Generated by JEB on 2019/08/01
PE: C:\Windows\System32\chglogon.exe Base=0x140000000 SHA-256=C91F6B286B59AE125BC039512FF9801354C10E74DCA9CD803067D2CD1441592F
PDB: chglogon.pdb GUID={B09DCB33-0423-9B0C-4E1C6CB798470C9F} Age=1
208 located named symbols:
0x140006000: ptm
0x1400044E4: "1" ??_C@_13JGCMLPCH@?$AA1?$AA?$AA@
0x140003654: "__cdecl _raise_securityfailure" __raise_securityfailure
0x140003A40: "__cdecl FindPESection" _FindPESection
0x140001008: StringCchCatW
0x140004DF0: "__cdecl _IMPORT_DESCRIPTOR_ntdll" __IMPORT_DESCRIPTOR_ntdll
0x1400042E0: "__cdecl _imp___getmainargs" __imp___getmainargs
0x1400060D0: "__cdecl _security_cookie_complement" __security_cookie_complement
0x140004190: "__cdecl _imp_GetCurrentThreadId" __imp_GetCurrentThreadId
0x140004418: "/query" ??_C@_1O@NCONCEFC@?$AA?1?$AAq?$AAu?$AAe?$AAr?$AAy?$AA?$AA@
0x1400048C8: "*.*" ??_C@_17ECHFBE@?$AA?$CK?$AA?4?$AA?$CK?$AA?$AA@
0x140003D10: "__cdecl guard_dispatch_icall_nop" _guard_dispatch_icall_nop
0x140004368: "__cdecl _imp__wcslwr" __imp__wcslwr
0x1400042B0: "__cdecl _imp_wcstoul" __imp_wcstoul
0x140006680: "__cdecl commode" _commode
0x1400041B8: "__cdecl _imp_GetFileType" __imp_GetFileType
0x140004280: "__cdecl _imp_wcschr" __imp_wcschr
0x140004150: "__cdecl _imp_HeapSetInformation" __imp_HeapSetInformation
0x140003910: "long __cdecl __CxxUnhandledExceptionFilter(struct _EXCEPTION_POINTERS * __ptr64)" ?__CxxUnhandledExceptionFilter@@YAJPEAU_EXCEPTION_POINTERS@@@Z
0x1400043B0: "__cdecl _guard_dispatch_icall_fptr" __guard_dispatch_icall_fptr
0x1400048D0: "." ??_C@_13JOFGPIOO@?$AA?4?$AA?$AA@
0x14000668C: "__cdecl fmode" _fmode
0x140004180: "__cdecl _imp_FormatMessageW" __imp_FormatMessageW
0x1400042C0: "__cdecl _imp__wcsdup" __imp__wcsdup
0x1400042B8: "__cdecl _imp__wcsnicmp" __imp__wcsnicmp
0x1400010AC: main
0x140004360: "__cdecl _imp__ultoa" __imp__ultoa
0x140003084: unix_match
0x14000396E: "__cdecl XcptFilter" _XcptFilter
0x1400043B8: "__cdecl _xc_a" __xc_a
0x1400041E0: "__cdecl _imp_FindClose" __imp_FindClose
0x140004450: "/drain" ??_C@_1O@IEBPDGED@?$AA?1?$AAd?$AAr?$AAa?$AAi?$AAn?$AA?$AA@
0x140002158: ParseCommandLineW
0x140004370: "__cdecl _imp_memset" __imp_memset
0x140003BFF: "__cdecl initterm" _initterm
0x1400066D8: "__cdecl _dyn_tls_init_callback" __dyn_tls_init_callback
0x140004230: "__cdecl _imp_Sleep" __imp_Sleep
0x1400043E8: "__cdecl _xi_z" __xi_z
0x140004350: "__cdecl _imp___iob_func" __imp___iob_func
0x140004238: "__cdecl _imp_UnhandledExceptionFilter" __imp_UnhandledExceptionFilter
0x1400047A0: "ErrorOutFromResource:GetResource" ??_C@_1IK@HELNDLNO@?$AAE?$AAr?$AAr?$AAo?$AAr?$AAO?$AAu?$AAt?$AAF?$AAr?$AAo?$AAm?$AAR?$AAe?$AAs?$AAo?$AAu?$AAr?$AAc?$AAe?$AA?3?$AAG?$AAe?$AAt?$AAR?$AAe?$AAs?$AAo?$AAu?$AAr?$AAc?$AAe@
0x1400041C0: "__cdecl _imp_GetCommandLineW" __imp_GetCommandLineW
0x140003C0B: "__cdecl _C_specific_handler" __C_specific_handler
0x140003CED: memmove
0x140001AE4: FindMsg
0x140004340: "__cdecl _imp__wtoi" __imp__wtoi
0x140004160: "__cdecl _imp_RegCloseKey" __imp_RegCloseKey
0x140003C8C: "__cdecl _GSHandlerCheckCommon" __GSHandlerCheckCommon
0x140006690: fQuery
0x140001948: ErrorPrintf
0x140004680: "GetResourceStringFromUtilDll: In" ??_C@_1IM@LKEOIJAK@?$AAG?$AAe?$AAt?$AAR?$AAe?$AAs?$AAo?$AAu?$AAr?$AAc?$AAe?$AAS?$AAt?$AAr?$AAi?$AAn?$AAg?$AAF?$AAr?$AAo?$AAm?$AAU?$AAt?$AAi?$AAl?$AAD?$AAl?$AAl?$AA?3?$AA?5?$AAI?$AAn@
0x140004138: "__cdecl _imp_RegSetValueExW" __imp_RegSetValueExW
0x140003A23: "__cdecl amsg_exit" _amsg_exit
0x140004248: "__cdecl _imp_RegGetMachinePolicyNew" __imp_RegGetMachinePolicyNew
0x1400066A0: fDisable
0x140001660: GetProfileInt_CHGLOGON
0x140001E50: MassageCommandLine
0x1400042F0: "__cdecl _imp_exit" __imp_exit
0x140004428: "/enable" ??_C@_1BA@JMKJPGCH@?$AA?1?$AAe?$AAn?$AAa?$AAb?$AAl?$AAe?$AA?$AA@
0x140004488: "/?" ??_C@_15BAIPABEI@?$AA?1?$AA?$DP?$AA?$AA@
0x14000482C: " " ??_C@_13HOIJIPNN@?$AA?5?$AA?$AA@
0x140004E18: "__cdecl _IMPORT_DESCRIPTOR_REGAPI" __IMPORT_DESCRIPTOR_REGAPI
0x140004228: "__cdecl _imp_GetCurrentProcess" __imp_GetCurrentProcess
0x1400044D0: "Winlogon" ??_C@_1BC@LLFJKFDH@?$AAW?$AAi?$AAn?$AAl?$AAo?$AAg?$AAo?$AAn?$AA?$AA@
0x1400066C8: "__cdecl _native_startup_lock" __native_startup_lock
0x140004348: "__cdecl _imp_setlocale" __imp_setlocale
0x140003950: "__cdecl _CxxSetUnhandledExceptionFilter" __CxxSetUnhandledExceptionFilter
0x140004270: "__cdecl _imp_wcscat_s" __imp_wcscat_s
0x140004318: "__cdecl _imp___C_specific_handler" __imp___C_specific_handler
0x140006694: fEnable
0x140004380: "__cdecl _imp_RtlCaptureContext" __imp_RtlCaptureContext
0x140004240: KERNEL32_NULL_THUNK_DATA
0x140004188: "__cdecl _imp_GetLastError" __imp_GetLastError
0x140003C68: "__cdecl _GSHandlerCheck" __GSHandlerCheck
0x140004328: "__cdecl _imp__commode" __imp__commode
0x1400044A8: "WinStationsDisabled" ??_C@_1CI@EEFKKHBG@?$AAW?$AAi?$AAn?$AAS?$AAt?$AAa?$AAt?$AAi?$AAo?$AAn?$AAs?$AAD?$AAi?$AAs?$AAa?$AAb?$AAl?$AAe?$AAd?$AA?$AA@
0x140004308: "__cdecl _imp___setusermatherr" __imp___setusermatherr
0x140006698: help_flag
0x140001A2C: PutStdErr
0x1400066A4: fSuspend
0x140004200: "__cdecl _imp_GetCurrentProcessId" __imp_GetCurrentProcessId
0x140004338: "__cdecl _imp_swprintf_s" __imp_swprintf_s
0x140003AF0: "__cdecl ValidateImageBase" _ValidateImageBase
0x140003600: mainCRTStartup
0x1400066A8: NtDllHandle
0x140004390: "__cdecl _imp_VerSetConditionMask" __imp_VerSetConditionMask
0x140004438: "/disable" ??_C@_1BC@HANHMOBP@?$AA?1?$AAd?$AAi?$AAs?$AAa?$AAb?$AAl?$AAe?$AA?$AA@
0x1400044A0: "0" ??_C@_13COJANIEC@?$AA0?$AA?$AA@
0x1400041B0: "__cdecl _imp_FreeLibrary" __imp_FreeLibrary
0x140006688: "__cdecl newmode" _newmode
0x140003C38: "__cdecl _acrt_iob_func" __acrt_iob_func
0x140004310: "__cdecl _imp__initterm" __imp__initterm
0x1400042E8: "__cdecl _imp___set_app_type" __imp___set_app_type
0x140003A30: "__cdecl setargv" _setargv
0x140004168: "__cdecl _imp_SetLastError" __imp_SetLastError
0x1400048A8: "NTDLL" ??_C@_1M@OJAIJKMJ@?$AAN?$AAT?$AAD?$AAL?$AAL?$AA?$AA@
0x140004140: "__cdecl _imp_GetVersionExW" __imp_GetVersionExW
0x140001D40: My_fwprintf
0x1400066B8: "__cdecl _onexitend" __onexitend
0x1400042F8: "__cdecl _imp__exit" __imp__exit
0x1400043A8: "__cdecl _guard_check_icall_fptr" __guard_check_icall_fptr
0x140004250: REGAPI_NULL_THUNK_DATA
0x1400041D0: "__cdecl _imp_FindFirstFileW" __imp_FindFirstFileW
0x1400041F0: "__cdecl _imp_TerminateProcess" __imp_TerminateProcess
0x140004260: USER32_NULL_THUNK_DATA
0x1400042A8: "__cdecl _imp_wcstol" __imp_wcstol
0x1400042C8: "__cdecl _imp__wsetlocale" __imp__wsetlocale
0x140004498: ".%d" ??_C@_17JFAEKECD@?$AA?4?$AA?$CF?$AAd?$AA?$AA@
0x1400043D0: "__cdecl _xi_a" __xi_a
0x140004220: "__cdecl _imp_GetTickCount" __imp_GetTickCount
0x140003A30: "__cdecl matherr" _matherr
0x1400013FC: Usage
0x140003808: "__cdecl _report_rangecheckfailure" __report_rangecheckfailure
0x1400048D4: ".." ??_C@_15DDHGOCBH@?$AA?4?$AA?4?$AA?$AA@
0x1400041A0: "__cdecl _imp_WriteConsoleW" __imp_WriteConsoleW
0x140004278: "__cdecl _imp_vswprintf_s" __imp_vswprintf_s
0x140003630: "__cdecl _security_check_cookie" __security_check_cookie
0x140004118: "__cdecl _imp_GetConsoleOutputCP" __imp_GetConsoleOutputCP
0x1400043C8: "__cdecl _xc_z" __xc_z
0x140004330: "__cdecl _imp_?terminate@@YAXXZ" __imp_?terminate@@YAXXZ
0x140004210: "__cdecl _imp_GetSystemTimeAsFileTime" __imp_GetSystemTimeAsFileTime
0x140004170: "__cdecl _imp_GetStdHandle" __imp_GetStdHandle
0x14000669C: fSuspendOneTime
0x140004130: "__cdecl _imp_LocalAlloc" __imp_LocalAlloc
0x1400041D8: "__cdecl _imp_FindNextFileW" __imp_FindNextFileW
0x140004178: "__cdecl _imp_MultiByteToWideChar" __imp_MultiByteToWideChar
0x140004558: "TSServerDrainMode" ??_C@_1CE@GCNMACEF@?$AAT?$AAS?$AAS?$AAe?$AAr?$AAv?$AAe?$AAr?$AAD?$AAr?$AAa?$AAi?$AAn?$AAM?$AAo?$AAd?$AAe?$AA?$AA@
0x1400043F0: "__cdecl _guard_fids_table" __guard_fids_table
0x140004268: "__cdecl _imp_wcscpy_s" __imp_wcscpy_s
0x140004378: msvcrt_NULL_THUNK_DATA
0x140004010: "__cdecl load_config_used" _load_config_used
0x1400045E0: "utildll.dll" ??_C@_1BI@OFICJFJG@?$AAu?$AAt?$AAi?$AAl?$AAd?$AAl?$AAl?$AA?4?$AAd?$AAl?$AAl?$AA?$AA@
0x140004DDC: "__cdecl _IMPORT_DESCRIPTOR_USER32" __IMPORT_DESCRIPTOR_USER32
0x140001878: ErrorOutFromResource
0x1400042D8: "__cdecl _imp__amsg_exit" __imp__amsg_exit
0x140004580: "Software\Microsoft\Windows NT\Cu" ??_C@_1FM@MFBNIFAL@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAM?$AAi?$AAc?$AAr?$AAo?$AAs?$AAo?$AAf?$AAt?$AA?2?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAN?$AAT?$AA?2?$AAC?$AAu@
0x1400048B8: "System" ??_C@_1O@GINMMDNN@?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?$AA@
0x140004258: "__cdecl _imp_LoadStringW" __imp_LoadStringW
0x140004388: "__cdecl _imp_RtlLookupFunctionEntry" __imp_RtlLookupFunctionEntry
0x1400041F8: "__cdecl _imp_QueryPerformanceCounter" __imp_QueryPerformanceCounter
0x140006684: "__cdecl dowildcard" _dowildcard
0x1400066E0: arg_data
0x140006720: MsgBuf
0x140004290: "__cdecl _imp_vfwprintf" __imp_vfwprintf
0x140004398: "__cdecl _imp_RtlVirtualUnwind" __imp_RtlVirtualUnwind
0x140003C20: "__cdecl guard_check_icall_nop" _guard_check_icall_nop
0x14000397C: RtlpImageNtHeader
0x1400041A8: "__cdecl _imp_GetModuleHandleW" __imp_GetModuleHandleW
0x1400041C8: "__cdecl _imp_VerifyVersionInfoW" __imp_VerifyVersionInfoW
0x140004490: ".OCP" ??_C@_04EMDMLPCB@?4OCP?$AA@
0x1400042D0: "__cdecl _imp__XcptFilter" __imp__XcptFilter
0x140004120: "__cdecl _imp_SetThreadUILanguage" __imp_SetThreadUILanguage
0x140004298: "__cdecl _imp_fwprintf" __imp_fwprintf
0x1400043A0: ntdll_NULL_THUNK_DATA
0x140003C5C: "__cdecl _iob_func" __iob_func
0x1400027C0: expand_path
0x1400060C8: "__cdecl _security_cookie" __security_cookie
0x140004208: "__cdecl _imp_RegQueryValueExW" __imp_RegQueryValueExW
0x140004158: "__cdecl _imp_LocalFree" __imp_LocalFree
0x1400060C0: "__cdecl _defaultmatherr" __defaultmatherr
0x140004198: "__cdecl _imp_LoadLibraryW" __imp_LoadLibraryW
0x1400041E8: "__cdecl _imp_GetFileAttributesW" __imp_GetFileAttributesW
0x140004460: "/drainuntilrestart" ??_C@_1CG@IKGDEIKC@?$AA?1?$AAd?$AAr?$AAa?$AAi?$AAn?$AAu?$AAn?$AAt?$AAi?$AAl?$AAr?$AAe?$AAs?$AAt?$AAa?$AAr?$AAt?$AA?$AA@
0x140004148: "__cdecl _imp_RegCreateKeyExW" __imp_RegCreateKeyExW
0x1400066C0: "__cdecl _onexitbegin" __onexitbegin
0x140001D68: My_vfwprintf
0x140004218: "__cdecl _imp_SetUnhandledExceptionFilter" __imp_SetUnhandledExceptionFilter
0x140004E04: "__cdecl _IMPORT_DESCRIPTOR_KERNEL32" __IMPORT_DESCRIPTOR_KERNEL32
0x140004128: "__cdecl _imp_RegOpenKeyExW" __imp_RegOpenKeyExW
0x1400014FC: WriteProfileString_CHGLOGON
0x140003B24: "__cdecl _security_init_cookie" __security_init_cookie
0x140004710: "GetResourceStringFromUtilDll: Lo" ??_C@_1IM@NKKDFGJP@?$AAG?$AAe?$AAt?$AAR?$AAe?$AAs?$AAo?$AAu?$AAr?$AAc?$AAe?$AAS?$AAt?$AAr?$AAi?$AAn?$AAg?$AAF?$AAr?$AAo?$AAm?$AAU?$AAt?$AAi?$AAl?$AAD?$AAl?$AAl?$AA?3?$AA?5?$AAL?$AAo@
0x140004600: "GetResourceStringFromUtilDll: Lo" ??_C@_1HI@PNJKHAPO@?$AAG?$AAe?$AAt?$AAR?$AAe?$AAs?$AAo?$AAu?$AAr?$AAc?$AAe?$AAS?$AAt?$AAr?$AAi?$AAn?$AAg?$AAF?$AAr?$AAo?$AAm?$AAU?$AAt?$AAi?$AAl?$AAD?$AAl?$AAl?$AA?3?$AA?5?$AAL?$AAo@
0x140004300: "__cdecl _imp__cexit" __imp__cexit
0x1400039D8: "__cdecl get_image_app_type" _get_image_app_type
0x140004E2C: "__cdecl _IMPORT_DESCRIPTOR_msvcrt" __IMPORT_DESCRIPTOR_msvcrt
0x140004358: "__cdecl _imp_memmove" __imp_memmove
0x140004410: "/q" ??_C@_15GLEECOEG@?$AA?1?$AAq?$AA?$AA@
0x1400042A0: "__cdecl _imp_malloc" __imp_malloc
0x140001460: WriteSuspendMode_CHGLOGON
0x140003690: "__cdecl _report_gsfailure" __report_gsfailure
0x1400066D0: "__cdecl _native_startup_state" __native_startup_state
0x1400044F0: "System\CurrentControlSet\Control" ??_C@_1GE@OLCLFBJJ@?$AAS?$AAy?$AAs?$AAt?$AAe?$AAm?$AA?2?$AAC?$AAu?$AAr?$AAr?$AAe?$AAn?$AAt?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl?$AAS?$AAe?$AAt?$AA?2?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl@
0x140004320: "__cdecl _imp__fmode" __imp__fmode
0x140004288: "__cdecl _imp_free" __imp_free
0x140003A90: "__cdecl IsNonwritableInCurrentImage" _IsNonwritableInCurrentImage
0x1400017A4: GetResourceStringFromUtilDll
0x140004830: "{ErrorPrintf(): LoadString faile" ??_C@_1HC@PAPHOGPH@?$AA?$HL?$AAE?$AAr?$AAr?$AAo?$AAr?$AAP?$AAr?$AAi?$AAn?$AAt?$AAf?$AA?$CI?$AA?$CJ?$AA?3?$AA?5?$AAL?$AAo?$AAa?$AAd?$AAS?$AAt?$AAr?$AAi?$AAn?$AAg?$AA?5?$AAf?$AAa?$AAi?$AAl?$AAe@
0x140003CF9: memset
0x140004E40: "__cdecl _NULL_IMPORT_DESCRIPTOR" __NULL_IMPORT_DESCRIPTOR
[JEB Decompiler by PNF Software]