GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-05 11:40:31
Windows 5.1.2600 Service Pack 3
Running: fz1q073r.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\axlyikow.sys
---- System - GMER 1.0.15 ----
SSDT sppj.sys ZwCreateKey [0xF7BDA0E0]
SSDT sppj.sys ZwEnumerateKey [0xF7BF8CA2]
SSDT sppj.sys ZwEnumerateValueKey [0xF7BF9030]
SSDT sppj.sys ZwOpenKey [0xF7BDA0C0]
SSDT sppj.sys ZwQueryKey [0xF7BF9108]
SSDT sppj.sys ZwQueryValueKey [0xF7BF8F88]
SSDT sppj.sys ZwSetValueKey [0xF7BF919A]
INT 0x62 ? 829A5BF8
INT 0x63 ? 827CEBF8
INT 0x73 ? 827CEBF8
INT 0x82 ? 829A5BF8
INT 0x83 ? 827CEBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!MmProtectMdlSystemAddress + 192 80536A00 22 Bytes [FF, 85, 6C, FF, FF, FF, 81, ...]
.text ntoskrnl.exe!MmProtectMdlSystemAddress + 1A9 80536A17 214 Bytes [83, BD, 6C, FF, FF, FF, 00, ...]
.text ntoskrnl.exe!MmProtectMdlSystemAddress + 280 80536AEE 17 Bytes [8B, D9, 8A, D0, 8B, CF, FF, ...]
.text ntoskrnl.exe!MmProtectMdlSystemAddress + 292 80536B00 62 Bytes CALL 8054B586 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!MmProtectMdlSystemAddress + 2D1 80536B3F 53 Bytes [8B, CE, FF, 15, 38, 76, 4D, ...]
.text ...
.text ntoskrnl.exe!MmGetVirtualForPhysical + 6 80536BF9 5 Bytes [55, 0C, 56, 8B, 75]
.text ntoskrnl.exe!MmGetVirtualForPhysical + D 80536C00 49 Bytes CALL 804D96A9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!MmGetVirtualForPhysical + 3F 80536C32 158 Bytes [FF, 55, 8B, EC, 8B, 4D, 10, ...]
.text ntoskrnl.exe!MmMapMemoryDumpMdl + A 80536CD1 96 Bytes [50, 18, 8B, 48, 14, 03, CA, ...]
.text ntoskrnl.exe!MmMapMemoryDumpMdl + 6B 80536D32 102 Bytes [0F, 00, 00, C1, E0, 0C, 0B, ...]
.text ntoskrnl.exe!MmMapMemoryDumpMdl + D2 80536D99 8 Bytes [08, 00, 00, 81, E1, FF, 0F, ...] {OR [EAX], AL; ADD [ECX+0xfffe1], AL}
.text ntoskrnl.exe!MmMapMemoryDumpMdl + DC 80536DA3 94 Bytes [45, E4, 0F, BF, C0, 8D, B4, ...]
.text ntoskrnl.exe!MmMapMemoryDumpMdl + 13B 80536E02 3 Bytes CALL 8054B6C5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ...
.text ntoskrnl.exe!MmIsNonPagedSystemAddressValid + F 80538A46 121 Bytes [72, 08, 3B, 35, 34, AE, 55, ...]
.text ntoskrnl.exe!MmIsNonPagedSystemAddressValid + 8A 80538AC1 77 Bytes [C3, CC, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!MmIsNonPagedSystemAddressValid + D8 80538B0F 38 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!MmIsNonPagedSystemAddressValid + FF 80538B36 98 Bytes [C6, 7C, 5A, 8B, 87, E8, 01, ...]
.text ntoskrnl.exe!MmIsNonPagedSystemAddressValid + 162 80538B99 7 Bytes [E5, 01, 00, 00, 8D, 87, A8]
.text ...
.text ntoskrnl.exe!MmTrimAllSystemPagableMemory + 2C 80539692 18 Bytes [00, 00, B9, B0, 17, 55, 80, ...]
.text ntoskrnl.exe!MmTrimAllSystemPagableMemory + 40 805396A6 51 Bytes [FF, B9, B0, 17, 55, 80, 0F, ...]
.text ntoskrnl.exe!MmTrimAllSystemPagableMemory + 74 805396DA 37 Bytes CALL 804DA608 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!MmTrimAllSystemPagableMemory + 9B 80539701 5 Bytes [0F, 84, FE, 00, 00]
.text ntoskrnl.exe!MmTrimAllSystemPagableMemory + A1 80539707 10 Bytes [BE, 80, F6, 55, 80, 56, E8, ...]
.text ...
.text ntoskrnl.exe!ZwGetWriteWatch + 4 8053B779 5 Bytes [00, 68, E8, BB, 53]
.text ntoskrnl.exe!ZwGetWriteWatch + A 8053B77F 28 Bytes CALL 804E244B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!ZwGetWriteWatch + 28 8053B79D 45 Bytes [8B, 70, 44, 8A, 80, 40, 01, ...]
.text ntoskrnl.exe!ZwGetWriteWatch + 56 8053B7CB 24 Bytes [C0, EB, 37, 2B, C3, 2D, FF, ...]
.text ntoskrnl.exe!ZwGetWriteWatch + 6F 8053B7E4 19 Bytes [55, 80, 8B, 4D, 1C, 3B, C8, ...] {PUSH EBP; OR BYTE [EBX-0x37c4e3b3], 0x72; PUSH ES; MOV DWORD [EAX], 0x0; MOV EAX, [ECX]; MOV [ECX], EAX}
.text ...
.text ntoskrnl.exe!ZwResetWriteWatch + 25 8053BC2F 79 Bytes [2B, C7, 56, 8B, 75, 10, 2D, ...]
.text ntoskrnl.exe!ZwResetWriteWatch + 75 8053BC7F 13 Bytes [85, C0, 8B, 4D, 0C, 89, 4D, ...]
.text ntoskrnl.exe!ZwResetWriteWatch + 83 8053BC8D 35 Bytes [83, 65, F0, 00, 8D, 74, 37, ...]
.text ntoskrnl.exe!ZwResetWriteWatch + A7 8053BCB1 25 Bytes [58, FB, FF, C7, 45, F0, 01, ...]
.text ntoskrnl.exe!ZwResetWriteWatch + C1 8053BCCB 57 Bytes [81, C1, 60, 01, 00, 00, 88, ...]
.text ...
.text ntoskrnl.exe!ObDereferenceObject + 55 8053D0A6 5 Bytes [00, 84, C0, 75, 19]
.text ntoskrnl.exe!ObDereferenceObject + 5B 8053D0AC 71 Bytes [B7, 45, F8, 40, 40, D1, E8, ...]
.text ntoskrnl.exe!ObIsDosDeviceLocallyMapped + B 8053D0F4 194 Bytes [01, 72, 30, 83, FF, 1A, 77, ...]
.text ntoskrnl.exe!PoCancelDeviceNotify + 4F 8053D1B7 28 Bytes [33, D2, C7, 00, 4E, 4F, 4E, ...]
.text ntoskrnl.exe!PoCancelDeviceNotify + 6C 8053D1D4 14 Bytes [0D, 08, 0B, 56, 80, 52, 50, ...]
.text ntoskrnl.exe!PoCancelDeviceNotify + 7B 8053D1E3 25 Bytes [8B, CF, FF, 15, C4, 75, 4D, ...]
.text ntoskrnl.exe!PoCancelDeviceNotify + 95 8053D1FD 10 Bytes [8A, 55, FF, 8B, CF, FF, 15, ...]
.text ntoskrnl.exe!PoCancelDeviceNotify + A0 8053D208 34 Bytes [B8, 08, 00, 00, C0, 5F, 5B, ...]
.text ...
.text ntoskrnl.exe!PoRegisterDeviceNotify + 65 8053D6C8 143 Bytes [00, 8B, 70, 0C, 83, C6, 30, ...]
.text ntoskrnl.exe!PoUnregisterSystemState + 1 8053D758 76 Bytes [FF, 55, 8B, EC, 68, 00, 00, ...]
.text ntoskrnl.exe!PoUnregisterSystemState + 4E 8053D7A5 74 Bytes [F7, E2, 89, 01, 89, 51, 04, ...]
.text ntoskrnl.exe!PoUnregisterSystemState + 99 8053D7F0 24 Bytes [47, 24, 5F, 5E, 03, C3, 5B, ...]
.text ntoskrnl.exe!PoUnregisterSystemState + B2 8053D809 18 Bytes [55, 8B, EC, 8B, 45, 08, 8B, ...]
.text ntoskrnl.exe!PoUnregisterSystemState + C5 8053D81C 78 Bytes [00, 90, CC, CC, CC, CC, CC, ...]
.text ...
.text ntoskrnl.exe!PsGetVersion + 1 8053E993 51 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
.text ntoskrnl.exe!PsGetVersion + 36 8053E9C8 17 Bytes [89, 08, 8B, 45, 14, 85, C0, ...] {MOV [EAX], ECX; MOV EAX, [EBP+0x14]; TEST EAX, EAX; JZ 0x1a; MOV ECX, [0x805584f8]; MOV [EAX], ECX}
.text ntoskrnl.exe!PsGetVersion + 48 8053E9DA 79 Bytes [0D, FC, 84, 55, 80, 89, 48, ...]
.text ntoskrnl.exe!PsGetJobSessionId + E 8053EA2A 109 Bytes [5D, C2, 04, 00, CC, CC, CC, ...]
.text ntoskrnl.exe!PsGetProcessPriorityClass + 1 8053EA98 11 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
.text ntoskrnl.exe!PsGetProcessPriorityClass + D 8053EAA4 214 Bytes [00, 5D, C2, 04, 00, 90, 90, ...]
.text ntoskrnl.exe!PsGetCurrentThreadStackLimit + 67 8053EB7B 176 Bytes [38, 5D, FF, 74, 4C, 57, 8B, ...]
.text ntoskrnl.exe!DbgPrintReturnControlC + 38 8053EC2C 15 Bytes [C6, 45, FB, 0A, 6A, 00, 66, ...] {MOV BYTE [EBP-0x5], 0xa; PUSH 0x0; MOV [EBP-0x20c], AX; PUSH 0x0}
.text ntoskrnl.exe!DbgPrintReturnControlC + 48 8053EC3C 2 Bytes [85, F4] {TEST ESP, ESI}
.text ntoskrnl.exe!DbgPrintReturnControlC + 4C 8053EC40 13 Bytes [FF, 8D, 8D, FC, FD, FF, FF, ...]
.text ntoskrnl.exe!DbgPrintReturnControlC + 5A 8053EC4E 166 Bytes CALL 804FE337 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!DbgPrintEx + 10 8053ECF5 112 Bytes [75, 08, 68, 04, ED, 53, 80, ...]
.text ntoskrnl.exe!vDbgPrintEx + 57 8053ED66 144 Bytes [C0, EB, 4C, 8B, 4D, 0C, 85, ...]
.text ntoskrnl.exe!RtlClearBit + 22 8053EDF7 23 Bytes [90, CC, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!RtlTestBit + 4 8053EE0F 60 Bytes [EC, 8B, 4D, 0C, 8B, 55, 08, ...]
.text ntoskrnl.exe!RtlFindSetBits + 1 8053EE4C 18 Bytes [FF, 55, 8B, EC, 83, EC, 28, ...] {CALL [EBP-0x75]; IN AL, DX ; SUB ESP, 0x28; MOV EAX, [EBP+0x8]; PUSH EBX; PUSH ESI; MOV ESI, [EAX]; PUSH EDI; LEA ECX, [ESI+0x7]}
.text ntoskrnl.exe!RtlFindSetBits + 14 8053EE5F 2 Bytes JMP 04527967
.text ntoskrnl.exe!RtlFindSetBits + 17 8053EE62 34 Bytes [FE, 83, E7, 07, 89, 75, F0, ...]
.text ntoskrnl.exe!RtlFindSetBits + 3A 8053EE85 2 Bytes [65, 10]
.text ntoskrnl.exe!RtlFindSetBits + 3D 8053EE88 23 Bytes [8B, 45, 10, 8B, 75, 0C, 8B, ...]
.text ...
.text ntoskrnl.exe!RtlFindMostSignificantBit + 2 8053F176 95 Bytes [55, 8B, EC, 8B, 55, 0C, 33, ...]
.text ntoskrnl.exe!RtlFindMostSignificantBit + 62 8053F1D6 59 Bytes [FF, 0B, CE, 74, 04, B3, 18, ...]
.text ntoskrnl.exe!RtlFindMostSignificantBit + 9E 8053F212 34 Bytes [04, 07, 5E, 5B, 5D, C2, 08, ...]
.text ntoskrnl.exe!RtlFindSetBitsAndClear + 2 8053F235 1 Byte [55]
.text ntoskrnl.exe!RtlFindSetBitsAndClear + 2 8053F235 84 Bytes [55, 8B, EC, 56, FF, 75, 10, ...]
.text ntoskrnl.exe!RtlFindFirstRunClear + 1D 8053F28A 62 Bytes [55, 8B, EC, 81, EC, DC, 02, ...]
.text ntoskrnl.exe!RtlFindFirstRunClear + 5C 8053F2C9 18 Bytes [75, 6D, BE, B5, F3, 53, 80, ...]
.text ntoskrnl.exe!RtlFindFirstRunClear + 6F 8053F2DC 43 Bytes [75, 05, B9, C5, F3, 53, 80, ...]
.text ntoskrnl.exe!RtlFindFirstRunClear + 9B 8053F308 12 Bytes [FB, FF, 83, C4, 20, 6A, 02, ...]
.text ntoskrnl.exe!RtlFindFirstRunClear + A8 8053F315 53 Bytes [50, 68, 12, F4, 53, 80, E8, ...]
.text ...
.text ntoskrnl.exe!RtlCaptureStackBackTrace + 2 8053F4CB 59 Bytes [55, 8B, EC, 81, EC, 00, 01, ...]
.text ntoskrnl.exe!RtlCaptureStackBackTrace + 3E 8053F507 12 Bytes [76, 24, 8D, 94, B5, 00, FF, ...]
.text ntoskrnl.exe!RtlCaptureStackBackTrace + 4B 8053F514 12 Bytes [3B, 4D, 0C, 73, 13, 8B, 0A, ...]
.text ntoskrnl.exe!RtlCaptureStackBackTrace + 58 8053F521 17 Bytes [89, 0C, 83, 40, 83, C2, 04, ...] {MOV [EBX+EAX*4], ECX; INC EAX; ADD EDX, 0x4; CMP EAX, EDI; JB 0xfffffffffffffff0; POP EBX; MOV ECX, [EBP+0x14]; TEST ECX, ECX}
.text ntoskrnl.exe!RtlCaptureStackBackTrace + 6A 8053F533 10 Bytes [05, 8B, 55, 08, 89, 11, 6A, ...]
.text ...
.text ntoskrnl.exe!RtlRealPredecessor + 9 8053F6D4 104 Bytes [41, 04, 85, C0, 75, 06, EB, ...]
.text ntoskrnl.exe!RtlInsertElementGenericTableFull + 14 8053F73D 3 Bytes [8D, 47, 18] {LEA EAX, [EDI+0x18]}
.text ntoskrnl.exe!RtlInsertElementGenericTableFull + 18 8053F741 58 Bytes [56, FF, 56, 1C, 8B, D8, 85, ...]
.text ntoskrnl.exe!RtlInsertElementGenericTableFull + 53 8053F77C 106 Bytes [75, 04, 89, 1E, EB, 13, 83, ...]
.text ntoskrnl.exe!RtlIsGenericTableEmpty + 6 8053F7E7 206 Bytes [4D, 08, 33, C0, 39, 01, 0F, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTableWithoutSplaying + A 8053F8B6 83 Bytes [85, C0, 74, 20, 56, 8B, 75, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTableWithoutSplaying + 5E 8053F90A 82 Bytes [75, 08, 57, FF, 57, 18, 85, ...]
.text ntoskrnl.exe!RtlInsertElementGenericTable + E 8053F95D 44 Bytes CALL 8053F8F3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlDeleteElementGenericTable + 4 8053F98A 14 Bytes [EC, 57, 8B, 7D, 08, 8D, 45, ...]
.text ntoskrnl.exe!RtlDeleteElementGenericTable + 13 8053F999 116 Bytes [FF, FF, 85, C0, 74, 33, 83, ...]
.text ntoskrnl.exe!RtlLookupElementGenericTableFull + 2B 8053FA0E 39 Bytes [89, 07, 8B, 06, 83, C0, 18, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTable + B 8053FA36 80 Bytes [37, 85, F6, 75, 04, 33, C0, ...]
.text ntoskrnl.exe!RtlLookupElementGenericTable + 4 8053FA87 12 Bytes [EC, 8D, 45, 0C, 50, 8D, 45, ...] {IN AL, DX ; LEA EAX, [EBP+0xc]; PUSH EAX; LEA EAX, [EBP+0x8]; PUSH EAX; PUSH DWORD [EBP+0xc]}
.text ntoskrnl.exe!RtlLookupElementGenericTable + 11 8053FA94 98 Bytes CALL 8053F9E1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlLookupElementGenericTable + 74 8053FAF7 80 Bytes [90, CC, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!RtlGetElementGenericTableAvl + 35 8053FB48 123 Bytes [C1, 8B, 48, 04, 85, C9, 75, ...]
.text ntoskrnl.exe!RtlGetElementGenericTableAvl + B1 8053FBC4 9 Bytes [C1, 8B, 48, 08, 85, C9, 75, ...]
.text ntoskrnl.exe!RtlGetElementGenericTableAvl + BB 8053FBCE 9 Bytes CALL 8053FABC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlGetElementGenericTableAvl + C5 8053FBD8 70 Bytes [F7, 89, 46, 10, 89, 5E, 14, ...]
.text ntoskrnl.exe!RtlGetElementGenericTableAvl + 10C 8053FC1F 53 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTableLikeADirectory + 33 8053FC56 2 Bytes [45, 1C]
.text ntoskrnl.exe!RtlEnumerateGenericTableLikeADirectory + 36 8053FC59 116 Bytes [00, 3B, 47, 24, 74, 05, 33, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTableLikeADirectory + AC 8053FCCF 21 Bytes [FF, 85, DB, 8B, 45, 18, 8B, ...]
.text ntoskrnl.exe!RtlEnumerateGenericTableLikeADirectory + C2 8053FCE5 5 Bytes [8D, 46, 10, E9, 55]
.text ntoskrnl.exe!RtlEnumerateGenericTableLikeADirectory + C8 8053FCEB 237 Bytes [FF, FF, 90, CC, CC, CC, CC, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6AddressToStringA + 1D 8053FEAA 28 Bytes [00, 66, 39, 56, 02, 0F, 85, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringA + 3A 8053FEC7 9 Bytes [00, 00, 66, 39, 56, 0C, 0F, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringA + 44 8053FED1 125 Bytes [00, 00, 66, 8B, 4E, 08, 66, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringA + C2 8053FF4F 52 Bytes [FF, 83, C4, 18, 03, 45, 0C, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringA + F8 8053FF85 24 Bytes [40, 8B, CE, 89, 5D, F4, 66, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6AddressToStringExA + 76 80540132 92 Bytes [74, 1C, 66, 8B, 45, 10, 8A, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringExA + D4 80540190 6 Bytes [00, 00, 5D, 3A, 25, 75]
.text ntoskrnl.exe!RtlIpv6AddressToStringExA + DB 80540197 37 Bytes [CC, CC, CC, CC, CC, 90, 90, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringA + 1D 805401BE 13 Bytes [00, 50, 68, D8, 01, 54, 80, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringA + 2C 805401CD 2 Bytes [83, C4]
.text ntoskrnl.exe!RtlIpv4AddressToStringA + 2F 805401D0 1 Byte [03]
.text ntoskrnl.exe!RtlIpv4AddressToStringA + 2F 805401D0 19 Bytes [03, 45, 0C, 5D, C2, 08, 00, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringA + 43 805401E4 27 Bytes [CC, CC, CC, CC, CC, CC, 90, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExA + 12 80540201 5 Bytes [08, 85, C0, 53, 8B]
.text ntoskrnl.exe!RtlIpv4AddressToStringExA + 18 80540207 2 Bytes [14, 57] {ADC AL, 0x57}
.text ntoskrnl.exe!RtlIpv4AddressToStringExA + 1B 8054020A 81 Bytes [7D, 10, 74, 65, 85, FF, 74, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExA + 6D 8054025C 25 Bytes JMP 64C98F63
.text ntoskrnl.exe!RtlIpv4AddressToStringExA + 87 80540276 19 Bytes [00, C0, 8B, 4D, FC, 5F, 5B, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6AddressToStringW + 1E 805402B4 27 Bytes [66, 39, 56, 02, 0F, 85, A8, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringW + 3A 805402D0 185 Bytes [00, 00, 66, 39, 56, 0C, 0F, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringW + F4 8054038A 7 Bytes [3B, DA, 7E, 2B, 33, C0, 40] {CMP EBX, EDX; JLE 0x2f; XOR EAX, EAX; INC EAX}
.text ntoskrnl.exe!RtlIpv6AddressToStringW + FC 80540392 114 Bytes [CE, 89, 5D, F4, 66, 39, 11, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringW + 16F 80540405 3 Bytes [D0, 04, 54] {ROL BYTE [ESP+EDX*2], 0x1}
.text ...
.text ntoskrnl.exe!RtlIpv6AddressToStringExW + B 8054050C 50 Bytes [A1, A0, 20, 55, 80, 53, 8B, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringExW + 3E 8054053F 3 Bytes [78, FF, FF]
.text ntoskrnl.exe!RtlIpv6AddressToStringExW + 42 80540543 19 Bytes [74, 14, 68, D0, 05, 54, 80, ...]
.text ntoskrnl.exe!RtlIpv6AddressToStringExW + 56 80540557 130 Bytes CALL 80540292 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlIpv6AddressToStringExW + D9 805405DA 1 Byte [75]
.text ...
.text ntoskrnl.exe!RtlIpv4AddressToStringW + 22 80540618 27 Bytes [50, 68, 30, 06, 54, 80, 56, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringW + 3E 80540634 1 Byte [2E]
.text ntoskrnl.exe!RtlIpv4AddressToStringW + 3E 80540634 19 Bytes [2E, 00, 25, 00, 75, 00, 2E, ...] {ADD CS:[0x2e007500], AH; ADD [0x2e007500], AH; ADD [0x7500], AH}
.text ntoskrnl.exe!RtlIpv4AddressToStringW + 52 80540648 23 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExW + D 80540661 20 Bytes [89, 45, FC, 8B, 45, 08, 85, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExW + 22 80540676 21 Bytes [59, 85, DB, 74, 55, 56, 8D, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExW + 38 8054068C 28 Bytes [F0, 74, 1D, 66, 8B, 45, 0C, ...]
.text ntoskrnl.exe!RtlIpv4AddressToStringExW + 55 805406A9 195 Bytes [8D, 34, 46, 8D, 45, D0, 2B, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressA + 71 8054076D 16 Bytes CALL 805476F8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlIpv6StringToAddressA + 83 8054077F 81 Bytes [85, C0, 59, 74, 16, FF, 45, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressA + D5 805407D1 89 Bytes [41, 6A, 02, 89, 4D, E4, 59, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressA + 12F 8054082B 10 Bytes [00, 8D, 47, 01, 38, 18, 0F, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressA + 13A 80540836 41 Bytes [00, 8B, 7D, F0, 8B, 75, 10, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6StringToAddressExA + 27 80540A49 51 Bytes [4D, FC, 89, 4D, F0, 88, 4D, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExA + 5B 80540A7D 51 Bytes [85, C0, 59, 74, 0B, 57, E8, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExA + 8F 80540AB1 88 Bytes [00, 85, C0, 59, 74, D6, 8B, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExA + E8 80540B0A 27 Bytes [00, 46, 80, 3E, 30, C7, 45, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExA + 104 80540B26 22 Bytes [00, 00, 74, 08, 3C, 58, 0F, ...]
.text ...
.text ntoskrnl.exe!RtlIpv4StringToAddressA + 30 80540C97 48 Bytes [85, C0, 59, 74, 17, 0F, BE, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressA + 62 80540CC9 47 Bytes [00, 43, 80, 7D, 0C, 00, 74, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressA + 92 80540CF9 117 Bytes [85, C0, 59, 74, 15, 8D, 46, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressA + 108 80540D6F 51 Bytes [8B, 75, F8, 80, 3B, 2E, 75, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressA + 13C 80540DA3 8 Bytes [02, 80, 7D, 0C, 00, 74, 05, ...]
.text ...
.text ntoskrnl.exe!RtlIpv4StringToAddressExA + 1B 80540E96 36 Bytes [00, 39, 75, 14, 0F, 84, 4A, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExA + 40 80540EBB 74 Bytes [7D, 10, 8A, 07, 3C, 3A, 0F, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExA + 8B 80540F06 19 Bytes [0F, BE, F3, 56, 47, E8, EA, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExA + 9F 80540F1A 39 Bytes [00, 85, C0, 59, 74, 38, 66, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExA + C7 80540F42 30 Bytes [0F, 87, A2, 00, 00, 00, 8B, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6StringToAddressW + 28 80541043 57 Bytes [00, 8B, 45, F0, 2B, C2, 0F, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressW + 62 8054107D 3 Bytes [00, 68, 80] {ADD [EAX-0x80], CH}
.text ntoskrnl.exe!RtlIpv6StringToAddressW + 66 80541081 7 Bytes [00, 00, 56, E8, 85, 39, FC]
.text ntoskrnl.exe!RtlIpv6StringToAddressW + 6E 80541089 65 Bytes [85, C0, 59, 59, 74, 16, FF, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressW + B0 805410CB 14 Bytes [0F, 85, 67, 01, 00, 00, 83, ...]
.text ...
.text ntoskrnl.exe!RtlIpv6StringToAddressExW + 4 80541322 88 Bytes [EC, 83, EC, 10, 8B, 45, 08, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExW + 5D 8054137B 11 Bytes [8B, 7D, 0C, 66, 83, 3F, 25, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExW + 6A 80541388 61 Bytes [47, 47, 33, F6, 66, 8B, 37, ...]
.text ntoskrnl.exe!RtlIpv6StringToAddressExW + A8 805413C6 3 Bytes CALL 80504A0F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlIpv6StringToAddressExW + AC 805413CA 53 Bytes [85, C0, 59, 59, 0F, 84, 9C, ...]
.text ...
.text ntoskrnl.exe!RtlIpv4StringToAddressExW + 4 80541593 23 Bytes [EC, 53, 33, DB, 39, 5D, 08, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExW + 1C 805415AB 50 Bytes [39, 5D, 14, 0F, 84, 34, 01, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExW + 4F 805415DE 72 Bytes [47, 47, 66, 83, 3F, 30, C6, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExW + 98 80541627 176 Bytes [00, 00, 47, 47, 66, 81, FE, ...]
.text ntoskrnl.exe!RtlIpv4StringToAddressExW + 149 805416D8 27 Bytes [37, 66, 85, F6, 0F, 85, 47, ...]
.text ...
.text ntoskrnl.exe!RtlLargeIntegerDivide + 40 80541753 37 Bytes JMP 8C261A77
.text ntoskrnl.exe!RtlLargeIntegerDivide + 66 80541779 105 Bytes [75, C5, 8B, 4D, 18, 85, C9, ...]
.text ntoskrnl.exe!RtlRandomEx + 40 805417E3 55 Bytes [11, 5B, 5D, C2, 04, 00, 90, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1980 + 6 8054181B 79 Bytes [45, 08, 6A, 17, FF, 35, DC, ...]
.text ntoskrnl.exe!RtlSecondsSince1980ToTime + B 8054186B 12 Bytes [8B, 45, 08, 33, C9, 03, C2, ...]
.text ntoskrnl.exe!RtlSecondsSince1980ToTime + 18 80541878 46 Bytes [68, 80, 96, 98, 00, 13, CA, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1970 + 8 805418A7 90 Bytes [6A, 17, FF, 35, DC, 98, 52, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1970 + 63 80541902 41 Bytes [57, FF, 56, 48, 8B, C8, 83, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1970 + 8D 8054192C 48 Bytes [8B, 4A, 1C, 2B, C8, 8B, 1C, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1970 + BE 8054195D 83 Bytes [8B, 45, 14, 85, C0, 74, 02, ...]
.text ntoskrnl.exe!RtlTimeToSecondsSince1970 + 112 805419B1 29 Bytes [55, 8B, EC, F6, 45, 0C, 04, ...]
.text ...
.text ntoskrnl.exe!RtlTraceDatabaseEnumerate + 10 80541ACF 5 Bytes [8B, 45, 0C, 8B, 08] {MOV EAX, [EBP+0xc]; MOV ECX, [EAX]}
.text ntoskrnl.exe!RtlTraceDatabaseEnumerate + 16 80541AD5 102 Bytes [DB, 3B, CB, 75, 0C, 89, 30, ...]
.text ntoskrnl.exe!RtlTraceDatabaseEnumerate + 7D 80541B3C 38 Bytes [5E, 8A, C3, 5B, 5D, C2, 0C, ...]
.text ntoskrnl.exe!RtlTraceDatabaseCreate + 15 80541B63 22 Bytes [6A, 06, 25, 00, F0, FF, FF, ...]
.text ntoskrnl.exe!RtlTraceDatabaseCreate + 2C 80541B7A 47 Bytes [00, 00, 8B, 4D, 10, 83, C9, ...]
.text ntoskrnl.exe!RtlTraceDatabaseCreate + 5C 80541BAA 53 Bytes [10, 00, 00, 8D, 7E, 54, 56, ...]
.text ntoskrnl.exe!RtlTraceDatabaseCreate + 92 80541BE0 24 Bytes [19, 54, 80, EB, 03, 89, 46, ...]
.text ntoskrnl.exe!RtlTraceDatabaseCreate + AB 80541BF9 1 Byte [10]
.text ...
.text ntoskrnl.exe!RtlTraceDatabaseDestroy + 1E 80541C5D 60 Bytes [81, EE, 94, 00, 00, 00, FF, ...]
.text ntoskrnl.exe!RtlTraceDatabaseDestroy + 5B 80541C9A 78 Bytes [54, 72, 61, 63, 65, 20, 64, ...]
.text ntoskrnl.exe!RtlTraceDatabaseValidate + 11 80541CE9 26 Bytes [0C, EB, 03, 8B, 40, 08, 85, ...]
.text ntoskrnl.exe!RtlTraceDatabaseValidate + 2C 80541D04 88 Bytes [40, 18, 85, C0, 75, F9, 83, ...]
.text ntoskrnl.exe!RtlTraceDatabaseFind + 36 80541D5D 11 Bytes [90, 90, 90, 90, 90, 8B, FF, ...] {NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX}
.text ntoskrnl.exe!RtlTraceDatabaseFind + 42 80541D69 107 Bytes [5D, 0C, 57, 8B, 7D, 08, 8D, ...]
.text ntoskrnl.exe!RtlTraceDatabaseFind + AE 80541DD5 2 Bytes [00, 10] {ADD [EAX], DL}
.text ntoskrnl.exe!RtlTraceDatabaseFind + B1 80541DD8 246 Bytes CALL 805419AD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!RtlTraceDatabaseFind + 1A8 80541ECF 32 Bytes [6F, 20, 73, 61, 76, 65, 20, ...]
.text ...
.text ntoskrnl.exe!RtlTraceDatabaseAdd + E 80541F39 178 Bytes [FF, 75, 14, FF, 75, 10, FF, ...]
.text ntoskrnl.exe!RtlTraceDatabaseAdd + C1 80541FEC 23 Bytes [45, F8, B9, 40, 15, 56, 80, ...]
.text ntoskrnl.exe!RtlTraceDatabaseAdd + D9 80542004 11 Bytes [4D, 18, 8B, 75, 14, 8B, C3, ...]
.text ntoskrnl.exe!RtlTraceDatabaseAdd + E5 80542010 70 Bytes [00, 8D, BC, 10, 24, 03, 00, ...]
.text ntoskrnl.exe!RtlTraceDatabaseAdd + 12C 80542057 10 Bytes [00, FF, 5F, 5E, 8B, C3, 5B, ...]
.text ...
.text ntoskrnl.exe!VfFailSystemBIOS + 34 8054382E 92 Bytes [C9, C3, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!VfFailDriver + 50 8054388B 22 Bytes [00, 8B, 4D, 08, 0F, C1, 01, ...]
.text ntoskrnl.exe!VfFailDriver + 67 805438A2 32 Bytes [55, 8B, EC, 8B, 55, 08, 8D, ...]
.text ntoskrnl.exe!VfFailDriver + 88 805438C3 45 Bytes [00, 8B, 4D, 08, 0F, C1, 01, ...]
.text ntoskrnl.exe!VfFailDriver + B6 805438F1 38 Bytes [8B, 0F, EB, 0D, 0F, B7, 11, ...]
.text ntoskrnl.exe!VfFailDriver + DD 80543918 45 Bytes [5F, 8B, C6, 5E, 5B, 5D, C2, ...]
.text ...
.text ntoskrnl.exe!WmiGetClock + 2 80545126 57 Bytes [55, 8B, EC, 51, 51, 83, E9, ...]
.text ntoskrnl.exe!WmiGetClock + 3C 80545160 18 Bytes [00, 00, 8B, F0, EB, 07, 8B, ...]
.text ntoskrnl.exe!WmiGetClock + 4F 80545173 10 Bytes [89, 45, FC, 8B, 86, 48, 01, ...]
.text ntoskrnl.exe!WmiGetClock + 5A 8054517E 125 Bytes [89, 45, F8, 74, 49, 8B, CE, ...]
.text ntoskrnl.exe!WmiGetClock + DA 805451FE 4 Bytes [E0, 89, 45, AC] {LOOPNZ 0xffffffffffffff8b; INC EBP; LODSB }
.text ...
.text ntoskrnl.exe!WmiTraceMessageVa + F6 805458FF 92 Bytes [FF, FF, 8B, 4D, C0, 0F, C1, ...]
.text ntoskrnl.exe!WmiTraceMessageVa + 153 8054595C 23 Bytes [45, 98, 85, C0, 75, 22, 8B, ...]
.text ntoskrnl.exe!WmiTraceMessageVa + 16B 80545974 66 Bytes [8B, 4D, BC, 0F, C1, 01, B8, ...]
.text ntoskrnl.exe!WmiTraceMessageVa + 1AE 805459B7 54 Bytes [74, 0C, 8B, 45, 14, 8B, 00, ...]
.text ntoskrnl.exe!WmiTraceMessageVa + 1E5 805459EE 38 Bytes [89, 03, 89, 53, 04, EB, 06, ...]
.text ...
.text ntoskrnl.exe!WmiTraceMessage + 2 80545B01 19 Bytes [55, 8B, EC, 8D, 45, 1C, 50, ...] {PUSH EBP; MOV EBP, ESP; LEA EAX, [EBP+0x1c]; PUSH EAX; PUSH DWORD [EBP+0x18]; PUSH DWORD [EBP+0x14]; PUSH DWORD [EBP+0x10]; PUSH DWORD [EBP+0xc]}
.text ntoskrnl.exe!WmiTraceMessage + 16 80545B15 45 Bytes CALL 80545807 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!NtTraceEvent + 1B 80545B43 25 Bytes [00, 8A, 90, 40, 01, 00, 00, ...]
.text ntoskrnl.exe!NtTraceEvent + 35 80545B5D 3 Bytes [85, 40, 01] {TEST [EAX+0x1], EAX}
.text ntoskrnl.exe!NtTraceEvent + 3A 80545B62 91 Bytes [66, 8B, 46, 08, BB, FF, FF, ...]
.text ntoskrnl.exe!NtTraceEvent + 97 80545BBF 5 Bytes [74, 39, 6A, 01, 56] {JZ 0x3b; PUSH 0x1; PUSH ESI}
.text ntoskrnl.exe!NtTraceEvent + 9D 80545BC5 26 Bytes [69, 5A, 13, 00, 83, F8, 01, ...]
.text ...
.text ntoskrnl.exe!IoWMIDeviceObjectToInstanceName + B3 80545D8E 14 Bytes [85, C0, 7D, 03, 89, 46, 20, ...]
.text ntoskrnl.exe!IoWMIDeviceObjectToInstanceName + C2 80545D9D 17 Bytes [90, 90, 90, CC, CC, CC, CC, ...] {NOP ; NOP ; NOP ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; INT 3 ; NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP}
.text ntoskrnl.exe!IoWMIDeviceObjectToInstanceName + D4 80545DAF 19 Bytes [EC, 83, EC, 38, 6A, 00, FF, ...]
.text ntoskrnl.exe!IoWMIDeviceObjectToInstanceName + E8 80545DC3 33 Bytes [8B, 48, 44, 83, B9, C0, 00, ...]
.text ntoskrnl.exe!IoWMIDeviceObjectToInstanceName + 10A 80545DE5 8 Bytes [45, F8, 68, 1D, 00, 01, 00, ...]
.text ...
.text ntoskrnl.exe!ExGetSharedWaiterCount + 22 80545EE5 279 Bytes [CC, CC, CC, CC, CC, 90, 90, ...]
.text ntoskrnl.exe!ExGetSharedWaiterCount + 13A 80545FFD 4 Bytes [A1, 24, 01, 00]
.text ntoskrnl.exe!ExGetSharedWaiterCount + 13F 80546002 55 Bytes [FA, 8B, 4D, 08, 33, D2, 66, ...]
.text ntoskrnl.exe!ExGetSharedWaiterCount + 177 8054603A 53 Bytes [CC, CC, CC, CC, CC, CC, CC, ...]
.text ntoskrnl.exe!ExGetSharedWaiterCount + 1AD 80546070 6 Bytes [F0, 09, 01, 5D, C2, 04]
.text ...
.text ntoskrnl.exe!ExQueryPoolBlockSize + 39 80546236 1 Byte [10]
.text ntoskrnl.exe!ExQueryPoolBlockSize + 39 80546236 5 Bytes [10, 00, 00, EB, 27] {ADC [EAX], AL; ADD BL, CH; DAA }
.text ntoskrnl.exe!ExQueryPoolBlockSize + 3F 8054623C 100 Bytes [55, 0C, 33, C0, 66, 8B, 46, ...]
.text ntoskrnl.exe!ExQueryPoolBlockSize + A4 805462A1 48 Bytes [8B, 15, F0, 37, 56, 80, 8B, ...]
.text ntoskrnl.exe!ExQueryPoolBlockSize + D5 805462D2 32 Bytes [00, 75, 3E, BB, FF, 01, 00, ...]
.text ...
.text ntoskrnl.exe!ExUnregisterCallback + 37 80546AC9 145 Bytes [D3, 33, C0, 50, 50, 50, 50, ...]
.text ntoskrnl.exe!ExDeleteNPagedLookasideList + 2E 80546B5B 7 Bytes [56, 2C, 56, E8, 0F, 34, FA]
.text ntoskrnl.exe!ExDeleteNPagedLookasideList + 36 80546B63 101 Bytes [85, C0, 75, F2, 5F, 5E, 5D, ...]
.text ntoskrnl.exe!ExExtendZone + 44 80546BC9 50 Bytes [D3, 2B, 50, 08, 3B, F2, 76, ...]
.text ntoskrnl.exe!ExInterlockedExtendZone + D 80546BFC 1 Byte [FF]
.text ntoskrnl.exe!ExInterlockedExtendZone + D 80546BFC 141 Bytes [FF, 75, 10, 8A, D8, FF, 75, ...]
.text ntoskrnl.exe!ExInterlockedExtendZone + 9B 80546C8A 30 Bytes [08, 8B, 4B, 64, 2B, 4B, 48, ...]
.text ntoskrnl.exe!ExInterlockedExtendZone + BC 80546CAB 13 Bytes [03, CE, 89, 4D, E0, 39, 4D, ...]
.text ntoskrnl.exe!ExInterlockedExtendZone + CA 80546CB9 83 Bytes [83, C0, 10, 89, 45, D4, 8B, ...]
.text ...
.text ntoskrnl.exe!ExGetCurrentProcessorCpuUsage + 2A 80546EB2 30 Bytes CALL 804D96CD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!ExGetCurrentProcessorCounts + 2 80546ED1 40 Bytes [55, 8B, EC, 3E, A1, 20, F0, ...]
.text ntoskrnl.exe!ExGetCurrentProcessorCounts + 2B 80546EFA 57 Bytes [BE, 40, 10, 8B, 4D, 10, 89, ...]
.text ntoskrnl.exe!ExGetCurrentProcessorCounts + 65 80546F34 4 Bytes [68, E0, 24, 56]
.text ntoskrnl.exe!ExGetCurrentProcessorCounts + 6A 80546F39 144 Bytes CALL 804E4177 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!ExGetCurrentProcessorCounts + FB 80546FCA 29 Bytes [00, 7C, DD, 5F, 5E, 5B, E8, ...]
.text ...
.text ntoskrnl.exe!_purecall + 17 8054700F 157 Bytes [55, 8B, EC, 8B, 45, 08, 66, ...]
.text ntoskrnl.exe!XIPDispatch + 3E 805470AD 334 Bytes [83, 7D, 10, 0C, 75, 0E, 8B, ...]
.text ntoskrnl.exe!XIPDispatch + 18D 805471FC 55 Bytes [49, 8A, 16, 8A, 01, 88, 11, ...]
.text ntoskrnl.exe!_itoa + 1B 80547235 33 Bytes [75, 10, 8B, 4D, 0C, E8, 8D, ...]
.text ntoskrnl.exe!_itoa + 3D 80547257 109 Bytes [74, 0A, 66, C7, 01, 2D, 00, ...]
.text ntoskrnl.exe!_itow + 1B 805472C5 65 Bytes [75, 10, 8B, 4D, 0C, E8, 7F, ...]
.text ntoskrnl.exe!_strlwr + 15 80547307 127 Bytes [0A, 80, F9, 5A, 7F, 05, 80, ...]
.text ntoskrnl.exe!_vsnwprintf + 33 80547387 88 Bytes [FF, 4D, E4, 8B, F0, 78, 0B, ...]
.text ntoskrnl.exe!_wcslwr + 6 805473E0 65 Bytes [45, 08, 66, 83, 38, 00, 8B, ...]
.text ntoskrnl.exe!_wcsnset + 6 80547422 12 Bytes [4D, 08, 33, D2, 39, 55, 10, ...] {DEC EBP; OR [EBX], DH; SAR BYTE [ECX], CL; PUSH EBP; ADC [EBX+0x561874c1], CL}
.text ntoskrnl.exe!_wcsnset + 13 8054742F 49 Bytes [4D, 10, 66, 39, 11, 74, 0E, ...]
.text ntoskrnl.exe!_wcsrev + F 80547461 20 Bytes [31, 41, 41, 66, 85, F6, 75, ...]
.text ntoskrnl.exe!_wcsrev + 24 80547476 97 Bytes [32, 66, 89, 3A, 42, 42, 66, ...]
.text ntoskrnl.exe!_wcsrev + 86 805474D8 21 Bytes [0F, B6, 04, 41, 83, E0, 08, ...]
.text ntoskrnl.exe!_wcsrev + 9C 805474EE 6 Bytes [2D, 8B, DF, 74, 05, 83]
.text ntoskrnl.exe!_wcsrev + A3 805474F5 47 Bytes [2B, 75, 04, 0F, B6, 3E, 46, ...]
.text ...
.text ntoskrnl.exe!isupper + 1D 805475B9 43 Bytes [45, 08, 8B, 0D, F0, 20, 55, ...]
.text ntoskrnl.exe!islower + 11 805475E5 46 Bytes CALL 8054844F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!isdigit + 6 80547614 3 Bytes [3D, F8, 20]
.text ntoskrnl.exe!isdigit + A 80547618 97 Bytes [80, 01, 7E, 0E, 6A, 04, FF, ...]
.text ntoskrnl.exe!isxdigit + 34 8054767A 10 Bytes [CC, CC, CC, CC, 90, 90, 90, ...]
.text ntoskrnl.exe!isspace + 2 80547685 9 Bytes [55, 8B, EC, 83, 3D, F8, 20, ...]
.text ntoskrnl.exe!isspace + C 8054768F 62 Bytes [7E, 0E, 6A, 08, FF, 75, 08, ...]
.text ntoskrnl.exe!isprint + 12 805476CE 26 Bytes CALL 8054844D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
.text ntoskrnl.exe!isprint + 2D 805476E9 27 Bytes [57, 01, 00, 00, 5D, C3, 90, ...]
.text ntoskrnl.exe!isprint + 49 80547705 493 Bytes [00, 1B, C0, F7, D8, 5D, C3, ...]
.text ntoskrnl.exe!tolower + 23 805478F3 153 Bytes [0F, B6, 04, 70, 83, E0, 01, ...]
.text ntoskrnl.exe!wcscspn + 19 8054798D 92 Bytes [66, 85, FF, 8B, D3, 74, 14, ...]
.text ntoskrnl.exe!wcsspn + 6 805479EA 50 Bytes [45, 08, 53, 33, C9, 66, 8B, ...]
.text ntoskrnl.exe!wcsspn + 39 80547A1D 232 Bytes [08, 66, 85, C9, 75, DE, 2B, ...]
.text ntoskrnl.exe!wcstombs + C6 80547B06 45 Bytes [75, 10, FF, 75, 0C, FF, 75, ...]
.text ntoskrnl.exe!wcstombs + F4 80547B34 31 Bytes [00, 53, 8B, 5D, 08, 56, 57, ...]
.text ntoskrnl.exe!wcstombs + 114 80547B54 46 Bytes [85, C0, 59, 59, 75, EB, 66, ...]
.text ntoskrnl.exe!wcstombs + 145 80547B85 205 Bytes [83, F8, 24, 0F, 8F, 53, 01, ...]
.text ntoskrnl.exe!wcstombs + 213 80547C53 48 Bytes [4D, FC, 0F, AF, 4D, 10, 03, ...]
.text ...
PAGE ntoskrnl.exe!ExWindowStationObjectType + 1243 80563903 8 Bytes [00, 49, 00, 6E, 00, 74, 00, ...] {ADD [ECX+0x0], CL; OUTSB ; ADD [EAX+EAX+0x65], DH}
PAGE ntoskrnl.exe!ExWindowStationObjectType + 124C 8056390C 1 Byte [72]
PAGE ntoskrnl.exe!ExWindowStationObjectType + 124C 8056390C 7 Bytes [72, 00, 6E, 00, 61, 00, 6C] {JB 0x2; OUTSB ; ADD [ECX+0x0], AH; INSB }
PAGE ntoskrnl.exe!ExWindowStationObjectType + 1254 80563914 13 Bytes [00, 00, 00, 00, 49, 00, 73, ...]
PAGE ntoskrnl.exe!ExWindowStationObjectType + 1262 80563922 25 Bytes [69, 00, 73, 00, 61, 00, 00, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlEqualUnicodeString + 3F 80563B5C 28 Bytes [66, 8B, 16, 33, C9, 66, 8B, ...]
PAGE ntoskrnl.exe!RtlEqualUnicodeString + 5D 80563B7A 124 Bytes [72, E0, B0, 01, 5F, 5E, 5B, ...]
PAGE ntoskrnl.exe!RtlEqualUnicodeString + DA 80563BF7 183 Bytes [00, 0F, B7, C0, 03, F0, 4B, ...]
PAGE ntoskrnl.exe!RtlEqualUnicodeString + 193 80563CB0 63 Bytes CALL E63E8E05
PAGE ntoskrnl.exe!RtlEqualUnicodeString + 1D3 80563CF0 45 Bytes [F8, 74, 35, 8D, 5F, 0C, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!PsReferencePrimaryToken + 26 805640E1 34 Bytes [45, 08, 5B, C9, C2, 04, 00, ...]
PAGE ntoskrnl.exe!PsReferencePrimaryToken + 49 80564104 35 Bytes [89, 46, 0C, 0F, 84, 60, 7C, ...]
PAGE ntoskrnl.exe!PsReferencePrimaryToken + 6E 80564129 15 Bytes [5F, 89, 46, 08, 5E, 5D, C2, ...]
PAGE ntoskrnl.exe!PsReferencePrimaryToken + 7E 80564139 55 Bytes [55, 8B, EC, 8B, 45, 18, A9, ...]
PAGE ntoskrnl.exe!PsReferencePrimaryToken + B6 80564171 7 Bytes CALL 805640EB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!SeCreateAccessState + 1 805641C2 24 Bytes [FF, 55, 8B, EC, 64, A1, 24, ...]
PAGE ntoskrnl.exe!SeCreateAccessState + 1A 805641DB 248 Bytes [75, 0C, FF, 75, 08, FF, 71, ...]
PAGE ntoskrnl.exe!SeDeleteAccessState + B6 805642D4 77 Bytes [17, 66, 89, 57, 02, 89, 55, ...]
PAGE ntoskrnl.exe!SeDeleteAccessState + 104 80564322 1 Byte [CB]
PAGE ntoskrnl.exe!SeDeleteAccessState + 104 80564322 5 Bytes [CB, 0F, 82, 2F, B3]
PAGE ntoskrnl.exe!SeDeleteAccessState + 10B 80564329 46 Bytes [3B, C8, 0F, 87, 27, B3, 00, ...]
PAGE ntoskrnl.exe!SeDeleteAccessState + 13A 80564358 36 Bytes [FE, FF, FF, 89, 45, E0, 85, ...]
PAGE ...
PAGE ntoskrnl.exe!SeAccessCheck + 25 8056496D 12 Bytes [00, 57, 8B, 7D, 14, 3B, FB, ...]
PAGE ntoskrnl.exe!SeAccessCheck + 32 8056497A 11 Bytes [38, 5D, 10, 0F, 84, 35, 79, ...]
PAGE ntoskrnl.exe!SeAccessCheck + 3E 80564986 40 Bytes [00, 06, 02, 74, 34, 8B, 06, ...]
PAGE ntoskrnl.exe!SeAccessCheck + 67 805649AF 13 Bytes [8B, C7, 25, 00, 00, 06, 00, ...]
PAGE ntoskrnl.exe!SeAccessCheck + 75 805649BD 28 Bytes [F9, FF, 3B, FB, 0F, 84, 4F, ...]
PAGE ...
PAGE ntoskrnl.exe!SeLockSubjectContext + 2B 80564A48 47 Bytes [5E, 5D, C2, 04, 00, 90, 90, ...]
PAGE ntoskrnl.exe!SeUnlockSubjectContext + 26 80564A78 29 Bytes [80, 0F, 84, 60, 35, 00, 00, ...]
PAGE ntoskrnl.exe!SeUnlockSubjectContext + 44 80564A96 37 Bytes [55, 8B, EC, 51, 83, 65, FC, ...]
PAGE ntoskrnl.exe!SeUnlockSubjectContext + 6B 80564ABD 8 Bytes [FF, 88, D4, 00, 00, 00, 6A, ...] {DEC DWORD [EAX+0xd4]; PUSH 0x1}
PAGE ntoskrnl.exe!SeUnlockSubjectContext + 74 80564AC6 42 Bytes CALL 804D93A4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!SeUnlockSubjectContext + 9F 80564AF1 172 Bytes [00, FF, 45, 18, 83, C0, 0C, ...]
PAGE ...
PAGE ntoskrnl.exe!ObReferenceObjectByHandle + 32 80564C1A 11 Bytes [00, 00, FF, 75, 08, 89, 45, ...]
PAGE ntoskrnl.exe!ObReferenceObjectByHandle + 3E 80564C26 1 Byte [FF]
PAGE ntoskrnl.exe!ObReferenceObjectByHandle + 3E 80564C26 64 Bytes [FF, FF, 8B, F8, 3B, FB, 0F, ...]
PAGE ntoskrnl.exe!ObReferenceObjectByHandle + 7F 80564C67 198 Bytes [85, 45, 0C, 0F, 85, 17, 54, ...]
PAGE ntoskrnl.exe!ObReferenceObjectByHandle + 146 80564D2E 21 Bytes [00, C3, 90, 90, 90, 90, 90, ...]
PAGE ...
PAGE ntoskrnl.exe!ObInsertObject + D 80565047 6 Bytes [08, 8B, 48, F0, 83, C0] {OR [EBX-0x3f7c0fb8], CL}
PAGE ntoskrnl.exe!ObInsertObject + 14 8056504E 40 Bytes [53, 33, DB, 89, 4D, D0, 8A, ...]
PAGE ntoskrnl.exe!ObInsertObject + 3D 80565077 213 Bytes [8D, 46, 0C, 89, 45, D8, 8B, ...]
PAGE ntoskrnl.exe!ObInsertObject + 113 8056514D 38 Bytes [8D, 45, FC, 50, 8D, 45, E0, ...]
PAGE ntoskrnl.exe!ObInsertObject + 13A 80565174 150 Bytes [75, D0, FF, 37, FF, 75, DC, ...]
PAGE ...
PAGE ntoskrnl.exe!NtCreateSection + 1F 805652D2 7 Bytes [00, 0D, 0F, 84, 74, B2, 08]
PAGE ntoskrnl.exe!NtCreateSection + 27 805652DA 109 Bytes [F7, C2, 00, 00, 00, 01, 0F, ...]
PAGE ntoskrnl.exe!NtCreateSection + 95 80565348 29 Bytes [55, 80, 3B, C1, 0F, 83, 0D, ...]
PAGE ntoskrnl.exe!NtCreateSection + B3 80565366 25 Bytes [75, 20, 52, 8D, 45, CC, FF, ...]
PAGE ntoskrnl.exe!NtCreateSection + CD 80565380 12 Bytes CALL 804E448F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!ObCreateObject + 19 8056557F 1 Byte [46]
PAGE ntoskrnl.exe!ObCreateObject + 19 8056557F 59 Bytes CALL 804E20E2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ObCreateObject + 55 805655BB 5 Bytes [85, 01, 02, 09, 00]
PAGE ntoskrnl.exe!ObCreateObject + 5B 805655C1 90 Bytes [4D, 20, 85, C9, 75, 06, 8B, ...]
PAGE ntoskrnl.exe!ObCreateObject + B6 8056561C 284 Bytes [85, 18, 02, 09, 00, 5F, 5E, ...]
PAGE ...
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarm + 12 80565B7A 1 Byte [C6]
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarm + 12 80565B7A 56 Bytes [C6, 45, FE, 00, 89, 5D, F0, ...]
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarm + 4B 80565BB3 61 Bytes [24, 89, 45, 24, 8B, F8, 8B, ...]
PAGE ntoskrnl.exe!SeOpenObjectAuditAlarm + 89 80565BF1 114 Bytes [33, DB, 80, 7D, 20, 01, 75, ...]
PAGE ntoskrnl.exe!ObCheckObjectAccess + 18 80565C64 3 Bytes [4D, FC, 33]
PAGE ntoskrnl.exe!ObCheckObjectAccess + 1C 80565C68 73 Bytes [51, 50, 89, 75, F4, 89, 75, ...]
PAGE ntoskrnl.exe!ObCheckObjectAccess + 66 80565CB2 12 Bytes CALL 80564946 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ObCheckObjectAccess + 73 80565CBF 20 Bytes [18, 0F, 85, 65, 1B, 04, 00, ...]
PAGE ntoskrnl.exe!ObCheckObjectAccess + 88 80565CD4 141 Bytes [00, 00, 02, F7, D0, 21, 46, ...]
PAGE ntoskrnl.exe!ObReleaseObjectSecurity + 48 80565D62 7 Bytes [45, FC, 8B, 4D, F4, 8B, 55]
PAGE ntoskrnl.exe!ObReleaseObjectSecurity + 50 80565D6A 61 Bytes [0F, B1, 11, 3B, C7, 0F, 85, ...]
PAGE ntoskrnl.exe!ObReleaseObjectSecurity + 8E 80565DA8 3 Bytes JMP 805654E9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ObReleaseObjectSecurity + 92 80565DAC 128 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
PAGE ntoskrnl.exe!ObDereferenceSecurityDescriptor + 21 80565E2D 97 Bytes [89, 5D, F8, 8B, C6, 2B, 45, ...]
PAGE ntoskrnl.exe!ObDereferenceSecurityDescriptor + 83 80565E8F 88 Bytes [88, D4, 00, 00, 00, 8D, 87, ...]
PAGE ntoskrnl.exe!ObDereferenceSecurityDescriptor + DC 80565EE8 91 Bytes [FF, 88, D4, 00, 00, 00, 8D, ...]
PAGE ntoskrnl.exe!ObDereferenceSecurityDescriptor + 138 80565F44 25 Bytes [40, 08, 8D, 8C, 07, B0, 00, ...]
PAGE ntoskrnl.exe!ObDereferenceSecurityDescriptor + 152 80565F5E 35 Bytes [0F, 84, D3, E1, 08, 00, 38, ...]
PAGE ...
PAGE ntoskrnl.exe!NtWaitForSingleObject + 47 805661C3 24 Bytes [45, D0, 8D, 75, CC, 89, 75, ...]
PAGE ntoskrnl.exe!NtWaitForSingleObject + 60 805661DC 8 Bytes [00, FF, 75, 08, E8, 03, EA, ...]
PAGE ntoskrnl.exe!NtWaitForSingleObject + 69 805661E5 124 Bytes [8B, F8, 3B, FB, 7C, 36, 8B, ...]
PAGE ntoskrnl.exe!NtWaitForSingleObject + E7 80566263 56 Bytes [43, AE, 09, 00, 8D, 3C, 01, ...]
PAGE ntoskrnl.exe!NtWaitForSingleObject + 120 8056629C 2 Bytes [8A, 45]
PAGE ...
PAGE ntoskrnl.exe!ProbeForWrite + 25 805663D7 83 Bytes [80, 73, 23, BA, 00, F0, FF, ...]
PAGE ntoskrnl.exe!ZwDelayExecution + 1B 8056642B 28 Bytes [84, C0, 0F, 84, E7, 28, 0A, ...]
PAGE ntoskrnl.exe!ZwDelayExecution + 38 80566448 73 Bytes [3B, D8, 0F, 83, 98, 28, 0A, ...]
PAGE ntoskrnl.exe!ZwReleaseMutant + 17 80566492 116 Bytes [89, 45, CC, 8A, 80, 40, 01, ...]
PAGE ntoskrnl.exe!ZwReleaseMutant + 8C 80566507 2 Bytes [C2, 08]
PAGE ntoskrnl.exe!ZwReleaseMutant + 8F 8056650A 147 Bytes CALL 804D904D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!ZwReleaseMutant + 123 8056659E 23 Bytes [89, 5D, 0C, 74, 11, 33, D2, ...]
PAGE ntoskrnl.exe!ZwReleaseMutant + 13B 805665B6 235 Bytes [35, 40, 48, 4E, 80, 8D, 04, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwWaitForMultipleObjects + 2D 805666F3 28 Bytes [64, A1, 24, 01, 00, 00, 8A, ...]
PAGE ntoskrnl.exe!ZwWaitForMultipleObjects + 4A 80566710 4 Bytes [55, 80, 85, D2]
PAGE ntoskrnl.exe!ZwWaitForMultipleObjects + 4F 80566715 69 Bytes [85, 0D, 06, 00, 00, 8B, F3, ...]
PAGE ntoskrnl.exe!ZwWaitForMultipleObjects + 95 8056675B 22 Bytes [87, 52, 0E, 00, 00, 89, 75, ...]
PAGE ntoskrnl.exe!ZwWaitForMultipleObjects + AC 80566772 12 Bytes [8F, D4, 00, 00, 00, C6, 45, ...]
PAGE ...
PAGE ntoskrnl.exe!RtlAreAllAccessesGranted + 2A 80566A37 81 Bytes [EC, 51, 51, 57, 8B, 7D, 0C, ...]
PAGE ntoskrnl.exe!RtlAreAllAccessesGranted + 7C 80566A89 46 Bytes [8B, C6, 5E, 5B, 5F, C9, C2, ...]
PAGE ntoskrnl.exe!RtlAreAllAccessesGranted + AB 80566AB8 78 Bytes [90, 90, 90, 90, 90, 6A, 30, ...]
PAGE ntoskrnl.exe!KeUserModeCallback + 4A 80566B07 337 Bytes [F3, A4, 89, 43, FC, 89, 5B, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeChar + 39 80566C59 36 Bytes [83, 3D, 34, 72, 55, 80, 00, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeChar + 5F 80566C7F 86 Bytes [56, BE, E0, 7E, 55, 80, 0F, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeString + 24 80566CD6 21 Bytes [0F, B7, 16, 6A, 00, D1, EA, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeString + 3A 80566CEC 124 Bytes [04, 48, 66, 83, F8, 61, 72, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeString + B7 80566D69 8 Bytes [8B, C1, F7, D0, 85, 45, 0C, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeString + C0 80566D72 50 Bytes [20, CF, 08, 00, 8B, 45, 1C, ...]
PAGE ntoskrnl.exe!RtlUpcaseUnicodeString + F3 80566DA5 19 Bytes [FF, 83, 7D, 08, FE, 0F, 85, ...]
PAGE ...
PAGE ntoskrnl.exe!ZwRemoveIoCompletion + 23 80566FBC 15 Bytes [88, 45, DC, 84, C0, 0F, 84, ...]
PAGE ntoskrnl.exe!ZwRemoveIoCompletion + 33 80566FCC 65 Bytes [8B, 4D, 10, 3B, C8, 0F, 83, ...]
PAGE ntoskrnl.exe!ZwRemoveIoCompletion + 75 8056700E 43 Bytes [D6, 74, 24, 8D, 45, A8, 89, ...]
PAGE ntoskrnl.exe!ZwRemoveIoCompletion + A1 8056703A 24 Bytes [89, 45, C4, 56, 8D, 4D, D8, ...]
PAGE ntoskrnl.exe!ZwRemoveIoCompletion + BA 80567053 15 Bytes [8B, 4D, D8, 89, 4D, BC, 89, ...]
PAGE ...
PAGE ntoskrnl.exe!NtQueryInformationThread + 5 805671A3 139 Bytes [68, A0, 6F, 4E, 80, E8, 9E, ...]
PAGE ntoskrnl.exe!NtQueryInformationThread + 91 8056722F 6 Bytes [85, C0, 0F, 8C, 91, 00]
PAGE ntoskrnl.exe!NtQueryInformationThread + 98 80567236 20 Bytes [00, 8B, 1D, 0C, 20, 55, 80, ...]
PAGE ntoskrnl.exe!NtQueryInformationThread + AD 8056724B 20 Bytes CALL 804D9568 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!NtQueryInformationThread + C2 80567260 34 Bytes CALL 804D9567 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ...
PAGE ntoskrnl.exe!RtlAddAtomToAtomTable + 2D 80567461 17 Bytes [FF, 84, C0, 0F, 85, 83, 71, ...]
PAGE ntoskrnl.exe!RtlAddAtomToAtomTable + 3F 80567473 95 Bytes [8D, 45, DC, 50, 8D, 45, D8, ...]
PAGE ntoskrnl.exe!RtlAddAtomToAtomTable + 9F 805674D3 16 Bytes [90, 90, 90, 90, 90, 6A, 1C, ...]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + C 805674E4 113 Bytes [64, A1, 24, 01, 00, 00, 8A, ...]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + 7E 80567556 33 Bytes [89, 03, 89, 53, 04, 8B, 45, ...]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + A0 80567578 138 Bytes [C2, 08, 00, 90, 90, 90, 90, ...]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + 12B 80567603 81 Bytes [F0, FF, FF, 8B, D0, 23, D1, ...]
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + 17D 80567655 83 Bytes [C1, EB, 05, 83, E3, 1F, 8B, ...]
PAGE ...
PAGE ntoskrnl.exe!NtClose + 3E 80567AAB 14 Bytes [53, 56, 57, 0F, 86, B7, 00, ...] {PUSH EBX; PUSH ESI; PUSH EDI; JBE 0xc0; LEA ESI, [ECX+0x10]; MOV EDI, [ESI]}
PAGE ntoskrnl.exe!NtClose + 4E 80567ABB 44 Bytes [04, 8B, 18, 8B, D3, 2B, D7, ...]
PAGE ntoskrnl.exe!NtClose + 7B 80567AE8 10 Bytes [00, 74, 4D, 8B, 55, 0C, B9, ...]
PAGE ntoskrnl.exe!NtClose + 86 80567AF3 6 Bytes [3B, D1, 89, 55, FC, 0F]
PAGE ntoskrnl.exe!NtClose + 8D 80567AFA 259 Bytes [CE, 26, 09, 00, 8B, CB, 2B, ...]
PAGE ...
PAGE ntoskrnl.exe!SeTokenIsRestricted + 26 80567EE7 52 Bytes [0F, 85, 78, CF, FF, FF, 8B, ...]
PAGE ntoskrnl.exe!SeTokenIsRestricted + 5B 80567F1C 115 Bytes [10, 0F, 84, 06, D8, FF, FF, ...]
PAGE ntoskrnl.exe!RtlCreateSecurityDescriptor + 63 80567F90 62 Bytes [00, 90, 90, 90, 90, 90, 8B, ...]
PAGE ntoskrnl.exe!RtlMapGenericMask + 39 80567FCF 25 Bytes [10, 5E, 0F, 85, 84, 4E, 00, ...]
PAGE ntoskrnl.exe!RtlMapGenericMask + 53 80567FE9 176 Bytes JMP 80602F4E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlCopySid + A6 8056809A 20 Bytes CALL 804D9050 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
PAGE ntoskrnl.exe!RtlCopySid + BB 805680AF 109 Bytes [FF, 55, 8B, EC, 53, 56, 57, ...]
PAGE ntoskrnl.exe!FsRtlOplockIsFastIoPossible + 2 8056811D 28 Bytes [55, 8B, EC, 8B, 4D, 08, 8B, ...]
PAGE ntoskrnl.exe!FsRtlOplockIsFastIoPossible + 1F 8056813A 152 Bytes [FF, 80, 7D, 14, 00, 0F, 85, ...]
PAGE ntoskrnl.exe!FsRtlOplockIsFastIoPossible + B8 805681D3 4 Bytes [A1, D4, FB, 55]
PAGE ntoskrnl.exe!FsRtlOplockIsFastIoPossible + BD 805681D8 8 Bytes [39, 45, E0, 0F, 83, 71, D5, ...]
PAGE ntoskrnl.exe!FsRtlOplockIsFastIoPossible + C6 805681E1 25 Bytes [8D, 43, 24, 8B, 75, E0, 8B, ...]
PAGE ...