Silné zamrzání PC...

Zpráva

1danab · #16 Příspěvek od **1danab** » 16 kvě 2010 17:39

klidně rozdělte

hokage · #17 Příspěvek od **hokage** » 16 kvě 2010 17:41

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 17:46:21
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Hokage\Local Settings\Temp\uwddyuod.sys

---- System - GMER 1.0.15 ----

SSDT spdy.sys ZwCreateKey [0xF73820E0]
SSDT spdy.sys ZwEnumerateKey [0xF739ADA4]
SSDT spdy.sys ZwEnumerateValueKey [0xF739B132]
SSDT spdy.sys ZwOpenKey [0xF73820C0]
SSDT spdy.sys ZwQueryKey [0xF739B20A]
SSDT spdy.sys ZwQueryValueKey [0xF739B08A]
SSDT spdy.sys ZwSetValueKey [0xF739B29C]

INT 0x62 ? 8636ABF8
INT 0x63 ? 86259BF8
INT 0x83 ? 86259BF8
INT 0x94 ? 86259BF8
INT 0xB4 ? 8636ABF8
INT 0xB4 ? 8636ABF8
INT 0xB4 ? 86259BF8
INT 0xB4 ? 8636ABF8

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwPowerInformation + 210 805AA400 4 Bytes [85, F6, 74, 78] {TEST ESI, ESI; JZ 0x7c}
PAGE ntoskrnl.exe!ZwPowerInformation + 215 805AA405 4 Bytes [FF, 74, 74, BF] {PUSH DWORD [ESP+ESI*2-0x41]}
PAGE ntoskrnl.exe!ZwPowerInformation + 21A 805AA40A 70 Bytes [00, 00, 00, 3B, DF, 72, 5C, ...]
PAGE ntoskrnl.exe!ZwPowerInformation + 261 805AA451 35 Bytes CALL 80509734 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwPowerInformation + 286 805AA476 13 Bytes JMP 805AA2A9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!FsRtlNotifyVolumeEvent + 20 805AB57A 38 Bytes [8B, D8, 33, C9, 3B, D9, 7C, ...]
PAGE ntoskrnl.exe!FsRtlNotifyVolumeEvent + 47 805AB5A1 143 Bytes [84, 62, 29, 04, 00, 48, 0F, ...]
PAGE ntoskrnl.exe!FsRtlNotifyVolumeEvent + D7 805AB631 7 Bytes [8B, 40, 14, 0F, B7, 98, 94]
PAGE ntoskrnl.exe!FsRtlNotifyVolumeEvent + DF 805AB639 28 Bytes [00, 00, 89, 45, FC, 8B, 45, ...]
PAGE ntoskrnl.exe!FsRtlNotifyVolumeEvent + FC 805AB656 66 Bytes [6A, 01, 89, 75, F8, E8, A5, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlCreateHeap + 4 805ABBC3 5 Bytes [00, 68, E0, A3, 51]
PAGE ntoskrnl.exe!RtlCreateHeap + A 805ABBC9 75 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlCreateHeap + 56 805ABC15 27 Bytes [3B, D3, 0F, 8C, ED, CC, 02, ...]
PAGE ntoskrnl.exe!RtlCreateHeap + 72 805ABC31 19 Bytes [F6, 45, DA, 20, 0F, 85, 7E, ...]
PAGE ntoskrnl.exe!RtlCreateHeap + 87 805ABC46 73 Bytes [45, A8, 39, 5D, AC, 75, 08, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwSetInformationToken + 55 805AC015 43 Bytes [83, 4D, FC, FF, 8B, 7D, 0C, ...]
PAGE ntoskrnl.exe!ZwSetInformationToken + 82 805AC042 8 Bytes [00, 83, FF, 0C, 0F, 84, 7E, ...] {ADD [EBX-0x7bf0f301], AL; JLE 0x45}
PAGE ntoskrnl.exe!ZwSetInformationToken + 8C 805AC04C 182 Bytes [6A, 00, 8D, 4D, C8, 51, FF, ...]
PAGE ntoskrnl.exe!ZwSetInformationToken + 143 805AC103 2 Bytes [00, 00] {ADD [EAX], AL}
PAGE ntoskrnl.exe!ZwSetInformationToken + 146 805AC106 44 Bytes [75, 0B, 8D, 48, 34, 39, 09, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlCopyLuid + 74 805AC500 42 Bytes JMP 0C00B807
PAGE ntoskrnl.exe!RtlCopyLuid + 9F 805AC52B 17 Bytes [33, F6, 80, 7D, 10, 00, 74, ...] {XOR ESI, ESI; CMP BYTE [EBP+0x10], 0x0; JZ 0x14; PUSH ESI; PUSH DWORD [EBP-0x24]; CALL 0xfffffffffffa4cbb}
PAGE ntoskrnl.exe!RtlCopyLuid + B1 805AC53D 129 Bytes [45, 24, 39, 75, 14, 75, 09, ...]
PAGE ntoskrnl.exe!RtlCopyLuid + 133 805AC5BF 25 Bytes [0F, 84, CF, 36, 00, 00, 3B, ...]
PAGE ntoskrnl.exe!RtlCopyLuid + 14D 805AC5D9 29 Bytes CALL 804E5545 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwCreateToken + 5 805AC92B 72 Bytes [68, A8, 6E, 50, 80, E8, 6E, ...]
PAGE ntoskrnl.exe!ZwCreateToken + 4E 805AC974 50 Bytes [45, 2C, 89, 45, AC, 8B, 45, ...]
PAGE ntoskrnl.exe!ZwCreateToken + 82 805AC9A8 20 Bytes [89, 5D, B0, 89, 5D, 9C, 89, ...]
PAGE ntoskrnl.exe!ZwCreateToken + 97 805AC9BD 14 Bytes [8A, 80, 40, 01, 00, 00, 88, ...]
PAGE ntoskrnl.exe!ZwCreateToken + A6 805AC9CC 1 Byte [00]
PAGE ...
PAGE ntoskrnl.exe!KeFlushQueuedDpcs + 16 805AD47E 84 Bytes [35, 50, BA, 55, 80, 8B, D8, ...]
PAGE ntoskrnl.exe!KeFlushQueuedDpcs + 6B 805AD4D3 25 Bytes [08, 8B, 46, 18, 8B, 40, 14, ...]
PAGE ntoskrnl.exe!KeFlushQueuedDpcs + 86 805AD4EE 192 Bytes CALL 805ACFF4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!KeFlushQueuedDpcs + 147 805AD5AF 75 Bytes CALL 805511E4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!KeFlushQueuedDpcs + 193 805AD5FB 9 Bytes [8B, F0, 85, F6, 0F, 84, 9E, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwLoadDriver + C 805AEDEE 92 Bytes [33, F6, 33, DB, 89, 5D, E4, ...]
PAGE ntoskrnl.exe!ZwLoadDriver + 69 805AEE4B 74 Bytes [00, C7, 45, A4, 8A, EE, 5A, ...]
PAGE ntoskrnl.exe!ZwLoadDriver + B4 805AEE96 115 Bytes [46, 20, 33, DB, 3B, C3, 57, ...]
PAGE ntoskrnl.exe!ZwLoadDriver + 128 805AEF0A 21 Bytes [FF, 8A, 40, 08, D0, E8, 24, ...]
PAGE ntoskrnl.exe!ZwLoadDriver + 13E 805AEF20 3 Bytes CALL 805E74E5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlGetAce + E4 805AF07E 30 Bytes JMP 74567B85
PAGE ntoskrnl.exe!RtlGetAce + 103 805AF09D 1 Byte [85]
PAGE ntoskrnl.exe!RtlGetAce + 103 805AF09D 25 Bytes [85, C0, 0F, 8C, 5D, FF, FF, ...]
PAGE ntoskrnl.exe!RtlGetAce + 11D 805AF0B7 53 Bytes [84, C0, 75, 18, 83, 7D, 08, ...]
PAGE ntoskrnl.exe!RtlGetAce + 153 805AF0ED 57 Bytes CALL 805511E5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoRegisterFileSystem + E5 805AF29A 34 Bytes [85, C0, 0F, 8C, 92, 59, FC, ...]
PAGE ntoskrnl.exe!IoRegisterFileSystem + 109 805AF2BE 18 Bytes [85, FF, 0F, 85, AC, 50, 05, ...]
PAGE ntoskrnl.exe!IoRegisterFileSystem + 11C 805AF2D1 89 Bytes [00, 33, C9, 38, 4D, E0, 0F, ...]
PAGE ntoskrnl.exe!IoRegisterFileSystem + 176 805AF32B 67 Bytes [85, E4, FE, FF, FF, 66, 89, ...]
PAGE ntoskrnl.exe!IoRegisterFileSystem + 1BA 805AF36F 59 Bytes [00, 83, F8, 24, 0F, 84, A6, ...]
PAGE ...
PAGE ntoskrnl.exe!IoDisconnectInterrupt + 1B 805AF404 129 Bytes [06, 85, C0, 75, 15, 83, C6, ...]
PAGE ntoskrnl.exe!IoDisconnectInterrupt + 9D 805AF486 120 Bytes JMP 0C00E78D
PAGE ntoskrnl.exe!IoDisconnectInterrupt + 116 805AF4FF 48 Bytes [8B, D6, BF, DC, F2, 55, 80, ...]
PAGE ntoskrnl.exe!IoDisconnectInterrupt + 147 805AF530 100 Bytes [00, 2B, C1, 0F, 84, 92, 82, ...]
PAGE ntoskrnl.exe!IoDisconnectInterrupt + 1AC 805AF595 10 Bytes CALL 804E7DB7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwCreateDirectoryObject + 24 805AF5DB 35 Bytes [00, 8B, 75, 08, 8D, 45, D8, ...]
PAGE ntoskrnl.exe!ZwCreateDirectoryObject + 48 805AF5FF 12 Bytes [3B, C3, 7C, 3F, 6A, 29, 59, ...] {CMP EAX, EBX; JL 0x43; PUSH 0x29; POP ECX; XOR EAX, EAX; MOV EDX, [EBP-0x28]}
PAGE ntoskrnl.exe!ZwCreateDirectoryObject + 55 805AF60C 25 Bytes [FA, F3, AB, 89, 9A, 94, 00, ...]
PAGE ntoskrnl.exe!ZwCreateDirectoryObject + 6F 805AF626 64 Bytes CALL 8056DA63 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwCreateDirectoryObject + B0 805AF667 4 Bytes [84, 66, 0B, 06] {TEST [ESI+0xb], AH; PUSH ES}
PAGE ...
PAGE ntoskrnl.exe!ZwListenPort + 11 805AF9F1 36 Bytes [57, 56, 56, FF, 75, 08, E8, ...]
PAGE ntoskrnl.exe!ZwListenPort + 36 805AFA16 23 Bytes CALL 804E2EDA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwListenPort + 4E 805AFA2E 27 Bytes [FF, 75, 08, FF, 35, 48, A4, ...]
PAGE ntoskrnl.exe!ZwListenPort + 6A 805AFA4A 219 Bytes [FF, B0, C0, 00, 00, 00, 6A, ...]
PAGE ntoskrnl.exe!ZwListenPort + 146 805AFB26 75 Bytes [05, FE, FF, 00, 00, 66, 85, ...]
PAGE ntoskrnl.exe!ZwInitializeRegistry + 1 805AFB72 15 Bytes [FF, 55, 8B, EC, 64, A1, 24, ...]
PAGE ntoskrnl.exe!ZwInitializeRegistry + 11 805AFB82 58 Bytes [01, 0F, 85, 79, FF, FF, FF, ...]
PAGE ntoskrnl.exe!ZwInitializeRegistry + 4C 805AFBBD 23 Bytes [8E, D4, 00, 00, 00, 57, E8, ...]
PAGE ntoskrnl.exe!ZwInitializeRegistry + 64 805AFBD5 36 Bytes [80, 7D, FF, 00, 74, 0B, 3D, ...]
PAGE ntoskrnl.exe!ZwInitializeRegistry + 89 805AFBFA 28 Bytes CALL 804DC599 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwPulseEvent + 39 805B032F 2 Bytes [75, 08] {JNZ 0xa}
PAGE ntoskrnl.exe!ZwPulseEvent + 3C 805B0332 3 Bytes CALL 8056C55A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwPulseEvent + 40 805B0336 13 Bytes [89, 45, D8, 3B, C3, 7C, 21, ...]
PAGE ntoskrnl.exe!ZwPulseEvent + 4E 805B0344 11 Bytes CALL 80515C90 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwPulseEvent + 5A 805B0350 54 Bytes CALL 804E192F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwCreateWaitablePort + D 805B03AB 6 Bytes [FF, 75, 10, FF, 75, 0C] {PUSH DWORD [EBP+0x10]; PUSH DWORD [EBP+0xc]}
PAGE ntoskrnl.exe!ZwCreateWaitablePort + 15 805B03B3 73 Bytes CALL 8059EC6D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwCreateWaitablePort + 5F 805B03FD 54 Bytes CALL 804E192F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwCreateWaitablePort + 97 805B0435 144 Bytes JMP 8057AFF4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwCreateWaitablePort + 128 805B04C6 41 Bytes JMP EC5D8904
PAGE ...
PAGE ntoskrnl.exe!IoUnregisterFileSystem + 2 805B05CB 25 Bytes [55, 8B, EC, 53, 56, 57, 6A, ...]
PAGE ntoskrnl.exe!IoUnregisterFileSystem + 1C 805B05E5 22 Bytes [0B, 8B, 47, 34, 8B, 4F, 38, ...]
PAGE ntoskrnl.exe!IoUnregisterFileSystem + 33 805B05FC 61 Bytes [3B, F3, 75, 22, FF, 05, 1C, ...]
PAGE ntoskrnl.exe!IoUnregisterFileSystem + 71 805B063A 65 Bytes [B6, 48, 0A, 89, 0F, E9, CE, ...]
PAGE ntoskrnl.exe!NtQueryInformationAtom + 1F 805B067D 50 Bytes [5D, FC, 64, A1, 24, 01, 00, ...]
PAGE ntoskrnl.exe!NtQueryInformationAtom + 52 805B06B0 74 Bytes [3B, C8, 0F, 83, 91, 2B, 06, ...]
PAGE ntoskrnl.exe!NtQueryInformationAtom + 9D 805B06FB 83 Bytes CALL 8057208D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtQueryInformationAtom + F1 805B074F 57 Bytes [F0, FF, FF, 56, 6A, 01, E8, ...]
PAGE ntoskrnl.exe!NtQueryInformationAtom + 12B 805B0789 74 Bytes JMP 805E1AE8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoConnectInterrupt + 23 805B07D4 20 Bytes [A8, 01, 74, 02, FE, C1, D1, ...]
PAGE ntoskrnl.exe!IoConnectInterrupt + 38 805B07E9 5 Bytes [48, 69, C0, E4, 01]
PAGE ntoskrnl.exe!IoConnectInterrupt + 3E 805B07EF 28 Bytes [00, 68, 49, 6F, 69, 6E, 05, ...]
PAGE ntoskrnl.exe!IoConnectInterrupt + 5B 805B080C 9 Bytes [45, 14, 85, C0, 75, 06, 8D, ...]
PAGE ntoskrnl.exe!IoConnectInterrupt + 65 805B0816 12 Bytes [00, 00, 83, 7D, FC, 00, 89, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwSetSystemInformation + 4D 805B0A61 47 Bytes [0F, 84, 87, 6C, 00, 00, 83, ...]
PAGE ntoskrnl.exe!ZwSetSystemInformation + 7D 805B0A91 8 Bytes [48, 48, 0F, 85, 70, 26, 00, ...] {DEC EAX; DEC EAX; JNZ 0x2678}
PAGE ntoskrnl.exe!ZwSetSystemInformation + 86 805B0A9A 2 Bytes [FE, 1C]
PAGE ntoskrnl.exe!ZwSetSystemInformation + 89 805B0A9D 4 Bytes [85, 98, 6C, 00]
PAGE ntoskrnl.exe!ZwSetSystemInformation + 8E 805B0AA2 2 Bytes [84, C9] {TEST CL, CL}
PAGE ...
PAGE ntoskrnl.exe!IoWMIOpenBlock + D 805B10D7 1 Byte [A3]
PAGE ntoskrnl.exe!IoWMIOpenBlock + 10 805B10DA 31 Bytes [53, 8B, 5D, 10, 56, 8B, 75, ...]
PAGE ntoskrnl.exe!IoWMIOpenBlock + 30 805B10FA 60 Bytes [B6, 46, 0E, 50, 0F, B6, 46, ...]
PAGE ntoskrnl.exe!IoWMIOpenBlock + 6D 805B1137 24 Bytes [C4, 3C, 8D, 45, A0, 50, 8D, ...]
PAGE ntoskrnl.exe!IoWMIOpenBlock + 87 805B1151 58 Bytes [F3, AB, 8D, 45, 90, 89, 45, ...]
PAGE ...
PAGE ntoskrnl.exe!PsRevertToSelf + E 805B1475 75 Bytes [8E, D4, 00, 00, 00, 6A, 02, ...]
PAGE ntoskrnl.exe!PsRevertToSelf + 5A 805B14C1 23 Bytes [00, 75, 0B, 8D, 46, 34, 39, ...]
PAGE ntoskrnl.exe!PsRevertToSelf + 72 805B14D9 23 Bytes JMP 804E192D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!PsRevertToSelf + 8A 805B14F1 36 Bytes [00, 0F, 84, 6D, B6, FD, FF, ...]
PAGE ntoskrnl.exe!PsRevertToSelf + AF 805B1516 74 Bytes [EC, 53, 56, 6A, 00, 8D, 45, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlGetDaclSecurityDescriptor 805B1763 3 Bytes [8B, FF, 55] {MOV EDI, EDI; PUSH EBP}
PAGE ntoskrnl.exe!RtlGetDaclSecurityDescriptor + 4 805B1767 175 Bytes [EC, 8B, 45, 08, 80, 38, 01, ...]
PAGE ntoskrnl.exe!RtlGetDaclSecurityDescriptor + B4 805B1817 5 Bytes [75, E1, 33, F6, 6A]
PAGE ntoskrnl.exe!RtlGetDaclSecurityDescriptor + BA 805B181D 4 Bytes [68, 80, 9F, 56]
PAGE ntoskrnl.exe!RtlGetDaclSecurityDescriptor + BF 805B1822 115 Bytes CALL 804E8508 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoWMIQueryAllData + E 805B195D 13 Bytes [4D, 08, 56, 8B, 75, 10, 85, ...]
PAGE ntoskrnl.exe!IoWMIQueryAllData + 1C 805B196B 94 Bytes [FC, 8B, 07, 0F, 84, 60, DC, ...]
PAGE ntoskrnl.exe!IoWMIQueryAllData + 7B 805B19CA 115 Bytes [00, 8B, 4D, FC, 5F, 5E, E8, ...]
PAGE ntoskrnl.exe!IoWMIQueryAllData + F0 805B1A3F 78 Bytes JMP 805A883E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoWMIQueryAllData + 140 805B1A8F 127 Bytes [00, 83, 63, 0C, 00, 8B, 45, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlAddAccessAllowedAceEx + 2 805B1BD5 5 Bytes [55, 8B, EC, 6A, 00] {PUSH EBP; MOV EBP, ESP; PUSH 0x0}
PAGE ntoskrnl.exe!RtlAddAccessAllowedAceEx + 8 805B1BDB 29 Bytes [75, 18, FF, 75, 14, FF, 75, ...]
PAGE ntoskrnl.exe!IoWMISetNotificationCallback + 2 805B1BF9 78 Bytes [55, 8B, EC, 6A, 00, E8, 82, ...]
PAGE ntoskrnl.exe!IoWMISetNotificationCallback + 51 805B1C48 83 Bytes [72, 0D, F6, C1, 03, 75, 08, ...]
PAGE ntoskrnl.exe!RtlValidRelativeSecurityDescriptor + 3C 805B1C9C 136 Bytes [7E, 08, 85, FF, 0F, 85, 83, ...]
PAGE ntoskrnl.exe!RtlValidRelativeSecurityDescriptor + C5 805B1D25 9 Bytes [50, 50, 3B, D7, 0F, 84, 02, ...]
PAGE ntoskrnl.exe!RtlValidRelativeSecurityDescriptor + CF 805B1D2F 8 Bytes [39, 78, 5C, 0F, 84, F9, 00, ...]
PAGE ntoskrnl.exe!RtlValidRelativeSecurityDescriptor + D8 805B1D38 4 Bytes [89, 11, 83, C1]
PAGE ntoskrnl.exe!RtlValidRelativeSecurityDescriptor + DD 805B1D3D 168 Bytes [4E, 75, D7, 89, 7D, F8, 89, ...]
PAGE ...
PAGE ntoskrnl.exe!ExRaiseHardError + 17 805B25D9 84 Bytes [5D, 14, 56, 33, F6, 3B, DE, ...]
PAGE ntoskrnl.exe!ExRaiseHardError + 6C 805B262E 1 Byte [10]
PAGE ntoskrnl.exe!ExRaiseHardError + 6C 805B262E 108 Bytes [10, 00, 00, 8D, 45, F8, 50, ...]
PAGE ntoskrnl.exe!ExRaiseHardError + D9 805B269B 72 Bytes JMP 0C0119A2
PAGE ntoskrnl.exe!ExRaiseHardError + 123 805B26E5 5 Bytes [08, E8, 2E, FE, FF]
PAGE ...
PAGE ntoskrnl.exe!Ke386CallBios + 7 805B3351 19 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!Ke386CallBios + 1B 805B3365 6 Bytes [33, C0, BF, 00, 30, 01]
PAGE ntoskrnl.exe!Ke386CallBios + 22 805B336C 38 Bytes [F3, AB, C6, 06, CD, B8, 01, ...]
PAGE ntoskrnl.exe!Ke386CallBios + 49 805B3393 19 Bytes [89, 5D, C4, B9, 9D, 01, 00, ...]
PAGE ntoskrnl.exe!Ke386CallBios + 5D 805B33A7 45 Bytes [89, 15, 14, 07, 00, 00, C7, ...]
PAGE ...
PAGE ntoskrnl.exe!NtVdmControl + C 805B355E 11 Bytes [8B, 75, 08, 83, FE, 0E, 0F, ...]
PAGE ntoskrnl.exe!NtVdmControl + 18 805B356A 83 Bytes [64, A1, 24, 01, 00, 00, 8B, ...]
PAGE ntoskrnl.exe!NtVdmControl + 6D 805B35BF 20 Bytes [00, 89, 45, E4, 83, 4D, FC, ...]
PAGE ntoskrnl.exe!NtVdmControl + 82 805B35D4 5 Bytes [EB, C6, 33, DB, 43] {JMP 0xffffffffffffffc8; XOR EBX, EBX; INC EBX}
PAGE ntoskrnl.exe!NtVdmControl + 88 805B35DA 23 Bytes [F3, 0F, 84, 40, B3, 05, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!PoRequestShutdownEvent + 10 805B3D86 50 Bytes [64, A1, 24, 01, 00, 00, 50, ...]
PAGE ntoskrnl.exe!PoRequestShutdownEvent + 43 805B3DB9 7 Bytes [00, 40, 0F, 85, 5E, 5C, 04]
PAGE ntoskrnl.exe!PoRequestShutdownEvent + 4B 805B3DC1 31 Bytes [89, 5D, 0C, 89, 5D, 08, E9, ...]
PAGE ntoskrnl.exe!PoRequestShutdownEvent + 6B 805B3DE1 81 Bytes JMP 8059E21B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!PoRequestShutdownEvent + BD 805B3E33 82 Bytes JMP 805AC54D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwLockVirtualMemory + 7E 805B3F9F 34 Bytes [3A, 89, 7D, 88, 83, 4D, FC, ...]
PAGE ntoskrnl.exe!ZwLockVirtualMemory + A1 805B3FC2 42 Bytes [05, 9D, 04, 00, 53, 8D, 45, ...]
PAGE ntoskrnl.exe!ZwLockVirtualMemory + CD 805B3FEE 91 Bytes [14, 83, E0, 02, 89, 45, A4, ...]
PAGE ntoskrnl.exe!ZwLockVirtualMemory + 12A 805B404B 23 Bytes [0F, 87, 51, 9D, 04, 00, 8D, ...]
PAGE ntoskrnl.exe!ZwLockVirtualMemory + 142 805B4063 17 Bytes [00, 00, 88, 39, 7D, E4, 0F, ...]
PAGE ...
PAGE ntoskrnl.exe!IoQueryDeviceDescription + F 805B428A 111 Bytes [85, C0, 0F, 84, AA, B1, 03, ...]
PAGE ntoskrnl.exe!IoQueryDeviceDescription + 7F 805B42FA 108 Bytes [02, 00, 8D, 45, F4, 50, 6A, ...]
PAGE ntoskrnl.exe!IoQueryDeviceDescription + EC 805B4367 33 Bytes [56, 57, 50, 68, C2, 43, 5B, ...]
PAGE ntoskrnl.exe!IoQueryDeviceDescription + 10E 805B4389 6 Bytes [00, 56, 68, DA, 43, 5B] {ADD [ESI+0x68], DL; FIADD DWORD [EBX+0x5b]}
PAGE ntoskrnl.exe!IoQueryDeviceDescription + 115 805B4390 67 Bytes CALL 805E3952 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoCreateDriver + 5B 805B5149 80 Bytes [FF, 50, FF, 35, 60, 0D, 56, ...]
PAGE ntoskrnl.exe!IoCreateDriver + AC 805B519A 31 Bytes [00, 00, 89, 43, 18, 89, 18, ...]
PAGE ntoskrnl.exe!IoCreateDriver + CC 805B51BA 82 Bytes [AB, 8B, 85, 70, FF, FF, FF, ...]
PAGE ntoskrnl.exe!IoCreateDriver + 11F 805B520D 28 Bytes [FF, 8B, CA, 8B, C1, C1, E9, ...]
PAGE ntoskrnl.exe!IoCreateDriver + 13C 805B522A 39 Bytes [3C, 50, 8B, 4B, 18, 8B, 95, ...]
PAGE ...
PAGE ntoskrnl.exe!IoWMIQuerySingleInstance + 35 805B5797 187 Bytes [6A, 10, 59, 33, C0, 8B, FB, ...]
PAGE ntoskrnl.exe!IoWMIQuerySingleInstance + F1 805B5853 33 Bytes [C0, 74, 0D, FF, 75, 10, 50, ...]
PAGE ntoskrnl.exe!IoWMIQuerySingleInstance + 113 805B5875 4 Bytes [EC, 24, 56, 57] {IN AL, DX ; AND AL, 0x56; PUSH EDI}
PAGE ntoskrnl.exe!IoWMIQuerySingleInstance + 118 805B587A 33 Bytes [7D, 08, 33, F6, 3B, FE, 0F, ...]
PAGE ntoskrnl.exe!IoWMIQuerySingleInstance + 13A 805B589C 50 Bytes CALL 8056C555 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!LdrFindResourceDirectory_U + B 805B5A6A 225 Bytes [75, 10, FF, 75, 0C, FF, 75, ...]
PAGE ntoskrnl.exe!LdrFindResourceDirectory_U + ED 805B5B4C 102 Bytes [47, 44, F6, 80, 4A, 02, 00, ...]
PAGE ntoskrnl.exe!ZwSetDefaultHardErrorPort + 2 805B5BB3 8 Bytes [55, 8B, EC, 51, 64, A1, 24, ...]
PAGE ntoskrnl.exe!ZwSetDefaultHardErrorPort + C 805B5BBD 59 Bytes [0F, BE, 80, 40, 01, 00, 00, ...]
PAGE ntoskrnl.exe!ZwSetDefaultHardErrorPort + 48 805B5BF9 51 Bytes [88, 45, FC, 8D, 45, 08, 50, ...]
PAGE ntoskrnl.exe!ZwSetDefaultHardErrorPort + 7E 805B5C2F 73 Bytes [44, 89, 0D, 28, A5, 56, 80, ...]
PAGE ntoskrnl.exe!ZwSetDefaultHardErrorPort + C8 805B5C79 117 Bytes JMP 80592B45 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlWriteRegistryValue + 4 805B61DB 113 Bytes [EC, 51, 51, 8D, 45, 0C, 50, ...]
PAGE ntoskrnl.exe!KeQueryActiveProcessors + E 805B624D 110 Bytes [C7, 45, FC, 0E, 00, 00, 00, ...]
PAGE ntoskrnl.exe!KeQueryActiveProcessors + 7F 805B62BE 51 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
PAGE ntoskrnl.exe!ZwCreateProcess + 32 805B62F2 15 Bytes [75, 14, FF, 75, 10, FF, 75, ...]
PAGE ntoskrnl.exe!ZwCreateProcess + 42 805B6302 8 Bytes [5D, C2, 20, 00, 83, 7D, 20, ...] {POP EBP; RET 0x20; CMP DWORD [EBP+0x20], 0x0}
PAGE ntoskrnl.exe!ZwCreateProcess + 4C 805B630C 2 Bytes [08, 30] {OR [EAX], DH}
PAGE ntoskrnl.exe!ZwCreateProcess + 50 805B6310 26 Bytes JMP 805FBC9C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlPrefixString + 2 805B632B 6 Bytes [55, 8B, EC, 8B, 45, 08] {PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]}
PAGE ntoskrnl.exe!RtlPrefixString + 9 805B6332 1 Byte [4D]
PAGE ntoskrnl.exe!RtlPrefixString + C 805B6335 1 Byte [51]
PAGE ntoskrnl.exe!RtlPrefixString + C 805B6335 159 Bytes [51, 04, 56, 8B, 70, 04, 57, ...]
PAGE ntoskrnl.exe!RtlPrefixString + AC 805B63D5 51 Bytes [00, 00, 0F, B7, 85, E4, FE, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlCheckRegistryKey + 4 805B6599 39 Bytes [EC, 8D, 45, 0C, 50, 6A, 00, ...]
PAGE ntoskrnl.exe!RtlCheckRegistryKey + 2C 805B65C1 36 Bytes [75, 08, A1, D4, 7E, 56, 80, ...]
PAGE ntoskrnl.exe!RtlCheckRegistryKey + 51 805B65E6 6 Bytes [56, 04, 81, E1, FF, 01]
PAGE ntoskrnl.exe!RtlCheckRegistryKey + 58 805B65ED 7 Bytes [00, C1, E1, 14, 81, E2, FF]
PAGE ntoskrnl.exe!RtlCheckRegistryKey + 60 805B65F5 27 Bytes [0F, 00, 0B, CA, 89, 4E, 04, ...]
PAGE ...
PAGE ntoskrnl.exe!IoInitializeRemoveLockEx + D 805B6688 22 Bytes [F3, 74, 26, 83, 7D, 18, 18, ...]
PAGE ntoskrnl.exe!IoInitializeRemoveLockEx + 24 805B669F 39 Bytes [00, 00, C6, 46, 08, 01, C6, ...]
PAGE ntoskrnl.exe!IoInitializeRemoveLockEx + 4C 805B66C7 2 Bytes [00, 4E]
PAGE ntoskrnl.exe!IoInitializeRemoveLockEx + 4F 805B66CA 19 Bytes [75, 00, 6D, 00, 62, 00, 65, ...] {JNZ 0x2; INSD ; ADD [EDX+0x0], AH; ADD GS:[EDX+0x0], DH; ADD [EAX], AL; ADD [EAX], AL; NOP ; NOP ; NOP ; NOP ; NOP }
PAGE ntoskrnl.exe!RtlCreateRegistryKey + 1 805B66DE 84 Bytes [FF, 55, 8B, EC, 8D, 45, 0C, ...]
PAGE ntoskrnl.exe!RtlCreateRegistryKey + 56 805B6733 122 Bytes [45, C2, 0F, B7, C0, 50, 53, ...]
PAGE ntoskrnl.exe!RtlCreateRegistryKey + D1 805B67AE 23 Bytes [3B, F3, 0F, 8C, C9, 5E, 04, ...]
PAGE ntoskrnl.exe!RtlCreateRegistryKey + E9 805B67C6 2 Bytes CALL 805B68D4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlCreateRegistryKey + EE 805B67CB 20 Bytes [F0, 3B, F3, 0F, 8D, E4, CF, ...]
PAGE ...
PAGE ntoskrnl.exe!ExInitializePagedLookasideList + 2 805B6913 64 Bytes [55, 8B, EC, 8B, 45, 08, 8B, ...]
PAGE ntoskrnl.exe!ExInitializePagedLookasideList + 43 805B6954 47 Bytes [0B, 2B, 00, 00, C7, 40, 28, ...]
PAGE ntoskrnl.exe!ExInitializePagedLookasideList + 73 805B6984 14 Bytes CALL 804E5620 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ExInitializePagedLookasideList + 82 805B6993 31 Bytes [FF, 55, 8B, EC, 83, EC, 0C, ...]
PAGE ntoskrnl.exe!ExInitializePagedLookasideList + A2 805B69B3 3 Bytes [A2, 69, 80]
PAGE ...
PAGE ntoskrnl.exe!IoSynchronousInvalidateDeviceRelations + 37 805B6B4F 5 Bytes [38, 1D, 97, 14, 56]
PAGE ntoskrnl.exe!IoSynchronousInvalidateDeviceRelations + 3D 805B6B55 125 Bytes [74, 48, 81, 78, 18, 08, 03, ...]
PAGE ntoskrnl.exe!IoCreateNotificationEvent + 28 805B6BD3 8 Bytes CALL 014BB19F
PAGE ntoskrnl.exe!IoCreateNotificationEvent + 32 805B6BDD 30 Bytes [89, 75, F4, 89, 75, F8, E8, ...]
PAGE ntoskrnl.exe!IoCreateNotificationEvent + 51 805B6BFC 9 Bytes CALL 8056C555 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoCreateNotificationEvent + 5B 805B6C06 37 Bytes CALL 804E192E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoCreateNotificationEvent + 81 805B6C2C 50 Bytes [C8, BA, C8, 79, 56, 80, F0, ...]
PAGE ...
PAGE ntoskrnl.exe!MmIsVerifierEnabled + B 805B84DC 70 Bytes [00, 8B, 45, 08, 0F, 85, CD, ...]
PAGE ntoskrnl.exe!MmIsVerifierEnabled + 52 805B8523 24 Bytes [20, 89, 50, 04, 8B, 46, 20, ...]
PAGE ntoskrnl.exe!MmIsVerifierEnabled + 6B 805B853C 37 Bytes [46, 20, 89, 50, 10, 8B, 46, ...]
PAGE ntoskrnl.exe!MmIsVerifierEnabled + 91 805B8562 9 Bytes [50, 52, 89, 4E, 24, E8, 99, ...]
PAGE ntoskrnl.exe!MmIsVerifierEnabled + 9B 805B856C 113 Bytes [85, C0, 89, 46, 38, 74, 0B, ...]
PAGE ...
PAGE ntoskrnl.exe!LdrFindResource_U + 68 805B86B0 30 Bytes [A1, 60, A3, 55, 80, 53, 56, ...]
PAGE ntoskrnl.exe!LdrFindResource_U + 88 805B86D0 49 Bytes [BC, A9, 55, 80, 0F, 84, 8A, ...]
PAGE ntoskrnl.exe!LdrFindResource_U + BA 805B8702 5 Bytes [56, 8D, 85, 44, FE]
PAGE ntoskrnl.exe!LdrFindResource_U + C0 805B8708 12 Bytes [FF, 50, 6A, 04, 8D, 85, 78, ...]
PAGE ntoskrnl.exe!LdrFindResource_U + CD 805B8715 22 Bytes [44, FE, FF, FF, 18, 00, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!KeAddSystemServiceTable + 19 805B8DB6 10 Bytes [3F, 8D, 88, E0, 24, 56, 80, ...] {AAS ; LEA ECX, [EAX-0x7fa9db20]; CMP DWORD [ECX], 0x0}
PAGE ntoskrnl.exe!KeAddSystemServiceTable + 24 805B8DC1 63 Bytes [34, 83, 7D, 18, 01, 8B, 55, ...]
PAGE ntoskrnl.exe!KeAddSystemServiceTable + 64 805B8E01 8 Bytes [55, 8B, EC, 83, EC, 0C, 57, ...]
PAGE ntoskrnl.exe!KeAddSystemServiceTable + 6D 805B8E0A 76 Bytes [64, A1, 20, 00, 00, 00, 80, ...]
PAGE ntoskrnl.exe!KeAddSystemServiceTable + BC 805B8E59 48 Bytes [BA, 48, 7C, 56, 80, E9, 75, ...]
PAGE ...
PAGE ntoskrnl.exe!PsEstablishWin32Callouts + 8E 805B937D 110 Bytes [8B, 40, 3C, A3, 98, A9, 56, ...]
PAGE ntoskrnl.exe!PsEstablishWin32Callouts + FD 805B93EC 27 Bytes CALL 8064F4B4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!PsSetLegoNotifyRoutine + 2 805B9408 64 Bytes [55, 8B, EC, 8B, 45, 08, A3, ...]
PAGE ntoskrnl.exe!PsSetLegoNotifyRoutine + 43 805B9449 6 Bytes [FF, 50, E8, 7C, E7, F3]
PAGE ntoskrnl.exe!PsSetLegoNotifyRoutine + 4A 805B9450 114 Bytes [8B, F0, 8D, 85, D8, FD, FF, ...]
PAGE ntoskrnl.exe!PsSetLegoNotifyRoutine + BD 805B94C3 44 Bytes [85, C0, 0F, 8C, 6D, D5, 05, ...]
PAGE ntoskrnl.exe!PsSetLegoNotifyRoutine + EA 805B94F0 37 Bytes [69, 80, FF, 75, 08, E8, F4, ...]
PAGE ...
PAGE ntoskrnl.exe!IoInitializeCrashDump + 3C 805BA507 59 Bytes [35, 58, 0D, 56, 80, 57, FF, ...]
PAGE ntoskrnl.exe!IoInitializeCrashDump + 78 805BA543 122 Bytes [A1, 2C, 0D, 56, 80, 8B, 40, ...]
PAGE ntoskrnl.exe!IoInitializeCrashDump + F3 805BA5BE 130 Bytes [70, 00, 5F, 00, 00, 00, CC, ...]
PAGE ntoskrnl.exe!ZwCreatePagingFile + 72 805BA641 7 Bytes [3B, CA, 0F, 83, 77, 10, 04]
PAGE ntoskrnl.exe!ZwCreatePagingFile + 7A 805BA649 10 Bytes [8B, 45, 0C, A8, 03, 0F, 85, ...]
PAGE ntoskrnl.exe!ZwCreatePagingFile + 85 805BA654 32 Bytes [3B, C2, 0F, 83, 87, 10, 04, ...]
PAGE ntoskrnl.exe!ZwCreatePagingFile + A6 805BA675 4 Bytes [81, FE, 00, F0]
PAGE ntoskrnl.exe!ZwCreatePagingFile + AC 805BA67B 17 Bytes [0F, 87, 10, 05, 00, 00, 81, ...]
PAGE ...

hokage · #18 Příspěvek od **hokage** » 16 kvě 2010 17:49

805BB195 42 Bytes [3B, DE, 0F, 84, 21, 40, 03, ...]
PAGE ntoskrnl.exe!IoQueryVolumeInformation + C4 805BB1C0 151 Bytes [6A, 01, 89, 40, 04, 89, 00, ...]
PAGE ntoskrnl.exe!IoQueryVolumeInformation + 15C 805BB258 3 Bytes CALL 804E3BB3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoQueryVolumeInformation + 160 805BB25C 17 Bytes [8B, F8, 3B, FE, 0F, 8C, 71, ...]
PAGE ntoskrnl.exe!IoQueryVolumeInformation + 172 805BB26E 7 Bytes [50, 56, 56, 68, 18, 10, 04]
PAGE ...
PAGE ntoskrnl.exe!IoRegisterShutdownNotification + 2C 805BB92E 6 Bytes [8B, D7, B9, 60, 0E, 56]
PAGE ntoskrnl.exe!IoRegisterShutdownNotification + 33 805BB935 56 Bytes CALL 8050BB04 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoRegisterShutdownNotification + 6C 805BB96E 17 Bytes [5F, 9B, 03, 00, 50, E8, DB, ...]
PAGE ntoskrnl.exe!IoRegisterShutdownNotification + 7E 805BB980 248 Bytes [8B, C7, 5F, 5E, 5D, C2, 04, ...]
PAGE ntoskrnl.exe!IoRegisterShutdownNotification + 177 805BBA79 49 Bytes [A2, 69, 80, C3, 90, 90, 90, ...]
PAGE ntoskrnl.exe!ZwDisplayString + 29 805BBAAB 4 Bytes [35, 90, AC, 69]
PAGE ntoskrnl.exe!ZwDisplayString + 2E 805BBAB0 138 Bytes CALL 8057898F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwDisplayString + B9 805BBB3B 7 Bytes [0F, B7, 4D, D2, 8B, 75, D4] {MOVZX ECX, [EBP-0x2e]; MOV ESI, [EBP-0x2c]}
PAGE ntoskrnl.exe!ZwDisplayString + C1 805BBB43 36 Bytes JMP 0C01AE4A
PAGE ntoskrnl.exe!ZwDisplayString + E6 805BBB68 51 Bytes CALL 80551005 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ExCreateCallback + 19 805BBD9C 82 Bytes [00, 8D, 45, FC, 50, 53, 53, ...]
PAGE ntoskrnl.exe!ExCreateCallback + 6C 805BBDEF 42 Bytes CALL 805AEE89 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ExCreateCallback + 97 805BBE1A 40 Bytes JMP 80585E70 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ExCreateCallback + C0 805BBE43 27 Bytes [8B, 75, 2C, C7, 46, 0C, 34, ...]
PAGE ntoskrnl.exe!ExCreateCallback + DC 805BBE5F 32 Bytes [83, 26, 00, C6, 46, 0A, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlGetSaclSecurityDescriptor + 2A 805BBF2A 19 Bytes [33, C0, 5D, C2, 10, 00, 90, ...] {XOR EAX, EAX; POP EBP; RET 0x10; NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]}
PAGE ntoskrnl.exe!RtlGetOwnerSecurityDescriptor + 9 805BBF3E 145 Bytes [38, 01, 0F, 85, 54, CD, 04, ...]
PAGE ntoskrnl.exe!RtlGetGroupSecurityDescriptor + 59 805BBFD0 5 Bytes [F1, C7, 45, F0, 01]
PAGE ntoskrnl.exe!RtlGetGroupSecurityDescriptor + 5F 805BBFD6 66 Bytes JMP 8057179E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlBalanceReads + 37 805BC019 22 Bytes [FF, 3B, C3, 0F, 84, 02, 16, ...]
PAGE ntoskrnl.exe!FsRtlBalanceReads + 4F 805BC031 21 Bytes [75, 10, 53, 53, 53, 53, 8D, ...]
PAGE ntoskrnl.exe!FsRtlBalanceReads + 65 805BC047 7 Bytes [00, 90, 90, 90, 90, 90, 8B]
PAGE ntoskrnl.exe!FsRtlBalanceReads + 6D 805BC04F 48 Bytes [55, 8B, EC, 83, EC, 78, A1, ...]
PAGE ntoskrnl.exe!FsRtlBalanceReads + 9E 805BC080 26 Bytes [8D, 45, CC, 50, 51, 8D, 45, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlFreeRangeList + 6E 805BC400 41 Bytes [AF, 04, 00, 8B, F8, 83, C0, ...]
PAGE ntoskrnl.exe!RtlFreeRangeList + 98 805BC42A 129 Bytes [08, 75, C4, 8B, 45, FC, EB, ...]
PAGE ntoskrnl.exe!RtlCopyRangeList + 38 805BC4AC 3 Bytes CALL 805BC438 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlCopyRangeList + 3C 805BC4B0 52 Bytes [85, C0, 0F, 84, 64, AE, 04, ...]
PAGE ntoskrnl.exe!RtlCopyRangeList + 71 805BC4E5 26 Bytes [FC, 00, 80, 62, 19, FD, 56, ...]
PAGE ntoskrnl.exe!RtlCopyRangeList + 8C 805BC500 51 Bytes [8B, 41, 04, 39, 42, 0C, 72, ...]
PAGE ntoskrnl.exe!RtlCopyRangeList + C0 805BC534 11 Bytes [00, 72, 0A, 8B, 02, 39, 01, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlDeleteOwnersRanges + 22 805BC696 62 Bytes [74, 2B, F6, 41, 1A, 01, 75, ...]
PAGE ntoskrnl.exe!RtlDeleteOwnersRanges + 61 805BC6D5 16 Bytes JMP 8059DC31 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlDeleteOwnersRanges + 72 805BC6E6 18 Bytes CALL 84B55007
PAGE ntoskrnl.exe!RtlDeleteOwnersRanges + 85 805BC6F9 16 Bytes [FF, 55, 8B, EC, 56, 57, 6A, ...] {CALL [EBP-0x75]; IN AL, DX ; PUSH ESI; PUSH EDI; PUSH 0x0; PUSH 0x1; MOV ESI, 0x2001f; PUSH ESI}
PAGE ntoskrnl.exe!RtlDeleteOwnersRanges + 96 805BC70A 25 Bytes [75, 0C, 8D, 45, 08, FF, 75, ...]
PAGE ...
PAGE ntoskrnl.exe!IoReportResourceUsage + 1F 805BD336 2 Bytes [03, 00] {ADD EAX, [EAX]}
PAGE ntoskrnl.exe!IoReportResourceUsage + 22 805BD339 19 Bytes [75, 28, FF, 75, 24, FF, 75, ...]
PAGE ntoskrnl.exe!IoReportResourceUsage + 37 805BD34E 12 Bytes CALL 805BD28B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoReportResourceUsage + 44 805BD35B 61 Bytes [24, 00, 0F, B7, 00, 03, D8, ...]
PAGE ntoskrnl.exe!IoReportResourceUsage + 82 805BD399 163 Bytes [66, 39, 13, 0F, 84, B7, 5C, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlInitializeUnicodePrefix + 2 805BDBE3 116 Bytes [55, 8B, EC, 8B, 45, 08, 66, ...]
PAGE ntoskrnl.exe!RtlInitializeUnicodePrefix + 77 805BDC58 69 Bytes CALL 805BC4D9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlInitializeUnicodePrefix + BD 805BDC9E 73 Bytes [FF, 75, 08, BE, 80, C5, 55, ...]
PAGE ntoskrnl.exe!RtlInitializeUnicodePrefix + 108 805BDCE9 79 Bytes [6A, 00, FF, 75, 14, E8, F3, ...]
PAGE ntoskrnl.exe!IoReportResourceForDetection + 3C 805BDD39 92 Bytes [FF, 5E, 5B, 5D, C2, 1C, 00, ...]
PAGE ntoskrnl.exe!IoReportResourceForDetection + 99 805BDD96 13 Bytes [75, 0E, 39, 78, 0C, 72, 09, ...] {JNZ 0x10; CMP [EAX+0xc], EDI; JB 0x10; MOV ECX, [EAX+0x8]; MOV ECX, [EAX+ECX]}
PAGE ntoskrnl.exe!IoReportResourceForDetection + A7 805BDDA4 50 Bytes CALL 805511E2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoReportResourceForDetection + DB 805BDDD8 3 Bytes [43, 02, 00] {INC EBX; ADD AL, [EAX]}
PAGE ntoskrnl.exe!IoReportResourceForDetection + DF 805BDDDC 1 Byte [BB]
PAGE ...
PAGE ntoskrnl.exe!IoReadPartitionTable + 16 805BEA04 25 Bytes [BF, 46, 73, 74, 62, 57, 50, ...]
PAGE ntoskrnl.exe!IoReadPartitionTable + 30 805BEA1E 126 Bytes [00, C6, 45, FF, 01, E8, DD, ...]
PAGE ntoskrnl.exe!IoReadPartitionTable + AF 805BEA9D 105 Bytes [10, 00, 00, 39, 45, E0, 89, ...]
PAGE ntoskrnl.exe!IoReadPartitionTable + 119 805BEB07 52 Bytes [00, 8B, 48, 60, 80, 49, DE, ...]
PAGE ntoskrnl.exe!IoReadPartitionTable + 14F 805BEB3D 56 Bytes [80, 0F, 84, 10, F8, 02, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlSelfRelativeToAbsoluteSD + 31 805BECB4 83 Bytes [4D, F8, 51, 8D, 4D, EC, 51, ...]
PAGE ntoskrnl.exe!RtlSelfRelativeToAbsoluteSD + 85 805BED08 86 Bytes [75, 0C, 51, FF, 75, 08, 56, ...]
PAGE ntoskrnl.exe!RtlSelfRelativeToAbsoluteSD + DD 805BED60 77 Bytes CALL 804DADC1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSelfRelativeToAbsoluteSD + 12B 805BEDAE 108 Bytes [8B, 5D, F4, 8D, 4B, 10, 8B, ...]
PAGE ntoskrnl.exe!RtlSelfRelativeToAbsoluteSD + 198 805BEE1B 119 Bytes [C9, C2, 0C, 00, FF, 45, DC, ...]
PAGE ...
PAGE ntoskrnl.exe!IoAssignDriveLetters + 9 805C07A6 159 Bytes [00, 00, A1, 60, A3, 55, 80, ...]
PAGE ntoskrnl.exe!IoAssignDriveLetters + A9 805C0846 7 Bytes [53, 56, FF, 35, 30, 30, 55]
PAGE ntoskrnl.exe!IoAssignDriveLetters + B1 805C084E 2 Bytes [FF, B5]
PAGE ntoskrnl.exe!IoAssignDriveLetters + B4 805C0851 71 Bytes CALL 805061FB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoAssignDriveLetters + FC 805C0899 24 Bytes [50, 8D, 85, 2C, FF, FF, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!MmGetSystemRoutineAddress + 10 805C0E68 1 Byte [8D]
PAGE ntoskrnl.exe!MmGetSystemRoutineAddress + 10 805C0E68 57 Bytes CALL 09AD04A0
PAGE ntoskrnl.exe!MmGetSystemRoutineAddress + 4A 805C0EA2 5 Bytes [00, 6A, 01, 8B, F8] {ADD [EDX+0x1], CH; MOV EDI, EAX}
PAGE ntoskrnl.exe!MmGetSystemRoutineAddress + 50 805C0EA8 4 Bytes [8F, D4, 00, 00]
PAGE ntoskrnl.exe!MmGetSystemRoutineAddress + 55 805C0EAD 39 Bytes [68, E0, 34, 56, 80, E8, C9, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD + 1 805C1475 37 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
PAGE ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD + 28 805C149C 16 Bytes [C0, 75, 19, 89, 7E, 30, 6A, ...]
PAGE ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD + 3A 805C14AE 7 Bytes [8B, F9, 89, 55, 14, E9, 96]
PAGE ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD + 43 805C14B7 2 Bytes [00, 33] {ADD [EBX], DH}
PAGE ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD + 46 805C14BA 41 Bytes JMP 805C154E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlAddRange + 70 805C1F6B 16 Bytes [C0, EB, EF, 80, FA, F0, 0F, ...]
PAGE ntoskrnl.exe!RtlAddRange + 81 805C1F7C 10 Bytes [01, 83, C0, 20, EB, 79, 90, ...] {ADD [EBX+0x79eb20c0], EAX; NOP ; NOP ; NOP ; NOP }
PAGE ntoskrnl.exe!RtlAddRange + 8C 805C1F87 12 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; SUB ESP, 0x44; MOV EAX, [EBP+0xc]; PUSH ESI}
PAGE ntoskrnl.exe!RtlAddRange + 99 805C1F94 23 Bytes [F6, 89, 30, 8B, 45, 08, 57, ...]
PAGE ntoskrnl.exe!RtlAddRange + B1 805C1FAC 42 Bytes [8B, 0F, 83, 65, EC, 00, 03, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlFindRange + A 805C2342 21 Bytes [1C, 53, 56, 8B, 75, 18, 57, ...]
PAGE ntoskrnl.exe!RtlFindRange + 22 805C235A 20 Bytes CALL 804DA815 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlFindRange + 37 805C236F 4 Bytes [87, BE, 09, 00]
PAGE ntoskrnl.exe!RtlFindRange + 3C 805C2374 142 Bytes [8B, 45, 14, 72, 09, 39, 45, ...]
PAGE ntoskrnl.exe!RtlFindRange + CB 805C2403 10 Bytes [75, 08, 83, C6, FF, 88, 4D, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlDeleteRegistryValue + 70 805C2DB1 41 Bytes [83, C6, 08, 89, 37, E9, F2, ...]
PAGE ntoskrnl.exe!RtlDeleteRegistryValue + 9B 805C2DDC 100 Bytes [00, 00, 89, 59, 1C, 89, 41, ...]
PAGE ntoskrnl.exe!RtlDeleteRegistryValue + 100 805C2E41 100 Bytes [70, 73, 75, 89, 75, F8, C1, ...]
PAGE ntoskrnl.exe!RtlDeleteRegistryValue + 165 805C2EA6 182 Bytes [59, 03, 66, 89, 59, 06, 89, ...]
PAGE ntoskrnl.exe!RtlDeleteRegistryValue + 21C 805C2F5D 32 Bytes [42, 0C, 89, 07, EB, AE, 90, ...]
PAGE ...
PAGE ntoskrnl.exe!IoGetDmaAdapter + 1C 805C3C41 5 Bytes [81, B0, 00, 00, 00]
PAGE ntoskrnl.exe!IoGetDmaAdapter + 22 805C3C47 38 Bytes [40, 14, 3B, C3, 0F, 84, 09, ...]
PAGE ntoskrnl.exe!IoGetDmaAdapter + 49 805C3C6E 125 Bytes [84, 91, 0E, 00, 00, 89, 75, ...]
PAGE ntoskrnl.exe!IoGetDmaAdapter + C7 805C3CEC 4 Bytes [81, FF, 03, 01]
PAGE ntoskrnl.exe!IoGetDmaAdapter + CD 805C3CF2 37 Bytes [0F, 84, 48, F6, 02, 00, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!IoForwardAndCatchIrp + 2 805C5622 53 Bytes [55, 8B, EC, 83, EC, 10, 8B, ...]
PAGE ntoskrnl.exe!IoForwardAndCatchIrp + 38 805C5658 40 Bytes [24, 88, 5D, F0, C6, 45, F2, ...]
PAGE ntoskrnl.exe!IoForwardAndCatchIrp + 61 805C5681 16 Bytes [0F, 84, AA, CF, 02, 00, 5F, ...]
PAGE ntoskrnl.exe!IoForwardAndCatchIrp + 72 805C5692 83 Bytes CALL 817FB280
PAGE ntoskrnl.exe!IoForwardAndCatchIrp + C6 805C56E6 99 Bytes [6F, 00, 72, 00, 00, 00, CC, ...]
PAGE ...
PAGE ntoskrnl.exe!MmUnmapVideoDisplay + 44 805C59F6 9 Bytes [69, 00, 63, 00, 65, 00, 44, ...]
PAGE ntoskrnl.exe!MmUnmapVideoDisplay + 4E 805C5A00 4 Bytes [73, 00, 63, 00] {JAE 0x2; ARPL [EAX], AX}
PAGE ntoskrnl.exe!MmUnmapVideoDisplay + 54 805C5A06 6 Bytes [00, 00, B8, 12, 5A, 5C]
PAGE ntoskrnl.exe!MmUnmapVideoDisplay + 5B 805C5A0D 16 Bytes JMP 8059C011 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!MmUnmapVideoDisplay + 6C 805C5A1E 65 Bytes [6C, 00, 79, 00, 4E, 00, 61, ...]
PAGE ...
PAGE ntoskrnl.exe!IoCreateController + 87 805C5B04 38 Bytes [08, 66, C7, 00, 02, 00, 8B, ...]
PAGE ntoskrnl.exe!IoCreateController + AE 805C5B2B 35 Bytes [08, 5F, 5E, 5B, C9, C2, 04, ...]
PAGE ntoskrnl.exe!MmAllocateMappingAddress + 12 805C5B4F 71 Bytes [00, C1, EE, 0C, 0F, 84, C9, ...]
PAGE ntoskrnl.exe!MmAllocateMappingAddress + 5A 805C5B97 52 Bytes [01, 8B, FA, 0F, 85, A6, 4B, ...]
PAGE ntoskrnl.exe!PoQueueShutdownWorkItem + 1A 805C5BCC 13 Bytes [00, 74, 2B, 8B, 0D, 04, 95, ...]
PAGE ntoskrnl.exe!PoQueueShutdownWorkItem + 28 805C5BDA 3 Bytes [00, 95, 56]
PAGE ntoskrnl.exe!PoQueueShutdownWorkItem + 2C 805C5BDE 9 Bytes [89, 48, 04, 89, 01, A3, 04, ...]
PAGE ntoskrnl.exe!PoQueueShutdownWorkItem + 36 805C5BE8 9 Bytes [33, FF, 8B, CE, FF, 15, 1C, ...]
PAGE ntoskrnl.exe!PoQueueShutdownWorkItem + 40 805C5BF2 7 Bytes [8B, C7, 5F, 5E, 5D, C2, 04]
PAGE ...
PAGE ntoskrnl.exe!IoRegisterDriverReinitialization + E 805C5D10 46 Bytes CALL 80551005 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoRegisterDriverReinitialization + 3D 805C5D3F 108 Bytes JMP 805AF021 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoRegisterDriverReinitialization + AA 805C5DAC 22 Bytes [00, 0F, B6, 47, 0E, 8B, CF, ...]
PAGE ntoskrnl.exe!IoRegisterDriverReinitialization + C1 805C5DC3 51 Bytes [0F, 85, 17, 97, 03, 00, 3B, ...]
PAGE ntoskrnl.exe!IoRegisterDriverReinitialization + F5 805C5DF7 14 Bytes JMP 8059D324 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoCreateSynchronizationEvent + 32 805C68CB 64 Bytes [00, 89, 75, F4, 89, 75, F8, ...]
PAGE ntoskrnl.exe!IoCreateSynchronizationEvent + 73 805C690C 6 Bytes [90, 90, 90, 90, 90, 8B]
PAGE ntoskrnl.exe!IoRegisterBootDriverReinitialization + 2 805C6913 28 Bytes [55, 8B, EC, 68, 49, 6F, 52, ...]
PAGE ntoskrnl.exe!IoRegisterBootDriverReinitialization + 1F 805C6930 29 Bytes [48, 08, 8B, 4D, 0C, 89, 48, ...]
PAGE ntoskrnl.exe!IoRegisterBootDriverReinitialization + 3D 805C694E 3 Bytes [83, F8, 20] {CMP EAX, 0x20}
PAGE ntoskrnl.exe!IoRegisterBootDriverReinitialization + 42 805C6953 45 Bytes [B4, 88, FE, FF, B9, 78, 0E, ...]
PAGE ntoskrnl.exe!IoRegisterBootDriverReinitialization + 70 805C6981 54 Bytes [00, 8B, 85, D0, FE, FF, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlIsRangeAvailable + 2E 805C808A 69 Bytes [75, 24, 33, C9, 8A, C8, 6A, ...]
PAGE ntoskrnl.exe!RtlIsRangeAvailable + 74 805C80D0 61 Bytes [0C, 8D, 45, F8, 50, E8, 93, ...]
PAGE ntoskrnl.exe!RtlUpperString + 18 805C810E 1 Byte [B7]
PAGE ntoskrnl.exe!RtlUpperString + 18 805C810E 114 Bytes [B7, 00, 66, 3B, C2, 0F, 87, ...]
PAGE ntoskrnl.exe!RtlUpperString + 8B 805C8181 31 Bytes CALL 1560B48E
PAGE ntoskrnl.exe!RtlUpperString + AC 805C81A2 44 Bytes [00, 00, 96, 30, 07, 77, 2C, ...]
PAGE ntoskrnl.exe!RtlUpperString + D9 805C81CF 736 Bytes [97, 2B, 4C, B6, 09, BD, 7C, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwCreateKeyedEvent + 18 805C86DA 17 Bytes [88, 45, E0, 33, DB, 89, 5D, ...]
PAGE ntoskrnl.exe!ZwCreateKeyedEvent + 2A 805C86EC 37 Bytes [08, 89, 18, 83, 4D, FC, FF, ...]
PAGE ntoskrnl.exe!ZwCreateKeyedEvent + 50 805C8712 62 Bytes CALL 8056D523 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwCreateKeyedEvent + 8F 805C8751 106 Bytes CALL 804E2EDE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwCreateKeyedEvent + FA 805C87BC 35 Bytes JMP 805C4733 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ObCreateObjectType + 9 805CBC57 66 Bytes [45, 0C, 8B, 48, 20, 53, 56, ...]
PAGE ntoskrnl.exe!ObCreateObjectType + 4C 805CBC9A 59 Bytes [00, 38, 58, 1D, 0F, 85, AC, ...]
PAGE ntoskrnl.exe!ObCreateObjectType + 88 805CBCD6 17 Bytes [3B, FB, C6, 45, E6, 00, 89, ...]
PAGE ntoskrnl.exe!ObCreateObjectType + 9A 805CBCE8 27 Bytes [FF, 74, 53, C7, 45, E8, 34, ...]
PAGE ntoskrnl.exe!ObCreateObjectType + B6 805CBD04 77 Bytes [00, 00, 5A, 33, C0, F0, 0F, ...]
PAGE ...
PAGE ntoskrnl.exe!IoGetBootDiskInformation + 93 805CC7C0 5 Bytes [89, 9D, E8, FE, FF]
PAGE ntoskrnl.exe!IoGetBootDiskInformation + 99 805CC7C6 4 Bytes [0F, 86, 63, 01]
PAGE ntoskrnl.exe!IoGetBootDiskInformation + 9F 805CC7CC 16 Bytes CALL 0E5CC7CF
PAGE ntoskrnl.exe!IoGetBootDiskInformation + B0 805CC7DD 5 Bytes [50, E8, 1B, 9A, F3]
PAGE ntoskrnl.exe!IoGetBootDiskInformation + B6 805CC7E3 68 Bytes [83, C4, 0C, 8D, 85, 7C, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwLockRegistryKey + 1E 805CCF1B 23 Bytes [35, 78, AC, 69, 80, E8, 6A, ...]
PAGE ntoskrnl.exe!ZwLockRegistryKey + 36 805CCF33 9 Bytes [35, 84, B3, 69, 80, 68, 06, ...]
PAGE ntoskrnl.exe!ZwLockRegistryKey + 40 805CCF3D 55 Bytes CALL 8056C556 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

hokage · #19 Příspěvek od **hokage** » 16 kvě 2010 17:49

PAGE ntoskrnl.exe!ZwLockRegistryKey + 78 805CCF75 168 Bytes [00, C0, EB, F5, 90, 90, 90, ...]
PAGE ntoskrnl.exe!ZwLockRegistryKey + 121 805CD01E 273 Bytes [57, 81, C1, 0C, 01, 00, 00, ...]
PAGE ntoskrnl.exe!RtlInitCodePageTable + A9 805CD130 134 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...]
PAGE ntoskrnl.exe!RtlInitCodePageTable + 130 805CD1B7 122 Bytes [8B, F8, 85, FF, 89, 7D, E8, ...]
PAGE ntoskrnl.exe!RtlInitCodePageTable + 1AB 805CD232 24 Bytes [4D, F0, 89, 4D, F4, 75, E4, ...]
PAGE ntoskrnl.exe!RtlInitCodePageTable + 1C4 805CD24B 43 Bytes [4D, 14, 8B, 7D, FC, 8B, D9, ...]
PAGE ntoskrnl.exe!RtlInitCodePageTable + 1F0 805CD277 126 Bytes [89, 75, EC, 72, 8A, 8B, C7, ...]
PAGE ...
PAGE ntoskrnl.exe!IoReportDetectedDevice + A 805CDE3E 10 Bytes [00, A1, 60, A3, 55, 80, 89, ...]
PAGE ntoskrnl.exe!IoReportDetectedDevice + 15 805CDE49 84 Bytes [18, 53, 56, 8B, 75, 08, 33, ...]
PAGE ntoskrnl.exe!IoReportDetectedDevice + 6A 805CDE9E 24 Bytes [89, 1F, 8B, 7E, 18, 83, C7, ...]
PAGE ntoskrnl.exe!IoReportDetectedDevice + 84 805CDEB8 2 Bytes [60, FE]
PAGE ntoskrnl.exe!IoReportDetectedDevice + 88 805CDEBC 7 Bytes [50, FF, 75, 14, FF, 75, 10] {PUSH EAX; PUSH DWORD [EBP+0x14]; PUSH DWORD [EBP+0x10]}
PAGE ...
PAGE ntoskrnl.exe!IoRegisterFsRegistrationChange + F 805CE9F1 65 Bytes CALL 804DA3A3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoRegisterFsRegistrationChange + 51 805CEA33 75 Bytes [6A, 00, 89, 30, 89, 48, 04, ...]
PAGE ntoskrnl.exe!IoRegisterFsRegistrationChange + 9D 805CEA7F 41 Bytes [35, 78, 0E, 56, 80, BF, 78, ...]
PAGE ntoskrnl.exe!IoRegisterFsRegistrationChange + C7 805CEAA9 16 Bytes [33, C0, 5F, 5E, 5B, 5D, C2, ...]
PAGE ntoskrnl.exe!IoRegisterFsRegistrationChange + D8 805CEABA 16 Bytes [00, 00, 68, A8, EB, 52, 80, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlCreateUnicodeString + 1C 805CF701 30 Bytes [85, C0, 8B, 55, 08, 89, 42, ...]
PAGE ntoskrnl.exe!RtlCreateUnicodeString + 3B 805CF720 66 Bytes [5A, 02, 83, C3, FE, 66, 89, ...]
PAGE ntoskrnl.exe!RtlCreateUnicodeString + 7E 805CF763 1 Byte [FF]
PAGE ntoskrnl.exe!RtlCreateUnicodeString + 7E 805CF763 19 Bytes [FF, 8B, F0, 3B, F3, 7C, 33, ...] {DEC DWORD [EBX+0x7cf33bf0]; XOR EDI, EDI; JNZ 0xffffffffffffffea; LEA EAX, [EDI+0x18]; PUSH DWORD [EBP-0x24]; PUSH DWORD [EBP-0x28]}
PAGE ntoskrnl.exe!RtlCreateUnicodeString + 92 805CF777 51 Bytes CALL 805CBB2D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlInitializeRangeList + 92 805CFB29 15 Bytes [FF, 55, 8B, EC, 56, 57, 8B, ...]
PAGE ntoskrnl.exe!RtlInitializeRangeList + A2 805CFB39 28 Bytes [00, 00, 8B, 70, 14, 8B, 46, ...]
PAGE ntoskrnl.exe!RtlInitializeRangeList + BF 805CFB56 4 Bytes [FF, 0D, 00, 04]
PAGE ntoskrnl.exe!RtlInitializeRangeList + C5 805CFB5C 41 Bytes CALL 80507B2A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlInitializeRangeList + EF 805CFB86 57 Bytes [57, 8D, 45, 08, 50, 0F, 95, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlQueryTimeZoneInformation + 5C 805D04BF 46 Bytes [5D, F4, 66, C7, 45, F6, 40, ...]
PAGE ntoskrnl.exe!RtlQueryTimeZoneInformation + 8B 805D04EE 24 Bytes [45, 9C, 89, 45, B8, 8D, 82, ...]
PAGE ntoskrnl.exe!RtlQueryTimeZoneInformation + A4 805D0507 30 Bytes [89, 30, 53, 89, 45, C0, 8D, ...]
PAGE ntoskrnl.exe!RtlQueryTimeZoneInformation + C3 805D0526 17 Bytes [00, 40, C7, 85, 14, FF, FF, ...]
PAGE ntoskrnl.exe!RtlQueryTimeZoneInformation + D5 805D0538 43 Bytes [C7, 85, 30, FF, FF, FF, 74, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToMultiByteN + 2 805D2203 66 Bytes [55, 8B, EC, 51, 51, 53, 8B, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToMultiByteN + 45 805D2246 6 Bytes [8D, 3C, 4A, 83, F9, 0F] {LEA EDI, [EDX+ECX*2]; CMP ECX, 0xf}
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToMultiByteN + 4C 805D224D 12 Bytes [87, 2E, F8, FF, FF, FF, 24, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToMultiByteN + 59 805D225A 131 Bytes [B7, 4F, FE, 0F, B6, 0C, 01, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToMultiByteN + DD 805D22DE 7 Bytes [90, 6A, 20, 68, F8, 27, 51]
PAGE ntoskrnl.exe!ZwCancelIoFile + 7 805D22E6 13 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwCancelIoFile + 15 805D22F4 116 Bytes [00, 8B, F0, 8A, 86, 40, 01, ...]
PAGE ntoskrnl.exe!ZwCancelIoFile + 8A 805D2369 68 Bytes [4D, E0, 39, 48, 64, 75, 0A, ...]
PAGE ntoskrnl.exe!ZwCancelIoFile + CF 805D23AE 14 Bytes [D3, 8B, 16, 3B, F2, 75, 31, ...] {ROR DWORD [EBX+0x75f23b16], CL; XOR [EDX-0x7f280038], ECX; JGE 0xfffffffffffffff5}
PAGE ntoskrnl.exe!ZwCancelIoFile + DE 805D23BD 3 Bytes [75, DB, C7]
PAGE ...
PAGE ntoskrnl.exe!ZwWriteFileGather + 2C 805D25F8 41 Bytes [88, 45, D4, 8D, 45, 90, 50, ...]
PAGE ntoskrnl.exe!ZwWriteFileGather + 56 805D2622 81 Bytes [00, 8B, 45, 94, 89, 45, B8, ...]
PAGE ntoskrnl.exe!ZwWriteFileGather + A8 805D2674 137 Bytes JMP 01362985
PAGE ntoskrnl.exe!ZwWriteFileGather + 132 805D26FE 31 Bytes [A5, 8B, CA, 83, E1, 03, F3, ...]
PAGE ntoskrnl.exe!ZwWriteFileGather + 152 805D271E 30 Bytes [00, 00, 33, C9, 0B, C1, 0F, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlInitializeTunnelCache + F 805D2C5F 50 Bytes [00, 89, 50, 04, 89, 50, 08, ...]
PAGE ntoskrnl.exe!FsRtlInitializeTunnelCache + 42 805D2C92 31 Bytes [75, D0, 8B, 5D, CC, E9, 49, ...]
PAGE ntoskrnl.exe!FsRtlInitializeTunnelCache + 62 805D2CB2 4 Bytes [6A, 00, B2, 01] {PUSH 0x0; MOV DL, 0x1}
PAGE ntoskrnl.exe!FsRtlInitializeTunnelCache + 67 805D2CB7 3 Bytes CALL 804ECB19 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlInitializeTunnelCache + 6B 805D2CBB 20 Bytes JMP 8057BE04 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlDeleteTunnelCache + B 805D2CD0 38 Bytes [00, 74, 20, 8B, 45, 08, 83, ...]
PAGE ntoskrnl.exe!FsRtlDeleteTunnelCache + 32 805D2CF7 139 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!IoCreateStreamFileObject + 87 805D2D83 44 Bytes [85, C0, 0F, 84, BF, 48, 03, ...]
PAGE ntoskrnl.exe!IoCreateStreamFileObject + B4 805D2DB0 62 Bytes JMP 805A9528 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoCreateStreamFileObject + F3 805D2DEF 3 Bytes JMP 80588679 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoCreateStreamFileObject + F7 805D2DF3 13 Bytes [0F, B6, C0, 2B, F0, 83, EE, ...]
PAGE ntoskrnl.exe!IoCreateStreamFileObject + 105 805D2E01 67 Bytes [8D, 46, 0C, 83, C9, FF, F0, ...]
PAGE ...
PAGE ntoskrnl.exe!IoCreateSymbolicLink + 4 805D2F03 49 Bytes [EC, 83, EC, 18, 8B, 45, 08, ...]
PAGE ntoskrnl.exe!IoCreateSymbolicLink + 36 805D2F35 7 Bytes [C7, 45, F4, 50, 02, 00, 00] {MOV DWORD [EBP-0xc], 0x250}
PAGE ntoskrnl.exe!IoCreateSymbolicLink + 3E 805D2F3D 17 Bytes [71, 07, F1, FF, 8B, F0, 85, ...]
PAGE ntoskrnl.exe!IoCreateSymbolicLink + 50 805D2F4F 5 Bytes [8B, C6, 5E, C9, C2]
PAGE ntoskrnl.exe!IoCreateSymbolicLink + 56 805D2F55 115 Bytes [00, 85, C0, 0F, 84, 1C, 57, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlAppendStringToString + 2C 805D30A3 2 Bytes [51, 8B]
PAGE ntoskrnl.exe!RtlAppendStringToString + 2F 805D30A6 110 Bytes [0C, FF, 71, 04, 8B, 4E, 04, ...]
PAGE ntoskrnl.exe!RtlPinAtomInAtomTable + C 805D3115 3 Bytes [FF, 75, 08] {PUSH DWORD [EBP+0x8]}
PAGE ntoskrnl.exe!RtlPinAtomInAtomTable + 10 805D3119 3 Bytes CALL 8056F21D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlPinAtomInAtomTable + 14 805D311D 17 Bytes [84, C0, 0F, 84, F6, 40, 03, ...]
PAGE ntoskrnl.exe!RtlPinAtomInAtomTable + 27 805D3130 97 Bytes [C0, 8B, 75, 0C, 66, 81, FE, ...]
PAGE ntoskrnl.exe!RtlPinAtomInAtomTable + 89 805D3192 55 Bytes CALL 8059D804 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlCreateAtomTable + 14 805D31CA 89 Bytes [5D, 08, 83, FB, 01, 77, 03, ...]
PAGE ntoskrnl.exe!RtlCreateAtomTable + 6E 805D3224 140 Bytes [6F, 6D, 89, 30, 5F, 5E, 5B, ...]
PAGE ntoskrnl.exe!RtlCreateAtomTable + FB 805D32B1 29 Bytes [84, ED, 0F, 89, F7, 5C, 00, ...]
PAGE ntoskrnl.exe!RtlCreateAtomTable + 119 805D32CF 29 Bytes [FF, 0F, 84, FA, 26, FF, FF, ...]
PAGE ntoskrnl.exe!RtlCreateAtomTable + 137 805D32ED 199 Bytes [46, 8D, 45, 8C, 89, 4D, 8C, ...]
PAGE ntoskrnl.exe!RtlAddAce + 3B 805D33B5 109 Bytes [45, 14, 83, 65, 0C, 00, 57, ...]
PAGE ntoskrnl.exe!RtlAddAce + A9 805D3423 22 Bytes [45, 0C, 66, 01, 46, 04, 8A, ...]
PAGE ntoskrnl.exe!RtlAddAce + C0 805D343A 95 Bytes [00, C0, EB, F2, B8, 23, 00, ...]
PAGE ntoskrnl.exe!RtlSetGroupSecurityDescriptor + 1E 805D349A 38 Bytes [55, 0C, 83, 60, 08, 00, 85, ...]
PAGE ntoskrnl.exe!RtlSetGroupSecurityDescriptor + 45 805D34C1 65 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!RtlSetSaclSecurityDescriptor + 3D 805D3503 58 Bytes JMP 80574F7F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSetSaclSecurityDescriptor + 78 805D353E 15 Bytes JMP 805DB6B9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSetSaclSecurityDescriptor + 89 805D354F 44 Bytes JMP 8057519F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSetSaclSecurityDescriptor + B6 805D357C 59 Bytes CALL 804E5658 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSetSaclSecurityDescriptor + F2 805D35B8 4 Bytes [83, C9, FF, F0]
PAGE ...
PAGE ntoskrnl.exe!ZwPrivilegedServiceAuditAlarm + C 805D36D3 163 Bytes [33, DB, 89, 5D, E4, 89, 5D, ...]
PAGE ntoskrnl.exe!ZwPrivilegedServiceAuditAlarm + B0 805D3777 60 Bytes [3B, F0, 0F, 83, 88, 89, 03, ...]
PAGE ntoskrnl.exe!ZwPrivilegedServiceAuditAlarm + ED 805D37B4 10 Bytes [03, 00, 8D, 04, 3E, 3B, C6, ...]
PAGE ntoskrnl.exe!ZwPrivilegedServiceAuditAlarm + F9 805D37C0 6 Bytes [00, 3B, 05, D4, 7E, 56]
PAGE ntoskrnl.exe!ZwPrivilegedServiceAuditAlarm + 100 805D37C7 44 Bytes [0F, 87, 97, 00, 00, 00, 68, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwSetUuidSeed + 99 805D390C 20 Bytes CALL 8056CA99 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetUuidSeed + AE 805D3921 36 Bytes JMP 805AC5A0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetUuidSeed + D3 805D3946 30 Bytes [00, 00, 56, 6A, 01, 6A, 00, ...]
PAGE ntoskrnl.exe!ZwSetUuidSeed + F2 805D3965 69 Bytes [FF, 75, D8, FF, 75, B8, E8, ...]
PAGE ntoskrnl.exe!ZwSetUuidSeed + 138 805D39AB 152 Bytes JMP 805D4548 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwLockProductActivationKeys + A 805D3AAC 101 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwLockProductActivationKeys + 70 805D3B12 79 Bytes [8D, 44, 05, A8, 8B, 10, 8B, ...]
PAGE ntoskrnl.exe!ZwLockProductActivationKeys + C0 805D3B62 3 Bytes [DE, 83, E3]
PAGE ntoskrnl.exe!ZwLockProductActivationKeys + C4 805D3B66 103 Bytes [8B, 1C, 9D, 20, 91, 50, 80, ...]
PAGE ntoskrnl.exe!ZwLockProductActivationKeys + 12D 805D3BCF 11 Bytes [1B, C0, 25, A6, DE, FF, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwFilterToken + 45 805D4272 110 Bytes [8B, 4D, 1C, 3B, C8, 0F, 83, ...]
PAGE ntoskrnl.exe!ZwFilterToken + B4 805D42E1 39 Bytes [83, 4D, FC, FF, 3B, FE, 0F, ...]
PAGE ntoskrnl.exe!ZwFilterToken + DC 805D4309 10 Bytes [6A, 02, FF, 75, 08, E8, 46, ...] {PUSH 0x2; PUSH DWORD [EBP+0x8]; CALL 0xfffffffffff98250}
PAGE ntoskrnl.exe!ZwFilterToken + E7 805D4314 64 Bytes [F8, 3B, FE, 7C, 64, 8B, 5D, ...]
PAGE ntoskrnl.exe!ZwFilterToken + 128 805D4355 74 Bytes CALL 8056DA62 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwLoadKey + 7 805D45CC 72 Bytes [FF, 75, 0C, FF, 75, 08, E8, ...]
PAGE ntoskrnl.exe!ZwLoadKey + 50 805D4615 18 Bytes [0F, 85, 27, 0D, 04, 00, A8, ...]
PAGE ntoskrnl.exe!ZwLoadKey + 63 805D4628 13 Bytes [8B, 8D, D4, FD, FF, FF, 3B, ...]
PAGE ntoskrnl.exe!ZwLoadKey + 71 805D4636 106 Bytes [8B, 49, 08, 89, 8D, 94, FD, ...]
PAGE ntoskrnl.exe!ZwLoadKey + DC 805D46A1 14 Bytes [6A, 06, 59, 8B, B5, D4, FD, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwLoadKey2 + 26 805D474A 63 Bytes [00, 8A, 98, 40, 01, 00, 00, ...]
PAGE ntoskrnl.exe!ZwLoadKey2 + 66 805D478A 128 Bytes [FF, 8B, F0, 3B, F7, 0F, 8C, ...]
PAGE ntoskrnl.exe!ZwLoadKey2 + E7 805D480B 96 Bytes [87, 83, FD, FF, FF, 8D, 45, ...]
PAGE ntoskrnl.exe!ZwLoadKey2 + 148 805D486C 17 Bytes [8D, 45, A8, 50, 68, 19, 00, ...]
PAGE ntoskrnl.exe!ZwLoadKey2 + 15A 805D487E 19 Bytes CALL 80655080 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoGetConfigurationInformation + 5 805D7126 7 Bytes [C3, 90, 90, 90, 90, 90, 8B]
PAGE ntoskrnl.exe!IoCreateUnprotectedSymbolicLink + 2 805D712E 6 Bytes [55, 8B, EC, 83, EC, 18] {PUSH EBP; MOV EBP, ESP; SUB ESP, 0x18}
PAGE ntoskrnl.exe!IoCreateUnprotectedSymbolicLink + 9 805D7135 14 Bytes [45, 08, 83, 65, EC, 00, 83, ...]
PAGE ntoskrnl.exe!IoCreateUnprotectedSymbolicLink + 1A 805D7146 36 Bytes [0C, 89, 45, F0, 8D, 45, E8, ...]
PAGE ntoskrnl.exe!IoCreateUnprotectedSymbolicLink + 3F 805D716B 31 Bytes [F8, 85, FF, 7C, 08, FF, 75, ...]
PAGE ntoskrnl.exe!IoCreateUnprotectedSymbolicLink + 5F 805D718B 3 Bytes JMP 805E4BE5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoSetDeviceInterfaceState + 1 805D7868 2 Bytes [FF, 55]
PAGE ntoskrnl.exe!IoSetDeviceInterfaceState + 4 805D786B 14 Bytes [EC, 56, 57, 64, A1, 24, 01, ...]
PAGE ntoskrnl.exe!IoSetDeviceInterfaceState + 13 805D787A 29 Bytes [6A, 01, BE, 00, 11, 56, 80, ...]
PAGE ntoskrnl.exe!IoSetDeviceInterfaceState + 31 805D7898 24 Bytes CALL 804DC599 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoSetDeviceInterfaceState + 4A 805D78B1 43 Bytes [0F, 8C, 9A, BF, 01, 00, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!IoDeleteSymbolicLink + 46 805D7EAA 3 Bytes CALL 804E3AD7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoDeleteSymbolicLink + 4B 805D7EAF 98 Bytes [F0, 85, F6, 7C, 08, FF, 75, ...]
PAGE ntoskrnl.exe!IoInitializeTimer + 3C 805D7F12 6 Bytes [5F, 8B, 45, 0C, 89, 42]
PAGE ntoskrnl.exe!IoInitializeTimer + 43 805D7F19 18 Bytes [8B, 45, 10, 89, 42, 10, 68, ...]
PAGE ntoskrnl.exe!IoInitializeTimer + 56 805D7F2C 132 Bytes CALL 804E5620 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlGetVersion + 4A 805D7FB1 234 Bytes [25, FF, 00, 66, 89, 86, 16, ...]
PAGE ntoskrnl.exe!RtlGetVersion + 135 805D809C 21 Bytes [76, 03, 89, 45, FC, 8B, 4D, ...]
PAGE ntoskrnl.exe!RtlGetVersion + 14B 805D80B2 39 Bytes [18, 72, BC, 68, 57, 6D, 69, ...]
PAGE ntoskrnl.exe!RtlGetVersion + 173 805D80DA 2 Bytes [45, 14]
PAGE ntoskrnl.exe!RtlGetVersion + 176 805D80DD 26 Bytes [45, FC, 68, 57, 6D, 69, 70, ...]
PAGE ...
PAGE ntoskrnl.exe!IoGetDeviceInterfaceAlias + 12 805D86F9 5 Bytes [0F, 84, 21, 03, 00]
PAGE ntoskrnl.exe!IoGetDeviceInterfaceAlias + 18 805D86FF 3 Bytes [39, 73, 04] {CMP [EBX+0x4], ESI}
PAGE ntoskrnl.exe!IoGetDeviceInterfaceAlias + 1D 805D8704 2 Bytes [18, 03] {SBB [EBX], AL}
PAGE ntoskrnl.exe!IoGetDeviceInterfaceAlias + 21 805D8708 136 Bytes [66, 83, 3B, 51, 0F, 82, 0E, ...]
PAGE ntoskrnl.exe!IoGetDeviceInterfaceAlias + AA 805D8791 64 Bytes [48, 08, FF, 70, 0C, 03, C8, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlRegisterUncProvider + 1 805D9793 74 Bytes [FF, 55, 8B, EC, 83, EC, 10, ...]
PAGE ntoskrnl.exe!FsRtlRegisterUncProvider + 4C 805D97DE 60 Bytes [0F, 84, 40, 40, 01, 00, 68, ...]
PAGE ntoskrnl.exe!FsRtlRegisterUncProvider + 89 805D981B 4 Bytes [8C, 3C, 40, 01]
PAGE ntoskrnl.exe!FsRtlRegisterUncProvider + 91 805D9823 6 Bytes [8B, 4D, FC, FF, 05, 28]
PAGE ntoskrnl.exe!FsRtlRegisterUncProvider + 98 805D982A 37 Bytes [69, 80, 89, 08, 56, 6A, 01, ...]
PAGE ...
PAGE ntoskrnl.exe!SeRegisterLogonSessionTerminatedRoutine + 7 805D9A14 28 Bytes [5D, 08, 85, DB, 0F, 84, 68, ...]
PAGE ntoskrnl.exe!SeRegisterLogonSessionTerminatedRoutine + 24 805D9A31 13 Bytes [F0, 85, F6, 0F, 84, 56, 3B, ...]
PAGE ntoskrnl.exe!SeRegisterLogonSessionTerminatedRoutine + 32 805D9A3F 1 Byte [00]
PAGE ntoskrnl.exe!SeRegisterLogonSessionTerminatedRoutine + 32 805D9A3F 30 Bytes [00, 00, FF, 88, D4, 00, 00, ...]
PAGE ntoskrnl.exe!SeRegisterLogonSessionTerminatedRoutine + 51 805D9A5E 22 Bytes [CF, 89, 35, D8, AE, 69, 80, ...]
PAGE ...
PAGE ntoskrnl.exe!NtDeleteFile + 29 805DB365 9 Bytes [FF, 6A, 18, 33, C0, 59, 8D, ...]
PAGE ntoskrnl.exe!NtDeleteFile + 33 805DB36F 7 Bytes [FF, FF, F3, AB, 88, 85, 54]
PAGE ntoskrnl.exe!NtDeleteFile + 3B 805DB377 6 Bytes [FF, FF, 8D, 85, 6C, FF]
PAGE ntoskrnl.exe!NtDeleteFile + 43 805DB37F 6 Bytes [66, C7, 85, 04, FF, FF]
PAGE ntoskrnl.exe!NtDeleteFile + 4A 805DB386 75 Bytes [08, 00, 66, C7, 85, 06, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwCreateJobObject + 12 805DBB78 7 Bytes [89, 45, D8, 8A, 80, 40, 01]
PAGE ntoskrnl.exe!ZwCreateJobObject + 1A 805DBB80 14 Bytes [00, 88, 45, E0, 33, DB, 89, ...] {ADD [EAX-0x24cc1fbb], CL; MOV [EBP-0x4], EBX; MOV ECX, [EBP+0x8]; CMP AL, BL}
PAGE ntoskrnl.exe!ZwCreateJobObject + 29 805DBB8F 39 Bytes [11, A1, D4, 7E, 56, 80, 3B, ...]
PAGE ntoskrnl.exe!ZwCreateJobObject + 51 805DBBB7 59 Bytes [75, 10, FF, 35, E0, 96, 56, ...]
PAGE ntoskrnl.exe!ZwCreateJobObject + 8D 805DBBF3 17 Bytes [04, 89, 5E, 04, 8D, 46, 08, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwSetInformationJobObject + 4 805DBCBE 5 Bytes [00, 68, 88, 2E, 51]
PAGE ntoskrnl.exe!ZwSetInformationJobObject + A 805DBCC4 150 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetInformationJobObject + A1 805DBD5B 8 Bytes [10, 85, CE, 0F, 85, DF, A1, ...]
PAGE ntoskrnl.exe!ZwSetInformationJobObject + AB 805DBD65 39 Bytes [45, 14, 03, C6, 3B, C6, 0F, ...]
PAGE ntoskrnl.exe!ZwSetInformationJobObject + D3 805DBD8D 41 Bytes [33, C0, 83, FB, 05, 0F, 95, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwSetDefaultUILanguage + 32 805DC1AC 5 Bytes [4C, 00, 61, 00, 6E] {DEC ESP; ADD [ECX+0x0], AH; OUTSB }
PAGE ntoskrnl.exe!ZwSetDefaultUILanguage + 38 805DC1B2 11 Bytes [67, 00, 75, 00, 61, 00, 67, ...]
PAGE ntoskrnl.exe!ZwSetDefaultUILanguage + 44 805DC1BE 5 Bytes [65, 00, 6E, 00, 64]
PAGE ntoskrnl.exe!ZwSetDefaultUILanguage + 4A 805DC1C4 1 Byte [69]
PAGE ntoskrnl.exe!ZwSetDefaultUILanguage + 4A 805DC1C4 16 Bytes [69, 00, 6E, 00, 67, 00, 00, ...]
PAGE ntoskrnl.exe!ZwSetDefaultLocale + 2 805DC1D5 7 Bytes [55, 8B, EC, 81, EC, 38, 01]
PAGE ntoskrnl.exe!ZwSetDefaultLocale + A 805DC1DD 5 Bytes [00, A1, 60, A3, 55]
PAGE ntoskrnl.exe!ZwSetDefaultLocale + 10 805DC1E3 6 Bytes [57, 8B, 7D, 0C, F7, C7]
PAGE ntoskrnl.exe!ZwSetDefaultLocale + 17 805DC1EA 32 Bytes [00, FF, FF, 89, 45, FC, 0F, ...]
PAGE ntoskrnl.exe!ZwSetDefaultLocale + 38 805DC20B 26 Bytes CALL 8058E68E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!MmPageEntireDriver + 11 805DC77D 156 Bytes [85, C0, 74, 5B, F6, 05, 48, ...]
PAGE ntoskrnl.exe!RtlSubAuthoritySid + 4 805DC81A 38 Bytes [EC, 8B, 45, 0C, 8B, 4D, 08, ...]
PAGE ntoskrnl.exe!MmResetDriverPaging + 2 805DC841 47 Bytes [55, 8B, EC, F6, 05, 48, 79, ...]
PAGE ntoskrnl.exe!MmResetDriverPaging + 32 805DC871 57 Bytes CALL 805E7559 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!MmResetDriverPaging + 6C 805DC8AB 83 Bytes [59, 8B, 06, 3D, 50, 41, 47, ...]
PAGE ntoskrnl.exe!MmResetDriverPaging + C0 805DC8FF 160 Bytes CALL 8051A294 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!MmResetDriverPaging + 161 805DC9A0 38 Bytes JMP 80574879 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoRegisterDeviceInterface + 5 805DCC69 23 Bytes [8B, 45, 08, 8B, 80, B0, 00, ...]
PAGE ntoskrnl.exe!IoRegisterDeviceInterface + 1D 805DCC81 76 Bytes [66, 83, 3F, 00, 74, 44, 8B, ...]
PAGE ntoskrnl.exe!IoRegisterDeviceInterface + 6A 805DCCCE 22 Bytes [00, C0, EB, F3, 83, 7D, 34, ...]
PAGE ntoskrnl.exe!IoRegisterDeviceInterface + 81 805DCCE5 22 Bytes [F6, 45, 20, 04, 0F, 85, 52, ...]
PAGE ntoskrnl.exe!IoRegisterDeviceInterface + 98 805DCCFC 64 Bytes [83, FF, 02, 0F, 84, 1B, 0D, ...]
PAGE ntoskrnl.exe!ZwCreateMailslotFile + 2E 805DCD3D 5 Bytes [FC, F6, C3, 03, 0F]
PAGE ntoskrnl.exe!ZwCreateMailslotFile + 34 805DCD43 28 Bytes [85, 28, 01, 00, A1, D4, 7E, ...]
PAGE ntoskrnl.exe!ZwCreateMailslotFile + 51 805DCD60 4 Bytes [4D, FC, FF, 8B]
PAGE ntoskrnl.exe!ZwCreateMailslotFile + 56 805DCD65 14 Bytes [1C, 89, 45, CC, 8B, 45, 20, ...] {SBB AL, 0x89; INC EBP; INT 3 ; MOV EAX, [EBP+0x20]; MOV [EBP-0x30], EAX; PUSH ESI; LEA EAX, [EBP-0x34]}
PAGE ntoskrnl.exe!ZwCreateMailslotFile + 65 805DCD74 13 Bytes [6A, 02, 56, 56, FF, 75, 18, ...] {PUSH 0x2; PUSH ESI; PUSH ESI; PUSH DWORD [EBP+0x18]; PUSH 0x2; PUSH 0x3; PUSH ESI; PUSH ESI}
PAGE ...
PAGE ntoskrnl.exe!FsRtlOplockFsctrl + 20 805DCF34 121 Bytes [3B, C8, 6A, 02, 5B, 0F, 87, ...]
PAGE ntoskrnl.exe!FsRtlOplockFsctrl + 9A 805DCFAE 5 Bytes [00, A1, 60, A3, 55]
PAGE ntoskrnl.exe!FsRtlOplockFsctrl + A0 805DCFB4 52 Bytes [56, 8B, 75, 0C, 89, 45, FC, ...]
PAGE ntoskrnl.exe!FsRtlOplockFsctrl + D5 805DCFE9 137 Bytes [81, E1, 00, E0, FF, FF, 89, ...]
PAGE ntoskrnl.exe!FsRtlOplockFsctrl + 15F 805DD073 141 Bytes [00, 09, 58, 0C, 8B, 00, EB, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlValidSecurityDescriptor + 2F 805DD1D2 1 Byte [C6]
PAGE ntoskrnl.exe!RtlValidSecurityDescriptor + 32 805DD1D5 56 Bytes [E4, 85, C0, 74, 0A, 50, E8, ...]
PAGE ntoskrnl.exe!RtlValidSecurityDescriptor + 6B 805DD20E 57 Bytes [C7, 8B, 46, 10, 74, 06, 85, ...]
PAGE ntoskrnl.exe!RtlValidSecurityDescriptor + A5 805DD248 28 Bytes CALL 804E2EDC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlValidSecurityDescriptor + C2 805DD265 74 Bytes JMP 80582A6C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlDecompressFragment + C 805DD2E9 82 Bytes [00, 00, 00, 74, 31, 66, 83, ...]
PAGE ntoskrnl.exe!RtlDecompressFragment + 5F 805DD33C 52 Bytes [7F, D5, 63, 80, 7F, D5, 63, ...]
PAGE ntoskrnl.exe!RtlDecompressFragment + 94 805DD371 48 Bytes [00, 00, 8D, 4D, F8, 51, FF, ...]
PAGE ntoskrnl.exe!RtlDecompressFragment + C5 805DD3A2 109 Bytes [00, 00, 8B, 4D, FC, 8B, 45, ...]
PAGE ntoskrnl.exe!RtlDecompressFragment + 134 805DD411 146 Bytes CALL 805DD462 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!LdrAccessResource + 2 805DE2AB 51 Bytes JMP 805DE104 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlFindMessage + 1E 805DE2DF 17 Bytes [F4, 50, FF, 75, 08, C7, 45, ...] {HLT ; PUSH EAX; PUSH DWORD [EBP+0x8]; MOV DWORD [EBP-0x8], 0x1; CALL 0xfffffffffffffcbc}
PAGE ntoskrnl.exe!RtlFindMessage + 30 805DE2F1 87 Bytes [C0, 7C, 51, 6A, 00, 8D, 45, ...]
PAGE ntoskrnl.exe!RtlFindMessage + 88 805DE349 39 Bytes [B8, 09, 01, 00, C0, EB, F4, ...]
PAGE ntoskrnl.exe!RtlFindMessage + B0 805DE371 3 Bytes [8B, 4D, 18] {MOV ECX, [EBP+0x18]}
PAGE ntoskrnl.exe!RtlFindMessage + B4 805DE375 36 Bytes [01, EB, E7, C7, 45, D8, 0D, ...]
PAGE ...
PAGE ntoskrnl.exe!NtAllocateUuids + 7 805DE618 4 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtAllocateUuids + C 805DE61D 17 Bytes [83, 65, FC, 00, 64, A1, 24, ...]
PAGE ntoskrnl.exe!NtAllocateUuids + 1E 805DE62F 82 Bytes [00, 88, 45, E7, 8B, 5D, 08, ...]
PAGE ntoskrnl.exe!NtAllocateUuids + 71 805DE682 10 Bytes [45, 10, 89, 45, C0, 8B, 0D, ...] {INC EBP; ADC [ECX+0xd8bc045], CL; AAM 0x7e; PUSH ESI}
PAGE ntoskrnl.exe!NtAllocateUuids + 7C 805DE68D 65 Bytes [3B, C1, 0F, 83, A2, 47, 03, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwPrivilegeObjectAuditAlarm + 7 805DE75E 17 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwPrivilegeObjectAuditAlarm + 19 805DE770 5 Bytes [00, 8A, 80, 40, 01]
PAGE ntoskrnl.exe!ZwPrivilegeObjectAuditAlarm + 1F 805DE776 17 Bytes [00, 88, 45, D0, 53, 8D, 45, ...]
PAGE ntoskrnl.exe!ZwPrivilegeObjectAuditAlarm + 31 805DE788 19 Bytes [6A, 08, FF, 75, 10, E8, C7, ...]
PAGE ntoskrnl.exe!ZwPrivilegeObjectAuditAlarm + 45 805DE79C 7 Bytes [00, 8B, 7D, DC, 83, BF, 80]
PAGE ...
PAGE ntoskrnl.exe!ZwFlushKey + 16 805DF261 75 Bytes [0F, 85, 40, 6D, 03, 00, 64, ...]
PAGE ntoskrnl.exe!ZwFlushKey + 62 805DF2AD 42 Bytes [05, 02, 0F, 85, 13, 6D, 03, ...]
PAGE ntoskrnl.exe!ZwFlushKey + 8D 805DF2D8 39 Bytes [0F, 85, F6, 6C, 03, 00, 8B, ...]
PAGE ntoskrnl.exe!ZwFlushKey + B5 805DF300 67 Bytes [00, 0F, 85, 55, BC, 03, 00, ...]
PAGE ntoskrnl.exe!ZwFlushKey + F9 805DF344 63 Bytes [85, FF, FA, FF, FF, E9, F1, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlLengthSid + 17 805DF5E1 37 Bytes [C6, 00, 15, 8B, 09, 89, 48, ...]
PAGE ntoskrnl.exe!RtlLengthSid + 3D 805DF607 210 Bytes [30, 0F, 84, 79, E7, FB, FF, ...]
PAGE ntoskrnl.exe!RtlLengthSid + 110 805DF6DA 5 Bytes [FF, 15, 2C, 80, 4D]
PAGE ntoskrnl.exe!RtlLengthSid + 116 805DF6E0 26 Bytes [8A, C8, 8D, 7E, 10, 8B, 56, ...]
PAGE ntoskrnl.exe!RtlLengthSid + 131 805DF6FB 4 Bytes [15, 30, 80, 4D]
PAGE ...
PAGE ntoskrnl.exe!SeSetSecurityDescriptorInfo + 12 805DFAE9 80 Bytes [51, FF, 75, 1C, FF, 75, 18, ...]
PAGE ntoskrnl.exe!SeSetSecurityDescriptorInfo + 63 805DFB3A 32 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!NtSetSecurityObject + 1C 805DFB5B 3 Bytes CALL 805DFB0C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtSetSecurityObject + 20 805DFB5F 81 Bytes [64, A1, 24, 01, 00, 00, 8A, ...]
PAGE ntoskrnl.exe!NtSetSecurityObject + 72 805DFBB1 34 Bytes [0F, 84, 45, 06, 02, 00, F6, ...]
PAGE ntoskrnl.exe!NtSetSecurityObject + 95 805DFBD4 86 Bytes CALL 80575532 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ObSetSecurityObjectByPointer + 3C 805DFC2B 73 Bytes [00, 5E, 5D, C2, 0C, 00, 90, ...]
PAGE ntoskrnl.exe!RtlSetOwnerSecurityDescriptor + 3F 805DFC75 53 Bytes [33, C0, 5D, C2, 0C, 00, 33, ...]
PAGE ntoskrnl.exe!RtlSetOwnerSecurityDescriptor + 75 805DFCAB 2 Bytes JMP 805DF6A4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSetOwnerSecurityDescriptor + 79 805DFCAF 4 Bytes [81, FF, 03, 01]
PAGE ntoskrnl.exe!RtlSetOwnerSecurityDescriptor + 7F 805DFCB5 86 Bytes [0F, 84, FC, 24, 01, 00, 33, ...]
PAGE ntoskrnl.exe!RtlSetOwnerSecurityDescriptor + D6 805DFD0C 1 Byte [56]
PAGE ...
PAGE ntoskrnl.exe!NtQuerySecurityObject + 7F 805DFDBD 44 Bytes [45, 14, 8B, 4D, 18, 89, 01, ...]
PAGE ntoskrnl.exe!NtQuerySecurityObject + AC 805DFDEA 7 Bytes [83, 4D, FC, FF, E9, 70, FF]
PAGE ntoskrnl.exe!NtQuerySecurityObject + B5 805DFDF3 10 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] {NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
PAGE ntoskrnl.exe!NtQuerySecurityObject + C1 805DFDFF 58 Bytes [0C, 83, 20, 00, F6, 45, 08, ...]
PAGE ntoskrnl.exe!NtQuerySecurityObject + FC 805DFE3A 121 Bytes [55, 1C, 0F, 82, 36, 1C, FC, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwCreateIoCompletion + A6 805E059B 48 Bytes [C2, 10, 00, 8B, FB, C1, EF, ...]
PAGE ntoskrnl.exe!ZwCreateIoCompletion + D7 805E05CC 77 Bytes [C3, 8B, CF, C1, E1, 0A, 8B, ...]

hokage · #20 Příspěvek od **hokage** » 16 kvě 2010 17:51

PAGE ntoskrnl.exe!ZwCreateIoCompletion + 125 805E061A 5 Bytes [F6, 87, 48, 02, 00]
PAGE ntoskrnl.exe!ZwCreateIoCompletion + 12B 805E0620 11 Bytes [08, 0F, 84, 58, 40, 02, 00, ...]
PAGE ntoskrnl.exe!ZwCreateIoCompletion + 137 805E062C 13 Bytes [00, 8B, 0F, 8B, 45, 0C, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!MmLockPagableSectionByHandle + 4 805E09D6 3 Bytes [EC, 51, 8B]
PAGE ntoskrnl.exe!MmLockPagableSectionByHandle + 8 805E09DA 1 Byte [08]
PAGE ntoskrnl.exe!MmLockPagableSectionByHandle + 8 805E09DA 159 Bytes JMP 7D3F8AF3
PAGE ntoskrnl.exe!MmLockPagableSectionByHandle + A8 805E0A7A 11 Bytes [0F, 85, 7F, 9D, 01, 00, FF, ...]
PAGE ntoskrnl.exe!MmLockPagableSectionByHandle + B4 805E0A86 39 Bytes [0F, 84, 81, 4F, 00, 00, 5B, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwAccessCheckByType + 8 805E0AE2 92 Bytes [75, 30, FF, 75, 2C, FF, 75, ...]
PAGE ntoskrnl.exe!ZwAccessCheckByType + 65 805E0B3F 8 Bytes [00, 00, 01, 0F, 8D, 8B, C2, ...]
PAGE ntoskrnl.exe!ZwAccessCheckByType + 6E 805E0B48 69 Bytes JMP 8060D7AC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwAccessCheckByType + B4 805E0B8E 105 Bytes [3B, C3, 89, 46, 04, 0F, 85, ...]
PAGE ntoskrnl.exe!ZwAccessCheckByType + 11E 805E0BF8 67 Bytes JMP 5EFFF705
PAGE ...
PAGE ntoskrnl.exe!ZwNotifyChangeMultipleKeys + 6F 805E1FE7 21 Bytes [B4, C8, F8, FF, 6A, 04, FF, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeMultipleKeys + 85 805E1FFD 49 Bytes [00, 89, 5E, 04, 83, 4D, FC, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeMultipleKeys + B7 805E202F 24 Bytes [6A, 10, FF, 75, 08, E8, 20, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeMultipleKeys + D0 805E2048 12 Bytes [0F, 85, 12, 01, FD, FF, 53, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeMultipleKeys + DD 805E2055 63 Bytes CALL 805E2197 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwNotifyChangeKey + 2B 805E2191 111 Bytes [FF, 5D, C2, 28, 00, 90, 90, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeKey + 9C 805E2202 68 Bytes [68, 43, 4D, 70, 61, 6A, 30, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeKey + E1 805E2247 13 Bytes [8B, 77, 08, 85, F6, 8B, 58, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeKey + EF 805E2255 23 Bytes [68, 43, 4D, 6E, 62, 6A, 2C, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeKey + 108 805E226E 15 Bytes [47, 04, 8B, 4D, 10, 89, 46, ...]
PAGE ...
PAGE ntoskrnl.exe!NtAllocateLocallyUniqueId + 39 805E2916 28 Bytes [F6, C3, 03, 0F, 85, B0, 09, ...]
PAGE ntoskrnl.exe!NtAllocateLocallyUniqueId + 56 805E2933 22 Bytes CALL 804E2EDC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtAllocateLocallyUniqueId + 6D 805E294A 2 Bytes JMP 8057F08C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtAllocateLocallyUniqueId + 70 805E294D 118 Bytes [F9, FF, 89, 75, E0, E9, 20, ...]
PAGE ntoskrnl.exe!NtAllocateLocallyUniqueId + E7 805E29C4 7 Bytes [8B, CE, FF, 15, 18, 81, 4D]
PAGE ...
PAGE ntoskrnl.exe!ExSystemExceptionFilter + 2D 805E2B13 151 Bytes [0F, 85, B0, 9C, FA, FF, 66, ...]
PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 38 805E2BAB 3 Bytes CALL 80583570 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 3C 805E2BAF 21 Bytes [8B, F0, 89, 75, E0, 3B, F3, ...]
PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 52 805E2BC5 23 Bytes [46, 20, 39, 00, 74, 0B, 68, ...]
PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 6A 805E2BDD 47 Bytes [08, 89, 4D, D8, 8B, 40, 04, ...]
PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 9A 805E2C0D 15 Bytes CALL 805511E3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlUnicodeStringToOemString + 7 805E2C8B 45 Bytes [DB, 38, 1D, 20, A7, 69, 80, ...]
PAGE ntoskrnl.exe!RtlUnicodeStringToOemString + 36 805E2CBA 101 Bytes [0E, 0F, 85, 78, 5C, FF, FF, ...]
PAGE ntoskrnl.exe!RtlUnicodeStringToOemString + 9C 805E2D20 6 Bytes [EC, 8B, 4D, 08, 53, 56] {IN AL, DX ; MOV ECX, [EBP+0x8]; PUSH EBX; PUSH ESI}
PAGE ntoskrnl.exe!RtlUnicodeStringToOemString + A3 805E2D27 37 Bytes [75, 0C, C1, EE, 10, 57, 8B, ...]
PAGE ntoskrnl.exe!RtlUnicodeStringToOemString + C9 805E2D4D 31 Bytes [59, 28, 0F, B7, 5C, D3, 02, ...]
PAGE ...
PAGE ntoskrnl.exe!MmUnmapViewInSessionSpace + A 805E2E56 8 Bytes [00, 8B, 40, 44, F6, 80, 4A, ...]
PAGE ntoskrnl.exe!MmUnmapViewInSessionSpace + 13 805E2E5F 19 Bytes [00, 01, 0F, 84, 47, A2, 01, ...]
PAGE ntoskrnl.exe!MmUnmapViewInSessionSpace + 27 805E2E73 295 Bytes CALL 805E2D7F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!MmUnmapViewInSessionSpace + 14F 805E2F9B 42 Bytes [00, 00, 00, 8B, 0D, 08, 79, ...]
PAGE ntoskrnl.exe!MmUnmapViewInSessionSpace + 17A 805E2FC6 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!MmMapViewInSessionSpace 805E3103 10 Bytes [8B, FF, 55, 8B, EC, 64, A1, ...]
PAGE ntoskrnl.exe!MmMapViewInSessionSpace + B 805E310E 122 Bytes [8B, 40, 44, F6, 80, 4A, 02, ...]
PAGE ntoskrnl.exe!ZwOpenObjectAuditAlarm + 49 805E3189 133 Bytes [6A, 08, FF, 75, 1C, E8, C6, ...]
PAGE ntoskrnl.exe!ZwOpenObjectAuditAlarm + CF 805E320F 282 Bytes [89, 7D, BC, 83, 65, BC, 03, ...]
PAGE ntoskrnl.exe!ZwOpenObjectAuditAlarm + 1EA 805E332A 12 Bytes [75, 1C, 39, 75, 28, 74, 17, ...] {JNZ 0x1e; CMP [EBP+0x28], ESI; JZ 0x1e; LEA EAX, [EBP-0x64]; PUSH EAX; PUSH ESI}
PAGE ntoskrnl.exe!ZwOpenObjectAuditAlarm + 1F7 805E3337 16 Bytes CALL 804E5AE9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwOpenObjectAuditAlarm + 208 805E3348 68 Bytes [8A, 5D, E5, 39, 75, E0, 74, ...]
PAGE ...
PAGE ntoskrnl.exe!NtRequestPort + 3A 805E33F8 10 Bytes [8B, 75, 0C, 3B, F0, 0F, 83, ...]
PAGE ntoskrnl.exe!NtRequestPort + 45 805E3403 31 Bytes [6A, 06, 59, 8D, 7D, B4, F3, ...]
PAGE ntoskrnl.exe!NtRequestPort + 65 805E3423 28 Bytes [66, 39, 5D, BA, 0F, 85, A4, ...]
PAGE ntoskrnl.exe!NtRequestPort + 82 805E3440 13 Bytes [53, 8D, 45, E4, 50, FF, 75, ...]
PAGE ntoskrnl.exe!NtRequestPort + 90 805E344E 279 Bytes CALL 8056C555 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlOemToUnicodeN 805E36C0 38 Bytes [8B, FF, 55, 8B, EC, 53, 56, ...]
PAGE ntoskrnl.exe!RtlOemToUnicodeN + 27 805E36E7 30 Bytes [10, 85, C0, 74, 05, 8D, 0C, ...]
PAGE ntoskrnl.exe!RtlOemToUnicodeN + 46 805E3706 23 Bytes [FF, 24, BD, DC, 38, 5E, 80, ...]
PAGE ntoskrnl.exe!RtlOemToUnicodeN + 5E 805E371E 3 Bytes [8B, 1C, 5A] {MOV EBX, [EDX+EBX*2]}
PAGE ntoskrnl.exe!RtlOemToUnicodeN + 62 805E3722 104 Bytes [89, 59, 18, 0F, B6, 58, 0B, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlOemStringToUnicodeString + 10 805E37E2 30 Bytes [7D, 0C, 0F, 85, 34, 50, 02, ...]
PAGE ntoskrnl.exe!RtlOemStringToUnicodeString + 2F 805E3801 84 Bytes [75, 08, 8D, 48, FE, 66, 89, ...]
PAGE ntoskrnl.exe!RtlOemStringToUnicodeString + 84 805E3856 42 Bytes [85, F6, 8B, 4D, 08, 8B, 3D, ...]
PAGE ntoskrnl.exe!RtlOemStringToUnicodeString + AF 805E3881 40 Bytes [66, 85, F6, 74, 1E, 83, 7D, ...]
PAGE ntoskrnl.exe!RtlOemStringToUnicodeString + D8 805E38AA 31 Bytes [66, 8B, 04, 30, 66, 89, 01, ...]
PAGE ...
PAGE ntoskrnl.exe!IoGetDeviceObjectPointer + 25 805E3B4E 27 Bytes [45, E0, 18, 00, 00, 00, 89, ...]
PAGE ntoskrnl.exe!IoGetDeviceObjectPointer + 41 805E3B6A 26 Bytes [F8, 3B, FE, 7C, 36, 56, 8D, ...]
PAGE ntoskrnl.exe!IoGetDeviceObjectPointer + 5C 805E3B85 237 Bytes [F8, 3B, FE, 7C, 13, 8B, 45, ...]
PAGE ntoskrnl.exe!IoGetDeviceObjectPointer + 14A 805E3C73 32 Bytes [EC, 8B, 45, 0C, 56, 8B, 75, ...]
PAGE ntoskrnl.exe!IoGetDeviceObjectPointer + 16B 805E3C94 36 Bytes [8B, 40, 0C, 5E, 5D, C2, 0C, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlGetNtGlobalFlags + 5 805E3E96 18 Bytes [C3, 90, 90, 90, 90, 90, 8B, ...]
PAGE ntoskrnl.exe!ZwQueueApcThread + D 805E3EA9 25 Bytes [00, 8A, 80, 40, 01, 00, 00, ...]
PAGE ntoskrnl.exe!ZwQueueApcThread + 27 805E3EC3 158 Bytes [6A, 10, FF, 75, 08, E8, 8C, ...]
PAGE ntoskrnl.exe!ZwQueryTimer + 21 805E3F62 55 Bytes [00, 00, 83, 65, FC, 00, 8B, ...]
PAGE ntoskrnl.exe!ZwQueryTimer + 59 805E3F9A 11 Bytes [3B, C8, 0F, 83, 22, F4, 02, ...]
PAGE ntoskrnl.exe!ZwQueryTimer + 65 805E3FA6 108 Bytes [83, 4D, FC, FF, 83, 7D, 0C, ...]
PAGE ntoskrnl.exe!ZwQueryTimer + D2 805E4013 10 Bytes [0F, 84, 0B, F4, 02, 00, C7, ...]
PAGE ntoskrnl.exe!ZwQueryTimer + DD 805E401E 1 Byte [00]
PAGE ...
PAGE ntoskrnl.exe!NtFindAtom + 69 805E4875 24 Bytes [00, 00, 85, FF, 74, 1B, 83, ...]
PAGE ntoskrnl.exe!NtFindAtom + 82 805E488E 40 Bytes [07, 66, 89, 07, 83, 4D, FC, ...]
PAGE ntoskrnl.exe!NtFindAtom + AB 805E48B7 26 Bytes [8B, 8D, 58, FF, FF, FF, 8D, ...]
PAGE ntoskrnl.exe!NtFindAtom + C6 805E48D2 5 Bytes [00, 00, 83, 4D, FC]
PAGE ntoskrnl.exe!NtFindAtom + CC 805E48D8 28 Bytes [81, FE, 80, 00, 00, 00, 0F, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlUnicodeStringToInteger + 7 805E4C40 112 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlUnicodeStringToInteger + 78 805E4CB1 73 Bytes [4B, 66, 83, F8, 30, 72, 2B, ...]
PAGE ntoskrnl.exe!RtlUnicodeStringToInteger + C2 805E4CFB 58 Bytes [FE, FF, 66, 83, 7D, E4, 2D, ...]
PAGE ntoskrnl.exe!RtlUnicodeStringToInteger + FD 805E4D36 7 Bytes [75, E4, FF, 35, 58, 97, 56]
PAGE ntoskrnl.exe!RtlUnicodeStringToInteger + 105 805E4D3E 23 Bytes [68, 00, 04, 00, 00, FF, 75, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToOemN + 3E 805E4FBB 21 Bytes [83, E1, 0F, 01, 4D, 08, 89, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToOemN + 54 805E4FD1 1 Byte [24]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToOemN + 54 805E4FD1 4 Bytes [24, 8D, 65, 55]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToOemN + 59 805E4FD6 30 Bytes [80, 0F, B7, 4F, F2, 0F, B6, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToOemN + 79 805E4FF6 187 Bytes [89, 4D, 18, 0F, B7, 4D, 18, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlUpcaseUnicodeStringToOemString + 32 805E55DC 83 Bytes [FF, 66, 89, 0E, 74, 62, 50, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeStringToOemString + 86 805E5630 52 Bytes [00, 8B, 46, 04, 8B, 4D, 0C, ...]
PAGE ntoskrnl.exe!RtlFreeOemString + 11 805E5665 40 Bytes [15, 40, EC, 56, 80, 5D, C2, ...]
PAGE ntoskrnl.exe!RtlFreeOemString + 3A 805E568E 30 Bytes [4D, 18, 0F, B7, 4D, 18, 8A, ...]
PAGE ntoskrnl.exe!RtlFreeOemString + 59 805E56AD 87 Bytes [0F, B7, 0C, 4A, 66, 83, F9, ...]
PAGE ntoskrnl.exe!RtlFreeOemString + B1 805E5705 82 Bytes [B7, 4F, EC, 0F, B6, 0C, 01, ...]
PAGE ntoskrnl.exe!RtlFreeOemString + 104 805E5758 37 Bytes [B7, 4D, 18, 8A, 0C, 01, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + 3 805E5B4D 45 Bytes [8B, EC, 83, EC, 0C, 56, 33, ...]
PAGE ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + 31 805E5B7B 40 Bytes [43, 20, 85, C0, 74, 27, 8B, ...]
PAGE ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + 5B 805E5BA5 37 Bytes [08, EB, D5, 85, F6, 74, 2F, ...]
PAGE ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + 81 805E5BCB 76 Bytes CALL 80514739 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + CE 805E5C18 32 Bytes [7D, 08, 8B, 37, 3B, F7, 74, ...]
PAGE ...
PAGE ntoskrnl.exe!PsSetProcessSecurityPort + 4 805E608A 7 Bytes [EC, 8B, 45, 0C, 8B, 4D, 08] {IN AL, DX ; MOV EAX, [EBP+0xc]; MOV ECX, [EBP+0x8]}
PAGE ntoskrnl.exe!PsSetProcessSecurityPort + C 805E6092 166 Bytes [81, 98, 01, 00, 00, 33, C0, ...]
PAGE ntoskrnl.exe!SeCreateClientSecurityFromSubjectContext + 55 805E6139 12 Bytes [EB, EE, 0F, 84, 4E, 9E, 02, ...]
PAGE ntoskrnl.exe!SeCreateClientSecurityFromSubjectContext + 62 805E6146 26 Bytes [3B, D8, 0F, 87, 5F, 9D, 02, ...]
PAGE ntoskrnl.exe!SeCreateClientSecurityFromSubjectContext + 7D 805E6161 30 Bytes CALL 61E2706A
PAGE ntoskrnl.exe!SeCreateClientSecurityFromSubjectContext + 9E 805E6182 11 Bytes CALL 805E91B5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!SeCreateClientSecurityFromSubjectContext + AA 805E618E 33 Bytes [68, 4D, 6D, 53, 63, 6A, 30, ...]
PAGE ...
PAGE ntoskrnl.exe!CcZeroData + 5 805E6571 22 Bytes [68, D0, 5B, 51, 80, E8, 28, ...]
PAGE ntoskrnl.exe!CcZeroData + 1C 805E6588 115 Bytes [01, 00, C7, 45, A4, 01, 00, ...]
PAGE ntoskrnl.exe!CcZeroData + 90 805E65FC 59 Bytes [8F, 7F, 01, 00, 00, 3D, 00, ...]
PAGE ntoskrnl.exe!CcZeroData + CD 805E6639 24 Bytes [8B, 45, 90, 89, 45, C0, 8D, ...]
PAGE ntoskrnl.exe!CcZeroData + E6 805E6652 63 Bytes [53, FF, 75, C0, 8D, 45, D8, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlPrefixUnicodeString + 14 805E6880 33 Bytes [78, 04, 0F, B7, 01, 3B, C2, ...]
PAGE ntoskrnl.exe!RtlPrefixUnicodeString + 36 805E68A2 23 Bytes [66, 8B, 17, 66, 8B, 33, 47, ...]
PAGE ntoskrnl.exe!RtlPrefixUnicodeString + 4F 805E68BB 47 Bytes [FF, 4D, 08, 75, E2, B0, 01, ...]
PAGE ntoskrnl.exe!RtlPrefixUnicodeString + 7F 805E68EB 13 Bytes [0F, 8B, 45, 08, 89, 48, 18, ...]
PAGE ntoskrnl.exe!RtlPrefixUnicodeString + 8D 805E68F9 64 Bytes [47, 04, 8B, 53, 14, 3B, D0, ...]
PAGE ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 2 805E74E8 16 Bytes [55, 8B, EC, 53, 8B, 5D, 08, ...]
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 14 805E74FA 5 Bytes [FF, 88, D4, 00, 00]
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 1B 805E7501 1 Byte [47]
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 1B 805E7501 20 Bytes [47, 08, 8B, F7, C1, EE, 08, ...]
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 31 805E7517 19 Bytes CALL 804DA3A3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwCreateSymbolicLinkObject + 23 805E78FD 8 Bytes [8B, 45, 14, 8B, 08, 89, 4D, ...] {MOV EAX, [EBP+0x14]; MOV ECX, [EAX]; MOV [EBP-0x3c], ECX}
PAGE ntoskrnl.exe!ZwCreateSymbolicLinkObject + 2C 805E7906 6 Bytes [40, 04, 89, 45, C8, 33]
PAGE ntoskrnl.exe!ZwCreateSymbolicLinkObject + 33 805E790D 10 Bytes [66, 8B, 7D, C6, 33, F6, F6, ...] {MOV DI, [EBP-0x3a]; XOR ESI, ESI; TEST BYTE [EBP-0x3a], 0x1}
PAGE ntoskrnl.exe!ZwCreateSymbolicLinkObject + 3E 805E7918 226 Bytes [85, B5, 97, 01, 00, 66, 3B, ...]
PAGE ntoskrnl.exe!ZwCreateSymbolicLinkObject + 121 805E79FB 19 Bytes JMP 8056E16C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!NtMakePermanentObject + 1 805E7AE3 18 Bytes [FF, 55, 8B, EC, 83, EC, 0C, ...]
PAGE ntoskrnl.exe!NtMakePermanentObject + 14 805E7AF6 11 Bytes [88, 45, FC, FF, 75, FC, FF, ...]
PAGE ntoskrnl.exe!NtMakePermanentObject + 20 805E7B02 75 Bytes [FF, 35, D8, AC, 69, 80, E8, ...]
PAGE ntoskrnl.exe!NtMakePermanentObject + 6C 805E7B4E 43 Bytes [F7, C1, EE, 08, 83, E6, 03, ...]
PAGE ntoskrnl.exe!NtMakePermanentObject + 98 805E7B7A 48 Bytes [64, A1, 24, 01, 00, 00, FF, ...]
PAGE ntoskrnl.exe!ZwMakeTemporaryObject + 2 805E7BAB 34 Bytes [55, 8B, EC, 83, EC, 0C, 56, ...]
PAGE ntoskrnl.exe!ZwMakeTemporaryObject + 25 805E7BCE 97 Bytes [68, 00, 00, 01, 00, FF, 75, ...]
PAGE ntoskrnl.exe!ZwMakeTemporaryObject + 87 805E7C30 25 Bytes [5E, 5D, C2, 04, 00, 90, 90, ...]
PAGE ntoskrnl.exe!ZwMakeTemporaryObject + A1 805E7C4A 6 Bytes [C2, 04, 00, 39, 7B, 18] {RET 0x4; CMP [EBX+0x18], EDI}
PAGE ntoskrnl.exe!ZwMakeTemporaryObject + A9 805E7C52 78 Bytes JMP 805E7629 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwOpenSemaphore + 41 805E7CA1 99 Bytes [FF, 75, 0C, 6A, 00, FF, 75, ...]
PAGE ntoskrnl.exe!ZwAreMappedFilesTheSame + 17 805E7D05 110 Bytes [8B, CF, FF, 15, 18, 81, 4D, ...]
PAGE ntoskrnl.exe!ZwAreMappedFilesTheSame + 86 805E7D74 5 Bytes [84, 72, 84, FC, FF]
PAGE ntoskrnl.exe!ZwAreMappedFilesTheSame + 8C 805E7D7A 2 Bytes [48, 14]
PAGE ntoskrnl.exe!ZwAreMappedFilesTheSame + 8F 805E7D7D 7 Bytes [71, 08, 0F, 84, 55, 84, FC]
PAGE ntoskrnl.exe!ZwAreMappedFilesTheSame + 97 805E7D85 22 Bytes [F6, 46, 23, 10, 0F, 85, 22, ...]
PAGE ...
PAGE ntoskrnl.exe!MmLockPagableDataSection + 15 805E7DBE 3 Bytes [00, 8B, 80]
PAGE ntoskrnl.exe!MmLockPagableDataSection + 19 805E7DC2 25 Bytes [00, 30, C0, 66, 25, 81, 00, ...]
PAGE ntoskrnl.exe!MmLockPagableDataSection + 33 805E7DDC 9 Bytes [00, 6A, 01, 8B, F0, FF, 8E, ...]
PAGE ntoskrnl.exe!MmLockPagableDataSection + 3D 805E7DE6 5 Bytes [00, 68, E0, 34, 56] {ADD [EAX-0x20], CH; XOR AL, 0x56}
PAGE ntoskrnl.exe!MmLockPagableDataSection + 43 805E7DEC 57 Bytes CALL 804E1980 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ExEnumHandleTable + 16 805E84FA 50 Bytes [00, C6, 45, FF, 00, 33, DB, ...]
PAGE ntoskrnl.exe!ExEnumHandleTable + 49 805E852D 15 Bytes [0F, 85, 4C, 91, 02, 00, 8A, ...]
PAGE ntoskrnl.exe!ExEnumHandleTable + 59 805E853D 78 Bytes [85, D2, 74, DA, 56, FF, 75, ...]
PAGE ntoskrnl.exe!ExEnumHandleTable + A8 805E858C 7 Bytes [32, C0, 5F, 5E, 5D, C2, 0C]
PAGE ntoskrnl.exe!ExEnumHandleTable + B0 805E8594 34 Bytes [3B, C8, 74, E0, EB, F2, 90, ...]
PAGE ntoskrnl.exe!ObFindHandleForObject + 18 805E85B7 40 Bytes [4D, 0C, 3B, CB, 0F, 85, C1, ...]
PAGE ntoskrnl.exe!ObFindHandleForObject + 41 805E85E0 68 Bytes [FF, FF, 84, C0, 0F, 85, A3, ...]
PAGE ntoskrnl.exe!ObFindHandleForObject + 86 805E8625 56 Bytes [55, 0C, 56, FF, 75, 08, 88, ...]
PAGE ntoskrnl.exe!ObFindHandleForObject + BF 805E865E 66 Bytes [56, 8B, 75, 08, 57, BF, 80, ...]
PAGE ntoskrnl.exe!ObFindHandleForObject + 102 805E86A1 25 Bytes [7C, 06, 8B, 45, 10, C6, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwAssignProcessToJobObject + 17 805E8E4B 23 Bytes [F0, 8A, 86, 40, 01, 00, 00, ...]
PAGE ntoskrnl.exe!ZwAssignProcessToJobObject + 2F 805E8E63 12 Bytes [6A, 01, FF, 75, 08, E8, EC, ...] {PUSH 0x1; PUSH DWORD [EBP+0x8]; CALL 0xfffffffffff836f6; CMP EAX, EBX}
PAGE ntoskrnl.exe!ZwAssignProcessToJobObject + 3C 805E8E70 46 Bytes [7D, EC, 89, 7D, F0, 0F, 8C, ...]
PAGE ntoskrnl.exe!ZwAssignProcessToJobObject + 6B 805E8E9F 35 Bytes [00, 50, FF, 75, 0C, E8, B0, ...]
PAGE ntoskrnl.exe!ZwAssignProcessToJobObject + 91 805E8EC5 76 Bytes [E0, 0F, 85, EF, CE, 01, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwFlushVirtualMemory + 73 805E95BF 22 Bytes [E4, 83, 4D, FC, FF, A1, DC, ...]
PAGE ntoskrnl.exe!ZwFlushVirtualMemory + 8A 805E95D6 38 Bytes [45, DC, 50, FF, 75, D4, FF, ...]
PAGE ntoskrnl.exe!ZwFlushVirtualMemory + B1 805E95FD 54 Bytes CALL 805E929D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwFlushVirtualMemory + E8 805E9634 12 Bytes CALL 804E2EDB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwFlushVirtualMemory + F5 805E9641 25 Bytes [00, 00, C0, EB, F1, 90, 90, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeSize + 2 805E9A25 43 Bytes [55, 8B, EC, 8B, 45, 10, 33, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeSize + 2E 805E9A51 44 Bytes [F9, FF, 80, 4E, 27, 10, B9, ...]
PAGE

hokage · #21 Příspěvek od **hokage** » 16 kvě 2010 17:51

ntoskrnl.exe!RtlMultiByteToUnicodeSize + 5B 805E9A7E 54 Bytes [F8, 85, FF, 0F, 84, 76, 34, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeSize + 92 805E9AB5 55 Bytes [8B, 17, 3B, D1, 0F, 82, D0, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeSize + CA 805E9AED 4 Bytes JMP 805FD06A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlUnicodeToMultiByteSize + 97 805E9C21 15 Bytes [F7, 0F, 84, CC, 40, 00, 00, ...]
PAGE ntoskrnl.exe!RtlUnicodeToMultiByteSize + A7 805E9C31 32 Bytes JMP 805EDCF4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlUnicodeToMultiByteSize + C8 805E9C52 1 Byte [B0]
PAGE ntoskrnl.exe!RtlUnicodeToMultiByteSize + C8 805E9C52 34 Bytes [B0, 66, 33, C0, 66, 89, 45, ...]
PAGE ntoskrnl.exe!RtlUnicodeToMultiByteSize + EB 805E9C75 8 Bytes [FA, FF, 90, 90, 90, 90, 90, ...]
PAGE ntoskrnl.exe!ExUuidCreate + 2 805E9C7E 28 Bytes [55, 8B, EC, 83, EC, 0C, 83, ...]
PAGE ntoskrnl.exe!ExUuidCreate + 1F 805E9C9B 44 Bytes [8B, 0D, 28, B1, 69, 80, 8B, ...]
PAGE ntoskrnl.exe!ExUuidCreate + 4C 805E9CC8 8 Bytes [75, CC, 3B, 3D, 2C, B1, 69, ...] {JNZ 0xffffffffffffffce; CMP EDI, [0x8069b12c]}
PAGE ntoskrnl.exe!ExUuidCreate + 56 805E9CD2 28 Bytes [85, C0, 0F, 8C, 58, 0B, 00, ...]
PAGE ntoskrnl.exe!ExUuidCreate + 73 805E9CEF 138 Bytes [10, 89, 0B, 66, 89, 7B, 06, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwSetThreadExecutionState + C 805EB1DE 27 Bytes [64, A1, 24, 01, 00, 00, 89, ...]
PAGE ntoskrnl.exe!ZwSetThreadExecutionState + 28 805EB1FA 7 Bytes [55, FC, 64, A1, 24, 01, 00]
PAGE ntoskrnl.exe!ZwSetThreadExecutionState + 30 805EB202 23 Bytes [89, 45, D0, 8A, 80, 40, 01, ...]
PAGE ntoskrnl.exe!ZwSetThreadExecutionState + 48 805EB21A 22 Bytes [3B, C8, 0F, 83, FB, 75, 01, ...]
PAGE ntoskrnl.exe!ZwSetThreadExecutionState + 5F 805EB231 7 Bytes [00, 00, 0F, B6, 37, BB, 00]
PAGE ...
PAGE ntoskrnl.exe!IoCheckFunctionAccess + 38 805EB386 91 Bytes [00, C0, EB, E2, 3B, 71, 2C, ...]
PAGE ntoskrnl.exe!LsaFreeReturnBuffer + 45 805EB3E2 38 Bytes CALL 80595208 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!LsaFreeReturnBuffer + 6C 805EB409 10 Bytes [FF, BE, 9A, 00, 00, C0, E9, ...]
PAGE ntoskrnl.exe!LsaFreeReturnBuffer + 77 805EB414 52 Bytes CALL 80572793 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!LsaFreeReturnBuffer + AC 805EB449 43 Bytes [FF, 8D, 51, 28, 8B, 0A, 3B, ...]
PAGE ntoskrnl.exe!LsaFreeReturnBuffer + D8 805EB475 98 Bytes [24, 0C, 3C, 08, 57, 8B, 3D, ...]
PAGE ntoskrnl.exe!ZwSetTimerResolution + 40 805EB4D8 7 Bytes [00, 8B, 78, 44, 83, 65, E4]
PAGE ntoskrnl.exe!ZwSetTimerResolution + 48 805EB4E0 71 Bytes CALL 805EB70F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetTimerResolution + 90 805EB528 23 Bytes [FF, 15, FC, 80, 4D, 80, 8B, ...]
PAGE ntoskrnl.exe!ZwSetTimerResolution + A8 805EB540 11 Bytes [64, A1, 24, 01, 00, 00, 80, ...]
PAGE ntoskrnl.exe!ZwSetTimerResolution + B4 805EB54C 7 Bytes [00, 74, 78, C7, 45, FC, 01]
PAGE ...
? spdy.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload F71348AC 5 Bytes JMP 862591D8
.text avs2z3ic.SYS F70C0386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text avs2z3ic.SYS F70C03AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text avs2z3ic.SYS F70C03C4 3 Bytes [00, 80, 02]
.text avs2z3ic.SYS F70C03C9 1 Byte [30]
.text avs2z3ic.SYS F70C03C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 863DB2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F73ADDDC] spdy.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73ADE30] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7383042] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F738313E] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73830C0] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7383800] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73836D6] spdy.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 862592D8
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 863691F8
Device \FileSystem\Fastfat \FatCdrom 860A11F8
Device \Driver\PCI_PNP0834 \Device\00000043 spdy.sys
Device \Driver\usbuhci \Device\USBPDO-0 862581F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 863D91F8
Device \Driver\dmio \Device\DmControl\DmConfig 863D91F8
Device \Driver\dmio \Device\DmControl\DmPnP 863D91F8
Device \Driver\dmio \Device\DmControl\DmInfo 863D91F8
Device \Driver\usbuhci \Device\USBPDO-1 862581F8
Device \Driver\usbuhci \Device\USBPDO-2 862581F8

hokage · #22 Příspěvek od **hokage** » 16 kvě 2010 17:54

Device \Driver\usbuhci \Device\USBPDO-3 862581F8
Device \Driver\usbehci \Device\USBPDO-4 8622B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8636B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8636B1F8
Device \Driver\Cdrom \Device\CdRom0 8621F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8636B1F8
Device \Driver\Cdrom \Device\CdRom1 8621F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbuhci \Device\USBFDO-0 862581F8
Device \Driver\usbuhci \Device\USBFDO-1 862581F8
Device \Driver\sptd \Device\156420834 spdy.sys
Device \Driver\usbuhci \Device\USBFDO-2 862581F8
Device \Driver\usbuhci \Device\USBFDO-3 862581F8
Device \Driver\usbehci \Device\USBFDO-4 8622B1F8
Device \Driver\Ftdisk \Device\FtControl 8636B1F8
Device \Driver\avs2z3ic \Device\Scsi\avs2z3ic1 8620D1F8
Device \Driver\avs2z3ic \Device\Scsi\avs2z3ic1Port3Path0Target0Lun0 8620D1F8
Device \FileSystem\Fastfat \Fat 860A11F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 860C2458

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0xA9 0xC3 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x76 0x65 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3B 0x56 0x3D 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0xA9 0xC3 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x76 0x65 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3B 0x56 0x3D 0x01 ...

---- EOF - GMER 1.0.15 ----
805BB195 42 Bytes [3B, DE, 0F, 84, 21, 40, 03, ...]
PAGE ntoskrnl.exe!IoQueryVolumeInformation + C4 805BB1C0 151 Bytes [6A, 01, 89, 40, 04, 89, 00, ...]
PAGE ntoskrnl.exe!IoQueryVolumeInformation + 15C 805BB258 3 Bytes CALL 804E3BB3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoQueryVolumeInformation + 160 805BB25C 17 Bytes [8B, F8, 3B, FE, 0F, 8C, 71, ...]
PAGE ntoskrnl.exe!IoQueryVolumeInformation + 172 805BB26E 7 Bytes [50, 56, 56, 68, 18, 10, 04]
PAGE ...
PAGE ntoskrnl.exe!IoRegisterShutdownNotification + 2C 805BB92E 6 Bytes [8B, D7, B9, 60, 0E, 56]
PAGE ntoskrnl.exe!IoRegisterShutdownNotification + 33 805BB935 56 Bytes CALL 8050BB04 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoRegisterShutdownNotification + 6C 805BB96E 17 Bytes [5F, 9B, 03, 00, 50, E8, DB, ...]
PAGE ntoskrnl.exe!IoRegisterShutdownNotification + 7E 805BB980 248 Bytes [8B, C7, 5F, 5E, 5D, C2, 04, ...]
PAGE ntoskrnl.exe!IoRegisterShutdownNotification + 177 805BBA79 49 Bytes [A2, 69, 80, C3, 90, 90, 90, ...]
PAGE ntoskrnl.exe!ZwDisplayString + 29 805BBAAB 4 Bytes [35, 90, AC, 69]
PAGE ntoskrnl.exe!ZwDisplayString + 2E 805BBAB0 138 Bytes CALL 8057898F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwDisplayString + B9 805BBB3B 7 Bytes [0F, B7, 4D, D2, 8B, 75, D4] {MOVZX ECX, [EBP-0x2e]; MOV ESI, [EBP-0x2c]}
PAGE ntoskrnl.exe!ZwDisplayString + C1 805BBB43 36 Bytes JMP 0C01AE4A
PAGE ntoskrnl.exe!ZwDisplayString + E6 805BBB68 51 Bytes CALL 80551005 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ExCreateCallback + 19 805BBD9C 82 Bytes [00, 8D, 45, FC, 50, 53, 53, ...]
PAGE ntoskrnl.exe!ExCreateCallback + 6C 805BBDEF 42 Bytes CALL 805AEE89 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ExCreateCallback + 97 805BBE1A 40 Bytes JMP 80585E70 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ExCreateCallback + C0 805BBE43 27 Bytes [8B, 75, 2C, C7, 46, 0C, 34, ...]
PAGE ntoskrnl.exe!ExCreateCallback + DC 805BBE5F 32 Bytes [83, 26, 00, C6, 46, 0A, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlGetSaclSecurityDescriptor + 2A 805BBF2A 19 Bytes [33, C0, 5D, C2, 10, 00, 90, ...] {XOR EAX, EAX; POP EBP; RET 0x10; NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]}
PAGE ntoskrnl.exe!RtlGetOwnerSecurityDescriptor + 9 805BBF3E 145 Bytes [38, 01, 0F, 85, 54, CD, 04, ...]
PAGE ntoskrnl.exe!RtlGetGroupSecurityDescriptor + 59 805BBFD0 5 Bytes [F1, C7, 45, F0, 01]
PAGE ntoskrnl.exe!RtlGetGroupSecurityDescriptor + 5F 805BBFD6 66 Bytes JMP 8057179E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlBalanceReads + 37 805BC019 22 Bytes [FF, 3B, C3, 0F, 84, 02, 16, ...]
PAGE ntoskrnl.exe!FsRtlBalanceReads + 4F 805BC031 21 Bytes [75, 10, 53, 53, 53, 53, 8D, ...]
PAGE ntoskrnl.exe!FsRtlBalanceReads + 65 805BC047 7 Bytes [00, 90, 90, 90, 90, 90, 8B]
PAGE ntoskrnl.exe!FsRtlBalanceReads + 6D 805BC04F 48 Bytes [55, 8B, EC, 83, EC, 78, A1, ...]
PAGE ntoskrnl.exe!FsRtlBalanceReads + 9E 805BC080 26 Bytes [8D, 45, CC, 50, 51, 8D, 45, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlFreeRangeList + 6E 805BC400 41 Bytes [AF, 04, 00, 8B, F8, 83, C0, ...]
PAGE ntoskrnl.exe!RtlFreeRangeList + 98 805BC42A 129 Bytes [08, 75, C4, 8B, 45, FC, EB, ...]
PAGE ntoskrnl.exe!RtlCopyRangeList + 38 805BC4AC 3 Bytes CALL 805BC438 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlCopyRangeList + 3C 805BC4B0 52 Bytes [85, C0, 0F, 84, 64, AE, 04, ...]
PAGE ntoskrnl.exe!RtlCopyRangeList + 71 805BC4E5 26 Bytes [FC, 00, 80, 62, 19, FD, 56, ...]
PAGE ntoskrnl.exe!RtlCopyRangeList + 8C 805BC500 51 Bytes [8B, 41, 04, 39, 42, 0C, 72, ...]
PAGE ntoskrnl.exe!RtlCopyRangeList + C0 805BC534 11 Bytes [00, 72, 0A, 8B, 02, 39, 01, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlDeleteOwnersRanges + 22 805BC696 62 Bytes [74, 2B, F6, 41, 1A, 01, 75, ...]
PAGE ntoskrnl.exe!RtlDeleteOwnersRanges + 61 805BC6D5 16 Bytes JMP 8059DC31 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlDeleteOwnersRanges + 72 805BC6E6 18 Bytes CALL 84B55007
PAGE ntoskrnl.exe!RtlDeleteOwnersRanges + 85 805BC6F9 16 Bytes [FF, 55, 8B, EC, 56, 57, 6A, ...] {CALL [EBP-0x75]; IN AL, DX ; PUSH ESI; PUSH EDI; PUSH 0x0; PUSH 0x1; MOV ESI, 0x2001f; PUSH ESI}
PAGE ntoskrnl.exe!RtlDeleteOwnersRanges + 96 805BC70A 25 Bytes [75, 0C, 8D, 45, 08, FF, 75, ...]
PAGE ...
PAGE ntoskrnl.exe!IoReportResourceUsage + 1F 805BD336 2 Bytes [03, 00] {ADD EAX, [EAX]}
PAGE ntoskrnl.exe!IoReportResourceUsage + 22 805BD339 19 Bytes [75, 28, FF, 75, 24, FF, 75, ...]
PAGE ntoskrnl.exe!IoReportResourceUsage + 37 805BD34E 12 Bytes CALL 805BD28B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoReportResourceUsage + 44 805BD35B 61 Bytes [24, 00, 0F, B7, 00, 03, D8, ...]
PAGE ntoskrnl.exe!IoReportResourceUsage + 82 805BD399 163 Bytes [66, 39, 13, 0F, 84, B7, 5C, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlInitializeUnicodePrefix + 2 805BDBE3 116 Bytes [55, 8B, EC, 8B, 45, 08, 66, ...]
PAGE ntoskrnl.exe!RtlInitializeUnicodePrefix + 77 805BDC58 69 Bytes CALL 805BC4D9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlInitializeUnicodePrefix + BD 805BDC9E 73 Bytes [FF, 75, 08, BE, 80, C5, 55, ...]
PAGE ntoskrnl.exe!RtlInitializeUnicodePrefix + 108 805BDCE9 79 Bytes [6A, 00, FF, 75, 14, E8, F3, ...]
PAGE ntoskrnl.exe!IoReportResourceForDetection + 3C 805BDD39 92 Bytes [FF, 5E, 5B, 5D, C2, 1C, 00, ...]
PAGE ntoskrnl.exe!IoReportResourceForDetection + 99 805BDD96 13 Bytes [75, 0E, 39, 78, 0C, 72, 09, ...] {JNZ 0x10; CMP [EAX+0xc], EDI; JB 0x10; MOV ECX, [EAX+0x8]; MOV ECX, [EAX+ECX]}
PAGE ntoskrnl.exe!IoReportResourceForDetection + A7 805BDDA4 50 Bytes CALL 805511E2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoReportResourceForDetection + DB 805BDDD8 3 Bytes [43, 02, 00] {INC EBX; ADD AL, [EAX]}
PAGE ntoskrnl.exe!IoReportResourceForDetection + DF 805BDDDC 1 Byte [BB]
PAGE ...
PAGE ntoskrnl.exe!IoReadPartitionTable + 16 805BEA04 25 Bytes [BF, 46, 73, 74, 62, 57, 50, ...]
PAGE ntoskrnl.exe!IoReadPartitionTable + 30 805BEA1E 126 Bytes [00, C6, 45, FF, 01, E8, DD, ...]
PAGE ntoskrnl.exe!IoReadPartitionTable + AF 805BEA9D 105 Bytes [10, 00, 00, 39, 45, E0, 89, ...]
PAGE ntoskrnl.exe!IoReadPartitionTable + 119 805BEB07 52 Bytes [00, 8B, 48, 60, 80, 49, DE, ...]
PAGE ntoskrnl.exe!IoReadPartitionTable + 14F 805BEB3D 56 Bytes [80, 0F, 84, 10, F8, 02, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlSelfRelativeToAbsoluteSD + 31 805BECB4 83 Bytes [4D, F8, 51, 8D, 4D, EC, 51, ...]
PAGE ntoskrnl.exe!RtlSelfRelativeToAbsoluteSD + 85 805BED08 86 Bytes [75, 0C, 51, FF, 75, 08, 56, ...]
PAGE ntoskrnl.exe!RtlSelfRelativeToAbsoluteSD + DD 805BED60 77 Bytes CALL 804DADC1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSelfRelativeToAbsoluteSD + 12B 805BEDAE 108 Bytes [8B, 5D, F4, 8D, 4B, 10, 8B, ...]
PAGE ntoskrnl.exe!RtlSelfRelativeToAbsoluteSD + 198 805BEE1B 119 Bytes [C9, C2, 0C, 00, FF, 45, DC, ...]
PAGE ...
PAGE ntoskrnl.exe!IoAssignDriveLetters + 9 805C07A6 159 Bytes [00, 00, A1, 60, A3, 55, 80, ...]
PAGE ntoskrnl.exe!IoAssignDriveLetters + A9 805C0846 7 Bytes [53, 56, FF, 35, 30, 30, 55]
PAGE ntoskrnl.exe!IoAssignDriveLetters + B1 805C084E 2 Bytes [FF, B5]
PAGE ntoskrnl.exe!IoAssignDriveLetters + B4 805C0851 71 Bytes CALL 805061FB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoAssignDriveLetters + FC 805C0899 24 Bytes [50, 8D, 85, 2C, FF, FF, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!MmGetSystemRoutineAddress + 10 805C0E68 1 Byte [8D]
PAGE ntoskrnl.exe!MmGetSystemRoutineAddress + 10 805C0E68 57 Bytes CALL 09AD04A0
PAGE ntoskrnl.exe!MmGetSystemRoutineAddress + 4A 805C0EA2 5 Bytes [00, 6A, 01, 8B, F8] {ADD [EDX+0x1], CH; MOV EDI, EAX}
PAGE ntoskrnl.exe!MmGetSystemRoutineAddress + 50 805C0EA8 4 Bytes [8F, D4, 00, 00]
PAGE ntoskrnl.exe!MmGetSystemRoutineAddress + 55 805C0EAD 39 Bytes [68, E0, 34, 56, 80, E8, C9, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD + 1 805C1475 37 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
PAGE ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD + 28 805C149C 16 Bytes [C0, 75, 19, 89, 7E, 30, 6A, ...]
PAGE ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD + 3A 805C14AE 7 Bytes [8B, F9, 89, 55, 14, E9, 96]
PAGE ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD + 43 805C14B7 2 Bytes [00, 33] {ADD [EBX], DH}
PAGE ntoskrnl.exe!RtlAbsoluteToSelfRelativeSD + 46 805C14BA 41 Bytes JMP 805C154E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlAddRange + 70 805C1F6B 16 Bytes [C0, EB, EF, 80, FA, F0, 0F, ...]
PAGE ntoskrnl.exe!RtlAddRange + 81 805C1F7C 10 Bytes [01, 83, C0, 20, EB, 79, 90, ...] {ADD [EBX+0x79eb20c0], EAX; NOP ; NOP ; NOP ; NOP }
PAGE ntoskrnl.exe!RtlAddRange + 8C 805C1F87 12 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; SUB ESP, 0x44; MOV EAX, [EBP+0xc]; PUSH ESI}
PAGE ntoskrnl.exe!RtlAddRange + 99 805C1F94 23 Bytes [F6, 89, 30, 8B, 45, 08, 57, ...]
PAGE ntoskrnl.exe!RtlAddRange + B1 805C1FAC 42 Bytes [8B, 0F, 83, 65, EC, 00, 03, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlFindRange + A 805C2342 21 Bytes [1C, 53, 56, 8B, 75, 18, 57, ...]
PAGE ntoskrnl.exe!RtlFindRange + 22 805C235A 20 Bytes CALL 804DA815 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlFindRange + 37 805C236F 4 Bytes [87, BE, 09, 00]
PAGE ntoskrnl.exe!RtlFindRange + 3C 805C2374 142 Bytes [8B, 45, 14, 72, 09, 39, 45, ...]
PAGE ntoskrnl.exe!RtlFindRange + CB 805C2403 10 Bytes [75, 08, 83, C6, FF, 88, 4D, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlDeleteRegistryValue + 70 805C2DB1 41 Bytes [83, C6, 08, 89, 37, E9, F2, ...]
PAGE ntoskrnl.exe!RtlDeleteRegistryValue + 9B 805C2DDC 100 Bytes [00, 00, 89, 59, 1C, 89, 41, ...]
PAGE ntoskrnl.exe!RtlDeleteRegistryValue + 100 805C2E41 100 Bytes [70, 73, 75, 89, 75, F8, C1, ...]
PAGE ntoskrnl.exe!RtlDeleteRegistryValue + 165 805C2EA6 182 Bytes [59, 03, 66, 89, 59, 06, 89, ...]
PAGE ntoskrnl.exe!RtlDeleteRegistryValue + 21C 805C2F5D 32 Bytes [42, 0C, 89, 07, EB, AE, 90, ...]
PAGE ...
PAGE ntoskrnl.exe!IoGetDmaAdapter + 1C 805C3C41 5 Bytes [81, B0, 00, 00, 00]
PAGE ntoskrnl.exe!IoGetDmaAdapter + 22 805C3C47 38 Bytes [40, 14, 3B, C3, 0F, 84, 09, ...]
PAGE ntoskrnl.exe!IoGetDmaAdapter + 49 805C3C6E 125 Bytes [84, 91, 0E, 00, 00, 89, 75, ...]
PAGE ntoskrnl.exe!IoGetDmaAdapter + C7 805C3CEC 4 Bytes [81, FF, 03, 01]
PAGE ntoskrnl.exe!IoGetDmaAdapter + CD 805C3CF2 37 Bytes [0F, 84, 48, F6, 02, 00, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!IoForwardAndCatchIrp + 2 805C5622 53 Bytes [55, 8B, EC, 83, EC, 10, 8B, ...]
PAGE ntoskrnl.exe!IoForwardAndCatchIrp + 38 805C5658 40 Bytes [24, 88, 5D, F0, C6, 45, F2, ...]
PAGE ntoskrnl.exe!IoForwardAndCatchIrp + 61 805C5681 16 Bytes [0F, 84, AA, CF, 02, 00, 5F, ...]
PAGE ntoskrnl.exe!IoForwardAndCatchIrp + 72 805C5692 83 Bytes CALL 817FB280

hokage · #23 Příspěvek od **hokage** » 16 kvě 2010 17:54

PAGE ntoskrnl.exe!IoForwardAndCatchIrp + C6 805C56E6 99 Bytes [6F, 00, 72, 00, 00, 00, CC, ...]
PAGE ...
PAGE ntoskrnl.exe!MmUnmapVideoDisplay + 44 805C59F6 9 Bytes [69, 00, 63, 00, 65, 00, 44, ...]
PAGE ntoskrnl.exe!MmUnmapVideoDisplay + 4E 805C5A00 4 Bytes [73, 00, 63, 00] {JAE 0x2; ARPL [EAX], AX}
PAGE ntoskrnl.exe!MmUnmapVideoDisplay + 54 805C5A06 6 Bytes [00, 00, B8, 12, 5A, 5C]
PAGE ntoskrnl.exe!MmUnmapVideoDisplay + 5B 805C5A0D 16 Bytes JMP 8059C011 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!MmUnmapVideoDisplay + 6C 805C5A1E 65 Bytes [6C, 00, 79, 00, 4E, 00, 61, ...]
PAGE ...
PAGE ntoskrnl.exe!IoCreateController + 87 805C5B04 38 Bytes [08, 66, C7, 00, 02, 00, 8B, ...]
PAGE ntoskrnl.exe!IoCreateController + AE 805C5B2B 35 Bytes [08, 5F, 5E, 5B, C9, C2, 04, ...]
PAGE ntoskrnl.exe!MmAllocateMappingAddress + 12 805C5B4F 71 Bytes [00, C1, EE, 0C, 0F, 84, C9, ...]
PAGE ntoskrnl.exe!MmAllocateMappingAddress + 5A 805C5B97 52 Bytes [01, 8B, FA, 0F, 85, A6, 4B, ...]
PAGE ntoskrnl.exe!PoQueueShutdownWorkItem + 1A 805C5BCC 13 Bytes [00, 74, 2B, 8B, 0D, 04, 95, ...]
PAGE ntoskrnl.exe!PoQueueShutdownWorkItem + 28 805C5BDA 3 Bytes [00, 95, 56]
PAGE ntoskrnl.exe!PoQueueShutdownWorkItem + 2C 805C5BDE 9 Bytes [89, 48, 04, 89, 01, A3, 04, ...]
PAGE ntoskrnl.exe!PoQueueShutdownWorkItem + 36 805C5BE8 9 Bytes [33, FF, 8B, CE, FF, 15, 1C, ...]
PAGE ntoskrnl.exe!PoQueueShutdownWorkItem + 40 805C5BF2 7 Bytes [8B, C7, 5F, 5E, 5D, C2, 04]
PAGE ...
PAGE ntoskrnl.exe!IoRegisterDriverReinitialization + E 805C5D10 46 Bytes CALL 80551005 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoRegisterDriverReinitialization + 3D 805C5D3F 108 Bytes JMP 805AF021 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoRegisterDriverReinitialization + AA 805C5DAC 22 Bytes [00, 0F, B6, 47, 0E, 8B, CF, ...]
PAGE ntoskrnl.exe!IoRegisterDriverReinitialization + C1 805C5DC3 51 Bytes [0F, 85, 17, 97, 03, 00, 3B, ...]
PAGE ntoskrnl.exe!IoRegisterDriverReinitialization + F5 805C5DF7 14 Bytes JMP 8059D324 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoCreateSynchronizationEvent + 32 805C68CB 64 Bytes [00, 89, 75, F4, 89, 75, F8, ...]
PAGE ntoskrnl.exe!IoCreateSynchronizationEvent + 73 805C690C 6 Bytes [90, 90, 90, 90, 90, 8B]
PAGE ntoskrnl.exe!IoRegisterBootDriverReinitialization + 2 805C6913 28 Bytes [55, 8B, EC, 68, 49, 6F, 52, ...]
PAGE ntoskrnl.exe!IoRegisterBootDriverReinitialization + 1F 805C6930 29 Bytes [48, 08, 8B, 4D, 0C, 89, 48, ...]
PAGE ntoskrnl.exe!IoRegisterBootDriverReinitialization + 3D 805C694E 3 Bytes [83, F8, 20] {CMP EAX, 0x20}
PAGE ntoskrnl.exe!IoRegisterBootDriverReinitialization + 42 805C6953 45 Bytes [B4, 88, FE, FF, B9, 78, 0E, ...]
PAGE ntoskrnl.exe!IoRegisterBootDriverReinitialization + 70 805C6981 54 Bytes [00, 8B, 85, D0, FE, FF, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlIsRangeAvailable + 2E 805C808A 69 Bytes [75, 24, 33, C9, 8A, C8, 6A, ...]
PAGE ntoskrnl.exe!RtlIsRangeAvailable + 74 805C80D0 61 Bytes [0C, 8D, 45, F8, 50, E8, 93, ...]
PAGE ntoskrnl.exe!RtlUpperString + 18 805C810E 1 Byte [B7]
PAGE ntoskrnl.exe!RtlUpperString + 18 805C810E 114 Bytes [B7, 00, 66, 3B, C2, 0F, 87, ...]
PAGE ntoskrnl.exe!RtlUpperString + 8B 805C8181 31 Bytes CALL 1560B48E
PAGE ntoskrnl.exe!RtlUpperString + AC 805C81A2 44 Bytes [00, 00, 96, 30, 07, 77, 2C, ...]
PAGE ntoskrnl.exe!RtlUpperString + D9 805C81CF 736 Bytes [97, 2B, 4C, B6, 09, BD, 7C, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwCreateKeyedEvent + 18 805C86DA 17 Bytes [88, 45, E0, 33, DB, 89, 5D, ...]
PAGE ntoskrnl.exe!ZwCreateKeyedEvent + 2A 805C86EC 37 Bytes [08, 89, 18, 83, 4D, FC, FF, ...]
PAGE ntoskrnl.exe!ZwCreateKeyedEvent + 50 805C8712 62 Bytes CALL 8056D523 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwCreateKeyedEvent + 8F 805C8751 106 Bytes CALL 804E2EDE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwCreateKeyedEvent + FA 805C87BC 35 Bytes JMP 805C4733 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ObCreateObjectType + 9 805CBC57 66 Bytes [45, 0C, 8B, 48, 20, 53, 56, ...]
PAGE ntoskrnl.exe!ObCreateObjectType + 4C 805CBC9A 59 Bytes [00, 38, 58, 1D, 0F, 85, AC, ...]
PAGE ntoskrnl.exe!ObCreateObjectType + 88 805CBCD6 17 Bytes [3B, FB, C6, 45, E6, 00, 89, ...]
PAGE ntoskrnl.exe!ObCreateObjectType + 9A 805CBCE8 27 Bytes [FF, 74, 53, C7, 45, E8, 34, ...]
PAGE ntoskrnl.exe!ObCreateObjectType + B6 805CBD04 77 Bytes [00, 00, 5A, 33, C0, F0, 0F, ...]
PAGE ...
PAGE ntoskrnl.exe!IoGetBootDiskInformation + 93 805CC7C0 5 Bytes [89, 9D, E8, FE, FF]
PAGE ntoskrnl.exe!IoGetBootDiskInformation + 99 805CC7C6 4 Bytes [0F, 86, 63, 01]
PAGE ntoskrnl.exe!IoGetBootDiskInformation + 9F 805CC7CC 16 Bytes CALL 0E5CC7CF
PAGE ntoskrnl.exe!IoGetBootDiskInformation + B0 805CC7DD 5 Bytes [50, E8, 1B, 9A, F3]
PAGE ntoskrnl.exe!IoGetBootDiskInformation + B6 805CC7E3 68 Bytes [83, C4, 0C, 8D, 85, 7C, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwLockRegistryKey + 1E 805CCF1B 23 Bytes [35, 78, AC, 69, 80, E8, 6A, ...]
PAGE ntoskrnl.exe!ZwLockRegistryKey + 36 805CCF33 9 Bytes [35, 84, B3, 69, 80, 68, 06, ...]
PAGE ntoskrnl.exe!ZwLockRegistryKey + 40 805CCF3D 55 Bytes CALL 8056C556 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwLockRegistryKey + 78 805CCF75 168 Bytes [00, C0, EB, F5, 90, 90, 90, ...]
PAGE ntoskrnl.exe!ZwLockRegistryKey + 121 805CD01E 273 Bytes [57, 81, C1, 0C, 01, 00, 00, ...]
PAGE ntoskrnl.exe!RtlInitCodePageTable + A9 805CD130 134 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...]
PAGE ntoskrnl.exe!RtlInitCodePageTable + 130 805CD1B7 122 Bytes [8B, F8, 85, FF, 89, 7D, E8, ...]
PAGE ntoskrnl.exe!RtlInitCodePageTable + 1AB 805CD232 24 Bytes [4D, F0, 89, 4D, F4, 75, E4, ...]
PAGE ntoskrnl.exe!RtlInitCodePageTable + 1C4 805CD24B 43 Bytes [4D, 14, 8B, 7D, FC, 8B, D9, ...]
PAGE ntoskrnl.exe!RtlInitCodePageTable + 1F0 805CD277 126 Bytes [89, 75, EC, 72, 8A, 8B, C7, ...]
PAGE ...
PAGE ntoskrnl.exe!IoReportDetectedDevice + A 805CDE3E 10 Bytes [00, A1, 60, A3, 55, 80, 89, ...]
PAGE ntoskrnl.exe!IoReportDetectedDevice + 15 805CDE49 84 Bytes [18, 53, 56, 8B, 75, 08, 33, ...]
PAGE ntoskrnl.exe!IoReportDetectedDevice + 6A 805CDE9E 24 Bytes [89, 1F, 8B, 7E, 18, 83, C7, ...]
PAGE ntoskrnl.exe!IoReportDetectedDevice + 84 805CDEB8 2 Bytes [60, FE]
PAGE ntoskrnl.exe!IoReportDetectedDevice + 88 805CDEBC 7 Bytes [50, FF, 75, 14, FF, 75, 10] {PUSH EAX; PUSH DWORD [EBP+0x14]; PUSH DWORD [EBP+0x10]}
PAGE ...
PAGE ntoskrnl.exe!IoRegisterFsRegistrationChange + F 805CE9F1 65 Bytes CALL 804DA3A3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoRegisterFsRegistrationChange + 51 805CEA33 75 Bytes [6A, 00, 89, 30, 89, 48, 04, ...]
PAGE ntoskrnl.exe!IoRegisterFsRegistrationChange + 9D 805CEA7F 41 Bytes [35, 78, 0E, 56, 80, BF, 78, ...]
PAGE ntoskrnl.exe!IoRegisterFsRegistrationChange + C7 805CEAA9 16 Bytes [33, C0, 5F, 5E, 5B, 5D, C2, ...]
PAGE ntoskrnl.exe!IoRegisterFsRegistrationChange + D8 805CEABA 16 Bytes [00, 00, 68, A8, EB, 52, 80, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlCreateUnicodeString + 1C 805CF701 30 Bytes [85, C0, 8B, 55, 08, 89, 42, ...]
PAGE ntoskrnl.exe!RtlCreateUnicodeString + 3B 805CF720 66 Bytes [5A, 02, 83, C3, FE, 66, 89, ...]
PAGE ntoskrnl.exe!RtlCreateUnicodeString + 7E 805CF763 1 Byte [FF]
PAGE ntoskrnl.exe!RtlCreateUnicodeString + 7E 805CF763 19 Bytes [FF, 8B, F0, 3B, F3, 7C, 33, ...] {DEC DWORD [EBX+0x7cf33bf0]; XOR EDI, EDI; JNZ 0xffffffffffffffea; LEA EAX, [EDI+0x18]; PUSH DWORD [EBP-0x24]; PUSH DWORD [EBP-0x28]}
PAGE ntoskrnl.exe!RtlCreateUnicodeString + 92 805CF777 51 Bytes CALL 805CBB2D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlInitializeRangeList + 92 805CFB29 15 Bytes [FF, 55, 8B, EC, 56, 57, 8B, ...]
PAGE ntoskrnl.exe!RtlInitializeRangeList + A2 805CFB39 28 Bytes [00, 00, 8B, 70, 14, 8B, 46, ...]
PAGE ntoskrnl.exe!RtlInitializeRangeList + BF 805CFB56 4 Bytes [FF, 0D, 00, 04]
PAGE ntoskrnl.exe!RtlInitializeRangeList + C5 805CFB5C 41 Bytes CALL 80507B2A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlInitializeRangeList + EF 805CFB86 57 Bytes [57, 8D, 45, 08, 50, 0F, 95, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlQueryTimeZoneInformation + 5C 805D04BF 46 Bytes [5D, F4, 66, C7, 45, F6, 40, ...]
PAGE ntoskrnl.exe!RtlQueryTimeZoneInformation + 8B 805D04EE 24 Bytes [45, 9C, 89, 45, B8, 8D, 82, ...]
PAGE ntoskrnl.exe!RtlQueryTimeZoneInformation + A4 805D0507 30 Bytes [89, 30, 53, 89, 45, C0, 8D, ...]
PAGE ntoskrnl.exe!RtlQueryTimeZoneInformation + C3 805D0526 17 Bytes [00, 40, C7, 85, 14, FF, FF, ...]
PAGE ntoskrnl.exe!RtlQueryTimeZoneInformation + D5 805D0538 43 Bytes [C7, 85, 30, FF, FF, FF, 74, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToMultiByteN + 2 805D2203 66 Bytes [55, 8B, EC, 51, 51, 53, 8B, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToMultiByteN + 45 805D2246 6 Bytes [8D, 3C, 4A, 83, F9, 0F] {LEA EDI, [EDX+ECX*2]; CMP ECX, 0xf}
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToMultiByteN + 4C 805D224D 12 Bytes [87, 2E, F8, FF, FF, FF, 24, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToMultiByteN + 59 805D225A 131 Bytes [B7, 4F, FE, 0F, B6, 0C, 01, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToMultiByteN + DD 805D22DE 7 Bytes [90, 6A, 20, 68, F8, 27, 51]
PAGE ntoskrnl.exe!ZwCancelIoFile + 7 805D22E6 13 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwCancelIoFile + 15 805D22F4 116 Bytes [00, 8B, F0, 8A, 86, 40, 01, ...]
PAGE ntoskrnl.exe!ZwCancelIoFile + 8A 805D2369 68 Bytes [4D, E0, 39, 48, 64, 75, 0A, ...]
PAGE ntoskrnl.exe!ZwCancelIoFile + CF 805D23AE 14 Bytes [D3, 8B, 16, 3B, F2, 75, 31, ...] {ROR DWORD [EBX+0x75f23b16], CL; XOR [EDX-0x7f280038], ECX; JGE 0xfffffffffffffff5}
PAGE ntoskrnl.exe!ZwCancelIoFile + DE 805D23BD 3 Bytes [75, DB, C7]
PAGE ...
PAGE ntoskrnl.exe!ZwWriteFileGather + 2C 805D25F8 41 Bytes [88, 45, D4, 8D, 45, 90, 50, ...]
PAGE ntoskrnl.exe!ZwWriteFileGather + 56 805D2622 81 Bytes [00, 8B, 45, 94, 89, 45, B8, ...]
PAGE ntoskrnl.exe!ZwWriteFileGather + A8 805D2674 137 Bytes JMP 01362985
PAGE ntoskrnl.exe!ZwWriteFileGather + 132 805D26FE 31 Bytes [A5, 8B, CA, 83, E1, 03, F3, ...]
PAGE ntoskrnl.exe!ZwWriteFileGather + 152 805D271E 30 Bytes [00, 00, 33, C9, 0B, C1, 0F, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlInitializeTunnelCache + F 805D2C5F 50 Bytes [00, 89, 50, 04, 89, 50, 08, ...]
PAGE ntoskrnl.exe!FsRtlInitializeTunnelCache + 42 805D2C92 31 Bytes [75, D0, 8B, 5D, CC, E9, 49, ...]
PAGE ntoskrnl.exe!FsRtlInitializeTunnelCache + 62 805D2CB2 4 Bytes [6A, 00, B2, 01] {PUSH 0x0; MOV DL, 0x1}
PAGE ntoskrnl.exe!FsRtlInitializeTunnelCache + 67 805D2CB7 3 Bytes CALL 804ECB19 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlInitializeTunnelCache + 6B 805D2CBB 20 Bytes JMP 8057BE04 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlDeleteTunnelCache + B 805D2CD0 38 Bytes [00, 74, 20, 8B, 45, 08, 83, ...]
PAGE ntoskrnl.exe!FsRtlDeleteTunnelCache + 32 805D2CF7 139 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!IoCreateStreamFileObject + 87 805D2D83 44 Bytes [85, C0, 0F, 84, BF, 48, 03, ...]
PAGE ntoskrnl.exe!IoCreateStreamFileObject + B4 805D2DB0 62 Bytes JMP 805A9528 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoCreateStreamFileObject + F3 805D2DEF 3 Bytes JMP 80588679 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoCreateStreamFileObject + F7 805D2DF3 13 Bytes [0F, B6, C0, 2B, F0, 83, EE, ...]
PAGE ntoskrnl.exe!IoCreateStreamFileObject + 105 805D2E01 67 Bytes [8D, 46, 0C, 83, C9, FF, F0, ...]
PAGE ...
PAGE ntoskrnl.exe!IoCreateSymbolicLink + 4 805D2F03 49 Bytes [EC, 83, EC, 18, 8B, 45, 08, ...]
PAGE ntoskrnl.exe!IoCreateSymbolicLink + 36 805D2F35 7 Bytes [C7, 45, F4, 50, 02, 00, 00] {MOV DWORD [EBP-0xc], 0x250}
PAGE ntoskrnl.exe!IoCreateSymbolicLink + 3E 805D2F3D 17 Bytes [71, 07, F1, FF, 8B, F0, 85, ...]
PAGE ntoskrnl.exe!IoCreateSymbolicLink + 50 805D2F4F 5 Bytes [8B, C6, 5E, C9, C2]
PAGE ntoskrnl.exe!IoCreateSymbolicLink + 56 805D2F55 115 Bytes [00, 85, C0, 0F, 84, 1C, 57, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlAppendStringToString + 2C 805D30A3 2 Bytes [51, 8B]
PAGE ntoskrnl.exe!RtlAppendStringToString + 2F 805D30A6 110 Bytes [0C, FF, 71, 04, 8B, 4E, 04, ...]
PAGE ntoskrnl.exe!RtlPinAtomInAtomTable + C 805D3115 3 Bytes [FF, 75, 08] {PUSH DWORD [EBP+0x8]}
PAGE ntoskrnl.exe!RtlPinAtomInAtomTable + 10 805D3119 3 Bytes CALL 8056F21D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlPinAtomInAtomTable + 14 805D311D 17 Bytes [84, C0, 0F, 84, F6, 40, 03, ...]
PAGE ntoskrnl.exe!RtlPinAtomInAtomTable + 27 805D3130 97 Bytes [C0, 8B, 75, 0C, 66, 81, FE, ...]
PAGE ntoskrnl.exe!RtlPinAtomInAtomTable + 89 805D3192 55 Bytes CALL 8059D804 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlCreateAtomTable + 14 805D31CA 89 Bytes [5D, 08, 83, FB, 01, 77, 03, ...]
PAGE ntoskrnl.exe!RtlCreateAtomTable + 6E 805D3224 140 Bytes [6F, 6D, 89, 30, 5F, 5E, 5B, ...]
PAGE ntoskrnl.exe!RtlCreateAtomTable + FB 805D32B1 29 Bytes [84, ED, 0F, 89, F7, 5C, 00, ...]
PAGE ntoskrnl.exe!RtlCreateAtomTable + 119 805D32CF 29 Bytes [FF, 0F, 84, FA, 26, FF, FF, ...]
PAGE ntoskrnl.exe!RtlCreateAtomTable + 137 805D32ED 199 Bytes [46, 8D, 45, 8C, 89, 4D, 8C, ...]
PAGE ntoskrnl.exe!RtlAddAce + 3B 805D33B5 109 Bytes [45, 14, 83, 65, 0C, 00, 57, ...]
PAGE ntoskrnl.exe!RtlAddAce + A9 805D3423 22 Bytes [45, 0C, 66, 01, 46, 04, 8A, ...]
PAGE ntoskrnl.exe!RtlAddAce + C0 805D343A 95 Bytes [00, C0, EB, F2, B8, 23, 00, ...]
PAGE ntoskrnl.exe!RtlSetGroupSecurityDescriptor + 1E 805D349A 38 Bytes [55, 0C, 83, 60, 08, 00, 85, ...]
PAGE ntoskrnl.exe!RtlSetGroupSecurityDescriptor + 45 805D34C1 65 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!RtlSetSaclSecurityDescriptor + 3D 805D3503 58 Bytes JMP 80574F7F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSetSaclSecurityDescriptor + 78 805D353E 15 Bytes JMP 805DB6B9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSetSaclSecurityDescriptor + 89 805D354F 44 Bytes JMP 8057519F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSetSaclSecurityDescriptor + B6 805D357C 59 Bytes CALL 804E5658 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSetSaclSecurityDescriptor + F2 805D35B8 4 Bytes [83, C9, FF, F0]
PAGE ...
PAGE ntoskrnl.exe!ZwPrivilegedServiceAuditAlarm + C 805D36D3 163 Bytes [33, DB, 89, 5D, E4, 89, 5D, ...]
PAGE ntoskrnl.exe!ZwPrivilegedServiceAuditAlarm + B0 805D3777 60 Bytes [3B, F0, 0F, 83, 88, 89, 03, ...]
PAGE ntoskrnl.exe!ZwPrivilegedServiceAuditAlarm + ED 805D37B4 10 Bytes [03, 00, 8D, 04, 3E, 3B, C6, ...]
PAGE ntoskrnl.exe!ZwPrivilegedServiceAuditAlarm + F9 805D37C0 6 Bytes [00, 3B, 05, D4, 7E, 56]
PAGE ntoskrnl.exe!ZwPrivilegedServiceAuditAlarm + 100 805D37C7 44 Bytes [0F, 87, 97, 00, 00, 00, 68, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwSetUuidSeed + 99 805D390C 20 Bytes CALL 8056CA99 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetUuidSeed + AE 805D3921 36 Bytes JMP 805AC5A0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetUuidSeed + D3 805D3946 30 Bytes [00, 00, 56, 6A, 01, 6A, 00, ...]
PAGE ntoskrnl.exe!ZwSetUuidSeed + F2 805D3965 69 Bytes [FF, 75, D8, FF, 75, B8, E8, ...]
PAGE ntoskrnl.exe!ZwSetUuidSeed + 138 805D39AB 152 Bytes JMP 805D4548 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwLockProductActivationKeys + A 805D3AAC 101 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwLockProductActivationKeys + 70 805D3B12 79 Bytes [8D, 44, 05, A8, 8B, 10, 8B, ...]
PAGE ntoskrnl.exe!ZwLockProductActivationKeys + C0 805D3B62 3 Bytes [DE, 83, E3]
PAGE ntoskrnl.exe!ZwLockProductActivationKeys + C4 805D3B66 103 Bytes [8B, 1C, 9D, 20, 91, 50, 80, ...]
PAGE ntoskrnl.exe!ZwLockProductActivationKeys + 12D 805D3BCF 11 Bytes [1B, C0, 25, A6, DE, FF, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwFilterToken + 45 805D4272 110 Bytes [8B, 4D, 1C, 3B, C8, 0F, 83, ...]
PAGE ntoskrnl.exe!ZwFilterToken + B4 805D42E1 39 Bytes [83, 4D, FC, FF, 3B, FE, 0F, ...]
PAGE ntoskrnl.exe!ZwFilterToken + DC 805D4309 10 Bytes [6A, 02, FF, 75, 08, E8, 46, ...] {PUSH 0x2; PUSH DWORD [EBP+0x8]; CALL 0xfffffffffff98250}
PAGE ntoskrnl.exe!ZwFilterToken + E7 805D4314 64 Bytes [F8, 3B, FE, 7C, 64, 8B, 5D, ...]
PAGE ntoskrnl.exe!ZwFilterToken + 128 805D4355 74 Bytes CALL 8056DA62 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwLoadKey + 7 805D45CC 72 Bytes [FF, 75, 0C, FF, 75, 08, E8, ...]
PAGE ntoskrnl.exe!ZwLoadKey + 50 805D4615 18 Bytes [0F, 85, 27, 0D, 04, 00, A8, ...]
PAGE ntoskrnl.exe!ZwLoadKey + 63 805D4628 13 Bytes [8B, 8D, D4, FD, FF, FF, 3B, ...]
PAGE ntoskrnl.exe!ZwLoadKey + 71 805D4636 106 Bytes [8B, 49, 08, 89, 8D, 94, FD, ...]
PAGE ntoskrnl.exe!ZwLoadKey + DC 805D46A1 14 Bytes [6A, 06, 59, 8B, B5, D4, FD, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwLoadKey2 + 26 805D474A 63 Bytes [00, 8A, 98, 40, 01, 00, 00, ...]
PAGE ntoskrnl.exe!ZwLoadKey2 + 66 805D478A 128 Bytes [FF, 8B, F0, 3B, F7, 0F, 8C, ...]
PAGE ntoskrnl.exe!ZwLoadKey2 + E7 805D480B 96 Bytes [87, 83, FD, FF, FF, 8D, 45, ...]
PAGE ntoskrnl.exe!ZwLoadKey2 + 148 805D486C 17 Bytes [8D, 45, A8, 50, 68, 19, 00, ...]
PAGE ntoskrnl.exe!ZwLoadKey2 + 15A 805D487E 19 Bytes CALL 80655080 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoGetConfigurationInformation + 5 805D7126 7 Bytes [C3, 90, 90, 90, 90, 90, 8B]
PAGE ntoskrnl.exe!IoCreateUnprotectedSymbolicLink + 2 805D712E 6 Bytes [55, 8B, EC, 83, EC, 18] {PUSH EBP; MOV EBP, ESP; SUB ESP, 0x18}
PAGE ntoskrnl.exe!IoCreateUnprotectedSymbolicLink + 9 805D7135 14 Bytes [45, 08, 83, 65, EC, 00, 83, ...]
PAGE ntoskrnl.exe!IoCreateUnprotectedSymbolicLink + 1A 805D7146 36 Bytes [0C, 89, 45, F0, 8D, 45, E8, ...]
PAGE ntoskrnl.exe!IoCreateUnprotectedSymbolicLink + 3F 805D716B 31 Bytes [F8, 85, FF, 7C, 08, FF, 75, ...]
PAGE ntoskrnl.exe!IoCreateUnprotectedSymbolicLink + 5F 805D718B 3 Bytes JMP 805E4BE5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoSetDeviceInterfaceState + 1 805D7868 2 Bytes [FF, 55]
PAGE ntoskrnl.exe!IoSetDeviceInterfaceState + 4 805D786B 14 Bytes [EC, 56, 57, 64, A1, 24, 01, ...]
PAGE ntoskrnl.exe!IoSetDeviceInterfaceState + 13 805D787A 29 Bytes [6A, 01, BE, 00, 11, 56, 80, ...]

hokage · #24 Příspěvek od **hokage** » 16 kvě 2010 17:55

PAGE ntoskrnl.exe!IoSetDeviceInterfaceState + 31 805D7898 24 Bytes CALL 804DC599 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoSetDeviceInterfaceState + 4A 805D78B1 43 Bytes [0F, 8C, 9A, BF, 01, 00, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!IoDeleteSymbolicLink + 46 805D7EAA 3 Bytes CALL 804E3AD7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!IoDeleteSymbolicLink + 4B 805D7EAF 98 Bytes [F0, 85, F6, 7C, 08, FF, 75, ...]
PAGE ntoskrnl.exe!IoInitializeTimer + 3C 805D7F12 6 Bytes [5F, 8B, 45, 0C, 89, 42]
PAGE ntoskrnl.exe!IoInitializeTimer + 43 805D7F19 18 Bytes [8B, 45, 10, 89, 42, 10, 68, ...]
PAGE ntoskrnl.exe!IoInitializeTimer + 56 805D7F2C 132 Bytes CALL 804E5620 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlGetVersion + 4A 805D7FB1 234 Bytes [25, FF, 00, 66, 89, 86, 16, ...]
PAGE ntoskrnl.exe!RtlGetVersion + 135 805D809C 21 Bytes [76, 03, 89, 45, FC, 8B, 4D, ...]
PAGE ntoskrnl.exe!RtlGetVersion + 14B 805D80B2 39 Bytes [18, 72, BC, 68, 57, 6D, 69, ...]
PAGE ntoskrnl.exe!RtlGetVersion + 173 805D80DA 2 Bytes [45, 14]
PAGE ntoskrnl.exe!RtlGetVersion + 176 805D80DD 26 Bytes [45, FC, 68, 57, 6D, 69, 70, ...]
PAGE ...
PAGE ntoskrnl.exe!IoGetDeviceInterfaceAlias + 12 805D86F9 5 Bytes [0F, 84, 21, 03, 00]
PAGE ntoskrnl.exe!IoGetDeviceInterfaceAlias + 18 805D86FF 3 Bytes [39, 73, 04] {CMP [EBX+0x4], ESI}
PAGE ntoskrnl.exe!IoGetDeviceInterfaceAlias + 1D 805D8704 2 Bytes [18, 03] {SBB [EBX], AL}
PAGE ntoskrnl.exe!IoGetDeviceInterfaceAlias + 21 805D8708 136 Bytes [66, 83, 3B, 51, 0F, 82, 0E, ...]
PAGE ntoskrnl.exe!IoGetDeviceInterfaceAlias + AA 805D8791 64 Bytes [48, 08, FF, 70, 0C, 03, C8, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlRegisterUncProvider + 1 805D9793 74 Bytes [FF, 55, 8B, EC, 83, EC, 10, ...]
PAGE ntoskrnl.exe!FsRtlRegisterUncProvider + 4C 805D97DE 60 Bytes [0F, 84, 40, 40, 01, 00, 68, ...]
PAGE ntoskrnl.exe!FsRtlRegisterUncProvider + 89 805D981B 4 Bytes [8C, 3C, 40, 01]
PAGE ntoskrnl.exe!FsRtlRegisterUncProvider + 91 805D9823 6 Bytes [8B, 4D, FC, FF, 05, 28]
PAGE ntoskrnl.exe!FsRtlRegisterUncProvider + 98 805D982A 37 Bytes [69, 80, 89, 08, 56, 6A, 01, ...]
PAGE ...
PAGE ntoskrnl.exe!SeRegisterLogonSessionTerminatedRoutine + 7 805D9A14 28 Bytes [5D, 08, 85, DB, 0F, 84, 68, ...]
PAGE ntoskrnl.exe!SeRegisterLogonSessionTerminatedRoutine + 24 805D9A31 13 Bytes [F0, 85, F6, 0F, 84, 56, 3B, ...]
PAGE ntoskrnl.exe!SeRegisterLogonSessionTerminatedRoutine + 32 805D9A3F 1 Byte [00]
PAGE ntoskrnl.exe!SeRegisterLogonSessionTerminatedRoutine + 32 805D9A3F 30 Bytes [00, 00, FF, 88, D4, 00, 00, ...]
PAGE ntoskrnl.exe!SeRegisterLogonSessionTerminatedRoutine + 51 805D9A5E 22 Bytes [CF, 89, 35, D8, AE, 69, 80, ...]
PAGE ...
PAGE ntoskrnl.exe!NtDeleteFile + 29 805DB365 9 Bytes [FF, 6A, 18, 33, C0, 59, 8D, ...]
PAGE ntoskrnl.exe!NtDeleteFile + 33 805DB36F 7 Bytes [FF, FF, F3, AB, 88, 85, 54]
PAGE ntoskrnl.exe!NtDeleteFile + 3B 805DB377 6 Bytes [FF, FF, 8D, 85, 6C, FF]
PAGE ntoskrnl.exe!NtDeleteFile + 43 805DB37F 6 Bytes [66, C7, 85, 04, FF, FF]
PAGE ntoskrnl.exe!NtDeleteFile + 4A 805DB386 75 Bytes [08, 00, 66, C7, 85, 06, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwCreateJobObject + 12 805DBB78 7 Bytes [89, 45, D8, 8A, 80, 40, 01]
PAGE ntoskrnl.exe!ZwCreateJobObject + 1A 805DBB80 14 Bytes [00, 88, 45, E0, 33, DB, 89, ...] {ADD [EAX-0x24cc1fbb], CL; MOV [EBP-0x4], EBX; MOV ECX, [EBP+0x8]; CMP AL, BL}
PAGE ntoskrnl.exe!ZwCreateJobObject + 29 805DBB8F 39 Bytes [11, A1, D4, 7E, 56, 80, 3B, ...]
PAGE ntoskrnl.exe!ZwCreateJobObject + 51 805DBBB7 59 Bytes [75, 10, FF, 35, E0, 96, 56, ...]
PAGE ntoskrnl.exe!ZwCreateJobObject + 8D 805DBBF3 17 Bytes [04, 89, 5E, 04, 8D, 46, 08, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwSetInformationJobObject + 4 805DBCBE 5 Bytes [00, 68, 88, 2E, 51]
PAGE ntoskrnl.exe!ZwSetInformationJobObject + A 805DBCC4 150 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetInformationJobObject + A1 805DBD5B 8 Bytes [10, 85, CE, 0F, 85, DF, A1, ...]
PAGE ntoskrnl.exe!ZwSetInformationJobObject + AB 805DBD65 39 Bytes [45, 14, 03, C6, 3B, C6, 0F, ...]
PAGE ntoskrnl.exe!ZwSetInformationJobObject + D3 805DBD8D 41 Bytes [33, C0, 83, FB, 05, 0F, 95, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwSetDefaultUILanguage + 32 805DC1AC 5 Bytes [4C, 00, 61, 00, 6E] {DEC ESP; ADD [ECX+0x0], AH; OUTSB }
PAGE ntoskrnl.exe!ZwSetDefaultUILanguage + 38 805DC1B2 11 Bytes [67, 00, 75, 00, 61, 00, 67, ...]
PAGE ntoskrnl.exe!ZwSetDefaultUILanguage + 44 805DC1BE 5 Bytes [65, 00, 6E, 00, 64]
PAGE ntoskrnl.exe!ZwSetDefaultUILanguage + 4A 805DC1C4 1 Byte [69]
PAGE ntoskrnl.exe!ZwSetDefaultUILanguage + 4A 805DC1C4 16 Bytes [69, 00, 6E, 00, 67, 00, 00, ...]
PAGE ntoskrnl.exe!ZwSetDefaultLocale + 2 805DC1D5 7 Bytes [55, 8B, EC, 81, EC, 38, 01]
PAGE ntoskrnl.exe!ZwSetDefaultLocale + A 805DC1DD 5 Bytes [00, A1, 60, A3, 55]
PAGE ntoskrnl.exe!ZwSetDefaultLocale + 10 805DC1E3 6 Bytes [57, 8B, 7D, 0C, F7, C7]
PAGE ntoskrnl.exe!ZwSetDefaultLocale + 17 805DC1EA 32 Bytes [00, FF, FF, 89, 45, FC, 0F, ...]
PAGE ntoskrnl.exe!ZwSetDefaultLocale + 38 805DC20B 26 Bytes CALL 8058E68E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!MmPageEntireDriver + 11 805DC77D 156 Bytes [85, C0, 74, 5B, F6, 05, 48, ...]
PAGE ntoskrnl.exe!RtlSubAuthoritySid + 4 805DC81A 38 Bytes [EC, 8B, 45, 0C, 8B, 4D, 08, ...]
PAGE ntoskrnl.exe!MmResetDriverPaging + 2 805DC841 47 Bytes [55, 8B, EC, F6, 05, 48, 79, ...]
PAGE ntoskrnl.exe!MmResetDriverPaging + 32 805DC871 57 Bytes CALL 805E7559 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!MmResetDriverPaging + 6C 805DC8AB 83 Bytes [59, 8B, 06, 3D, 50, 41, 47, ...]
PAGE ntoskrnl.exe!MmResetDriverPaging + C0 805DC8FF 160 Bytes CALL 8051A294 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!MmResetDriverPaging + 161 805DC9A0 38 Bytes JMP 80574879 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!IoRegisterDeviceInterface + 5 805DCC69 23 Bytes [8B, 45, 08, 8B, 80, B0, 00, ...]
PAGE ntoskrnl.exe!IoRegisterDeviceInterface + 1D 805DCC81 76 Bytes [66, 83, 3F, 00, 74, 44, 8B, ...]
PAGE ntoskrnl.exe!IoRegisterDeviceInterface + 6A 805DCCCE 22 Bytes [00, C0, EB, F3, 83, 7D, 34, ...]
PAGE ntoskrnl.exe!IoRegisterDeviceInterface + 81 805DCCE5 22 Bytes [F6, 45, 20, 04, 0F, 85, 52, ...]
PAGE ntoskrnl.exe!IoRegisterDeviceInterface + 98 805DCCFC 64 Bytes [83, FF, 02, 0F, 84, 1B, 0D, ...]
PAGE ntoskrnl.exe!ZwCreateMailslotFile + 2E 805DCD3D 5 Bytes [FC, F6, C3, 03, 0F]
PAGE ntoskrnl.exe!ZwCreateMailslotFile + 34 805DCD43 28 Bytes [85, 28, 01, 00, A1, D4, 7E, ...]
PAGE ntoskrnl.exe!ZwCreateMailslotFile + 51 805DCD60 4 Bytes [4D, FC, FF, 8B]
PAGE ntoskrnl.exe!ZwCreateMailslotFile + 56 805DCD65 14 Bytes [1C, 89, 45, CC, 8B, 45, 20, ...] {SBB AL, 0x89; INC EBP; INT 3 ; MOV EAX, [EBP+0x20]; MOV [EBP-0x30], EAX; PUSH ESI; LEA EAX, [EBP-0x34]}
PAGE ntoskrnl.exe!ZwCreateMailslotFile + 65 805DCD74 13 Bytes [6A, 02, 56, 56, FF, 75, 18, ...] {PUSH 0x2; PUSH ESI; PUSH ESI; PUSH DWORD [EBP+0x18]; PUSH 0x2; PUSH 0x3; PUSH ESI; PUSH ESI}
PAGE ...
PAGE ntoskrnl.exe!FsRtlOplockFsctrl + 20 805DCF34 121 Bytes [3B, C8, 6A, 02, 5B, 0F, 87, ...]
PAGE ntoskrnl.exe!FsRtlOplockFsctrl + 9A 805DCFAE 5 Bytes [00, A1, 60, A3, 55]
PAGE ntoskrnl.exe!FsRtlOplockFsctrl + A0 805DCFB4 52 Bytes [56, 8B, 75, 0C, 89, 45, FC, ...]
PAGE ntoskrnl.exe!FsRtlOplockFsctrl + D5 805DCFE9 137 Bytes [81, E1, 00, E0, FF, FF, 89, ...]
PAGE ntoskrnl.exe!FsRtlOplockFsctrl + 15F 805DD073 141 Bytes [00, 09, 58, 0C, 8B, 00, EB, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlValidSecurityDescriptor + 2F 805DD1D2 1 Byte [C6]
PAGE ntoskrnl.exe!RtlValidSecurityDescriptor + 32 805DD1D5 56 Bytes [E4, 85, C0, 74, 0A, 50, E8, ...]
PAGE ntoskrnl.exe!RtlValidSecurityDescriptor + 6B 805DD20E 57 Bytes [C7, 8B, 46, 10, 74, 06, 85, ...]
PAGE ntoskrnl.exe!RtlValidSecurityDescriptor + A5 805DD248 28 Bytes CALL 804E2EDC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlValidSecurityDescriptor + C2 805DD265 74 Bytes JMP 80582A6C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlDecompressFragment + C 805DD2E9 82 Bytes [00, 00, 00, 74, 31, 66, 83, ...]
PAGE ntoskrnl.exe!RtlDecompressFragment + 5F 805DD33C 52 Bytes [7F, D5, 63, 80, 7F, D5, 63, ...]
PAGE ntoskrnl.exe!RtlDecompressFragment + 94 805DD371 48 Bytes [00, 00, 8D, 4D, F8, 51, FF, ...]
PAGE ntoskrnl.exe!RtlDecompressFragment + C5 805DD3A2 109 Bytes [00, 00, 8B, 4D, FC, 8B, 45, ...]
PAGE ntoskrnl.exe!RtlDecompressFragment + 134 805DD411 146 Bytes CALL 805DD462 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!LdrAccessResource + 2 805DE2AB 51 Bytes JMP 805DE104 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlFindMessage + 1E 805DE2DF 17 Bytes [F4, 50, FF, 75, 08, C7, 45, ...] {HLT ; PUSH EAX; PUSH DWORD [EBP+0x8]; MOV DWORD [EBP-0x8], 0x1; CALL 0xfffffffffffffcbc}
PAGE ntoskrnl.exe!RtlFindMessage + 30 805DE2F1 87 Bytes [C0, 7C, 51, 6A, 00, 8D, 45, ...]
PAGE ntoskrnl.exe!RtlFindMessage + 88 805DE349 39 Bytes [B8, 09, 01, 00, C0, EB, F4, ...]
PAGE ntoskrnl.exe!RtlFindMessage + B0 805DE371 3 Bytes [8B, 4D, 18] {MOV ECX, [EBP+0x18]}
PAGE ntoskrnl.exe!RtlFindMessage + B4 805DE375 36 Bytes [01, EB, E7, C7, 45, D8, 0D, ...]
PAGE ...
PAGE ntoskrnl.exe!NtAllocateUuids + 7 805DE618 4 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtAllocateUuids + C 805DE61D 17 Bytes [83, 65, FC, 00, 64, A1, 24, ...]
PAGE ntoskrnl.exe!NtAllocateUuids + 1E 805DE62F 82 Bytes [00, 88, 45, E7, 8B, 5D, 08, ...]
PAGE ntoskrnl.exe!NtAllocateUuids + 71 805DE682 10 Bytes [45, 10, 89, 45, C0, 8B, 0D, ...] {INC EBP; ADC [ECX+0xd8bc045], CL; AAM 0x7e; PUSH ESI}
PAGE ntoskrnl.exe!NtAllocateUuids + 7C 805DE68D 65 Bytes [3B, C1, 0F, 83, A2, 47, 03, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwPrivilegeObjectAuditAlarm + 7 805DE75E 17 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwPrivilegeObjectAuditAlarm + 19 805DE770 5 Bytes [00, 8A, 80, 40, 01]
PAGE ntoskrnl.exe!ZwPrivilegeObjectAuditAlarm + 1F 805DE776 17 Bytes [00, 88, 45, D0, 53, 8D, 45, ...]
PAGE ntoskrnl.exe!ZwPrivilegeObjectAuditAlarm + 31 805DE788 19 Bytes [6A, 08, FF, 75, 10, E8, C7, ...]
PAGE ntoskrnl.exe!ZwPrivilegeObjectAuditAlarm + 45 805DE79C 7 Bytes [00, 8B, 7D, DC, 83, BF, 80]
PAGE ...
PAGE ntoskrnl.exe!ZwFlushKey + 16 805DF261 75 Bytes [0F, 85, 40, 6D, 03, 00, 64, ...]
PAGE ntoskrnl.exe!ZwFlushKey + 62 805DF2AD 42 Bytes [05, 02, 0F, 85, 13, 6D, 03, ...]
PAGE ntoskrnl.exe!ZwFlushKey + 8D 805DF2D8 39 Bytes [0F, 85, F6, 6C, 03, 00, 8B, ...]
PAGE ntoskrnl.exe!ZwFlushKey + B5 805DF300 67 Bytes [00, 0F, 85, 55, BC, 03, 00, ...]
PAGE ntoskrnl.exe!ZwFlushKey + F9 805DF344 63 Bytes [85, FF, FA, FF, FF, E9, F1, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlLengthSid + 17 805DF5E1 37 Bytes [C6, 00, 15, 8B, 09, 89, 48, ...]
PAGE ntoskrnl.exe!RtlLengthSid + 3D 805DF607 210 Bytes [30, 0F, 84, 79, E7, FB, FF, ...]
PAGE ntoskrnl.exe!RtlLengthSid + 110 805DF6DA 5 Bytes [FF, 15, 2C, 80, 4D]
PAGE ntoskrnl.exe!RtlLengthSid + 116 805DF6E0 26 Bytes [8A, C8, 8D, 7E, 10, 8B, 56, ...]
PAGE ntoskrnl.exe!RtlLengthSid + 131 805DF6FB 4 Bytes [15, 30, 80, 4D]
PAGE ...
PAGE ntoskrnl.exe!SeSetSecurityDescriptorInfo + 12 805DFAE9 80 Bytes [51, FF, 75, 1C, FF, 75, 18, ...]
PAGE ntoskrnl.exe!SeSetSecurityDescriptorInfo + 63 805DFB3A 32 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!NtSetSecurityObject + 1C 805DFB5B 3 Bytes CALL 805DFB0C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtSetSecurityObject + 20 805DFB5F 81 Bytes [64, A1, 24, 01, 00, 00, 8A, ...]
PAGE ntoskrnl.exe!NtSetSecurityObject + 72 805DFBB1 34 Bytes [0F, 84, 45, 06, 02, 00, F6, ...]
PAGE ntoskrnl.exe!NtSetSecurityObject + 95 805DFBD4 86 Bytes CALL 80575532 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ObSetSecurityObjectByPointer + 3C 805DFC2B 73 Bytes [00, 5E, 5D, C2, 0C, 00, 90, ...]
PAGE ntoskrnl.exe!RtlSetOwnerSecurityDescriptor + 3F 805DFC75 53 Bytes [33, C0, 5D, C2, 0C, 00, 33, ...]
PAGE ntoskrnl.exe!RtlSetOwnerSecurityDescriptor + 75 805DFCAB 2 Bytes JMP 805DF6A4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlSetOwnerSecurityDescriptor + 79 805DFCAF 4 Bytes [81, FF, 03, 01]
PAGE ntoskrnl.exe!RtlSetOwnerSecurityDescriptor + 7F 805DFCB5 86 Bytes [0F, 84, FC, 24, 01, 00, 33, ...]
PAGE ntoskrnl.exe!RtlSetOwnerSecurityDescriptor + D6 805DFD0C 1 Byte [56]
PAGE ...
PAGE ntoskrnl.exe!NtQuerySecurityObject + 7F 805DFDBD 44 Bytes [45, 14, 8B, 4D, 18, 89, 01, ...]
PAGE ntoskrnl.exe!NtQuerySecurityObject + AC 805DFDEA 7 Bytes [83, 4D, FC, FF, E9, 70, FF]
PAGE ntoskrnl.exe!NtQuerySecurityObject + B5 805DFDF3 10 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] {NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
PAGE ntoskrnl.exe!NtQuerySecurityObject + C1 805DFDFF 58 Bytes [0C, 83, 20, 00, F6, 45, 08, ...]
PAGE ntoskrnl.exe!NtQuerySecurityObject + FC 805DFE3A 121 Bytes [55, 1C, 0F, 82, 36, 1C, FC, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwCreateIoCompletion + A6 805E059B 48 Bytes [C2, 10, 00, 8B, FB, C1, EF, ...]
PAGE ntoskrnl.exe!ZwCreateIoCompletion + D7 805E05CC 77 Bytes [C3, 8B, CF, C1, E1, 0A, 8B, ...]
PAGE ntoskrnl.exe!ZwCreateIoCompletion + 125 805E061A 5 Bytes [F6, 87, 48, 02, 00]
PAGE ntoskrnl.exe!ZwCreateIoCompletion + 12B 805E0620 11 Bytes [08, 0F, 84, 58, 40, 02, 00, ...]
PAGE ntoskrnl.exe!ZwCreateIoCompletion + 137 805E062C 13 Bytes [00, 8B, 0F, 8B, 45, 0C, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!MmLockPagableSectionByHandle + 4 805E09D6 3 Bytes [EC, 51, 8B]
PAGE ntoskrnl.exe!MmLockPagableSectionByHandle + 8 805E09DA 1 Byte [08]
PAGE ntoskrnl.exe!MmLockPagableSectionByHandle + 8 805E09DA 159 Bytes JMP 7D3F8AF3
PAGE ntoskrnl.exe!MmLockPagableSectionByHandle + A8 805E0A7A 11 Bytes [0F, 85, 7F, 9D, 01, 00, FF, ...]
PAGE ntoskrnl.exe!MmLockPagableSectionByHandle + B4 805E0A86 39 Bytes [0F, 84, 81, 4F, 00, 00, 5B, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwAccessCheckByType + 8 805E0AE2 92 Bytes [75, 30, FF, 75, 2C, FF, 75, ...]
PAGE ntoskrnl.exe!ZwAccessCheckByType + 65 805E0B3F 8 Bytes [00, 00, 01, 0F, 8D, 8B, C2, ...]
PAGE ntoskrnl.exe!ZwAccessCheckByType + 6E 805E0B48 69 Bytes JMP 8060D7AC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwAccessCheckByType + B4 805E0B8E 105 Bytes [3B, C3, 89, 46, 04, 0F, 85, ...]
PAGE ntoskrnl.exe!ZwAccessCheckByType + 11E 805E0BF8 67 Bytes JMP 5EFFF705
PAGE ...
PAGE ntoskrnl.exe!ZwNotifyChangeMultipleKeys + 6F 805E1FE7 21 Bytes [B4, C8, F8, FF, 6A, 04, FF, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeMultipleKeys + 85 805E1FFD 49 Bytes [00, 89, 5E, 04, 83, 4D, FC, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeMultipleKeys + B7 805E202F 24 Bytes [6A, 10, FF, 75, 08, E8, 20, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeMultipleKeys + D0 805E2048 12 Bytes [0F, 85, 12, 01, FD, FF, 53, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeMultipleKeys + DD 805E2055 63 Bytes CALL 805E2197 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwNotifyChangeKey + 2B 805E2191 111 Bytes [FF, 5D, C2, 28, 00, 90, 90, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeKey + 9C 805E2202 68 Bytes [68, 43, 4D, 70, 61, 6A, 30, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeKey + E1 805E2247 13 Bytes [8B, 77, 08, 85, F6, 8B, 58, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeKey + EF 805E2255 23 Bytes [68, 43, 4D, 6E, 62, 6A, 2C, ...]
PAGE ntoskrnl.exe!ZwNotifyChangeKey + 108 805E226E 15 Bytes [47, 04, 8B, 4D, 10, 89, 46, ...]
PAGE ...
PAGE ntoskrnl.exe!NtAllocateLocallyUniqueId + 39 805E2916 28 Bytes [F6, C3, 03, 0F, 85, B0, 09, ...]
PAGE ntoskrnl.exe!NtAllocateLocallyUniqueId + 56 805E2933 22 Bytes CALL 804E2EDC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtAllocateLocallyUniqueId + 6D 805E294A 2 Bytes JMP 8057F08C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtAllocateLocallyUniqueId + 70 805E294D 118 Bytes [F9, FF, 89, 75, E0, E9, 20, ...]
PAGE ntoskrnl.exe!NtAllocateLocallyUniqueId + E7 805E29C4 7 Bytes [8B, CE, FF, 15, 18, 81, 4D]
PAGE ...
PAGE ntoskrnl.exe!ExSystemExceptionFilter + 2D 805E2B13 151 Bytes [0F, 85, B0, 9C, FA, FF, 66, ...]
PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 38 805E2BAB 3 Bytes CALL 80583570 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 3C 805E2BAF 21 Bytes [8B, F0, 89, 75, E0, 3B, F3, ...]
PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 52 805E2BC5 23 Bytes [46, 20, 39, 00, 74, 0B, 68, ...]
PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 6A 805E2BDD 47 Bytes [08, 89, 4D, D8, 8B, 40, 04, ...]
PAGE ntoskrnl.exe!FsRtlNotifyCleanup + 9A 805E2C0D 15 Bytes CALL 805511E3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlUnicodeStringToOemString + 7 805E2C8B 45 Bytes [DB, 38, 1D, 20, A7, 69, 80, ...]
PAGE ntoskrnl.exe!RtlUnicodeStringToOemString + 36 805E2CBA 101 Bytes [0E, 0F, 85, 78, 5C, FF, FF, ...]
PAGE ntoskrnl.exe!RtlUnicodeStringToOemString + 9C 805E2D20 6 Bytes [EC, 8B, 4D, 08, 53, 56] {IN AL, DX ; MOV ECX, [EBP+0x8]; PUSH EBX; PUSH ESI}
PAGE ntoskrnl.exe!RtlUnicodeStringToOemString + A3 805E2D27 37 Bytes [75, 0C, C1, EE, 10, 57, 8B, ...]
PAGE ntoskrnl.exe!RtlUnicodeStringToOemString + C9 805E2D4D 31 Bytes [59, 28, 0F, B7, 5C, D3, 02, ...]
PAGE ...
PAGE ntoskrnl.exe!MmUnmapViewInSessionSpace + A 805E2E56 8 Bytes [00, 8B, 40, 44, F6, 80, 4A, ...]
PAGE ntoskrnl.exe!MmUnmapViewInSessionSpace + 13 805E2E5F 19 Bytes [00, 01, 0F, 84, 47, A2, 01, ...]
PAGE ntoskrnl.exe!MmUnmapViewInSessionSpace + 27 805E2E73 295 Bytes CALL 805E2D7F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!MmUnmapViewInSessionSpace + 14F 805E2F9B 42 Bytes [00, 00, 00, 8B, 0D, 08, 79, ...]
PAGE ntoskrnl.exe!MmUnmapViewInSessionSpace + 17A 805E2FC6 25 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ...
PAGE ntoskrnl.exe!MmMapViewInSessionSpace 805E3103 10 Bytes [8B, FF, 55, 8B, EC, 64, A1, ...]
PAGE ntoskrnl.exe!MmMapViewInSessionSpace + B 805E310E 122 Bytes [8B, 40, 44, F6, 80, 4A, 02, ...]
PAGE ntoskrnl.exe!ZwOpenObjectAuditAlarm + 49 805E3189 133 Bytes [6A, 08, FF, 75, 1C, E8, C6, ...]
PAGE ntoskrnl.exe!ZwOpenObjectAuditAlarm + CF 805E320F 282 Bytes [89, 7D, BC, 83, 65, BC, 03, ...]
PAGE ntoskrnl.exe!ZwOpenObjectAuditAlarm + 1EA 805E332A 12 Bytes [75, 1C, 39, 75, 28, 74, 17, ...] {JNZ 0x1e; CMP [EBP+0x28], ESI; JZ 0x1e; LEA EAX, [EBP-0x64]; PUSH EAX; PUSH ESI}
PAGE ntoskrnl.exe!ZwOpenObjectAuditAlarm + 1F7 805E3337 16 Bytes CALL 804E5AE9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwOpenObjectAuditAlarm + 208 805E3348 68 Bytes [8A, 5D, E5, 39, 75, E0, 74, ...]
PAGE ...
PAGE ntoskrnl.exe!NtRequestPort + 3A 805E33F8 10 Bytes [8B, 75, 0C, 3B, F0, 0F, 83, ...]
PAGE ntoskrnl.exe!NtRequestPort + 45 805E3403 31 Bytes [6A, 06, 59, 8D, 7D, B4, F3, ...]
PAGE ntoskrnl.exe!NtRequestPort + 65 805E3423 28 Bytes [66, 39, 5D, BA, 0F, 85, A4, ...]
PAGE ntoskrnl.exe!NtRequestPort + 82 805E3440 13 Bytes [53, 8D, 45, E4, 50, FF, 75, ...]
PAGE ntoskrnl.exe!NtRequestPort + 90 805E344E 279 Bytes CALL 8056C555 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlOemToUnicodeN 805E36C0 38 Bytes [8B, FF, 55, 8B, EC, 53, 56, ...]
PAGE ntoskrnl.exe!RtlOemToUnicodeN + 27 805E36E7 30 Bytes [10, 85, C0, 74, 05, 8D, 0C, ...]
PAGE ntoskrnl.exe!RtlOemToUnicodeN + 46 805E3706 23 Bytes [FF, 24, BD, DC, 38, 5E, 80, ...]
PAGE ntoskrnl.exe!RtlOemToUnicodeN + 5E 805E371E 3 Bytes [8B, 1C, 5A] {MOV EBX, [EDX+EBX*2]}
PAGE ntoskrnl.exe!RtlOemToUnicodeN + 62 805E3722 104 Bytes [89, 59, 18, 0F, B6, 58, 0B, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlOemStringToUnicodeString + 10 805E37E2 30 Bytes [7D, 0C, 0F, 85, 34, 50, 02, ...]
PAGE ntoskrnl.exe!RtlOemStringToUnicodeString + 2F 805E3801 84 Bytes [75, 08, 8D, 48, FE, 66, 89, ...]
PAGE ntoskrnl.exe!RtlOemStringToUnicodeString + 84 805E3856 42 Bytes [85, F6, 8B, 4D, 08, 8B, 3D, ...]
PAGE ntoskrnl.exe!RtlOemStringToUnicodeString + AF 805E3881 40 Bytes [66, 85, F6, 74, 1E, 83, 7D, ...]
PAGE ntoskrnl.exe!RtlOemStringToUnicodeString + D8 805E38AA 31 Bytes [66, 8B, 04, 30, 66, 89, 01, ...]
PAGE ...
PAGE ntoskrnl.exe!IoGetDeviceObjectPointer + 25 805E3B4E 27 Bytes [45, E0, 18, 00, 00, 00, 89, ...]
PAGE ntoskrnl.exe!IoGetDeviceObjectPointer + 41 805E3B6A 26 Bytes [F8, 3B, FE, 7C, 36, 56, 8D, ...]
PAGE ntoskrnl.exe!IoGetDeviceObjectPointer + 5C 805E3B85 237 Bytes [F8, 3B, FE, 7C, 13, 8B, 45, ...]
PAGE ntoskrnl.exe!IoGetDeviceObjectPointer + 14A 805E3C73 32 Bytes [EC, 8B, 45, 0C, 56, 8B, 75, ...]
PAGE ntoskrnl.exe!IoGetDeviceObjectPointer + 16B 805E3C94 36 Bytes [8B, 40, 0C, 5E, 5D, C2, 0C, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlGetNtGlobalFlags + 5 805E3E96 18 Bytes [C3, 90, 90, 90, 90, 90, 8B, ...]
PAGE ntoskrnl.exe!ZwQueueApcThread + D 805E3EA9 25 Bytes [00, 8A, 80, 40, 01, 00, 00, ...]
PAGE ntoskrnl.exe!ZwQueueApcThread + 27 805E3EC3 158 Bytes [6A, 10, FF, 75, 08, E8, 8C, ...]
PAGE ntoskrnl.exe!ZwQueryTimer + 21 805E3F62 55 Bytes [00, 00, 83, 65, FC, 00, 8B, ...]
PAGE ntoskrnl.exe!ZwQueryTimer + 59 805E3F9A 11 Bytes [3B, C8, 0F, 83, 22, F4, 02, ...]
PAGE ntoskrnl.exe!ZwQueryTimer + 65 805E3FA6 108 Bytes [83, 4D, FC, FF, 83, 7D, 0C, ...]
PAGE ntoskrnl.exe!ZwQueryTimer + D2 805E4013 10 Bytes [0F, 84, 0B, F4, 02, 00, C7, ...]
PAGE ntoskrnl.exe!ZwQueryTimer + DD 805E401E 1 Byte [00]
PAGE ...
PAGE ntoskrnl.exe!NtFindAtom + 69 805E4875 24 Bytes [00, 00, 85, FF, 74, 1B, 83, ...]
PAGE ntoskrnl.exe!NtFindAtom + 82 805E488E 40 Bytes [07, 66, 89, 07, 83, 4D, FC, ...]
PAGE ntoskrnl.exe!NtFindAtom + AB 805E48B7 26 Bytes [8B, 8D, 58, FF, FF, FF, 8D, ...]
PAGE ntoskrnl.exe!NtFindAtom + C6 805E48D2 5 Bytes [00, 00, 83, 4D, FC]
PAGE ntoskrnl.exe!NtFindAtom + CC 805E48D8 28 Bytes [81, FE, 80, 00, 00, 00, 0F, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlUnicodeStringToInteger + 7 805E4C40 112 Bytes CALL 804E2EA3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlUnicodeStringToInteger + 78 805E4CB1 73 Bytes [4B, 66, 83, F8, 30, 72, 2B, ...]
PAGE ntoskrnl.exe!RtlUnicodeStringToInteger + C2 805E4CFB 58 Bytes [FE, FF, 66, 83, 7D, E4, 2D, ...]
PAGE ntoskrnl.exe!RtlUnicodeStringToInteger + FD 805E4D36 7 Bytes [75, E4, FF, 35, 58, 97, 56]
PAGE ntoskrnl.exe!RtlUnicodeStringToInteger + 105 805E4D3E 23 Bytes [68, 00, 04, 00, 00, FF, 75, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToOemN + 3E 805E4FBB 21 Bytes [83, E1, 0F, 01, 4D, 08, 89, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToOemN + 54 805E4FD1 1 Byte [24]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToOemN + 54 805E4FD1 4 Bytes [24, 8D, 65, 55]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToOemN + 59 805E4FD6 30 Bytes [80, 0F, B7, 4F, F2, 0F, B6, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeToOemN + 79 805E4FF6 187 Bytes [89, 4D, 18, 0F, B7, 4D, 18, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlUpcaseUnicodeStringToOemString + 32 805E55DC 83 Bytes [FF, 66, 89, 0E, 74, 62, 50, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeStringToOemString + 86 805E5630 52 Bytes [00, 8B, 46, 04, 8B, 4D, 0C, ...]
PAGE ntoskrnl.exe!RtlFreeOemString + 11 805E5665 40 Bytes [15, 40, EC, 56, 80, 5D, C2, ...]
PAGE ntoskrnl.exe!RtlFreeOemString + 3A 805E568E 30 Bytes [4D, 18, 0F, B7, 4D, 18, 8A, ...]
PAGE ntoskrnl.exe!RtlFreeOemString + 59 805E56AD 87 Bytes [0F, B7, 0C, 4A, 66, 83, F9, ...]
PAGE ntoskrnl.exe!RtlFreeOemString + B1 805E5705 82 Bytes [B7, 4F, EC, 0F, B6, 0C, 01, ...]
PAGE ntoskrnl.exe!RtlFreeOemString + 104 805E5758 37 Bytes [B7, 4D, 18, 8A, 0C, 01, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + 3 805E5B4D 45 Bytes [8B, EC, 83, EC, 0C, 56, 33, ...]
PAGE ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + 31 805E5B7B 40 Bytes [43, 20, 85, C0, 74, 27, 8B, ...]
PAGE ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + 5B 805E5BA5 37 Bytes [08, EB, D5, 85, F6, 74, 2F, ...]
PAGE ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + 81 805E5BCB 76 Bytes CALL 80514739 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + CE 805E5C18 32 Bytes [7D, 08, 8B, 37, 3B, F7, 74, ...]
PAGE ...
PAGE ntoskrnl.exe!PsSetProcessSecurityPort + 4 805E608A 7 Bytes [EC, 8B, 45, 0C, 8B, 4D, 08] {IN AL, DX ; MOV EAX, [EBP+0xc]; MOV ECX, [EBP+0x8]}
PAGE ntoskrnl.exe!PsSetProcessSecurityPort + C 805E6092 166 Bytes [81, 98, 01, 00, 00, 33, C0, ...]
PAGE ntoskrnl.exe!SeCreateClientSecurityFromSubjectContext + 55 805E6139 12 Bytes [EB, EE, 0F, 84, 4E, 9E, 02, ...]
PAGE ntoskrnl.exe!SeCreateClientSecurityFromSubjectContext + 62 805E6146 26 Bytes [3B, D8, 0F, 87, 5F, 9D, 02, ...]
PAGE ntoskrnl.exe!SeCreateClientSecurityFromSubjectContext + 7D 805E6161 30 Bytes CALL 61E2706A
PAGE ntoskrnl.exe!SeCreateClientSecurityFromSubjectContext + 9E 805E6182 11 Bytes CALL 805E91B5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!SeCreateClientSecurityFromSubjectContext + AA 805E618E 33 Bytes [68, 4D, 6D, 53, 63, 6A, 30, ...]
PAGE ...
PAGE ntoskrnl.exe!CcZeroData + 5 805E6571 22 Bytes [68, D0, 5B, 51, 80, E8, 28, ...]
PAGE ntoskrnl.exe!CcZeroData + 1C 805E6588 115 Bytes [01, 00, C7, 45, A4, 01, 00, ...]
PAGE ntoskrnl.exe!CcZeroData + 90 805E65FC 59 Bytes [8F, 7F, 01, 00, 00, 3D, 00, ...]
PAGE ntoskrnl.exe!CcZeroData + CD 805E6639 24 Bytes [8B, 45, 90, 89, 45, C0, 8D, ...]
PAGE ntoskrnl.exe!CcZeroData + E6 805E6652 63 Bytes [53, FF, 75, C0, 8D, 45, D8, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlPrefixUnicodeString + 14 805E6880 33

hokage · #25 Příspěvek od **hokage** » 16 kvě 2010 17:56

Bytes [78, 04, 0F, B7, 01, 3B, C2, ...]
PAGE ntoskrnl.exe!RtlPrefixUnicodeString + 36 805E68A2 23 Bytes [66, 8B, 17, 66, 8B, 33, 47, ...]
PAGE ntoskrnl.exe!RtlPrefixUnicodeString + 4F 805E68BB 47 Bytes [FF, 4D, 08, 75, E2, B0, 01, ...]
PAGE ntoskrnl.exe!RtlPrefixUnicodeString + 7F 805E68EB 13 Bytes [0F, 8B, 45, 08, 89, 48, 18, ...]
PAGE ntoskrnl.exe!RtlPrefixUnicodeString + 8D 805E68F9 64 Bytes [47, 04, 8B, 53, 14, 3B, D0, ...]
PAGE ...
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 2 805E74E8 16 Bytes [55, 8B, EC, 53, 8B, 5D, 08, ...]
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 14 805E74FA 5 Bytes [FF, 88, D4, 00, 00]
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 1B 805E7501 1 Byte [47]
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 1B 805E7501 20 Bytes [47, 08, 8B, F7, C1, EE, 08, ...]
PAGE ntoskrnl.exe!ObMakeTemporaryObject + 31 805E7517 19 Bytes CALL 804DA3A3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ZwCreateSymbolicLinkObject + 23 805E78FD 8 Bytes [8B, 45, 14, 8B, 08, 89, 4D, ...] {MOV EAX, [EBP+0x14]; MOV ECX, [EAX]; MOV [EBP-0x3c], ECX}
PAGE ntoskrnl.exe!ZwCreateSymbolicLinkObject + 2C 805E7906 6 Bytes [40, 04, 89, 45, C8, 33]
PAGE ntoskrnl.exe!ZwCreateSymbolicLinkObject + 33 805E790D 10 Bytes [66, 8B, 7D, C6, 33, F6, F6, ...] {MOV DI, [EBP-0x3a]; XOR ESI, ESI; TEST BYTE [EBP-0x3a], 0x1}
PAGE ntoskrnl.exe!ZwCreateSymbolicLinkObject + 3E 805E7918 226 Bytes [85, B5, 97, 01, 00, 66, 3B, ...]
PAGE ntoskrnl.exe!ZwCreateSymbolicLinkObject + 121 805E79FB 19 Bytes JMP 8056E16C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!NtMakePermanentObject + 1 805E7AE3 18 Bytes [FF, 55, 8B, EC, 83, EC, 0C, ...]
PAGE ntoskrnl.exe!NtMakePermanentObject + 14 805E7AF6 11 Bytes [88, 45, FC, FF, 75, FC, FF, ...]
PAGE ntoskrnl.exe!NtMakePermanentObject + 20 805E7B02 75 Bytes [FF, 35, D8, AC, 69, 80, E8, ...]
PAGE ntoskrnl.exe!NtMakePermanentObject + 6C 805E7B4E 43 Bytes [F7, C1, EE, 08, 83, E6, 03, ...]
PAGE ntoskrnl.exe!NtMakePermanentObject + 98 805E7B7A 48 Bytes [64, A1, 24, 01, 00, 00, FF, ...]
PAGE ntoskrnl.exe!ZwMakeTemporaryObject + 2 805E7BAB 34 Bytes [55, 8B, EC, 83, EC, 0C, 56, ...]
PAGE ntoskrnl.exe!ZwMakeTemporaryObject + 25 805E7BCE 97 Bytes [68, 00, 00, 01, 00, FF, 75, ...]
PAGE ntoskrnl.exe!ZwMakeTemporaryObject + 87 805E7C30 25 Bytes [5E, 5D, C2, 04, 00, 90, 90, ...]
PAGE ntoskrnl.exe!ZwMakeTemporaryObject + A1 805E7C4A 6 Bytes [C2, 04, 00, 39, 7B, 18] {RET 0x4; CMP [EBX+0x18], EDI}
PAGE ntoskrnl.exe!ZwMakeTemporaryObject + A9 805E7C52 78 Bytes JMP 805E7629 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwOpenSemaphore + 41 805E7CA1 99 Bytes [FF, 75, 0C, 6A, 00, FF, 75, ...]
PAGE ntoskrnl.exe!ZwAreMappedFilesTheSame + 17 805E7D05 110 Bytes [8B, CF, FF, 15, 18, 81, 4D, ...]
PAGE ntoskrnl.exe!ZwAreMappedFilesTheSame + 86 805E7D74 5 Bytes [84, 72, 84, FC, FF]
PAGE ntoskrnl.exe!ZwAreMappedFilesTheSame + 8C 805E7D7A 2 Bytes [48, 14]
PAGE ntoskrnl.exe!ZwAreMappedFilesTheSame + 8F 805E7D7D 7 Bytes [71, 08, 0F, 84, 55, 84, FC]
PAGE ntoskrnl.exe!ZwAreMappedFilesTheSame + 97 805E7D85 22 Bytes [F6, 46, 23, 10, 0F, 85, 22, ...]
PAGE ...
PAGE ntoskrnl.exe!MmLockPagableDataSection + 15 805E7DBE 3 Bytes [00, 8B, 80]
PAGE ntoskrnl.exe!MmLockPagableDataSection + 19 805E7DC2 25 Bytes [00, 30, C0, 66, 25, 81, 00, ...]
PAGE ntoskrnl.exe!MmLockPagableDataSection + 33 805E7DDC 9 Bytes [00, 6A, 01, 8B, F0, FF, 8E, ...]
PAGE ntoskrnl.exe!MmLockPagableDataSection + 3D 805E7DE6 5 Bytes [00, 68, E0, 34, 56] {ADD [EAX-0x20], CH; XOR AL, 0x56}
PAGE ntoskrnl.exe!MmLockPagableDataSection + 43 805E7DEC 57 Bytes CALL 804E1980 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ExEnumHandleTable + 16 805E84FA 50 Bytes [00, C6, 45, FF, 00, 33, DB, ...]
PAGE ntoskrnl.exe!ExEnumHandleTable + 49 805E852D 15 Bytes [0F, 85, 4C, 91, 02, 00, 8A, ...]
PAGE ntoskrnl.exe!ExEnumHandleTable + 59 805E853D 78 Bytes [85, D2, 74, DA, 56, FF, 75, ...]
PAGE ntoskrnl.exe!ExEnumHandleTable + A8 805E858C 7 Bytes [32, C0, 5F, 5E, 5D, C2, 0C]
PAGE ntoskrnl.exe!ExEnumHandleTable + B0 805E8594 34 Bytes [3B, C8, 74, E0, EB, F2, 90, ...]
PAGE ntoskrnl.exe!ObFindHandleForObject + 18 805E85B7 40 Bytes [4D, 0C, 3B, CB, 0F, 85, C1, ...]
PAGE ntoskrnl.exe!ObFindHandleForObject + 41 805E85E0 68 Bytes [FF, FF, 84, C0, 0F, 85, A3, ...]
PAGE ntoskrnl.exe!ObFindHandleForObject + 86 805E8625 56 Bytes [55, 0C, 56, FF, 75, 08, 88, ...]
PAGE ntoskrnl.exe!ObFindHandleForObject + BF 805E865E 66 Bytes [56, 8B, 75, 08, 57, BF, 80, ...]
PAGE ntoskrnl.exe!ObFindHandleForObject + 102 805E86A1 25 Bytes [7C, 06, 8B, 45, 10, C6, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwAssignProcessToJobObject + 17 805E8E4B 23 Bytes [F0, 8A, 86, 40, 01, 00, 00, ...]
PAGE ntoskrnl.exe!ZwAssignProcessToJobObject + 2F 805E8E63 12 Bytes [6A, 01, FF, 75, 08, E8, EC, ...] {PUSH 0x1; PUSH DWORD [EBP+0x8]; CALL 0xfffffffffff836f6; CMP EAX, EBX}
PAGE ntoskrnl.exe!ZwAssignProcessToJobObject + 3C 805E8E70 46 Bytes [7D, EC, 89, 7D, F0, 0F, 8C, ...]
PAGE ntoskrnl.exe!ZwAssignProcessToJobObject + 6B 805E8E9F 35 Bytes [00, 50, FF, 75, 0C, E8, B0, ...]
PAGE ntoskrnl.exe!ZwAssignProcessToJobObject + 91 805E8EC5 76 Bytes [E0, 0F, 85, EF, CE, 01, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwFlushVirtualMemory + 73 805E95BF 22 Bytes [E4, 83, 4D, FC, FF, A1, DC, ...]
PAGE ntoskrnl.exe!ZwFlushVirtualMemory + 8A 805E95D6 38 Bytes [45, DC, 50, FF, 75, D4, FF, ...]
PAGE ntoskrnl.exe!ZwFlushVirtualMemory + B1 805E95FD 54 Bytes CALL 805E929D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwFlushVirtualMemory + E8 805E9634 12 Bytes CALL 804E2EDB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwFlushVirtualMemory + F5 805E9641 25 Bytes [00, 00, C0, EB, F1, 90, 90, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeSize + 2 805E9A25 43 Bytes [55, 8B, EC, 8B, 45, 10, 33, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeSize + 2E 805E9A51 44 Bytes [F9, FF, 80, 4E, 27, 10, B9, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeSize + 5B 805E9A7E 54 Bytes [F8, 85, FF, 0F, 84, 76, 34, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeSize + 92 805E9AB5 55 Bytes [8B, 17, 3B, D1, 0F, 82, D0, ...]
PAGE ntoskrnl.exe!RtlMultiByteToUnicodeSize + CA 805E9AED 4 Bytes JMP 805FD06A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlUnicodeToMultiByteSize + 97 805E9C21 15 Bytes [F7, 0F, 84, CC, 40, 00, 00, ...]
PAGE ntoskrnl.exe!RtlUnicodeToMultiByteSize + A7 805E9C31 32 Bytes JMP 805EDCF4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlUnicodeToMultiByteSize + C8 805E9C52 1 Byte [B0]
PAGE ntoskrnl.exe!RtlUnicodeToMultiByteSize + C8 805E9C52 34 Bytes [B0, 66, 33, C0, 66, 89, 45, ...]
PAGE ntoskrnl.exe!RtlUnicodeToMultiByteSize + EB 805E9C75 8 Bytes [FA, FF, 90, 90, 90, 90, 90, ...]
PAGE ntoskrnl.exe!ExUuidCreate + 2 805E9C7E 28 Bytes [55, 8B, EC, 83, EC, 0C, 83, ...]
PAGE ntoskrnl.exe!ExUuidCreate + 1F 805E9C9B 44 Bytes [8B, 0D, 28, B1, 69, 80, 8B, ...]
PAGE ntoskrnl.exe!ExUuidCreate + 4C 805E9CC8 8 Bytes [75, CC, 3B, 3D, 2C, B1, 69, ...] {JNZ 0xffffffffffffffce; CMP EDI, [0x8069b12c]}
PAGE ntoskrnl.exe!ExUuidCreate + 56 805E9CD2 28 Bytes [85, C0, 0F, 8C, 58, 0B, 00, ...]
PAGE ntoskrnl.exe!ExUuidCreate + 73 805E9CEF 138 Bytes [10, 89, 0B, 66, 89, 7B, 06, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwSetThreadExecutionState + C 805EB1DE 27 Bytes [64, A1, 24, 01, 00, 00, 89, ...]
PAGE ntoskrnl.exe!ZwSetThreadExecutionState + 28 805EB1FA 7 Bytes [55, FC, 64, A1, 24, 01, 00]
PAGE ntoskrnl.exe!ZwSetThreadExecutionState + 30 805EB202 23 Bytes [89, 45, D0, 8A, 80, 40, 01, ...]
PAGE ntoskrnl.exe!ZwSetThreadExecutionState + 48 805EB21A 22 Bytes [3B, C8, 0F, 83, FB, 75, 01, ...]
PAGE ntoskrnl.exe!ZwSetThreadExecutionState + 5F 805EB231 7 Bytes [00, 00, 0F, B6, 37, BB, 00]
PAGE ...
PAGE ntoskrnl.exe!IoCheckFunctionAccess + 38 805EB386 91 Bytes [00, C0, EB, E2, 3B, 71, 2C, ...]
PAGE ntoskrnl.exe!LsaFreeReturnBuffer + 45 805EB3E2 38 Bytes CALL 80595208 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!LsaFreeReturnBuffer + 6C 805EB409 10 Bytes [FF, BE, 9A, 00, 00, C0, E9, ...]
PAGE ntoskrnl.exe!LsaFreeReturnBuffer + 77 805EB414 52 Bytes CALL 80572793 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!LsaFreeReturnBuffer + AC 805EB449 43 Bytes [FF, 8D, 51, 28, 8B, 0A, 3B, ...]
PAGE ntoskrnl.exe!LsaFreeReturnBuffer + D8 805EB475 98 Bytes [24, 0C, 3C, 08, 57, 8B, 3D, ...]
PAGE ntoskrnl.exe!ZwSetTimerResolution + 40 805EB4D8 7 Bytes [00, 8B, 78, 44, 83, 65, E4]
PAGE ntoskrnl.exe!ZwSetTimerResolution + 48 805EB4E0 71 Bytes CALL 805EB70F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwSetTimerResolution + 90 805EB528 23 Bytes [FF, 15, FC, 80, 4D, 80, 8B, ...]
PAGE ntoskrnl.exe!ZwSetTimerResolution + A8 805EB540 11 Bytes [64, A1, 24, 01, 00, 00, 80, ...]
PAGE ntoskrnl.exe!ZwSetTimerResolution + B4 805EB54C 7 Bytes [00, 74, 78, C7, 45, FC, 01]
PAGE ...
? spdy.sys Systém nemůže nalézt uvedený soubor. !
.text USBPORT.SYS!DllUnload F71348AC 5 Bytes JMP 862591D8
.text avs2z3ic.SYS F70C0386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text avs2z3ic.SYS F70C03AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text avs2z3ic.SYS F70C03C4 3 Bytes [00, 80, 02]
.text avs2z3ic.SYS F70C03C9 1 Byte [30]
.text avs2z3ic.SYS F70C03C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 863DB2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F73ADDDC] spdy.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73ADE30] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7383042] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F738313E] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73830C0] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7383800] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73836D6] spdy.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 862592D8
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\avs2z3ic.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 863691F8
Device \FileSystem\Fastfat \FatCdrom 860A11F8
Device \Driver\PCI_PNP0834 \Device\00000043 spdy.sys
Device \Driver\usbuhci \Device\USBPDO-0 862581F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 863D91F8
Device \Driver\dmio \Device\DmControl\DmConfig 863D91F8
Device \Driver\dmio \Device\DmControl\DmPnP 863D91F8
Device \Driver\dmio \Device\DmControl\DmInfo 863D91F8
Device \Driver\usbuhci \Device\USBPDO-1 862581F8
Device \Driver\usbuhci \Device\USBPDO-2 862581F8
Device \Driver\usbuhci \Device\USBPDO-3 862581F8
Device \Driver\usbehci \Device\USBPDO-4 8622B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8636B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8636B1F8
Device \Driver\Cdrom \Device\CdRom0 8621F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8636B1F8
Device \Driver\Cdrom \Device\CdRom1 8621F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e [F72D6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\usbuhci \Device\USBFDO-0 862581F8
Device \Driver\usbuhci \Device\USBFDO-1 862581F8
Device \Driver\sptd \Device\156420834 spdy.sys
Device \Driver\usbuhci \Device\USBFDO-2 862581F8
Device \Driver\usbuhci \Device\USBFDO-3 862581F8
Device \Driver\usbehci \Device\USBFDO-4 8622B1F8
Device \Driver\Ftdisk \Device\FtControl 8636B1F8
Device \Driver\avs2z3ic \Device\Scsi\avs2z3ic1 8620D1F8
Device \Driver\avs2z3ic \Device\Scsi\avs2z3ic1Port3Path0Target0Lun0 8620D1F8
Device \FileSystem\Fastfat \Fat 860A11F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 860C2458

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0xA9 0xC3 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x76 0x65 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3B 0x56 0x3D 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x94 0xA9 0xC3 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x76 0x65 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3B 0x56 0x3D 0x01 ...

---- EOF - GMER 1.0.15 ----

hokage · #26 Příspěvek od **hokage** » 16 kvě 2010 17:56

Snad je to všechno...

1danab · #27 Příspěvek od **1danab** » 16 kvě 2010 18:09

C:\WINDOWS\system32\ntoskrnl.exe

otestujte na VIRUSTOTALu

jednoduchý návod: po načtení stránky, kliknout na Procházet, najít cestu k výše zmíněnému souboru a kliknout na tlačítko Odeslat soubor; pokud vyskočí hláška, že soubor byl už testován, ignorujte to a proveďte sken znova; po ukončení skenu sem vložte výsledky buď zkopírováním textu nebo vložením odkazu

hokage · #28 Příspěvek od **hokage** » 16 kvě 2010 18:23

tam je zase hrozně moc textu...
nestčilo by tohle:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.14 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.15 -
Avast 4.8.1351.0 2010.05.16 -
Avast5 5.0.332.0 2010.05.16 -
AVG 9.0.0.787 2010.05.16 -
BitDefender 7.2 2010.05.16 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.16 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.15 -
F-Secure 9.0.15370.0 2010.05.16 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.16 -
Ikarus T3.1.1.84.0 2010.05.16 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.16 -
McAfee 5.400.0.1158 2010.05.16 -
McAfee-GW-Edition 2010.1 2010.05.16 -
Microsoft 1.5703 2010.05.16 -
NOD32 5118 2010.05.16 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.16 -
Rising 22.47.06.04 2010.05.16 -
Sophos 4.53.0 2010.05.16 -
Sunbelt 6310 2010.05.16 -
Symantec 20101.1.0.89 2010.05.16 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.16 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.15 -
VirusBuster 5.0.27.0 2010.05.16 -

1danab · #29 Příspěvek od **1danab** » 16 kvě 2010 18:27

log je ok

v jakém stavu je momentálně pc teď?

hokage · #30 Příspěvek od **hokage** » 16 kvě 2010 18:29

Celou dobu jsem v NR...a v něm to jede

VIRY.CZ

Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...

Re: Silné zamrzání PC...