diff --git a/Offsets/ExtractOffsets.py b/Offsets/ExtractOffsets.py index cac80ed..899ea15 100644 --- a/Offsets/ExtractOffsets.py +++ b/Offsets/ExtractOffsets.py @@ -1,15 +1,17 @@ import argparse import csv import os -import sys from requests import get from gzip import decompress from json import loads -import subprocess from concurrent.futures import ThreadPoolExecutor, as_completed import threading + +from lightpdbparser import Pdb + + THREADS_LIMIT = None CSVLock = threading.Lock() @@ -17,6 +19,7 @@ machineType = dict(x86=332, x64=34404) knownImageVersions = dict(ntoskrnl=list(), wdigest=list(), ci=list()) extensions_by_mode = dict(ntoskrnl="exe", wdigest="dll", ci="dll") + def find(key, value): for k, v in value.items(): if k == key: @@ -25,93 +28,105 @@ def find(key, value): return find(key, v) return None + def printl(s, lock, **kwargs): with lock: print(s, **kwargs) -def run(args, **kargs): - """Wrap subprocess.run to works on Windows and Linux""" - # Windows needs shell to be True, to locate binary automatically - # On Linux, shell needs to be False to manage lists in args - shell = sys.platform in ["win32"] - return subprocess.run(args, shell=shell, **kargs) def downloadSpecificFile(entry, pe_basename, pe_ext, knownPEVersions, output_folder, lock): - pe_name = f'{pe_basename}.{pe_ext}' + pe_name = f"{pe_basename}.{pe_ext}" - if 'fileInfo' not in entry: + if "fileInfo" not in entry: # printl(f'[!] Entry {pe_hash} has no fileInfo, skipping it.', lock) return "SKIP" - if 'timestamp' not in entry['fileInfo']: + if "timestamp" not in entry["fileInfo"]: # printl(f'[!] Entry has no timestamp, skipping it.', lock) return "SKIP" - timestamp = entry['fileInfo']['timestamp'] - if 'virtualSize' not in entry['fileInfo']: + timestamp = entry["fileInfo"]["timestamp"] + if "virtualSize" not in entry["fileInfo"]: # printl(f'[!] Entry has no virtualSize, skipping it.', lock) return "SKIP" if "machineType" not in entry["fileInfo"] or entry["fileInfo"]["machineType"] != machineType["x64"]: # printl('No machine Type', lock) return "SKIP" - virtual_size = entry['fileInfo']['virtualSize'] - file_id = hex(timestamp).replace('0x','').zfill(8).upper() + hex(virtual_size).replace('0x','') - url = 'https://msdl.microsoft.com/download/symbols/' + pe_name + '/' + file_id + '/' + pe_name + virtual_size = entry["fileInfo"]["virtualSize"] + file_id = hex(timestamp).replace("0x", "").zfill(8).upper() + hex(virtual_size).replace("0x", "") + url = "https://msdl.microsoft.com/download/symbols/" + pe_name + "/" + file_id + "/" + pe_name try: - version = entry['fileInfo']['version'].split(' ')[0] + version = entry["fileInfo"]["version"].split(" ")[0] except: - version = find('version', entry).split(' ')[0] + version = find("version", entry).split(" ")[0] if version and version.count(".") != 3: version = None if not version: - printl(f'[*] Error parsing version', lock) + printl(f"[*] Error parsing version", lock) return "SKIP" # Output file format: _build-revision. - output_version = '-'.join(version.split('.')[-2:]) - output_file = f'{pe_basename}_{output_version}.{pe_ext}' - + output_version = "-".join(version.split(".")[-2:]) + output_file = f"{pe_basename}_{output_version}.{pe_ext}" + # If the PE version is already known, skip download. if output_file in knownPEVersions: - printl(f'[*] Skipping download of known {pe_name} version: {output_file}', lock) + printl(f"[*] Skipping download of known {pe_name} version: {output_file}", lock) return "SKIP" - + output_file_path = os.path.join(output_folder, output_file) if os.path.isfile(output_file_path): printl(f"[*] Skipping {output_file_path} which already exists", lock) return "SKIP" - + # printl(f'[*] Downloading {pe_name} version {version}... ', lock) try: peContent = get(url) - with open(output_file_path, 'wb') as f: + with open(output_file_path, "wb") as f: f.write(peContent.content) - printl(f'[+] Finished download of {pe_name} version {version} (file: {output_file})!', lock) + printl( + f"[+] Finished download of {pe_name} version {version} (file: {output_file})!", + lock, + ) return "OK" except Exception as e: - printl(f'[!] ERROR : Could not download {pe_name} version {version} (URL: {url}): {str(e)}.', lock) + printl( + f"[!] ERROR : Could not download {pe_name} version {version} (URL: {url}): {str(e)}.", + lock, + ) return "KO" + def downloadPEFileFromMS(pe_basename, pe_ext, knownPEVersions, output_folder): - pe_name = f'{pe_basename}.{pe_ext}' + pe_name = f"{pe_basename}.{pe_ext}" - print (f'[*] Downloading {pe_name} files!') + print(f"[*] Downloading {pe_name} files!") - pe_json_gz = get(f'https://winbindex.m417z.com/data/by_filename_compressed/{pe_name}.json.gz').content + pe_json_gz = get(f"https://winbindex.m417z.com/data/by_filename_compressed/{pe_name}.json.gz").content pe_json = decompress(pe_json_gz) pe_list = loads(pe_json) - futures = dict() i = 0 futures = set() lock = threading.Lock() with ThreadPoolExecutor(max_workers=THREADS_LIMIT) as executor: for pe_hash in pe_list: entry = pe_list[pe_hash] - futures.add(executor.submit(downloadSpecificFile, entry, pe_basename, pe_ext, knownPEVersions, output_folder, lock)) + futures.add( + executor.submit( + downloadSpecificFile, + entry, + pe_basename, + pe_ext, + knownPEVersions, + output_folder, + lock, + ) + ) for future in as_completed(futures): printl(f"{i + 1}/{len(pe_list)}", lock, end="\r") i += 1 + def get_symbol_offset(symbols_info, symbol_name): for line in symbols_info: # sometimes, a "_" is prepended to the symbol name ... @@ -120,6 +135,7 @@ def get_symbol_offset(symbols_info, symbol_name): else: return 0 + def get_field_offset(symbols_info, field_name): for line in symbols_info: if field_name in line: @@ -129,51 +145,74 @@ def get_field_offset(symbols_info, field_name): else: return 0 -from pefile import PE, DIRECTORY_ENTRY + +from pefile import PE, DIRECTORY_ENTRY, PEFormatError + + def get_file_version(path): - pe = PE(path,fast_load=True) - pe.parse_data_directories(directories=[DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_RESOURCE']]) - if not 'VS_FIXEDFILEINFO' in pe.__dict__ or not pe.VS_FIXEDFILEINFO: + pe = PE(path, fast_load=True) + pe.parse_data_directories(directories=[DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_RESOURCE"]]) + if not "VS_FIXEDFILEINFO" in pe.__dict__ or not pe.VS_FIXEDFILEINFO: raise RuntimeError("Version info not found in {pename}") verinfo = pe.VS_FIXEDFILEINFO[0] - filever = (verinfo.FileVersionMS >> 16, verinfo.FileVersionMS & 0xFFFF, verinfo.FileVersionLS >> 16, verinfo.FileVersionLS & 0xFFFF) + filever = ( + verinfo.FileVersionMS >> 16, + verinfo.FileVersionMS & 0xFFFF, + verinfo.FileVersionLS >> 16, + verinfo.FileVersionLS & 0xFFFF, + ) return filever + # Takes a path to a PE file as argument, download the associated PDB -# Return True if it succeeded of if the PDB was already present -def get_pdb(pe_path, verbose=False): +# Return the path of the existing PDB if any, and the content of the PDB in memory +# use keep_ondisk=False not to store the PDB files on disk +def get_pdb(pe: PE, pe_path, keep_ondisk=True, verbose=False): pdb_file_path = pe_path.rsplit(".", maxsplit=1)[0] + ".pdb" if not os.path.isfile(pdb_file_path): - if verbose: print(f"[*] Downloading missing {pdb_file_path}") - pe = PE(pe_path, fast_load=True) - pe.parse_data_directories(directories=[DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_DEBUG']]) - guid_string = f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data1:08X}" + \ - f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data2:04X}" + \ - f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data3:04X}" + \ - f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data4:02X}" + \ - f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data5:02X}" + \ - pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data6.hex().upper() + if verbose: + print(f"[*] Downloading missing {pdb_file_path}") + pe.parse_data_directories(directories=[DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_DEBUG"]]) + guid_string = ( + f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data1:08X}" + + f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data2:04X}" + + f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data3:04X}" + + f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data4:02X}" + + f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data5:02X}" + + pe.DIRECTORY_ENTRY_DEBUG[0].entry.Signature_Data6.hex().upper() + ) age_string = f"{pe.DIRECTORY_ENTRY_DEBUG[0].entry.Age:X}" - pdb_filename = pe.DIRECTORY_ENTRY_DEBUG[0].entry.PdbFileName.decode().replace("\x00","") - pdb_url = f'https://msdl.microsoft.com/download/symbols/{pdb_filename}/{guid_string}{age_string}/{pdb_filename}' + pdb_filename = pe.DIRECTORY_ENTRY_DEBUG[0].entry.PdbFileName.decode().replace("\x00", "") + pdb_url = f"https://msdl.microsoft.com/download/symbols/{pdb_filename}/{guid_string}{age_string}/{pdb_filename}" try: pdbContent = get(pdb_url) - assert len(pdbContent.content) > 0 - with open(pdb_file_path, 'wb') as f: - f.write(pdbContent.content) - if verbose: print(f'[+] Finished download PDB of {pe_path} version (file: {pdb_file_path})!') + if len(pdbContent.content) == 0: + raise ValueError("Downloaded PDB is empty") + if keep_ondisk: + with open(pdb_file_path, "wb") as f: + f.write(pdbContent.content) + if verbose: + print(f"[+] Finished download PDB of {pe_path} version (file: {pdb_file_path})!") + return pdb_file_path, pdbContent.content + if not keep_ondisk: + return None, pdbContent.content except Exception as e: - print(f'[!] ERROR : Could not download PDB of {pe_path} (URL: {pdb_url}): {str(e)}.') - return False - return True + print(f"[!] ERROR : Could not download PDB of {pe_path} (URL: {pdb_url}): {str(e)}.") + return None, None + elif os.path.isfile(pdb_file_path): + # todo: check the PDB and PE GUID are identical + return pdb_file_path, None + def extractOffsets(input_file, output_file, mode): if os.path.isfile(input_file): try: # check image type (ntoskrnl, wdigest, etc.) - pe = PE(input_file,fast_load=True) - pe.parse_data_directories(directories=[DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_EXPORT']]) - name = pe.DIRECTORY_ENTRY_EXPORT.name.decode().lower() + pe = PE(input_file, fast_load=True) + export_directory_entry = pe.OPTIONAL_HEADER.DATA_DIRECTORY[DIRECTORY_ENTRY["IMAGE_DIRECTORY_ENTRY_EXPORT"]] + export_directory_rva = export_directory_entry.VirtualAddress + image_name_rva = pe.get_dword_at_rva(export_directory_rva + 3 * 4) + name = pe.get_string_at_rva(image_name_rva).decode().lower() if "ntoskrnl.exe" in name: imageType = "ntoskrnl" elif "wdigest.dll" in name: @@ -182,102 +221,109 @@ def extractOffsets(input_file, output_file, mode): imageType = "ci" else: print(f"[*] File {input_file} unrecognized") - return - - #todo : remove this and make a unique function + return + + # todo : remove this and make a unique function if mode != imageType: print(f"[*] Skipping {input_file} since we are in {mode} mode") return if os.path.sep not in input_file: input_file = "." + os.path.sep + input_file full_version = get_file_version(input_file) - + # Checks if the image version is already present in the CSV extension = extensions_by_mode[imageType] - imageVersion = f'{imageType}_{full_version[2]}-{full_version[3]}.{extension}' - + imageVersion = f"{imageType}_{full_version[2]}-{full_version[3]}.{extension}" + if imageVersion in knownImageVersions[imageType]: - print(f'[*] Skipping known {imageType} version {imageVersion} (file: {input_file})') + print(f"[*] Skipping known {imageType} version {imageVersion} (file: {input_file})") return - - + # print(f'[*] Processing {imageType} version {imageVersion} (file: {input_file})') # download the PDB if needed - get_pdb(input_file) + pdb_path, pdb_content = get_pdb(pe, input_file, verbose=True) # dump all symbols - r = run(["r2", "-c", "idpi", "-qq", '-B', '0', input_file], capture_output=True) - all_symbols_info = [line.strip() for line in r.stdout.decode().splitlines()] + pdb = Pdb(path=pdb_path, content=pdb_content) if imageType == "ntoskrnl": - symbols = [("PspCreateProcessNotifyRoutine",get_symbol_offset), - ("PspCreateThreadNotifyRoutine",get_symbol_offset), - ("PspLoadImageNotifyRoutine", get_symbol_offset), - ('_PS_PROTECTION Protection', get_field_offset), - ("EtwThreatIntProvRegHandle", get_symbol_offset), - ('_ETW_GUID_ENTRY* GuidEntry', get_field_offset), - ('_TRACE_ENABLE_INFO ProviderEnableInfo', get_field_offset), - ("PsProcessType", get_symbol_offset), - ("PsThreadType", get_symbol_offset), - ('struct _LIST_ENTRY CallbackList', get_field_offset)] + symbols = [ + ("PspCreateProcessNotifyRoutine", pdb.get_symbol_offset), + ("PspCreateThreadNotifyRoutine", pdb.get_symbol_offset), + ("PspLoadImageNotifyRoutine", pdb.get_symbol_offset), + ("_EPROCESS", "Protection", pdb.get_field_offset), + ("EtwThreatIntProvRegHandle", pdb.get_symbol_offset), + ("_ETW_REG_ENTRY", "GuidEntry", pdb.get_field_offset), + ("_ETW_GUID_ENTRY", "ProviderEnableInfo", pdb.get_field_offset), + ("PsProcessType", pdb.get_symbol_offset), + ("PsThreadType", pdb.get_symbol_offset), + ("_OBJECT_TYPE", "CallbackList", pdb.get_field_offset), + ] elif imageType == "wdigest": symbols = [ - ("g_fParameter_UseLogonCredential",get_symbol_offset), - ("g_IsCredGuardEnabled",get_symbol_offset) + ("g_fParameter_UseLogonCredential", pdb.get_symbol_offset), + ("g_IsCredGuardEnabled", pdb.get_symbol_offset), ] elif imageType == "ci": symbols = [ - ("g_CiOptions",get_symbol_offset), + ("g_CiOptions", pdb.get_symbol_offset), ] - - + else: + raise ValueError(f"Incorrect image type {imageType}") + symbols_values = list() - for symbol_name, get_offset in symbols: - symbol_value = get_offset(all_symbols_info, symbol_name) + for *symbol_name, get_offset in symbols: + symbol_value = get_offset(*symbol_name) + if symbol_value is None: + symbol_value = 0 symbols_values.append(symbol_value) - #print(f"[+] {symbol_name} = {hex(symbol_value)}") - + # print(f"[+] {symbol_name} = {hex(symbol_value)}") + with CSVLock: - with open(output_file, 'a') as output: + with open(output_file, "a") as output: output.write(f'{imageVersion},{",".join(hex(val).replace("0x","") for val in symbols_values)}\n') - - #print("wrote into CSV !") + # print("wrote into CSV !") + del pdb knownImageVersions[imageType].append(imageVersion) - - print(f'[+] Finished processing of {imageType} {input_file}!') + print(f"[+] Finished processing of {imageType} {input_file}!") + except PEFormatError as e: + # file is not a PE + if not input_file.endswith(".pdb"): + print(f"[!] ERROR : Could not process file {input_file}: not a valid PE") except Exception as e: - print(f'[!] ERROR : Could not process file {input_file}.') - print(f'[!] Error message: {e}') - #print(f'[!] If error is of the like of "\'NoneType\' object has no attribute \'group\'", kernel callbacks may not be supported by this version.') + print(f"[!] ERROR : Could not process file {input_file}.") + print(f"[!] Error message: {e}") + raise e elif os.path.isdir(input_file): - print(f'[*] Processing folder: {input_file}') + print(f"[*] Processing folder: {input_file}") with ThreadPoolExecutor(max_workers=THREADS_LIMIT) as extractorPool: args = [(os.path.join(input_file, file), output_file, mode) for file in os.listdir(input_file)] - for (i, res) in enumerate(extractorPool.map(extractOffsets, *zip(*args))): + for i, res in enumerate(extractorPool.map(extractOffsets, *zip(*args))): print(f"{i + 1}/{len(args)}", end="\r") - print(f'[+] Finished processing of folder {input_file}!') + print(f"[+] Finished processing of folder {input_file}!") else: - print(f'[!] ERROR : The specified input {input_file} is neither a file nor a directory.') - + print(f"[!] ERROR : The specified input {input_file} is neither a file nor a directory.") def loadOffsetsFromCSV(loadedVersions, CSVPath): print(f'[*] Loading the known known PE versions from "{CSVPath}".') - + with open(CSVPath, "r") as csvFile: - csvReader = csv.reader(csvFile, delimiter=',') + csvReader = csv.reader(csvFile, delimiter=",") next(csvReader) for peLine in csvReader: loadedVersions.append(peLine[0]) + def sortOutputFile(csvFile): def lineKey(line): major = int(line.split("_")[1].split("-")[0]) minor = int(line.split("-")[1].split(".")[0]) return (major, minor) + with open(csvFile) as f: header_line = f.readline() content = f.readlines() @@ -285,76 +331,76 @@ def sortOutputFile(csvFile): f.write(header_line) f.writelines(sorted(set(content), key=lineKey)) -if __name__ == '__main__': + +if __name__ == "__main__": parser = argparse.ArgumentParser() - - parser.add_argument('mode', help='"ntoskrnl", "wdigest" or "ci". Mode to download and extract offsets from either ntoskrnl.exe, wdigest.dll or ci.dll') - parser.add_argument('-i', '--input', dest='input', required=True, - help='Single file or directory containing ntoskrnl.exe / wdigest.dll / ci.dll to extract offsets from. If in download mode, the PE downloaded from MS symbols servers will be placed in this folder.') - parser.add_argument('-o', '--output', dest='output', - help='CSV file to write offsets to. If the specified file already exists, only new ntoskrnl versions will be downloaded / analyzed. Defaults to NtoskrnlOffsets.csv / WdigestOffsets.csv / CiOffsets.csv in the current folder.') - parser.add_argument('-d', '--download', dest='download', action='store_true', - help='Flag to download the PE from Microsoft servers using list of versions from winbindex.m417z.com.') - + + parser.add_argument( + "mode", + help='"ntoskrnl", "wdigest" or "ci". Mode to download and extract offsets from either ntoskrnl.exe, wdigest.dll or ci.dll', + ) + parser.add_argument( + "-i", + "--input", + dest="input", + required=True, + help="Single file or directory containing ntoskrnl.exe / wdigest.dll / ci.dll to extract offsets from. If in download mode, the PE downloaded from MS symbols servers will be placed in this folder.", + ) + parser.add_argument( + "-o", + "--output", + dest="output", + help="CSV file to write offsets to. If the specified file already exists, only new ntoskrnl versions will be downloaded / analyzed. Defaults to NtoskrnlOffsets.csv / WdigestOffsets.csv / CiOffsets.csv in the current folder.", + ) + parser.add_argument( + "-d", + "--download", + dest="download", + action="store_true", + help="Flag to download the PE from Microsoft servers using list of versions from winbindex.m417z.com.", + ) + args = parser.parse_args() mode = args.mode.lower() if mode not in knownImageVersions: print(f'[!] ERROR : unsupported mode "{args.mode}", supported mode are: "ntoskrnl", "wdigest" and "ci"') exit(1) - - # check R2 version - r = run(["r2", "-V"], capture_output=True) - if r.returncode != 0: - print(f"Error: the following error message was printed while running 'r2 -V':") - print(r.stderr) - exit(r.returncode) - output = r.stdout.decode() - """ - can be: - * a series of lines like "5.5.0 r2\n5.5.0 r_lib\n[...]" - * a simple tag "5.8.2-158-gca9763f20d" - """ - ma,me,mi = map(int, output.splitlines()[0].split(" ")[0].split("-")[0].split(".")) - if (ma, me, mi) < (5, 0, 0): - print("WARNING : This script has been tested with radare2 5.0.0 (works) and 4.3.1 (does NOT work)") - print(f"You have version {ma}.{me}.{mi}, if is does not work correctly, meaning most of the offsets are not found (i.e. 0), check radare2's 'idpi' command output and modify get_symbol_offset() & get_field_offset() to parse symbols correctly") - input("Press enter to continue") - if sys.platform in ["linux"]: - # check that cabextract is insalled - try: - run(["cabextract", "-v"], check=True, capture_output=True) - except (subprocess.CalledProcessError, FileNotFoundError): - print('[!] ERROR : On Linux systems, radare2 needs cabextract to be installed to work with PDB.') - exit(1) - - + # If the output file exists, load the already analyzed image versions. # Otherwise, write CSV headers to the new file. if not args.output: - args.output = mode.capitalize() + 'Offsets.csv' + args.output = mode.capitalize() + "Offsets.csv" if os.path.isfile(args.output): loadOffsetsFromCSV(knownImageVersions[mode], args.output) print(f'[+] Loaded {len(knownImageVersions[mode])} known {mode} versions from "{args.output}"') else: - with open(args.output, 'w') as output: + with open(args.output, "w") as output: if mode == "ntoskrnl": - output.write('ntoskrnlVersion,PspCreateProcessNotifyRoutineOffset,PspCreateThreadNotifyRoutineOffset,PspLoadImageNotifyRoutineOffset,_PS_PROTECTIONOffset,EtwThreatIntProvRegHandleOffset,EtwRegEntry_GuidEntryOffset,EtwGuidEntry_ProviderEnableInfoOffset,PsProcessType,PsThreadType,CallbackList\n') + output.write( + "ntoskrnlVersion,PspCreateProcessNotifyRoutineOffset,PspCreateThreadNotifyRoutineOffset,PspLoadImageNotifyRoutineOffset,_PS_PROTECTIONOffset,EtwThreatIntProvRegHandleOffset,EtwRegEntry_GuidEntryOffset,EtwGuidEntry_ProviderEnableInfoOffset,PsProcessType,PsThreadType,CallbackList\n" + ) elif mode == "wdigest": - output.write('wdigestVersion,g_fParameter_UseLogonCredentialOffset,g_IsCredGuardEnabledOffset\n') + output.write("wdigestVersion,g_fParameter_UseLogonCredentialOffset,g_IsCredGuardEnabledOffset\n") elif mode == "ci": - output.write('g_CiOptionsOffset\n') + output.write("g_CiOptionsOffset\n") else: assert False + # In download mode, an updated list of image versions published will be retrieved from https://winbindex.m417z.com. # The symbols for each version will be downloaded from the Microsoft symbols servers. # Only new versions will be downloaded if the specified output file already contains offsets. - if (args.download): + if args.download: if not os.path.isdir(args.input): - print('[!] ERROR : in download mode, -i / --input option must specify a folder') + print("[!] ERROR : in download mode, -i / --input option must specify a folder") exit(1) extension = extensions_by_mode[mode] downloadPEFileFromMS(mode, extension, knownImageVersions[mode], args.input) - - # Extract the offsets from the specified file or the folders containing image files. + + # Extract the offsets from the specified file or the folders containing image files. + import time + + s = time.time() extractOffsets(args.input, args.output, mode) + e = time.time() + print(e - s) sortOutputFile(args.output) diff --git a/Offsets/NtoskrnlOffsets.csv b/Offsets/NtoskrnlOffsets.csv index 4e699eb..593fae0 100644 --- a/Offsets/NtoskrnlOffsets.csv +++ b/Offsets/NtoskrnlOffsets.csv @@ -1,105 +1,131 @@ ntoskrnlVersion,PspCreateProcessNotifyRoutineOffset,PspCreateThreadNotifyRoutineOffset,PspLoadImageNotifyRoutineOffset,_PS_PROTECTIONOffset,EtwThreatIntProvRegHandleOffset,EtwRegEntry_GuidEntryOffset,EtwGuidEntry_ProviderEnableInfoOffset,PsProcessType,PsThreadType,CallbackList -ntoskrnl_19041-1889.exe,cec060,cec460,cec260,87a,c19dd8,20,60,cfc410,cfc440,c8 -ntoskrnl_10240-17609.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8 -ntoskrnl_10240-17738.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8 -ntoskrnl_10240-17394.exe,35d420,35d220,35d020,6aa,0,20,50,3c51e8,3c5200,c8 +ntoskrnl_6003-21251.exe,1a9d00,1a9ae0,1a9a80,0,0,10,50,22c020,22c040,228 +ntoskrnl_7601-25740.exe,21c500,21c2e0,21c0c0,0,0,20,50,29e020,29e050,c0 +ntoskrnl_9600-17031.exe,2e1a40,2e1840,2e1640,67a,0,10,50,354020,354048,c8 +ntoskrnl_9600-19321.exe,2dcb10,2dc910,2dc710,67a,0,20,50,34f030,34f048,c8 +ntoskrnl_9600-19376.exe,2dbb10,2db910,2db710,67a,0,20,50,34e030,34e048,c8 +ntoskrnl_9600-19426.exe,2dbb10,2db910,2db710,67a,0,20,50,34e030,34e048,c8 +ntoskrnl_9600-20111.exe,2dac50,2daa50,2da850,67a,0,20,50,34d030,34d048,c8 +ntoskrnl_9600-20144.exe,2dac50,2daa50,2da850,67a,0,20,50,34d030,34d048,c8 ntoskrnl_10240-16384.exe,35d2e0,35d0e0,35cee0,6aa,0,20,50,3c51e8,3c5200,c8 -ntoskrnl_10240-17643.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8 -ntoskrnl_10240-17446.exe,35c420,35c220,35c020,6aa,0,20,50,3c41e8,3c4200,c8 -ntoskrnl_10240-17709.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8 -ntoskrnl_10240-17770.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8 -ntoskrnl_10240-17533.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8 -ntoskrnl_10240-17488.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8 +ntoskrnl_10240-17394.exe,35d420,35d220,35d020,6aa,0,20,50,3c51e8,3c5200,c8 ntoskrnl_10240-17443.exe,35c420,35c220,35c020,6aa,0,20,50,3c41e8,3c4200,c8 -ntoskrnl_10240-18005.exe,3694e0,3692e0,3690e0,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-17446.exe,35c420,35c220,35c020,6aa,0,20,50,3c41e8,3c4200,c8 +ntoskrnl_10240-17488.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8 +ntoskrnl_10240-17533.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8 +ntoskrnl_10240-17609.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8 +ntoskrnl_10240-17643.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8 +ntoskrnl_10240-17709.exe,35c3e0,35c1e0,35bfe0,6aa,0,20,50,3c41e8,3c4200,c8 +ntoskrnl_10240-17738.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8 +ntoskrnl_10240-17741.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8 +ntoskrnl_10240-17770.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8 ntoskrnl_10240-17797.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8 -ntoskrnl_10240-18063.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 ntoskrnl_10240-17831.exe,366520,366320,366120,6b2,0,20,50,3cd1e8,3cd200,c8 -ntoskrnl_10240-17889.exe,3644e0,3642e0,3640e0,6b2,0,20,50,3cc228,3cc248,c8 -ntoskrnl_10240-17976.exe,3694e0,3692e0,3690e0,6b2,0,20,50,3d0228,3d0248,c8 ntoskrnl_10240-17861.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cd228,3cd240,c8 -ntoskrnl_10240-18158.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 -ntoskrnl_10240-18036.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 -ntoskrnl_10240-18132.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 -ntoskrnl_10240-18094.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-17889.exe,3644e0,3642e0,3640e0,6b2,0,20,50,3cc228,3cc248,c8 ntoskrnl_10240-17914.exe,3644e0,3642e0,3640e0,6b2,0,20,50,3cc228,3cc248,c8 -ntoskrnl_10240-18545.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8 +ntoskrnl_10240-17976.exe,3694e0,3692e0,3690e0,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-18005.exe,3694e0,3692e0,3690e0,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-18036.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-18063.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-18094.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-18132.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-18135.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-18158.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-18187.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 +ntoskrnl_10240-18215.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 ntoskrnl_10240-18275.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 ntoskrnl_10240-18303.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 -ntoskrnl_10240-18452.exe,367520,367320,367120,6b2,0,20,50,3cd228,3cd248,c8 -ntoskrnl_10240-18575.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8 +ntoskrnl_10240-18333.exe,369520,369320,369120,6b2,0,20,50,3d0228,3d0248,c8 ntoskrnl_10240-18427.exe,367520,367320,367120,6b2,0,20,50,3cd228,3cd248,c8 -ntoskrnl_10240-18638.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8 -ntoskrnl_10240-18608.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8 +ntoskrnl_10240-18452.exe,367520,367320,367120,6b2,0,20,50,3cd228,3cd248,c8 ntoskrnl_10240-18485.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8 +ntoskrnl_10240-18545.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8 +ntoskrnl_10240-18575.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8 +ntoskrnl_10240-18608.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8 +ntoskrnl_10240-18609.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8 +ntoskrnl_10240-18638.exe,3684e0,3682e0,3680e0,6b2,0,20,50,3ce228,3ce248,c8 ntoskrnl_10240-18666.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8 ntoskrnl_10240-18725.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8 ntoskrnl_10240-18756.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8 -ntoskrnl_10240-19119.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cc228,3cc248,c8 -ntoskrnl_10240-18906.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8 ntoskrnl_10240-18841.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8 +ntoskrnl_10240-18906.exe,367560,367360,367160,6b2,0,20,50,3cd228,3cd248,c8 ntoskrnl_10240-19086.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cc228,3cc248,c8 +ntoskrnl_10240-19119.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cc228,3cc248,c8 ntoskrnl_10240-19145.exe,3664e0,3662e0,3660e0,6b2,0,20,50,3cc228,3cc248,c8 +ntoskrnl_10240-19204.exe,3664a0,3662a0,3660a0,6b2,0,20,50,3cc228,3cc248,c8 +ntoskrnl_10240-19235.exe,366520,366320,366120,6b2,0,20,50,3cc228,3cc248,c8 +ntoskrnl_10240-19325.exe,366520,366320,366120,6b2,0,20,50,3cc228,3cc248,c8 +ntoskrnl_10240-19567.exe,3694e0,3692e0,3690e0,6b2,0,20,50,3cf228,3cf248,c8 +ntoskrnl_10240-19869.exe,369520,369320,369120,6b2,0,20,50,3cf230,3cf248,c8 +ntoskrnl_10240-19983.exe,3695a0,3693a0,3691a0,6b2,0,20,50,3cf230,3cf248,c8 +ntoskrnl_10240-20048.exe,369520,369320,369120,6b2,0,20,50,3cf230,3cf248,c8 +ntoskrnl_10240-20107.exe,3695a0,3693a0,3691a0,6b2,0,20,50,3cf228,3cf248,c8 +ntoskrnl_10240-20161.exe,369560,369360,369160,6b2,0,20,50,3cf228,3cf248,c8 +ntoskrnl_10240-20232.exe,369560,369360,369160,6b2,0,20,50,3cf228,3cf248,c8 ntoskrnl_10586-0.exe,317180,316f80,316d80,6b2,0,20,50,37f228,37f248,c8 +ntoskrnl_10586-1176.exe,3161c0,315fc0,315dc0,6b2,0,20,50,37e228,37e248,c8 ntoskrnl_10586-1177.exe,3161c0,315fc0,315dc0,6b2,0,20,50,37e228,37e248,c8 ntoskrnl_10586-1295.exe,3161c0,315fc0,315dc0,6b2,0,20,50,37e228,37e248,c8 -ntoskrnl_10586-1176.exe,3161c0,315fc0,315dc0,6b2,0,20,50,37e228,37e248,c8 -ntoskrnl_10240-19235.exe,366520,366320,366120,6b2,0,20,50,3cc228,3cc248,c8 ntoskrnl_10586-1356.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8 +ntoskrnl_10586-1358.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8 ntoskrnl_10586-1417.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8 ntoskrnl_10586-1478.exe,31a2c0,31a0c0,319ec0,6ba,0,20,50,382228,382248,c8 ntoskrnl_10586-1540.exe,31a300,31a100,319f00,6ba,0,20,50,382228,382248,c8 -ntoskrnl_14393-2214.exe,33ea20,33e820,33e620,6ca,0,20,50,3ab210,3ab230,c8 -ntoskrnl_14393-1198.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8 -ntoskrnl_14393-1670.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8 -ntoskrnl_14393-1770.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8 ntoskrnl_14393-0.exe,33bba0,33b9a0,33b7a0,6c2,0,20,50,3a8210,3a8230,c8 +ntoskrnl_14393-576.exe,33bca0,33baa0,33b8a0,6c2,0,20,50,3a8210,3a8230,c8 +ntoskrnl_14393-726.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8 +ntoskrnl_14393-953.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8 +ntoskrnl_14393-1198.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8 ntoskrnl_14393-1532.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8 -ntoskrnl_14393-2189.exe,33ea20,33e820,33e620,6ca,0,20,50,3ab210,3ab230,c8 -ntoskrnl_14393-2248.exe,33da60,33d860,33d660,6ca,0,20,50,3aa250,3aa270,c8 +ntoskrnl_14393-1670.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8 ntoskrnl_14393-1737.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8 +ntoskrnl_14393-1770.exe,3348a0,3346a0,3344a0,6c2,0,20,50,3a0210,3a0230,c8 +ntoskrnl_14393-2189.exe,33ea20,33e820,33e620,6ca,0,20,50,3ab210,3ab230,c8 +ntoskrnl_14393-2214.exe,33ea20,33e820,33e620,6ca,0,20,50,3ab210,3ab230,c8 +ntoskrnl_14393-2248.exe,33da60,33d860,33d660,6ca,0,20,50,3aa250,3aa270,c8 ntoskrnl_14393-2273.exe,33da60,33d860,33d660,6ca,0,20,50,3aa250,3aa270,c8 -ntoskrnl_14393-2363.exe,33ca20,33c820,33c620,6ca,0,20,50,3a9250,3a9278,c8 ntoskrnl_14393-2312.exe,33ca20,33c820,33c620,6ca,0,20,50,3a9250,3a9278,c8 +ntoskrnl_14393-2363.exe,33ca20,33c820,33c620,6ca,0,20,50,3a9250,3a9278,c8 +ntoskrnl_14393-2395.exe,33bb60,33b960,33b760,6ca,0,20,50,3a8250,3a8278,c8 ntoskrnl_14393-2430.exe,338b60,338960,338760,6ca,0,20,50,3a5250,3a5278,c8 ntoskrnl_14393-2485.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8 -ntoskrnl_14393-2395.exe,33bb60,33b960,33b760,6ca,0,20,50,3a8250,3a8278,c8 -ntoskrnl_14393-2580.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8 ntoskrnl_14393-2551.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8 -ntoskrnl_14393-2636.exe,338be0,3389e0,3387e0,6ca,0,20,50,3a5250,3a5278,c8 +ntoskrnl_14393-2580.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8 ntoskrnl_14393-2608.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8 +ntoskrnl_14393-2636.exe,338be0,3389e0,3387e0,6ca,0,20,50,3a5250,3a5278,c8 ntoskrnl_14393-2665.exe,338be0,3389e0,3387e0,6ca,0,20,50,3a5250,3a5278,c8 ntoskrnl_14393-2724.exe,338be0,3389e0,3387e0,6ca,0,20,50,3a5250,3a5278,c8 ntoskrnl_14393-2791.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8 -ntoskrnl_14393-2969.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8 -ntoskrnl_14393-2906.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8 ntoskrnl_14393-2848.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8 -ntoskrnl_14393-3204.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8 +ntoskrnl_14393-2906.exe,338b20,338920,338720,6ca,0,20,50,3a5250,3a5278,c8 +ntoskrnl_14393-2969.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-3085.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-3115.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8 -ntoskrnl_14393-3269.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-3143.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8 +ntoskrnl_14393-3204.exe,339a20,339820,339620,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-3241.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8 +ntoskrnl_14393-3269.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-3297.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-3321.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-3383.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-3442.exe,339a60,339860,339660,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-3471.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8 -ntoskrnl_14393-3564.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-3503.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-3541.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 +ntoskrnl_14393-3564.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-3595.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-3630.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 +ntoskrnl_14393-3659.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-3686.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 +ntoskrnl_14393-3750.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-3755.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-3808.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 -ntoskrnl_14393-3750.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 -ntoskrnl_14393-3659.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 -ntoskrnl_14393-3930.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-3866.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8 +ntoskrnl_14393-3930.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-3986.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 -ntoskrnl_14393-4104.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4046.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 +ntoskrnl_14393-4104.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4169.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4225.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4283.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 @@ -107,267 +133,350 @@ ntoskrnl_14393-4350.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4402.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4467.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4470.exe,33aee0,33ace0,33aae0,6ca,0,20,50,3a7250,3a7278,c8 -ntoskrnl_14393-4583.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4530.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8 +ntoskrnl_14393-4583.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4651.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4704.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-4770.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-4825.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8 -ntoskrnl_14393-4771.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8 ntoskrnl_14393-4827.exe,339e60,339c60,339a60,6ca,0,20,50,3a6250,3a6278,c8 +ntoskrnl_14393-4886.exe,33ade0,33abe0,33a9e0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4889.exe,33ade0,33abe0,33a9e0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-4946.exe,33ade0,33abe0,33a9e0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-5006.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8 -ntoskrnl_14393-4886.exe,33ade0,33abe0,33a9e0,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-5066.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-5125.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-5192.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7250,3a7278,c8 ntoskrnl_14393-5246.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7258,3a7278,c8 -ntoskrnl_14393-576.exe,33bca0,33baa0,33b8a0,6c2,0,20,50,3a8210,3a8230,c8 -ntoskrnl_14393-693.exe,33bca0,33baa0,33b8a0,6c2,0,20,50,3a8210,3a8230,c8 -ntoskrnl_14393-726.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8 -ntoskrnl_14393-953.exe,335860,335660,335460,6c2,0,20,50,3a1210,3a1230,c8 -ntoskrnl_15063-1155.exe,387510,387310,387110,6ca,346f68,20,50,3e5f98,3e5fb8,c8 +ntoskrnl_14393-5291.exe,33aea0,33aca0,33aaa0,6ca,0,20,50,3a7258,3a7278,c8 +ntoskrnl_14393-5356.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7258,3a7278,c8 +ntoskrnl_14393-5427.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7258,3a7278,c8 +ntoskrnl_14393-5429.exe,33ae60,33ac60,33aa60,6ca,0,20,50,3a7258,3a7278,c8 +ntoskrnl_14393-5501.exe,33dde0,33dbe0,33d9e0,6ca,0,20,50,3aa250,3aa278,c8 +ntoskrnl_14393-5582.exe,33dee0,33dce0,33dae0,6ca,0,20,50,3aa250,3aa278,c8 +ntoskrnl_14393-5648.exe,33cee0,33cce0,33cae0,6ca,0,20,50,3a9250,3a9278,c8 +ntoskrnl_14393-5717.exe,33cea0,33cca0,33caa0,6ca,0,20,50,3a9250,3a9278,c8 +ntoskrnl_14393-5786.exe,33cde0,33cbe0,33c9e0,6ca,0,20,50,3a9250,3a9278,c8 +ntoskrnl_14393-5850.exe,33cee0,33cce0,33cae0,6ca,0,20,50,3a9250,3a9278,c8 +ntoskrnl_14393-5921.exe,33ce20,33cc20,33ca20,6ca,0,20,50,3a9250,3a9278,c8 +ntoskrnl_14393-5996.exe,33cf20,33cd20,33cb20,6ca,0,20,50,3a9250,3a9278,c8 +ntoskrnl_14393-6085.exe,33cea0,33cca0,33caa0,6ca,0,20,50,3a9250,3a9278,c8 +ntoskrnl_14393-6167.exe,33ce60,33cc60,33ca60,6ca,0,20,50,3a9250,3a9278,c8 +ntoskrnl_15063-0.exe,382290,382090,381e90,6ca,341ea8,20,50,3e1f98,3e1fb0,c8 +ntoskrnl_15063-13.exe,382290,382090,381e90,6ca,341ea8,20,50,3e1f98,3e1fb0,c8 +ntoskrnl_15063-296.exe,382290,382090,381e90,6ca,341ea8,20,50,3e1f98,3e1fb0,c8 +ntoskrnl_15063-674.exe,3822d0,3820d0,381ed0,6ca,341e88,20,50,3e1f98,3e1fb0,c8 +ntoskrnl_15063-675.exe,3822d0,3820d0,381ed0,6ca,341e88,20,50,3e1f98,3e1fb0,c8 +ntoskrnl_15063-786.exe,382310,382110,381f10,6ca,341ec8,20,50,3e1f98,3e1fb0,c8 +ntoskrnl_15063-850.exe,389450,389250,389050,6ca,348fb8,20,50,3e7f98,3e7fb0,c8 +ntoskrnl_15063-909.exe,389510,389310,389110,6ca,348fa8,20,50,3e7f98,3e7fb0,c8 +ntoskrnl_15063-966.exe,389550,389350,389150,6ca,348fa8,20,50,3e7f98,3e7fb0,c8 +ntoskrnl_15063-1029.exe,389550,389350,389150,6ca,348fa8,20,50,3e7f98,3e7fb0,c8 ntoskrnl_15063-1088.exe,3894d0,3892d0,3890d0,6ca,348fb8,20,50,3e7f98,3e7fb0,c8 +ntoskrnl_15063-1155.exe,387510,387310,387110,6ca,346f68,20,50,3e5f98,3e5fb8,c8 ntoskrnl_15063-1206.exe,387510,387310,387110,6ca,346f68,20,50,3e5f98,3e5fb8,c8 ntoskrnl_15063-1266.exe,384410,384210,384010,6ca,343f48,20,50,3e2f98,3e2fb8,c8 -ntoskrnl_15063-1029.exe,389550,389350,389150,6ca,348fa8,20,50,3e7f98,3e7fb0,c8 -ntoskrnl_15063-13.exe,382290,382090,381e90,6ca,341ea8,20,50,3e1f98,3e1fb0,c8 ntoskrnl_15063-1324.exe,385490,385290,385090,6ca,344f88,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-1387.exe,385490,385290,385090,6ca,344f98,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-1418.exe,385490,385290,385090,6ca,344f98,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-1446.exe,385490,385290,385090,6ca,344fa8,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-1478.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8 -ntoskrnl_15063-1596.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1506.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-1563.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8 -ntoskrnl_15063-1746.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1596.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-1631.exe,385450,385250,385050,6ca,344f68,20,50,3e3f98,3e3fb8,c8 -ntoskrnl_15063-1805.exe,3853d0,3851d0,384fd0,6ca,344e78,20,50,3e3f98,3e3fb8,c8 -ntoskrnl_15063-1987.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1659.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-1689.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1716.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1746.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1779.exe,3854d0,3852d0,3850d0,6ca,344fd8,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1805.exe,3853d0,3851d0,384fd0,6ca,344e78,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1836.exe,3853d0,3851d0,384fd0,6ca,344e78,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1897.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-1928.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1955.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8 +ntoskrnl_15063-1987.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-2017.exe,385450,385250,385050,6ca,344e48,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-2045.exe,385350,385150,384f50,6ca,344e48,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-2076.exe,385350,385150,384f50,6ca,344e48,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-2106.exe,385350,385150,384f50,6ca,344e48,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-2283.exe,385410,385210,385010,6ca,344e68,20,50,3e3f98,3e3fb8,c8 -ntoskrnl_15063-674.exe,3822d0,3820d0,381ed0,6ca,341e88,20,50,3e1f98,3e1fb0,c8 -ntoskrnl_15063-296.exe,382290,382090,381e90,6ca,341ea8,20,50,3e1f98,3e1fb0,c8 -ntoskrnl_15063-850.exe,389450,389250,389050,6ca,348fb8,20,50,3e7f98,3e7fb0,c8 +ntoskrnl_15063-2411.exe,385410,385210,385010,6ca,344e68,20,50,3e3f98,3e3fb8,c8 ntoskrnl_15063-2500.exe,3853d0,3851d0,384fd0,6ca,344e48,20,50,3e3f98,3e3fb8,c8 -ntoskrnl_15063-786.exe,382310,382110,381f10,6ca,341ec8,20,50,3e1f98,3e1fb0,c8 -ntoskrnl_15063-966.exe,389550,389350,389150,6ca,348fa8,20,50,3e7f98,3e7fb0,c8 -ntoskrnl_15063-675.exe,3822d0,3820d0,381ed0,6ca,341e88,20,50,3e1f98,3e1fb0,c8 -ntoskrnl_15063-909.exe,389510,389310,389110,6ca,348fa8,20,50,3e7f98,3e7fb0,c8 -ntoskrnl_16299-1004.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-1087.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-1029.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-1120.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-1146.exe,3a0d00,3a0f00,3a0b00,6ca,35e8a0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-1182.exe,3a0d00,3a0f00,3a0b00,6ca,35e8a0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-1217.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8 -ntoskrnl_16299-125.exe,398a80,398c80,398e80,6ca,356980,20,50,3f90d0,3f90f0,c8 -ntoskrnl_16299-1364.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8 -ntoskrnl_16299-1419.exe,3a1040,3a0c40,3a0e40,6ca,35e988,20,50,4010d0,4010f8,c8 -ntoskrnl_16299-1448.exe,3a1040,3a0c40,3a0e40,6ca,35e988,20,50,4010d0,4010f8,c8 ntoskrnl_16299-15.exe,398c80,398e80,398a80,6ca,356908,20,50,3f90d0,3f90f0,c8 -ntoskrnl_16299-1331.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8 -ntoskrnl_16299-1622.exe,3a0fc0,3a0bc0,3a0dc0,6ca,35e988,20,50,4010d0,4010f8,c8 -ntoskrnl_16299-1747.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-1775.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-192.exe,39dd40,39df40,39db40,6ca,35b980,20,50,3fd0d0,3fd0f0,c8 ntoskrnl_16299-19.exe,398c80,398e80,398a80,6ca,3568e8,20,50,3f90d0,3f90f0,c8 -ntoskrnl_16299-2166.exe,3a1100,3a0d00,3a0f00,6ca,35e988,20,50,4010d0,4010f8,c8 -ntoskrnl_16299-2045.exe,3a1100,3a0d00,3a0f00,6ca,35e988,20,50,4010d0,4010f8,c8 -ntoskrnl_16299-1992.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-64.exe,398c40,398e40,398a40,6ca,3568e8,20,50,3f90d0,3f90f0,c8 +ntoskrnl_16299-98.exe,398ec0,398ac0,398cc0,6ca,356980,20,50,3f90d0,3f90f0,c8 +ntoskrnl_16299-125.exe,398a80,398c80,398e80,6ca,356980,20,50,3f90d0,3f90f0,c8 +ntoskrnl_16299-192.exe,39dd40,39df40,39db40,6ca,35b980,20,50,3fd0d0,3fd0f0,c8 ntoskrnl_16299-214.exe,39ddc0,39dfc0,39dbc0,6ca,35b980,20,50,3fe0d0,3fe0f0,c8 -ntoskrnl_16299-309.exe,39e0c0,39dcc0,39dec0,6ca,35bae8,20,50,3fe0d0,3fe0f0,c8 -ntoskrnl_16299-251.exe,39e100,39dd00,39df00,6ca,35bac8,20,50,3fe0d0,3fe0f0,c8 ntoskrnl_16299-248.exe,39e100,39dd00,39df00,6ca,35bac8,20,50,3fe0d0,3fe0f0,c8 +ntoskrnl_16299-251.exe,39e100,39dd00,39df00,6ca,35bac8,20,50,3fe0d0,3fe0f0,c8 +ntoskrnl_16299-309.exe,39e0c0,39dcc0,39dec0,6ca,35bae8,20,50,3fe0d0,3fe0f0,c8 ntoskrnl_16299-334.exe,39e0c0,39dcc0,39dec0,6ca,35bac8,20,50,3fe0d0,3fe0f0,c8 ntoskrnl_16299-371.exe,39ce40,39d040,39cc40,6ca,35aa00,20,50,3fd0d0,3fd0f0,c8 +ntoskrnl_16299-402.exe,39d0c0,39ccc0,39cec0,6ca,35aaa8,20,50,3fd0d0,3fd0f0,c8 ntoskrnl_16299-431.exe,39ce00,39d000,39cc00,6ca,35aa00,20,50,3fd0d0,3fd0f0,c8 ntoskrnl_16299-461.exe,39d080,39cc80,39ce80,6ca,35aa88,20,50,3fd0d0,3fd0f0,c8 -ntoskrnl_16299-402.exe,39d0c0,39ccc0,39cec0,6ca,35aaa8,20,50,3fd0d0,3fd0f0,c8 ntoskrnl_16299-492.exe,39b080,39ac80,39ae80,6ca,358aa8,20,50,3fb0d0,3fb0f8,c8 ntoskrnl_16299-522.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8 -ntoskrnl_16299-551.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8 ntoskrnl_16299-547.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8 -ntoskrnl_16299-637.exe,39fe00,3a0000,39fc00,6ca,35d9e0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-611.exe,39fe00,3a0000,39fc00,6ca,35d9e0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-551.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8 ntoskrnl_16299-579.exe,3a2f00,3a3100,3a2d00,6ca,360ac0,20,50,4030d0,4030f8,c8 -ntoskrnl_16299-64.exe,398c40,398e40,398a40,6ca,3568e8,20,50,3f90d0,3f90f0,c8 +ntoskrnl_16299-611.exe,39fe00,3a0000,39fc00,6ca,35d9e0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-637.exe,39fe00,3a0000,39fc00,6ca,35d9e0,20,50,4000d0,4000f8,c8 ntoskrnl_16299-665.exe,39fe80,3a0080,39fc80,6ca,35dac0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-699.exe,39fdc0,39ffc0,39fbc0,6ca,35da00,20,50,4000d0,4000f8,c8 ntoskrnl_16299-666.exe,39fe80,3a0080,39fc80,6ca,35dac0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-699.exe,39fdc0,39ffc0,39fbc0,6ca,35da00,20,50,4000d0,4000f8,c8 ntoskrnl_16299-726.exe,39fdc0,39ffc0,39fbc0,6ca,35da00,20,50,4000d0,4000f8,c8 ntoskrnl_16299-755.exe,3a0080,39fc80,39fe80,6ca,35da88,20,50,4000d0,4000f8,c8 ntoskrnl_16299-785.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8 ntoskrnl_16299-820.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8 ntoskrnl_16299-846.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8 -ntoskrnl_16299-98.exe,398ec0,398ac0,398cc0,6ca,356980,20,50,3f90d0,3f90f0,c8 ntoskrnl_16299-904.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-936.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8 ntoskrnl_16299-967.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1004.exe,39fec0,3a00c0,39fcc0,6ca,35dac0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1029.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1059.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1087.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1120.exe,39ff00,3a0100,39fd00,6ca,35dac0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1146.exe,3a0d00,3a0f00,3a0b00,6ca,35e8a0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1182.exe,3a0d00,3a0f00,3a0b00,6ca,35e8a0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1217.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1237.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1296.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1331.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1364.exe,3a1000,3a0c00,3a0e00,6ca,35e968,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1387.exe,3a0e80,3a1080,3a0c80,6ca,35e960,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1419.exe,3a1040,3a0c40,3a0e40,6ca,35e988,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1448.exe,3a1040,3a0c40,3a0e40,6ca,35e988,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1480.exe,3a1040,3a0c40,3a0e40,6ca,35e988,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1622.exe,3a0fc0,3a0bc0,3a0dc0,6ca,35e988,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1653.exe,3a0fc0,3a0bc0,3a0dc0,6ca,35e988,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-1715.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1747.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1775.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1776.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1937.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-1992.exe,3a0cc0,3a0ec0,3a0ac0,6ca,35e8c0,20,50,4000d0,4000f8,c8 +ntoskrnl_16299-2045.exe,3a1100,3a0d00,3a0f00,6ca,35e988,20,50,4010d0,4010f8,c8 +ntoskrnl_16299-2166.exe,3a1100,3a0d00,3a0f00,6ca,35e988,20,50,4010d0,4010f8,c8 ntoskrnl_17134-1.exe,3f4ef0,3f50f0,3f4cf0,6ca,3b2120,20,50,45e250,45e270,c8 -ntoskrnl_17134-1006.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1fc8,20,50,44d250,44d278,c8 -ntoskrnl_17134-1038.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44d250,44d278,c8 -ntoskrnl_17134-1098.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fb0,20,50,44d250,44d278,c8 -ntoskrnl_17134-1067.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fb0,20,50,44d250,44d278,c8 +ntoskrnl_17134-48.exe,3f5030,3f4c30,3f4e30,6ca,3b20e8,20,50,45e250,45e270,c8 +ntoskrnl_17134-81.exe,3f4f30,3f5130,3f4d30,6ca,3b2120,20,50,45e250,45e270,c8 +ntoskrnl_17134-83.exe,3f4f30,3f5130,3f4d30,6ca,3b2120,20,50,45e250,45e270,c8 ntoskrnl_17134-112.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8 -ntoskrnl_17134-1130.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8 -ntoskrnl_17134-1246.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8 -ntoskrnl_17134-1345.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44d250,44d278,c8 -ntoskrnl_17134-1184.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8 -ntoskrnl_17134-1365.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8 ntoskrnl_17134-137.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8 -ntoskrnl_17134-1304.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1fe8,20,50,44d250,44d278,c8 -ntoskrnl_17134-1425.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8 -ntoskrnl_17134-1488.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8 -ntoskrnl_17134-1550.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8 ntoskrnl_17134-165.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8 -ntoskrnl_17134-1610.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8 -ntoskrnl_17134-1667.exe,3e4ff0,3e4bf0,3e4df0,6ca,3a1f88,20,50,44c250,44c278,c8 -ntoskrnl_17134-1845.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 ntoskrnl_17134-167.exe,3f1e30,3f2030,3f1c30,6ca,3af088,20,50,45b250,45b278,c8 -ntoskrnl_17134-1726.exe,3e4ff0,3e4bf0,3e4df0,6ca,3a1f88,20,50,44c250,44c278,c8 -ntoskrnl_17134-1792.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 -ntoskrnl_17134-1902.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 ntoskrnl_17134-191.exe,3f2e30,3f3030,3f2c30,6ca,3b0088,20,50,45c250,45c278,c8 -ntoskrnl_17134-1967.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 -ntoskrnl_17134-2026.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 -ntoskrnl_17134-2208.exe,3e4f70,3e4b70,3e4d70,6ca,3a1f88,20,50,44c250,44c278,c8 -ntoskrnl_17134-2087.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 -ntoskrnl_17134-2145.exe,3e4f70,3e4b70,3e4d70,6ca,3a1f88,20,50,44c250,44c278,c8 -ntoskrnl_17134-254.exe,3e5ff0,3e5bf0,3e5df0,6ca,3a3108,20,50,44e250,44e278,c8 ntoskrnl_17134-228.exe,3e5ff0,3e5bf0,3e5df0,6ca,3a3108,20,50,44e250,44e278,c8 -ntoskrnl_17134-320.exe,3e5eb0,3e60b0,3e5cb0,6ca,3a3120,20,50,44e250,44e278,c8 +ntoskrnl_17134-254.exe,3e5ff0,3e5bf0,3e5df0,6ca,3a3108,20,50,44e250,44e278,c8 ntoskrnl_17134-285.exe,3e6030,3e5c30,3e5e30,6ca,3a3100,20,50,44e250,44e278,c8 ntoskrnl_17134-286.exe,3e6030,3e5c30,3e5e30,6ca,3a3100,20,50,44e250,44e278,c8 +ntoskrnl_17134-320.exe,3e5eb0,3e60b0,3e5cb0,6ca,3a3120,20,50,44e250,44e278,c8 ntoskrnl_17134-345.exe,3e5eb0,3e60b0,3e5cb0,6ca,3a3160,20,50,44e250,44e278,c8 ntoskrnl_17134-376.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8 ntoskrnl_17134-407.exe,3e5f30,3e5b30,3e5d30,6ca,3a3108,20,50,44e250,44e278,c8 ntoskrnl_17134-471.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8 ntoskrnl_17134-472.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8 ntoskrnl_17134-523.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8 -ntoskrnl_17134-48.exe,3f5030,3f4c30,3f4e30,6ca,3b20e8,20,50,45e250,45e270,c8 ntoskrnl_17134-556.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8 -ntoskrnl_17134-765.exe,0,0,0,0,0,0,0,0,0,0 -ntoskrnl_17134-648.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8 ntoskrnl_17134-590.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8 -ntoskrnl_17134-677.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8 -ntoskrnl_17134-753.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8 -ntoskrnl_17134-706.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8 ntoskrnl_17134-619.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8 +ntoskrnl_17134-648.exe,3e5fb0,3e5bb0,3e5db0,6ca,3a3108,20,50,44e250,44e278,c8 +ntoskrnl_17134-677.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8 +ntoskrnl_17134-706.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8 +ntoskrnl_17134-753.exe,3e4eb0,3e50b0,3e4cb0,6ca,3a2160,20,50,44d250,44d278,c8 +ntoskrnl_17134-765.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1f48,20,50,44d250,44d278,c8 ntoskrnl_17134-766.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1f48,20,50,44d250,44d278,c8 -ntoskrnl_17134-829.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8 ntoskrnl_17134-799.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8 -ntoskrnl_17134-81.exe,3f4f30,3f5130,3f4d30,6ca,3b2120,20,50,45e250,45e270,c8 -ntoskrnl_17134-950.exe,0,0,0,0,0,0,0,0,0,0 -ntoskrnl_17763-1007.exe,0,0,0,0,0,0,0,0,0,0 +ntoskrnl_17134-829.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8 ntoskrnl_17134-858.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8 -ntoskrnl_17134-83.exe,3f4f30,3f5130,3f4d30,6ca,3b2120,20,50,45e250,45e270,c8 -ntoskrnl_17134-915.exe,3e4d70,3e4f70,3e4b70,6ca,3a1fa8,20,50,44d250,44d278,c8 -ntoskrnl_17763-1.exe,0,0,0,0,0,0,0,0,0,0 ntoskrnl_17134-885.exe,3e4f30,3e4b30,3e4d30,6ca,3a1f68,20,50,44d250,44d278,c8 +ntoskrnl_17134-915.exe,3e4d70,3e4f70,3e4b70,6ca,3a1fa8,20,50,44d250,44d278,c8 +ntoskrnl_17134-950.exe,3e4d70,3e4f70,3e4b70,6ca,3a1fa8,20,50,44d250,44d278,c8 ntoskrnl_17134-982.exe,3e4f30,3e4b30,3e4d30,6ca,3a1fd0,20,50,44d250,44d278,c8 -ntoskrnl_17763-1039.exe,0,0,0,0,0,0,0,0,0,0 -ntoskrnl_17763-107.exe,0,0,0,0,0,0,0,0,0,0 +ntoskrnl_17134-1006.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1fc8,20,50,44d250,44d278,c8 +ntoskrnl_17134-1038.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44d250,44d278,c8 +ntoskrnl_17134-1067.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fb0,20,50,44d250,44d278,c8 +ntoskrnl_17134-1098.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fb0,20,50,44d250,44d278,c8 +ntoskrnl_17134-1130.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8 +ntoskrnl_17134-1184.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8 +ntoskrnl_17134-1246.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8 +ntoskrnl_17134-1276.exe,3e4fb0,3e4bb0,3e4db0,6ca,3a1fb0,20,50,44d250,44d278,c8 +ntoskrnl_17134-1304.exe,3e4ef0,3e4af0,3e4cf0,6ca,3a1fe8,20,50,44d250,44d278,c8 +ntoskrnl_17134-1345.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44d250,44d278,c8 +ntoskrnl_17134-1365.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8 +ntoskrnl_17134-1399.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8 +ntoskrnl_17134-1401.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8 +ntoskrnl_17134-1425.exe,3e4e30,3e5030,3e4c30,6ca,3a2000,20,50,44d250,44d278,c8 +ntoskrnl_17134-1456.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8 +ntoskrnl_17134-1488.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8 +ntoskrnl_17134-1550.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8 +ntoskrnl_17134-1553.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8 +ntoskrnl_17134-1610.exe,3e4db0,3e4fb0,3e4bb0,6ca,3a1fe0,20,50,44c250,44c278,c8 +ntoskrnl_17134-1667.exe,3e4ff0,3e4bf0,3e4df0,6ca,3a1f88,20,50,44c250,44c278,c8 +ntoskrnl_17134-1726.exe,3e4ff0,3e4bf0,3e4df0,6ca,3a1f88,20,50,44c250,44c278,c8 +ntoskrnl_17134-1792.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 +ntoskrnl_17134-1845.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 +ntoskrnl_17134-1902.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 +ntoskrnl_17134-1967.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 +ntoskrnl_17134-2026.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 +ntoskrnl_17134-2087.exe,3e4f70,3e4b70,3e4d70,6ca,3a1fd0,20,50,44c250,44c278,c8 +ntoskrnl_17134-2145.exe,3e4f70,3e4b70,3e4d70,6ca,3a1f88,20,50,44c250,44c278,c8 +ntoskrnl_17134-2208.exe,3e4f70,3e4b70,3e4d70,6ca,3a1f88,20,50,44c250,44c278,c8 +ntoskrnl_17763-1.exe,45c4b0,45c0b0,45c2b0,6ca,40f038,20,50,4c52d0,4c52f8,c8 +ntoskrnl_17763-55.exe,45c4f0,45c0f0,45c2f0,6ca,40f098,20,50,4c52d0,4c52f8,c8 +ntoskrnl_17763-107.exe,45c430,45c030,45c230,6ca,40f018,20,50,4c52d0,4c52f8,c8 +ntoskrnl_17763-134.exe,45c430,45c030,45c230,6ca,40efd8,20,50,4c52d0,4c52f8,c8 +ntoskrnl_17763-168.exe,4dad70,4da970,4dab70,6ca,40b078,20,50,5442d0,5442f8,c8 +ntoskrnl_17763-194.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8 +ntoskrnl_17763-195.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8 +ntoskrnl_17763-253.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8 +ntoskrnl_17763-292.exe,4daaf0,4dacf0,4da8f0,6ca,40b078,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-316.exe,4daaf0,4dacf0,4da8f0,6ca,40b078,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-348.exe,4dabb0,4da7b0,4da9b0,6ca,40afb8,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-379.exe,4dabf0,4da7f0,4da9f0,6ca,40aff8,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-404.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-437.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-439.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-475.exe,4daaf0,4dacf0,4da8f0,6ca,40b730,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-503.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-504.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-529.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-557.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-593.exe,4dac70,4da870,4daa70,6ca,40b610,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-615.exe,4dac70,4da870,4daa70,6ca,40b610,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-652.exe,4dabf0,4da7f0,4da9f0,6ca,40b5f0,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-678.exe,4dac30,4da830,4daa30,6ca,40b610,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-719.exe,4daa30,4dac30,4da830,6ca,40b658,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-737.exe,4da9f0,4dabf0,4da7f0,6ca,40b5d8,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-771.exe,4dac70,4da870,4daa70,6ca,40b630,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-802.exe,4dacb0,4da8b0,4daab0,6ca,40b6c0,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-831.exe,4d8c70,4d8870,4d8a70,6ca,409610,20,50,5412d0,5412f8,c8 +ntoskrnl_17763-864.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8 +ntoskrnl_17763-914.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8 +ntoskrnl_17763-973.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8 +ntoskrnl_17763-1007.exe,4d8c30,4d8830,4d8a30,6ca,4096a0,20,50,5412d0,5412f8,c8 +ntoskrnl_17763-1039.exe,4d8b30,4d8d30,4d8930,6ca,409698,20,50,5412d0,5412f8,c8 ntoskrnl_17763-1075.exe,4d9d30,4d9930,4d9b30,6ca,40a650,20,60,5422d0,5422f8,c8 ntoskrnl_17763-1098.exe,4d9d30,4d9930,4d9b30,6ca,40a670,20,60,5422d0,5422f8,c8 -ntoskrnl_17763-1192.exe,4d9d30,4d9930,4d9b30,6ca,40a670,20,60,5422d0,5422f8,c8 -ntoskrnl_17763-1158.exe,4d9af0,4d9cf0,4d98f0,6ca,40a678,20,60,5422d0,5422f8,c8 ntoskrnl_17763-1131.exe,4d9af0,4d9cf0,4d98f0,6ca,40a678,20,60,5422d0,5422f8,c8 +ntoskrnl_17763-1132.exe,4d9af0,4d9cf0,4d98f0,6ca,40a678,20,60,5422d0,5422f8,c8 +ntoskrnl_17763-1158.exe,4d9af0,4d9cf0,4d98f0,6ca,40a678,20,60,5422d0,5422f8,c8 +ntoskrnl_17763-1192.exe,4d9d30,4d9930,4d9b30,6ca,40a670,20,60,5422d0,5422f8,c8 ntoskrnl_17763-1217.exe,4d9d30,4d9930,4d9b30,6ca,40a670,20,60,5422d0,5422f8,c8 ntoskrnl_17763-1282.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8 -ntoskrnl_17763-1339.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8 ntoskrnl_17763-1294.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8 -ntoskrnl_17763-134.exe,45c430,45c030,45c230,6ca,40efd8,20,50,4c52d0,4c52f8,c8 +ntoskrnl_17763-1339.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8 ntoskrnl_17763-1369.exe,4d9d70,4d9970,4d9b70,6ca,40a6b0,20,60,5422d0,5422f8,c8 ntoskrnl_17763-1397.exe,4d9bf0,4d97f0,4d99f0,6ca,40a6c0,20,60,5422d0,5422f8,c8 ntoskrnl_17763-1432.exe,4d7b30,4d7d30,4d7930,6ca,408698,20,60,5402d0,5402f8,c8 ntoskrnl_17763-1457.exe,4d7b30,4d7d30,4d7930,6ca,408698,20,60,5402d0,5402f8,c8 ntoskrnl_17763-1490.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8 -ntoskrnl_17763-1554.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-1518.exe,4d5b30,4d5d30,4d5930,6ca,406698,20,60,53e2d0,53e2f8,c8 +ntoskrnl_17763-1554.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-1577.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8 -ntoskrnl_17763-168.exe,4dad70,4da970,4dab70,6ca,40b078,20,50,5442d0,5442f8,c8 +ntoskrnl_17763-1613.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-1637.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-1697.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8 -ntoskrnl_17763-1613.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-1728.exe,4d5cf0,4d58f0,4d5af0,6ca,406630,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-1757.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-1790.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-1817.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-1821.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-1823.exe,4d5b70,4d5d70,4d5970,6ca,4066d8,20,60,53e2d0,53e2f8,c8 -ntoskrnl_17763-1879.exe,4d5bf0,4d57f0,4d59f0,6ca,4066c0,20,60,53e2d0,53e2f8,c8 -ntoskrnl_17763-1935.exe,4d6870,4d6a70,4d6670,6ca,407498,20,60,53f2d0,53f2f8,c8 -ntoskrnl_17763-1911.exe,4d6870,4d6a70,4d6670,6ca,407498,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-1852.exe,4d5bf0,4d57f0,4d59f0,6ca,4066c0,20,60,53e2d0,53e2f8,c8 -ntoskrnl_17763-194.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8 -ntoskrnl_17763-195.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8 +ntoskrnl_17763-1879.exe,4d5bf0,4d57f0,4d59f0,6ca,4066c0,20,60,53e2d0,53e2f8,c8 +ntoskrnl_17763-1911.exe,4d6870,4d6a70,4d6670,6ca,407498,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-1935.exe,4d6870,4d6a70,4d6670,6ca,407498,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-1971.exe,4d6bb0,4d67b0,4d69b0,6ca,407498,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-1999.exe,4d6bb0,4d67b0,4d69b0,6ca,407498,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2028.exe,4d67b0,4d69b0,4d65b0,6ca,407418,20,60,53f2d0,53f2f8,c8 -ntoskrnl_17763-1971.exe,4d6bb0,4d67b0,4d69b0,6ca,407498,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2029.exe,4d67b0,4d69b0,4d65b0,6ca,407418,20,60,53f2d0,53f2f8,c8 -ntoskrnl_17763-2090.exe,4d5930,4d5b30,4d5730,6ca,406470,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-2061.exe,4d58f0,4d5af0,4d56f0,6ca,406430,20,60,53e2d0,53e2f8,c8 +ntoskrnl_17763-2090.exe,4d5930,4d5b30,4d5730,6ca,406470,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-2114.exe,4d5930,4d5b30,4d5730,6ca,406470,20,60,53e2d0,53e2f8,c8 -ntoskrnl_17763-2183.exe,4d68b0,4d6ab0,4d66b0,6ca,407480,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2145.exe,4d68b0,4d6ab0,4d66b0,6ca,407480,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-2183.exe,4d68b0,4d6ab0,4d66b0,6ca,407480,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2213.exe,4d6b70,4d6770,4d6970,6ca,407438,20,60,53f2d0,53f2f8,c8 -ntoskrnl_17763-2268.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8 -ntoskrnl_17763-2305.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8 -ntoskrnl_17763-2300.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8 -ntoskrnl_17763-2330.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-2237.exe,4d6b70,4d6770,4d6970,6ca,407438,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-2268.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8 +ntoskrnl_17763-2300.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8 +ntoskrnl_17763-2305.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8 +ntoskrnl_17763-2330.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-2366.exe,4d5b70,4d5770,4d5970,6ca,406438,20,60,53e2d0,53e2f8,c8 ntoskrnl_17763-2452.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8 -ntoskrnl_17763-2510.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2458.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8 -ntoskrnl_17763-253.exe,4d9d70,4d9970,4d9b70,6ca,40a038,20,50,5422d0,5422f8,c8 +ntoskrnl_17763-2510.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2565.exe,4d6970,4d6b70,4d6770,6ca,407470,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2628.exe,4d68f0,4d6af0,4d66f0,6ca,407438,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2686.exe,4d6930,4d6b30,4d6730,6ca,407410,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2746.exe,4d6930,4d6b30,4d6730,6ca,407410,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2803.exe,4d6930,4d6b30,4d6730,6ca,407410,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2867.exe,4d6b30,4d6730,4d6930,6ca,407480,20,60,53f2d0,53f2f8,c8 -ntoskrnl_17763-292.exe,4daaf0,4dacf0,4da8f0,6ca,40b078,20,50,5432d0,5432f8,c8 ntoskrnl_17763-2928.exe,4d6b30,4d6730,4d6930,6ca,407480,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2931.exe,4d6b30,4d6730,4d6930,6ca,407480,20,60,53f2d0,53f2f8,c8 -ntoskrnl_17763-3046.exe,4d6840,4d6a40,4d6640,6ca,407430,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-2989.exe,4d6880,4d6a80,4d6680,6ca,407450,20,60,53f2d0,53f2f8,c8 -ntoskrnl_17763-316.exe,4daaf0,4dacf0,4da8f0,6ca,40b078,20,50,5432d0,5432f8,c8 +ntoskrnl_17763-3046.exe,4d6840,4d6a40,4d6640,6ca,407430,20,60,53f2d0,53f2f8,c8 ntoskrnl_17763-3165.exe,4d6b40,4d6740,4d6940,6ca,407498,20,60,53f2d0,53f2f8,c8 -ntoskrnl_17763-404.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-348.exe,4dabb0,4da7b0,4da9b0,6ca,40afb8,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-437.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-379.exe,4dabf0,4da7f0,4da9f0,6ca,40aff8,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-439.exe,4dad70,4da970,4dab70,6ca,40b718,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-475.exe,4daaf0,4dacf0,4da8f0,6ca,40b730,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-503.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-557.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-55.exe,45c4f0,45c0f0,45c2f0,6ca,40f098,20,50,4c52d0,4c52f8,c8 -ntoskrnl_17763-504.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-529.exe,4da9b0,4dabb0,4da7b0,6ca,40b598,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-615.exe,4dac70,4da870,4daa70,6ca,40b610,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-652.exe,4dabf0,4da7f0,4da9f0,6ca,40b5f0,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-593.exe,4dac70,4da870,4daa70,6ca,40b610,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-719.exe,4daa30,4dac30,4da830,6ca,40b658,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-737.exe,4da9f0,4dabf0,4da7f0,6ca,40b5d8,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-678.exe,4dac30,4da830,4daa30,6ca,40b610,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-771.exe,4dac70,4da870,4daa70,6ca,40b630,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-802.exe,4dacb0,4da8b0,4daab0,6ca,40b6c0,20,50,5432d0,5432f8,c8 -ntoskrnl_17763-831.exe,4d8c70,4d8870,4d8a70,6ca,409610,20,50,5412d0,5412f8,c8 -ntoskrnl_17763-864.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8 -ntoskrnl_17763-973.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8 -ntoskrnl_17763-914.exe,4d8b70,4d8d70,4d8970,6ca,409698,20,50,5412d0,5412f8,c8 +ntoskrnl_17763-3232.exe,4d6b40,4d6740,4d6940,6ca,407498,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-3287.exe,4d6a80,4d6680,4d6880,6ca,407458,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-3346.exe,4d6940,4d6b40,4d6740,6ca,407450,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-3406.exe,4d6940,4d6b40,4d6740,6ca,407450,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-3469.exe,4d6900,4d6b00,4d6700,6ca,407430,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-3532.exe,4d6880,4d6a80,4d6680,6ca,407480,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-3534.exe,4d6880,4d6a80,4d6680,6ca,407480,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-3650.exe,4d8b00,4d8700,4d8900,6ca,409440,20,60,5412d0,5412f8,c8 +ntoskrnl_17763-3770.exe,4d8a00,4d8600,4d8800,6ca,409418,20,60,5412d0,5412f8,c8 +ntoskrnl_17763-3772.exe,4d8a00,4d8600,4d8800,6ca,409418,20,60,5412d0,5412f8,c8 +ntoskrnl_17763-3887.exe,4d8a00,4d8600,4d8800,6ca,409418,20,60,5412d0,5412f8,c8 +ntoskrnl_17763-4010.exe,4d8b00,4d8700,4d8900,6ca,409440,20,60,5412d0,5412f8,c8 +ntoskrnl_17763-4131.exe,4d7980,4d7b80,4d7780,6ca,408458,20,60,53f2d0,53f2f8,c8 +ntoskrnl_17763-4252.exe,4d89c0,4d8bc0,4d87c0,6ca,409438,20,60,5402d0,5402f8,c8 +ntoskrnl_17763-4377.exe,4d89c0,4d8bc0,4d87c0,6ca,409438,20,60,5402d0,5402f8,c8 +ntoskrnl_17763-4644.exe,4d8900,4d8b00,4d8700,6ca,409458,20,60,5402d0,5402f8,c8 +ntoskrnl_17763-4737.exe,4d8940,4d8b40,4d8740,6ca,409478,20,60,5412d0,5412f8,c8 +ntoskrnl_17763-4851.exe,4d8c00,4d8800,4d8a00,6ca,4094b8,20,60,5412d0,5412f8,c8 +ntoskrnl_17763-4974.exe,4d8b40,4d8740,4d8940,6ca,409478,20,60,5402d0,5402f8,c8 +ntoskrnl_18362-30.exe,500d60,500960,500b60,6fa,42fa40,20,50,56f390,56f3b8,c8 +ntoskrnl_18362-116.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8 +ntoskrnl_18362-145.exe,500de0,5009e0,500be0,6fa,42f9e8,20,50,56f390,56f3b8,c8 +ntoskrnl_18362-207.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8 +ntoskrnl_18362-239.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8 +ntoskrnl_18362-267.exe,503f60,503b60,503d60,6fa,432c60,20,50,572390,5723b8,c8 +ntoskrnl_18362-295.exe,503fa0,503ba0,503da0,6fa,432c48,20,50,572390,5723b8,c8 +ntoskrnl_18362-329.exe,504ee0,5050e0,504ce0,6fa,433c28,20,50,573390,5733b8,c8 +ntoskrnl_18362-356.exe,505060,504c60,504e60,6fa,433c90,20,50,573390,5733b8,c8 +ntoskrnl_18362-357.exe,505060,504c60,504e60,6fa,433c90,20,50,573390,5733b8,c8 +ntoskrnl_18362-387.exe,505fe0,505be0,505de0,6fa,434c38,20,50,574390,5743b8,c8 +ntoskrnl_18362-388.exe,505fe0,505be0,505de0,6fa,434c38,20,50,574390,5743b8,c8 +ntoskrnl_18362-418.exe,505ee0,5060e0,505ce0,6fa,434c58,20,50,574390,5743b8,c8 +ntoskrnl_18362-449.exe,505da0,505fa0,505ba0,6fa,434c58,20,50,574390,5743b8,c8 +ntoskrnl_18362-476.exe,506060,505c60,505e60,6fa,434c78,20,50,574390,5743b8,c8 +ntoskrnl_18362-535.exe,506020,505c20,505e20,6fa,434c78,20,50,574390,5743b8,c8 +ntoskrnl_18362-592.exe,506060,505c60,505e60,6fa,434c80,20,50,574390,5743b8,c8 +ntoskrnl_18362-628.exe,506060,505c60,505e60,6fa,434c78,20,50,574390,5743b8,c8 +ntoskrnl_18362-657.exe,505e60,506060,505c60,6fa,434c78,20,50,574390,5743b8,c8 +ntoskrnl_18362-693.exe,505de0,505fe0,505be0,6fa,434c38,20,60,574390,5743b8,c8 +ntoskrnl_18362-719.exe,505e20,506020,505c20,6fa,434c78,20,60,574390,5743b8,c8 +ntoskrnl_18362-720.exe,505e20,506020,505c20,6fa,434c78,20,60,574390,5743b8,c8 +ntoskrnl_18362-752.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8 +ntoskrnl_18362-753.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8 +ntoskrnl_18362-778.exe,505e60,506060,505c60,6fa,434c70,20,60,574390,5743b8,c8 +ntoskrnl_18362-815.exe,505e60,506060,505c60,6fa,434c70,20,60,574390,5743b8,c8 +ntoskrnl_18362-836.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8 +ntoskrnl_18362-900.exe,505ea0,5060a0,505ca0,6fa,434c78,20,60,574390,5743b8,c8 +ntoskrnl_18362-904.exe,505ea0,5060a0,505ca0,6fa,434c78,20,60,574390,5743b8,c8 +ntoskrnl_18362-959.exe,505ea0,5060a0,505ca0,6fa,434cb8,20,60,574390,5743b8,c8 +ntoskrnl_18362-997.exe,505e60,506060,505c60,6fa,434c78,20,60,574390,5743b8,c8 ntoskrnl_18362-1016.exe,505fa0,505ba0,505da0,6fa,434bf8,20,60,574390,5743b8,c8 ntoskrnl_18362-1049.exe,503fe0,503be0,503de0,6fa,432c38,20,60,572390,5723b8,c8 -ntoskrnl_18362-1110.exe,503fa0,503ba0,503da0,6fa,432c18,20,60,572390,5723b8,c8 ntoskrnl_18362-1082.exe,503fa0,503ba0,503da0,6fa,432bf8,20,60,572390,5723b8,c8 +ntoskrnl_18362-1110.exe,503fa0,503ba0,503da0,6fa,432c18,20,60,572390,5723b8,c8 ntoskrnl_18362-1139.exe,5040a0,503ca0,503ea0,6fa,432c98,20,60,572390,5723b8,c8 -ntoskrnl_18362-116.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8 ntoskrnl_18362-1171.exe,5040a0,503ca0,503ea0,6fa,432c90,20,60,572390,5723b8,c8 ntoskrnl_18362-1198.exe,5040a0,503ca0,503ea0,6fa,432c90,20,60,572390,5723b8,c8 ntoskrnl_18362-1237.exe,5040a0,503ca0,503ea0,6fa,432c90,20,60,572390,5723b8,c8 @@ -379,116 +488,116 @@ ntoskrnl_18362-1379.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-1411.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-1440.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-1441.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8 -ntoskrnl_18362-145.exe,500de0,5009e0,500be0,6fa,42f9e8,20,50,56f390,56f3b8,c8 ntoskrnl_18362-1443.exe,503da0,5039a0,503ba0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-1474.exe,503ba0,503da0,5039a0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-1500.exe,503b60,503d60,503960,6fa,432c18,20,60,572390,5723b8,c8 ntoskrnl_18362-1533.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8 ntoskrnl_18362-1556.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8 -ntoskrnl_18362-1621.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8 ntoskrnl_18362-1593.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8 +ntoskrnl_18362-1621.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8 ntoskrnl_18362-1646.exe,503e20,503a20,503c20,6fa,432c78,20,60,572390,5723b8,c8 -ntoskrnl_18362-1734.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-1679.exe,502da0,5029a0,502ba0,6fa,431bf8,20,60,571390,5713b8,c8 +ntoskrnl_18362-1734.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-1801.exe,503ce0,503ee0,503ae0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-1854.exe,503ba0,503da0,5039a0,6fa,432c58,20,60,572390,5723b8,c8 -ntoskrnl_18362-1977.exe,503ba0,503da0,5039a0,6fa,432c50,20,60,572390,5723b8,c8 ntoskrnl_18362-1916.exe,503ba0,503da0,5039a0,6fa,432c50,20,60,572390,5723b8,c8 +ntoskrnl_18362-1977.exe,503ba0,503da0,5039a0,6fa,432c50,20,60,572390,5723b8,c8 ntoskrnl_18362-2037.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-2039.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8 -ntoskrnl_18362-207.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8 -ntoskrnl_18362-2158.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-2094.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8 +ntoskrnl_18362-2158.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8 ntoskrnl_18362-2212.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8 -ntoskrnl_18362-239.exe,500de0,5009e0,500be0,6fa,42fa48,20,50,56f390,56f3b8,c8 ntoskrnl_18362-2274.exe,503de0,5039e0,503be0,6fa,432c38,20,60,572390,5723b8,c8 -ntoskrnl_18362-267.exe,503f60,503b60,503d60,6fa,432c60,20,50,572390,5723b8,c8 -ntoskrnl_18362-295.exe,503fa0,503ba0,503da0,6fa,432c48,20,50,572390,5723b8,c8 -ntoskrnl_18362-329.exe,504ee0,5050e0,504ce0,6fa,433c28,20,50,573390,5733b8,c8 -ntoskrnl_18362-30.exe,500d60,500960,500b60,6fa,42fa40,20,50,56f390,56f3b8,c8 -ntoskrnl_18362-356.exe,505060,504c60,504e60,6fa,433c90,20,50,573390,5733b8,c8 -ntoskrnl_18362-357.exe,505060,504c60,504e60,6fa,433c90,20,50,573390,5733b8,c8 -ntoskrnl_18362-387.exe,505fe0,505be0,505de0,6fa,434c38,20,50,574390,5743b8,c8 -ntoskrnl_18362-388.exe,505fe0,505be0,505de0,6fa,434c38,20,50,574390,5743b8,c8 -ntoskrnl_18362-476.exe,506060,505c60,505e60,6fa,434c78,20,50,574390,5743b8,c8 -ntoskrnl_18362-449.exe,505da0,505fa0,505ba0,6fa,434c58,20,50,574390,5743b8,c8 -ntoskrnl_18362-418.exe,505ee0,5060e0,505ce0,6fa,434c58,20,50,574390,5743b8,c8 -ntoskrnl_18362-535.exe,506020,505c20,505e20,6fa,434c78,20,50,574390,5743b8,c8 -ntoskrnl_18362-592.exe,506060,505c60,505e60,6fa,434c80,20,50,574390,5743b8,c8 -ntoskrnl_18362-657.exe,505e60,506060,505c60,6fa,434c78,20,50,574390,5743b8,c8 -ntoskrnl_18362-628.exe,506060,505c60,505e60,6fa,434c78,20,50,574390,5743b8,c8 -ntoskrnl_18362-693.exe,505de0,505fe0,505be0,6fa,434c38,20,60,574390,5743b8,c8 -ntoskrnl_18362-719.exe,505e20,506020,505c20,6fa,434c78,20,60,574390,5743b8,c8 -ntoskrnl_18362-720.exe,505e20,506020,505c20,6fa,434c78,20,60,574390,5743b8,c8 -ntoskrnl_18362-752.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8 -ntoskrnl_18362-778.exe,505e60,506060,505c60,6fa,434c70,20,60,574390,5743b8,c8 -ntoskrnl_18362-753.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8 -ntoskrnl_18362-815.exe,505e60,506060,505c60,6fa,434c70,20,60,574390,5743b8,c8 -ntoskrnl_18362-836.exe,505ea0,5060a0,505ca0,6fa,434c58,20,60,574390,5743b8,c8 -ntoskrnl_18362-904.exe,505ea0,5060a0,505ca0,6fa,434c78,20,60,574390,5743b8,c8 -ntoskrnl_18362-900.exe,505ea0,5060a0,505ca0,6fa,434c78,20,60,574390,5743b8,c8 +ntoskrnl_19041-264.exe,cec060,cec260,cebe60,87a,c19858,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-329.exe,cec320,cebf20,cec120,87a,c19898,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-331.exe,cec320,cebf20,cec120,87a,c19898,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-388.exe,cec3a0,cebfa0,cec1a0,87a,c19898,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-423.exe,cec160,cec360,cebf60,87a,c198b8,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-450.exe,cec320,cebf20,cec120,87a,c198b8,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-488.exe,cec220,cec420,cec020,87a,c19918,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-508.exe,cec3a0,cebfa0,cec1a0,87a,c19898,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-546.exe,cec420,cec020,cec220,87a,c19938,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-572.exe,cec420,cec020,cec220,87a,c19938,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-610.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-630.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-631.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-662.exe,cec3a0,cec1a0,cebfa0,87a,c198f8,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-685.exe,cec3a0,cec1a0,cebfa0,87a,c198f8,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-746.exe,cebfe0,cec3e0,cec1e0,87a,c198f8,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-789.exe,cec220,cec620,cec420,87a,c19998,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-804.exe,cec420,cec220,cec020,87a,c19918,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-844.exe,cec660,cec460,cec260,87a,c19fa8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-867.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-868.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-870.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-906.exe,cec5e0,cec3e0,cec1e0,87a,c199d0,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-928.exe,cec520,cec320,cec120,87a,c19950,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-964.exe,cec0e0,cebee0,cec2e0,87a,c19d38,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-985.exe,cec360,cec160,cebf60,87a,c19d78,20,60,cfb410,cfb440,c8 ntoskrnl_19041-1023.exe,cec460,cec260,cec060,87a,c19db8,20,60,cfc410,cfc440,c8 -ntoskrnl_18362-959.exe,505ea0,5060a0,505ca0,6fa,434cb8,20,60,574390,5743b8,c8 ntoskrnl_19041-1052.exe,cebfe0,cec3e0,cec1e0,87a,c19790,20,60,cfc410,cfc440,c8 -ntoskrnl_18362-997.exe,505e60,506060,505c60,6fa,434c78,20,60,574390,5743b8,c8 -ntoskrnl_19041-1.exe,cec0e0,cec2e0,cebee0,87a,c19898,20,60,cfb410,cfb440,c8 ntoskrnl_19041-1055.exe,cec020,cec420,cec220,87a,c19790,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1081.exe,cec1e0,cebfe0,cec3e0,87a,c19758,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-1083.exe,cec420,cec220,cec020,87a,c19758,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1082.exe,cec420,cec220,cec020,87a,c19758,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-1083.exe,cec420,cec220,cec020,87a,c19758,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1110.exe,cec120,cebf20,cec320,87a,c197f8,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-1202.exe,cec320,cec120,cebf20,87a,c197d0,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-1165.exe,cec2e0,cec0e0,cebee0,87a,c197a0,20,60,cfb410,cfb440,c8 ntoskrnl_19041-1151.exe,cec320,cec120,cebf20,87a,c197c0,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-1165.exe,cec2e0,cec0e0,cebee0,87a,c197a0,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-1202.exe,cec320,cec120,cebf20,87a,c197d0,20,60,cfb410,cfb440,c8 ntoskrnl_19041-1237.exe,cec320,cec120,cebf20,87a,c197d0,20,60,cfb410,cfb440,c8 ntoskrnl_19041-1266.exe,cec3a0,cec1a0,cebfa0,87a,c19770,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1288.exe,cec1a0,cebfa0,cec3a0,87a,c19790,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1320.exe,cec4e0,cec2e0,cec0e0,87a,c197c0,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1348.exe,cec4e0,cec2e0,cec0e0,87a,c197c0,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1387.exe,cec1a0,cec3a0,cebfa0,87a,c197a0,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-1415.exe,cec1e0,cec3e0,cebfe0,87a,c197c0,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1466.exe,cec020,cec220,cec420,87a,c19780,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1469.exe,cec020,cec220,cec420,87a,c19780,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-1415.exe,cec1e0,cec3e0,cebfe0,87a,c197c0,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1503.exe,cebfa0,cec3a0,cec1a0,87a,c197a0,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-1566.exe,cec3e0,cec1e0,cebfe0,87a,c197f8,20,60,cfb410,cfb440,c8 ntoskrnl_19041-1526.exe,cec4e0,cec2e0,cec0e0,87a,c197a0,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-1620.exe,cec460,cec260,cec060,87a,c19dc8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-1566.exe,cec3e0,cec1e0,cebfe0,87a,c197f8,20,60,cfb410,cfb440,c8 ntoskrnl_19041-1586.exe,cec3e0,cec1e0,cebfe0,87a,c197f8,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-1620.exe,cec460,cec260,cec060,87a,c19dc8,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1645.exe,cec3a0,cec1a0,cebfa0,87a,c19de8,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1682.exe,cec460,cec260,cec060,87a,c19dc8,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1706.exe,cec260,cec060,cec460,87a,c19e08,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1708.exe,cec460,cec260,cec060,87a,c19de8,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-1806.exe,cec0e0,cec4e0,cec2e0,87a,c19df8,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-1766.exe,cec4a0,cec2a0,cec0a0,87a,c19810,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1741.exe,cebf60,cec360,cec160,87a,c19770,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-1766.exe,cec4a0,cec2a0,cec0a0,87a,c19810,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-1806.exe,cec0e0,cec4e0,cec2e0,87a,c19df8,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1826.exe,cec3e0,cec1e0,cebfe0,87a,c19df8,20,60,cfc410,cfc440,c8 ntoskrnl_19041-1865.exe,cec120,cec520,cec320,87a,c19de0,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-264.exe,cec060,cec260,cebe60,87a,c19858,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-331.exe,cec320,cebf20,cec120,87a,c19898,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-329.exe,cec320,cebf20,cec120,87a,c19898,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-388.exe,cec3a0,cebfa0,cec1a0,87a,c19898,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-423.exe,cec160,cec360,cebf60,87a,c198b8,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-488.exe,cec220,cec420,cec020,87a,c19918,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-450.exe,cec320,cebf20,cec120,87a,c198b8,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-572.exe,cec420,cec020,cec220,87a,c19938,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-508.exe,cec3a0,cebfa0,cec1a0,87a,c19898,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-546.exe,cec420,cec020,cec220,87a,c19938,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-610.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-630.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-662.exe,cec3a0,cec1a0,cebfa0,87a,c198f8,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-685.exe,cec3a0,cec1a0,cebfa0,87a,c198f8,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-631.exe,cec220,cec420,cec020,87a,c19978,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-746.exe,cebfe0,cec3e0,cec1e0,87a,c198f8,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-789.exe,cec220,cec620,cec420,87a,c19998,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-844.exe,cec660,cec460,cec260,87a,c19fa8,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-804.exe,cec420,cec220,cec020,87a,c19918,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-870.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-868.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-867.exe,cec1e0,cec5e0,cec3e0,87a,c19fa8,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-906.exe,cec5e0,cec3e0,cec1e0,87a,c199d0,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-928.exe,cec520,cec320,cec120,87a,c19950,20,60,cfc410,cfc440,c8 -ntoskrnl_19041-985.exe,cec360,cec160,cebf60,87a,c19d78,20,60,cfb410,cfb440,c8 -ntoskrnl_19041-964.exe,cec0e0,cebee0,cec2e0,87a,c19d38,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-1889.exe,cec060,cec460,cec260,87a,c19dd8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-1949.exe,cec460,cec260,cec060,87a,c19790,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2006.exe,cec420,cec220,cec020,87a,c19d98,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2075.exe,cec0a0,cec4a0,cec2a0,87a,c19da8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2130.exe,cec420,cec220,cec020,87a,c19790,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2193.exe,cec020,cec420,cec220,87a,c197f8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2194.exe,cec420,cec220,cec020,87a,c197f8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2251.exe,cec1e0,cebfe0,cec3e0,87a,c19838,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2311.exe,cec420,cec220,cec020,87a,c19818,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2364.exe,cec460,cec260,cec060,87a,c197d8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2364.exe,cec460,cec260,cec060,87a,c197d8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2486.exe,cec4a0,cec2a0,cec0a0,87a,c197b8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2546.exe,cec120,cebf20,cec320,87a,c197d8,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-2604.exe,cec120,cebf20,cec320,87a,c19798,20,60,cfb410,cfb440,c8 +ntoskrnl_19041-2673.exe,cec3e0,cec1e0,cebfe0,87a,c197d8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2728.exe,cec520,cec320,cec120,87a,c197b8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2788.exe,cec0e0,cec4e0,cec2e0,87a,c19df0,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2846.exe,cec120,cec520,cec320,87a,c19e50,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2913.exe,cec0a0,cec4a0,cec2a0,87a,c19e68,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-2965.exe,cec0a0,cec4a0,cec2a0,87a,c19e28,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3031.exe,cec2a0,cec0a0,cec4a0,87a,c19e30,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3086.exe,cec0e0,cec4e0,cec2e0,87a,c19e28,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3155.exe,cec4e0,cec2e0,cec0e0,87a,c19e30,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3208.exe,cec2a0,cec0a0,cec4a0,87a,c19e08,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3271.exe,cec420,cec220,cec620,87a,c19838,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3324.exe,cec620,cec420,cec220,87a,c19818,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3393.exe,cec2e0,cec0e0,cec4e0,87a,c19838,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3448.exe,cec460,cec260,cec060,87a,c19858,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3516.exe,cec1a0,cec5a0,cec3a0,87a,c197f8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3570.exe,cec660,cec460,cec260,87a,c197d8,20,60,cfc410,cfc440,c8 +ntoskrnl_19041-3636.exe,cec5e0,cec3e0,cec1e0,87a,c197b8,20,60,cfc410,cfc440,c8 ntoskrnl_22000-194.exe,cf5f40,cf5d40,cf6140,87a,c15d20,20,60,d06890,d068c0,c8 ntoskrnl_22000-258.exe,cf5f40,cf5d40,cf6140,87a,c15d20,20,60,d06890,d068c0,c8 ntoskrnl_22000-282.exe,cf5f00,cf5d00,cf6100,87a,c163d0,20,60,d06890,d068c0,c8 @@ -497,8 +606,8 @@ ntoskrnl_22000-348.exe,cf5e00,cf6200,cf6000,87a,c15d40,20,60,d06890,d068c0,c8 ntoskrnl_22000-376.exe,cf5e00,cf6200,cf6000,87a,c15d40,20,60,d06890,d068c0,c8 ntoskrnl_22000-434.exe,cf5dc0,cf61c0,cf5fc0,87a,c163b8,20,60,d06890,d068c0,c8 ntoskrnl_22000-438.exe,cf5e00,cf6200,cf6000,87a,c16398,20,60,d06890,d068c0,c8 -ntoskrnl_22000-493.exe,cf6140,cf6340,cf5f40,87a,c15d58,20,60,d06890,d068c0,c8 ntoskrnl_22000-469.exe,cf6140,cf6340,cf5f40,87a,c15d38,20,60,d06890,d068c0,c8 +ntoskrnl_22000-493.exe,cf6140,cf6340,cf5f40,87a,c15d58,20,60,d06890,d068c0,c8 ntoskrnl_22000-527.exe,cf6300,cf5f00,cf6100,87a,c15d58,20,60,d06890,d068c0,c8 ntoskrnl_22000-556.exe,cf62c0,cf5ec0,cf60c0,87a,c15d78,20,60,d06890,d068c0,c8 ntoskrnl_22000-593.exe,cf63c0,cf61c0,cf5fc0,87a,c15d78,20,60,d06890,d068c0,c8 @@ -509,12 +618,60 @@ ntoskrnl_22000-739.exe,cf62c0,cf60c0,cf5ec0,87a,c163c0,20,60,d06890,d068c0,c8 ntoskrnl_22000-778.exe,cf6180,cf5f80,cf5d80,87a,c163b8,20,60,d06890,d068c0,c8 ntoskrnl_22000-795.exe,cf6180,cf5f80,cf5d80,87a,c163b8,20,60,d06890,d068c0,c8 ntoskrnl_22000-832.exe,cf6380,cf6180,cf5f80,87a,c163a8,20,60,d06890,d068c0,c8 -ntoskrnl_7601-25740.exe,21c500,21c2e0,21c0c0,0,0,20,50,29e020,29e050,c0 -ntoskrnl_9600-17031.exe,2e1a40,2e1840,2e1640,67a,0,10,50,354020,354048,c8 -ntoskrnl_9600-19321.exe,2dcb10,2dc910,2dc710,67a,0,20,50,34f030,34f048,c8 -ntoskrnl_9600-19376.exe,2dbb10,2db910,2db710,67a,0,20,50,34e030,34e048,c8 -ntoskrnl_9600-19426.exe,2dbb10,2db910,2db710,67a,0,20,50,34e030,34e048,c8 -ntoskrnl_9600-20144.exe,2dac50,2daa50,2da850,67a,0,20,50,34d030,34d048,c8 -ntoskrnl_7601-17514.exe,ffffffffffffffff,ffffffffffffffff,ffffffffffffffff,0,0,8,38,16002c,160028,80 -ntoskrnl_6003-21251.exe,1a9d00,1a9ae0,1a9a80,0,0,10,50,22c020,22c040,228 -ntoskrnl_19041-2364.exe,cec460,cec260,cec060,87a,c197d8,20,60,cfc410,cfc440,c8 +ntoskrnl_22000-856.exe,cf6300,cf6100,cf5f00,87a,c16438,20,60,d06890,d068c0,c8 +ntoskrnl_22000-918.exe,cf6440,cf6240,cf6040,87a,c15d50,20,60,d06890,d068c0,c8 +ntoskrnl_22000-978.exe,cf6440,cf6240,cf6040,87a,c15d50,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1042.exe,cf6300,cf6100,cf5f00,87a,c163d0,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1098.exe,cf63c0,cf61c0,cf5fc0,87a,c163e0,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1165.exe,cf63c0,cf61c0,cf5fc0,87a,c16398,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1219.exe,cf6340,cf6140,cf5f40,87a,c16398,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1281.exe,cf6000,cf6200,cf6400,87a,c15d78,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1335.exe,cf6100,cf6300,cf5f00,87a,c15db8,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1455.exe,cf5fc0,cf61c0,cf5dc0,87a,c15cd8,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1516.exe,cf5f40,cf6140,cf6340,87a,c15d58,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1574.exe,cf5f80,cf6180,cf6380,87a,c163f8,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1641.exe,cf5fc0,cf61c0,cf63c0,87a,c163d8,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1696.exe,cf6200,cf6400,cf6000,87a,c163f8,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1761.exe,cf62c0,cf64c0,cf60c0,87a,c163b8,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1817.exe,cf5f80,cf6180,cf6380,87a,c16408,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1880.exe,cf5f80,cf6180,cf6380,87a,c15d78,20,60,d06890,d068c0,c8 +ntoskrnl_22000-1936.exe,cf6180,cf6380,cf5f80,87a,c15d38,20,60,d06890,d068c0,c8 +ntoskrnl_22000-2003.exe,cf61c0,cf63c0,cf5fc0,87a,c15d38,20,60,d06890,d068c0,c8 +ntoskrnl_22000-2057.exe,cf6040,cf6240,cf6440,87a,c15d58,20,60,d06890,d068c0,c8 +ntoskrnl_22000-2124.exe,cf5fc0,cf61c0,cf63c0,87a,c15d38,20,60,d06890,d068c0,c8 +ntoskrnl_22000-2176.exe,cf5fc0,cf61c0,cf63c0,87a,c15d18,20,60,d06890,d068c0,c8 +ntoskrnl_22000-2245.exe,cf6000,cf6200,cf6400,87a,c15d58,20,60,d06890,d068c0,c8 +ntoskrnl_22000-2295.exe,cf61c0,cf63c0,cf5fc0,87a,c15d38,20,60,d06890,d068c0,c8 +ntoskrnl_22000-2360.exe,cf64c0,cf60c0,cf62c0,87a,c15d58,20,60,d06890,d068c0,c8 +ntoskrnl_22000-2416.exe,cf6100,cf6300,cf6500,87a,c15df8,20,60,d06890,d068c0,c8 +ntoskrnl_22000-2482.exe,cf6440,cf6040,cf6240,87a,c15d58,20,60,d06890,d068c0,c8 +ntoskrnl_22000-2538.exe,cf6240,cf6440,cf6040,87a,c15df8,20,60,d06890,d068c0,c8 +ntoskrnl_22621-382.exe,d0bb60,d0bd60,d0bf60,87a,c317f8,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-525.exe,d0bbe0,d0bde0,d0bfe0,87a,c31f90,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-608.exe,d0bd20,d0bf20,d0c120,87a,c31fb0,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-674.exe,d0bc20,d0be20,d0c020,87a,c31f70,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-675.exe,d0bc20,d0be20,d0c020,87a,c31f70,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-755.exe,d0bae0,d0bce0,d0bee0,87a,c31f40,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-819.exe,d0bde0,d0bfe0,d0bbe0,87a,c31f20,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-900.exe,d0c5e0,d0c1e0,d0c3e0,87a,c31818,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-963.exe,d0c0e0,d0c2e0,d0c4e0,87a,c317b8,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1105.exe,d0c160,d0c360,d0c560,87a,c317b8,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1194.exe,d0c0a0,d0c2a0,d0c4a0,87a,c317f8,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1265.exe,d0c060,d0c260,d0c460,87a,c317b8,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1344.exe,d0c5a0,d0c1a0,d0c3a0,87a,c31f98,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1413.exe,d0c5a0,d0c1a0,d0c3a0,87a,c31f98,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1485.exe,d0c5e0,d0c1e0,d0c3e0,87a,c31fc0,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1555.exe,d0c620,d0c220,d0c420,87a,c32020,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1635.exe,d0c660,d0c260,d0c460,87a,c32000,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1702.exe,d0c2a0,d0c4a0,d0c6a0,87a,c31fe0,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1778.exe,d0bf00,d0c100,d0bd00,87a,c31fe0,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1848.exe,d0bfc0,d0c1c0,d0bdc0,87a,c31fb8,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1928.exe,d0c080,d0c280,d0c480,87a,c31ff8,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-1992.exe,d0c380,d0bf80,d0c180,87a,c31fc8,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-2070.exe,d0c3c0,d0c1c0,d0bfc0,87a,c31920,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-2134.exe,d0c3c0,d0c1c0,d0bfc0,87a,c31900,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-2215.exe,d0c380,d0c180,d0bf80,87a,c31900,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-2283.exe,d0c440,d0c240,d0c040,87a,c318e0,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-2361.exe,d0c510,d0c310,d0c110,87a,c318e0,20,60,d1da18,d1da40,c8 +ntoskrnl_22621-2428.exe,d0c610,d0c410,d0c210,87a,c318e0,20,60,d1ea18,d1ea40,c8 +ntoskrnl_22621-2506.exe,d0c150,d0c550,d0c350,87a,c31880,20,60,d1ea18,d1ea40,c8 diff --git a/Offsets/lightpdbparser.py b/Offsets/lightpdbparser.py new file mode 100644 index 0000000..4aeafb6 --- /dev/null +++ b/Offsets/lightpdbparser.py @@ -0,0 +1,791 @@ +#!/usr/bin/python3 +""" +A python native parser with (many) missing features. +Only support the bare minimum to extract symbols addresses and field offsets in structures +Written from info found here: https://llvm.org/docs/PDB/index.html +""" +from math import ceil +from struct import unpack +from functools import cache, cached_property +from uuid import UUID + +try: + from line_profiler_pycharm import profile +except ImportError: + profile = lambda x: x + + +def u32f(f, addr=None): + if addr is not None: + f.seek(addr) + return unpack("= self.size: + raise StopIteration + return SectionHeaderStream.SectionHeader(self.read(40)) + + def __getitem__(self, section_index): + if section_index >= self.NumberOfSections: + raise ValueError(f"Section number {section_index} does not exist") + self.cursor = section_index * 40 + return SectionHeaderStream.SectionHeader(self.read(40)) + + +class TPIorIPStream(MsfStream): + """ + struct TpiStreamHeader { + uint32_t Version; + uint32_t HeaderSize; + uint32_t TypeIndexBegin; + uint32_t TypeIndexEnd; + uint32_t TypeRecordBytes; + + uint16_t HashStreamIndex; + uint16_t HashAuxStreamIndex; + uint32_t HashKeySize; + uint32_t NumHashBuckets; + + int32_t HashValueBufferOffset; + uint32_t HashValueBufferLength; + + int32_t IndexOffsetBufferOffset; + uint32_t IndexOffsetBufferLength; + + int32_t HashAdjBufferOffset; + uint32_t HashAdjBufferLength; + }; + """ + + REC_TYPES = { + 0x1001: "LF_MODIFIER", + 0x1002: "LF_POINTER", + 0x1008: "LF_PROCEDURE", + 0x1201: "LF_ARGLIST", + 0x1203: "LF_FIELDLIST", + 0x1205: "LF_BITFIELD", + 0x1404: "LF_INDEX", + 0x1502: "LF_ENUMERATE", + 0x1503: "LF_ARRAY", + 0x1505: "LF_STRUCTURE", + 0x1506: "LF_UNION", + 0x1507: "LF_ENUM", + 0x150D: "LF_MEMBER", + 0x1605: "LF_STRING_ID", + 0x1606: "LF_UDT_SRC_LINE", + } + + def __init__(self, msf, size, blocks): + MsfStream.__init__(self, msf, size, blocks) + self.filter = None + self.type_index = self.TypeIndexBegin + self.types = dict() + self.REC_TYPES_ids = {self.REC_TYPES[k]: k for k in self.REC_TYPES} + self.types_parsed = False + + @cached_property + def HeaderSize(self): + return self.u32(4) + + @cached_property + def TypeIndexBegin(self): + return self.u32(8) + + @cached_property + def TypeRecordBytes(self): + return self.u32(16) + + def skip_padding(self): + b = self.u8() + self.cursor -= 1 + if b in (0xF1, 0xF2, 0xF3): + padding_size = b & 0xF + # assert b"\xF3\xF2\xF1".endswith(self.read(padding_size)) + self.cursor += padding_size + + def unsigned(self): + leaf = self.u16() + if leaf < 0x8000: + return leaf + match leaf: + case 0x8000: # LF_CHAR + return self.u8() + case 0x8002: # LF_SHORT + return self.u16() + case 0x8003 | 0x8004: # LF_LONG |LF_ULONG + return self.u32() + case 0x800A: # LF_SHORT + return self.u64() + case _: + raise ValueError + + def __iter__(self): + self.type_index = self.TypeIndexBegin + self.cursor = self.HeaderSize + return self + + def __next__(self): + leaf_entry = None + while leaf_entry is None: + if self.cursor == self.size: + self.types_parsed = True + raise StopIteration + if self.size - self.cursor < 4: + raise ValueError + + record_length = self.u16() + record_end = self.cursor + record_length + if self.size < record_end: + raise ValueError + + if self.filter is not None and self.peek_u16() not in self.filter: + self.cursor = record_end + self.type_index += 1 + continue + leaf_entry = self.parse_one_leaf_entry(record_end) + self.types[self.type_index] = leaf_entry + self.type_index += 1 + + if self.cursor > record_end: + raise ValueError + if self.cursor < record_end: + end = self.read(record_end - self.cursor) + if not b"\xf3\xf2\xf1".endswith(end): + raise ValueError(f"Unparsed data: {end} for record {leaf_entry}") + + return leaf_entry + + def parse_one_leaf_entry(self, record_end): + record_type = self.u16() + + if record_type not in self.REC_TYPES: + raise ValueError(f"Record {hex(record_type)} not handled") + + match self.REC_TYPES.get(record_type, "???"): + case "LF_MODIFIER": + utype = self.u32() + modifier = self.u16() + record = (utype, modifier) + case "LF_POINTER": + utype = self.u32() + attr = self.u32() + if ((attr >> 5) & 7) in (2, 3): # ptrmode == Member or MemberFunction + raise ValueError + record = (utype, attr) + case "LF_STRUCTURE": + count = self.u16() + properties = self.u16() + has_unique_name = (properties & 0x200) != 0 + fields = self.u32() + derived_from = self.u32() + vtable_shape = self.u32() + size = self.unsigned() + name = self.cstring() + unique_name = self.cstring() if has_unique_name else None + record = ( + count, + properties, + fields, + derived_from, + vtable_shape, + size, + name, + ) + case "LF_FIELDLIST": + fields = list() + continuation = None + while self.cursor < record_end: + next_field = self.u16() + if self.REC_TYPES[next_field] == "LF_INDEX": + continuation = self.u32() + else: + self.cursor -= 2 + fields.append(self.parse_one_leaf_entry(record_end)) + self.skip_padding() + record = (fields, continuation) + case "LF_MEMBER": + attributes = self.u16() + field_type = self.u32() + offset = self.unsigned() + name = self.cstring() + record = (attributes, field_type, offset, name) + case "LF_ARGLIST": + count = self.u32() + arglist = [self.u32() for _ in range(count)] + record = arglist + case "LF_PROCEDURE": + return_type = self.u32() + attributes = self.u16() + parameter_count = self.u16() + argument_list = self.u32() + record = (return_type, attributes, parameter_count, argument_list) + case "LF_ARRAY": + element_type = self.u32() + indexing_type = self.u32() + size = self.unsigned() + pad = self.cstring() + assert pad == b"" + record = (element_type, indexing_type, size) + case "LF_UNION": + count = self.u16() + properties = self.u16() + has_unique_name = (properties & 0x200) != 0 + fields = self.u32() + size = self.unsigned() + name = self.cstring() + unique_name = self.cstring() if has_unique_name else None + record = ( + count, + properties, + fields, + size, + name, + ) + case "LF_ENUMERATE": + attributes = self.u16() + value = self.unsigned() + name = self.cstring() + record = (attributes, value, name) + case "LF_ENUM": + count = self.u16() + properties = self.u16() + has_unique_name = (properties & 0x200) != 0 + underlying_type = self.u32() + fields = self.u32() + name = self.cstring() + unique_name = self.cstring() if has_unique_name else None + record = ( + count, + properties, + underlying_type, + fields, + name, + ) + case "LF_BITFIELD": + underlying_type = self.u32() + length = self.u8() + position = self.u8() + record = (underlying_type, length, position) + case _: + record = () + raise ValueError( + f"Record {hex(record_type)} / {self.REC_TYPES.get(record_type, '???')} : not implemented" + ) + + return self.REC_TYPES[record_type], record + + +import io + + +class Msf(object): + def __init__(self, path=None, content=None): + if content is not None: + self.f = f = io.BytesIO(content) + else: + with open(path, "rb") as f_ondisk: + self.f = f = io.BytesIO(f_ondisk.read()) + FileMagic = f.read(32) + assert FileMagic == b"Microsoft C/C++ MSF 7.00\r\n" + bytes.fromhex("1A 44 53 00 00 00") + self.BlockSize = blockSize = u32f(f) + self.FreeBlockMapBlock = u32f(f) + self.NumBlocks = u32f(f) + self.NumDirectoryBytes = u32f(f) + self.Unknown = u32f(f) + self.BlockMapAddr = u32f(f) + self.StreamDirectory = MsfStreamDirectory(self) + + def __del__(self): + self.f.close() + + @cache + def Stream(self, stream_number): + return MsfStream( + self, + self.StreamDirectory.StreamSize(stream_number), + self.StreamDirectory.StreamBlocks(stream_number), + ) + + +class Pdb(Msf): + @cached_property + def PDBStream(self): + return PdbInfoStream( + self, + self.StreamDirectory.StreamSize(1), + self.StreamDirectory.StreamBlocks(1), + ) + + @cached_property + def DBIStream(self): + return DBIStream( + self, + self.StreamDirectory.StreamSize(3), + self.StreamDirectory.StreamBlocks(3), + ) + + @cached_property + def TPIStream(self): + return TPIorIPStream( + self, + self.StreamDirectory.StreamSize(2), + self.StreamDirectory.StreamBlocks(2), + ) + + @cached_property + def IPIStream(self): + return TPIorIPStream( + self, + self.StreamDirectory.StreamSize(4), + self.StreamDirectory.StreamBlocks(4), + ) + + def get_field_offset(self, structname, fieldname): + tpistream = self.TPIStream + if not tpistream.types_parsed: + save_filter = tpistream.filter + tpistream.filter = [ + tpistream.REC_TYPES_ids["LF_FIELDLIST"], + tpistream.REC_TYPES_ids["LF_STRUCTURE"], + ] + for _ in tpistream: + pass + tpistream.filter = save_filter + + structname = structname.encode() + for struct_id, t in tpistream.types.items(): + if t[0] == "LF_STRUCTURE": + if t[1][2] != 0 and t[1][6] == structname: + break + else: + raise ValueError(f"Structure {structname} not found in PDB") + fieldlist_id = t[1][2] + fieldlist = tpistream.types[fieldlist_id][1][0] + fieldname = fieldname.encode() + for field in fieldlist: + if fieldname == field[1][3]: + break + else: + raise ValueError(f"Field {fieldname} not found in structure {structname}") + field_offset = field[1][2] + return field_offset + + def get_symbol_offset(self, symbol: str) -> int: + offset, segment = self.DBIStream.SymRecordStream.search_and_cache_symbols(symbol) + if offset == segment == None: + return None + section_virtual_address = self.DBIStream.SectionHeadersStream[segment - 1].VirtualAddress + return section_virtual_address + offset