
766D7375 .text Export IMPSetIMEA
766D7364 .text Export IMPSetIMEW
76683309 .text Export ( InflateRect
7667BEA5 .text Export InitializeLpkHooks
76683E46 .text Export ( InSendMessage
766838EE .text Export InSendMessageEx
766D67B8 .text Export ( InsertMenuA
7668D340 .text Export ( InsertMenuItemA
76685F1A .text Export ( InsertMenuItemW
7668D460 .text Export ( InsertMenuW
76670360 .text Import KERNEL32.InterlockedCompareExchange
76670500 .text Import ( KERNEL32.InterlockedDecrement
766704EC .text Import ( KERNEL32.InterlockedExchange
766704A8 .text Import ( KERNEL32.InterlockedIncrement
766D0150 .text Export InternalGetWindowIcon
76681E28 .text Export InternalGetWindowText
766702D8 .text Import ( GDI32.IntersectClipRect
76680903 .text Export ( IntersectRect
76681381 .text Export ( InvalidateRect
76686604 .text Export ( InvalidateRgn
766D953D .text Export ( InvertRect
76698FA0 .text Export ( IsCharAlphaA
76686867 .text Export ( IsCharAlphaNumericA
76687792 .text Export ( IsCharAlphaNumericW
76684B15 .text Export ( IsCharAlphaW
766D4E30 .text Export ( IsCharLowerA
7669C02B .text Export ( IsCharLowerW
766D4E97 .text Export ( IsCharUpperA
7669C05D .text Export ( IsCharUpperW
766821B1 .text Export ( IsChild
76688676 .text Export ( IsClipboardFormatAvailable
766703B8 .text Import ( KERNEL32.IsDBCSLeadByte
76670464 .text Import KERNEL32.IsDBCSLeadByteEx
766950ED .text Export ( IsDialogMessageA
7669C701 .text Export ( IsDialogMessageW
7669C0A6 .text Export ( IsDlgButtonChecked
766D5587 .text Export IsGUIThread
766D5504 .text Export IsHungAppWindow
766832A9 .text Export ( IsIconic
76685CB1 .text Export ( IsMenu
766781A6 .text Export IsProcessDPIAware
766808D8 .text Export ( IsRectEmpty
76678D65 .text Export IsServerSideWindow
766D2A49 .text Export IsSETEnabled
766771DE .text Export IsThreadDesktopComposited
76684AF5 .text Export IsTopLevelWindow
766D860F .text Export IsTouchWindow
766703F0 .text Import ( KERNEL32.IsValidLocale
76677136 .text Export ( IsWindow
76682C1B .text Export ( IsWindowEnabled
76680DA5 .text Export IsWindowInDestroy
76681DFA .text Export IsWindowRedirectedForPrint
7669F5D4 .text Export ( IsWindowUnicode
7668112D .text Export ( IsWindowVisible
7668773A .text Export IsWinEventHookInstalled
766BC7AB .text Export IsWow64Message
76670130 .text Import ( ntdll.iswspace
76683332 .text Export ( IsZoomed
766D02BF .text Export ( keybd_event
766779DB .text Export ( KillTimer
76670388 .text Import ( KERNEL32.LCMapStringW
76670128 .text Import ntdll.LdrFlushAlternateResourceModules
766884CB .text Export ( LoadAcceleratorsA
76684DD6 .text Export ( LoadAcceleratorsW
76670490 .text Import KERNEL32.LoadAppInitDlls
76687CC2 .text Export ( LoadBitmapA
76688B72 .text Export ( LoadBitmapW
7667DAD5 .text Export ( LoadCursorA
766B4F24 .text Export ( LoadCursorFromFileA
766B4F05 .text Export ( LoadCursorFromFileW
766788F7 .text Export ( LoadCursorW
7667DAFB .text Export ( LoadIconA
7667B142 .text Export ( LoadIconW
76688455 .text Export ( LoadImageA
7667FBD1 .text Export ( LoadImageW
766BBB35 .text Export ( LoadKeyboardLayoutA
766BBAF2 .text Export LoadKeyboardLayoutEx
766BBB17 .text Export ( LoadKeyboardLayoutW
7667035C .text Import ( KERNEL32.LoadLibraryExA
76670454 .text Import ( KERNEL32.LoadLibraryExW
766704E8 .text Import ( KERNEL32.LoadLibraryW
766B9B5A .text Export LoadLocalFonts
76694EEF .text Export ( LoadMenuA
76684BBC .text Export ( LoadMenuIndirectW
76684391 .text Export ( LoadMenuW
766B9B44 .text Export LoadRemoteFonts
76670478 .text Import ( KERNEL32.LoadResource
7667DB21 .text Export ( LoadStringA
76670474 .text Import KERNEL32.LoadStringBaseExW
76678EB9 .text Export ( LoadStringW
766704D8 .text Import ( KERNEL32.LocalAlloc
766704D0 .text Import ( KERNEL32.LocalFree
7667049C .text Import ( KERNEL32.LocalLock
766704A0 .text Import ( KERNEL32.LocalReAlloc
76670494 .text Import ( KERNEL32.LocalSize
76670498 .text Import ( KERNEL32.LocalUnlock
766B9D30 .text Export LockSetForegroundWindow
766D864F .text Export LockWindowStation
766D7D37 .text Export ( LockWindowUpdate
766D866F .text Export LockWorkStation
766A07C8 .text Export LogicalToPhysicalPoint
766BCEFD .text Export ( LookupIconIdFromDirectory
7668EFB4 .text Export ( LookupIconIdFromDirectoryEx
7667052C .text Import ( KERNEL32.lstrcmpiW
76670378 .text Import ( KERNEL32.lstrlenA
766703E0 .text Import ( KERNEL32.lstrlenW
7668DBC8 .text Export ( MapDialogRect
76670390 .text Import ( KERNEL32.MapViewOfFile
766D6C1A .text Export ( MapVirtualKeyA
766D6C69 .text Export ( MapVirtualKeyExA
7668936C .text Export ( MapVirtualKeyExW
766A1459 .text Export ( MapVirtualKeyW
76678C40 .text Export ( MapWindowPoints
7667D0C4 .text Export MBToWCSEx
766CDF79 .text Export MB_GetString
7667001C .text Import ( ntdll.memcpy
766700C4 .text Import ( ntdll.memmove
76670020 .text Import ( ntdll.memset
766D874B .text Export ( MenuItemFromPoint
766BC72C .text Export MenuWindowProcA
766BC6E8 .text Export MenuWindowProcW
7668C036 .text Export ( MessageBeep
766CFD1E .text Export ( MessageBoxA
766CFCD6 .text Export ( MessageBoxExA
766CFCFA .text Export ( MessageBoxExW
766CFBD1 .text Export ( MessageBoxIndirectA
766CFC9D .text Export ( MessageBoxIndirectW
766CFB28 .text Export MessageBoxTimeoutA
766CFACD .text Export MessageBoxTimeoutW
766CFD3F .text Export ( MessageBoxW
766702B8 .text Import GDI32.MirrorRgn
766D6838 .text Export ( ModifyMenuA
766BC0D6 .text Export ( ModifyMenuW
76685281 .text Export MonitorFromPoint
7669E7A0 .text Export MonitorFromRect
76683150 .text Export MonitorFromWindow
766D027B .text Export ( mouse_event
76683698 .text Export ( MoveWindow
76680B4A .text Export ( MsgWaitForMultipleObjects
76680894 .text Export ( MsgWaitForMultipleObjectsEx
766703C8 .text Import ( KERNEL32.MulDiv
76670518 .text Import ( KERNEL32.MultiByteToWideChar
76670148 .text Import ntdll.NlsAnsiCodePage
766B9B69 .text Export NotifyOverlayWindow
76682592 .text Export ( NotifyWinEvent
766700BC .text Import ntdll.NtCallbackReturn
76670158 .text Import ( ntdll.NtClose
76670080 .text Import ntdll.NtCreateKey
76670078 .text Import ntdll.NtDeleteValueKey
7667000C .text Import ntdll.NtEnumerateKey
76670074 .text Import ntdll.NtOpenDirectoryObject
76670000 .text Import ntdll.NtOpenKey
766700CC .text Import ntdll.NtOpenProcessToken
766700D0 .text Import ntdll.NtOpenThreadToken
76670098 .text Import ntdll.NtProtectVirtualMemory
76670048 .text Import ( ntdll.NtQueryInformationProcess
766700C8 .text Import ( ntdll.NtQueryInformationToken
7667004C .text Import ntdll.NtQuerySecurityObject
766700A8 .text Import ( ntdll.NtQuerySystemInformation
7667015C .text Import ( ntdll.NtQueryValueKey
7667011C .text Import ntdll.NtRaiseHardError
76670050 .text Import ntdll.NtSetSecurityObject
7667007C .text Import ntdll.NtSetValueKey
7667006C .text Import ntdll.NtVdmControl
76670084 .text Import ntdll.NtYieldExecution
766D1B48 .text Export ( OemKeyScan
766D199F .text Export ( OemToCharA
766D19DE .text Export ( OemToCharBuffA
766D1B0A .text Export ( OemToCharBuffW
766D1AC2 .text Export ( OemToCharW
76680BBD .text Export ( OffsetRect
766702B4 .text Import ( GDI32.OffsetRgn
76670250 .text Import ( GDI32.OffsetWindowOrgEx
76688ECB .text Export ( OpenClipboard
7668011A .text Export ( OpenDesktopA
766B9825 .text Export ( OpenDesktopW
766B9B84 .text Export ( OpenIcon
766D87CB .text Export ( OpenInputDesktop
766D87EB .text Export OpenThreadDesktop
7668045A .text Export ( OpenWindowStationA
766BB043 .text Export ( OpenWindowStationW
766905A0 .text Export ( PackDDElParam
766D7D77 .text Export ( PaintDesktop
76685784 .text Export PaintMenuBar
766D880B .text Export PaintMonitor
7667033C .text Import ( GDI32.PatBlt
76685F74 .text Export ( PeekMessageA
766805BA .text Export ( PeekMessageW
766A0B40 .text Export PhysicalToLogicalPoint
7667019C .text Import ( GDI32.PlayEnhMetaFile
766701C8 .text Import GDI32.PolyPatBlt
76683BAA .text Export ( PostMessageA
766812A5 .text Export ( PostMessageW
76679ABB .text Export ( PostQuitMessage
76683C61 .text Export ( PostThreadMessageA
76678BFF .text Export ( PostThreadMessageW
766D882B .text Export PrintWindow
766C811B .text Export PrivateExtractIconExA
766C8028 .text Export PrivateExtractIconExW
766C7FCE .text Export PrivateExtractIconsA
7668EDE0 .text Export PrivateExtractIconsW
766BCE20 .text Export PrivateRegisterICSProc
766703C4 .text Import KERNEL32.ProcessIdToSessionId
766811E9 .text Export ( PtInRect
7667012C .text Import ( ntdll.qsort
76670484 .text Import KERNEL32.QueryActCtxSettingsW
766D7A30 .text Export QueryDisplayConfig
766701F4 .text Import GDI32.QueryFontAssocStatus
76670384 .text Import ( KERNEL32.QueryPerformanceCounter
76670380 .text Import ( KERNEL32.QueryPerformanceFrequency
766D886B .text Export QuerySendMessage
76670414 .text Import ( KERNEL32.ReadFile
766D888B .text Export ( RealChildWindowFromPoint
766D6FC6 .text Export ( RealGetWindowClassA
766797A5 .text Export ( RealGetWindowClassW
7667026C .text Import ( GDI32.RealizePalette
766D241D .text Export ReasonCodeNeedsBugID
766D2406 .text Export ReasonCodeNeedsComment
766C1120 .text Export RecordShutdownReason
766701B0 .text Import ( GDI32.Rectangle
7668140B .text Export ( RedrawWindow
766704B4 .text Import ( KERNEL32.RegCloseKey
766704B8 .text Import ( KERNEL32.RegCreateKeyExW
766704BC .text Import KERNEL32.RegDeleteKeyExW
766703A8 .text Import ( KERNEL32.RegEnumValueW
7668434B .text Export ( RegisterClassA
7667DB98 .text Export ( RegisterClassExA
7667B17D .text Export ( RegisterClassExW
76678A65 .text Export ( RegisterClassW
7669DE26 .text Export RegisterDeviceNotificationA
7669DBF4 .text Export RegisterDeviceNotificationW
766D88CB .text Export RegisterErrorReportingDialog
766B9E9D .text Export RegisterFrostWindow
766B9E82 .text Export RegisterGhostWindow
7667EFC9 .text Export ( RegisterHotKey
766BC481 .text Export RegisterLogonProcess
766CFFD7 .text Export RegisterMessagePumpHook
7669DD9F .text Export RegisterPowerSettingNotification
766D88EB .text Export RegisterRawInputDevices
766D890B .text Export RegisterServicesProcess
766D892B .text Export RegisterSessionPort
7669DF20 .text Export RegisterShellHookWindow
766B9CDF .text Export RegisterSystemThread
766D894B .text Export RegisterTasklist
766D0E7C .text Export RegisterTouchWindow
766CFF4E .text Export RegisterUserApiHook
76670480 .text Import KERNEL32.RegisterWaitForInputIdle
76680AFA .text Export ( RegisterWindowMessageA
76679EBD .text Export ( RegisterWindowMessageW
766703AC .text Import ( KERNEL32.RegOpenKeyExW
766703A4 .text Import ( KERNEL32.RegQueryInfoKeyW
766703B0 .text Import ( KERNEL32.RegQueryValueExW
766704B0 .text Import ( KERNEL32.RegSetValueExW
7669ED49 .text Export ( ReleaseCapture
76677446 .text Export ( ReleaseDC
766D898B .text Export RemoveClipboardFormatListener
76687381 .text Export ( RemoveMenu
76688284 .text Export ( RemovePropA
76678DBD .text Export ( RemovePropW
76687807 .text Export ( ReplyMessage
766D89AB .text Export ResolveDesktopForWOW
76670254 .text Import ( GDI32.RestoreDC
7669054D .text Export ( ReuseDDElParam
76670040 .text Import ntdll.RtlActivateActivationContextUnsa
766700EC .text Import ntdll.RtlAllocateAndInitializeSid
76670018 .text Import ntdll.RtlAllocateHeap
76670058 .text Import ntdll.RtlAnsiStringToUnicodeString
76670124 .text Import ntdll.RtlCheckRegistryKey
76670060 .text Import ntdll.RtlCreateUnicodeStringFromAsciiz
7667003C .text Import ntdll.RtlDeactivateActivationContextUn
766700A4 .text Import ntdll.RtlDeleteCriticalSection
76670024 .text Import ntdll.RtlEnterCriticalSection
76670038 .text Import ntdll.RtlFindActivationContextSectionS
76670014 .text Import ntdll.RtlFreeHeap
766700E8 .text Import ntdll.RtlFreeSid
76670054 .text Import ntdll.RtlFreeUnicodeString
76670094 .text Import ntdll.RtlGetIntegerAtom
76670100 .text Import ntdll.RtlGetThreadLangIdByIndex
7667014C .text Import ntdll.RtlImageNtHeader
7667005C .text Import ntdll.RtlInitAnsiString
766700AC .text Import ntdll.RtlInitializeCriticalSection
766700A0 .text Import ntdll.RtlInitializeNtUserPfn
76670164 .text Import ntdll.RtlInitUnicodeString
76670114 .text Import ntdll.RtlIsNameLegalDOS8Dot3
76670088 .text Import ntdll.RtlIsThreadWithinLoaderCallout
76670028 .text Import ntdll.RtlLeaveCriticalSection
76670030 .text Import ntdll.RtlMultiByteToUnicodeN
76670120 .text Import ntdll.RtlMultiByteToUnicodeSize
766700D4 .text Import ntdll.RtlNtStatusToDosError
76670010 .text Import ntdll.RtlOpenCurrentUser
76670064 .text Import ntdll.RtlQueryInformationActiveActivat
766700F4 .text Import ntdll.RtlReAllocateHeap
76670034 .text Import ntdll.RtlReleaseActivationContext
7667009C .text Import ntdll.RtlRetrieveNtUserPfn
766700F8 .text Import ntdll.RtlRunDecodeUnicodeString
766700FC .text Import ntdll.RtlRunEncodeUnicodeString
76670150 .text Import ntdll.RtlSetLastWin32Error
76670104 .text Import ntdll.RtlSizeHeap
76670168 .text Import ntdll.RtlUnicodeStringToInteger
7667002C .text Import ntdll.RtlUnicodeToMultiByteN
766700B4 .text Import ntdll.RtlUnicodeToMultiByteSize
76670154 .text Import ( ntdll.RtlUnwind
7667024C .text Import ( GDI32.SaveDC
7668227D .text Export ( ScreenToClient
766CC9E8 .text Export ScrollChildren
766BA2EE .text Export ( ScrollDC
76689320 .text Export ( ScrollWindow
7669D56B .text Export ( ScrollWindowEx
7667045C .text Import ( KERNEL32.SearchPathW
766702DC .text Import ( GDI32.SelectObject
76670268 .text Import ( GDI32.SelectPalette
7669C112 .text Export ( SendDlgItemMessageA
7669D0F5 .text Export ( SendDlgItemMessageW
766D730F .text Export SendIMEMessageExA
766D72FE .text Export SendIMEMessageExW
7669FF4A .text Export ( SendInput
7668612E .text Export ( SendMessageA
766D6CFC .text Export ( SendMessageCallbackA
766876E0 .text Export ( SendMessageCallbackW
7668781F .text Export ( SendMessageTimeoutA
766797D2 .text Export ( SendMessageTimeoutW
76679679 .text Export ( SendMessageW
766D6D5D .text Export ( SendNotifyMessageA
76687668 .text Export ( SendNotifyMessageW
76683208 .text Export ( SetActiveWindow
76670280 .text Import ( GDI32.SetBitmapBits
766702F0 .text Import ( GDI32.SetBkColor
766702E0 .text Import ( GDI32.SetBkMode
766701D0 .text Import ( GDI32.SetBoundsRect
7667020C .text Import ( GDI32.SetBrushOrgEx
7669ED56 .text Export ( SetCapture
76687CAA .text Export ( SetCaretBlinkTime
7669F4AA .text Export ( SetCaretPos
7668D5F9 .text Export ( SetClassLongA
76685483 .text Export ( SetClassLongW
766D8A0B .text Export ( SetClassWord
766B8E57 .text Export ( SetClipboardData
7668C4B6 .text Export ( SetClipboardViewer
766703E4 .text Import ( KERNEL32.SetCurrentDirectoryW
766841F6 .text Export ( SetCursor
766D8A2B .text Export SetCursorContents
766B9CFD .text Export ( SetCursorPos
766B9E30 .text Export ( SetDebugErrorLevel
766B8FE9 .text Export SetDeskWallpaper
76670270 .text Import ( GDI32.SetDIBits
766D7A07 .text Export SetDisplayConfig
7669BECA .text Export ( SetDlgItemInt
7668C4D6 .text Export ( SetDlgItemTextA
7669CFA0 .text Export ( SetDlgItemTextW
766B9D18 .text Export ( SetDoubleClickTime
76670524 .text Import ( KERNEL32.SetEvent
76670410 .text Import ( KERNEL32.SetFileTime
76682175 .text Export ( SetFocus
7669F170 .text Export ( SetForegroundWindow
766D8A6B .text Export SetGestureConfig
76670180 .text Import ( GDI32.SetGraphicsMode
766D8AAB .text Export SetInternalWindowPos
766A14B2 .text Export ( SetKeyboardState
76670538 .text Import ( KERNEL32.SetLastError
766D1C92 .text Export ( SetLastErrorEx
7669EC88 .text Export SetLayeredWindowAttributes
76670190 .text Import GDI32.SetLayout
76670340 .text Import GDI32.SetLayoutWidth
766CBF77 .text Export SetMagnificationDesktopColorEffect
766CC02C .text Export SetMagnificationDesktopMagnification
766D870B .text Export SetMagnificationLensCtxInformation
76682BB9 .text Export ( SetMenu
766D8ACB .text Export ( SetMenuContextHelpId
7669C37D .text Export ( SetMenuDefaultItem
766CD222 .text Export SetMenuInfo
7669C33A .text Export ( SetMenuItemBitmaps
7668D307 .text Export ( SetMenuItemInfoA
7669D320 .text Export ( SetMenuItemInfoW
766BC793 .text Export ( SetMessageExtraInfo
7668C8E7 .text Export ( SetMessageQueue
766D8B0B .text Export SetMirrorRendering
766701E4 .text Import ( GDI32.SetPaletteEntries
76682D64 .text Export ( SetParent
766B9EF5 .text Export SetPhysicalCursorPos
766B9E50 .text Export SetProcessDefaultLayout
7667FCB8 .text Export SetProcessDPIAware
766802B6 .text Export ( SetProcessWindowStation
766B9C26 .text Export SetProgmanWindow
7668822C .text Export ( SetPropA
76677FCE .text Export ( SetPropW
76680E1B .text Export ( SetRect
76680D85 .text Export ( SetRectEmpty
7667032C .text Import ( GDI32.SetRectRgn
766840CF .text Export ( SetScrollInfo
766887A5 .text Export ( SetScrollPos
7669D50B .text Export ( SetScrollRange
766B9BB7 .text Export SetShellWindow
766D8B4B .text Export SetShellWindowEx
76670264 .text Import ( GDI32.SetStretchBltMode
766CFD60 .text Export ( SetSysColors
766D1BAB .text Export SetSysColorsTemp
766D0205 .text Export ( SetSystemCursor
7668A3D5 .text Export SetSystemMenu
766B9C94 .text Export SetTaskmanWindow
766702D0 .text Import ( GDI32.SetTextAlign
766701B8 .text Import ( GDI32.SetTextCharacterExtra
766702EC .text Import ( GDI32.SetTextColor
76680296 .text Export ( SetThreadDesktop
766779FB .text Export ( SetTimer
7667034C .text Import ( KERNEL32.SetUnhandledExceptionFilter
766D8B2B .text Export ( SetUserObjectInformationW
766B94EB .text Export ( SetUserObjectSecurity
766701C4 .text Import ( GDI32.SetViewportOrgEx
76680BE6 .text Export SetWindowCompositionAttribute
766915EF .text Export ( SetWindowContextHelpId
766D8BCB .text Export SetWindowDisplayAffinity
76686110 .text Export ( SetWindowLongA
76678332 .text Export ( SetWindowLongW
76684AB6 .text Export ( SetWindowPlacement
76678E4E .text Export ( SetWindowPos
7668284D .text Export ( SetWindowRgn
766D0121 .text Export SetWindowRgnEx
766B8C87 .text Export ( SetWindowsHookA
7668835C .text Export ( SetWindowsHookExA
76687603 .text Export ( SetWindowsHookExW
766B8CA2 .text Export ( SetWindowsHookW
766D01C7 .text Export SetWindowStationUser
76687AEE .text Export ( SetWindowTextA
766820EC .text Export ( SetWindowTextW
7668911C .text Export ( SetWindowWord
7667EE09 .text Export ( SetWinEventHook
7669D822 .text Export SfmDxBindSwapChain
766831D1 .text Export SfmDxGetSwapChainStats
766D8C4B .text Export SfmDxOpenSwapChain
766D8C6B .text Export SfmDxQuerySwapChainBindingStatus
7669D802 .text Export SfmDxReleaseSwapChain
766D8C8B .text Export SfmDxReportPendingBindingsToDwm
766D8CA9 .text Export SfmDxSetSwapChainBindingStatus
766D8CC9 .text Export SfmDxSetSwapChainStats
76682DE6 .text Export ( ShowCaret
7669F670 .text Export ( ShowCursor
7668AE86 .text Export ( ShowOwnedPopups
76684162 .text Export ( ShowScrollBar
766B9D48 .text Export ShowStartGlass
766D8D09 .text Export ShowSystemCursor
76680DFB .text Export ( ShowWindow
766D7D97 .text Export ( ShowWindowAsync
766DA84E .text Export ShutdownBlockReasonCreate
766DA88E .text Export ShutdownBlockReasonDestroy
766DA86E .text Export ShutdownBlockReasonQuery
7667047C .text Import ( KERNEL32.SizeofResource
76670430 .text Import ( KERNEL32.Sleep
766CEFE5 .text Export SoftModalMessageBox
76687869 .text Export SoundSentry
7667010C .text Import ntdll.sscanf_s
76670108 .text Import ntdll.strcpy_s
76670320 .text Import ( GDI32.StretchBlt
766702F8 .text Import ( GDI32.StretchDIBits
76670090 .text Import ( ntdll._stricmp
76670110 .text Import ( ntdll.strrchr
7668E988 .text Export ( SubtractRect
766B9D60 .text Export ( SwapMouseButton
766B9854 .text Export ( SwitchDesktop
766B986C .text Export SwitchDesktopWithFade
766B90FC .text Export SwitchToThisWindow
76670160 .text Import ntdll.swprintf_s
76686C30 .text Export ( SystemParametersInfoA
766790D3 .text Export ( SystemParametersInfoW
766C1828 .text Export ( TabbedTextOutA
766C17F9 .text Export ( TabbedTextOutW
76670354 .text Import ( KERNEL32.TerminateProcess
76670338 .text Import ( GDI32.TextOutA
76670334 .text Import ( GDI32.TextOutW
766B9D78 .text Export TileChildWindows
766CD1C9 .text Export ( TileWindows
766B9005 .text Export ( ToAscii
766B9062 .text Export ( ToAsciiEx
766D0160 .text Export ( ToUnicode
766D0193 .text Export ( ToUnicodeEx
7668360E .text Export ( TrackMouseEvent
7669C288 .text Export ( TrackPopupMenu
7669C2AC .text Export ( TrackPopupMenuEx
766885E5 .text Export ( TranslateAcceleratorA
76681246 .text Export ( TranslateAcceleratorW
76670248 .text Import ( GDI32.TranslateCharsetInfo
7668858E .text Export ( TranslateMDISysAccel
76677809 .text Export ( TranslateMessage
76677839 .text Export TranslateMessageEx
76670350 .text Import ( KERNEL32.UnhandledExceptionFilter
766B9D99 .text Export ( UnhookWindowsHook
7669F52B .text Export ( UnhookWindowsHookEx
76683982 .text Export ( UnhookWinEvent
766826A8 .text Export ( UnionRect
766B9E05 .text Export ( UnloadKeyboardLayout
766D8D89 .text Export UnlockWindowStation
76670398 .text Import ( KERNEL32.UnmapViewOfFile
766C2047 .text Export ( UnpackDDElParam
7667DCED .text Export ( UnregisterClassA
76679F84 .text Export ( UnregisterClassW
76682F58 .text Export UnregisterDeviceNotification
766A129B .text Export ( UnregisterHotKey
766D0081 .text Export UnregisterMessagePumpHook
7669D9D7 .text Export UnregisterPowerSettingNotification
766D8DA9 .text Export UnregisterSessionPort
766D0E97 .text Export UnregisterTouchWindow
766D8DC7 .text Export UnregisterUserApiHook
7668BA4A .text Export UpdateLayeredWindow
766828DA .text Export UpdateLayeredWindowIndirect
766D163D .text Export UpdatePerUserSystemParameters
76683559 .text Export ( UpdateWindow
766D8E25 .text Export UpdateWindowTransform
7667BF14 .text Export User32InitializeImmEntryTable
7667B6ED .text Export UserClientDllInitialize
766D8E45 .text Export UserHandleGrantAccess
766C198E .text Export UserLpkPSMTextOut
766C163C .text Export UserLpkTabbedTextOut
76681486 .text Export UserRealizePalette
766BA33E .text Export UserRegisterWowHandlers
766D53DA .text Export _UserTestTokenForInteractive
76687849 .text Export ( ValidateRect
76688E72 .text Export ( ValidateRgn
7668DC6B .text Export ( VkKeyScanA
7668D18C .text Export ( VkKeyScanExA
7668CD66 .text Export ( VkKeyScanExW
7669FDCD .text Export ( VkKeyScanW
766DA5C2 .text Export VRipOutput
76670068 .text Import ( ntdll._vsnwprintf
766DA5CA .text Export VTagOutput
766B9117 .text Export ( WaitForInputIdle
76670520 .text Import ( KERNEL32.WaitForMultipleObjectsEx
7669F5A9 .text Export ( WaitMessage
76670004 .text Import ntdll.wcscat_s
76670008 .text Import ntdll.wcscpy_s
7667008C .text Import ( ntdll._wcsicmp
76670118 .text Import ntdll.wcsncat_s
76670134 .text Import ntdll.wcsncpy_s
76670138 .text Import ( ntdll.wcsrchr
76670044 .text Import ( ntdll.wcstol
7667CF1D .text Export WCSToMBEx
76670070 .text Import ( ntdll.wcstoul
7667039C .text Import KERNEL32.WerpNotifyLoadStringResource
766703BC .text Import KERNEL32.WerpNotifyUseStringResource
76670508 .text Import ( KERNEL32.WideCharToMultiByte
7668146E .text Export ( WindowFromDC
766D8EC5 .text Export WindowFromPhysicalPoint
7669ED12 .text Export ( WindowFromPoint
7669557F .text Export ( WinHelpA
766C8A63 .text Export ( WinHelpW
766D72DC .text Export WINNLSEnableIME
766D72ED .text Export WINNLSGetEnableStatus
766D72D2 .text Export WINNLSGetIMEHotkey
76670530 .text Import ( KERNEL32.WritePrivateProfileStringW
7668AE5F .text Export ( wsprintfA
7669E061 .text Export ( wsprintfW
76670140 .text Import ntdll._wtoi
7668AAD3 .text Export ( wvsprintfA
7669D849 .text Export ( wvsprintfWAll help and answers are very appreciated, but please, keep in mind that I'm a beginner.
Thanks.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}