VMRay Analyzer Report
| Information | Value |
|---|---|
| Trigger | usbehub.sys |
| Start Address | 0xfffff88003908d40 |
| Information | Value |
|---|---|
| Sequence Length | 211 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
| Symbol | Parameters |
|---|---|
| RtlInitUnicodeString | SourceString = \Device\VBoxDrv, DestinationString_out = \Device\VBoxDrv |
| IoCreateDevice | DriverObject_unk = 0xfffffa8002fcb5d0, DeviceExtensionSize = 0x1108, DeviceName = \Device\VBoxDrv, DeviceType_unk = 0x22, DeviceCharacteristics = 0x0, Exclusive = 0, DeviceObject_unk_out = 0xfffff88004789870, ret_val_unk_out = 0x0 |
| RtlInitUnicodeString | SourceString = \DosDevices\VBoxDrv, DestinationString_out = \DosDevices\VBoxDrv |
| IoCreateSymbolicLink | SymbolicLinkName = \DosDevices\VBoxDrv, DeviceName = \Device\VBoxDrv, ret_val_unk_out = 0x0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x20, Tag = 0x54525049, ret_val_ptr_out = 0xfffffa8001f5a870 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x50, Tag = 0x54525049, ret_val_ptr_out = 0xfffffa8003126570 |
| KeInitializeEvent | Type_unk = 0x1, State = 0, Event_unk_out = 0xfffffa80031265a0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x50, Tag = 0x54525049, ret_val_ptr_out = 0xfffffa8003074780 |
| KeInitializeEvent | Type_unk = 0x1, State = 0, Event_unk_out = 0xfffffa80030747b0 |
| KeQueryActiveProcessors | ret_val_unk_out = 0x1 |
| MmAllocateContiguousMemory | NumberOfBytes_ptr = 0x1000, HighestAcceptableAddress_unk = 0xffffffff, ret_val_ptr_out = 0xfffffa8001927000 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffffa8001927000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8003209a00 |
| MmBuildMdlForNonPagedPool | MemoryDescriptorList_unk = 0xfffffa8003209a00, MemoryDescriptorList_unk_out = 0xfffffa8003209a00 |
| ExSetTimerResolution | DesiredTime = 0x2625a, SetResolution = 1, ret_val_out = 0x26161 |
| ExSetTimerResolution | DesiredTime = 0x0, SetResolution = 0, ret_val_out = 0x26161 |
| KeQueryActiveProcessors | ret_val_unk_out = 0x1 |
| MmGetPhysicalAddress | BaseAddress_ptr = 0xfffffa8001927000, ret_val_unk_out = 0x7fe21000 |
| KeInitializeTimerEx | Type_unk = 0x1, Timer_unk_out = 0xfffffa8003167210 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff880039085b0, DeferredContext_ptr = 0xfffffa80031671a0, Dpc_unk_out = 0xfffffa8003167250 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167290 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167290, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167290 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167290, Number = 0, Dpc_unk_out = 0xfffffa8003167290 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa80031672d0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa80031672d0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa80031672d0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa80031672d0, Number = 1, Dpc_unk_out = 0xfffffa80031672d0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167310 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167310, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167310 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167310, Number = 2, Dpc_unk_out = 0xfffffa8003167310 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167350 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167350, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167350 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167350, Number = 3, Dpc_unk_out = 0xfffffa8003167350 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167390 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167390, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167390 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167390, Number = 4, Dpc_unk_out = 0xfffffa8003167390 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa80031673d0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa80031673d0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa80031673d0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa80031673d0, Number = 5, Dpc_unk_out = 0xfffffa80031673d0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167410 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167410, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167410 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167410, Number = 6, Dpc_unk_out = 0xfffffa8003167410 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167450 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167450, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167450 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167450, Number = 7, Dpc_unk_out = 0xfffffa8003167450 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167490 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167490, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167490 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167490, Number = 8, Dpc_unk_out = 0xfffffa8003167490 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa80031674d0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa80031674d0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa80031674d0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa80031674d0, Number = 9, Dpc_unk_out = 0xfffffa80031674d0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167510 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167510, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167510 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167510, Number = 10, Dpc_unk_out = 0xfffffa8003167510 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167550 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167550, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167550 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167550, Number = 11, Dpc_unk_out = 0xfffffa8003167550 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167590 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167590, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167590 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167590, Number = 12, Dpc_unk_out = 0xfffffa8003167590 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa80031675d0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa80031675d0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa80031675d0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa80031675d0, Number = 13, Dpc_unk_out = 0xfffffa80031675d0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167610 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167610, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167610 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167610, Number = 14, Dpc_unk_out = 0xfffffa8003167610 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167650 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167650, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167650 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167650, Number = 15, Dpc_unk_out = 0xfffffa8003167650 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167690 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167690, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167690 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167690, Number = 16, Dpc_unk_out = 0xfffffa8003167690 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa80031676d0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa80031676d0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa80031676d0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa80031676d0, Number = 17, Dpc_unk_out = 0xfffffa80031676d0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167710 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167710, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167710 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167710, Number = 18, Dpc_unk_out = 0xfffffa8003167710 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167750 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167750, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167750 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167750, Number = 19, Dpc_unk_out = 0xfffffa8003167750 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167790 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167790, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167790 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167790, Number = 20, Dpc_unk_out = 0xfffffa8003167790 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa80031677d0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa80031677d0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa80031677d0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa80031677d0, Number = 21, Dpc_unk_out = 0xfffffa80031677d0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167810 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167810, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167810 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167810, Number = 22, Dpc_unk_out = 0xfffffa8003167810 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167850 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167850, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167850 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167850, Number = 23, Dpc_unk_out = 0xfffffa8003167850 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167890 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167890, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167890 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167890, Number = 24, Dpc_unk_out = 0xfffffa8003167890 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa80031678d0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa80031678d0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa80031678d0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa80031678d0, Number = 25, Dpc_unk_out = 0xfffffa80031678d0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167910 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167910, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167910 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167910, Number = 26, Dpc_unk_out = 0xfffffa8003167910 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167950 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167950, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167950 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167950, Number = 27, Dpc_unk_out = 0xfffffa8003167950 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167990 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167990, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167990 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167990, Number = 28, Dpc_unk_out = 0xfffffa8003167990 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa80031679d0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa80031679d0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa80031679d0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa80031679d0, Number = 29, Dpc_unk_out = 0xfffffa80031679d0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167a10 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167a10, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167a10 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167a10, Number = 30, Dpc_unk_out = 0xfffffa8003167a10 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167a50 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167a50, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167a50 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167a50, Number = 31, Dpc_unk_out = 0xfffffa8003167a50 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167a90 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167a90, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167a90 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167a90, Number = 32, Dpc_unk_out = 0xfffffa8003167a90 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167ad0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167ad0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167ad0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167ad0, Number = 33, Dpc_unk_out = 0xfffffa8003167ad0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167b10 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167b10, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167b10 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167b10, Number = 34, Dpc_unk_out = 0xfffffa8003167b10 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167b50 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167b50, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167b50 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167b50, Number = 35, Dpc_unk_out = 0xfffffa8003167b50 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167b90 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167b90, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167b90 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167b90, Number = 36, Dpc_unk_out = 0xfffffa8003167b90 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167bd0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167bd0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167bd0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167bd0, Number = 37, Dpc_unk_out = 0xfffffa8003167bd0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167c10 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167c10, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167c10 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167c10, Number = 38, Dpc_unk_out = 0xfffffa8003167c10 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167c50 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167c50, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167c50 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167c50, Number = 39, Dpc_unk_out = 0xfffffa8003167c50 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167c90 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167c90, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167c90 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167c90, Number = 40, Dpc_unk_out = 0xfffffa8003167c90 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167cd0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167cd0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167cd0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167cd0, Number = 41, Dpc_unk_out = 0xfffffa8003167cd0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167d10 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167d10, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167d10 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167d10, Number = 42, Dpc_unk_out = 0xfffffa8003167d10 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167d50 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167d50, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167d50 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167d50, Number = 43, Dpc_unk_out = 0xfffffa8003167d50 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167d90 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167d90, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167d90 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167d90, Number = 44, Dpc_unk_out = 0xfffffa8003167d90 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167dd0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167dd0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167dd0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167dd0, Number = 45, Dpc_unk_out = 0xfffffa8003167dd0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167e10 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167e10, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167e10 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167e10, Number = 46, Dpc_unk_out = 0xfffffa8003167e10 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167e50 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167e50, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167e50 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167e50, Number = 47, Dpc_unk_out = 0xfffffa8003167e50 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167e90 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167e90, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167e90 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167e90, Number = 48, Dpc_unk_out = 0xfffffa8003167e90 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167ed0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167ed0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167ed0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167ed0, Number = 49, Dpc_unk_out = 0xfffffa8003167ed0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167f10 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167f10, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167f10 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167f10, Number = 50, Dpc_unk_out = 0xfffffa8003167f10 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167f50 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167f50, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167f50 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167f50, Number = 51, Dpc_unk_out = 0xfffffa8003167f50 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167f90 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167f90, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167f90 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167f90, Number = 52, Dpc_unk_out = 0xfffffa8003167f90 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003167fd0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003167fd0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003167fd0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003167fd0, Number = 53, Dpc_unk_out = 0xfffffa8003167fd0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003168010 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003168010, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003168010 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003168010, Number = 54, Dpc_unk_out = 0xfffffa8003168010 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003168050 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003168050, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003168050 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003168050, Number = 55, Dpc_unk_out = 0xfffffa8003168050 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003168090 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003168090, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003168090 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003168090, Number = 56, Dpc_unk_out = 0xfffffa8003168090 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa80031680d0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa80031680d0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa80031680d0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa80031680d0, Number = 57, Dpc_unk_out = 0xfffffa80031680d0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003168110 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003168110, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003168110 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003168110, Number = 58, Dpc_unk_out = 0xfffffa8003168110 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003168150 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003168150, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003168150 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003168150, Number = 59, Dpc_unk_out = 0xfffffa8003168150 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003168190 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003168190, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003168190 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003168190, Number = 60, Dpc_unk_out = 0xfffffa8003168190 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa80031681d0 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa80031681d0, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa80031681d0 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa80031681d0, Number = 61, Dpc_unk_out = 0xfffffa80031681d0 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003168210 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003168210, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003168210 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003168210, Number = 62, Dpc_unk_out = 0xfffffa8003168210 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffff88003908690, DeferredContext_ptr = 0xfffffa8001927000, Dpc_unk_out = 0xfffffa8003168250 |
| KeSetImportanceDpc | Dpc_unk = 0xfffffa8003168250, Importance_unk = 0x2, Dpc_unk_out = 0xfffffa8003168250 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffffa8003168250, Number = 63, Dpc_unk_out = 0xfffffa8003168250 |
| Information | Value |
|---|---|
| Trigger | IofCallDriver+0x50 |
| Start Address | 0xfffff88003908980 |
| Information | Value |
|---|---|
| Sequence Length | 5 |
| Process | Amount |
|---|---|
| Process 35 (pxinsi64.exe, PID: 1228) | 1 |
| Symbol | Parameters |
|---|---|
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x678, Tag = 0x54525049, ret_val_ptr_out = 0xfffffa8001952980 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x20, Tag = 0x54525049, ret_val_ptr_out = 0xfffffa800186dd80 |
| PsGetCurrentProcessId | ret_val_unk_out = 0x4cc |
| PsGetCurrentProcess | ret_val_out = 0xfffffa800251c060 |
| IofCompleteRequest | Irp_unk = 0xfffffa8002e2ad00, PriorityBoost = 0 |
| Information | Value |
|---|---|
| Trigger | IofCallDriver+0x50 |
| Start Address | 0xfffff88003908af0 |
| Information | Value |
|---|---|
| Sequence Length | 3 |
| Process | Amount |
|---|---|
| Process 35 (pxinsi64.exe, PID: 1228) | 1 |
| Symbol | Parameters |
|---|---|
| IoIs32bitProcess | Irp_unk = 0xfffffa8002e2ad00, ret_val_out = 0 |
| strncmp | _Str1 = The Magic Word!, _Str2 = The Magic Word!, _MaxCount = 0x10, ret_val_out = 0 |
| IofCompleteRequest | Irp_unk = 0xfffffa8002e2ad00, PriorityBoost = 0 |
| Information | Value |
|---|---|
| Sequence Length | 7 |
| Process | Amount |
|---|---|
| Process 35 (pxinsi64.exe, PID: 1228) | 1 |
| Symbol | Parameters |
|---|---|
| IoIs32bitProcess | Irp_unk = 0xfffffa8002e2ad00, ret_val_out = 0 |
| memchr | _Buf_ptr = 0xfffffa800316255c, _Val = 0, _MaxCount = 0x20, ret_val_ptr_out = 0xfffffa800316255d |
| ExAcquireFastMutex | FastMutex_unk = 0xfffffa8003126588, FastMutex_unk_out = 0xfffffa8003126588 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0xaf, Tag = 0x54525049, ret_val_ptr_out = 0xfffffa80031626b0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x28, Tag = 0x54525049, ret_val_ptr_out = 0xfffffa8002ed4160 |
| ExReleaseFastMutex | FastMutex_unk = 0xfffffa8003126588, FastMutex_unk_out = 0xfffffa8003126588 |
| IofCompleteRequest | Irp_unk = 0xfffffa8002e2ad00, PriorityBoost = 0 |
| Information | Value |
|---|---|
| Sequence Length | 4 |
| Process | Amount |
|---|---|
| Process 35 (pxinsi64.exe, PID: 1228) | 1 |
| Symbol | Parameters |
|---|---|
| IoIs32bitProcess | Irp_unk = 0xfffffa8002e2ad00, ret_val_out = 0 |
| ExAcquireFastMutex | FastMutex_unk = 0xfffffa8003126588, FastMutex_unk_out = 0xfffffa8003126588 |
| ExReleaseFastMutex | FastMutex_unk = 0xfffffa8003126588, FastMutex_unk_out = 0xfffffa8003126588 |
| IofCompleteRequest | Irp_unk = 0xfffffa8002e2ad00, PriorityBoost = 0 |
| Information | Value |
|---|---|
| Sequence Length | 2 |
| Process | Amount |
|---|---|
| Process 35 (pxinsi64.exe, PID: 1228) | 1 |
| Symbol | Parameters |
|---|---|
| IoIs32bitProcess | Irp_unk = 0xfffffa8002e2ad00, ret_val_out = 0 |
| IofCompleteRequest | Irp_unk = 0xfffffa8002e2ad00, PriorityBoost = 0 |
| Information | Value |
|---|---|
| Sequence Length | 1 |
| Process | Amount |
|---|---|
| Process 35 (pxinsi64.exe, PID: 1228) | 1 |
| Symbol | Parameters |
|---|---|
| IofCompleteRequest | Irp_unk = 0xfffffa8002e2ad00, PriorityBoost = 0 |
| Information | Value |
|---|---|
| Trigger | IofCallDriver+0x50 |
| Start Address | 0xfffff88003908390 |
| Information | Value |
|---|---|
| Sequence Length | 7 |
| Process | Amount |
|---|---|
| Process 35 (pxinsi64.exe, PID: 1228) | 1 |
| Symbol | Parameters |
|---|---|
| ExAcquireFastMutex | FastMutex_unk = 0xfffffa8003126588, FastMutex_unk_out = 0xfffffa8003126588 |
| ExFreePoolWithTag | P_ptr = 0xfffffa80031626b0, Tag = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffffa8002ed4160, Tag = 0x0 |
| ExReleaseFastMutex | FastMutex_unk = 0xfffffa8003126588, FastMutex_unk_out = 0xfffffa8003126588 |
| ExFreePoolWithTag | P_ptr = 0xfffffa800186dd80, Tag = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffffa8001952980, Tag = 0x0 |
| IofCompleteRequest | Irp_unk = 0xfffffa8002e2ad00, PriorityBoost = 0 |
| Information | Value |
|---|---|
| Trigger | IopLoadUnloadDriver+0x19 |
| Start Address | 0xfffff880039088b0 |
| Information | Value |
|---|---|
| Sequence Length | 9 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
| Symbol | Parameters |
|---|---|
| RtlInitUnicodeString | SourceString = \DosDevices\VBoxDrv, DestinationString_out = \DosDevices\VBoxDrv |
| IoDeleteSymbolicLink | SymbolicLinkName = \DosDevices\VBoxDrv, ret_val_unk_out = 0x0 |
| KeCancelTimer | param_1_unk = 0xfffffa8003167210, param_1_unk_out = 0xfffffa8003167210, ret_val_out = 0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8003209a00 |
| MmFreeContiguousMemory | BaseAddress_ptr = 0xfffffa8001927000 |
| ExFreePoolWithTag | P_ptr = 0xfffffa8003074780, Tag = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffffa8003126570, Tag = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffffa8001f5a870, Tag = 0x0 |
| IoDeleteDevice | DeviceObject_unk = 0xfffffa8003167050 |
| Information | Value |
|---|---|
| Trigger | IopLoadDriver+0xa04 |
| Start Address | 0xfffff88004895be0 |
| Information | Value |
|---|---|
| Sequence Length | 603 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
| Symbol | Parameters |
|---|---|
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x10, Tag = 0x4895544, ret_val_ptr_out = 0xfffffa8002ec3a40 |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x4000, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x4000, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff880047894b0, ret_val_unk_out = 0xc0000004 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x9658, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x9658, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff880047894b0, ret_val_unk_out = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x4000, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x4000, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff880047894b0, ret_val_unk_out = 0xc0000004 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x9658, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x9658, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff880047894b0, ret_val_unk_out = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x4000, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x4000, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff880047894b0, ret_val_unk_out = 0xc0000004 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x9658, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x9658, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff880047894b0, ret_val_unk_out = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| ExFreePoolWithTag | P_ptr = 0xfffffa8002ec3a40, Tag = 0x4895544 |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x4000, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x4000, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff880047897a8, ret_val_unk_out = 0xc0000004 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x9658, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x9658, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff880047897a8, ret_val_unk_out = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| RtlQueryRegistryValues | RelativeTo = 0x3, Path = 0x0, QueryTable_unk = 0xfffff88004789780, Context_ptr = 0x0, Environment_ptr = 0x0, ret_val_unk_out = 0x0 |
| RtlNtStatusToDosError | Status_unk = 0x0, ret_val_out = 0x0 |
| ZwOpenEvent | DesiredAccess_unk = 0x1f0003, ObjectAttributes_unk = 0xfffff880047895a0, EventHandle_ptr_out = 0xfffff88004789810, ret_val_unk_out = 0xc0000034 |
| _snwprintf | _Count = 0x104, _Format = \BaseNamedObjects\%S, _Dest_out = \BaseNamedObjects\shell.{F21EDC09-85D3-4eb9-915F-1AFA2FF28153}, ret_val_out = 62 |
| RtlInitUnicodeString | SourceString = \BaseNamedObjects\shell.{F21EDC09-85D3-4eb9-915F-1AFA2FF28153}, DestinationString_out = \BaseNamedObjects\shell.{F21EDC09-85D3-4eb9-915F-1AFA2FF28153} |
| ZwOpenEvent | DesiredAccess_unk = 0x1f0003, ObjectAttributes_unk = 0xfffff880047895a0, EventHandle_ptr_out = 0xfffff88004789810, ret_val_unk_out = 0xc0000034 |
| PsGetVersion | MajorVersion_ptr_out = 0xfffff88004789528, MinorVersion_ptr_out = 0xfffff88004789520, BuildNumber_ptr_out = 0x0, CSDVersion_ptr_out = 0x0, ret_val_out = 0 |
| RtlLengthRequiredSid | SubAuthorityCount = 0x1, ret_val_out = 0xc |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x44, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a000dbfc00 |
| RtlCreateSecurityDescriptor | Revision = 0x1, SecurityDescriptor_unk_out = 0xfffff8a000dbfc00, ret_val_unk_out = 0x0 |
| RtlSetDaclSecurityDescriptor | DaclPresent = 1, Dacl_unk = 0x0, DaclDefaulted = 0, SecurityDescriptor_unk_out = 0xfffff8a000dbfc00, ret_val_unk_out = 0x0 |
| ZwCreateEvent | DesiredAccess_unk = 0x1f0003, ObjectAttributes_unk = 0xfffff880047895a0, EventType_unk = 0x0, InitialState = 0, EventHandle_ptr_out = 0xfffff8800486f5b8, ret_val_unk_out = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a000dbfc00, Tag = 0x7346744e |
| PsCreateSystemThread | DesiredAccess = 0x0, ObjectAttributes_unk = 0x0, ProcessHandle_unk = 0x0, StartRoutine_unk = 0xfffff8800482303c, StartContext_ptr = 0xfffff880048708d4, ThreadHandle_ptr_out = 0xfffff88004789818, ClientId_unk_out = 0x0, ret_val_unk_out = 0x0 |
| ZwWaitForSingleObject | Handle_unk = 0xffffffff80000824, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| ZwClose | Handle_unk = 0xffffffff80000824, ret_val_unk_out = 0x0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x87000, Tag = 0x7346744e, ret_val_ptr_out = 0xfffffa8001bbe000 |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x4000, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x4000, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff88004789708, ret_val_unk_out = 0xc0000004 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x9658, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x9658, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff88004789708, ret_val_unk_out = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| RtlQueryRegistryValues | RelativeTo = 0x3, Path = 0x0, QueryTable_unk = 0xfffff880047896e0, Context_ptr = 0x0, Environment_ptr = 0x0, ret_val_unk_out = 0x0 |
| RtlNtStatusToDosError | Status_unk = 0x0, ret_val_out = 0x0 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026ec860, Length = 0x7a0, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8003209a00 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8003209a00, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8003209a00 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026ed000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x60, Tag = 0x7346744e, ret_val_ptr_out = 0xfffffa8002e556a0 |
| sprintf | _Format = %02x, _Dest_out = 65, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 04, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 25, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 88, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8a, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 80, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f6, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = c3, ret_val_out = 2 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8003209a00, MemoryDescriptorList_unk_out = 0xfffffa8003209a00 |
| IoFreeMdl | Mdl_unk = 0xfffffa8003209a00 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x4000, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x4000, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff88004789508, ret_val_unk_out = 0xc0000004 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x9658, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f17000 |
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x9658, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff88004789508, ret_val_unk_out = 0x0 |
| _vsnprintf | count = 0x104, format = \SystemRoot\system32\%s, ap_unk = 0xfffff88004789518, string_out = \SystemRoot\system32\ntoskrnl.exe, ret_val_out = 33 |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x20a, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f435e0 |
| mbstowcs | _Source = \SystemRoot\system32\ntoskrnl.exe, _MaxCount = 0x104, _Dest_out = \SystemRoot\system32\ntoskrnl.exe, ret_val_unk_out = 0x21 |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x208, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001635bd0 |
| wcsncpy | _Source = \SystemRoot\system32\ntoskrnl.exe, _Count = 0x104, _Dest_out = \SystemRoot\system32\ntoskrnl.exe, ret_val_out = \SystemRoot\system32\ntoskrnl.exe |
| RtlInitUnicodeString | SourceString = \SystemRoot\system32\ntoskrnl.exe, DestinationString_out = \SystemRoot\system32\ntoskrnl.exe |
| IoCreateFile | DesiredAccess_unk = 0x100001, ObjectAttributes_ptr = 0xfffff880047893b8, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \SystemRoot\system32\ntoskrnl.exe, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x80, ShareAccess = 0x3, Disposition = 0x1, CreateOptions = 0x10, EaBuffer_ptr = 0x0, EaLength = 0x0, CreateFileType_unk = 0x0, InternalParameters_ptr = 0x0, Options = 0x100, FileHandle_ptr_out = 0xfffff88004789390, FileHandle_out = 0xffffffff80000824, IoStatusBlock_unk_out = 0xfffff880047893a8, ret_val_unk_out = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001635bd0, Tag = 0x7346744e |
| ZwQueryInformationFile | FileHandle_unk = 0xffffffff80000824, Length = 0x18, FileInformationClass_unk = 0x5, IoStatusBlock_unk_out = 0xfffff880047893e0, FileInformation_ptr_out = 0xfffff880047893f0, ret_val_unk_out = 0x0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x54bfc0, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a002000000 |
| ZwReadFile | FileHandle_unk = 0xffffffff80000824, Event_unk = 0x0, UserApcRoutine_unk = 0x0, UserApcContext_ptr = 0x0, BufferLength = 0x54bfc0, ByteOffset_ptr = 0xfffff88004789438, ByteOffset = -2, Key_ptr = 0x0, IoStatusBlock_unk_out = 0xfffff88004789400, Buffer_ptr_out = 0xfffff8a002000000, Buffer_deref_data_out = BINARY(offset=108056959,skipped=1,size=0), ret_val_unk_out = 0x0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x5e7000, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a002600000 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a002000000, Tag = 0x7346744e |
| ZwClose | Handle_unk = 0x0, ret_val_unk_out = 0xc0000008 |
| ZwClose | Handle_unk = 0xffffffff80000824, ret_val_unk_out = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f435e0, Tag = 0x7346744e |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001f17000, Tag = 0x7346744e |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88007fad000 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88007fad000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0xc88, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001f4b010 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0xe0, Tag = 0x7346744e, ret_val_ptr_out = 0xfffffa80018506f0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x2c, Tag = 0x7346744e, ret_val_ptr_out = 0xfffffa8002eb0220 |
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0xfffffa8002eb0200 |
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0xfffffa8002eb0200 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0xfffff80000b95c02, ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| ExFreePoolWithTag | P_ptr = 0xfffffa8002eb0220, Tag = 0x7346744e |
| ExAllocatePoolWithTag | PoolType_unk = 0x1, NumberOfBytes_ptr = 0x104, Tag = 0x7346744e, ret_val_ptr_out = 0xfffff8a001858010 |
| ExFreePoolWithTag | P_ptr = 0xfffff8a001858010, Tag = 0x7346744e |
| ZwClose | Handle_unk = 0x0, ret_val_unk_out = 0xc0000008 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0xfffff800026f6902, ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0xe0, Tag = 0x7346744e, ret_val_ptr_out = 0xfffffa8002fc9600 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 54, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 54, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026f6920, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x10, Tag = 0x7346744e, ret_val_ptr_out = 0xfffffa8002ec3a40 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0x28, Tag = 0x7346744e, ret_val_ptr_out = 0xfffffa8002eb0220 |
| ExAllocatePoolWithTag | PoolType_unk = 0x0, NumberOfBytes_ptr = 0xe0, Tag = 0x7346744e, ret_val_ptr_out = 0xfffffa800202f300 |
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f5, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 57, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 41, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 57, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 81, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f5, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 57, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 41, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 57, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 81, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f3, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 56, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 57, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 41, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 81, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 80, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f3, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 56, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 57, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 41, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 81, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 80, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c4800, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = fd, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 2e, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 64, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 38, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 84, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 80, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 64, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 38, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 84, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 80, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c5060, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 9d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 26, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 5d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 45, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 20, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 45, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 43, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 18, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 08, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 45, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 20, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 45, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 43, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 18, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 08, ret_val_out = 2 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c4920, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = dd, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 2d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 23, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 38, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 65, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 04, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 25, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 88, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8a, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 90, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f6, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 38, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 65, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 04, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 25, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 88, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8a, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 90, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f6, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c49e0, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 2d, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 29, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 5b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 18, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 54, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 56, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 57, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 5b, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 18, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 54, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 56, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 57, ret_val_out = 2 |
| strncpy | _Source = $NtUninstallQ923283$, _Count = 0x64, _Dest_out = $NtUninstallQ923283$, ret_val_out = $NtUninstallQ923283$ |
| _snwprintf | _Count = 0x104, _Format = \SystemRoot\%S, _Dest_out = \SystemRoot\$NtUninstallQ923283$, ret_val_out = 32 |
| strncpy | _Source = fdisk.sys, _Count = 0x64, _Dest_out = fdisk.sys, ret_val_out = fdisk.sys |
| _snwprintf | _Count = 0x104, _Format = %s\%S, _Dest_out = \SystemRoot\$NtUninstallQ923283$\fdisk.sys, ret_val_out = 42 |
| RtlInitUnicodeString | SourceString = \SystemRoot\$NtUninstallQ923283$, DestinationString_out = \SystemRoot\$NtUninstallQ923283$ |
| IoCreateFile | DesiredAccess_unk = 0xc0000000, ObjectAttributes_ptr = 0xfffff88004788ef0, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \SystemRoot\$NtUninstallQ923283$, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x2, ShareAccess = 0x0, Disposition = 0x2, CreateOptions = 0x21, EaBuffer_ptr = 0x0, EaLength = 0x0, CreateFileType_unk = 0x700000000, InternalParameters_ptr = 0x0, Options = 0x100, FileHandle_ptr_out = 0xfffff880047896a0, FileHandle_out = 0xfffffa8002e516c0, IoStatusBlock_unk_out = 0xfffff88004788fa0, ret_val_unk_out = 0xc0000035 |
| _snprintf | _Count = 0x64, _Format = %s, _Dest_out = Ultra3, ret_val_out = 6 |
| _snwprintf | _Count = 0x104, _Format = \Registry\Machine\System\CurrentControlSet\Services\%S, _Dest_out = \Registry\Machine\System\CurrentControlSet\Services\Ultra3, ret_val_out = 58 |
| RtlInitUnicodeString | SourceString = \Registry\Machine\System\CurrentControlSet\Services\Ultra3, DestinationString_out = \Registry\Machine\System\CurrentControlSet\Services\Ultra3 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| strncpy | _Source = $NtUninstallQ923283$, _Count = 0x64, _Dest_out = $NtUninstallQ923283$, ret_val_out = $NtUninstallQ923283$ |
| _snwprintf | _Count = 0x104, _Format = %%SystemRoot%%\%S, _Dest_out = %SystemRoot%\$NtUninstallQ923283$, ret_val_out = 33 |
| strncpy | _Source = fdisk_mon.exe, _Count = 0x64, _Dest_out = fdisk_mon.exe, ret_val_out = fdisk_mon.exe |
| _snwprintf | _Count = 0x104, _Format = %s\%S, _Dest_out = %SystemRoot%\$NtUninstallQ923283$\fdisk_mon.exe, ret_val_out = 47 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa8002e65600 |
| ZwFlushKey | KeyHandle_unk = 0xffffffff80000824, ret_val_unk_out = 0x0 |
| ZwClose | Handle_unk = 0xffffffff80000824, ret_val_unk_out = 0x0 |
| PsCreateSystemThread | DesiredAccess = 0x1f03ff, ObjectAttributes_unk = 0x0, ProcessHandle_unk = 0x0, StartRoutine_unk = 0xfffffa8001bc8880, StartContext_ptr = 0x0, ThreadHandle_ptr_out = 0xfffff880047895a0, ClientId_unk_out = 0x0, ret_val_unk_out = 0x0 |
| ZwWaitForSingleObject | Handle_unk = 0xffffffff80000824, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| ZwClose | Handle_unk = 0xffffffff80000824, ret_val_unk_out = 0x0 |
| PsCreateSystemThread | DesiredAccess = 0x1f03ff, ObjectAttributes_unk = 0x0, ProcessHandle_unk = 0x0, StartRoutine_unk = 0xfffffa8001bc88f4, StartContext_ptr = 0xfffff8a000307c00, ThreadHandle_ptr_out = 0xfffff88004789610, ClientId_unk_out = 0x0, ret_val_unk_out = 0x0 |
| ZwWaitForSingleObject | Handle_unk = 0xffffffff80000824, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| ZwClose | Handle_unk = 0xffffffff80000824, ret_val_unk_out = 0x0 |
| KeInitializeEvent | Type_unk = 0x0, State = 0, Event_unk_out = 0xfffff88004789610 |
| KeInitializeDpc | DeferredRoutine_unk = 0xfffffa8001bc4130, DeferredContext_ptr = 0xfffff88004789610, Dpc_unk_out = 0xfffff88004789630 |
| KeSetImportanceDpc | Dpc_unk = 0xfffff88004789630, Importance_unk = 0x2, Dpc_unk_out = 0xfffff88004789630 |
| KeSetTargetProcessorDpc | Dpc_unk = 0xfffff88004789630, Number = 0, Dpc_unk_out = 0xfffff88004789630 |
| KeInsertQueueDpc | Dpc_unk = 0xfffff88004789630, SystemArgument1_ptr = 0x0, SystemArgument2_ptr = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffff88004789610, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a54200, Length = 0x100, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8003209a00 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8003209a00, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8003209a00 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0xfffff800026cc502, ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 38, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 8c, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 38, ret_val_out = 2 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026cc550, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0xfffff800026d7502, ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f3, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 56, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f3, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 56, ret_val_out = 2 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026d75f0, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| ZwOpenKey | DesiredAccess_unk = 0x2, ObjectAttributes_ptr = 0xfffff88004789710, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \Registry\Machine\System\CurrentControlSet\Control\Session Manager\Memory Management, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, KeyHandle_ptr_out = 0xfffff880047896c0, KeyHandle_out = 0xffffffff80000824, ret_val_unk_out = 0x0 |
| ZwSetValueKey | KeyHandle_unk = 0xffffffff80000824, ValueName = LargePageMinimum, TitleIndex = 0x0, Type = 0x4, Data_ptr = 0xfffff88004789780, Data = 0xffffffff, DataSize = 0x4, ret_val_unk_out = 0x0 |
| ZwClose | Handle_unk = 0xffffffff80000824, ret_val_unk_out = 0x0 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0xfffff800026d6102, ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026d6180, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0xfffff80002939002, ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f3, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 56, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = f3, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 |
| sprintf | _Format = %02x, _Dest_out = 56, ret_val_out = 2 |
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800029390c0, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 |
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0x0 |
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 |
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 |
| PsCreateSystemThread | DesiredAccess = 0x1f03ff, ObjectAttributes_unk = 0x0, ProcessHandle_unk = 0x0, StartRoutine_unk = 0xfffffa8001bc88f4, StartContext_ptr = 0xfffff8a000307c00, ThreadHandle_ptr_out = 0xfffff88004789740, ClientId_unk_out = 0x0, ret_val_unk_out = 0x0 |
| ZwClose | Handle_unk = 0xffffffff80000824, ret_val_unk_out = 0x0 |
| Information | Value |
|---|---|
| Trigger | PspSystemThreadStartup+0x57 |
| Start Address | 0xfffff8800482303c |
| Information | Value |
|---|---|
| Sequence Length | 2 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
| Symbol | Parameters |
|---|---|
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 |
| PsTerminateSystemThread | ExitStatus_unk = 0x0 |
| Information | Value |
|---|---|
| Trigger | PspSystemThreadStartup+0x57 |
| Start Address | 0xfffffa8001bc8880 |
| Information | Value |
|---|---|
| Sequence Length | 2 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
| Symbol | Parameters |
|---|---|
| KeGetCurrentThread | ret_val_out = 0xfffffa8003177620 |
| PsTerminateSystemThread | ExitStatus_unk = 0x0 |
| Information | Value |
|---|---|
| Trigger | PspSystemThreadStartup+0x57 |
| Start Address | 0xfffffa8001bc88f4 |
| Information | Value |
|---|---|
| Sequence Length | 3 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 3 |
| Symbol | Parameters |
|---|---|
| KeGetCurrentThread | ret_val_out = 0xfffffa8002f81b50 |
| rand | ret_val_out = 17888 |
| PsTerminateSystemThread | ExitStatus_unk = 0x0 |
| Information | Value |
|---|---|
| Sequence Length | 2199 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
| Symbol | Parameters | ||||
|---|---|---|---|---|---|
| KeGetCurrentThread | ret_val_out = 0xfffffa80030e9a00 | ||||
| rand | ret_val_out = 12425 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| PsCreateSystemThread | DesiredAccess = 0x0, ObjectAttributes_unk = 0x0, ProcessHandle_unk = 0x0, StartRoutine_unk = 0xfffffa8001bdfef4, StartContext_ptr = 0xfffffa8001c2d8d0, ThreadHandle_ptr_out = 0xfffff880022c9b48, ClientId_unk_out = 0x0, ret_val_unk_out = 0x0 | ||||
| ZwWaitForSingleObject | Handle_unk = 0xffffffff800007f4, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ZwClose | Handle_unk = 0xffffffff800007f4, ret_val_unk_out = 0x0 | ||||
| PsGetCurrentProcess | ret_val_out = 0xfffffa80018b0040 | ||||
| strncpy | _Source = System, _Count = 0x11, _Dest_out = System, ret_val_out = System | ||||
| RtlInitUnicodeString | SourceString = \Device\Null, DestinationString_out = \Device\Null | ||||
| IoGetDeviceObjectPointer | ObjectName = \Device\Null, DesiredAccess_unk = 0x0, FileObject_unk_out = 0xfffff880022c9b40, DeviceObject_unk_out = 0xfffffa8001c2c540, ret_val_unk_out = 0x0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| ObfReferenceObject | Object_ptr = 0xfffffa8002516740, ret_val_ptr_out = 0x3 | ||||
| ObfDereferenceObject | Object_ptr = 0xfffffa8002a65200, ret_val_ptr_out = 0x0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeInitializeMutex | Level = 0x0, Mutex_unk_out = 0xfffffa8002db2820 | ||||
| KeInitializeMutex | Level = 0x0, Mutex_unk_out = 0xfffffa8002f64ce0 | ||||
| KeInitializeMutex | Level = 0x0, Mutex_unk_out = 0xfffffa8003062510 | ||||
| KeInitializeMutex | Level = 0x0, Mutex_unk_out = 0xfffffa8002e55aa0 | ||||
| KeInitializeMutex | Level = 0x0, Mutex_unk_out = 0xfffffa8002f7f7b0 | ||||
| KeInitializeMutex | Level = 0x0, Mutex_unk_out = 0xfffffa800303a160 | ||||
| KeInitializeMutex | Level = 0x0, Mutex_unk_out = 0xfffffa8003133510 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c4720, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dd, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 13, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88000b56000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88000b56000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0xfffff8000299db02, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 08, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 08, ret_val_out = 2 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff8000299db60, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c4aa0, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88000b57000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88000b57000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0xfffff80002986d02, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 20, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 20, ret_val_out = 2 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002986df0, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c4800, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = fd, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2e, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88000b58000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88000b58000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0xfffff80002982802, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002982820, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c6de0, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 09, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88000b59000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88000b59000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0xfffff80002b4f402, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 08, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 08, ret_val_out = 2 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002b4f440, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c4520, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dd, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 31, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 03, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88000b5a000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88000b5a000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0xfffff800029b7f02, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 20, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 20, ret_val_out = 2 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800029b7f80, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c4b20, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dd, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 33, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88000b5b000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88000b5b000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0xfffff800029d9c02, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f3, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 30, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f3, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 30, ret_val_out = 2 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800029d9cdc, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c4780, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 7d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 16, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88000b5c000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88000b5c000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0xfffff800029e0702, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 20, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 20, ret_val_out = 2 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800029e0780, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c4640, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bd, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 30, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 0c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88000b5d000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88000b5d000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0xfffff800029c5702, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 08, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 08, ret_val_out = 2 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800029c5740, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800026c49e0, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c4, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = fa, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ec, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 9c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 10, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 48, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 29, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff88000000010, ret_val_ptr_out = 0xfffff88000b5e000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88000b5e000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0xfffff80002987d02, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 18, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 89, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 18, ret_val_out = 2 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002987d14, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0xfffff800029ca602, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = dc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 55, ret_val_out = 2 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff800029ca650, Length = 0x4, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x2, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KfRaiseIrql | NewIrql_unk = 0x2, ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0x0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| ZwOpenEvent | DesiredAccess_unk = 0x1f0003, ObjectAttributes_unk = 0xfffff880022c9790, EventHandle_ptr_out = 0xfffff880022c9a00, ret_val_unk_out = 0xc0000034 | ||||
| _snwprintf | _Count = 0x104, _Format = \Device\%S, _Dest_out = \Device\RawDisk1, ret_val_out = 16 | ||||
| _snwprintf | _Count = 0x104, _Format = \Device\%S, _Dest_out = \Device\RawDisk2, ret_val_out = 16 | ||||
| _snprintf | _Count = 0x104, _Format = \??\%s, _Dest_out = \??\Par1, ret_val_out = 8 | ||||
| _swprintf | _Format = %S, _Dest_out = \??\Par1, ret_val_out = 8 | ||||
| _snprintf | _Count = 0x104, _Format = \??\%s, _Dest_out = \??\Par2, ret_val_out = 8 | ||||
| _swprintf | _Format = %S, _Dest_out = \??\Par2, ret_val_out = 8 | ||||
| _snwprintf | _Count = 0x104, _Format = \BaseNamedObjects\%S, _Dest_out = \BaseNamedObjects\shell.{F21EDC09-85D3-4eb9-915F-1AFA2FF28153}, ret_val_out = 62 | ||||
| RtlInitUnicodeString | SourceString = \BaseNamedObjects\shell.{F21EDC09-85D3-4eb9-915F-1AFA2FF28153}, DestinationString_out = \BaseNamedObjects\shell.{F21EDC09-85D3-4eb9-915F-1AFA2FF28153} | ||||
| ZwOpenEvent | DesiredAccess_unk = 0x1f0003, ObjectAttributes_unk = 0xfffff880022c9790, EventHandle_ptr_out = 0xfffff880022c9a00, ret_val_unk_out = 0x0 | ||||
| ZwClose | Handle_unk = 0xffffffff800007f4, ret_val_unk_out = 0x0 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8003133510, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| KeReleaseMutex | Mutex_unk = 0xfffffa8003133510, Wait = 0, Mutex_unk_out = 0xfffffa8003133510, ret_val_out = 0 | ||||
| ObReferenceObjectByHandle | Handle_unk = 0xffffffff800007f4, DesiredAccess_unk = 0x0, ObjectType_unk = 0x0, AccessMode_unk = 0x0, Object_ptr_out = 0xfffff880022c9560, Object_out = 0xfffffa8002dd1890, HandleInformation_unk_out = 0x0, ret_val_unk_out = 0x0 | ||||
| ObfDereferenceObject | Object_ptr = 0xfffffa8002dd1890, ret_val_ptr_out = 0x5 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa800303a160, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| KeReleaseMutex | Mutex_unk = 0xfffffa800303a160, Wait = 0, Mutex_unk_out = 0xfffffa800303a160, ret_val_out = 0 | ||||
| RtlQueryRegistryValues | RelativeTo = 0x3, Path = 0x0, QueryTable_unk = 0xfffff880022c9970, Context_ptr = 0x0, Environment_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8003133510, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| KeReleaseMutex | Mutex_unk = 0xfffffa8003133510, Wait = 0, Mutex_unk_out = 0xfffffa8003133510, ret_val_out = 0 | ||||
| ObReferenceObjectByHandle | Handle_unk = 0xffffffff800007f4, DesiredAccess_unk = 0x0, ObjectType_unk = 0x0, AccessMode_unk = 0x0, Object_ptr_out = 0xfffff880022c9660, Object_out = 0xfffff8a0013e0c50, HandleInformation_unk_out = 0x0, ret_val_unk_out = 0x0 | ||||
| ObfDereferenceObject | Object_ptr = 0xfffff8a0013e0c50, ret_val_ptr_out = 0x1 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa800303a160, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| KeReleaseMutex | Mutex_unk = 0xfffffa800303a160, Wait = 0, Mutex_unk_out = 0xfffffa800303a160, ret_val_out = 0 | ||||
| RtlNtStatusToDosError | Status_unk = 0x0, ret_val_out = 0x0 | ||||
| RtlInitUnicodeString | SourceString = \SystemRoot, DestinationString_out = \SystemRoot | ||||
| ZwOpenSymbolicLinkObject | DesiredAccess_unk = 0x1, ObjectAttributes_unk = 0xfffff880022c96d0, SymbolicLinkHandle_ptr_out = 0xfffff880022c99a0, ret_val_unk_out = 0x0 | ||||
| ZwQuerySymbolicLinkObject | SymLinkObjHandle_unk = 0xffffffff800007f4, LinkTarget_out = \Device\Harddisk0\Partition2\Windows, DataWritten_ptr_out = 0x0, ret_val_unk_out = 0x0 | ||||
| wcsncpy | _Source = Windows, _Count = 0x104, _Dest_out = Windows, ret_val_out = Windows | ||||
| strncpy | _Source = $NtUninstallQ923283$, _Count = 0x52, _Dest_out = $NtUninstallQ923283$, ret_val_out = $NtUninstallQ923283$ | ||||
| _snwprintf | _Count = 0x51, _Format = %S, _Dest_out = $NtUninstallQ923283$, ret_val_out = 20 | ||||
| _snwprintf | _Count = 0x103, _Format = \SystemRoot\%S, _Dest_out = \SystemRoot\$NtUninstallQ923283$, ret_val_out = 32 | ||||
| RtlInitUnicodeString | SourceString = \SystemRoot\$NtUninstallQ923283$, DestinationString_out = \SystemRoot\$NtUninstallQ923283$ | ||||
| ZwOpenFile | DesiredAccess_unk = 0x100000, ObjectAttributes_ptr = 0xfffff880022c96d0, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \SystemRoot\$NtUninstallQ923283$, ObjectAttributes_deref_Attributes = 0x240, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, ShareAccess = 0x7, OpenOptions = 0x21, FileHandle_ptr_out = 0xfffff880022c99a0, FileHandle_out = 0xffffffff80000824, IoStatusBlock_unk_out = 0xfffff880022c9700, ret_val_unk_out = 0x0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| ObReferenceObjectByHandle | Handle_unk = 0xffffffff80000824, DesiredAccess_unk = 0x0, ObjectType_unk = 0x0, AccessMode_unk = 0x0, Object_ptr_out = 0xfffff880022c99a8, Object_out = 0xfffffa8002a65200, HandleInformation_unk_out = 0x0, ret_val_unk_out = 0x0 | ||||
| ObfReferenceObject | Object_ptr = 0xfffffa800202b650, ret_val_ptr_out = 0xa | ||||
| ObfReferenceObject | Object_ptr = 0xfffffa8002c55030, ret_val_ptr_out = 0x2 | ||||
| ObfDereferenceObject | Object_ptr = 0xfffffa8002a65200, ret_val_ptr_out = 0x1 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| ZwClose | Handle_unk = 0xffffffff80000824, ret_val_unk_out = 0x0 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8003133510, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| KeReleaseMutex | Mutex_unk = 0xfffffa8003133510, Wait = 0, Mutex_unk_out = 0xfffffa8003133510, ret_val_out = 0 | ||||
| ObReferenceObjectByHandle | Handle_unk = 0xffffffff80000824, DesiredAccess_unk = 0x0, ObjectType_unk = 0x0, AccessMode_unk = 0x0, Object_ptr_out = 0xfffff880022c9490, Object_out = 0xfffffa8002a65200, HandleInformation_unk_out = 0x0, ret_val_unk_out = 0x0 | ||||
| ObfDereferenceObject | Object_ptr = 0xfffffa8002a65200, ret_val_ptr_out = 0x1 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa800303a160, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| KeReleaseMutex | Mutex_unk = 0xfffffa800303a160, Wait = 0, Mutex_unk_out = 0xfffffa800303a160, ret_val_out = 0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeInitializeEvent | Type_unk = 0x1, State = 0, Event_unk_out = 0xfffffa80026b7660 | ||||
| PsCreateSystemThread | DesiredAccess = 0x1f03ff, ObjectAttributes_unk = 0x0, ProcessHandle_unk = 0x0, StartRoutine_unk = 0xfffffa8001bc88f4, StartContext_ptr = 0xfffff8a001ecfc00, ThreadHandle_ptr_out = 0xfffffa8001c2c210, ClientId_unk_out = 0x0, ret_val_unk_out = 0x0 | ||||
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x4000, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff880022c9908, ret_val_unk_out = 0xc0000004 | ||||
| ZwQuerySystemInformation | SystemInformationClass_unk = 0xb, Length_ptr = 0x9530, SystemInformation_ptr_out = 0xfffff8a001f17000, ResultLength_ptr_out = 0xfffff880022c9908, ret_val_unk_out = 0x0 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| ExGetPreviousMode | ret_val_unk_out = 0xfffffa80030e9a00 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0x779a17b0, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000b5f000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d0, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1d, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ed, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 5f, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = ff, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 49, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = c1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e2, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 05, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = bc, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 1a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 40, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = e9, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 2a, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnmapLockedPages | BaseAddress_ptr = 0xfffff88000b5f000, MemoryDescriptorList_unk = 0xfffffa8002e516c0 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0x779a17e0, Length = 0x40, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = d1, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = b8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 50, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 00, ret_val_out = 2 | ||||
| MmUnlockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| IoFreeMdl | Mdl_unk = 0xfffffa8002e516c0 | ||||
| IoAllocateMdl | VirtualAddress_ptr = 0xfffff80002a41000, Length = 0x1000, SecondaryBuffer = 0, ChargeQuota = 0, Irp_unk = 0x0, Irp_unk_out = 0x0, ret_val_unk_out = 0xfffffa8002e516c0 | ||||
| MmProbeAndLockPages | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, Operation_unk = 0x0, MemoryDescriptorList_unk_out = 0xfffffa8002e516c0 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0x10, ret_val_ptr_out = 0xfffff88000b60000 | ||||
| sprintf | _Format = %02x, _Dest_out = 8b, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 44, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 24, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 28, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 83, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = f8, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 01, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 77, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 6c, ret_val_out = 2 | ||||
| sprintf | _Format = %02x, _Dest_out = 4c, ret_val_out = 2 | ||||
| For performance reasons the remaining entries are omitted. Click to download all entries as text file. | |||||
| Information | Value |
|---|---|
| Sequence Length | 38 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
| Symbol | Parameters |
|---|---|
| KeGetCurrentThread | ret_val_out = 0xfffffa800311f640 |
| rand | ret_val_out = 25331 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa80026b7660, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0xfffff88002798aa0, ret_val_unk_out = 0x102 |
| RtlNtStatusToDosError | Status_unk = 0x102, ret_val_out = 0x5b4 |
| KeAcquireSpinLockRaiseToDpc | SpinLock_unk = 0xfffffa8001c2cf30, SpinLock_unk_out = 0xfffffa8001c2cf30, ret_val_unk_out = 0x0 |
| PsGetCurrentThreadId | ret_val_unk_out = 0x1a8 |
| KeReleaseSpinLock | SpinLock_unk = 0xfffffa8001c2cf30, NewIrql_unk = 0x0, SpinLock_unk_out = 0xfffffa8001c2cf30 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa80026b7660, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0xfffff88002798aa0, ret_val_unk_out = 0x102 |
| RtlNtStatusToDosError | Status_unk = 0x102, ret_val_out = 0x5b4 |
| KeAcquireSpinLockRaiseToDpc | SpinLock_unk = 0xfffffa8001c2cf30, SpinLock_unk_out = 0xfffffa8001c2cf30, ret_val_unk_out = 0x0 |
| PsGetCurrentThreadId | ret_val_unk_out = 0x1a8 |
| KeReleaseSpinLock | SpinLock_unk = 0xfffffa8001c2cf30, NewIrql_unk = 0x0, SpinLock_unk_out = 0xfffffa8001c2cf30 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa80026b7660, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0xfffff88002798aa0, ret_val_unk_out = 0x102 |
| RtlNtStatusToDosError | Status_unk = 0x102, ret_val_out = 0x5b4 |
| KeAcquireSpinLockRaiseToDpc | SpinLock_unk = 0xfffffa8001c2cf30, SpinLock_unk_out = 0xfffffa8001c2cf30, ret_val_unk_out = 0x0 |
| PsGetCurrentThreadId | ret_val_unk_out = 0x1a8 |
| KeReleaseSpinLock | SpinLock_unk = 0xfffffa8001c2cf30, NewIrql_unk = 0x0, SpinLock_unk_out = 0xfffffa8001c2cf30 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa80026b7660, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0xfffff88002798aa0, ret_val_unk_out = 0x102 |
| RtlNtStatusToDosError | Status_unk = 0x102, ret_val_out = 0x5b4 |
| KeAcquireSpinLockRaiseToDpc | SpinLock_unk = 0xfffffa8001c2cf30, SpinLock_unk_out = 0xfffffa8001c2cf30, ret_val_unk_out = 0x0 |
| PsGetCurrentThreadId | ret_val_unk_out = 0x1a8 |
| KeReleaseSpinLock | SpinLock_unk = 0xfffffa8001c2cf30, NewIrql_unk = 0x0, SpinLock_unk_out = 0xfffffa8001c2cf30 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa80026b7660, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0xfffff88002798aa0, ret_val_unk_out = 0x102 |
| RtlNtStatusToDosError | Status_unk = 0x102, ret_val_out = 0x5b4 |
| KeAcquireSpinLockRaiseToDpc | SpinLock_unk = 0xfffffa8001c2cf30, SpinLock_unk_out = 0xfffffa8001c2cf30, ret_val_unk_out = 0x0 |
| PsGetCurrentThreadId | ret_val_unk_out = 0x1a8 |
| KeReleaseSpinLock | SpinLock_unk = 0xfffffa8001c2cf30, NewIrql_unk = 0x0, SpinLock_unk_out = 0xfffffa8001c2cf30 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa80026b7660, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0xfffff88002798aa0, ret_val_unk_out = 0x102 |
| RtlNtStatusToDosError | Status_unk = 0x102, ret_val_out = 0x5b4 |
| KeAcquireSpinLockRaiseToDpc | SpinLock_unk = 0xfffffa8001c2cf30, SpinLock_unk_out = 0xfffffa8001c2cf30, ret_val_unk_out = 0x0 |
| PsGetCurrentThreadId | ret_val_unk_out = 0x1a8 |
| KeReleaseSpinLock | SpinLock_unk = 0xfffffa8001c2cf30, NewIrql_unk = 0x0, SpinLock_unk_out = 0xfffffa8001c2cf30 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa80026b7660, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0xfffff88002798aa0, ret_val_unk_out = 0x102 |
| RtlNtStatusToDosError | Status_unk = 0x102, ret_val_out = 0x5b4 |
| KeAcquireSpinLockRaiseToDpc | SpinLock_unk = 0xfffffa8001c2cf30, SpinLock_unk_out = 0xfffffa8001c2cf30, ret_val_unk_out = 0x0 |
| PsGetCurrentThreadId | ret_val_unk_out = 0x1a8 |
| KeReleaseSpinLock | SpinLock_unk = 0xfffffa8001c2cf30, NewIrql_unk = 0x0, SpinLock_unk_out = 0xfffffa8001c2cf30 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa80026b7660, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0xfffff88002798aa0 |
| Information | Value |
|---|---|
| Sequence Length | 3 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
| Symbol | Parameters |
|---|---|
| KeGetCurrentThread | ret_val_out = 0xfffffa8002fc83c0 |
| rand | ret_val_out = 11502 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa80031273d0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0 |
| Information | Value |
|---|---|
| Sequence Length | 82 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
| Symbol | Parameters |
|---|---|
| KeGetCurrentThread | ret_val_out = 0xfffffa8003177620 |
| rand | ret_val_out = 5970 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002f7f7b0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002f7f7b0, Wait = 0, Mutex_unk_out = 0xfffffa8002f7f7b0, ret_val_out = 0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002e5ca10, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8003062510, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8003062510, Wait = 0, Mutex_unk_out = 0xfffffa8003062510, ret_val_out = 0 |
| IoCreateFile | DesiredAccess_unk = 0xc0000000, ObjectAttributes_ptr = 0xfffff880044ca820, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \Device\NamedPipe\isapi_dg4, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x0, Disposition = 0x1, CreateOptions = 0x0, EaBuffer_ptr = 0x0, EaLength = 0x0, CreateFileType_unk = 0xfffff88000000000, InternalParameters_ptr = 0x0, Options = 0x100, FileHandle_ptr_out = 0xfffff8a001b865b8, FileHandle_out = 0x0, IoStatusBlock_unk_out = 0xfffff880044ca810, ret_val_unk_out = 0xc0000034 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 |
| RtlNtStatusToDosError | Status_unk = 0xc0000034, ret_val_out = 0x2 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8003062510, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8003062510, Wait = 0, Mutex_unk_out = 0xfffffa8003062510, ret_val_out = 0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| RtlFreeAnsiString | AnsiString_ptr = 0xfffff8a001b86598 |
| RtlFreeAnsiString | AnsiString = \ |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002e5ca10, Wait = 0, Mutex_unk_out = 0xfffffa8002e5ca10, ret_val_out = 0 |
| KeDelayExecutionThread | WaitMode_unk = 0x0, Alertable = 0, Interval_ptr = 0xfffff880044caba0, Interval = -100000000, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002f7f7b0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002f7f7b0, Wait = 0, Mutex_unk_out = 0xfffffa8002f7f7b0, ret_val_out = 0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002e5ca10, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| RtlInitAnsiString | DestinationString_ptr = 0xfffff880044ca7d0, SourceString_unk = 0xfffff8a001ebfed0 |
| RtlAnsiStringToUnicodeString | DestinationString_ptr = 0xfffff8a001820b78, SourceString = \Device\NamedPipe\isapi_dg4, AllocateDestinationString = 1, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8003062510, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8003062510, Wait = 0, Mutex_unk_out = 0xfffffa8003062510, ret_val_out = 0 |
| IoCreateFile | DesiredAccess_unk = 0xc0000000, ObjectAttributes_ptr = 0xfffff880044ca820, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \Device\NamedPipe\isapi_dg4, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x0, Disposition = 0x1, CreateOptions = 0x0, EaBuffer_ptr = 0x0, EaLength = 0x0, CreateFileType_unk = 0xfffff88000000000, InternalParameters_ptr = 0x0, Options = 0x100, FileHandle_ptr_out = 0xfffff8a001820b88, FileHandle_out = 0x0, IoStatusBlock_unk_out = 0xfffff880044ca810, ret_val_unk_out = 0xc0000034 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 |
| RtlNtStatusToDosError | Status_unk = 0xc0000034, ret_val_out = 0x2 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8003062510, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8003062510, Wait = 0, Mutex_unk_out = 0xfffffa8003062510, ret_val_out = 0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| RtlFreeAnsiString | AnsiString_ptr = 0xfffff8a001820b68 |
| RtlFreeAnsiString | AnsiString = \ |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002e5ca10, Wait = 0, Mutex_unk_out = 0xfffffa8002e5ca10, ret_val_out = 0 |
| KeDelayExecutionThread | WaitMode_unk = 0x0, Alertable = 0, Interval_ptr = 0xfffff880044caba0, Interval = -100000000, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002f7f7b0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002f7f7b0, Wait = 0, Mutex_unk_out = 0xfffffa8002f7f7b0, ret_val_out = 0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002e5ca10, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| RtlInitAnsiString | DestinationString_ptr = 0xfffff880044ca7d0, SourceString_unk = 0xfffff8a001ebfed0 |
| RtlAnsiStringToUnicodeString | DestinationString_ptr = 0xfffff8a001e9a708, SourceString = \Device\NamedPipe\isapi_dg4, AllocateDestinationString = 1, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8003062510, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8003062510, Wait = 0, Mutex_unk_out = 0xfffffa8003062510, ret_val_out = 0 |
| IoCreateFile | DesiredAccess_unk = 0xc0000000, ObjectAttributes_ptr = 0xfffff880044ca820, ObjectAttributes_deref_Length = 0x30, ObjectAttributes_deref_RootDirectory_unk = 0x0, ObjectAttributes_deref_ObjectName = \Device\NamedPipe\isapi_dg4, ObjectAttributes_deref_Attributes = 0x40, ObjectAttributes_deref_SecurityDescriptor_ptr = 0x0, ObjectAttributes_deref_SecurityQualityOfService_ptr = 0x0, AllocationSize_ptr = 0x0, FileAttributes = 0x0, ShareAccess = 0x0, Disposition = 0x1, CreateOptions = 0x0, EaBuffer_ptr = 0x0, EaLength = 0x0, CreateFileType_unk = 0xfffff88000000000, InternalParameters_ptr = 0x0, Options = 0x100, FileHandle_ptr_out = 0xfffff8a001e9a718, FileHandle_out = 0x0, IoStatusBlock_unk_out = 0xfffff880044ca810, ret_val_unk_out = 0xc0000034 |
| KeGetCurrentIrql | ret_val_unk_out = 0x0 |
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 |
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 |
| RtlNtStatusToDosError | Status_unk = 0xc0000034, ret_val_out = 0x2 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8003062510, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8003062510, Wait = 0, Mutex_unk_out = 0xfffffa8003062510, ret_val_out = 0 |
| KeWaitForSingleObject | Object_ptr = 0xfffffa8002db2820, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002db2820, Wait = 0, Mutex_unk_out = 0xfffffa8002db2820, ret_val_out = 0 |
| RtlFreeAnsiString | AnsiString_ptr = 0xfffff8a001e9a6f8 |
| RtlFreeAnsiString | AnsiString = \ |
| KeReleaseMutex | Mutex_unk = 0xfffffa8002e5ca10, Wait = 0, Mutex_unk_out = 0xfffffa8002e5ca10, ret_val_out = 0 |
| KeDelayExecutionThread | WaitMode_unk = 0x0, Alertable = 0, Interval_ptr = 0xfffff880044caba0, Interval = -100000000 |
| Information | Value |
|---|---|
| Sequence Length | 1613 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
| Symbol | Parameters | ||||
|---|---|---|---|---|---|
| KeGetCurrentThread | ret_val_out = 0xfffffa8002e72880 | ||||
| rand | ret_val_out = 14463 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002e2ada8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff8800435e000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002e2ad00, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002e2ada8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff8800437b000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002e2ad00, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002ff5cd8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007e64000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002ff5c30, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007e9c000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007e9d000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ec9000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007eca000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ecb000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ecc000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ecd000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ece000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ecf000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ed0000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ed1000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ed2000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ed3000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ed4000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ed5000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ed6000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ed7000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ed8000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ed9000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007eda000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007edb000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007edc000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007edd000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ede000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007edf000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ee0000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f1d0b8 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002bdce50, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ee1000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa8002f1d010, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8003227378 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007ee3000 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa80032272d0, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8003227378 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88007eec000 | ||||
| ZwFlushVirtualMemory | ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff880045bbb50, BaseAddress = 0x3293e00, RegionSize_ptr = 0xfffff880045bbb58, BaseAddress_ptr_out = 0xfffff880045bbb50, BaseAddress_out = 0x3293000, RegionSize_ptr_out = 0xfffff880045bbb58, IoStatus_unk_out = 0xfffff880045bbb00, ret_val_unk_out = 0xc0000054 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa80032272d0, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8003227378 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88000b93000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa80032272d0, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8003227378 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88000b97000 | ||||
| ZwFlushVirtualMemory | ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff880045bbb50, BaseAddress = 0x94000, RegionSize_ptr = 0xfffff880045bbb58, BaseAddress_ptr_out = 0xfffff880045bbb50, BaseAddress_out = 0x94000, RegionSize_ptr_out = 0xfffff880045bbb58, IoStatus_unk_out = 0xfffff880045bbb00, ret_val_unk_out = 0x0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa80032272d0, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8003227378 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88000b9b000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa80032272d0, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8003227378 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88000b9c000 | ||||
| ZwFlushVirtualMemory | ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff880045bbb50, BaseAddress = 0x92000, RegionSize_ptr = 0xfffff880045bbb58, BaseAddress_ptr_out = 0xfffff880045bbb50, BaseAddress_out = 0x92000, RegionSize_ptr_out = 0xfffff880045bbb58, IoStatus_unk_out = 0xfffff880045bbb00, ret_val_unk_out = 0x0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa80032272d0, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8003227378 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88000b9d000 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa80032272d0, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8003227378 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88000b9e000 | ||||
| ZwFlushVirtualMemory | ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff880045bbb50, BaseAddress = 0x92000, RegionSize_ptr = 0xfffff880045bbb58, BaseAddress_ptr_out = 0xfffff880045bbb50, BaseAddress_out = 0x92000, RegionSize_ptr_out = 0xfffff880045bbb58, IoStatus_unk_out = 0xfffff880045bbb00, ret_val_unk_out = 0x0 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa80032272d0, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8003227378 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88000b9f000 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa80032272d0, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8003227378 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8002e516c0, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88000bb0000 | ||||
| ZwFlushVirtualMemory | ProcessHandle_unk = 0xffffffffffffffff, BaseAddress_ptr = 0xfffff880045bbb50, BaseAddress = 0xc88fe00, RegionSize_ptr = 0xfffff880045bbb58 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| IofCompleteRequest | Irp_unk = 0xfffffa80032272d0, PriorityBoost = 0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0x0 | ||||
| KeWaitForSingleObject | Object_ptr = 0xfffffa8001c2cee0, WaitReason_unk = 0x0, WaitMode_unk = 0x0, Alertable = 0, Timeout_ptr = 0x0, ret_val_unk_out = 0x0 | ||||
| ExInterlockedRemoveHeadList | ListHead_unk = 0xfffffa8001c2cec8, Lock_unk = 0xfffffa8001c2ced8, ListHead_unk_out = 0xfffffa8001c2cec8, Lock_unk_out = 0xfffffa8001c2ced8, ret_val_unk_out = 0xfffffa8002f18c78 | ||||
| MmMapLockedPagesSpecifyCache | MemoryDescriptorList_unk = 0xfffffa8001ae4000, AccessMode_unk = 0x0, CacheType_unk = 0x1, BaseAddress_ptr = 0x0, BugCheckOnFailure = 0x0, Priority_unk = 0xfffff8a000000010, ret_val_ptr_out = 0xfffff88004800000 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| PsGetCurrentProcessId | ret_val_unk_out = 0x4 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| KeRaiseIrqlToDpcLevel | ret_val_unk_out = 0x0 | ||||
| KeLowerIrql | NewIrql_unk = 0xfffffa8001c2bc00 | ||||
| KeGetCurrentIrql | ret_val_unk_out = 0x0 | ||||
| For performance reasons the remaining entries are omitted. Click to download all entries as text file. | |||||
| Information | Value |
|---|---|
| Trigger | PspSystemThreadStartup+0x57 |
| Start Address | 0xfffffa8001bdfef4 |
| Information | Value |
|---|---|
| Sequence Length | 739 |
| Process | Amount |
|---|---|
| Process 2 (System, PID: 4) | 1 |
