{"id":3707,"date":"2016-06-22T00:30:45","date_gmt":"2016-06-22T00:30:45","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=3707"},"modified":"2016-07-08T22:41:44","modified_gmt":"2016-07-08T22:41:44","slug":"certain-windows-stay-classy","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2016\/06\/22\/certain-windows-stay-classy\/","title":{"rendered":"Certain Windows&#8230; stay classy&#8230;"},"content":{"rendered":"<p><strong>Update 2016-07-08<\/strong><\/p>\n<p>Added Thinstall applications<\/p>\n<p><strong>Old post<\/strong><\/p>\n<p>An ability to determine the compiler used to compile a binary is quite important. It determines the way we approach the reversing session and automatically tells us what tools to use. There are <a href=\"https:\/\/www.hexacorn.com\/blog\/2015\/08\/15\/two-pe-tools-you-might-have-never-heard-of-now-you-do\/\">many static analysis tools<\/a> available that help with the determination of the compiler\/linker\/protector used to build a specific binary.<\/p>\n<p>Sometimes it may not be enough though.<\/p>\n<p>In this post I will list a number of windows-related artifacts created by various programming frameworks that may help us to determine what is the payload compiled with. While there are many of such frameworks many of them rely on a very fixed number of more-or-less hidden windows, or window classes that stay persistent across many versions of the framework, or are created at some point in time.<\/p>\n<p>This is by no means an exhaustive list &#8211; if you have anything to add, or find a mistake, I will appreciate the feedback.<\/p>\n<p>Note: such list may be used for many purposes:<\/p>\n<ul>\n<li>compiler\/protector determination<\/li>\n<li>data reduction (from strings, or f.ex. strings recognition in IDA, if it itself failed to do so well)<\/li>\n<li>classification (whitelisting\/blacklisting) of the sandboxes samples<\/li>\n<li>installer discovery in sandbox analysis (may trigger a different handling routine f.ex. if Auto It is detected, or any installer, low-level logging may be disabled until the actual autoir \/ installer script starts execution, etc.)<\/li>\n<\/ul>\n<p>Here&#8217;s the list I gathered:<\/p>\n<p><strong>Visual Basic<\/strong><\/p>\n<ul>\n<li>ThunderRT6Main<\/li>\n<li>VBMsoStdCompMgr<\/li>\n<li>VBFocusRT6 <em>(this is from Visual Basic 6.0)<\/em><\/li>\n<li>VBBubbleRT6 <em>(this is from Visual Basic 6.0)<\/em><\/li>\n<li>VBFocusRT5 <em>(this is from Visual Basic 5.0)<\/em><\/li>\n<li>VBBubbleRT5 <em>(this is from Visual Basic 5.0)<\/em><\/li>\n<\/ul>\n<p><strong>Visual Basic .NET<\/strong><\/p>\n<ul>\n<li>VBNetStudio<\/li>\n<\/ul>\n<p><strong>MFC (Microsoft Foundation Classes\/Application Framework Extensions)<\/strong><\/p>\n<ul>\n<li>Afx:<em>&lt;hexadecimal number&gt;:&lt;hexadecimal number&gt;<\/em> f.ex. &#8216;Afx:400000:0&#8217; or &#8216;Afx:10000000:0&#8217;<\/li>\n<li>Afx:StatusBar:<em>&lt;hexadecimal number&gt;<\/em> f.ex. &#8216;Afx:StatusBar:400000&#8217;<\/li>\n<li>Afx:TabWnd:<em>&lt;hexadecimal number&gt;<\/em> f.ex. &#8216;Afx:TabWnd:400000&#8217;<\/li>\n<li>Afx:ToolBar:<em>&lt;hexadecimal number&gt;<\/em> f.ex. &#8216;Afx:ToolBar:400000&#8217;<\/li>\n<\/ul>\n<p><strong>QT<\/strong><\/p>\n<ul>\n<li>Qt5QWindowIcon<\/li>\n<\/ul>\n<p><strong>Installer: Install Shield <\/strong><\/p>\n<ul>\n<li>GLBSInstall<\/li>\n<li>InstallShield_Win<\/li>\n<\/ul>\n<p><strong>Installer: Inno Setup<br \/>\n<\/strong><\/p>\n<ul>\n<li>class name: STATIC, window name: InnoSetupLdrWindow<\/li>\n<\/ul>\n<p><strong>Enigma Protector (not confirmed)<\/strong><\/p>\n<ul>\n<li>TEnigmaProtectorLoaderButton<\/li>\n<li>TEnigmaProtectorLoaderEdit<\/li>\n<li>TEnigmaProtectorLoaderFormMessage<\/li>\n<li>TEnigmaProtectorLoaderFormRegistration<\/li>\n<li>TEnigmaProtectorLoaderGroupBox<\/li>\n<\/ul>\n<p><strong>RunDll32 execution<\/strong><\/p>\n<ul>\n<li>RunDLL<\/li>\n<\/ul>\n<p><strong>OLE\/DDE Windows<\/strong><\/p>\n<ul>\n<li>OleMainDdeClass<\/li>\n<\/ul>\n<p><strong>AutoIt<\/strong><\/p>\n<ul>\n<li>AutoIt v3<\/li>\n<li>AutoIt v3 GUI<\/li>\n<li>Au3Info<\/li>\n<li>AutoIt<\/li>\n<li>AutoIt &#8211; Splash<\/li>\n<\/ul>\n<p><strong>Standard Windows controls<\/strong><\/p>\n<ul>\n<li>ComboBoxEx32<\/li>\n<li>commctrl_DragListMsg<\/li>\n<li>msctls_hotkey32<\/li>\n<li>msctls_progress32<\/li>\n<li>msctls_statusbar32<\/li>\n<li>msctls_trackbar32<\/li>\n<li>msctls_updown32<\/li>\n<li>NativeFontCtl<\/li>\n<li>ReBarWindow32<\/li>\n<li>RichEdit<\/li>\n<li>RichEdit20a<\/li>\n<li>SysAnimate32<\/li>\n<li>SysDateTimePick32<\/li>\n<li>SysHeader32<\/li>\n<li>SysIPAddress32<\/li>\n<li>SysListView32<\/li>\n<li>SysMonthCal32<\/li>\n<li>SysPager<\/li>\n<li>SysTabControl32<\/li>\n<li>SysTreeView32<\/li>\n<li>ToolbarWindow32<\/li>\n<li>tooltips_class32<\/li>\n<\/ul>\n<p><strong>Thinstall applications<\/strong><\/p>\n<ul>\n<li>ThStatusBarCtrlClass<\/li>\n<\/ul>\n<p><strong>Others<\/strong><\/p>\n<ul>\n<li>mdiclient (typical class name for MDI \/Multiple Document Interface\/)<\/li>\n<\/ul>\n<p>And last, but not least, a &#8216;gallery&#8217; of classes from a number of dynamically analyzed samples written in<\/p>\n<p><strong>Borland\/Delphi\/etc. <\/strong><\/p>\n<ul>\n<li>TAbout<\/li>\n<li>TAboutBox<\/li>\n<li>TAboutBox1<\/li>\n<li>TAboutDlg<\/li>\n<li>TAboutForm<\/li>\n<li>TAboutFrm<\/li>\n<li>TActionMainMenuBar<\/li>\n<li>TActionToolBar<\/li>\n<li>TActivationForm<\/li>\n<li>TAdminForm<\/li>\n<li>TAdvGlassButton<\/li>\n<li>TAdvGlowButton<\/li>\n<li>TAdvListView<\/li>\n<li>TAdvMemo<\/li>\n<li>TAdvOfficePage<\/li>\n<li>TAdvOfficePager<\/li>\n<li>TAdvOfficeStatusBar<\/li>\n<li>TAdvPageControl<\/li>\n<li>TAdvProgress<\/li>\n<li>TAdvSmoothButton<\/li>\n<li>TAdvSmoothPanel<\/li>\n<li>TAdvSpinEdit<\/li>\n<li>TAdvTabSheet<\/li>\n<li>TAdvToolBar<\/li>\n<li>TAfterScan<\/li>\n<li>TAnimate<\/li>\n<li>TAnPane<\/li>\n<li>TAppBuilder<\/li>\n<li>TApplication<\/li>\n<li>TBitBtn<\/li>\n<li>TBrowserDlg<\/li>\n<li>TBrowserForm<\/li>\n<li>TButton<\/li>\n<li>TButton2<\/li>\n<li>TButtonGroup<\/li>\n<li>TCalc<\/li>\n<li>TCalculator<\/li>\n<li>TCancelScan<\/li>\n<li>TCategoryPanelGroup<\/li>\n<li>TCentral<\/li>\n<li>TChart<\/li>\n<li>TChat<\/li>\n<li>TChatWindow<\/li>\n<li>TCheckBox<\/li>\n<li>TCheckListBox<\/li>\n<li>TClient<\/li>\n<li>TClientForm<\/li>\n<li>TCloseForm<\/li>\n<li>TCodePanel<\/li>\n<li>TColorBox<\/li>\n<li>TColorButton<\/li>\n<li>TColorGrid<\/li>\n<li>TColorWindow<\/li>\n<li>TComboBox<\/li>\n<li>TComboBoxEx<\/li>\n<li>TComComboBox<\/li>\n<li>TConerBtn<\/li>\n<li>TConfigForm<\/li>\n<li>TConfigServer<\/li>\n<li>TControlForm<\/li>\n<li>TControllerForm<\/li>\n<li>TCoolBar<\/li>\n<li>TCpanel<\/li>\n<li>TCustomDateTimePicker<\/li>\n<li>TDateTimePicker<\/li>\n<li>TDebugForm<\/li>\n<li>TDesco<\/li>\n<li>TDirectoryListBox<\/li>\n<li>TDragArrow<\/li>\n<li>TDrawGrid<\/li>\n<li>TDriveComboBox<\/li>\n<li>TDsGroupBox<\/li>\n<li>TEdit<\/li>\n<li>TEdit97<\/li>\n<li>TEditForm<\/li>\n<li>TEditListBox<\/li>\n<li>TEditN<\/li>\n<li>TEdits<\/li>\n<li>TEnvWindow<\/li>\n<li>TError<\/li>\n<li>TExeToolForm<\/li>\n<li>TEzHelpWindow<\/li>\n<li>TFashionPanel<\/li>\n<li>TFileListBox<\/li>\n<li>TFinalFantasy<\/li>\n<li>TFinalPws<\/li>\n<li>TFlatButton<\/li>\n<li>TFlatCheckBox<\/li>\n<li>TFlatComboBox<\/li>\n<li>TFlatEdit<\/li>\n<li>TFlatGroupBox<\/li>\n<li>TFlatPanel<\/li>\n<li>TFlatRadioButton<\/li>\n<li>TFlatSpinEditInteger<\/li>\n<li>TFlatTitlebar<\/li>\n<li>TFmMain<\/li>\n<li>TFmPrincipal<\/li>\n<li>TForm<\/li>\n<li>TForm0<\/li>\n<li>TForm1<\/li>\n<li>TForm1.UnicodeClass<\/li>\n<li>TForm10<\/li>\n<li>TForm100<\/li>\n<li>TForm101<\/li>\n<li>TForm102<\/li>\n<li>TForm103<\/li>\n<li>TForm104<\/li>\n<li>TForm105<\/li>\n<li>TForm106<\/li>\n<li>TForm107<\/li>\n<li>TForm108<\/li>\n<li>TForm109<\/li>\n<li>TForm11<\/li>\n<li>TForm110<\/li>\n<li>TForm111<\/li>\n<li>TForm112<\/li>\n<li>TForm113<\/li>\n<li>TForm114<\/li>\n<li>TForm115<\/li>\n<li>TForm116<\/li>\n<li>TForm117<\/li>\n<li>TForm118<\/li>\n<li>TForm119<\/li>\n<li>TForm12<\/li>\n<li>TForm120<\/li>\n<li>TForm121<\/li>\n<li>TForm122<\/li>\n<li>TForm123<\/li>\n<li>TForm124<\/li>\n<li>TForm125<\/li>\n<li>TForm126<\/li>\n<li>TForm127<\/li>\n<li>TForm128<\/li>\n<li>TForm129<\/li>\n<li>TForm13<\/li>\n<li>TForm130<\/li>\n<li>TForm131<\/li>\n<li>TForm132<\/li>\n<li>TForm133<\/li>\n<li>TForm134<\/li>\n<li>TForm135<\/li>\n<li>TForm136<\/li>\n<li>TForm137<\/li>\n<li>TForm138<\/li>\n<li>TForm139<\/li>\n<li>TForm14<\/li>\n<li>TForm140<\/li>\n<li>TForm141<\/li>\n<li>TForm142<\/li>\n<li>TForm143<\/li>\n<li>TForm144<\/li>\n<li>TForm145<\/li>\n<li>TForm146<\/li>\n<li>TForm147<\/li>\n<li>TForm148<\/li>\n<li>TForm149<\/li>\n<li>TForm15<\/li>\n<li>TForm150<\/li>\n<li>TForm151<\/li>\n<li>TForm152<\/li>\n<li>TForm153<\/li>\n<li>TForm154<\/li>\n<li>TForm155<\/li>\n<li>TForm156<\/li>\n<li>TForm157<\/li>\n<li>TForm158<\/li>\n<li>TForm159<\/li>\n<li>TForm16<\/li>\n<li>TForm160<\/li>\n<li>TForm161<\/li>\n<li>TForm162<\/li>\n<li>TForm163<\/li>\n<li>TForm164<\/li>\n<li>TForm165<\/li>\n<li>TForm166<\/li>\n<li>TForm167<\/li>\n<li>TForm168<\/li>\n<li>TForm169<\/li>\n<li>TForm17<\/li>\n<li>TForm170<\/li>\n<li>TForm171<\/li>\n<li>TForm172<\/li>\n<li>TForm173<\/li>\n<li>TForm174<\/li>\n<li>TForm175<\/li>\n<li>TForm176<\/li>\n<li>TForm177<\/li>\n<li>TForm178<\/li>\n<li>TForm179<\/li>\n<li>TForm18<\/li>\n<li>TForm180<\/li>\n<li>TForm181<\/li>\n<li>TForm182<\/li>\n<li>TForm183<\/li>\n<li>TForm184<\/li>\n<li>TForm185<\/li>\n<li>TForm186<\/li>\n<li>TForm187<\/li>\n<li>TForm188<\/li>\n<li>TForm189<\/li>\n<li>TForm19<\/li>\n<li>TForm190<\/li>\n<li>TForm191<\/li>\n<li>TForm192<\/li>\n<li>TForm193<\/li>\n<li>TForm194<\/li>\n<li>TForm195<\/li>\n<li>TForm196<\/li>\n<li>TForm197<\/li>\n<li>TForm198<\/li>\n<li>TForm199<\/li>\n<li>TForm1a<\/li>\n<li>TForm1b<\/li>\n<li>TForm1c<\/li>\n<li>TForm1w<\/li>\n<li>TForm2<\/li>\n<li>TForm20<\/li>\n<li>TForm200<\/li>\n<li>TForm201<\/li>\n<li>TForm202<\/li>\n<li>TForm203<\/li>\n<li>TForm204<\/li>\n<li>TForm205<\/li>\n<li>TForm206<\/li>\n<li>TForm207<\/li>\n<li>TForm208<\/li>\n<li>TForm209<\/li>\n<li>TForm21<\/li>\n<li>TForm210<\/li>\n<li>TForm211<\/li>\n<li>TForm212<\/li>\n<li>TForm213<\/li>\n<li>TForm214<\/li>\n<li>TForm215<\/li>\n<li>TForm216<\/li>\n<li>TForm217<\/li>\n<li>TForm218<\/li>\n<li>TForm219<\/li>\n<li>TForm22<\/li>\n<li>TForm220<\/li>\n<li>TForm221<\/li>\n<li>TForm222<\/li>\n<li>TForm223<\/li>\n<li>TForm224<\/li>\n<li>TForm225<\/li>\n<li>TForm226<\/li>\n<li>TForm227<\/li>\n<li>TForm228<\/li>\n<li>TForm229<\/li>\n<li>TForm23<\/li>\n<li>TForm230<\/li>\n<li>TForm231<\/li>\n<li>TForm232<\/li>\n<li>TForm233<\/li>\n<li>TForm234<\/li>\n<li>TForm235<\/li>\n<li>TForm236<\/li>\n<li>TForm237<\/li>\n<li>TForm238<\/li>\n<li>TForm239<\/li>\n<li>TForm24<\/li>\n<li>TForm240<\/li>\n<li>TForm241<\/li>\n<li>TForm242<\/li>\n<li>TForm243<\/li>\n<li>TForm244<\/li>\n<li>TForm25<\/li>\n<li>TForm26<\/li>\n<li>TForm27<\/li>\n<li>TForm28<\/li>\n<li>TForm29<\/li>\n<li>TForm2a<\/li>\n<li>TForm2b<\/li>\n<li>TForm3<\/li>\n<li>TForm30<\/li>\n<li>TForm31<\/li>\n<li>TForm32<\/li>\n<li>TForm33<\/li>\n<li>TForm34<\/li>\n<li>TForm35<\/li>\n<li>TForm36<\/li>\n<li>TForm37<\/li>\n<li>TForm38<\/li>\n<li>TForm39<\/li>\n<li>TForm3a<\/li>\n<li>TForm3b<\/li>\n<li>TForm4<\/li>\n<li>TForm40<\/li>\n<li>TForm41<\/li>\n<li>TForm42<\/li>\n<li>TForm43<\/li>\n<li>TForm44<\/li>\n<li>TForm45<\/li>\n<li>TForm46<\/li>\n<li>TForm47<\/li>\n<li>TForm48<\/li>\n<li>TForm49<\/li>\n<li>TForm4c<\/li>\n<li>TForm4d<\/li>\n<li>TForm5<\/li>\n<li>TForm50<\/li>\n<li>TForm51<\/li>\n<li>TForm52<\/li>\n<li>TForm53<\/li>\n<li>TForm54<\/li>\n<li>TForm55<\/li>\n<li>TForm56<\/li>\n<li>TForm57<\/li>\n<li>TForm58<\/li>\n<li>TForm59<\/li>\n<li>TForm5a<\/li>\n<li>TForm6<\/li>\n<li>TForm60<\/li>\n<li>TForm61<\/li>\n<li>TForm62<\/li>\n<li>TForm63<\/li>\n<li>TForm64<\/li>\n<li>TForm65<\/li>\n<li>TForm66<\/li>\n<li>TForm67<\/li>\n<li>TForm68<\/li>\n<li>TForm69<\/li>\n<li>TForm6a<\/li>\n<li>TForm6b<\/li>\n<li>TForm7<\/li>\n<li>TForm70<\/li>\n<li>TForm71<\/li>\n<li>TForm72<\/li>\n<li>TForm73<\/li>\n<li>TForm74<\/li>\n<li>TForm75<\/li>\n<li>TForm76<\/li>\n<li>TForm77<\/li>\n<li>TForm78<\/li>\n<li>TForm79<\/li>\n<li>TForm7w<\/li>\n<li>TForm8<\/li>\n<li>TForm80<\/li>\n<li>TForm81<\/li>\n<li>TForm82<\/li>\n<li>TForm83<\/li>\n<li>TForm84<\/li>\n<li>TForm85<\/li>\n<li>TForm86<\/li>\n<li>TForm87<\/li>\n<li>TForm88<\/li>\n<li>TForm89<\/li>\n<li>TForm9<\/li>\n<li>TForm90<\/li>\n<li>TForm91<\/li>\n<li>TForm92<\/li>\n<li>TForm93<\/li>\n<li>TForm94<\/li>\n<li>TForm95<\/li>\n<li>TForm96<\/li>\n<li>TForm97<\/li>\n<li>TForm98<\/li>\n<li>TForm99<\/li>\n<li>TForm_About<\/li>\n<li>TForm_Main<\/li>\n<li>TForm_Options<\/li>\n<li>TForm_Principal<\/li>\n<li>TForm_splash<\/li>\n<li>TForm_Undelete<\/li>\n<li>TForm_Update<\/li>\n<li>TFormAbout<\/li>\n<li>TFormaTudo<\/li>\n<li>TFormAutorun<\/li>\n<li>TFormbb<\/li>\n<li>TFormCreateServer<\/li>\n<li>TFormDisclaimer<\/li>\n<li>TFormExit<\/li>\n<li>TFormHTML<\/li>\n<li>TForminfo<\/li>\n<li>TFormInstaller<\/li>\n<li>TFormLogin<\/li>\n<li>TFormMain<\/li>\n<li>TFormOptions<\/li>\n<li>TFormp<\/li>\n<li>TFormPasswords<\/li>\n<li>TFormPrinc<\/li>\n<li>TFormPrincipal<\/li>\n<li>TFormProgress<\/li>\n<li>TFormregister<\/li>\n<li>TFormRunning<\/li>\n<li>TFormSetup<\/li>\n<li>TFormShell<\/li>\n<li>TFormSlectDir<\/li>\n<li>TFormSplash<\/li>\n<li>TFormUpdate<\/li>\n<li>TFormWait<\/li>\n<li>TFormWeb<\/li>\n<li>TFormwebbrowser<\/li>\n<li>TFormXInstaller<\/li>\n<li>TFrame1<\/li>\n<li>TFrame4<\/li>\n<li>TFrame6<\/li>\n<li>TFrm_check<\/li>\n<li>TFrm_codigo<\/li>\n<li>TFrm_Main<\/li>\n<li>TFrmAbout<\/li>\n<li>TFrmAd<\/li>\n<li>TFrmAgree<\/li>\n<li>TFrmBrad<\/li>\n<li>TFrmCert<\/li>\n<li>TFrmChat<\/li>\n<li>TFrmControl<\/li>\n<li>TFrmDownAgree<\/li>\n<li>TFrmDownload<\/li>\n<li>TFrmECleanDel<\/li>\n<li>TFrmExport<\/li>\n<li>TFrmGF<\/li>\n<li>TFrmIDSoc<\/li>\n<li>TFrmInit<\/li>\n<li>TFrmLogin<\/li>\n<li>TFrmMain<\/li>\n<li>TFrmNewAccount<\/li>\n<li>TFrmPass<\/li>\n<li>TFrmPassw<\/li>\n<li>TFrmPrincipal<\/li>\n<li>TFrmReflet<\/li>\n<li>TFrmSeting<\/li>\n<li>TFrmSetup<\/li>\n<li>TFrmSplash<\/li>\n<li>TFrmSynNglp<\/li>\n<li>TFrmTOKEN1<\/li>\n<li>TFrmUpdate<\/li>\n<li>TFrmVrfcdr<\/li>\n<li>TFunc<\/li>\n<li>TGeoPosition<\/li>\n<li>TGradBtn<\/li>\n<li>TGradPan<\/li>\n<li>TGroupBox<\/li>\n<li>TGroupButton<\/li>\n<li>THeader<\/li>\n<li>THelpForm<\/li>\n<li>THiddenForm<\/li>\n<li>THintWindow<\/li>\n<li>THotButton<\/li>\n<li>THotGroupBox<\/li>\n<li>THotKey<\/li>\n<li>THtmlUIForm<\/li>\n<li>TImageForm<\/li>\n<li>TInfobusca<\/li>\n<li>TInfoForm<\/li>\n<li>TInplaceEdit<\/li>\n<li>TInstallerForm<\/li>\n<li>TInstallForm<\/li>\n<li>TKeyForm<\/li>\n<li>TKeygenForm<\/li>\n<li>TLabel<\/li>\n<li>TLabeledEdit<\/li>\n<li>TLayerWindow<\/li>\n<li>TLinkLabel<\/li>\n<li>TLinkText<\/li>\n<li>TListBox<\/li>\n<li>TListenForm<\/li>\n<li>TListView<\/li>\n<li>TLogForm<\/li>\n<li>TLogin<\/li>\n<li>TLogin_Form<\/li>\n<li>TLoginForm<\/li>\n<li>TLogo<\/li>\n<li>TLogoForm<\/li>\n<li>TLogonDlg<\/li>\n<li>TLogonForm<\/li>\n<li>TMain<\/li>\n<li>TMain_Form<\/li>\n<li>TMainF<\/li>\n<li>TMainF0rmVer2<\/li>\n<li>TMainFM<\/li>\n<li>TMainForm<\/li>\n<li>TMainFormVer2<\/li>\n<li>TMainFrm<\/li>\n<li>TMainMPRForm<\/li>\n<li>TMainWin<\/li>\n<li>TMainWindow<\/li>\n<li>TManForm<\/li>\n<li>TMaskEdit<\/li>\n<li>TMaster<\/li>\n<li>TMediaPlayer<\/li>\n<li>TMemo<\/li>\n<li>TMemoForm<\/li>\n<li>TMenuButton<\/li>\n<li>TMessageForm<\/li>\n<li>TModifiedEdit<\/li>\n<li>TMonitor<\/li>\n<li>TMonitorForm<\/li>\n<li>TMonthCalendar<\/li>\n<li>TMormay1<\/li>\n<li>TMsgForm<\/li>\n<li>TMsgForm2<\/li>\n<li>TMyIEButton2<\/li>\n<li>TNetComMainFm<\/li>\n<li>TNetWindow<\/li>\n<li>TNewButton<\/li>\n<li>TNewCheckListBox<\/li>\n<li>TNewComboBox<\/li>\n<li>TNewDiskForm<\/li>\n<li>TNewMemo<\/li>\n<li>TNewNotebook<\/li>\n<li>TNewNotebookPage<\/li>\n<li>TNewRadioButton<\/li>\n<li>TNewStaticText<\/li>\n<li>TNewWindow<\/li>\n<li>TNextGrid<\/li>\n<li>TNomeDiferente<\/li>\n<li>TNotebook<\/li>\n<li>TNotifierWindow<\/li>\n<li>TNotifyForm<\/li>\n<li>TNxButton<\/li>\n<li>TNxPopupList<\/li>\n<li>TNxTabSheet<\/li>\n<li>TOleContainer<\/li>\n<li>TOptionsForm<\/li>\n<li>TOutline<\/li>\n<li>TOvcfrmSplashDlg<\/li>\n<li>TPage<\/li>\n<li>TPageControl<\/li>\n<li>TPageScroller<\/li>\n<li>TPainel_Seguranca<\/li>\n<li>TPainel_Seguranca2<\/li>\n<li>TPanel<\/li>\n<li>TPanels<\/li>\n<li>TParentForm<\/li>\n<li>TPasswordDlg<\/li>\n<li>TPasswordForm<\/li>\n<li>TPenWindow2<\/li>\n<li>TPlanilha<\/li>\n<li>TPlayForm<\/li>\n<li>TPlaylistForm.UnicodeClass<\/li>\n<li>TPngBitBtn<\/li>\n<li>TPoolTemplate<\/li>\n<li>TPortRedirForm<\/li>\n<li>TPreviewWindow<\/li>\n<li>TPrincipal<\/li>\n<li>TPrnStatusForm<\/li>\n<li>TProcessForm<\/li>\n<li>TProgressBar<\/li>\n<li>TProgressForm<\/li>\n<li>TPromoForm<\/li>\n<li>TPserver<\/li>\n<li>TPwdForm<\/li>\n<li>TRadioButton<\/li>\n<li>TRadioGroup<\/li>\n<li>TRbButton<\/li>\n<li>TReg_Form<\/li>\n<li>TRegForm<\/li>\n<li>TRegHex<\/li>\n<li>TRegisterForm<\/li>\n<li>TRegistrationWindow<\/li>\n<li>TRichEdit<\/li>\n<li>TRichEditViewer<\/li>\n<li>TRollShadow<\/li>\n<li>TRum_<\/li>\n<li>TRunningText<\/li>\n<li>TRzBitBtn<\/li>\n<li>TRzBmpButton<\/li>\n<li>TRzButton<\/li>\n<li>TRzButtonEdit<\/li>\n<li>TRzButtonPair<\/li>\n<li>TRzCheckBox<\/li>\n<li>TRzComboBox<\/li>\n<li>TRzEdit<\/li>\n<li>TRzGroup<\/li>\n<li>TRzGroupBox<\/li>\n<li>TRzGroupButton<\/li>\n<li>TRzMaskEdit<\/li>\n<li>TRzPageControl<\/li>\n<li>TRzPanel<\/li>\n<li>TRzRadioButton<\/li>\n<li>TRzRadioGroup<\/li>\n<li>TRzSizePanel<\/li>\n<li>TRzSpinButtons<\/li>\n<li>TRzSpinEdit<\/li>\n<li>TRzSplitter<\/li>\n<li>TRzTabSheet<\/li>\n<li>TRzToolbar<\/li>\n<li>TSbookF<\/li>\n<li>TScrollBar<\/li>\n<li>TScrollBox<\/li>\n<li>TScroller<\/li>\n<li>TSecCenter<\/li>\n<li>TSechDir<\/li>\n<li>TSelectLanguageForm<\/li>\n<li>TSelectWindow<\/li>\n<li>TServerForm<\/li>\n<li>TSetForm<\/li>\n<li>TSettingsForm<\/li>\n<li>TSetupForm<\/li>\n<li>TSetupMainForm<\/li>\n<li>TShellTreeView<\/li>\n<li>TShowPm<\/li>\n<li>TSiInMay<\/li>\n<li>TSkin<\/li>\n<li>TSpinButton<\/li>\n<li>TSpinEdit<\/li>\n<li>TSpinEdit2<\/li>\n<li>TSplash<\/li>\n<li>TSplashForm<\/li>\n<li>TSplashScreen<\/li>\n<li>TStaticText<\/li>\n<li>TStatusBar<\/li>\n<li>TStatusForm<\/li>\n<li>TStoringComboBox<\/li>\n<li>TStringGrid<\/li>\n<li>TStubForm<\/li>\n<li>TSupervisor<\/li>\n<li>TSynBaseCompletionProposalForm<\/li>\n<li>TSynMemo<\/li>\n<li>TSystemUpdateService<\/li>\n<li>TTabControl<\/li>\n<li>TTabPage<\/li>\n<li>TTabSet<\/li>\n<li>TTabSheet<\/li>\n<li>TTabSheetes<\/li>\n<li>TTeButton<\/li>\n<li>TTeCustomTabSheet<\/li>\n<li>TTePanel<\/li>\n<li>TTeSEdit<\/li>\n<li>TTestForm<\/li>\n<li>TTeTabSheet<\/li>\n<li>TTetro1<\/li>\n<li>TTipForm<\/li>\n<li>TToolBar<\/li>\n<li>TToolbar97<\/li>\n<li>TTrackBar<\/li>\n<li>TTransEdit<\/li>\n<li>TTransMemo<\/li>\n<li>TTreeView<\/li>\n<li>TTurcaButton<\/li>\n<li>TUnidadU<\/li>\n<li>TUnzipPanel<\/li>\n<li>TUpdateForm<\/li>\n<li>TUpdateFrm<\/li>\n<li>TUpDown<\/li>\n<li>TUpIpDate<\/li>\n<li>TVeeImageButton<\/li>\n<li>TVideoWindow<\/li>\n<li>TViewForm<\/li>\n<li>TVrDemoButton<\/li>\n<li>TWaitForm<\/li>\n<li>TWarningForm<\/li>\n<li>TWelcome<\/li>\n<li>TWinApiWnd<\/li>\n<li>TWinControl<\/li>\n<li>TWindowDisabler-Window<\/li>\n<li>TWinForm<\/li>\n<li>TWinMain<\/li>\n<li>TWizardForm<\/li>\n<li>TWizButton<\/li>\n<li>TWizDropDownPanel<\/li>\n<li>TWnForm<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Update 2016-07-08 Added Thinstall applications Old post An ability to determine the compiler used to compile a binary is quite important. It determines the way we approach the reversing session and automatically tells us what tools to use. There are &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2016\/06\/22\/certain-windows-stay-classy\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[28,39,19,9,44,41],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/3707"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=3707"}],"version-history":[{"count":4,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/3707\/revisions"}],"predecessor-version":[{"id":3730,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/3707\/revisions\/3730"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=3707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=3707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=3707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}