Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / Nadzor nad procesami w systemie / Process explorer IA64 2003 / procexp.exe / BINRES / 150 / COFF_SYMBOLS < prev next >
Unknown | 2006-01-06 | 3.9 KB
view JSON data |
view as text |
open on a Mac |
open on a PC

This file was not able to be converted.
This format is not currently supported by dexvert.
Confidence	Program	Detection	Match Type	Support
`100%`	file	data	default
hex view
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 40 63 6f 6d 70 2e 69 64 | 00 00 00 00 ff ff 00 00 |@comp.id|........|
|00000010| 03 00 24 54 37 30 32 33 | 00 00 48 03 00 00 01 00 |..$T7023|..H.....|
|00000020| 00 00 03 00 24 54 37 30 | 34 38 00 00 58 03 00 00 |....$T70|48..X...|
|00000030| 01 00 00 00 03 00 24 54 | 37 30 37 37 00 00 80 03 |......$T|7077....|
|00000040| 00 00 01 00 00 00 03 00 | 24 54 37 30 38 39 00 00 |........|$T7089..|
|00000050| 90 03 00 00 01 00 00 00 | 03 00 24 53 47 36 39 32 |........|..$SG692|
|00000060| 37 00 fe 0d 00 00 01 00 | 00 00 03 00 24 53 47 36 |7.......|....$SG6|
|00000070| 39 34 33 00 c6 0e 00 00 | 01 00 00 00 03 00 24 53 |943.....|......$S|
|00000080| 47 36 39 34 30 00 96 0e | 00 00 01 00 00 00 03 00 |G6940...|........|
|00000090| 24 53 47 36 39 33 37 00 | 6e 0e 00 00 01 00 00 00 |$SG6937.|n.......|
|000000a0| 03 00 40 63 6f 6d 70 2e | 69 64 00 00 00 00 ff ff |..@comp.|id......|
|000000b0| 00 00 03 00 24 52 30 30 | 30 30 30 30 a0 15 00 00 |....$R00|0000....|
|000000c0| 03 00 00 00 03 00 2e 69 | 64 61 74 61 24 36 fa 14 |.......i|data$6..|
|000000d0| 00 00 02 00 00 00 03 00 | 2e 74 65 78 74 00 00 00 |........|.text...|
|000000e0| f0 10 00 00 01 00 00 00 | 03 01 d1 00 00 00 04 00 |........|........|
|000000f0| 47 00 00 00 00 00 00 00 | 00 00 00 00 24 24 24 30 |G.......|....$$$0|
|00000100| 30 30 30 31 f8 10 00 00 | 01 00 20 00 03 01 0e 00 |0001....|.. .....|
|00000110| 00 00 00 00 00 00 ae 01 | 00 00 13 00 00 00 00 00 |........|........|
|00000120| 24 24 24 30 30 30 30 34 | c1 11 00 00 01 00 20 00 |$$$00004|...... .|
|00000130| 03 01 23 00 00 00 00 00 | 00 00 52 03 00 00 00 00 |..#.....|..R.....|
|00000140| 00 00 00 00 00 00 00 00 | d9 07 00 00 70 11 00 00 |........|....p...|
|00000150| 01 00 00 00 03 00 00 00 | 00 00 e6 07 00 00 7b 11 |........|......{.|
|00000160| 00 00 01 00 00 00 03 00 | 00 00 00 00 f2 07 00 00 |........|........|
|00000170| 9e 11 00 00 01 00 00 00 | 03 00 5f 6c 68 5f 74 6f |........|.._lh_to|
|00000180| 70 00 27 11 00 00 01 00 | 00 00 03 00 00 00 00 00 |p.'.....|........|
|00000190| fd 07 00 00 82 11 00 00 | 01 00 00 00 03 00 00 00 |........|........|
|000001a0| 00 00 07 08 00 00 89 11 | 00 00 01 00 00 00 03 00 |........|........|
|000001b0| 2e 74 65 78 74 00 00 00 | 30 10 00 00 01 00 00 00 |.text...|0.......|
|000001c0| 03 01 bf 00 00 00 04 00 | 3d 00 00 00 00 00 00 00 |........|=.......|
|000001d0| 00 00 00 00 00 00 00 00 | 15 08 00 00 48 10 00 00 |........|....H...|
|000001e0| 01 00 00 00 03 00 24 24 | 24 30 30 30 30 31 30 10 |......$$|$000010.|
|000001f0| 00 00 01 00 20 00 03 01 | 0f 00 00 00 00 00 00 00 |.... ...|........|
|00000200| 9c 01 00 00 14 00 00 00 | 00 00 24 24 24 30 30 30 |........|..$$$000|
|00000210| 30 33 50 10 00 00 01 00 | 20 00 03 01 1d 00 00 00 |03P.....| .......|
|00000220| 00 00 00 00 cc 01 00 00 | 22 00 00 00 00 00 00 00 |........|".......|
|00000230| 00 00 20 08 00 00 50 10 | 00 00 01 00 20 00 03 01 |.. ...P.|.... ...|
|00000240| 24 00 00 00 22 00 00 00 | d2 01 00 00 29 00 00 00 |$..."...|....)...|
|00000250| 00 00 24 24 24 30 30 30 | 30 35 72 10 00 00 01 00 |..$$$000|05r.....|
|00000260| 20 00 03 01 2b 00 00 00 | 00 00 00 00 08 02 00 00 | ...+...|........|
|00000270| 30 00 00 00 00 00 24 24 | 24 30 30 30 30 37 cc 10 |0.....$$|$00007..|
|00000280| 00 00 01 00 20 00 03 01 | 39 00 00 00 00 00 00 00 |.... ...|9.......|
|00000290| c2 02 00 00 3e 00 00 00 | 00 00 24 24 24 30 30 30 |....>...|..$$$000|
|000002a0| 30 39 ef 10 00 00 01 00 | 20 00 03 01 47 00 00 00 |09......| ...G...|
|000002b0| 00 00 00 00 04 03 00 00 | 00 00 00 00 00 00 5f 6c |........|......_l|
|000002c0| 75 5f 64 6f 6e 65 be 10 | 00 00 01 00 00 00 03 00 |u_done..|........|
|000002d0| 00 00 00 00 31 08 00 00 | 71 10 00 00 01 00 00 00 |....1...|q.......|
|000002e0| 03 00 00 00 00 00 3c 08 | 00 00 bc 10 00 00 01 00 |......<.|........|
|000002f0| 00 00 03 00 5f 6c 75 5f | 74 6f 70 00 8f 10 00 00 |...._lu_|top.....|
|00000300| 01 00 00 00 03 00 5f 61 | 74 5f 64 6f 6e 65 ee 10 |......_a|t_done..|
|00000310| 00 00 01 00 00 00 03 00 | 2e 69 64 61 74 61 24 36 |........|.idata$6|
|00000320| 30 15 00 00 02 00 00 00 | 03 00 68 65 61 64 65 72 |0.......|..header|
|00000330| 00 00 00 00 00 00 fe ff | 00 00 02 00 00 00 00 00 |........|........|
|00000340| 6f 01 00 00 00 00 00 00 | ff ff 00 00 02 00 00 00 |o.......|........|
|00000350| 00 00 6c 02 00 00 60 02 | 00 00 01 00 00 00 02 00 |..l...`.|........|
|00000360| 00 00 00 00 9b 02 00 00 | 64 02 00 00 01 00 00 00 |........|d.......|
|00000370| 02 00 00 00 00 00 c4 07 | 00 00 68 02 00 00 01 00 |........|..h.....|
|00000380| 00 00 02 00 00 00 00 00 | 53 01 00 00 6c 02 00 00 |........|S...l...|
|00000390| 01 00 00 00 02 00 00 00 | 00 00 8f 01 00 00 70 02 |........|......p.|
|000003a0| 00 00 01 00 00 00 02 00 | 00 00 00 00 a0 01 00 00 |........|........|
|000003b0| 74 02 00 00 01 00 00 00 | 02 00 00 00 00 00 bc 01 |t.......|........|
|000003c0| 00 00 78 02 00 00 01 00 | 00 00 02 00 00 00 00 00 |..x.....|........|
|000003d0| d4 01 00 00 7c 02 00 00 | 01 00 00 00 02 00 00 00 |....|...|........|
|000003e0| 00 00 ed 01 00 00 80 02 | 00 00 01 00 00 00 02 00 |........|........|
|000003f0| 00 00 00 00 0b 02 00 00 | 84 02 00 00 01 00 00 00 |........|........|
|00000400| 02 00 00 00 00 00 2f 02 | 00 00 88 02 00 00 01 00 |....../.|........|
|00000410| 00 00 02 00 00 00 00 00 | 48 02 00 00 8c 02 00 00 |........|H.......|
|00000420| 01 00 00 00 02 00 00 00 | 00 00 81 02 00 00 90 02 |........|........|
|00000430| 00 00 01 00 00 00 02 00 | 00 00 00 00 b0 02 00 00 |........|........|
|00000440| 94 02 00 00 01 00 00 00 | 02 00 00 00 00 00 d0 02 |........|........|
|00000450| 00 00 98 02 00 00 01 00 | 00 00 02 00 00 00 00 00 |........|........|
|00000460| 1e 06 00 00 9c 02 00 00 | 01 00 00 00 02 00 00 00 |........|........|
|00000470| 00 00 f4 02 00 00 9c 02 | 00 00 01 00 00 00 02 00 |........|........|
|00000480| 00 00 00 00 2c 01 00 00 | a0 02 00 00 01 00 00 00 |....,...|........|
|00000490| 02 00 00 00 00 00 20 03 | 00 00 a4 02 00 00 01 00 |...... .|........|
|000004a0| 00 00 02 00 00 00 00 00 | 3c 03 00 00 a8 02 00 00 |........|<.......|
|000004b0| 01 00 00 00 02 00 00 00 | 00 00 5d 03 00 00 ac 02 |........|..].....|
|000004c0| 00 00 01 00 00 00 02 00 | 00 00 00 00 78 03 00 00 |........|....x...|
|000004d0| b0 02 00 00 01 00 00 00 | 02 00 00 00 00 00 93 03 |........|........|
|000004e0| 00 00 b4 02 00 00 01 00 | 00 00 02 00 00 00 00 00 |........|........|
|000004f0| b4 03 00 00 b8 02 00 00 | 01 00 00 00 02 00 00 00 |........|........|
|00000500| 00 00 cc 03 00 00 bc 02 | 00 00 01 00 00 00 02 00 |........|........|
|00000510| 00 00 00 00 ea 03 00 00 | c0 02 00 00 01 00 00 00 |........|........|
|00000520| 02 00 00 00 00 00 08 04 | 00 00 c4 02 00 00 01 00 |........|........|
|00000530| 00 00 02 00 00 00 00 00 | 26 04 00 00 c8 02 00 00 |........|&.......|
|00000540| 01 00 00 00 02 00 00 00 | 00 00 3f 04 00 00 cc 02 |........|..?.....|
|00000550| 00 00 01 00 00 00 02 00 | 00 00 00 00 7a 07 00 00 |........|....z...|
|00000560| d0 02 00 00 01 00 00 00 | 02 00 00 00 00 00 1d 01 |........|........|
|00000570| 00 00 d4 02 00 00 01 00 | 00 00 02 00 00 00 00 00 |........|........|
|00000580| 03 03 00 00 d8 02 00 00 | 01 00 00 00 02 00 00 00 |........|........|
|00000590| 00 00 02 01 00 00 dc 02 | 00 00 01 00 00 00 02 00 |........|........|
|000005a0| 00 00 00 00 60 07 00 00 | e0 02 00 00 01 00 00 00 |....`...|........|
|000005b0| 02 00 00 00 00 00 13 00 | 00 00 9c 03 00 00 01 00 |........|........|
|000005c0| 20 00 02 00 00 00 00 00 | 32 00 00 00 5a 05 00 00 | .......|2...Z...|
|000005d0| 01 00 20 00 02 00 00 00 | 00 00 4b 00 00 00 aa 07 |.. .....|..K.....|
|000005e0| 00 00 01 00 20 00 02 00 | 00 00 00 00 5a 00 00 00 |.... ...|....Z...|
|000005f0| d2 07 00 00 01 00 20 00 | 02 00 00 00 00 00 70 00 |...... .|......p.|
|00000600| 00 00 78 08 00 00 01 00 | 20 00 02 00 00 00 00 00 |..x.....| .......|
|00000610| 8a 00 00 00 d0 08 00 00 | 01 00 20 00 02 00 00 00 |........|.. .....|
|00000620| 00 00 9e 00 00 00 38 09 | 00 00 01 00 20 00 02 00 |......8.|.... ...|
|00000630| 00 00 00 00 b5 00 00 00 | c2 09 00 00 01 00 20 00 |........|...... .|
|00000640| 02 00 00 00 00 00 c5 00 | 00 00 7a 0a 00 00 01 00 |........|..z.....|
|00000650| 20 00 02 00 00 00 00 00 | de 00 00 00 46 0d 00 00 | .......|....F...|
|00000660| 01 00 20 00 02 00 00 00 | 00 00 f1 00 00 00 2c 0e |.. .....|......,.|
|00000670| 00 00 01 00 20 00 02 00 | 00 00 00 00 04 00 00 00 |.... ...|........|
|00000680| 02 0f 00 00 01 00 20 00 | 02 00 00 00 00 00 d6 04 |...... .|........|
|00000690| 00 00 30 10 00 00 01 00 | 20 00 02 00 00 00 00 00 |..0.....| .......|
|000006a0| e7 04 00 00 72 10 00 00 | 01 00 20 00 02 00 00 00 |....r...|.. .....|
|000006b0| 00 00 f7 04 00 00 cc 10 | 00 00 01 00 20 00 02 00 |........|.... ...|
|000006c0| 00 00 00 00 7d 01 00 00 | f8 10 00 00 01 00 20 00 |....}...|...... .|
|000006d0| 02 00 00 00 00 00 0e 05 | 00 00 a6 11 00 00 01 00 |........|........|
|000006e0| 20 00 02 00 00 00 00 00 | c8 04 00 00 c2 11 00 00 | .......|........|
|000006f0| 01 00 20 00 02 00 00 00 | 00 00 74 04 00 00 e0 11 |.. .....|..t.....|
|00000700| 00 00 02 00 00 00 02 00 | 00 00 00 00 9d 07 00 00 |........|........|
|00000710| f4 11 00 00 02 00 00 00 | 02 00 00 00 00 00 47 07 |........|......G.|
|00000720| 00 00 08 12 00 00 02 00 | 00 00 02 00 65 6e 64 00 |........|....end.|
|00000730| 00 00 00 00 00 1a 00 00 | fe ff 00 00 02 00 49 08 |........|......I.|
|00000740| 00 00 5f 44 72 69 76 65 | 72 45 6e 74 72 79 40 38 |.._Drive|rEntry@8|
|00000750| 00 5f 50 72 6f 63 45 78 | 70 47 65 74 43 6f 6d 70 |._ProcEx|pGetComp|
|00000760| 6f 6e 65 6e 74 46 69 6c | 65 4e 61 6d 65 40 38 00 |onentFil|eName@8.|
|00000770| 5f 50 72 6f 63 45 78 70 | 47 65 74 4f 62 6a 65 63 |_ProcExp|GetObjec|
|00000780| 74 4e 61 6d 65 40 31 32 | 00 5f 50 72 6f 63 45 78 |tName@12|._ProcEx|
|00000790| 70 4f 70 65 6e 40 38 00 | 5f 50 72 6f 63 45 78 70 |pOpen@8.|_ProcExp|
|000007a0| 52 65 61 64 4b 73 74 61 | 63 6b 40 31 32 00 5f 50 |ReadKsta|ck@12._P|
|000007b0| 72 6f 63 45 78 70 47 65 | 74 4d 75 74 61 6e 74 4f |rocExpGe|tMutantO|
|000007c0| 77 6e 65 72 40 31 32 00 | 5f 50 72 6f 63 45 78 70 |wner@12.|_ProcExp|
|000007d0| 51 75 65 72 79 44 65 70 | 40 31 32 00 5f 50 72 6f |QueryDep|@12._Pro|
|000007e0| 63 45 78 70 47 65 74 4b | 63 6f 6e 74 65 78 74 40 |cExpGetK|context@|
|000007f0| 31 32 00 5f 50 72 6f 63 | 45 78 70 43 6c 6f 73 65 |12._Proc|ExpClose|
|00000800| 40 34 00 5f 50 72 6f 63 | 45 78 70 44 65 76 69 63 |@4._Proc|ExpDevic|
|00000810| 65 43 6f 6e 74 72 6f 6c | 40 33 36 00 5f 50 72 6f |eControl|@36._Pro|
|00000820| 63 45 78 70 44 69 73 70 | 61 74 63 68 40 38 00 5f |cExpDisp|atch@8._|
|00000830| 50 72 6f 63 45 78 70 55 | 6e 6c 6f 61 64 40 34 00 |ProcExpU|nload@4.|
|00000840| 5f 5f 69 6d 70 5f 5f 52 | 74 6c 46 72 65 65 41 6e |__imp__R|tlFreeAn|
|00000850| 73 69 53 74 72 69 6e 67 | 40 34 00 5f 5f 69 6d 70 |siString|@4.__imp|
|00000860| 5f 5f 73 74 72 6e 63 70 | 79 00 5f 5f 69 6d 70 5f |__strncp|y.__imp_|
|00000870| 5f 52 74 6c 55 6e 69 63 | 6f 64 65 53 74 72 69 6e |_RtlUnic|odeStrin|
|00000880| 67 54 6f 41 6e 73 69 53 | 74 72 69 6e 67 40 31 32 |gToAnsiS|tring@12|
|00000890| 00 5f 5f 69 6d 70 5f 5f | 4f 62 51 75 65 72 79 4e |.__imp__|ObQueryN|
|000008a0| 61 6d 65 53 74 72 69 6e | 67 40 31 36 00 5f 5f 65 |ameStrin|g@16.__e|
|000008b0| 78 63 65 70 74 5f 6c 69 | 73 74 00 5f 5f 65 78 63 |xcept_li|st.__exc|
|000008c0| 65 70 74 5f 68 61 6e 64 | 6c 65 72 33 00 5f 5f 69 |ept_hand|ler3.__i|
|000008d0| 6d 70 5f 5f 5a 77 43 6c | 6f 73 65 40 34 00 5f 5f |mp__ZwCl|ose@4.__|
|000008e0| 69 6d 70 5f 5f 5a 77 44 | 75 70 6c 69 63 61 74 65 |imp__ZwD|uplicate|
|000008f0| 4f 62 6a 65 63 74 40 32 | 38 00 5f 5f 69 6d 70 5f |Object@2|8.__imp_|
|00000900| 5f 5a 77 4f 70 65 6e 50 | 72 6f 63 65 73 73 40 31 |_ZwOpenP|rocess@1|
|00000910| 36 00 5f 5f 69 6d 70 5f | 5f 4b 65 44 65 74 61 63 |6.__imp_|_KeDetac|
|00000920| 68 50 72 6f 63 65 73 73 | 40 30 00 5f 5f 69 6d 70 |hProcess|@0.__imp|
|00000930| 5f 40 4f 62 66 44 65 72 | 65 66 65 72 65 6e 63 65 |_@ObfDer|eference|
|00000940| 4f 62 6a 65 63 74 40 34 | 00 5f 5f 69 6d 70 5f 5f |Object@4|.__imp__|
|00000950| 4f 62 52 65 66 65 72 65 | 6e 63 65 4f 62 6a 65 63 |ObRefere|nceObjec|
|00000960| 74 42 79 48 61 6e 64 6c | 65 40 32 34 00 5f 5f 69 |tByHandl|e@24.__i|
|00000970| 6d 70 5f 5f 4b 65 41 74 | 74 61 63 68 50 72 6f 63 |mp__KeAt|tachProc|
|00000980| 65 73 73 40 34 00 5f 5f | 69 6d 70 5f 5f 50 73 4c |ess@4.__|imp__PsL|
|00000990| 6f 6f 6b 75 70 50 72 6f | 63 65 73 73 42 79 50 72 |ookupPro|cessByPr|
|000009a0| 6f 63 65 73 73 49 64 40 | 38 00 5f 5f 69 6d 70 5f |ocessId@|8.__imp_|
|000009b0| 40 4b 66 4c 6f 77 65 72 | 49 72 71 6c 40 34 00 5f |@KfLower|Irql@4._|
|000009c0| 5f 69 6d 70 5f 5f 4d 6d | 49 73 41 64 64 72 65 73 |_imp__Mm|IsAddres|
|000009d0| 73 56 61 6c 69 64 40 34 | 00 5f 5f 69 6d 70 5f 40 |sValid@4|.__imp_@|
|000009e0| 4b 66 52 61 69 73 65 49 | 72 71 6c 40 34 00 5f 5f |KfRaiseI|rql@4.__|
|000009f0| 69 6d 70 5f 5f 4f 62 4f | 70 65 6e 4f 62 6a 65 63 |imp__ObO|penObjec|
|00000a00| 74 42 79 50 6f 69 6e 74 | 65 72 40 32 38 00 5f 5f |tByPoint|er@28.__|
|00000a10| 69 6d 70 5f 5f 5a 77 51 | 75 65 72 79 49 6e 66 6f |imp__ZwQ|ueryInfo|
|00000a20| 72 6d 61 74 69 6f 6e 50 | 72 6f 63 65 73 73 40 32 |rmationP|rocess@2|
|00000a30| 30 00 5f 4e 74 42 75 69 | 6c 64 4e 75 6d 62 65 72 |0._NtBui|ldNumber|
|00000a40| 00 5f 5f 69 6d 70 5f 5f | 5a 77 4f 70 65 6e 50 72 |.__imp__|ZwOpenPr|
|00000a50| 6f 63 65 73 73 54 6f 6b | 65 6e 40 31 32 00 5f 5f |ocessTok|en@12.__|
|00000a60| 69 6d 70 5f 40 49 6f 66 | 43 6f 6d 70 6c 65 74 65 |imp_@Iof|Complete|
|00000a70| 52 65 71 75 65 73 74 40 | 38 00 5f 5f 69 6d 70 5f |Request@|8.__imp_|
|00000a80| 5f 53 65 52 65 6c 65 61 | 73 65 53 75 62 6a 65 63 |_SeRelea|seSubjec|
|00000a90| 74 43 6f 6e 74 65 78 74 | 40 34 00 5f 5f 69 6d 70 |tContext|@4.__imp|
|00000aa0| 5f 5f 53 65 50 72 69 76 | 69 6c 65 67 65 43 68 65 |__SePriv|ilegeChe|
|00000ab0| 63 6b 40 31 32 00 5f 5f | 69 6d 70 5f 5f 45 78 47 |ck@12.__|imp__ExG|
|00000ac0| 65 74 50 72 65 76 69 6f | 75 73 4d 6f 64 65 40 30 |etPrevio|usMode@0|
|00000ad0| 00 5f 5f 69 6d 70 5f 5f | 53 65 43 61 70 74 75 72 |.__imp__|SeCaptur|
|00000ae0| 65 53 75 62 6a 65 63 74 | 43 6f 6e 74 65 78 74 40 |eSubject|Context@|
|00000af0| 34 00 5f 5f 69 6d 70 5f | 5f 49 6f 44 65 6c 65 74 |4.__imp_|_IoDelet|
|00000b00| 65 44 65 76 69 63 65 40 | 34 00 5f 5f 69 6d 70 5f |eDevice@|4.__imp_|
|00000b10| 5f 49 6f 44 65 6c 65 74 | 65 53 79 6d 62 6f 6c 69 |_IoDelet|eSymboli|
|00000b20| 63 4c 69 6e 6b 40 34 00 | 5f 5f 69 6d 70 5f 5f 52 |cLink@4.|__imp__R|
|00000b30| 74 6c 49 6e 69 74 55 6e | 69 63 6f 64 65 53 74 72 |tlInitUn|icodeStr|
|00000b40| 69 6e 67 40 38 00 5f 5f | 69 6d 70 5f 5f 49 6f 43 |ing@8.__|imp__IoC|
|00000b50| 72 65 61 74 65 53 79 6d | 62 6f 6c 69 63 4c 69 6e |reateSym|bolicLin|
|00000b60| 6b 40 38 00 5f 5f 69 6d | 70 5f 5f 49 6f 43 72 65 |k@8.__im|p__IoCre|
|00000b70| 61 74 65 44 65 76 69 63 | 65 40 32 38 00 5f 5f 69 |ateDevic|e@28.__i|
|00000b80| 6d 70 5f 5f 45 78 41 6c | 6c 6f 63 61 74 65 50 6f |mp__ExAl|locatePo|
|00000b90| 6f 6c 57 69 74 68 54 61 | 67 40 31 32 00 5f 52 74 |olWithTa|g@12._Rt|
|00000ba0| 6c 46 72 65 65 41 6e 73 | 69 53 74 72 69 6e 67 40 |lFreeAns|iString@|
|00000bb0| 34 00 5f 5f 49 4d 50 4f | 52 54 5f 44 45 53 43 52 |4.__IMPO|RT_DESCR|
|00000bc0| 49 50 54 4f 52 5f 6e 74 | 6f 73 6b 72 6e 6c 00 5f |IPTOR_nt|oskrnl._|
|00000bd0| 52 74 6c 55 6e 69 63 6f | 64 65 53 74 72 69 6e 67 |RtlUnico|deString|
|00000be0| 54 6f 41 6e 73 69 53 74 | 72 69 6e 67 40 31 32 00 |ToAnsiSt|ring@12.|
|00000bf0| 5f 4f 62 51 75 65 72 79 | 4e 61 6d 65 53 74 72 69 |_ObQuery|NameStri|
|00000c00| 6e 67 40 31 36 00 5f 52 | 74 6c 55 6e 77 69 6e 64 |ng@16._R|tlUnwind|
|00000c10| 40 31 36 00 5f 5f 67 6c | 6f 62 61 6c 5f 75 6e 77 |@16.__gl|obal_unw|
|00000c20| 69 6e 64 32 00 5f 5f 6c | 6f 63 61 6c 5f 75 6e 77 |ind2.__l|ocal_unw|
|00000c30| 69 6e 64 32 00 5f 5f 61 | 62 6e 6f 72 6d 61 6c 5f |ind2.__a|bnormal_|
|00000c40| 74 65 72 6d 69 6e 61 74 | 69 6f 6e 00 5f 5f 73 65 |terminat|ion.__se|
|00000c50| 68 5f 6c 6f 6e 67 6a 6d | 70 5f 75 6e 77 69 6e 64 |h_longjm|p_unwind|
|00000c60| 40 34 00 5f 5a 77 43 6c | 6f 73 65 40 34 00 5f 5a |@4._ZwCl|ose@4._Z|
|00000c70| 77 44 75 70 6c 69 63 61 | 74 65 4f 62 6a 65 63 74 |wDuplica|teObject|
|00000c80| 40 32 38 00 5f 5a 77 4f | 70 65 6e 50 72 6f 63 65 |@28._ZwO|penProce|
|00000c90| 73 73 40 31 36 00 5f 4b | 65 44 65 74 61 63 68 50 |ss@16._K|eDetachP|
|00000ca0| 72 6f 63 65 73 73 40 30 | 00 40 4f 62 66 44 65 72 |rocess@0|.@ObfDer|
|00000cb0| 65 66 65 72 65 6e 63 65 | 4f 62 6a 65 63 74 40 34 |eference|Object@4|
|00000cc0| 00 5f 4f 62 52 65 66 65 | 72 65 6e 63 65 4f 62 6a |._ObRefe|renceObj|
|00000cd0| 65 63 74 42 79 48 61 6e | 64 6c 65 40 32 34 00 5f |ectByHan|dle@24._|
|00000ce0| 4b 65 41 74 74 61 63 68 | 50 72 6f 63 65 73 73 40 |KeAttach|Process@|
|00000cf0| 34 00 5f 50 73 4c 6f 6f | 6b 75 70 50 72 6f 63 65 |4._PsLoo|kupProce|
|00000d00| 73 73 42 79 50 72 6f 63 | 65 73 73 49 64 40 38 00 |ssByProc|essId@8.|
|00000d10| 5f 4d 6d 49 73 41 64 64 | 72 65 73 73 56 61 6c 69 |_MmIsAdd|ressVali|
|00000d20| 64 40 34 00 5f 4f 62 4f | 70 65 6e 4f 62 6a 65 63 |d@4._ObO|penObjec|
|00000d30| 74 42 79 50 6f 69 6e 74 | 65 72 40 32 38 00 5f 5a |tByPoint|er@28._Z|
|00000d40| 77 51 75 65 72 79 49 6e | 66 6f 72 6d 61 74 69 6f |wQueryIn|formatio|
|00000d50| 6e 50 72 6f 63 65 73 73 | 40 32 30 00 5f 5f 69 6d |nProcess|@20.__im|
|00000d60| 70 5f 5f 4e 74 42 75 69 | 6c 64 4e 75 6d 62 65 72 |p__NtBui|ldNumber|
|00000d70| 00 5f 5a 77 4f 70 65 6e | 50 72 6f 63 65 73 73 54 |._ZwOpen|ProcessT|
|00000d80| 6f 6b 65 6e 40 31 32 00 | 40 49 6f 66 43 6f 6d 70 |oken@12.|@IofComp|
|00000d90| 6c 65 74 65 52 65 71 75 | 65 73 74 40 38 00 5f 53 |leteRequ|est@8._S|
|00000da0| 65 52 65 6c 65 61 73 65 | 53 75 62 6a 65 63 74 43 |eRelease|SubjectC|
|00000db0| 6f 6e 74 65 78 74 40 34 | 00 5f 53 65 50 72 69 76 |ontext@4|._SePriv|
|00000dc0| 69 6c 65 67 65 43 68 65 | 63 6b 40 31 32 00 5f 45 |ilegeChe|ck@12._E|
|00000dd0| 78 47 65 74 50 72 65 76 | 69 6f 75 73 4d 6f 64 65 |xGetPrev|iousMode|
|00000de0| 40 30 00 5f 53 65 43 61 | 70 74 75 72 65 53 75 62 |@0._SeCa|ptureSub|
|00000df0| 6a 65 63 74 43 6f 6e 74 | 65 78 74 40 34 00 5f 49 |jectCont|ext@4._I|
|00000e00| 6f 44 65 6c 65 74 65 44 | 65 76 69 63 65 40 34 00 |oDeleteD|evice@4.|
|00000e10| 5f 49 6f 44 65 6c 65 74 | 65 53 79 6d 62 6f 6c 69 |_IoDelet|eSymboli|
|00000e20| 63 4c 69 6e 6b 40 34 00 | 5f 52 74 6c 49 6e 69 74 |cLink@4.|_RtlInit|
|00000e30| 55 6e 69 63 6f 64 65 53 | 74 72 69 6e 67 40 38 00 |UnicodeS|tring@8.|
|00000e40| 5f 49 6f 43 72 65 61 74 | 65 53 79 6d 62 6f 6c 69 |_IoCreat|eSymboli|
|00000e50| 63 4c 69 6e 6b 40 38 00 | 5f 49 6f 43 72 65 61 74 |cLink@8.|_IoCreat|
|00000e60| 65 44 65 76 69 63 65 40 | 32 38 00 5f 45 78 41 6c |eDevice@|28._ExAl|
|00000e70| 6c 6f 63 61 74 65 50 6f | 6f 6c 57 69 74 68 54 61 |locatePo|olWithTa|
|00000e80| 67 40 31 32 00 5f 5f 4e | 55 4c 4c 5f 49 4d 50 4f |g@12.__N|ULL_IMPO|
|00000e90| 52 54 5f 44 45 53 43 52 | 49 50 54 4f 52 00 7f 6e |RT_DESCR|IPTOR..n|
|00000ea0| 74 6f 73 6b 72 6e 6c 5f | 4e 55 4c 4c 5f 54 48 55 |toskrnl_|NULL_THU|
|00000eb0| 4e 4b 5f 44 41 54 41 00 | 5f 5f 69 6d 70 5f 5f 52 |NK_DATA.|__imp__R|
|00000ec0| 74 6c 55 6e 77 69 6e 64 | 40 31 36 00 40 4b 66 4c |tlUnwind|@16.@KfL|
|00000ed0| 6f 77 65 72 49 72 71 6c | 40 34 00 5f 5f 49 4d 50 |owerIrql|@4.__IMP|
|00000ee0| 4f 52 54 5f 44 45 53 43 | 52 49 50 54 4f 52 5f 48 |ORT_DESC|RIPTOR_H|
|00000ef0| 41 4c 00 40 4b 66 52 61 | 69 73 65 49 72 71 6c 40 |AL.@KfRa|iseIrql@|
|00000f00| 34 00 7f 48 41 4c 5f 4e | 55 4c 4c 5f 54 48 55 4e |4..HAL_N|ULL_THUN|
|00000f10| 4b 5f 44 41 54 41 00 5f | 6c 68 5f 63 6f 6e 74 69 |K_DATA._|lh_conti|
|00000f20| 6e 75 65 00 5f 6c 68 5f | 64 69 73 6d 69 73 73 00 |nue._lh_|dismiss.|
|00000f30| 5f 6c 68 5f 72 65 74 75 | 72 6e 00 5f 6c 68 5f 62 |_lh_retu|rn._lh_b|
|00000f40| 61 67 69 74 00 5f 6c 68 | 5f 75 6e 77 69 6e 64 69 |agit._lh|_unwindi|
|00000f50| 6e 67 00 5f 67 75 5f 72 | 65 74 75 72 6e 00 5f 5f |ng._gu_r|eturn.__|
|00000f60| 75 6e 77 69 6e 64 5f 68 | 61 6e 64 6c 65 72 00 5f |unwind_h|andler._|
|00000f70| 75 68 5f 72 65 74 75 72 | 6e 00 5f 6c 75 5f 63 6f |uh_retur|n._lu_co|
|00000f80| 6e 74 69 6e 75 65 00    |                         |ntinue. |        |
+--------+-------------------------+-------------------------+--------+--------+