Generated by JEB on 2019/08/01
PE: C:\Windows\System32\qprocess.exe Base=0x140000000 SHA-256=7EE7A6FB1BDD972502D1EB23B7BD471A66CAD63CA3B57D787A173FB290808EB6
PDB: qprocess.pdb GUID={AE461557-B64A-AADD-B340E5B21FC7D96B} Age=1
251 located named symbols:
0x140005598: "%-20s %-16s %4u %5u %0.15s
" ??_C@_0CA@PPCPJOGA@?$CF?920s?5?5?$CF?916s?5?5?$CF4u?5?5?$CF5u?5?5?$CF0?415s?6?$AA@
0x140007000: ptm
0x1400044F4: "__cdecl _raise_securityfailure" __raise_securityfailure
0x1400048E0: "__cdecl FindPESection" _FindPESection
0x140005F74: "__cdecl _IMPORT_DESCRIPTOR_ntdll" __IMPORT_DESCRIPTOR_ntdll
0x140005518: "%d" ??_C@_15KNBIKKIN@?$AA?$CF?$AAd?$AA?$AA@
0x140005398: "__cdecl _imp___getmainargs" __imp___getmainargs
0x140007090: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1400032D4: LookupSidUser
0x140005288: "__cdecl _imp_GetCurrentThreadId" __imp_GetCurrentThreadId
0x140005130: "__cdecl _imp_LookupAccountSidW" __imp_LookupAccountSidW
0x140005928: "*.*" ??_C@_17ECHFBE@?$AA?$CK?$AA?4?$AA?$CK?$AA?$AA@
0x140005300: "__cdecl _imp_WinStationFreeMemory" __imp_WinStationFreeMemory
0x140004BD0: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x140005400: "__cdecl _imp__wcslwr" __imp__wcslwr
0x140005360: "__cdecl _imp_wcstoul" __imp_wcstoul
0x140007660: "__cdecl commode" _commode
0x140005210: "__cdecl _imp_GetFileType" __imp_GetFileType
0x1400023E0: InitWLock
0x1400030A8: InitULock
0x140005320: "__cdecl _imp_wcschr" __imp_wcschr
0x1400051B8: "__cdecl _imp_SetFileApisToOEM" __imp_SetFileApisToOEM
0x1400051B0: "__cdecl _imp_HeapSetInformation" __imp_HeapSetInformation
0x1400052C0: "__cdecl _imp_GetUnknownString" __imp_GetUnknownString
0x140007670: hServerName
0x140005460: "__cdecl _imp_RtlEnterCriticalSection" __imp_RtlEnterCriticalSection
0x1400047B0: "long __cdecl __CxxUnhandledExceptionFilter(struct _EXCEPTION_POINTERS * __ptr64)" ?__CxxUnhandledExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
0x140005480: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x140005930: "." ??_C@_13JOFGPIOO@?$AA?4?$AA?$AA@
0x14000766C: "__cdecl fmode" _fmode
0x1400051F0: "__cdecl _imp_FormatMessageW" __imp_FormatMessageW
0x140005380: "__cdecl _imp__wcsdup" __imp__wcsdup
0x140005358: "__cdecl _imp__wcsnicmp" __imp__wcsnicmp
0x140001090: main
0x140005F24: "__cdecl _IMPORT_DESCRIPTOR_WINSTA" __IMPORT_DESCRIPTOR_WINSTA
0x140005500: "/ID" ??_C@_17IGKKMEKC@?$AA?1?$AAI?$AAD?$AA?$AA@
0x140005408: "__cdecl _imp__ultoa" __imp__ultoa
0x140003F24: unix_match
0x14000480E: "__cdecl XcptFilter" _XcptFilter
0x140002FD8: ProcessObjectMatch
0x140005488: "__cdecl _xc_a" __xc_a
0x140005260: "__cdecl _imp_FindClose" __imp_FindClose
0x14000228C: My_wprintf
0x140001008: StringCchCopyW
0x1400052E0: "__cdecl _imp_WinStationGetAllProcesses" __imp_WinStationGetAllProcesses
0x1400052B0: "__cdecl _imp_OemToCharBuffW" __imp_OemToCharBuffW
0x140008780: ServerName
0x140004B8D: memcpy
0x1400029B0: ParseCommandLineW
0x140005420: "__cdecl _imp_memset" __imp_memset
0x140004A9F: "__cdecl initterm" _initterm
0x140007720: "__cdecl _dyn_tls_init_callback" __dyn_tls_init_callback
0x140005158: "__cdecl _imp_Sleep" __imp_Sleep
0x1400054B8: "__cdecl _xi_z" __xi_z
0x140005440: "__cdecl _imp___iob_func" __imp___iob_func
0x1400051E0: "__cdecl _imp_UnhandledExceptionFilter" __imp_UnhandledExceptionFilter
0x140005770: "ErrorOutFromResource:GetResource" ??_C@_1IK@HELNDLNO@?$AAE?$AAr?$AAr?$AAo?$AAr?$AAO?$AAu?$AAt?$AAF?$AAr?$AAo?$AAm?$AAR?$AAe?$AAs?$AAo?$AAu?$AAr?$AAc?$AAe?$AA?3?$AAG?$AAe?$AAt?$AAR?$AAe?$AAs?$AAo?$AAu?$AAr?$AAc?$AAe@
0x140005448: "__cdecl _imp_wcscmp" __imp_wcscmp
0x140005218: "__cdecl _imp_GetCommandLineW" __imp_GetCommandLineW
0x140004AAB: "__cdecl _C_specific_handler" __C_specific_handler
0x140004B99: memmove
0x140002030: FindMsg
0x140004B2C: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x140001480: FormatAndDisplayProcessInfo
0x140001E94: ErrorPrintf
0x140005594: ">" ??_C@_13MOEPKPHB@?$AA?$DO?$AA?$AA@
0x140005650: "GetResourceStringFromUtilDll: In" ??_C@_1IM@LKEOIJAK@?$AAG?$AAe?$AAt?$AAR?$AAe?$AAs?$AAo?$AAu?$AAr?$AAc?$AAe?$AAS?$AAt?$AAr?$AAi?$AAn?$AAg?$AAF?$AAr?$AAo?$AAm?$AAU?$AAt?$AAi?$AAl?$AAD?$AAl?$AAl?$AA?3?$AA?5?$AAI?$AAn@
0x1400048C3: "__cdecl amsg_exit" _amsg_exit
0x140005350: "__cdecl _imp_iswdigit" __imp_iswdigit
0x140005800: "{Message(): LoadString failed, E" ??_C@_1GK@OLOCNHHH@?$AA?$HL?$AAM?$AAe?$AAs?$AAs?$AAa?$AAg?$AAe?$AA?$CI?$AA?$CJ?$AA?3?$AA?5?$AAL?$AAo?$AAa?$AAd?$AAS?$AAt?$AAr?$AAi?$AAn?$AAg?$AA?5?$AAf?$AAa?$AAi?$AAl?$AAe?$AAd?$AA?0?$AA?5?$AAE@
0x140005248: "__cdecl _imp_GetACP" __imp_GetACP
0x1400026A8: MassageCommandLine
0x1400053A8: "__cdecl _imp_exit" __imp_exit
0x1400052C8: UTILDLL_NULL_THUNK_DATA
0x1400051D0: "__cdecl _imp_WideCharToMultiByte" __imp_WideCharToMultiByte
0x1400054F8: "/?" ??_C@_15BAIPABEI@?$AA?1?$AA?$DP?$AA?$AA@
0x140005458: "__cdecl _imp_RtlInitializeCriticalSection" __imp_RtlInitializeCriticalSection
0x1400054E0: " " ??_C@_13HOIJIPNN@?$AA?5?$AA?$AA@
0x140005188: "__cdecl _imp_GetCurrentProcess" __imp_GetCurrentProcess
0x1400052D0: "__cdecl _imp_WinStationEnumerateW" __imp_WinStationEnumerateW
0x140007710: "__cdecl _native_startup_lock" __native_startup_lock
0x140005418: "__cdecl _imp_setlocale" __imp_setlocale
0x1400047F0: "__cdecl _CxxSetUnhandledExceptionFilter" __CxxSetUnhandledExceptionFilter
0x140005368: "__cdecl _imp__wcsicmp" __imp__wcsicmp
0x140005310: "__cdecl _imp_wcscat_s" __imp_wcscat_s
0x1400053D0: "__cdecl _imp___C_specific_handler" __imp___C_specific_handler
0x140005168: "__cdecl _imp_RtlCaptureContext" __imp_RtlCaptureContext
0x140005298: KERNEL32_NULL_THUNK_DATA
0x1400051A0: "__cdecl _imp_GetLastError" __imp_GetLastError
0x140004B08: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1400053E0: "__cdecl _imp__commode" __imp__commode
0x1400070A0: ArgLogonId
0x1400053C0: "__cdecl _imp___setusermatherr" __imp___setusermatherr
0x140007678: help_flag
0x140005148: "__cdecl _imp_EqualSid" __imp_EqualSid
0x140005F88: "__cdecl _IMPORT_DESCRIPTOR_ADVAPI32" __IMPORT_DESCRIPTOR_ADVAPI32
0x140001F78: PutStdErr
0x1400051C0: "__cdecl _imp_GetCurrentProcessId" __imp_GetCurrentProcessId
0x1400053F0: "__cdecl _imp_swprintf_s" __imp_swprintf_s
0x140004990: "__cdecl ValidateImageBase" _ValidateImageBase
0x1400044A0: mainCRTStartup
0x140007680: NtDllHandle
0x140005230: "__cdecl _imp_VerSetConditionMask" __imp_VerSetConditionMask
0x140005208: "__cdecl _imp_FreeLibrary" __imp_FreeLibrary
0x140007668: "__cdecl newmode" _newmode
0x140005240: "__cdecl _imp_GetOEMCP" __imp_GetOEMCP
0x140004AD8: "__cdecl _acrt_iob_func" __acrt_iob_func
0x1400053C8: "__cdecl _imp__initterm" __imp__initterm
0x1400053A0: "__cdecl _imp___set_app_type" __imp___set_app_type
0x1400048D0: "__cdecl setargv" _setargv
0x1400051D8: "__cdecl _imp_SetLastError" __imp_SetLastError
0x1400058F0: "NTDLL" ??_C@_1M@OJAIJKMJ@?$AAN?$AAT?$AAD?$AAL?$AAL?$AA?$AA@
0x140003544: OEM2ANSIW
0x1400022D0: My_fwprintf
0x140007700: "__cdecl _onexitend" __onexitend
0x140005120: "__cdecl _imp_AdjustTokenPrivileges" __imp_AdjustTokenPrivileges
0x1400053B0: "__cdecl _imp__exit" __imp__exit
0x140005478: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x140005250: "__cdecl _imp_FindFirstFileW" __imp_FindFirstFileW
0x140005278: "__cdecl _imp_TerminateProcess" __imp_TerminateProcess
0x1400052B8: USER32_NULL_THUNK_DATA
0x140005348: "__cdecl _imp_wcstol" __imp_wcstol
0x140005370: "__cdecl _imp__wsetlocale" __imp__wsetlocale
0x1400052E8: "__cdecl _imp_WinStationOpenServerW" __imp_WinStationOpenServerW
0x140005510: ".%d" ??_C@_17JFAEKECD@?$AA?4?$AA?$CF?$AAd?$AA?$AA@
0x1400052F0: "__cdecl _imp_WinStationEnumerateProcesses" __imp_WinStationEnumerateProcesses
0x1400054A0: "__cdecl _xi_a" __xi_a
0x140005160: "__cdecl _imp_GetTickCount" __imp_GetTickCount
0x1400048D0: "__cdecl matherr" _matherr
0x140001834: Usage
0x140005920: "%s" ??_C@_15GANGMFKL@?$AA?$CF?$AAs?$AA?$AA@
0x1400052D8: "__cdecl _imp_WinStationQueryInformationW" __imp_WinStationQueryInformationW
0x1400046A8: "__cdecl _report_rangecheckfailure" __report_rangecheckfailure
0x140005934: ".." ??_C@_15DDHGOCBH@?$AA?4?$AA?4?$AA?$AA@
0x140005200: "__cdecl _imp_WriteConsoleW" __imp_WriteConsoleW
0x14000591C: "%s" ??_C@_02DKCKIIND@?$CFs?$AA@
0x140005318: "__cdecl _imp_vswprintf_s" __imp_vswprintf_s
0x1400044D0: "__cdecl _security_check_cookie" __security_check_cookie
0x140005190: "__cdecl _imp_GetConsoleOutputCP" __imp_GetConsoleOutputCP
0x140005498: "__cdecl _xc_z" __xc_z
0x140005910: "ID %d" ??_C@_1M@KEOCIFKM@?$AAI?$AAD?$AA?5?$AA?$CF?$AAd?$AA?$AA@
0x140005570: "(%s)" ??_C@_19KBOFCHEE@?$AA?$CI?$AA?$CF?$AAs?$AA?$CJ?$AA?$AA@
0x1400053E8: "__cdecl _imp_?terminate@@YAXXZ" __imp_?terminate@@YAXXZ
0x14000191C: SetPrivilege
0x140005180: "__cdecl _imp_GetSystemTimeAsFileTime" __imp_GetSystemTimeAsFileTime
0x140005290: "__cdecl _imp_GetStdHandle" __imp_GetStdHandle
0x140005220: "__cdecl _imp_LocalAlloc" __imp_LocalAlloc
0x140005258: "__cdecl _imp_FindNextFileW" __imp_FindNextFileW
0x1400089A0: match_string
0x1400051E8: "__cdecl _imp_MultiByteToWideChar" __imp_MultiByteToWideChar
0x1400054C0: "__cdecl _guard_fids_table" __guard_fids_table
0x140005410: "__cdecl _imp_wcscpy_s" __imp_wcscpy_s
0x140005450: msvcrt_NULL_THUNK_DATA
0x140005010: "__cdecl load_config_used" _load_config_used
0x140005378: "__cdecl _imp_printf" __imp_printf
0x1400052F8: "__cdecl _imp_WinStationFreeGAPMemory" __imp_WinStationFreeGAPMemory
0x1400055B8: "utildll.dll" ??_C@_1BI@OFICJFJG@?$AAu?$AAt?$AAi?$AAl?$AAd?$AAl?$AAl?$AA?4?$AAd?$AAl?$AAl?$AA?$AA@
0x140005548: "SeDebugPrivilege" ??_C@_1CC@DMDJMJLM@?$AAS?$AAe?$AAD?$AAe?$AAb?$AAu?$AAg?$AAP?$AAr?$AAi?$AAv?$AAi?$AAl?$AAe?$AAg?$AAe?$AA?$AA@
0x140005F4C: "__cdecl _IMPORT_DESCRIPTOR_USER32" __IMPORT_DESCRIPTOR_USER32
0x140001B24: ErrorOutFromResource
0x140005390: "__cdecl _imp__amsg_exit" __imp__amsg_exit
0x1400054E8: "/server" ??_C@_1BA@KNOCBOCH@?$AA?1?$AAs?$AAe?$AAr?$AAv?$AAe?$AAr?$AA?$AA@
0x140005900: "System" ??_C@_1O@GINMMDNN@?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?$AA@
0x1400052A0: "__cdecl _imp_LoadStringW" __imp_LoadStringW
0x14000767A: MatchedOne
0x140005170: "__cdecl _imp_RtlLookupFunctionEntry" __imp_RtlLookupFunctionEntry
0x140005280: "__cdecl _imp_QueryPerformanceCounter" __imp_QueryPerformanceCounter
0x140007664: "__cdecl dowildcard" _dowildcard
0x140007740: arg_data
0x140005468: "__cdecl _imp_RtlLeaveCriticalSection" __imp_RtlLeaveCriticalSection
0x140001BF4: ScanPrintfString
0x140007780: MsgBuf
0x140005330: "__cdecl _imp_vfwprintf" __imp_vfwprintf
0x140005178: "__cdecl _imp_RtlVirtualUnwind" __imp_RtlVirtualUnwind
0x140004AC0: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x14000481C: RtlpImageNtHeader
0x1400051C8: "__cdecl _imp_GetModuleHandleW" __imp_GetModuleHandleW
0x140005238: "__cdecl _imp_VerifyVersionInfoW" __imp_VerifyVersionInfoW
0x1400052A8: "__cdecl _imp_CharToOemW" __imp_CharToOemW
0x1400053F8: "__cdecl _imp_fprintf" __imp_fprintf
0x140005508: ".OCP" ??_C@_04EMDMLPCB@?4OCP?$AA@
0x140005388: "__cdecl _imp__XcptFilter" __imp__XcptFilter
0x140005198: "__cdecl _imp_SetThreadUILanguage" __imp_SetThreadUILanguage
0x140005338: "__cdecl _imp_fwprintf" __imp_fwprintf
0x140005470: ntdll_NULL_THUNK_DATA
0x140005430: "__cdecl _imp_memcpy" __imp_memcpy
0x140004AFC: "__cdecl _iob_func" __iob_func
0x140003660: expand_path
0x140007088: "__cdecl _security_cookie" __security_cookie
0x1400058E8: "..." ??_C@_17LGKOMLJ@?$AA?4?$AA?4?$AA?4?$AA?$AA@
0x1400051A8: "__cdecl _imp_CloseHandle" __imp_CloseHandle
0x140005228: "__cdecl _imp_LocalFree" __imp_LocalFree
0x140005138: "__cdecl _imp_GetLengthSid" __imp_GetLengthSid
0x140007080: "__cdecl _defaultmatherr" __defaultmatherr
0x1400051F8: "__cdecl _imp_LoadLibraryW" __imp_LoadLibraryW
0x140005268: "__cdecl _imp_GetFileAttributesW" __imp_GetFileAttributesW
0x140005118: "__cdecl _imp_CopySid" __imp_CopySid
0x140007708: "__cdecl _onexitbegin" __onexitbegin
0x1400022F8: My_vfwprintf
0x140003118: GetUserNameFromSid
0x140005F38: "__cdecl _IMPORT_DESCRIPTOR_UTILDLL" __IMPORT_DESCRIPTOR_UTILDLL
0x140005270: "__cdecl _imp_SetUnhandledExceptionFilter" __imp_SetUnhandledExceptionFilter
0x140005F60: "__cdecl _IMPORT_DESCRIPTOR_KERNEL32" __IMPORT_DESCRIPTOR_KERNEL32
0x1400049C4: "__cdecl _security_init_cookie" __security_init_cookie
0x1400056E0: "GetResourceStringFromUtilDll: Lo" ??_C@_1IM@NKKDFGJP@?$AAG?$AAe?$AAt?$AAR?$AAe?$AAs?$AAo?$AAu?$AAr?$AAc?$AAe?$AAS?$AAt?$AAr?$AAi?$AAn?$AAg?$AAF?$AAr?$AAo?$AAm?$AAU?$AAt?$AAi?$AAl?$AAD?$AAl?$AAl?$AA?3?$AA?5?$AAL?$AAo@
0x1400055D0: "GetResourceStringFromUtilDll: Lo" ??_C@_1HI@PNJKHAPO@?$AAG?$AAe?$AAt?$AAR?$AAe?$AAs?$AAo?$AAu?$AAr?$AAc?$AAe?$AAS?$AAt?$AAr?$AAi?$AAn?$AAg?$AAF?$AAr?$AAo?$AAm?$AAU?$AAt?$AAi?$AAl?$AAD?$AAl?$AAl?$AA?3?$AA?5?$AAL?$AAo@
0x1400053B8: "__cdecl _imp__cexit" __imp__cexit
0x140004878: "__cdecl get_image_app_type" _get_image_app_type
0x14000347C: ANSI2OEM_Wprintf
0x140005F9C: "__cdecl _IMPORT_DESCRIPTOR_msvcrt" __IMPORT_DESCRIPTOR_msvcrt
0x140004BB1: wcscmp
0x140005428: "__cdecl _imp_memmove" __imp_memmove
0x140005438: "__cdecl _imp_wprintf" __imp_wprintf
0x140005340: "__cdecl _imp_malloc" __imp_malloc
0x140005150: ADVAPI32_NULL_THUNK_DATA
0x140002450: xxxGetWinStationNameFromId
0x140005128: "__cdecl _imp_LookupPrivilegeValueW" __imp_LookupPrivilegeValueW
0x140004530: "__cdecl _report_gsfailure" __report_gsfailure
0x140007718: "__cdecl _native_startup_state" __native_startup_state
0x140005580: "(Unknown)" ??_C@_1BE@HFCBJGEA@?$AA?$CI?$AAU?$AAn?$AAk?$AAn?$AAo?$AAw?$AAn?$AA?$CJ?$AA?$AA@
0x140005520: "SeSecurityPrivilege" ??_C@_1CI@EODHFOHP@?$AAS?$AAe?$AAS?$AAe?$AAc?$AAu?$AAr?$AAi?$AAt?$AAy?$AAP?$AAr?$AAi?$AAv?$AAi?$AAl?$AAe?$AAg?$AAe?$AA?$AA@
0x140001E0C: StringErrorPrintf
0x1400053D8: "__cdecl _imp__fmode" __imp__fmode
0x140005308: WINSTA_NULL_THUNK_DATA
0x140001D44: Message
0x140005328: "__cdecl _imp_free" __imp_free
0x140004930: "__cdecl IsNonwritableInCurrentImage" _IsNonwritableInCurrentImage
0x140001A50: GetResourceStringFromUtilDll
0x140005140: "__cdecl _imp_OpenProcessToken" __imp_OpenProcessToken
0x1400025F4: GetWinStationUserName
0x140005870: "{ErrorPrintf(): LoadString faile" ??_C@_1HC@PAPHOGPH@?$AA?$HL?$AAE?$AAr?$AAr?$AAo?$AAr?$AAP?$AAr?$AAi?$AAn?$AAt?$AAf?$AA?$CI?$AA?$CJ?$AA?3?$AA?5?$AAL?$AAo?$AAa?$AAd?$AAS?$AAt?$AAr?$AAi?$AAn?$AAg?$AA?5?$AAf?$AAa?$AAi?$AAl?$AAe@
0x140004BA5: memset
0x140005FB0: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR
[JEB Decompiler by PNF Software]