Generated by JEB on 2019/08/01
PE: C:\Windows\System32\srdelayed.exe Base=0x140000000 SHA-256=A08C035486870C25A5DE27153B5908168A325CD397D418F0EC3488B294E1B6D3
PDB: srdelayed.pdb GUID={06B6DC00-734A-9AE8-7365B112AC6B433C} Age=1
142 located named symbols:
0x140004010: c_ucsSetFileShortName
0x1400041C0: "__cdecl _imp_RtlFreeUnicodeString" __imp_RtlFreeUnicodeString
0x1400048FC: "__cdecl _IMPORT_DESCRIPTOR_ntdll" __IMPORT_DESCRIPTOR_ntdll
0x140005720: g_pwszArgv0
0x140005718: g_pwszArgv1
0x1400021AC: GenerateDeleteAltName
0x140005138: "__cdecl _security_cookie_complement" __security_cookie_complement
0x1400043C0: "RestoreStatusResult" ??_C@_1CI@OKBLKGHL@?$AAR?$AAe?$AAs?$AAt?$AAo?$AAr?$AAe?$AAS?$AAt?$AAa?$AAt?$AAu?$AAs?$AAR?$AAe?$AAs?$AAu?$AAl?$AAt?$AA?$AA@
0x1400041C8: "__cdecl _imp_NtCreateThreadEx" __imp_NtCreateThreadEx
0x1400013D4: HexDecode
0x14000133C: AppendUnicodeString
0x140004180: "__cdecl _imp_RtlWriteRegistryValue" __imp_RtlWriteRegistryValue
0x1400041D8: "__cdecl _imp_RtlInitUnicodeString" __imp_RtlInitUnicodeString
0x14000197C: FileExists
0x140003920: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x140003298: NtProcessStartupW_AfterSecurityCookieInitialized
0x1400041E8: "__cdecl _imp_NtReadFile" __imp_NtReadFile
0x140002014: DelayedDeleteAltName
0x1400041B0: "__cdecl _imp_NtWriteFile" __imp_NtWriteFile
0x140004190: "__cdecl _imp_RtlDeleteRegistryValue" __imp_RtlDeleteRegistryValue
0x1400042C8: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1400044B8: "SrDelayedOperation" ??_C@_1CG@KLICLOOA@?$AAS?$AAr?$AAD?$AAe?$AAl?$AAa?$AAy?$AAe?$AAd?$AAO?$AAp?$AAe?$AAr?$AAa?$AAt?$AAi?$AAo?$AAn?$AA?$AA@
0x1400016C8: SetBasicFileInformation
0x1400024F0: CheckBootExecute
0x1400038CD: memcpy
0x14000376C: "__cdecl _security_init_cookie_ex" __security_init_cookie_ex
0x1400042B0: "__cdecl _imp_memset" __imp_memset
0x140004020: c_ucsMoveFile
0x140004250: "__cdecl _imp_NtWaitForSingleObject" __imp_NtWaitForSingleObject
0x140005708: g_hProgressEvent
0x14000382E: RtlUnhandledExceptionFilter
0x140004428: "SrDelayedError" ??_C@_1BO@MICLCKDA@?$AAS?$AAr?$AAD?$AAe?$AAl?$AAa?$AAy?$AAe?$AAd?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?$AA@
0x14000380A: RtlCaptureContext
0x140004030: c_ucsAltName
0x1400038D9: memmove
0x140003860: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x140004210: "__cdecl _imp_NtCreateEvent" __imp_NtCreateEvent
0x140004358: "DeleteFile" ??_C@_1BG@BBGBBMDA@?$AAD?$AAe?$AAl?$AAe?$AAt?$AAe?$AAF?$AAi?$AAl?$AAe?$AA?$AA@
0x140004198: "__cdecl _imp_RtlAllocateHeap" __imp_RtlAllocateHeap
0x140004500: "SrDelayedArg1" ??_C@_1BM@KOBDBOOM@?$AAS?$AAr?$AAD?$AAe?$AAl?$AAa?$AAy?$AAe?$AAd?$AAA?$AAr?$AAg?$AA1?$AA?$AA@
0x140004040: c_ucsInProgress
0x140004260: "__cdecl _imp_NtTerminateProcess" __imp_NtTerminateProcess
0x140004060: c_ucsDeleteFile
0x1400043A8: " " ??_C@_13HOIJIPNN@?$AA?5?$AA?$AA@
0x140004468: "SC=%08x" ??_C@_1BA@CPJALLKG@?$AAS?$AAC?$AA?$DN?$AA?$CF?$AA0?$AA8?$AAx?$AA?$AA@
0x140004220: "__cdecl _imp_NtQueryInformationFile" __imp_NtQueryInformationFile
0x140005000: SystemRestoreTable
0x140001794: MoveDeleteCommon
0x140004268: "__cdecl _imp_RtlCaptureContext" __imp_RtlCaptureContext
0x140004178: "__cdecl _imp_RtlQueryRegistryValuesEx" __imp_RtlQueryRegistryValuesEx
0x140005710: g_fBootExecuteFound
0x14000383C: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x1400042A0: "__cdecl _imp_memcmp" __imp_memcmp
0x140004208: "__cdecl _imp_RtlAdjustPrivilege" __imp_RtlAdjustPrivilege
0x1400056E0: g_ucsNewBootExecute
0x1400041F0: "__cdecl _imp_RtlReAllocateHeap" __imp_RtlReAllocateHeap
0x1400043B0: "Debug" ??_C@_1M@OPFBIOCF@?$AAD?$AAe?$AAb?$AAu?$AAg?$AA?$AA@
0x140003570: NtProcessStartupW
0x140004230: "__cdecl _imp_RtlFreeHeap" __imp_RtlFreeHeap
0x1400050B0: SessionManagerTable
0x140004290: "__cdecl _imp_iswspace" __imp_iswspace
0x1400041A8: "__cdecl _imp_RtlEqualUnicodeString" __imp_RtlEqualUnicodeString
0x140004448: "Session Manager" ??_C@_1CA@NGDFGHGA@?$AAS?$AAe?$AAs?$AAs?$AAi?$AAo?$AAn?$AA?5?$AAM?$AAa?$AAn?$AAa?$AAg?$AAe?$AAr?$AA?$AA@
0x1400042C0: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x140003816: RtlLookupFunctionEntry
0x14000138C: FromHex
0x1400041B8: "__cdecl _imp_RtlAppendUnicodeToString" __imp_RtlAppendUnicodeToString
0x1400037FE: NtTerminateProcess
0x140004300: ".%ld" ??_C@_19DHAFGHKN@?$AA?4?$AA?$CF?$AAl?$AAd?$AA?$AA@
0x140005728: g_fDebug
0x1400026CC: wmain
0x140001F70: SuicideThread
0x140004408: "SystemRestore" ??_C@_1BM@KICGOAAP@?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AAR?$AAe?$AAs?$AAt?$AAo?$AAr?$AAe?$AA?$AA@
0x140004520: "0xffffffff" ??_C@_1BG@BOCNBPEF@?$AA0?$AAx?$AAf?$AAf?$AAf?$AAf?$AAf?$AAf?$AAf?$AAf?$AA?$AA@
0x140004298: "__cdecl _imp_RtlNormalizeProcessParams" __imp_RtlNormalizeProcessParams
0x1400042F0: "" ??_C@_11LOCGONAA@?$AA?$AA@
0x140001008: RtlStringCbPrintfExW
0x1400035A0: "__cdecl _security_check_cookie" __security_check_cookie
0x1400056F8: g_hExitEvent
0x140004370: "SetFileShortName" ??_C@_1CC@BJHNCGJM@?$AAS?$AAe?$AAt?$AAF?$AAi?$AAl?$AAe?$AAS?$AAh?$AAo?$AAr?$AAt?$AAN?$AAa?$AAm?$AAe?$AA?$AA@
0x140001D4C: DoDeleteFile
0x1400014B4: GetEntry
0x140004310: "NotExecuted" ??_C@_1BI@HGABPFMH@?$AAN?$AAo?$AAt?$AAE?$AAx?$AAe?$AAc?$AAu?$AAt?$AAe?$AAd?$AA?$AA@
0x14000123C: Realloc
0x140005120: g_fDelayedList
0x1400041A0: "__cdecl _imp_RtlExitUserProcess" __imp_RtlExitUserProcess
0x1400024E0: CheckStatus
0x140004398: "AltName" ??_C@_1BA@DGJGPLMN@?$AAA?$AAl?$AAt?$AAN?$AAa?$AAm?$AAe?$AA?$AA@
0x140004050: c_ucsNotExecuted
0x140004248: "__cdecl _imp_RtlDuplicateUnicodeString" __imp_RtlDuplicateUnicodeString
0x1400042D0: "__cdecl _guard_fids_table" __guard_fids_table
0x140004218: "__cdecl _imp_NtShutdownSystem" __imp_NtShutdownSystem
0x140004070: "__cdecl load_config_used" _load_config_used
0x140004240: "__cdecl _imp_RtlSetHeapInformation" __imp_RtlSetHeapInformation
0x1400044E0: "SrDelayedArg0" ??_C@_1BM@BGKPHJIJ@?$AAS?$AAr?$AAD?$AAe?$AAl?$AAa?$AAy?$AAe?$AAd?$AAA?$AAr?$AAg?$AA0?$AA?$AA@
0x1400041D0: "__cdecl _imp_RtlSetSystemBootStatus" __imp_RtlSetSystemBootStatus
0x140004200: "__cdecl _imp_NtClose" __imp_NtClose
0x140004270: "__cdecl _imp_RtlLookupFunctionEntry" __imp_RtlLookupFunctionEntry
0x140004488: "RestoreStatusDetails" ??_C@_1CK@MCPKFCHM@?$AAR?$AAe?$AAs?$AAt?$AAo?$AAr?$AAe?$AAS?$AAt?$AAa?$AAt?$AAu?$AAs?$AAD?$AAe?$AAt?$AAa?$AAi?$AAl?$AAs?$AA?$AA@
0x140001B7C: IsExistant
0x140004278: "__cdecl _imp_RtlVirtualUnwind" __imp_RtlVirtualUnwind
0x1400012F4: AddToUnicodeString
0x140005140: g_ThreadStatus
0x140001DCC: DoSetFileShortName
0x140003900: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x1400038C1: memcmp
0x140001C0C: DoMoveFile
0x140002124: Add2Entry
0x140004280: "__cdecl _imp_RtlUnhandledExceptionFilter" __imp_RtlUnhandledExceptionFilter
0x1400042B8: ntdll_NULL_THUNK_DATA
0x1400042A8: "__cdecl _imp_memcpy" __imp_memcpy
0x1400043E8: "SetupExecute" ??_C@_1BK@BJIJONBF@?$AAS?$AAe?$AAt?$AAu?$AAp?$AAE?$AAx?$AAe?$AAc?$AAu?$AAt?$AAe?$AA?$AA@
0x1400041F8: "__cdecl _imp_NtQueryAttributesFile" __imp_NtQueryAttributesFile
0x140005130: "__cdecl _security_cookie" __security_cookie
0x140001A74: MakeAltName
0x140004328: "IN_PROGRESS" ??_C@_1BI@IGKICOEI@?$AAI?$AAN?$AA_?$AAP?$AAR?$AAO?$AAG?$AAR?$AAE?$AAS?$AAS?$AA?$AA@
0x140005714: ulAltCounter
0x140004188: "__cdecl _imp__vsnwprintf" __imp__vsnwprintf
0x140003720: "__cdecl _security_init_cookie" __security_init_cookie
0x140005700: g_hThread
0x140004478: "0x%08x" ??_C@_1O@MNMPKDNM@?$AA0?$AAx?$AA?$CF?$AA0?$AA8?$AAx?$AA?$AA@
0x1400042F8: "SC=" ??_C@_17MKPJIMAN@?$AAS?$AAC?$AA?$DN?$AA?$AA@
0x140004288: "__cdecl _imp_memmove" __imp_memmove
0x1400024C0: CheckDebug
0x140003822: RtlVirtualUnwind
0x1400041E0: "__cdecl _imp_NtSetInformationFile" __imp_NtSetInformationFile
0x1400035D0: "__cdecl _report_gsfailure" __report_gsfailure
0x140004258: "__cdecl _imp_NtOpenFile" __imp_NtOpenFile
0x140004340: "MoveFile" ??_C@_1BC@OLPLICAI@?$AAM?$AAo?$AAv?$AAe?$AAF?$AAi?$AAl?$AAe?$AA?$AA@
0x140004238: "__cdecl _imp_NtWaitForMultipleObjects" __imp_NtWaitForMultipleObjects
0x1400056F0: g_ulValueType
0x140004228: "__cdecl _imp_NtSetEvent" __imp_NtSetEvent
0x1400038E5: memset
0x140004910: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR
[JEB Decompiler by PNF Software]