[求助]用PEID检测，提示：不是有效的PE文件-软件逆向-看雪-安全社区|安全招聘|kanxue.com

最新回复 (5)
skyege 雪币： 229 活跃值： (70) 能力值： ( LV6，RANK：90 ) 在线值：发帖 10 回帖 555 粉丝 0 关注私信	skyege 2 2 楼把入口点改为 00401A90 看看是什么。 2005-4-26 00:23 0
jfaumt 雪币： 33 活跃值： (25) 能力值： ( LV2，RANK：10 ) 在线值：发帖 23 回帖 137 粉丝 0 关注私信	jfaumt 3 楼但是，它是如何让PEID检测为“不是有效的PE文件”的呢？ 2005-4-26 08:57 0
鸡蛋壳雪币： 427 活跃值： (412) 能力值： ( LV2，RANK：10 ) 在线值：发帖 456 回帖 3147 粉丝 9 关注私信	鸡蛋壳 4 楼这方法仅仅只能对付PEID，应该算PEID的BUG。 gt2 0.34 (c) 1999-2004 by PHaX (coding@helger.com) - D:\IP轰炸机.exe (61440 bytes) - binary Is a DOS executable Size of header: 00000040h/64 bytes File size in header: 00000490h/1168 bytes Entrypoint: 00000040h/64 Overlay size: 0000EB70h/60272 bytes No relocation entries PE EXE at offset 000000E8h/232 Entrypoint: 00001D4Ch / 7500 Entrypoint RVA: 00001D4Ch Entrypoint section: '.text' Calculated PE EXE size: 0000F000h / 61440 bytes Image base: 00400000h Required CPU type: 80386 Required OS: 4.00 - Win 95 or NT 4 Subsystem: Windows GUI Linker version: 6.00 Stack reserve: 00100000h / 1048576 Stack commit: 00001000h / 4096 Heap reserve: 00100000h / 1048576 Heap commit: 00001000h / 4096 Flags: Relocation info stripped from file File is executable Line numbers stripped from file Local symbols stripped from file Machine based on 32-bit-word architecture Processed with: Seems to be linked with Microsoft linker 6.0 Press any key to end the program 2005-4-26 09:04 0
鸡蛋壳雪币： 427 活跃值： (412) 能力值： ( LV2，RANK：10 ) 在线值：发帖 456 回帖 3147 粉丝 9 关注私信	鸡蛋壳 5 楼还有一个.NET写的壳，PEID也查出来是这个，但对GT2无效。 Listing of all used data directory entries (used: 3, total: 16): Name Phys offs RVA Phys size Section Import Table 002AB068h 002AB068h 00000118h .rdata Ressource Table 00306000h 00644000h 00012578h .rsrc Import Address Table 0025B000h 0025B000h 00000538h .rdata Functions from the following DLLs are imported: [0] DSOUND.dll [1] DINPUT8.dll [2] d3d9.dll [3] WINMM.dll [4] KERNEL32.dll [5] USER32.dll [6] GDI32.dll [7] ADVAPI32.dll [8] SHELL32.dll [9] ole32.dll [10] psrpc.dll [11] var_conv.dll [12] HttpFile.dll Resources at offset 00306000h (RVA 00644000h) for 75128 bytes: Cursor: ID: 0000000Ah/10 RVA: 0064D0B8h; Offset: 0030F0B8h; Size: 308 bytes ID: 0000000Bh/11 RVA: 0064D1F0h; Offset: 0030F1F0h; Size: 180 bytes ID: 0000000Ch/12 RVA: 0064D2D0h; Offset: 0030F2D0h; Size: 308 bytes ID: 0000000Dh/13 RVA: 0064D420h; Offset: 0030F420h; Size: 308 bytes ID: 0000000Eh/14 RVA: 0064D570h; Offset: 0030F570h; Size: 308 bytes ID: 0000000Fh/15 RVA: 0064D6C0h; Offset: 0030F6C0h; Size: 308 bytes ID: 00000010h/16 RVA: 0064D810h; Offset: 0030F810h; Size: 308 bytes ID: 00000011h/17 RVA: 0064D960h; Offset: 0030F960h; Size: 308 bytes ID: 00000012h/18 RVA: 0064DAB0h; Offset: 0030FAB0h; Size: 308 bytes ID: 00000013h/19 RVA: 0064DC00h; Offset: 0030FC00h; Size: 308 bytes ID: 00000014h/20 RVA: 0064DD50h; Offset: 0030FD50h; Size: 308 bytes ID: 00000015h/21 RVA: 0064DEA0h; Offset: 0030FEA0h; Size: 308 bytes ID: 00000016h/22 RVA: 0064DFF0h; Offset: 0030FFF0h; Size: 308 bytes ID: 00000017h/23 RVA: 0064E140h; Offset: 00310140h; Size: 308 bytes ID: 00000018h/24 RVA: 0064E290h; Offset: 00310290h; Size: 308 bytes ID: 00000019h/25 RVA: 0064E3E0h; Offset: 003103E0h; Size: 308 bytes Bitmap: ID: 00007912h/30994 RVA: 0064E618h; Offset: 00310618h; Size: 184 bytes ID: 00007914h/30996 RVA: 0064E6D0h; Offset: 003106D0h; Size: 324 bytes Icon: ID: 00000001h/1 RVA: 00646E48h; Offset: 00308E48h; Size: 1640 bytes ID: 00000002h/2 RVA: 006474B0h; Offset: 003094B0h; Size: 744 bytes ID: 00000003h/3 RVA: 00647798h; Offset: 00309798h; Size: 296 bytes ID: 00000004h/4 RVA: 006478C0h; Offset: 003098C0h; Size: 3752 bytes ID: 00000005h/5 RVA: 00648768h; Offset: 0030A768h; Size: 2216 bytes ID: 00000006h/6 RVA: 00649010h; Offset: 0030B010h; Size: 1384 bytes ID: 00000007h/7 RVA: 00649578h; Offset: 0030B578h; Size: 9640 bytes ID: 00000008h/8 RVA: 0064BB20h; Offset: 0030DB20h; Size: 4264 bytes ID: 00000009h/9 RVA: 0064CBC8h; Offset: 0030EBC8h; Size: 1128 bytes ID: 0000001Ah/26 RVA: 0064E818h; Offset: 00310818h; Size: 1640 bytes ID: 0000001Bh/27 RVA: 0064EE80h; Offset: 00310E80h; Size: 744 bytes ID: 0000001Ch/28 RVA: 0064F168h; Offset: 00311168h; Size: 296 bytes ID: 0000001Dh/29 RVA: 0064F290h; Offset: 00311290h; Size: 3752 bytes ID: 0000001Eh/30 RVA: 00650138h; Offset: 00312138h; Size: 2216 bytes ID: 0000001Fh/31 RVA: 006509E0h; Offset: 003129E0h; Size: 1384 bytes ID: 00000020h/32 RVA: 00650F48h; Offset: 00312F48h; Size: 9640 bytes ID: 00000021h/33 RVA: 006534F0h; Offset: 003154F0h; Size: 4264 bytes ID: 00000022h/34 RVA: 00654598h; Offset: 00316598h; Size: 1128 bytes Dialog: ID: 00000090h/144 RVA: 00645B40h; Offset: 00307B40h; Size: 1442 bytes ID: 00007801h/30721 RVA: 0064E530h; Offset: 00310530h; Size: 232 bytes String Table: ID: 00000F01h/3841 RVA: 00654E78h; Offset: 00316E78h; Size: 130 bytes ID: 00000F02h/3842 RVA: 00654F00h; Offset: 00316F00h; Size: 42 bytes ID: 00000F03h/3843 RVA: 00654F30h; Offset: 00316F30h; Size: 402 bytes ID: 00000F11h/3857 RVA: 006550C8h; Offset: 003170C8h; Size: 1250 bytes ID: 00000F12h/3858 RVA: 00655940h; Offset: 00317940h; Size: 794 bytes ID: 00000F13h/3859 RVA: 00655660h; Offset: 00317660h; Size: 732 bytes ID: 00000F14h/3860 RVA: 006564A0h; Offset: 003184A0h; Size: 138 bytes ID: 00000F19h/3865 RVA: 006555B0h; Offset: 003175B0h; Size: 172 bytes ID: 00000F1Ah/3866 RVA: 00656390h; Offset: 00318390h; Size: 222 bytes ID: 00000F1Bh/3867 RVA: 00655C60h; Offset: 00317C60h; Size: 1220 bytes ID: 00000F1Ch/3868 RVA: 00656128h; Offset: 00318128h; Size: 612 bytes ID: 00000F1Dh/3869 RVA: 00656470h; Offset: 00318470h; Size: 44 bytes ID: 00000F2Fh/3887 RVA: 00656530h; Offset: 00318530h; Size: 66 bytes Cursor Group: ID: 00007901h/30977 RVA: 0064D2A8h; Offset: 0030F2A8h; Size: 34 bytes ID: 00007916h/30998 RVA: 0064DA98h; Offset: 0030FA98h; Size: 20 bytes ID: 00007917h/30999 RVA: 0064D408h; Offset: 0030F408h; Size: 20 bytes ID: 00007918h/31000 RVA: 0064D948h; Offset: 0030F948h; Size: 20 bytes ID: 00007919h/31001 RVA: 0064D7F8h; Offset: 0030F7F8h; Size: 20 bytes ID: 0000791Ah/31002 RVA: 0064E128h; Offset: 00310128h; Size: 20 bytes ID: 0000791Bh/31003 RVA: 0064D6A8h; Offset: 0030F6A8h; Size: 20 bytes ID: 0000791Ch/31004 RVA: 0064DD38h; Offset: 0030FD38h; Size: 20 bytes ID: 0000791Dh/31005 RVA: 0064D558h; Offset: 0030F558h; Size: 20 bytes ID: 0000791Eh/31006 RVA: 0064DBE8h; Offset: 0030FBE8h; Size: 20 bytes ID: 0000791Fh/31007 RVA: 0064DE88h; Offset: 0030FE88h; Size: 20 bytes ID: 00007920h/31008 RVA: 0064DFD8h; Offset: 0030FFD8h; Size: 20 bytes ID: 00007921h/31009 RVA: 0064E278h; Offset: 00310278h; Size: 20 bytes ID: 00007922h/31010 RVA: 0064E3C8h; Offset: 003103C8h; Size: 20 bytes ID: 00007923h/31011 RVA: 0064E518h; Offset: 00310518h; Size: 20 bytes Icon Group: ID: 80000E50h/2147487312 RVA: 00654A00h; Offset: 00316A00h; Size: 132 bytes ID: 00000065h/101 RVA: 0064D030h; Offset: 0030F030h; Size: 132 bytes Version Info: ID: 00000001h/1 RVA: 00645268h; Offset: 00307268h; Size: 1136 bytes VersionInfo resource: FileVersion: 0.1.1.0 ProductVersion: 0.1.1.0 Target OS: 32 bit Windows Language '041104b0' Comments: 'Dynasty Warriors 4 for Windows (German)' CompanyName: 'KOEI Co., Ltd.' FileDescription: 'Dynasty Warriors 4.exe' FileVersion: '0.1.1.0' InternalName: 'Dynasty Warriors 4.exe' LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd. Alle Rechte vorbehalten.' LegalTrademarks: '(R) Dynasty Warriors 4, (C) KOEI Co., Ltd.' OriginalFilename: 'Dynasty Warriors 4.exe' ProductName: 'Dynasty Warriors 4 for Windows ' ProductVersion: '0.1.1.0' RVA: 006456D8h; Offset: 003076D8h; Size: 1128 bytes VersionInfo resource: FileVersion: 0.1.1.0 ProductVersion: 0.1.1.0 Target OS: 32 bit Windows Language '041104b0' Comments: 'Dynasty Warriors 4 for Windows (English)' CompanyName: 'KOEI Co., Ltd.' FileDescription: 'Dynasty Warriors 4.exe' FileVersion: '0.1.1.0' InternalName: 'Dynasty Warriors 4.exe' LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd. All r ights reserved' LegalTrademarks: '(R) Dynasty Warriors 4, (C) KOEI Co., Ltd.' OriginalFilename: 'Dynasty Warriors 4.exe' ProductName: 'Dynasty Warriors 4 for Windows ' ProductVersion: '0.1.1.0' RVA: 006460E8h; Offset: 003080E8h; Size: 1128 bytes VersionInfo resource: FileVersion: 0.1.1.0 ProductVersion: 0.1.1.0 Target OS: 32 bit Windows Language '040c04b0' Comments: 'Dynasty Warriors 4 for Windows (French)' CompanyName: 'KOEI Co., Ltd.' FileDescription: 'Dynasty Warriors 4.exe' FileVersion: '0.1.1.0' InternalName: 'Dynasty Warriors 4.exe' LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd. Tous droits reserves.' LegalTrademarks: '(R) Dynasty Warriors 4, (C) KOEI Co., Ltd.' OriginalFilename: 'Dynasty Warriors 4.exe' ProductName: 'Dynasty Warriors 4 for Windows ' ProductVersion: '0.1.1.0' RVA: 00646550h; Offset: 00308550h; Size: 1144 bytes VersionInfo resource: FileVersion: 0.1.1.0 ProductVersion: 0.1.1.0 Target OS: 32 bit Windows Language '041104b0' Comments: 'Dynasty Warriors 4 for Windows (Italian)' CompanyName: 'KOEI Co., Ltd.' FileDescription: 'Dynasty Warriors 4.exe' FileVersion: '0.1.1.0' InternalName: 'Dynasty Warriors 4.exe' LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd. Tutti i diritti riservati.' LegalTrademarks: '(R) Dynasty Warriors 4, (C) KOEI Co., Ltd.' OriginalFilename: 'Dynasty Warriors 4.exe' ProductName: 'Dynasty Warriors 4 for Windows ' ProductVersion: '0.1.1.0' RVA: 00644E70h; Offset: 00306E70h; Size: 1012 bytes VersionInfo resource: FileVersion: 1.0.0.0 ProductVersion: 1.0.0.0 Target OS: 32 bit Windows Language '041104b0' Comments: '真?三??双３ for Wi' CompanyName: 'KOEI Co., Ltd.' FileDescription: 'Shin SangokuMusou 3.exe' FileVersion: '1.0.0.0' InternalName: 'Shin SangokuMusou 3.exe' LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd. All r ights reserved' LegalTrademarks: '(R) 真?三??双３, (C) KOEI Co.,' OriginalFilename: 'Shin SangokuMusou 3.exe' ProductName: '真?三?N' ProductVersion: '1.0.0.0' RVA: 00654A88h; Offset: 00316A88h; Size: 1004 bytes VersionInfo resource: FileVersion: 1.0.0.0 ProductVersion: 1.0.0.0 Target OS: 32 bit Windows Language '040404b0' Comments: '?・????３ for Window' CompanyName: 'KOEI Co., Ltd.' FileDescription: 'Jin Samgukmussang 3.exe' FileVersion: '1.0.0.0' InternalName: 'Jin Samgukmussang 3' LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd. All r ights reserved' LegalTrademarks: '(R) ?・????３, (C) KOEI Co., Ltd' OriginalFilename: 'Jin Samgukmussang 3.exe' ProductName: '?・????N' ProductVersion: '1.0.0.0' RVA: 006469C8h; Offset: 003089C8h; Size: 1152 bytes VersionInfo resource: FileVersion: 0.1.1.0 ProductVersion: 0.1.1.0 Target OS: 32 bit Windows Language '041104b0' Comments: 'Dynasty Warriors 4 for Windows (Spanish)' CompanyName: 'KOEI Co., Ltd.' FileDescription: 'Dynasty Warriors 4.exe' FileVersion: '0.1.1.0' InternalName: 'Dynasty Warriors 4.exe' LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd. Todos los derechos reservados.' LegalTrademarks: '(R) Dynasty Warriors 4, (C) KOEI Co., Ltd.' OriginalFilename: 'Dynasty Warriors 4.exe' ProductName: 'Dynasty Warriors 4 for Windows ' ProductVersion: '0.1.1.0' Total resource size: 74880 bytes (data: 71216 bytes, TOC: 3664 bytes) Processed with: Seems to be linked with Microsoft linker 7.1 / .NET 2003 2005-4-26 09:06 0
ikki 雪币： 270 活跃值： (176) 能力值： ( LV12，RANK：370 ) 在线值：发帖 17 回帖 316 粉丝 1 关注私信	ikki 9 6 楼 peid检查到程序入口点不在代码段范围之内,就提示 'Not a valid PE file' 2005-4-26 11:13 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

skyege

雪币： 229

活跃值： (70)

能力值：

( LV6，RANK：90 )

在线值：

发帖

10

回帖

555

粉丝

0

关注

私信

skyege 2: 2 楼

把入口点改为 00401A90 看看是什么。

2005-4-26 00:23

0

jfaumt

雪币： 33

活跃值： (25)

能力值：

( LV2，RANK：10 )

在线值：

发帖

23

回帖

137

粉丝

0

关注

私信

jfaumt: 3 楼

但是，它是如何让PEID检测为“不是有效的PE文件”的呢？

2005-4-26 08:57

0

鸡蛋壳

雪币： 427

活跃值： (412)

能力值：

( LV2，RANK：10 )

在线值：

发帖

456

回帖

3147

粉丝

9

关注

私信

鸡蛋壳: 4 楼

这方法仅仅只能对付PEID，应该算PEID的BUG。

gt2 0.34 (c) 1999-2004 by PHaX (coding@helger.com)

- D:\IP轰炸机.exe (61440 bytes) - binary

Is a DOS executable
  Size of header:    00000040h/64 bytes
  File size in header: 00000490h/1168 bytes
  Entrypoint:       00000040h/64
  Overlay size:       0000EB70h/60272 bytes
  No relocation entries

  PE EXE at offset 000000E8h/232
Entrypoint:             00001D4Ch / 7500
Entrypoint RVA:       00001D4Ch
Entrypoint section:    '.text'
Calculated PE EXE size:  0000F000h / 61440 bytes
Image base:             00400000h
Required CPU type:    80386
Required OS:          4.00 - Win 95 or NT 4
Subsystem:             Windows GUI
Linker version:       6.00
Stack reserve:          00100000h / 1048576
Stack commit:          00001000h / 4096
Heap reserve:          00100000h / 1048576
Heap commit:          00001000h / 4096
Flags:
   Relocation info stripped from file
   File is executable
   Line numbers stripped from file
   Local symbols stripped from file
   Machine based on 32-bit-word architecture

Processed with:
   Seems to be linked with Microsoft linker 6.0

Press any key to end the program

2005-4-26 09:04

0

鸡蛋壳

雪币： 427

活跃值： (412)

能力值：

( LV2，RANK：10 )

在线值：

发帖

456

回帖

3147

粉丝

9

关注

私信

鸡蛋壳: 5 楼

还有一个.NET写的壳，PEID也查出来是这个，但对GT2无效。

Listing of all used data directory entries (used: 3, total: 16):
                     Name  Phys offs  RVA       Phys size  Section
               Import Table  002AB068h  002AB068h  00000118h  .rdata
            Ressource Table  00306000h  00644000h  00012578h  .rsrc
      Import Address Table  0025B000h  0025B000h  00000538h  .rdata

Functions from the following DLLs are imported:
   [0] DSOUND.dll
   [1] DINPUT8.dll
   [2] d3d9.dll
   [3] WINMM.dll
   [4] KERNEL32.dll
   [5] USER32.dll
   [6] GDI32.dll
   [7] ADVAPI32.dll
   [8] SHELL32.dll
   [9] ole32.dll
   [10] psrpc.dll
   [11] var_conv.dll
   [12] HttpFile.dll

Resources at offset 00306000h (RVA 00644000h) for 75128 bytes:
      Cursor:
      ID: 0000000Ah/10
         RVA: 0064D0B8h; Offset: 0030F0B8h; Size: 308 bytes
      ID: 0000000Bh/11
         RVA: 0064D1F0h; Offset: 0030F1F0h; Size: 180 bytes
      ID: 0000000Ch/12
         RVA: 0064D2D0h; Offset: 0030F2D0h; Size: 308 bytes
      ID: 0000000Dh/13
         RVA: 0064D420h; Offset: 0030F420h; Size: 308 bytes
      ID: 0000000Eh/14
         RVA: 0064D570h; Offset: 0030F570h; Size: 308 bytes
      ID: 0000000Fh/15
         RVA: 0064D6C0h; Offset: 0030F6C0h; Size: 308 bytes
      ID: 00000010h/16
         RVA: 0064D810h; Offset: 0030F810h; Size: 308 bytes
      ID: 00000011h/17
         RVA: 0064D960h; Offset: 0030F960h; Size: 308 bytes
      ID: 00000012h/18
         RVA: 0064DAB0h; Offset: 0030FAB0h; Size: 308 bytes
      ID: 00000013h/19
         RVA: 0064DC00h; Offset: 0030FC00h; Size: 308 bytes
      ID: 00000014h/20
         RVA: 0064DD50h; Offset: 0030FD50h; Size: 308 bytes
      ID: 00000015h/21
         RVA: 0064DEA0h; Offset: 0030FEA0h; Size: 308 bytes
      ID: 00000016h/22
         RVA: 0064DFF0h; Offset: 0030FFF0h; Size: 308 bytes
      ID: 00000017h/23
         RVA: 0064E140h; Offset: 00310140h; Size: 308 bytes
      ID: 00000018h/24
         RVA: 0064E290h; Offset: 00310290h; Size: 308 bytes
      ID: 00000019h/25
         RVA: 0064E3E0h; Offset: 003103E0h; Size: 308 bytes
      Bitmap:
      ID: 00007912h/30994
         RVA: 0064E618h; Offset: 00310618h; Size: 184 bytes
      ID: 00007914h/30996
         RVA: 0064E6D0h; Offset: 003106D0h; Size: 324 bytes
      Icon:
      ID: 00000001h/1
         RVA: 00646E48h; Offset: 00308E48h; Size: 1640 bytes
      ID: 00000002h/2
         RVA: 006474B0h; Offset: 003094B0h; Size: 744 bytes
      ID: 00000003h/3
         RVA: 00647798h; Offset: 00309798h; Size: 296 bytes
      ID: 00000004h/4
         RVA: 006478C0h; Offset: 003098C0h; Size: 3752 bytes
      ID: 00000005h/5
         RVA: 00648768h; Offset: 0030A768h; Size: 2216 bytes
      ID: 00000006h/6
         RVA: 00649010h; Offset: 0030B010h; Size: 1384 bytes
      ID: 00000007h/7
         RVA: 00649578h; Offset: 0030B578h; Size: 9640 bytes
      ID: 00000008h/8
         RVA: 0064BB20h; Offset: 0030DB20h; Size: 4264 bytes
      ID: 00000009h/9
         RVA: 0064CBC8h; Offset: 0030EBC8h; Size: 1128 bytes
      ID: 0000001Ah/26
         RVA: 0064E818h; Offset: 00310818h; Size: 1640 bytes
      ID: 0000001Bh/27
         RVA: 0064EE80h; Offset: 00310E80h; Size: 744 bytes
      ID: 0000001Ch/28
         RVA: 0064F168h; Offset: 00311168h; Size: 296 bytes
      ID: 0000001Dh/29
         RVA: 0064F290h; Offset: 00311290h; Size: 3752 bytes
      ID: 0000001Eh/30
         RVA: 00650138h; Offset: 00312138h; Size: 2216 bytes
      ID: 0000001Fh/31
         RVA: 006509E0h; Offset: 003129E0h; Size: 1384 bytes
      ID: 00000020h/32
         RVA: 00650F48h; Offset: 00312F48h; Size: 9640 bytes
      ID: 00000021h/33
         RVA: 006534F0h; Offset: 003154F0h; Size: 4264 bytes
      ID: 00000022h/34
         RVA: 00654598h; Offset: 00316598h; Size: 1128 bytes
      Dialog:
      ID: 00000090h/144
         RVA: 00645B40h; Offset: 00307B40h; Size: 1442 bytes
      ID: 00007801h/30721
         RVA: 0064E530h; Offset: 00310530h; Size: 232 bytes
      String Table:
      ID: 00000F01h/3841
         RVA: 00654E78h; Offset: 00316E78h; Size: 130 bytes
      ID: 00000F02h/3842
         RVA: 00654F00h; Offset: 00316F00h; Size: 42 bytes
      ID: 00000F03h/3843
         RVA: 00654F30h; Offset: 00316F30h; Size: 402 bytes
      ID: 00000F11h/3857
         RVA: 006550C8h; Offset: 003170C8h; Size: 1250 bytes
      ID: 00000F12h/3858
         RVA: 00655940h; Offset: 00317940h; Size: 794 bytes
      ID: 00000F13h/3859
         RVA: 00655660h; Offset: 00317660h; Size: 732 bytes
      ID: 00000F14h/3860
         RVA: 006564A0h; Offset: 003184A0h; Size: 138 bytes
      ID: 00000F19h/3865
         RVA: 006555B0h; Offset: 003175B0h; Size: 172 bytes
      ID: 00000F1Ah/3866
         RVA: 00656390h; Offset: 00318390h; Size: 222 bytes
      ID: 00000F1Bh/3867
         RVA: 00655C60h; Offset: 00317C60h; Size: 1220 bytes
      ID: 00000F1Ch/3868
         RVA: 00656128h; Offset: 00318128h; Size: 612 bytes
      ID: 00000F1Dh/3869
         RVA: 00656470h; Offset: 00318470h; Size: 44 bytes
      ID: 00000F2Fh/3887
         RVA: 00656530h; Offset: 00318530h; Size: 66 bytes
      Cursor Group:
      ID: 00007901h/30977
         RVA: 0064D2A8h; Offset: 0030F2A8h; Size: 34 bytes
      ID: 00007916h/30998
         RVA: 0064DA98h; Offset: 0030FA98h; Size: 20 bytes
      ID: 00007917h/30999
         RVA: 0064D408h; Offset: 0030F408h; Size: 20 bytes
      ID: 00007918h/31000
         RVA: 0064D948h; Offset: 0030F948h; Size: 20 bytes
      ID: 00007919h/31001
         RVA: 0064D7F8h; Offset: 0030F7F8h; Size: 20 bytes
      ID: 0000791Ah/31002
         RVA: 0064E128h; Offset: 00310128h; Size: 20 bytes
      ID: 0000791Bh/31003
         RVA: 0064D6A8h; Offset: 0030F6A8h; Size: 20 bytes
      ID: 0000791Ch/31004
         RVA: 0064DD38h; Offset: 0030FD38h; Size: 20 bytes
      ID: 0000791Dh/31005
         RVA: 0064D558h; Offset: 0030F558h; Size: 20 bytes
      ID: 0000791Eh/31006
         RVA: 0064DBE8h; Offset: 0030FBE8h; Size: 20 bytes
      ID: 0000791Fh/31007
         RVA: 0064DE88h; Offset: 0030FE88h; Size: 20 bytes
      ID: 00007920h/31008
         RVA: 0064DFD8h; Offset: 0030FFD8h; Size: 20 bytes
      ID: 00007921h/31009
         RVA: 0064E278h; Offset: 00310278h; Size: 20 bytes
      ID: 00007922h/31010
         RVA: 0064E3C8h; Offset: 003103C8h; Size: 20 bytes
      ID: 00007923h/31011
         RVA: 0064E518h; Offset: 00310518h; Size: 20 bytes
      Icon Group:
      ID: 80000E50h/2147487312
         RVA: 00654A00h; Offset: 00316A00h; Size: 132 bytes
      ID: 00000065h/101
         RVA: 0064D030h; Offset: 0030F030h; Size: 132 bytes
      Version Info:
      ID: 00000001h/1
         RVA: 00645268h; Offset: 00307268h; Size: 1136 bytes
         VersionInfo resource:
            FileVersion: 0.1.1.0
            ProductVersion: 0.1.1.0
            Target OS:    32 bit Windows
            Language '041104b0'
               Comments: 'Dynasty Warriors 4 for Windows (German)'
               CompanyName: 'KOEI Co., Ltd.'
               FileDescription: 'Dynasty Warriors 4.exe'
               FileVersion: '0.1.1.0'
               InternalName: 'Dynasty Warriors 4.exe'
               LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd.  Alle
Rechte vorbehalten.'
               LegalTrademarks: '(R) Dynasty Warriors 4, (C) KOEI Co., Ltd.'
               OriginalFilename: 'Dynasty Warriors 4.exe'
               ProductName: 'Dynasty Warriors 4 for Windows '
               ProductVersion: '0.1.1.0'

         RVA: 006456D8h; Offset: 003076D8h; Size: 1128 bytes
         VersionInfo resource:
            FileVersion: 0.1.1.0
            ProductVersion: 0.1.1.0
            Target OS:    32 bit Windows
            Language '041104b0'
               Comments: 'Dynasty Warriors 4 for Windows (English)'
               CompanyName: 'KOEI Co., Ltd.'
               FileDescription: 'Dynasty Warriors 4.exe'
               FileVersion: '0.1.1.0'
               InternalName: 'Dynasty Warriors 4.exe'
               LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd.  All r
ights reserved'
               LegalTrademarks: '(R) Dynasty Warriors 4, (C) KOEI Co., Ltd.'
               OriginalFilename: 'Dynasty Warriors 4.exe'
               ProductName: 'Dynasty Warriors 4 for Windows '
               ProductVersion: '0.1.1.0'

         RVA: 006460E8h; Offset: 003080E8h; Size: 1128 bytes
         VersionInfo resource:
            FileVersion: 0.1.1.0
            ProductVersion: 0.1.1.0
            Target OS:    32 bit Windows
            Language '040c04b0'
               Comments: 'Dynasty Warriors 4 for Windows (French)'
               CompanyName: 'KOEI Co., Ltd.'
               FileDescription: 'Dynasty Warriors 4.exe'
               FileVersion: '0.1.1.0'
               InternalName: 'Dynasty Warriors 4.exe'
               LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd.  Tous
droits reserves.'
               LegalTrademarks: '(R) Dynasty Warriors 4, (C) KOEI Co., Ltd.'
               OriginalFilename: 'Dynasty Warriors 4.exe'
               ProductName: 'Dynasty Warriors 4 for Windows '
               ProductVersion: '0.1.1.0'

         RVA: 00646550h; Offset: 00308550h; Size: 1144 bytes
         VersionInfo resource:
            FileVersion: 0.1.1.0
            ProductVersion: 0.1.1.0
            Target OS:    32 bit Windows
            Language '041104b0'
               Comments: 'Dynasty Warriors 4 for Windows (Italian)'
               CompanyName: 'KOEI Co., Ltd.'
               FileDescription: 'Dynasty Warriors 4.exe'
               FileVersion: '0.1.1.0'
               InternalName: 'Dynasty Warriors 4.exe'
               LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd.  Tutti
i diritti riservati.'
               LegalTrademarks: '(R) Dynasty Warriors 4, (C) KOEI Co., Ltd.'
               OriginalFilename: 'Dynasty Warriors 4.exe'
               ProductName: 'Dynasty Warriors 4 for Windows '
               ProductVersion: '0.1.1.0'

         RVA: 00644E70h; Offset: 00306E70h; Size: 1012 bytes
         VersionInfo resource:
            FileVersion: 1.0.0.0
            ProductVersion: 1.0.0.0
            Target OS:    32 bit Windows
            Language '041104b0'
               Comments: '真?三??双３ for Wi'
               CompanyName: 'KOEI Co., Ltd.'
               FileDescription: 'Shin SangokuMusou 3.exe'
               FileVersion: '1.0.0.0'
               InternalName: 'Shin SangokuMusou 3.exe'
               LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd.  All r
ights reserved'
               LegalTrademarks: '(R) 真?三??双３, (C) KOEI Co.,'
               OriginalFilename: 'Shin SangokuMusou 3.exe'
               ProductName: '真?三?N'
               ProductVersion: '1.0.0.0'

         RVA: 00654A88h; Offset: 00316A88h; Size: 1004 bytes
         VersionInfo resource:
            FileVersion: 1.0.0.0
            ProductVersion: 1.0.0.0
            Target OS:    32 bit Windows
            Language '040404b0'
               Comments: '?・????３ for Window'
               CompanyName: 'KOEI Co., Ltd.'
               FileDescription: 'Jin Samgukmussang 3.exe'
               FileVersion: '1.0.0.0'
               InternalName: 'Jin Samgukmussang 3'
               LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd.  All r
ights reserved'
               LegalTrademarks: '(R) ?・????３, (C) KOEI Co., Ltd'
               OriginalFilename: 'Jin Samgukmussang 3.exe'
               ProductName: '?・????N'
               ProductVersion: '1.0.0.0'

         RVA: 006469C8h; Offset: 003089C8h; Size: 1152 bytes
         VersionInfo resource:
            FileVersion: 0.1.1.0
            ProductVersion: 0.1.1.0
            Target OS:    32 bit Windows
            Language '041104b0'
               Comments: 'Dynasty Warriors 4 for Windows (Spanish)'
               CompanyName: 'KOEI Co., Ltd.'
               FileDescription: 'Dynasty Warriors 4.exe'
               FileVersion: '0.1.1.0'
               InternalName: 'Dynasty Warriors 4.exe'
               LegalCopyright: 'Copyright (C) 2003-2005 KOEI Co., Ltd.  Todos
los derechos reservados.'
               LegalTrademarks: '(R) Dynasty Warriors 4, (C) KOEI Co., Ltd.'
               OriginalFilename: 'Dynasty Warriors 4.exe'
               ProductName: 'Dynasty Warriors 4 for Windows '
               ProductVersion: '0.1.1.0'

   Total resource size: 74880 bytes (data: 71216 bytes, TOC: 3664 bytes)

Processed with:
   Seems to be linked with Microsoft linker 7.1 / .NET 2003

2005-4-26 09:06

0