PC World Komputer 2010 April

home *** CD-ROM | disk | FTP | other *** search
/ PC World Komputer 2010 April / PCWorld0410.iso / WindowsServerTrial / server.iso / sources / install.wim / 2 / Windows / System32 / drivers / ksecdd.sys / INIT < prev next >
Unknown | 2008-01-19 | 5.5 KB
open in:
MacOS 8.1 |
Win98 |
DOS
view JSON data |
view as text

This file was not able to be converted.
This format is not currently supported by dexvert.
Confidence	Program	Detection	Match Type	Support
`100%`	file	data	default
hex view
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 00 00 00 00 00 00 8b ff | 55 8b ec 51 53 56 8b 75 |........|U..QSV.u|
|00000010| 08 57 b8 02 93 04 00 33 | db 6a 70 53 bf 28 39 04 |.W.....3|.jpS.(9.|
|00000020| 00 57 89 5d fc 89 46 38 | 89 46 40 89 46 44 89 46 |.W.]..F8|.F@.FD.F|
|00000030| 48 89 46 4c 89 46 60 89 | 46 70 e8 27 88 f9 ff c7 |H.FL.F`.|Fp.'....|
|00000040| 05 28 39 04 00 70 00 00 | 00 c7 05 50 39 04 00 2e |.(9..p..|...P9...|
|00000050| 37 01 00 83 c4 0c 89 7e | 28 e8 26 7d f9 ff 8b f8 |7......~|(.&}....|
|00000060| 3b fb 0f 8c e2 01 00 00 | ff 15 38 20 03 00 50 a3 |;.......|..8 ..P.|
|00000070| a4 39 04 00 ff 15 90 20 | 03 00 68 a0 39 04 00 53 |.9..... |..h.9..S|
|00000080| 53 68 40 04 00 00 53 68 | 00 02 00 00 ff 35 a4 39 |Sh@...Sh|.....5.9|
|00000090| 04 00 a3 9c 39 04 00 ff | 15 6c 20 03 00 8b f8 3b |....9...|.l ....;|
|000000a0| fb 0f 8c a3 01 00 00 8d | 45 fc 50 53 68 00 01 00 |........|E.PSh...|
|000000b0| 00 6a 39 68 74 e1 03 00 | 53 56 ff 15 8c 20 03 00 |.j9ht...|SV... ..|
|000000c0| 8b f8 3b fb 0f 8c 74 01 | 00 00 ff 75 fc e8 2a de |..;...t.|...u..*.|
|000000d0| fc ff 8b f8 3b fb 0f 8c | 59 01 00 00 e8 91 01 00 |....;...|Y.......|
|000000e0| 00 84 c0 75 20 39 1d 20 | 39 04 00 74 0e 68 f0 b3 |...u 9. |9..t.h..|
|000000f0| 07 00 6a 01 e8 f5 60 ff | ff 59 59 bf 9a 00 00 c0 |..j...`.|.YY.....|
|00000100| e9 30 01 00 00 8b 35 5c | 20 03 00 33 ff 53 47 57 |.0....5\| ..3.SGW|
|00000110| 89 3d 08 3a 04 00 68 14 | 3a 04 00 89 1d 0c 3a 04 |.=.:..h.|:.....:.|
|00000120| 00 89 1d 10 3a 04 00 ff | d6 53 57 68 e0 39 04 00 |....:...|.SWh.9..|
|00000130| 89 3d d4 39 04 00 89 1d | d8 39 04 00 89 1d dc 39 |.=.9....|.9.....9|
|00000140| 04 00 ff d6 53 53 68 f4 | 39 04 00 ff d6 a1 88 20 |....SSh.|9...... |
|00000150| 03 00 8b 00 a3 a8 39 04 | 00 e8 26 0b fd ff 53 e8 |......9.|..&...S.|
|00000160| 15 0d fd ff e8 e9 9d fd | ff 8b f8 3b fb 7d 21 39 |........|...;.}!9|
|00000170| 1d 20 39 04 00 0f 84 b4 | 00 00 00 57 68 ba b3 07 |. 9.....|...Wh...|
|00000180| 00 6a 04 e8 66 60 ff ff | 83 c4 0c e9 9f 00 00 00 |.j..f`..|........|
|00000190| e8 cf 33 fd ff 8b f8 3b | fb 74 1e 39 1d 20 39 04 |..3....;|.t.9. 9.|
|000001a0| 00 0f 84 83 00 00 00 57 | 68 88 b3 07 00 6a 04 e8 |.......W|h....j..|
|000001b0| 3a 60 ff ff 83 c4 0c eb | 71 53 be 8e 8f 04 00 56 |:`......|qS.....V|
|000001c0| e8 b9 86 f9 ff 3b c3 7c | 09 c6 05 ad 39 04 00 01 |.....;.||....9...|
|000001d0| eb 18 39 1d 20 39 04 00 | 74 10 50 68 4a b3 07 00 |..9. 9..|t.PhJ...|
|000001e0| 6a 04 e8 07 60 ff ff 83 | c4 0c 6a 01 68 20 24 03 |j...`...|..j.h $.|
|000001f0| 00 ff 15 80 20 03 00 8b | f8 3b fb 7d 51 39 1d 20 |.... ...|.;.}Q9. |
|00000200| 39 04 00 74 10 57 68 04 | b3 07 00 6a 04 e8 dc 5f |9..t.Wh.|...j..._|
|00000210| ff ff 83 c4 0c e8 54 33 | fd ff 38 1d ad 39 04 00 |......T3|..8..9..|
|00000220| 74 08 6a 01 56 e8 54 86 | f9 ff e8 af 9d fd ff 53 |t.j.V.T.|.......S|
|00000230| e8 86 0c fd ff ff 75 fc | ff 15 7c 20 03 00 ff 35 |......u.|..| ...5|
|00000240| a0 39 04 00 ff 15 34 21 | 03 00 8b c7 eb 18 39 1d |.9....4!|......9.|
|00000250| 20 39 04 00 74 0e 68 e4 | b2 07 00 6a 04 e8 8c 5f | 9..t.h.|...j..._|
|00000260| ff ff 59 59 33 c0 5f 5e | 5b c9 c2 08 00 cc cc cc |..YY3._^|[.......|
|00000270| cc cc 33 c0 50 6a 01 68 | 3c 3a 04 00 c7 05 30 3a |..3.Pj.h|<:....0:|
|00000280| 04 00 01 00 00 00 a3 34 | 3a 04 00 a3 38 3a 04 00 |.......4|:...8:..|
|00000290| ff 15 5c 20 03 00 c6 05 | 50 3a 04 00 01 b0 01 c3 |..\ ....|P:......|
|000002a0| cc cc cc cc cc 8b ff 55 | 8b ec a1 58 e3 03 00 85 |.......U|...X....|
|000002b0| c0 b9 4e e6 40 bb 74 04 | 3b c1 75 1a a1 20 21 03 |..N.@.t.|;.u.. !.|
|000002c0| 00 8b 00 35 58 e3 03 00 | a3 58 e3 03 00 75 07 8b |...5X...|.X...u..|
|000002d0| c1 a3 58 e3 03 00 f7 d0 | a3 5c e3 03 00 5d e9 23 |..X.....|.\...].#|
|000002e0| fd ff ff cc 53 65 63 75 | 72 69 74 79 20 64 65 76 |....Secu|rity dev|
|000002f0| 69 63 65 20 64 72 69 76 | 65 72 20 6c 6f 61 64 65 |ice driv|er loade|
|00000300| 64 0a 00 cc 54 68 65 20 | 64 72 69 76 65 72 20 66 |d...The |driver f|
|00000310| 61 69 6c 65 64 20 74 6f | 20 69 6e 73 74 61 6c 6c |ailed to| install|
|00000320| 20 74 68 65 20 61 75 74 | 68 65 6e 74 69 63 61 74 | the aut|henticat|
|00000330| 69 6f 6e 20 63 61 6c 6c | 62 61 63 6b 20 74 61 62 |ion call|back tab|
|00000340| 6c 65 3a 20 30 78 25 78 | 0a 00 54 68 65 20 64 72 |le: 0x%x|..The dr|
|00000350| 69 76 65 72 20 66 61 69 | 6c 65 64 20 74 6f 20 65 |iver fai|led to e|
|00000360| 6e 61 62 6c 65 20 69 74 | 73 20 70 72 6f 63 65 73 |nable it|s proces|
|00000370| 73 2d 6e 6f 74 69 66 79 | 20 72 6f 75 74 69 6e 65 |s-notify| routine|
|00000380| 3a 20 30 78 25 78 0a 00 | 54 68 65 20 64 72 69 76 |: 0x%x..|The driv|
|00000390| 65 72 20 66 61 69 6c 65 | 64 20 74 68 65 20 61 6c |er faile|d the al|
|000003a0| 67 6f 72 69 74 68 6d 20 | 73 65 6c 66 20 74 65 73 |gorithm |self tes|
|000003b0| 74 3a 20 30 78 25 78 0a | 00 cc 54 68 65 20 64 72 |t: 0x%x.|..The dr|
|000003c0| 69 76 65 72 20 66 61 69 | 6c 65 64 20 74 68 65 20 |iver fai|led the |
|000003d0| 43 4e 47 20 69 6e 69 74 | 69 61 6c 69 7a 61 74 69 |CNG init|ializati|
|000003e0| 6f 6e 20 74 65 73 74 3a | 20 30 78 25 78 0a 00 cc |on test:| 0x%x...|
|000003f0| 46 61 69 6c 65 64 20 74 | 6f 20 69 6e 69 74 69 61 |Failed t|o initia|
|00000400| 6c 69 7a 65 0a 00 5c 00 | 44 00 65 00 76 00 69 00 |lize..\.|D.e.v.i.|
|00000410| 63 00 65 00 5c 00 4b 00 | 73 00 65 00 63 00 44 00 |c.e.\.K.|s.e.c.D.|
|00000420| 44 00 00 00 74 b4 06 00 | 00 00 00 00 00 00 00 00 |D...t...|........|
|00000430| b2 bd 06 00 14 20 02 00 | 60 b4 06 00 00 00 00 00 |..... ..|`.......|
|00000440| 00 00 00 00 20 be 06 00 | 00 20 02 00 00 00 00 00 |.... ...|. ......|
|00000450| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00000460| 0c be 06 00 f8 bd 06 00 | e2 bd 06 00 cc bd 06 00 |........|........|
|00000470| 00 00 00 00 24 b7 06 00 | 3e b7 06 00 4e b7 06 00 |....$...|>...N...|
|00000480| 58 b7 06 00 62 b7 06 00 | 7a b7 06 00 88 b7 06 00 |X...b...|z.......|
|00000490| a0 b7 06 00 b8 b7 06 00 | d4 b7 06 00 ea b7 06 00 |........|........|
|000004a0| 04 b8 06 00 20 b8 06 00 | 38 b8 06 00 54 b8 06 00 |.... ...|8...T...|
|000004b0| 64 b8 06 00 7e b8 06 00 | 96 b8 06 00 b6 b8 06 00 |d...~...|........|
|000004c0| ca b8 06 00 e0 b8 06 00 | ee b8 06 00 0c b9 06 00 |........|........|
|000004d0| 24 b9 06 00 3a b9 06 00 | 50 b9 06 00 70 b9 06 00 |$...:...|P...p...|
|000004e0| 82 b9 06 00 a0 b9 06 00 | c2 b9 06 00 d8 b9 06 00 |........|........|
|000004f0| ea b9 06 00 fc b9 06 00 | 10 ba 06 00 2a ba 06 00 |........|....*...|
|00000500| 0c b7 06 00 60 ba 06 00 | 6c ba 06 00 84 ba 06 00 |....`...|l.......|
|00000510| 92 ba 06 00 aa ba 06 00 | be ba 06 00 da ba 06 00 |........|........|
|00000520| f8 ba 06 00 0e bb 06 00 | 2a bb 06 00 42 bb 06 00 |........|*...B...|
|00000530| 5e bb 06 00 88 bb 06 00 | bc bb 06 00 d8 bb 06 00 |^.......|........|
|00000540| fa bb 06 00 16 bc 06 00 | 30 bc 06 00 4a bc 06 00 |........|0...J...|
|00000550| 6a bc 06 00 82 bc 06 00 | 9c bc 06 00 b4 bc 06 00 |j.......|........|
|00000560| cc bc 06 00 e2 bc 06 00 | fa bc 06 00 0e bd 06 00 |........|........|
|00000570| 2c bd 06 00 48 bd 06 00 | 60 bd 06 00 7c bd 06 00 |,...H...|`...|...|
|00000580| 94 bd 06 00 a2 bd 06 00 | c0 bd 06 00 fe b6 06 00 |........|........|
|00000590| e6 b6 06 00 dc b6 06 00 | cc b6 06 00 40 ba 06 00 |........|....@...|
|000005a0| 28 be 06 00 40 be 06 00 | 58 be 06 00 6c be 06 00 |(...@...|X...l...|
|000005b0| 84 be 06 00 a0 be 06 00 | aa be 06 00 c6 be 06 00 |........|........|
|000005c0| e4 be 06 00 fc be 06 00 | 14 bf 06 00 22 bf 06 00 |........|...."...|
|000005d0| 34 bf 06 00 44 bf 06 00 | 66 bf 06 00 7e bf 06 00 |4...D...|f...~...|
|000005e0| 96 bf 06 00 a2 bf 06 00 | ae bf 06 00 b8 bf 06 00 |........|........|
|000005f0| d2 bf 06 00 e2 bf 06 00 | fe bf 06 00 20 c0 06 00 |........|.... ...|
|00000600| 3c c0 06 00 5e c0 06 00 | 80 c0 06 00 92 c0 06 00 |<...^...|........|
|00000610| a6 c0 06 00 c6 c0 06 00 | d0 c0 06 00 dc c0 06 00 |........|........|
|00000620| ec c0 06 00 f6 c0 06 00 | 14 c1 06 00 1e c1 06 00 |........|........|
|00000630| 28 c1 06 00 3c c1 06 00 | 5a c1 06 00 74 c1 06 00 |(...<...|Z...t...|
|00000640| 80 c1 06 00 8c c1 06 00 | ac c1 06 00 c0 c1 06 00 |........|........|
|00000650| ce c1 06 00 da c1 06 00 | f4 c1 06 00 0a c2 06 00 |........|........|
|00000660| 1c c2 06 00 2c c2 06 00 | 44 c2 06 00 52 c2 06 00 |....,...|D...R...|
|00000670| 6e c2 06 00 86 c2 06 00 | 94 c2 06 00 b6 c2 06 00 |n.......|........|
|00000680| d2 c2 06 00 e0 c2 06 00 | f8 c2 06 00 10 c3 06 00 |........|........|
|00000690| 26 c3 06 00 4e c3 06 00 | 6c c3 06 00 80 c3 06 00 |&...N...|l.......|
|000006a0| 92 c3 06 00 a8 c3 06 00 | b6 c3 06 00 d2 c3 06 00 |........|........|
|000006b0| ee c3 06 00 0c c4 06 00 | 2e c4 06 00 3a c4 06 00 |........|....:...|
|000006c0| 4a c4 06 00 56 c4 06 00 | 00 00 00 00 b1 06 5a 77 |J...V...|......Zw|
|000006d0| 43 6f 6e 6e 65 63 74 50 | 6f 72 74 00 ad 06 5a 77 |ConnectP|ort...Zw|
|000006e0| 43 6c 6f 73 65 00 42 07 | 5a 77 57 61 69 74 46 6f |Close.B.|ZwWaitFo|
|000006f0| 72 53 69 6e 67 6c 65 4f | 62 6a 65 63 74 00 e3 06 |rSingleO|bject...|
|00000700| 5a 77 4f 70 65 6e 45 76 | 65 6e 74 00 5f 05 52 74 |ZwOpenEv|ent._.Rt|
|00000710| 6c 49 6e 69 74 55 6e 69 | 63 6f 64 65 53 74 72 69 |lInitUni|codeStri|
|00000720| 6e 67 00 00 1e 07 5a 77 | 52 65 71 75 65 73 74 57 |ng....Zw|RequestW|
|00000730| 61 69 74 52 65 70 6c 79 | 50 6f 72 74 00 00 95 05 |aitReply|Port....|
|00000740| 52 74 6c 4c 65 6e 67 74 | 68 53 69 64 00 00 80 07 |RtlLengt|hSid....|
|00000750| 6d 65 6d 73 65 74 00 00 | 7e 07 6d 65 6d 63 70 79 |memset..|~.memcpy|
|00000760| 00 00 ff 04 52 74 6c 43 | 6f 70 79 55 6e 69 63 6f |....RtlC|opyUnico|
|00000770| 64 65 53 74 72 69 6e 67 | 00 00 fc 04 52 74 6c 43 |deString|....RtlC|
|00000780| 6f 70 79 53 69 64 00 00 | 6d 00 45 78 41 6c 6c 6f |opySid..|m.ExAllo|
|00000790| 63 61 74 65 50 6f 6f 6c | 57 69 74 68 54 61 67 00 |catePool|WithTag.|
|000007a0| 60 03 4c 70 63 52 65 70 | 6c 79 57 61 69 74 52 65 |`.LpcRep|lyWaitRe|
|000007b0| 70 6c 79 50 6f 72 74 00 | 8d 04 50 73 47 65 74 50 |plyPort.|..PsGetP|
|000007c0| 72 6f 63 65 73 73 53 65 | 63 75 72 69 74 79 50 6f |rocessSe|curityPo|
|000007d0| 72 74 00 00 70 04 50 73 | 47 65 74 43 75 72 72 65 |rt..p.Ps|GetCurre|
|000007e0| 6e 74 50 72 6f 63 65 73 | 73 00 62 03 4c 70 63 52 |ntProces|s.b.LpcR|
|000007f0| 65 71 75 65 73 74 57 61 | 69 74 52 65 70 6c 79 50 |equestWa|itReplyP|
|00000800| 6f 72 74 00 37 04 4f 62 | 52 65 66 65 72 65 6e 63 |ort.7.Ob|Referenc|
|00000810| 65 4f 62 6a 65 63 74 42 | 79 48 61 6e 64 6c 65 00 |eObjectB|yHandle.|
|00000820| 41 04 4f 62 66 44 65 72 | 65 66 65 72 65 6e 63 65 |A.ObfDer|eference|
|00000830| 4f 62 6a 65 63 74 00 00 | c2 04 50 73 53 65 74 50 |Object..|..PsSetP|
|00000840| 72 6f 63 65 73 73 53 65 | 63 75 72 69 74 79 50 6f |rocessSe|curityPo|
|00000850| 72 74 00 00 24 04 4f 62 | 43 6c 6f 73 65 48 61 6e |rt..$.Ob|CloseHan|
|00000860| 64 6c 65 00 42 03 4b 65 | 55 6e 73 74 61 63 6b 44 |dle.B.Ke|UnstackD|
|00000870| 65 74 61 63 68 50 72 6f | 63 65 73 73 00 00 39 03 |etachPro|cess..9.|
|00000880| 4b 65 53 74 61 63 6b 41 | 74 74 61 63 68 50 72 6f |KeStackA|ttachPro|
|00000890| 63 65 73 73 00 00 3f 04 | 4f 62 53 65 74 53 65 63 |cess..?.|ObSetSec|
|000008a0| 75 72 69 74 79 4f 62 6a | 65 63 74 42 79 50 6f 69 |urityObj|ectByPoi|
|000008b0| 6e 74 65 72 00 00 d9 02 | 4b 65 49 6e 69 74 69 61 |nter....|KeInitia|
|000008c0| 6c 69 7a 65 45 76 65 6e | 74 00 c8 02 4b 65 47 65 |lizeEven|t...KeGe|
|000008d0| 74 43 75 72 72 65 6e 74 | 54 68 72 65 61 64 00 00 |tCurrent|Thread..|
|000008e0| 3d 00 44 62 67 50 72 69 | 6e 74 45 78 00 00 a6 04 |=.DbgPri|ntEx....|
|000008f0| 50 73 4c 6f 6f 6b 75 70 | 50 72 6f 63 65 73 73 42 |PsLookup|ProcessB|
|00000900| 79 50 72 6f 63 65 73 73 | 49 64 00 00 34 04 4f 62 |yProcess|Id..4.Ob|
|00000910| 4f 70 65 6e 4f 62 6a 65 | 63 74 42 79 50 6f 69 6e |OpenObje|ctByPoin|
|00000920| 74 65 72 00 42 04 4f 62 | 66 52 65 66 65 72 65 6e |ter.B.Ob|fReferen|
|00000930| 63 65 4f 62 6a 65 63 74 | 00 00 96 02 49 6f 66 43 |ceObject|....IofC|
|00000940| 6f 6d 70 6c 65 74 65 52 | 65 71 75 65 73 74 00 00 |ompleteR|equest..|
|00000950| 9b 03 4d 6d 4d 61 70 4c | 6f 63 6b 65 64 50 61 67 |..MmMapL|ockedPag|
|00000960| 65 73 53 70 65 63 69 66 | 79 43 61 63 68 65 00 00 |esSpecif|yCache..|
|00000970| e6 01 49 6f 44 65 6c 65 | 74 65 44 65 76 69 63 65 |..IoDele|teDevice|
|00000980| 00 00 4a 06 53 65 53 65 | 74 41 75 74 68 6f 72 69 |..J.SeSe|tAuthori|
|00000990| 7a 61 74 69 6f 6e 43 61 | 6c 6c 62 61 63 6b 73 00 |zationCa|llbacks.|
|000009a0| b9 04 50 73 53 65 74 43 | 72 65 61 74 65 50 72 6f |..PsSetC|reatePro|
|000009b0| 63 65 73 73 4e 6f 74 69 | 66 79 52 6f 75 74 69 6e |cessNoti|fyRoutin|
|000009c0| 65 00 c1 03 4d 6d 55 73 | 65 72 50 72 6f 62 65 41 |e...MmUs|erProbeA|
|000009d0| 64 64 72 65 73 73 00 00 | d1 01 49 6f 43 72 65 61 |ddress..|..IoCrea|
|000009e0| 74 65 44 65 76 69 63 65 | 00 00 86 04 50 73 47 65 |teDevice|....PsGe|
|000009f0| 74 50 72 6f 63 65 73 73 | 49 64 00 00 85 00 45 78 |tProcess|Id....Ex|
|00000a00| 46 72 65 65 50 6f 6f 6c | 57 69 74 68 54 61 67 00 |FreePool|WithTag.|
|00000a10| 98 06 5a 77 41 6c 6c 6f | 63 61 74 65 56 69 72 74 |..ZwAllo|cateVirt|
|00000a20| 75 61 6c 4d 65 6d 6f 72 | 79 00 d2 06 5a 77 46 72 |ualMemor|y...ZwFr|
|00000a30| 65 65 56 69 72 74 75 61 | 6c 4d 65 6d 6f 72 79 00 |eeVirtua|lMemory.|
|00000a40| 9f 05 52 74 6c 4d 61 70 | 53 65 63 75 72 69 74 79 |..RtlMap|Security|
|00000a50| 45 72 72 6f 72 54 6f 4e | 74 53 74 61 74 75 73 00 |ErrorToN|tStatus.|
|00000a60| 2e 06 53 65 45 78 70 6f | 72 74 73 00 48 03 4b 65 |..SeExpo|rts.H.Ke|
|00000a70| 57 61 69 74 46 6f 72 53 | 69 6e 67 6c 65 4f 62 6a |WaitForS|ingleObj|
|00000a80| 65 63 74 00 2a 03 4b 65 | 53 65 74 45 76 65 6e 74 |ect.*.Ke|SetEvent|
|00000a90| 00 00 25 05 52 74 6c 45 | 71 75 61 6c 55 6e 69 63 |..%.RtlE|qualUnic|
|00000aa0| 6f 64 65 53 74 72 69 6e | 67 00 de 03 4e 74 44 75 |odeStrin|g...NtDu|
|00000ab0| 70 6c 69 63 61 74 65 4f | 62 6a 65 63 74 00 96 03 |plicateO|bject...|
|00000ac0| 4d 6d 4c 6f 63 6b 50 61 | 67 61 62 6c 65 44 61 74 |MmLockPa|gableDat|
|00000ad0| 61 53 65 63 74 69 6f 6e | 00 00 b7 03 4d 6d 55 6e |aSection|....MmUn|
|00000ae0| 6c 6f 63 6b 50 61 67 61 | 62 6c 65 49 6d 61 67 65 |lockPaga|bleImage|
|00000af0| 53 65 63 74 69 6f 6e 00 | 9b 04 50 73 49 6d 70 65 |Section.|..PsImpe|
|00000b00| 72 73 6f 6e 61 74 65 43 | 6c 69 65 6e 74 00 4f 06 |rsonateC|lient.O.|
|00000b10| 53 65 54 6f 6b 65 6e 49 | 6d 70 65 72 73 6f 6e 61 |SeTokenI|mpersona|
|00000b20| 74 69 6f 6e 4c 65 76 65 | 6c 00 96 04 50 73 47 65 |tionLeve|l...PsGe|
|00000b30| 74 54 68 72 65 61 64 50 | 72 6f 63 65 73 73 49 64 |tThreadP|rocessId|
|00000b40| 00 00 91 00 45 78 49 6e | 69 74 69 61 6c 69 7a 65 |....ExIn|itialize|
|00000b50| 52 65 73 6f 75 72 63 65 | 4c 69 74 65 00 00 b8 00 |Resource|Lite....|
|00000b60| 45 78 52 65 6c 65 61 73 | 65 52 65 73 6f 75 72 63 |ExReleas|eResourc|
|00000b70| 65 41 6e 64 4c 65 61 76 | 65 43 72 69 74 69 63 61 |eAndLeav|eCritica|
|00000b80| 6c 52 65 67 69 6f 6e 00 | 78 00 45 78 45 6e 74 65 |lRegion.|x.ExEnte|
|00000b90| 72 43 72 69 74 69 63 61 | 6c 52 65 67 69 6f 6e 41 |rCritica|lRegionA|
|00000ba0| 6e 64 41 63 71 75 69 72 | 65 52 65 73 6f 75 72 63 |ndAcquir|eResourc|
|00000bb0| 65 45 78 63 6c 75 73 69 | 76 65 00 00 6f 05 52 74 |eExclusi|ve..o.Rt|
|00000bc0| 6c 49 6e 74 65 67 65 72 | 54 6f 55 6e 69 63 6f 64 |lInteger|ToUnicod|
|00000bd0| 65 53 74 72 69 6e 67 00 | 81 04 50 73 47 65 74 50 |eString.|..PsGetP|
|00000be0| 72 6f 63 65 73 73 43 72 | 65 61 74 65 54 69 6d 65 |rocessCr|eateTime|
|00000bf0| 51 75 61 64 50 61 72 74 | 00 00 05 07 5a 77 51 75 |QuadPart|....ZwQu|
|00000c00| 65 72 79 49 6e 66 6f 72 | 6d 61 74 69 6f 6e 50 72 |eryInfor|mationPr|
|00000c10| 6f 63 65 73 73 00 45 06 | 53 65 52 65 6c 65 61 73 |ocess.E.|SeReleas|
|00000c20| 65 53 75 62 6a 65 63 74 | 43 6f 6e 74 65 78 74 00 |eSubject|Context.|
|00000c30| 55 06 53 65 55 6e 6c 6f | 63 6b 53 75 62 6a 65 63 |U.SeUnlo|ckSubjec|
|00000c40| 74 43 6f 6e 74 65 78 74 | 00 00 3f 06 53 65 51 75 |tContext|..?.SeQu|
|00000c50| 65 72 79 41 75 74 68 65 | 6e 74 69 63 61 74 69 6f |eryAuthe|nticatio|
|00000c60| 6e 49 64 54 6f 6b 65 6e | 00 00 35 06 53 65 4c 6f |nIdToken|..5.SeLo|
|00000c70| 63 6b 53 75 62 6a 65 63 | 74 43 6f 6e 74 65 78 74 |ckSubjec|tContext|
|00000c80| 00 00 20 06 53 65 43 61 | 70 74 75 72 65 53 75 62 |.. .SeCa|ptureSub|
|00000c90| 6a 65 63 74 43 6f 6e 74 | 65 78 74 00 f0 02 4b 65 |jectCont|ext...Ke|
|00000ca0| 4c 65 61 76 65 43 72 69 | 74 69 63 61 6c 52 65 67 |LeaveCri|ticalReg|
|00000cb0| 69 6f 6e 00 bd 02 4b 65 | 45 6e 74 65 72 43 72 69 |ion...Ke|EnterCri|
|00000cc0| 74 69 63 61 6c 52 65 67 | 69 6f 6e 00 7b 03 4d 6d |ticalReg|ion.{.Mm|
|00000cd0| 43 6f 70 79 56 69 72 74 | 75 61 6c 4d 65 6d 6f 72 |CopyVirt|ualMemor|
|00000ce0| 79 00 8d 03 4d 6d 48 69 | 67 68 65 73 74 55 73 65 |y...MmHi|ghestUse|
|00000cf0| 72 41 64 64 72 65 73 73 | 00 00 c7 06 5a 77 44 75 |rAddress|....ZwDu|
|00000d00| 70 6c 69 63 61 74 65 4f | 62 6a 65 63 74 00 d5 00 |plicateO|bject...|
|00000d10| 45 78 66 41 63 71 75 69 | 72 65 50 75 73 68 4c 6f |ExfAcqui|rePushLo|
|00000d20| 63 6b 45 78 63 6c 75 73 | 69 76 65 00 d6 00 45 78 |ckExclus|ive...Ex|
|00000d30| 66 41 63 71 75 69 72 65 | 50 75 73 68 4c 6f 63 6b |fAcquire|PushLock|
|00000d40| 53 68 61 72 65 64 00 00 | e2 00 45 78 66 54 72 79 |Shared..|..ExfTry|
|00000d50| 54 6f 57 61 6b 65 50 75 | 73 68 4c 6f 63 6b 00 00 |ToWakePu|shLock..|
|00000d60| e0 00 45 78 66 52 65 6c | 65 61 73 65 50 75 73 68 |..ExfRel|easePush|
|00000d70| 4c 6f 63 6b 53 68 61 72 | 65 64 00 00 14 07 5a 77 |LockShar|ed....Zw|
|00000d80| 51 75 65 72 79 56 69 72 | 74 75 61 6c 4d 65 6d 6f |QueryVir|tualMemo|
|00000d90| 72 79 00 00 3f 03 4b 65 | 54 69 63 6b 43 6f 75 6e |ry..?.Ke|TickCoun|
|00000da0| 74 00 b3 02 4b 65 42 75 | 67 43 68 65 63 6b 45 78 |t...KeBu|gCheckEx|
|00000db0| 00 00 6e 74 6f 73 6b 72 | 6e 6c 2e 65 78 65 00 00 |..ntoskr|nl.exe..|
|00000dc0| f8 05 52 74 6c 55 6e 77 | 69 6e 64 00 01 00 45 78 |..RtlUnw|ind...Ex|
|00000dd0| 52 65 6c 65 61 73 65 46 | 61 73 74 4d 75 74 65 78 |ReleaseF|astMutex|
|00000de0| 00 00 00 00 45 78 41 63 | 71 75 69 72 65 46 61 73 |....ExAc|quireFas|
|00000df0| 74 4d 75 74 65 78 00 00 | 5f 00 4b 66 52 65 6c 65 |tMutex..|_.KfRele|
|00000e00| 61 73 65 53 70 69 6e 4c | 6f 63 6b 00 5c 00 4b 66 |aseSpinL|ock.\.Kf|
|00000e10| 41 63 71 75 69 72 65 53 | 70 69 6e 4c 6f 63 6b 00 |AcquireS|pinLock.|
|00000e20| 48 41 4c 2e 64 6c 6c 00 | 0c 03 4b 65 52 65 6c 65 |HAL.dll.|..KeRele|
|00000e30| 61 73 65 47 75 61 72 64 | 65 64 4d 75 74 65 78 00 |aseGuard|edMutex.|
|00000e40| a5 02 4b 65 41 63 71 75 | 69 72 65 47 75 61 72 64 |..KeAcqu|ireGuard|
|00000e50| 65 64 4d 75 74 65 78 00 | 8b 00 45 78 47 65 74 50 |edMutex.|..ExGetP|
|00000e60| 72 65 76 69 6f 75 73 4d | 6f 64 65 00 00 03 4b 65 |reviousM|ode...Ke|
|00000e70| 51 75 65 72 79 54 69 6d | 65 49 6e 63 72 65 6d 65 |QueryTim|eIncreme|
|00000e80| 6e 74 00 00 da 02 4b 65 | 49 6e 69 74 69 61 6c 69 |nt....Ke|Initiali|
|00000e90| 7a 65 47 75 61 72 64 65 | 64 4d 75 74 65 78 00 00 |zeGuarde|dMutex..|
|00000ea0| 4b 07 5f 61 6c 6c 6d 75 | 6c 00 12 07 5a 77 51 75 |K._allmu|l...ZwQu|
|00000eb0| 65 72 79 53 79 73 74 65 | 6d 49 6e 66 6f 72 6d 61 |erySyste|mInforma|
|00000ec0| 74 69 6f 6e 00 00 f7 02 | 4b 65 51 75 65 72 79 41 |tion....|KeQueryA|
|00000ed0| 63 74 69 76 65 50 72 6f | 63 65 73 73 6f 72 43 6f |ctivePro|cessorCo|
|00000ee0| 75 6e 74 00 75 04 50 73 | 47 65 74 43 75 72 72 65 |unt.u.Ps|GetCurre|
|00000ef0| 6e 74 54 68 72 65 61 64 | 49 64 00 00 71 04 50 73 |ntThread|Id..q.Ps|
|00000f00| 47 65 74 43 75 72 72 65 | 6e 74 50 72 6f 63 65 73 |GetCurre|ntProces|
|00000f10| 73 49 64 00 b8 06 5a 77 | 43 72 65 61 74 65 4b 65 |sId...Zw|CreateKe|
|00000f20| 79 00 13 07 5a 77 51 75 | 65 72 79 56 61 6c 75 65 |y...ZwQu|eryValue|
|00000f30| 4b 65 79 00 38 07 5a 77 | 53 65 74 56 61 6c 75 65 |Key.8.Zw|SetValue|
|00000f40| 4b 65 79 00 5b 00 45 78 | 41 63 71 75 69 72 65 52 |Key.[.Ex|AcquireR|
|00000f50| 65 73 6f 75 72 63 65 45 | 78 63 6c 75 73 69 76 65 |esourceE|xclusive|
|00000f60| 4c 69 74 65 00 00 bb 00 | 45 78 52 65 6c 65 61 73 |Lite....|ExReleas|
|00000f70| 65 52 65 73 6f 75 72 63 | 65 4c 69 74 65 00 74 00 |eResourc|eLite.t.|
|00000f80| 45 78 44 65 6c 65 74 65 | 52 65 73 6f 75 72 63 65 |ExDelete|Resource|
|00000f90| 4c 69 74 65 00 00 e6 06 | 5a 77 4f 70 65 6e 4b 65 |Lite....|ZwOpenKe|
|00000fa0| 79 00 55 07 5f 61 75 6c | 6c 73 68 72 00 00 d0 03 |y.U._aul|lshr....|
|00000fb0| 4e 74 43 6c 6f 73 65 00 | 30 07 5a 77 53 65 74 49 |NtClose.|0.ZwSetI|
|00000fc0| 6e 66 6f 72 6d 61 74 69 | 6f 6e 4f 62 6a 65 63 74 |nformati|onObject|
|00000fd0| 00 00 0e 07 5a 77 51 75 | 65 72 79 4f 62 6a 65 63 |....ZwQu|eryObjec|
|00000fe0| 74 00 b6 00 45 78 52 65 | 6c 65 61 73 65 46 61 73 |t...ExRe|leaseFas|
|00000ff0| 74 4d 75 74 65 78 55 6e | 73 61 66 65 00 00 68 05 |tMutexUn|safe..h.|
|00001000| 52 74 6c 49 6e 73 65 72 | 74 45 6c 65 6d 65 6e 74 |RtlInser|tElement|
|00001010| 47 65 6e 65 72 69 63 54 | 61 62 6c 65 41 76 6c 00 |GenericT|ableAvl.|
|00001020| 5a 00 45 78 41 63 71 75 | 69 72 65 46 61 73 74 4d |Z.ExAcqu|ireFastM|
|00001030| 75 74 65 78 55 6e 73 61 | 66 65 00 00 0f 05 52 74 |utexUnsa|fe....Rt|
|00001040| 6c 44 65 6c 65 74 65 45 | 6c 65 6d 65 6e 74 47 65 |lDeleteE|lementGe|
|00001050| 6e 65 72 69 63 54 61 62 | 6c 65 41 76 6c 00 9a 05 |nericTab|leAvl...|
|00001060| 52 74 6c 4c 6f 6f 6b 75 | 70 45 6c 65 6d 65 6e 74 |RtlLooku|pElement|
|00001070| 47 65 6e 65 72 69 63 54 | 61 62 6c 65 41 76 6c 00 |GenericT|ableAvl.|
|00001080| 24 05 52 74 6c 45 71 75 | 61 6c 53 74 72 69 6e 67 |$.RtlEqu|alString|
|00001090| 00 00 e7 04 52 74 6c 43 | 68 61 72 54 6f 49 6e 74 |....RtlC|harToInt|
|000010a0| 65 67 65 72 00 00 63 05 | 52 74 6c 49 6e 69 74 69 |eger..c.|RtlIniti|
|000010b0| 61 6c 69 7a 65 47 65 6e | 65 72 69 63 54 61 62 6c |alizeGen|ericTabl|
|000010c0| 65 41 76 6c 00 00 78 07 | 69 73 73 70 61 63 65 00 |eAvl..x.|isspace.|
|000010d0| 62 07 5f 73 74 72 6e 69 | 63 6d 70 00 5e 05 52 74 |b._strni|cmp.^.Rt|
|000010e0| 6c 49 6e 69 74 53 74 72 | 69 6e 67 00 8c 07 73 74 |lInitStr|ing...st|
|000010f0| 72 6e 63 6d 70 00 5c 00 | 45 78 41 63 71 75 69 72 |rncmp.\.|ExAcquir|
|00001100| 65 52 65 73 6f 75 72 63 | 65 53 68 61 72 65 64 4c |eResourc|eSharedL|
|00001110| 69 74 65 00 7f 07 6d 65 | 6d 6d 6f 76 65 00 a0 07 |ite...me|mmove...|
|00001120| 77 63 73 6e 63 6d 70 00 | 3e 05 52 74 6c 46 72 65 |wcsncmp.|>.RtlFre|
|00001130| 65 4f 65 6d 53 74 72 69 | 6e 67 00 00 f2 05 52 74 |eOemStri|ng....Rt|
|00001140| 6c 55 6e 69 63 6f 64 65 | 53 74 72 69 6e 67 54 6f |lUnicode|StringTo|
|00001150| 4f 65 6d 53 74 72 69 6e | 67 00 f4 05 52 74 6c 55 |OemStrin|g...RtlU|
|00001160| 6e 69 63 6f 64 65 54 6f | 4d 75 6c 74 69 42 79 74 |nicodeTo|MultiByt|
|00001170| 65 4e 00 00 53 07 5f 61 | 75 6c 6c 64 76 72 6d 00 |eN..S._a|ulldvrm.|
|00001180| 6e 07 5f 77 63 73 6e 69 | 63 6d 70 00 98 03 4d 6d |n._wcsni|cmp...Mm|
|00001190| 4c 6f 63 6b 50 61 67 61 | 62 6c 65 53 65 63 74 69 |LockPaga|bleSecti|
|000011a0| 6f 6e 42 79 48 61 6e 64 | 6c 65 00 00 7e 00 45 78 |onByHand|le..~.Ex|
|000011b0| 45 76 65 6e 74 4f 62 6a | 65 63 74 54 79 70 65 00 |EventObj|ectType.|
|000011c0| b2 02 4b 65 42 75 67 43 | 68 65 63 6b 00 00 6c 07 |..KeBugC|heck..l.|
|000011d0| 5f 77 63 73 69 63 6d 70 | 00 00 f2 04 52 74 6c 43 |_wcsicmp|....RtlC|
|000011e0| 6f 6d 70 61 72 65 55 6e | 69 63 6f 64 65 53 74 72 |ompareUn|icodeStr|
|000011f0| 69 6e 67 00 0a 02 49 6f | 47 65 74 44 65 76 69 63 |ing...Io|GetDevic|
|00001200| 65 50 72 6f 70 65 72 74 | 79 00 3d 07 5a 77 55 6e |ePropert|y.=.ZwUn|
|00001210| 6c 6f 61 64 44 72 69 76 | 65 72 00 00 1e 03 4b 65 |loadDriv|er....Ke|
|00001220| 52 65 73 65 74 45 76 65 | 6e 74 00 00 a6 05 52 74 |ResetEve|nt....Rt|
|00001230| 6c 4e 74 53 74 61 74 75 | 73 54 6f 44 6f 73 45 72 |lNtStatu|sToDosEr|
|00001240| 72 6f 72 00 6a 07 5f 76 | 73 6e 77 70 72 69 6e 74 |ror.j._v|snwprint|
|00001250| 66 00 f0 05 52 74 6c 55 | 6e 69 63 6f 64 65 53 74 |f...RtlU|nicodeSt|
|00001260| 72 69 6e 67 54 6f 49 6e | 74 65 67 65 72 00 fd 06 |ringToIn|teger...|
|00001270| 5a 77 51 75 65 72 79 44 | 69 72 65 63 74 6f 72 79 |ZwQueryD|irectory|
|00001280| 46 69 6c 65 00 00 e4 06 | 5a 77 4f 70 65 6e 46 69 |File....|ZwOpenFi|
|00001290| 6c 65 00 00 de 04 52 74 | 6c 41 70 70 65 6e 64 55 |le....Rt|lAppendU|
|000012a0| 6e 69 63 6f 64 65 53 74 | 72 69 6e 67 54 6f 53 74 |nicodeSt|ringToSt|
|000012b0| 72 69 6e 67 00 00 df 04 | 52 74 6c 41 70 70 65 6e |ring....|RtlAppen|
|000012c0| 64 55 6e 69 63 6f 64 65 | 54 6f 53 74 72 69 6e 67 |dUnicode|ToString|
|000012d0| 00 00 0c 07 5a 77 51 75 | 65 72 79 4b 65 79 00 00 |....ZwQu|eryKey..|
|000012e0| f1 02 4b 65 4c 65 61 76 | 65 47 75 61 72 64 65 64 |..KeLeav|eGuarded|
|000012f0| 52 65 67 69 6f 6e 00 00 | be 02 4b 65 45 6e 74 65 |Region..|..KeEnte|
|00001300| 72 47 75 61 72 64 65 64 | 52 65 67 69 6f 6e 00 00 |rGuarded|Region..|
|00001310| 49 06 53 65 53 65 74 41 | 75 64 69 74 50 61 72 61 |I.SeSetA|uditPara|
|00001320| 6d 65 74 65 72 00 47 06 | 53 65 52 65 70 6f 72 74 |meter.G.|SeReport|
|00001330| 53 65 63 75 72 69 74 79 | 45 76 65 6e 74 57 69 74 |Security|EventWit|
|00001340| 68 53 75 62 43 61 74 65 | 67 6f 72 79 00 00 a7 05 |hSubCate|gory....|
|00001350| 52 74 6c 4e 74 53 74 61 | 74 75 73 54 6f 44 6f 73 |RtlNtSta|tusToDos|
|00001360| 45 72 72 6f 72 4e 6f 54 | 65 62 00 00 c4 06 5a 77 |ErrorNoT|eb....Zw|
|00001370| 44 65 6c 65 74 65 56 61 | 6c 75 65 4b 65 79 00 00 |DeleteVa|lueKey..|
|00001380| cb 06 5a 77 45 6e 75 6d | 65 72 61 74 65 4b 65 79 |..ZwEnum|erateKey|
|00001390| 00 00 cd 06 5a 77 45 6e | 75 6d 65 72 61 74 65 56 |....ZwEn|umerateV|
|000013a0| 61 6c 75 65 4b 65 79 00 | c3 06 5a 77 44 65 6c 65 |alueKey.|..ZwDele|
|000013b0| 74 65 4b 65 79 00 a4 01 | 49 6e 74 65 72 6c 6f 63 |teKey...|Interloc|
|000013c0| 6b 65 64 50 6f 70 45 6e | 74 72 79 53 4c 69 73 74 |kedPopEn|trySList|
|000013d0| 00 00 a5 01 49 6e 74 65 | 72 6c 6f 63 6b 65 64 50 |....Inte|rlockedP|
|000013e0| 75 73 68 45 6e 74 72 79 | 53 4c 69 73 74 00 73 00 |ushEntry|SList.s.|
|000013f0| 45 78 44 65 6c 65 74 65 | 50 61 67 65 64 4c 6f 6f |ExDelete|PagedLoo|
|00001400| 6b 61 73 69 64 65 4c 69 | 73 74 00 00 8f 00 45 78 |kasideLi|st....Ex|
|00001410| 49 6e 69 74 69 61 6c 69 | 7a 65 50 61 67 65 64 4c |Initiali|zePagedL|
|00001420| 6f 6f 6b 61 73 69 64 65 | 4c 69 73 74 00 00 3c 00 |ookaside|List..<.|
|00001430| 44 62 67 50 72 69 6e 74 | 00 00 a1 05 52 74 6c 4d |DbgPrint|....RtlM|
|00001440| 6f 76 65 4d 65 6d 6f 72 | 79 00 52 07 5f 61 75 6c |oveMemor|y.R._aul|
|00001450| 6c 64 69 76 00 00 a5 00 | 45 78 49 73 50 72 6f 63 |ldiv....|ExIsProc|
|00001460| 65 73 73 6f 72 46 65 61 | 74 75 72 65 50 72 65 73 |essorFea|turePres|
|00001470| 65 6e 74 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |ent.....|........|
|00001480| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001490| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000014a0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000014b0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000014c0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000014d0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000014e0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000014f0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001500| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001510| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001520| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001530| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001540| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001550| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001560| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001570| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001580| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|00001590| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000015a0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000015b0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000015c0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000015d0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000015e0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
|000015f0| 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 |........|........|
+--------+-------------------------+-------------------------+--------+--------+