!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
WATAUH
0A]A\_
x ATAUAVH
A^A]A\
x ATAUAWH
@A_A]A\
t$ WATAWH
WATAUAVAWH
L9d$PA
u"L9d$Xu
A_A^A]A\_
t$ WATAU
WATAUH
A]A\_
x ATAUAVH
+L$DD+L$@
A^A]A\
WATAUH
@A]A\_
t$ WATAUAVAWH
D$Zs'3
A_A^A]A\_
x ATAUAVH
0A^A]A\
SUVWATAUAVAWH
XA_A^A]A\_^][
;QH}�3
| ;Q(}
L$DD+D$H
~ 9yP~
x ATAUAWH
A_A]A\
l$ VWATAUAVH
A^A]A\_^
t$ WATAUAVAWH
A_A^A]A\_
uTf!T$ H
9Ypt 9YP~
UVWATAUH
@A]A\_^]
x ATAUAVH
9u@~^L
A^A]A\
WATAUH
x ATAUAVH
A^A]A\
WATAUAVAWH
A_A^A]A\_
WATAUH
9i@~AL
UVWATAUAVAWH
A_A^A]A\_^]
WATAUH
0A]A\_H
WATAUH
D+d$TH
l$\+t$@+l$T+\$D
UVWATAUH
E9kH~9H
A]A\_^]
udf!D$0H
f!t$0H
l$ VWATAUAVH
0A^A]A\_^
|$ ATH
LcD$ H
x ATAUAVH
A^A]A\
LcL$0LcD$8H
WATAUH
ATAUAWH
@A_A]A\
L$ UVWATAUAVAWH
t"IcD$
`A_A^A]A\_^]
9sx~^3
VWATAUAVH
A^A]A\_^
x ATAUAWH
@A_A]A\
8"u8fff
InitCommonControlsEx
StartHook
StopHook
GetModule
LoadLibraryW
FreeLibrary
GetProcAddress
GetModuleHandleW
GetLastError
IsWow64Process
ChangeWindowMessageFilter
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateToolhelp32Snapshot
Module32First
Module32Next
Process32First
Process32Next
GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
EnumProcesses
GetModuleInformation
LdrGetProcedureAddress
SHGetSpecialFolderPathW
SHAutoComplete
c:\Projects\VS2005\RegFromApp\x64\Release\RegFromApp.pdb
wcscat
wcsncat
_snwprintf
memset
wcscpy
_purecall
memcpy
wcslen
wcsrchr
memcmp
strcpy
wcstoul
??2@YAPEAX_K@Z
wcschr
_memicmp
_wcsicmp
malloc
??3@YAXPEAX@Z
wcscmp
_wcsnicmp
_wcslwr
strlen
msvcrt.dll
__dllonexit
_onexit
__C_specific_handler
_XcptFilter
_c_exit
_cexit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
ImageList_ReplaceIcon
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
COMCTL32.dll
FreeLibrary
LoadLibraryW
GetProcAddress
CloseHandle
DeleteFileW
WriteProcessMemory
OpenProcess
ResumeThread
VirtualFreeEx
ReadProcessMemory
FlushFileBuffers
GetTempPathW
GetLastError
VirtualAllocEx
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
GetFileAttributesW
WriteFile
GetModuleFileNameW
GetWindowsDirectoryW
CreateFileW
FindResourceW
LocalFree
LoadResource
LockResource
LoadLibraryExW
SizeofResource
FormatMessageW
GetVersionExW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
WideCharToMultiByte
SetErrorMode
GetCurrentProcessId
ExitProcess
CreateRemoteThread
EnumResourceTypesW
GetStartupInfoW
KERNEL32.dll
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
EndPaint
GetWindow
DrawFrameControl
SetWindowTextW
UpdateWindow
SetDlgItemTextW
BeginPaint
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
InvalidateRect
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
LoadIconW
LoadImageW
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
PeekMessageW
CheckMenuItem
GetMenuStringW
CheckMenuRadioItem
GetSysColor
MapWindowPoints
GetParent
GetMenu
EnableMenuItem
GetSubMenu
ReleaseDC
GetClassNameW
MoveWindow
SetFocus
GetMenuItemCount
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DestroyIcon
DrawTextExW
KillTimer
PostQuitMessage
GetMessageW
SetTimer
IsDialogMessageW
DispatchMessageW
TranslateMessage
USER32.dll
DeleteObject
SetBkMode
CreateFontIndirectW
SetTextColor
GetDeviceCaps
SelectObject
SetBkColor
GDI32.dll
GetOpenFileNameW
GetSaveFileNameW
comdlg32.dll
ShellExecuteW
SHGetFileInfoW
ExtractIconExW
DragFinish
DragAcceptFiles
DragQueryFileW
SHELL32.dll
CoUninitialize
CoInitialize
ole32.dll
!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
ntdll.dll
NtSetValueKey
NtQueryObject
NtOpenKey
NtClose
NtQueryValueKey
NtDeleteValueKey
_stricmp
memcmp
malloc
msvcrt.dll
_initterm
_adjust_fdiv
GetCurrentProcess
WriteProcessMemory
VirtualProtectEx
LoadLibraryW
GetVersionExW
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
KERNEL32.dll
PostMessageW
SendMessageW
USER32.dll
memset
RegFromAppHelper.dll
GetModule
StartHook
StopHook
f:\Projects\VS2005\RegFromApp\release\RegFromAppHelper.pdb
W0^0o0
1'1-131P1
1"272S2y2
41484Q4j4
5"5(5/555<5B5I5O5V5\5e5k5
6(6.646:6H6P6Y6a6n6v6
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
VWATAUAVH
PHcB<E3
A^A]A\_^
VWATAUAV
L$8H!D$8H
D$(!\$ D
D!l$@H
A^A]A\_^
WATAUAVAWH
0A_A^A]A\_
ntdll.dll
NtSetValueKey
NtQueryObject
NtOpenKey
NtClose
NtQueryValueKey
NtDeleteValueKey
f:\Projects\VS2005\RegFromApp\x64\Release\RegFromAppHelper.pdb
_stricmp
memcmp
malloc
msvcrt.dll
_initterm
GetCurrentProcess
WriteProcessMemory
VirtualProtectEx
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
LoadLibraryW
GetVersionExW
KERNEL32.dll
SendMessageW
PostMessageW
USER32.dll
memset
RegFromAppHelper.dll
GetModule
StartHook
StopHook
wwwwwp
wwwwwwwwp
wwwww~gwwwwwwwwwwwwwwwwwwp
wwwwwN
xwwwwwpwwwww~fwwwwwwwwwwwwwwwwwwxwwwwww
wwwwwwwwwwwwwx
pwwwpw~fhwwr
wwwwww
'wwwww
hwwr'wwwwww
wwwwwx
hwwwwwwwwwwwwwwwwwx
wwwwwwwwx
xwwwwp
wwwwwwwwwwwwwwwwwx
wwwwwwwwx
wwwwwwwwwwwwwwwwwwwwwwwwwwx
wwwwwwwwwwwwww
""""""
wwwwwwwx ww
DDDDDDD
DDDDDDH"
DDDDDDH/
DDDDDDD
wwwwwwwx
DDDDDD
wwwwww
DDDDDD
wwwwww
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="amd64" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD`
AddTrust AB1&0$
AddTrust External TTP Network1"0
AddTrust External CA Root0
050607080910Z
200530104838Z0
Salt Lake City1
The USERTRUST Network1!0�
http://www.usertrust.com1
UTN-USERFirst-Object0
3http://crl.usertrust.com/AddTrustExternalCARoot.crl05
http://ocsp.usertrust.com0
9f*<Z,m
Salt Lake City1
The USERTRUST Network1!0�
http://www.usertrust.com1
UTN-USERFirst-Object0
100510000000Z
150510235959Z0~1
Greater Manchester1
Salford1
COMODO CA Limited1$0"
COMODO Time Stamping Signer0
GS@(YC
1http://crl.usertrust.com/UTN-USERFirst-Object.crl05
http://ocsp.usertrust.com0
Salt Lake City1
The USERTRUST Network1!0�
http://www.usertrust.com1
UTN-USERFirst-Object0
110824000000Z
200530104838Z0{1
Greater Manchester1
Salford1
COMODO CA Limited1!0�
COMODO Code Signing CA 20
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0t
1http://crt.usertrust.com/UTNAddTrustObject_CA.crt0%
http://ocsp.usertrust.com0
Greater Manchester1
Salford1
COMODO CA Limited1!0�
COMODO Code Signing CA 20
140912000000Z
190912235959Z0
525831
Gush Dan1
Ramat Gan1
5 Hashoshanim st.1
Nir Sofer1
Nir Sofer0
z<%()S
https://secure.comodo.net/CPS0A
0http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
0http://crt.comodoca.com/COMODOCodeSigningCA2.crt0$
http://ocsp.comodoca.com0
support@nirsoft.net0
Greater Manchester1
Salford1
COMODO CA Limited1!0�
COMODO Code Signing CA 2
Salt Lake City1
The USERTRUST Network1!0�
http://www.usertrust.com1
UTN-USERFirst-Object
141221064619Z0#
MS Sans Serif
RegFromApp
RegFileVersion
AddOnlyModifiedValues
DisplayMode
ProcessPath
ProcessParams
StartImmediately
ListViewSortProcess
comctl32.dll
Error: Cannot load the common control classes.
RegFromAppHelper.dll
kernel32.dll
"%s" %s
netmsg.dll
Unknown Error
Error %d: %s
%2.2X
%s (%s)
kernel32
caption
menu_%d
dialog_%d
strings
general
sysdatetimepick32
charset
TranslatorName
TranslatorURL
Version
_lng.ini
%-18s: %s
%%-%d.%ds
<td bgcolor=#%s nowrap>%s
<td bgcolor=#%s>%s
<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
bgcolor="%s"
<table border="1" cellpadding="5">
nowrap
<font color="%s">%s</font>
</table><p>
<item>
<%s>%s</%s>
</item>
<?xml version="1.0" encoding="ISO-8859-1" ?>
user32.dll
/nosaveload
report.html
Fixedsys
%s - %s
General
WinPos
/runprocess
/processparams
/startimmediately
/attachprocess
/autosave
SeDebugPrivilege
/savelangfile
/deleteregkey
{Unknown}
Exception %8.8X at address %16.16I64X in module %s
Registers:
EAX=%16.16I64X EBX=%16.16I64X ECX=%16.16I64X EDX=%16.16I64X
ESI=%16.16I64X EDI=%16.16I64X EBP=%16.16I64X ESP=%16.16I64X
EIP=%16.16I64X
Stack Data: %s
Code Data: %s
advapi32.dll
psapi.dll
\systemroot
ntdll.dll
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
\REGISTRY\MACHINE
\REGISTRY\USER
_CLASSES
HKEY_CURRENT_USER\Software\Classes
dword:%8.8x
hex(%x):
Windows Registry Editor Version 5.00
REGEDIT4
shell32.dll
Wshlwapi.dll
%2.2X%2.2X%2.2X
"
size="%d"
color="#%s"
</font>
advapi32.dll
kernel32.dll
kernelbase.dll
ntdll.dll
advapi32.dll
kernel32.dll
kernelbase.dll
ntdll.dll
&Start With Existing Process
Start &New Process
Ctrl+N
&Clear
Ctrl+X
Save &As
Ctrl+S
Ctrl+C
Select &All
Ctrl+A
Deselect All
Ctrl+D
&Options
&RegEdit File Version
Version 4
Version 5
&Display Mode
Show &Last Modified Values
Show &Original Values
Add Only &Modified Values
&About
Popup1
&Save Selected Items
Ctrl+S
&Copy Selected Items
Ctrl+C
HTML Report - All Items
HTML Report - Selected Items
Choose Colum&ns
&Auto Size Columns
Ctrl+Plus
&Properties
Alt+Enter
&Refresh
Exception !
MS Sans Serif
Copy Exception
Continue
Terminate Application
The following application error has occurred:
If this problem persists, copy the above exception information to the clipboard, and send it to the author of this software.
MS Sans Serif
Translation:
Select process to inspect
MS Shell Dlg
Cancel
SysListView32
Start New Process
MS Shell Dlg
Cancel
Process:
Browse...
Parameters:
Start tracing immediately
Select a filename to save
Select a process file to open7Failed to connect the selected process. Error code: %d=Failed to start with the new selected process. Error code: %dSIn order to trace 32-bit programs, you have to use the 32-bit version of RegFromApp
Loading... %d
Windows Registry File
Item Name
Process ID
Process Name
Process Path
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
NirSoft
FileDescription
RegFromApp
FileVersion
InternalName
RegFromApp
LegalCopyright
Copyright
2008 - 2014 Nir Sofer
OriginalFilename
RegFromApp.exe
ProductName
RegFromApp
ProductVersion
VarFileInfo
Translation
<<<Obsolete>>
